Problem with remote access to Time Capsule

Similar Questions

• Problems with remote access IPSec VPN

  Dear Experts,

  Kindly help me with this problem of access VPN remotely.

  I have configured remote access VPN IPSec using the wizard. The remote client connects to fine enough seat, gets the defined IP address, sends the packets and bytes, BUT do not receive all the bytes or decrypt packets. On the contrary, the meter to guard discarded rising.

  What could be possibly responsible or what another configuration to do on the SAA for the connection to be fully functional?

  It can help to say that Anyconnect VPN is configured on the same external Interface on the ASA, and it is still functional. What is the reason?

  AnyConnect VPN is used by staff for remote access.

  Kindly help.

  Thank you.

  Hello

  So if I understand correctly, you have such an interface for LAN and WAN and, naturally, the destination networks you want to reach via the VPN Client connection are all located behind the LAN interface.

  In this case the NAT0 configuration with your software most recent could look like this

  object-group, LAN-NETWORKS-VPN network

  network-object

  network-object

  network-object

  network of the VPN-POOL object

  subnet

  destination of LAN-NETWORKS-VPN VPN-NETWORKS-LAN static NAT (LAN, WAN) 1 static source VPN-VPN-POOL

  Naturally, the naming of interfaces and objects might be different. In this case its just meant to illustrate the purpose of the object or interface.

  Naturally I'm not sure if the NAT0 configuration is the problem if I can't really say anything for some that I can't see the configuration.

  As for the other question,

  I have not implemented an ASA to use 2 interfaces so WAN in production environments in the case usually has separate platforms for both or we may be hosting / providing service for them.

  I imagine that there are ways to do it, but the main problem is the routing. Essentially, we know that the VPN Client connections can come from virtually any public source IP address, and in this case we would need to default route pointing to the VPN interface since its not really convenient to set up separate routes for the IP address where the VPN Client connections would come from.

  So if we consider that it should be the default route on the WEBSITE of the ASA link, we run to the problem that we can not have 2 default routes on the same active device at the same time.

  Naturally, with the level of your software, you would be able to use the NAT to get the result you wanted.

  In short, the requirements would be the following

  • VPN interface has a default route, INTERNET interface has a default route to value at the address below
  • NAT0 between LAN and VPN interface configuration to make sure that this traffic is passed between these interface without NAT
  • Interfaces to special NAT configuration between LAN and INTERNET which would essentially transfer all traffic on the INTERNET interface (except for VPN traffic that we have handled in the previous step)

  The above things would essentially allow the VPN interface have the default route that would mean that no matter what the VPN Client source IP address it should be able to communicate with the ASA.

  The NAT0 configuration application would be to force ASA to pass this traffic between the LAN and VPN (pools) for VPN traffic.

  The special configuration of NAT then match the traffic from LAN to ANY destination address and send to the INTERNET interface. Once this decision is made the traffic would follow the lower value default route on this interface.

  I would say that this isn't really the ideal situation and the configuration to use in an environment of productin. It potentially creates a complex NAT configuration such that you use to manipulate the traffic instead of leave the mark of table routing choice in the first place.

  Of course, there could be other options, but I have to test this configuration before I can say anything more for some.

  -Jouni

• Problem with remote access VPN

  Hello

  I installed a remote access VPN on my firewall ASA5505 via the ASDM Assistant.

  I can successfully connect with the Cisco VPN client. My firewall also shows me the VPN session and shows the Rx packets. However, Tx packets remain 0, so no traffic is getting out. My ASA5505 is configured as a router on a stick with 25 different VLAN. I want to restrict traffic to one VLAN specific using a card encryption.

  When I run a command to ping t on my connected Windows box, the firewall log shows me the following message:

  "Unable to find political IKE initiator: outside Intf, Src: 10.7.11.18, Dst: ' 172.16.1.1

  "This message indicates that the fast path IPSec processing a packet that triggered of IKE, but IKE policy research has failed. This error could be associated calendar. The ACL triggering IKE could have been deleted before IKE has processed the request for initiation. "This problem will likely correct itself."

  Unfortunately, the problem is correct.

