No traffic through the VPN tunnel but at the same time

Hey everybody,

Good enough at the end of my VPN configuration but I have a question. The VPN connection is established and the remote computer can set up a VPN with my router (phases 1 and 2 are ok) but I can't ping all devices on both sides. I think it might be something about the acl. I created an acl that I linked with my group of vpn, what should I do something with the card?

Here is the configuration of the router

AAA new-model

!

!

local AuthentVPN AAA authentication login

local AuthorizVPN AAA authorization network

!

AAA - the id of the joint session

clock timezone GMT 1 0

clock summer-time recurring GMT

!

IP cef

!

DHCP excluded-address IP 192.168.0.1 192.168.0.99

!

Authenticated MultiLink bundle-name Panel

!

VPDN enable

!

VPDN-group MyGroup

!

!

model virtual Network1

!

username admin privilege 15 secret 4 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

!

redundancy

!

crypto ISAKMP policy 1

BA aes 256

preshared authentication

Group 2

life 3600

!

ISAKMP crypto client configuration group myVPN

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx key

DNS 192.168.0.254

pool IPPoolVPN

ACL 100

!

!

Crypto ipsec transform-set esp - aes esp-sha-hmac T1

tunnel mode

!

!

!

crypto dynamic-map 10 DynMap

game of transformation-T1

market arriere-route

!

!

list of authentication of crypto client myMap AuthentVPN map

card crypto myMap AuthorizVPN isakmp authorization list

client configuration address map myMap crypto answer

card crypto myMap 100-isakmp dynamic ipsec DynMap

!

the Embedded-Service-Engine0/0 interface

no ip address

Shutdown

!

interface GigabitEthernet0/0

no ip address

automatic duplex

automatic speed

PPPoE enable global group

PPPoE-client dial-pool-number 1

No mop enabled

!

interface GigabitEthernet0/1

LAN description

no ip address

automatic duplex

automatic speed

No mop enabled

!

interface GigabitEthernet0/1.1

LAN description

encapsulation dot1Q 1 native

IP 192.168.0.254 255.255.255.0

IP nat inside

IP virtual-reassembly in

IP tcp adjust-mss 1452

!

interface Dialer1

MTU 1492

the negotiated IP address

IP access-group RESTRICT_ENTRY_INTERNET in

NAT outside IP

IP virtual-reassembly in

encapsulation ppp

Dialer pool 1

Dialer-Group 1

PPP authentication pap callin

PPP chap hostname xxxx

PPP chap password 0 xxxx

PPP pap sent-name of user password xxxxx xxxx 0

crypto myMap map

!

IP pool local IPPoolVPN 192.168.10.0 192.168.10.100

IP forward-Protocol ND

!

IP http server

23 class IP http access

local IP http authentication

IP http secure server

IP http timeout policy slowed down 60 life 86400 request 10000

!

The dns server IP

IP dns primary GVA. SOA INTRA NS. GUAM INTRA [email protected] / * / 21600 900 7776000 86400

IP nat inside source list 10 interface Dialer1 overload

overload of IP nat inside source list 11 interface Dialer1

overload of IP nat inside source list 20 interface Dialer1

overload of IP nat inside source list 30 interface Dialer1

overload of IP nat inside source list 110 interface Dialer1

IP route 0.0.0.0 0.0.0.0 Dialer1

Route IP 192.168.0.0 255.255.255.0 GigabitEthernet0/1.1

IP route 192.168.1.0 255.255.255.0 GigabitEthernet0/1.2

!

RESTRICT_ENTRY_INTERNET extended IP access list

TCP refuse any any eq telnet

TCP refuse any any eq 22

TCP refuse any any eq www

TCP refuse any any eq 443

TCP refuse any any eq field

allow udp any any eq 50

allow an ip

!

Dialer-list 1 ip protocol allow

!

!

SNMP - server RO G community

public RO SNMP-server community

entity-sensor threshold traps SNMP-server enable

access-list 10 permit 192.168.0.0 0.0.0.255

access-list 11 permit 192.168.1.0 0.0.0.255

access-list 20 allow 192.168.2.0 0.0.0.255

access-list 30 allow 192.168.3.0 0.0.0.255

access-list 100 permit ip 0.0.0.0 0.0.0.255 192.168.0.0 0.0.0.255

access-list 110 deny ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255

access ip-list 110 permit a whole

I don't know if it useful, but here is the view the crypto ipsec command his:

