Request throw his (swoosh) disappeared.

I have the latest update on the front, and for a while played his swoosh when he breaks apps. Now he's gone.

Any suggestions?

Here is the fix for the bug. http://forums.Palm.com/Palm/board/message?board.ID=weboshardware&message.ID=4677#M4677

Tags: HP Tablets

Similar Questions

  • His suddenly disappeared after switching to Verizon MiFi.

    Fix - its says that everything is working, but still no sound

    I don't know what you have (always post links to what you are referring to)
    but do it in this order.
     
    Start the second then the first automated services troubleshooting here
    http://support.Microsoft.com/GP/mats#tab2
     
    Hardware devices not detected or does not
    Problems with sound and audio or no sound
     
     
    --
    ..
    --
    "ragala" wrote in message news: 7d17e38a-62d 8-4617-87a 2 - fe87b27e3a9b...
    > Fix - its says that everything is working, but still no sound
     
     
  • His suddenly disappeared

    I have a Windows Vista Dell Inspiron 530, I have had for quite a few years.  Suddenly today, this is no sound.  If I open iTunes songs play at all.  If I try to play a video in Media Player, it says "Windows Media Player encountered a problem while playing the file.  For any additional help, click Help on the Web. "(if I click on help on the Web I get redirected to a page called 'Windows Media Player C00D11B1 error').  None of which plays a sound works.

    If I go to the sound section of the Control Panel, on the Read tab, there are 2 entries:

    1 - Audio digital display
    AMD High Definition Audio Device
    Not plugged
    (has a red arrow icon)

    Speakers
    RealTek High Definition Audio
    Working
    (has a green checkmark icon)

    I did not any changes to my computer and I got her yesterday.

    I hope someone can help me as I have * no. * idea what happened or how to fix it.

    Digital audio is the audio signal that goes through your HDMI output port. Unless you send an AV signal to something like an HDTV, you will not use it. This is why it says not connected.

    These adapter 6to4 entries are nothing to worry about. Just google and you will see why. I wouldn't want to ignore them.

    Access the partition of F12 during startup. When you see the Dell logo, it will provide two guests, F2 to enter the BIOS and F12 to access the utility partition. It is a non-windows environment to test the equipment.

  • Why one of my levels disappears?

    I created a design with four elements: Northwest, Northeast, Southeast and Southwest; each is on a separate level.   I created the NW object first, the copied and rotation 180 degrees to create the object DON'T and recolored.  I then copied the NW and objects NOT and turned 180 deg to create objects SE and so.   See below.

    without bg.JPG

    Now, I would like to add a background under each of them, but when I do, the NW object disappears.  See below.

    with bg.JPG

    I don't have a clue as to why this is happening.  I notice that small Meatball next to the scale that disappears is filled in, but it is empty for the other three levels.  But I don't know what mean two different types of Meatball.  Each layer has a group layer and sublayers 26.  Some of the subshells have different screen modes, and there is also an effect on a layer.  They look the same to me, but I could have missed something with so many layers.

    I use AI CS6 on a Dell computer.

    Lyell < == throw his hands in the air and shouting "Ah!" Woe! »

    The Meatball (AKA: layer target button), tells you that you have selected on this layer. You can click on this target, select the layers together too, or dragging them to the meatballs to another layer (very useful)

    With respect to the point of disappearing, I think it's because of a blending mode, such as light hard or soft light.

    You may accidentally apply a blending mode for the entire set layer

    1. Click on Meatball for the offending layer
    2. Change the normal blending mode

    Your appearance palette would look like this if you have had this problem.

    This icon looks like a Meatball, or pick you up at Deke McCelland? Deke at least gave it a better name.

  • the music on itunes keeps disappearing

    My son has re-synchronized his music on the iphone 6 several times recently and then some of his songs disappear less than 24 hours later? Help?  It seems to stay synched while on our home network but then the songs disappear once it arrives somewhere else - has something to do with the fact that it uses then another network?

    Music synchronized to an iPhone must stay turned on it regardless of the network that is currently using the device. Music Apple, iTunes game or iCloud music library was enabled anywhere? Is it actually connect to the library on your network home rather than copy media to the device?

    TT2

  • My text messages transfer disappeared with the 9.2.1 update

    My daughter did the 9.2.1 update today and now the Message Forwarding text on his iPhone6 disappeared completely while his lyrics are not transmitting to his iPad.

    I also had this problem. I went to settings > Messages and off the iMessage button. When you turn back on it, it should solve the problem!

  • Triggers his Windows 7 Pro 64 times randomly

    I had serious problems with my installs Windows 7 on my laptop and my main PC. It seems that when I use more then 1 request with his stops eventually...  For example... I'll be listening to Sirius online and play the Lord of the Rings Online... Finally, my sound stops, and the only way to get it back is to reboot.  I noticed that if I use Ventrilo the sound cuts more quickly (less than 15-30 minutes) as opposed to an hour or two, with other programs.

    I disabled the onboard sound which was a Realtek HD.
    I use a wireless Jabra GN9350 headset that is compatible Windows 7.

    The pilot of Miscrosoft for the GN9350 installed successfully and version 6.1.7600.16385 dated from 13/07/2009

    I chose 'STATUS QUO' in the tab Options SOUND think perhaps it might help... but it is not.

    Any help would be appreciated.  It is extremely unacceptable for me.

    Thanks in advance!

    One solution, that I discovered.  I have exactly the same problem except that I used a logitech headset.  Whenever your sound will cancel task manager open by pressing ALT + CTRL + DELETE or just do a right click on the taskbar and press start the Task Manager and find Audiodg.exe if it does not appear, make sure that you have show processes for all users.  Complete the Audiodg.exe process and the sound is working again.  For this cut faster with ventrilo I started running ventrilo as administrator and I set the priority of it high and I did have problems with it cutting faster.  Really lately, I have not had my sound cut out but once in 2 weeks when he allows to happen in 10-15 minutes...

    I hope this helps. Let me know if you have any questions

  • head turner activation results in my characters face, hair and eyes to disappear.

    Hey!

    So I made positions for my head of characters, they all look fine and work with keyboard commands, that I assigned, but when I activate the head Turner, at the front, his head disappears side of a piece of hair in the district stations, hair disappears, and in the position profile, her hair and the eyeball disappear.  I crossed checked with windego, and things are looking good, but I must be missing something.

    Two bonus bonus questions:

    1. in the quarter, and the profile its head detaches from the neck when I lie back but at the front, it works normally and do not detach. Any thoughts?

    2. I understand that I'm supposed to change the percentages of face (such as strength of head tilt and scale) individually, but they seep to have no effect. Thoughts?

    Thank you!!!

    Screen Shot 2016-06-04 at 3.58.01 PM.pngScreen Shot 2016-06-04 at 3.57.30 PM.pngScreen Shot 2016-06-04 at 3.57.07 PM.pngScreen Shot 2016-06-04 at 3.56.51 PM.pngScreen Shot 2016-06-04 at 3.56.25 PM.pngScreen Shot 2016-06-04 at 3.56.41 PM.png

    In Preview 3, head Turner is named 'before' layers containing layers as your "front wrap." To avoid this problem, extract 4 (out since early summer) will only match "front-end". For now, except for the "Front" group itself, just rename all layers with "before" in their name to something like 'frnt.

    In addition, to make sure lip sync & facial features work in all views, make sure you have the two Lip Sync behavior & applied face:

    (1) at the root (this is the default)

    (2) on all points of view with the exception of the façade (which is the first, so it is covered by the root ones)-that is to say shift left/right and left profile

    Yet once, extracted 4 fact disappear this complexity - the pair of root will be applied to all faces & mouths in the puppet.

  • Feature request: CurrentTransaction.setCurrentTransaction)

    CurrentTransaction uses thread local. In some cases, the control thread that performs a validation is on a different thread then one who throws his (e.g. weblogic pool of threads). CurrentTransaction is great. I wish I could reuse in this environment. Can you please add a setter that allows to separate the transaction underway (setCurrentTransaction (null)) or in combination with another one (setCurrentTransaction (txn))?

    See you soon,.
    -Adrian Cole

    No, you will need to use the environment and Transaction exclusively. CurrentTransaction won't be of any use, with this approach.

    -mark

  • Reinstalling Windows without installation disks

    Let me clarify some things that I think are made:

    Laptop = ideapad z575 which is a windows 7 64 bit computer.

    Windows wouldn't boot because it has an error since avg and update wondows - avg seem to be ashamed that their driver is the last show at startup but remove avg then showed another driver and it all points to a depth of problem.
    In short, I feel that a reinstallation is the best way forward.

    I saved my data sisters so happy to do a quick format and reinstall of windows 7 - have the serial number sticker, but no disk I do not think that it shipped in all.

    I didn't modify all partitions, but using a utility disk in the back that I was able to access it via the standard boot drive I can put another active partition... now to return back I had to create a bootable utility that I made from USB, it also allows me to inspect the readers through a windows interface.

    So I am here and able to do a lot in the back through my USB. I saw and was able to run a recovery program that is located on one of the partitions. But he told me that something was friends with readers and I think it's because of my defining a different partition as the only active.

    What is the next best step for me it feels exaggerated do not use partition lenovo gave to reinstall windows, hoping I wouldn't need browse and find/download all the drivers, etc... and not to mention updates of bios etc...

    I can say that I have the following discs and back access and access through GUI.

    When I say access via the GUI I found that I was able to do this system revoery options screen when he says click to search the drivers an interface will appear and where I can the eyebrows of all partitions and USB - which was pretty cool. The button says "Load Drivers" and from there, I can choose the partition and try and run one touch back.

