PIX PIX VPN - error log
I created a VPN between our PIX and PIX customers but receives the following error message when I try to activate tunnnel. I checked the ACL on both ends. Any ideas?
ISADB: Reaper checking HIS 0x80da9618, id_conn = 0IPSEC (sa_initiate): ACL = deny;
No its created
IPSec (sa_initiate): ACL = deny; No its created
IPSec (sa_initiate): ACL = deny; No its created
IPSec (sa_initiate): ACL = deny; No its created
I've seen a few times. Usually remove the interface of the card encryption and re - apply solves it, sometimes it is necessary to remove the card encryption and the "enable isakmp outside" and put them both back in.
This message is also sometimes to do with something wrong in the configuration, in order to double-check your ACL and your transformation games, etc.
Tags: Cisco Security
Similar Questions
-
I'm trying to implement a simple PIX PIX VPN using the simple PIX - PIX VPN documentation for the sample config page. I have a lot of VPN tunnels with other very happy other PIX devices so it's quite annoying. Anyway, on the source PIX config is as follows:-
access-list 101 permit ip 172.18.138.0 255.255.255.0 172.18.133.0 255.255.255.0
access-list 101 permit ip 172.18.133.0 255.255.255.0 172.18.138.0 255.255.255.0
NAT (phoenix_private) 0-access list 101
Permitted connection ipsec sysopt
No sysopt route dnat
Crypto ipsec transform-set esp - esp-md5-hmac chevelle
ntlink 1 ipsec-isakmp crypto map
1 ipsec-isakmp crypto map TransAm
correspondence address 1 card crypto transam 101
card crypto transam 1 set peer 172.18.126.233
card crypto transam 1 transform-set chevelle
interface inside crypto map transam
ISAKMP allows inside
ISAKMP key * address 172.18.126.233 netmask 255.255.255.255
ISAKMP identity address
part of pre authentication ISAKMP policy 1
of ISAKMP policy 1 encryption
ISAKMP policy 1 md5 hash
1 1 ISAKMP policy group
ISAKMP policy 1 lifetime 1000
and if I generate the traffic logs show this: -.
9 August 18:40:15 10.60.6.247% PIX-3-305005: no translation not found for icmp src phoenix_private:172.18.138.111 dst domestic group: 172.18.133.51 (type 8, code 0)
9 August 18:40:17 10.60.6.247% PIX-3-305005: no translation not found for icmp src phoenix_private:172.18.138.111 dst domestic group: 172.18.133.51 (type 8, code 0)
9 August 18:40:18 10.60.6.247% PIX-3-305005: no group of translation not found for udp src phoenix_private:172.18.138.111/3832 dst inside:172.18.133.51/53
9 August 18:40:18 10.60.6.247% PIX-3-305005: no translation not found for icmp src phoenix_private:172.18.138.111 dst domestic group: 172.18.133.51 (type 8, code 0)
9 August 18:40:19 10.60.6.247% PIX-3-305005: no group of translation not found for udp src phoenix_private:172.18.138.111/3832 dst inside:172.18.133.51/53
No isakmp and ipsec debugging message appears, but you who wait that the PIX does not even link the traffic with the access list or a NAT.
I do something obviously stupid, can someone tell me what it is, thank you.
Jon.
Hello
1. you create a second access as list:
outside_cryptomap ip 172.18.138.0 access list allow 255.255.255.0 172.18.133.0 255.255.255.0
and
2. instead of
correspondence address 1 card crypto transam 101
You must configure
card crypto transam 1 match address outside_cryptomap
the problem is that you configure an ACL for nat and crypto - that does not work
concerning
Alex
-
With PAT on Cisco PIX VPN client
Dear all,
I have a PIX 515 to the main site with the IPSec security is enabled. Homepage user using 3.x VPN client connects to the PIX for VPN access. When user Home use real IP, I can ping to the local network of the main site. However, when the Home user using a router with PAT, the VPN can be established.
Is there a setting I should put on PIX, VPN client or router?
Thank you.
Doug
And if you still have problems, upgrade your pix, 6.3 and usage:
ISAKMP nat-traversal
But the first thing would be to check the IPSEC passthrough as Ade suggested. If the device is a linksys check the version of the firmware as well.
Kind regards
-
On Pix VPN tunnel to the same subnet
I have a customer who want to set up a the PIX VPN tunnel located on each site. For some reason, each side has the same subnet number, for example. 10.10.10.x/32. I'm sure we must run NAT, but is it possible.
This can help
http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a00800949f1.shtml
-
Site to site vpn errors.
When you configure a site to tunnles, I get errors in logging of ASA of gall.
I've included the two configs on the walls of ASA file.
any one see what Miss me?
small site
: Saved
: Written by usiadmin at 15:22:08.143 UTC Monday, March 19, 2012
!
