IPSec tunnels does not work

I have 2 Cat6, with IPsec SPA card, while the other did not.

I tried setting IPsec tunnel between them, but somehow can't bring up the tunnel, can someone help me to watch set it up?

A (with SPA):

crypto ISAKMP policy 1

BA aes 256

preshared authentication

Group 5

ISAKMP crypto cisco123 key address 0.0.0.0 0.0.0.0

ISAKMP crypto keepalive 10

Crypto ipsec transform-set esp - aes 256 esp-sha-hmac testT1

!

Crypto ipsec profile P1

Set transform-set testT1

!

Crypto call admission limit ike his 3000

!

Crypto call admission limit ike in-negotiation-sa 115

!

interface Tunnel962

Loopback962 IP unnumbered

tunnel GigabitEthernet2/37.962 source

tunnel destination 172.16.16.6

ipv4 ipsec tunnel mode

Profile of tunnel P1 ipsec protection

interface GigabitEthernet2/37.962

encapsulation dot1Q 962

IP 172.16.16.5 255.255.255.252

interface Loopback962

1.1.4.200 the IP 255.255.255.255

IP route 2.2.4.200 255.255.255.255 Tunnel962

B (wuthout SPA):

crypto ISAKMP policy 1

BA aes 256

preshared authentication

Group 5

ISAKMP crypto cisco123 key address 0.0.0.0 0.0.0.0

!

!

Crypto ipsec transform-set esp - aes 256 esp-sha-hmac T1

!

Crypto ipsec profile P1

game of transformation-T1

interface Tunnel200

Loopback200 IP unnumbered

tunnel GigabitEthernet2/1.1 source

tunnel destination 172.16.16.5

ipv4 ipsec tunnel mode

Profile of tunnel T1 ipsec protection

interface Loopback200

2.2.4.200 the IP 255.255.255.255

interface GigabitEthernet2/1.1

encapsulation dot1Q 962

IP 172.16.16.6 255.255.255.252

IP route 1.1.4.200 255.255.255.255 Tunnel200

I can ping from 172.16.16.6 to 172.16.16.5, but the tunnel just can not upwards. When I turned on "debugging ipsec cry ' and ' debug cry isa", nothing comes out, when I trun on 'cry of debugging sciences', I got:

"00:25:17: crypto_engine_select_crypto_engine: can't handle more."

Hello

You need a map of IPSEC SPA on chassis B do IPSEC encryption. Please see the below URL for more details.

Without a SPA-IPSEC - 2G or IPsec VPN Services Module of acceleration, the IPsec network security feature (configured with the crypto ipsec command) is supported in the software only for administrative for Catalyst 6500 series switches and routers for the Cisco 7600 Series connections.

http://www.Cisco.com/en/us/docs/switches/LAN/catalyst6500/IOS/12.2SXF/native/release/notes/OL_4164.html

Kind regards

Arul

* Rate pls if it helps *.

Tags: Cisco Security

Similar Questions

  • IPSec tunnel does not work

    Hi all

    We have an IPSec tunnel that does not work. I think that Phase 2 is not established but I don't know why.

    Add the output and the newspaper.

    Thanks for your help

    ASA-VPN-PRI/act/pri # sh crypto isakmp his
    !
    13 peer IKE: 91.209.243.5
    Type: L2L role: answering machine
    Generate a new key: no State: MM_ACTIVE

    !

    ASA-VPN-PRI/act/pri # sh crypto isakmp his | include the 91.209.243.5
    12 peer IKE: 91.209.243.5
    ASA-VPN-PRI/act/pri #.

    ASA-VPN-PRI/act/pri # sh crypto ipsec his | include the 91.209.243.5
    ASA-VPN-PRI/act/pri #.

    7. December 17, 2014 | 15: 40:48 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = c516994b) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: 40:48 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
    7. December 17, 2014 | 15: 40:48 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
    7. December 17, 2014 | 15: 40:48 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d6c)
    7. December 17, 2014 | 15: 40:48 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d6c)
    7. December 17, 2014 | 15: 40:48 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
    7. December 17, 2014 | 15: 40:48 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
    7. December 17, 2014 | 15: 40:48 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = 29bf4142) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: 40:43 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = b72ddf0a) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: 40:43 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
    7. December 17, 2014 | 15: 40:43 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
    7. December 17, 2014 | 15: 40:43 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d6b)
    7. December 17, 2014 | 15: 40:43 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d6b)
    7. December 17, 2014 | 15: 40:43 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
    7. December 17, 2014 | 15: 40:43 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
    7. December 17, 2014 | 15: 40:43 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = ae5305df) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: 40:38 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = b796798d) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: 40:38 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
    7. December 17, 2014 | 15: 40:38 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
    7. December 17, 2014 | 15: 40:38 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d6a)
    7. December 17, 2014 | 15: 40:38 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d6a)
    7. December 17, 2014 | 15: 40:38 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
    7. December 17, 2014 | 15: 40:38 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
    7. December 17, 2014 | 15: 40:38 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = 98241c 63) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: 40:33 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = e233621d) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: 40:33 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
    7. December 17, 2014 | 15: 40:33 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
    7. December 17, 2014 | 15: 40:33 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d69)
    7. December 17, 2014 | 15: 40:33 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d69)
    7. December 17, 2014 | 15: 40:33 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
    7. December 17, 2014 | 15: 40:33 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
    7. December 17, 2014 | 15: 40:33 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = 36ecdf6a) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: is.40:28 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = cb1b978d) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: is.40:28 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
    7. December 17, 2014 | 15: is.40:28 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
    7. December 17, 2014 | 15: is.40:28 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d68)
    7. December 17, 2014 | 15: is.40:28 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d68)
    7. December 17, 2014 | 15: is.40:28 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
    7. December 17, 2014 | 15: is.40:28 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
    7. December 17, 2014 | 15: is.40:28 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = f25bcdb5) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: 40:23 | 713236 | IP = 91.209.243.5, IKE_DECODE SEND Message (msgid = 32bca075) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84
    7. December 17, 2014 | 15: 40:23 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, build payloads of hash qm
    7. December 17, 2014 | 15: 40:23 | 715046 | Group = 91.209.243.5, IP = 91.209.243.5, payload of empty hash construction
    7. December 17, 2014 | 15: 40:23 | 715036 | Group = 91.209.243.5, IP = 91.209.243.5, sending persistent type DPD R-U-HERE-ACK (seq number 0x7d67)
    7. December 17, 2014 | 15: 40:23 | 715075 | Group = 91.209.243.5, IP = 91.209.243.5, received persistent type DPD R-U-LÀ (seq number 0x7d67)
    7. December 17, 2014 | 15: 40:23 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, processing notify payload
    7. December 17, 2014 | 15: 40:23 | 715047 | Group = 91.209.243.5, IP = 91.209.243.5, payload of hash of treatment
    7. December 17, 2014 | 15: 40:23 | 713236 | IP = 91.209.243.5, IKE_DECODE RECEIPT Message (msgid = a3f0e3f9) with payloads: HDR + HASH (8) + NOTIFY (11) + (0) NONE total length: 84

    Please repeat the debug with "debug crypto isakmp 100". And compare the config of the Phase 2 on both sides:

    1. Is what ACL crypto exactly in the opposite direction on both sides?
    2. Your transformation sets include exactly the same algorithms?
  • Router Cisco client VPN SPlit tunnel does not work

    Hello!
    I have configured the Cisco VPN CLient on a 2821 router, and it works fine.
    I could access the inside resourses normally >
    the problem is that when I connect with VPN I lost internet connectivity?

    What wrong with my setup?

    Below the current configuration of the router.
    Kind regards!

    CISCO2821 #sh run

    Building configuration...

    Current configuration: 5834 bytes

    !

    version 12.4

    horodateurs service debug datetime msec

    Log service timestamps datetime msec

    no password encryption service

    !

    hostname CISCO2821

    !

    boot-start-marker

    start the flash c2800nm-adventerprisek9 - mz.124 - 20.T.bin system

    boot-end-marker

    !

    forest-meter operation of syslog messages

    logging buffered 51200 warnings

    !

    AAA new-model

    !

    !

    connection local VPN-LOCAL-AUTHENTIC AAA authentication

    local AAA authorization network VPN-LOCAL-AUTHOR

    !

    !

    AAA - the id of the joint session

    !

    dot11 syslog

    IP source-route

    !

    !

    IP cef

    !

    !

    "yourdomain.com" of the IP domain name

    8.8.8.8 IP name-server

    No ipv6 cef

    !

    Authenticated MultiLink bundle-name Panel

    !

    !

    voice-card 0

    No dspfarm

    !

    !

    username secret privilege 0 vpn 5 $1$ tCf1$ XAxQWtDRYdfy9g3JpVSvZ.

    Archives

    The config log

    hidekeys

    !

    !

    crypto ISAKMP policy 44

    BA aes

    preshared authentication

    Group 2

    life 44444

    !

    ISAKMP crypto group configuration of VPN client

    key VPNVPNVPN

    VPN-pool

    ACL VPN-ACL-SPLIT

    Max-users 5000

    !

    !

    ISAKMP crypto ISAKMP-VPN-profile

    identity VPN group match

    list of authentication of client VPN-LOCAL-AUTHENTIC

    VPN-LOCAL-AUTHOR of ISAKMP authorization list.

    client configuration address respond

    Configuration of VPN client group

    virtual-model 44

    !

    !

    Crypto ipsec transform-set VPN - SET esp - aes esp-sha-hmac

    !

    Crypto ipsec VPN-profile

    transformation-VPN-SET game

    Set isakmp VPN ISAKMP-PROFILE

    !

