Question of EZVPN xauth
Hello
I am using an easy VPN on Cisco 800 of a customer Cisco VPN remote router on a laptop. I don't know if it's important, but I get an error debugging isakmp and ipsec I would like to know why they appear when connecting through EZVPN.
This router is configured with more than one site to site VPN connection and must use isakmp profile to use the two types of VPNS. The config that I finally used it, read the messages and documents, is,
AAA new-model
!
!
local RAVPNAUTH AAA authentication login
local RAVPNAUTH AAA authorization network
!
crypto ISAKMP policy 10
BA 3des
md5 hash
preshared authentication
Group 2
lifetime 28800
!
crypto ISAKMP policy 20
BA aes
preshared authentication
Group 2
life 3600
!
# isakmp crypto keys to site-to-site VPNs.
isakmp encryption key * address *.
...
isakmp encryption key * address *.
!
!
Configuration group customer isakmp crypto RAVPNGRPRD
key RAVPNkey
pool RAVPNPoolRD
ACL RAVPNRDACL
Crypto isakmp RAVPNRD profile
match of group identity RAVPNGRPRD
list of authentication of client RAVPNAUTH
RAVPNAUTH of ISAKMP authorization list.
client configuration address respond
!
!
# crypto ipsec transform #.
Crypto ipsec transform-set esp-3des esp-md5-hmac vpn000
Crypto ipsec transform-set esp-3des esp-md5-hmac vpn001
Crypto ipsec transform-set esp-3des esp-md5-hmac vpn002
Crypto ipsec transform-set RAVPNRD aes - esp esp-sha-hmac
!
!
crypto dynamic-map DYNRAVPNRD 10
game of transformation-RAVPNRD
RAVPNRD Set isakmp-profile
market arriere-route
!
!
# the tunnels from site to site map crypto #.
Tunel 10 map ipsec-isakmp crypto
defined peer peer-ip00
Set transform-set vpn000
PFS group2 Set
match address 106
Tunel 20 map ipsec-isakmp crypto
defined peer peer-ip01
Set transform-set vpn001
match address 161
!
card crypto tunel 1000-isakmp dynamic ipsec DYNRAVPNRD
!
username password USR...
!
point-to-point interface ATM0.1
...
tunel crypto card
!
IP pool local RAVPNPoolRD 192.168.120.1 192.168.120.6
...
and the errors presented on debugging,
These occurs when connecting the Cisco VPN Client, connects OK and asks for the user and the password.
. Mar 12 13:06:24: ISAKMP: (0): free encryption algorithm does not match policy.
. Mar 12 13:06:24: ISAKMP: (0): atts are not acceptable. Next payload is 3
. Mar 12 13:06:24: ISAKMP: (0): free encryption algorithm does not match policy.
. Mar 12 13:06:24: ISAKMP: (0): atts are not acceptable. Next payload is 3
. Mar 12 13:06:24: ISAKMP: (0): free encryption algorithm does not match policy.
. Mar 12 13:06:24: ISAKMP: (0): atts are not acceptable. Next payload is 3
. Mar 12 13:06:24: ISAKMP: (0): free encryption algorithm does not match policy.
. Mar 12 13:06:24: ISAKMP: (0): atts are not acceptable. Next payload is 3
. Mar 12 13:06:24: ISAKMP: (0): free encryption algorithm does not match policy.
. Mar 12 13:06:24: ISAKMP: (0): atts are not acceptable. Next payload is 3
. Mar 12 13:06:24: ISAKMP: (0): free encryption algorithm does not match policy.
. Mar 12 13:06:24: ISAKMP: (0): atts are not acceptable. Next payload is 3
. Mar 12 13:06:24: ISAKMP: (0): free encryption algorithm does not match policy.
. Mar 12 13:06:24: ISAKMP: (0): atts are not acceptable. Next payload is 3
. Mar 12 13:06:24: ISAKMP: (0): free encryption algorithm does not match policy.
. Mar 12 13:06:24: ISAKMP: (0): atts are not acceptable. Next payload is 3
. Mar 12 13:06:24: ISAKMP: (0): offered hash algorithm does not match policy.
. Mar 12 13:06:24: ISAKMP: (0): atts are not acceptable. Next payload is 3 unknown Attr: 0x700C unknown Attr: 0 x 7005
. Mar 12 13:06:28: ISAKMP (0/2290): unknown Attr: CONFIG_MODE_UNKNOWN (0x700C)
. Mar 12 13:06:28: ISAKMP (0/2290): unknown Attr: MODECFG_HOSTNAME (0x700A)
. Mar 12 13:06:28: ISAKMP (0/2290): unknown Attr: CONFIG_MODE_UNKNOWN (0 x 7005)
. Mar 12 13:06:29: IPSEC (ipsec_process_proposal): application for conversion not supported for identity:
{code hmac-md5-esp esp - aes 256 comp-lzs}
. Mar 12 13:06:29: ISAKMP: (2290): IPSec policy invalidated proposal with error 256
. Mar 12 13:06:29: IPSEC (ipsec_process_proposal): application for conversion not supported for identity:
{code hmac-sha-esp esp - aes 256 comp-lzs}
. Mar 12 13:06:29: ISAKMP: (2290): IPSec policy invalidated proposal with error 256
. Mar 12 13:06:29: IPSEC (ipsec_process_proposal): application for conversion not supported for identity:
{esp - aes esp-md5-hmac comp-lzs}
. Mar 12 13:06:29: ISAKMP: (2290): IPSec policy invalidated proposal with error 256
. Mar 12 13:06:29: IPSEC (ipsec_process_proposal): application for conversion not supported for identity:
{code hmac-sha-esp esp - aes comp-lzs}
. Mar 12 13:06:29: ISAKMP: (2290): IPSec policy invalidated proposal with error 256
. Mar 12 13:06:29: IPSEC (ipsec_process_proposal): application for conversion not supported for identity:
{esp - aes 256 esp-md5-hmac}
. Mar 12 13:06:29: ISAKMP: (2290): IPSec policy invalidated proposal with error 256
. Mar 12 13:06:29: IPSEC (ipsec_process_proposal): application for conversion not supported for identity:
{esp - aes 256 esp-sha-hmac}
. Mar 12 13:06:29: ISAKMP: (2290): IPSec policy invalidated proposal with error 256
. Mar 12 13:06:29: IPSEC (ipsec_process_proposal): application for conversion not supported for identity:
{esp - aes esp-md5-hmac}
. Mar 12 13:06:29: ISAKMP: (2290): IPSec policy invalidated proposal with error 256
Is this a normal process to match the isakmp and ipsec policies or have I missed something?
