Problem of AAA in ASA
Hi all
I had configured Ganymede on ASA, but the problem is when I m try to Telnet it authenticates me with my username & password on ACS, but I can't pass the privilege level 15 such that configured on ACS. Its asking me to activate password n not taking password is the GBA. I used the authorization of Shell for privilege 15. Done on ASA configuration is:
name 172.30.xx.xx DCC-1
name 172.30.yy.yy DCC-2
Ganymede + Protocol Ganymede + AAA-server
AAA-server Ganymede + host DCC-1
Cisco key
AAA-server Ganymede + host DCC-2
Cisco key
AAA authentication telnet console Ganymede + LOCAL
AAA authentication telnet console Ganymede + Ganymede +.
the AAA authentication console ssh Ganymede + LOCAL
AAA authentication enable console LOCAL + Ganymede
activate the encrypted password of V3VzjwYzTRfTLwOb
activate the encrypted password of V3VzjwYzTRfTLwOb
piyush vkCzRtKCaNG.HI6s encrypted privilege 15 password username
ideanoc encrypted S0qrUlXOHFcX7LCw privilege 15 password username
Even added my user name & password in the local data base on ASA as on ACS. Still no progress...
Can all give his suggestion on the same.
Kind regards
Piyush
I ask not for the level of private shell 15 but enable privileges. Which must be set to 15 GBA---> user configured---> options enable---> Max privilege for any customer AAA--> 15
Tags: Cisco Security
Similar Questions
-
Problem of pptp Windows ASA 8.4 (4) 1
Hi all
I hope someone can help I have an ASA 5505 that replaces a legacy firewall. Everything works apart from the Dáil in pptp sessions. These are sent to the windows 2003 server.
See below for my config, I'm really stuck now. See below for my config
ASA 4,0000 Version 1
!
hostname ITEFW01
domain ite.local
activate the encrypted password of X/3Ef.pSbYW/QCVY
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Ethernet0/0
switchport access vlan 2
Speed 100
full duplex
!
interface Ethernet0/1
Speed 100
full duplex
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
the IP 10.0.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 83.218.142.244 255.255.255.248
!
passive FTP mode
DNS server-group DefaultDNS
domain ite.local
network obj_any object
subnet 0.0.0.0 0.0.0.0
network of the External01 object
Home 83.218.142.242
external description
the object Exchange service
tcp destination eq smtp service
network of the External02 object
Home 83.218.142.243
VPN description
service of the PPTP01 object
tcp destination eq pptp service
service of the PPTP02 object
tcp destination eq whois service
network of the External03 object
Home 83.218.142.243
Description address VPN
service object HTTPS
tcp destination eq https service
network of the ITEServer object
host 10.0.0.2
ITE server description
network of the ITEServer02 object
host 10.0.0.3
object-group service Blackberry01 tcp - udp
Description Blackberry01
port-object eq 3101
object-group service Blackberry02 tcp - udp
Description of the Ports of Blackberry
port-object eq 4101
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
the BrianBass object-group network
Email Filtering Proxy description
object-network 217.64.175.0 255.255.255.0
host of the object-Network 62.133.28.58
object-network 83.246.65.0 255.255.255.0
host of the object-Network 87.224.100.82
host of the object-Network 87.224.86.194
network-object 94.100.128.0 255.255.255.240
inside_access_in list extended access permit icmp any one
inside_access_in of access allowed any ip an extended list
inside_access_in list extended access will permit a full
global_access list extended access allow icmp a whole
outside_access list extended access allow accord any object ITEServer
outside_access list extended access permit tcp any object ITEServer eq 1701
outside_access list extended access permit tcp any object ITEServer eq pptp
outside_access list extended access allow HTTPS object any object ITEServer
outside_access list extended access allow object Exchange object-group Brian
s object ITEServer
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
!
network of the ITEServer object
NAT External01 static (inside, outside)
!
