Remote access server problem ASA5510

Hello guys,.

I have a problem with ASA5510 configured as a remote access server. We use the client VPN in Windows XP. Look at the requirements I see no problem, but when I try to connect to the server it doesn't open the negotiation of VPN. I had the problem like this before, but at least I saw the traffic hitting the ASA. Now, I don't see anything hitting the device. I enclose the current configuration of the SAA. The VPN client on my laptop is configured correctly. Thank you in advance!

RVR

Hello

Happy to help and thanks for the note.

This command is not required, but 90% of deployment I've seen has this configured command and is the default value for the SAA. In a Word, what this command is open to IKE and IPSEC ports and also does not check ACL entering ASA for IPSEC traffic.

In case if you do not have this command enabled, you must configure inbound ACL to allow IKE, IPSEC and text clear remote access VPN traffic after IPSEC packets get decrypted on the SAA.

Kind regards

Arul

* Rate pls if it helps *.

Tags: Cisco Security

Similar Questions

  • VPN error 868 the name of the remote access server is not resolved

    I use Windows 7 Home Premium and you want to configure a VPN with my office network that uses the Check Point Safe@Office.  I am unable to log in and get the error that does not resolve the name of the remote access server and Windows cannot find the host using DNS name.  Any suggestions on what to try to fix the problem?  I set up the VPN connection according to the instructions of our network administrator.  We use XP in the office.

    Hello
    Welcome to the Microsoft answers site

    The question that you'd be better suited in the TechNet community. Please visit the link below to find a community that will provide the best support.
    http://social.technet.Microsoft.com/forums/en-us/ForefrontedgeVPN/threads

    It may be useful
    Thanks and greetings
    Support Microsoft-dieng
    Visit our Microsoft answers feedback Forum and let us know what you think
    http://social.answers.Microsoft.com/forums/en-us/answersfeedback/threads/

  • WHS 2011 Media - Web remote access - a problem with the media of files appearing not

    I'm running WHS 2011.  When I connect via a remote web access and media sharing is turned on, I can see the three categories in the window 'Library' - 'Browse images', 'Browse music' and "browse videos".  I have several songs in the "ServerFolders\Music" folder on the server and I used to see the album art in the home screen remote Web access under 'Browse music. "  Now, the icon 'Browse music' on the screen of remote access Web says "0 songs" even if I have not moved or removed all the songs in the folder ServerFolders\Music on the WHS machine.  If I go to the "Shared folders" window and open the 'Music' it on access web remote, all the music files are listed as expected.

    I don't know how to reset or refresh the window "Multimedia library" in order to recognize the music files I have on the server.

    Please advise...

    Thank you for your help.

    Hello

    You can publish your application in the Windows Home server to improve the assistance:
  • debugging access server problem

    I'm unable to connect ISDN users via access servers there is some problem among raduis, the access server and billing machine then I felt I need to debug on the access server, but when I go to run the debug command first, and then I m get no output, below is the reviews. What is good order? I enabled debugging, but I cannot see the logs (outputs) so missing here. Please answer me as soon as possible.

    AS5300a aaa #debug?

    Accountant accounting

    Administrative administrative

    attr AAA Attr Manager

    authentication

    authorization authorization

    AAA DB DB Manager

    ID Id Unique to the AAA

    IPC IPC AAA

    attributes of each user by user

    treatment of POD Pod AAA

    treatment of the AAA Protocol

    SubSys AAA subsystem

    AS5300a #debug aaa VAC

    Aaa AS5300a #debug accounting

    AAA accounting debug is on

    AS5300a #sh deb

    AS5300a #sh debugging

    General operating system:

    AAA accounting debug is on

    AS5300a #.

    Hello

    You can use terminal no monitor to turn off the same and also check this link for setting up an external syslog server to collect system logs.

    you use syslog software installed in the external system to collect the newspapers.

    the best bet would be kiwisyslog s/w, which is very easy and roubst.

    You must configure your router and point the same to send messages to the external system.

    http://www.Cisco.com/en/us/products/SW/iosswrel/ps1835/products_configuration_guide_chapter09186a008030c760.html#wp1001176

    regds

  • Routing and Remote Access Server & VPN

    We have Server Windows 2008 R2, which is our domain, but also DHCP server controller. On this server we have Setup RRA for VPN and it works fine. We had to stop our DC due to a failure and after I got the domain controller to the top and it is a problem for users that connect to the VPN.

    When users try to connect to the VPN, it connects successfully. But they did not access network as usual. I looked in the VPN properties, and it receives an IP address of 169.254.xxx.xx which is not the correct network IP address. So while the user who is remote think they are connected, they are currently not connected.

    Does anyone have advice what is the cause of this and how to troubleshoot or resolve?

    Hello

    Given that you are working on Windows 2008 R2 please post your question here:

    http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home

  • Remote access connection problem: Channel.Connect.Failed

    Solution: It turns out that my client had installed a new firewall/web management system without telling me. My application was blocked. :(

    Hello

    I have a Flex app using remoting and ColdFusion. Suddenly, my client had the following error:

    Channel.Connect.Failed
    NetConnection.Call.BadVersion: url: ' http://mysite/flex2gateway/'

    The strange thing is the app works when you browse to from outside the Office of my client. I wonder if it's some sort of firewall issue on their end. Any thoughts?

    Thank you.

    Solution: It turns out that my client had installed a new firewall/web management system without telling me. My application was blocked. :(

    Hello

    I have a Flex app using remoting and ColdFusion. Suddenly, my client had the following error:

    Channel.Connect.Failed
    NetConnection.Call.BadVersion: url: ' http://mysite/flex2gateway/'

    The strange thing is the app works when you browse to from outside the Office of my client. I wonder if it's some sort of firewall issue on their end. Any thoughts?

    Thank you.

  • Best router for incoming Windows remote access

    Hello
    you have a question of a client that is located on an Active Directory Server with a box of Windows Server 2008 running the remote access server. What firewall might recommend that allow connections from the Internet on to the incoming client Windows box?

