Problem with the VPN site to site for the two cisco asa 5505
Starting with cisco asa. I wanted to do a vpn site-to site of cisco. I need help. I can't ping from site A to site B and vice versa.
Cisco Config asa1
interface Ethernet0/0
switchport access vlan 1
!
interface Ethernet0/1
switchport access vlan 2
!
interface Vlan1
nameif outside
security-level 0
IP address 172.xxx.xx.4 255.255.240.0
!
interface Vlan2
nameif inside
security-level 100
IP 192.168.60.2 255.255.255.0
!
passive FTP mode
network of the Lan_Outside object
192.168.60.0 subnet 255.255.255.0
network of the NETWORK_OBJ_192.168.1.0_24 object
subnet 192.168.1.0 255.255.255.0
network of the NETWORK_OBJ_192.168.60.0_24 object
192.168.60.0 subnet 255.255.255.0
object-group Protocol DM_INLINE_PROTOCOL_1
ip protocol object
icmp protocol object
object-group Protocol DM_INLINE_PROTOCOL_2
ip protocol object
icmp protocol object
object-group Protocol DM_INLINE_PROTOCOL_3
ip protocol object
icmp protocol object
Access extensive list ip 192.168.60.0 Outside_cryptomap allow 255.255.255.0 192.168.1.0 255.255.255.0
Outside_cryptomap list extended access allow DM_INLINE_PROTOCOL_3 of object-group a
Outside_access_in list extended access allow DM_INLINE_PROTOCOL_1 of object-group a
Inside_access_in list extended access allow DM_INLINE_PROTOCOL_2 of object-group a
network of the Lan_Outside object
NAT (inside, outside) interface dynamic dns
Access-group Outside_access_in in interface outside
Inside_access_in access to the interface inside group
Route outside 0.0.0.0 0.0.0.0 172.110.xx.1 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
AAA authentication http LOCAL console
Enable http server
http 192.168.60.0 255.255.255.0 inside
http 96.xx.xx.222 255.255.255.255 outside
No snmp server location
No snmp Server contact
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
Crypto ipsec ikev2 ipsec-proposal OF
encryption protocol esp
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 proposal ipsec 3DES
Esp 3des encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES
Esp aes encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES192
Protocol esp encryption aes-192
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 AES256 ipsec-proposal
Protocol esp encryption aes-256
Esp integrity sha - 1, md5 Protocol
Crypto ipsec pmtu aging infinite - the security association
card crypto Outside_map 1 corresponds to the address Outside_cryptomap
card crypto Outside_map 1 set peer 96.88.75.222
card crypto Outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto Outside_map 1 set ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
Outside_map interface card crypto outside
trustpool crypto ca policy
IKEv2 crypto policy 1
aes-256 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 10
aes-192 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 20
aes encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 30
3des encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 40
the Encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
Crypto ikev2 allow outside
Crypto ikev1 allow outside
IKEv1 crypto policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH stricthostkeycheck
SSH timeout 5
SSH group dh-Group1-sha1 key exchange
Console timeout 0
inside access management
dhcpd address 192.168.60.50 - 192.168.60.100 inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
AnyConnect essentials
internal GroupPolicy_96.xx.xx.222 group strategy
attributes of Group Policy GroupPolicy_96.xx.xx.222
VPN-tunnel-Protocol ikev1, ikev2
username admin privilege 15 encrypted password f3UhLvUj1QsXsuK7
tunnel-group 96.xx.xx.222 type ipsec-l2l
tunnel-group 96.xx.xx.222 General-attributes
Group - default policy - GroupPolicy_96.xx.xx.222
96.XX.XX.222 group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
remote control-IKEv2 pre-shared-key authentication *.
pre-shared-key authentication local IKEv2 *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
inspect the icmp error
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Cisco ASA 2 config
interface Ethernet0/0
switchport access vlan 1
!