Concerning
Hello
Your proposal of IPsec is:
Crypto ipsec transform-set RAVPNRD aes - esp esp-sha-hmac
You don't use AES - 256, because the client tries to all available options, then you'll see these newspapers in the SAA.
Hoping to help.
Portu.
Please note all useful messages.
Tags: Cisco Security
Similar Questions
-
ASA VPN server and vpn client router 871
Hi all
I have ASA 5510 as simple VPN server and 871 router as simple VPN client. I want to have the user ID and permanent password on 871 and not to re - enter username and password since 871 uses dynamic IP address and every time I have to ' cry ipsec client ezvpn xauth "and type user name and password.
any suggestions would be much appreciated.
Thank you
Alex
Do "crypto ipsec client ezvpn show ' on 871, does say:
...
Save password: refused
...
ezVPN server dictates the client if it can automatically connect with saved password.
Set "enable password storage" under the group policy on the ASA.
Kind regards
Roman
-
A hardware IOS with XAUTH client enabled on the client and the server requests a user name and password, which must be entered manually via cli.
Is it possible to store the user name and password locally on the client of equipment for xauth phase remaining without the invention of the user? The commands should be used on the client and the server?
Tanks in advance
Edgar
I guess that you have an IOS server also. The "Save password" option in the config of EzVPN has been added to the VPN server in T code 12.3 (2). Note This command is configured on the SERVER, and not on the client.
The client must be running at least 12.3 (4) T code to support this feature. After you configure "Save password" on the server, you will need to use the manual control on the client to build the tunnel once more. During the negotiation of the next tunnel, the customer is then notified that it is possible to save the password locally. Once this is done, follow this:
If you attempt to save the password on the client, it is enabled on the server, and without having to build the tunnel once more manually so that the customer is on the policy change, you get an error on the client by saying "Cannot save passwords" (or something like that).
-
This is perhaps a silly question, but I am at a loss to see what the problem is.
I have a 515 on my site and am trying to install a few small 501 office across the country.
Each office can connect and establish a tunnel when I configure use EZ and I a setting up split-tunnel to pass to the Internet or to me every time.
If for some reason, I have to restart my PIX or my T1 goes down, they lose the tunnel (of course), but they lose also any Internet connection they have. The only way to get them reconnected to the world must go and uncheck the box "use the EZVPN."
At the end of the day, I don't want to then lose all connectivity when / if I get off.
What I forget?
Thanks in advance.
Robert Crooks
Network systems administrator
Ivaco Rolling Mills
try to add no.-xauth-no-config-mode to your statement of isakmp key.
ISAKMP key YOURPASSWORD address 192.168.1.2 subnet 255.255.255.255 mask no.-xauth-config-mode no.
or try to run with this documentation
-
Hello
Please could someone explain why a re the EZVPN hub with split versus not separated tunnel tunnel.
Thank you in advance!
@F Martinez,
I hope that you are well and thank you for the post. The difference is that by the explanations below.
Full-Tunnel architecture: ALL client traffic going through the tunnel. Therefore the escape of the traffic internet client-side will be actually on the router, as opposed to the own internet connection, customers.
Tunnel of split Architecture: Only selected traffic on the client side is going through the tunnel. So internet breakout and nothing else will go directly to from the client and never cross the tunnel.
Google can also answer your questions if I didn't answer this well enough. HTH.
Kind regards
Luke Oxley
Please evaluate the useful messages and mark the correct answers.
-
Several connections of client XAuth of PIX 506th
Hi, we have Cisco PIX 506th, fully updated:
Cisco PIX Firewall Version 6.3 (5)
Cisco PIX Device Manager Version 3.0 (4)
We have two customers with Cisco (routers with VPN and PIX firewall IOS). I can't make two IPSec connections for them using XAuth (they allowed Xauth). I see that we have only one VPN connection with extended authentication (XAuth) called "Easy VPN. When I am trying to set up a new one it replaces just my old connection. If I shouldn't use this firewall PIX Easy VPN Client, how can I use extended authentication (XAuth) I found no option for this? Is this supported? At 25 connections how to only IPSec connections without XAuth authentication data sheet?
as far as I know, you may need an additional device. as mentioned, the reason being a single unit can act as a client for two ezvpn ezvpn different servers.
Otherwise, you must return to the type of vpn. that is, to set up lan - lan.
-
Cisco ezvpn ASAs cannot ping each other inside interfaces
I have a set ezvpn in place with a 5506 (position B) client-side and a 5520 (location A) server-side. I have successfully connected vpn, and traffic flows. My problem is that I can't SSH in the location b. investigate this more than I can not ping is within the interface of the ASA opposing, or the machines inside each ASA ASA.
I found the following links that describes a scenario similar to mine, but nothing on one of them helped me.
http://www.experts-exchange.com/questions/28388142/cannot-ping-ASA-5505-inside-interface-across-VPN.html
https://www.fir3net.com/firewalls/Cisco/Cisco-ASA-proxy-ARP-gotcha.html
https://supportforums.Cisco.com/discussion/11755586/Cisco-ASA-VPN-established-cant-pingI joined sanitized versions of these two configs. Any help is appreciated.