    When he first boot from USB it looks like as it is by default and selects a Boot called drive (X and the default folder is the Windows/System32 folder.)

    Here are the disks or partitions I can see and explore

    Lenovo (C 27.5 Free GB GB 28.9 contains just request files and drivers.)

    Local disk (E it looks like there's a Windows installation on it that I can see my sistsers files in the my documents (I got these by using XCOPY to get the complete recursive directory and do be careful if you use just "copy" as it will ignore folders and files inside!)) For me, it's the normal bootable disc and one that is broken.
    349 GB free of 421 GB so this seems to confirm that it is the main trunk and use the partition.

    Local disk (D only 166 199MB MB no said no files and folders at least since the GUI - perhaps back can show me something...)

    Start (X 29.1 MB of free space of 31.5 MB I don't think it's my USB (NOT confirmed) the last modified date is 2009! he seems to have a windows installation - is possible to reinstall from that?) I tried to click on a setup.exe found here but it does not work via the GUI as it comes to find specific drivers is not not a general file Explorer.

    I have 2 drives USB also visible to help me. I got the above files to another on the ERD. And the 3rd is the CD. If these are known as CDROM (F, Reapir disk (G: I did that) and 32 GB Flash (H)

    Maybe I need to burn an iso install wondows in the latter. Who can be a last resort.

    What is perhaps a few right steps to take right now. I think I should be able to change my active partition and get a contact working again by reversing what I was doing back disk partition - don't remember the name... a few trial and error required.

    But I hope that with this info I can get my sisters laptop that works again. I think also that if I took it to a local shop they will simply be to format and reinstall windows 7 and drivers do not care to take the time to maybe get to a situation of factory. It is because the baisc economy. I don't want to go that route because I know I can do what I want to just make the best way.

    Knew nothing about this function - will keep in mind for the next window of time slows down or does not start - throw his toys out of the pram etc... suffering from windows computer slow? You are not alone

    In any case, I think I've sorted it. Hope that C is not too fragmented because I chose to not be complicated with a format and keep the original scores. In this way its just easier.

    Wifi that I had remembered to disable in the BIOS.

    If you want help about this, then please contact on twitter @cambsdigital

  • Help with customer 501 pix for the configuration of a site...

    Hello everyone, I am trying to set up a customer vpn site and after a few days

    I'm at the end of the roll.

    I'd appreciate ANY help or trick here.

    I tried to set up the config via CLI and PDM, all to nothing does not.

    Although the VPN client log shows the invalid password, I am convinced that the groupname password is correct.

    I use the Cisco VPN Client 5.0.07.0290 v.

    -----------------------------------------------------------------

    Here is HS worm of the PIX:

    Cisco PIX Firewall Version 6.3 (5)
    Cisco PIX Device Manager Version 3.0 (4)

    -----------------------------------------------------------------

    Here's my sh run w / passwords removed:

    pixfirewall # sh run
    : Saved
    :
    6.3 (5) PIX version
    interface ethernet0 10baset
    interface ethernet1 100full
    ethernet0 nameif outside security0
    nameif ethernet1 inside the security100
    activate the encrypted password to something
    that something encrypted passwd
    pixfirewall hostname
    domain ciscopix.com
    fixup protocol dns-length maximum 512
    fixup protocol ftp 21
    fixup protocol h323 h225 1720
    fixup protocol h323 ras 1718-1719
    fixup protocol http 80
    fixup protocol they 389
    fixup protocol rsh 514
    fixup protocol rtsp 554
    fixup protocol sip 5060
    fixup protocol sip udp 5060
    fixup protocol 2000 skinny
    fixup protocol smtp 25
    fixup protocol sqlnet 1521
    fixup protocol tftp 69
    names of
    access-list ping_acl allow icmp a whole
    permit 192.168.1.0 ip access list inside_outbound_nat0_acl 255.255.255.0 192.168
    . 50.48 255.255.255.248
    outside_cryptomap_dyn_20 ip access list allow any 192.168.50.48 255.255.255.248

    pager lines 24
    Outside 1500 MTU
    Within 1500 MTU
    IP address outside pppoe setroute
    IP address inside 192.168.1.1 255.255.255.0
    alarm action IP verification of information
    alarm action attack IP audit
    IP local pool vpnpool 192.168.50.50 - 192.168.50.55
    history of PDM activate
    ARP timeout 14400
    Global interface 10 (external)
    NAT (inside) 0-list of access inside_outbound_nat0_acl
    NAT (inside) 10 0.0.0.0 0.0.0.0 0 0
    Access-group ping_acl in interface outside
    Timeout xlate 03:00
    Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
    H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
    Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00
    Timeout, uauth 0:05:00 absolute
    GANYMEDE + Protocol Ganymede + AAA-server
    AAA-server GANYMEDE + 3 max-failed-attempts
    AAA-server GANYMEDE + deadtime 10
    RADIUS Protocol RADIUS AAA server
    AAA-server RADIUS 3 max-failed-attempts
    AAA-RADIUS deadtime 10 Server
    AAA-server local LOCAL Protocol
    Enable http server
    http 192.168.1.0 255.255.255.0 inside
    No snmp server location
    No snmp Server contact
    SNMP-Server Community public
    No trap to activate snmp Server
    enable floodguard
    Permitted connection ipsec sysopt
    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
    Dynamic crypto map outside_dyn_map 20 match address outside_cryptomap_dyn_20
    Crypto-map dynamic outside_dyn_map 20 the transform-set ESP-3DES-MD5 value
    map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
    outside_map interface card crypto outside
    ISAKMP allows outside
    part of pre authentication ISAKMP policy 20
    ISAKMP policy 20 3des encryption
    ISAKMP policy 20 md5 hash
    20 2 ISAKMP policy group
    ISAKMP duration strategy of life 20 86400
    vpngroup address vpnpool pool vpnaccessgroup
    vpngroup dns 192.168.1.1 Server vpnaccessgroup 192.168.1.11
    vpngroup wins 192.168.1.1 vpnaccessgroup-Server
    vpngroup vpnaccessgroup by default-field local.com
    vpngroup idle 1800 vpnaccessgroup-time
    something vpnaccessgroup vpngroup password
    Telnet 192.168.1.0 255.255.255.0 inside
    Telnet timeout 60
    SSH 192.168.1.0 255.255.255.0 inside
    SSH timeout 5
    Console timeout 0
    VPDN group pppoe_group request dialout pppoe
    VPDN group pppoe_group localname someone
    VPDN group ppp authentication pap pppoe_group
    VPDN username someone something
    dhcpd address 192.168.1.100 - 192.168.1.110 inside
    dhcpd dns 206.248.154.22 206.248.154.170
    dhcpd lease 3600
    dhcpd ping_timeout 750
    dhcpd outside auto_config
    dhcpd allow inside
    Terminal width 80
    Cryptochecksum:307fab2d0e3c5a82cebf9c76b9d7952a
    : end

    -----------------------------------------------------------------------------------------------

    Here is the log of pix in trying to connect with the client vpn cisco w / real IPs removed:

    crypto_isakmp_process_block:src: [cisco vpn client IP here], dest: [cisco PIX IP here] spt:64897 TPD:
    500
    Exchange OAK_AG
    ISAKMP (0): treatment ITS payload. Message ID = 0

    ISAKMP (0): audit ISAKMP transform 1 against 20 priority policy
    ISAKMP: encryption AES - CBC
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: long-acting prior auth (init)
    ISAKMP: type of life in seconds
    ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b
    ISAKMP: keylength 256
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): audit ISAKMP transform 2 against priority policy 20
    ISAKMP: encryption AES - CBC
    ISAKMP: MD5 hash
    ISAKMP: default group 2
    ISAKMP: long-acting prior auth (init)
    ISAKMP: type of life in seconds
    ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b
    ISAKMP: keylength 256
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): audit ISAKMP transform 3 against priority policy 20
    ISAKMP: encryption AES - CBC
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: preshared auth
    ISAKMP: type of life in seconds
    ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b
    ISAKMP: keylength 256
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): audit ISAKMP transform 4 against 20 priority policy
    ISAKMP: encryption AES - CBC
    ISAKMP: MD5 hash
    ISAKMP: default group 2
    ISAKMP: preshared auth
    ISAKMP: type of life in seconds
    ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b
    ISAKMP: keylength 256
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): audit ISAKMP transform 5 against priority policy 20
    ISAKMP: encryption AES - CBC
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: long-acting prior auth (init)
    ISAKMP: type of life in seconds
    ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b
    ISAKMP: keylength 128
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): audit ISAKMP transform against the policy of priority 20 6
    ISAKMP: encryption AES - CBC
    ISAKMP: MD5 hash
    ISAKMP: default group 2
    ISAKMP: long-acting prior auth (init)
    ISAKMP: type of life in seconds
    ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b
    ISAKMP: keylength 128
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): audit ISAKMP transform against the policy of priority 20 7
    ISAKMP: encryption AES - CBC
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: preshared auth
    ISAKMP: type of life in seconds
    ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b
    ISAKMP: keylength 128
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): audit ISAKMP transform 8 against priority policy 20
    ISAKMP: encryption AES - CBC
    ISAKMP: MD5 hash
    ISAKMP: default group 2
    ISAKMP: preshared auth
    ISAKMP: type of life in seconds
    ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b
    ISAKMP: keylength 128
    ISAKMP (0): atts are not acceptable. Next payload is 3
    ISAKMP (0): audit ISAKMP transform 9 against priority policy 20
    ISAKMP: 3DES-CBC encryption
    ISAKMP: hash SHA
    ISAKMP: default group 2
    ISAKMP: long-acting prior auth (init)
    ISAKMP: type of life in seconds
    ISAKMP: lifespan (IPV) 0x0 0 x 20 0xc4 0x9b
    ISAKMP (0): atts are not acceptable.
    crypto_isakmp_process_block:src:src: [cisco vpn client IP here], dest: [cisco pix IP here] spt:64897 TPD:
    500
    ISAKMP: error msg not encrypted
    crypto_isakmp_process_block:src: [cisco vpn client IP here], dest: [cisco pix IP here] spt:64897 TPD:
    500
    ISAKMP: error msg not encrypted
    pixfirewall #.