    !

    interface GigabitEthernet0/0

    IP 192.168.2.214 255.255.255.0

    NAT outside IP

    IP virtual-reassembly

    IP tcp adjust-mss 1412

    automatic duplex

    automatic speed

    !

    interface GigabitEthernet0/1

    IP 192.168.1.1 255.255.255.0

    IP nat inside

    IP virtual-reassembly

    IP tcp adjust-mss 1412

    automatic duplex

    automatic speed

    !

    interface FastEthernet0/0/0

    no ip address

    Shutdown

    automatic duplex

    automatic speed

    !

    type of interface virtual-Template44 tunnel

    IP unnumbered GigabitEthernet0/0

    ipv4 ipsec tunnel mode

    Tunnel ipsec VPN-PROFILE protection profile

    !

    interface Dialer0

    no ip address

    IP mtu 1452

    IP virtual-reassembly

    Shutdown

    !

    local pool IP VPN-POOL 192.168.1.150 192.168.1.250

    IP forward-Protocol ND

    IP http server

    IP 8081 http port

    23 class IP http access

    local IP http authentication

    no ip http secure server

    IP http timeout policy slowed down 60 life 86400 request 10000

    !

    !

    IP nat inside source list ACL - NAT interface GigabitEthernet0/0 overload

    !

    IP access-list standard ACL-TELNET

    allow a

    !

    extended ACL - NAT IP access list

    ip permit 192.168.1.0 0.0.0.255 any

    IP extended ACL-VPN-SPLIT access list

    ip permit 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255

    scope of access to IP-VPN-ACL-SPLIT list

    !

    control plan

    !

    exec banner ^ C

    % Warning of password expiration.

    -----------------------------------------------------------------------

    Professional configuration Cisco (Cisco CP) is installed on this device

    and it provides the default username "cisco" single use. If you have

    already used the username "cisco" to connect to the router and your IOS image

    supports the option "unique" user, that user name is already expired.

    You will not be able to connect to the router with the username when you leave

    This session.

    It is strongly recommended that you create a new user name with a privilege level

    15 using the following command.

    username secret privilege 15 0

    Replace and with the username and password you want

    use.

    -----------------------------------------------------------------------

    Line con 0

    exec-timeout 0 0

    Synchronous recording

    line to 0

    line vty 0 4

    ACL-TELNET access class in

    exec-timeout 30 0

    privilege level 15

    Synchronous recording

    transport input telnet ssh

    line vty 5 15

    ACL-TELNET access class in

    exec-timeout 30 0

    privilege level 15

    Synchronous recording

    transport input telnet ssh

    line vty 16 988

    ACL-TELNET access class in

    exec-timeout 30 0

    Synchronous recording

    transport input telnet ssh

    !

    Scheduler allocate 20000 1000

    end

    CISCO2821 #.

    I think that you made a mistake with your ACL name. the ACL applied is "VPN-ACL-SPLIT" which is an empty ACL. You must switch to that of "ACL-VPN-SPLIT" that has the entry "ip 192.168.1.0 allow 0.0.0.255 192.168.1.0 0.0.0.255" inside.

  • IPSEC tunnels does not connect

    Out of sudden IPSEC tunnel on remote site 202.68.211.20 is not plug in. Previously is OK. There is no change in config.

    IKE Phase 1 even not connect.

    I'm debugging, but I don't know what could be the error.

    -----------------------------------------------------------------------------

    = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = PuTTY connect 2016.05.12 15:19:36 = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ = ~ =.
    12 May 12:06:50 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
    12 May 12:06:50 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
    12 May 12:06:53 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
    12 May 12:06:53 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
    12 May 12:06:54 [IKEv1 DEBUG]: IP = 202.68.211.20, case of mistaken IKE MM Initiator WSF (struct & 0xd84aff40) , : MM_DONE, EV_ERROR--> MM_WAIT_MSG2, EV_RETRY--> MM_WAIT_MSG2, EV_TIMEOUT--> MM_WAIT_MSG2 NullEvent--> MM_SND_MSG1, EV_SND_MSG--> MM_SND_MSG1, EV_START_TMR--> MM_SND_MSG1, EV_RESEND_MSG--> MM_WAIT_MSG2, EV_RETRY
    12 May 12:06:54 [IKEv1 DEBUG]: IP = 202.68.211.20, IKE SA MM:914f04ce ending: flags 0 x 01000022, refcnt 0, tuncnt 0
    12 May 12:06:54 [IKEv1 DEBUG]: IP = 202.68.211.20, sending clear/delete with the message of reason
    12 May 12:06:59 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
    12 May 12:06:59 [IKEv1]: IP = 202.68.211.20, initiator of IKE: New Phase 1, Intf internal, IKE Peer 202.68.211.20 address proxy local 10.215.20.0 address remote Proxy 10.210.0.0, Card Crypto (VPN_map)
    12 May 12:06:59 [IKEv1 DEBUG]: IP = 202.68.211.20, build the payloads of ISAKMP security
    12 May 12:06:59 [IKEv1 DEBUG]: IP = 202.68.211.20, construction of Fragmentation VID + load useful functionality
    12 May 12:06:59 [IKEv1]: IP = 202.68.211.20, IKE_DECODE SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
    12 May 12:07 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
    12 May 12:07 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
    12 May 12:07:03 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
    12 May 12:07:03 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
    12 May 12:07:07 [IKEv1]: IP = 202.68.211.20, IKE_DECODE new SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
    12 May 12:07:09 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
    12 May 12:07:09 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
    12 May 12:07:15 [IKEv1]: IP = 202.68.211.20, IKE_DECODE new SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
    12 May 12:07:23 [IKEv1]: IP = 202.68.211.20, IKE_DECODE new SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
    12 May 12:07:31 [IKEv1 DEBUG]: IP = 202.68.211.20, case of mistaken IKE MM Initiator WSF (struct & 0xd8457958) , : MM_DONE, EV_ERROR--> MM_WAIT_MSG2, EV_RETRY--> MM_WAIT_MSG2, EV_TIMEOUT--> MM_WAIT_MSG2 NullEvent--> MM_SND_MSG1, EV_SND_MSG--> MM_SND_MSG1, EV_START_TMR--> MM_SND_MSG1, EV_RESEND_MSG--> MM_WAIT_MSG2, EV_RETRY
    12 May 12:07:31 [IKEv1 DEBUG]: IP = 202.68.211.20, IKE SA MM:be63ea64 ending: flags 0 x 01000022, refcnt 0, tuncnt 0
    12 May 12:07:31 [IKEv1 DEBUG]: IP = 202.68.211.20, sending clear/delete with the message of reason
    12 May 12:07:37 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
    12 May 12:07:37 [IKEv1]: IP = 202.68.211.20, initiator of IKE: New Phase 1, Intf internal, IKE Peer 202.68.211.20 address proxy local 10.215.20.0 address remote Proxy 10.210.0.0, Card Crypto (VPN_map)
    12 May 12:07:37 [IKEv1 DEBUG]: IP = 202.68.211.20, build the payloads of ISAKMP security
    12 May 12:07:37 [IKEv1 DEBUG]: IP = 202.68.211.20, construction of Fragmentation VID + load useful functionality
    12 May 12:07:37 [IKEv1]: IP = 202.68.211.20, IKE_DECODE SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
    12 May 12:07:40 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0

    12 May 12:07:40 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
    12 May 12:07:45 [IKEv1]: IP = 202.68.211.20, IKE_DECODE new SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
    12 May 12:07:46 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
    12 May 12:07:46 [IKEv1]: IP = 202.68.211.20, Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
    12 May 12:07:53 [IKEv1]: IP = 202.68.211.20, IKE_DECODE new SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 112
    q

    Hello

    It seems that the tunnel is blocked to MSG_2.

    You can check if the UDP 500 traffic is not blocked between peers?

    Please check with your provider.

    Kind regards

    Aditya

    Please evaluate the useful messages and mark the correct answers.

  • IPSec tunnels do not work

    Hello

    I practice a bit with 2 CISCO 2811 routers and 2621. I did the basic configuration for an IPSec connection, but the tunnel seems not to lead. Also, I can ping the external interface of the other router, but I cannot ping inside network behind each of them. Any ideas? The external interface are connected via a cable UTP croosover. Here's the sh run of each:

    2621 router:

    !

    version 12.2

    horodateurs service debug uptime

    Log service timestamps uptime

    encryption password service

    !

    hostname RPrueba2

    !

    logging buffered 51200 warnings

    enable secret 5 $1$ oNw1$ SQaqP.FazBuaiVZ3MHte70

    !

    username supervisor privilege 15 password 7 07062F49420C1A110513

    voice-card 1

    !

    IP subnet zero

    !

    !

    !

    !

    crypto ISAKMP policy 1

    md5 hash

    preshared authentication

    ISAKMP crypto keys Inelectra address 20.20.20.21

    !

    !

    Crypto ipsec transform-set base esp - esp-md5-hmac

    !

    Armadillo 1 ipsec-isakmp crypto map

    defined by peer 20.20.20.21

    security-association value seconds of life 4000

    Set transform-set basic

    PFS Group1 Set

    match address 101

    !

    call the rsvp-sync

    !

    !

    !

    !

    !

    !

    controller E1 1/0

    !

    !

    !

    interface FastEthernet0/0

    IP 192.168.250.1 255.255.255.0

    automatic duplex

    automatic speed

    !

    interface Serial0/0

    no ip address

    Shutdown

    !

    interface FastEthernet0/1

    IP 20.20.20.1 255.255.255.0

    automatic duplex

    automatic speed

    Armadillo card crypto

    !

    interface Serial0/1

    no ip address

    Shutdown

    !

    interface Serial0/2

    no ip address

    Shutdown

    !

    !

    IP classless

    IP route 0.0.0.0 0.0.0.0 20.20.20.21

    IP http server

    !