NAT source auto after (indoor, outdoor) dynamic one interface
inside_access_in access to the interface inside group
Access-group outside_access in interface outside
Access-Group global global_access
Route outside 0.0.0.0 0.0.0.0 83.218.142.241 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:0
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
AAA authentication LOCAL telnet console
Enable http server
http 192.168.1.0 255.255.255.0 inside
http 10.0.0.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmst cold start
Crypto ca trustpoint _SmartCallHome_ServerCA
Configure CRL
Crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308204 4 a0030201 d 308205ec 0202106e cc7aa5a7 032009b 8 cebcf4e9 52d 49130
010105 05003081 09060355 04061302 55533117 ca310b30 0d 864886f7 0d06092a
30150603 55040 has 13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313 has 3038 06035504
0b 133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 7a 656420 75736520 6f6e6c79 31453043 06035504 03133c 56 686f7269
65726953 69676e20 436c 6173 73203320 5075626c 69632050 72696 72792043 61 d
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d 3230 30323037 32333539 35395a 30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b 131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 5465726d 20757365 20617420 73206f66 39060355 040b 1332
68747470 7777772e 733a2f2f 76657269 7369676e 2e636f6d 2f727061 20286329
302d 0603 55040313 26566572 69536967 61737320 33205365 6e20436c 3130312f
63757265 20536572 76657220 20473330 82012230 0d06092a 864886f7 4341202d
010101 05000382 010f0030 82010 0d has 02 b187841f 82010100 c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 d188786c 83488174 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8 63cd
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 01 has 38201 02030100 df308201
082b 0601 05050701 01042830 26302406 082 b 0601 db303406 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1 d 130101
ff040830 02010030 70060355 b 200469 30673065 060, 6086 480186f8 1 d 060101ff
45010717 03305630 2806082b 06010505 07020116 1 c 687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302 has 06 082 b 0601 05050702 02301e1a
1 c 687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029 has 027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 2d67352e 70636133 63726c 30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c 59305730 55160969 5da05b30 04 61305fa1
6 d 616765 2f676966 3021301f 2b0e0302 30070605 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1 b 311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301D 0603
445 1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355 c 1604140d 551d0e04
1 230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300 d 0609 d
2a 864886 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80 f70d0101
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c 265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
99 c 71928 8705 404167d 1 273aeddc 866d 24f78526 a2bed877 7d494aca 6decd018
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit smoking
Telnet 10.0.0.0 255.255.255.0 inside
Telnet timeout 5
SSH timeout 5
SSH group dh-Group1-sha1 key exchange
Console timeout 0
dhcpd outside auto_config
!
dhcpd address 10.0.0.10 - 10.0.0.132 inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
username
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
inspect the pptp
World-Policy policy-map
class class by default
inspect the pptp
!
service-policy-international policy global
context of prompt hostname
anonymous reporting remote call
Cryptochecksum:59ea3f04159c32cce049d9654c6ade4d
: end
ITEFW01 #.
I have to admit that I don't know if PPTP requires nothing else was open.
But the most common problem is usually lack the "inspect pptp" you have.
I suggest you simply followed the ASA through the ASDM while trying the VPN connection to eliminate situations where the firewall might block connections
There isn't a lot of NAT rules on the firewall itself that I can't prevent connections
You can use the command "packet - trace" to ensure that the firewall (or would rather) to certain connection tent
entry Packet-trace out tcp 1.2.3.4 1234
-Jouni
-
Problem with the Cisco ASA 5525 X SFR and Firesight high school
Hi team,
We have two ASA 5525 X installed on them and Firesight in a Linux VM whose two SFRs are registered with SFR failover mode. We use the SAA secondary off the hook if the primary fails to turn on the secondary manually switch the wan cable. I turn on the ASA secondary every weekend to take the configuration of the primary for the ASA and the SFR and close by button walk / stop.
Last week I turn on high school ASA and the Firesight couldn't see the secondary SFR and show the message below:
Module device heartbeat: device
> don't send heartbeats. (I should mention I can Pinger the IP ADDRESS)
I tried to study the problem without success.
I also deleted the sensor just Firesight devices management in case something is stuck, and I'm trying to re added without success.
I'm new in firepower so... any ideas?
Thank you
Finally, this problem has been resolved by the redefinition of firepower:
see detailed here procedure to perform this redefinition;
http://www.Cisco.com/c/en/us/support/docs/security/ASA-firepower-service...
Before that, it appeared that firepower was not very healthy:
After a success "" configure Manager add xxxxx"command.
the command of managers show show nothing;
He should have shown this result:
> Display managers
Host: 193.193.2.75
Registration key: AZERTY
Inscription: pending
State of the PRC:on the other hand, in expert mode, the following command shows several processes (and not in the normal state):
sudo pmtool status | grep-i down
Last point,
After the recreation and reconfigure all this fire power, installed in the ASA secondary standby, was considered to be OK under Firesight health Monitor,.
but after 10mins, it appeared in critical condition with the following message:
"Interface"DataPlaneInterface0"receives not all packages.
