Unable to connect to server vpn behind ASA 5510 with windows clients

Similar Questions

• VPN on ASA-5510 with Configure a dynamic encryption card

  Hi all

  My name is ping, I have ASA-5510 for site to site VPN configuration, but am not clear with a few conifguration on ASA-5510 series, not sure on poin than, when I install on other sets of cisco router I can use

  ASA2 (config) #crypto card outside-card 10 ipsec-isakmp

  % NOTE: this new map encryption will remain disabled until a peer

  and a valid access list have been configured.

  ........

  but, when I configure ASA 5510 it as below:

  mtelcoASA2 (config) # crypto?

  set up the mode commands/options:

  CA Certification Authority

  dynamic-map set up a dynamic encryption card

  IPSec transform-set set, life of the IPSec Security Association and fragmentation

  ISAKMP configure ISAKMP

  main activities key long-term

  card to configure an encryption card

  ASA2 (config) # map outside-map 10 ipsec-isakmp crypto ?

  set up the mode commands/options:

  Entry dynamic is a dynamic map

  "Set up a dynamic crypto map" which uses for and why I can't use only "map outside-map 10 ipsec-isakmp crypto" and if not can't, can I skip this command or tell me the other way with explanation with nicely,

  Thank you very much

  hot topic,

  Ping,

  Just use crypto card outside-map 10 match/set without ipsec-isakmp key word and it will be fine.

• Computer with Vista unable to connect to the internet through two computers with Windows 7.

  Dear engineers,

  In our House, we have two new computers Windows 7 connect to Wired internet access.  Our friend came in hoping to play some MMO games with us on our connection (it has windows vista).  When we hung everything upward, by linking to our modem, his computer was visible on my husbands computer, but was visible on mine as a media device.  He could see the two computers, but could not get an internet connection and no viable ping.  We checked the network map and he showed my computer with one? related to my husband then connected to the internet.  Inside, there was an announcement indicating that the following devices are not displayed in the network map.  under of course was listed both our friends media device and the computer device.  I searched Control Panel and gave access to anyone on the login to my husbands system as long as me.  What happens if nothing else can I try to have its system you can connect to our internet?

  Thank you for your attention,

  Cerisea

  Hello

  If a computer is not properly visible it generally means that sharing is not set correctly to match your system.

  You must also set your computers with the computer account of the friend as a user on your computer.

  Everyone does not mean everyone wishing to connect.

  If the accounts are presented only for John, Jill and Jack, setting in the folder with all permissions saves the effort of definition permission separately for John, Jill and Jack.

  Everyone isn't everyone group, only John, Jill and Jack.

  In general.

  Win7 when configured on the peer-to-peer network has three types of configurations of sharing.

  Group residential network = only works between Win 7 computers. This type of configuration, it is very easy to entry level users to start sharing network.

  Working network = fundamentally similar to previous methods of sharing that allow you to control what, how and to whom the records would be shared with.
  
  Public share = network Public (as Internet Café) in order to reduce security risks.

  For the best newspaper of the results of each computer screen system and together all computers on a network of the same name, while each computer has its own unique name.

  http://www.ezlan.NET/Win7/net_name.jpg

  Make sure that the software firewall on each computer allows free local traffic. If you use 3rd party Firewall on, Vista/XP Firewall Native should be disabled, and the active firewall has adjusted to your network numbers IP on what is sometimes called the Zone of confidence (see part 3 firewall instructions

  General example, http://www.ezlan.net/faq#trusted
  Please note that some 3rd party software firewall continue to block the same aspects it traffic Local, they are turned Off (disabled). If possible, configure the firewall correctly or completely uninstall to allow a clean flow of local network traffic. If the 3rd party software is uninstalled, or disables, make sure Windows native firewall is active .

  Win 7 networking with other version of Windows as a work network.

  In the center of the network, by clicking on the type of network opens the window to the right.

  Choose your network type. Note the check box at the bottom and check/uncheck depending on your needs.

  http://www.ezlan.NET/Win7/net_type.jpg

  Win 7 - http://windows.microsoft.com/en-us/windows7/Networking-home-computers-running-different-versions-of-Windows

  Win 7 network sharing folder specific work - http://www.onecomputerguy.com/windows7/windows7_sharing.htm

  Vista file and printer sharing - http://technet.microsoft.com/en-us/library/bb727037.aspx

  When you have finished the configuration of the system, it is recommended to restart everything the router and all computers involved.

  -------------

  If you have authorization and security problems, check the following settings.

  Point to a folder that wants to share do right click and choose Properties.

  In the properties

  Click on the Security tab shown in the bellows of the photo on the right) and verify that users and their permissions (see photo below Centre and left) are configured correctly. Then do the same for the authorization tab.