  The "sh cry isa his" and "sh cry ips its ' commands show the following output:

  2 IKE peers: 62.140.137.99

  Type: user role: answering machine

  Generate a new key: no State: AM_ACTIVE

  Interface: outside

  Tag crypto map: SYSTEM_DEFAULT_CRYPTO_MAP, seq num: 65535, local addr: 85.17.xxx.xxx (outside interface IP)

  local ident (addr, mask, prot, port): (0.0.0.0/0.0.0.0/0/0)

  Remote ident (addr, mask, prot, port): (172.16.1.1/255.255.255.255/0/0)

  current_peer: 62.140.137.99, username: eclipsevpn

  dynamic allocated peer ip: 172.16.1.1

  #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0

  #pkts decaps: 4351, #pkts decrypt: 4351, #pkts check: 4351

  compressed #pkts: 0, unzipped #pkts: 0

  #pkts uncompressed: 0, comp #pkts failed: 0, #pkts Dang failed: 0

  success #frag before: 0, failures before #frag: 0, #fragments created: 0

  Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0

  #send errors: 0, #recv errors: 0

  local crypto endpt. : 85.17.xxx.xxx/4500, remote Start crypto. : 62.140.137.99/3698

  Path mtu 1500, fresh ipsec generals 82, media, mtu 1500

  current outbound SPI: B3D60F71

  current inbound SPI: B89BA14A

  SAS of the esp on arrival:

  SPI: 0xB89BA14A (3097207114)

  transform: aes - esp esp-sha-hmac no compression

  running parameters = {RA, Tunnel, NAT-T program,}

  slot: 0, id_conn: 196608, crypto-card: SYSTEM_DEFAULT_CRYPTO_MAP

  calendar of his: service life remaining key (s): 25126

  Size IV: 16 bytes

  support for replay detection: Y

  Anti-replay bitmap:

  0xFFE1FFF8 0xFFFFFFFF

  outgoing esp sas:

  SPI: 0xB3D60F71 (3017150321)

  transform: aes - esp esp-sha-hmac no compression

  running parameters = {RA, Tunnel, NAT-T program,}

  slot: 0, id_conn: 196608, crypto-card: SYSTEM_DEFAULT_CRYPTO_MAP

  calendar of his: service life remaining key (s): 25126

  Size IV: 16 bytes

  support for replay detection: Y

  Anti-replay bitmap:

  0x00000000 0x00000001

  I really have no idea what's going on. I installed a remote access VPN countless times, but this time it shows me the error as described above.

  Hi Martijn,

  just a few quick thoughts:

  -is your ok NAT exemption, i.e. ensure that the return traffic is not NAT' ed.

  -Make sure that there is no overlap crypto ACL

  -When connected, make a package tracer to see what is happening with the return packages.

  for example

  packet-tracer in the interface within the icmp 10.7.11.18 0 0 172.16.1.1 detail

  (where is the name of the interface on which 10.7.11.18 resides)

  This will show you all the steps the rail package in-house (routing, nat, encryption etc.) so it should give you an idea of what is happening, for example when it comes to the bad interface, nat evil rule, wrong entry card crypto etc.

  HTH

  Herbert
  

• Problem with remote access in a residential group

  Having a problem with desktop sharing remote within a group of home access.  I don't have problem of access to the desktop from the laptop, but for some reason I can't access the laptop from the desktop.  I tried everything I could think of.  Remote access is enabled on both PCs.  Help, please.  Thank you very much!

  Hello

   

  1. who is the operating system installed on the desktop and laptop computers?

  2. what happens when you try to access the laptop from the desktop? You receive an error message?

  3. What are troubleshooting you performed?

  I suggest you follow these methods and check.

  In a first step of troubleshooting, I suggest to run the troubleshooter to group on the source and the destination computer.

  Step 1: Open the troubleshooter group living

  If your computer has problems viewing computers or files shared in your collective housing, try to use the collective dwelling Troubleshooter to fix the problem

  http://Windows.Microsoft.com/en-us/Windows7/open-the-HomeGroup-Troubleshooter

  Step 2: Share files and folders on a group of houses in the laptop using the method proposed below. Try to access from desktop and check.

  a. right click on the item you want to share, and then click share with.

  b. Select Home Group (read/write)

  c. this option share point with your entire Home Group and allows them to open, edit, or delete.

  Share files with someone: http://Windows.Microsoft.com/en-us/Windows7/share-files-with-someone

  See also:

  Home Group: frequently asked questions
  http://Windows.Microsoft.com/en-us/Windows7/HomeGroup-frequently-asked-questions

   

  I hope this helps!

