pouvez anyConnect client + agent access own to expose my personal files?
Hello
Past VPN access required not either of these programs. But recently, the organization I work for has implemented "client anyConnect" and "clean access agent" VPN access. I wonder if this one is any way allows remote access or access to my files on my laptop? I have 2 laptops, 1 MAC running Snow Leopard and the other with Windows 7.
These are personal computers, I need to know before installing these programs.
Thank you
-Michael
Hello
Not really anyconnect is a VPN client to access your corporate network via SSL and own access evaluates whether your PC is complaint with the security policy and should not cause problems.
Thank you
Sunil-
Tags: Cisco Security
Similar Questions
-
AnyConnect client cannot access external sites
I am installing AnyConnect VPN with no split tunneling. ASA 5505 v8.2. It seems that it should be really easy. I must be missing something.
I can get AnyConnect users to connect very well and they can access internal sites and on other sites in IPSec tunnel. But no access to internet.
Internal 10.1.1.x pool VPN is 10.1.1.251 - 253 (list of Temp for the test). I have published the following plotter:
packet-tracer input outside tcp 10.1.1.253 12345 69.147.125.65 80 detailed
The last reported point (where it fails) is:
Phase: 7
Type: WEBVPN-SVC
Subtype: in
Result: DROP
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xda7e9808, priority=70, domain=svc-ib-tunnel-flow, deny=false
hits=364, user_data=0xcb000, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip=TempVPNPool3, mask=255.255.255.255, port=0
dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
Which means by SVC-WEBVPN?
A relevant config:
No ACLs, filters or limitations of policy group on HQ customers.
Security-same permit intra-interface
Global 1 interface (outside)On advice, I've added: nat (outside) 1 10.1.1.0 255.255.255.0, then I can get no tunnel guests outside guests, but then no IPSec.
Kind of a weird, that with this, the tracer of package does not change. Continue to deny shows, but the site is accessible.
When you say tunnel IPsec sites... is that the tunnels IPsec Site to Site on the SAA?
The command:
NAT (outside) 1 10.1.1.0 255.255.255.0
It should allow the AnyConnect customer pool for PATed to Internet.
If you need clients AnyConnect to access the Internet and the access to remote IPsec tunnels as well, you can do it with policy NAT:
access-list anyconnect deny ip 10.1.1.0 255.255.255.0 x.x.x.x
access-list anyconnect deny ip 10.1.1.0 255.255.255.0 y.y.y.y
access-list allowed anyconnect ip 10.1.1.0 255.255.255.0 any
NAT (outside) 1 access list anyconnect
Global 1 interface (outside)
With the above configuration, you are bypassing NAT for AnyConnect customers when they want to access remote sites through the IPsec tunnels (assuming that x.x.x.x and y.y.y.y for remote networks through these tunnels).
And the rest of the AnyConnect (10.1.1.0/24) pool will be PATed to Internet.
Federico.
-
Another computer can access my personal files across the LAN?
Some background info: I moved into my dorm to the school a few months ago and I'll use the dormitory internet via lan cable in my room. I'll also put ad hoc internet connection for my phone. Recently, I realized in the "computer > network" I am able to see a list of computers and media devices that is connected to the network "dormitory" via the lan cable. I had problems that these users may be able to see my computer and access my personal files.
I went to check my 'advanced sharing settings' and these are the following parameters, I had put: ' network discovery: on ', ' files and printers sharing: on "," public folder sharing: on "and finally" Sharing password protected: on»Since the discovery of the 'network' is on, my computer can be seen on the network too. I realized my "files and printers sharing" and "public folder sharing" was also lit and I was more worried about my computer being easily accessible by others in the dormitory network. However as my password protected sharing is turned on also, is it still possible for other computers to access my computer and my personal files?Thank you for your kind attentionIn the centre network and sharing, make your network a "Public network" rather than a "home network" or "work network".
This should have the effect to make the following settings in 'advanced sharing settings.
- Discovery - Off network
- Files and printers sharing - Off
- Public folder sharing - Off
If these parameters only to not configure this way, when you changed in 'Public network', to do so.
-
Connected with the temporary profile "I can't access all the windows apps or my personal files.
OT: Connected with the temporary profile.
When I log on my ASUS laptop, I tells me that I am being logged on with a temporary profile. I can't access windows applications or my personal files. It started after my laptop suddenly stopped while on internet explore. According to the event log, event ID 4608 created a change of security status and it is logged when LSASS. EXE starts and the audit system is being initialized. Is there anyway to stop this temporary profile/access and return to normal use?
Many things in Windows Vista and Windows 7 is still applicable to Windows 8.
Difficulty of a corrupted user profile
-
AnyConnect client can not access local network
Hello
I have a problem with the Cisco anyconnect. Once clients are connected they cannot access anything whatsoever, including their default gateway.
Pool of the VPN client is on the same subnet as the LAN (139.16.1.x/24). Local network clients can access DMZ, VPN clients can ping computers on the local network, but they cannot access the DMZ.
I guess that any rule providing that traffic is absent but I m new with Cisco ASA and I m totally lost. I read as much as I could on this topic, but I do not understand which rule is necessary.
Thank you very much in advance for your support.
