IPSec tunnels does not work
I have 2 Cat6, with IPsec SPA card, while the other did not.
I tried setting IPsec tunnel between them, but somehow can't bring up the tunnel, can someone help me to watch set it up?
A (with SPA):
crypto ISAKMP policy 1
BA aes 256
preshared authentication
Group 5
ISAKMP crypto cisco123 key address 0.0.0.0 0.0.0.0
ISAKMP crypto keepalive 10
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac testT1
!
Crypto ipsec profile P1
Set transform-set testT1
!
Crypto call admission limit ike his 3000
!
Crypto call admission limit ike in-negotiation-sa 115
!
interface Tunnel962
Loopback962 IP unnumbered
tunnel GigabitEthernet2/37.962 source
tunnel destination 172.16.16.6
ipv4 ipsec tunnel mode
Profile of tunnel P1 ipsec protection
interface GigabitEthernet2/37.962
encapsulation dot1Q 962
IP 172.16.16.5 255.255.255.252
interface Loopback962
1.1.4.200 the IP 255.255.255.255
IP route 2.2.4.200 255.255.255.255 Tunnel962
B (wuthout SPA):
crypto ISAKMP policy 1
BA aes 256
preshared authentication
Group 5
ISAKMP crypto cisco123 key address 0.0.0.0 0.0.0.0
!
!
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac T1
!
Crypto ipsec profile P1
game of transformation-T1
interface Tunnel200
Loopback200 IP unnumbered
tunnel GigabitEthernet2/1.1 source
tunnel destination 172.16.16.5
ipv4 ipsec tunnel mode
Profile of tunnel T1 ipsec protection
interface Loopback200
2.2.4.200 the IP 255.255.255.255
interface GigabitEthernet2/1.1
encapsulation dot1Q 962
IP 172.16.16.6 255.255.255.252
IP route 1.1.4.200 255.255.255.255 Tunnel200
I can ping from 172.16.16.6 to 172.16.16.5, but the tunnel just can not upwards. When I turned on "debugging ipsec cry ' and ' debug cry isa", nothing comes out, when I trun on 'cry of debugging sciences', I got:
"00:25:17: crypto_engine_select_crypto_engine: can't handle more."
Hello
You need a map of IPSEC SPA on chassis B do IPSEC encryption. Please see the below URL for more details.
Without a SPA-IPSEC - 2G or IPsec VPN Services Module of acceleration, the IPsec network security feature (configured with the crypto ipsec command) is supported in the software only for administrative for Catalyst 6500 series switches and routers for the Cisco 7600 Series connections.
Kind regards
Arul
* Rate pls if it helps *.
Tags: Cisco Security
Similar Questions
-
Hi all
We have an IPSec tunnel that does not work. I think that Phase 2 is not established but I don't know why.
Add the output and the newspaper.
Thanks for your help
ASA-VPN-PRI/act/pri # sh crypto isakmp his
!
13 peer IKE: 91.209.243.5
Type: L2L role: answering machine
Generate a new key: no State: MM_ACTIVE!
ASA-VPN-PRI/act/pri # sh crypto isakmp his | include the 91.209.243.5
12 peer IKE: 91.209.243.5
ASA-VPN-PRI/act/pri #.ASA-VPN-PRI/act/pri # sh crypto ipsec his | include the 91.209.243.5
ASA-VPN-PRI/act/pri #.7. December 17, 2014 | 15: 40:48 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = c516994b) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: 40:48 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
7. December 17, 2014 | 15: 40:48 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
7. December 17, 2014 | 15: 40:48 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d6c)
7. December 17, 2014 | 15: 40:48 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d6c)
7. December 17, 2014 | 15: 40:48 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
7. December 17, 2014 | 15: 40:48 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
7. December 17, 2014 | 15: 40:48 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = 29bf4142) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: 40:43 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = b72ddf0a) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: 40:43 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
7. December 17, 2014 | 15: 40:43 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
7. December 17, 2014 | 15: 40:43 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d6b)
7. December 17, 2014 | 15: 40:43 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d6b)
7. December 17, 2014 | 15: 40:43 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
7. December 17, 2014 | 15: 40:43 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
7. December 17, 2014 | 15: 40:43 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = ae5305df) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: 40:38 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = b796798d) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: 40:38 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
7. December 17, 2014 | 15: 40:38 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
7. December 17, 2014 | 15: 40:38 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d6a)
7. December 17, 2014 | 15: 40:38 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d6a)
7. December 17, 2014 | 15: 40:38 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
7. December 17, 2014 | 15: 40:38 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
7. December 17, 2014 | 15: 40:38 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = 98241c 63) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: 40:33 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = e233621d) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: 40:33 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
7. December 17, 2014 | 15: 40:33 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
7. December 17, 2014 | 15: 40:33 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d69)
7. December 17, 2014 | 15: 40:33 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d69)
7. December 17, 2014 | 15: 40:33 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
7. December 17, 2014 | 15: 40:33 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
7. December 17, 2014 | 15: 40:33 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = 36ecdf6a) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: is.40:28 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = cb1b978d) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: is.40:28 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
7. December 17, 2014 | 15: is.40:28 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
7. December 17, 2014 | 15: is.40:28 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d68)
7. December 17, 2014 | 15: is.40:28 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d68)
7. December 17, 2014 | 15: is.40:28 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
7. December 17, 2014 | 15: is.40:28 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
7. December 17, 2014 | 15: is.40:28 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = f25bcdb5) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: 40:23 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = 32bca075) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
7. December 17, 2014 | 15: 40:23 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
7. December 17, 2014 | 15: 40:23 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
7. December 17, 2014 | 15: 40:23 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d67)
7. December 17, 2014 | 15: 40:23 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d67)
7. December 17, 2014 | 15: 40:23 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
7. December 17, 2014 | 15: 40:23 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
7. December 17, 2014 | 15: 40:23 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = a3f0e3f9) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84Please repeat the debug with "debug crypto isakmp 100". And compare the config of the Phase 2 on both sides:
- Is what ACL crypto exactly in the opposite direction on both sides?
- Your transformation sets include exactly the same algorithms?
-
Router Cisco client VPN SPlit tunnel does not work
Hello!
I have configured the Cisco VPN CLient on a 2821 router, and it works fine.
I could access the inside resourses normally >
the problem is that when I connect with VPN I lost internet connectivity?What wrong with my setup?
Below the current configuration of the router.
Kind regards!CISCO2821 #sh run
Building configuration...
Current configuration: 5834 bytes
!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname CISCO2821
!
boot-start-marker
start the flash c2800nm-adventerprisek9 - mz.124 - 20.T.bin system
boot-end-marker
!
forest-meter operation of syslog messages
logging buffered 51200 warnings
!
AAA new-model
!
!
connection local VPN-LOCAL-AUTHENTIC AAA authentication
local AAA authorization network VPN-LOCAL-AUTHOR
!
!
AAA - the id of the joint session
!
dot11 syslog
IP source-route
!
!
IP cef
!
!
"yourdomain.com" of the IP domain name
8.8.8.8 IP name-server
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
voice-card 0
No dspfarm
!
!
username secret privilege 0 vpn 5 $1$ tCf1$ XAxQWtDRYdfy9g3JpVSvZ.
Archives
The config log
hidekeys
!
!
crypto ISAKMP policy 44
BA aes
preshared authentication
Group 2
life 44444
!
ISAKMP crypto group configuration of VPN client
key VPNVPNVPN
VPN-pool
ACL VPN-ACL-SPLIT
Max-users 5000
!
!
ISAKMP crypto ISAKMP-VPN-profile
identity VPN group match
list of authentication of client VPN-LOCAL-AUTHENTIC
VPN-LOCAL-AUTHOR of ISAKMP authorization list.
client configuration address respond
Configuration of VPN client group
virtual-model 44
!
!
Crypto ipsec transform-set VPN - SET esp - aes esp-sha-hmac
!
Crypto ipsec VPN-profile
transformation-VPN-SET game
Set isakmp VPN ISAKMP-PROFILE
!
