Jabber of Cisco on Cisco ipsec VPN client

Hello

I wonder if anyone has had this problem.  I am currently using the 9.2.3 J4W customer and when I use Jabber in my office, everything works fine.  IM works very well and my incoming and outgoing calls work.   The question I have is when I work from home on my personal wifi and customer VPN Cisco (version 5.0.07.0290) ipsec remote in my area that the instant messaging and presence features work fine however only outgoing calls work. With Jabber, I can dial any DN in my organization and a willingness to work. The only problem is when someone tries to call me, I'll never get an alert for the incoming call.   However my ip back to my desk phone will be keep ringing and I'll see the voicemail and calls to jabber?   For some reason any call does not make for me on my VPN session.   I'm not sure of what could be the problem.   Jabber has certain requirements on ipsec VPN to work?  We use the ASA 5510 firewall and VPN endpoint.

Thank you

William Gonzalez

CCNA R & S

William,

We recently had this problem: one of my other network admins had to prosecute with TAC, their resolution is to add

a static NAT on our ASA for external source outside translation is your VPN network, destination is your VPN network.

Thank you

Tags: Cisco Support

Similar Questions

  • RV180 and Cisco IPSec VPN client

    Hi NetPro,

    RV180 router supports VPN client using the regular Cisco VPN client connections?

    Data sheet says it works with client QuickVPN. If the regular non-Quick client is not supported, both clients can coexist (= be installed simultaneously) on the same PC?

    Is supported customer QuickVPN split tunneling?

    Thank you!

    Lubomir

    Lubomir Hello,

    The RV180 currently supports QuickVPN and PPTP VPN connections. It also has the IPSec tunnel as well, but it does not support the Cisco VPN client.

    I saw a question have Cisco VPN and the QuickVPN installed on the same computer.

    The QuickVPN client supports only split tunneling.

    I hope that answers your questions.

  • Router Cisco IPsec VPN client

    Hello

    I would like if it is possible to make the IPsec VPN connection as a customer.

    ISP router (VDSL connection)

    <--->Cisco 887 <---->pc more with conditional redirection

    VPN router (as strongVPN)

    Thank you for your help.

    Best regards

    Hi Bruno.

    Yes the IOS router may be a VPN client, it is called easy VPN:

    How to configure Easy VPN Cisco IOS (server and client)

    * The server must be a Cisco device such as another router or an ASA.

    Keep me posted.

    Thank you.

    Portu.

    Please note all useful messages.

  • integrated macOS Sierra Cisco IPsec VPN does not work anymore (impossible to validate the server certificate)

    Hello

    I just upgraded to macOS Sierra and built-in Cisco IPsec VPN no longer works. When you try to connect, I get a "cannot validate the certificate of the server. "Check your settings and try to reconnect" error message. I use Cisco ASA with self-signed certificates and everything worked fine with previous versions of OS X.

    Please help me, I need my VPN Thx a lot

    I am having the same problem with StrongSwan and help cert signed with the channel to complete certificates included in the pkcs12 file imported to the keychain. It was working properly in El Capitan, but now broken in the Sierra.

  • Cisco AnyConnect VPN Client maintains reconnection

    Hello

    We have recently installed an ASA5505 and activated the VPN access.

    Two of my colleagues have no problems connecting to the VPN using Cisco AnyConnect VPN Client, but I do.

    I am still disconnected after a few seconds with the message:

    "A VPN reconnect gave rise to different configuration settings. VPN network interface is to be reset. Applications using the private network may be required to restart. »

    Cisco AnyConnect VPN Client Version 2.5.2019

    I work with Windows 7 but the same thing happens when I try to connect using my computer that is running Windows Vista.

    My colleagues also using Win7

    I also tried to disable the Windows Firewall.

    Any help would be appreciated.

    Best regards

    Peter

    TAC has been able to solve the problem.   For webvpn mtu changed default from 1406 to 1200.

    Not sure why 2 other ASAs we work very well otherwise though!

    WebVPN
    SVC mtu 1200

  • Cisco AnyConnect VPN Client (connection attempt failed because the network or pc problem cisco)

    Hi all

    I am trying to connect to my Cisco AnyConnect VPN Client but everytime I try, I get an error (connection attempt failed because the network or pc problem cisco)

    Can anyone help me please with this.

    Thank you

    Zia

    What is the local firewall on your computer?

  • AAA ipsec vpn clients how to see the history of connection on asdm or asa5510

    Hello all, I would like to know how see history of connection ipsec vpn client users, they authenticate to the local aaa, not in active directory. I am able to see the current logon session. go to monitoring\vpn\vpn statistics\sessions, this shows me sessions underway, but I would like to see for example the connections client vpn for the last month. I did some research and saw the info on aaa Server? I checked that article and does not see what I was looking for.

    It's actually a called (NPS) network policy server microsoft radius server.

    The one I used (ACS 5 and ACS 5) who was just an example.

    You can review the below listed doc

    http://fixingitpro.com/2009/09/08/using-Windows-Server-2008-as-a-RADIUS-server-for-a-Cisco-ASA/

    Jatin kone

    -Does the rate of useful messages-

  • How do I allow IPSec VPN client-to-client

    Can someone briefly describe the steps on an ASA to allow both IPSec VPN clients talking to each other. They are in the same pool of addresses. I already have two same-security-traffic permit for inter and intra interface statements. Thank you!

