Site-to-Site VPN Ping does not

Similar Questions

• Site to Site VPN configuration does not

  Hello

  I just tried to set up a test site to site VPN. Diagram of arrangement is attached. Router R2 is supposed to act as the 'Internet' to allow connectivity between the two networks.

  My VPN on ASA1 and ASA2 configs are below:

  ASA1

  Note to outside_cryptomap_1 to access list VPN traffic to encrypt
  outside_cryptomap_1 to access extended list ip 10.10.10.0 allow 255.255.255.0 172.16.10.0 255.225.255.0

  Crypto ikev1 allow outside
  IKEv1 crypto policy 1
  preshared authentication
  aes-256 encryption
  sha hash
  Group 5
  life 86400

  tunnel-group 11.11.11.2 type ipsec-l2l
  IPSec-attributes tunnel-Group 11.11.11.2
  Cisco pre-shared key IKEv1

  Crypto ipsec transform-set ikev1 AES - SHA esp-aes-256 esp-sha-hmac
  card crypto outside_map 1 match address outside_cryptomap_1
  peer set card crypto outside_map 1 11.11.11.2
  card crypto outside_map 1 set of transformation-AES-SHA
  outside_map interface card crypto outside

  ASA2

  Note to outside_cryptomap_1 to access list VPN traffic to encrypt
  permit access list extended ip 172.16.10.0 outside_cryptomap_1 255.255.255.0 10.10.10.0 255.225.255.0

  Crypto ikev1 allow outside
  IKEv1 crypto policy 1
  preshared authentication
  aes-256 encryption
  sha hash
  Group 5
  life 86400

  tunnel-group 12.12.12.2 type ipsec-l2l
  IPSec-attributes tunnel-group 12.12.12.2
  Cisco pre-shared key IKEv1

  Crypto ipsec transform-set ikev1 AES - SHA esp-aes-256 esp-sha-hmac
  card crypto outside_map 1 match address outside_cryptomap_1
  peer set card crypto outside_map 1 12.12.12.2
  card crypto outside_map 1 set of transformation-AES-SHA
  outside_map interface card crypto outside

  I can ping with the ASA2 ASA1, but when I try to test the VPN trying from one PC to another, I get nothing.

  I tried a few commands show and they came out absolutely empty... as I have not configured:

  SH in detail its crypto isakmp

  There are no SAs IKEv1

  There are no SAs IKEv2

  SH crypto ipsec his

  There is no ipsec security associations

  Anyone have any ideas?

  Hi martin,

  Your configs are quite right. I tried your script, its works really well. Here's the configs & outputs.
  What I mentioned in the previous note follow this.

  --------------------

  ASA1

  ASA1 (config) # sh run
  : Saved
  :
  ASA Version 8.0 (2)
  !
  hostname ASA1
  activate 8Ry2YjIyt7RRXU24 encrypted password
  names of
  !
  interface Ethernet0/0
  nameif outside
  security-level 0
  IP 12.12.12.2 255.255.255.0
  !
  interface Ethernet0/1
  nameif inside
  security-level 100
  10.10.10.2 IP address 255.255.255.0
  !
  interface Ethernet0/2
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/4
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/4
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/5
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  2KFQnbNIdI.2KYOU encrypted passwd
  passive FTP mode
  extended vpn 10.10.10.0 ip access list allow 255.255.255.0 172.16.10.0 255.255.255.0
  pager lines 24
  Within 1500 MTU
  Outside 1500 MTU
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400
  Route outside 0.0.0.0 0.0.0.0 12.12.12.1 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout, uauth 0:05:00 absolute
  dynamic-access-policy-registration DfltAccessPolicy
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-3des esp-sha-hmac tset
  card crypto cmap 1 match for vpn
  card crypto cmap 1 set peer 11.11.11.2
  card crypto cmap 1 transform-set tset
  cmap outside crypto map interface
  crypto ISAKMP allow outside
  crypto ISAKMP policy 1
  preshared authentication
  3des encryption
  md5 hash
  Group 5
  life 86400
  crypto ISAKMP policy 65535
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  a basic threat threat detection
  Statistics-list of access threat detection
  !
  !
  tunnel-group 11.11.11.2 type ipsec-l2l
  IPSec-attributes tunnel-Group 11.11.11.2
  pre-shared-key *.
  context of prompt hostname
  Cryptochecksum:00000000000000000000000000000000
  : end
  ASA1 (config) #.
  ---------------------

