ISAKMP initiation

When you configure isakmp on the routers to set up an ipsec tunnel, which side will open the session for udp 500? Or both sides will attempt to open the session at the same time?

Thank you

Hello

It could be either router that initiates the ISAKMP exchange. It will depend on what router sees interesting traffic first. For example if you have LAN - A behind A router and LAN - B behind router B and one person of LAN - tried to ping a machine with LAN - B, the router would launch the ISAKMP exchange. Hope that answers your question

Thank you

Tags: Cisco Security

Similar Questions

  • DMVPN Question ISAKMP Security Association

    Hi all

    I have implemented a full mesh base DMVPN, similar to the int of config used life package

    http://packetlife.net/blog/2008/Jul/23/dynamic-multipoint-VPN-DMVPN/ tutorial.

    I have a Hub and two rays. Everything seems to be ok functioing. I've included the config below for tunnels.

    My Question is, when I do an isakmp crypto see the its, for example 2A talked, I have three ISAKMP SA with three different addresses of CBC...

    How is that possible when I only have the tunnels to two other devices, the hub and rays 1? and why a foreign source address appears as an association of ISAKMP security on this router?

    status of DST CBC State conn-id slot

    172.16.1.2 172.16.2.2 QM_IDLE 1 0 ACTIVE

    172.16.2.2 172.16.3.2 QM_IDLE 3 0 ACTIVE

    172.16.2.2 172.16.1.2 QM_IDLE 2 0 ACTIVE

    A similar result on the hub

    status of DST CBC State conn-id slot

    172.16.2.2 172.16.1.2 QM_IDLE 2 0 ACTIVE

    172.16.1.2 172.16.2.2 QM_IDLE 1 0 ACTIVE

    172.16.1.2 172.16.3.2 QM_IDLE 3 0 ACTIVE

    Still 1 spoke only a 2

    172.16.1.2 172.16.3.2 QM_IDLE 1 0 ACTIVE

    172.16.2.2 172.16.3.2 QM_IDLE 2 0 ACTIVE

    Crypto config for all:

    crypto isakmp policy 10 authentication pre-share crypto isakmp key P4ssw0rd address 172.16.0.0 255.255.0.0 ! crypto ipsec transform-set MyTransformSet esp-aes esp-sha-hmac ! crypto ipsec profile MyProfile set transform-set MyTransformSet ! interface Tunnel0 tunnel protection ipsec profile MyProfile

    Config of Tunnel hub

    interface Tunnel0

    10.0.100.1 IP address 255.255.255.0

    dynamic multicast of IP PNDH map

    PNDH network IP-1 id

    tunnel source fa0/0

    multipoint gre tunnel mode

    Spoke 1 Tunnel Config

    !

    interface FastEthernet0/0

    address 172.16.3.2 IP 255.255.255.0

    automatic duplex

    automatic speed

    !

    interface Tunnel0

    10.0.100.2 IP address 255.255.255.0

    no ip redirection

    map of PNDH IP 10.0.100.1 172.16.1.2

    map of PNDH IP multicast 172.16.1.2

    PNDH network IP-1 id

    property intellectual PNDH nhs 10.0.100.1

    source of tunnel FastEthernet0/0

    multipoint gre tunnel mode

    Profile of tunnel MyProfile ipsec protection

    Spoke 2 Config of Tunnel

    !

    interface FastEthernet0/0

    IP 172.16.2.2 255.255.255.0

    automatic duplex

    automatic speed

    !

    interface Tunnel0

    IP 10.0.100.3 255.255.255.0

    no ip redirection

    map of PNDH IP 10.0.100.1 172.16.1.2

    map of PNDH IP multicast 172.16.1.2

    PNDH network IP-1 id

    property intellectual PNDH nhs 10.0.100.1

    source of tunnel FastEthernet0/0

    multipoint gre tunnel mode

    Profile of tunnel MyProfile ipsec protection

    SRC and DST IP addresses indicate that was author and answering machine. They do not represent information outlet (in the traditional sense of the term).

    You could get in double sessions of the two scenarios IKE, are the most common.

    (1) the negotiation started at both ends "simultaneously".

    (2) renegotiation of IKE.

    What is strange to me, is that you seem to have initiated session and responsed by the hub.

    What I would do, is to add:

    -ip server only PNDH (on the hub, it is not a provided ASR)

    -DPD (on all devices).

    Assures us that this hub initiates not anything in the PNDH and useless/deceased sessions are torn down eventually.

  • Cisco router 892 IPSec initiator?

    Hi all!

    I have the IPSec tunnel between Cisco router 892 (c890-universalk9 - mz.154 - 3.M4.bin) and Cisco PIX 515E (ver. 8.0 (4) 28) with 5 subnets behind PIX.

    PIX configured to deal with two-way-type of connection, but router support not =)

    So, when I generate intresting hosts behind the router traffic IPSec does not work. When I generate traffic hosts behind PIX , everything works, but I need to be initiator on the side of the router :-(

    Is there a way to make my initiator 892 tunnel Cisco IPSec router to work with Cisco PIX / ASA?

    I'm afraid I should replace the router to another device = (())

    Thank you!

    Hi Yura Kazakevich,

    Try to enable pfs on the router:

    map SDM_CMAP_1 1 ipsec-isakmp crypto

    Set of pfs

    Hope this info helps!

    Note If you help!

    -JP-

  • ASA L2L IKEv1 5520 no information of its crypto isakmp

    Here is the config... and show isa scream his

    ----------------------------------------------------------------------------------------

    Dathomir - ASA (config) # see the isa scream his

    There are no SAs IKEv1

    There are no SAs IKEv2
    Dathomir - ASA (config) #.