    !

    !

    !

    !

    !

    !

    !

    !

    access-list 101 permit ip 192.168.250.0 0.0.0.255 any

    access-list 102 permit ip 192.168.250.0 0.0.0.255 192.168.240.0 0.0.0.255

    !

    !

    Dial-peer cor custom

    !

    !

    !

    !

    !

    Line con 0

    password 7 020F0A5E07030C355E4F

    opening of session

    line to 0

    line vty 0 4

    privilege level 15

    password 7 12100B121E0E0F10382A

    opening of session

    transport input telnet ssh

    !

    end

    2811 router:

    !

    version 12.4

    horodateurs service debug datetime msec

    Log service timestamps datetime msec

    no password encryption service

    !

    hostname RPrueba

    !

    boot-start-marker

    boot-end-marker

    !

    logging buffered 51200 warnings

    enable secret 5 $1$ oNw1$ SQaqP.FazBuaiVZ3MHte70

    !

    No aaa new-model

    !

    resources policy

    !

    iomem 15 memory size

    No network-clock-participate wic 1

    IP subnet zero

    !

    !

    IP cef

    !

    !

    !

    !

    voice-card 0

    No dspfarm

    !

    username supervisor privilege 15 password 7 07062F49420C1A110513

    !

    !

    controller E1 1/0/0

    !

    !

    crypto ISAKMP policy 1

    md5 hash

    preshared authentication

    ISAKMP crypto keys Inelectra address 20.20.20.1

    !

    !

    Crypto ipsec transform-set Ineset ah-md5-hmac esp - a

    Crypto ipsec transform-set base esp - esp-md5-hmac

    !

    Armadillo 1 ipsec-isakmp crypto map

    defined by peer 20.20.20.1

    security-association value seconds of life 4000

    Set transform-set basic

    PFS Group1 Set

    match address 102

    !

    !

    !

    !

    interface FastEthernet0/0

    IP 192.168.240.1 255.255.255.0

    automatic duplex

    automatic speed

    !

    interface FastEthernet0/1

    IP 20.20.20.21 255.255.255.0

    automatic duplex

    automatic speed

    Armadillo card crypto

    !

    interface Serial0/0/0

    no ip address

    Shutdown

    no fair queue

    2000000 clock frequency

    !

    interface Serial0/0/1

    no ip address

    Shutdown

    2000000 clock frequency

    !

    IP classless

    IP route 0.0.0.0 0.0.0.0 20.20.20.1

    !

    !

    IP http server

    no ip http secure server

    !

    access-list 101 permit ip 192.168.240.0 0.0.0.255 any

    access-list 102 permit ip 192.168.240.0 0.0.0.255 192.168.250.0 0.0.0.255

    !

    control plan

    !

    Line con 0

    password 7 020F0A5E07030C355E4F

    opening of session

    line to 0

    line vty 0 4

    privilege level 15

    password 7 12100B121E0E0F10382A

    opening of session

    transport input telnet ssh

    !

    Scheduler allocate 20000 1000

    !

    end

    I also tried the isakmp crypto see the its and there is nothing on the table. Thanks for any help.

    Gustavo

    Under card crypto router armadilloin 2621 =

    Use the ACL 102 crypto instead of 101.

    match address 102

    And then disable the isakmp its ipsec and its

    then try to ping.

  • integrated macOS Sierra Cisco IPsec VPN does not work anymore (impossible to validate the server certificate)

    Hello

    I just upgraded to macOS Sierra and built-in Cisco IPsec VPN no longer works. When you try to connect, I get a "cannot validate the certificate of the server. "Check your settings and try to reconnect" error message. I use Cisco ASA with self-signed certificates and everything worked fine with previous versions of OS X.

    Please help me, I need my VPN Thx a lot

    I am having the same problem with StrongSwan and help cert signed with the channel to complete certificates included in the pkcs12 file imported to the keychain. It was working properly in El Capitan, but now broken in the Sierra.

  • RTMPT / Tunneling does not work

    I have Flash Media Streaming Server 3 running on a Windows 2003 with IIS 6 computer. I can see the samples of video on demand, locally and remotely very well using rtmp, but not rtmpt. I have disabled the socket pooling using httpcfg, but FMS 3 does not seem to be binding for all IP addresses on port 80. Next steps?

    HBZ

    You can add ports in a comma-delimited list:

    ADAPTER. HOSTPORT = xxx.xxx.xxx.12:1935, 80

    Then restart the service of the FMS, and you should be all set. You can run netstat-nab from the command prompt to ensure that the FMS is bound to port 80

  • Microsoft Teredo Tunneling adapter device"does not work correctly.

    Hi Sir/Madam

    Hello, can you help me find driver problems, sir.i am on hp pavilion g6 Series notebook.i found this message there, Windows reports that the "Microsoft Teredo Tunneling adapter" device is working properly. But I opened the Device Manager and I found the icon and I double click and then try to update the driver software but I found ago encountered a problem... This device does not work... Sir can you help me solve this problem... Thank you for your time

    Hi Binet1,

    Thank you for visiting the Forums HP's Support and welcome. I read your thread on your HP Pavilion g6-2225tu issues of driver for laptop and have on the Teredo Tunneling pseudo-interface. Right click and delete all Teredo Tunneling pseudo-interface. Restart the computer. You could update driver software by right click, browse computer for driver software. Select let me pick from a list of device on my computer-> network adapter drivers > Microsoft > adapter Microsoft Teredo tunneling.  You can enable system restore by following this document.

    I'd be happy to help you if necessary because there are many models of HPNotebook, I need the model number. How can I find my model number or product number?
    Please respond with an operating system that you are running:
    Operating system Windows am I running?

    Please let me know.

    Thank you.

  • Microsoft Teredo Tunneling adapter does not work correctly and my pc works too slowly to start and stop.

    Original title: hardware device

    Please help me...

    My Microsoft Teredo Tunneling adapter does not work correctly... I tried to reinstall it but it is impossible to install...

    So what to do so adpter may work correctly...

    And my pc runs too slowly (at startup and shutdown also)

    Help help me soon...

    Thank you...

    Hi Harshhh36,

    Usually, after the computer restarts, the drivers install automatically and it will stop the errors.

    You can also refer to the computer or the network card manufacturer's Web site to download and install the latest version of the drivers for the network card.

    You can also check in the updates of windows updates available for the network adapter driver.

    For more information, see the article:

    Automatically get recommended drivers and updates for your hardware

  • ASA 8.6 - l2l IPsec tunnel established - not possible to ping

    Hello world

    I have a problem of configuration of the CISCO ASA 5512-x (IOS 8.6).

    The IPsec tunnel is created between ASA and an another non-CISCO router (hereinafter "router"). I can send packets ping from router to ASA, but ASA is NOT able to meet these demands. Sending requests of ASA is also NOT possible.

    I'm trying to interconnect with the network 192.168.2.0/24 (CISCO, interface DMZ) premises and 192.168.3.0/24 (router).

    The CISCO ASA has a static public IP address. The router has a dynamic IP address, so I use the dynamic-map option...

    Here is the output of "show run":

    ---------------------------------------------------------------------------------------------------------------------------------------------

    ASA 1.0000 Version 2

    !

    ciscoasa hostname

    activate oBGOJTSctBcCGoTh encrypted password

    2KFQnbNIdI.2KYOU encrypted passwd

    names of

    !

    interface GigabitEthernet0/0

    nameif outside

    security-level 0

    address IP X.X.X.X 255.255.255.0

    !

    interface GigabitEthernet0/1

    nameif inside

    security-level 100

    the IP 192.168.0.1 255.255.255.0

    !

    interface GigabitEthernet0/2

    nameif DMZ

    security-level 50

    IP 192.168.2.1 255.255.255.0

    !

    interface GigabitEthernet0/3

    Shutdown

    No nameif

    no level of security

    no ip address

    !

    interface GigabitEthernet0/4

    Shutdown

    No nameif

    no level of security

    no ip address

    !

    interface GigabitEthernet0/5

    Shutdown

    No nameif

    no level of security

    no ip address

    !

    interface Management0/0

    nameif management

    security-level 100

    IP 192.168.1.1 255.255.255.0

    management only

    !

    passive FTP mode

    internal subnet object-

    192.168.0.0 subnet 255.255.255.0

    object Web Server external network-ip

    host Y.Y.Y.Y

    Network Web server object

    Home 192.168.2.100

    network vpn-local object - 192.168.2.0

    Subnet 192.168.2.0 255.255.255.0

    network vpn-remote object - 192.168.3.0

    subnet 192.168.3.0 255.255.255.0

    outside_acl list extended access permit tcp any object Web server

    outside_acl list extended access permit tcp any object webserver eq www

    access-list l2l-extensive list allowed ip, vpn-local - 192.168.2.0 vpn-remote object - 192.168.3.0

    dmz_acl access list extended icmp permitted an echo

    pager lines 24

    asdm of logging of information

    Outside 1500 MTU

    Within 1500 MTU

    MTU 1500 DMZ

    management of MTU 1500

    ICMP unreachable rate-limit 1 burst-size 1

    don't allow no asdm history

    ARP timeout 14400

    NAT (DMZ, outside) static static vpn-local destination - 192.168.2.0 vpn-local - 192.168.2.0, 192.168.3.0 - remote control-vpn vpn-remote control - 192.168.3.0

    !

    internal subnet object-

    NAT dynamic interface (indoor, outdoor)