    Sent by Cisco Support technique iPhone App

    try to including this traffic in the States of sheep you have

    Alos, you may need to make changes to the acl split rules

  • Problems connecting to help connect any and the Ipsec VPN Client

    I have problems connecting with the VPN client connect no matter what.  I can connect with the Ipsec VPN client in Windows 7 32 bit.

    Here is my latest config running.

    Thank you for taking the time to read this.

    passwd encrypted W/KqlBn3sSTvaD0T

    no names

    name 192.168.1.117 kylewooddesk kyle description

    !

    interface Vlan1

    nameif inside

    security-level 100

    IP 192.168.1.1 255.255.255.0

    !

    interface Vlan2

    nameif outside

    security-level 0

    IP address dhcp setroute

    !

    interface Ethernet0/0

    switchport access vlan 2

    !

    interface Ethernet0/1

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    !

    interface Ethernet0/4

    !

    interface Ethernet0/5

    !

    interface Ethernet0/6

    !

    interface Ethernet0/7

    !

    boot system Disk0: / asa822 - k8.bin

    passive FTP mode

    DNS lookup field inside

    DNS domain-lookup outside

    DNS server-group DefaultDNS

    domain wood.local

    permit same-security-traffic intra-interface

    object-group service rdp tcp

    access rdp Description

    EQ port 3389 object

    outside_access_in list extended access permit tcp any interface outside eq 3389

    outside_access_in list extended access permit tcp any interface outside eq 8080

    outside_access_in list extended access permit tcp any interface outside eq 3334

    outside_access_in to access extended list ip 192.168.5.0 allow 255.255.255.240 192.168.1.0 255.255.255.0

    woodgroup_splitTunnelAcl list standard access allowed host 192.168.1.117

    inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.240

    outside_access_in_1 list extended access permit tcp any host 192.168.1.117 eq 3389

    woodgroup_splitTunnelAcl_1 list standard access allowed 192.168.1.0 255.255.255.0

    inside_nat0_outbound_1 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.5.0 255.255.255.240

    inside_nat0_outbound_1 to access extended list ip 192.168.5.0 allow 255.255.255.240 all

    inside_test list extended access permit icmp any host 192.168.1.117

    no pager

    Enable logging

    timestamp of the record

    asdm of logging of information

    Debugging trace record

    Within 1500 MTU

    Outside 1500 MTU

    mask pool local Kyle 192.168.5.1 - 192.168.5.10 IP 255.255.255.0

    IP local pool vpnpool 192.168.1.220 - 192.168.1.230

    ICMP unreachable rate-limit 1 burst-size 1

    ASDM image disk0: / asdm - 631.bin

    don't allow no asdm history

    ARP timeout 14400

    Global (inside) 1 interface

    Global 1 interface (outside)

    NAT (inside) 0-list of access inside_nat0_outbound_1

    NAT (inside) 1 0.0.0.0 0.0.0.0

    public static interface 3389 (indoor, outdoor) 192.168.1.117 tcp 3389 netmask 255.255.255.255 dns

    public static tcp (indoor, outdoor) interface 8080 192.168.1.117 8080 netmask 255.255.255.255

    public static tcp (indoor, outdoor) interface 3334 192.168.1.86 3334 netmask 255.255.255.255

    static (inside, upside down) 75.65.238.40 192.168.1.117 netmask 255.255.255.255

    Access-group outside_access_in in interface outside

    Timeout xlate 03:00

    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

    timeout tcp-proxy-reassembly 0:01:00

    dynamic-access-policy-registration DfltAccessPolicy

    WebVPN

    the files enable exploration

    activate the entry in the file

    enable http proxy

    Enable URL-entry

    SVC request no svc default

    AAA authentication http LOCAL console

    Enable http server

    http 192.168.1.0 255.255.255.0 inside

    No snmp server location

    No snmp Server contact

    Server enable SNMP traps snmp authentication linkup, linkdown cold start

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

    Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

    Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

    Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

    Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

    life crypto ipsec security association seconds 28800

    Crypto ipsec kilobytes of life - safety 4608000 association

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

    Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    outside_map interface card crypto outside

    crypto isakmp identity address

    crypto ISAKMP allow outside

    crypto ISAKMP policy 10

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    Telnet 192.168.1.0 255.255.255.0 inside

    Telnet timeout 5

    SSH timeout 5

    Console timeout 0

    dhcpd dns 8.8.8.8 8.8.4.4

    dhcpd lease 3000

    !

    dhcpd address 192.168.1.100 - 192.168.1.130 inside

    dhcpd allow inside

    !

    a basic threat threat detection

    host of statistical threat detection

    Statistics-list of access threat detection

    no statistical threat detection tcp-interception

    WebVPN

    allow outside

    SVC disk0:/anyconnect-win-2.4.1012-k9.pkg 1 image

    enable SVC

    internal sslwood group policy

    attributes of the strategy of group sslwood

    VPN-tunnel-Protocol svc webvpn

    WebVPN

    list of URLS no

    internal group woodgroup strategy

    woodgroup group policy attributes

    value of server DNS 8.8.8.8 8.8.4.4

    Protocol-tunnel-VPN IPSec

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list woodgroup_splitTunnelAcl_1

    mrkylewood encrypted Q4339wmn1ourxj9X privilege 15 password username

    username mrkylewood attributes

    VPN-group-policy sslwood

    VPN - connections 3

    VPN-tunnel-Protocol svc webvpn

    value of group-lock sslwood

    WebVPN

    SVC request no webvpn default

    tunnel-group woodgroup type remote access

    tunnel-group woodgroup General attributes

    address pool Kyle

    Group Policy - by default-woodgroup

    tunnel-group woodgroup ipsec-attributes

    pre-shared key *.