    See you soon,.
    / Mattias

    The FVS336G in a connection between an 'internal' client and server RAS plays no role on the same local network and is not actually involved in out connections - it needs to have pptp passthrough, but that's all.

    You may have completely disabled on your 336 port forwarding and you still get the results you report.

    First question - the RAS have internet access?
    Second question - what do you mean by "inbound NAT?

    I have quit using pptp (ipsec spent) earlier but memory everything that is required on the router is to forward port 1723 for the SAR and if you use a dynamic WAN ip address, you must also configure a form any dynamic DNS - DynDNS has worked for me.

    For the FVS338 (and probably the 336) - just to add a receptive service and select pptp in unrolling menu, select always allow, and enter the address of the RAS.

  • Remote access is installed, but refuses connections on Windows Server 2003. Why is this and how can I solve this problem?

    Reinstalled Windows Server 2003, configure remote access, unlocked the ports, and I can't connect with my Windows XP computer. I had no problem until I reinstalled.

    Hi DistrictDigital,

    Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please ask your question in the following forum.

    Windows Server - general forum

  • Windows home server 2011 - remote access error - wrong password or account to GoDaddy

    My windows Home server remote access does not recognize the domain, I've implemented into Go Daddy.

    The login and the password are considered bad by the wizard.

    Of course I can access with login and password to godaddy.com and everything is nominal.

    I noticed the problem 4 weeks ago. No solution has worked so far.

    I tried even to remove the entry in the register (via REGEDIT), I found a link to that in the past. But the problem remains.

    I fear that some change was introduced on the way the security part

    Hello

    I suggest you post your query on the TechNet forums to get help. Consult the following link:

    https://social.technet.Microsoft.com/forums/WindowsServer/en-us/ba0d1c89-ad59-414a-bf00-d3085a9f25d9/Windows-Home-Server-2011?Forum

    It will be useful.

  • Remote access Windows Server 2012 through internet with desktop connection

    Summer messing about with it for days and don't get no love.

    Try to connect with Windows 7 Ultimate edition to Windows Server 2012 Data Center version from outside my home network, Starbucks or McDonald's or my server at home.

    Tried all these steps found in this promising and useful article:

    http://Windows.Microsoft.com/en-us/Windows7/allow-remote-desktop-connections-from-outside-your-home-network

    1. Allow connections to the computer you want to access remotely. DONE - ADDED to THE SERVER AND NON-ADMIN ACCOUNT to RDP GROUP of ROLES, using network level authentication. Connection of Win 7, so this method of authentication should not be a problem, I assume.
    2. Make sure that remote desktop is able to communicate through your firewall. DONE - FOR BOTH PUBLIC AND PRIVATE RULE.

    3. Find the IP address of the computer on your home network you want to connect. MADE - by using the ipconfig/all command

    4. Open your router configuration screen and worms forward port 3389 for TCP IP address of the destination computer. DONE - NOT TCP/UDP but TCP only, internal and external port goes. Note: The use of a booster signal wifi at the end of the House, it is a problem that requires additional configuration? I don't think he has an ip address or acts as a router. But in desperation I can try unplugging then again head the local Starbucks to try to connect.

    5. Find the IP address of the router so that the remote desktop can be found on the Internet. DONE - using "what is my ip", pretty easy.

    6. Open Remote Desktop connection, and connect. ACTUALLY, I think THAT, IN ENTERING [ip router]: 3389.

    But the result of the message is always the typical:

    (1) remote access to the server is not enabled.

    > But this is not true, that I am capable of the DRC at home on the server machine.

    (2) computer remote is not off.

    > But this is not true, as I just left home 30 minutes and sometimes it's rarely, only restarted.

    (3) the remote computer is not available on the network.

    > Don't know what that means. Of course the remote computer is not on the network, I am on right now. It's on my home network. But I can ping my router ip via cmd, then coming to the outside can be done; through my router, I should be able to access inside my home network port forwarding w. But no love.

    So... what to do, what to do...

    The wifi booster is a problem?

    Connects to the Data Center edition a problem?

    What happens if I uncheck the option ' use authentication NLA, is that the passage of the security risk?

    Any ideas about the configuration I could be missing before giving up and go for VPN or TeamViewer. I would really like to see materialized during all the time that I put in trying to run the DRC.

    Thanks for any input.

    / Markus

    Hello

    Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

    http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

    See you soon.

  • Remote access client 2.0.1 for Mac OS 10.4.11 connection to the remote server running Windows Server 2008 R2

    I have a mac with OS 10.4.11 and I try to access a remote server running Windows Server 2008 R2.  I have installed, uninstall and reinstall the Client of remote access for Mac 2.0.1 but I can not connect.  My network administrator tells me that Mac OS 10.4.11 is so old and useless that I am better just throw my computer and buy a new one in order to solve the problem.  This is absurd.  Can you help me?

    Hi Benjamin Spicer,.

    Your question is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for Windows Server on TechNet. Please post your question in the Forums TechNet Remote Desktop Services (Terminal Server Services).

  • AppPortal error: remote access to the server is not enabled

    I'm lost on this one.

    Using the full client of AppPortal on a Win7 64 bit machine (version 8.0 of the customer)

    Double-click the icon, download authenticated - published applications show, then double click a published application, the end user receives:

    Remote access to the server is not enabled.

    This happens only on a single computer

    From this profile of users on the given computer I can MSTSC on the same server without problem

    The error also follows the profiles on the given computer.

    I have closed the Antivirus and Windows Firewall and still can not get this to work.

    Even uninstalled and reinstalled the client.

    From my computer, I can easily log in as this user.

    Customers get automatically configured through an XML file.

    After installation, I tested this laptop and he always gave the same error.

    I ended up him to give me the phone for a few hours.

    Uninstalled the version that was there (build 8.0.0.forget) and scoured the Windows Explorer for all left overs (a little here and there in user profiles and delete).