    Network Web server object

    NAT (DMZ, outside) Web-external-ip static tcp www www Server service

    Access-Group global dmz_acl

    Route outside 0.0.0.0 0.0.0.0 Z.Z.Z.Z 1

    Timeout xlate 03:00

    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

    timeout tcp-proxy-reassembly 0:01:00

    Floating conn timeout 0:00:00

    dynamic-access-policy-registration DfltAccessPolicy

    identity of the user by default-domain LOCAL

    Enable http server

    http 192.168.1.0 255.255.255.0 management

    No snmp server location

    No snmp Server contact

    Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

    IKEv1 crypto ipsec transform-set ikev1-trans-set esp-3des esp-md5-hmac

    Crypto ipsec ikev2 proposal ipsec 3des-GNAT

    Esp 3des encryption protocol

    Esp integrity md5 Protocol

    Crypto dynamic-map dynMidgeMap 1 match l2l-address list

    Crypto dynamic-map dynMidgeMap 1 set pfs

    Crypto dynamic-map dynMidgeMap 1 set ikev1 ikev1-trans-set transform-set

    Crypto dynamic-map dynMidgeMap 1 set ikev2 ipsec-proposal 3des-GNAT

    Crypto dynamic-map dynMidgeMap 1 life span of seconds set association security 28800

    Crypto dynamic-map dynMidgeMap 1 the value reverse-road

    midgeMap 1 card crypto ipsec-isakmp dynamic dynMidgeMap

    midgeMap interface card crypto outside

    ISAKMP crypto identity hostname

    IKEv2 crypto policy 1

    3des encryption

    the md5 integrity

    Group 2

    FRP md5

    second life 86400

    Crypto ikev2 allow outside

    Crypto ikev1 allow outside

    IKEv1 crypto policy 1

    preshared authentication

    3des encryption

    md5 hash

    Group 2

    life 86400

    Telnet timeout 5

    SSH timeout 5

    Console timeout 0

    management of 192.168.1.2 - dhcpd address 192.168.1.254

    enable dhcpd management

    !

    a basic threat threat detection

    Statistics-list of access threat detection

    no statistical threat detection tcp-interception

    WebVPN

    internal midgeTrialPol group policy

    attributes of the strategy of group midgeTrialPol

    L2TP ipsec VPN-tunnel-Protocol ikev1, ikev2

    enable IPSec-udp

    tunnel-group midgeVpn type ipsec-l2l

    tunnel-group midgeVpn General-attributes

    Group Policy - by default-midgeTrialPol

    midgeVpn group of tunnel ipsec-attributes

    IKEv1 pre-shared-key *.

    remote control-IKEv2 pre-shared-key authentication *.

    pre-shared-key authentication local IKEv2 *.

    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    type of policy-card inspect dns preset_dns_map

    parameters

    maximum message length automatic of customer

    message-length maximum 512

    Policy-map global_policy

    class inspection_default

    inspect the preset_dns_map dns

    inspect the ftp

    inspect h323 h225

    inspect the h323 ras

    inspect the rsh

    inspect the rtsp

    inspect esmtp

    inspect sqlnet

    inspect the skinny

    inspect sunrpc

    inspect xdmcp

    inspect the sip

    inspect the netbios

    inspect the tftp

    Review the ip options

    !

    global service-policy global_policy

    context of prompt hostname

    no remote anonymous reporting call

    Cryptochecksum:fa02572f9ff8add7bbfe622a4801e606

    : end

    ------------------------------------------------------------------------------------------------------------------------------

    X.X.X.X - ASA public IP

    Y.Y.Y.Y - a web server

    Z.Z.Z.Z - default gateway

    -------------------------------------------------------------------------------------------------------------------------------

    ASA PING:

    ciscoasa # ping DMZ 192.168.3.1

    Type to abort escape sequence.

    Send 5, echoes ICMP 100 bytes to 192.168.3.1, time-out is 2 seconds:

    ?????

    Success rate is 0% (0/5)

    PING from router (debug on CISCO):

    NAT ciscoasa #: untranslation - outside:192.168.2.1/0 to DMZ:192.168.2.1/0

    NAT: untranslation - outside:192.168.2.1/0 to DMZ:192.168.2.1/0

    NAT: untranslation - outside:192.168.2.1/0 to DMZ:192.168.2.1/0

    Outside ICMP echo request: 192.168.3.1 DMZ:192.168.2.1 ID = 3859 seq = 0 len = 40

    Outside ICMP echo request: 192.168.3.1 DMZ:192.168.2.1 ID = 3859 seq = 1 len = 40

    Outside ICMP echo request: 192.168.3.1 DMZ:192.168.2.1 ID = 3859 seq = 2 len = 40

    Outside ICMP echo request: 192.168.3.1 DMZ:192.168.2.1 ID = 3859 seq = len 3 = 40

    -------------------------------------------------------------------------------------------------------------------------------

    ciscoasa # show the road outside

    Code: C - connected, S - static, RIP, M - mobile - IGRP, R - I, B - BGP

    D - EIGRP, OSPF, IA - external EIGRP, O - EX - OSPF inter zone

    N1 - type external OSPF NSSA 1, N2 - type external OSPF NSSA 2

    E1 - OSPF external type 1, E2 - external OSPF of type 2, E - EGP

    i - IS - L1 - IS - IS level 1, L2 - IS - IS IS level 2, AI - IS inter zone

    * - candidate by default, U - static route by user, o - ODR

    P periodical downloaded static route

    Gateway of last resort is Z.Z.Z.Z to network 0.0.0.0

    C Z.Z.Z.0 255.255.255.0 is directly connected to the outside of the

    S 192.168.3.0 255.255.255.0 [1/0] via Z.Z.Z.Z, outdoors

    S * 0.0.0.0 0.0.0.0 [1/0] via Z.Z.Z.Z, outdoors

    -------------------------------------------------------------------------------------------------------------------------------

    Do you have an idea that I am wrong? Probably some bad NAT/ACL I suppose, but I could always find something only for 8.4 iOS and not 8.6... Perhaps and no doubt I already missed the configuration with the unwanted controls, but I've tried various things...

    Please, if you have an idea, let me know! Thank you very much!

    Hello

    I've never used "global" option in ACL, but it looks to be the origin of the problem. Cisco doc.

    "The global access rules are defined as a special ACL that is processed for each interface on the device for incoming traffic in the interface. Thus, although the ACL is configured once on the device, it acts as an ACL defined for Management In secondary interface-specific. (Global rules are always in the direction of In, never Out Management). "

    You ACL: access-list extended dmz_acl to any any icmp echo

    For example, when you launch the ASA, there is an echo response from the router on the external interface--> global can block.

    Then to initiate router, the ASA Launches echo-reply being blocked again.

    Try to add permit-response to echo as well.

    In addition, you can use both "inspect icmp" in world politics than the ACL.

    If none does not work, you can run another t-shoot with control packet - trace on SAA.

    THX

    MS

  • excludespecified does not work

    Hello world

    I worked with a VPN for remote access, where everything must be sent through the tunnel via VPN, but specific to a public IP traffic. I tried to use the "excludedspcified" statement in group policy, but it does not work. When the VPN Client must be connected to the ASA and I check the details of router-> secure routes I can only see 0.0.0.0/0. But when I use the statament of "tunnelespecified" it works as it should and Secure routers are registered correctly.

    My configuration is:

    standard permits the TUNNEL of SPLITTING host 72.XX access list. XX. XX

    !

    internal TEST group strategy

    TEST group policy attributes

    Protocol-tunnel-VPN IPSec

    Split-tunnel-policy excludespecified

    Split-tunnel-network-list value of SPLIT TUNNEL

    !

    type tunnel-group TEST remote access

    General attributes of tunnel-group TEST

    address admin-pool pool

    Group-RADIUS authentication server

    Group Policy - by default-TEST

    IPSec-attributes of tunnel-group TEST

    pre-shared-key *.

    I find a Bug or something, but I found nothing. These are versions of software:

    ASA: 8.2 (1) 11

    ASDM: 6.2 (1)

    VPN client: 5.0.07.0410

    Thanks in advance,

    Jose

    Hello Jose,.

    In your VPN client, you selected the checkbox "allow LAN access?

    Can you please test with this option turned on and let us know the results?

    Do not look only secure roads, after you activate that option try to send real traffic to the public IP address.

    Daniel Moreno

    Please note any workstation that will be useful

  • 25.0A1 Nightly of Firefox (on Linux) - proxy (SOCKS) does not work

    Hello

    I am using SSH tunnels to create a SOCKS proxy. When I used Firefox 23 it works fine, when I use a recent version of every night, don't worry. I use an add-on of FoxyProxy normally, but I tried to turn it off completely and use the proxy settings internal (SOCKS, localhost, 6789) then it does not work either.

    I understand, you may need more detailed information, but please specify what information you require.

    Thanks for your help

    I'm really sorry, I have some additional info

    I tried to run every night in safe mode and manually set the SOCKS proxy and it works as assumed.

    In this case, it might be a problem with the addon code

  • This device does not work properly because Windows cannot load the drivers required for this device. (Code 31)

    Original title: this device does not work properly because Windows cannot load the drivers required for this device. (Code 31) in graphics AMD - 8151 HyperTransport (MC) AGP3.0 Tunnel

    This device does not work properly because Windows cannot load the drivers required for this device. (Code 31) in the graphics AMD - 8151 HyperTransport (MC) AGP3.0 Tunnel, what do I do to fix this help please.

    Jake

    Hey Jake,

    Follow these methods.

    Method 1: Follow these steps:

    (a) restart your computer if you have not already done so. There is always the possibility that the error Code 31 that you see was caused by a temporary problem with Device Manager. If so, a simple reboot can solve the Code 31.

    (b) have you install a device or a change in the Device Manager, just as the Code 31 error appeared? If so, it is very possible that the modification caused the Code 31 error.

    (c) cancel the change if you can restart the computer and then check again the error Code 31. Depending on the changes, some solutions may include:

    Remove or reconfigure newly installed unit.

    Restore a version prior to updating the driver.