ASA release 9.4 (1)
!
ciscoasa hostname
activate the encrypted password of WmlxhdtfAnw9XbcA
TA.qizy4R//ChqQH encrypted passwd
names of
mask 139.16.1.50 - 139.16.1.80 255.255.255.0 IP local pool Pool_139
!
interface GigabitEthernet1/1
nameif outside
security-level 0
192.168.1.100 IP address 255.255.255.0
!
interface GigabitEthernet1/2
nameif inside
security-level 100
IP 139.16.1.1 255.255.255.0
!
interface GigabitEthernet1/3
nameif DMZ
security-level 50
IP 172.16.1.1 255.255.255.0
!
interface GigabitEthernet1/4
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet1/5
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet1/6
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet1/7
Shutdown
No nameif
no level of security
no ip address
!
interface GigabitEthernet1/8
Shutdown
No nameif
no level of security
no ip address
!
Management1/1 interface
management only
nameif management
security-level 100
11.11.11.11 IP address 255.255.255.0
!
passive FTP mode
network obj_any object
subnet 0.0.0.0 0.0.0.0
internal subnet object-
139.16.1.0 subnet 255.255.255.0
network dmz subnet object
subnet 172.16.1.0 255.255.255.0
wialon Server external ip network object
Home 192.168.1.132
wialon-Server network objects
Home 172.16.1.69
Wialon-service-TCP object service
destination tcp source between 1 65535 21999 20100 service range
Wialon-service-UDP object service
destination service udp source between 0 65535 21999 20100 range
network of the NETWORK_OBJ_139.16.1.0_25 object
subnet 139.16.1.0 255.255.255.128
outside_acl list extended access permit tcp any object wialon-Server eq www
outside_acl list extended access allowed object Wialon-service-TCP any wialon-server object
outside_acl list extended access allowed object Wialon-service-UDP any wialon-server object
pager lines 24
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
MTU 1500 DMZ
management of MTU 1500
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
NAT (inside, outside) static source any any static destination NETWORK_OBJ_139.16.1.0_25 NETWORK_OBJ_139.16.1.0_25 non-proxy-arp-search to itinerary
!
network obj_any object
dynamic NAT (all, outside) interface
internal subnet object-
NAT dynamic interface (indoor, outdoor)
wialon-Server network objects
NAT (DMZ, external) service wialon Server external ip static tcp www www
Access-group outside_acl in interface outside
Route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
identity of the user by default-domain LOCAL
Enable http server
http 11.11.11.0 255.255.255.0 management
http 139.16.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
service sw-reset button
Crypto ipsec ikev2 AES256 ipsec-proposal
Protocol esp encryption aes-256
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES192
Protocol esp encryption aes-192
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES
Esp aes encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 proposal ipsec 3DES
Esp 3des encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal OF
encryption protocol esp
Esp integrity sha - 1, md5 Protocol
Crypto ipsec pmtu aging infinite - the security association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
domain name full ciscoasa.srdongato.null
E-mail [email protected] / * /
name of the object CN = srdongato
Serial number
Proxy-loc-transmitter
Configure CRL
Crypto ca trustpoint ASDM_Launcher_Access_TrustPoint_0
registration auto
full domain name no
name of the object CN = 139.16.1.1, CN = ciscoasa
ASDM_LAUNCHER key pair
Configure CRL
trustpool crypto ca policy
string encryption ca ASDM_TrustPoint0 certificates
certificate 09836256
30820381 30820269 a0030201 02020409 83625630 0d06092a 864886f7 0d 010105
05003050 31123010 06035504 03130973 72646f6e 6761746f 313 has 3012 06035504
05130b4a a 41443139 32323033 34343024 06092, 86 01090216 17636973 4886f70d
636f6173 612e7372 646f6e67 61746f2e 6e756c6c 31353132 30353036 301e170d
5a170d32 33333535 35313230 32303633 3335355a 30503112 30100603 55040313
09737264 6f6e6761 30120603 55040513 31393232 30333434 0b4a4144 746f313a
2a 864886 30240609 f70d0109 6973636f 02161763 6173612e 7372646f 6e676174
6f2e6e75 6c6c3082 0122300d 06092 has 86 01010105 00038201 0f003082 4886f70d
010a 0282 010100d 2 295e679c 153e8b6a d3f6131d 8ea646e3 aa0a5fa9 20e49259
ca895563 7e818047 033a4e8f 57f619e9 fa93bfd5 6c44141f b0abf2c0 8b86334e
bac63f41 99e6d676 c689dcf7 080f2715 038a8e1b 694a00de 7124565e a1948f09
8dbeffab c7c8a028 741c5b10 d0ede5e9 599f38fe 5b88f678 4decdc4b b 353, 6708
cfa2fbce f58be06e 18feba56 4b2b04a1 77773ec6 5c58d2ed d7ca4f17 980f0353
138bfe65 1b1165e6 7b6f94bb ab4d4286 e900178c 147a6dba 2427f38e e225030f
0a66d1eb 5075c57e 6d77e5bb 247f5bc3 8d3530f0 49dedf2d 21a24b5f daa08d98
690183cf e82a6b8d 5e489956 c5eecdbc 7fc2365c b629a52b 126b51e2 18590ed5
