Remote access to public folders - password
On this HP Pavilion HPE h8-1020 desktop computer, I want to access the public folders to another system that connect wirelessly to the network. However, I would like to restrict access to the only people who have a password. I was able to enter 'Network & sharing Center' in the 'advanced sharing settings' section and deselect the password option, which allows the connection of a computer to another, but would also allow someone on the street to access these "public" folders These records contain information that is not really public. How can I determine the user name and the password to use when I re - select the password option?
I have not implemented 'users' on each machine. Maybe it's the access protected by a key. ???
This issue has been resolved by my realization that the Wi - Fi protected by, only those who have permission can also access these "public" files Since only those who authorize have access to this same address wireless, it is unlikely that others would be able to view these files.
Tags: Notebooks
Similar Questions
-
Location:
4 x Vista computers
1 x XP computer acting as a server file, all the data in the "shared folders".All 4 Vista computers were to access shared data on the XP machine for two years without problem. All of a sudden this week one of the Vista computers "Frequently" but not always ask for a username and password to access the machine XP - not only shared folders, but still a list of shared resources on the machine XP via my network places is the result in the box of "connect to" request credentials to appear. All 3 other Vista machines have no problem to access the XP machine, so the problem must be with the a Vista machine.
To put a spanner in the works as I have said in this case "Frequently" and by that I mean probably 9 of the 10 connection attempts. Let's say, you can see the name of the computer in my network places, you double click it and have asked for credentials, cancel the attempt and to repeat 4 or 5 times and then you could get display shared resources without going into the details of connection. For a few minutes, you might be able to access all the shared data and to navigate through the folders, but then all of a sudden have asked you credentials and can not access to anything, even the files accessed you seconds before.
Lets say you are able to access the shared folders, you navigate to the Parent folder, then under A folder, then a subfolder B, go back to A notebook, then try to access folder B even once and you get guest credentials, quit out of the network completely locations, navigate back to the XP via Network Places and this machine you not even be able to display all the shared resources on the XP machine.
I've also set up a shared folder on a Vista machine with matching username and password on the machines and the Vista machine with the get the problem exactly the same problem so this definatley Vista machine with the question and not sharing files on the XP machine.
Someone at - he met before or have any suggestions?
Hi MikeBarnes,
You can check in the Analyzer for performance and reliability.
Step 1:
To start reliability monitor and performance monitor
a. Click Start, right-click computer and click on manage.
b. in the Microsoft Management Console navigation tree, click on performance and reliability.
Step 2:
You can also try a system restore to a point before the problem started.
Note: When you perform the system restore to restore the computer to a previous state, programs and updates that you have installed are removed.
To run the system restore, you can consult the following link:
System restore
http://Windows.Microsoft.com/en-us/Windows-Vista/what-is-system-restore
System Restore: frequently asked questions
http://Windows.Microsoft.com/en-us/Windows-Vista/system-restore-frequently-asked-questions
Hope this information is useful.
Jeremy K
Microsoft Answers Support Engineer
Visit our Microsoft answers feedback Forum and let us know what you think.If this post can help solve your problem, please click the 'Mark as answer' or 'Useful' at the top of this message. Marking a post as answer, or relatively useful, you help others find the answer more quickly.
-
- Tried to reconfigure the firewall
- Tried to change files and printers, sharing options
- Restarted other computers trying to connect to my public folder
- Tried to adjust the network discovery
- Do all computers on the network among the same workgroup
- I can access public folders from the other computer and their content
- Other computers on my network, in my workgroup can see my public folders, and users, but cannot access it.
- Other computers can see my computer, but can not access: error code: 0 x 80070035.
Can't access: 'Public' and 'Users' in the title:
-Network
MyName-PCPlease don't give me that: "If you try to connect to another computer, make sure that this computer is on, that you have enabled file and printer sharing on both computers, and file and printer sharing can communicate through your firewall." Because I seek NOT to connect to another computer... I want to just access MY Public folder and the users folder and eventually allow others to access also.
Hi Katmandu774,
Welcome to Microsoft Answers Forums.
The Public folder is a convenient way to share files that are stored on your computer. You can share files in this folder with other people using the same computer and with people using other computers on the same network. Any file or folder you put in the folder Public is automatically shared with the people who have access to your Public folder.
If you are not on a domain, you can limit network access to the Public folder so that people with a user account and password for this computer. To do this, turn on sharing protected by password.
- Open the network and sharing Center by clicking the Start button, clicking Control Panel, click network and Internet, click network and sharing Center.
- Click the arrow next to password protected sharing, and then click one of the following options:
· Turn on password protected sharing
· Turn off password protected sharing
- Click apply. If you are prompted for an administrator password or a confirmation, type the password or provide confirmation.
To control the level of access to the Public folder
- Open the network and sharing Center by clicking the Start button, clicking Control Panel, click network and Internet, click network and sharing Center.
- Click the arrow next to public folder sharing, and then click one of the following options:
· Turn on sharing so anyone with network access can open files
· Turn on sharing so anyone with network access can open, change and create files
· Turn off sharing (people logged on to this computer can still access this folder)
- Click apply. If you are prompted for an administrator password or a confirmation, type the password or provide confirmation.
Also, make sure you add everyone to the public folder and give the necessary permissions to access it.
Sharing files with the Public folder
http://Windows.Microsoft.com/en-us/Windows-Vista/sharing-files-with-the-public-folder
Halima S - Microsoft technical support.
Visit our Microsoft answers feedback Forum and let us know what you think.
-
Hey everyone, I'm new to mac os.
I am not able to access public folders in the macbook air.
Please tell me how to access public folders as in my college, that everything is made on the public folders.
operating system is el capitan
An apple article is here: OS X Yosemite: controlling access to your Public folder
-
to access the "non-public" folders on my laptop wireless
I can't access "non-public" folders on my laptop wireless even though I can access its public folders. Specifically, I chose the folder music on my laptop to be shared, but I still don't see it. I use Windows 7 on the desktop and the laptop.