    ----------------------------------------------------------------------------------------

    Manual NAT policies (Section 1)
    1 (inside) to the static (external) source inside static destination inside DAN DAN-NETWORK-route search
    translate_hits = 0, untranslate_hits = 0

    Manual NAT policies (Section 3)
    1 (inside) to the dynamics of the source (on the outside) no matter what interface
    translate_hits = 661, untranslate_hits = 0
    Dathomir - ASA (config) #.

    ----------------------------------------------------------------------------------------

    !
    Dathomir - ASA host name

    names of
    !
    interface GigabitEthernet0/0
    nameif outside
    security-level 0
    IP address dhcp setroute
    !
    interface GigabitEthernet0/1
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/2
    No nameif
    no level of security
    no ip address
    !
    interface GigabitEthernet0/3
    nameif inside
    security-level 100
    IP 192.168.75.1 255.255.255.0
    !
    interface Management0/0
    Shutdown
    No nameif
    no level of security
    no ip address
    !
    passive FTP mode
    DNS server-group DefaultDNS
    SW - domain name. Demers.com
    network of the DAN - PUB object
    host 1.1.1.1
    the NATE-INSIDE object network
    Home 192.168.75.5
    network a group of objects inside
    object-network 192.168.75.0 255.255.255.0
    object-group network-DAN
    object-network 192.168.75.0 255.255.255.0
    list of permitted access to the INSIDE-IN scope ip any any newspaper
    the INSIDE-IN access list extended deny ip any any newspaper
    access OUTSIDE list / allowed extended inside host log 192.168.75.5 ip object DAN - PUB
    VPN - DAN 192.168.75.0 ip extended access list allow 255.255.255.0 192.168.200.0 255.255.255.0
    pager lines 24
    Enable logging
    timestamp of the record
    exploitation forest buffer-size 10000
    recording of debug console
    debug logging in buffered memory
    Outside 1500 MTU
    Within 1500 MTU
    no failover
    ICMP unreachable rate-limit 1 burst-size 1
    ASDM image disk0: / asdm - 743.bin
    don't allow no asdm history
    ARP timeout 14400
    NAT (inside, outside) static source inside static destination inside DAN DAN-NETWORK-route search
    !
    NAT source auto after (indoor, outdoor) dynamic one interface
    Access-group OUTSIDE / inside interface outside
    group-access INTERIOR-IN in the interface inside
    Timeout xlate 03:00
    Pat-xlate timeout 0:00:30
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    Floating conn timeout 0:00:00
    dynamic-access-policy-registration DfltAccessPolicy
    identity of the user by default-domain LOCAL
    the ssh LOCAL console AAA authentication
    Enable http server
    http 192.168.75.0 255.255.255.0 inside
    No snmp server location
    No snmp Server contact
    Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
    Crypto ipsec transform-set ikev1 TS_ESP_AES256_SHA aes - esp esp-sha-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
    Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
    Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
    Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
    Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
    Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
    Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
    Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
    Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
    Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
    Crypto ipsec ikev2 ipsec-proposal OF
    encryption protocol esp
    Esp integrity sha - 1, md5 Protocol
    Crypto ipsec ikev2 proposal ipsec 3DES
    Esp 3des encryption protocol
    Esp integrity sha - 1, md5 Protocol
    Crypto ipsec ikev2 ipsec-proposal AES
    Esp aes encryption protocol
    Esp integrity sha - 1, md5 Protocol
    Crypto ipsec ikev2 ipsec-proposal AES192
    Protocol esp encryption aes-192
    Esp integrity sha - 1, md5 Protocol
    Crypto ipsec ikev2 AES256 ipsec-proposal
    Protocol esp encryption aes-256
    Esp integrity sha - 1, md5 Protocol
    address for correspondence mymap 10 card crypto VPN - DAN
    mymap 10 peer set 2.2.2.2 crypto card
    mymap 10 set transform-set TS_ESP_AES256_SHA ikev1 crypto card
    card crypto mymap 10 set ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
    crypto mymap 10 card value reverse-road
    address for correspondence mymap 20 card crypto VPN - DAN
    card crypto mymap 20 peers set 1.1.1.1
    mymap 20 set transform-set TS_ESP_AES256_SHA ikev1 crypto card
    crypto mymap 20 card value reverse-road
    mymap outside crypto map interface
    IKEv2 crypto policy 5
    aes encryption
    integrity sha
    Group 2
    FRP sha
    second life 86400
    Crypto ikev2 allow outside
    Crypto ikev1 allow outside
    IKEv1 crypto policy 10
    preshared authentication
    aes encryption
    sha hash
    Group 5
    life 86400
    Telnet timeout 5
    SSH 192.168.75.0 255.255.255.0 inside
    SSH timeout 20
    SSH version 2
    SSH group dh-Group1-sha1 key exchange
    Console timeout 0
    dhcpd dns 8.8.8.8 4.4.2.2
    dhcpd lease 3000
    !
    dhcpd address 192.168.75.5 - 192.168.75.5 inside
    dhcpd dns 8.8.8.8 4.4.2.2 interface inside
    dhcpd ip interface 192.168.75.1 option 3 inside
    dhcpd 6 8.8.8.8 ip option 4.4.2.2 interface inside
    dhcpd allow inside
    !
    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    WebVPN
    attributes of Group Policy DfltGrpPolicy
    Split-tunnel-policy tunnelspecified
    Split-tunnel-network-list value VPN - DAN
    user name password using a NAT L3LhK0WEjivHU8Xd encrypted privilege 15
    tunnel-group 2.2.2.2 type ipsec-l2l
    2.2.2.2 tunnel-group ipsec-attributes
    IKEv1 pre-shared-key *.
    remote control-IKEv2 pre-shared-key authentication *.
    pre-shared-key authentication local IKEv2 *.
    tunnel-group 1.1.1.1 type ipsec-l2l
    tunnel-group 1.1.1.1 ipsec-attributes
    IKEv1 pre-shared-key *.
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    message-length maximum 512
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    inspect the rsh
    inspect the rtsp
    inspect esmtp
    inspect sqlnet
    inspect the skinny
    inspect sunrpc
    inspect xdmcp
    inspect the sip
    inspect the netbios
    inspect the tftp
    inspect the http
    !
    global service-policy global_policy
    context of prompt hostname
    no remote anonymous reporting call
    call-home
    Profile of CiscoTAC-1
    no active account
    http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
    email address of destination [email protected] / * /
    destination-mode http transport
    Subscribe to alert-group diagnosis
    Subscribe to alert-group environment
    Subscribe to alert-group monthly periodic inventory
    monthly periodicals to subscribe to alert-group configuration
    daily periodic subscribe to alert-group telemetry
    aes encryption password
    Cryptochecksum:5398307065bcf53ecaf5884259f1ea71
    : end