    Use system restore to undo the Device Manager recent related changes.

    http://Windows.Microsoft.com/en-us/Windows-Vista/system-restore-frequently-asked-questions

    (d) to remove the registry values filters upper and lower. A common cause of errors in Code 31 is the corruption of two registry values in the class of the CD-ROM/DVD-ROM drive registry key.

    Note: This section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following link. http://Windows.Microsoft.com/en-us/Windows-Vista/back-up-the-registry

    Method 2: Update the latest graphic drivers.

    Updated a hardware driver that is not working properly

    http://Windows.Microsoft.com/en-us/Windows-Vista/update-a-driver-for-hardware-that-isn ' t-work correctly

  • Application does not work without wifi connection

    Hello I have a problem with the http connection

    my code is

    public class HttpConnectionFactory
    {
    
        /**
         * Specifies that only wifi should be used
         */
        public static final int TRANSPORT_WIFI = 1;
    
        /**
         * Specifies that only BES (also known as MDS or corporate servers)
         */
        public static final int TRANSPORT_BES = 2;
    
        /**
         * Specifies that only BIS should be used (Basically RIM hosted BES)
         */
        public static final int TRANSPORT_BIS = 4;
    
        /**
         * Specifies that TCP should be used (carrier transport)
         */
        public static final int TRANSPORT_DIRECT_TCP = 8;
    
        /**
         * Specifies that WAP2 should be used (carrier transport)
         */
        public static final int TRANSPORT_WAP2 = 16;
    
        /**
         * Equivalent to: TRANSPORT_WIFI | TRANSPORT_BES | TRANSPORT_BIS |
         * TRANSPORT_DIRECT_TCP | TRANSPORT_WAP2
         */
        public static final int TRANSPORTS_ANY = TRANSPORT_WIFI | TRANSPORT_BES
                | TRANSPORT_BIS | TRANSPORT_DIRECT_TCP | TRANSPORT_WAP2;
    
        /**
         * Equivalent to: TRANSPORT_WIFI | TRANSPORT_BES | TRANSPORT_BIS
         */
        public static final int TRANSPORTS_AVOID_CARRIER = TRANSPORT_WIFI
                | TRANSPORT_BES | TRANSPORT_BIS;
    
        /**
         * Equivalent to: TRANSPORT_DIRECT_TCP | TRANSPORT_WAP2
         */
        public static final int TRANSPORTS_CARRIER_ONLY = TRANSPORT_DIRECT_TCP
                | TRANSPORT_WAP2;
    
        /**
         * The default order in which selected transports will be attempted
         *
         */
        public static final int DEFAULT_TRANSPORT_ORDER[] = { // TRANSPORT_DIRECT_TCP
        // ,TRANSPORT_WAP2
                TRANSPORT_WIFI,
                // TRANSPORT_BES, TRANSPORT_BIS,
                // TRANSPORT_WAP2,
                TRANSPORT_DIRECT_TCP };
    
        private static final int TRANSPORT_COUNT = DEFAULT_TRANSPORT_ORDER.length;
    
        private static ServiceRecord srMDS[], srBIS[], srWAP2[], srWiFi[];
        private static boolean serviceRecordsLoaded = false;
    
        private int curIndex = 0;
        private int curSubIndex = 0;
        // private String url;
        private final String extraParameters;
        private final int transports[];
        private int lastTransport = 0;
    
        /**
         * Equivalent to
         * HttpConnectionFactory( url, null, HttpConnectionFactory.DEFAULT_TRANSPORT_ORDER )
         *
         * @see #HttpConnectionFactory(String, String, int[])
         * @param url
         *            See {@link #HttpConnectionFactory(String, String, int[])}
         */
        public HttpConnectionFactory() {
            this(null, 0);
        }
    
        /**
         * Equivalent to
         * HttpConnectionFactory( url, null, allowedTransports )
         *
         * @see #HttpConnectionFactory(String, String, int)
         * @param url
         *            See {@link #HttpConnectionFactory(String, String, int)}
         * @param allowedTransports
         *            See {@link #HttpConnectionFactory(String, String, int)}
         */
        public HttpConnectionFactory(int allowedTransports) {
            this(null, allowedTransports);
        }
        public HttpConnectionFactory(int transportPriority[]) {
            this(null, transportPriority);
        }
    
        public HttpConnectionFactory(String extraParameters, int allowedTransports) {
            this(extraParameters, transportMaskToArray(allowedTransports));
        }
        public HttpConnectionFactory(String extraParameters,
                int transportPriority[]) {
            if (!serviceRecordsLoaded) {
                loadServiceBooks(false);
            }
            //
            // if (url == null) {
            // throw new IllegalArgumentException("Null URL passed in");
            // }
            // if (!url.toLowerCase().startsWith("http")) {
            // throw new IllegalArgumentException("URL not http or https");
            // }
            //
            // this.url = url;
            this.extraParameters = extraParameters;
            transports = transportPriority;
        }
        public Connection getNextConnection(String url)
                throws NoMoreTransportsException {
            Connection con = null;
            int countsWap = 0;
            int countsBis = 0;
            int countsBes = 0;
            int curTransport = 0;
            while (con == null && curIndex < transports.length) {
                System.out.println("con=" + con + " curid=" + curIndex);
                curTransport = transports[curIndex];
                switch (curTransport) {
                case TRANSPORT_WIFI:
                    curIndex++;
                    curSubIndex = 0;
                    try {
                        con = getWifiConnection(url);
                    } catch (Exception e) {
                    }
                    break;
                case TRANSPORT_BES:
                    curIndex++;
                    curSubIndex = 0;
                    try {
                        if (countsBes > 3) {
                            throw new NoMoreTransportsException();
                        }
                        con = getBesConnection(url);
                        countsBes++;
                    } catch (Exception e) {
                    }
                    break;
                case TRANSPORT_BIS:
                    while (con == null) {
                        try {
                            if (countsBis > 3) {
                                throw new NoMoreTransportsException();
                            }
                            con = getBisConnection(url, curSubIndex);
                            countsBis++;
                        } catch (NoMoreTransportsException e) {
                            curIndex++;
                            curSubIndex = 0;
                            break;
                        } catch (Exception e) {
                        }
                    }
                    break;
                case TRANSPORT_DIRECT_TCP:
                    curIndex++;
                    try {
                        con = getTcpConnection(url);
                    } catch (Exception e) {
                    }
                    break;
                case TRANSPORT_WAP2:
                    while (con == null)
                    {
                        // try {
                        // if (countsWap > 3) {
                        // throw new NoMoreTransportsException();
                        // }
                        // // con = getWap2Connection(url, curSubIndex);
                        // countsWap++;
                        // } catch (NoMoreTransportsException e) {
                        // curIndex++;
                        // curSubIndex = 0;
                        // break;
                        // } catch (Exception e) {
                        // }
                    }
                    break;
                }
            }
            if (con == null) {
                throw new NoMoreTransportsException();
            }
    
            lastTransport = curTransport;
            return con;
        }
    
        public Connection getCurrentConnection(String url)
                throws NoMoreTransportsException {
            Connection con = null;
            switch (lastTransport) {
            case TRANSPORT_WIFI:
                try {
                    con = getWifiConnection(url);
                } catch (Exception e) {
                }
                break;
            case TRANSPORT_BES:
                try {
                    con = getBesConnection(url);
                } catch (Exception e) {
                }
                break;
            case TRANSPORT_BIS:
                while (con == null) {
                    try {
                        con = getBisConnection(url, curSubIndex);
                    } catch (NoMoreTransportsException e) {
                        break;
                    } catch (Exception e) {
                    }
                }
                break;
            case TRANSPORT_DIRECT_TCP:
                try {
                    con = getTcpConnection(url);
                } catch (Exception e) {
                }
                break;
            case TRANSPORT_WAP2:
                while (con == null) {
                    try {
                        con = getWap2Connection(url, curSubIndex);
                        System.out.println("" + con);
                    } catch (NoMoreTransportsException e) {
                        break;
                    } catch (Exception e) {
                    }
                }
                break;
            }
    
            return con;
        }
    
        /**
         * Returns the transport used in the connection last returned via
         * {@link #getNextConnection()}
         *
         * @return the transport used in the connection last returned via
         *         {@link #getNextConnection()} or 0 if none
         */
        public int getLastTransport() {
            return lastTransport;
        }
    
        /**
         * Generates a connection using the BIS transport if available
         *
         * @param index
         *            The index of the service book to use
         * @return An {@link HttpConnection} if this transport is available,
         *         otherwise null
         * @throws NoMoreTransportsException
         * @throws IOException
         *             throws exceptions generated by {@link getConnection( String
         *             transportExtras1, String transportExtras2 )}
         */
        private Connection getBisConnection(String url, int index)
                throws NoMoreTransportsException, IOException {
            System.out.println("BIS Try");
            if (index >= srBIS.length) {
                throw new NoMoreTransportsException("Out of BIS transports");
            }
            ServiceRecord sr = srBIS[index];
            return getConnection(url, ";deviceside=false;connectionUID=", sr
                    .getUid());
        }
    
        /**
         * Generates a connection using the BES transport if available
         *
         * @return An {@link HttpConnection} if this transport is available,
         *         otherwise null
         * @throws IOException
         *             throws exceptions generated by {@link getConnection( String
         *             transportExtras1, String transportExtras2 )}
         */
        private Connection getBesConnection(String url) throws IOException {
            System.out.println("BES try");
            if (CoverageInfo.isCoverageSufficient(CoverageInfo.COVERAGE_MDS)) {
                return getConnection(url, ";deviceside=false", null);
            }
            return null;
        }
    