!
interface GigabitEthernet0/0
IP 192.168.2.214 255.255.255.0
NAT outside IP
IP virtual-reassembly
IP tcp adjust-mss 1412
automatic duplex
automatic speed
!
interface GigabitEthernet0/1
IP 192.168.1.1 255.255.255.0
IP nat inside
IP virtual-reassembly
IP tcp adjust-mss 1412
automatic duplex
automatic speed
!
interface FastEthernet0/0/0
no ip address
Shutdown
automatic duplex
automatic speed
!
type of interface virtual-Template44 tunnel
IP unnumbered GigabitEthernet0/0
ipv4 ipsec tunnel mode
Tunnel ipsec VPN-PROFILE protection profile
!
interface Dialer0
no ip address
IP mtu 1452
IP virtual-reassembly
Shutdown
!
local pool IP VPN-POOL 192.168.1.150 192.168.1.250
IP forward-Protocol ND
IP http server
IP 8081 http port
23 class IP http access
local IP http authentication
no ip http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
!
!
IP nat inside source list ACL - NAT interface GigabitEthernet0/0 overload
!
IP access-list standard ACL-TELNET
allow a
!
extended ACL - NAT IP access list
ip permit 192.168.1.0 0.0.0.255 any
IP extended ACL-VPN-SPLIT access list
ip permit 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255
scope of access to IP-VPN-ACL-SPLIT list
!
control plan
!
exec banner ^ C
% Warning of password expiration.
-----------------------------------------------------------------------
Professional configuration Cisco (Cisco CP) is installed on this device
and it provides the default username "cisco" single use. If you have
already used the username "cisco" to connect to the router and your IOS image
supports the option "unique" user, that user name is already expired.
You will not be able to connect to the router with the username when you leave
This session.
It is strongly recommended that you create a new user name with a privilege level
15 using the following command.
username
secret privilege 15 0 Replace
and with the username and password you want use.
-----------------------------------------------------------------------
Line con 0
exec-timeout 0 0
Synchronous recording
line to 0
line vty 0 4
ACL-TELNET access class in
exec-timeout 30 0
privilege level 15
Synchronous recording
transport input telnet ssh
line vty 5 15
ACL-TELNET access class in
exec-timeout 30 0
privilege level 15
Synchronous recording
transport input telnet ssh
line vty 16 988
ACL-TELNET access class in
exec-timeout 30 0
Synchronous recording
transport input telnet ssh
!
Scheduler allocate 20000 1000
end
CISCO2821 #.
I think that you made a mistake with your ACL name. the ACL applied is "VPN-ACL-SPLIT" which is an empty ACL. You must switch to that of "ACL-VPN-SPLIT" that has the entry "ip 192.168.1.0 allow 0.0.0.255 192.168.1.0 0.0.0.255" inside.
-
IPSEC tunnels does not connect
Out of sudden IPSEC tunnel on remote site 202.68.211.20 is not plug in. Previously is OK. There is no change in config.
IKE Phase 1 even not connect.
I'm debugging, but I don't know what could be the error.
-----------------------------------------------------------------------------
= ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = PuTTY connect 2016.05.12 15:19:36 = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ =.
12 May 12:06:50 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
12 May 12:06:50 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
12 May 12:06:53 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
12 May 12:06:53 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
12 May 12:06:54 [IKEv1 DEBUG]: IP = 202.68.211.20, case of mistaken IKE MM Initiator WSF (struct & 0xd84aff40), : MM_DONE, EV_ERROR--> MM_WAIT_MSG2, EV_RETRY--> MM_WAIT_MSG2, EV_TIMEOUT--> MM_WAIT_MSG2 NullEvent--> MM_SND_MSG1, EV_SND_MSG--> MM_SND_MSG1, EV_START_TMR--> MM_SND_MSG1, EV_RESEND_MSG--> MM_WAIT_MSG2, EV_RETRY
12 May 12:06:54 [IKEv1 DEBUG]: IP = 202.68.211.20, IKE SA MM:914f04ce ending: flags 0 x 01000022, refcnt 0, tuncnt 0
12 May 12:06:54 [IKEv1 DEBUG]: IP = 202.68.211.20, sending clear/delete with the message of reason
12 May 12:06:59 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
12 May 12:06:59 [IKEv1]: IP = 202.68.211.20, initiator of IKE: New Phase 1, Intf internal, IKE Peer 202.68.211.20 address proxy local 10.215.20.0 address remote Proxy 10.210.0.0, Card Crypto (VPN_map)
12 May 12:06:59 [IKEv1 DEBUG]: IP = 202.68.211.20, build the payloads of ISAKMP security
12 May 12:06:59 [IKEv1 DEBUG]: IP = 202.68.211.20, construction of Fragmentation VID + load useful functionality
12 May 12:06:59 [IKEv1]: IP = 202.68.211.20, IKE_DECODE SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
12 May 12:07 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
12 May 12:07 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
12 May 12:07:03 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
12 May 12:07:03 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
12 May 12:07:07 [IKEv1]: IP = 202.68.211.20, IKE_DECODE new SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
12 May 12:07:09 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
12 May 12:07:09 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
12 May 12:07:15 [IKEv1]: IP = 202.68.211.20, IKE_DECODE new SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
12 May 12:07:23 [IKEv1]: IP = 202.68.211.20, IKE_DECODE new SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
12 May 12:07:31 [IKEv1 DEBUG]: IP = 202.68.211.20, case of mistaken IKE MM Initiator WSF (struct & 0xd8457958), : MM_DONE, EV_ERROR--> MM_WAIT_MSG2, EV_RETRY--> MM_WAIT_MSG2, EV_TIMEOUT--> MM_WAIT_MSG2 NullEvent--> MM_SND_MSG1, EV_SND_MSG--> MM_SND_MSG1, EV_START_TMR--> MM_SND_MSG1, EV_RESEND_MSG--> MM_WAIT_MSG2, EV_RETRY
12 May 12:07:31 [IKEv1 DEBUG]: IP = 202.68.211.20, IKE SA MM:be63ea64 ending: flags 0 x 01000022, refcnt 0, tuncnt 0
12 May 12:07:31 [IKEv1 DEBUG]: IP = 202.68.211.20, sending clear/delete with the message of reason
12 May 12:07:37 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
12 May 12:07:37 [IKEv1]: IP = 202.68.211.20, initiator of IKE: New Phase 1, Intf internal, IKE Peer 202.68.211.20 address proxy local 10.215.20.0 address remote Proxy 10.210.0.0, Card Crypto (VPN_map)
12 May 12:07:37 [IKEv1 DEBUG]: IP = 202.68.211.20, build the payloads of ISAKMP security
12 May 12:07:37 [IKEv1 DEBUG]: IP = 202.68.211.20, construction of Fragmentation VID + load useful functionality
12 May 12:07:37 [IKEv1]: IP = 202.68.211.20, IKE_DECODE SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
12 May 12:07:40 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
12 May 12:07:40 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
12 May 12:07:45 [IKEv1]: IP = 202.68.211.20, IKE_DECODE new SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
12 May 12:07:46 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
12 May 12:07:46 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
12 May 12:07:53 [IKEv1]: IP = 202.68.211.20, IKE_DECODE new SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
qHello
It seems that the tunnel is blocked to MSG_2.
You can check if the UDP 500 traffic is not blocked between peers?
Please check with your provider.
Kind regards
Aditya
Please evaluate the useful messages and mark the correct answers.
-
Hello
I practice a bit with 2 CISCO 2811 routers and 2621. I did the basic configuration for an IPSec connection, but the tunnel seems not to lead. Also, I can ping the external interface of the other router, but I cannot ping inside network behind each of them. Any ideas? The external interface are connected via a cable UTP croosover. Here's the sh run of each:
2621 router:
!
version 12.2
horodateurs service debug uptime
Log service timestamps uptime
encryption password service
!
hostname RPrueba2
!
logging buffered 51200 warnings
enable secret 5 $1$ oNw1$ SQaqP.FazBuaiVZ3MHte70
!
username supervisor privilege 15 password 7 07062F49420C1A110513
voice-card 1
!
IP subnet zero
!
!
!
!
crypto ISAKMP policy 1
md5 hash
preshared authentication
ISAKMP crypto keys Inelectra address 20.20.20.21
!
!
Crypto ipsec transform-set base esp - esp-md5-hmac
!
Armadillo 1 ipsec-isakmp crypto map
defined by peer 20.20.20.21
security-association value seconds of life 4000
Set transform-set basic
PFS Group1 Set
match address 101
!
call the rsvp-sync
!
!
!
!
!
!
controller E1 1/0
!
!