Hi Adam
The site of B I'm not able to see "management of access to inside. Please try to set up the same. He could solve the problem.
Also on the instruction of the ASA takes place nat can you please try to add keywords 'search non-proxy-arp route'.
something like:
nat (inside,outside) source static (Location A)_Networks (Location A)_Networks destination static (location B)-remote_network (location B)-remote_network no-proxy-arp route-lookup
as I have noted problems with inside access to interface via the VPN when those keywords are not applied. If I remember correctly 8.6.x ASA version had a bug regarding the same. Cordially Véronique -
EZVPN nem - Internet access mode
Hello
I have a router cisco 881 and an asa 5520 SW 8.4
I configured EZVPN NEM mode between the router ASA and 881. However the 881 can access network resources on the inside interface of the ASA, where it ends. However the site using the 881 cannot access the internet. I know that I could configure split tunnel and the site would use only the tunnel for our internal network (10.0.0.0). However, I want this site to our ASA allows access to the internet so that the restrictions will apply to this site too. I apologize in advance if I have not provided enough information.
Router config 881 is lower, ASA config is too big to post, but if you tell me what exactly you want I post, I will;
no ip domain search
"yourdomain.com" of the IP domain name
IP cef
No ipv6 cef
!
license udi pid CISCO881-K9 sn FCZ17219082
!
username secret privilege 15 netadmin 4 N2rcMRAZjsOjF7Kp/KUkH4cfBtBYp.1Cc.V8E0utmSI
!
Crypto ipsec client ezvpn EZVPN
connect auto
Group TG_EZVPN key ourkey
network extension mode
peer FIREWALL IP
username password user password
xauth userid local mode
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
Description * Interface Outside *.
DHCP IP address
automatic duplex
automatic speed
Crypto ipsec client ezvpn EZVPN
!
interface Vlan1
Description * EZVPN inside *.
IP 172.16.217.1 255.255.255.0
IP helper 10.1.4.60
IP helper 10.1.4.61
IP tcp adjust-mss 1452
Crypto ipsec client ezvpn EZVPN inside
!
IP forward-Protocol ND
IP http server
23 class IP http access
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
!
IP route 0.0.0.0 0.0.0.0 dhcp
Hello
As long as the traffic to any other network other than the network to remote sites runs through the VPN connection, then the more typical than the ASA things central may be missing are the following
permit same-security-traffic intra-interface
If this configuration is already currently in use can be controlled with
See the race same-security-traffic
The above arrangement allows the ASA transmitting a packet entering an interface through this same interface, that it came at the start. Without this parameter, it is not impossible.
Then you will naturally NAT configurations for users of the Remote LAN connections
If we were to use NAT Auto / network object NAT (since I don't know how you have built the base dynamic PAT to your central site ASA) configuration might look something like this
network of the REMOTE-SITE-PAT object
172.16.217.0 subnet 255.255.255.0
dynamic NAT interface (outdoors, outdoor)
The above should provide the dynamic PAT to the interface ' outside ' of the ASA central when the hosts are connected to the Internet.
Given that the NEM Mode VPN is probably connected right now that you can test what would happen to a related Internet packet across the VPN connection (even before changing the settings above)
entry Packet-trace out tcp 172.16.217.100 12345 8.8.8.8 80
That should tell what happens to the content of the package. If you are missing the first order, I suggest you the output of "packet - trace" will be very short and should see a DECLINE Phase very quickly
-Jouni
-
EzVPN between Cisco ASA 5505 (with NEM mode) and Ciscoo 881 Roure
Hi friends,
I configured the Cisco ASA 5505 and Cisco router with DMVPN 881. 3 offices works very well but one office remains failure. I did the same configuration for all facilities but this router does not work. Any ideas?
Please find below the exit of 881 router Cisco:
YF2_Tbilisi_router #.
* 4 August 09:31:26.793: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:31:26.793 4 August: ISAKMP (0): increment the count of errors on his, try 4 out 5: retransmit the phase 1
* 4 August 09:31:26.793: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:31:26.793: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:31:26.793 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 4 August 09:31:36.793: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:31:36.793 4 August: ISAKMP (0): increment the count of errors on his, try 5 of 5: retransmit the phase 1
* 4 August 09:31:36.793: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:31:36.793: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:31:36.793 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 09:31:44.929 4 August: ISAKMP: (0): serving SA., its is 88961 B 34, delme is 88961 B 34
* 4 August 09:31:46.793: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:31:46.793 4 August: ISAKMP: (0): the peer is not paranoid KeepAlive.* 09:31:46.793 4 August: ISAKMP: (0): removal of reason ITS status of 'Death by retransmission P1' (I) AG_INIT_EXCH (peer 1.1.1.1)
* 09:31:46.793 4 August: % CRYPTO-6-EZVPN_CONNECTION_DOWN: user (customer) = group = Youth_Facility_2 Server_public_addr = 1.1.1.1
* 4 August 09:31:46.793: ISAKMP:isadb_key_addr_delete: no key for address 1.1.1.1 (root NULL)
* 09:31:46.793 4 August: ISAKMP: (0): removal of reason ITS status of 'Death by retransmission P1' (I) AG_INIT_EXCH (peer 1.1.1.1)
* 09:31:46.793 4 August: ISAKMP: Unlocking counterpart struct 0x8AA90C50 for isadb_mark_sa_deleted(), count 0
* 09:31:46.793 4 August: ISAKMP: delete peer node by peer_reap for 1.1.1.1: 8AA90C50
* 09:31:46.793 4 August: ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
* 09:31:46.793 4 August: ISAKMP: (0): former State = new State IKE_I_AM1 = IKE_DEST_SA* 4 August 09:31:47.805: del_node 2.2.2.2 src dst 1.1.1.1:500 fvrf 0 x 0, ivrf 0 x 0
* 09:31:47.805 4 August: ISAKMP: (0): the peer is not paranoid KeepAlive.* 4 August 09:31:47.805: ISAKMP: (0): profile of THE request is (NULL)
* 09:31:47.805 4 August: ISAKMP: created a struct peer 1.1.1.1, peer port 500
* 09:31:47.805 4 August: ISAKMP: new created position = 0x8AA90C50 peer_handle = 0 x 80004819
* 09:31:47.805 4 August: ISAKMP: lock struct 0x8AA90C50, refcount 1 to peer isakmp_initiator
* 09:31:47.805 4 August: ISAKMP: (0): client configuration parameters 87531228 adjustment
* 09:31:47.805 4 August: ISAKMP: 500 local port, remote port 500
* 09:31:47.805 4 August: ISAKMP: find a dup her to the tree during his B 88961, 34 = isadb_insert call BVA
* 4 August 09:31:47.805: ISAKMP: (0): set up client mode.