Ah well, I struggled with myself before. There are a few things that you may want to check. There are share permissions, there is also the folder permissions. They are separated, but both must be opened for the part to work.
So the first place is under the sharing tab/Advanced Sharing / permissions. The other is on the Security tab. In both cases, you want to allow 'all' to 'read '.Here is the share permissions...And here is the folder permissions... -
Configuration remote access VPN (IPSec) using FULL domain name
Hi friends of Cisco,
We have the DNS (only the internal IP) within our network, right now that we have configured VPN for remote access using public IP address and connect us with the same public IP address. I need help to use the domain name FULL rather than use public IP.
Can you please provide the configuration for this.
Feature: ASA 5520
Type of configuration: IPSec
Thank you
Estel
Hi Philippe,.
You can use one of the free Web of DNS dynamic sites and configure ASA to dynamic DNS.
Reference - http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/basic_ddns.html
HTH,
-Dieng
-
Windows home server 2011 - remote access error - wrong password or account to GoDaddy
My windows Home server remote access does not recognize the domain, I've implemented into Go Daddy.
The login and the password are considered bad by the wizard.
Of course I can access with login and password to godaddy.com and everything is nominal.
I noticed the problem 4 weeks ago. No solution has worked so far.
I tried even to remove the entry in the register (via REGEDIT), I found a link to that in the past. But the problem remains.
I fear that some change was introduced on the way the security part
Hello
I suggest you post your query on the TechNet forums to get help. Consult the following link:
It will be useful.
-
remote access connection - save the server password
I use XP remote access to access a commercial application. Now I have to enter the Server 2008 password each time. Because the password is very complicated and very easy to enter in an improper way and that nobody else uses my computer, I would like to have the .rdp file save this password. In this way, all I have to do is click the .rdp file and I am in the application. What should I do to have the registered server password? TIA.
Hello Sharon,
The question you posted would be better suited in the TechNet Forums. I would recommend posting your query in the TechNet Forums.
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer
-
Remote access VPN group name and password
Hi guys,.
Can someone tell me please the command to display a remote access VPN group name and the password on a firewall version 8.0 of ASA? Any help will be greatly appreciated.
Thank you
Lake
Remote VPN IPsec IKEv1 access are listed as groups of tunnel. If you enter
more system:running-config | b tunnel-group
You can see the config sections (starting with the first mention of the tunnel-group) as well as the pre-shared key ikev1 plaintext String.
-
A Site to remote access VPN behind the same public IP address
Got a problem quite stupid. We have a VPN from Site to Site configured for a new data center, which will be responsible for general traffic management. In addition, some users need to use use a VPN client to access certain areas. The firewall at the Office only has a public IP address, so the two will come to the Site to Site VPN for remote access from the same source.
This seems a problem with legacy Cisco VPN clients because encryption card matches the entry VPN site-to-site, even if they use VPN clients. A good/simple solution to solve this problem?
Some newspapers (198.18.85.23) is the address public IP for the office and the tom.jones is the user. 192.168.1.0/24 is the pool of the VPN client.
January 7, 2014 19:12:52 ASA5515: % 713130-5-ASA: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, transaction mode attribute unhandled received: 5
January 7, 2014 19:12:52 ASA5515: % 737003-5-ASA: PISG: DHCP not configured, no viable servers found for tunnel-group "Corp-VPN.
January 7, 2014 19:12:52 ASA5515: % 713119-5-ASA: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, PHASE 1 COMPLETED
January 7, 2014 19:12:52 ASA5515: % ASA-3-713061: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, IPSec tunnel rejecting: no entry for crypto for proxy card remote proxy 192.168.1.4/255.255.255.255/0/0 local 0.0.0.0/0.0.0.0/0/0 on the interface outside
January 7, 2014 19:12:52 ASA5515: % ASA-3-713902: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, error QM WSF (P2 struct & 0x00007fff28dab560, mess id 0x37575f3c).
January 7, 2014 19:12:52 ASA5515: % ASA-3-713902: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, peer table correlator Removing failed, no match!
January 7, 2014 19:12:52 ASA5515: % 713259-5-ASA: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, Session is be demolished. Reason: political crypto card not found
January 7, 2014 19:12:52 ASA5515: % ASA-4-113019: Group = Corp-VPN, Username = tom.smith, IP = 198.18.85.23, disconnected Session. Session type: IKEv1, duration: 0 h: 00 m: 02s, xmt bytes: 0, RRs bytes: 0, right: not found card crypto policy
January 7, 2014 19:12:53 ASA5515: % 713904-5-ASA: IP = 198.18.85.23, encrypted packet received with any HIS correspondent, drop
Hello
Don't know if this will work, but you can try the following configuration (with the rest of the VPN configuration)
list-access CLIENT VPN ip enable any 192.168.1.0 255.255.255.0
card crypto OUTSIDE_map 4 is the VPN CLIENT address
card crypto OUTSIDE_map 4 set peer 198.18.85.23
card crypto OUTSIDE_map 4 set ikev1 transform-set ESP-AES-128-SHA ESP-3DES-SHA
The idea would be to have the ACL matches the VPN full Tunnel that the Client attempts to establish. (destination "any" from the point of view of the customer, the ASAs view source)
I tested briefly on my own SAA by connecting from an IP address to which the ASA offers free VPN in L2L. But as I don't have the operational L2L VPN, I can't really verify the VPN L2L at the moment. Thus, certain risks may be involved if you can afford it.
-Jouni
-
Im trying to set up remote access for a babyphone Foscam (Fl8918W). I worked on it all day. No matter what I do, I can't get the camera to get on my computer (or iPhone).
Here's some of what I've done so far...
-Camera configuration and find the IP address
-Type the IP address of the camera in the browser and camera open (it uses Active X)
-Change Port number of the camera (Guide suggested using 2000)
-Now you can type the IP address and the port number in the browser and access camera
-Complete the Port forwarding on the router (I did this several times using each option that I could understand. Finally, I think that I did it correctly because it looked like he turned on - but I don't really know. "I couldn't get any real information on the Port Forwarding for my Westell A90-750045-07).