        /**
         * Generates a connection using the WIFI transport if available
         *
         * @return An {@link HttpConnection} if this transport is available,
         *         otherwise null
         * @throws IOException
         *             throws exceptions generated by {@link getConnection( String
         *             transportExtras1, String transportExtras2 )}
         */
        private Connection getWifiConnection(String url) throws IOException {
            System.out.println("wifi try");
            // if (RadioInfo.areWAFsSupported(RadioInfo.WAF_WLAN)
            // && (RadioInfo.getActiveWAFs() & RadioInfo.WAF_WLAN) != 0
            // && CoverageInfo.isCoverageSufficient(1 /*
            // * CoverageInfo.COVERAGE_DIRECT
            // */,
            // RadioInfo.WAF_WLAN, false)) {
            //
            // return getConnection(";deviceside=true;interface=wifi", null);
            // // return getConnection(";deviceside=true;interface=wifi", null);
            //
            // }
            // !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
            if (WLANInfo.getWLANState() == WLANInfo.WLAN_STATE_CONNECTED
                    && srWiFi.length > 0) {
                return getConnection(url, ";interface=wifi", null);
            }
            return null;
        }
    
        /**
         * Generates a connection using the WAP2 transport if available
         *
         * @param index
         *            The index of the service book to use
         * @return An {@link HttpConnection} if this transport is available,
         *         otherwise null
         * @throws NoMoreTransportsException
         *             if index is outside the range of available service books
         * @throws IOException
         *             throws exceptions generated by {@link getConnection( String
         *             transportExtras1, String transportExtras2 )}
         */
        private Connection getWap2Connection(String url, int index)
                throws NoMoreTransportsException, IOException {
            System.out.println("WAP2 try");
            if (index >= srWAP2.length) {
                throw new NoMoreTransportsException("Out of WAP2 transports");
            }
            if (CoverageInfo
                    .isCoverageSufficient(1 /* CoverageInfo.COVERAGE_DIRECT */)) {
                ServiceRecord sr = srWAP2[index];
                return getConnection(url, ";ConnectionUID=", sr.getUid());
            }
            return null;
        }
    
        /**
         * Generates a connection using the TCP transport if available
         *
         * @return An {@link HttpConnection} if this transport is available,
         *         otherwise null
         * @throws IOException
         *             throws exceptions generated by {@link getConnection( String
         *             transportExtras1, String transportExtras2 )}
         */
        private Connection getTcpConnection(String url) throws IOException {
            System.out.println("direct try");
            if (CoverageInfo
                    .isCoverageSufficient(1 /* CoverageInfo.COVERAGE_DIRECT */)) {
                String extraParameter = null;
                if (!DeviceInfo.isSimulator()) {
                    url = url + ";deviceside=true";
                }
    
                return getConnection(url, null, null);
                // ";deviceside=true", null);
            }
            return null;
        }
    
        /**
         * Utility method for actually getting a connection using whatever transport
         * arguments the transport may need
         *
         * @param transportExtras1
         *            If not null will be concatenated onto the end of the
         *            {@link url}
         * @param transportExtras2
         *            If not null will be concatenated onto the end of {@link url}
         *            after transportExtras1
         * @return An {@link HttpConnection} built using the url and transport
         *         settings provided
         * @throws IOException
         *             any exceptions thrown by {@link Connector.open( String name
         *             )}
         */
        private Connection getConnection(String url, String transportExtras1,
                String transportExtras2) throws IOException {
            StringBuffer fullUrl = new StringBuffer();
            fullUrl.append(url);
            if (transportExtras1 != null) {
                fullUrl.append(transportExtras1);
            }
            if (transportExtras2 != null) {
                fullUrl.append(transportExtras2);
            }
            if (extraParameters != null) {
                fullUrl.append(extraParameters);
            }
            // fullUrl.append(";ConnectionTimeout=5000");
            System.out.println(fullUrl.toString());
            return Connector.open(fullUrl.toString(), Connector.READ_WRITE, true);
        }
    
        /**
         * Public method used to reload service books for whatever reason (though I
         * can't think of any)
         */
        public static void reloadServiceBooks() {
            loadServiceBooks(true);
        }
    
        /**
         * Loads all pertinent service books into local variables for later use.
         * Called upon first instantiation of the class and upload {@link
         * reloadServiceBooks()}
         *
         * @param reload
         *            Whether to force a reload even if they've already been loaded.
         */
        private static synchronized void loadServiceBooks(boolean reload) {
            if (serviceRecordsLoaded && !reload) {
                return;
            }
            ServiceBook sb = ServiceBook.getSB();
            ServiceRecord[] records = sb.getRecords();
            Vector mdsVec = new Vector();
            Vector bisVec = new Vector();
            Vector wap2Vec = new Vector();
            Vector wifiVec = new Vector();
    
            if (!serviceRecordsLoaded) {
                for (int i = 0; i < records.length; i++) {
                    ServiceRecord myRecord = records[i];
                    String cid, uid;
                    // sometimes service record is disabled but works
                    if (myRecord.isValid() /* && !myRecord.isDisabled() */) {
                        cid = myRecord.getCid().toLowerCase();
                        uid = myRecord.getUid().toLowerCase();
                        // BIS
                        if (cid.indexOf("ippp") != -1 && uid.indexOf("gpmds") != -1) {
                            bisVec.addElement(myRecord);
                        }
                        // WAP1.0: Not implemented.
    
                        // BES
                        if (cid.indexOf("ippp") != -1 && uid.indexOf("gpmds") == -1) {
                            mdsVec.addElement(myRecord);
                        }
                        // WiFi
                        if (cid.indexOf("wptcp") != -1 && uid.indexOf("wifi") != -1) {
                            wifiVec.addElement(myRecord);
                        }
                        // Wap2
                        if (cid.indexOf("wptcp") != -1 && uid.indexOf("wap2") != -1) {
                            wap2Vec.addElement(myRecord);
                        }
                    }
                }
                srMDS = new ServiceRecord[mdsVec.size()];
                mdsVec.copyInto(srMDS);
                mdsVec.removeAllElements();
                mdsVec = null;
    
                srBIS = new ServiceRecord[bisVec.size()];
                bisVec.copyInto(srBIS);
                bisVec.removeAllElements();
                bisVec = null;
    
                srWAP2 = new ServiceRecord[wap2Vec.size()];
                wap2Vec.copyInto(srWAP2);
                wap2Vec.removeAllElements();
                wap2Vec = null;
    
                srWiFi = new ServiceRecord[wifiVec.size()];
                wifiVec.copyInto(srWiFi);
                wifiVec.removeAllElements();
                wifiVec = null;
    
                serviceRecordsLoaded = true;
            }
        }
    
        /**
         * Utility methd for converting a mask of transports into an array of
         * transports in default order
         *
         * @param mask
         *            ORed collection of masks, example:
         *            TRANSPORT_WIFI | TRANSPORT_BES
         * @return an array of the transports specified in mask in default order,
         *         example: { TRANSPORT_WIFI, TRANSPORT_BES }
         */
        private static int[] transportMaskToArray(int mask) {
            if (mask == 0) {
                mask = TRANSPORTS_ANY;
            }
            int numTransports = 0;
            for (int i = 0; i < TRANSPORT_COUNT; i++) {
                if ((DEFAULT_TRANSPORT_ORDER[i] & mask) != 0) {
                    numTransports++;
                }
            }
            int transports[] = new int[numTransports];
            int index = 0;
            for (int i = 0; i < TRANSPORT_COUNT; i++) {
                if ((DEFAULT_TRANSPORT_ORDER[i] & mask) != 0) {
                    transports[index++] = DEFAULT_TRANSPORT_ORDER[i];
                }
            }
            return transports;
        }
    }
    

    HIII, I use this class to call http to the server, but each time that gives the error No more TransportsException
    application only works on wifi
    I try both GET and POST nothing worked

    device: = 8520 os 5.0
    BIS service provider:-vodaphone plan 15/day
    in that gtalk and facebook works fine

    also I test this app in Arabic countries it also does not work

    ------------------------------after i am test using ---------------------------------------------
    networkDignostic link:- http://supportforums.blackberry.com/t5/Java-Development/What-Is-Network-API-alternative-for-legacy-O...

    use networkDignostic to test the available transport connection

    Here is the result

    The Radio Signal level:-81 dBm
    WIFI Signal level: No coverage
    Network name: Vodafone in
    Network type: GPRS
    Network services: data + EDGE + voice
    PIN: 27F03947
    Battery: 81%
    = End of network Info =.
    Transport: by default (HTTP GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: http://www.google.ca:80 /
    Journal:

    Login to http://www.google.ca:80 /
    Opening connection...
    Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
    = END OF LOG =.

    Transport: by default (Socket GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: socket: / /www.google.ca:80
    Journal:

    Connecting to a socket: / /www.google.ca:80
    Opening connection...
    Error: java.io.IOException: invalid url parameter.
    = END OF LOG =.

    Transport: by default (HTTP POST)
    Result: failure
    Answer:-1
    Length:-1
    URL: http://www.google.ca:80 /
    Journal:

    Login to http://www.google.ca:80 /
    Opening connection...
    Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
    = END OF LOG =.

    Transport: By default (POST plug)
    Result: failure
    Answer:-1
    Length:-1
    URL: socket: / /www.google.ca:80
    Journal:

    Connecting to a socket: / /www.google.ca:80
    Opening connection...
    Error: java.io.IOException: invalid url parameter.
    = END OF LOG =.

    Transport: TCP cellular (HTTP GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: http://www.google.ca:80 /; deviceside = true
    Journal:

    Login to http://www.google.ca:80 /; deviceside = true
    Opening connection...
    Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
    = END OF LOG =.

    Transport: TCP cell (Socket GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: socket: / /www.google.ca:80; deviceside = true
    Journal:

    Connecting to a socket: / /www.google.ca:80; deviceside = true
    Opening connection...
    Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
    = END OF LOG =.