* 4 August 09:31:47.805: ISAKMP: (0): built of NAT - T of the seller-rfc3947 ID
* 4 August 09:31:47.805: ISAKMP: (0): built the seller-07 ID NAT - t
* 4 August 09:31:47.805: ISAKMP: (0): built of NAT - T of the seller-03 ID
* 4 August 09:31:47.805: ISAKMP: (0): built the seller-02 ID NAT - t
* 4 August 09:31:47.805: ISKAMP: more send buffer from 1024 to 3072
* 09:31:47.805 4 August: ISAKMP: (0): ITS been pre-shared key and XAUTH authentication using id ID_KEY_ID type
* 09:31:47.805 4 August: ISAKMP (0): payload ID
next payload: 13
type: 11
Group ID: Youth_Facility_2
Protocol: 17
Port: 0
Length: 24
* 09:31:47.805 4 August: ISAKMP: (0): the total payload length: 24
* 09:31:47.809 4 August: ISAKMP: (0): entry = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM
* 09:31:47.809 4 August: ISAKMP: (0): former State = new State IKE_READY = IKE_I_AM1* 4 August 09:31:47.809: ISAKMP: (0): Beginner aggressive Mode Exchange
* 4 August 09:31:47.809: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:31:47.809 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 4 August 09:31:57.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:31:57.809 4 August: ISAKMP (0): increment the count of errors on his, try 1 5: retransmit the phase 1
* 4 August 09:31:57.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:31:57.809: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:31:57.809 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 4 August 09:32:07.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:32:07.809 4 August: ISAKMP (0): increment the count of errors on his, try 2 of 5: retransmit the phase 1
* 4 August 09:32:07.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:32:07.809: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:32:07.809 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 4 August 09:32:17.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:32:17.809 4 August: ISAKMP (0): increment the count of errors on his, try 3 of 5: retransmit the phase 1
* 4 August 09:32:17.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:32:17.809: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:32:17.809 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 4 August 09:32:27.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:32:27.809 4 August: ISAKMP (0): increment the count of errors on his, try 4 out 5: retransmit the phase 1
* 4 August 09:32:27.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:32:27.809: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:32:27.809 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 4 August 09:32:37.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:32:37.809 4 August: ISAKMP (0): increment the count of errors on his, try 5 of 5: retransmit the phase 1
* 4 August 09:32:37.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:32:37.809: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:32:37.809 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 09:32:46.793 4 August: ISAKMP: (0): serving SA., his is 872E1504, delme is 872E1504
* 4 August 09:32:47.809: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:32:47.809 4 August: ISAKMP: (0): the peer is not paranoid KeepAlive.* 09:32:47.809 4 August: ISAKMP: (0): removal of reason ITS status of 'Death by retransmission P1' (I) AG_INIT_EXCH (peer 1.1.1.1)
* 09:32:47.809 4 August: % CRYPTO-6-EZVPN_CONNECTION_DOWN: user (customer) = group = Youth_Facility_2 Server_public_addr = 1.1.1.1
* 4 August 09:32:47.809: ISAKMP:isadb_key_addr_delete: no key for address 1.1.1.1 (root NULL)
* 09:32:47.809 4 August: ISAKMP: (0): removal of reason ITS status of 'Death by retransmission P1' (I) AG_INIT_EXCH (peer 1.1.1.1)
* 09:32:47.809 4 August: ISAKMP: Unlocking counterpart struct 0x8AA90C50 for isadb_mark_sa_deleted(), count 0
* 09:32:47.809 4 August: ISAKMP: delete peer node by peer_reap for 1.1.1.1: 8AA90C50
* 09:32:47.809 4 August: ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
* 09:32:47.809 4 August: ISAKMP: (0): former State = new State IKE_I_AM1 = IKE_DEST_SA* 4 August 09:32:48.909: del_node src 2.2.2.2:500 dst 1.1.1.1:500 fvrf 0 x 0, ivrf 0 x 0
* 09:32:48.909 4 August: ISAKMP: (0): the peer is not paranoid KeepAlive.* 4 August 09:32:48.909: ISAKMP: (0): profile of THE request is (NULL)
* 09:32:48.909 4 August: ISAKMP: created a struct peer 1.1.1.1, peer port 500
* 09:32:48.909 4 August: ISAKMP: new created position = 0x8AA90C50 peer_handle = 0 x 80004818
* 09:32:48.909 4 August: ISAKMP: lock struct 0x8AA90C50, refcount 1 to peer isakmp_initiator
* 09:32:48.909 4 August: ISAKMP: (0): client setting Configuration parameters 88C05A48
* 09:32:48.909 4 August: ISAKMP: 500 local port, remote port 500
* 09:32:48.909 4 August: ISAKMP: find a dup her to the tree during the isadb_insert his 87B57D38 = call BVA
* 4 August 09:32:48.909: ISAKMP: (0): set up client mode.