    type tunnel-group sslwood remote access

    tunnel-group sslwood General-attributes

    address pool Kyle

    authentication-server-group (inside) LOCAL

    authentication-server-group (outside LOCAL)

    Group Policy - by default-sslwood

    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    type of policy-card inspect dns preset_dns_map

    parameters

    message-length maximum 512

    Policy-map global_policy

    class inspection_default

    inspect the preset_dns_map dns

    inspect the ftp

    inspect h323 h225

    inspect the h323 ras

    inspect the netbios

    inspect the rsh

    inspect the rtsp

    inspect the skinny

    inspect esmtp

    inspect sqlnet

    inspect sunrpc

    inspect the tftp

    inspect the sip

    inspect xdmcp

    Review the ip options

    type of policy-card inspect dns MY_DNS_INSPECT_MAP

    parameters

    !

    global service-policy global_policy

    context of prompt hostname

    call-home

    Profile of CiscoTAC-1

    no active account

    http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

    email address of destination [email protected] / * /

    http https://tools.cisco.com/its/service/...es/DDCEService destination address

    destination-mode http transport

    Subscribe to alert-group diagnosis

    Subscribe to alert-group environment

    Subscribe to alert-group monthly periodic inventory

    monthly periodicals to subscribe to alert-group configuration

    daily periodic subscribe to alert-group telemetry

    Cryptochecksum:6fa8db79bcf695080cbdc1159b409360

    : end

    asawood (config) #.

    You also need to add the following:

    WebVPN

    tunnel-group-list activate

    output

    tunnel-group sslwood webvpn-attributes

    activation of the Group sslwood alias

    Let us know if it works.

  • IP address of the IPSec VPN client did not get distributed via EIGRP

    We use an ASA for VPN remote access. He is running EIGRP redistribute static routes. When a client Anyconnect SSL connects, the SAA creates a static route for this client, and it gets redistributed via EIGRP. When an IPSec VPN client connects, the SAA creates a static route for this customer, but he isn't redisributed via EIGRP and so the client can not achieve anything. Why he would distribute a static created by an IPSec client?

    Thank you

    Have you set up IPP on dynamic Cryptography?

  • Function of automatic update for the IPsec VPN Client

    Hello.

    Do you have anyone ever tried the PIX / ASA ' feature IPsec VPN Client Auto-Update?

    (see also Document ID: 105606).

    He wants to make sure that I understand this right.

    The user will receive a popup of information telling him to download the latest version of the client? And then there start the update itself?

    If so, this would mean that the user must have the rights of full adminsitative using a laptop.

    From my point of view, full administrator rights on a laptop are prohibited - 100% and therefore the functionality would be totally useless.

    Anyone who can tell me whether I am good or bad?

    Best

    Frank

    Frank,

    You are right, if the computer desktop or labtop is completely locked regarding the installation of the software the customer won't be able to install it, they may be able to download from the link that you configured in ASA, once they connect to your server ASA RA but with regard to the installation user's machine needs rights profile appropriate to be able to install it.

    HTH

    -Jorge

  • IPsec VPN Client - aggressive mode

    Hi all

    I just got got off the phone with the customer who underwent a check sweep of security from a third-party vendor. One of the vulnerebilities mentioned in the report is this:

    I know that only the IPsec VPN client using aggressive mode to negotiate Phase I. So my question is how to convince my customer to continue to use the IPsec VPN? Is this what can I do to reduce the risk of the use of this type of access remotely. In addition, am I saw the same problem, if I use SSL based VPN Client?

    Kind regards

    Marty

    Hello

    Ikev1 HUB in aggressive mode sends his PSK hash in the second package as well as its public DH value.

    It is indeed a weakness of slope Protocol.

    To be able to act on this, U will be on the path to capture this stream in order to the brute force of the hash [which is not obvious - but not impossible.

    This issue is seriously attenuated by activating XAUTH [authentication].

    Xauth happens after the DH, so under encryption.

    Assuming that the strong password policy is in use, it is so very very very difficult to find the right combination of username/password.

    Ikev2 is much safer in this respect and this is the right way.

    See you soon,.

    Olivier

  • Need help with the configuration of the Site with crossed on Cisco ASA5510 8.2 IPSec VPN Client (1)

    Need urgent help in the configuration of the Client VPN IPSec Site with crossed on Cisco ASA5510 - 8.2 (1).

    Here is the presentation:

    There are two leased lines for Internet access - a route 1.1.1.1 and 2.2.2.2, the latter being the default Standard, old East for backup.

    I was able to configure the Client VPN IPSec Site

    (1) with access to the outside so that the internal network (172.16.0.0/24) behind the asa

    (2) with Split tunnel with simultaneous assess internal LAN and Internet on the outside.

    But I was not able to make the tradiotional model Hairpinng to work in this scenario.

    I followed every possible suggestions made on this subject in many topics of Discussion but still no luck. Can someone help me here please?