    -----------------------------------------------------------------------------------------------

    DEBUG CRYPTO 255 IKEV1

    RECV 73.206.149.11 PACKAGE
    ISAKMP header
    Initiator COOKIE: 30 42 fb 1 4 d fc be 9f
    Responder COOKIE: 00 00 00 00 00 00 00 00
    Next payload: Security Association
    Version: 1.0
    Exchange type: Protection of identity (Main Mode)
    Indicators: (none)
    MessageID: 00000000
    Length: 172
    Payload security association
    Next payload: Vendor ID
    Booked: 00
    Payload length: 60
    DOI: IPsec
    Situation: (SIT_IDENTITY_ONLY)
    Proposal of payload
    Next payload: no
    Booked: 00
    Payload length: 48
    Proposal #: 1
    Protocol-Id: PROTO_ISAKMP
    SPI size: 0
    number of transformations: 1
    Transformation of the payload
    Next payload: no
    Booked: 00
    Payload length: 40
    Transform #: 1
    Transform-Id: KEY_IKE
    Reserved2: 0000
    Description of the Group: Group 5
    Encryption algorithm: AES - CBC
    Key length: 256
    Hash algorithm: SHA1
    Authentication method: pre-shared key
    Type of life: seconds
    Life (Hex): 00 01 51 80
    Vendor ID payload
    Next payload: Vendor ID
    Booked: 00
    Payload length: 20
    Data (in hexadecimal):
    cb 80 91 3rd bb 69 90 6 08 63 81 b5 this 42 7 b 1f
    Vendor ID payload
    Next payload: Vendor ID
    Booked: 00
    Payload length: 20
    Data (in hexadecimal):
    94 19 53 10 ca 6f 17 a6 7 d 2C9 d 92 15 52 9 d 56
    Vendor ID payload
    Next payload: Vendor ID
    Booked: 00
    Payload length: 20
    Data (in hexadecimal):
    4 a 13 1 c 81 07 03 58 45 57 28 95 45 2f 0e f2 5 c
    Vendor ID payload
    Next payload: no
    Booked: 00
    Payload length: 24
    Data (in hexadecimal):
    40 48 b7 d5 6th e8 85 25 e7 7f 00 c2 d3 d6 bc
    C0 00 00 00
    August 11 at 08:14:40 [IKEv1] IP = 73.206.149.11, IKE_DECODE RECEIPT Message (msgid = 0) with payloads: HDR + SA (1) the SELLER (13) + the SELLER (13) + the SELLER (13), SELLER (13) + (0) NONE total length: 172
    11 August at 08:14:40 [IKEv1 DEBUG] IP = 73.206.149.11, SA payload processing
    August 11 at 08:14:40 [IKEv1] IP = 73.206.149.11, IKE_DECODE SEND Message (msgid = 0) with payloads: HDR + NOTIFY (11) + (0) NONE total length: 100

    ISAKMP header
    Initiator COOKIE: 30 42 fb 1 4 d fc be 9f
    Responder COOKIE: 0 d 4 c df a2 6 has 57 24
    Next payload: Notification
    Version: 1.0
    Exchange Type: information
    Indicators: (none)
    MessageID: 00000000
    Length: 100
    August 11 at 08:14:40 [IKEv1 DEBUG] IP = 73.206.149.11, proposals of all SA found unacceptable
    August 11 at 08:14:40 [IKEv1] IP = 73.206.149.11, error during load processing: payload ID: 1
    August 11 at 08:14:40 [IKEv1 DEBUG] IP = 73.206.149.11, case of mistaken IKE MM Responder WSF (struct & 0xcefbce48) , : MM_DONE, EV_ERROR--> MM_START, EV_RCV_MSG--> MM_START, EV_START_MM--> MM_START, EV_START_MM--> MM_START, EV_START_MM--> MM_START, EV_START_MM--> MM_START, EV_START_MM--> MM_START, EV_START_MM
    August 11 at 08:14:40 [IKEv1 DEBUG] IP = 73.206.149.11, IKE SA MM:a2df0c4d ending: flags 0 x 01000002, refcnt 0, tuncnt 0
    11 August at 08:14:40 [IKEv1 DEBUG] IP = 73.206.149.11, sending clear/delete with the message of reason

    Hello

    Your police ikev1 is

    IKEv1 crypto policy 10
    preshared authentication
    aes encryption
    sha hash
    Group 5

    And you found this peer

    Description of the Group: Group 5
    Encryption algorithm: AES - CBC
            Key length: 256
    Hash algorithm: SHA1
    Authentication method: pre-shared key

    If you have found the algorithm of encryption AES 256 of peers and you like AES

    HTH

    Averroès.