    Then scoured the registry for expressions; vWorkspace, Quest Software and Provision Networks and remove all instances

    Reinstalled all THE SUCCESS with the new connector to our servers (8.0.306.1427)

    Thanks for the help Dave

  • Remote access ASA5510

    Hello guys,.

    I have to configure an ASA 5510 as server of remote access for Windows XP machines. I tried to configure L2TP and IPSec, but not worked. I was referred to a correct document by a member of this forum (appreciated), but it seems that XP machines do not like L2TP and they more readily accept PPTP. Someone can reffer me a document how to configure ASA5510 with PPTP remote access. I checked the unit and see no option to use PPTP instead of L2TP. Guys thank you very much in advance.

    Kind regards

    RVR

    ! - Identifies the encryption and hash IPsec algorithms

    ! - to be used by the game of transformation.

    Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5

    ! - Because the Windows 2000 L2TP/IPsec client uses IPsec transport mode,.

    ! - define the mode of transport.

    ! - The default is tunnel mode.

    Crypto ipsec transform-set transit mode TRANS_ESP_3DES_MD5

    ! - Specifies the transformation affects to be used in a dynamic crypto map entry.

    Crypto-map dynamic outside_dyn_map 20 game of transformation-TRANS_ESP_3DES_MD5

    ! - Requires a given crypto map entry to refer to a pre-existing

    ! - dynamic crypto map.

    map outside_map 20-isakmp ipsec crypto dynamic outside_dyn_map

    ! - Apply a defined encryption card previously set on an external interface.

    outside_map interface card crypto outside

    crypto ISAKMP allow outside

    Crypto isakmp nat-traversal 20

    ! - Specifies the protocol IKE Phase I parameters of strategy.

    crypto ISAKMP policy 10

    preshared authentication

    3des encryption

    md5 hash

    Group 2

    life 86400

    ! - Create a group of tunnel with the tunnel-group command, and specifies the local

    ! - name of the address pool used to assign the IP address to the client.

    ! - Associated with the AAA (VPN) server with the Group of the tunnel group.

    attributes global-tunnel-group DefaultRAGroup

    address clientVPNpool pool

    Vpn server authentication group

    ! - Link the name of the group to the default tunnel

    ! - Tunnel group general attributes mode group.

    Group Policy - by default-DefaultRAGroup

    ! - Use the command of tunnel group ipsec-attributes

    ! - to enter the mode of configuration of ipsec-attribute.

    ! - The value of the preshared key.

    ! - This key must match the key configured on the Windows machine.

    IPSec-attributes tunnel-group DefaultRAGroup

    pre-shared-key *.

    . - Configure the PPP authentication with the type of authentication protocol

    ! - tunnel ppp-attributes group mode command.

    tunnel-group DefaultRAGroup ppp-attributes

    No chap authentication

    ms-chap-v2 authentication

  • Access to the internal mail (Exchange) by centimeters remote VPN server

    Hi all

    I have a problem in the configuration of ASA 5510 to access my internal mail (Exchange) through remote access VPN server

    one... I have set up my D-Link ADSL router to port before the SMPTP (25) & POP3 (110) to the external interface of ASA 5510 (192.168.5.101 255.255.255.0)

    b. How can I configure ASA 5510 (using ASDM) to portforward (SMTP POP3 110 25) to my internal mail server with IP 192.168.50.2 255.255.255.0

    c. my internal LAN network (192.168.50.0 255.255.255.0) is coordinated at 10.1.1.0 255.255.255.224 for vpn clients

    d. my IP of mail server (192.168.50.2 255.255.255.0) will also be translated while clients are accessing content through remote VPN access

    e.What IP (Exchange of IP of the server (192.168.50.2) do I have to set up in Microsoft Outlook (incoming & outgoing mail server), vpn clients receive using a NAT IP 10.1.1.10

    Here's my configuration details of access remote vpn

    : Saved

    : Written by enable_15 at 13:42:51.243 UTC Thursday, November 27, 2008

    !

    ASA Version 7.0 (6)

    !

    hostname xxxx

    domain xxxx

    enable the encrypted password xxxxx

    XXXXX encrypted passwd

    names of

    DNS-guard

    !

    interface Ethernet0/0

    nameif outside

    security-level 0

    IP 192.168.5.101 255.255.255.0

    !

    interface Ethernet0/1

    nameif inside

    security-level 100

    IP 192.168.50.101 255.255.255.0

    !

    interface Ethernet0/2

    Shutdown

    No nameif

    no level of security

    !

    interface Management0/0

    nameif management

    security-level 100

    management only

    IP 192.168.1.1 255.255.255.0

    !

    passive FTP mode

    list of access inside the _nat0_outbound extended permits all ip 10.1.1.0 255.255.255.224

    allow a standard vpn access list

    outside_cryptomap_dyn_20 list of allowed ip extended access any 10.1.1.0 255.255.255.224

    vpn-ip-pool 10.1.1.10 mask - 255.255.255.0 IP local pool 10.1.1.25

    Global interface 10 (external)

    NAT (inside) 0-list of access inside_nat0_outbound

    NAT (inside) 10 0.0.0.0 0.0.0.0

    Route outside 0.0.0.0 0.0.0.0 192.168.5.1 (D-Link ADSL router LAN IP) 1

    internal vpn group policy

    attributes of vpn group policy

    Split-tunnel-policy excludespecified

    Split-tunnel-network-list value vpn

    WebVPN

    xxxxx xxxx of encrypted password privilege 0 username

    attributes of username xxxxx

    Strategy-Group-VPN vpn

    WebVPN

    ASDM image disk0: / asdm - 508.bin

    don't allow no asdm history

    ARP timeout 14400

    Enable http server

    http 192.168.1.0 255.255.255.0 management

    No snmp server location

    No snmp Server contact

    Server enable SNMP traps snmp authentication linkup, linkdown cold start

    Crypto ipsec transform-set ESP-3DES-SHA edes-esp esp-sha-hmac

    Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA

    card outside_map 655535-isakmp ipsec crypto dynamic outside_dyn_map

    outside_map interface card crypto outside

    ISAKMP allows outside

    part of pre authentication ISAKMP policy 10

    ISAKMP policy 10 3des encryption

    ISAKMP policy 10 sha hash

    10 2 ISAKMP policy group

    ISAKMP life duration strategy 10 86400

    tunnel vpn ipsec-ra group type

    VPN tunnel-group general attributes

    ip vpn-pool address pool

    Group Policy - by default-vpn

    Tunnel vpn ipsec-attributes group

    pre-shared-key *.