-Access using the public IP address. It did not work at all. I had to find my IP address for my computer/network (which I did) then open my browser and type the IP address followed by: 2000 (new port). The camera was then to open in the browser, but it did not work.
-IP service. Management said that the device could be available over the internet using a public IP address. He told me to go on No - IP and sign up for the free service. After the signing, I was directed to create a host name. I managed to do it.
-L' direct access of the ACTIVE camera address No - IP. I was directed to type my address No - IP (hostname) in my browser, followed by: and the Port number (: 2000). He said that I should then able to access my camera from a computer or mobile app on the Internet using this address. This does not at all.
-J' tried to make it work with my iPhone. I was directed to download and install an application called Live Cams Pro - by Eggman Technologies. He then ordered me to add a camera. I chose the correct model of Foscam, entered the IP address (or my No - IP address) WITHOUT port number, then on another line, I entered the Port number, entered my user name and password and click Save. Nothing ever came and finally the connection times out.
I did all the change of option combinations in each stage as many times I could think. All I could change in these steps, I tried all the options I could. I can't make it work.
I'm so frustrated. I'm not a computer person. I managed to do a lot of things by reading the instructions carefully. I read the Foscam Installation Guide and the next babyphones instruction manual (I bought the camera from the company). Nothing I've tried works.
Any direction would be greatly appreciated.
Thank you!
Did you put the IP cameras as a destination / local IP?
If this is not the case, do.Aside from that, the best would be to contact the manufacturer of your router for assistance with how to correctly forward ports to your camera.
-
Problems with Windows 7 Pro Remote Access
I'm on a Windows 7 Pro machine, but it is connected to a working network.
I'm trying to access Windows 7 Pro machine to my parents at home.
I went through These Instructions. We have created a password for one of the user accounts. I checked the name of the computer (there is no listed area). We confirmed that remote access has been enabled and allow remote access has been verified in the firewall settings.
However, when I start "Remote Desktop connection" on my computer and put their computer name in the box, I get a message that it cannot find the computer. Then, the message indicates that the computer cannot belong to "the network specified." But there is no specified network, and I see no where to do it.
In addition, it is possible that my work security settings prevent me from remote accessing another computer?
Last question: if I used the Fusion of the virtual machine on my Mac, with Windows 7, I can remote access to another computer?
Real technique. The problem boils down to the IP address. Your computer probably has an IP of 192.168.1.8 or something like that. But the router any fact domestic in the world. So when you want to connect to the remote computer, you must use the IP public face (which the internet service provider home assigns to your router/home, not that of your router assigns to your computer). But then, you're always short because now you have at home, but you have to tell the House what PC actually send this letter too. It's like an envelope with an address half. Port forwarding it tells the final step which PC should receive the message.
But yes I agree they could at least put a link or an explanation.
-
Problem with ASA 5505 VPN remote access
After about 1 year to have the VPN Client from Cisco connection to an ASA 5505 with no problems, all of a sudden one day it stops working. The customer is able to get a connection to the ASA and browse the local network for only about 30 seconds after the connection. After that, no access is available to the network behind the ASA. I have tried everything I can think of to try to solve the problem, but at this point, I'm just banging my head against a wall. Anyone know what could cause this?
Here is the cfg running of the ASA
----------------------------------------------------------------------------------------
: Saved
:
ASA Version 8.4 (1)
!
hostname NCHCO
enable encrypted password xxxxxxxxxxxxxxx
xxxxxxxxxxx encrypted passwd
names of
description of NCHCO name 192.168.2.0 City offices
name 192.168.2.80 VPN_End
name 192.168.2.70 VPN_Start
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.2.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address **. ***. 255.255.255.248
!
interface Ethernet0/0
switchport access vlan 2
Speed 100
full duplex
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system Disk0: / asa841 - k8.bin
passive FTP mode
network of the NCHCO object
Subnet 192.168.2.0 255.255.255.0
network object obj - 192.168.1.0
subnet 192.168.1.0 255.255.255.0
network object obj - 192.168.2.64
subnet 192.168.2.64 255.255.255.224
network object obj - 0.0.0.0
subnet 0.0.0.0 255.255.255.0
network obj_any object
subnet 0.0.0.0 0.0.0.0
the Web server object network
the FINX object network
Home 192.168.2.11
rdp service object
source between 1-65535 destination eq 3389 tcp service
Rdp description
outside_nat0_outbound extended access list permit ip object NCHCO 192.168.1.0 255.255.255.0
outside_nat0_outbound extended access list permit ip object NCHCO 192.168.2.0 255.255.255.0
inside_nat0_outbound extended access list permit ip object NCHCO 192.168.1.0 255.255.255.0
inside_nat0_outbound list of allowed ip extended access all 192.168.2.64 255.255.255.224
permit access list extended ip 0.0.0.0 inside_nat0_outbound 255.255.255.0 192.168.2.64 255.255.255.224
outside_1_cryptomap extended access list permit ip object NCHCO 192.168.1.0 255.255.255.0
outside_1_cryptomap_1 extended access list permit ip object NCHCO 192.168.1.0 255.255.255.0
LAN_Access list standard access allowed 192.168.2.0 255.255.255.0
LAN_Access list standard access allowed 0.0.0.0 255.255.255.0
NCHCO_splitTunnelAcl_1 list standard access allowed 192.168.2.0 255.255.255.0
AnyConnect_Client_Local_Print deny ip extended access list a whole
AnyConnect_Client_Local_Print list extended access permit tcp any any eq lpd
Note AnyConnect_Client_Local_Print of access list IPP: Internet Printing Protocol
AnyConnect_Client_Local_Print list extended access permit tcp any any eq 631
print the access-list AnyConnect_Client_Local_Print Note Windows port
AnyConnect_Client_Local_Print list extended access permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print mDNS Note: multicast DNS protocol
AnyConnect_Client_Local_Print list extended access permit udp any host 224.0.0.251 eq 5353
AnyConnect_Client_Local_Print of access list LLMNR Note: link Local Multicast Name Resolution protocol
AnyConnect_Client_Local_Print list extended access permit udp any host 224.0.0.252 eq 5355
Note access list TCP/NetBIOS protocol AnyConnect_Client_Local_Print
AnyConnect_Client_Local_Print list extended access permit tcp any any eq 137
AnyConnect_Client_Local_Print list extended access udp allowed any any eq netbios-ns
outside_access_in list extended access permit tcp any object FINX eq 3389
outside_access_in_1 list extended access allowed object rdp any object FINX
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
mask of VPN_Pool VPN_Start VPN_End of local pool IP 255.255.255.0
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 649.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside, all) static source NCHCO destination NCHCO static obj - 192.168.1.0 obj - 192.168.1.0
NAT (inside, all) static source any any destination static obj - 192.168.2.64 obj - 192.168.2.64
NAT (inside, all) source static obj - 0.0.0.0 0.0.0.0 - obj destination static obj - 192.168.2.64 obj - 192.168.2.64
!