c9da8503 a639f102 03010001 a3633061 300f0603 551d 1301 01ff0405 30030101
ff300e06 03551d0f 0101ff04 86301f06 04030201 23 04183016 80143468 03551d
dec79103 0a91b530 1ada7e47 7e27b16d 4186301d 0603551d 0e041604 143468de
c791030a 91b5301a da7e477e 27b16d41 86300d 86f70d01 01050500 06 092 a 8648
003cdb04 03820101 8ef5ed31 c05c684b ad2b0062 96bfd39a ecb0a3fe 547aebe5
14b753e7 89f55827 3d4e0aa8 b8674e45 80d4c023 8e99a7b4 0907d 347 060a2fe4
fa6e0c2f 3b9cd708 a539c09f 7022d2ee fb6e2cf6 82b0e861 a2839a71 1512b3ec
e28664e9 732270c 9 d1c679d9 1eaf2ad5 31c3ff97 09aae869 88677a3d b 007, 5699
ecb3032e 2dd0f74f 81f9a8fb 79f30809 723bbdbf dfef4154 5ad6b012 a8f37093
481fa678 b44b0290 23390036 042828f3 5eefdc43 ebe52d26 78934455 9b4234a9
4146 166e5adc b431f12f 8d0fbf16 46306228 731c bfeebc43 34 76984 d2e6ebbc
88ca120a 96838694 d4f32884 963e7385 987ec6b0 dfa28d49 05ba5fa8 641bcfc7
ff92ac3c 52
quit smoking
string encryption ca ASDM_Launcher_Access_TrustPoint_0 certificates
Certificate 0 is 836256
308202cc a0030201 0202040a 0d06092a 83625630 864886f7 0d 010105 308201b 4
05003028 06035504 03130863 61736131 13301106 03550403 6973636f 3111300f
130a 3133 392e3136 2e312e31 31353132 30353036 35363236 5a170d32 301e170d
35313230 32303635 3632365a 30283111 55040313 08636973 636f6173 300f0603
61311330 11060355 0403130 3133392e 31362e31 2e313082 0122300d 06092 has 86
4886f70d 01010105 00038201 0f003082 010 has 0282 010100e7 a5c16e86 16c15a10
e018b868 bac7271a 30f1a3f8 ecb9c6b8 3ed4b1ad c9468f5e 287f2a7a 644f1496
c43a061e da927d09 a755b53e ed7c6a66 f2f1fb1e f944345c 86e08ce0 891c99b3
13101ab3 04963fad f91f987f 99f22a89 cd1e8c5a 5e4c026d 2cadd7b7 6620bbd1
b4a5135b 24ec886f fa061a06 dd536e96 1e483730 756c 4101 23f83a8d 944a7fbe
93c51d56 32ac0d17 ceb75f63 0ae24f07 f2c54e83 5b84ff00 16b0b899 c925c737
1765b 066 23 b 54645 bc419684 d09dd130 c1479949 68b0a779 df39b078 6fb0deb9
758b14c3 f0801faf f0ad60e1 a018ffba d769f867 3fe8e5fc 88ccc5b2 2319f5d4
617a78c4 74e7a64b 5c68276c 06ea57c1 d0ffce4b 358c4d02 03010001 300 d 0609
2a 864886 05050003 82010100 dff97c9f 4256fd47 8eb661fd d22ecea4 f70d0101
589eff09 958e01f1 a435a20e 5ed1cf19 af42e54d d61fc0ab cb2ee7ac 7fcb4513
1a44cc86 1e020d72 3a3f78d2 4 d 225177 857093d 9 f5fcf3c7 6e656d2b 54a0c522
f636b8cf 33c5ae34 ea340f32 85dff4c1 50165e7a e94de10b ced15752 0b3a76c1
2a50777b 20291106 a1a8a214 a 8 003716 680c15d4 ac3f7cc7 378f8f5f 38e3403f
f958c095 e549c8ed 4baf8cc5 bdcd230e 260754ea 953c3a4c eb01fef5 62b97e01
9f82ce6b f479dbdd 000c45af 8758b35f b4a958ee 32c4db3f 2ddc7385 dc05b0e3
78b609ba a9280841 2433ae87 5dd7a7c2 d5691068 1dc0eddc c23f99c5 3df8b1a5
aadbd82a 423f4ba8 563142bf 742771c 3
quit smoking
IKEv2 crypto policy 1
aes-256 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 10
aes-192 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 20
aes encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 30
3des encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 40
the Encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
Crypto ikev2 activate out of service the customer port 443
Crypto ikev2 access remote trustpoint ASDM_TrustPoint0
Telnet 139.16.1.0 255.255.255.0 inside
Telnet 11.11.11.0 255.255.255.0 management
Telnet timeout 5
without ssh stricthostkeycheck
SSH timeout 5
SSH group dh-Group1-sha1 key exchange
Console timeout 0
dhcpd outside auto_config
!
dhcpd address 172.16.1.69 - DMZ 172.16.1.69
dhcpd dns 87.216.1.65 87.216.1.66 DMZ interface
dhcpd option 3 ip 172.16.1.1 DMZ interface
dhcpd enable DMZ
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
SSL-trust outside ASDM_TrustPoint0 point
SSL-trust ASDM_Launcher_Access_TrustPoint_0 inside point
Trust ASDM_Launcher_Access_TrustPoint_0 inside the vpnlb-ip SSL-point
WebVPN
allow outside
AnyConnect image disk0:/anyconnect-win-3.1.12020-k9.pkg 1
AnyConnect profiles Wialon_client_profile disk0: / Wialon_client_profile.xml
AnyConnect enable
tunnel-group-list activate
Disable error recovery
internal GroupPolicy_Wialon group strategy
attributes of Group Policy GroupPolicy_Wialon
WINS server no
value of 192.168.1.1 DNS server
client ssl-VPN-tunnel-Protocol ikev2
by default no
WebVPN
AnyConnect value Wialon_client_profile type user profiles
dynamic-access-policy-registration DfltAccessPolicy
wialon_1 Wy2aFpAQTXQavfJD username encrypted password
wialon_2 4STJ9bvyWxOTxIyH encrypted password username
remote access to Wialon tunnel-group type
attributes global-tunnel-group Wialon
address pool Pool_139
Group Policy - by default-GroupPolicy_Wialon
tunnel-group Wialon webvpn-attributes
enable Wialon group-alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:447ec315ae30818a98f705fb1bf3fd75Hello
You don't have NAT exemption the DMZ network to the pool of VPN traffic.