This is normal and due to the fact that Eve ASA receives no flow and the same goes for firepower inside this ASA;
by performing a failover from the primary to the secondary ASA, this critical message disappeared for firepower inside the ASA Sec and appeared for firepower inside the ASA elementary school
-
Hello
I would like to set up and test AAA on a Cisco ASA (5505 or 5510).
1 are there any other tools or server required to use this feature? And you have good configuration guides?I already tested a CDA of Cisco. He was able to show users active directory and their IP equivalent.
2. do you have a brief explanation what kind of opportunities I have with this server/tool? It is perhaps usable for the AAA mentioned on the SAA?Thanks in advance
Best regards
1. Yes, you need a Radius like Windows Server NPS or RADIUS server such as Cisco ACS/ISE server.
2. He's just a man in the middle of the ADC, you will always need an AAA server: radius or Ganymede (see # 1).
-
Problem setting out by ASA 5505 VPN
While inside a network secured by an ASA 5505, I can't establish a PPTP VPN on. The ASA will connect the following:
09-2009 20:50:09 creating 305006 24.13.209.125 regular translation failed for the internal protocol 47 src: 192.168.132.108 dst outside:xxx.xxx.xxx.125
I looked at the msg of error in line, but for some reason, I'm just not understand what he says. How can I fix it? Let me know if you have any questions... Thank you guys!
Colombia-British
Hello
Enable pptp inspection
pixfirewall (config) #policy - map global_policy
pixfirewall(config-pmap) #class inspection_default
pixfirewall (config-pmap-c) #inspect pptp
Go to this link for the use of pptp/gre info background detail under various codes.
Concerning
-
Problem starting of an ASA (9.0) config file to disk1
The State of Cisco web site:
By default, the ASA boots a boot configuration which is a hidden file. You can also set any configuration to the startup configuration by entering the following command:
HostName (config) # boot config {disk0: / | disk1: /} [path/]filenameWhen I put this command, wr mem and reload the ASA, it does not come to the top with the correct configuration.It comes up with the old configuration, and it also to zero the curve on the corresponding on my disk1.config reg is set to 0x1.What Miss me?Hi Jimmyc_2,
First copy the running configuration file in disk0/1/or no matter what path you want, and then start the command config like below.
copy, run disk0:/.private/startup-config
boot config disk0:/.private/startup-config
WR memI think that changes to configuration boot path commands where ASA can extract the default startup configuration file, it will load hidden file, but if change you it during boot, it will take care of the place where you explicitly set.
HTH
Murali.
-
Problem with the Cisco ASA vpn redundancy?
Hi all
I have a series ASA 5500 firewall and need to set a different peer ip for the connection of site2sitevpn. In fact, my goal is, ASA tent first pair ip of the site2site tunnel, when ASA may not reach this ip, try to reach another ip I set before. I can configure this scenerio on Cisco router with this command;
crypto map tohub 1 ipsec-isakmpset peer 10.1.1.1 default
set peer 10.2.2.2
but I wonder what can I do about ASA?
Thank you.
Best regards.
Shane,
You can configure multiple IP addresses, under the same entry of homologous set on ASA, but it works the same on IOS with preferred peer, it passes between defined peer.
Marcin
-
Problem connecting l2l on ASA 5510
I have setup VPN connections 2. a concentrator 3000 seller and the second to a branch.
The branch connects with a L2L type, however the connection of my suppliers is a type of 'user '. I have to rebuild the connection and the same thing happens.
piece of the screen the crypto isa HS
1 peer IKE: 68.xxx.xxx.xxx
Type: L2L role: answering machine
Generate a new key: no State: MM_ACTIVE
2 IKE peers: 12.xxx.xxx.xxx
Type: user role: initiator
Generate a new key: no State: MM_WAIT_MSG2
the only difference in the config, it's that the seller uses a set of transformation of
Crypto ipsec transform-set aes - esp esp-md5-hmac seller
and using the branch is
Crypto ipsec transform-set esp-3des esp-sha-hmac branch
any help?
Set transformation acceptable combinations include:
(1) ah-md5-hmac
ESP - 2)
(3) esp-3des and hmac-md5-esp
(4) ah-sha-hmac and esp - an and hmac-sha-esp
(5) comp-lzs and hmac-sha-esp and esp - aes (as a general rule, all comp-lzs transformation can be included in any legal combination that does not already include the transformation of the model-lzs.)