    ---------------------------------------------------------------------------------------------------------------

    Here is the log of the vpn client:

    363 16:07:58.953 01/07/10 Sev = Info/4 CM / 0 x 63100002
    Start the login process

    364 16:07:58.953 01/07/10 Sev = Info/4 CM / 0 x 63100004
    Establish a secure connection

    365 16:07:58.953 01/07/10 Sev = Info/4 CM / 0 x 63100024
    Attempt to connect with the server '[cisco pix IP here]. "

    366 16:07:58.953 01/07/10 Sev = Info/4 IKE / 0 x 63000001
    From IKE Phase 1 negotiation

    367 16:07:58.969 01/07/10 Sev = Info/4 IKE / 0 x 63000013
    SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) [cisco pix IP here]

    368 16:07:59.078 01/07/10 Sev = Info/4 IPSEC / 0 x 63700008
    IPSec driver started successfully

    369 07/01/10 Sev 16:07:59.078 = Info/4 IPSEC / 0 x 63700014
    Remove all keys

    370 16:08:00.110 01/07/10 Sev = Info/4 IKE / 0 x 63000014
    RECEIVING< isakmp="" oak="" ag="" (sa,="" vid(xauth),="" vid(dpd),="" vid(unity),="" vid(?),="" ke,="" id,="" non,="" hash)="" from="" [cisco="" pix="" ip="">

    371 16:08:00.110 01/07/10 Sev = WARNING/3 IKE/0xE3000057
    The HASH payload received cannot be verified

    372 16:08:00.110 01/07/10 Sev = WARNING/2 IKE/0xE300007E
    Failed the hash check... may be configured with password invalid group.

    373 16:08:00.110 01/07/10 Sev = WARNING/2 IKE/0xE300009B
    Impossible to authenticate peers (Navigator: 915)

    374 16:08:00.110 01/07/10 Sev = Info/4 IKE / 0 x 63000013
    SEND to > ISAKMP OAK INFO (NOTIFY: INVALID_HASH_INFO) [cisco pix IP here]

    375 16:08:00.110 01/07/10 Sev = Info/4 IKE / 0 x 63000013
    SEND to > ISAKMP OAK INFO (NOTIFY: AUTH_FAILED) [cisco pix IP here]

    376 16:08:00.110 01/07/10 Sev = WARNING/2 IKE/0xE30000A7
    SW unexpected error during the processing of negotiator aggressive Mode:(Navigator:2263)

    377 16:08:00.110 01/07/10 Sev = Info/4 IKE / 0 x 63000017
    Marking of IKE SA delete (I_Cookie = A152D516B07D9659 R_Cookie = 5F4B55C38C0A40F4) reason = DEL_REASON_IKE_NEG_FAILED

    378 16:08:01.078 01/07/10 Sev = Info/4 IKE/0x6300004B
    IKE negotiation to throw HIS (I_Cookie = A152D516B07D9659 R_Cookie = 5F4B55C38C0A40F4) reason = DEL_REASON_IKE_NEG_FAILED

    379 16:08:01.078 01/07/10 Sev = Info/4 CM / 0 x 63100014
    Could not establish the Phase 1 SA with the server "[cisco pix IP here]" due to the "DEL_REASON_IKE_NEG_FAILED".

    380 16:08:01.078 01/07/10 Sev = Info/4 IKE / 0 x 63000001
    Signal received IKE to complete the VPN connection

    381 16:08:01.078 01/07/10 Sev = Info/4 IPSEC / 0 x 63700014
    Remove all keys

    382 16:08:01.078 01/07/10 Sev = Info/4 IPSEC / 0 x 63700014
    Remove all keys

    383 16:08:01.078 01/07/10 Sev = Info/4 IPSEC / 0 x 63700014
    Remove all keys

    384 16:08:01.078 01/07/10 Sev = Info/4 IPSEC/0x6370000A
    IPSec driver successfully stopped

    Mmmm... What version of vpn client do you use?

    If you use the last being, it looks like you might have it downgrade to a version older than the version of your PIX is old enough.

  • 8.2 ASA failure phase2 ike ipsec

    I used the wizard to access remote vpn, IPSEC on an ASA 5510 security + running os version 8.2.

    Group: adminsbbs

    User: adminuser

    When connecting using the client, it says «fixing communications...» "and then it flashes and it is disconnected. Hoping the following debug output to help you will help me, so I didn't enter the config.

    What seems to be the cause of failure of the phase 2 of IKE?

    Since the ASA device:

    asa01 # 29 dec 18:54:16 [IKEv1 DEBUG]: IP = 3.4.249.124, IKE Peer included IKE fragmentation capability flags: Main Mode: real aggressive Mode: false

    29 Dec 18:54: 16 [IKEv1]: IP = 3.4.249.124, connection landed on tunnel_group adminsbbs

    29 Dec 18:54: 16 [IKEv1 DEBUG]: Group = adminsbbs, IP = 3.4.249.124, IKE SA proposal # 1, transform # 10 entry overall IKE acceptable matches # 1

    29 Dec 18:54: 16 [IKEv1]: Group = adminsbbs, IP = 3.4.249.124, status of automatic NAT detection: remote endpoint IS behind a NAT device this end is NOT behind a NAT device

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs username = adminuser, IP = 3.4.249.124, (adminuser) user authenticated.

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs username = adminuser, IP = 3.4.249.124, transaction mode attribute unhandled received: 5

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs, name of user = adminuser, IP = 3.4.249.124, Type of Client: Mac OS X Client Application Version: 4.9.01 (0100)

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs username = adminuser, IP = 3.4.249.124, assigned private IP 172.16.20.1 remote user address

    29 Dec 18:54: 26 [IKEv1 DEBUG]: Group = adminsbbs username = adminuser, IP = 3.4.249.124, fast Mode resumed treatment, Cert/Trans Exch/RM IDDM completed

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs username = adminuser, IP = 3.4.249.124, PHASE 1 COMPLETED

    29 Dec 18:54: 26 [IKEv1]: IP = 3.4.249.124, Keep-alive type for this connection: DPD

    29 Dec 18:54: 26 [IKEv1 DEBUG]: Group = adminsbbs, name of user = adminuser, IP = 3.4.249.124, timer to generate a new key to start P1: 82080 seconds.

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs username = adminuser, IP = 3.4.249.124, data received in payload ID remote Proxy Host: address 172.16.20.1, protocol 0, Port 0

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs, username = adminuser, IP = 3.4.249.124, received data IP Proxy local subnet in payload ID: address 0.0.0.0 Mask 0.0.0.0, protocol 0, Port 0

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs, name of user = adminuser, IP = 3.4.249.124, QM IsRekeyed its not found old addr

    29 Dec 18:54: 26 [IKEv1 DEBUG]: Group = adminsbbs username = adminuser, IP = 3.4.249.124, only Tunnel UDP-encapsulated and UDP-encapsulated-Transport mode NAT-Traversal-defined selection

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs username = adminuser, IP = 3.4.249.124, remote peer IKE configured crypto card: outside_dyn_map

    29 Dec 18:54: 26 [IKEv1 DEBUG]: Group = adminsbbs, name of user = adminuser, IP = 3.4.249.124, ITS processing IPSec payload

    29 Dec 18:54: 26 [IKEv1]: Phase 2 failed: Mismatched types of class attributes Mode of Encapsulation: RRs would be: UDP Tunnel(NAT-T) Cfg would be: Transport UDP

    29 Dec 18:54: 26 [IKEv1]: Phase 2 failed: Mismatched types of class attributes Mode of Encapsulation: RRs would be: UDP Tunnel(NAT-T) Cfg would be: Transport UDP

    29 Dec 18:54: 26 [IKEv1]: Phase 2 failed: Mismatched types of class attributes Mode of Encapsulation: RRs would be: UDP Tunnel(NAT-T) Cfg would be: Transport UDP

    29 Dec 18:54: 26 [IKEv1]: Phase 2 failed: Mismatched types of class attributes Mode of Encapsulation: RRs would be: UDP Tunnel(NAT-T) Cfg would be: Transport UDP

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs, username = adminuser, IP = 3.4.249.124, IPSec security association proposals found unacceptable.

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs, name of user = adminuser, IP = 3.4.249.124, error QM WSF (P2 struct & 0xcca2f140, mess id 0x374db953).

    29 Dec 18:54: 26 [IKEv1 DEBUG]: Group = adminsbbs, name of user = adminuser, IP = 3.4.249.124, case of mistaken IKE responder QM WSF (struct & 0xcca2f140) , : QM_DONE EV_ERROR--> QM_BLD_MSG2 EV_NEGO_SA--> QM_BLD_MSG2, EV_IS_REKEY--> QM_BLD_MSG2, EV_CONFIRM_SA--> QM_BLD_MSG2, EV_PROC_MSG--> QM_BLD_MSG2, EV_HASH_OK--> QM_BLD_MSG2, NullEvent--> QM_BLD_MSG2 EV_COMP_HASH

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs username = adminuser, IP = 3.4.249.124, Removing counterpart of table Correlator has failed, no match!