  This screen shot is to Win 7, Vista menus are similar.

  http://www.ezlan.NET/Win7/permission-security.jpg

  The Security Panel and the authorization Panel, you need to highlight each user/group and consider that the authorization controls are verified correctly.

  When everything is OK, restart the network (router and computer).

  * Note . The groups and users listed in the screen-shoot are just an example. Your list will focus on how your system is configured.

  * Note . There must be specific users. All means all users who already have an account now as users. This does not mean everyone who feel they would like to connect.

  ---------------------

  *** Note. Some of the processes described above are made sake not for Windows, but to compensate for different routers and how their firmware works and stores information about computers that are networked.

  Jack-MVP Windows Networking. WWW.EZLAN.NET

• Unable to connect to other remote access (ASA) VPN clients

  Hello

  I have a cisco ASA 5510 appliance configured with remote VPN access

  I can connect all hosts on the INSIDE and DMZ network, but not able to access other clients connected to the same VPN.

  For example, if I have 2 clients connected to the VPN, customer and CustomerB, with a pool of vpn IP addresses such as 10.40.170.160 and 10.40.170.161 respectively, these two clients are not able to communicate with each other.

  Any help is welcome.

  Thanks in advance.

  Hello

  I'm a little rusty on the old format NAT, but would be what I would personally try to configure NAT0 on the 'outer' interface.

  It seems to me that you currently have dynamic PAT configured for the VPN users you have this

  NAT (outside) 1 10.40.170.0 255.255.255.0

  If your traffic is probably corresponding to it.

  The only thing I can think of at the moment would be to configure

  Note of VPN-CLIENT-NAT0-access-list NAT0 for traffic between VPN Clients

  list of access VPN-CLIENT-NAT0 permit ip 10.40.170.0 255.255.255.0 10.40.170.0 255.255.255.0

  NAT (outside) 0-list of access VPN-CLIENT-NAT0

  I don't know if it works. I did not really have to configure it on any ASAs running older software. There was some similar questions here on the forums for the new format.

  -Jouni

• My cloud of Adobe installer is unable to connect to the animated. No problems with internet... Help, please

  My cloud of Adobe installer is unable to connect to the animated. No problems with internet... Help, please

  Hello

  Thank you for using https://helpx.adobe.com/x-productkb/policy-pricing/activation-network-issues.html > and all the steps in "troubleshooting connectivity issues.

  If necessary, and for any other question, click on through http://helpx.adobe.com/contact.html and so "open" Please use the chat, I to can I part had the best experiences. An employee of Adobe Preran I quote: the chat button is enabled as soon as there is an available to help agent.

  Hans-Günter

• ASA 5510 with AIP SSM-10

  I'm new to network administration and our company has an ASA 5510 with and map AIP SSM-10. On the interface ASA when I try to load Intrusion detection, he said the following:

  "For IPS 5.1 (1) S205.0, use the link below to access the IPS Device Manager." (If the SSM management IP address or the port is translated, replace them accordingly in the below URL). IPS 6.0.1 or above will be fully interated ASDM. »

  Unfortunately, no URL is displayed below this message and there is no documentation in the company that owns this configuration. Is there a way to reset the AIP without resetting the ASA? How can I find the IP address to be able to configure it?

  The ASA CLI, you will be able to check the IP address of the AIP module:

  view the details of the module

  It will show you the ip address of mgmt of the module, and you can https to the IP address of your PC.

• connection my heartbeat in my Dell XPS with Windows 8.1 connects not through they are paired

  Separated from this thread.

  I have a similar problem connecting my beats of my Dell XPS with Windows 8.1. They are matched with my computer, but it does not connect. Whenever I hit the button to connect, it just eventually times out. I made sure that my headphones are on and through this article to make sure that everything was set up properly, but in vain. They work great with all the phones that I've matched with so far.

  

  Hello

  Please contact Microsoft Community.

  I would like to know the following information so that we can help you further.

  • What is the model of the computer?

  Please follow the method below and check if it helps:

  Please, try the steps in below link by Nirmal S replied on 12 November 2013.

  http://answers.Microsoft.com/en-us/Windows/Forum/windows8_1-hardware/after-upgrading-to-Windows-81-my-Bluetooth-device/bf6c7155-65CB-4874-B683-330e8bfbe9c8

  Also I suggest to install the drivers from the manufacturers website, follow the link below.

  http://www.Dell.com/support/home/us/en/04/product-support/product/XPS-12-l221x/drivers

  For your reference

  http://Windows.Microsoft.com/en-CA/Windows-8/why-isn ' t-windows-conclusion-device

  Hope this information was helpful and let us know if you need more assistance. We will be happy to help.

• Unable to connect to the VPN

  I can not connect from home (Windows 7 Starter Edition) at the office of the wife (WinXP Home) via a VPN connection.