interface Ethernet0/1
switchport access vlan 2
!
interface Vlan1
nameif outside
security-level 0
IP address 96.xx.xx.222 255.255.255.248
!
interface Vlan2
nameif inside
security-level 100
IP 192.168.1.254 255.255.255.0
!
passive FTP mode
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
network of the Lan_Outside object
subnet 192.168.1.0 255.255.255.0
network of the NETWORK_OBJ_192.168.60.0_24 object
192.168.60.0 subnet 255.255.255.0
network of the NETWORK_OBJ_192.168.1.0_24 object
subnet 192.168.1.0 255.255.255.0
object-group Protocol DM_INLINE_PROTOCOL_1
ip protocol object
icmp protocol object
object-group Protocol DM_INLINE_PROTOCOL_2
ip protocol object
icmp protocol object
object-group Protocol DM_INLINE_PROTOCOL_3
ip protocol object
icmp protocol object
object-group Protocol DM_INLINE_PROTOCOL_4
ip protocol object
icmp protocol object
Outside_cryptomap list extended access allow DM_INLINE_PROTOCOL_2 of object-group 192.168.1.0 255.255.255.0 192.168.60.0 255.255.255.0
Outside_cryptomap list extended access allow DM_INLINE_PROTOCOL_3 of object-group a
Outside_access_in list extended access allow DM_INLINE_PROTOCOL_1 of object-group a
Inside_access_in list extended access allow DM_INLINE_PROTOCOL_4 of object-group a
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
no failover
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
NAT (inside, outside) static source NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.60.0_24 NETWORK_OBJ_192.168.60.0_24 non-proxy-arp-search of route static destination
!
network of the Lan_Outside object
dynamic NAT (all, outside) interface
Access-group Outside_access_in in interface outside
Inside_access_in access to the interface inside group
Route outside 0.0.0.0 0.0.0.0 96.xx.xx.217 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
AAA authentication http LOCAL console
Enable http server
http 192.168.1.0 255.255.255.0 inside
http 172.xxx.xx.4 255.255.255.255 outside
No snmp server location
No snmp Server contact
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
Crypto ipsec ikev2 ipsec-proposal OF
encryption protocol esp
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 proposal ipsec 3DES
Esp 3des encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES
Esp aes encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES192
Protocol esp encryption aes-192
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 AES256 ipsec-proposal
Protocol esp encryption aes-256
Esp integrity sha - 1, md5 Protocol
Crypto ipsec pmtu aging infinite - the security association
card crypto Outside_map 1 corresponds to the address Outside_cryptomap
card crypto Outside_map 1 set peer 172.110.74.4
card crypto Outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto Outside_map 1 set ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
Outside_map interface card crypto outside
trustpool crypto ca policy
IKEv2 crypto policy 1
aes-256 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 10
aes-192 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 20
aes encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 30
3des encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 40
the Encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
Crypto ikev2 allow outside
Crypto ikev1 allow outside
IKEv1 crypto policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH stricthostkeycheck
SSH timeout 5
SSH group dh-Group1-sha1 key exchange
Console timeout 0
dhcpd address 192.168.1.50 - 192.168.1.100 inside
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
AnyConnect essentials
internal GroupPolicy_172.xxx.xx.4 group strategy
attributes of Group Policy GroupPolicy_172.xxx.xx.4
L2TP ipsec VPN-tunnel-Protocol ikev1, ikev2
username admin privilege 15 encrypted password f3UhLvUj1QsXsuK7
tunnel-group 172.xxx.xx.4 type ipsec-l2l
tunnel-group 172.xxx.xx.4 General-attributes
Group - default policy - GroupPolicy_172.xxx.xx.4
172.xxx.XX.4 group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
remote control-IKEv2 pre-shared-key authentication *.
pre-shared-key authentication local IKEv2 *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
inspect the icmp error
inspect the http
For IKEv2 configuration: (example config, you can change to encryption, group,...)