    29 Dec 18:54: 26 [IKEv1]: Group = adminsbbs username = adminuser, IP = 3.4.249.124, Session is be demolished. Reason: Phase 2

    29 Dec 18:54: 26 [IKEv1]: ignoring msg SA brand with Iddm 102400 dead because ITS removal

    29 Dec 18:54: 26 [IKEv1]: IP = 3.4.249.124, encrypted packet received with any HIS correspondent, drop

    The client connection:

    Cisco Systems VPN Client Version 4.9.01 (0100)

    Copyright (C) 1998-2006 Cisco Systems, Inc. All rights reserved.

    Type of client: Mac OS X

    Running: Darwin Darwin Kernel Version 10.5.0 10.5.0: Fri Nov 5 23:20:39 PDT 2010. root:XNU-1504.9.17~1/RELEASE_I386 i386

    365 19:09:13.384 29/12/2010 Sev = Info/4 CM / 0 x 43100002

    Start the login process

    366 19:09:13.385 29/12/2010 Sev = WARNING/2 CVPND / 0 x 83400011

    Send error - 28 package. ADR DST: 0xAC10D5FF, ADR Src: 0xAC10D501 (DRVIFACE:1158).

    367 19:09:13.385 29/12/2010 Sev = WARNING/2 CVPND / 0 x 83400011

    Send error - 28 package. ADR DST: 0xAC107FFF, ADR Src: 0xAC107F01 (DRVIFACE:1158).

    368 19:09:13.385 29/12/2010 Sev = Info/4 CM / 0 x 43100004

    Establish a connection using Ethernet

    369 19:09:13.385 12/29/2010 Sev = Info/4 CM / 0 x 43100024

    Attempt to connect with the server "1.2.0.14".

    370 19:09:13.385 12/29/2010 Sev = Info/4 CVPND / 0 x 43400019

    Separation of privileges: binding to the port: (500).

    371 19:09:13.387 29/12/2010 Sev = Info/4 CVPND / 0 x 43400019

    Separation of privileges: binding to the port: (4500).

    372 19:09:13.387 29/12/2010 Sev = Info/6 IKE/0x4300003B

    Attempts to establish a connection with 1.2.0.14.

    373 19:09:13.471 29/12/2010 Sev = Info/4 IKE / 0 x 43000013

    SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) at 1.2.0.14

    374 19:09:13.538 29/12/2010 Sev = Info/5 IKE/0x4300002F

    Received packet of ISAKMP: peer = 1.2.0.14

    375 19:09:13.538 29/12/2010 Sev = Info/4 IKE / 0 x 43000014

    RECEIVING< isakmp="" oak="" ag="" (sa,="" ke,="" non,="" id,="" hash,="" vid(unity),="" vid(xauth),="" vid(dpd),="" vid(nat-t),="" nat-d,="" nat-d,="" vid(frag),="" vid(?))="" from="">

    376 19:09:13.538 29/12/2010 Sev = Info/5 IKE / 0 x 43000001

    Peer is a compatible peer Cisco-Unity

    377 19:09:13.538 29/12/2010 Sev = Info/5 IKE / 0 x 43000001

    Peer supports XAUTH

    378 19:09:13.539 29/12/2010 Sev = Info/5 IKE / 0 x 43000001

    Peer supports the DPD

    379 19:09:13.539 29/12/2010 Sev = Info/5 IKE / 0 x 43000001

    Peer supports NAT - T

    380 19:09:13.539 29/12/2010 Sev = Info/5 IKE / 0 x 43000001

    Peer supports fragmentation IKE payloads

    381 19:09:13.622 29/12/2010 Sev = Info/6 IKE / 0 x 43000001

    IOS Vendor ID successful construction

    382 19:09:13.622 29/12/2010 Sev = Info/4 IKE / 0 x 43000013

    SENDING > ISAKMP OAK AG * (HASH, NOTIFY: NAT - D, NAT - D, VID (?), STATUS_INITIAL_CONTACT, VID (Unity)) at 1.2.0.14

    383 19:09:13.623 12/29/2010 Sev = Info/6 IKE / 0 x 43000055

    Sent a keepalive on the IPSec Security Association

    384 19:09:13.623 29/12/2010 Sev = Info/4 IKE / 0 x 43000083

    IKE port in use - Local Port = 0 x 1194, Remote Port = 0 x 1194

    385 19:09:13.623 29/12/2010 Sev = Info/5 IKE / 0 x 43000072

    Automatic NAT detection status:

    Remote endpoint is NOT behind a NAT device

    This effect is behind a NAT device

    386 19:09:13.623 29/12/2010 Sev = Info/4 CM/0x4310000E

    ITS established Phase 1.  1 crypto IKE Active SA, 0 IKE SA authenticated user in the system

    387 19:09:13.639 29/12/2010 Sev = Info/5 IKE/0x4300002F

    Received packet of ISAKMP: peer = 1.2.0.14

    388 19:09:13.639 29/12/2010 Sev = Info/4 IKE / 0 x 43000014

    RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

    389 19:09:13.639 12/29/2010 Sev = Info/4 CM / 0 x 43100015

    Launch application xAuth

    390 19:09:13.825 12/29/2010 Sev = Info/4 IPSEC / 0 x 43700008

    IPSec driver started successfully

    391 19:09:13.825 29/12/2010 Sev = Info/4 IPSEC / 0 x 43700014

    Remove all keys

    392 19:09:16.465 29/12/2010 Sev = Info/4 CM / 0 x 43100017

    xAuth application returned

    393 19:09:16.465 29/12/2010 Sev = Info/4 IKE / 0 x 43000013

    SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to 1.2.0.14

    394 19:09:16.480 29/12/2010 Sev = Info/5 IKE/0x4300002F

    Received packet of ISAKMP: peer = 1.2.0.14

    395 19:09:16.480 29/12/2010 Sev = Info/4 IKE / 0 x 43000014

    RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

    396 19:09:16.481 29/12/2010 Sev = Info/4 IKE / 0 x 43000013

    SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to 1.2.0.14

    397 19:09:16.481 29/12/2010 Sev = Info/4 CM/0x4310000E

    ITS established Phase 1.  1 crypto IKE Active SA, 1 IKE SA authenticated user in the system

    398 19:09:16.482 29/12/2010 Sev = Info/4 IKE / 0 x 43000013

    SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to 1.2.0.14

    399 19:09:16.498 29/12/2010 Sev = Info/5 IKE/0x4300002F

    Received packet of ISAKMP: peer = 1.2.0.14

    400 19:09:16.498 12/29/2010 Sev = Info/4 IKE / 0 x 43000014

    RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

    401 19:09:16.498 29/12/2010 Sev = Info/5 IKE / 0 x 43000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = 172.16.20.1

    402 19:09:16.498 29/12/2010 Sev = Info/5 IKE / 0 x 43000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK:, value = 255.255.255.0

    403 19:09:16.498 29/12/2010 Sev = Info/5 IKE / 0 x 43000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = 1.2.2.2

    404 19:09:16.498 29/12/2010 Sev = Info/5 IKE / 0 x 43000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (2):, value = 1.2.2.22

    405 19:09:16.498 29/12/2010 Sev = Info/5 IKE/0x4300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000000

    406 19:09:16.498 29/12/2010 Sev = Info/5 IKE/0x4300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SPLIT_INCLUDE (# of split_nets), value = 0 x 00000003

    407 19:09:16.498 12/29/2010 Sev = Info/5 IKE/0x4300000F

    SPLIT_NET #1

    subnet 10.10.10.0 =

    mask = 255.255.255.0

    Protocol = 0

    SRC port = 0

    port dest = 0

    408 19:09:16.498 29/12/2010 Sev = Info/5 IKE/0x4300000F

    SPLIT_NET #2

    subnet = 1.2.31.0

    mask = 255.255.255.0

    Protocol = 0

    SRC port = 0

    port dest = 0

    409 19:09:16.498 29/12/2010 Sev = Info/5 IKE/0x4300000F

    SPLIT_NET #3

    subnet = 1.2.8.0

    mask = 255.255.255.0

    Protocol = 0

    SRC port = 0

    port dest = 0

    410 19:09:16.498 29/12/2010 Sev = Info/5 IKE/0x4300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS:, value = 0x00000000

    411 19:09:16.499 29/12/2010 Sev = Info/5 IKE/0x4300000E

    MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc. ASA5510 Version 8.2 (2) built by manufacturers on Tuesday, January 11, 10 14:19

    412 19:09:16.499 29/12/2010 Sev = Info/5 IKE/0x4300000D

    MODE_CFG_REPLY: Attribute = received and by using the NAT - T port number, value = 0 x 00001194

    413 19:09:16.499 29/12/2010 Sev = Info/4 CM / 0 x 43100019

    Data in mode Config received

    414 19:09:16.500 29/12/2010 Sev = Info/4 IKE / 0 x 43000056

    Received a request from key driver: local IP = 192.168.0.103, GW IP = 1.2.0.14, Remote IP = 0.0.0.0