network obj_any object
NAT dynamic interface (indoor, outdoor)
the FINX object network
NAT (inside, outside) interface static service tcp 3389 3389
Access-group outside_access_in_1 in interface outside
Route outside 0.0.0.0 0.0.0.0 69.61.228.177 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
network-acl outside_nat0_outbound
WebVPN
SVC request to enable default svc
Enable http server
http 192.168.1.0 255.255.255.0 inside
http *. **. ***. 255.255.255.255 outside
http *. **. ***. 255.255.255.255 outside
http NCHCO 255.255.255.0 inside
http 96.11.251.186 255.255.255.255 outside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac ikev1 l2tp-transform
IKEv1 crypto ipsec transform-set l2tp-transformation mode transit
Crypto ipsec transform-set vpn-transform ikev1 esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA ikev1
transport mode encryption ipsec transform-set TRANS_ESP_3DES_SHA ikev1
Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5 ikev1
transport mode encryption ipsec transform-set TRANS_ESP_3DES_MD5 ikev1
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map dyn-map 10 set pfs Group1
crypto dynamic-map dyn-map 10 set transform-set l2tp vpn-transform processing ikev1
dynamic-map encryption dyn-map 10 value reverse-road
Crypto-map dynamic outside_dyn_map 20 set transform-set ESP-3DES-SHA ikev1
Crypto-map dynamic outside_dyn_map 20 the value reverse-road
card crypto outside_map 1 match address outside_1_cryptomap
card crypto outside_map 1 set pfs Group1
peer set card crypto outside_map 1 74.219.208.50
card crypto outside_map 1 set transform-set ESP-3DES-SHA ikev1
map outside_map 20-isakmp ipsec crypto dynamic outside_dyn_map
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
inside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
inside crypto map inside_map interface
card crypto vpn-map 1 match address outside_1_cryptomap_1
card crypto vpn-card 1 set pfs Group1
set vpn-card crypto map peer 1 74.219.208.50
card crypto 1 set transform-set ESP-3DES-SHA ikev1 vpn-map
dynamic vpn-map 10 dyn-map ipsec isakmp crypto map
crypto isakmp identity address
Crypto ikev1 allow inside
Crypto ikev1 allow outside
IKEv1 crypto ipsec-over-tcp port 10000
IKEv1 crypto policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
IKEv1 crypto policy 15
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 35
preshared authentication
3des encryption
sha hash
Group 2
life 86400
enable client-implementation to date
Telnet 192.168.1.0 255.255.255.0 inside
Telnet NCHCO 255.255.255.0 inside
Telnet timeout 5
SSH 192.168.1.0 255.255.255.0 inside
SSH NCHCO 255.255.255.0 inside
SSH timeout 5
Console timeout 0
dhcpd address 192.168.2.150 - 192.168.2.225 inside
dhcpd dns 216.68.4.10 216.68.5.10 interface inside
lease interface 64000 dhcpd inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
internal DefaultRAGroup group strategy
attributes of Group Policy DefaultRAGroup
value of server DNS 192.168.2.1
L2TP ipsec VPN-tunnel-Protocol ikev1
nchco.local value by default-field
attributes of Group Policy DfltGrpPolicy
value of server DNS 192.168.2.1
L2TP ipsec VPN-tunnel-Protocol ikev1 ssl-clientless ssl-client
allow password-storage
enable IPSec-udp
enable dhcp Intercept 255.255.255.0
the address value VPN_Pool pools
internal NCHCO group policy
NCHCO group policy attributes
value of 192.168.2.1 DNS Server 8.8.8.8
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list NCHCO_splitTunnelAcl_1
value by default-field NCHCO.local
admin LbMiJuAJjDaFb2uw encrypted privilege 15 password username
username privilege 15 encrypted password yB1lHEVmHZGj5C2Z 8njferg
username NCHvpn99 password dhn. JzttvRmMbHsP encrypted
attributes global-tunnel-group DefaultRAGroup
address (inside) VPN_Pool pool
address pool VPN_Pool
authentication-server-group (inside) LOCAL
authentication-server-group (outside LOCAL)
LOCAL authority-server-group
authorization-server-group (inside) LOCAL
authorization-server-group (outside LOCAL)
Group Policy - by default-DefaultRAGroup
band-Kingdom
band-band
IPSec-attributes tunnel-group DefaultRAGroup
IKEv1 pre-shared-key *.