    Here is the race-Conf with Normal Client to Site IPSec VPN configured with no access boarding:

    LIMITATION: Cannot boot into any other image ios for unavoidable reasons, must use 8.2 (1)

    race-conf - Site VPN Customer normal work without internet access/split tunnel

    :

    ASA Version 8.2 (1)

    !

    ciscoasa hostname

    domain cisco.campus.com

    enable the encrypted password xxxxxxxxxxxxxx

    XXXXXXXXXXXXXX encrypted passwd

    names of

    !

    interface GigabitEthernet0/0

    nameif outside internet1

    security-level 0

    IP 1.1.1.1 255.255.255.240

    !

    interface GigabitEthernet0/1

    nameif outside internet2

    security-level 0

    IP address 2.2.2.2 255.255.255.224

    !

    interface GigabitEthernet0/2

    nameif dmz interface

    security-level 0

    IP 10.0.1.1 255.255.255.0

    !

    interface GigabitEthernet0/3

    nameif campus-lan

    security-level 0

    IP 172.16.0.1 255.255.0.0

    !

    interface Management0/0

    nameif CSC-MGMT

    security-level 100

    the IP 10.0.0.4 address 255.255.255.0

    !

    boot system Disk0: / asa821 - k8.bin

    boot system Disk0: / asa843 - k8.bin

    passive FTP mode

    DNS server-group DefaultDNS

    domain cisco.campus.com

    permit same-security-traffic inter-interface

    permit same-security-traffic intra-interface

    object-group network cmps-lan

    the object-group CSC - ip network

    object-group network www-Interior

    object-group network www-outside

    object-group service tcp-80

    object-group service udp-53

    object-group service https

    object-group service pop3

    object-group service smtp

    object-group service tcp80

    object-group service http-s

    object-group service pop3-110

    object-group service smtp25

    object-group service udp53

    object-group service ssh

    object-group service tcp-port

    port udp-object-group service

    object-group service ftp

    object-group service ftp - data

    object-group network csc1-ip

    object-group service all-tcp-udp

    access list INTERNET1-IN extended permit ip host 1.2.2.2 2.2.2.3

    access-list extended SCC-OUT permit ip host 10.0.0.5 everything

    list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq www

    list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any https eq

    list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq ssh

    list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 no matter what eq ftp

    list of access CAMPUS-LAN extended permitted udp 172.16.0.0 255.255.0.0 no matter what eq field

    list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq smtp

    list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq pop3

    access CAMPUS-wide LAN ip allowed list a whole

    access-list CSC - acl note scan web and mail traffic

    access-list CSC - acl extended permit tcp any any eq smtp

    access-list CSC - acl extended permit tcp any any eq pop3

    access-list CSC - acl note scan web and mail traffic

    access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 993

    access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq imap4

    access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 465

    access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq www

    access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq https

    access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq smtp

    access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq pop3

    access-list extended INTERNET2-IN permit ip any host 1.1.1.2

    access-list sheep extended ip 172.16.0.0 allow 255.255.0.0 172.16.0.0 255.255.0.0

    access list DNS-inspect extended permit tcp any any eq field

    access list DNS-inspect extended permit udp any any eq field

    access-list extended capin permit ip host 172.16.1.234 all

    access-list extended capin permit ip host 172.16.1.52 all

    access-list extended capin permit ip any host 172.16.1.52

    Capin list extended access permit ip host 172.16.0.82 172.16.0.61

    Capin list extended access permit ip host 172.16.0.61 172.16.0.82

    access-list extended capout permit ip host 2.2.2.2 everything

    access-list extended capout permit ip any host 2.2.2.2

    Access campus-lan_nat0_outbound extended ip 172.16.0.0 list allow 255.255.0.0 192.168.150.0 255.255.255.0

    pager lines 24

    Enable logging

    debug logging in buffered memory

    asdm of logging of information

    Internet1-outside of MTU 1500

    Internet2-outside of MTU 1500

    interface-dmz MTU 1500

    Campus-lan of MTU 1500

    MTU 1500 CSC-MGMT

    IP local pool 192.168.150.2 - 192.168.150.250 mask 255.255.255.0 vpnpool1

    IP check path reverse interface internet2-outside

    IP check path reverse interface interface-dmz

    IP check path opposite campus-lan interface

    IP check path reverse interface CSC-MGMT

    no failover

    ICMP unreachable rate-limit 1 burst-size 1

    ASDM image disk0: / asdm - 621.bin

    don't allow no asdm history

    ARP timeout 14400

    interface of global (internet1-outside) 1

    interface of global (internet2-outside) 1

    NAT (campus-lan) 0-campus-lan_nat0_outbound access list

    NAT (campus-lan) 1 0.0.0.0 0.0.0.0

    NAT (CSC-MGMT) 1 10.0.0.5 255.255.255.255

    static (CSC-MGMT, internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255

    Access-group INTERNET2-IN interface internet1-outside

    group-access INTERNET1-IN interface internet2-outside

    group-access CAMPUS-LAN in campus-lan interface

    CSC-OUT access-group in SCC-MGMT interface

    Internet2-outside route 0.0.0.0 0.0.0.0 2.2.2.5 1

    Route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2

    Timeout xlate 03:00

    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

    timeout tcp-proxy-reassembly 0:01:00

    dynamic-access-policy-registration DfltAccessPolicy

    the ssh LOCAL console AAA authentication

    AAA authentication enable LOCAL console

    Enable http server

    http 10.0.0.2 255.255.255.255 CSC-MGMT

    http 10.0.0.8 255.255.255.255 CSC-MGMT

    HTTP 1.2.2.2 255.255.255.255 internet2-outside

    HTTP 1.2.2.2 255.255.255.255 internet1-outside

    No snmp server location

    No snmp Server contact

    Server enable SNMP traps snmp authentication linkup, linkdown cold start

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

    Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

    Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

    Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

    Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

    life crypto ipsec security association seconds 28800

    Crypto ipsec kilobytes of life - safety 4608000 association

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs set group5

    Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    Crypto map internet2-outside_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    crypto internet2-outside_map outside internet2 network interface card