Please try to add the following statement to run:
nat (DMZ,outside) 1 source static any any destination static NETWORK_OBJ_139.16.1.0_25 NETWORK_OBJ_139.16.1.0_25 route-lookup
Also please delete the existing instruction manual nat "non-proxy-arp" statement, because it can cause problems like you the ip subnet address pool is identical to that of the Interior of the network.no nat (inside,outside) source static any any destination static NETWORK_OBJ_139.16.1.0_25 NETWORK_OBJ_139.16.1.0_25 no-proxy-arp route-lookup nat (inside,outside) 1 source static any any destination static NETWORK_OBJ_139.16.1.0_25 NETWORK_OBJ_139.16.1.0_25 route-lookup
Cordially Véronique -
no client AnyConnect vpn internet access
AnyConnect vpn client no internet no access.
Here is the configuration. Help, please.
Thank you
Jessie
ASA Version 8.2 (1)
!
hostname ciscoasa5505
!
interface Vlan1
nameif inside
security-level 100
IP 172.16.0.1 255.255.0.0
!
interface Vlan2
nameif outside
security-level 0
IP address 69.x.x.54 255.255.255.248
!
interface Vlan5
Shutdown
prior to interface Vlan1
nameif dmz
security-level 50
DHCP IP address
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
DNS lookup field inside
DNS domain-lookup outside
DNS server-group DefaultDNS
Server name 172.16.0.2
Server name 69.x.x.6
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
object-group service TS-777-tcp - udp
port-object eq 777
object-group service Graphon tcp - udp
port-object eq 491
object-group service TS-778-tcp - udp
port-object eq 778
object-group service moodle tcp - udp
port-object eq 5801
object-group service moodle-5801 tcp - udp
port-object eq 5801
object-group service 587 smtp tcp - udp
EQ port 587 object
outside_access_in list extended access permit tcp any host 69.x.x.50 eq imap4
outside_access_in list extended access permit tcp any host 69.x.x.52 eq ftp
outside_access_in list extended access allowed object-group TCPUDP any object-group of 69.x.x.50 host smtp-587
outside_access_in list extended access permit tcp any host 69.x.x.52 eq telnet
outside_access_in list extended access permit tcp any host 69.x.x.52 eq ssh
outside_access_in list extended access allowed object-group TCPUDP any host object-group moodle-5801 69.x.x.52
outside_access_in list extended access permit tcp any host 69.x.x.52 eq smtp
outside_access_in list extended access permit tcp any host 69.x.x.52 eq https
outside_access_in list extended access permit tcp any host 69.x.x.52 eq www
outside_access_in list extended access permit tcp any host 69.x.x.50 eq ftp
outside_access_in list extended access permit tcp any host 69.x.x.50 eq smtp
outside_access_in list extended access permit tcp any host 69.x.x.50 eq pop3
outside_access_in list extended access allowed object-group TCPUDP any host 69.x.x.50 EQ field
outside_access_in list extended access permit tcp any host 69.x.x.50 eq https
outside_access_in list extended access permit tcp any host 69.x.x.50 eq www
outside_access_in list extended access allowed object-group TCPUDP any host 69.x.x.51 EQ field
outside_access_in list extended access allowed object-group TCPUDP any host TS-778 69.x.x.51 object-group
outside_access_in list extended access allowed object-group TCPUDP any host Graphon 69.x.x.51 object-group
outside_access_in list extended access permit tcp any host 69.x.x.51 eq https
outside_access_in list extended access permit tcp any host 69.x.x.51 eq www
outside_access_in list extended access allowed object-group TCPUDP any host TS-777 69.x.x.50 object-group
outside_access_in list extended access permit tcp any host 69.x.x.54 eq https
access extensive list ip 172.16.0.0 outside_cryptomap_1 allow 255.255.0.0 192.168.50.0 255.255.255.0
access extensive list ip 172.16.0.0 inside_nat0_outbound allow 255.255.0.0 192.168.0.0 255.255.255.0
inside_nat0_outbound list of allowed ip extended access all 172.16.0.32 255.255.255.224
access extensive list ip 172.16.0.0 inside_nat0_outbound allow 255.255.0.0 192.168.50.0 255.255.255.0
access extensive list ip 172.16.0.0 inside_nat0_outbound allow 255.255.0.0 192.168.1.0 255.255.255.0
inside_access_in of access allowed any ip an extended list
Standard Split-Tunnel access list permit 172.16.0.0 255.255.0.0
access-list SHEEP extended ip 172.16.0.0 allow 255.255.0.0 192.168.0.0 255.255.255.0
access-list SHEEP extended ip 172.16.0.0 allow 255.255.0.0 192.168.50.0 255.255.255.0
access-list SHEEP extended ip 172.16.0.0 allow 255.255.0.0 192.168.1.0 255.255.255.0
access-list SHEEP extended ip 172.16.0.0 allow 255.255.0.0 172.16.0.0 255.255.0.0
access extensive list ip 172.16.0.0 outside_cryptomap allow 255.255.0.0 192.168.0.0 255.255.255.0
access extensive list ip 172.16.0.0 outside_cryptomap_2 allow 255.255.0.0 192.168.1.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
MTU 1500 dmz
IP local pool VPN_Users 172.16.100.10 - 172.16.100.20 mask 255.255.255.0