* 4 August 09:32:48.909: ISAKMP: (0): built of NAT - T of the seller-rfc3947 ID
* 4 August 09:32:48.909: ISAKMP: (0): built the seller-07 ID NAT - t
* 4 August 09:32:48.909: ISAKMP: (0): built of NAT - T of the seller-03 ID
* 4 August 09:32:48.909: ISAKMP: (0): built the seller-02 ID NAT - t
* 4 August 09:32:48.909: ISKAMP: more send buffer from 1024 to 3072
* 09:32:48.913 4 August: ISAKMP: (0): ITS been pre-shared key and XAUTH authentication using id ID_KEY_ID type
* 09:32:48.913 4 August: ISAKMP (0): payload ID
next payload: 13
type: 11
Group ID: Youth_Facility_2
Protocol: 17
Port: 0
Length: 24
* 09:32:48.913 4 August: ISAKMP: (0): the total payload length: 24
* 09:32:48.913 4 August: ISAKMP: (0): entry = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_AM
* 09:32:48.913 4 August: ISAKMP: (0): former State = new State IKE_READY = IKE_I_AM1* 4 August 09:32:48.913: ISAKMP: (0): Beginner aggressive Mode Exchange
* 4 August 09:32:48.913: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:32:48.913 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 4 August 09:32:58.913: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:32:58.913 4 August: ISAKMP (0): increment the count of errors on his, try 1 5: retransmit the phase 1
* 4 August 09:32:58.913: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:32:58.913: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:32:58.913 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 4 August 09:33:08.913: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:33:08.913 4 August: ISAKMP (0): increment the count of errors on his, try 2 of 5: retransmit the phase 1
* 4 August 09:33:08.913: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:33:08.913: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:33:08.913 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 4 August 09:33:18.913: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:33:18.913 4 August: ISAKMP (0): increment the count of errors on his, try 3 of 5: retransmit the phase 1
* 4 August 09:33:18.913: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:33:18.913: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:33:18.913 4 August: ISAKMP: (0): sending a packet IPv4 IKE.
* 4 August 09:33:28.913: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH...
* 09:33:28.913 4 August: ISAKMP (0): increment the count of errors on his, try 4 out 5: retransmit the phase 1
* 4 August 09:33:28.913: ISAKMP: (0): transmit phase 1 AG_INIT_EXCH
* 4 August 09:33:28.913: ISAKMP: (0): 1.1.1.1 package sending 500 peer_port 500 (I) my_port AG_INIT_EXCH
* 09:33:28.913 4 August: ISAKMP: (0): sending a packet IPv4 IKE.There is no DMVPN on the SAA. All that you have configured, is not compatible with the ASA or something another DMVPN then. At least debugging shows that there are some EzVPN involved.
The debug version, it seems that there is no communication on UDP/500 possible between devices. Maybe something is blocking who?
-
Hi all
I have a spare 2811 router that would like to use for the temporary easy VPN server.
the router IOS is already updated security advance 15.0 K9.
My question is the AIM - VPN a real map/module on the motherboard of the router or just pop up once the router has been upgraded to IOS security?
SH ve | I have IOS
Cisco IOS software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 15.0 (1) M8, RELEASE SOFTWARE (fc1)#sh inv
NAME: "2811 chassis', DESCR:"2811 chassis.
PID: CISCO2811, VID: V02, SN: FTX0911CxxxNAME: ' PVDMII DSP SIMM with a DSP on the Slot 0 SubSlot 4 ', DESCR: 'PVDMII DSP SIMM with a DSP.
PID: PVDM2-16, VID: V01, SN: FOC13071xxNAME: "virtual private network (VPN) on the Slot Module 0 ', DESCR: 'encryption PURPOSE Element '.
PID: AIM-VPN/EPII-PLUS, VID: v01, SN: FOC09072xxYou have now two VPN modules in your router:
- The module for basic needs
- The module see you in "inventory to see the" which is placed in the OBJECTIVE of on-board connector. This module has a flow more and a greater number of tunnel and will be used by default.
There are many examples of EzVPN configuration guide:
If it is more then a temporary solution, I would also consider using an ASA to remote access VPN. EzVPN is more or less obsolete, and the ASA has many more features with the AnyConnect client. On the router, you can also configure remote access for AnyConnect, but it is much more complicated.
-
DMVPN question "" change btwn CONF_XAUTH &; MM_NO_STATE ".
Hi all
can you please help on below: thanks in advance.
HQ which is configured to accept remote vpn client using crypto map and also it is configured for dynamic vpn with branch.
Static public IP HQ is 82.114.179.120, tunnel 10 172.16.10.1 and local lan ip is 192.168.1.0
Branch has dynamic public ip, 10 ip 172.16.10.32 tunnel local lan is 192.168.32.0 It is also configured by using tunnel 0 with an another CA that works very well.
Directorate-General for the Lan (192.168.32.0) is required to access lan (192.168.1.0) HQ...
Debug files attached
HQ:
AAA authentication login local acs
AAA authorization network local acs
!
AAA - the id of the joint session
!
IP cef
!8.8.8.8 IP name-server
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!redundancy
!VDSL 0/1/0 controller
!cryptographic keys ccp-dmvpn-keyring keychain
pre-shared key address 0.0.0.0 0.0.0.0 key [email protected] / * /
!
crypto ISAKMP policy 10
BA 3des
md5 hash
preshared authentication
Group 2
ISAKMP crypto 5 3600 keepalive
ISAKMP crypto nat keepalive 3600
ISAKMP xauth timeout 60 crypto!