    Crypto ca trustpoint _SmartCallHome_ServerCA

    Configure CRL

    Crypto ca certificate chain _SmartCallHome_ServerCA

    certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

    a67a897as a67a897as a67a897as a67a897as a67a897as

    quit smoking

    ISAKMP crypto enable internet2-outside

    crypto ISAKMP policy 10

    preshared authentication

    aes encryption

    md5 hash

    Group 2

    life 86400

    Telnet 10.0.0.2 255.255.255.255 CSC-MGMT

    Telnet 10.0.0.8 255.255.255.255 CSC-MGMT

    Telnet timeout 5

    SSH 1.2.3.3 255.255.255.240 internet1-outside

    SSH 1.2.2.2 255.255.255.255 internet1-outside

    SSH 1.2.2.2 255.255.255.255 internet2-outside

    SSH timeout 5

    Console timeout 0

    a basic threat threat detection

    Statistics-list of access threat detection

    no statistical threat detection tcp-interception

    WebVPN

    internal VPN_TG_1 group policy

    VPN_TG_1 group policy attributes

    Protocol-tunnel-VPN IPSec

    username ssochelpdesk encrypted password privilege 15 xxxxxxxxxxxxxx

    privilege of encrypted password username administrator 15 xxxxxxxxxxxxxx

    username vpnuser1 encrypted password privilege 0 xxxxxxxxxxxxxx

    username vpnuser1 attributes

    VPN-group-policy VPN_TG_1

    type tunnel-group VPN_TG_1 remote access

    attributes global-tunnel-group VPN_TG_1

    address vpnpool1 pool

    Group Policy - by default-VPN_TG_1

    IPSec-attributes tunnel-group VPN_TG_1

    pre-shared-key *.

    !

    class-map cmap-DNS

    matches the access list DNS-inspect

    CCS-class class-map

    corresponds to the CSC - acl access list

    !

    !

    type of policy-card inspect dns preset_dns_map

    parameters

    message-length maximum 512

    Policy-map global_policy

    CCS category

    CSC help

    cmap-DNS class

    inspect the preset_dns_map dns

    !

    global service-policy global_policy

    context of prompt hostname

    Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y

    : end

    Adding dynamic NAT for 192.168.150.0/24 on the external interface works, or works the sysopt connection permit VPN

    Please tell what to do here, to pin all of the traffic Internet from VPN Clients.

    That is, that I need clients connected via VPN tunnel, when connected to the internet, should have their addresses IP NAT'ted against the address of outside internet2 network 2.2.2.2 interface, as it happens for the customers of Campus (172.16.0.0/16)

    I am well aware of all involved in here, so please be elaborative in your answers. Please let me know if you need more information about this configuration to respond to my request.

    Thank you & best regards

    MAXS


    Hello

    If possible, I'd like to see that a TCP connection attempt (e.g. http://www.google.com) in the ASDM logging of the VPN Client when you set up the dynamic NAT for the VPN Pool also.

    I'll try also the command "packet - trace" on the SAA, while the VPN Client is connected to the ASA.

    The command format is

    packet-tracer intput tcp

    That should tell what the SAA for this kind of package entering its "input" interface

    Still can not see something wrong with the configuration (other than the statement of "nat" missing Dynamics PAT)

    -Jouni

  • Cisco ipsec Vpn connects but cannot communicate with lan

    I have a version of cisco 1921 15.2 (4) M3 I install vpn ipsec and may have customers to connect but cannot ping anything inside.  A glimpse of what could be wrong with my config would be greatly appreciated.  I posted the configuration as well as running a few outings of ipsec.  I also tried with multiple operating systems using cisco vpn client and shrewsoft.  I am able to connect to the other VPN ipsec running 1921 both of these computers by using a client.

    Thanks for any assistance

    SH run

    !
    AAA new-model
    !
    !
    AAA authentication login radius_auth local radius group
    connection of AAA VPN_AUTHEN group local RADIUS authentication
    AAA authorization network_vpn_author LAN
    !
    !
    !
    !
    !
    AAA - the id of the joint session
    clock timezone PST - 8 0
    clock to summer time recurring PST
    !
    no ip source route
    decline of the IP options
    IP cef
    !
    !
    !
    !
    !
    !
    no ip bootp Server
    no ip domain search
    domain IP XXX.local
    inspect the high IP 3000 max-incomplete
    inspect the low IP 2800 max-incomplete
    IP inspect a low minute 2800
    IP inspect a high minute 3000
    inspect the IP icmp SDM_LOW name
    inspect the IP name SDM_LOW esmtp
    inspect the tcp IP SDM_LOW name
    inspect the IP udp SDM_LOW name
    IP inspect name SDM_LOW ssh
    No ipv6 cef
    !
    Authenticated MultiLink bundle-name Panel
    !
    !
    Crypto pki trustpoint TP-self-signed-2909270577
    enrollment selfsigned
    name of the object cn = IOS - Self - signed - certificate - 2909270577
    revocation checking no
    rsakeypair TP-self-signed-2909270577
    !
    !
    TP-self-signed-2909270577 crypto pki certificate chain
    certificate self-signed 01
    license udi pid CISCO1921/K9 sn FTX1715818R
    !
    !
    Archives
    The config log
    Enable logging
    size of logging 1000
    notify the contenttype in clear syslog
    the ADMIN_HOSTS object-group network
    71.X.X.X 71.X.X.X range
    !
    name of user name1 secret privilege 15 4 XXXXXXX