-You must add the declaration of exemption nat (see previous answer).
-set your encryption domain ACLs:
access-list-TRAFFIC IPSEC allowed extended LOCAL REMOTE - LAN LAN ip
-Set the Phase 1:
Crypto ikev2 allow outside
IKEv2 crypto policy 10
3des encryption
the sha md5 integrity
Group 5
FRP sha
second life 86400
-Set the Phase 2:
Crypto ipsec ikev2 ipsec IKEV2-PROPOSAL
Esp aes encryption protocol
Esp integrity sha-1 protocol
-set the Group of tunnel
tunnel-group REMOTE-PUBLIC-IP type ipsec-l2l
REMOTE-PUBLIC-IP tunnel-group ipsec-attributes
IKEv2 authentication remote pre-shared-key cisco123
IKEv2 authentication local pre-shared-key cisco123
-Define the encryption card
address for correspondence CRYPTOMAP 10 - TRAFFIC IPSEC crypto map
card crypto CRYPTOMAP 10 peer set REMOTE-PUBLIC-IP
card crypto CRYPTOMAP 10 set ipsec ikev2-IKEV2-PROPOSAL
CRYPTOMAP interface card crypto outside
crypto isakmp identity address
On your config, you have all these commands but on your VPN config, you mix ikev1 and ikev2. You have also defined political different ikev2. Just do a bit of cleaning and reached agreement on a 1 strategy for the two site (encryption, hash,...)
Thank you
Tags: Cisco Security
Similar Questions
-
Problem with Telnet VPN site to site ASA - ASA
Hi techies,.
I created a site to site through ASA VPN... An ASA 5505 and other ASA 5510 East. 5510 have 3 interfaces. both of them is on the inside. No DMZ. and it is outside the interface. one of the inside interface has 100 security level and other has 90. The 5510 is client-side. We can telnet to this ASA through the interface with the security level of 100... We enabled telnet via the lowest (90) with security-level interface, even if we can not telnet to this interface. We just change the security level of 90 to 100, but it did not work... so changed to 90. the telnet configuration is also even any other interface...
but it did not work... If someone please suggest a fair solution ASAP...
Thank you & best regards
Vipin Raj
You can only manage 1 inside the ASA by the VPN interface, and it is activated by the command "access management".
Why do you need to manage the ASA via all interfaces from the inside by the VPN?
ASA cannot be managed from the interface where you connect since with the exception of the 1 cross interface when you VPN in.
Example:
If you are connected to the ASA inside the interface, you can only manage the ASA inside the interface, not the DMZ or outside the interface.
If you are connected to the ASA outside interface, you can only manage the ASA outside interface, with the exception of when you VPN, you can handle the 1 other interfaces, but you will have to enable it with the command "access management".
Hope that makes sense.
-
Problems with the two Flash/Shockwave
I have problems with both Flash and Shockwave players. I went to the help pages for both of these players and I followed all of the suggestions that they had players not playing not even if they are installed. I have ActiveX enabled in Internet properties, security software is not in any way afilliated with this problem, which leaves me with being puzzled and frustrated. I hope you guys can help out me if possible, anyway. Also, when I try to reinstall Flash and Shockwave, flash "installed successfully" two videos do not appear.
I say well, the possibility of an accidental uninstallment of two plugins not too long could have led to this problem.
Thank you.Here is the awnser to your prob... anoying * http://home.att.net/~sjesme/ of hell
-
Problem with the two factor authentication with Apple TV.
I tried to connect to my Apple TV (2nd generation, operating system and updates are up-to-date), log-in failed and indicated that I had to use two-factor authentication which I recently install on my trust Apple devices which included my iMac, iPhone and iPad. As expected, I received a notice on my Apple devices trust with the verification code to six figures to add this code to six figures at the end of my password when signing in the Apple TV. I put my password and add the code check digit at the end on my password. It did not work. Now I can not connect. Any suggestions to connect to Apple TV using 2nd generation two-factor authentication? This Apple TV device is not supported?