NOCHECK Peer-id-validate
tunnel-group DefaultRAGroup ppp-attributes
No chap authentication
no authentication ms-chap-v1
ms-chap-v2 authentication
tunnel-group DefaultWEBVPNGroup ppp-attributes
PAP Authentication
ms-chap-v2 authentication
tunnel-group 74.219.208.50 type ipsec-l2l
IPSec-attributes tunnel-group 74.219.208.50
IKEv1 pre-shared-key *.
type tunnel-group NCHCO remote access
attributes global-tunnel-group NCHCO
address pool VPN_Pool
Group Policy - by default-NCHCO
IPSec-attributes tunnel-group NCHCO
IKEv1 pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
context of prompt hostname
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:a2110206e1af06974c858fb40c6de2fc
: end
ASDM image disk0: / asdm - 649.bin
ASDM VPN_Start 255.255.255.255 inside location
ASDM VPN_End 255.255.255.255 inside location
don't allow no asdm history
---------------------------------------------------------------------------------------------------------------
And here are the logs of the Cisco VPN Client when sailing, then is unable to browse the network behind the ASA:
---------------------------------------------------------------------------------------------------------------
Cisco Systems VPN Client Version 5.0.07.0440
Copyright (C) 1998-2010 Cisco Systems, Inc.. All rights reserved.
Customer type: Windows, Windows NT
Running: 6.1.7601 Service Pack 1
Config files directory: C:\Program Files (x 86) \Cisco Systems\VPN Client\
1 09:44:55.677 01/10/13 Sev = Info/6 CERT / 0 x 63600026
Try to find a certificate using hash Serial.
2 09:44:55.677 01/10/13 Sev = Info/6 CERT / 0 x 63600027
Found a certificate using hash Serial.
3 09:44:55.693 01/10/13 Sev = Info/6 GUI/0x63B00011
RELOADED successfully certificates in all certificate stores.
4 09:45:02.802 10/01/13 Sev = Info/4 CM / 0 x 63100002
Start the login process
5 09:45:02.802 01/10/13 Sev = Info/4 CM / 0 x 63100004
Establish a secure connection
6 09:45:02.802 01/10/13 Sev = Info/4 CM / 0 x 63100024
Attempt to connect with the server "*." **. ***. *** »
7 09:45:02.802 10/01/13 Sev = Info/6 IKE/0x6300003B
Try to establish a connection with *. **. ***. ***.
8 09:45:02.818 10/01/13 Sev = Info/4 IKE / 0 x 63000001
From IKE Phase 1 negotiation
9 09:45:02.865 10/01/13 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) to *. **. ***. ***
10 09:45:02.896 10/01/13 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
11 09:45:02.896 10/01/13 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" ag="" (sa,="" ke,="" non,="" id,="" hash,="" vid(unity),="" vid(xauth),="" vid(dpd),="" vid(nat-t),="" nat-d,="" nat-d,="" vid(frag),="" vid(?))="" from="">
12 09:45:02.896 10/01/13 Sev = Info/5 IKE / 0 x 63000001
Peer is a compatible peer Cisco-Unity
13 09:45:02.896 01/10/13 Sev = Info/5 IKE / 0 x 63000001
Peer supports XAUTH
14 09:45:02.896 01/10/13 Sev = Info/5 IKE / 0 x 63000001
Peer supports the DPD
15 09:45:02.896 01/10/13 Sev = Info/5 IKE / 0 x 63000001
Peer supports NAT - T
16 09:45:02.896 01/10/13 Sev = Info/5 IKE / 0 x 63000001
Peer supports fragmentation IKE payloads
17 09:45:02.927 01/10/13 Sev = Info/6 IKE / 0 x 63000001
IOS Vendor ID successful construction
18 09:45:02.927 01/10/13 Sev = Info/4 IKE / 0 x 63000013
SENDING > ISAKMP OAK AG * (HASH, NOTIFY: NAT - D, NAT - D, VID (?), STATUS_INITIAL_CONTACT, VID (Unity)) to *. **. ***. ***
19 09:45:02.927 01/10/13 Sev = Info/4 IKE / 0 x 63000083
IKE port in use - Local Port = 0xDD3B, Remote Port = 0x01F4
20 09:45:02.927 01/10/13 Sev = Info/5 IKE / 0 x 63000072
Automatic NAT detection status:
Remote endpoint is NOT behind a NAT device
This effect is NOT behind a NAT device
21 09:45:02.927 01/10/13 Sev = Info/4 CM/0x6310000E
ITS established Phase 1. 1 crypto IKE Active SA, 0 IKE SA authenticated user in the system
22 09:45:02.943 10/01/13 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
23 09:45:02.943 01/10/13 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
24 09:45:02.943 01/10/13 Sev = Info/4 CM / 0 x 63100015
Launch application xAuth
25 09:45:03.037 01/10/13 Sev = Info/6 GUI/0x63B00012
Attributes of the authentication request is 6: 00.