ISAKMP crypto client configuration group NAMA
namanama key
pool mypool
ACL 101
Save-password
Profile of crypto isakmp dmvpn-ccp-isakmprofile
CCP-dmvpn-keyring keychain
function identity address 0.0.0.0
!
Crypto ipsec transform-set esp-3des esp-md5-hmac test
tunnel mode
Crypto ipsec transform-set ESP-AES-MD5-esp - aes esp-md5-hmac comp-lzs
transport mode
!
Profile of crypto ipsec CiscoCP_Profile1
game of transformation-ESP-AES-MD5
define the profile of isakmp dmvpn-ccp-isakmprofile
!card dynamic crypto map 10
Set transform-set test
market arriere-route
!
the i-card card crypto client authentication list acs
card crypto i-card isakmp authorization list acs
card crypto i-map client configuration address respond
card crypto i-card 10 isakmp ipsec dynamic map!
interface Tunnel10
bandwidth 1000
address 172.16.10.1 IP 255.255.255.0
no ip redirection
IP 1400 MTU
authentication of the PNDH IP DMVPN_NW
dynamic multicast of IP PNDH map
PNDH id network IP-100000
property intellectual PNDH holdtime 360
IP tcp adjust-mss 1360
delay of 1000
Shutdown
source of Dialer1 tunnel
multipoint gre tunnel mode
tunnel key 100000
Tunnel CiscoCP_Profile1 ipsec protection profile
!
the Embedded-Service-Engine0/0 interface
no ip address
Shutdown
!
interface GigabitEthernet0/0
IP 192.168.0.254 255.255.255.0
IP nat inside
IP virtual-reassembly in
automatic duplex
automatic speed
!
interface GigabitEthernet0/1
IP 192.168.1.1 255.255.255.0
IP nat inside
IP virtual-reassembly in
automatic duplex
automatic speed
!
ATM0/1/0 interface
DSL Interface Description
no ip address
No atm ilmi-keepalive
PVC 8/35
aal5snap encapsulation
PPPoE-client dial-pool-number 1!
interface Dialer0
no ip address
!
interface Dialer1
the negotiated IP address
IP mtu 1492
NAT outside IP
IP virtual-reassembly in
encapsulation ppp
Dialer pool 1
PPP authentication chap callin pap
PPP chap hostname nama20004
password PPP chap 0 220004
PPP pap sent-username nama20004 password 0 220004
i-crypto map
!
IP local pool mypool 192.168.30.1 192.168.30.100
IP forward-Protocol ND
!
IP http server
IP http secure server
!
overload of IP nat inside source list 171 interface Dialer1
IP route 0.0.0.0 0.0.0.0 Dialer1
IP route 192.168.32.0 255.255.255.0 172.16.10.32
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.2
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.30.0 0.0.0.2
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.32.0 0.0.0.2
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.35.0 0.0.0.2
access-list 171 deny ip 192.168.0.0 0.0.0.255 192.168.30.0 0.0.0.2
access-list 171 refuse ip 192.168.1.0 0.0.0.255 192.168.30.0 0.0.0.2
access-list 171 refuse ip 192.168.1.0 0.0.0.255 192.168.35.0 0.0.0.2
access-list 171 refuse ip 192.168.1.0 0.0.0.255 192.168.32.0 0.0.0.2
access ip-list 171 allow a whole
Dialer-list 2 ip protocol allow
!HQ #sh cry isa his
IPv4 Crypto ISAKMP Security Association
DST CBC conn-State id
82.114.179.120 78.137.84.92 CONF_XAUTH 1486 ACTIVE
82.114.179.120 78.137.84.92 MM_NO_STATE 1483 ACTIVE (deleted)
82.114.179.120 78.137.84.92 MM_NO_STATE 1482 ACTIVE (deleted)See the branch to execute:
!
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
!
crypto ISAKMP policy 11
BA 3des
md5 hash
preshared authentication
Group 2
ISAKMP crypto key [email protected] / * / address 82.114.179.105
ISAKMP crypto key [email protected] / * / address 82.114.179.120
ISAKMP crypto keepalive 10 periodicals
!
!
Crypto ipsec transform-set ESP-AES-MD5-esp - aes esp-md5-hmac comp-lzs
transport mode
Crypto ipsec transform-set esp - aes Taiz esp-md5-hmac comp-lzs
transport mode
!
Profile of crypto ipsec CiscoCP_Profile1
game of transformation-ESP-AES-MD5
!
Profile of crypto ipsec to Taiz-profile-
the value of the transform-set in Taiz
!
interface Tunnel0
bandwidth 1000
IP 172.16.0.32 255.255.255.0
IP 1400 MTU
authentication of the PNDH IP DMVPN_NW
map of PNDH 172.16.0.1 IP 82.114.179.105
PNDH id network IP-100000
property intellectual PNDH holdtime 360
property intellectual PNDH nhs 172.16.0.1
IP tcp adjust-mss 1360
delay of 1000
source of Dialer0 tunnel
tunnel destination 82.114.179.105
tunnel key 100000
Tunnel CiscoCP_Profile1 ipsec protection profile
!
interface Tunnel10
bandwidth 1000
IP 172.16.10.32 255.255.255.0
IP 1400 MTU
authentication of the PNDH IP DMVPN_NW
property intellectual PNDH 172.16.10.1 card 82.114.179.120
PNDH id network IP-100000
property intellectual PNDH holdtime 360
property intellectual PNDH nhs 172.16.10.1
IP tcp adjust-mss 1360
delay of 1000
source of Dialer0 tunnel
tunnel destination 82.114.179.120
key to tunnel 22334455
tunnel of ipsec to Taiz-profile protection
!
interface Ethernet0
no ip address
Shutdown
!