  ASA2 (config) # sh run
  : Saved
  :
  ASA Version 8.0 (2)
  !
  hostname ASA2
  activate 8Ry2YjIyt7RRXU24 encrypted password
  names of
  !
  interface Ethernet0/0
  nameif outside
  security-level 0
  IP 11.11.11.2 255.255.255.0
  !
  interface Ethernet0/1
  nameif inside
  security-level 100
  IP 172.16.10.2 255.255.255.0
  !
  interface Ethernet0/2
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/3
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/4
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  interface Ethernet0/5
  Shutdown
  No nameif
  no level of security
  no ip address
  !
  2KFQnbNIdI.2KYOU encrypted passwd
  passive FTP mode
  extended vpn 172.16.10.0 ip access list allow 255.255.255.0 10.10.10.0 255.255.255.0
  pager lines 24
  Outside 1500 MTU
  Within 1500 MTU
  no failover
  ICMP unreachable rate-limit 1 burst-size 1
  don't allow no asdm history
  ARP timeout 14400
  Route outside 0.0.0.0 0.0.0.0 11.11.11.1 1
  Timeout xlate 03:00
  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
  Timeout, uauth 0:05:00 absolute
  dynamic-access-policy-registration DfltAccessPolicy
  No snmp server location
  No snmp Server contact
  Server enable SNMP traps snmp authentication linkup, linkdown cold start
  Crypto ipsec transform-set esp-3des esp-sha-hmac tset
  card crypto cmap 1 match for vpn
  card crypto cmap 1 set peer 12.12.12.2
  card crypto cmap 1 transform-set tset
  cmap outside crypto map interface
  crypto ISAKMP allow outside
  crypto ISAKMP policy 1
  preshared authentication
  3des encryption
  md5 hash
  Group 5
  life 86400
  crypto ISAKMP policy 65535
  preshared authentication
  3des encryption
  sha hash
  Group 2
  life 86400
  Telnet timeout 5
  SSH timeout 5
  Console timeout 0
  a basic threat threat detection
  Statistics-list of access threat detection
  !
  !
  !
  tunnel-group 12.12.12.2 type ipsec-l2l
  IPSec-attributes tunnel-group 12.12.12.2
  pre-shared-key *.
  context of prompt hostname
  Cryptochecksum:00000000000000000000000000000000
  : end
  ASA2 (config) #.

  -------------------------
  OUTPUTS:

  *********************

  ASA1 (config) # sh crypto isakmp his

  ITS enabled: 1
  Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
  Total SA IKE: 1

  1 peer IKE: 11.11.11.2
  Type: L2L role: initiator
  Generate a new key: no State: MM_ACTIVE

  ---------------------

  ASA1 (config) # sh crypto ipsec his
  Interface: outside
  Tag crypto map: cmap, seq num: 1, local addr: 12.12.12.2

  access vpn ip 10.10.10.0 list allow 255.255.255.0 172.16.10.0 255.255.255.0
  local ident (addr, mask, prot, port): (10.10.10.0/255.255.255.0/0/0)
  Remote ident (addr, mask, prot, port): (172.16.10.0/255.255.255.0/0/0)
  current_peer: 11.11.11.2

  #pkts program: 50, #pkts encrypt: 50, #pkts digest: 50
  #pkts decaps: 49, #pkts decrypt: 49, #pkts check: 49
  compressed #pkts: 0, unzipped #pkts: 0
  #pkts uncompressed: 50, comp #pkts failed: 0, #pkts Dang failed: 0
  success #frag before: 0, failures before #frag: 0, #fragments created: 0
  Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
  #send errors: 0, #recv errors: 0

  local crypto endpt. : 12.12.12.2, remote Start crypto. : 11.11.11.2

  ------------------------
  ASA2 (config) # sh crypto isakmp his

  ITS enabled: 1
  Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
  Total SA IKE: 1

  1 peer IKE: 12.12.12.2
  Type: L2L role: answering machine
  Generate a new key: no State: MM_ACTIVE

  ------------------------

  ASA2 (config) # sh crypto ipsec his
  Interface: outside
  Tag crypto map: cmap, seq num: 1, local addr: 11.11.11.2

  access vpn ip 172.16.10.0 list allow 255.255.255.0 10.10.10.0 255.255.255.0
  local ident (addr, mask, prot, port): (172.16.10.0/255.255.255.0/0/0)
  Remote ident (addr, mask, prot, port): (10.10.10.0/255.255.255.0/0/0)
  current_peer: 12.12.12.2