Interface: Dialer1

Tag crypto map: myMap, local addr 213.3.1.13

protégé of the vrf: (none)

local ident (addr, mask, prot, port): (0.0.0.0/0.0.0.0/0/0)

Remote ident (addr, mask, prot, port): (192.168.10.12/255.255.255.255/0/0)

current_peer 109.164.161.35 port 49170

LICENCE, flags is {}

#pkts program: 5, #pkts encrypt: 5, #pkts digest: 5

#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0

compressed #pkts: 0, unzipped #pkts: 0

#pkts uncompressed: 0, #pkts compr. has failed: 0

#pkts not unpacked: 0, #pkts decompress failed: 0

Errors #send 0, #recv 0 errors

local crypto endpt. : 213.3.1.13, remote Start crypto. : 109.164.161.35

Path mtu 1492 mtu 1492 ip, ip mtu BID Dialer1

current outbound SPI: 0x54631F8B (1415782283)

PFS (Y/N): N, Diffie-Hellman group: no

SAS of the esp on arrival:

SPI: 0x8C432353 (2353210195)

transform: aes - esp esp-sha-hmac.

running parameters = {Tunnel UDP-program}

Conn ID: 2033, flow_id: VPN:33 on board, sibling_flags 80000040, crypto card: myMap

calendar of his: service life remaining (k/s) key: (4212355/1423)

Size IV: 16 bytes

support for replay detection: Y

Status: ACTIVE (ACTIVE)

the arrival ah sas:

SAS of the CFP on arrival:

outgoing esp sas:

SPI: 0x54631F8B (1415782283)

transform: aes - esp esp-sha-hmac.

running parameters = {Tunnel UDP-program}

Conn ID: 2034, flow_id: VPN:34 on board, sibling_flags 80000040, crypto card: myMap

calendar of his: service life remaining (k/s) key: (4212354/1423)

Size IV: 16 bytes

support for replay detection: Y

Status: ACTIVE (ACTIVE)

outgoing ah sas:

outgoing CFP sas:

And on the side of the customer, when I go to the status of--> statistics, all packages have been circumvented, nobody is encrypted

Thanks for your help!

Sylvain,

Let me explain again:

IP nat inside source list 10 interface Dialer1 overload

overload of IP nat inside source list 110 interface Dialer1

Here you are from two ACL, but they are the same with the difference, that NAT 10 110 also but WITHOUT user VPN and everything inside. Problem is that 10 matches first, if the connection will not work. You can disable entry NAT with 10 110 because that will also:

no nat ip inside the source list 10 interface Dialer1 overload

That should be enough.

Michael

Please note all useful posts

Tags: Cisco Security

Similar Questions

  • Impossible to pass traffic through the VPN tunnel

    I have an ASA 5505 9.1 running.   I have the VPN tunnel connection, but I am not able to pass traffic. through the tunnel. Ping through the internet works fine.