• problem with remote access to NMH405

  Hello

  I have the NMH405 connected to my PC (windows7 and windows xp with IE and Firefox). I was able to connect to the platform of media locally and also via a remote access through ciscomediahub.com. However, remote access Island suddenly no longer works. There is an error message saying that the device is in offline mode.

  I tried to unplug and turn off the mediahub that did not work. I have also resorted to reset the mediahub that did not help also. Even now when I access it locally, I can't even connect via the browser to configure the media center.

  I would be grateful if someone could give advice on how to solve this problem.

  Thank you!

  just to close the loop on this. I called Cisco and their identified technical support it was a hardware problem. Since then, I exchanged for a new device. It works fine now.

  Thank you very much!

• Problem with remote access VPN on ASA 5505

  I currently have a problem of an ASA 5505 configuration to connect via VPN remote access by using the Cisco VPN Client 5.0.07.0440 under Windows 8 Pro x 64. The VPN client will prompt you for the user name and password during the connection process, but fails soon after.

  The VPN client connects is as follows:

  ---------------------------------------------------------------------------------------------------------------------------------------

  Cisco Systems VPN Client Version 5.0.07.0440

  Copyright (C) 1998-2010 Cisco Systems, Inc.. All rights reserved.

  Customer type: Windows, Windows NT

  Running: 6.2.9200

  2 15:09:21.240 11/12/12 Sev = Info/4 CM / 0 x 63100002

  Start the login process

  3 15:09:21.287 11/12/12 Sev = Info/4 CM / 0 x 63100004

  Establish a secure connection

  4 15:09:21.287 11/12/12 Sev = Info/4 CM / 0 x 63100024

  Attempt to connect with the server "*." **. ***. *** »

  5 15:09:21.287 11/12/12 Sev = Info/6 IKE/0x6300003B

  Try to establish a connection with *. **. ***. ***.

  6 15:09:21.287 11/12/12 Sev = Info/4 IKE / 0 x 63000001

  From IKE Phase 1 negotiation

  7 15:09:21.303 11/12/12 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) to *. **. ***. ***

  8 15:09:21.365 11/12/12 Sev = Info/6 GUI/0x63B00012

  Attributes of the authentication request is 6: 00.

  9 15:09:21.334 11/12/12 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = *. **. ***. ***

  10 15:09:21.334 11/12/12 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" ag="" (sa,="" ke,="" non,="" id,="" hash,="" vid(unity),="" vid(xauth),="" vid(dpd),="" vid(nat-t),="" nat-d,="" nat-d,="" vid(frag),="" vid(?))="" from="">

  11 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001

  Peer is a compatible peer Cisco-Unity

  12 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001

  Peer supports XAUTH

  13 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001

  Peer supports the DPD

  14 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001

  Peer supports NAT - T

  15 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001

  Peer supports fragmentation IKE payloads

  16 15:09:21.334 11/12/12 Sev = Info/6 IKE / 0 x 63000001

  IOS Vendor ID successful construction

  17 15:09:21.334 11/12/12 Sev = Info/4 IKE / 0 x 63000013

  SENDING > ISAKMP OAK AG * (HASH, NOTIFY: NAT - D, NAT - D, VID (?), STATUS_INITIAL_CONTACT, VID (Unity)) to *. **. ***. ***

  18 15:09:21.334 11/12/12 Sev = Info/6 IKE / 0 x 63000055

  Sent a keepalive on the IPSec Security Association

  19 15:09:21.334 11/12/12 Sev = Info/4 IKE / 0 x 63000083

  IKE port in use - Local Port = 0xFBCE, Remote Port = 0 x 1194

  20 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000072

  Automatic NAT detection status:

  Remote endpoint is NOT behind a NAT device

  This effect is behind a NAT device

  21 15:09:21.334 11/12/12 Sev = Info/4 CM/0x6310000E

  ITS established Phase 1.  1 crypto IKE Active SA, 0 IKE SA authenticated user in the system

  22 15:09:21.365 11/12/12 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = *. **. ***. ***

  23 15:09:21.365 11/12/12 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

  24 15:09:21.365 11/12/12 Sev = Info/4 CM / 0 x 63100015

  Launch application xAuth

  25 15:09:21.474 11/12/12 Sev = Info/4 IPSEC / 0 x 63700008

  IPSec driver started successfully

  26 15:09:21.474 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  27 15:09:27.319 11/12/12 Sev = Info/4 CM / 0 x 63100017

  xAuth application returned

  28 15:09:27.319 11/12/12 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***