26 09:45:03.037 01/10/13 Sev = Info/4 CM / 0 x 63100017
xAuth application returned
27 09:45:03.037 10/01/13 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***
28 09:45:03.037 10/01/13 Sev = Info/4 IPSEC / 0 x 63700008
IPSec driver started successfully
29 09:45:03.037 01/10/13 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
30 09:45:03.083 01/10/13 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
31 09:45:03.083 01/10/13 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
32 09:45:03.083 01/10/13 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***
33 09:45:03.083 01/10/13 Sev = Info/4 CM/0x6310000E
ITS established Phase 1. 1 crypto IKE Active SA, 1 IKE SA authenticated user in the system
34 09:45:03.083 01/10/13 Sev = Info/5 IKE/0x6300005E
Customer address a request from firewall to hub
35 09:45:03.083 01/10/13 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***
36 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
37 09:45:03.146 01/10/13 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="" **.**.***.***="" isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
38 09:45:03.146 01/10/13 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = 192.168.2.70
39 09:45:03.146 01/10/13 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK:, value = 255.255.255.0
40 09:45:03.146 01/10/13 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = 192.168.2.1
41 09:45:03.146 01/10/13 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (2):, value = 8.8.8.8
42 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000001
43 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0x00000001
44 09:45:03.146 10/01/13 Sev = Info/5 IKE/0x6300000F
SPLIT_NET #1
= 192.168.2.0 subnet
mask = 255.255.255.0
Protocol = 0
SRC port = 0
port dest = 0
45 09:45:03.146 10/01/13 Sev = Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN:, value = NCHCO.local
46 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_UDP_NAT_PORT, value = 0 x 00002710
47 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS:, value = 0x00000000
48 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = 8.4 (1) Cisco systems, Inc. ASA5505 Version built by manufacturers on Tuesday, January 31, 11 02:11
49 09:45:03.146 01/10/13 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT:, value = 0x00000001
50 09:45:03.146 01/10/13 Sev = Info/4 CM / 0 x 63100019
Data in mode Config received
51 09:45:03.146 01/10/13 Sev = Info/4 IKE / 0 x 63000056
Received a request from key driver: local IP = 192.168.2.70, GW IP = *. **. ***. remote IP address = 0.0.0.0
52 09:45:03.146 01/10/13 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK QM * (HASH, SA, NO, ID, ID) to *. **. ***. ***
53 09:45:03.177 01/10/13 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
54 09:45:03.177 01/10/13 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">
55 09:45:03.177 01/10/13 Sev = Info/5 IKE / 0 x 63000045
Answering MACHINE-LIFE notify has value of 86400 seconds
56 09:45:03.177 01/10/13 Sev = Info/5 IKE / 0 x 63000047
This SA was already alive for 1 second, expiration of adjustment to 86399 seconds now
57 09:45:03.193 01/10/13 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
58 09:45:03.193 01/10/13 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" qm="" *(hash,="" sa,="" non,="" id,="" id,="" notify:status_resp_lifetime)="" from="">
59 09:45:03.193 01/10/13 Sev = Info/5 IKE / 0 x 63000045
Answering MACHINE-LIFE notify is set to 28800 seconds
60 09:45:03.193 01/10/13 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK QM * (HASH) to *. **. ***. ***
61 09:45:03.193 01/10/13 Sev = Info/5 IKE / 0 x 63000059
IPsec Security Association of loading (MsgID = SPI OUTBOUND SPI INCOMING = 0x3EBEBFC5 0xAAAF4C1C = 967A3C93)
62 09:45:03.193 01/10/13 Sev = Info/5 IKE / 0 x 63000025
OUTGOING ESP SPI support: 0xAAAF4C1C
63 09:45:03.193 01/10/13 Sev = Info/5 IKE / 0 x 63000026
Charges INBOUND ESP SPI: 0x3EBEBFC5
64 09:45:03.193 01/10/13 Sev = Info/5 CVPND / 0 x 63400013
Destination mask subnet Gateway Interface metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261
96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261
96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261
192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261
65 09:45:03.521 01/10/13 Sev = Info/6 CVPND / 0 x 63400001
Launch VAInst64 for controlling IPSec virtual card
66 09:45:03.896 01/10/13 Sev = Info/4 CM / 0 x 63100034
The virtual card has been activated:
IP=192.168.2.70/255.255.255.0
DNS = 192.168.2.1, 8.8.8.8
WINS = 0.0.0.0 0.0.0.0
Domain = NCHCO.local
Split = DNS names
67 09:45:03.912 01/10/13 Sev = Info/5 CVPND / 0 x 63400013
Destination mask subnet Gateway Interface metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261
96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261
96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261
192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 0.0.0.0 0.0.0.0 261
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261
255.255.255.255 255.255.255.255 0.0.0.0 0.0.0.0 261
68 09:45:07.912 01/10/13 Sev = Info/4 CM / 0 x 63100038
Were saved successfully road to file changes.
69 09:45:07.912 01/10/13 Sev = Info/5 CVPND / 0 x 63400013
Destination mask subnet Gateway Interface metric
0.0.0.0 0.0.0.0 96.11.251.1 96.11.251.149 261
**. **. ***. 255.255.255.255 96.11.251.1 96.11.251.149 100
96.11.251.0 255.255.255.0 96.11.251.149 96.11.251.149 261
96.11.251.149 255.255.255.255 96.11.251.149 96.11.251.149 261
96.11.251.255 255.255.255.255 96.11.251.149 96.11.251.149 261
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 306
127.0.0.1 255.255.255.255 127.0.0.1 127.0.0.1 306
127.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
192.168.1.0 255.255.255.0 192.168.1.3 192.168.1.3 261
192.168.1.3 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.1.255 255.255.255.255 192.168.1.3 192.168.1.3 261
192.168.2.0 255.255.255.0 192.168.2.70 192.168.2.70 261
192.168.2.0 255.255.255.0 192.168.2.1 192.168.2.70 100
192.168.2.70 255.255.255.255 192.168.2.70 192.168.2.70 261
192.168.2.255 255.255.255.255 192.168.2.70 192.168.2.70 261
224.0.0.0 240.0.0.0 127.0.0.1 127.0.0.1 306
224.0.0.0 240.0.0.0 96.11.251.149 96.11.251.149 261
224.0.0.0 240.0.0.0 192.168.1.3 192.168.1.3 261
224.0.0.0 240.0.0.0 192.168.2.70 192.168.2.70 261
255.255.255.255 255.255.255.255 127.0.0.1 127.0.0.1 306
255.255.255.255 255.255.255.255 96.11.251.149 96.11.251.149 261
255.255.255.255 255.255.255.255 192.168.1.3 192.168.1.3 261
255.255.255.255 255.255.255.255 192.168.2.70 192.168.2.70 261
70 09:45:07.912 01/10/13 Sev = Info/6 CM / 0 x 63100036
The routing table has been updated for the virtual card
71 09:45:07.912 01/10/13 Sev = Info/4 CM/0x6310001A
A secure connection established
72 09:45:07.943 01/10/13 Sev = Info/4 CM/0x6310003B
Look at address added to 96.11.251.149. Current host name: psaserver, current address (s): 192.168.2.70, 96.11.251.149, 192.168.1.3.
73 09:45:07.943 01/10/13 Sev = Info/4 CM/0x6310003B
Look at address added to 192.168.2.70. Current host name: psaserver, current address (s): 192.168.2.70, 96.11.251.149, 192.168.1.3.