    Here is my config

    LN-BLF-ASA5505 > en
    Password: *.
    ASA5505-BLF-LN # sho run
    : Saved
    :
    : Serial number: JMX1216Z0SM
    : Material: ASA5505, 256 MB RAM, 500 MHz Geode Processor
    :
    ASA 5,0000 Version 21
    !
    LN-BLF-ASA5505 hostname
    domain lopeznegrete.com
    activate the password
    volatile xlate deny tcp any4 any4
    volatile xlate deny tcp any4 any6
    volatile xlate deny tcp any6 any4
    volatile xlate deny tcp any6 any6
    volatile xlate deny udp any4 any4 eq field
    volatile xlate deny udp any4 any6 eq field
    volatile xlate deny udp any6 any4 eq field
    volatile xlate deny udp any6 any6 eq field
    passwd
    names of
    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    interface Vlan1
    nameif inside
    security-level 100
    IP 192.168.116.254 255.255.255.0
    OSPF cost 10
    !
    interface Vlan2
    nameif outside
    security-level 0
    IP 50.201.218.69 255.255.255.224
    OSPF cost 10
    !
    boot system Disk0: / asa915-21 - k8.bin
    passive FTP mode
    DNS server-group DefaultDNS
    domain lopeznegrete.com
    network obj_any object
    subnet 0.0.0.0 0.0.0.0
    the LNC_Local_TX_Nets object-group network
    Description of internal networks Negrete Lopez (Texas)
    object-network 192.168.1.0 255.255.255.0
    object-network 192.168.2.0 255.255.255.0
    object-network 192.168.3.0 255.255.255.0
    object-network 192.168.4.0 255.255.255.0
    object-network 192.168.5.0 255.255.255.0
    object-network 192.168.51.0 255.255.255.0
    object-network 192.168.55.0 255.255.255.0
    object-network 192.168.52.0 255.255.255.0
    object-network 192.168.20.0 255.255.255.0
    object-network 192.168.56.0 255.255.255.0
    object-network 192.168.59.0 255.255.255.0
    object-network 10.111.14.0 255.255.255.0
    object-network 10.111.19.0 255.255.255.0
    the LNC_Blueleaf_Nets object-group network
    object-network 192.168.116.0 255.255.255.0
    access outside the permitted scope icmp any4 any4 list
    extended outdoor access allowed icmp a whole list
    outside_1_cryptomap list extended access permitted ip object-group LNC_Blueleaf_Nets-group of objects LNC_Local_TX_Nets
    inside_nat0_outbound list extended access permitted ip object-group LNC_Blueleaf_Nets-group of objects LNC_Local_TX_Nets
    LNC_BLF_HOU_VPN list extended access permitted ip object-group LNC_Blueleaf_Nets-group of objects LNC_Local_TX_Nets
    pager lines 24
    Enable logging
    asdm of logging of information
    Within 1500 MTU
    Outside 1500 MTU
    no failover
    ICMP unreachable rate-limit 1 burst-size 1
    ASDM image disk0: / asdm - 741.bin
    don't allow no asdm history
    ARP timeout 14400
    no permit-nonconnected arp
    !
    network obj_any object
    NAT dynamic interface (indoor, outdoor)
    outside access-group in external interface
    !
    router ospf 1
    255.255.255.255 network 192.168.116.254 area 0
    Journal-adj-changes
    default-information originate always
    !
    Route outside 0.0.0.0 0.0.0.0 50.201.218.94 1
    Timeout xlate 03:00
    Pat-xlate timeout 0:00:30
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    Floating conn timeout 0:00:00
    dynamic-access-policy-registration DfltAccessPolicy
    identity of the user by default-domain LOCAL
    the ssh LOCAL console AAA authentication
    AAA authentication enable LOCAL console
    Enable http server
    http 192.168.2.0 255.255.255.0 inside
    No snmp server location
    No snmp Server contact
    Server enable SNMP traps snmp authentication linkup, linkdown cold start
    Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
    Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
    Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
    Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
    Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
    Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
    Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
    Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
    Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
    Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
    Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
    Crypto ipsec pmtu aging infinite - the security association
    card crypto outside_map 1 match address outside_1_cryptomap
    peer set card crypto outside_map 1 50.201.218.93
    card crypto outside_map 1 set transform-set ESP-3DES-SHA ikev1
    outside_map interface card crypto outside
    Crypto ca trustpoint _SmartCallHome_ServerCA
    no use of validation
    Configure CRL
    trustpool crypto ca policy
    Crypto ca certificate chain _SmartCallHome_ServerCA
    certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
    308204 4 a0030201 d 308205ec 0202106e cc7aa5a7 032009b 8 cebcf4e9 52d 49130
    010105 05003081 09060355 04061302 55533117 ca310b30 0d 864886f7 0d06092a
    30150603 55040 has 13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
    13165665 72695369 676e2054 72757374 204e6574 776f726b 313 has 3038 06035504
    0b 133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
    20617574 7a 656420 75736520 6f6e6c79 31453043 06035504 03133c 56 686f7269
    65726953 69676e20 436c 6173 73203320 5075626c 69632050 72696 72792043 61 d
    65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
    30303230 38303030 3030305a 170d 3230 30323037 32333539 35395a 30 81b5310b
    30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
    496e632e 311f301d 06035504 0b 131656 65726953 69676e20 54727573 74204e65
    74776f72 6b313b30 5465726d 20757365 20617420 73206f66 39060355 040b 1332
    68747470 7777772e 733a2f2f 76657269 7369676e 2e636f6d 2f727061 20286329
    302d 0603 55040313 26566572 69536967 61737320 33205365 6e20436c 3130312f
    63757265 20536572 76657220 20473330 82012230 0d06092a 864886f7 4341202d
    010101 05000382 010f0030 82010 0d has 02 b187841f 82010100 c20c45f5 bcab2597
    a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
    9c688b2e 957b899b 13cae234 34c1f35b f3497b62 d188786c 83488174 0253f9bc
    7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
    15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
    1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8 63cd
    18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
    4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
    81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 01 has 38201 02030100 df308201
    082b 0601 05050701 01042830 26302406 082 b 0601 db303406 05050730 01861868
    7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1 d 130101
    ff040830 02010030 70060355 b 200469 30673065 060, 6086 480186f8 1 d 060101ff
    45010717 03305630 2806082b 06010505 07020116 1 c 687474 70733a2f 2f777777
    2e766572 69736967 6e2e636f 6d2f6370 73302 has 06 082 b 0601 05050702 02301e1a
    1 c 687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
    03551d1f 042d302b 3029 has 027 a0258623 68747470 3a2f2f63 726c2e76 65726973
    69676e2e 636f6d2f 2d67352e 70636133 63726c 30 0e060355 1d0f0101 ff040403
    02010630 6d06082b 06010505 07010c 59305730 55160969 5da05b30 04 61305fa1
    6 d 616765 2f676966 3021301f 2b0e0302 30070605 1a04148f e5d31a86 ac8d8e6b
    c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
    69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
    1 b 311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301D 0603
    445 1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355 c 1604140d 551d0e04
    1 230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300 d 0609 d
    2a 864886 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80 f70d0101
    4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
    b2227055 d9203340 3307c 265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
    99 c 71928 8705 404167d 1 273aeddc 866d 24f78526 a2bed877 7d494aca 6decd018
    481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
    b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
    5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
    6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
    6c2527b9 deb78458 c61f381e a4c4cb66
    quit smoking
    crypto isakmp identity address
    Crypto isakmp nat-traversal 1500
    Crypto ikev1 allow outside
    IKEv1 crypto policy 10
    preshared authentication
    aes-256 encryption
    sha hash
    Group 5
    life 86400
    IKEv1 crypto policy 65535
    preshared authentication
    3des encryption
    sha hash
    Group 2
    life 86400
    Telnet timeout 5
    SSH stricthostkeycheck
    SSH 0.0.0.0 0.0.0.0 inside
    SSH 0.0.0.0 0.0.0.0 outdoors
    SSH timeout 5
    SSH version 2
    SSH group dh-Group1-sha1 key exchange
    Console timeout 0
    management-access inside