  29 15:09:27.365 11/12/12 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = *. **. ***. ***

  30 15:09:27.365 11/12/12 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

  31 15:09:27.365 11/12/12 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***

  32 15:09:27.365 11/12/12 Sev = Info/4 CM/0x6310000E

  ITS established Phase 1.  1 crypto IKE Active SA, 1 IKE SA authenticated user in the system

  33 15:09:27.365 11/12/12 Sev = Info/5 IKE/0x6300005E

  Customer address a request from firewall to hub

  34 15:09:27.365 11/12/12 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***

  35 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = *. **. ***. ***

  36 15:09:27.397 11/12/12 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

  37 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = 192.168.2.70

  38 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK:, value = 255.255.255.0

  39 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = 192.168.2.1

  40 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010

  MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (2):, value = 8.8.8.8

  41 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D

  MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000001

  42 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000E

  MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN:, value = NCHCO

  43 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D

  MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS:, value = 0x00000000

  44 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000E

  MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc. ASA5505 Version 8.2 (5) built by manufacturers on Saturday, May 20, 11 16:00

  45 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D

  MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT:, value = 0x00000001

  46 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D

  MODE_CFG_REPLY: Attribute = received and by using the NAT - T port number, value = 0 x 00001194

  47 15:09:27.397 11/12/12 Sev = Info/4 CM / 0 x 63100019

  Data in mode Config received

  48 15:09:27.412 11/12/12 Sev = Info/4 IKE / 0 x 63000056

  Received a request from key driver: local IP = 192.168.2.70, GW IP = *. **. ***. remote IP address = 0.0.0.0

  49 15:09:27.412 11/12/12 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK QM * (HASH, SA, NO, ID, ID) to *. **. ***. ***

  50 15:09:27.444 11/12/12 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = *. **. ***. ***

  51 15:09:27.444 11/12/12 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">

  52 15:09:27.444 11/12/12 Sev = Info/5 IKE / 0 x 63000045

  Answering MACHINE-LIFE notify has value of 86400 seconds

  53 15:09:27.444 11/12/12 Sev = Info/5 IKE / 0 x 63000047

  This SA was already alive for 6 seconds, setting expiration 86394 seconds now

  54 15:09:27.459 11/12/12 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = *. **. ***. ***

  55 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:no_proposal_chosen)="" from="">

  56 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000013

  SEND to > ISAKMP OAK INFO *(HASH, DEL) to *. **. ***. ***

  57 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000049

  IPsec security association negotiation made scrapped, MsgID = CE99A8A8

  58 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000017

  Marking of IKE SA delete (I_Cookie = A3A341F1C7606AD5 R_Cookie = F1F403018625E924) reason = DEL_REASON_IKE_NEG_FAILED

  59 15:09:27.459 11/12/12 Sev = Info/5 IKE/0x6300002F

  Received packet of ISAKMP: peer = *. **. ***. ***

  60 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000058

  Received an ISAKMP for a SA message no assets, I_Cookie = A3A341F1C7606AD5 R_Cookie = F1F403018625E924

  61 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000014

  RECEIVING< isakmp="" oak="" info="" *(dropped)="" from="">

  62 15:09:27.490 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  63 15:09:30.475 11/12/12 Sev = Info/4 IKE/0x6300004B

  IKE negotiation to throw HIS (I_Cookie = A3A341F1C7606AD5 R_Cookie = F1F403018625E924) reason = DEL_REASON_IKE_NEG_FAILED

  64 15:09:30.475 11/12/12 Sev = Info/4 CM / 0 x 63100012

  ITS phase 1 deleted before first Phase 2 SA is caused by "DEL_REASON_IKE_NEG_FAILED".  Crypto 0 Active IKE SA, 0 IKE SA authenticated user in the system

  65 15:09:30.475 11/12/12 Sev = Info/5 CM / 0 x 63100025

  Initializing CVPNDrv

  66 15:09:30.475 11/12/12 Sev = Info/6 CM / 0 x 63100046

  Set indicator established tunnel to register to 0.