(6) esp-seal and esp-md5-hmac
Try to use 'esp-3des esp-sha-hmac' or 'aes - esp and esp-md5-hmac' at the ends of the seller and branch.
See the following url for more information:
http://www.Cisco.com/en/us/docs/iOS/12_3t/secur/command/reference/sec_c2gt.html#wp1199028
-
ACS 5.4 ASA 8.2.5 disable AAA for the particular user
Hello!
I want to disable journaling Ganymede + for the particular user. This user is used only for automated (python script) pooling of vpn tunnel ASA (limited command set - permission on ACS) group to verify the number of users authenticated via VPN. The problem is that this user generate a bunch of logs according to authentication authorization and accounting on ACS. Is there a solution, disable Ganymede + newspapers on ACS for this particular user? Maybe it is possible to modify the AAA on ASA to not connect this particular user?
Thanks in advance.
Hi Pawel,
You can create filters collection for that specific user. When you configure monitoring filters & Report Viewer does not record these events in the database.
Navigate to: Configuration of the analysis > System Configuration > filters Collection > add a filter
What follows is the attributes that can be used. You must use the user.
-Access service
-User
-Mac-add
-Nas - IP
Example: We get several hits of ASA by 'user' and we want ACS to ignore it. Create a filter by using the user. ACS must now ignore any attempt from the IP Address of the NAS.
Jatin kone
-Does the rate of useful messages- -
VPN Tunnel access to several subnets ASA 5505
Greetings,
We spent a little time trying to configure our ASA 5505 in order to TUNNEL into several different subnets. Subnets include 192.168.1.0 / 192.168.2.0 / 192.168.10.0
Someone is about to review this setup running and indicate where we have gone wrong. When I connect via the VPN Client, I can access the 192.168.1.0 network, no problem. But fail to reach the other two. Thank you very much.
Output from the command: 'show running-config '.
: Saved
:
ASA Version 8.2 (5)
!
hostname BakerLofts
activate kn7RHw13Elw2W2eU encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 12
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.254 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 74.204.54.4 255.255.255.248
!
interface Vlan12
nameif Inside2
security-level 100
IP address 192.168.10.254 255.255.255.0
!
passive FTP mode
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
vpn_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
outside_access_in of access allowed any ip an extended list
inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.3.0 255.255.255.0
Inside2_access_in of access allowed any ip an extended list
permit Inside2_nat0_outbound to access extended list ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
MTU 1500 Inside2
IP local pool vpn 192.168.3.1 - 192.168.3.254 mask 255.255.255.0
no failover
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_nat0_outbound
NAT (inside) 1 0.0.0.0 0.0.0.0
NAT (outside) 0 192.168.3.0 255.255.255.0 outside
NAT (Inside2) 0-list of access Inside2_nat0_outbound
NAT (Inside2) 1 0.0.0.0 0.0.0.0
Access-group outside_access_in in interface outside
Access-group Inside2_access_in in the interface Inside2
Route outside 0.0.0.0 0.0.0.0 74.204.54.1 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
AAA authentication enable LOCAL console
AAA authentication LOCAL telnet console
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
Crypto ca trustpoint _SmartCallHome_ServerCA
Configure CRL
Crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308204 4 a0030201 d 308205ec 0202106e cc7aa5a7 032009b 8 cebcf4e9 52d 49130
010105 05003081 09060355 04061302 55533117 ca310b30 0d 864886f7 0d06092a
30150603 55040 has 13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313 has 3038 06035504
0b 133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 7a 656420 75736520 6f6e6c79 31453043 06035504 03133c 56 686f7269
65726953 69676e20 436c 6173 73203320 5075626c 69632050 72696 72792043 61 d
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d 3230 30323037 32333539 35395a 30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b 131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 5465726d 20757365 20617420 73206f66 39060355 040b 1332
68747470 7777772e 733a2f2f 76657269 7369676e 2e636f6d 2f727061 20286329