!
interface FastEthernet0/0
IP 192.168.250.1 255.255.255.0
automatic duplex
automatic speed
!
interface Serial0/0
no ip address
Shutdown
!
interface FastEthernet0/1
IP 20.20.20.1 255.255.255.0
automatic duplex
automatic speed
Armadillo card crypto
!
interface Serial0/1
no ip address
Shutdown
!
interface Serial0/2
no ip address
Shutdown
!
!
IP classless
IP route 0.0.0.0 0.0.0.0 20.20.20.21
IP http server
!
!
!
!
!
!
!
!
!
access-list 101 permit ip 192.168.250.0 0.0.0.255 any
access-list 102 permit ip 192.168.250.0 0.0.0.255 192.168.240.0 0.0.0.255
!
!
Dial-peer cor custom
!
!
!
!
!
Line con 0
password 7 020F0A5E07030C355E4F
opening of session
line to 0
line vty 0 4
privilege level 15
password 7 12100B121E0E0F10382A
opening of session
transport input telnet ssh
!
end
2811 router:
!
version 12.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname RPrueba
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$ oNw1$ SQaqP.FazBuaiVZ3MHte70
!
No aaa new-model
!
resources policy
!
iomem 15 memory size
No network-clock-participate wic 1
IP subnet zero
!
!
IP cef
!
!
!
!
voice-card 0
No dspfarm
!
username supervisor privilege 15 password 7 07062F49420C1A110513
!
!
controller E1 1/0/0
!
!
crypto ISAKMP policy 1
md5 hash
preshared authentication
ISAKMP crypto keys Inelectra address 20.20.20.1
!
!
Crypto ipsec transform-set Ineset ah-md5-hmac esp - a
Crypto ipsec transform-set base esp - esp-md5-hmac
!
Armadillo 1 ipsec-isakmp crypto map
defined by peer 20.20.20.1
security-association value seconds of life 4000
Set transform-set basic
PFS Group1 Set
match address 102
!
!
!
!
interface FastEthernet0/0
IP 192.168.240.1 255.255.255.0
automatic duplex
automatic speed
!
interface FastEthernet0/1
IP 20.20.20.21 255.255.255.0
automatic duplex
automatic speed
Armadillo card crypto
!
interface Serial0/0/0
no ip address
Shutdown
no fair queue
2000000 clock frequency
!
interface Serial0/0/1
no ip address
Shutdown
2000000 clock frequency
!
IP classless
IP route 0.0.0.0 0.0.0.0 20.20.20.1
!
!
IP http server
no ip http secure server
!
access-list 101 permit ip 192.168.240.0 0.0.0.255 any
access-list 102 permit ip 192.168.240.0 0.0.0.255 192.168.250.0 0.0.0.255
!
control plan
!
Line con 0
password 7 020F0A5E07030C355E4F
opening of session
line to 0
line vty 0 4
privilege level 15
password 7 12100B121E0E0F10382A
opening of session
transport input telnet ssh
!
Scheduler allocate 20000 1000
!
end
I also tried the isakmp crypto see the its and there is nothing on the table. Thanks for any help.
Gustavo
Under card crypto router armadilloin 2621 =
Use the ACL 102 crypto instead of 101.
match address 102
And then disable the isakmp its ipsec and its
then try to ping.
-
Hello
I just upgraded to macOS Sierra and built-in Cisco IPsec VPN no longer works. When you try to connect, I get a "cannot validate the certificate of the server. "Check your settings and try to reconnect" error message. I use Cisco ASA with self-signed certificates and everything worked fine with previous versions of OS X.
Please help me, I need my VPN Thx a lot
I am having the same problem with StrongSwan and help cert signed with the channel to complete certificates included in the pkcs12 file imported to the keychain. It was working properly in El Capitan, but now broken in the Sierra.
-
RTMPT / Tunneling does not work
I have Flash Media Streaming Server 3 running on a Windows 2003 with IIS 6 computer. I can see the samples of video on demand, locally and remotely very well using rtmp, but not rtmpt. I have disabled the socket pooling using httpcfg, but FMS 3 does not seem to be binding for all IP addresses on port 80. Next steps?
HBZYou can add ports in a comma-delimited list:
ADAPTER. HOSTPORT = xxx.xxx.xxx.12:1935, 80
Then restart the service of the FMS, and you should be all set. You can run netstat-nab from the command prompt to ensure that the FMS is bound to port 80
-
Microsoft Teredo Tunneling adapter device"does not work correctly.
Hi Sir/Madam
Hello, can you help me find driver problems, sir.i am on hp pavilion g6 Series notebook.i found this message there, Windows reports that the "Microsoft Teredo Tunneling adapter" device is working properly. But I opened the Device Manager and I found the icon and I double click and then try to update the driver software but I found ago encountered a problem... This device does not work... Sir can you help me solve this problem... Thank you for your time
Hi Binet1,
Thank you for visiting the Forums HP's Support and welcome. I read your thread on your HP Pavilion g6-2225tu issues of driver for laptop and have on the Teredo Tunneling pseudo-interface. Right click and delete all Teredo Tunneling pseudo-interface. Restart the computer. You could update driver software by right click, browse computer for driver software. Select let me pick from a list of device on my computer-> network adapter drivers > Microsoft > adapter Microsoft Teredo tunneling. You can enable system restore by following this document.
I'd be happy to help you if necessary because there are many models of HPNotebook, I need the model number. How can I find my model number or product number?
Please respond with an operating system that you are running:
Operating system Windows am I running?Please let me know.
Thank you.
-
Original title: hardware device
Please help me...
My Microsoft Teredo Tunneling adapter does not work correctly... I tried to reinstall it but it is impossible to install...
So what to do so adpter may work correctly...
And my pc runs too slowly (at startup and shutdown also)
Help help me soon...
Thank you...
Hi Harshhh36,
Usually, after the computer restarts, the drivers install automatically and it will stop the errors.
You can also refer to the computer or the network card manufacturer's Web site to download and install the latest version of the drivers for the network card.
You can also check in the updates of windows updates available for the network adapter driver.
For more information, see the article:
Automatically get recommended drivers and updates for your hardware
-
ASA 8.6 - l2l IPsec tunnel established - not possible to ping
Hello world
I have a problem of configuration of the CISCO ASA 5512-x (IOS 8.6).
The IPsec tunnel is created between ASA and an another non-CISCO router (hereinafter "router"). I can send packets ping from router to ASA, but ASA is NOT able to meet these demands. Sending requests of ASA is also NOT possible.
I'm trying to interconnect with the network 192.168.2.0/24 (CISCO, interface DMZ) premises and 192.168.3.0/24 (router).
The CISCO ASA has a static public IP address. The router has a dynamic IP address, so I use the dynamic-map option...
Here is the output of "show run":
---------------------------------------------------------------------------------------------------------------------------------------------
ASA 1.0000 Version 2
!
ciscoasa hostname
activate oBGOJTSctBcCGoTh encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface GigabitEthernet0/0
nameif outside
security-level 0
address IP X.X.X.X 255.255.255.0
!
interface GigabitEthernet0/1
nameif inside
security-level 100
the IP 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/2
nameif DMZ
security-level 50
IP 192.168.2.1 255.255.255.0
!
interface GigabitEthernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/4
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet0/5
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
nameif management
security-level 100
IP 192.168.1.1 255.255.255.0
management only
!
passive FTP mode
internal subnet object-
192.168.0.0 subnet 255.255.255.0
object Web Server external network-ip
host Y.Y.Y.Y
Network Web server object
Home 192.168.2.100
network vpn-local object - 192.168.2.0
Subnet 192.168.2.0 255.255.255.0
network vpn-remote object - 192.168.3.0
subnet 192.168.3.0 255.255.255.0
outside_acl list extended access permit tcp any object Web server
outside_acl list extended access permit tcp any object webserver eq www
access-list l2l-extensive list allowed ip, vpn-local - 192.168.2.0 vpn-remote object - 192.168.3.0
dmz_acl access list extended icmp permitted an echo
pager lines 24
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
MTU 1500 DMZ
management of MTU 1500
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
NAT (DMZ, outside) static static vpn-local destination - 192.168.2.0 vpn-local - 192.168.2.0, 192.168.3.0 - remote control-vpn vpn-remote control - 192.168.3.0
!