  #pkts program: 49, #pkts encrypt: 49, #pkts digest: 49
  #pkts decaps: 50, #pkts decrypt: 50, #pkts check: 50
  compressed #pkts: 0, unzipped #pkts: 0
  #pkts uncompressed: 49, #pkts comp failed: 0, #pkts Dang failed: 0
  success #frag before: 0, failures before #frag: 0, #fragments created: 0
  Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
  #send errors: 0, #recv errors: 0

  local crypto endpt. : 11.11.11.2, remote Start crypto. : 12.12.12.2
  -------------------------

• my browser cannot open google and facebook and other https sites that it does not open even the app store does not work, I tried to change my DNS google DNS and disable IPv6 but still no use, help PLZ!

  my browser cannot open google and facebook and other https sites that it does not open even the app store does not work, I tried to change my DNS google DNS and disable IPv6 but still no use, help PLZ!

  You may have installed one or more variants of the malware "VSearch' ad-injection. Please back up all data, and then take the steps below to disable it.

  Do not use any type of product, "anti-virus" or "anti-malware" on a Mac. It is never necessary for her, and relying on it for protection makes you more vulnerable to attacks, not less.

  Malware is constantly evolving to work around defenses against it. This procedure works now, I know. It will not work in the future. Anyone finding this comment a couple of days or more after it was published should look for a more recent discussion, or start a new one.

  Step 1

  VSearch malware tries to hide by varying names of the files it installs. It regenerates itself also if you try to remove it when it is run. To remove it, you must first start in safe mode temporarily disable the malware.

  Note: If FileVault is enabled in OS X 10.9 or an earlier version, or if a firmware password is defined, or if the boot volume is a software RAID, you can not do this. Ask for other instructions.

  Step 2

  When running in safe mode, load the web page and then triple - click on the line below to select. Copy the text to the Clipboard by pressing Control-C key combination:

  /Library/LaunchDaemons

  In the Finder, select

  Go ▹ go to the folder...

  from the menu bar and paste it into the box that opens by pressing command + V. You won't see what you pasted a newline being included. Press return.

  A folder named "LaunchDaemons" can open. If this is the case, press the combination of keys command-2 to select the display of the list, if it is not already selected.

  There should be a column in the update Finder window. Click this title two times to sort the content by date with the most recent at the top. Please don't skip this step. Files that belong to an instance of VSearch will have the same date of change for a few minutes, then they will be grouped together when you sort the folder this way, which makes them easy to identify.

  Step 3

  In the LaunchDaemons folder, there may be one or more files with the name of this form:

  com Apple.something.plist

  When something is a random string, without the letters, different in each case.

  Note that the name consists of four words separated by dots. Typical examples are:

  com Apple.builins.plist

  com Apple.cereng.plist

  com Apple.nysgar.plist

  There may be one or more items with a name of the form:

  com.something.plist

  Yet once something is a random string, without meaning - not necessarily the same as that which appears in one of the other file names.

  These names consist of three words separated by dots. Typical examples are:

  com.semifasciaUpd.plist

  com.ubuiling.plist

  Sometimes there are items (usually not more than one) with the name of this form:

  com.something .net - preferences.plist

  This name consists of four words (the third hyphen) separated by periods. Typical example:

  com.jangly .net - preferences.plist

  Drag all items in the basket. You may be prompted for administrator login password.

  Restart the computer and empty the trash.

  Examples of legitimate files located in the same folder:

  com.apple.FinalCutServer.fcsvr_ldsd.plist

  com Apple.Installer.osmessagetracing.plist

  com Apple.Qmaster.qmasterd.plist

  com Apple.aelwriter.plist

  com Apple.SERVERD.plist

  com Tether.plist

  The first three are clearly not VSearch files because the names do not match the above models. The last three are not easy to distinguish by the name alone, but the modification date will be earlier than the date at which VSearch has been installed, perhaps several years. None of these files will be present in most installations of Mac OS X.

  Do not delete the folder 'LaunchDaemons' or anything else inside, unless you know you have another type of unwanted software and more VSearch. The file is a normal part of Mac OS X. The "demon" refers to a program that starts automatically. This is not inherently bad, but the mechanism is sometimes exploited by hackers for malicious software.

  If you are not sure whether a file is part of the malware, order the contents of the folder by date modified I wrote in step 2, no name. Malicious files will be grouped together. There could be more than one such group, if you attacked more than once. A file dated far in the past is not part of the malware. A folder in date dated Middle an obviously malicious cluster is almost certainly too malicious.