  67 15:09:30.475 11/12/12 Sev = Info/4 IKE / 0 x 63000001

  Signal received IKE to complete the VPN connection

  68 15:09:30.475 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  69 15:09:30.475 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  70 15:09:30.475 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014

  Remove all keys

  71 15:09:30.475 11/12/12 Sev = Info/4 IPSEC/0x6370000A

  IPSec driver successfully stopped

  ---------------------------------------------------------------------------------------------------------------------------------------

  The running configuration is the following (there is a VPN site-to-site set up as well at an another ASA 5505, but that works perfectly):

  : Saved

  :

  ASA Version 8.2 (5)

  !

  hostname NCHCO

  Select hTjwXz/V8EuTw9p9 of encrypted password

  hTjwXz/V8EuTw9p9 of encrypted passwd

  names of

  description of NCHCO name 192.168.2.0 City offices

  name 192.168.2.80 VPN_End

  name 192.168.2.70 VPN_Start

  !

  interface Ethernet0/0

  switchport access vlan 2

  Speed 100

  full duplex

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.2.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP address **. ***. 255.255.255.248

  !

  boot system Disk0: / asa825 - k8.bin

  passive FTP mode

  access extensive list ip NCHCO 255.255.255.0 outside_nat0_outbound allow 192.168.1.0 255.255.255.0

  access extensive list ip NCHCO 255.255.255.0 inside_nat0_outbound allow 192.168.1.0 255.255.255.0

  inside_nat0_outbound list of allowed ip extended access all 192.168.2.64 255.255.255.224

  access extensive list ip NCHCO 255.255.255.0 outside_1_cryptomap allow 192.168.1.0 255.255.255.0

  access extensive list ip NCHCO 255.255.255.0 outside_1_cryptomap_1 allow 192.168.1.0 255.255.255.0

  Standard access list LAN_Access allow NCHCO 255.255.255.0

  LAN_Access list standard access allowed 0.0.0.0 255.255.255.0

  pager lines 24

  Enable logging

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  mask of VPN_Pool VPN_Start VPN_End of local pool IP 255.255.255.0

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 645.bin

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 1 0.0.0.0 0.0.0.0

  NAT (outside) 0-list of access outside_nat0_outbound

  Route outside 0.0.0.0 0.0.0.0 74.219.208.49 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  Floating conn timeout 0:00:00

  dynamic-access-policy-registration DfltAccessPolicy

  network-acl outside_nat0_outbound

  WebVPN

  SVC request to enable default svc

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  http *. **. ***. 255.255.255.255 outside

  http 74.218.158.238 255.255.255.255 outside

  http NCHCO 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

  Crypto ipsec transform-set esp-3des esp-sha-hmac l2tp-transform

  Crypto ipsec transform-set l2tp-transformation mode transit

  Crypto ipsec transform-set vpn-transform esp-aes-256 esp-sha-hmac

  Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA

  Crypto ipsec transform-set transit mode TRANS_ESP_3DES_SHA

  Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5

  Crypto ipsec transform-set transit mode TRANS_ESP_3DES_MD5

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

  crypto dynamic-map dyn-map 10 set pfs Group1

  crypto dynamic-map dyn-map transform 10-set, vpn l2tp-transformation-transformation

  dynamic-map encryption dyn-map 10 value reverse-road

  Crypto-map dynamic outside_dyn_map 20 game of transformation-TRANS_ESP_3DES_MD5

  card crypto outside_map 1 match address outside_1_cryptomap

  card crypto outside_map 1 set pfs Group1

  peer set card crypto outside_map 1 74.219.208.50

  card crypto outside_map 1 set of transformation-ESP-3DES-SHA

  map outside_map 20-isakmp ipsec crypto dynamic outside_dyn_map

  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

  outside_map interface card crypto outside

  inside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

  inside crypto map inside_map interface

  card crypto vpn-map 1 match address outside_1_cryptomap_1

  card crypto vpn-card 1 set pfs Group1

  set vpn-card crypto map peer 1 74.219.208.50

  card crypto vpn-card 1 set of transformation-ESP-3DES-SHA

  dynamic vpn-map 10 dyn-map ipsec isakmp crypto map

  crypto isakmp identity address

  crypto ISAKMP allow inside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  md5 hash