    Transport: TCP cellular (HTTP POST)
    Result: failure
    Answer:-1
    Length:-1
    URL: http://www.google.ca:80 /; deviceside = true
    Journal:

    Login to http://www.google.ca:80 /; deviceside = true
    Opening connection...
    Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
    = END OF LOG =.

    Transport: TCP cell (POST plug)
    Result: failure
    Answer:-1
    Length:-1
    URL: socket: / /www.google.ca:80; deviceside = true
    Journal:

    Connecting to a socket: / /www.google.ca:80; deviceside = true
    Opening connection...
    Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
    = END OF LOG =.

    Transport: MDS (HTTP GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: no MDS do not service records found.
    Ignored test: coverage of SDM is not available

    Transport: MDS (Socket GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: no MDS do not service records found.
    Ignored test: coverage of SDM is not available

    Transport: MDS (HTTP POST)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: no MDS do not service records found.
    Ignored test: coverage of SDM is not available

    Transport: MDS (POST plug)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: no MDS do not service records found.
    Ignored test: coverage of SDM is not available

    Transport: BIS - B (HTTP GET)
    Result: pass
    Answer: 200
    Length:-1
    URL: http://www.google.ca:80 /; deviceside = false; ConnectionType = m * s - pub *
    Journal:

    Login to http://www.google.ca:80 /; * only given to the RIM ISV partners.
    Opening connection...
    Open connection
    Definition of the properties of application...
    Host: www.google.ca
    User-Agent: Mozilla/4.0
    Connection: close
    Get the response code...
    Response code: 200
    Got the content length:-1 bytes
    Downloading content...
    Download time: 3,034 seconds
    Downloaded: 37943 bytes
    Closes the connection...
    Connection closed
    = END OF LOG =.

    Transport: BIS - B (Socket GET)
    Result: pass
    Answer: 200
    Length: 38696
    URL: socket: / /www.google.ca:80; deviceside = false; ConnectionType = m * s - could * c
    Journal:

    Connecting to a socket: / /www.google.ca:80; * only given to the RIM ISV partners.
    Opening connection...
    Open connection
    Send GET request:
    "GET / HTTP/1.1".
    Host: www.google.ca
    User-Agent: Mozilla/4.0
    Connection: close

    "
    Downloading content...
    Download time: 2,397 seconds
    Downloaded: 38696 bytes
    Closing connection
    Connection closed
    = END OF LOG =.

    Transport: BIS - B (HTTP POST)
    Result: failure
    Answer: 405
    Length: 959
    URL: http://www.google.ca:80 /; deviceside = false; ConnectionType = m * s - p * ic
    Journal:

    Login to http://www.google.ca:80 /; * only given to the RIM ISV partners.
    Opening connection...
    Open connection
    Request method POST value
    Definition of the properties of application...
    Host: www.google.ca
    Content-Length: 1500
    Content-Type: application/octet-stream
    User-Agent: Mozilla/4.0
    Connection: close
    Display of 1 500 bytes...
    Posted 1 500 bytes
    Get the response code...
    Response code: 405
    Got the content length: 959 bytes
    Downloading content...
    Download time: 1,044 seconds
    Downloaded: 959 bytes
    Closing connection
    Connection closed
    = END OF LOG =.

    Transport: BIS - B (POST plug)
    Result: failure
    Answer: 405
    Length: 1204
    URL: socket: / /www.google.ca:80; deviceside = false; ConnectionType = m * Pei * li *
    Journal:

    Connecting to a socket: / /www.google.ca:80; * only given to the RIM ISV partners.
    Opening connection...
    Open connection
    Definition of the properties of application...
    Envoy POST request:
    "POST / HTTP/1.1".
    Host: www.google.ca
    Content-Length: 1500
    Content-Type: application/octet-stream
    User-Agent: Mozilla/4.0
    Connection: close

    "
    Display of 1 500 bytes...
    Posted 1 500 bytes
    Downloading content...
    Download time: 2,041 seconds
    Downloaded: 1204 bytes
    Closing connection
    Connection closed
    = END OF LOG =.

    Transport: WAP (HTTP GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: no WAP do not service records found.
    Ignored test: coverage WAP is not available
    Ignored test: Please provide IP and APN WAP

    Transport: WAP (Socket GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: no WAP do not service records found.
    Ignored test: coverage WAP is not available
    Ignored test: Please provide IP and APN WAP

    Transport: WAP (HTTP POST)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: no WAP do not service records found.
    Ignored test: coverage WAP is not available
    Ignored test: Please provide IP and APN WAP

    Transport: WAP (POST plug)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: no WAP do not service records found.
    Ignored test: coverage WAP is not available
    Ignored test: Please provide IP and APN WAP

    Transport: WAP2 (HTTP GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: http://www.google.ca:80 /; deviceside = true; ConnectionUID = WAP2 trans
    Journal:

    Connection http://www.google.ca:80 /; deviceside = true; ConnectionUID = WAP2 trans
    Opening connection...
    Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
    = END OF LOG =.

    Transport: WAP2 (socket GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: socket: / /www.google.ca:80; deviceside = true; ConnectionUID = WAP2 trans
    Journal:

    Connecting to a socket: / /www.google.ca:80; deviceside = true; ConnectionUID = WAP2 trans
    Opening connection...
    Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
    = END OF LOG =.

    Transport: WAP2 (HTTP POST)
    Result: failure
    Answer:-1
    Length:-1
    URL: http://www.google.ca:80 /; deviceside = true; ConnectionUID = WAP2 trans
    Journal:

    Connection http://www.google.ca:80 /; deviceside = true; ConnectionUID = WAP2 trans
    Opening connection...
    Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
    = END OF LOG =.

    Transport: WAP2 (POST plug)
    Result: failure
    Answer:-1
    Length:-1
    URL: socket: / /www.google.ca:80; deviceside = true; ConnectionUID = WAP2 trans
    Journal:

    Connecting to a socket: / /www.google.ca:80; deviceside = true; ConnectionUID = WAP2 trans
    Opening connection...
    Error: net.rim.device.internal.io.CriticalIOException: failed criticism tunnel
    = END OF LOG =.

    Transport: WiFi (HTTP GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: WiFi coverage is not available

    Transport: WiFi (Socket GET)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: WiFi coverage is not available

    Transport: WiFi (HTTP POST)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: WiFi coverage is not available

    Transport: WiFi (POST plug)
    Result: failure
    Answer:-1
    Length:-1
    URL: Not available url
    Journal:

    Ignored test: WiFi coverage is not available

    Thank you peter and jovinz

    I think I have problem in httpconnectionfactory with several url parameter, as peter says

    so now I have usr post url as the code below

       public static void CheckConnection()
        {
            HttpConnection hc=null;
            try
            {
                //Wifi Connection
                if ( (WLANInfo.getWLANState() == WLANInfo.WLAN_STATE_CONNECTED) && RadioInfo.areWAFsSupported(RadioInfo.WAF_WLAN))
                {
                    ConstantData.postURL=";interface=wifi";
                    return;
                }
                //for BES or MDS Connection
                if(CoverageInfo.isCoverageSufficient(CoverageInfo.COVERAGE_MDS))
                {
                    boolean connectionFlag=false;
                    String post_url;
    
                    //for BES Connections
                    post_url="";
                    try
                    {
                        hc = (HttpConnection) Connector.open("http://www.rim.com"+post_url,Connector.READ_WRITE);
                        if(hc.getResponseCode()==HttpConnection.HTTP_OK)
                        {
                            connectionFlag=true;
                            ConstantData.postURL=post_url;
                            return;
                        }
                        if(hc!=null)
                            hc.close();
                    }
                    catch (Exception e)
                    {
                        System.out.println(e.toString());
                        connectionFlag=false;
                    }
                    //for MDS Connection
                    if(!connectionFlag)
                    {
                        try
                        {
                            post_url = ";deviceside=false";
                            hc = (HttpConnection) Connector.open("http://www.rim.com"+post_url);
                            if(hc.getResponseCode()==HttpConnection.HTTP_OK)
                            {
                                ConstantData.postURL=post_url;
                                return;
                            }
                            if(hc!=null)
                                hc.close();
                        }
                        catch (Exception e)
                        {
                            System.out.println(e.toString());
                        }
                    }
                }
                //for BIS Connection
                if(CoverageInfo.isCoverageSufficient(CoverageInfo.COVERAGE_BIS_B))
                {
                    //BIS Connection
                    String post_url = ";deviceside=false;ConnectionType=m**-pu***c";
                    try
                    {
                        hc = (HttpConnection) Connector.open("http://www.rim.com"+post_url);//Connector.READ_WRITE
                        if(hc.getResponseCode()==HttpConnection.HTTP_OK)
                        {
                            ConstantData.postURL=post_url;
                            return;
                        }
                        if(hc!=null)
                            hc.close();
                    }
                    catch (Exception e)
                    {
                        System.out.println(e.toString());
                    }
                }
                //for WAP Connection
                if(CoverageInfo.isCoverageSufficient(CoverageInfo.COVERAGE_DIRECT))
                {               //for WAP Connection
                    String post_url = null;
                    ServiceBook sb = ServiceBook.getSB();
                    ServiceRecord[] records = sb.findRecordsByCid("WPTCP");
                    String uid = null;
                    boolean connectionFlag=false;
                    for(int i=0; i < records.length; i++)
                    {
                        if (records[i].isValid() && !records[i].isDisabled())
                        {
                            if (records[i].getUid() != null && records[i].getUid().length() != 0)
                            {
                                if ((records[i].getUid().toLowerCase().indexOf("wifi") == -1) &&
                                        (records[i].getUid().toLowerCase().indexOf("mms") == -1))
                                {
                                    uid = records[i].getUid();
                                    break;
                                }
                            }
                        }
                    }
                    if (uid != null)
                    {
                        post_url= ";deviceside=true;ConnectionUID=" + uid;
                    }
                    try
                    {
                        hc = (HttpConnection) Connector.open("http://www.rim.com"+post_url);
                        if(hc.getResponseCode()==HttpConnection.HTTP_OK)
                        {
                            connectionFlag=true;
                            ConstantData.postURL=post_url;
                            return;
                        }
                        if(hc!=null)
                            hc.close();
                    }
                    catch (Exception e)
                    {               System.out.println(e.toString());
                    connectionFlag=false;
                    }
                    if(!connectionFlag)
                    {
                        post_url=";deviceside=true;apn=blackberry.net";
                        try
                        {
                            hc = (HttpConnection) Connector.open("http://www.rim.com"+post_url);
                            if(hc.getResponseCode()==HttpConnection.HTTP_OK)
                            {
                                ConstantData.postURL=post_url;
                                return;
                            }
                            if(hc!=null)
                                hc.close();
                        }
                        catch (Exception e)
                        {
                            System.out.println(e.toString());
                        }
                    }}
            }
            catch (Exception e)
            {
    
                e.printStackTrace();
            }
            finally
            {
                try
                {
                    if(hc!=null)
                        hc.close();
                } catch (IOException e) {
                    System.out.println(e.toString());
                    e.printStackTrace();
                }
            }
    