    415 19:09:16.500 2010-12-29 Sev = Info/4 IKE / 0 x 43000013

    SEND to > ISAKMP OAK QM * (HASH, SA, NO, ID, ID) to 1.2.0.14

    416 19:09:16.517 29/12/2010 Sev = Info/5 IKE/0x4300002F

    Received packet of ISAKMP: peer = 1.2.0.14

    417 19:09:16.517 29/12/2010 Sev = Info/4 IKE / 0 x 43000014

    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">

    418 19:09:16.517 29/12/2010 Sev = Info/5 IKE / 0 x 43000045

    Answering MACHINE-LIFE notify has value of 86400 seconds

    419 19:09:16.517 29/12/2010 Sev = Info/5 IKE / 0 x 43000047

    This SA has been alive for 3 seconds, affecting seconds expired 86397 now

    420 19:09:16.518 12/29/2010 Sev = Info/5 IKE/0x4300002F

    Received packet of ISAKMP: peer = 1.2.0.14

    421 19:09:16.518 12/29/2010 Sev = Info/4 IKE / 0 x 43000014

    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:no_proposal_chosen)="" from="">

    422 19:09:16.518 29/12/2010 Sev = Info/4 IKE / 0 x 43000013

    SEND to > ISAKMP OAK INFO *(HASH, DEL) to 1.2.0.14

    423 19:09:16.518 29/12/2010 Sev = Info/4 IKE / 0 x 43000049

    IPsec security association negotiation made scrapped, MsgID = FCB95275

    424 19:09:16.518 29/12/2010 Sev = Info/4 IKE / 0 x 43000017

    Marking of IKE SA delete (I_Cookie = 4BEBFA4F685D02E9 R_Cookie = 6A6CB439CD58F148) reason = DEL_REASON_IKE_NEG_FAILED

    425 19:09:16.520 29/12/2010 Sev = Info/5 IKE/0x4300002F

    Received packet of ISAKMP: peer = 1.2.0.14

    426 19:09:16.520 29/12/2010 Sev = Info/4 IKE / 0 x 43000058

    Received an ISAKMP for a SA message no assets, I_Cookie = 4BEBFA4F685D02E9 R_Cookie = 6A6CB439CD58F148

    427 19:09:16.520 29/12/2010 Sev = Info/4 IKE / 0 x 43000014

    RECEIVING< isakmp="" oak="" info="" *(dropped)="" from="">

    428 19:09:17.217 29/12/2010 Sev = Info/4 IPSEC / 0 x 43700014

    Remove all keys

    429 19:09:19.719 29/12/2010 Sev = Info/4 IKE/0x4300004B

    IKE negotiation to throw HIS (I_Cookie = 4BEBFA4F685D02E9 R_Cookie = 6A6CB439CD58F148) reason = DEL_REASON_IKE_NEG_FAILED

    430 19:09:19.719 29/12/2010 Sev = Info/4 CM / 0 x 43100012

    ITS phase 1 deleted before first Phase 2 SA is caused by "DEL_REASON_IKE_NEG_FAILED".  Crypto 0 Active IKE SA, 0 IKE SA authenticated user in the system

    431 19:09:19.719 29/12/2010 Sev = Info/5 CM / 0 x 43100025

    Initializing CVPNDrv

    432 19:09:19.719 29/12/2010 Sev = Info/4 CVPND/0x4340001F

    Separation of privileges: restore MTU on the main interface.

    433 19:09:19.719 29/12/2010 Sev = Info/4 IKE / 0 x 43000001

    Signal received IKE to complete the VPN connection

    434 19:09:20.719 29/12/2010 Sev = Info/4 IPSEC / 0 x 43700014

    Remove all keys

    435 19:09:20.719 29/12/2010 Sev = Info/4 IPSEC / 0 x 43700014

    Remove all keys

    436 19:09:20.719 29/12/2010 Sev = Info/4 IPSEC / 0 x 43700014

    Remove all keys

    437 19:09:20.719 29/12/2010 Sev = Info/4 IPSEC/0x4370000A

    IPSec driver successfully stopped

    Hello 3moloz123,

    Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5

    Crypto ipsec transform-set transit mode TRANS_ESP_3DES_MD5

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

    1. the reason why the VPN remote access (RA) couldn't form with success before the passage of TRANS_ESP_3DES_MD5 to ESP_3DES_MD5 is the mode of transport is not supported for RA VPN.  You must use Tunnel mode for the processing of IPSec together we must maintain the IP header inside so that, once the package is decapsules and decrypted at the head of IPSec end we can transfer the package.

    In the newspapers, you can see this failure

    29 Dec 18:54: 26 [IKEv1]: Phase 2 failed: Mismatched types of class attributes Mode of Encapsulation: RRs would be: UDP Tunnel(NAT - T) Cfg had: UDP Transport

    Repeat x 4

    RRS of transformation all sent by the RA Client.  Cfg would be is that the dynamic encryption card supports.

    2. the isakmp policy change was unnecessary, the Phase 1 session came fine ISAKMP indicating worked.  Phase 2 begins only after a successful Phase 1 (session ISAKMP).

    After failing to build Phase 2 (child SA) we drop the ISAKMP Security Association since it is not used.

    I hope that answers your questions.

    Kind regards
    Craig

  • Error of customer Cisco VPN connection ASA 5505

    I am unable to connect to the vpn I created on my ASA 5505 using the Cisco VPN Client on a Windows machine. The log of the vpn client and the config of the ASA 5505 is lower. Any help to solve this is appreciated.

    CISCO VPN CLIENT LOG

    Cisco Systems VPN Client Version 5.0.06.0160

    Copyright (C) 1998-2009 Cisco Systems, Inc.. All rights reserved.

    Customer type: Windows, Windows NT

    Running: 6.1.7600

    Config files directory: C:\Program Cisco Systems Client\

    1 09:34:23.030 13/04/11 Sev = Info/4 CM / 0 x 63100002

    Start the login process

    2 09:34:23.061 13/04/11 Sev = Info/4 CM / 0 x 63100004

    Establish a secure connection

    3 09:34:23.061 13/04/11 Sev = Info/4 CM / 0 x 63100024

    Attempt to connect with the server "71.xx.xx.253".

    4 09:34:23.061 13/04/11 Sev = Info/6 IKE/0x6300003B

    Attempts to establish a connection with 71.xx.xx.253.

    5 09:34:23.061 13/04/11 Sev = Info/4 IKE / 0 x 63000001

    From IKE Phase 1 negotiation

    6 09:34:23.077 13/04/11 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) at 71.xx.xx.253

    7 09:34:23.170 13/04/11 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = 71.xx.xx.253

    8 09:34:23.170 13/04/11 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" ag="" (sa,="" ke,="" non,="" id,="" hash,="" vid(unity),="" vid(xauth),="" vid(dpd),="" vid(nat-t),="" nat-d,="" nat-d,="" vid(frag),="" vid(?))="" from="">

    9 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001

    Peer is a compatible peer Cisco-Unity

    10 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001

    Peer supports XAUTH

    11 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001

    Peer supports the DPD

    12 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001

    Peer supports NAT - T

    13 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001

    Peer supports fragmentation IKE payloads

    14 09:34:23.170 13/04/11 Sev = Info/6 IKE / 0 x 63000001

    IOS Vendor ID successful construction

    15 09:34:23.170 13/04/11 Sev = Info/4 IKE / 0 x 63000013

    SENDING > ISAKMP OAK AG * (HASH, NOTIFY: NAT - D, NAT - D, VID (?), STATUS_INITIAL_CONTACT, VID (Unity)) at 71.xx.xx.253

    16 09:34:23.170 13/04/11 Sev = Info/6 IKE / 0 x 63000055

    Sent a keepalive on the IPSec Security Association

    17 09:34:23.170 13/04/11 Sev = Info/4 IKE / 0 x 63000083

    IKE port in use - Local Port = 0xEB07, Remote Port = 0 x 1194

    18 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000072

    Automatic NAT detection status:

    Remote endpoint is NOT behind a NAT device

    This effect is behind a NAT device

    19 09:34:23.170 13/04/11 Sev = Info/4 CM/0x6310000E

    ITS established Phase 1.  1 crypto IKE Active SA, 0 IKE SA authenticated user in the system

    20 09:34:23.170 13/04/11 Sev = Info/4 CM/0x6310000E

    ITS established Phase 1.  1 crypto IKE Active SA, 1 IKE SA authenticated user in the system

    21 09:34:23.186 13/04/11 Sev = Info/5 IKE/0x6300005E

    Customer address a request from firewall to hub

    22 09:34:23.186 13/04/11 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to 71.xx.xx.253

    23 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = 71.xx.xx.253

    24 09:34:23.248 13/04/11 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

    25 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = 172.26.6.1

    26 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK:, value = 255.255.0.0

    27 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = 172.26.0.250

    28 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (2):, value = 172.26.0.251

    29 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000000

    30 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000E

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN:, value = TLCUSA

    31 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS:, value = 0x00000000

    32 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000E

    MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc. ASA5505 Version 8.2 (1) built by manufacturers on Wednesday 5 May 09 22:45

    33 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT:, value = 0x00000001

    34 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = received and by using the NAT - T port number, value = 0 x 00001194

    35 09:34:23.248 13/04/11 Sev = Info/4 CM / 0 x 63100019

    Data in mode Config received

    36 09:34:23.264 13/04/11 Sev = Info/4 IKE / 0 x 63000056

    Received a request from key driver: local IP = 172.26.6.1, GW IP = 71.xx.xx.253, Remote IP = 0.0.0.0