  • Political process of selection ISAKMP

    Hi all

    I have a question about how political ISAKMP is chosen in a router. Router 1 and 3 are connected via IPSec VPN. Here are their ISAKMP policies:

    R1 #sh run | s policy
    crypto ISAKMP policy 10
    BA aes 256
    preshared authentication
    Group 2
    crypto ISAKMP policy 20
    BA 3des
    preshared authentication
    Group 2

    ==========================

    R3 #sh run | s policy
    crypto ISAKMP policy 1
    BA 3des
    preshared authentication
    crypto ISAKMP policy 10
    BA 3des
    preshared authentication
    Group 2
    crypto ISAKMP policy 20
    BA 3des
    preshared authentication
    Group 2
    crypto ISAKMP policy 30
    BA 3des
    preshared authentication
    Group 2
    crypto ISAKMP policy 40
    BA aes 256
    preshared authentication
    Group 2
    life 1800
    crypto ISAKMP policy 50
    BA aes 256
    preshared authentication
    Group 2

    I have no problem with the phase 2. However, on the phase 1 AES/SHA is chosen - but with the life of 1800.

    R3 #sh crypto isa in detail its
    Code: C - IKE configuration mode, D - Dead Peer Detection
    NAT-traversal - KeepAlive, N - K
    T - cTCP encapsulation, X - IKE Extended Authentication
    PSK - GIPR pre-shared key - RSA signature
    renc - RSA encryption
    IPv4 Crypto ISAKMP Security Association

    C - id Local Remote I have VRF status BA hash Auth DH lifetime limit.

    1001 23.0.0.3 12.0.0.1 aes ACTIVE sha psk 2 00:29:54
    Engine-id: Conn-id = SW:1

    IPv6 Crypto ISAKMP Security Association

    Beyond output is taken as soon as the tunnel is built - and that's how I know that policy with the life expectancy of 1800 is chosen. There are times when 3des is selected as well:

    R3 #sh in detail its crypto isakmp
    Code: C - IKE configuration mode, D - Dead Peer Detection
    NAT-traversal - KeepAlive, N - K
    T - cTCP encapsulation, X - IKE Extended Authentication
    PSK - GIPR pre-shared key - RSA signature
    renc - RSA encryption
    IPv4 Crypto ISAKMP Security Association

    C - id Local Remote I have VRF status BA hash Auth DH lifetime limit.

    1001 23.0.0.3 12.0.0.1 ACTIVE 3des sha psk 2 23:57:21
    Engine-id: Conn-id = SW:1

    IPv6 Crypto ISAKMP Security Association

    I want to use AES - 256 with SHA value and default lifetime, which is the policy of leading in R1. Is that what I missed in the config to make the selection of the more deterministic strategy? Thank you.

    Haris

    Hi Haris,

    The behavior is correct. If R1 initiates the connection, it sends the first isakmp policy i.e. AES/SHA/Grp-2/Pre-share/service life and once it reaches R3, R3 will analyse the policies configured for her and will scan from 10 to 50. It will get a game on 40. If AES with SHA is selected.

    When R3 is initiator, 3DES/SHA/Grp2/Pre-share/life expectancy will be the first condition in the list (as it is the first in the list with 10; political policy 1 is incomplete). When the same will be analyzed on R1 for the game, it will get political game 20.

    Now, you want AES/SHA/group2/Pre-share to be selected each time, then on R3, create a strategy with the lowest number.

    For ex.

    crypto ISAKMP policy 1
    BA aes 256
    preshared authentication
    Group 2
    life 1800
    sha hash

    When you apply this command, it will remove the isakmp policy 1 but it won't make any difference because that isakmp policy 1 is incomplete. Please try this and tell me if this solves your problem.

    Thank you

    Vishnu

  • IKE initiator unable to find the policy; Outside INTF, CBC: error

    I have a Cisco ASA 5505 having a tunnel at a remote office. I just put in place another identical to another tunnel and when I followed the VPN in ASDM I see that the VPN is active. But I can't ping through it. When I check the logs I see "IKE initiator unable to find the policy; Outside INTF, CBC:... "Nobody knows what might be the cause? Here is a copy of the configuration. Thank you.