  Follow-up of the installation a new connection wizard. Unable to connect with the new account (done in the vpn Wizard. Unable to connect with an existing account on the server VPN system either. I am able to connect from another system of home to the system that hosts the server VPN using pcAnywhere.

  Or the other attempt gives an error 800 - VPN tunnel failed.

  Any ideas on where to start looking?

  I can not connect from home (Windows 7 Starter Edition) at the office of the wife (WinXP Home) via a VPN connection.

  Follow-up of the installation a new connection wizard. Unable to connect with the new account (done in the vpn Wizard. Unable to connect with an existing account on the server VPN system either. I am able to connect from another system of home to the system that hosts the server VPN using pcAnywhere.

  Or the other attempt gives an error 800 - VPN tunnel failed.

  Any ideas on where to start looking?

  See this section of the RRAS team blog...

  http://blogs.technet.com/rrasblog/archive/2009/08/12/troubleshooting-common-VPN-related-errors.aspx

  More than likely the XP box is behind a firewall/router which does not pass traffic GRE protocol 47 . You can test the VPN PPTP link by running the test detailed in the traffic VPN PPTP Ping and secitons on this page.

  http://TechNet.Microsoft.com/en-us/library/bb877965.aspx

  GRAP the pptpsrv.exe and pptpclnt.exe programs on the internet or from a CD of XP SP2. If the tests fail work arounds include...

  * Update the firmware on the router to a version known to pass traffic GRE protocol 47.

  * Flashing the router, if supported, with third-party firmware like DD - WRT that supports passing traffic GRE protocol 47.

  * Buying a router known to pass the GRE protocol traffic.

  * Use an alternative such as Secure Shell [SSH] and a free SFTP client such as WinSCP or TBM for secure remote access to files and folders or Remote Desktop/access control to computers on office's LAN.
  MS - MVP Windows Desktop Experience, "when everything has failed, read the operating instructions.

• RRAS issues! -Unable to connect to the VPN users,

  original title: RRAS issues!

  Hi all, I have some real issues with my RRAS VPN. All of a sudden the users are randomly cannot connect to the VPN. Making mistakes like 619 800 and so on. I activated the GRE (once the problem starts) checked to see if the 1723 port is open. Why is this happening now?

  I use DynDns host name and everything seems fine, fact that there are enough ports available to PPTP on the RRAS.

  I am running Windows 2003 SBS SP2

  Router is a MAKO 6861 with a normal ADSL line

  I see this in the PPP.log:

  [8128] 06-04 10:27:27:794: Recv timeout event received for portid = 288, Id = 5, Protocol c021, fAuth = 0 =
  [8128] 06-04 10:27:27:794:
  [8128] 06-04 10:27:27:794:
  [8128] 10:27:27:794:
  [8128] 10:27:27:794: <06 57="" eb="" 0d="" 3e="" 07="" 02="" 08="" 02="" 0d="" 03="" 06="" 11="" 04="" 06="" 4e="" |.w..="">... N |
  [8128] 10:27:27:794:<13 17="" 01="" b0="" 09="" a5="" e1="" 15="" e6="" 49="" 4f="" 85="" fb="" 7c="" a0="" 15="">
  [8128] 10:27:27:794:

  And some of this:

  [8128] 06-04 10:27:43:325: line before the end event occurred on port 138
  [8128] 10:27:43:325 06-04: FsmDown event is received for Protocol c021 on port 138
  [8128] 10:27:43:325 06-04: RemoveFromTimerQ called portid = 288, Id = 9, Protocol is c021, EventType = 0, = 0 fAuth
  [8128] 10:27:43:325 06-04: FsmReset called Protocol c021, port = 138 =
  [8128] 10:27:43:325 06-04: RemoveFromTimerQ called portid = 288, Id = 0, = 0 protocol, EventType = 3, fAuth = 0
  [8128] 10:27:43:325 06-04: RemoveFromTimerQ called portid = 288, Id = 0, = 0 protocol, EventType = 7, fAuth = 0
  [8128] 10:27:43:325 06-04: RemoveFromTimerQ called portid = 288, Id = 0, = 0 protocol, EventType = 2, fAuth = 0
  [8128] 10:27:43:325 06-04: RemoveFromTimerQ called portid = 288, Id = 0, = 0 protocol, EventType = 1, = 0 fAuth
  [8128] 10:27:43:325 06-04: RemoveFromTimerQ called portid = 288, Id = 0, = 0 protocol, EventType = 4, = 0 fAuth
  [8128] 10:27:43:325 06-04: RemoveFromTimerQ called portid = 288, Id = 0, Protocol is c029, EventType = 0, = 0 fAuth
  [8128] 06-04 10:27:43:325: LcpEnd
  [8128] 06-04 10:27:43:325: line Post event took place on the port 138
  [8128] 06-04 10:27:43:325: NotifyCaller (hPort = 138, dwMsgId = 23)
  [8128] 06-04 10:27:48:043: line-up event took place on the port 138
  [8128] 06-04 10:27:48:043: PortName: VPN3-19
  [8128] 06-04 10:27:48:043: from PPP link with IfType = 0x0, 1p1f = 0 x 0, IPXIf = 0 x 0
  [8128] 10:27:48:043 06-04: RasGetBuffer returned 58 c 2148 to SendBuf
  [8128] 10:27:48:043 06-04: FsmInit called Protocol c021, port = 138 =
  [8128] 06-04 10:27:48:043: ConfigInfo = 80260
  [8128] 06-04 10:27:48:043: available APs = 2
  [8128] 10:27:48:043 06-04: FsmReset called Protocol c021, port = 138 =