    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    attributes of Group Policy DfltGrpPolicy
    Ikev1 VPN-tunnel-Protocol l2tp ipsec without ssl-client
    username
    username
    tunnel-group 50.201.218.93 type ipsec-l2l
    IPSec-attributes tunnel-group 50.201.218.93
    IKEv1 pre-shared-key *.
    NOCHECK Peer-id-validate
    !
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    maximum message length automatic of customer
    message-length maximum 512
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    inspect the netbios
    inspect the rsh
    inspect the rtsp
    inspect the skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect the tftp
    inspect the sip
    inspect xdmcp
    Review the ip options
    !
    global service-policy global_policy
    context of prompt hostname
    call-home service
    anonymous reporting remote call
    call-home
    contact-email-addr [email protected] / * /
    Profile of CiscoTAC-1
    http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
    email address of destination [email protected] / * /
    destination-mode http transport
    Subscribe to alert-group diagnosis
    Subscribe to alert-group environment
    Subscribe to alert-group monthly periodic inventory
    monthly periodicals to subscribe to alert-group configuration
    daily periodic subscribe to alert-group telemetry
    Cryptochecksum:e519f212867755f697101394f40d9ed7
    : end
    LN-BLF-ASA5505 #.

    Assuming that you have an active IPSEC security association (i.e. "show crypto ipsec his" shows the tunnel is up), please perform a packet trace to see why it's a failure:

     packet-tracer input inside tcp 192.168.116.1 1025 192.168.1.1 80 detail

    (simulating a hypothetical customer of blue LNC tries to navigate to a hypothetical LNC TX Local site server)

  • Send all traffic through the vpn tunnel

    Does anyone know how to send all traffic through the tunnel vpn on both sides?  I have a server EZVpn on one side and one EZVpn client on the other.  I'm not natting on each side.  I use the value default 'tunnelall' for the attributes of group policy.  On the client side all traffic, even if not intended for the subnet of the side server, seems to pass through the tunnel.  But if I ping the side server, the same rules don't seem to apply.  Traffic destined for rates aside customer through the tunnel, but the traffic that is not pumped on the external interface in the clear.  That's not cool.

    Hello

    Clinet traffic to server through tunnel, that's right, right?

    Traffic from server to client through tunnel, but the rest of the traffic is not, no?

    This works as expected because in ezvpn, politics of "tunnel all ' is for traffic is coming from the client., do not leave the server.

    Side server, customer traffic will pass through tunnel, the rest used.

    Sian

  • An ASA inspect traffic through a VPN?