IP local pool anypool 172.16.0.9 - 172.16.0.19 mask 255.255.0.0
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0 access-list SHEEP
NAT (inside) 1 0.0.0.0 0.0.0.0
public static 69.x.x.50 (Interior, exterior) 172.16.0.2 netmask 255.255.255.255
public static 69.x.x.51 (Interior, exterior) 172.16.1.2 netmask 255.255.255.255
public static 69.x.x.52 (Interior, exterior) 172.16.1.3 netmask 255.255.255.255
inside_access_in access to the interface inside group
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 69.x.x.49 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 172.16.0.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto outside_map 1 match address outside_cryptomap
card crypto outside_map 1 set pfs
card crypto outside_map 1 set 208.x.x.162 counterpart
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
card crypto outside_map 2 match address outside_cryptomap_1
card crypto outside_map 2 set pfs
card crypto outside_map 2 peers set 209.x.x.178
card crypto outside_map 2 the value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto outside_map 3 match address outside_cryptomap_2
card crypto outside_map 3 set pfs
card crypto outside_map 3 peers set 208.x.x.165
card crypto outside_map 3 game of transformation-ESP-3DES-SHA
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 5
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 1
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd outside auto_config
!
dhcpd address 172.16.0.20 - 172.16.0.40 inside
dhcpd dns 172.16.0.2 69.x.x.6 interface inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
allow outside
SVC disk0:/anyconnect-win-2.5.2014-k9.pkg 1 image
enable SVC
tunnel-group-list activate
attributes of Group Policy DfltGrpPolicy
Server DNS 172.16.0.2 value
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
Group Policy inside sales
Group sales-policy attributes
value of server DNS 172.16.1.2 172.16.0.2
VPN-tunnel-Protocol svc
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value split Tunnel
WebVPN
SVC mtu 1406
internal group anyconnect strategy
attributes of the strategy group anyconnect
VPN-tunnel-Protocol svc webvpn
WebVPN
list of URLS no
SVC request to enable default webvpn
username of graciela CdnZ0hm9o72q6Ddj encrypted password
graciela username attributes
VPN-group-policy DfltGrpPolicy
tunnel-group 208.x.x.165 type ipsec-l2l
208.x.x.165 group of tunnel ipsec-attributes
pre-shared-key *.
tunnel-group AnyConnect type remote access
tunnel-group AnyConnect General attributes
address anypool pool
strategy-group-by default anyconnect
tunnel-group AnyConnect webvpn-attributes
Group-alias anyconnect enable
allow group-url https://69.x.x.54/anyconnect
tunnel-group 208.x.x.162 type ipsec-l2l
208.x.x.162 tunnel ipsec-attributes group
pre-shared-key *.
tunnel-group 209.x.x.178 type ipsec-l2l
209.x.x.178 group of tunnel ipsec-attributes
pre-shared-key *.
!
Global class-card class
match default-inspection-traffic
!
!
World-Policy policy-map
Global category
inspect the icmp
!
service-policy-international policy global
context of prompt hostname
: end
Hello
You could start by adding the following configurations
permit same-security-traffic intra-interface
This will allow traffic to the VPN users access the interface ' outside ' of the SAA and to leave to the Internet using the same interface ' outside '. Without the above command, it is not possible.
Also, you need to add a NAT configuration for VPN Client users can use the Internet connection of the ASA
To do this, you can add this command
NAT (outside) 1 172.16.0.0 255.255.0.0
This will allow the PAT for the Pool of VPN dynamics.
Hope this helps
Don't forget to mark the reply as the answer if it answered your question.
Ask more if necessary
-Jouni
-
AnyConnect client cannot ping gateway
I'm currently implementing anyconnect for some users in our Organization. Once the clients connect to the VPN via. AnyConnect, they cannot access anything whatsoever, including their default gateway (via ping). I'm not sure what I did wrong, but it's a quick fix, a person can report to me. It's a little frustrating because I had this lab work, but can not see the obvious errors.
Pool VPN: 192.168.200.0/24
inside the ASA interface 192.168.2.1
Grateful for any help received.
Greg
:
ASA Version 8.2 (1)
!
hostname asaoutsidedmz
activate the encrypted 123 password
123 encrypted passwd
names of
!
interface Ethernet0/0
link to the description to the ISP router / WAN
nameif outside
security-level 0
IP address x.x.x.235 255.255.255.224
!
interface Ethernet0/1
internal LAN interface Description
Shutdown
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Ethernet0/2
description of the DMZ interface
nameif dmz
security-level 50
IP 192.168.2.1 255.255.255.0
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
!