ASA Version 7.2 (3)
!
hostname smallASA
domain.com domain name
activate awSQhSsotCzGWRMo encrypted password
names of
!
interface Vlan1
nameif inside
security-level 100
IP 10.16.4.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 116.12.211.66 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
L0Wjs4eA25R/befo encrypted passwd
passive FTP mode
DNS lookup field inside
DNS server-group DefaultDNS
Server name 10.10.20.1
domain.com domain name
access extensive list ip 10.16.4.0 outside_1_cryptomap allow 255.255.255.0 any
access extensive list ip 10.16.4.0 inside_nat0_outbound allow 255.255.255.0 any
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 523.bin
don't allow no asdm history
ARP timeout 14400
NAT-control
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
Route outside 0.0.0.0 0.0.0.0 116.12.211.65 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout, uauth 0:05:00 absolute
Enable http server
http 0.0.0.0 0.0.0.0 outdoors
http 10.16.4.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
card crypto outside_map 1 match address outside_1_cryptomap
card crypto outside_map 1 set pfs
peer set card crypto outside_map 1 12.69.103.226
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Crypto isakmp nat-traversal 20
Telnet 10.16.4.0 255.255.255.0 inside
Telnet timeout 5
SSH 10.16.4.0 255.255.255.0 inside
SSH 0.0.0.0 0.0.0.0 outdoors
SSH timeout 5
Console timeout 0
dhcpd dns 165.21.83.88 10.10.2.1
dhcpd domain domain.com
dhcpd outside auto_config
!
dhcpd address 10.16.4.100 - 10.16.4.131 inside
dhcpd allow inside
!
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
!
global service-policy global_policy
usiadmin encrypted DI5M5NnQfLzGHaw1 privilege 15 password username
initech encrypted ENDpqoooBPsmGFZP privilege 15 password username
tunnel-group 12.69.103.226 type ipsec-l2l
IPSec-attributes tunnel-group 12.69.103.226
pre-shared key, PSK
context of prompt hostname
Cryptochecksum:e6bf95f3c25574bfed2adafb3283e882
: end
large site
: Saved
: Written by usiadmin to the 22:57:30.549 CDT Monday, March 19, 2012
!
ASA Version 8.0 (3)
!
hostname STO-ASA-5510-FW
domain.com domain name
enable the password... Ge0JnvJlk/gAiB encrypted
names of
192.168.255.0 BGP-Transit_Network description name Transit BGP
name 10.10.99.0 VPN
name 10.10.2.80 BB
DNS-guard
!
interface Ethernet0/0
Inside the Interface Description
nameif inside
security-level 100
IP 10.10.200.29 255.255.255.240
OSPF cost 10
!
interface Ethernet0/1
Description external Interface facing the Rotuer for Internet.
nameif outside
security-level 0
IP 12.69.103.226 255.255.255.240
OSPF cost 10
!
interface Ethernet0/2
Description physical interface trunk - do not use
No nameif
no level of security
no ip address
!
interface Ethernet0/2.900
Description Interface DMZ 12.69.103.0 / 26 (usable hotes.1 a.62)
VLAN 900
nameif DMZ1-VLAN900
security-level 50
IP 12.69.103.1 255.255.255.192
OSPF cost 10
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
nameif management
security-level 100
IP 10.10.5.250 255.255.254.0
OSPF cost 10
management only
!
L0Wjs4eA25R/befo encrypted passwd
banner exec **********************************************************************
exec banner STO-ASA-5510-FW
exec banner ASA5510 - 10.10.200.29
exec banner configured for data use only
banner exec **********************************************************************
banner login **********************************************************************
connection of the banner caveat: this system is for the use of only authorized customers.
banner of individuals to connect using the system of computer network without permission.
banner login or exceeding their authority, are subject with all their
activity of connection banner on this system monitored and recorded by computer network
staff of the login banner system. To protect the computer network system of
banner of the connection of unauthorized use and to ensure that computer network systems is
connection of banner works properly, system administrators monitor this system.
banner connect anyone using this computer network system expressly consents to such a
banner of the connection monitoring and is advised that if such monitoring reveals possible
conduct of connection banner of criminal activity, system personnel may provide the
evidence of connection banner of such activity to the police.
connection banner that access is restricted to the authorized users only. Unauthorized access is
connection banner, a violation of State and federal, civil and criminal.