    37 09:34:23.264 13/04/11 Sev = Info/4 IKE / 0 x 63000013

    SEND to > QM ISAKMP OAK * (HASH, SA, NO, ID, ID) to 71.xx.xx.253

    38 09:34:23.326 13/04/11 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = 71.xx.xx.253

    39 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">

    40 09:34:23.326 13/04/11 Sev = Info/5 IKE / 0 x 63000045

    Answering MACHINE-LIFE notify has value of 86400 seconds

    41 09:34:23.326 13/04/11 Sev = Info/5 IKE / 0 x 63000047

    This AA is already living from 0 seconds, setting the expiration to 86400 seconds right now

    42 09:34:23.326 13/04/11 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = 71.xx.xx.253

    43 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:no_proposal_chosen)="" from="">

    44 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK INFO *(HASH, DEL) to 71.xx.xx.253

    45 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000049

    IPsec security association negotiation made scrapped, MsgID = 89EE7032

    46 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000017

    Marking of IKE SA delete (I_Cookie = 2617522400DC1763 R_Cookie = 029325381036CCD8) reason = DEL_REASON_IKE_NEG_FAILED

    47 09:34:23.326 13/04/11 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = 71.xx.xx.253

    48 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000058

    Received an ISAKMP for a SA message no assets, I_Cookie = 2617522400DC1763 R_Cookie = 029325381036CCD8

    49 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" info="" *(dropped)="" from="">

    50 09:34:26.696 13/04/11 Sev = Info/4 IKE/0x6300004B

    IKE negotiation to throw HIS (I_Cookie = 2617522400DC1763 R_Cookie = 029325381036CCD8) reason = DEL_REASON_IKE_NEG_FAILED

    51 09:34:26.696 13/04/11 Sev = Info/4 CM / 0 x 63100012

    ITS phase 1 deleted before first Phase 2 SA is caused by "DEL_REASON_IKE_NEG_FAILED".  Crypto 0 Active IKE SA, 0 IKE SA authenticated user in the system

    52 09:34:26.696 13/04/11 Sev = Info/5 CM / 0 x 63100025

    Initializing CVPNDrv

    53 09:34:26.696 13/04/11 Sev = Info/6 CM / 0 x 63100046

    Set indicator established tunnel to register to 0.

    54 09:34:26.696 13/04/11 Sev = Info/4 IKE / 0 x 63000001

    Signal received IKE to complete the VPN connection

    ----------------------------------------------------------------------------------------

    ASA 5505 CONFIG

    : Saved

    :

    ASA Version 8.2 (1)

    !

    ciscoasa hostname

    domain masociete.com

    activate tdkuTUSh53d2MT6B encrypted password

    2KFQnbNIdI.2KYOU encrypted passwd

    names of

    !

    interface Vlan1

    nameif inside

    security-level 100

    IP 172.26.0.252 255.255.0.0

    !

    interface Vlan2

    nameif outside

    security-level 0

    IP address 71.xx.xx.253 255.255.255.240

    !

    interface Ethernet0/0

    switchport access vlan 2

    Speed 100

    full duplex

    !

    interface Ethernet0/1

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    !

    interface Ethernet0/4

    !

    interface Ethernet0/5

    !

    interface Ethernet0/6

    !

    interface Ethernet0/7

    !

    passive FTP mode

    clock timezone IS - 5

    clock to summer time EDT recurring

    DNS server-group DefaultDNS

    domain masociete.com

    access-list LIMU_Split_Tunnel_List note the network of the company behind the ASA

    Standard access list LIMU_Split_Tunnel_List allow 172.26.0.0 255.255.0.0

    outside_access_in list extended access permit icmp any one

    outside_access_in list extended access udp allowed any any eq 4500

    outside_access_in list extended access udp allowed any any eq isakmp

    outside_access_in list extended access permit tcp any host 71.xx.xxx.251 eq ftp

    outside_access_in list extended access permit tcp any host 71.xx.xxx.244 eq 3389

    inside_outbound_nat0_acl list of allowed ip extended access all 172.26.5.192 255.255.255.240

    inside_outbound_nat0_acl list of allowed ip extended access all 172.26.6.0 255.255.255.128

    pager lines 24

    Enable logging

    asdm of logging of information

    Outside 1500 MTU

    Within 1500 MTU

    local pool VPN_POOL 172.26.6.1 - 172.26.6.100 255.255.0.0 IP mask

    ICMP unreachable rate-limit 1 burst-size 1

    enable ASDM history

    ARP timeout 14400

    Global 1 interface (outside)

    NAT (inside) 0-list of access inside_outbound_nat0_acl

    NAT (inside) 1 0.0.0.0 0.0.0.0

    static (inside, outside) 71.xx.xxx.251 172.26.5.9 netmask 255.255.255.255

    static (inside, outside) 71.xx.xxx.244 172.26.0.136 netmask 255.255.255.255

    Access-group outside_access_in in interface outside

    Route outside 0.0.0.0 0.0.0.0 71.xx.xxx.241 1

    Timeout xlate 03:00

    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

    timeout tcp-proxy-reassembly 0:01:00

    dynamic-access-policy-registration DfltAccessPolicy

    GANYMEDE + Protocol Ganymede + AAA-server

    RADIUS Protocol RADIUS AAA server

    Enable http server

    http 172.26.0.0 255.255.0.0 inside

    No snmp server location

    No snmp Server contact

    Server enable SNMP traps snmp authentication linkup, linkdown cold start

    Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5

    Crypto ipsec transform-set transit mode TRANS_ESP_3DES_MD5

    Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA

    Crypto ipsec transform-set transit mode TRANS_ESP_3DES_SHA

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

    life crypto ipsec security association seconds 28800

    Crypto ipsec kilobytes of life - safety 4608000 association

    Crypto-map dynamic outside_dyn_map 20 game of transformation-TRANS_ESP_3DES_MD5

    map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map

    outside_map interface card crypto outside

    crypto ISAKMP allow outside

    crypto ISAKMP policy 10

    preshared authentication

    3des encryption

    md5 hash

    Group 2

    life 86400

    crypto ISAKMP policy 30

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    Telnet timeout 5

    SSH timeout 5

    Console timeout 0

    dhcpd outside auto_config

    !

    no basic threat threat detection

    no statistical access list - a threat detection

    no statistical threat detection tcp-interception

    WebVPN

    internal DefaultRAGroup group strategy

    attributes of Group Policy DefaultRAGroup

    value of server WINS 172.26.0.250 172.26.0.251

    value of 172.26.0.250 DNS server 172.26.0.251

    Protocol-tunnel-VPN IPSec l2tp ipsec svc

    value by default-field TLCUSA

    internal LIMUVPNPOL1 group policy

    LIMUVPNPOL1 group policy attributes

    value of 172.26.0.250 DNS server 172.26.0.251

    VPN-idle-timeout 30

    Protocol-tunnel-VPN IPSec l2tp ipsec

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list LIMU_Split_Tunnel_List

    the address value VPN_POOL pools

    internal TLCVPNGROUP group policy

    TLCVPNGROUP group policy attributes

    value of 172.26.0.250 DNS server 172.26.0.251

    Protocol-tunnel-VPN IPSec l2tp ipsec svc

    Re-xauth disable

    enable IPSec-udp

    value by default-field TLCUSA

    barry.julien YCkQv7rLwCSNRqra06 + QXg password user name is nt encrypted privilege 0

    username barry.julien attributes

    VPN-group-policy TLCVPNGROUP

    Protocol-tunnel-VPN IPSec l2tp ipsec

    bjulien bhKBinDUWhYqGbP4 encrypted password username

    username bjulien attributes

    VPN-group-policy TLCVPNGROUP

    attributes global-tunnel-group DefaultRAGroup

    address VPN_POOL pool

    Group Policy - by default-DefaultRAGroup

    IPSec-attributes tunnel-group DefaultRAGroup

    pre-shared-key *.

    tunnel-group DefaultRAGroup ppp-attributes

    no authentication ms-chap-v1

    ms-chap-v2 authentication

    type tunnel-group TLCVPNGROUP remote access

    attributes global-tunnel-group TLCVPNGROUP

    address VPN_POOL pool

    Group Policy - by default-TLCVPNGROUP

    IPSec-attributes tunnel-group TLCVPNGROUP

    pre-shared-key *.

    ISAKMP ikev1-user authentication no

    tunnel-group TLCVPNGROUP ppp-attributes

    PAP Authentication

    ms-chap-v2 authentication

    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    type of policy-card inspect dns preset_dns_map

    parameters

    message-length maximum 512

    Policy-map global_policy

    class inspection_default

    inspect the preset_dns_map dns

    inspect the ftp

    inspect h323 h225

    inspect the h323 ras

    inspect the rsh

    inspect the rtsp

    inspect esmtp

    inspect sqlnet

    inspect the skinny

    inspect sunrpc

    inspect xdmcp

    inspect the sip

    inspect the netbios

    inspect the tftp

    !

    global service-policy global_policy

    context of prompt hostname

    Cryptochecksum:b94898c163c59cee6c143943ba87e8a4

    : end

    enable ASDM history

    can you try to change the transformation of dynamic value ESP-3DES-SHA map.

    for example

    remove the encryption scheme dynamic-map outside_dyn_map 20 transform-set TRANS_ESP_3DES_MD5

    and replace with

    Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA

  • Problem with remote access VPN on ASA 5505

    I currently have a problem of an ASA 5505 configuration to connect via VPN remote access by using the Cisco VPN Client 5.0.07.0440 under Windows 8 Pro x 64. The VPN client will prompt you for the user name and password during the connection process, but fails soon after.