boot system Disk0: / asa821 - k8.bin
passive FTP mode
clock timezone IS - 5
clock to summer time EDT recurring
DNS domain-lookup outside
DNS domain-lookup dmz
DNS server-group DefaultDNS
cisco.com-domain name
outside_access_in list extended access permit tcp any host x.x.x.232 eq www
outside_access_in list extended access permit tcp any host x.x.x.234 eq ssh
pager lines 24
Outside 1500 MTU
Within 1500 MTU
MTU 1500 dmz
management of MTU 1500
local pool SSLVPNDHCP 192.168.200.20 - 192.168.200.25 255.255.255.0 IP mask
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 621.bin
don't allow no asdm history
ARP timeout 14400
Global interface 10 (external)
Global interface (dmz) 10
NAT (inside) 10 0.0.0.0 0.0.0.0
NAT (dmz) 10 0.0.0.0 0.0.0.0
static (dmz, external) x.x.x.232 192.168.2.18 netmask 255.255.255.255
static (dmz, external) x.x.x.234 192.168.2.36 netmask 255.255.255.255
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 x.x.x.225 1
dynamic-access-policy-registration DfltAccessPolicy
RADIUS Protocol RADIUS AAA server
GANYMEDE + Protocol Ganymede + AAA-server
the ssh LOCAL console AAA authentication
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
No encryption isakmp nat-traversal
Telnet timeout 5
Console timeout 5
management-access inside
!
no statistical threat detection tcp-interception
WebVPN
allow outside
SVC disk0:/anyconnect-win-2.3.2016-k9.pkg 1 image
enable SVC
tunnel-group-list activate
internal group SSLVPN strategy
SSLVPN group policy attributes
value of SSL VPN profile banner
VPN - connections 1
VPN-idle-timeout 30
Protocol-tunnel-VPN l2tp ipsec svc
WebVPN
SVC request no svc default
attributes of Group Policy DfltGrpPolicy
Protocol-tunnel-VPN IPSec l2tp ipsec
username password privilege 123 encrypted test11 0
attributes of test11 username
type of remote access service
type tunnel-group SSLVPNTunnel remote access
attributes global-tunnel-group SSLVPNTunnel
address SSLVPNDHCP pool
Group Policy - by default-SSLVPN
tunnel-group SSLVPNTunnel webvpn-attributes
enable AgricorpVPN group-alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
inspect the pptp
!
global service-policy global_policy
context of prompt hostname
: end
A few things to look at. Firstly, interface e0/1 is the stop of the config above for connecting clients will not be able to achieve the devices on the "inside" of the SAA. Second, you don't have NAT 0 rules configured to exempt the return of LAN or DMZ traffic to the client IP pool.
-
Error in installing AnyConnect Client
During his installation of Cisco AnyConnect Secure Mobility Client, I got the error: "VPN client agent could not create the filing of interprocess communication."
Can I fix this error? What should do?
Hello
This is seen when internet connection sharing is enabled. (ICS) Internet connection sharing is not compatible with AnyConnect. You must disable ICS for correct functionality AnyConnect.
When you try to launch AnyConnect on a PC on which ICS is already running, AnyConnect returns this error message:Vpn client agent failed to create the repository of interprocess communication.
To resolve this issue, disable the ICS and restart AnyConnect.
How to disable ICS
(A) open network connectivity
1) start-> Control Panel-> network and Internet-> network and sharing Center
-> Manage network connections
(2) right-click the connection, and then click the sharing tab and ' t allow others
network users to connect through the internet connections to this computer check box.(B) stopping Service
Right click Computer-> Management-> Service and Application-> service->
Internet Connection Sharing (ICS)-> StopKind regards
Kanwal
Note: Please check if they are useful.
-
SSL VPN without disabled in ASA5505 after the Activation of the AnyConnect client
Hello everyone,
I am facing a problem with the VPN service in ASA 5505. Initially, I was using SSL VPN without customer who was working absolutely fine, no problem. Recently I bought AnyConnect Essentials License with license AnyConnect VPN, Mobile (for focusing on the Client SSL VPN Service for desktop and mobile respectively) and have activated these keys inside of the firewall. After that I may be able to connect to based on the VPN Client, using the AnyConnect client. Clientless VPN access is not allowing you to connect and displays an error (see the attached screenshot).
I created two VPN profiles Viz, basic (for clientless VPN) and rvsvpn (for client based VPN). Download the AnyConnect Client I can connect to the rvsvpn profile. But if I try to connect using the basic profile, it throws an error has been to what is displayed in the exhibition.
Please help me in this regard, as what can be done to use both the vpn connection profile. Or what the use of AnyConnect disables client access?
Waiting for your help.
Thanks in advance.
Samrat.
"Anyconnect essentials" in your configuration command to disable all profiles without customer (as well as other features that require the Premium license).
Essentials and Premium are mutually exclusive as the performance of duties. You can have both installed licenses, but only use one or the other (and never both at once) in your running configuration.
-
AnyConnect client perform on ASA Server cert revocation checking? Can be configured?
Environment: AnyConnect Secure Mobility Client v 3.1.04066
The AnyConnect client performs a check of the revocation of the certificate server returned by the SAA during an installation of the VPN program? If so, should I use the info on the AIA server certificate, or can the OCSP or URL CRLDP be configured in the client?
And server certificates revocation checking can be disabled (for example in the profile, or an update of the register)?
Note that I speak NOT of the SAA on the submitted client certificate revocation checking. All my extensive google-fu could only find information on this topic - but this is different, this is similar to a browser revocation checking on server of a Web site certificate.
We evaluate using an identity certificate from an internal CA for the VPN profile - but there is a catch-22/egg of the chicken problem if the AnyConnect client performs a check required of OCSP on cert, since there is no access to the OCSP URL until this only after connected. This could be resolved by having for example a CRLDP the external URL to a .crl file, or suppressor revocation checks in the AnyConnect client.