    !
    redundancy
    !
    !
    !
    !
    !
    property intellectual ssh time 60
    property intellectual ssh authentication-2 retries
    property intellectual ssh event logging
    property intellectual ssh version 2
    !
    !
    crypto ISAKMP policy 1
    BA 3des
    preshared authentication
    Group 2
    !
    ISAKMP crypto client configuration group roaming_vpn
    key XXXXX
    DNS 192.168.10.10 10.1.1.1
    XXX.local field
    pool VPN_POOL_1
    ACL client_vpn_traffic
    netmask 255.255.255.0
    !
    !
    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
    tunnel mode
    !
    !
    !
    crypto dynamic-map VPN_DYNMAP_1 1
    Set the security association idle time 1800
    game of transformation-ESP-3DES-SHA
    market arriere-route
    !
    !
    list of authentication of card crypto SDM_CMAP_1 client VPN_AUTHEN
    map SDM_CMAP_1 isakmp authorization list network_vpn_author crypto
    client configuration address map SDM_CMAP_1 crypto answer
    map SDM_CMAP_1 65535-isakmp dynamic VPN_DYNMAP_1 ipsec crypto
    !
    !
    !
    !
    !
    the Embedded-Service-Engine0/0 interface
    no ip address
    Shutdown
    !
    interface GigabitEthernet0/0
    IP 76.W.E.R 255.255.255.248
    IP access-group ATT_Outside_In in
    no ip redirection
    no ip unreachable
    no ip proxy-arp
    NAT outside IP
    inspect the SDM_LOW over IP
    IP virtual-reassembly in
    load-interval 30
    automatic duplex
    automatic speed
    No cdp enable
    No mop enabled
    map SDM_CMAP_1 crypto
    !
    interface GigabitEthernet0/1
    no ip address
    load-interval 30
    automatic duplex
    automatic speed
    !
    interface GigabitEthernet0/1.10
    encapsulation dot1Q 1 native
    IP 192.168.10.1 255.255.255.0
    no ip redirection
    no ip unreachable
    no ip proxy-arp
    property intellectual accounting-access violations
    IP nat inside
    IP virtual-reassembly in
    !
    interface GigabitEthernet0/1.100
    encapsulation dot1Q 100
    10.1.1.254 IP address 255.255.255.0
    no ip redirection
    no ip unreachable
    no ip proxy-arp
    IP nat inside
    IP virtual-reassembly in
    !
    interface GigabitEthernet0/1,200
    encapsulation dot1Q 200
    IP 10.1.2.254 255.255.255.0
    no ip redirection
    no ip unreachable
    no ip proxy-arp
    IP nat inside
    IP virtual-reassembly in
    IP tcp adjust-mss 1452
    !
    local IP VPN_POOL_1 192.168.168.193 pool 192.168.168.254
    IP forward-Protocol ND
    !
    IP http server
    IP http authentication aaa-authentication of connection ADMIN_AUTHEN
    IP http secure server
    IP http timeout policy slowed down 60 life 86400 request 10000
    !
    IP nat inside source map route ATT_NAT_LIST interface GigabitEthernet0/0 overload
    IP nat inside source static tcp 192.168.10.10 25 expandable 25 76.W.E.R
    IP nat inside source static tcp 192.168.10.10 80 76.W.E.R 80 extensible
    IP nat inside source static tcp 192.168.10.10 76.W.E.R expandable 443 443
    IP nat inside source static tcp 192.168.10.10 76.W.E.R expandable 987 987
    IP route 0.0.0.0 0.0.0.0 76.W.E.F
    !
    ATT_Outside_In extended IP access list
    permit tcp object-group ADMIN_HOSTS any eq 22
    allow any host 76.W.E.R eq www tcp
    allow any host 76.W.E.R eq 443 tcp
    allow 987 tcp any host 76.W.E.R eq
    allow any host 76.W.E.R eq tcp smtp
    permit any any icmp echo response
    allow icmp a whole
    allow udp any any eq isakmp
    allow an esp
    allow a whole ahp
    permit any any eq non500-isakmp udp
    deny ip 10.0.0.0 0.255.255.255 everything
    deny ip 172.16.0.0 0.15.255.255 all
    deny ip 192.168.0.0 0.0.255.255 everything
    deny ip 127.0.0.0 0.255.255.255 everything
    refuse the ip 255.255.255.255 host everything
    refuse the host ip 0.0.0.0 everything
    NAT_LIST extended IP access list
    IP 10.1.0.0 allow 0.0.255.255 everything
    permit ip 192.168.10.0 0.0.0.255 any
    deny ip 192.168.10.0 0.0.0.255 192.168.168.192 0.0.0.63
    refuse the 10.1.1.0 ip 0.0.0.255 192.168.168.192 0.0.0.63
    deny ip 10.1.2.0 0.0.0.255 192.168.168.192 0.0.0.63
    client_vpn_traffic extended IP access list
    permit ip 192.168.10.0 0.0.0.255 192.168.168.192 0.0.0.63
    ip licensing 10.1.1.0 0.0.0.255 192.168.168.192 0.0.0.63
    IP 10.1.2.0 allow 0.0.0.255 10.1.1.0 0.0.0.255
    !
    radius of the IP source-interface GigabitEthernet0/1.10
    Logging trap errors
    logging source hostname id
    logging source-interface GigabitEthernet0/1.10
    !
    ATT_NAT_LIST allowed 20 route map
    corresponds to the IP NAT_LIST
    is the interface GigabitEthernet0/0
    !
    !
    SNMP-server community [email protected] / * /! s RO
    Server enable SNMP traps snmp authentication linkdown, linkup warmstart cold start
    Server enable SNMP traps vrrp
    Server SNMP enable transceiver traps all the
    Server enable SNMP traps ds1