banner login **********************************************************************
passive FTP mode
clock timezone CST - 6
clock to summer time recurring CDT
DNS server-group DefaultDNS
domain universalsilencer.com
permit same-security-traffic intra-interface
object-group service SAP tcp - udp
Description SAP updates
port-object eq 3299
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
object-group service HUMANLand tcp
port-object eq citrix-ica
DM_INLINE_TCP_1 tcp service object-group
EQ port 5061 object
port-object eq www
EQ object of the https port
DM_INLINE_TCP_2 tcp service object-group
EQ port 5061 object
port-object eq www
EQ object of the https port
DM_INLINE_UDP_1 udp service object-group
EQ port-object snmp
port-object eq snmptrap
object-group service DM_INLINE_SERVICE_1
ICMP service object
the purpose of the service tcp - udp eq www
the purpose of the udp eq snmp service
the purpose of the udp eq snmptrap service
the eq syslog udp service object
the eq 2055 tcp service object
the eq 2055 udp service object
EQ-3389 tcp service object
object-group service human tcp - udp
port-object eq 8100
object-group service grove tcp
port-object eq 2492
netflowTcp tcp service object-group
port-object eq 2055
object-group service 6144 tcp - udp
6144 description
port-object eq 6144
object-group service 1536-DMPA-inter-tcp - udp
1536-DMPA-inter description
port-object eq 1536
the DM_INLINE_NETWORK_1 object-group network
network-object 198.78.0.0 255.255.0.0
network-object 207.152.0.0 255.255.0.0
network-object 69.31.0.0 255.255.0.0
the DM_INLINE_NETWORK_2 object-group network
network-object 198.78.0.0 255.255.0.0
network-object 207.152.0.0 255.255.0.0
network-object 69.31.0.0 255.255.0.0
the DM_INLINE_NETWORK_3 object-group network
network-object 198.78.0.0 255.255.0.0
network-object 207.152.0.0 255.255.0.0
network-object 69.31.0.0 255.255.0.0
the DM_INLINE_NETWORK_4 object-group network
network-object 198.78.0.0 255.255.0.0
network-object 207.152.0.0 255.255.0.0
network-object 69.31.0.0 255.255.0.0
object-group service rdp tcp
RDP description
EQ port 3389 object
the DM_INLINE_NETWORK_5 object-group network
network-object 10.16.0.0 255.255.0.0
object-network 10.16.0.0 255.255.255.0
the DM_INLINE_NETWORK_6 object-group network
network-object 10.16.0.0 255.255.0.0
object-network 10.16.0.0 255.255.255.0
the DM_INLINE_NETWORK_7 object-group network
network-object 10.16.0.0 255.255.0.0
object-network 10.16.0.0 255.255.255.0
the DM_INLINE_NETWORK_8 object-group network
network-object 10.16.0.0 255.255.0.0
object-network 10.16.0.0 255.255.255.0
access outside the 207.152.125.136 note list
extended access list to refuse any newspaper outdoors the object-group objects DM_INLINE_NETWORK_1 TCPUDP-group
scope of list of outdoor access to refuse the object-group objects DM_INLINE_NETWORK_2 host 12.69.103.129 TCPUDP-group
extended access list to refuse the object-group TCPUDP outdoors any object-group DM_INLINE_NETWORK_3
scope of list of outdoor access to refuse the subject-TCPUDP 12.69.103.129 host object group DM_INLINE_NETWORK_4
access outside the note list * in Bound SAP traffic by Ron Odom update *.
list of access outside the scope permitted tcp host 194.39.131.34 host 12.69.103.155 3200 3300 Journal range
access outside the note list * router SAP *.
list of access outside the permitted range tcp host 10.10.2.110 host 194.39.131.34 3200 3300
extended access list permits object-group DM_INLINE_SERVICE_1 outside any host 12.69.103.154
access outside the note list * entrants to the mail server to 10.10.2.10 Peter K *.
list of extended outside access permit tcp any host 12.69.103.147 eq smtp
access outside the note list * incoming to the OCS EDGE on DMZ Peter K *.
access list outside extended permit tcp any host 12.69.103.2 object - group DM_INLINE_TCP_1
list of external extended ip access permits any host 12.69.103.6
list of access outside the comment flagged for malware activity
scope of list of outdoor access to deny the host ip 77.78.247.86 all
list of external extended ip access permits any host 12.69.103.156 inactive
list of extended outside access permit tcp any host 12.69.103.147 eq www
list of extended outside access permit tcp any host 12.69.103.147 eq https
access outside the note list * incoming hosting 10.10.3.200 - Dan K *.
list of extended outside access permit tcp any host 12.69.103.145 eq www
list of extended outside access permit tcp any host 12.69.103.145 eq https
access outside the note list * journey to host 10.10.2.30 USIFAXBACK - Dan K *.
list of extended outside access permit tcp any host 12.69.103.146 eq www
list of extended outside access permit tcp any host 12.69.103.146 eq https
access outside the note list * incoming hosting 10.10.8.5 - Mitel 7100 BOB M 4/4-2008 - BV *.