Thank you!
I think at some point, this has been replaced of anyconnect, because he was the cause of many problems, but has been reintroduced in anyconnect 4.1, but still not enabled by default. So no, I don't think that the version you are using is doing this.
-
AnyConnect client... SSL vs. IPSec
Hello
I have a few questions on the Anyconnect VPN remote access.
The anyconnect client works with SSL or IPSec ISAKMPv2? Y at - it no default or the default method?
Where you would identify what method you choose? The anyconnect client automatically detects the type (SSL or IPSec)-based VPN server? How does the SSL over IPSec works in this case? What is new ANyconnect 4.xclient?
I would say that 90% or more customers use SSL.
IPsec IKEv2 is used mainly by two categories of people:
1. those who have need of next gen cryptographic algorithms for legal or regulatory reasons
2. those who have had lovers, or CCIE candidates configure their VPN (joke - just a little bit)
Is, when it is implemented correctly, did a good job to secure your traffic.
The server (for example, the ASA) defines the method and the client that honors due to the associated connection profile that updates / downloads from the server.
This initial process, even if you have IPsec IKEv2, normally happens over SSL as part of the preamble of IPsec session establishment. Manually, you can eliminate this small, but it is generally more trouble that it's worth.
-
ASA5505 with 10 users. Need to connect 25 remote users with AnyConnect Client
Hello to everyone.
I ASA5505 with license 10 users. I need to connect 25 remote users via SSL VPN (in my case cisco Anyconnect client). So I have to buy the license more security (ASA5505-SEC-PL =) for more then 10 simultaneous VPN connections on Cisco ASA 5505. Fix?
And the main question. What I need to order the user getting up-to-date (for example ASA5505-SW-10-50 =, or ASA5505-SW-10-UL =) license for my device Cisco ASA5505 in order to have 25 connections of concurrent remote users without restriction for each remote user?
You need the license SecPlus for increased remote access users. But you don't need an extra user license if you still only up to 10 internal systems.
-
Sorry if this question has already been addressed in another thread. I looked and found nothing, so I post here.
We currently use the anyconnect client on of our ASA5520. The only question I have now is that the time-out is not
seem to work correctly. I have never disconnected Timeout Idle current group policy set to 30 minutes and customers
unless you disconnect manually.
At first, I thought that KeepAlive or DPD has some how this affects. But after testing, they seem not to be. It seems
that the timeout works everything simply. Anyone have any ideas of what I'm missing? Or the inactivity timeout function simply not work?
Thank you!
Jeff
I look at the idle time-out as inheritance characteristic due to the fact that modern operating systems is inherently chatty. If you run a sniffer on the AnyConnect AV and then let the PC for a few minutes, you can capture all kinds of packets to and from the client, even if you are not actively working on the PC. If your intention is to manage user sessions, you can set a max session. Once the maximum session time is reached, the user will be disconnected from the system. Users must then reconnect if they require a continuous network access. Dead Peer Detection is the mechanism used by the client or network to quickly detect a condition where the peer does not respond and the connection has failed. For example, in a perfect world, all users of AnyConnect will right-click on the icon and click on disconnect to gracefully disconnect the session. In reality, users might lose their connection to the Internet, on the eve of their PC when connected, etc.. Without DPD, head of network device will retain the now obsolete session information where the SSL client tries to reconnect. Needed manual intervention by an administrator to manually disconnect sessions. With DPD, the head can recognize the loss of conectivity to the customer and terminate the session information. DPD is a Hello and ACK process between client and server. If a series of Hello messages don't that would acknowledgment, the related session information are deleted from the client or server. It is maintained by SSL and is not connected to the network traffic related timeout.
Here are a few links for your reference. Please let me know if I can be more useful.
http://www.Cisco.com/en/us/docs/security/ASA/asa80/configuration/guide/SVC.html#wp1072975
http://www.Cisco.com/en/us/docs/security/ASA/asa80/configuration/guide/vpngrp.html#wp1134794
-
Impossible to ping anyconnect Client IP de ASA
Hello world
I can't connect to cisco anyconenct fine no problem.
When connected I ping the SAA in interface and other subnets that are behind the ASA inside the interface from the PC connected through the VPN.
My only problem is that of ASA, I cannot ping IP of 10.0.0.5.
ASA1 # sh anyconnect vpn-sessiondb
Session type: AnyConnect
User name: anyconnect_user index: 54
Assigned IP: 10.0.0.5 Public IP address: 192.168.98.2
Protocol: AnyConnect-Parent-Tunnel SSL DTLS-Tunnel
License: AnyConnect Essentials
Encryption: AnyConnect-Parent: (1) no SSL Tunnel: (1) AES128 DTLS-Tunnel: (1) AES128
Hash: AnyConnect-Parent: (1) no SSL Tunnel: (1) SHA1 DTLS-Tunnel: SHA1 (1)
TX Bytes: 12318 bytes Rx: 73502
Group Policy: anyconnect_group
Tunnel of Group: anyconnect_connection_profile
Connect time: 23:21:28 MST Friday, March 7, 2014
Duration: 0 h: 34 m: 33 s
Inactivity: 0 h: 00 m: 00s
Result of the NAC: unknown
Map VLANS: VLAN n/a: noI ping the switch connected to ASA inside interface
ASA1 # ping 10.0.0.2
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 10.0.0.2, time-out is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = ms 04/01/10
I can ping from the ASA inside interface
ASA1 # ping 10.0.0.1 - ASA inside interface
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 10.0.0.1, time-out is 2 seconds:
!!!!!