internal subnet object-
NAT dynamic interface (indoor, outdoor)
Network Web server object
NAT (DMZ, outside) Web-external-ip static tcp www www Server service
Access-Group global dmz_acl
Route outside 0.0.0.0 0.0.0.0 Z.Z.Z.Z 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
Enable http server
http 192.168.1.0 255.255.255.0 management
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
IKEv1 crypto ipsec transform-set ikev1-trans-set esp-3des esp-md5-hmac
Crypto ipsec ikev2 proposal ipsec 3des-GNAT
Esp 3des encryption protocol
Esp integrity md5 Protocol
Crypto dynamic-map dynMidgeMap 1 match l2l-address list
Crypto dynamic-map dynMidgeMap 1 set pfs
Crypto dynamic-map dynMidgeMap 1 set ikev1 ikev1-trans-set transform-set
Crypto dynamic-map dynMidgeMap 1 set ikev2 ipsec-proposal 3des-GNAT
Crypto dynamic-map dynMidgeMap 1 life span of seconds set association security 28800
Crypto dynamic-map dynMidgeMap 1 the value reverse-road
midgeMap 1 card crypto ipsec-isakmp dynamic dynMidgeMap
midgeMap interface card crypto outside
ISAKMP crypto identity hostname
IKEv2 crypto policy 1
3des encryption
the md5 integrity
Group 2
FRP md5
second life 86400
Crypto ikev2 allow outside
Crypto ikev1 allow outside
IKEv1 crypto policy 1
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
management of 192.168.1.2 - dhcpd address 192.168.1.254
enable dhcpd management
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal midgeTrialPol group policy
attributes of the strategy of group midgeTrialPol
L2TP ipsec VPN-tunnel-Protocol ikev1, ikev2
enable IPSec-udp
tunnel-group midgeVpn type ipsec-l2l
tunnel-group midgeVpn General-attributes
Group Policy - by default-midgeTrialPol
midgeVpn group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
remote control-IKEv2 pre-shared-key authentication *.
pre-shared-key authentication local IKEv2 *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:fa02572f9ff8add7bbfe622a4801e606
: end
------------------------------------------------------------------------------------------------------------------------------
X.X.X.X - ASA public IP
Y.Y.Y.Y - a web server
Z.Z.Z.Z - default gateway
-------------------------------------------------------------------------------------------------------------------------------
ASA PING:
ciscoasa # ping DMZ 192.168.3.1
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 192.168.3.1, time-out is 2 seconds:
?????
Success rate is 0% (0/5)
PING from router (debug on CISCO):
NAT ciscoasa #: untranslation - outside:192.168.2.1/0 to DMZ:192.168.2.1/0
NAT: untranslation - outside:192.168.2.1/0 to DMZ:192.168.2.1/0
NAT: untranslation - outside:192.168.2.1/0 to DMZ:192.168.2.1/0
Outside ICMP echo request: 192.168.3.1 DMZ:192.168.2.1 ID = 3859 seq = 0 len = 40
Outside ICMP echo request: 192.168.3.1 DMZ:192.168.2.1 ID = 3859 seq = 1 len = 40
Outside ICMP echo request: 192.168.3.1 DMZ:192.168.2.1 ID = 3859 seq = 2 len = 40
Outside ICMP echo request: 192.168.3.1 DMZ:192.168.2.1 ID = 3859 seq = len 3 = 40
-------------------------------------------------------------------------------------------------------------------------------
ciscoasa # show the road outside
Code: C - connected, S - static, RIP, M - mobile - IGRP, R - I, B - BGP
D - EIGRP, OSPF, IA - external EIGRP, O - EX - OSPF inter zone
N1 - type external OSPF NSSA 1, N2 - type external OSPF NSSA 2
E1 - OSPF external type 1, E2 - external OSPF of type 2, E - EGP
i - IS - L1 - IS - IS level 1, L2 - IS - IS IS level 2, AI - IS inter zone
* - candidate by default, U - static route by user, o - ODR
P periodical downloaded static route
Gateway of last resort is Z.Z.Z.Z to network 0.0.0.0
C Z.Z.Z.0 255.255.255.0 is directly connected to the outside of the
S 192.168.3.0 255.255.255.0 [1/0] via Z.Z.Z.Z, outdoors
S * 0.0.0.0 0.0.0.0 [1/0] via Z.Z.Z.Z, outdoors
-------------------------------------------------------------------------------------------------------------------------------
Do you have an idea that I am wrong? Probably some bad NAT/ACL I suppose, but I could always find something only for 8.4 iOS and not 8.6... Perhaps and no doubt I already missed the configuration with the unwanted controls, but I've tried various things...
Please, if you have an idea, let me know! Thank you very much!
Hello
I've never used "global" option in ACL, but it looks to be the origin of the problem. Cisco doc.
"The global access rules are defined as a special ACL that is processed for each interface on the device for incoming traffic in the interface. Thus, although the ACL is configured once on the device, it acts as an ACL defined for Management In secondary interface-specific. (Global rules are always in the direction of In, never Out Management). "
You ACL: access-list extended dmz_acl to any any icmp echo
For example, when you launch the ASA, there is an echo response from the router on the external interface--> global can block.
Then to initiate router, the ASA Launches echo-reply being blocked again.
Try to add permit-response to echo as well.
In addition, you can use both "inspect icmp" in world politics than the ACL.
If none does not work, you can run another t-shoot with control packet - trace on SAA.
THX
MS
-
excludespecified does not work
Hello world
I worked with a VPN for remote access, where everything must be sent through the tunnel via VPN, but specific to a public IP traffic. I tried to use the "excludedspcified" statement in group policy, but it does not work. When the VPN Client must be connected to the ASA and I check the details of router-> secure routes I can only see 0.0.0.0/0. But when I use the statament of "tunnelespecified" it works as it should and Secure routers are registered correctly.
My configuration is:
standard permits the TUNNEL of SPLITTING host 72.XX access list. XX. XX
!
internal TEST group strategy
TEST group policy attributes
Protocol-tunnel-VPN IPSec
Split-tunnel-policy excludespecified
Split-tunnel-network-list value of SPLIT TUNNEL
!
type tunnel-group TEST remote access
General attributes of tunnel-group TEST
address admin-pool pool
Group-RADIUS authentication server
Group Policy - by default-TEST
IPSec-attributes of tunnel-group TEST
pre-shared-key *.
I find a Bug or something, but I found nothing. These are versions of software:
ASA: 8.2 (1) 11
ASDM: 6.2 (1)
VPN client: 5.0.07.0410
Thanks in advance,
Jose
Hello Jose,.
In your VPN client, you selected the checkbox "allow LAN access?
Can you please test with this option turned on and let us know the results?
Do not look only secure roads, after you activate that option try to send real traffic to the public IP address.
Daniel Moreno
Please note any workstation that will be useful
-
25.0A1 Nightly of Firefox (on Linux) - proxy (SOCKS) does not work
Hello
I am using SSH tunnels to create a SOCKS proxy. When I used Firefox 23 it works fine, when I use a recent version of every night, don't worry. I use an add-on of FoxyProxy normally, but I tried to turn it off completely and use the proxy settings internal (SOCKS, localhost, 6789) then it does not work either.
I understand, you may need more detailed information, but please specify what information you require.
Thanks for your help
I'm really sorry, I have some additional info
I tried to run every night in safe mode and manually set the SOCKS proxy and it works as assumed.
In this case, it might be a problem with the addon code
-
Original title: this device does not work properly because Windows cannot load the drivers required for this device. (Code 31) in graphics AMD - 8151 HyperTransport (MC) AGP3.0 Tunnel
This device does not work properly because Windows cannot load the drivers required for this device. (Code 31) in the graphics AMD - 8151 HyperTransport (MC) AGP3.0 Tunnel, what do I do to fix this help please.
Jake
Hey Jake,
Follow these methods.
Method 1: Follow these steps:
(a) restart your computer if you have not already done so. There is always the possibility that the error Code 31 that you see was caused by a temporary problem with Device Manager. If so, a simple reboot can solve the Code 31.
(b) have you install a device or a change in the Device Manager, just as the Code 31 error appeared? If so, it is very possible that the modification caused the Code 31 error.
(c) cancel the change if you can restart the computer and then check again the error Code 31. Depending on the changes, some solutions may include:
Remove or reconfigure newly installed unit.
Restore a version prior to updating the driver.
Use system restore to undo the Device Manager recent related changes.
http://Windows.Microsoft.com/en-us/Windows-Vista/system-restore-frequently-asked-questions
(d) to remove the registry values filters upper and lower. A common cause of errors in Code 31 is the corruption of two registry values in the class of the CD-ROM/DVD-ROM drive registry key.