    The ASA did inspect the traffic through a VPN using the default inspect the rules?

    Hi Justin,

    The SAA can inspect traffic encryption before or after decryption. The ASA cannot inspect encrypted traffic.

    This means that if the VPN tunnel ends on the ASA, ASA can inspect traffic sent through the prior encryption tunnel and could inspect the traffic post decryption when received.

    If the tunnel is not over on the SAA but pass instead through the ASA, ASA cannot inspect traffic encapsulated inside.

    It will be useful.

    Federico.

  • High utilization of the processor in Mode VSS when traffic through the internet.

    Hi all

    I have a problem with the installation of VSS. The VSS service install act as a central office switch of transit for internet traffic and the problem arises when there are about 600 Mbps of traffic through the switch. We notice that there are a lot of packages being softswitch and the rate is quite high, almost like 100 to 200 k per second.

    The VSS switch manages ospf and BGP and have plenty of internet routing. After investigation of high CPU usage, I noticed that the AAGR switch is full and has tried to set the course of max mls to the maximum cef and restarted the VSS service.

    Unfortunately, the problem persists after restarting.

    We had planned to filter the full internet routes and enable by default and ospf route only in the VSS service and restart the VSS service to make sure that the table AAGR is not overloaded.

    If I fail the next step is to return to autonomous mode and hope that the processor will not pull up.

    My Question: These step will prevent the issue? Suggestions or the reference similar to the problem I am facing in?

    Hello Sophie,.

    unless you have a PFC 3CXL and all the DFCs the AAGR 3CXL can manage only 256 000 IP prefixes and nowdays that complete a table is in order or 310-320 000 routes.

    See

    http://www.Cisco.com/en/us/prod/collateral/switches/ps5718/ps9336/product_data_sheet0900aecd806ed759_ps708_Products_Data_Sheet.html

    http://www.Cisco.com/en/us/prod/collateral/switches/ps5718/ps708/product_data_sheet09186a0080159856.html

    See table 1 in the second link it tells what I wrote in the first line.

    > We planned to filter the full internet routes and enable by default and ospf route only in the VSS service and restart the VSS service to make sure that the table AAGR is not overloaded.

    You should not need the device after accepting only the default route in OSPF or BGP AAGR use will be greatly reduced this is just wait a few minutes (unless there is an underlying SW bug) for the MSFC to update CFP and then all DFCs

    Hope to help

    Giuseppe

  • More often than in other music Apple will not be broadcast on my iMac, but at the same time, it will be on my iPad

    I am continually frustrated with Apple's music streaming on my iMac.  Looks like a song loads, but never gets started playing.  I always thought the problem was my internet connection, but lately I discovered that, although my iMac does not load a song, if at the same time, I use my iPad on my wifi it loads and plays immediately.  What is the problem with the music does not not on my iMac?

    Hello Lucyskye,

    Thank you for asking your question here in Apple Support communities. I understand you want to be able to play your music. I can't do anything without my music all day. Let me give you what I can to help you solve this and get your music to play on the iMac.

    I don't want to bring music to Apple implemented correctly first. Apple's music composition only allows you to stream music from Apple on one device at a time, unless you have a family membership. Even if you have a family membership, you can still only broadcast on one device at a time by Apple ID. For this reason, I suggest isolate us the devices first and this test with the iMac.

    1. exit the Apple music on the iPad. Please leave the app. You can do this by double tapping the home screen and drag the application to the top music. This article has the instructions and example pictures. Force a nearby application on your iPhone, iPad or iPod touch

    2. restart the iMac.

    3. If the problem persists, start the iMac in Mode safe mode and see if the load and play songs. (Although the speakers will be disabled, just visually see if she manages to go anywhere where it usually hangs up on. This article talks about fashion without failure: try safe mode if your Mac does not start-up

    4. you want to then also to test in a Test user. This article helps with that. How to test a question in another account on your Mac user

    If the problems remain and music will not play on the iMac in Mode without failure or user Test, then we want to stop the iMac. Back to the iPad, then click Settings > cellular and disable cellular data for a while. Make sure your iPad is only able to use a Wi - Fi connection and not able to access cellular data if the songs will not play on your Wi - Fi network. Then, open the app music again and try to play a song.

    If the music will not play one cell time is off, the cause is some parameters with your wireless network. You can check this information for the most common causes of problems with home networks. First of all, make sure that you use a wireless network open as your home network. If you connect to a Wi-Fi as a school, work, or other business, the airport, a military base or a hotspot of a network type, it probably won't work because these types of high security and high traffic and high security networks. They do not have the necessary data back causing problems exactly like the one you are currently experiencing.