  Group 2

  life 86400

  crypto ISAKMP policy 15

  preshared authentication

  aes-256 encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP policy 35

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  crypto ISAKMP ipsec-over-tcp port 10000

  enable client-implementation to date

  Telnet 192.168.1.0 255.255.255.0 inside

  Telnet NCHCO 255.255.255.0 inside

  Telnet timeout 5

  SSH 192.168.1.0 255.255.255.0 inside

  SSH NCHCO 255.255.255.0 inside

  SSH timeout 5

  Console timeout 0

  dhcpd address 192.168.2.150 - 192.168.2.225 inside

  dhcpd dns 216.68.4.10 216.68.5.10 interface inside

  lease interface 64000 dhcpd inside

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  WebVPN

  internal DefaultRAGroup group strategy

  attributes of Group Policy DefaultRAGroup

  value of server DNS 192.168.2.1

  Protocol-tunnel-VPN IPSec l2tp ipsec

  nchco.local value by default-field

  attributes of Group Policy DfltGrpPolicy

  value of server DNS 192.168.2.1

  Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn

  allow password-storage

  enable IPSec-udp

  enable dhcp Intercept 255.255.255.0

  the address value VPN_Pool pools

  internal NCHVPN group policy

  NCHVPN group policy attributes

  value of 192.168.2.1 DNS Server 8.8.8.8

  Protocol-tunnel-VPN IPSec l2tp ipsec

  value by default-field NCHCO

  admin LbMiJuAJjDaFb2uw encrypted privilege 15 password username

  username privilege 15 encrypted password yB1lHEVmHZGj5C2Z 8njferg

  username, encrypted NCHvpn99 QhZZtJfwbnowceB7 password

  attributes global-tunnel-group DefaultRAGroup

  address (inside) VPN_Pool pool

  address pool VPN_Pool

  authentication-server-group (inside) LOCAL

  authentication-server-group (outside LOCAL)

  LOCAL authority-server-group

  authorization-server-group (inside) LOCAL

  authorization-server-group (outside LOCAL)

  Group Policy - by default-DefaultRAGroup

  band-Kingdom

  band-band

  IPSec-attributes tunnel-group DefaultRAGroup

  pre-shared key *.

  NOCHECK Peer-id-validate

  tunnel-group DefaultRAGroup ppp-attributes

  No chap authentication

  no authentication ms-chap-v1

  ms-chap-v2 authentication

  tunnel-group DefaultWEBVPNGroup ppp-attributes

  PAP Authentication

  ms-chap-v2 authentication

  tunnel-group 74.219.208.50 type ipsec-l2l

  IPSec-attributes tunnel-group 74.219.208.50

  pre-shared key *.

  type tunnel-group NCHVPN remote access

  attributes global-tunnel-group NCHVPN

  address pool VPN_Pool

  Group Policy - by default-NCHVPN

  IPSec-attributes tunnel-group NCHVPN

  pre-shared key *.

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  !

  global service-policy global_policy

  context of prompt hostname

  no remote anonymous reporting call

  Cryptochecksum:15852745977ff159ba808c4a4feb61fa

  : end

  ASDM image disk0: / asdm - 645.bin

  ASDM VPN_Start 255.255.255.255 inside location

  ASDM VPN_End 255.255.255.255 inside location

  don't allow no asdm history

  Anyone have any idea why this is happening?

  Thank you!

  Add, crypto dynamic-map outside_dyn_map 20 value reverse-road.

  With respect,

  Safwan

• «Problems with remote access with ASA 5505-, this is the error "the remote peer is no more answers»

  Hello

  By train I got a remote access IPSec VPN, when I have all the performed configuration and try to access remote show software vpn client (cisco) the following message:

  "The remote peer is no more answers.

  I know where is the problem.

  Network information:

  ASA TO LAN - 1:

  192.168.1.0 - 255.255.255.0

  the interface vlan 1:

  IP: 192.168.1.1 - 255.255.255.0

  the interface vlan 2:

  IP: 100.100.100.1 - 255.255.255.252

  REMOTE LAN ACCESS:

  192.168.10.0 - 255.255.255.0

  ASA-1 configuration:

  * IP address pool

  local IP VPNPOOL 192.168.20.1 pool - 192.168.20.254

  * Split tunneling

  splittunnel list standard access allowed 192.168.1.0 255.255.255.0

  * NAT configuration

  object obj LAN
  subnet 192.168.1.0 255.255.255.0
  object obj-vpnpool network
  subnet 192.168.20.0 255.255.255.0
  NAT (inside, outside) 1 static source obj-local obj-local destination static obj-vpnpool obj-vpnpool no-proxy-arp