    Telnet timeout 5

    SSH timeout 5

    Console timeout 0

    management of 192.168.1.2 - dhcpd address 192.168.1.254

    dhcpd lease 3600

    dhcpd ping_timeout 50

    enable dhcpd management

    !

    Policy-map global_policy

    class inspection_default

    inspect the dns-length maximum 512

    inspect the ftp

    inspect h323 h225

    inspect the h323 ras

    inspect the rsh

    inspect the rtsp

    inspect esmtp

    inspect sqlnet

    inspect the skinny

    inspect sunrpc

    inspect xdmcp

    inspect the sip

    inspect the netbios

    inspect the tftp

    !

    global service-policy global_policy

    : end

    So can someone help me, how can I configure these tasks

    You can without problem

  • Problem with ASA 5505 VPN remote access

    After about 1 year to have the VPN Client from Cisco connection to an ASA 5505 with no problems, all of a sudden one day it stops working. The customer is able to get a connection to the ASA and browse the local network for only about 30 seconds after the connection. After that, no access is available to the network behind the ASA. I have tried everything I can think of to try to solve the problem, but at this point, I'm just banging my head against a wall. Anyone know what could cause this?

    Here is the cfg running of the ASA

    ----------------------------------------------------------------------------------------

    : Saved

    :

    ASA Version 8.4 (1)

    !

    hostname NCHCO

    enable encrypted password xxxxxxxxxxxxxxx

    xxxxxxxxxxx encrypted passwd

    names of

    description of NCHCO name 192.168.2.0 City offices

    name 192.168.2.80 VPN_End

    name 192.168.2.70 VPN_Start

    !

    interface Vlan1

    nameif inside

    security-level 100

    IP 192.168.2.1 255.255.255.0

    !

    interface Vlan2

    nameif outside

    security-level 0

    IP address **. ***. 255.255.255.248

    !

    interface Ethernet0/0

    switchport access vlan 2

    Speed 100

    full duplex

    !

    interface Ethernet0/1

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    !

    interface Ethernet0/4

    !

    interface Ethernet0/5

    !

    interface Ethernet0/6

    !

    interface Ethernet0/7

    !

    boot system Disk0: / asa841 - k8.bin

    passive FTP mode

    network of the NCHCO object

    Subnet 192.168.2.0 255.255.255.0

    network object obj - 192.168.1.0

    subnet 192.168.1.0 255.255.255.0

    network object obj - 192.168.2.64

    subnet 192.168.2.64 255.255.255.224

    network object obj - 0.0.0.0

    subnet 0.0.0.0 255.255.255.0

    network obj_any object

    subnet 0.0.0.0 0.0.0.0

    the Web server object network

    the FINX object network

    Home 192.168.2.11

    rdp service object

    source between 1-65535 destination eq 3389 tcp service

    Rdp description

    outside_nat0_outbound extended access list permit ip object NCHCO 192.168.1.0 255.255.255.0

    outside_nat0_outbound extended access list permit ip object NCHCO 192.168.2.0 255.255.255.0

    inside_nat0_outbound extended access list permit ip object NCHCO 192.168.1.0 255.255.255.0

    inside_nat0_outbound list of allowed ip extended access all 192.168.2.64 255.255.255.224

    permit access list extended ip 0.0.0.0 inside_nat0_outbound 255.255.255.0 192.168.2.64 255.255.255.224

    outside_1_cryptomap extended access list permit ip object NCHCO 192.168.1.0 255.255.255.0

    outside_1_cryptomap_1 extended access list permit ip object NCHCO 192.168.1.0 255.255.255.0

    LAN_Access list standard access allowed 192.168.2.0 255.255.255.0

    LAN_Access list standard access allowed 0.0.0.0 255.255.255.0

    NCHCO_splitTunnelAcl_1 list standard access allowed 192.168.2.0 255.255.255.0

    AnyConnect_Client_Local_Print deny ip extended access list a whole

    AnyConnect_Client_Local_Print list extended access permit tcp any any eq lpd

    Note AnyConnect_Client_Local_Print of access list IPP: Internet Printing Protocol

    AnyConnect_Client_Local_Print list extended access permit tcp any any eq 631

    print the access-list AnyConnect_Client_Local_Print Note Windows port

    AnyConnect_Client_Local_Print list extended access permit tcp any any eq 9100

    access-list AnyConnect_Client_Local_Print mDNS Note: multicast DNS protocol

    AnyConnect_Client_Local_Print list extended access permit udp any host 224.0.0.251 eq 5353

    AnyConnect_Client_Local_Print of access list LLMNR Note: link Local Multicast Name Resolution protocol

    AnyConnect_Client_Local_Print list extended access permit udp any host 224.0.0.252 eq 5355

    Note access list TCP/NetBIOS protocol AnyConnect_Client_Local_Print

    AnyConnect_Client_Local_Print list extended access permit tcp any any eq 137

    AnyConnect_Client_Local_Print list extended access udp allowed any any eq netbios-ns

    outside_access_in list extended access permit tcp any object FINX eq 3389

    outside_access_in_1 list extended access allowed object rdp any object FINX

    pager lines 24

    Enable logging

    asdm of logging of information

    Within 1500 MTU

    Outside 1500 MTU

    mask of VPN_Pool VPN_Start VPN_End of local pool IP 255.255.255.0

    ICMP unreachable rate-limit 1 burst-size 1

    ASDM image disk0: / asdm - 649.bin

    don't allow no asdm history

    ARP timeout 14400

    NAT (inside, all) static source NCHCO destination NCHCO static obj - 192.168.1.0 obj - 192.168.1.0