302d 0603 55040313 26566572 69536967 61737320 33205365 6e20436c 3130312f
63757265 20536572 76657220 20473330 82012230 0d06092a 864886f7 4341202d
010101 05000382 010f0030 82010 0d has 02 b187841f 82010100 c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 d188786c 83488174 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8 63cd
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 01 has 38201 02030100 df308201
082b 0601 05050701 01042830 26302406 082 b 0601 db303406 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1 d 130101
ff040830 02010030 70060355 b 200469 30673065 060, 6086 480186f8 1 d 060101ff
45010717 03305630 2806082b 06010505 07020116 1 c 687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302 has 06 082 b 0601 05050702 02301e1a
1 c 687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029 has 027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 2d67352e 70636133 63726c 30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c 59305730 55160969 5da05b30 04 61305fa1
6 d 616765 2f676966 3021301f 2b0e0302 30070605 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1 b 311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301D 0603
445 1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355 c 1604140d 551d0e04
1 230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300 d 0609 d
2a 864886 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80 f70d0101
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c 265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
99 c 71928 8705 404167d 1 273aeddc 866d 24f78526 a2bed877 7d494aca 6decd018
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit smoking
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet 192.168.1.0 255.255.255.0 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd outside auto_config
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal vpn group policy
attributes of vpn group policy
value of server DNS 8.8.8.8
Protocol-tunnel-VPN IPSec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list vpn_splitTunnelAcl
username, password samn aXJbUl92B77AGcc. encrypted privilege 0
samn attributes username
Strategy-Group-VPN vpn
username password encrypted QUe2MihLFbj2.Iw0 privilege 0 jmulwa
username jmulwa attributes
Strategy-Group-VPN vpn
jangus Uixpk4uuyEDOu9eu username encrypted password
username jangus attributes
Strategy-Group-VPN vpn
vpn tunnel-group type remote access
VPN tunnel-group general attributes
vpn address pool
Group Policy - by default-vpn
Tunnel vpn ipsec-attributes group
pre-shared key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
anonymous reporting remote call
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end
I see two problems:
1. your ASA has not an interior road to the Incas inside networks. You must add:
Route inside 192.168.2.0 255.255.255.0
Route inside 192.168.10.0 255.255.255.0
.. .specifying your gateway address of these networks.
2. the statement "access-list standard vpn_splitTunnelAcl permit 192.168.1.0 255.255.255.0" sends only a route for 192.168.1.0/24 to your customer. You need to add entries for the other two networks.
-
4.2 of the ACS and EAP - TLS with AD and prefix problem
Hello
We have the following situation:
-2 X ACS (ACS SE 4.2 1 x and 1 x 4.2 ACS) for domain
-2 x ACS (ACS SE 4.2 1 x and 1 x 4.2 ACS) for domain b.
First of all, there is a problem to have an ACS SE and a CBS work together for an area, I do not? When we haven't had that one area and the two SE ACS were responsible for domain A, it worked.
Now after the changes, authentication of machine with EAP - TLS is no longer in effect. In the newspapers, it always says that "external user DB is unknown" for a username (machine) as host/abc.domain.ch
This is the normal output of the Remote Agent, he finds the host but then nothing happens:
CSWinAgent 2009-11-30 16:32:13 0140 3672 0x0 customer who connects from x.x.x.x:2443
CSWinAgent 2009-11-30 16:32:14 0507 3512 0x0 CPP: NT_DSAuthoriseUser received
CSWinAgent 2009-11-30 16:32:14 0474 3512 0x0 NTLIB: Creating Domain cache
CSWinAgent 2009-11-30 16:32:14 0549 3512 0x0 NTLIB: domain Cache loading
CSWinAgent 2009-11-30 16:32:14 0646 NTLIB 3512 0x0: none of the trusted domains found
CSWinAgent 2009-11-30 16:32:14 0735 3512 0x0 NTLIB: cache loaded field