Note: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following link. http://Windows.Microsoft.com/en-us/Windows-Vista/back-up-the-registry
Method 2: Update the latest graphic drivers.
Updated a hardware driver that is not working properly
-
Application does not work without wifi connection
Hello I have a problem with the http connection
my code is
public class HttpConnectionFactory { /** * Specifies that only wifi should be used */ public static final int TRANSPORT_WIFI = 1; /** * Specifies that only BES (also known as MDS or corporate servers) */ public static final int TRANSPORT_BES = 2; /** * Specifies that only BIS should be used (Basically RIM hosted BES) */ public static final int TRANSPORT_BIS = 4; /** * Specifies that TCP should be used (carrier transport) */ public static final int TRANSPORT_DIRECT_TCP = 8; /** * Specifies that WAP2 should be used (carrier transport) */ public static final int TRANSPORT_WAP2 = 16; /** * Equivalent to: TRANSPORT_WIFI | TRANSPORT_BES | TRANSPORT_BIS | * TRANSPORT_DIRECT_TCP | TRANSPORT_WAP2 */ public static final int TRANSPORTS_ANY = TRANSPORT_WIFI | TRANSPORT_BES | TRANSPORT_BIS | TRANSPORT_DIRECT_TCP | TRANSPORT_WAP2; /** * Equivalent to: TRANSPORT_WIFI | TRANSPORT_BES | TRANSPORT_BIS */ public static final int TRANSPORTS_AVOID_CARRIER = TRANSPORT_WIFI | TRANSPORT_BES | TRANSPORT_BIS; /** * Equivalent to: TRANSPORT_DIRECT_TCP | TRANSPORT_WAP2 */ public static final int TRANSPORTS_CARRIER_ONLY = TRANSPORT_DIRECT_TCP | TRANSPORT_WAP2; /** * The default order in which selected transports will be attempted * */ public static final int DEFAULT_TRANSPORT_ORDER[] = { // TRANSPORT_DIRECT_TCP // ,TRANSPORT_WAP2 TRANSPORT_WIFI, // TRANSPORT_BES, TRANSPORT_BIS, // TRANSPORT_WAP2, TRANSPORT_DIRECT_TCP }; private static final int TRANSPORT_COUNT = DEFAULT_TRANSPORT_ORDER.length; private static ServiceRecord srMDS[], srBIS[], srWAP2[], srWiFi[]; private static boolean serviceRecordsLoaded = false; private int curIndex = 0; private int curSubIndex = 0; // private String url; private final String extraParameters; private final int transports[]; private int lastTransport = 0; /** * Equivalent to *
HttpConnectionFactory( url, null, HttpConnectionFactory.DEFAULT_TRANSPORT_ORDER )
* * @see #HttpConnectionFactory(String, String, int[]) * @param url * See {@link #HttpConnectionFactory(String, String, int[])} */ public HttpConnectionFactory() { this(null, 0); } /** * Equivalent to *HttpConnectionFactory( url, null, allowedTransports )
* * @see #HttpConnectionFactory(String, String, int) * @param url * See {@link #HttpConnectionFactory(String, String, int)} * @param allowedTransports * See {@link #HttpConnectionFactory(String, String, int)} */ public HttpConnectionFactory(int allowedTransports) { this(null, allowedTransports); } public HttpConnectionFactory(int transportPriority[]) { this(null, transportPriority); } public HttpConnectionFactory(String extraParameters, int allowedTransports) { this(extraParameters, transportMaskToArray(allowedTransports)); } public HttpConnectionFactory(String extraParameters, int transportPriority[]) { if (!serviceRecordsLoaded) { loadServiceBooks(false); } // // if (url == null) { // throw new IllegalArgumentException("Null URL passed in"); // } // if (!url.toLowerCase().startsWith("http")) { // throw new IllegalArgumentException("URL not http or https"); // } // // this.url = url; this.extraParameters = extraParameters; transports = transportPriority; } public Connection getNextConnection(String url) throws NoMoreTransportsException { Connection con = null; int countsWap = 0; int countsBis = 0; int countsBes = 0; int curTransport = 0; while (con == null && curIndex < transports.length) { System.out.println("con=" + con + " curid=" + curIndex); curTransport = transports[curIndex]; switch (curTransport) { case TRANSPORT_WIFI: curIndex++; curSubIndex = 0; try { con = getWifiConnection(url); } catch (Exception e) { } break; case TRANSPORT_BES: curIndex++; curSubIndex = 0; try { if (countsBes > 3) { throw new NoMoreTransportsException(); } con = getBesConnection(url); countsBes++; } catch (Exception e) { } break; case TRANSPORT_BIS: while (con == null) { try { if (countsBis > 3) { throw new NoMoreTransportsException(); } con = getBisConnection(url, curSubIndex); countsBis++; } catch (NoMoreTransportsException e) { curIndex++; curSubIndex = 0; break; } catch (Exception e) { } } break; case TRANSPORT_DIRECT_TCP: curIndex++; try { con = getTcpConnection(url); } catch (Exception e) { } break; case TRANSPORT_WAP2: while (con == null) { // try { // if (countsWap > 3) { // throw new NoMoreTransportsException(); // } // // con = getWap2Connection(url, curSubIndex); // countsWap++; // } catch (NoMoreTransportsException e) { // curIndex++; // curSubIndex = 0; // break; // } catch (Exception e) { // } } break; } } if (con == null) { throw new NoMoreTransportsException(); } lastTransport = curTransport; return con; } public Connection getCurrentConnection(String url) throws NoMoreTransportsException { Connection con = null; switch (lastTransport) { case TRANSPORT_WIFI: try { con = getWifiConnection(url); } catch (Exception e) { } break; case TRANSPORT_BES: try { con = getBesConnection(url); } catch (Exception e) { } break; case TRANSPORT_BIS: while (con == null) { try { con = getBisConnection(url, curSubIndex); } catch (NoMoreTransportsException e) { break; } catch (Exception e) { } } break; case TRANSPORT_DIRECT_TCP: try { con = getTcpConnection(url); } catch (Exception e) { } break; case TRANSPORT_WAP2: while (con == null) { try { con = getWap2Connection(url, curSubIndex); System.out.println("" + con); } catch (NoMoreTransportsException e) { break; } catch (Exception e) { } } break; } return con; } /** * Returns the transport used in the connection last returned via * {@link #getNextConnection()} * * @return the transport used in the connection last returned via * {@link #getNextConnection()} or 0 if none */ public int getLastTransport() { return lastTransport; } /** * Generates a connection using the BIS transport if available * * @param index * The index of the service book to use * @return An {@link HttpConnection} if this transport is available, * otherwise null * @throws NoMoreTransportsException * @throws IOException * throws exceptions generated by {@link getConnection( String * transportExtras1, String transportExtras2 )} */ private Connection getBisConnection(String url, int index) throws NoMoreTransportsException, IOException { System.out.println("BIS Try"); if (index >= srBIS.length) { throw new NoMoreTransportsException("Out of BIS transports"); } ServiceRecord sr = srBIS[index]; return getConnection(url, ";deviceside=false;connectionUID=", sr .getUid()); } /** * Generates a connection using the BES transport if available * * @return An {@link HttpConnection} if this transport is available, * otherwise null * @throws IOException * throws exceptions generated by {@link getConnection( String * transportExtras1, String transportExtras2 )} */ private Connection getBesConnection(String url) throws IOException { System.out.println("BES try"); if (CoverageInfo.isCoverageSufficient(CoverageInfo.COVERAGE_MDS)) { return getConnection(url, ";deviceside=false", null); } return null; } /** * Generates a connection using the WIFI transport if available * * @return An {@link HttpConnection} if this transport is available, * otherwise null * @throws IOException * throws exceptions generated by {@link getConnection( String * transportExtras1, String transportExtras2 )} */ private Connection getWifiConnection(String url) throws IOException { System.out.println("wifi try"); // if (RadioInfo.areWAFsSupported(RadioInfo.WAF_WLAN) // && (RadioInfo.getActiveWAFs() & RadioInfo.WAF_WLAN) != 0 // && CoverageInfo.isCoverageSufficient(1 /* // * CoverageInfo.COVERAGE_DIRECT // */, // RadioInfo.WAF_WLAN, false)) { // // return getConnection(";deviceside=true;interface=wifi", null); // // return getConnection(";deviceside=true;interface=wifi", null); // // } // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! if (WLANInfo.getWLANState() == WLANInfo.WLAN_STATE_CONNECTED && srWiFi.length > 0) { return