    NAT (inside, all) static source any any destination static obj - 192.168.2.64 obj - 192.168.2.64

    NAT (inside, all) source static obj - 0.0.0.0 0.0.0.0 - obj destination static obj - 192.168.2.64 obj - 192.168.2.64

    !

    network obj_any object

    NAT dynamic interface (indoor, outdoor)

    the FINX object network

    NAT (inside, outside) interface static service tcp 3389 3389

    Access-group outside_access_in_1 in interface outside

    Route outside 0.0.0.0 0.0.0.0 69.61.228.177 1

    Timeout xlate 03:00

    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

    timeout tcp-proxy-reassembly 0:01:00

    dynamic-access-policy-registration DfltAccessPolicy

    network-acl outside_nat0_outbound

    WebVPN

    SVC request to enable default svc

    Enable http server

    http 192.168.1.0 255.255.255.0 inside

    http *. **. ***. 255.255.255.255 outside

    http *. **. ***. 255.255.255.255 outside

    http NCHCO 255.255.255.0 inside

    http 96.11.251.186 255.255.255.255 outside

    No snmp server location

    No snmp Server contact

    Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

    Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac

    Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac

    Crypto ipsec transform-set esp-3des esp-sha-hmac ikev1 l2tp-transform

    IKEv1 crypto ipsec transform-set l2tp-transformation mode transit

    Crypto ipsec transform-set vpn-transform ikev1 esp-aes-256 esp-sha-hmac

    Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA ikev1

    transport mode encryption ipsec transform-set TRANS_ESP_3DES_SHA ikev1

    Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5 ikev1

    transport mode encryption ipsec transform-set TRANS_ESP_3DES_MD5 ikev1

    Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    crypto dynamic-map dyn-map 10 set pfs Group1

    crypto dynamic-map dyn-map 10 set transform-set l2tp vpn-transform processing ikev1

    dynamic-map encryption dyn-map 10 value reverse-road

    Crypto-map dynamic outside_dyn_map 20 set transform-set ESP-3DES-SHA ikev1

    Crypto-map dynamic outside_dyn_map 20 the value reverse-road

    card crypto outside_map 1 match address outside_1_cryptomap

    card crypto outside_map 1 set pfs Group1

    peer set card crypto outside_map 1 74.219.208.50

    card crypto outside_map 1 set transform-set ESP-3DES-SHA ikev1

    map outside_map 20-isakmp ipsec crypto dynamic outside_dyn_map

    outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    outside_map interface card crypto outside

    inside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    inside crypto map inside_map interface

    card crypto vpn-map 1 match address outside_1_cryptomap_1

    card crypto vpn-card 1 set pfs Group1

    set vpn-card crypto map peer 1 74.219.208.50

    card crypto 1 set transform-set ESP-3DES-SHA ikev1 vpn-map

    dynamic vpn-map 10 dyn-map ipsec isakmp crypto map

    crypto isakmp identity address

    Crypto ikev1 allow inside

    Crypto ikev1 allow outside

    IKEv1 crypto ipsec-over-tcp port 10000

    IKEv1 crypto policy 10

    preshared authentication

    3des encryption

    md5 hash

    Group 2

    life 86400

    IKEv1 crypto policy 15

    preshared authentication

    aes-256 encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 35

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    enable client-implementation to date

    Telnet 192.168.1.0 255.255.255.0 inside

    Telnet NCHCO 255.255.255.0 inside

    Telnet timeout 5

    SSH 192.168.1.0 255.255.255.0 inside

    SSH NCHCO 255.255.255.0 inside

    SSH timeout 5

    Console timeout 0

    dhcpd address 192.168.2.150 - 192.168.2.225 inside

    dhcpd dns 216.68.4.10 216.68.5.10 interface inside

    lease interface 64000 dhcpd inside

    !

    a basic threat threat detection

    Statistics-list of access threat detection

    no statistical threat detection tcp-interception

    WebVPN

    internal DefaultRAGroup group strategy

    attributes of Group Policy DefaultRAGroup

    value of server DNS 192.168.2.1

    L2TP ipsec VPN-tunnel-Protocol ikev1

    nchco.local value by default-field

    attributes of Group Policy DfltGrpPolicy

    value of server DNS 192.168.2.1

    L2TP ipsec VPN-tunnel-Protocol ikev1 ssl-clientless ssl-client

    allow password-storage

    enable IPSec-udp

    enable dhcp Intercept 255.255.255.0

    the address value VPN_Pool pools

    internal NCHCO group policy

    NCHCO group policy attributes

    value of 192.168.2.1 DNS Server 8.8.8.8

    Ikev1 VPN-tunnel-Protocol

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list NCHCO_splitTunnelAcl_1

    value by default-field NCHCO.local

    admin LbMiJuAJjDaFb2uw encrypted privilege 15 password username

    username privilege 15 encrypted password yB1lHEVmHZGj5C2Z 8njferg

    username NCHvpn99 password dhn. JzttvRmMbHsP encrypted

    attributes global-tunnel-group DefaultRAGroup

    address (inside) VPN_Pool pool

    address pool VPN_Pool

    authentication-server-group (inside) LOCAL

    authentication-server-group (outside LOCAL)

    LOCAL authority-server-group

    authorization-server-group (inside) LOCAL

    authorization-server-group (outside LOCAL)

    Group Policy - by default-DefaultRAGroup

    band-Kingdom

    band-band

    IPSec-attributes tunnel-group DefaultRAGroup

    IKEv1 pre-shared-key *.

    NOCHECK Peer-id-validate

    tunnel-group DefaultRAGroup ppp-attributes

    No chap authentication

    no authentication ms-chap-v1

    ms-chap-v2 authentication

    tunnel-group DefaultWEBVPNGroup ppp-attributes

    PAP Authentication

    ms-chap-v2 authentication

    tunnel-group 74.219.208.50 type ipsec-l2l

    IPSec-attributes tunnel-group 74.219.208.50

    IKEv1 pre-shared-key *.

    type tunnel-group NCHCO remote access

    attributes global-tunnel-group NCHCO

    address pool VPN_Pool

    Group Policy - by default-NCHCO

    IPSec-attributes tunnel-group NCHCO

    IKEv1 pre-shared-key *.