There is model of Apple TV MC572LL/A with Apple TV software version 6.2.1
Model identifier is AppleTV2, 1
Model number is A1378
People have been facing difficulties with this process. I have not encountered such difficulties then have not had the opportunity to test solutions. While a little pain can I suggest that you disable temporarily two authentication step until you have set up your Apple TV.
-
Problem with the two EA DEVELOPER SQL DATA MODELING 3.0.0.665 and 3.1
I created a model of very large data using SQL Developer data 3.0.0.665 and 3.1 EA maker. Its having a lot of check constraints. Whenever I am the design of the fence and the DOF and reopening export to import the DDL file failure to import completely check constraints. It is important to check constraints, but without any range of values inside. Its very frustrating because whenever you open import ddl, you must manually add again all the details of data check range constraint.
OS: Windows XP.
Check in the two EA Developer SQL Data Modeler 3.0.0.665 and 3.1
-------------------------------------------
Here are the contents of the .dmd file.
-------------------------------------------
* <? XML version = "1.0" encoding = "UTF - 8"? > *.
* < OSDM_Design class = "oracle.dbtools.crest.model.design.Design" name = 'Admin_Panel' id = "9BE18B0A-6C67-2E5B-00DE-BD8312189ECB" version = "3.41" > * "
* < createdBy > administrator < / createdBy > *.
* < Createduserid > 2011-10-17 08:32:18 UTC < / Createduserid > *.
* < Admin_Panel ownerDesignName > < / ownerDesignName > *.
* < false capitalNames > < / capitalNames > *.
* < designId > 9BE18B0A-6C67-2E5B-00DE-BD8312189ECB < / designId > *.
* < / OSDM_Design > *.
-------------------------------------------------------------------------------
An example how the check constraints to get dirty.
-------------------------------------------------------------------------------
Initial check constraint is as below:
======================
ALTER TABLE test_table
ADD CONSTRAINT Active_Flag_ck
CHECK (Active_Flag IN ('A', 'I'))
*;*
Below how it occurs once I have imported the ddl and re-export:
============================================
ALTER TABLE test_table
ADD CONSTRAINT Active_Flag_ck
(CHECK)
*;*
I'm in trouble as I already in the middle of the my development using SQL Developer Data Modeler.
Please help me soon.
JeanHi John,.
Every time I'm fence design and export the ddl and reopening through the import of the DDL file
Why are you doing this? Once the DDL file is imported and then save the drawing and open simply saved design, no need to generate the DDL and import it every time that you start Modeler data.
On the list of values - forced as this CHECK (Active_Flag IN ('A', 'I')) are imported as constraint check plain and not as a list of values.
There are the more specific elements import of check constraint - they are defined as type database constraint that you select during the import. Accordingly if you import your DOF as Oracle 10 g DDL, then you will get forced correct check in DDL generated for Oracle 10 g and Oracle 11 g. Constraint of evil will be generated for Oracle 9i. You can move the constraint for Oracle 9i (in the check constraint dialog box) or generic if it can be treated as such constraint.I logged for DOF bad bug.
Philippe
-
Date problem with the two documents.
Hi friends,
I have the table and have two columns EFFECTIVE_START_DATE and EFFECTIVE_END_DATE.
Problem is I have some records of empooyee wise line and two resulting recordings gap which cannot be traceout.
E_CODE EFFECTIVE_START_DATE EFFECTIVE_END_DATE PREVIOUS_COE
10620 12 July 10 COMPANIES
10620 17 / sep / 09-30 November 09 CORPORATE
10620 19 November 07 31 January 08 CORPORATE
I want to create a view that will give me the whole same table except Effective_Start_date and Effective_End_date. Files in the sample are shown in the table below.