getConnection(url, ";interface=wifi", null); } return null; } /** * Generates a connection using the WAP2 transport if available * * @param index * The index of the service book to use * @return An {@link HttpConnection} if this transport is available, * otherwise null * @throws NoMoreTransportsException * if index is outside the range of available service books * @throws IOException * throws exceptions generated by {@link getConnection( String * transportExtras1, String transportExtras2 )} */ private Connection getWap2Connection(String url, int index) throws NoMoreTransportsException, IOException { System.out.println("WAP2 try"); if (index >= srWAP2.length) { throw new NoMoreTransportsException("Out of WAP2 transports"); } if (CoverageInfo .isCoverageSufficient(1 /* CoverageInfo.COVERAGE_DIRECT */)) { ServiceRecord sr = srWAP2[index]; return getConnection(url, ";ConnectionUID=", sr.getUid()); } return null; } /** * Generates a connection using the TCP transport if available * * @return An {@link HttpConnection} if this transport is available, * otherwise null * @throws IOException * throws exceptions generated by {@link getConnection( String * transportExtras1, String transportExtras2 )} */ private Connection getTcpConnection(String url) throws IOException { System.out.println("direct try"); if (CoverageInfo .isCoverageSufficient(1 /* CoverageInfo.COVERAGE_DIRECT */)) { String extraParameter = null; if (!DeviceInfo.isSimulator()) { url = url + ";deviceside=true"; } return getConnection(url, null, null); // ";deviceside=true", null); } return null; } /** * Utility method for actually getting a connection using whatever transport * arguments the transport may need * * @param transportExtras1 * If not null will be concatenated onto the end of the * {@link url} * @param transportExtras2 * If not null will be concatenated onto the end of {@link url} * after transportExtras1 * @return An {@link HttpConnection} built using the url and transport * settings provided * @throws IOException * any exceptions thrown by {@link Connector.open( String name * )} */ private Connection getConnection(String url, String transportExtras1, String transportExtras2) throws IOException { StringBuffer fullUrl = new StringBuffer(); fullUrl.append(url); if (transportExtras1 != null) { fullUrl.append(transportExtras1); } if (transportExtras2 != null) { fullUrl.append(transportExtras2); } if (extraParameters != null) { fullUrl.append(extraParameters); } // fullUrl.append(";ConnectionTimeout=5000"); System.out.println(fullUrl.toString()); return Connector.open(fullUrl.toString(), Connector.READ_WRITE, true); } /** * Public method used to reload service books for whatever reason (though I * can't think of any) */ public static void reloadServiceBooks() { loadServiceBooks(true); } /** * Loads all pertinent service books into local variables for later use. * Called upon first instantiation of the class and upload {@link * reloadServiceBooks()} * * @param reload * Whether to force a reload even if they've already been loaded. */ private static synchronized void loadServiceBooks(boolean reload) { if (serviceRecordsLoaded && !reload) { return; } ServiceBook sb = ServiceBook.getSB(); ServiceRecord[] records = sb.getRecords(); Vector mdsVec = new Vector(); Vector bisVec = new Vector(); Vector wap2Vec = new Vector(); Vector wifiVec = new Vector(); if (!serviceRecordsLoaded) { for (int i = 0; i < records.length; i++) { ServiceRecord myRecord = records[i]; String cid, uid; // sometimes service record is disabled but works if (myRecord.isValid() /* && !myRecord.isDisabled() */) { cid = myRecord.getCid().toLowerCase(); uid = myRecord.getUid().toLowerCase(); // BIS if (cid.indexOf("ippp") != -1 && uid.indexOf("gpmds") != -1) { bisVec.addElement(myRecord); } // WAP1.0: Not implemented. // BES if (cid.indexOf("ippp") != -1 && uid.indexOf("gpmds") == -1) { mdsVec.addElement(myRecord); } // WiFi if (cid.indexOf("wptcp") != -1 && uid.indexOf("wifi") != -1) { wifiVec.addElement(myRecord); } // Wap2 if (cid.indexOf("wptcp") != -1 && uid.indexOf("wap2") != -1) { wap2Vec.addElement(myRecord); } } } srMDS = new ServiceRecord[mdsVec.size()]; mdsVec.copyInto(srMDS); mdsVec.removeAllElements(); mdsVec = null; srBIS = new ServiceRecord[bisVec.size()]; bisVec.copyInto(srBIS); bisVec.removeAllElements(); bisVec = null; srWAP2 = new ServiceRecord[wap2Vec.size()]; wap2Vec.copyInto(srWAP2); wap2Vec.removeAllElements(); wap2Vec = null; srWiFi = new ServiceRecord[wifiVec.size()]; wifiVec.copyInto(srWiFi); wifiVec.removeAllElements(); wifiVec = null; serviceRecordsLoaded = true; } } /** * Utility methd for converting a mask of transports into an array of * transports in default order * * @param mask * ORed collection of masks, example: *TRANSPORT_WIFI | TRANSPORT_BES
* @return an array of the transports specified in mask in default order, * example: { TRANSPORT_WIFI, TRANSPORT_BES } */ private static int[] transportMaskToArray(int mask) { if (mask == 0) { mask = TRANSPORTS_ANY; } int numTransports = 0; for (int i = 0; i < TRANSPORT_COUNT; i++) { if ((DEFAULT_TRANSPORT_ORDER[i] & mask) != 0) { numTransports++; } } int transports[] = new int[numTransports]; int index = 0; for (int i = 0; i < TRANSPORT_COUNT; i++) { if ((DEFAULT_TRANSPORT_ORDER[i] & mask) != 0) { transports[index++] = DEFAULT_TRANSPORT_ORDER[i]; } } return transports; } }HIII, I use this class to call http to the server, but each time that gives the error No more TransportsException
application only works on wifi
I try both GET and POST nothing workeddevice: = 8520 os 5.0
BIS service provider:-vodaphone plan 15/day
in that gtalk and facebook works finealso I test this app in Arabic countries it also does not work
------------------------------after i am test using ---------------------------------------------
networkDignostic link:- http://supportforums.blackberry.com/t5/Java-Development/What-Is-Network-API-alternative-for-legacy-O...use networkDignostic to test the available transport connection
Here is the result
The Radio Signal level:-81 dBm
WIFI Signal level: No coverage
Network name: Vodafone in
Network type: GPRS
Network services: data + EDGE + voice
PIN: 27F03947
Battery: 81%
= End of network Info =.
Transport: by default (HTTP GET)
Result: failure
Answer:-1
Length:-1
URL: http://www.google.ca:80 /
Journal:Login to http://www.google.ca:80 /
Opening connection...
Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
= END OF LOG =.Transport: by default (Socket GET)
Result: failure
Answer:-1
Length:-1
URL: socket: / /www.google.ca:80
Journal:Connecting to a socket: / /www.google.ca:80
Opening connection...
Error: java.io.IOException: invalid url parameter.
= END OF LOG =.Transport: by default (HTTP POST)
Result: failure
Answer:-1
Length:-1
URL: http://www.google.ca:80 /
Journal:Login to http://www.google.ca:80 /
Opening connection...
Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
= END OF LOG =.Transport: By default (POST plug)
Result: failure
Answer:-1
Length:-1
URL: socket: / /www.google.ca:80
Journal:Connecting to a socket: / /www.google.ca:80
Opening connection...
Error: java.io.IOException: invalid url parameter.
= END OF LOG =.Transport: TCP cellular (HTTP GET)
Result: failure
Answer:-1
Length:-1
URL: http://www.google.ca:80 /; deviceside = true
Journal:Login to http://www.google.ca:80 /; deviceside = true
Opening connection...
Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
= END OF LOG =.Transport: TCP cell (Socket GET)
Result: failure
Answer:-1
Length:-1
URL: socket: / /www.google.ca:80; deviceside = true
Journal:Connecting to a socket: / /www.google.ca:80; deviceside = true
Opening connection...
Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
= END OF LOG =.Transport: TCP cellular (HTTP POST)
Result: failure
Answer:-1
Length:-1
URL: http://www.google.ca:80 /; deviceside = true
Journal:Login to http://www.google.ca:80 /; deviceside = true
Opening connection...
Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
= END OF LOG =.Transport: TCP cell (POST plug)
Result: failure
Answer:-1
Length:-1
URL: socket: / /www.google.ca:80; deviceside = true
Journal:Connecting to a socket: / /www.google.ca:80; deviceside = true
Opening connection...
Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
= END OF LOG =.Transport: MDS (HTTP GET)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: no MDS do not service records found.
Ignored test: coverage of SDM is not availableTransport: MDS (Socket GET)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: no MDS do not service records found.
Ignored test: coverage of SDM is not availableTransport: MDS (HTTP POST)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: no MDS do not service records found.
Ignored test: coverage of SDM is not availableTransport: MDS (POST plug)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: no MDS do not service records found.
Ignored test: coverage of SDM is not availableTransport: BIS - B (HTTP GET)
Result: pass
Answer: 200
Length:-1
URL: http://www.google.ca:80 /; deviceside = false; ConnectionType = m * s - pub *
Journal:Login to http://www.google.ca:80 /; * only given to the RIM ISV partners.
Opening connection...
Open connection
Definition of the properties of application...
Host: www.google.ca
User-Agent: Mozilla/4.0
Connection: close
Get the response code...
Response code: 200
Got the content length:-1 bytes
Downloading content...
Download time: 3,034 seconds
Downloaded: 37943 bytes
Closes the connection...
Connection closed
= END OF LOG =.Transport: BIS - B (Socket GET)
Result: pass
Answer: 200
Length: 38696
URL: socket: / /www.google.ca:80; deviceside = false; ConnectionType = m * s - could * c
Journal:Connecting to a socket: / /www.google.ca:80; * only given to the RIM ISV partners.
Opening connection...
Open connection
Send GET request:
"GET / HTTP/1.1".
Host: www.google.ca
User-Agent: Mozilla/4.0
Connection: close"
Downloading content...
Download time: 2,397 seconds
Downloaded: 38696 bytes
Closing connection
Connection closed
= END OF LOG =.Transport: BIS - B (HTTP POST)
Result: failure
Answer: 405
Length: 959
URL: http://www.google.ca:80 /; deviceside = false; ConnectionType = m * s - p * ic
Journal:Login to http://www.google.ca:80 /; * only given to the RIM ISV partners.
Opening connection...
Open connection
Request method POST value
Definition of the properties of application...
Host: www.google.ca
Content-Length: 1500
Content-Type: application/octet-stream
User-Agent: Mozilla/4.0
Connection: close
Display of 1 500 bytes...
Posted 1 500 bytes
Get the response code...
Response code: 405
Got the content length: 959 bytes
Downloading content...
Download time: 1,044 seconds
Downloaded: 959 bytes
Closing connection
Connection closed
= END OF LOG =.Transport: BIS - B (POST plug)
Result: failure
Answer: 405
Length: 1204
URL: socket: / /www.google.ca:80; deviceside = false; ConnectionType = m * Pei * li *
Journal:Connecting to a socket: / /www.google.ca:80; * only given to the RIM ISV partners.
Opening connection...
Open connection
Definition of the properties of application...
Envoy POST request:
"POST / HTTP/1.1".
Host: www.google.ca
Content-Length: 1500
Content-Type: application/octet-stream
User-Agent: Mozilla/4.0
Connection: close"
Display of 1 500 bytes...
Posted 1 500 bytes
Downloading content...
Download time: 2,041 seconds
Downloaded: 1204 bytes
Closing connection
Connection closed
= END OF LOG =.Transport: WAP (HTTP GET)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: no WAP do not service records found.
Ignored test: coverage WAP is not available
Ignored test: Please provide IP and APN WAPTransport: WAP (Socket GET)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: no WAP do not service records found.
Ignored test: coverage WAP is not available
Ignored test: Please provide IP and APN WAPTransport: WAP (HTTP POST)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: no WAP do not service records found.
Ignored test: coverage WAP is not available
Ignored test: Please provide IP and APN WAPTransport: WAP (POST plug)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: no WAP do not service records found.
Ignored test: coverage WAP is not available
Ignored test: Please provide IP and APN WAPTransport: WAP2 (HTTP GET)
Result: failure
Answer:-1
Length:-1
URL: http://www.google.ca:80 /; deviceside = true; ConnectionUID = WAP2 trans
Journal:Connection http://www.google.ca:80 /; deviceside = true; ConnectionUID = WAP2 trans
Opening connection...
Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
= END OF LOG =.Transport: WAP2 (socket GET)
Result: failure
Answer:-1
Length:-1
URL: socket: / /www.google.ca:80; deviceside = true; ConnectionUID = WAP2 trans
Journal:Connecting to a socket: / /www.google.ca:80; deviceside = true; ConnectionUID = WAP2 trans
Opening connection...
Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
= END OF LOG =.Transport: WAP2 (HTTP POST)
Result: failure
Answer:-1
Length:-1
URL: http://www.google.ca:80 /; deviceside = true; ConnectionUID = WAP2 trans
Journal:Connection http://www.google.ca:80 /; deviceside = true; ConnectionUID = WAP2 trans
Opening connection...
Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
= END OF LOG =.Transport: WAP2 (POST plug)
Result: failure
Answer:-1
Length:-1
URL: socket: / /www.google.ca:80; deviceside = true; ConnectionUID = WAP2 trans
Journal:Connecting to a socket: / /www.google.ca:80; deviceside = true; ConnectionUID = WAP2 trans
Opening connection...
Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
= END OF LOG =.Transport: WiFi (HTTP GET)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: WiFi coverage is not available
Transport: WiFi (Socket GET)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: WiFi coverage is not available
Transport: WiFi (HTTP POST)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: WiFi coverage is not available
Transport: WiFi (POST plug)
Result: failure
Answer:-1
Length:-1
URL: Not available url
Journal:Ignored test: WiFi coverage is not available
Thank you peter and jovinz
I think I have problem in httpconnectionfactory with several url parameter, as peter says
so now I have usr post url as the code below
public static void CheckConnection() { HttpConnection hc=null; try { //Wifi Connection if ( (WLANInfo.getWLANState() == WLANInfo.WLAN_STATE_CONNECTED) && RadioInfo.areWAFsSupported(RadioInfo.WAF_WLAN)) { ConstantData.postURL=";interface=wifi"; return; } //for BES or MDS Connection if(CoverageInfo.isCoverageSufficient(CoverageInfo.COVERAGE_MDS)) { boolean connectionFlag=false; String post_url; //for BES Connections post_url=""; try { hc = (HttpConnection) Connector.open("http://www.rim.com"+post_url,Connector.READ_WRITE); if(hc.getResponseCode()==HttpConnection.HTTP_OK) { connectionFlag=true; ConstantData.postURL=post_url; return; } if(hc!=null) hc.close(); } catch (Exception e) { System.out.println(e.toString()); connectionFlag=false; } //for MDS Connection if(!connectionFlag) { try { post_url = ";deviceside=false"; hc = (HttpConnection) Connector.open("http://www.rim.com"+post_url); if(hc.getResponseCode()==HttpConnection.HTTP_OK) { ConstantData.postURL=post_url; return; } if(hc!=null) hc.close(); } catch (Exception e) { System.out.println(e.toString()); } } } //for BIS Connection if(CoverageInfo.isCoverageSufficient(CoverageInfo.COVERAGE_BIS_B)) { //BIS Connection String post_url = ";deviceside=false;ConnectionType=m**-pu***c"; try { hc = (HttpConnection) Connector.open("http://www.rim.com"+post_url);//Connector.READ_WRITE if(hc.getResponseCode()==HttpConnection.HTTP_OK) { ConstantData.postURL=post_url; return; } if(hc!=null) hc.close(); } catch (Exception e) { System.out.println(e.toString()); } } //for WAP Connection if(CoverageInfo.isCoverageSufficient(CoverageInfo.COVERAGE_DIRECT)) { //for WAP Connection String post_url = null; ServiceBook sb = ServiceBook.getSB(); ServiceRecord[] records = sb.findRecordsByCid("WPTCP"); String uid = null; boolean connectionFlag=false; for(int i=0; i < records.length; i++) { if (records[i].isValid() && !records[i].isDisabled()) { if (records[i].getUid() != null && records[i].getUid().length() != 0) { if ((records[i].getUid().toLowerCase().indexOf("wifi") == -1) && (records[i].getUid().toLowerCase().indexOf("mms") == -1)) { uid = records[i].getUid(); break; } } } } if (uid != null) { post_url= ";deviceside=true;ConnectionUID=" + uid; } try { hc = (HttpConnection) Connector.open("http://www.rim.com"+post_url); if(hc.getResponseCode()==HttpConnection.HTTP_OK) { connectionFlag=true; ConstantData.postURL=post_url; return; } if(hc!=null) hc.close(); } catch (Exception e) { System.out.println(e.toString()); connectionFlag=false; } if(!connectionFlag) { post_url=";deviceside=true;apn=blackberry.net"; try { hc = (HttpConnection) Connector.open("http://www.rim.com"+post_url); if(hc.getResponseCode()==HttpConnection.HTTP_OK) { ConstantData.postURL=post_url; return; } if(hc!=null) hc.close(); } catch (Exception e) { System.out.println(e.toString()); } }} } catch (Exception e) { e.printStackTrace(); } finally { try { if(hc!=null) hc.close(); } catch (IOException e) { System.out.println(e.toString()); e.printStackTrace(); } } }
so now its works on WAP2, BIS and the WIFi works fine
the first issue of priority celluler TCP post code is also more WAP2 then
Thus, each transport time select TCP when BIS, WIFI not presend and need for apn
in any case, once again, thank you Peter and demo tools network dignostic is awasome...