    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    type of policy-card inspect dns preset_dns_map

    parameters

    maximum message length automatic of customer

    message-length maximum 512

    Policy-map global_policy

    class inspection_default

    inspect the preset_dns_map dns

    inspect the ftp

    inspect h323 h225

    inspect the h323 ras

    inspect the rsh

    inspect the rtsp

    inspect esmtp

    inspect sqlnet

    inspect the skinny

    inspect sunrpc

    inspect xdmcp

    inspect the sip

    inspect the netbios

    inspect the tftp

    Review the ip options

    !

    global service-policy global_policy

    context of prompt hostname

    call-home

    Profile of CiscoTAC-1

    no active account

    http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address

    email address of destination [email protected] / * /

    destination-mode http transport

    Subscribe to alert-group diagnosis

    Subscribe to alert-group environment

    Subscribe to alert-group monthly periodic inventory

    monthly periodicals to subscribe to alert-group configuration

    daily periodic subscribe to alert-group telemetry

    Cryptochecksum:a2110206e1af06974c858fb40c6de2fc

    : end

    ASDM image disk0: / asdm - 649.bin

    ASDM VPN_Start 255.255.255.255 inside location

    ASDM VPN_End 255.255.255.255 inside location

    don't allow no asdm history

    ---------------------------------------------------------------------------------------------------------------

    And here are the logs of the Cisco VPN Client when sailing, then is unable to browse the network behind the ASA:

    ---------------------------------------------------------------------------------------------------------------

    Cisco Systems VPN Client Version 5.0.07.0440

    Copyright (C) 1998-2010 Cisco Systems, Inc.. All rights reserved.

    Customer type: Windows, Windows NT

    Running: 6.1.7601 Service Pack 1

    Config files directory: C:\Program Files (x 86) \Cisco Systems\VPN Client\

    1 09:44:55.677 01/10/13 Sev = Info/6 CERT / 0 x 63600026

    Try to find a certificate using hash Serial.

    2 09:44:55.677 01/10/13 Sev = Info/6 CERT / 0 x 63600027

    Found a certificate using hash Serial.

    3 09:44:55.693 01/10/13 Sev = Info/6 GUI/0x63B00011

    RELOADED successfully certificates in all certificate stores.

    4 09:45:02.802 10/01/13 Sev = Info/4 CM / 0 x 63100002

    Start the login process

    5 09:45:02.802 01/10/13 Sev = Info/4 CM / 0 x 63100004

    Establish a secure connection

    6 09:45:02.802 01/10/13 Sev = Info/4 CM / 0 x 63100024

    Attempt to connect with the server "*." **. ***. *** »

    7 09:45:02.802 10/01/13 Sev = Info/6 IKE/0x6300003B

    Try to establish a connection with *. **. ***. ***.

    8 09:45:02.818 10/01/13 Sev = Info/4 IKE / 0 x 63000001

    From IKE Phase 1 negotiation

    9 09:45:02.865 10/01/13 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) to *. **. ***. ***

    10 09:45:02.896 10/01/13 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    11 09:45:02.896 10/01/13 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" ag="" (sa,="" ke,="" non,="" id,="" hash,="" vid(unity),="" vid(xauth),="" vid(dpd),="" vid(nat-t),="" nat-d,="" nat-d,="" vid(frag),="" vid(?))="" from="">

    12 09:45:02.896 10/01/13 Sev = Info/5 IKE / 0 x 63000001

    Peer is a compatible peer Cisco-Unity

    13 09:45:02.896 01/10/13 Sev = Info/5 IKE / 0 x 63000001

    Peer supports XAUTH

    14 09:45:02.896 01/10/13 Sev = Info/5 IKE / 0 x 63000001

    Peer supports the DPD

    15 09:45:02.896 01/10/13 Sev = Info/5 IKE / 0 x 63000001

    Peer supports NAT - T

    16 09:45:02.896 01/10/13 Sev = Info/5 IKE / 0 x 63000001

    Peer supports fragmentation IKE payloads

    17 09:45:02.927 01/10/13 Sev = Info/6 IKE / 0 x 63000001

    IOS Vendor ID successful construction

    18 09:45:02.927 01/10/13 Sev = Info/4 IKE / 0 x 63000013

    SENDING > ISAKMP OAK AG * (HASH, NOTIFY: NAT - D, NAT - D, VID (?), STATUS_INITIAL_CONTACT, VID (Unity)) to *. **. ***. ***

    19 09:45:02.927 01/10/13 Sev = Info/4 IKE / 0 x 63000083

    IKE port in use - Local Port = 0xDD3B, Remote Port = 0x01F4

    20 09:45:02.927 01/10/13 Sev = Info/5 IKE / 0 x 63000072

    Automatic NAT detection status:

    Remote endpoint is NOT behind a NAT device

    This effect is NOT behind a NAT device

    21 09:45:02.927 01/10/13 Sev = Info/4 CM/0x6310000E

    ITS established Phase 1.  1 crypto IKE Active SA, 0 IKE SA authenticated user in the system

    22 09:45:02.943 10/01/13 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    23 09:45:02.943 01/10/13 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

    24 09:45:02.943 01/10/13 Sev = Info/4 CM / 0 x 63100015

    Launch application xAuth

    25 09:45:03.037 01/10/13 Sev = Info/6 GUI/0x63B00012

    Attributes of the authentication request is 6: 00.