    Do you use any third-party firewall (even on the router!), protection against viruses or proxies (which hide your identity on the internet)? Some security applications also do, but are called only for security or VPN. These few apps with names like Astrall or Webroot Secure Anywhere Antivirus, antimalware apps. There are literally hundreds of these applications that block the incoming ports that will not allow the function runs.

    If you want to check that the port is open on your iMac and the network, you can use this article: port TCP test between computers and peripheral connectivity. Apple music uses port 80, and iTunes music sharing is port 3689. You can find a list of all the ports used by Apple here: TCP and UDP ports used by Apple software.

    You can also find these two useful articles if you find that the problem is with your network.

    Recommended settings for the WiFi routers and access points

    Solve the problems between iTunes and third-party security software

    Don't forget to turn your cellular data within settings > cellular on the iPad once you're done test. Just in case music plays in Safe Mode or the Test user, you work through this article to resolve the issue. Mac OS x: how to solve a problem of software.

    Thanks again and have a great rest of your day!

  • (urgent please) two web modules, but one run at the same time

    Hi gentlemen;

    JDev 11g, I have a project with two viewControler fusion Adf and one model (service bc4j);

    When I deploy the application by using the menu above drop down of jDev Ide (list drop-down application), only two applications running simultaneously.

    Glance, the works of two applications, but they do not work at the same time.

    as a stack trace:

    zip:C:/users/t/appdata/roaming/JDeveloper/system11.1.1.1.33.54.07/DefaultDomain/servers/DefaultServer/tmp/_WL_user/PlanejamentoRH_V2.0/ebw81b/war/Web-INF/lib/_wl_cls_gen.jar!/view/DataBindings.CPX
    2009-09-25 15:56:25 oracle.adfinternal.controller.faces.lifecycle.JSFLifecycleImpl setLifecycleContextBuilder
    INFO: ADFc: Inicializando Ciclo de Vida da page ADF para o ambiente JSF, LifecycleContextBuilder e 'oracle.adfinternal.controller.application.model.JSFDataBindingLifecycleContextBuilder '.
    2009-09-25 15:56:25 UNEXPECTED_CLIENT_OBJECT_TYPE oracle.adf.controller.internal.metadata.xml.MetadataResourceXmlImpl
    GRAVE: oracle.adf.controller.internal.metadata.xml.MetadataResourceXmlImpl
    2009-09-25 15:56:25 UNEXPECTED_CLIENT_OBJECT_TYPE oracle.adf.controller.internal.metadata.xml.MetadataResourceXmlImpl
    GRAVE: oracle.adf.controller.internal.metadata.xml.MetadataResourceXmlImpl
    2009-09-25 15:56:25 UNEXPECTED_CLIENT_OBJECT_TYPE oracle.adf.controller.internal.metadata.xml.MetadataResourceXmlImpl
    GRAVE: oracle.adf.controller.internal.metadata.xml.MetadataResourceXmlImpl


    [< 25/09/2009 08h56min13s AMT > < error > < HTTP > < BEA-101020 > < [path of the module: ORHQVagas ServletContext@7863650[app:PlanejamentoRH: / ORHQVagas spec-version: 2.5 version: V2.0]] Servlet failed with Exception
    javax.el.PropertyNotFoundException: inaccessible target, identifier "controlerBean" resolved to null
    at com.sun.el.parser.AstValue.getTarget(AstValue.java:67)
    at com.sun.el.parser.AstValue.isReadOnly(AstValue.java:126)
    at com.sun.el.ValueExpressionImpl.isReadOnly(ValueExpressionImpl.java:230)
    at oracle.adfinternal.view.faces.renderkit.rich.EditableValueRenderer.getReadOnly(EditableValueRenderer.java:400)
    at oracle.adfinternal.view.faces.renderkit.rich.FormElementRenderer.renderAsElement(FormElementRenderer.java:211)
    Truncated. check the log file full stacktrace
    >


    Is thrown, just at the moment where we try to go the second request (the first is ok, upward and labour);

    No metters, including two requests is to go through first, all the work of the first and the second failure;


    I did another very simple application with two projects and two worked, at the same time, but the actual project gives me this problem;

    If someone could point me to a white paper or give me some advice, I'll appreciate a lot.


    Thanks Fowards;

    Marcos Ortega
    Brazil

    I guess the problem is that. Use different locations for the Databindings.cpx in each project...