    See the config of bdavpn1 #.
    : Saved
    : Written by admin in 17:54:11.823 HAA Monday, June 7, 2010
    !
    ASA Version 8.2 (2)
    !
    hostname bdavpn1
    domain.com domain name
    activate the encrypted password of OSaXLnYQKkAcBhYA
    2KFQnbNIdI.2KYOU encrypted passwd
    names of
    !
    interface Vlan1
    nameif inside
    security-level 100
    192.168.2.100 IP address 255.255.255.0 ensures 192.168.2.101
    !
    interface Vlan2
    nameif outside
    security-level 0
    IP 101.17.205.116 255.255.255.1018 Eve 101.17.205.117
    !
    interface Vlan3
    nameif dmz
    security-level 50
    IP 172.20.0.1 address 255.255.255.0 watch 172.20.0.3
    !
    interface Vlan4
    Failover LAN Interface Description
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    switchport access vlan 91
    !
    interface Ethernet0/3
    switchport access vlan 3
    !
    interface Ethernet0/4
    switchport access vlan 3
    !
    interface Ethernet0/5
    switchport access vlan 4
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    passive FTP mode
    clock timezone AST - 4
    clock to summer time recurring ADT
    DNS domain-lookup dmz
    DNS server-group DefaultDNS
    Server name 172.20.0.99
    domain.com domain name
    permit same-security-traffic inter-interface
    permit same-security-traffic intra-interface
    object-group Protocol TCPUDP
    object-protocol udp
    object-tcp protocol
    object-group network Chicago-nets
    object-network 10.150.1.0 255.255.255.0
    object-network 10.150.55.0 255.255.255.0
    object-network 10.150.56.0 255.255.255.0
    object-network 10.150.57.0 255.255.255.0
    object-network 172.16.1.0 255.255.255.0
    object-network 192.168.26.0 255.255.255.0
    object-network 10.150.111.0 255.255.255.0
    the DM_INLINE_NETWORK_2 object-group network
    object-network 192.168.4.0 255.255.255.0
    object Group Chicago-nets
    the DM_INLINE_NETWORK_1 object-group network
    object-network 192.168.4.0 255.255.255.0
    object Group Chicago-nets
    the DM_INLINE_NETWORK_3 object-group network
    object-NET 172.20.0.0 255.255.255.0
    object-network 192.168.2.0 255.255.255.0
    the DM_INLINE_NETWORK_4 object-group network
    object-NET 172.20.0.0 255.255.255.0
    object-network 192.168.2.0 255.255.255.0
    outside_cryptomap to access extended list ip 192.168.2.0 allow 255.255.255.0 DM_INLINE_NETWORK_1 object-group
    inside_nat0_outbound to access extended list ip 192.168.2.0 allow 255.255.255.0 DM_INLINE_NETWORK_2 object-group
    inside_nat0_outbound to access extended list ip 192.168.2.0 allow 255.255.255.0 172.20.0.0 255.255.255.0
    inside_nat0_outbound list extended access allowed object-group ip DM_INLINE_NETWORK_3 192.168.4.0 255.255.255.0
    inside_nat0_outbound list extended access allowed object-group ip DM_INLINE_NETWORK_4 192.168.4.0 255.255.255.0
    Note to access list outside_to_dmz allow access to the citrix Server
    outside_to_dmz list extended access permit tcp any newspaper HTTPS host 101.17.205.123 eq
    dmz_to_inside allowed extended access list host 172.20.0.2 ip 192.168.2.0 255.255.255.0 connect
    Note to outside_access_in entering of Citrix access list
    outside_access_in list extended access permit tcp any host 101.17.205.123 eq https
    outside_2_cryptomap list extended access allowed object-group ip DM_INLINE_NETWORK_4 192.168.4.0 255.255.255.0
    pager lines 101
    Enable logging
    timestamp of the record
    logging paused
    logging buffered information
    asdm of logging of information
    Within 1500 MTU
    Outside 1500 MTU
    MTU 1500 dmz
    IP verify reverse path to the outside interface
    failover
    primary failover lan unit
    failover failover lan interface Vlan4
    failover interface ip failover 172.16.30.1 255.255.255.252 watch 172.16.30.2
    ICMP unreachable rate-limit 1 burst-size 1
    ASDM image disk0: / asdm - 625.bin
    don't allow no asdm history
    ARP timeout 14400
    Global 1 interface (outside)
    Global interface (dmz) 2
    NAT (inside) 0-list of access inside_nat0_outbound
    NAT (inside) 1 0.0.0.0 0.0.0.0
    static (dmz, external) 101.17.205.123 172.20.0.2 netmask 255.255.255.255
    Access-group outside_access_in in interface outside
    Access-group dmz_to_inside in dmz interface
    Route outside 0.0.0.0 0.0.0.0 101.17.205.115 1
    Timeout xlate 03:00
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-registration DfltAccessPolicy
    AAA authentication enable LOCAL console
    AAA authentication http LOCAL console
    LOCAL AAA authentication serial console
    the ssh LOCAL console AAA authentication
    AAA authentication LOCAL telnet console
    LOCAL AAA authorization command
    Enable http server
    http 0.0.0.0 0.0.0.0 outdoors
    http 0.0.0.0 0.0.0.0 inside
    redirect http outside 80
    SNMP-server host inside 10.150.1.177 community survey * version 2 c
    SNMP-server host inside 10.150.2.38 community survey * version 2 c
    location of Server SNMP Hamilton, Bermuda
    SNMP Server contact René Bouchard
    Community SNMP-server
    Server enable SNMP traps snmp authentication linkup, linkdown cold start
    Service resetoutside
    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    inside
    redirect http outside 80
    SNMP-server host inside 10.150.1.177 community survey * version 2 c
    SNMP-server host inside 10.150.2.38 community survey * version 2 c
    location of Server SNMP Hamilton, Bermuda
    SNMP Server contact René Bouchard
    Community SNMP-server
    Server enable SNMP traps snmp authentication linkup, linkdown cold start
    Service resetoutside
    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
    Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
    life crypto ipsec security association seconds 28800
    Crypto ipsec kilobytes of life - safety 4608000 association
    Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
    card crypto outside_map3 1 match address outside_cryptomap
    outside_map3 card crypto 1jeu peer 101.88.182.189
    outside_map3 card crypto 1jeu transform-set ESP-3DES-SHA
    card crypto game 2 outside_map3 address outside_2_cryptomap
    outside_map3 crypto map peer set 2 101.1.95.253
    card crypto outside_map3 2 the value transform-set ESP-3DES-SHA
    Crypto map outside_map3 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    outside_map3 interface card crypto outside
    Crypto ca trustpoint bdavpn1
    Terminal registration
    domain name full bdavpn1.domain.bm
    name of the object CN = bdavpn1.domain.bm, OR = Ltd, O is domain, C = US, St is of_confusion, L is Hamilton,[email protected] / * /
    Configure CRL
    Crypto ca certificate card domainincCertificateMap 10
    name of the object attr cn eq sslvpn.domain.com
    Crypto ca certificate chain bdavpn1
    certificate ca 00
    30820267 308201d 0 a0030201 02020100 300 d 0609 2a 864886 f70d0101 04050030
    32310b 30 09060355 04061302 5553310 300 b 0603 d. 55040 has 13 41 53311430 04414c
    12060355 0403130b 63612e61 6c61732e 636f6d30 35303130 31303630 1e170d39
    3335 30313031 30363031 31395 has 30 32310 b 30 170d 3131395a 09060355 04061302
    300b 0603 55040 5553310d has 13 04414c 41 53311430 12060355 0403130b 63612e61
    06092a 86 4886f70d 01010105 0003818d 00308189 819f300d 636f6d30 6c61732e
    c19012ed 02818100 4cf67378 c9347162 2bcf6519 a3ab748f 1c9cae07 5c232c93
    8a 625638 68416412 and 55808768 412675bc 5906ba4a 3ffd1d101 303d0ea7 d559ccf8
    0d425ffc edf1cee8 337ca5c7 5f718f2d 081551f8 fc742b78 8866de9b c82310b0
    89975e30 7ea7f047 bf518ac3 aa2dfd7e f93b1016 7d5261ea 34f18fa7 748d52c8
    7595ecb3 02030100 01a3818c 30818930 1 d 060355 1d0e0416 0414c1ab b8651761
    fc3f12d1 b132322e be36ff6a cecb305a 0603551d 23045330 518014c 1 abb86517
    61fc3f12 d1b13232 2ebe36ff 6acecba1 36 has 43430 32310b 30 09060355 04061302
    300b 0603 55040 5553310d has 13 04414c 41 53311430 12060355 0403130b 63612e61
    6c61732e 636f6d82 0100300c 0603551d 13040530 030101ff 300 d 0609 2a 864886
    f70d0101 818100ad 04050003 1d558eab 05d50f7b b656e2c4 213a9ac3 1cecee73
    0251f931 0b47e84f f3c0847e b2168562 d27330b3 72c8023f b83aeb4a 2db8fbf7
    f4575c8e c56300aa 6d5b0fd3 092e7747 76 76286 26e81b3e 4ca35b71 792380b 9
    ca480932 c58a8ee6 2fa62a73 aa1d209d 68662c 59 0b8a71f1 c2db0cbb 5aefc8c5
    bedcbda7 caf46f0c b01def
    quit smoking
    crypto ISAKMP allow outside
    crypto ISAKMP policy 10
    preshared authentication
    the Encryption
    sha hash
    Group 2
    life 86400
    crypto ISAKMP policy 20
    preshared authentication
    3des encryption
    sha hash
    Group 2
    life 86400
    crypto ISAKMP policy 30
    authentication rsa - sig
    3des encryption
    sha hash
    Group 2
    life 86400
    No encryption isakmp nat-traversal
    crypto ISAKMP ipsec-over-tcp port 10000
    Telnet 0.0.0.0 0.0.0.0 inside
    Telnet 0.0.0.0 0.0.0.0 outdoors
    Telnet timeout 120
    SSH enable ibou
    SSH 0.0.0.0 0.0.0.0 inside
    SSH 0.0.0.0 0.0.0.0 outdoors
    SSH timeout 60
    Console timeout 0
    management-access inside