ATM0 interface
no ip address
No atm ilmi-keepalive
!
point-to-point interface ATM0.1
PVC 8/35
PPPoE-client dial-pool-number 1
!
!
interface FastEthernet0
# CONNECT TO LAN description #.
no ip address
!
interface FastEthernet1
# CONNECT TO LAN description #.
no ip address
!
interface FastEthernet2
# CONNECT TO LAN description #.
no ip address
!
interface FastEthernet3
# CONNECT TO LAN description #.
no ip address
!
interface Vlan1
# LAN INTERFACE description #.
customer IP dhcp host name no
IP 192.168.32.254 255.255.255.0
IP nat inside
IP virtual-reassembly in
IP tcp adjust-mss 1412
!
interface Dialer0
the negotiated IP address
IP mtu 1452
NAT outside IP
IP virtual-reassembly in
encapsulation ppp
Dialer pool 1
Dialer-Group 1
PPP authentication chap callin pap
PPP chap hostname mohammadaa
password PPP chap 0-123456
PPP pap sent-name of user mohammadaa password 123456 0
!
IP forward-Protocol ND
IP http server
10 class IP http access
local IP http authentication
no ip http secure server
!
the IP nat inside source 1 interface Dialer0 overload list
IP route 0.0.0.0 0.0.0.0 Dialer0
Route IP 192.168.0.0 255.255.255.0 172.16.0.1
IP route 192.168.1.0 255.255.255.0 172.16.10.1
!
auto discovering IP sla
Dialer-list 1 ip protocol allow
!
access-list 1 permit 192.168.32.0 0.0.0.255
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 192.168.0.0 0.0.0.255
!Branch #sh cry isa his
IPv4 Crypto ISAKMP Security Association
DST CBC conn-State id
82.114.179.120 78.137.84.92 MM_NO_STATE ACTIVE 2061 (deleted)
82.114.179.120 78.137.84.92 MM_NO_STATE 2060 ACTIVE (deleted)Mohammed,
No probs, ensure safety.
The config you home has only one profile of IKE again. i.e. your DMVPN and ezvpn fall into the same basket.
What you need is a clean separation.
In the example you have
crypto isakmp profile VPNclient match identity group hw-client-groupname client authentication list userauthen isakmp authorization list hw-client-groupname client configuration address respond
which is then linked to:crypto dynamic-map dynmap 10 set isakmp-profile VPNclient reverse-route set transform-set strong
and separately a Profile of IKE DMVPN:
crypto isakmp profile DMVPN keyring dmvpnspokes match identity address 0.0.0.0
linked to your profile DMVPN IPsec:
crypto ipsec profile cisco set security-association lifetime seconds 120 set transform-set strong set isakmp-profile DMVPN
You apply the same logic here and clean to the top of your current config (i.e. move the features that you have applied to the level of the crypto map to your new profile of IKE).
M.
-
Dial backup VPN - pre-shared key question
I use dial backup for my DSL connections in case of failure, but on my host router I also use EZVPN Client VPN access server. Thus the server EZVPN uses xauth for pre-shared key authentication:
ISAKMP crypto key? address 0.0.0.0 0.0.0.0
BUT for my backup of VPN connection to work, I need to use the dynamic IP to the IP address of the peer that requires:
ISAKMP crypto key? address 0.0.0.0 0.0.0.0 no xauth
I tried to set the keys for dial-in subnets, but it always seems to use the default value.
Is this all just not supported or is there a workaround?
My (main) the host router is a CISCO 1841, my remote router is 877.
See you soon,.
Sean
You need to configure ISAKMP profiles on the server Ezvpn router.
http://Cisco.com/en/us/Tech/tk583/TK372/technologies_configuration_example09186a00801dddbb.shtml
Who would do it.
-
Hello
I installed EZVPN but I can't get back to the top of the head of line traffic.
When I debug ICMP on an internal switch and ping the device to the customer, I can see the answer to the IP address of the vpn client, but it does not make to the customer.
This is not my subject harder but I can see all seems ok. Note that I have a number of internal networks defined in the ACL CE tunnel.
Clues to what I am doing wrong welcome.
Thank you
The config is as follows:
AAA new-model
!
!
AAA authentication login local authentic
author of local AAA authorization network
!
AAA - the id of the joint session
IP cef
!
!
property intellectual auth-proxy max-nodata-& 3
property intellectual admission max-nodata-& 3
!
!
IP domain name yyyy.com
!
!
!
!
xxxx xxxx password username
!
!
crypto ISAKMP policy 10
BA aes 256
preshared authentication
Group 2
ISAKMP crypto keepalive 10 3
ISAKMP xauth timeout crypto 5
!
ISAKMP crypto client configuration group ezvpn
key xxxxx
DNS 192.168.100.36
ppvh.com.au field
ezvpn-pool
Ezvpn-st-acl ACL
PFS
Max-connections 3
netmask 255.255.255.0
ISAKMP crypto isakmp-profile ezvpn
address of self-identity
group membership ezvpn-group match
client authentication list authentic
author of ISAKMP authorization list
client configuration address respond
KeepAlive 10 try again 3
!
!
Crypto ipsec transform-set esp_aes256_sha aes - esp esp-sha-hmac
!
encryption dynamic-map ezvpn-card 10
Set security-association second life 28800
Set transform-set esp_aes256_sha
PFS group2 Set
Isakmp ezvpn isakmp profile set
market arriere-route
!
!
dynamic vpn-card 65000 ezvpn-map ipsec isakmp crypto map
!
!
!
ATM0 interface
no ip address
ATM ilmi-keepalive
DSL-automatic operation mode
PVC 8/35
PPPoE-client dial-pool-number 1
!