CSWinAgent 2009-11-30 16:32:14 2355 3512 0x0 NTLIB: user "host/abc.domain.ch" found [FIELD]
CSWinAgent 2009-11-30 16:32:14 0584 0 x 3512 0 RPC: NT_DSAuthoriseUser response sentSo I did a test of the ASA to see if the host is a problem (until changes have been made it was not a problem):
AAA authentication RADIUS host 10.3.1.9 username host/abc.domain.ch to test (the ASA becomes the host / entry for the correct Windows scheme with the $):
CSWinAgent 2009-11-30 15:39:23 0140 3672 0x0 customer who connects from x.x.x.x:1509
CSWinAgent 2009-11-30 15:39:23 0390 0 x 3728 0 RPC: NT_MSCHAPAuthenticateUser received
CSWinAgent 2009-11-30 15:39:23 0474 3728 0x0 NTLIB: Creating Domain cache
CSWinAgent 2009-11-30 15:39:23 0549 3728 0x0 NTLIB: domain Cache loading
CSWinAgent 2009-11-30 15:39:23 0646 NTLIB 3728 0x0: none of the trusted domains found
CSWinAgent 2009-11-30 15:39:23 0735 3728 0x0 NTLIB: cache loaded field
CSWinAgent 2009-11-30 15:39:23 1762 3728 0x0 NTLIB: had WorkStation CISCO
CSWinAgent 2009-11-30 15:39:23 1763 3728 0x0 NTLIB: Windows authentication attempts for user ABC$
CSWinAgent 2009-11-30 15:39:23 1815 3728 0x0 NTLIB: Windows authentication FAILED (Error 1326 L)
CSWinAgent 2009-11-30 15:39:23 0373 3728 0x0 NTLIB: retry authentication to the domain
CSWinAgent 2009-11-30 15:39:23 0549 3728 0x0 NTLIB: domain Cache loading
CSWinAgent 2009-11-30 15:39:23 1762 3728 0x0 NTLIB: had WorkStation CISCO
CSWinAgent 2009-11-30 15:39:23 1763 3728 0x0 NTLIB: Windows authentication attempts for user ABC$
CSWinAgent 2009-11-30 15:39:23 1815 3728 0x0 NTLIB: Windows authentication FAILED (Error 1326 L)
CSWinAgent 2009-11-30 15:39:23 0456 0 x 3728 0 RPC: NT_MSCHAPAuthenticateUser response sentIt is clear that the test failed because of the bad 'past to a computer' but it's a different output as before. I saw that in ACS 4.1, you can change the prefix of send_break_action for nothing, but in 4.2 it is no longer possible.
This could be the problem, or if someone sees no other problem?
Best regards
Dominic
Hello
I encounter the same problem with my acs. I have all of the attempts failed for the default group. For the default group made configuration is not available. Is - this thereason behind all this?
-
Hello all, I have problem with an IPSec tunnel and always looking what is exatly the problem. Have 2 ASA AAA. AA. AAA. A and BBB. BB. BBB. B where BBB. BB. BBB. B has 2 interfaces LAN is another DSL modem. When there is no problem with LAN tunnel is ACTIVE, but when I ALS rocking a few errors on the tunnel:
IP = AAA. AA. AAA. One, received an INVALID_COOKIE unencrypted notify message, drop
IP = AAA. AA. AAA. A, package in double Phase 1 detected. Retransmit the last packet.
SH isakmp sa is:
ITS enabled: 1
Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
Total SA IKE: 1
1 peer IKE: AAA. AA. AAA. A
Type: user role: initiator
Generate a new key: no State: MM_WAIT_MSG4
If the router is waiting for ack but not expected and there is no package.
At both ends, I deleted:
cry clear isa
cry clear ipsec
I checked the peer addresses are correct, what is bodering me, it's the missing package. I think that this packet is sent to the other interface which is down and so the other ASA cannot get the negotiation.
I will be grateful if anyone can help, I'll debug and sniff for that.
Here are the configs and small on isakmp debug information
Router AAA. AA. AAA. A config:
outside_cryptomap_60 list of allowed ip extended access object-US-VPN VPN - US group object
Route outside 0.0.0.0 0.0.0.0 XXX. XX. XX.1 1
Crypto ipsec transform-set ESP-AES-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
card crypto outside_map 60 match address outside_cryptomap_60
game card crypto outside_map 60 peers BBB. BBB. BB. B CC. CCC. C.CCC
card crypto outside_map 60 value transform-set ESP-AES-SHA
life safety association set card crypto outside_map 60 28800 seconds
card crypto outside_map 60 set security-association life kilobytes 4608000
outside_map interface card crypto outside
ISAKMP allows outside
part of pre authentication ISAKMP policy 10
ISAKMP policy 10 3des encryption
ISAKMP policy 10 sha hash
10 2 ISAKMP policy group
ISAKMP life duration strategy 10 86400
tunnel-group BBB. BBB. BB. B type ipsec-l2l
tunnel-group BBB. BBB. BB. B ipsec-attributes
pre-shared-key *.