-
Hello
I enabled the functionality of group-lock on a group of C2L VPN but the ASA does not add the tunnel-group-name value in the RADIUS packet sent to the server for authorization.
In the past, I used the function of locking-group several times without problem. This is the first time, it does not work and I wonder if it can depends on the old version of asa that I use (8.6.1(2)).
Here the conf and the asa debug all the RADIUS:
Configuration:
attributes of Group Policy Network_Users
value x.x.x.x DNS server
Ikev1 VPN-tunnel-Protocol
value of group-lock Network_Users
VLAN 24Debug RADIUS all the:
RADIUS packet decode (authentication request)
--------------------------------------
Data of raw packets (length = 156)...
01 cb 00 9 c 97 84 6 d 33 f0 69 ee 8f 1 c 25 a2 fa | ......m.3.i...%.
AB 08 a1 c6 0 01 a 78 30 31 35 35 36 32 33 02 12 | ... xxxxxxxx...
14 80 52 4 a 72 0e e5 a1 69 d6 ee d3 d3 b9 67 0a | .. RJr... i...g
05 06 8 b 20 00 06 06 00 00 00 02 07 06 00 00 c0 | ... ............
00 01 0e 1e 2e 2e 35 39 37 31 35 39 2nd 32 32 30. ... x.x.x.x
0f 1F 39 2e 2e 34 33 37 32 34 38 2 32 30 32 3d | .. 94.37.248.202 =.
06 00 00 00 05 42 39 2e 0f 34 33 37 2nd 32 34 38 | ..... B.94.37.248
2nd 32 30 32 04 06 16 05 21 1 a 22 00 00 00 09 ac | . 202...! » ....
1 01 c 69 70 3A 6f 73 75 72 63 65 69 70 39 3d 2d | .. IP:Source - ip = 9
2E 2e 34 33 37 32 34 38 2 32 30 32 | 4.37.248.202Packet analyzed data...
RADIUS: Code = 1 (0x01)
RADIUS: Identifier = 203 (0xCB)
RADIUS: Length = 156 (0x009C)
RADIUS: Vector: 97846DA233F069EE8F1C25FAAB08A1C6
RADIUS: Type = 1 (0x01) - user name
RADIUS: Length = 10 (0x0A)
RADIUS: Value (String) =
78 30 31 35 35 36 32 33 | xxxxxxxx
RADIUS: Type = 2 (0x02) username-password
RADIUS: Length = 18 (0x12)
RADIUS: Value (String) =
14 80 52 4 a 72 0e e5 a1 69 d6 ee d3 d3 b9 67 0a | .. RJr... I have... g
RADIUS: Type = 5 (0x05) NAS-Port
RADIUS: Length = 6 (0x06)
RADIUS: Value (Hex) = 0x8B20C000
RADIUS: Type = 6 Type of Service (0x06)
RADIUS: Length = 6 (0x06)
RADIUS: Value (Hex) = 0x2
RADIUS: Type = 7 (0x07) Framed-Protocol
RADIUS: Length = 6 (0x06)
RADIUS: Value (Hex) = 0x1
RADIUS: Type = 30 (0x1E) Called-Station-Id
RADIUS: Length = 14 (0x0E)
RADIUS: Value (String) =
2nd 2nd 35 39 37 31 35 39 2nd 32 32 30. x.x.x.x
RADIUS: Type = 31 (0x1F) Calling-Station-Id
RADIUS: Length = 15 (0x0F)
RADIUS: Value (String) =
39 2e 2e 34 33 37 32 34 38 2 32 30 32 | 94.37.248.202
RADIUS: Type = 61 (0x3D) NAS-Port-Type
RADIUS: Length = 6 (0x06)
RADIUS: Value (Hex) = 0x5
RADIUS: Type = 66 Tunnel-Client-Endpoint (0x42)
RADIUS: Length = 15 (0x0F)
RADIUS: Value (String) =
39 2e 2e 34 33 37 32 34 38 2 32 30 32 | 94.37.248.202
RADIUS: Type = 4 NAS-IP-Address (0x04)
RADIUS: Length = 6 (0x06)
RADIUS: Value (IP address) = 172.22.5.33 (0xAC160521)
RADIUS: Type = 26 (0x1A) vendor-specific
RADIUS: Length = 34 (0 x 22)
RADIUS: Vendor ID = 9 (0 x 00000009)
RADIUS: Type = 1 (0x01) Cisco-AV-pair
RADIUS: Length = 28 (0x1C)
RADIUS: Value (String) =
69 70 3A 6f 73 75 72 63 65 69 70 39 34 2nd 3d 2d is | IP:Source - ip = 94.
2e 33 37 32 34 38 2 32 30 32 | 37.248.202
Send 172.22.39.1/1812 pkt
RADIUS_SENT:Server response time
Ray mkreq: 0x1a6
alloc_rip 0x00007ffec924aa48
new application 0x1a6--> 204 (0x00007ffec924aa48)
obtained the user 'xxxxxxxx '.
has obtained the password
add_req 0x00007ffec924aa48 session 0x1a6 204 id
RADIUS_DELETE
remove_req 0x00007ffec9249ec0 0x1a5 203 session id
free_rip 0x00007ffec9249ec0
RADIUS_REQUEST
RADIUS.c: rad_mkpkt
rad_mkpkt: ip:source - ip = 94.37.248.202RADIUS packet decode (authentication request)
As mentioned previously, the package does not contain the ID 146 Tunnel-Group-Name typically added when the group-lock has been activated. I'm talking about this:
RADIUS: Type = 26 (0x1A) vendor-specific
RADIUS: Length = 32 (0x20)
RADIUS: Vendor ID = 3076 (0x00000C04)
RADIUS: Type = 146 (0 x 92) - Tunnel-group name
RADIUS: Length = 26 (0x1A)
RADIUS: Value (String) =
54 45 5f 4 c 56 50 4th 5f 49 6e 74 72 61 6 65 74 | Network_Users
RADIUS: Type = 26 (0x1A) vendor-specific
RADIUS: Length = 12 (0x0C)
RADIUS: Vendor ID = 3076 (0x00000C04)
RADIUS: Type = 150 (0 x 96) Client-Type
RADIUS: Length = 6 (0x06)
RADIUS: Value (integer) = 1 (0x0001)Thank you
Maurizio
I wonder if your problem is related to this bug:
Maybe upgrade to 8.6.1(5) or later will solve the problem.
--
Please do not forget to select a correct answer and rate useful posts
Maybe you are looking for
-
I have a macbook pro with the retina display 2015. I have a vga screen and a hdmi adapter. Whenever I connect the Hdmi adapter on my mac and plug on my screen of my Mac screen to him becomes black and it does not work. Can someone please give me a so
-
AppleScript for recover data from Spotlight
Here's a challenge for you all... Projector in El Capitan can provide much more information, i.e. weather, sports scores and so on. Now, I already have an AppleScript script that allows the user to enter something, and then it will call Spotlight and
-
Our office on Mac, we use Messages and the Bonjour service to discuss among themselves. We have a mix of users Yosemite and El Capitan. I'm trying to set up some groups, but if I try to send a message to multiple users, their names turns red and gi
-
Hi all Anyone know what is the maximum number of points of access supported by Cisco 2504 WLC? According to the data sheet's 75: http://www.Cisco.com/en/us/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html But according to the
-
IAM trying to install Adobe In Design CS2 but only allowing the use of 30 days... Do you know how I can get this to run as needed?