    Enable SNMP-Server intercepts the message-send-call failed remote server failure
    Enable SNMP-Server intercepts ATS
    Server enable SNMP traps eigrp
    Server enable SNMP traps ospf-change of State
    Enable SNMP-Server intercepts ospf errors
    SNMP Server enable ospf retransmit traps
    Server enable SNMP traps ospf lsa
    Server enable SNMP traps ospf nssa-trans-changes state cisco-change specific
    SNMP server activate interface specific cisco-ospf traps shamlink state change
    SNMP Server enable neighbor traps cisco-specific ospf to the State shamlink change
    Enable SNMP-Server intercepts specific to cisco ospf errors
    SNMP server activate specific cisco ospf retransmit traps
    Server enable SNMP traps ospf cisco specific lsa
    SNMP server activate license traps
    Server enable SNMP traps envmon
    traps to enable SNMP-Server ethernet cfm cc mep-top low-mep Dispatcher loop config
    Enable SNMP-Server intercepts ethernet cfm overlap missing mep mep-unknown service-up
    Server enable SNMP traps auth framework sec-violation
    Server enable SNMP traps c3g
    entity-sensor threshold traps SNMP-server enable
    Server enable SNMP traps adslline
    Server enable SNMP traps vdsl2line
    Server enable SNMP traps icsudsu
    Server enable SNMP traps ISDN call-information
    Server enable SNMP traps ISDN layer2
    Server enable SNMP traps ISDN chan-not-available
    Server enable SNMP traps ISDN ietf
    Server enable SNMP traps ds0-busyout
    Server enable SNMP traps ds1-loopback
    SNMP-Server enable traps energywise
    Server enable SNMP traps vstack
    SNMP traps enable mac-notification server
    Server enable SNMP traps bgp cbgp2
    Enable SNMP-Server intercepts isis
    Server enable SNMP traps ospfv3-change of State
    Enable SNMP-Server intercepts ospfv3 errors
    Server enable SNMP traps aaa_server
    Server enable SNMP traps atm subif
    Server enable SNMP traps cef resources-failure-change of State peer peer-fib-state-change inconsistency
    Server enable SNMP traps memory bufferpeak
    Server enable SNMP traps cnpd
    Server enable SNMP traps config-copy
    config SNMP-server enable traps
    Server enable SNMP traps config-ctid
    entity of traps activate SNMP Server
    Server enable SNMP traps fru-ctrl
    SNMP traps-policy resources enable server
    Server SNMP enable traps-Manager of event
    Server enable SNMP traps frames multi-links bundle-incompatibility
    SNMP traps-frame relay enable server
    Server enable SNMP traps subif frame relay
    Server enable SNMP traps hsrp
    Server enable SNMP traps ipmulticast
    Server enable SNMP traps msdp
    Server enable SNMP traps mvpn
    Server enable SNMP traps PNDH nhs
    Server enable SNMP traps PNDH nhc
    Server enable SNMP traps PNDH PSN
    Server enable SNMP traps PNDH exceeded quota
    Server enable SNMP traps pim neighbor-rp-mapping-change invalid-pim-message of change
    Server enable SNMP traps pppoe
    Enable SNMP-server holds the CPU threshold
    SNMP Server enable rsvp traps
    Server enable SNMP traps syslog
    Server enable SNMP traps l2tun session
    Server enable SNMP traps l2tun pseudowire status
    Server enable SNMP traps vtp
    Enable SNMP-Server intercepts waas
    Server enable SNMP traps ipsla
    Server enable SNMP traps bfd
    Server enable SNMP traps gdoi gm-early-registration
    Server enable SNMP traps gdoi full-save-gm
    Server enable SNMP traps gdoi gm-re-register
    Server enable SNMP traps gdoi gm - generate a new key-rcvd
    Server enable SNMP traps gdoi gm - generate a new key-fail
    Server enable SNMP traps gdoi ks - generate a new key-pushed
    Enable SNMP traps gdoi gm-incomplete-cfg Server
    Enable SNMP-Server intercepts gdoi ks-No.-rsa-keys
    Server enable SNMP traps gdoi ks-new-registration
    Server enable SNMP traps gdoi ks-reg-complete
    Enable SNMP-Server Firewall state of traps
    SNMP-Server enable traps ike policy add
    Enable SNMP-Server intercepts removal of ike policy
    Enable SNMP-Server intercepts start ike tunnel
    Enable SNMP-Server intercepts stop ike tunnel
    SNMP server activate ipsec cryptomap add traps
    SNMP server activate ipsec cryptomap remove traps
    SNMP server activate ipsec cryptomap attach traps
    SNMP server activate ipsec cryptomap detach traps
    Server SNMP traps enable ipsec tunnel beginning
    SNMP-Server enable traps stop ipsec tunnel
    Enable SNMP-server holds too many associations of ipsec security
    Enable SNMP-Server intercepts alarm ethernet cfm
    Enable SNMP-Server intercepts rf
    Server enable SNMP traps vrfmib vrf - up low-vrf vnet-trunk-up low-trunk-vnet
    Server RADIUS dead-criteria life 2
    RADIUS-server host 192.168.10.10
    Server RADIUS 2 timeout
    Server RADIUS XXXXXXX key
    !
    !
    !
    control plan
    !
    !