    26 09:45:03.037 01/10/13 Sev = Info/4 CM / 0 x 63100017

    xAuth application returned

    27 09:45:03.037 10/01/13 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***

    28 09:45:03.037 10/01/13 Sev = Info/4 IPSEC / 0 x 63700008

    IPSec driver started successfully

    29 09:45:03.037 01/10/13 Sev = Info/4 IPSEC / 0 x 63700014

    Remove all keys

    30 09:45:03.083 01/10/13 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    31 09:45:03.083 01/10/13 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

    32 09:45:03.083 01/10/13 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***

    33 09:45:03.083 01/10/13 Sev = Info/4 CM/0x6310000E

    ITS established Phase 1.  1 crypto IKE Active SA, 1 IKE SA authenticated user in the system

    34 09:45:03.083 01/10/13 Sev = Info/5 IKE/0x6300005E

    Customer address a request from firewall to hub

    35 09:45:03.083 01/10/13 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***

    36 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    37 09:45:03.146 01/10/13 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="" **.**.***.***="" isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

    38 09:45:03.146 01/10/13 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = 192.168.2.70

    39 09:45:03.146 01/10/13 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK:, value = 255.255.255.0

    40 09:45:03.146 01/10/13 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = 192.168.2.1

    41 09:45:03.146 01/10/13 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (2):, value = 8.8.8.8

    42 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000001

    43 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000001

    44 09:45:03.146 10/01/13 Sev = Info/5 IKE/0x6300000F

    SPLIT_NET #1

    = 192.168.2.0 subnet

    mask = 255.255.255.0

    Protocol = 0

    SRC port = 0

    port dest = 0

    45 09:45:03.146 10/01/13 Sev = Info/5 IKE/0x6300000E

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN:, value = NCHCO.local

    46 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_UDP_NAT_PORT, value = 0 x 00002710

    47 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS:, value = 0x00000000

    48 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000E

    MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = 8.4 (1) Cisco systems, Inc. ASA5505 Version built by manufacturers on Tuesday, January 31, 11 02:11

    49 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT:, value = 0x00000001

    50 09:45:03.146 01/10/13 Sev = Info/4 CM / 0 x 63100019

    Data in mode Config received

    51 09:45:03.146 01/10/13 Sev = Info/4 IKE / 0 x 63000056

    Received a request from key driver: local IP = 192.168.2.70, GW IP = *. **. ***. remote IP address = 0.0.0.0

    52 09:45:03.146 01/10/13 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK QM * (HASH, SA, NO, ID, ID) to *. **. ***. ***

    53 09:45:03.177 01/10/13 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    54 09:45:03.177 01/10/13 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">

    55 09:45:03.177 01/10/13 Sev = Info/5 IKE / 0 x 63000045

    Answering MACHINE-LIFE notify has value of 86400 seconds

    56 09:45:03.177 01/10/13 Sev = Info/5 IKE / 0 x 63000047

    This SA was already alive for 1 second, expiration of adjustment to 86399 seconds now

    57 09:45:03.193 01/10/13 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    58 09:45:03.193 01/10/13 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" qm="" *(hash,="" sa,="" non,="" id,="" id,="" notify:status_resp_lifetime)="" from="">

    59 09:45:03.193 01/10/13 Sev = Info/5 IKE / 0 x 63000045

    Answering MACHINE-LIFE notify is set to 28800 seconds

    60 09:45:03.193 01/10/13 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK QM * (HASH) to *. **. ***. ***

    61 09:45:03.193 01/10/13 Sev = Info/5 IKE / 0 x 63000059

    IPsec Security Association of loading (MsgID = SPI OUTBOUND SPI INCOMING = 0x3EBEBFC5 0xAAAF4C1C = 967A3C93)

    62 09:45:03.193 01/10/13 Sev = Info/5 IKE / 0 x 63000025

    OUTGOING ESP SPI support: 0xAAAF4C1C

    63 09:45:03.193 01/10/13 Sev = Info/5 IKE / 0 x 63000026

    Charges INBOUND ESP SPI: 0x3EBEBFC5

    64 09:45:03.193 01/10/13 Sev = Info/5 CVPND / 0 x 63400013

    Destination mask subnet Gateway Interface metric

    0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261

    96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261

    96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261

    96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261

    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306

    127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306

    127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

    192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261

    192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261

    192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261

    224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306

    224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261

    224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261

    255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

    255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261

    255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261

    65 09:45:03.521 01/10/13 Sev = Info/6 CVPND / 0 x 63400001

    Launch VAInst64 for controlling IPSec virtual card

    66 09:45:03.896 01/10/13 Sev = Info/4 CM / 0 x 63100034

    The virtual card has been activated:

    IP=192.168.2.70/255.255.255.0

    DNS = 192.168.2.1, 8.8.8.8

    WINS = 0.0.0.0 0.0.0.0

    Domain = NCHCO.local

    Split = DNS names

    67 09:45:03.912 01/10/13 Sev = Info/5 CVPND / 0 x 63400013

    Destination mask subnet Gateway Interface metric

    0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261

    96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261

    96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261

    96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261

    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306

    127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306

    127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

    192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261

    192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261

    192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261

    224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306

    224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261

    224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261

    224.0.0.0 240.0.0.0 0.0.0.0 0.0.0.0 261

    255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

    255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261

    255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261

    255.255.255.255 255.255.255.255 0.0.0.0 0.0.0.0 261

    68 09:45:07.912 01/10/13 Sev = Info/4 CM / 0 x 63100038

    Were saved successfully road to file changes.