  * Group Policy

  internal group company-vpn-policy policy
  attributes of vpn-company-policy-group policy
  VPN-idle-timeout 30

  Split-tunnel-policy tunnelspecified
  value of Split-tunnel-network-list splittunnel

  Configure the IPSec

  IKEv1 crypto policy 10
  3des encryption
  sha hash
  preshared authentication
  Group 2
  life 3600
  Crypto ikev1 allow outside
  crypto isakmp identity address

  Crypto ipsec transform-set esp-3des esp-sha-hmac RA - TS ikev1

  Dynamic crypto map DYN_MAP 10 set transform-set RA - TS ikev1

  card crypto VPN_MAP 30-isakmp dynamic ipsec DYN_MAP
  VPN_MAP interface card crypto outside

  Create tunnels

  tunnel-group vpnclient type remote access
  tunnel-group vpnclient-global attributes
  address VPNPOOL pool
  by default-group-company-vpn-policy
  tunnel-group vpnclient ipsec-attributes
  IKEv1 pre-shared-key groupkey123

  Where is the problem?

  Hello
  Configuration seems almost perfect. Please share the result of the following of the ASA when you try to connect.

  Debug crypto isakmp 200
  Debug crypto ipsec 200

  You can take snapshots on the external interface of the firewall to confirm if the packets are reaching the firewall or don't use do not:
  capture capx off match ip host host interface

  Kind regards
  Dinesh Moudgil

  PS Please rate helpful messages.

• Problems with the date and time - have to reset the date & time on reboot

  original title: problems with the date and time

  Whenever I turn on my computer (Windows XP 2002) I click on F2.  Then I re - set the date and time it occurred in January 2006 1 h every time I have turn off the computer.  Can someone tell me what I need to do?

  You need to replace the battery in time clock (RTC) real of your computer.  It can also be called the CMOS or BIOS battery.

  Many computers, this battery is an inexpensive CR2032 button available in almost every pharmacy corner.  There are, however, some computers (especially laptops) that require a different (and probably more expensive) battery.

  Whatever the expense, almost all of these batteries are easy to replace.

  To get help, post back with the brand and model of your computer.

• problem with write access to truecrypt readers windows 7. The mounted drive is not writing priveliges. Read-only. Cannot change in the security permissions.

  problem with write access to truecrypt readers windows 7. The mounted drive is not writing priveliges. Read-only. Cannot change in the security permissions.

  Hi amcop4591,

  1. How is - that Mount you the drive on the computer?

  2 Di you use any third-party tool to mount the drive?

  I suggest that you remove the external drive using the disk management and check back later if you can change the permissions on the drive.

  If you change the permissions, make changes to the permissions on the drive and then mount the drive.

  Mount or dismount a drive

  http://Windows.Microsoft.com/en-us/Windows7/mount-or-dismount-a-drive

  I hope this helps!

  Halima S - Microsoft technical support.

  Visit our Microsoft answers feedback Forum and let us know what you think.

• Problem with the Access toolbar buttons

  Hi, I have a problem with the Access toolbar buttons. instead of icons, it shows just 2 boxes, as we get police unknown boxes. Help, please.

  Hi, I have a problem with the Access toolbar buttons. instead of icons, it shows just 2 boxes, as we get police unknown boxes. Help, please.

  Hello

  Those who are not traditional icons they are symbols that belong to the Segoe UI police.

  See the following Web site for an excellent tutorial to solve this problem.

  [SOLVED] Unknown character or vertical Rectangles are appearing in place of metro icons in the Windows 8 start screen and login screen - tweaking with Vishal:

  http://www.askvg.com/fix-unknown-characters-or-vertical-rectangles-are-showing-in-place-of-Metro-icons-in-Windows-8-start-screen-and-login-screen/

  Let us know if it works for you.

  Concerning

• Hello... I'm having a problem with ps cc ever time that I create a layer mask

  Hello... I'm having a problem with ps cc ever time I create a layer mask and choose the brush in a first time, he began to remove the areas IM brushing away then stopped. After pressing X button was able to brush the image and then he kept repeating the process of pressing X and it pixlelated areas of the image. And now the masks brush and layer don't work at all whenever I start a new project.

  Hi dtain,

  Can you please try reset tool.

  To reset a tool, you must first have the selected tool. Then Ctrl-click (Windows users: right click) the button tool preset in the Tool Options bar.