    Line con 0
    privilege level 15
    connection of authentication radius_auth
    line to 0
    line 2
    no activation-character
    No exec
    preferred no transport
    transport of entry all
    transport output pad rlogin lapb - your MOP v120 udptn ssh telnet
    StopBits 1
    line vty 0 4
    privilege level 15
    connection of authentication radius_auth
    entry ssh transport
    line vty 5 15
    privilege level 15
    connection of authentication radius_auth
    entry ssh transport
    !
    Scheduler allocate 20000 1000
    NTP-Calendar Update
    Server NTP 192.168.10.10
    NTP 64.250.229.100 Server
    !
    end

    Router ipsec crypto #sh her

    Interface: GigabitEthernet0/0
    Tag crypto map: SDM_CMAP_1, local addr 76.W.E.R

    protégé of the vrf: (none)
    local ident (addr, mask, prot, port): (0.0.0.0/0.0.0.0/0/0)
    Remote ident (addr, mask, prot, port): (192.168.168.213/255.255.255.255/0/0)
    current_peer 75.X.X.X port 2642
    LICENCE, flags is {}
    #pkts program: 1953, #pkts encrypt: 1953, #pkts digest: 1953
    #pkts decaps: 1963, #pkts decrypt: 1963, #pkts check: 1963
    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 0, #pkts compr. has failed: 0
    #pkts not unpacked: 0, #pkts decompress failed: 0
    Errors #send 0, #recv 0 errors

    local crypto endpt. : 76.W.E.R, remote Start crypto. : 75.X.X.X
    Path mtu 1500, mtu 1500 ip, ip mtu IDB GigabitEthernet0/0
    current outbound SPI: 0x5D423270 (1564619376)
    PFS (Y/N): N, Diffie-Hellman group: no

    SAS of the esp on arrival:
    SPI: 0x2A5177DD (709982173)
    transform: esp-3des esp-sha-hmac.
    running parameters = {Tunnel UDP-program}
    Conn ID: 2115, flow_id: VPN:115 on board, sibling_flags 80000040, crypto card: SDM_CMAP_1
    calendar of his: service life remaining (k/s) key: (4301748/2809)
    Size IV: 8 bytes
    support for replay detection: Y
    Status: ACTIVE (ACTIVE)

    the arrival ah sas:

    SAS of the CFP on arrival:

    outgoing esp sas:
    SPI: 0x5D423270 (1564619376)
    transform: esp-3des esp-sha-hmac.
    running parameters = {Tunnel UDP-program}
    Conn ID: 2116, flow_id: VPN:116 on board, sibling_flags 80000040, crypto card: SDM_CMAP_1
    calendar of his: service life remaining (k/s) key: (4301637/2809)
    Size IV: 8 bytes
    support for replay detection: Y
    Status: ACTIVE (ACTIVE)

    outgoing ah sas:

    outgoing CFP sas:

    Routing crypto isakmp #sh its
    IPv4 Crypto ISAKMP Security Association
    DST CBC conn-State id
    76.W.E.R 75.X.X.X QM_IDLE 1055 ACTIVE

    IPv6 Crypto ISAKMP Security Association

    In your acl, nat, you will need to refuse your VPN traffic before you allow the subnet at all. Just put all the declarations of refusal before the declarations of licence.

    Sent by Cisco Support technique iPhone App

  • Configure Cisco ASA VPN client

    I did some research and the answers it was supposed to be possible, but no info on how to do it.  I wonder if it is possible to configure a Cisco ASA 5505/10/20 to be a customer to an existing (in this case) cisco vpn client.  The reasons why are complicated (and irrelevant IMO), but basically, I need to be able to make a small network that may be on this vpn rather than on individual computers.

    The vpn client is a Basic IPSec over UDP Cisco VPN to an ASA5505.

    So, how to set up an another ASA to connect to it as if it were a client?

    Hello

    Here is a document from Cisco on the configuration, the easy ASA of VPN server and Client

    Although in this case, they use a PIX firewall as a client.

    http://www.Cisco.com/en/us/products/ps6120/products_configuration_example09186a00805c5ad9.shtml

    Here's another site with instructions related to this installation program

    http://www.petenetlive.com/kb/article/0000337.htm

    I imagine that the site of Cisco ASA Configuration Guide documents will also give instructions how to configure it.

    -Jouni

Maybe you are looking for

  • Cannot access the Web http sites

    Since yesterday, I have not been able to access any site that begins with http://, only Web sites that begin with https://. I do not download anything anything beforehand, it was working fine in the morning, but I came home in the afternoon and it di

  • MacBook does not load?

    Hello and happy holidays. If someone consults this forum and could give me a help that would be amazing. Student, trying to connect in his online class. But my macbook 2010 runs the last apple program (do not know if you need that) does not charge. N

  • No sound... Droid Maxx

    The sound of my Droid Maxx is. No sound ringtone that no notification no sound no media noise. the music and video. This problem is my phone virtually useless. I need help to solve this problem. I tried what I can but not yet resolved. I used factory

  • need to do my windows vista run faster and not hang up

    running slow and crashes far I must kill all task

  • Palm Pre completely gone Dead a day later.