list of extended outside access permit tcp any host 12.69.103.152 eq pptp
access list outside extended permit tcp any host 200.56.251.118 object - group HUMANLand
list of extended outside access permit tcp any host 200.56.251.121 eq 8100
outdoor access list note allow all return ICMP traffic off in order to help the attacks of hidden form
extended the list of outdoor access to deny icmp everything no matter what newspaper
list of allowed outside access extended ip 10.14.0.0 255.255.0.0 all open a debug session
list of allowed outside access extended ip 10.15.0.0 255.255.0.0 any
list of allowed outside access extended ip object-group DM_INLINE_NETWORK_7 all
outdoor access list extended permits all ip 10.14.0.0 255.255.0.0 debug log
outdoor access list extended permits all ip 10.15.0.0 255.255.0.0
list of external extended ip access permits any object-group DM_INLINE_NETWORK_6
list of access outside the scope permitted udp host 12.88.249.62 any DM_INLINE_UDP_1 object-group
Note added to pervent bocking human outside access list
list of access outside the permitted scope object-TCPUDP host 10.12.2.250 host 200.56.251.121 human group object
Note added to pervent bocking human outside access list
list of access outside the permitted scope object-TCPUDP host 200.56.251.121 host 10.12.2.250 human group object
outside the permitted scope of access tcp list any any eq log pptp
extended access list to refuse the object-group TCPUDP outdoors everything any object-group 6144
VPN-SplitTunnel extended 10.10.0.0 ip access list allow 255.255.0.0 VPN 255.255.255.192
extensive list of access VPN-SplitTunnel ip 10.11.0.0 255.255.0.0 VPN 255.255.255.192 allow
extended VPN-SplitTunnel access list ip 10.12.0.0 allow 255.255.0.0 VPN 255.255.255.192
extended VPN-SplitTunnel access list ip 10.13.0.0 allow 255.255.0.0 VPN 255.255.255.192
list of access VPN-SplitTunnel extended permitted ip VPN BGP-Transit_Network 255.255.255.0 255.255.255.192
list of access VPN-SplitTunnel extended permitted ip 10.0.0.0 255.0.0.0 192.168.10.0 255.255.255.0
VPN-SplitTunnel extended 10.10.0.0 ip access list allow 255.255.0.0 10.14.4.0 255.255.254.0
VPN-SplitTunnel extended 10.10.0.0 ip access list allow 255.255.0.0 10.15.4.0 255.255.254.0
VPN-SplitTunnel extended 10.10.0.0 ip access list allow 255.255.0.0 10.14.8.0 255.255.254.0
Note DMZ1_in access-list * OCS - 2nd interface to inside EDGE welcomes Peter K *.
DMZ1_in list extended access permit tcp host 12.69.103.3 host 10.10.2.15 DM_INLINE_TCP_2 object-group
Note DMZ1_in of access list permit all ICMP traffic
DMZ1_in access list extended icmp permitted any any newspaper
DMZ1_in deny ip extended access list all 207.152.0.0 255.255.0.0
DMZ1_in list extended access deny ip 207.152.0.0 255.255.0.0 any
Note DMZ1_in access-list * explicitly block access to all domestic networks *.
Note access-list DMZ1_in * no need allowed inside networks *.
Note DMZ1_in access-list * to do above this section *.
DMZ1_in list extended access deny ip any 10.0.0.0 255.0.0.0
DMZ1_in list extended access deny ip any 172.16.0.0 255.240.0.0
DMZ1_in list extended access deny ip any 192.168.0.0 255.255.0.0
Note DMZ1_in access-list * IP Allow - this will be the internet *.
DMZ1_in list of allowed ip extended access all any debug log
ezvpn1 list standard access allowed 10.0.0.0 255.0.0.0
access-list DMZ1-VLAN900_cryptomap extended ip allowed any one
access-list sheep extended ip 10.10.0.0 allow 255.255.0.0 VPN 255.255.255.192
IP 10.11.0.0 allow Access-list extended sheep 255.255.0.0 VPN 255.255.255.192
IP 10.12.0.0 allow Access-list extended sheep 255.255.0.0 VPN 255.255.255.192
access-list extended sheep ip 10.13.0.0 allow 255.255.0.0 VPN 255.255.255.192
access-list sheep extended ip VPN BGP-Transit_Network 255.255.255.0 allow 255.255.255.192
access-list extended sheep allowed ip 10.0.0.0 255.0.0.0 192.168.10.0 255.255.255.0
access-list sheep extended ip 10.10.0.0 allow 255.255.0.0 10.14.4.0 255.255.254.0
access-list sheep extended ip 10.10.0.0 allow 255.255.0.0 10.14.8.0 255.255.254.0
access-list extended sheep allowed ip 10.0.0.0 255.0.0.0 10.14.0.0 255.255.0.0
access-list sheep extended ip 10.10.0.0 allow 255.255.0.0 10.15.4.0 255.255.254.0
access-list extended sheep allowed ip 10.0.0.0 255.0.0.0 10.15.0.0 255.255.0.0
permit traffic to access extended list ip 10.0.0.0 255.0.0.0 10.14.0.0 inactive 255.255.0.0
outside_cryptomap to access ip 10.0.0.0 scope list allow 255.0.0.0 10.15.0.0 255.255.0.0
access extensive list ip 10.14.0.0 outside_nat0_outbound allow 255.255.0.0 VPN 255.255.255.192
access extensive list ip 10.15.0.0 outside_nat0_outbound allow 255.255.0.0 VPN 255.255.255.192
outside_nat0_outbound list extended access allowed object-group ip VPN DM_INLINE_NETWORK_8 255.255.255.192
outside_cryptomap_1 to access ip 10.0.0.0 scope list allow 255.0.0.0 DM_INLINE_NETWORK_5 object-group
pager lines 24
Enable logging
timestamp of the record
logging list VPN informational level class auth
logging list class VPN config level criticism
VPN vpn list logging level notification class
notification of log list VPN vpnc level class
VPN list logging level notifications class webvpn
logging alerts list any level
exploitation forest-size of the buffer of 256000
logging buffered all
logging VPN trap
asdm of logging of information
host of inside the 10.10.2.41 logging format emblem
logging ftp-bufferwrap
connection server ftp 10.10.2.41 \logs usi\administrator 178US1SIL3 ~.