    a basic threat threat detection
    threat detection statistics
    a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
    prefer NTP server 192.168.2.116 source inside
    NTP server 192.168.2.117 source inside
    bdavpn1 point of trust SSL outdoors
    WebVPN
    allow outside
    enable SVC
    attributes of Group Policy DfltGrpPolicy
    Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
    LtdAdmin XRlF3jA1k3JEhNgr encrypted privilege 15 password username
    domainadmin encrypted E1zLpTPUtBADN9og privilege 15 password username
    tunnel-group sslvpn.domain.com type ipsec-l2l
    sslvpn.domain.com group of tunnel ipsec-attributes
    validation by the peer-id cert
    trust-point bdavpn1
    tunnel-group 101.88.182.189 type ipsec-l2l
    IPSec-attributes tunnel-group 101.88.182.189
    pre-shared-key *.
    tunnel-group 101.1.95.253 type ipsec-l2l
    IPSec-attributes tunnel-group 101.1.95.253
    pre-shared-key *.
    tunnel-Group-map enable rules
    Tunnel-Group-map domainincCertificateMap 10 sslvpn.domain.com
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    message-length maximum 10101
    ID-randomization
    ID-incompatibility action log
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    inspect the rsh
    inspect the rtsp
    inspect esmtp
    inspect sqlnet
    inspect the skinny
    inspect sunrpc
    inspect xdmcp
    inspect the sip
    inspect the netbios
    inspect the tftp
    inspect the icmp
    inspect the icmp error
    inspect the amp-ipsec
    !
    global service-policy global_policy
    context of prompt hostname
    Cryptochecksum:a23ada0366576d96bd5c343645521107

    Scott,

    When you check the status of the two tunnels of the CLI, check the following:

    HS cry isa--> of his watch as active or QM_IDLE

    HS cry ips his--> shows the packages encrypted/decrypted

    The second tunnel does not properly come upwards, should ensure that policies correspond to the two ends of the tunnel.