  • 15 n series Pavilion: Pavilion 15 computer n097sa laptop. L and R audio that passes through the two speakers at the same time.

    Hi, so basically, I just upgraded to this laptop 15 n097sa (new to me) of my old sucks, and it's so much better.
    Only, I just noticed that when his left or right is out at the same time the two speakers. I noticed you access with your headphones. the left certainly comes out the left a little more and the right thus respectively, but they always come out of two speakers much.
    To clarify that, the only left channel is coming from the two speakers at the same time, instead of just the left speaker. And similarly for the right channel.
    I only did a real test on youtube videos of stereo test, even I tested it on my old acer before, that came out of the correct speakers.
    I have a sound dts, no matter who is and it could be reduced to just change the settings, but I don't think that's it.
    Does anyone else have or had this problem too?
    I know I'm a sucker for pc, but please go steady on me, your.
    Win pro 8.1.

    will you please and thank you very much indeed, couch.

    Malygris1 wrote:

    Hi there @SofaQueue

    Welcome to the Forums of HP Support! It's a good place to find the help you need, so many other users, the HP experts and other members of the support staff.

    I understand that you are having problems with the audio balance on your laptop, and I am happy to help you with this. First of all, I would say reinstall the audio driver.

    ETC.

    Let me know if you still have problems and view the details of what happens.

    I will mark it as resolved now. Very useful, thanks.
    What I found was the following: I have really no problem at all, it was the parameters of the audio DTS after all.
    Simply turn off the audio improvements and testing showed once again that's all it was.

    Thanks again though, nice to see people are willing to help so much!

    Edit: Is PS it OK to mark my answer as a solution? I don't care if or whatnot, it just is the right answer and makes sense. I'll do it if he lets me.

  • Play two sound waves through two different sound cards at the same time?

    Hi all.

    With the help of old ship poles and the example of screw provided with Labview 2009 SP1, I could get a part of the path.

    The goal is to simultaneously play two .wav files, to two different sound cards. So far:

    (1) I can play a wav file for each sound card

    (2) I can generate two sinusoidal waves of different tones and put each two cards separately at the same time.

    But when I replace these two tones of #2 with .wav files, wave files play in turn. If wav_1 plays sound_card_1, THEN wav_2 plays sound_card_2, not simultaneously.

    It is even possible to play 2 wav files simultaneously on different maps?

    I've included a VI of the attempt to #2 above. WARNING: my labview skills are minimal and this vi was very experimental is probably terrible form.

    Why do you want to do this. Many modern sound cards have 5 channals output

  • Office in distance and VPN at the same time?

    Is it possible to have an office in distance and connected VPN at the same time without installing any additional software?

    It is certainly.

  • Lan to lan VPN and VPNclient support at the same time?

    Hello I have a 2811 router.

    I put up as a VPN with Clients_vpn hub connect to it, and I used an IPSec on a stick configuration.

    At the same time, I would need to use the same Lan - to - Lan IPSec router to other different sites 2.

    I can't figure out how do it since I use already my 2811 as Concentrator VPN for Clients_vpn.

    Y at - it a trick?

    Thank you very much

    Riccardo

    Of course, here is an example of configuration of a router to be configured to stop static VPN LAN-to-LAN as customer VPN at the same time:

    http://www.Cisco.com/en/us/products/ps5855/products_configuration_example09186a00809c7171.shtml

    And another one for the router be configured to terminate dynamic LAN - to - LAN VPN as VPN Client:

    http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a00801dddbb.shtml

    Another example of setting right on the LAN-to-LAN VPN between 2 routers:

    http://www.Cisco.com/en/us/products/HW/routers/ps221/products_configuration_example09186a008073e078.shtml

    Hope that helps.

  • How to export a PDF file to make nonprinting objects show but don't print not AND hyperlinks on the top of the page work at the same time?

    Firstly - I work in InDesign CC 2015.

    My problem is, I had this 10 page document, which, on every page, shows an object that must be in PDF format - but do not print. I made this object into a button and unchecked "Printable". On top of this object, I made 10 hyperlinks (separate layer) that point to the page 1-10.

    When you export the document and I use the interactive PDF format , works ' show nonprinting object but do not print ' well, BUT hyperlinks don't. If I uncheck the "layer of nonprinting objects" in the file PDF, then hyperlinks work, but the problem now is that the nonprinting objects are invisible...

    When you export the document and I use a PDF to print the "unprintable object show but do not print" does not work BUT the hyperlinks don't...