Fact is I don't have the current record in the table as shown in the table below, but I have to get this recods with force in the view.i must take care of EFFECTIVE_END_DATE must be-1 the next EFFECTIVE_START_DATE
E_CODE EFFECTIVE_START_DATE EFFECTIVE_END_DATE PREVIOUS_COE
10620 1 December 10 COMPANIES
10620 1 February 09 30 November 09 CORPORATE
10620 19 November 07 31 January 08 CORPORATE
Please let me know is it possible to approach this one or should I think otherwise.
Thank you
Bachan.Bah,.
The snippet of does'nt of Lee station have hard-coded values, it was just an easy way to select by using the sample values that you provided.
I created a table with query select Lee & then creates a view for her...
CREATE table tbl_test as SELECT e_code, effective_start_date, effective_end_date, previous_coe FROM (SELECT 10620 e_code, TO_DATE('12-Jul-2010') effective_start_date, NULL effective_end_date, 'CORPORATE' previous_coe FROM dual UNION ALL SELECT 10620, TO_DATE('17-Sep-2009'), TO_DATE('30-Nov-09'), 'CORPORATE' FROM dual UNION ALL SELECT 10620, TO_DATE('19-Nov-2007'), TO_DATE('31-Jan-08'), 'CORPORATE' FROM dual UNION ALL SELECT 10650, TO_DATE('14-May-2010'), NULL, 'SALES' FROM dual UNION ALL SELECT 10650, TO_DATE('11-Mar-2007'), TO_DATE('31-Jul-08'), 'SALES' FROM dual); create or replace view vw_tbl_test as select e_code, NVL(LEAD(effective_end_date) OVER (ORDER BY e_code, effective_start_date DESC) + 1, effective_start_date), effective_end_date, previous_coe from tbl_test;Hope that is clear or can be I got you wrong.
-
Problem with Tunnel VPN L2L between 2 ASA´s
Hi guys,.
I have some problems with my VPN Site to site tunnel between 2 ASA (5520/5505).
I watched a lot of videos on youtube, but I can't find out why the tunnel does not...
Both devices can ping eachothers WAN IP address (outside interfaces), but I don't see any traffic between the 2 sites. It seems that the tunnel is not open to everyone. When i PING from the local to the Remote LAN (which should be an interesting traffic for the tunnel...), the its IKEv1 remains empty...
Am I missing something? I can't understand it more why same phase 1 is not engaged.
You NAT won't. In your config file traffic is NATted initially and then does not match any more crypto ACL. You must move the rule dynamic NAT/PAT until the end of the table on two ASAs NAT:
no nat (INSIDE,OUTSIDE) source dynamic any interface nat (INSIDE,OUTSIDE) after-auto source dynamic any interface
-
Photoshop has been giving me the warning:
Photoshop has encountered a problem with the display driver and has temporarily disabled GPU enhancements. Visit the Web site of the manufacturer of the video card for the latest version of the software.
Also other programs are affected. I suspect a recent download of Adobe. Can anyone HELP.
No, it has nothing to do with updates of Adobe. There is a problem with your video card driver.
Go directly to the Web site of the manufacturer of the GPU for updates (not Microsoft, not a System Builder).
-
Cannot get CF11 to download the free trial version for students. Anyone having the same problem with the Adobe site?
Hello
Please download from http://www.adobe.com/cfusion/tdrc/index.cfm?product=coldfusion&promoid=DJDUK use your Adobe ID and password to login and download CF11.
Let me know in the case where you are facing any problems during the download, if you get any error try another browser.
Thank you
Priyank
-
Hello!
The new version of Firefox, I have a problem with the opening of the site VKontakte. The browser displays the following error message: "Firefox has determined that the server redirects the request for this address in a way that it will never end." How to solve this problem? Please excuse me for my English.
Sincerely, Vsevolod.This can be caused by corrupted cookies or cookies that are not sent or otherwise blocked.