Within 1500 MTU
Outside 1500 MTU
MTU 1500 DMZ1-VLAN900
management of MTU 1500
mask 10.10.99.1 - 10.10.99.63 255.255.255.192 IP local pool Clients_vpn
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any inside
ICMP allow all outside
ICMP allow any DMZ1-VLAN900
ASDM image disk0: / asdm - 611.bin
ASDM location VPN 255.255.255.192 inside
ASDM location BGP-Transit_Network 255.255.255.0 inside
ASDM location 10.10.4.60 255.255.254.255 inside
ASDM location 255.255.255.255 inside BB
ASDM location 10.16.0.0 255.255.0.0 inside
ASDM location 69.31.0.0 255.255.0.0 inside
ASDM location 198.78.0.0 255.255.0.0 inside
ASDM location 10.16.0.0 255.255.255.0 inside
enable ASDM history
ARP timeout 14400
Global (inside) 1 10.10.2.4 netmask 255.0.0.0
Global (outside) 10 12.69.103.129 netmask 255.255.255.255
Global (outside) 11 12.69.103.130 netmask 255.255.255.255
Global (outside) 12 12.69.103.131 netmask 255.255.255.255
Global (outside) 13 12.69.103.132 netmask 255.255.255.255
Global (outside) 14 12.69.103.133 netmask 255.0.0.0
NAT (inside) 0 access-list sheep
NAT (inside) 11 192.168.255.4 255.255.255.252
NAT (inside) 12 192.168.255.8 255.255.255.252
NAT (inside) 13 192.168.255.12 255.255.255.252
NAT (inside) 10 10.10.0.0 255.255.0.0
NAT (inside) 11 10.11.0.0 255.255.0.0
NAT (inside) 12 10.12.0.0 255.255.0.0
NAT (inside) 13 10.13.0.0 255.255.0.0
NAT (inside) 10 10.14.0.0 255.255.0.0
NAT (outside) 0-list of access outside_nat0_outbound
NAT (outside) 10 10.16.0.0 255.255.255.0
NAT (outside) 10 10.14.0.0 255.255.0.0
NAT (outside) 10 10.15.0.0 255.255.0.0
NAT (outside) 10 10.16.0.0 255.255.0.0
static (DMZ1-VLAN900, external) 12.69.103.0 12.69.103.0 subnet mask 255.255.255.192
public static 12.69.103.154 (Interior, exterior) 10.10.2.41 netmask 255.255.255.255
static (inside, DMZ1-VLAN900) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
static (inside, DMZ1-VLAN900) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
static (inside, DMZ1-VLAN900) 172.16.0.0 subnet 255.240.0.0 172.16.0.0 mask
public static 12.69.103.147 (Interior, exterior) 10.10.2.10 netmask 255.255.255.255
public static 12.69.103.152 (Interior, exterior) 10.10.8.5 netmask 255.255.255.255
public static 12.69.103.155 (Interior, exterior) 10.10.2.110 netmask 255.255.255.255
outside access-group in external interface
Access-group DMZ1_in in interface DMZ1-VLAN900
!
Router eigrp 100
Network 10.0.0.0 255.0.0.0
!