ASA BBB. BB. BBB. B:
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-AES-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
card crypto outside_map 1 match address outside_cryptomap_1
card crypto outside_map 1 set of AAA peers. AA. AAA. A
card crypto outside_map 1 the value transform-set ESP-SHA-3DES ESP-AES-SHA
outside_map interface card crypto outside
card crypto outside_map interface outsideadsl
crypto ISAKMP allow inside
crypto ISAKMP allow outside
ISAKMP crypto enable outsideadsl
crypto ISAKMP policy 10
preshared authentication
3des encryption
sha hash
Group 2
life 86400
ISAKMP crypto am - disable
debugging isakmp 127
28 Dec 11:58:01 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
28 Dec 11:58:01 [IKEv1]: IP = AAA. AA. AAA. A, IKE initiator: New Phase 1, Intf inside, IKE Peer AAA. AA. AAA. A local Proxy 192.168.0.0, address remote Proxy 192.167.0.0, Card Crypto (outside_map)
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Building ITS ISAKMP payload
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Payload has, worm 02 NAT-Traversal vid construction
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Payload has, worm 03 NAT-Traversal vid construction
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. A, building Fragmentation VID + load useful functionality
28 Dec 11:58:01 [IKEv1]: IP = AAA. AA. AAA. A, IKE_DECODE SEND Message (msgid = 0) with payloads: HDR + SA (1) the SELLER (13) + the SELLER (13), SELLER (13) + (0) NONE total length: 148
28 Dec 11:58:01 [IKEv1]: IP = AAA. AA. AAA. One Message RECEIVED from IKE_DECODE (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 108
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. ITS payload processing
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Oakley proposal is acceptable
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. VID payload processing
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. A, received Fragmentation VID
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. A, IKE Peer included IKE fragmentation capability flags: Main Mode: Mode aggressive True: True
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Construction ke payload
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Construction nonce payload
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Building Cisco Unity VID payload
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Xauth V6 VID payload construction
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. A, Send IOS VID
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. A payload the IOS Vendor ID theft construction ASA (version: 1.0.0 capabilities: 20000001)
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Construction VIDEO payload
28 Dec 11:58:01 [IKEv1 DEBUG]: IP = AAA. AA. AAA. One, send Altiga/Cisco VPN3000/Cisco ASA GW VID
28 Dec 11:58:01 [IKEv1]: IP = AAA. AA. AAA. A, IKE_DECODE SEND Message (msgid = 0) with payloads: HDR + KE (4) + (10) NUNCIO seller (13) + the seller (13) + the seller (13) + the seller (13) + (0) NONE total length: 256
28 Dec 11:58:07 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
28 Dec 11:58:07 [IKEv1]: IP = AAA. AA. AAA. A Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
28 Dec 11:58:09 [IKEv1]: IP = AAA. AA. AAA. One Message RECEIVED from IKE_DECODE (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 108
28 Dec 11:58:09 [IKEv1 DEBUG]: IP = AAA. AA. AAA. ITS payload processing
28 Dec 11:58:09 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Oakley proposal is acceptable
28 Dec 11:58:09 [IKEv1 DEBUG]: IP = AAA. AA. AAA. VID payload processing
28 Dec 11:58:09 [IKEv1 DEBUG]: IP = AAA. AA. AAA. A, received Fragmentation VID
28 Dec 11:58:09 [IKEv1 DEBUG]: IP = AAA. AA. AAA. A, IKE Peer included IKE fragmentation capability flags: Main Mode: Mode aggressive True: True
28 Dec 11:58:09 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Treatment IKE payload
28 Dec 11:58:09 [IKEv1 DEBUG]: IP = AAA. AA. AAA. A, IKE SA proposal # 1, turn # 1 entry overall IKE acceptable matches # 2
28 Dec 11:58:09 [IKEv1 DEBUG]: IP = AAA. AA. AAA. Building ITS ISAKMP payload
28 Dec 11:58:09 [IKEv1 DEBUG]: IP = AAA. AA. AAA. A, building Fragmentation VID + load useful functionality
28 Dec 11:58:09 [IKEv1]: IP = AAA. AA. AAA. A, IKE_DECODE SEND Message (msgid = 0) with payloads: HDR + HER (1), SELLER (13) + (0) NONE total length: 108
28 Dec 11:58:09 [IKEv1]: IP = AAA. AA. AAA. A Message from FORWARDING IKE_DECODE (msgid = 0) with payloads: HDR + KE (4) + NUNCIO (10) + SELLER (13) + the SELLER (13) + the SELLER (13) + the SELLER (13) + (0) NONE total length: 256
28 Dec 11:58:10 [IKEv1]: IP = AAA. AA. AAA. One Message RECEIVED from IKE_DECODE (msgid = 0) with payloads: HDR + NOTIFY (11) + NONE (0) overall length: 68
28 Dec 11:58:10 [IKEv1]: IP = AAA. AA. AAA. One Message RECEIVED from IKE_DECODE (msgid = 0) with payloads: HDR + NOTIFY (11) + NONE (0) overall length: 68
28 Dec 11:58:10 [IKEv1]: IP = AAA. AA. AAA. One, received an INVALID_COOKIE unencrypted notify message, drop
28 Dec 11:58:10 [IKEv1]: IP = AAA. AA. AAA. A, exchanging information processing failed
No degDec 28 11:58:12 [IKEv1 DEBUG]: pitcher: a message key acquisition, spi 0 x 0