  If the files come back after you remove the, they are replaced by others with similar names, then either you didn't start in safe mode or you do not have all the. Return to step 1 and try again.

  Step 4

  Reset the home page in each of your browsers, if it has been modified. In Safari, first load the desired home page, then select

  ▹ Safari preferences... ▹ General

  and click on

  Set on the current Page

  If you use Firefox or Chrome web browser, remove the extensions or add-ons that you don't know that you need. When in doubt, remove all of them.

  The malware is now permanently inactivated, as long as you reinstall it never. A few small files will be left behind, but they have no effect, and trying to find all them is more trouble that it's worth.

  Step 5

  The malware lets the web proxy discovery in the network settings. If you know that the setting was already enabled for a reason, skip this step. Otherwise, you should undo the change.

  Open the network pane in system preferences. If there is a padlock icon in the lower left corner of the window, click it and authenticate to unlock the settings. Click the Advanced button, and then select Proxies in the sheet that drops down. Uncheck that Auto Discovery Proxy if it is checked. Click OK, and then apply.

  Step 6

  This step is optional. Open the users and groups in the system preferences and click on the lock icon to unlock the settings. In the list of users, there may be some with random names that have been added by the malware. You can remove these users. If you are not sure whether a user is legitimate, do not delete it.

• How to delete user names registered for a Web site if it does not have an associated password?

  I accidentally typed in part of a password when you enter a user name for a Web site.
  How can I delete this registered user name? I tried to delete cookies from the Web site, but it does not work. I tried looking through saved passwords, but it doesn't work either, since there is no actual password associated with the username.

  Was probably saved as a data form - see this:
  https://support.Mozilla.org/en-us/KB/control-Firefox-automatically-fills-in-forms#w_clearing-form-history

• the color of the sites I visit does not change in firefox but changes in bing

  The color of the sites I visit does not change in the list of sites.

  I'm not able to find this feature Firefix 4, even though it existed in earlier versions.

  Pl help

  Make sure that you are not running Firefox mode of private - browsing using Firefox without saving history permanent.

  • You enter private browsing mode, if you select: Tools > Options > privacy > History: Firefox will be: "don't forget the story ever.
  • To view the history settings and cookies, choose: Tools > Options > privacy, choose the setting Firefox will: use the custom settings for the story of
  • Uncheck: [] "Permanent private browsing Mode.

• I'm having a problem where Firefox keeps asking for my password to Amazon, even if I tell Firefox NOT to remember this password. In Firefox options, Amazon is clearly recognized as a site for which does not save passwords.

  I'm having a problem where Firefox keeps asking for my password to Amazon, even if I tell Firefox NOT to remember this password. In Firefox options, Amazon is clearly recognized as a site for which does not save passwords.

  Do not remove the navigation, search and download history on Firefox to clear the "Site preferences".

  Compensation of the "Site Preferences" clears all exceptions for cookies, images, windows pop up, installation of software and passwords.

• My sensitive back of Web Site navigation bar does not work by smartphone - fewowiesbach.de. What can I do?

  My sensitive back of Web Site navigation bar does not work by smartphone - fewowiesbach.de. What can I do?

  It does not work because the jquery and JavaScript of Bootstrap files are not on the server, or if they are, they are in the wrong place.

  This topic has been moved, by the way, for the main forum for Support of Dreamweaver.

• I would like to stop my paid subscription to Adobe, the creative cloud because adobe does not work on my computer. In addition, it is not possible for me to stop my subscription on the site, because it does not show I have this subscription. That's why I

  I would like to stop my paid subscription to Adobe, the creative cloud because adobe does not work on my computer. In addition, it is not possible for me to stop my subscription on the site, because it does not show I have this subscription. That's why I need to helo, please, thanks :-)

  Hi Stephanie,

  Please let us know the problem you are having with your Adobe Creative cloud so that we can fix it for you.

  For cancellation requests, please contact customer service.

  Reference: cancel your creative cloud membership

  Kind regards

  Sheena

• I try to install Lightroom 4 on a new machine, but the media are hosted by Adobe.  I can see my license number but do not see the option for download.  Y at - it a link to the downloads for this media on the Web site?  It does not appear in my one Adobe

  I try to install Lightroom 4 on a new machine, but the media are hosted by Adobe.  I can see my license number but do not see the option for download.  Y at - it a link to the downloads for this media on the Web site?  It does not appear in my Adobe account.

  Adobe - Lightroom: For Windows

  Adobe - Lightroom: For Macintosh

  Mylenium

• The site buy ExportPDF does not work. His hanging. How to buy?