    The VPN client connects is as follows:

    ---------------------------------------------------------------------------------------------------------------------------------------

    Cisco Systems VPN Client Version 5.0.07.0440

    Copyright (C) 1998-2010 Cisco Systems, Inc.. All rights reserved.

    Customer type: Windows, Windows NT

    Running: 6.2.9200

    2 15:09:21.240 11/12/12 Sev = Info/4 CM / 0 x 63100002

    Start the login process

    3 15:09:21.287 11/12/12 Sev = Info/4 CM / 0 x 63100004

    Establish a secure connection

    4 15:09:21.287 11/12/12 Sev = Info/4 CM / 0 x 63100024

    Attempt to connect with the server "*." **. ***. *** »

    5 15:09:21.287 11/12/12 Sev = Info/6 IKE/0x6300003B

    Try to establish a connection with *. **. ***. ***.

    6 15:09:21.287 11/12/12 Sev = Info/4 IKE / 0 x 63000001

    From IKE Phase 1 negotiation

    7 15:09:21.303 11/12/12 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) to *. **. ***. ***

    8 15:09:21.365 11/12/12 Sev = Info/6 GUI/0x63B00012

    Attributes of the authentication request is 6: 00.

    9 15:09:21.334 11/12/12 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    10 15:09:21.334 11/12/12 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" ag="" (sa,="" ke,="" non,="" id,="" hash,="" vid(unity),="" vid(xauth),="" vid(dpd),="" vid(nat-t),="" nat-d,="" nat-d,="" vid(frag),="" vid(?))="" from="">

    11 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001

    Peer is a compatible peer Cisco-Unity

    12 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001

    Peer supports XAUTH

    13 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001

    Peer supports the DPD

    14 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001

    Peer supports NAT - T

    15 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000001

    Peer supports fragmentation IKE payloads

    16 15:09:21.334 11/12/12 Sev = Info/6 IKE / 0 x 63000001

    IOS Vendor ID successful construction

    17 15:09:21.334 11/12/12 Sev = Info/4 IKE / 0 x 63000013

    SENDING > ISAKMP OAK AG * (HASH, NOTIFY: NAT - D, NAT - D, VID (?), STATUS_INITIAL_CONTACT, VID (Unity)) to *. **. ***. ***

    18 15:09:21.334 11/12/12 Sev = Info/6 IKE / 0 x 63000055

    Sent a keepalive on the IPSec Security Association

    19 15:09:21.334 11/12/12 Sev = Info/4 IKE / 0 x 63000083

    IKE port in use - Local Port = 0xFBCE, Remote Port = 0 x 1194

    20 15:09:21.334 11/12/12 Sev = Info/5 IKE / 0 x 63000072

    Automatic NAT detection status:

    Remote endpoint is NOT behind a NAT device

    This effect is behind a NAT device

    21 15:09:21.334 11/12/12 Sev = Info/4 CM/0x6310000E

    ITS established Phase 1.  1 crypto IKE Active SA, 0 IKE SA authenticated user in the system

    22 15:09:21.365 11/12/12 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    23 15:09:21.365 11/12/12 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

    24 15:09:21.365 11/12/12 Sev = Info/4 CM / 0 x 63100015

    Launch application xAuth

    25 15:09:21.474 11/12/12 Sev = Info/4 IPSEC / 0 x 63700008

    IPSec driver started successfully

    26 15:09:21.474 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014

    Remove all keys

    27 15:09:27.319 11/12/12 Sev = Info/4 CM / 0 x 63100017

    xAuth application returned

    28 15:09:27.319 11/12/12 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***

    29 15:09:27.365 11/12/12 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    30 15:09:27.365 11/12/12 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

    31 15:09:27.365 11/12/12 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***

    32 15:09:27.365 11/12/12 Sev = Info/4 CM/0x6310000E

    ITS established Phase 1.  1 crypto IKE Active SA, 1 IKE SA authenticated user in the system

    33 15:09:27.365 11/12/12 Sev = Info/5 IKE/0x6300005E

    Customer address a request from firewall to hub

    34 15:09:27.365 11/12/12 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to *. **. ***. ***

    35 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    36 15:09:27.397 11/12/12 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">

    37 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = 192.168.2.70

    38 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK:, value = 255.255.255.0

    39 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = 192.168.2.1

    40 15:09:27.397 11/12/12 Sev = Info/5 IKE / 0 x 63000010

    MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (2):, value = 8.8.8.8

    41 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000001

    42 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000E

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN:, value = NCHCO

    43 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS:, value = 0x00000000

    44 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000E

    MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc. ASA5505 Version 8.2 (5) built by manufacturers on Saturday, May 20, 11 16:00

    45 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT:, value = 0x00000001

    46 15:09:27.397 11/12/12 Sev = Info/5 IKE/0x6300000D

    MODE_CFG_REPLY: Attribute = received and by using the NAT - T port number, value = 0 x 00001194

    47 15:09:27.397 11/12/12 Sev = Info/4 CM / 0 x 63100019

    Data in mode Config received

    48 15:09:27.412 11/12/12 Sev = Info/4 IKE / 0 x 63000056

    Received a request from key driver: local IP = 192.168.2.70, GW IP = *. **. ***. remote IP address = 0.0.0.0

    49 15:09:27.412 11/12/12 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK QM * (HASH, SA, NO, ID, ID) to *. **. ***. ***

    50 15:09:27.444 11/12/12 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    51 15:09:27.444 11/12/12 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">

    52 15:09:27.444 11/12/12 Sev = Info/5 IKE / 0 x 63000045

    Answering MACHINE-LIFE notify has value of 86400 seconds

    53 15:09:27.444 11/12/12 Sev = Info/5 IKE / 0 x 63000047

    This SA was already alive for 6 seconds, setting expiration 86394 seconds now

    54 15:09:27.459 11/12/12 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    55 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:no_proposal_chosen)="" from="">

    56 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000013

    SEND to > ISAKMP OAK INFO *(HASH, DEL) to *. **. ***. ***

    57 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000049

    IPsec security association negotiation made scrapped, MsgID = CE99A8A8

    58 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000017

    Marking of IKE SA delete (I_Cookie = A3A341F1C7606AD5 R_Cookie = F1F403018625E924) reason = DEL_REASON_IKE_NEG_FAILED

    59 15:09:27.459 11/12/12 Sev = Info/5 IKE/0x6300002F

    Received packet of ISAKMP: peer = *. **. ***. ***

    60 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000058

    Received an ISAKMP for a SA message no assets, I_Cookie = A3A341F1C7606AD5 R_Cookie = F1F403018625E924

    61 15:09:27.459 11/12/12 Sev = Info/4 IKE / 0 x 63000014

    RECEIVING< isakmp="" oak="" info="" *(dropped)="" from="">

    62 15:09:27.490 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014

    Remove all keys

    63 15:09:30.475 11/12/12 Sev = Info/4 IKE/0x6300004B

    IKE negotiation to throw HIS (I_Cookie = A3A341F1C7606AD5 R_Cookie = F1F403018625E924) reason = DEL_REASON_IKE_NEG_FAILED

    64 15:09:30.475 11/12/12 Sev = Info/4 CM / 0 x 63100012

    ITS phase 1 deleted before first Phase 2 SA is caused by "DEL_REASON_IKE_NEG_FAILED".  Crypto 0 Active IKE SA, 0 IKE SA authenticated user in the system

    65 15:09:30.475 11/12/12 Sev = Info/5 CM / 0 x 63100025

    Initializing CVPNDrv

    66 15:09:30.475 11/12/12 Sev = Info/6 CM / 0 x 63100046

    Set indicator established tunnel to register to 0.

    67 15:09:30.475 11/12/12 Sev = Info/4 IKE / 0 x 63000001

    Signal received IKE to complete the VPN connection

    68 15:09:30.475 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014

    Remove all keys

    69 15:09:30.475 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014

    Remove all keys

    70 15:09:30.475 11/12/12 Sev = Info/4 IPSEC / 0 x 63700014

    Remove all keys

    71 15:09:30.475 11/12/12 Sev = Info/4 IPSEC/0x6370000A

    IPSec driver successfully stopped

    ---------------------------------------------------------------------------------------------------------------------------------------

    The running configuration is the following (there is a VPN site-to-site set up as well at an another ASA 5505, but that works perfectly):

    : Saved

    :

    ASA Version 8.2 (5)

    !

    hostname NCHCO

    Select hTjwXz/V8EuTw9p9 of encrypted password

    hTjwXz/V8EuTw9p9 of encrypted passwd

    names of

    description of NCHCO name 192.168.2.0 City offices

    name 192.168.2.80 VPN_End

    name 192.168.2.70 VPN_Start

    !

    interface Ethernet0/0

    switchport access vlan 2

    Speed 100

    full duplex

    !

    interface Ethernet0/1

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    !

    interface Ethernet0/4

    !

    interface Ethernet0/5

    !

    interface Ethernet0/6

    !

    interface Ethernet0/7

    !

    interface Vlan1

    nameif inside

    security-level 100

    IP 192.168.2.1 255.255.255.0

    !

    interface Vlan2

    nameif outside

    security-level 0

    IP address **. ***. 255.255.255.248

    !