  

  When you click this button, you will see a small menu and you can select Tool Reset to reset the current tool to its default value or reset all tools to deliver all the tools to its default value. Once selected, the tool will act as the first time you have used it.

  

  Using this simple method to reset your tool with a single click, you can quickly remedy any situation where the tool does not correctly and to maintain the flow of creativity going.

  ~ Jitendra

• Problems with Hotmail pagination of XP machine with remote access

  Problems with paging in Hotmail

  Impossible to get to the next in the Inbox screen no arrow appears for new paging

  Any ideas?

  Thank you

  See: Welcome to Windows Live Solution Center
  http://windowslivehelp.com/ TaurArian [MVP] 2005-2011 - Update Services

• I have a problem connecting to the internet with remote access.

  Hi I have a laptop Dell Inspiron. I installed Vista and now I am unable to get on the internet. I use the dial upward at home. None of my ISP disc make me on the internet... It gives a message that there is a problem with the hardware. What can I do to fix this?  I had XP before and it worked fine.

  Hello

  Hello

  Make sure you have the latest vista drivers for your computer which you can get your computer manufacturers Web site

  go to their website and look for a driver and software download section

  Enter your model number for the last look drivers vista then download and install

  http://support.Dell.com/support/downloads/index.aspx?c=us&l=en&s=Gen

  If there is no vista drivers available, you're out of luck and that the machine was not built by Dell for vista

  If necessary, use another computer to download and save = copy to flash drive - transfer and then install them

• no access to Time Capsule

  Hello, thank you in advance for your help - I really hope that someone can offer helpful advice on this:

  I've had my Time Capsule since 11 end and he has never had a single problem. Nearly a month ago it suddenly started failing to save and to give this message:

  The backup disk image ' / Volumes/Data/nexthursday.sparsebundle ' could not be found (error (null)).

  The password to access the disk, the name is correct, the network works perfectly on all devices, printer is powered AirPrint through it; basically everything kept working as before, it is just the synchronization with the disk that suddenly stopped.

  What happens is I run the backup (right now I keep automatic backups because they are just useless); I chose the disk; type the password, accepted; It will of "Looking for backup disks" to "Preparing for backup"-now this phase lasts too long, in fact it crashes and after a few minutes, I get the "the backup disk image ' / Volumes/Data/nexthursday.sparsebundle ' could not be found (error (null)).»

  Any ideas on how to solve this problem? I'm terribly afraid that I was not able to save anything, for a month now, and I worked madly so I can't afford to lose everything if something happens.

  Info:

  MacBook Pro Late 11 running OS X 10.11.5

  Time Capsule 2 TB (same time as the laptop)

  Thank you once again,

  Chiara

  End TC 2011 is now 5years old or very close. (It might even be a hardware version 3).

  The usual recommended the TC lasts 3 years... also he will lose reliability and more than 5 years, I would put replacement as head of list.

  Forget trying to fix it.

  If you are at all concerned about your backups... go out and buy a 2 TB or more large USB key... do it now, do it NOW.

  Which plug in your laptop and the installation disk... must be HFS + formatted.

  I recommend that partition into two parts... Use Carbon Copy Cloner or similar for the partition to boot and TM for the secondary partition. Have a clone bootable your computer will get you upwards and in a few minutes.

  It is faster and more reliable and much cheaper than the replacement of the TC. Expect that Apple will release a new version of the TC before buying again as the current one, we're now > 3 years on the market and the design of 4 years.

  You can continue to use the TC as a router until it dies.

• How can I configure Time Capsule 3 to and Motorola NVG589 to access the Time Capsule backup drive?

  I have ATT Uverse service and am ok with the performance of the WiFi of the NVG589. I want to configure my Time Capsule 3 to extend the network and be able to access the drive for backups Time Machine. I think I am following the steps in Airport utility, but once installation is complete I can find is no longer the time Capsule.

  I want to configure my Time Capsule 3 to extend the network

  The time Capsule cannot "extend" the network Uverse using a wireless connection, if that's maybe what you're trying to do. The time Capsule can only wireless "extend" the signal of another router from Apple.

  The Capsule can be configured to extend the network to Uverse if it is connected permanently... anytime... to the Uverse router using a connection through wired Ethernet cable.

  Please specify on what you're trying to accomplish, so that we can provide the correct steps.