Success rate is 100 per cent (5/5), round-trip min/avg/max = 1/1/1 ms
ASA1 # ping 10.0.0.5
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 10.0.0.5, time-out is 2 seconds:
?????
Success rate is 0% (0/5)
ASA1 #.
Journal of the shows
March 7, 2014 23:00:52: % ASA-6-302020: built outgoing ICMP connection for 10.0.0.5/0(LOCAL\anyconnect_user faddr) gaddr laddr 192.168.1.171/1168 192.168.1.171/1168
March 7, 2014 23:01:02: % ASA-6-302021: connection of disassembly ICMP for faddr 10.0.0.5/0(LOCAL\anyconnect_user) gaddr laddr 192.168.1.171/1168 192.168.1.171/1168
Where IP 192.168.1.171 is ASA outside interface
Concerning
MAhesh
Hello Manu,
Have you tried to ping the network interior? Or the package from inside the source interface of the ASA? Remember, you should have some rules exemption nat for packets going through the VPN connection. That's how specify us which networks are allowed to join the VPN clients. If you ping without specify any interface the packet is going to come from the external interface, and probably this interface/subnet is not allowed through the VPN connection. Using split tunnel or tunnelall?
You can try to activate the management of access to the inside interface and the ping from the inside. These packages should hit the exemption nat rule and will be sent through the tunnel instead of the Internet.
These are the necessary commands:
To specify an interface as an interface of management only, enter the following command:
hostname(config)# management access inside
Then, you could do an inside 10.0.0.5 ping to ping the ASA AnyConnect client.
Notes on the access management command:
If your VPN tunnel ends on an interface, but you want to manage the ASA by accessing a different interface, you can identify this interface as an interface for management access. For example, if you enter the ASA of the external interface, this feature allows you to connect inside the interface by using ASDM, SSH, Telnet or SNMP. or you can test inside the interface at the entrance to the external interface. Management is accessible by the following VPN tunnels types: client IPsec, the client AnyConnect SSL VPN and IPsec LAN-to-LAN.
Hope this helps,
Luis
-
Wierd NAT with AnyConnect client behavior
Hello
I have a problem with our customers AnyConnect not being able to access a particular resource that exists on a 3rd party VPN.
Both the AnyConnect customers & 3rd Party Site to Site VPN terminate on the external Interface of the ASA.
There is a NAT configuration between the 3rd party and our ASA network so that we share the 192.168.40.0/24 subnet. 25 first is for 3rd party guests & the second 25 is for our guests.
We are trying to access a service on 192.168.40.10
The NAT rule that I have in place to achieve this goal is
Source = sub-VPN-network Dest = 192.168.40.0/25 = any Service
XLate Source = 192.168.40.129 (PAT) Dest = XLateService Original XLate = Original
With the NAT rule like this, the Web page only FACT NOT work. We get a Timeout of SYN, and looking at the logs, the AnyConnect client source address does not PAT would have to 192.168.40.129
BUT...
If I change the NAT rule for this...
Source = sub-VPN-network Dest = 192.168.40.0/25 = any Service
XLate Source = 192.168.40.129 (PAT) XLate Dest = 192.168.40.10 XLateService = Original
THIS WORKS! The source address does get PAT'd from 192.168.40.129.
BUT... the problem is now, that if the AnyConnect client attempts to access any other IP in 192.168.40.0/25, the destination address gets changed all the time at 192.168.40.10.
I am new to ASA 8.3, so I was wondering if I'm missing something with how NAT rules changes since earlier versions of ASA...
Can anyone help?
Thank you
Mario Rosa
Hello
The only reason to see a NAT rule that is configured at the top for not having applied are
- The "permit same-security-traffic intra-interface" is NOT configured, but in this case, it's since we have already taken the exit "packet-tracer"
- There is of course the possibility that networks of NAT rules match any traffic entering the ASA
- Naturally, there is the change of a bug that there were several.
If there is no clear reason for the rules does not match NAT do not, then I suggest opening a case of TAC or upgrade / downgrade to another level of software to determine if an error is the cause.
I don't know if you mentioned the software level that you use?
-Jouni
Maybe you are looking for
-
How can I move files to the system folder?
Hi all I was wondering how to move files to the system folder. With the update to El Capitan and the former program is no longer works and the developer suggests moving some files on the system folder that should fix it, but even if an administrator
-
P200 DVD player does not appear an image with the Toshiba software.
Hello I just posted this question a few hours before, but it seems to have disappeared from the forum, so go again us. When I use the Toshiba Software to play a DVD, I get no image, although the interface commands and the sound is very good. The DVD
-
I have an iPhone 5 c which needs repair and no will power not to be able to restore the phone to factory settings. If I give the phone a friend and remove my SIM card they can place their SIM card in the phone once the repair completed and turn the
-
Hi - the good soul who has created the Mini for us got IDs/passwords mixed up. I will be the main user, but my spouse name & IDs entered everything first. How can I edit the ads. She wants to use the device much less often than me. Also, my e-mail
-
computer pc laptop pavilion g4-2202tx windows 7driver download
my pc is pavilion g4-2202TX windows 8 os .This is not supported for my business software because I change windows8 os to windows 7 .so please give me drivers windows 7