28 Dec 11:58:12 [IKEv1]: IP = AAA. AA. AAA. A Queuing KEY-ACQUIRE messages are treated when SA P1 is finished.
Don't know if that's the only issue, but to start you need a 'tunnel-group C.C.C.C' ASA A.
If there is still a problem, download him debugs on both sides at the same time please.
Also, what version of the software the ASA work, and how you simulate the failure on the main interface of B? Is it possible that in your test one can always happen to B through its main interface?
HTH
Herbert
-
I can't boot on my Cisco ASA 5505
Hello;
I am facing a problem with my cisco ASA 5505 firewall. When I connect my cable to console the firewall to start setting firewall load and stop until the copyright. ICN can't access to the firewall to view the configuration. I start also with Rommon but I am facing the same problem. Does anyone have an idea of this problem and can help me?
Please, it's so urgencly!
Hello
What version of software is on the asa and the amount of memory is on the device?
Thank you
John
-
ASA: S2S Tunnel stops with higher traffic
Hello
I have no idea where I have to start solving our problem:
Site A: ASA 5520/9.2 (4) 5 ~ 20 IPsec tunnels
Site b: ASA 5505/9.2 (4) 5
When I do a SSH (or HTTP or any other TCP) session from Site A to any Linux on Site B server, I can connect, but when I do something as a "dmesg" or long "ls - al", the session hooked after 10 to 20 lines. Also HTTP sessions (as a site to set up a printer), smaller Web sites are okay (but slow), more big sites stops with a browser timeout.
This only happens on one site, all other sites work very well (which have the same config, same OS ASA).
Just to test, I opened the ssh port to the external IP address on the external interface and it works very well, as well as with the traffic through the tunnel going something wrong.
Any idea, where do I start debugging?
Gruss ivo
PS: How is stupid cloudflare, they check this text and do not allow to write the ls command linux less al, but ls space space space less al works!
You can twist on the SAA mss using this doc and empty the outside df bit as well. Follow the steps described in the section "VPN encryption error."
Crypto ipsec df - bit clear-df outdoors
Let us know how it rates.
Kind regards
Dinesh MoudgilPS Please rate helpful messages.
-
Hello
I have a problem with a 5550 ASA with IOS version 9.1 (7). and I want to upgrade the version LTS 1.0 to 1.1 or 1.3
How can I do?
Thank you
You can not. You need ASA version 9.3 + for what is only available for the newer model x.
Maybe you are looking for
-
My new laptop you have some problem on pilot, but can not find the driver on the internet, which can help me... The problem is when I discover the webcam with my friends, I can hear my friends talking but when I talk, my friends can't hear my voice..
-
Satellite Pro L40-17b: bus/video audio high def Win XP driver controllers
Hi, ;) Please look at this:http://img99.imageshack.us/img99/7296/driversnodig.jpg I don't know which one (s) installation (XP): Satellite Pro L40-17 b Can you help me? Friend Sonaya
-
Cannot get Portege R100 to retrieve by using the original diskettes
I just brought my 2005 Portege R100 to retire to give one of the children - but it wouldn't start. I changed the boot CD-ROM order > LAN > HDD > PC Card and put the original recovery disks in the drive of DVD Toshiba genuine (and compatible). The sys
-
Keyboard problems after upgrade to Windows 8 Pro
Model 610-1280qd After the update, I found that my wireless HP came with the computer, keyboard no longer allows me to use the number keys and special characters above the letters. Device Manager displays 5 entries on the keyboard, including a PS2 Ke
-
Hi all! I'm developing a system where I need to pass data through the different libraries and processes. To do this, I created a giant group of data that will be used throughout the entire system, called SystemData. So far, everything is simple. My p