74 09:45:07.943 01/10/13 Sev = Info/5 CM / 0 x 63100001
Did not find the smart card to watch for removal
75 09:45:07.943 01/10/13 Sev = Info/4 IPSEC / 0 x 63700014
Remove all keys
76 09:45:07.943 01/10/13 Sev = Info/4 IPSEC / 0 x 63700010
Creates a new key structure
77 09:45:07.943 01/10/13 Sev = Info/4 IPSEC/0x6370000F
Adding key with SPI = 0x1c4cafaa in the list of keys
78 09:45:07.943 01/10/13 Sev = Info/4 IPSEC / 0 x 63700010
Creates a new key structure
79 09:45:07.943 01/10/13 Sev = Info/4 IPSEC/0x6370000F
Adding key with SPI = 0xc5bfbe3e in the list of keys
80 09:45:07.943 01/10/13 Sev = Info/4 IPSEC/0x6370002F
Assigned WILL interface private addr 192.168.2.70
81 09:45:07.943 01/10/13 Sev = Info/4 IPSEC / 0 x 63700037
Configure the public interface: 96.11.251.149. SG: **.**.***.***
82 09:45:07.943 10/01/13 Sev = Info/6 CM / 0 x 63100046
Define indicator tunnel set up in the registry to 1.
83 09:45:13.459 01/10/13 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK INFO * (HASH, NOTIFY: DPD_REQUEST) to *. **. ***. ***
84 09:45:13.459 01/10/13 Sev = Info/6 IKE/0x6300003D
Upon request of the DPD to *. **. ***. , our seq # = 107205276
85 09:45:13.474 01/10/13 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
86 09:45:13.474 01/10/13 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:dpd_ack)="" from="">
87 09:45:13.474 01/10/13 Sev = Info/5 IKE / 0 x 63000040
Receipt of DPO ACK to *. **. ***. seq # receipt = 107205276, seq # expected is 107205276
88 09:45:15.959 01/10/13 Sev = Info/4 IPSEC / 0 x 63700019
Activate key dating SPI = 0x1c4cafaa key with SPI = 0xc5bfbe3e
89 09:46:00.947 10/01/13 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK INFO * (HASH, NOTIFY: DPD_REQUEST) to *. **. ***. ***
90 09:46:00.947 01/10/13 Sev = Info/6 IKE/0x6300003D
Upon request of the DPD to *. **. ***. , our seq # = 107205277
91 09:46:01.529 01/10/13 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
92 09:46:01.529 01/10/13 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:dpd_ack)="" from="">
93 09:46:01.529 01/10/13 Sev = Info/5 IKE / 0 x 63000040
Receipt of DPO ACK to *. **. ***. seq # receipt = 107205277, seq # expected is 107205277
94 09:46:11.952 01/10/13 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK INFO * (HASH, NOTIFY: DPD_REQUEST) to *. **. ***. ***
95 09:46:11.952 01/10/13 Sev = Info/6 IKE/0x6300003D
Upon request of the DPD to *. **. ***. , our seq # = 107205278
96 09:46:11.979 01/10/13 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = *. **. ***. ***
97 09:46:11.979 01/10/13 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:dpd_ack)="" from="">
98 09:46:11.979 01/10/13 Sev = Info/5 IKE / 0 x 63000040
Receipt of DPO ACK to *. **. ***. seq # receipt = 107205278, seq # expected is 107205278
---------------------------------------------------------------------------------------------------------------
Any help would be appreciated, thanks!
try to refuse the ACL (access-list AnyConnect_Client_Local_Print extended deny ip any one) at the end of the ACL.
-
This is my first post on this site. Hi all!
I have not really set up ASAs or VPN on Cisco devices before. Currently, I'm trying to configure a dial-up VPN between ASA devices, a 5505 and a 5510. The 5510 is supposed to be the server and the 5505 is supposed to be the easyvpn customer. The reason why I'm opting for remote access instead of site to site is that I much 5505 s on the remote I need to set up in the future, and they will be moving around a bit (I prefer not to have to follow the configs to site to site). The 5510 is not mobile. The ASA devices are able to ping to 8.8.8.8 as ping each other in the face of public IP address.
Neither SAA can ping IP private of other ASA (this part makes sense), and I am unable to SSH from a client on the side 5510 for internal interface (192) of the 5505. I wonder if someone more experienced in the remote VPN ASA than me is able to see something wrong with my setup? I glued sterilized configs of two ASAs below.
Thanks a lot for any assistance!
ASA 5510 (server)
ASA Version 8.0 (4)
!
hostname ASA5510
domain name
activate the
password encrypted passwd
encrypted names of
!
interface Ethernet0/0
nameif outside
security-level 0
IP 48.110.3.220 255.255.255.192
!
interface Ethernet0/1
nameif inside
security-level 100
IP 192.168.191.252 255.255.252.0
!
interface Ethernet0/2
Shutdown
No nameif
no level of security
no ip address
!
interface Ethernet0/3
Shutdown
No nameif
no level of security
no ip address
!
interface Management0/0
Shutdown
No nameif
no level of security
no ip address
!
passive FTP mode
DNS server-group DefaultDNS
domain name
permit same-security-traffic intra-interface
permit NONAT_VPN to access extended list ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0
VPN_REMOTE_IPS note EZ VPN REMOTE IP access-list VARIES
permit VPN_REMOTE_IPS to access extended list ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0
pager lines 24
Outside 1500 MTU
Within 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 613.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside) 0-list of access NONAT_VPN
Route outside 0.0.0.0 0.0.0.0 48.110.3.193 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
Enable http server
http 192.168.0.0 255.255.0.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-aes-192 TestVPN, esp-sha-hmac
86400 seconds, duration of life crypto ipsec security association
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto dynamic-map DYNAMIC - map 5 game of transformation-TestVPN
86400 seconds, crypto dynamic-card DYNAMIC-map 5 the duration value of security-association
cryptographic kilobytes 4608000 life of the set - the association of the DYNAMICS-Dynamics-card card 5 security
outside_map card crypto 86400 seconds, 1 lifetime of security association set
card crypto outside_map 1 set security-association life kilobytes 4608000
card crypto S2S - VPN 100 set security-association second life 86400
card crypto S2S - VPN 100 set security-association kilobytes of life 4608000
card crypto OUTSIDE_MAP 65530-isakmp ipsec DYNAMIC-map Dynamics
OUTSIDE_MAP interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 65535
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 1
SSH 192.168.0.0 255.255.0.0 inside
SSH timeout 15
Console timeout 30
management-access inside
priority-queue outdoors
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
internal EZVPN_GP group policy
EZVPN_GP group policy attributes
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list VPN_REMOTE_IPS
allow to NEM
username
password encrypted privilege 3 username
password encrypted privilege 15 type tunnel-group EZVPN_TUNNEL remote access
attributes global-tunnel-group EZVPN_TUNNEL
Group Policy - by default-EZVPN_GP
IPSec-attributes tunnel-group EZVPN_TUNNEL
pre-shared key
!