Clear the cache and cookies from sites that cause problems.
"Clear the Cache":
- Tools > Options > advanced > network > content caching Web: 'clear now '.
'Delete Cookies' sites causing problems:
- Tools > Options > privacy > Cookies: "show the Cookies".
See also:
-
Is there a problem with the site? I'm unable to purchase/download anything.
Is there a problem with the site? I'm unable to purchase/download anything.
For accuracy, I'm not on the Web site, but my windows desktop program.
-
Anyone know if there is a problem with the "Windows Update" site? Since May 11, 2010...
Anyone know if there is a problem with the "Windows Update" site? As of May 11, 2010 I could not access it for 2 days now. I get an error report indicating that he has a "problem with the site '... Not sure if it's my computer or the site itself. I just need to check updates and download them. I would be grateful for any feedback... Thank you!
~ JeniferIt is without a doubt. There were a few patches published today, and I was able to update all my machines successfully. This looks more like a virus problem. Have you run a virus scan recently? Many times, if you are infected the virus will prevent you to access Windows Update.
You can also use Microsoft Fix It to reset the Windows Update components: http://support.microsoft.com/kb/971058. This could also be your problem.
Let me know how it goes,
Barbara
-
Access to the BT hotspots.
The place most frequent that I need to connect to a BT hotspot has a problem with the nearest hotspot. Although many sites come they are protected from security and only the nearest BT hotspot is displayed. There are many others, but they are invisible. I think that there is a software that allows you to see several hot spots the. BT are unable to give me the details.This is probably a function of the driver for your wireless card. I would check with the manufacturer of the computer or adapter.
Good luck.
-
Original title: error Windows 7 installation files
I bought a copy of Windows 7 at Tiger Direct on 22/05/2014. I lost my copy and I tried to download the iso from the Microsoft web site, but my product key is not valid. I get this error message
We had a problem with the request for approval.
See for other directions:
http://answers.Microsoft.com/en-us/Windows/wiki/Windows_7-update/how-to-what-are-my-options-for-obtaining-Windows-7/528163c1-0b2e-4AD2-a26d-7112851d1dc2
-
Problem with the BlackBerry Developer Site
We are currently experiencing a problem with the integration of BlackBerry ID with the BlackBerry Developer web site. This prevents the developers to create a new BlackBerry ID Token, connecting Issue Tracker and Developer area and potentially other areas that require authentication. Trying to access one of these pages gives the following error.
Sorry, there is a problem with the page you are trying to reach and it cannot be displayed. Please try again later.
Teams are trying to solve the problem. We apologize for the inconvenience.
The problem has been resolved. You should now be able to connect Issue Tracker and generate BlackBerry ID chips again.
Maybe you are looking for
-
recovery password for my mail account
I've updated to Sierra today and now Mail continues to request my password ".me". I typed in my password and it does not recognize. I thought that the password is the same as my password Apple ID, but maybe it's not? How can I recover my password mai
-
I've been on the pamperedchef.comsite. While I was on the page information is passed a page full size to a page about 3 x 4 inches. I don't know how it happened, but whenever I try to connect to this site, it is in this very small size.
-
I just bought a Mac Mini with TWO separate drives (ssd and hard drive) and I also bought a WD 1 TB of external drive to my Time Machine backups - so my question is:-How can I make sure that the disk WD and Time Machine will back up the TWO disks? and
-
He miss the Safari browser, how can I replace it?
I'm on a Mac OS X Version 10.8.5, processor 2.2 GHz Intel Core 2 Duo, memory 6 GB 667 MHz DDR2 SDRAM, NVIDIA GeForce 8600 M GT 128 MB graphics. Miss me the Safari browser, how can I replace it?
-
Error ID 4010 with payments API
Hello I have an application that uses the api native payments, I tested it with "local mode" and it works well. I have published, but now I get an error message when you try to make a purchase: He had problems this purchase. Please try again or visi