    boot system Disk0: / asa825 - k8.bin

    passive FTP mode

    access extensive list ip NCHCO 255.255.255.0 outside_nat0_outbound allow 192.168.1.0 255.255.255.0

    access extensive list ip NCHCO 255.255.255.0 inside_nat0_outbound allow 192.168.1.0 255.255.255.0

    inside_nat0_outbound list of allowed ip extended access all 192.168.2.64 255.255.255.224

    access extensive list ip NCHCO 255.255.255.0 outside_1_cryptomap allow 192.168.1.0 255.255.255.0

    access extensive list ip NCHCO 255.255.255.0 outside_1_cryptomap_1 allow 192.168.1.0 255.255.255.0

    Standard access list LAN_Access allow NCHCO 255.255.255.0

    LAN_Access list standard access allowed 0.0.0.0 255.255.255.0

    pager lines 24

    Enable logging

    asdm of logging of information

    Within 1500 MTU

    Outside 1500 MTU

    mask of VPN_Pool VPN_Start VPN_End of local pool IP 255.255.255.0

    ICMP unreachable rate-limit 1 burst-size 1

    ASDM image disk0: / asdm - 645.bin

    don't allow no asdm history

    ARP timeout 14400

    Global 1 interface (outside)

    NAT (inside) 0-list of access inside_nat0_outbound

    NAT (inside) 1 0.0.0.0 0.0.0.0

    NAT (outside) 0-list of access outside_nat0_outbound

    Route outside 0.0.0.0 0.0.0.0 74.219.208.49 1

    Timeout xlate 03:00

    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

    timeout tcp-proxy-reassembly 0:01:00

    Floating conn timeout 0:00:00

    dynamic-access-policy-registration DfltAccessPolicy

    network-acl outside_nat0_outbound

    WebVPN

    SVC request to enable default svc

    Enable http server

    http 192.168.1.0 255.255.255.0 inside

    http *. **. ***. 255.255.255.255 outside

    http 74.218.158.238 255.255.255.255 outside

    http NCHCO 255.255.255.0 inside

    No snmp server location

    No snmp Server contact

    Server enable SNMP traps snmp authentication linkup, linkdown cold start

    Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

    Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

    Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

    Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

    Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

    Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

    Crypto ipsec transform-set esp-3des esp-sha-hmac l2tp-transform

    Crypto ipsec transform-set l2tp-transformation mode transit

    Crypto ipsec transform-set vpn-transform esp-aes-256 esp-sha-hmac

    Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA

    Crypto ipsec transform-set transit mode TRANS_ESP_3DES_SHA

    Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5

    Crypto ipsec transform-set transit mode TRANS_ESP_3DES_MD5

    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

    life crypto ipsec security association seconds 28800

    Crypto ipsec kilobytes of life - safety 4608000 association

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

    Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    crypto dynamic-map dyn-map 10 set pfs Group1

    crypto dynamic-map dyn-map transform 10-set, vpn l2tp-transformation-transformation

    dynamic-map encryption dyn-map 10 value reverse-road

    Crypto-map dynamic outside_dyn_map 20 game of transformation-TRANS_ESP_3DES_MD5

    card crypto outside_map 1 match address outside_1_cryptomap

    card crypto outside_map 1 set pfs Group1

    peer set card crypto outside_map 1 74.219.208.50

    card crypto outside_map 1 set of transformation-ESP-3DES-SHA

    map outside_map 20-isakmp ipsec crypto dynamic outside_dyn_map

    outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    outside_map interface card crypto outside

    inside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    inside crypto map inside_map interface

    card crypto vpn-map 1 match address outside_1_cryptomap_1

    card crypto vpn-card 1 set pfs Group1

    set vpn-card crypto map peer 1 74.219.208.50

    card crypto vpn-card 1 set of transformation-ESP-3DES-SHA

    dynamic vpn-map 10 dyn-map ipsec isakmp crypto map

    crypto isakmp identity address

    crypto ISAKMP allow inside

    crypto ISAKMP allow outside

    crypto ISAKMP policy 10

    preshared authentication

    3des encryption

    md5 hash

    Group 2

    life 86400

    crypto ISAKMP policy 15

    preshared authentication

    aes-256 encryption

    sha hash

    Group 2

    life 86400

    crypto ISAKMP policy 35

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    crypto ISAKMP ipsec-over-tcp port 10000

    enable client-implementation to date

    Telnet 192.168.1.0 255.255.255.0 inside

    Telnet NCHCO 255.255.255.0 inside

    Telnet timeout 5

    SSH 192.168.1.0 255.255.255.0 inside

    SSH NCHCO 255.255.255.0 inside

    SSH timeout 5

    Console timeout 0

    dhcpd address 192.168.2.150 - 192.168.2.225 inside

    dhcpd dns 216.68.4.10 216.68.5.10 interface inside

    lease interface 64000 dhcpd inside

    !

    a basic threat threat detection

    Statistics-list of access threat detection

    no statistical threat detection tcp-interception

    WebVPN

    internal DefaultRAGroup group strategy

    attributes of Group Policy DefaultRAGroup

    value of server DNS 192.168.2.1

    Protocol-tunnel-VPN IPSec l2tp ipsec

    nchco.local value by default-field

    attributes of Group Policy DfltGrpPolicy

    value of server DNS 192.168.2.1

    Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn

    allow password-storage

    enable IPSec-udp

    enable dhcp Intercept 255.255.255.0

    the address value VPN_Pool pools

    internal NCHVPN group policy

    NCHVPN group policy attributes

    value of 192.168.2.1 DNS Server 8.8.8.8

    Protocol-tunnel-VPN IPSec l2tp ipsec

    value by default-field NCHCO

    admin LbMiJuAJjDaFb2uw encrypted privilege 15 password username

    username privilege 15 encrypted password yB1lHEVmHZGj5C2Z 8njferg

    username, encrypted NCHvpn99 QhZZtJfwbnowceB7 password

    attributes global-tunnel-group DefaultRAGroup

    address (inside) VPN_Pool pool

    address pool VPN_Pool

    authentication-server-group (inside) LOCAL

    authentication-server-group (outside LOCAL)

    LOCAL authority-server-group

    authorization-server-group (inside) LOCAL

    authorization-server-group (outside LOCAL)

    Group Policy - by default-DefaultRAGroup

    band-Kingdom

    band-band

    IPSec-attributes tunnel-group DefaultRAGroup

    pre-shared key *.

    NOCHECK Peer-id-validate

    tunnel-group DefaultRAGroup ppp-attributes

    No chap authentication

    no authentication ms-chap-v1

    ms-chap-v2 authentication

    tunnel-group DefaultWEBVPNGroup ppp-attributes

    PAP Authentication

    ms-chap-v2 authentication

    tunnel-group 74.219.208.50 type ipsec-l2l

    IPSec-attributes tunnel-group 74.219.208.50

    pre-shared key *.

    type tunnel-group NCHVPN remote access

    attributes global-tunnel-group NCHVPN

    address pool VPN_Pool

    Group Policy - by default-NCHVPN

    IPSec-attributes tunnel-group NCHVPN

    pre-shared key *.

    !

    class-map inspection_default

    match default-inspection-traffic

    !

    !

    type of policy-card inspect dns preset_dns_map

    parameters

    maximum message length automatic of customer

    message-length maximum 512

    Policy-map global_policy

    class inspection_default

    inspect the preset_dns_map dns

    inspect the ftp

    inspect h323 h225

    inspect the h323 ras

    inspect the rsh

    inspect the rtsp

    inspect esmtp

    inspect sqlnet

    inspect the skinny

    inspect sunrpc

    inspect xdmcp

    inspect the sip

    inspect the netbios

    inspect the tftp

    Review the ip options

    !

    global service-policy global_policy

    context of prompt hostname

    no remote anonymous reporting call

    Cryptochecksum:15852745977ff159ba808c4a4feb61fa

    : end

    ASDM image disk0: / asdm - 645.bin

    ASDM VPN_Start 255.255.255.255 inside location

    ASDM VPN_End 255.255.255.255 inside location

    don't allow no asdm history

    Anyone have any idea why this is happening?

    Thank you!

    Add, crypto dynamic-map outside_dyn_map 20 value reverse-road.

    With respect,

    Safwan

  • I have not received an activation code.

    Hello. On 4 January I paid the subscription at Mr. Up to now I have not received activation key. I tried to followed by the command by ID, but the system have not found my order. What should I do?

    Hello

    I see that you have the subscription to Muse. If the throw his request for serial number please try the steps I have provided in the thread below.

    Adobe Muse redemption code

    Please let us know if this is not the case. Please provide us with some screenshots for better understanding.

    Concerning

    Vivek

Maybe you are looking for

  • What are the differences between firefox 4.01 and 5

    Why is not answering the question?

  • How can I send this laptop back and get my money back

    HP laptop 15-f009wm had nine 17/08/2014 it is junk never buy hp again about to wipe and put diff on her bones think I'll just put it in the trash where it belongs not to waste more time with windows or HP

  • Comments account shows as not secure...

    In my Cisco Connect access as a guest page will appear as 'on' and watch a password is required to use it. However, when I click on the network and sharing icon in the taskbar, it displays all available networks around. My account main poster as a WP

  • Vista automatic failover

    Attempt #1: My computer froze, I stopped him.  When I restarted it, it is impossible to load windows.  Instead of loading, I came to the Acer Empowering screne then the windows error recovery screne.  He is gone to start window repair and tried to au

  • SMBIOS Drive for Dell customer PowerShell provider

    I can't change to the directory of smbios dell to the customer of dell powershell provider. When I do a driverquery.exe /v /fo csv | ConvertFrom-CSV | Where {$_.'} Name of the module "-match"Dcdbas"} I see results for dcdbas64.sys." I've attached a s