class-map inspection_default
match default-inspection-traffic
VOICE-CLASS class-map
match dscp ef
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map PRIORITY_POLICY
class CLASS VOICE
priority
matches of the QOS-TRAFFIC-OUT strategies
class class by default
average of form 154088000
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
inspect the icmp
!
global service-policy global_policy
context of prompt hostname
Cryptochecksum:10156ad7ab988ae7ed66c4b6d0b4712e
: end
ASA 5505 (Client)
ASA Version 8.2 (5)
!
ASA5505 hostname
activate the
password encrypted passwd
encrypted names of
!
interface Ethernet0/0
!
interface Ethernet0/1
switchport access vlan 2
!
interface Ethernet0/2
Shutdown
!
interface Ethernet0/3
Shutdown
!
interface Ethernet0/4
Shutdown
!
interface Ethernet0/5
Shutdown
!
interface Ethernet0/6
Shutdown
!
interface Ethernet0/7
Shutdown
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.19.1 255.255.255.192
!
interface Vlan2
nameif outside
security-level 0
IP 174.161.76.217 255.255.255.248
!
passive FTP mode
pager lines 24
Within 1500 MTU
Outside 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
Route outside 0.0.0.0 0.0.0.0 174.161.76.222 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
the ssh LOCAL console AAA authentication
Enable http server
http 192.168.0.0 255.255.0.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
crypto ISAKMP policy 65535
preshared authentication
3des encryption
sha hash
Group 2
life 86400
No encryption isakmp nat-traversal
Telnet timeout 5
SSH 192.168.0.0 255.255.0.0 inside
SSH 48.110.3.220 255.255.255.255 outside
SSH timeout 5
Console timeout 0
management-access inside
vpnclient Server 48.110.3.220
vpnclient mode network-extension-mode
vpnclient EZVPN_TUNNEL vpngroup password
vpnclient username
password a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
username
password encrypted privilege 15 !
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
Review the ip options
inspect the netbios
inspect the rsh
inspect the rtsp
inspect the skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect the tftp
inspect the sip
inspect xdmcp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
destination http address
https://Tools.Cisco.com/its/service/odd... DCEService
email address of destination
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:bd465cea07c060a409a2eade03b487dc
: end
Please follow this link to create a dynamic L2L Remote Server on ASA5510.
Here is a link for you to create the Site to Site vpn tunnel and the tunnel can be customer above tunnel dynamic L2L Server.
http://www.Cisco.com/en/us/products/ps5855/products_configuration_example09186a0080a9a7a3.shtml
Hope that helps.
If you have any questions, please ask.
Thank you
Rizwan James
-
My Mac has been hacked, abrupt configured mailboxes. Remote access?
Yesterday on my Mac a sudden notice appeared saying Exchange mail has been added. It was my old College e-mail although it should no longer be valid. Then a pop up says something invalid certificate and a person is faking d'[email protected]... Etc. Who is my former college. Then I tried to print something, and he says he can't trust my local printer and it took forever to print a document. Then 2 pop ups asking if I don't mind garguillo and other netbios to receive s of incoming connection, which I refused. I unplugged and changed the password of my iCloud. I don't have on the sharing options and I never configured this old email on my new Mac Pro retina. Is it possible, he had remote access? What could have happened? What are the main precautions to be safe on Apple devices? Can someone list them? I'm really worried. I have kaspersky from App Store download.
A
The first step and perhaps the only necessary one, is to get rid of your software "anti-virus". All these software are worse than useless on a Mac, and it may well be the cause of the problem, or make the problem worse.
Please remove "Kaspersky Security" by following the instructions on this page. If you have a different version of the product, the steps may be different. The product includes a Safari extension which may not be revoked by the uninstaller.
Back up all data before making any changes. Never install a software "anti-virus" or "anti-malware" again.
B
Verify that the date (including year) and the time indicated by your system clock is correct.
Maybe you are looking for
-
Why am I constantly asked to "reset my apple i.d.?"
Today I received 2 emails asking me to reset my Apple I.D.:? Why is it important? I have to assume that I used this information for a long time in this support group up what else do I need?
-
Laptop has no display at all, can't get into bios... Even logged on no display on an external monitor... Is it grilled? Anyone with a quick fix?
-
I discovered the following problem: Lack of default Reparse Point: (original path: C:\Users\dub_cm_auto\Application Data) (target path: C:\Users\dub_cm_auto\AppData\Roaming) I had no obvious problem, but I get this error when you perform a scan. Art
-
My WLC is AIR-CT-2504 soft version 8.0 AP is AIR-CAP1702I-C-K9 Internal DHCP using at the WLC. AP is not to join Here is the output showing AP. What should I do to solve the problem? AP5c83.8f38.0a98 >* 2 jan 22:42:45.999: DTLS_CLIENT_ERROR:... /CAPW
-
I'm new to IPS applications and I was wondering if there is any difference in the IPS software I installed on my router 1841 vs the IPS software on a 3825 router, I am looking into buying. On the 1841, I use IOS c1841-advsecurityk9 - mz.124 - 21.bin