Route outside 0.0.0.0 0.0.0.0 12.69.103.225 1
Route inside 10.0.0.0 255.0.0.0 10.10.200.30 1
Route inside 10.10.98.0 255.255.255.0 10.10.200.30 1
Route outside 10.14.0.0 255.255.0.0 12.69.103.225 1
Route outside 10.15.0.0 255.255.0.0 12.69.103.225 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout, uauth 0:05:00 absolute
dynamic-access-policy-registration DfltAccessPolicy
AAA-server Microsoft radius Protocol
simultaneous accounting mode
reactivation mode impoverishment deadtime 30
AAA-server Microsoft host 10.10.2.1
key cisco123
the ssh LOCAL console AAA authentication
AAA authentication LOCAL telnet console
AAA authentication enable LOCAL console
AAA authentication http LOCAL console
Enable http server
http 10.10.0.0 255.255.0.0 management
http 10.10.0.0 255.255.0.0 inside
SNMP-server host within the 10.10.2.41 community UNISNMP version 2 c-port udp 161
location of Server SNMP STODATDROOM
contact SNMP SYS Admin Server
UNISNMP SNMP-server community
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Server enable SNMP traps syslog
Server SNMP traps enable ipsec works stop
Server enable SNMP traps entity config - change insert-fru fru - remove
Server SNMP enable doors remote access has exceeded the threshold of session
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto outside_map 1 match address outside_cryptomap
peer set card crypto outside_map 1 115.111.107.226
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
card crypto outside_map 2 match address outside_cryptomap_1
peer set card crypto outside_map 2 116.12.211.66
card crypto outside_map 2 the value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
address card crypto outside_map 10 game traffic
peer set card crypto outside_map 10 212.185.51.242
outside_map crypto 10 card value transform-set ESP-3DES-SHA
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
inside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
inside crypto map inside_map interface
card crypto DMZ1-VLAN900_map0 1 the value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
crypto isakmp identity address
crypto ISAKMP allow inside
crypto ISAKMP allow outside
crypto ISAKMP policy 5
preshared authentication
3des encryption
sha hash
Group 2
life no
crypto ISAKMP policy 10
preshared authentication
the Encryption
sha hash
Group 2
life no
Crypto isakmp nat-traversal 33
No vpn-addr-assign aaa
No dhcp vpn-addr-assign
VPN-addr-assign local reuse-delay 10
Telnet 10.10.0.0 255.255.0.0 inside
Telnet 10.10.0.0 255.255.0.0 management
Telnet timeout 29
SSH timeout 29
SSH version 2
Console timeout 1
management-access inside
dhcprelay Server 10.10.2.1 outside
a basic threat threat detection
threat scan-threat shun except ip 10.14.0.0 address detection 255.255.0.0
threat scan-threat shun except ip 10.15.0.0 address detection 255.255.0.0
threat detection statistics
Web cache WCCP
WCCP interface within web in cache redirection
NTP 192.5.41.41 Server
NTP 192.5.41.40 Server
Server NTP 192.43.244.18
TFTP server inside 10.10.2.2 \asa
attributes of Group Policy DfltGrpPolicy
banner of value WARNING: this system is for the use of only authorized customers.
value of server WINS 10.10.2.1
value of 10.10.2.1 DNS server 10.10.2.2
Protocol-tunnel-VPN IPSec svc webvpn
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value VPN-SplitTunnel
universalsilencer.com value by default-field
Server proxy Internet Explorer 00.00.00.00 value
the address value Clients_vpn pools
internal CHINAPH group policy
CHINAPH group policy attributes
Protocol-tunnel-VPN IPSec svc webvpn
Split-tunnel-policy tunnelall
enable dhcp Intercept 255.255.0.0
the address value Clients_vpn pools
internal ezGROUP1 group policy
attributes of the strategy of group ezGROUP1
VPN-tunnel-Protocol svc webvpn
allow password-storage
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list ezvpn1
allow to NEM
deleted users
IPSec-attributes tunnel-group DefaultL2LGroup
pre-shared-key germanysilence
type tunnel-group USISplitTunnelRemoteAccess remote access
attributes global-tunnel-group USISplitTunnelRemoteAccess
address pool Clients_vpn
IPSec-attributes tunnel-group USISplitTunnelRemoteAccess
pre-shared-key z2LNoioYVCTyJlX
type tunnel-group USISplitTunnelRADIUS remote access
attributes global-tunnel-group USISplitTunnelRADIUS
address pool Clients_vpn
Group-Microsoft LOCAL authentication server
IPSec-attributes tunnel-group USISplitTunnelRADIUS
pre-shared-key fLFO2p5KSS8Ic2y
type tunnel-group ezVPN1 remote access
tunnel-group ezVPN1 General-attributes
Group Policy - by default-ezGROUP1
ezVPN1 group of tunnel ipsec-attributes
pre-shared key, PSK
tunnel-group 212.185.51.242 type ipsec-l2l
IPSec-attributes tunnel-group 212.185.51.242
pre-shared key, PSK
NOCHECK Peer-id-validate
tunnel-group 115.111.107.226 type ipsec-l2l
IPSec-attributes tunnel-group 115.111.107.226
pre-shared key PSJ
tunnel-Group China type remote access
attributes global-tunnel-Group China
address pool Clients_vpn
Group Policy - by default-CHINAPH
tunnel-group 116.12.211.66 type ipsec-l2l
IPSec-attributes tunnel-group 116.12.211.66
pre-shared key, PSK
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns migrated_dns_map_1
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the migrated_dns_map_1 dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
Cryptochecksum:834976612f8f76e1b088326516362975
: end
Hello Ronald.
You use PFS on a site and not on the other.
Allows to remove from the site that has it and give it a try.