  The site buy ExportPDF does not work. His hanging. How to buy?

  More quick way to get help: Contact Customer Services and click on the still need help? button to speak with an agent.

  [subject moved to Document Cloud Services forum]

• VPN L2TP does not / / Android 4.4.3

  My vpn connection does not work.

  The installer is: L2TP/IPSec with PSK in my network private.

  Given that my old phone (Xperia S), located on android 4.3.X, still works
  I see no problem of configuration, but I guess that it is a problem with android 4.4.X

  The same problem occurs on my sony tablet z since the update to 4.4.X

  Is there any fix from sony?

  I read on a google fix, that should be in place on the 4.4.4, version but updated for 4.4.4 on the
  Tablet does not solve this problem.

  We got a test account of another user with this issue and have found the cause of this. It will be fixed in a future software update.

• Site to Site VPN tunnel is not come between 2 routers

  Dear all,

  I have 2 routers for branch which is configured for VPN site-to-site, but the tunnel does not come!

  I ran debug and I enclose herwith output for your kind review and recommendation. I also enclose here the 2 routers configs branch.

  Any idea on why the Site to site VPN is not coming?

  Kind regards

  Haitham

  You guessed it!

  Just because you have re-used the same card encryption for LAN to LAN and vpn-client traffic.

  This from the DOC CD

  No.-xauth

  (Optional) Use this keyword if the router to router IP Security (IPSec) is on the same card encryption as a virtual private network (VPN) - client - to-Cisco-IOS IPSec. This keyword prevents the router causing the peer for the information of extended authentication (Xauth) (username and password).

• One of the sites I visit does not respond when I use my wi - fi.

  I have an iMac, iPhone and the iPad. This site (www.cheapjoes.com) is accessible via my iPhone, using Verizon, only. When I am connected to WiFi, it says "the server unresponsive. This happened for several days, and this is the only site doing this. I have restarted the iMac and iPad, deleted the cookies from this site, restarted the wi - fi, all to nothing does not. Can you help me?

  You can try things:

  1 clear the DNS cache: http://osxdaily.com/2015/11/16/howto-flush-dns-cache-os-x-elcap/

  2. check the hosts file: cast Terminal, located in/Applications/Utilities/and type the following command (followed by enter): sudo nano/private/etc/hosts

  You will be asked your password, but that's OK. Copy and paste the result in a reply to this topic. Subsequently, you can quit Terminal (Type ctrl-X first).

• Why do code grayscaler site image Web does not work with Mozilla Firefox, but it does to another browser?

  I just noticed that my code (in my blog site), which is a regular code that allows the image to transform into its form in grayscale and cast its original color, does not work with the Mozilla Firefox browser. But with other browsers, it works. I hope you can help me with this little problem. Thank you!

  Should I use a CSS rule that is similar to:

  filter: grayscale(100%)
  

  This property is not yet implemented in Firefox. It is supposed to be implemented in Firefox 34, according to https://developer.mozilla.org/en-US/docs/Web/CSS/filter

• On one site, Mozilla Firefox does not remember my password, but Internet Explorer doesn't.

  Yesterday, I accessed my Bank Web site. I entered the account #, then the password. I got an error message on the password, even though I was pretty sure that the password is correct. I clicked on 'do not remember the password' and received the same password I had entered. I was really puzzled, but tried again. It still does not work. I then tried Internet Explorer after the advice of my Bank rep. I created a new password on Internet Explorer and managed to get the law through the Web site. Later, I tried Mozilla Firefox with the original password. Yet once again, the password was not accepted, but when I asked to have access to the correct password, they gave me the new password I was entered on Internet Explorer. I am very confused. Help, please!

  Hi Mez1115,

  Once you have changed your password, the OLD password is no longer valid. You must use the NEW password to access your account, regardless of the browser you use.

  Many issues of the site can be caused by corrupted cookies or cache. To try to solve these problems, the first step is to clear cookies and cache.
  Note: This will be you temporarily disconnect all sites, you're connected to.
  To clear the cache and cookies to do the following:

  1. Go to Firefox > history > clear recent history or (if no Firefox button is displayed) go to tools > clear recent history.
  2. Under "Time range to clear", select "all".
  3. Now, click the arrow next to details to toggle the active details list.
  4. In the list of details, see the Cache and Cookies and uncheck everything.
  5. Now click the clear now button.

  More information can be found in article to clear your cache, history, and other personal information in Firefox .

  This solve your problems? Please report to us!

  Thank you!!!

  -Ralph