!
interface FastEthernet0
IP 192.168.100.1 255.255.255.240
IP nat inside
IP virtual-reassembly
automatic speed
!
!
interface Dialer0
the negotiated IP address
no ip redirection
no ip unreachable
IP mtu 1486
NAT outside IP
IP virtual-reassembly
encapsulation ppp
Dialer pool 1
No cdp enable
PPP authentication pap callin
refuse to PPP chap
PPP pap sent-name of user password of xxxxxxxxx xxxxxxxxx
PPP ipcp dns request
failure to track PPP ipcp
card crypto vpn-map
!
ezvpn-pool IP local pool 172.16.100.32 172.16.100.63
IP forward-Protocol ND
IP route 192.168.100.16 255.255.255.240 192.168.100.2
IP route 192.168.100.32 255.255.255.240 192.168.100.2
IP route 192.168.200.0 255.255.255.0 192.168.100.2
IP route 192.168.201.0 255.255.255.0 192.168.100.2
!
no ip address of the http server
no ip http secure server
no ip nat service sip 5060 udp port
the IP nat inside source 1 interface Dialer0 overload list
The dns server IP
!
ezvpn-st-acl extended IP access list
192.168.100.0 IP allow 0.0.0.15 all
IP 192.168.100.16 allow 0.0.0.15 all
IP 192.168.100.32 allow 0.0.0.15 all
IP 192.168.200.0 allow 0.0.0.255 any
IP 192.168.201.0 allow 0.0.0.255 any
!
history of logging of information
access-list 1 permit 192.168.100.0 0.0.0.15
access-list 1 permit 192.168.100.16 0.0.0.15
access-list 1 permit 192.168.100.32 0.0.0.15
access-list 1 permit 192.168.200.0 0.0.0.255
access-list 1 permit 192.168.201.0 0.0.0.255
Dialer-list 1 ip protocol allow
!
Hello
So you see the response to ICMP on the SW internal echo, but they are not seen on the EzVPN client, right?
You see them on the server EzVPN?
For example:
SW---> Server EzVPN---> Internet---> EzVPN client
What type of device is the server, router, or an ASA?
Please be sure to add the exempt NAT rule on the server, so that you save in return traffic to be melted by any rule NAT.
In addition, your SW pointing EzVPN server as the default gateway? If this isn't the case, please add a route for the network remote (s) pointing to this device.
HTH.
-
No.-xauth, mode-config-No.
What is the meaning of [No.-xauth, no.-config-mode]?
Disable the VPN software if executed [No.-xauth, no.-config-mode] connection?
Hello
No.-xauth is used authentication extended, which must have the user prompted for a user name and password before you connect
No-config-mode is used to disable the push of data to the user who connects via the VPN client as the ip address, the DNS server, the WINS server...
both of the above are required to exist when you connect using a VPN client software.
I hope that the above answers your questions.
Sincere greetings,
Shadi'
-
ASA disconnects the customer due to the XAUTH failure even if XAUTH disabled
Dear friends,
I am creating an IPsec tunnel between a ZyXEL ZyWALL P1 hardware firewall and an ASA 5510, OS version 8.0 (2). The two parties should authenticate using X.509 PKI certificates without no XAUTH authentication only.
The current configuration of the ASA software Cisco VPN Clients to connect without any problems. However, when I try to connect the ZyWALL, ASA complains about the "peer is not authenticated by xauth - drop connection" and he abandoned the connection. This intrigues me, that both the ZyWALL hardware and software clients are managed by the same group of tunnel in which the XAUTH is disabled with the command ""isakmp ikev1-user authentication no"." My goal, obviously, is to configure the ASA in such a way that it will be possible to create a tunnel between the ASA and the ZyWALL IPsec authenticated using certificates only, without the XAUTH.
The ZyWALL does not seem compatible with the configuration MODE. I don't know if it is a remarkable fact, but I'm there to completeness.
I am attaching the relevant extracts from the configuration and the output of the command debug crypto isakmp 127 . A short explanation of the different addresses in the debug output:
- 158.193.139.0/24 is the public sector in the laboratory where the ZyWALL device is tested
- 192.168.167.0/24 is the segment private behind the ZyWALL (its 'LAN' interface) device
- 172.27.137.0/24 is the segment private behind the ASA to customers access via IPsec
I am very grateful for any advice you can give me!
Best regards
Peter
Peter,
Well, I needed to read a large part of your email address.
I understand you want to basically your firewall, zyxel to act as a clinet ezvpn (note that it doesn't send beacon of unity in MM1) and not a l2l tunnel.
Group = TG-RAIS, Username = Peter Paluch VPN, IP = 158.193.139.173, processing hash payload
Anywhere this username configured on the firewall, zyxel?
Marcin
Maybe you are looking for
-
Hello first of all I apologise for my English (im from China) We have a small business and create us a few games for iOS, but still not released in the AppStore, because we want to translate to a language. And as such, we say human location not machi
-
new iphone "Please upgrade to ios Update 9 beta.
I bought my 1st iPhone on eBay, iPhone 5. It works very well, but continues to appear a message "a new update of IOS is now available. Please update to IOS 9 beta. He traveled the configuration normally (from Hello to creating an apple ID). I don't
-
After I removed the screen of the laptop, I noticed that there are 2 cables 1 and 2 that comes out of the screen. I didn't know where to plug backAny help?
-
After you have installed JAVA 6 update 23, he said that a previous version has been detected and must be uninstalled using "uninstall microsoft. The earlier version was JAVA 6 update 7. When I ran uninstall it in "Programs and features", the followi
-
Mouse Touchpad on Satellite A105-S6980 does not
Trackpad works but not the buttons of the mouse. Reinstalled driver but did not help. 7 the window running. Trackpad is turned on. Parameters for the trackpad in the control panel appear to be correct. Problem started when someone typing on my comput