    69 09:45:07.912 01/10/13 Sev = Info/5 CVPND / 0 x 63400013

    Destination mask subnet Gateway Interface metric

    0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261

    **. **. ***. 255.255.255.255 96.11.251.1 96.11.251.149 100

    96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261

    96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261

    96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261

    127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306

    127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306

    127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

    192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261

    192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261

    192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261

    192.168.2.0 255.255.255.0 192.168.2.70 192.168.2.70 261

    192.168.2.0 255.255.255.0 192.168.2.1 192.168.2.70 100

    192.168.2.70 255.255.255.255 192.168.2.70 192.168.2.70 261

    192.168.2.255 255.255.255.255 192.168.2.70 192.168.2.70 261

    224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306

    224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261

    224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261

    224.0.0.0 240.0.0.0 192.168.2.70 192.168.2.70 261

    255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306

    255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261

    255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261

    255.255.255.255 255.255.255.255 192.168.2.70 192.168.2.70 261

    70 09:45:07.912 01/10/13 Sev = Info/6 CM / 0 x 63100036

    The routing table has been updated for the virtual card

    71 09:45:07.912 01/10/13 Sev = Info/4 CM/0x6310001A

    A secure connection established

    72 09:45:07.943 01/10/13 Sev = Info/4 CM/0x6310003B

    Look at address added to 96.11.251.149.  Current host name: psaserver, current address (s): 192.168.2.70, 96.11.251.149, 192.168.1.3.

    73 09:45:07.943 01/10/13 Sev = Info/4 CM/0x6310003B

    Look at address added to 192.168.2.70.  Current host name: psaserver, current address (s): 192.168.2.70, 96.11.251.149, 192.168.1.3.

    74 09:45:07.943 01/10/13 Sev = Info/5 CM / 0 x 63100001

    Did not find the smart card to watch for removal

    75 09:45:07.943 01/10/13 Sev = Info/4 IPSEC / 0 x 63700014

    Remove all keys

    76 09:45:07.943 01/10/13 Sev = Info/4 IPSEC / 0 x 63700010

    Creates a new key structure

    77 09:45:07.943 01/10/13 Sev = Info/4 IPSEC/0x6370000F

    Adding key with SPI = 0x1c4cafaa in the list of keys

    78 09:45:07.943 01/10/13 Sev = Info/4 IPSEC / 0 x 63700010

    Creates a new key structure

    79 09:45:07.943 01/10/13 Sev = Info/4 IPSEC/0x6370000F

    Adding key with SPI = 0xc5bfbe3e in the list of keys

    80 09:45:07.943 01/10/13 Sev = Info/4 IPSEC/0x6370002F

    Assigned WILL interface private addr 192.168.2.70

    81 09:45:07.943 01/10/13 Sev = Info/4 IPSEC / 0 x 63700037

    Configure the public interface: 96.11.251.149. SG: **.**.***.***

    82 09:45:07.943 10/01/13 Sev = Info/6 CM / 0 x 63100046

    Define indicator tunnel set up in the registry to 1.

    83 09:45:13.459 01/10/13 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK INFO * (HASH, NOTIFY: DPD_REQUEST) to *. **. ***. ***

    84 09:45:13.459 01/10/13 Sev = Info/6 IKE/0x6300003D

    Upon request of the DPD to *. **. ***. , our seq # = 107205276

    85 09:45:13.474 01/10/13 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    86 09:45:13.474 01/10/13 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:dpd_ack)="" from="">

    87 09:45:13.474 01/10/13 Sev = Info/5 IKE / 0 x 63000040

    Receipt of DPO ACK to *. **. ***. seq # receipt = 107205276, seq # expected is 107205276

    88 09:45:15.959 01/10/13 Sev = Info/4 IPSEC / 0 x 63700019

    Activate key dating SPI = 0x1c4cafaa key with SPI = 0xc5bfbe3e

    89 09:46:00.947 10/01/13 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK INFO * (HASH, NOTIFY: DPD_REQUEST) to *. **. ***. ***

    90 09:46:00.947 01/10/13 Sev = Info/6 IKE/0x6300003D

    Upon request of the DPD to *. **. ***. , our seq # = 107205277

    91 09:46:01.529 01/10/13 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    92 09:46:01.529 01/10/13 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:dpd_ack)="" from="">

    93 09:46:01.529 01/10/13 Sev = Info/5 IKE / 0 x 63000040

    Receipt of DPO ACK to *. **. ***. seq # receipt = 107205277, seq # expected is 107205277

    94 09:46:11.952 01/10/13 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK INFO * (HASH, NOTIFY: DPD_REQUEST) to *. **. ***. ***

    95 09:46:11.952 01/10/13 Sev = Info/6 IKE/0x6300003D

    Upon request of the DPD to *. **. ***. , our seq # = 107205278

    96 09:46:11.979 01/10/13 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    97 09:46:11.979 01/10/13 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:dpd_ack)="" from="">

    98 09:46:11.979 01/10/13 Sev = Info/5 IKE / 0 x 63000040

    Receipt of DPO ACK to *. **. ***. seq # receipt = 107205278, seq # expected is 107205278

    ---------------------------------------------------------------------------------------------------------------

    Any help would be appreciated, thanks!

    try to refuse the ACL (access-list AnyConnect_Client_Local_Print extended deny ip any one) at the end of the ACL.

Maybe you are looking for

  • 30/07/15 has disconnected my Thunderbird server, how can I fix. no problems with my ISP email account

    My computer runs windows 7 and Thunderbird is 38.1.0. Here is the full error [email protected] server Thunderbird has disconnected. The server may be down or there may be a network problem.My border yahoo account works fine, the passwo

  • Problem with updates

    Year I bought my first macbook air, but my friend used his ID updates apple to install updates for the first time, because he was using my macbook and had not had time to install jet and now when I try to install updates with my apple ID it does not

  • Satellite L755-128 stop without reason

    Problem #1 when I play games after 30 to 60 minutes pc closed down and power led + battery led flashes orange Problem #2 a few times locking digital LEDs have a variable glow is like a light bulb that receive the variable power. Example of battery pr

  • 8 GB + 2 GB Macbook Pro late 2011 - Possible?

    Hey,. I bought a bar of 8 GB 1333 Mhz of Crucial to add to my Macbook Pro 13 ", end 2011, which currently has 4 GB. Only after I ordered it, I realized that the 4 GB came in 2 + 2GB sticks. A rookie mistake, I know. My question is this: is it possibl

  • K242HL screen flashes when you look at the grey colors

    My K242HL monitor is often subject to flicker to a very specific spectrum of gray. This only happens when my laptop is charging. Although minor, it can get a little boring. Help, please.