Change this:
card crypto outside_map 1 match address outside_1_cryptomap
card crypto outside_map 1 set pfs
peer set card crypto outside_map 1 12.69.103.226
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
outside_map interface card crypto outside
To do this:
card crypto outside_map 1 match address outside_1_cryptomap
peer set card crypto outside_map 1 12.69.103.226
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
outside_map interface card crypto outside
So just do a
NO card crypto outside_map 1 set pfs
Kind regards
Julio
Note all useful posts
-
How to create an error log file
Hello
I want to make an error log in the format below:-
Date error error number
Description 1/1 3243543 error 01:00
- - - -
- - - -
The error log should be created automatically after execution of a particular program. (only date and time when no error occurs).
Can someone give me the samplecodes to do that?
-
Xcopy - need of path of the error log file
Hey Microsoft,
I run the xcopy command:
xcopy/C/H/E "C:\Original" /e > "C:\LOGFILE. TXT"2 >"C:\ERROR_LOGFILE. TXT ".
The error log gives me this result:
"File creation error - the system cannot find the file specified."
But I need the path of the file that caused this error.
How this is done?
Thank you!
http://www.Microsoft.com/resources/documentation/Windows/XP/all/proddocs/en-us/xcopy.mspx?mfr=true
Maybe this page will help?
or that, asked in the forums of win7
-
I have 90% free or empty space on my computer, but my memory is full of error logs.
How can I clear the logs for free my memory and find my speed?
Hello
Thank you for contacting Microsoft Answers.
Too clarify unwanted newspapers, go to my computer-> select your system partition/drive (the partition where Windows is installed usually C:\)->right click for menu doll-> click Properties-> click on disk cleanup.)
After a few seconds, the disk cleanup window opens. Select the categories of files that you want to remove, and then click Ok.
-
How a repair tech to display error log when it is not on the computer
I got our office for repairs because it crashed constantly and gel to the top. The technician who brought back the computer said that there is nothing wrong just a few things that it has fixed. Not 10 minutes after that he did to the left of the computer freeze and our screen is blurred. When I called him to inform him, he said he went in my error log and he could see that there was a problem. It's that he can see what I'm doing? Better yet, what can I do to eliminate looking at him in front of my computer.
You can disable remote assistance by will start--->Panel---> System---> using Remote taband uncheck the allow invitations to support remotely to send from your computer. I suspect that when you took it, he put the system in place for handling remote.
You can also remove remote assistance exception in your firewall.
-
What kind of things can I delete on my computer to make the space.i downloaded lots of stuff you want to find and remove the it.thankyou much novice user
We do not know what you download and what you have installed so difficult to answer.
If you have installed some stuff and you want more, then Yes, uninstall it from Add/Remove.
Regarding the error log - are what error paper you referring?
FYI - http://support.microsoft.com/kb/310312
Description of the tool in Windows XP disk cleanupHarold Horne / TaurArian [MVP] 2005-2011. The information has been provided * being * with no guarantee or warranty.
-
MS antispyware error log text document
In my program files, there is a record of anti-spyware microsoft with a text of the error log document. This document is large, 953 MB is it OK to remove this file?
Go to add/remove programs and see if MS Antispyware is here. If this is the case, you can uninstall it. MS Antispyware is an obsolete program. If it has already been uninstalled (does not appear in Add/Remove Programs), then simply delete the folder in Program Files. MS - MVP - Elephant Boy computers - don't panic!
-
Failed to create task scheduler error log... Event ID 412
Original title: windows edition vista Home premium... Error log... Event ID 412... Task Scheduler service failed to start triggered by computer startup... Additional data... Error value 2147549183
Also, when trying to open the Task Scheduler to message... The image of the task is damaged or has been tampered with
dabf8524-213d-4B2F-8c28-216053942221
6db14b86-dc09-417f-B9E4-8ea3e1d3cad3
5e741641-d6b4-4A05-BE04-d909bd185b49
Reminders-Nat
MP Sceduled Scan
Thank you for any information you may be able to help with this problem
Thanks, Nathan
Hello
Have you made changes on the computer before this problem?
Try the following and see if it helps.Method 1:
I suggest you delete the related corrupted image in this folder and see if the problem occursCommonly, Task Scheduler task image is located in:a. in Windows Explorer, navigate to the folder below.
C:\Windows\System32\Tasks.
b. remove the related items.
c. try to create a new task and check if it helps.Method 2:
I suggest to remove the item from the following location registry and check if it helps.
a. click on the Start Menu.
b. type regedit in the search box and press on enter.
c. If the application for leave, click on continue to open the registry editor on the left pane, navigate to the following:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks.
d. remove the registry concerned items.
e. close the registry editor.
f. restart your computer.Note: Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems can occur if you modify the registry incorrectly. Therefore, make sure that you proceed with caution. For added protection, back up the registry before you edit it. Then you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click on the number below to view the article in the Microsoft Knowledge Base: http://windows.microsoft.com/en-US/windows-vista/Back-up-the-registry
Reference: -
Apache error log is 146gigs because of the online game I think, how it remove?