        }
    

    so now its works on WAP2, BIS and the WIFi works fine

    the first issue of priority celluler TCP post code is also more WAP2 then

    Thus, each transport time select TCP when BIS, WIFI not presend and need for apn

    in any case, once again, thank you Peter and demo tools network dignostic is awasome...

  • Group-lock does not work

    Hello

    I enabled the functionality of group-lock on a group of C2L VPN but the ASA does not add the tunnel-group-name value in the RADIUS packet sent to the server for authorization.

    In the past, I used the function of locking-group several times without problem. This is the first time, it does not work and I wonder if it can depends on the old version of asa that I use (8.6.1(2)).

    Here the conf and the asa debug all the RADIUS:

    Configuration:

    attributes of Group Policy Network_Users
    value x.x.x.x DNS server
    Ikev1 VPN-tunnel-Protocol
    value of group-lock Network_Users
    VLAN 24

    Debug RADIUS all the:

    RADIUS packet decode (authentication request)

    --------------------------------------
    Data of raw packets (length = 156)...
    01 cb 00 9 c 97 84 6 d 33 f0 69 ee 8f 1 c 25 a2 fa |  ......m.3.i...%.
    AB 08 a1 c6 0 01 a 78 30 31 35 35 36 32 33 02 12 |  ... xxxxxxxx...
    14 80 52 4 a 72 0e e5 a1 69 d6 ee d3 d3 b9 67 0a |  .. RJr... i...g
    05 06 8 b 20 00 06 06 00 00 00 02 07 06 00 00 c0 |  ... ............
    00 01 0e 1e 2e 2e 35 39 37 31 35 39 2nd 32 32 30.  ... x.x.x.x
    0f 1F 39 2e 2e 34 33 37 32 34 38 2 32 30 32 3d |  .. 94.37.248.202 =.
    06 00 00 00 05 42 39 2e 0f 34 33 37 2nd 32 34 38 |  ..... B.94.37.248
    2nd 32 30 32 04 06 16 05 21 1 a 22 00 00 00 09 ac |  . 202...! » ....
    1 01 c 69 70 3A 6f 73 75 72 63 65 69 70 39 3d 2d |  .. IP:Source - ip = 9
    2E 2e 34 33 37 32 34 38 2 32 30 32 |  4.37.248.202

    Packet analyzed data...
    RADIUS: Code = 1 (0x01)
    RADIUS: Identifier = 203 (0xCB)
    RADIUS: Length = 156 (0x009C)
    RADIUS: Vector: 97846DA233F069EE8F1C25FAAB08A1C6
    RADIUS: Type = 1 (0x01) - user name
    RADIUS: Length = 10 (0x0A)
    RADIUS: Value (String) =
    78 30 31 35 35 36 32 33 |  xxxxxxxx
    RADIUS: Type = 2 (0x02) username-password
    RADIUS: Length = 18 (0x12)
    RADIUS: Value (String) =
    14 80 52 4 a 72 0e e5 a1 69 d6 ee d3 d3 b9 67 0a |  .. RJr... I have... g
    RADIUS: Type = 5 (0x05) NAS-Port
    RADIUS: Length = 6 (0x06)
    RADIUS: Value (Hex) = 0x8B20C000
    RADIUS: Type = 6 Type of Service (0x06)
    RADIUS: Length = 6 (0x06)
    RADIUS: Value (Hex) = 0x2
    RADIUS: Type = 7 (0x07) Framed-Protocol
    RADIUS: Length = 6 (0x06)
    RADIUS: Value (Hex) = 0x1
    RADIUS: Type = 30 (0x1E) Called-Station-Id
    RADIUS: Length = 14 (0x0E)
    RADIUS: Value (String) =
    2nd 2nd 35 39 37 31 35 39 2nd 32 32 30.  x.x.x.x
    RADIUS: Type = 31 (0x1F) Calling-Station-Id
    RADIUS: Length = 15 (0x0F)
    RADIUS: Value (String) =
    39 2e 2e 34 33 37 32 34 38 2 32 30 32 |  94.37.248.202
    RADIUS: Type = 61 (0x3D) NAS-Port-Type
    RADIUS: Length = 6 (0x06)
    RADIUS: Value (Hex) = 0x5
    RADIUS: Type = 66 Tunnel-Client-Endpoint (0x42)
    RADIUS: Length = 15 (0x0F)
    RADIUS: Value (String) =
    39 2e 2e 34 33 37 32 34 38 2 32 30 32 |  94.37.248.202
    RADIUS: Type = 4 NAS-IP-Address (0x04)
    RADIUS: Length = 6 (0x06)
    RADIUS: Value (IP address) = 172.22.5.33 (0xAC160521)
    RADIUS: Type = 26 (0x1A) vendor-specific
    RADIUS: Length = 34 (0 x 22)
    RADIUS: Vendor ID = 9 (0 x 00000009)
    RADIUS: Type = 1 (0x01) Cisco-AV-pair
    RADIUS: Length = 28 (0x1C)
    RADIUS: Value (String) =
    69 70 3A 6f 73 75 72 63 65 69 70 39 34 2nd 3d 2d is |  IP:Source - ip = 94.
    2e 33 37 32 34 38 2 32 30 32 |  37.248.202
    Send 172.22.39.1/1812 pkt
    RADIUS_SENT:Server response time
    Ray mkreq: 0x1a6
    alloc_rip 0x00007ffec924aa48
    new application 0x1a6--> 204 (0x00007ffec924aa48)
    obtained the user 'xxxxxxxx '.
    has obtained the password
    add_req 0x00007ffec924aa48 session 0x1a6 204 id
    RADIUS_DELETE
    remove_req 0x00007ffec9249ec0 0x1a5 203 session id
    free_rip 0x00007ffec9249ec0
    RADIUS_REQUEST
    RADIUS.c: rad_mkpkt
    rad_mkpkt: ip:source - ip = 94.37.248.202

    RADIUS packet decode (authentication request)

    As mentioned previously, the package does not contain the ID 146 Tunnel-Group-Name typically added when the group-lock has been activated. I'm talking about this:

    RADIUS: Type = 26 (0x1A) vendor-specific
    RADIUS: Length = 32 (0x20)
    RADIUS: Vendor ID = 3076 (0x00000C04)

    RADIUS: Type = 146 (0 x 92) - Tunnel-group name
    RADIUS: Length = 26 (0x1A)
    RADIUS: Value (String) =
    54 45 5f 4 c 56 50 4th 5f 49 6e 74 72 61 6 65 74 |  Network_Users
    RADIUS: Type = 26 (0x1A) vendor-specific
    RADIUS: Length = 12 (0x0C)
    RADIUS: Vendor ID = 3076 (0x00000C04)
    RADIUS: Type = 150 (0 x 96) Client-Type
    RADIUS: Length = 6 (0x06)
    RADIUS: Value (integer) = 1 (0x0001)

    Thank you

    Maurizio

    I wonder if your problem is related to this bug:

    CSCsw31922

    Maybe upgrade to 8.6.1(5) or later will solve the problem.

    --

    Please do not forget to select a correct answer and rate useful posts

Maybe you are looking for

  • HDMI to Vga 2015 Mac

    I have a macbook pro with the retina display 2015. I have a vga screen and a hdmi adapter. Whenever I connect the Hdmi adapter on my mac and plug on my screen of my Mac screen to him becomes black and it does not work. Can someone please give me a so

  • AppleScript for recover data from Spotlight

    Here's a challenge for you all... Projector in El Capitan can provide much more information, i.e. weather, sports scores and so on. Now, I already have an AppleScript script that allows the user to enter something, and then it will call Spotlight and

  • Unavailable newsgroup

    Our office on Mac, we use Messages and the Bonjour service to discuss among themselves.  We have a mix of users Yosemite and El Capitan.  I'm trying to set up some groups, but if I try to send a message to multiple users, their names turns red and gi

  • WLC 2504 max AP support

    Hi all Anyone know what is the maximum number of points of access supported by Cisco 2504 WLC? According to the data sheet's 75: http://www.Cisco.com/en/us/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html But according to the

  • IAM trying to install Adobe In Design CS2 but only allowing the use of 30 days... Do you know how I can get this to run as needed?

    IAM trying to install Adobe In Design CS2 but only allowing the use of 30 days... Do you know how I can get this to run as needed?