    I put hyperlinks to post a link to pages and also tried the link to the anchor text. No difference.

    So my question is: How to export a PDF file to make nonprinting objects show but don't print not AND hyperlinks on the top of the page work at the same time?

    Thank you

    Mette from Denmark

    I swapped my links to the buttons - AND NOW IT WORKS; (o)

  • I can switch between the code sheet and css html, but I would like to see them both at the same time as well as the design window. Right now and can see rather the design and code html or design and css. How can I arrange to see all at the same time, of

    Hello

    My name is Ellie and I am new to Dreamweaver.

    I can switch between the code sheet and css html, but I would like to see them both at the same time as well as the design window. Right now and can see rather the design and code html or design and css. How can I arrange to see everything at the same time, design, HTML and CSS?

    Thank you

    It ends up something like that...

  • Using the same virtual machine on two macs, but not at the same time

    Hello

    I searched this site and the Internet in general, but I couldn't find an answer to this question, so my apologies if this is requested before and if so, please point me to the answer.

    I have an iMac with Bootcamp with Windows 7 Professional x 64 partition and everything works fine.

    I would like to install 6 Fusion and create a virtual machine from the Bootcamp partition, try it for a while and then delete the Bootcamp partition. I found a complete documentation about this and I should be able to do this without any problems, except perhaps for the reactivation of Windows.

    Now the question: since I move sometimes, I would like to be able to move this virtual machine on a Macbook Pro, so I must not move file, sync, etc., and the virtual machine will not at the same time. I read that you use Move so the address UUID and Mac do not change, but I don't know if this applies to move the virtual machine to another computer. If my is:

    (1) is it possible?

    (2) what I have to buy a second copy of Fusion 6 or there is a player that will allow me to run the virtual machine on the macbook?

    Thank you

    Luciano

    I have experimented with a Windows 7 VM, copied (but I have 2 licenses of retail sales) a mini Mac Core 2 Duo to a Core i7 MacBook Pro retina: well, despite the different processor, he did not ask a reactivation, strangely, even after a few resets. Windows 7 so, seems at least to be quite "tolerant", on this front.

  • I'm waiting for a new iMac i5 retina to join my shop this week but I wanted to try CC at the same time, after which I will move at the iMac and Yosemite. Now OS 10.6.8 on my Mac Pro ' 07. It will work or am I turn my wheels?

    I'm waiting for a new iMac i5 retina to join my shop this week but I wanted to try CC at the same time, after which I will move at the iMac and Yosemite. Now OS 10.6.8 on my Mac Pro ' 07. It will work or am I turn my wheels. I do a lot of work that is not in the darkroom with CS3 and use Lightroom starting today, but think to do when I get the new machine. Semi-retired photographer and eager to spread my wings a bit more on the creative aspects instead of to the day the day. Thank you for any response.

    MINIMUM requirements for programs of cloud... scroll down and check each program

    -http://helpx.adobe.com/creative-cloud/system-requirements.html

  • Expiration of my subscription of the CC, I bought a new but not be able to use again. He's trying to use the free trial version at the same time, but after installation of app still redirects me just say renew subscription and won't let me open. Help, ple

    Expiration of my subscription of the CC, I bought a new but not be able to use again. He's trying to use the free trial version at the same time, but after installation of app still redirects me just say 'Renew subscription' and won't let me open. Help, please

    Contact adobe support, https://helpx.adobe.com/contact.html

Maybe you are looking for

  • Satellite L450D: erratic cursor while typing

    Hi first post I recently took delivery of Sat L450, as part of access to the House for our daughter aged 11. My problem is that while typing on or off line, the cursor is erratic.He can jump in any other line and if you don't watch it constantly, it

  • Windows xp corrupted Archive CAB

    Hey, guys: Is there anyone out there that can help me solve the following problem I have been struggling with for many days now: very irritating and frustrating: Archive CAB to C; / the... corrupt system volume information is what my antivirus avast

  • I need to know what service Pack3, to purchase to install MS Office Professional & academic 2010

    I want to install Microsoft Office Professional and academic, 2010.  However, it requires service pack 3.  My computer has service pack 2 with windows xp, the professional version, 2002.  Should what service pack 3 I buy?  Thank you.

  • WAP?

  • Flash Builder debugger cannot connect to the running application

    I've upgraded to Flash Builder 4.5 and now I get the error - old The Flash Builder debugger cannot connect to the running application.Ensure that:1. for applications in the browser, you run the debug version of Flash Player.2. for network debugging o