I was online game. I keep losing free space on the disk. My apache error log is more than 146 GB. How can I delete? I tried. I read about resetting my journal from the mistakes of 'prevent' to 'emerge', but I couldn't save this parameter or the other. any help? Thank you
Hello chriscilantro,
Try contacting support for Apache as it's a matter of Apache.
Please click the link below for support of Apache.
http://httpd.Apache.org/support.html -
Try to install autocad architecture 2012and get 1603 error log.
I have Vista 64-bit with Service pack two. I'm having a problem when trying to install autocad architecture 2012. The installation will fail and the error log indicates Visual C++ 2008 has begun and then abandoned... error 1603. My continuous automatic Windows Update Service update two pack 1 updates and when I check the history they have been successfully updated each time. I feel that I need an update for Visual C++ 2008 and service pack update is noted as successful. I uninstalled all such files as suggested by autodesk and autodesk products. Then redownloaded and tried to install. Failed every time. A friend had the same problems and after Vista update, hers is a 32-bit system... She redown loaded Autocad and installed. Are there updates for service pack 2 because I noticed are updated to service Pack 1. This program is my lively hood! I tried to install 2011 also failed. The 2009 version worked fine, but I uninstalled it he's trying to upgrade. My system is too qualified to manage the program. Thanks Cat
Hello
I suggest you try the steps in the following articles (one by one) and check.
You receive an "error 1603: a fatal error occurred during installation" error message when you try to install a Windows Installer package
http://support.Microsoft.com/kb/834484When you try to install an update for .NET Framework 1.0, 1.1, 2.0, 3.0 or 3.5, you may receive Windows Update '0 x 643' error code or error code Windows install "1603".
http://support.Microsoft.com/kb/923100/en-usThere is a thread on the problem installing AutoCad (both for the installation of 2011) found here: http://forums.autodesk.com/t5/Installation-Licensing/Autocad-2011-Installation-trouble-error-1603/td-p/2699162
-
Error log can be used with multi table insert?
I mean I want to insert into multiple tables and errors in the log for each table. Would this be possible?
I tried something like below:
in zzz_party)
name,
party_type,
domicile_ctry_id
) (the values
case
Where rn = null then 14
other name
end,
party_type,
domicile_ctry_id
) Journal of log errors in zzz_err_party ("INS1")
reject limit unlimited
in zzz_party2)
name,
party_type,
domicile_ctry_id
) (the values
name,
case
Where rn = null then 14
of other party_type
end,
domicile_ctry_id
)
Error log of journal zzz_err_party2 ("INS1")
reject limit unlimited
Select name, legal_name.
case
Where rownum = null then 14
of other party_type
end
-t.domicile_ctry_id, rownum rn
advantage t
WHERE name like 'A %' and rownum < = 100
;
And it does not work.
Is there a way to do what I thought without having a separate select insert for each table with its own errors in the log?
Whenever you have an error message the complete error message. "It doesn't work" is not an error message that others can understand.
Looking in your statement, there are some flaws of syntax. I have fixed the. Try this
insert all into zzz_party ( name , party_type , domicile_ctry_id ) values ( case when rn=14 then null else name end , party_type , domicile_ctry_id ) log errors into zzz_err_party ('ins1') reject limit unlimited into zzz_party2 ( name , party_type , domicile_ctry_id ) values ( name , case when rn=14 then null else party_type end , domicile_ctry_id ) log errors into zzz_err_party2 ('ins1') reject limit unlimited select name , legal_name , case when rownum=14 then null else party_type end party_type , t.domicile_ctry_id , rownum rn from party t where name like 'A%' and rownum<=100;
Maybe you are looking for
-
History and cache does not save
Recently, my firefox does not save browsing history and cache. Cookies, bookmark and other preferences are good. I tried all of the solutions that I can find. Reinstall, reset, delete user, disable the addon, change the config of privacy, etc. Y at -
-
Laptop turns off on off on off on--will not stop!
We have a dv6812nr Pavilion dv6700 model number that lights up for about 2 seconds (LED lights up but not black screen error message) but then goes off for a few seconds, then on, then turned off, then on, then off. Repeat this process until we have
-
Satellite A210 - 1 4 crashes when the disconnection of the power supply
Since installing Windows 7 on my laptop satellite A210 - 1 4, that I noticed that when I disconnect to change plug to the battery the computer freezes and must be hard reset. This never happened with Vista, so I think it's something to do with Window
-
NEITHER Vision Builder to tiara
Hello NOR the community. I built a system to measure through NI Vision Builder. Now I can record the measured data (only!) in a *.csv or *.txt file. I want to import the data measured in DIAdem automatically. Is there a better way to do it? Is there
-
sudden error "too many listeners on GPIB.
Out of the blue, I'm suddenly in the face of this "too many listeners on the GPIB" error, and my PC has found is more all instruments in NOR-MAX. I have a GPIB-USB-HS connected to my PC and 8 instruments (some HP4142b, Keithley instruments, electrici