    If this second tunnel is started but does not traffic, we might have a problem NAT or routing.

    Federico.

  • VPN L2L: ASA5505-> ASA5520, initiator of IKE unable to find policy

    Hello!

    Periodically, we are experiencing a problem with tunnel between 5505 and 5520 L2L

    Sometimes there is no 5505 LAN access to one of the LAN's 5520

    ex: ping from the inside interface (10.1.13.1) 5505 to 5520 (10.1.1.1) does not work

    5505:
    - cry isa his we can see the peer - it's OK

    -in Cree its pe ip itsnecessary there, but program is not increase and still no ping

    -all the other itsof the acl work properly

    5505 debugging:

    % ASA-3-713042: unable to find political initiator IKE: outside Intf, Src: 10.1.13.1, Dst: 10.1.1.1
    % ASA-3-313001: Denied ICMP type = 8, code = 0 to 10.1.1.1

    ACL on both sides is correct

    Erase isakmp his helps solve the problem

    p.s., asa 5505 has two ISP and two crypto cards with 5520

    This happens whenever your primary or secondary provider fails

  • that means (role: answering machine and role: initiator)?

    Dear all,

    I have a few questions about ASA 5500 error?

    a few times I saw the role: answering machine and a few times I've seen role: initiator

    what it means?

    and what is the problem?

    HQ # sh crypto isakmp his

    HIS active: 3
    Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
    Total SA IKE: 3

    1 peer IKE: 10.189.137.8
    Type: L2L role: answering machine
    Generate a new key: no State: MM_ACTIVE
    2 IKE peers: 10.189.137.10
    Type: L2L role: initiator
    Generate a new key: no State: MM_ACTIVE
    3 peer IKE: 10.189.137.9
    Type: L2L role: initiator
    Generate a new key: no State: MM_ACTIVE
    AC #.

    Answering machine means that the peer has initiated the VPN while initiator connection means that the VPN tunnel is started from this end.

    Hope that answers your question.

  • Debug Crypto ISAKMP

    Hello

    I've been trying to set up a virtual private network and when I ran this command earlier I received a lot of output and everything seemed ok.

    I could see also dest, src, etc... When I ran isakmp crypto his.

    All of a sudden I have nothing now, even when I debug above. His crypto isakmp command is now empty, too, see below.

    crypto ISAKMP his

    IPv4 Crypto ISAKMP Security Association

    status of DST CBC State conn-id slot

    Suggests that the problem is with the remote end? I'd always get the display using debug crypto isakmp if the remote end is down to debug?

    Just puzzled as to why the power has disappeared 'quiet '.

    Thank you

    Hello

    There could be several reasons for the same thing:

    --> Interesting traffic or other remote or local end has been interrupted for any reason any.

    --> That the ASA has been showing some debugs earlier, it is unlikely that the package can't the ASA now which in turn will hit the crypto ACL (interesting traffic) triggering therefore Cryptography tunnels and debugs him.

    --> There could be changes in configuration to the remote end ASA because of which the tunnel is not triggered.

    The best way to solve this problem is to follow the VPN traffic or the package for tunnel VPN from its source to its destination.

    I recommend the following:

    • Take screenshots on the SAA hence traffic is running and see if it's the ACL crypto. Check the ACL has hit counts for the same.

    http://www.Cisco.com/en/us/products/ps6120/products_tech_note09186a0080a9edd6.shtml

    • Select "debug crypto isakmp 127' & see if the tunnel is triggered and debugging is generated.
    • If not, then run the packet tracer and see if the VPN traffic passes all the checks, and that he is authorized by the VPN.
    • If traffic is allowed under the VPN to tracers of package Phase, and you still do not see the traffic being passed through the VPN, then it might a possibility that is happening in a different tunnel and pressing a crypto ACL overlap (as appropriate) on the same source ASA.
    • If the package is not seen hitting the firewall of the above capture, then the package can't certainly ASA and you will need to check the internal routing.
    • You can also see that the syslogs on the ASA local drops because of any function of firewall for VPN traffic destined for.

    To respond to your request, if the remote end has been down you wouldn't see debugs it unless the host is launch of traffic to the VPN to the local line. If the VPN traffic has been initiated by behind the ASA remote, and it is down then you would see not all debugs on the ASA local.

    I would like to know once you have reduced it more so that we can move forward and I'll be in a better position to provide my next course of action on this.

    Hope this has been informative.

    Kind regards

    Nick

    P.S. Please mark this post as solved if the information above has helped you identify the problem or at least you move forward to resolve the issue so that other users are benifited too

  • Respnder and IKE initiator

    Hello world

    If IPSEC VPN is running between two sites how do know us which site is IKE initiator and the responder?

    If the two sites are large sites.

    Thank you

    Mahesh

    If it is initiator you will get an output similar to below. L2l role will be initiator

    Crypto ISAKMP router #show its

    1 peer IKE: XX. XX. XX. XX

    Type: L2L role: initiator

    Generate a new key: no State: MM_ACTIVE

    With respect,

    Safwan

    Remember messages useful rates

  • Initial backup, Time Capsule will not end.

    I recently started to use my Time Capsule to back up my early 2014 MBA 13 '' again. However the initial backup will never end. The TC is not used as a Wi - Fi router; It is connected to the existing wireless network.

    When I started having this problem initially. I erased the disc TC and more fresh and Time Machine, under System Prefs, told me that the backup has been chugging along just great. Well... now, after he had all of August to reach the end of time Machine always shows me "waiting for full first backup."

    If I choose "save now" widget menu bar or if I let the system restart automatically backups TM shows Control Panel "backup x of x, XX, XX" and the second number continues to increase. The backup will never end.

    I searched the Ko of Apple and these discussion forums and not found the answer. What can I do to make this backup finish?

    TIA.

    The TC is not used as a Wi - Fi router; It is connected to the existing wireless network.

    And that's probably the problem, because Apple does not officially support backups Time Machine to TB unless you use the wireless TC, or connect the Mac directly on the TC using a wired Ethernet cable connection.

    Things can work with your existing wireless network, but it will be no help if it is not. Sometimes in situations like this, a Mac will back up OK wireless, and another Mac will have problems.

    As you try to add 'new' backups 'old' backup, Time Machine can also have issues with this, try to compare the old and new files and get confused about what to keep and do not keep. In this case, the recommended solution would be to delete older backups of the MBA and then start again and try a new backup.

    Wireless is never recommended for a first full backup. It's OK to use it, then much smaller incremental backups.

    If you try this course the existing wireless you have and still have questions, other than to try to save on the wireless TC, on the only other option to try would be to connect the MBA directly to one of the LAN port <>- on the back of the TC using an Ethernet cable.  Since you have an MBA, who does not have an Ethernet port, you can buy a bolt of lightning for the Ethernet card.  Maid in Gigabit Ethernet Adapter - Apple

  • What has been the recent initial risk security involving Javascript in Firefox?

    What has been the recent initial risk security involving Javascript in Firefox? I downloaded the suggested "No Script" to be able to allow or forbid scripts on Web sites. However, it gets a little frustrating when waiting for pages to download, then realize that I have to enable them. I really need to make it longer?

    JavaScript is not any security risk known that have not been resolved in recent versions of Firefox. You are thinking maybe Java, which is full of known security holes and should be turned off, but is not related to the Javascript in any way.

  • should my time capsule be connected with a cable for backups, after the initial installation?

    should my time capsule be connected with a cable for backups, after the initial installation?

    If you mean that you have to keep your Mac connected to a Time Capsule via Ethernet for future backups, then the answer is no. Time Machine and time Capsule are designed to work over wireless for your Mac would just need to be connected to the wireless network provided by the time Capsule.

  • E-mail suddenly is seen in initial popup but is not in the Inbox

    I very well - received email in my Thunderbird inbox - this morning. But now, suddenly, from about 14:30, I'll see an email in Thunderbird - seeing this little window that briefly previews the e-mail message - but then when I go into my Inbox to find this email, it is not there! I did a test and it's the same thing... I see it in the popup as a first step, but then there is in my Inbox. I thought initially perhaps it was showing in a weird situation in my Inbox, because of this business of wire that I don't understand, but when I do a search for email which is theoretically, I'm not. Any ideas welcome!

    Oops, never mind - I answered my own question! My incoming e-mails disappear simply - they were filtering in my mailbox a that has a filter set up to bring certain e-mail inside. I don't know why the emails (all? some, not sure) would all of a sudden there, but now I removed the filter and box the letters that the emails were suddenly get deflected in, and now the e-mails seem to come very well... At least my test for me e-mail now goes into my Inbox as expected. If there's a software glitch behind what happened, it would be wise to consider the issue.

  • IPad 12.7 froze on the initial commissioning - updated

    Hi my Ipad froze on the initial update after the start of 9.2 to 9.3.2.

    Subsequent attempts have failed and an error 53 rises.

    When the Ipad is not connected I only connect to itunes prompt & he can't go down the Restore screen

    Tried several different things with no luck

    Hello.

    Press the sleep/wake and home buttons and keep them for at least 10 seconds.

    If this is not enough, take a look at these articles Support from Apple:

    If your iPhone, iPad or iPod touch does not respond or does not turn on - Apple Support

    Use iTunes to restore the iPhone, iPad or iPod to factory settings - Apple Support.

    As a final step, try recovery mode. Turn off your unit, then plug it to your computer with the hold home button. Hold down Home button until you see the logo on the screen of your iPhone iTunes. After that on your computer, you should see the iTunes window saying that your iPhone needs to be restored to factory settings. Click Restore.

    More info here:https://support.apple.com/en-us/HT201263

    If these steps do not work, contact Apple and ask for help.

    https://www.Apple.com/support/iPhone/contact/

Maybe you are looking for

  • I have phone alert question?

    I phone user, I need to know if there is anyway that I can configure for my I phone to alert me repeatedly every 1 or 2 minute intervals until I pick up or read. I love my I phone like others. normally I throw around the corner until the phone rings.

  • Satellite C850 touchpad freezes frequently

    I got a Satellite C850 last weekend and I have problems with the mouse pad - it freezes frequently... any help greatly appreciated - really don't want to have to send in for repair after only 5 days

  • Firefox does not load pages and said "Stopped" in the lower left corner of the screen.

    Latest FF and XP Pro. 2.4 Ghz Celeron processor, 1 GB of RAM. FF will work for awhile then it will stop loading pages and say 'Stop' in the lower left corner of the screen. Sometimes I can refresh and the page loads, but 95 out of 100 times I can kee

  • Manual for VIBE series VIBE P1m Smartphone

    Hi all Can you tell me where I can find a manual for Smartphone Vibe P1m? I looked in the lenovo support link, but there is nothing.

  • Need help on how to make dll with VC ++ 2008 for Labview function liblary

    I use VC ++ 2008Express and you want to make the DLL. Since I'm using VC ++ 2008, do I have to install the 'MS redistributable"on PC what dose does not have VC ++? Is there any free ANSI C compiler do DLL for Labview for use with the function call in