  Hello

  Your question of Windows Server is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public.

  Please ask your question in the Technet Windows Server General category.
  http://social.technet.Microsoft.com/forums/en-us/winservergen/threads

• Unable to connect to the VPN, get error 800, communication

  I am trying to set up a connection to a VPN, get this error 800:

  The remote connection has not been because attempts VPN tunnels failed. The VPN server is maybe inaccessible. If this connection tries to use an L2TP/IPsec tunnel, the required security settings for IPsec negotiation is may not be configured correctly.

  Hello

  Your question of Windows 7 is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet Forum. You can follow the link to your question:
  http://social.technet.Microsoft.com/forums/en-us/w7itpronetworking/threads

• Unable to connect to server to connect to view error

  I get the following error...  "Unable to connect to the view connection server. The server provided a certificate that is not valid. "See below for more details:"-l' certificate authority is invalid or incorrect.

  I got this when the broker IP or DNS has changed and that the certificate has already been installed on the host computer. Suggest you try to re - install the certificate.

  concerning

  Paul

• Unable to connect to Server error-1 HP 6510

  When I initially installed printer I was able to access the applications, now all I get is an error code that says that I can not connect to Server error - 1.  Is there any solution for this?

  Djenav,

  I wanted to just check and see how things went.

• Unable to connect to the VPN. I found that this could be because of the mistake of sstp WAN Miniport. Windows has the drivers for it?

  Recently, I upgraded my windows vista business to windows 7 Professional and can not connect to the VPN. When I did a search on the internet I found that this could be because of the mistake of sstp WAN Miniport. Windows has the drivers for it?

  Vijay
   
  Original title: miniport network driver extended WAN sstp

  Hi Vijay,

  You can view this issue in the Forums of TechNet Windows 7 IT Pro: http://social.technet.microsoft.com/Forums/en/category/w7itpro/

  Thank you.

• False claims RADIUS of customer VPN Cisco ASA 5510

  Hello world

  I use the Cisco VPN client 5.0.7 and Cisco ASA 5510 (7.4 and 8.4.2) VPN RAS solution. Clients are authenticated using certificates and RADIUS AAA (ACS 3.3) and AD.

  Each time, when the client connects, ASA 2 RADIUS requests questions, correct first - which is successfully authenticated by FAC and immediately - second that always fails. I couldn't find information related to this strange behaivor. Function "Double Authentication" (more sympathetic to his name) is only accessible to Anyconnect customers who we do not. When I'm authenicated by using password group, there is only one query RADIUS.

  What is the source of such behavior?

  The negative impact is that my logs are filled with the failed authentication attempts fallacious and users are incrementig attempts failed in the AD meter.

  Debugging of ASA:

  -First application-

  RDS 2011-10-24 16:16:01 0232 14884 request code 172.16.8.1:1645 host = 1 id = 22, length = 145 on port 1025

  RDS 2011-10-24 16:16:01 I 2519 14884 [001] value of username: User1

  RDS 2011-10-24 16:16:01 I 2519 14884 [002] value username-password: 2D A9 B2 D0 15 5F 1E B8 BB DB 3A 38 F5 24 72 B5

  RDS 2011-10-24 16:16:01 I 2538 14884 [005] NAS-Port value:-1072693248

  RDS 2011-10-24 16:16:01 I 2538 14884 [006] Type of Service value: 2

  RDS 2011-10-24 16:16:01 I 2538 14884 [007] value Framed-Protocol: 1

  RDS 2011-10-24 16:16:01 I 2519 14884 [030] value Called-Station-Id: 172.16.8.1

  RDS 2011-10-24 16:16:01 I 2519 14884 [031] value of Calling-Station-Id: 10.4.14.14

  RDS 2011-10-24 16:16:01 I 2538 14884 [061] NAS-Port-Type value: 5

  RDS 2011-10-24 16:16:01 I 2533 14884 [066] Tunnel-Client-Endpoint value: [T1] 10.4.14.14

  RDS 2011-10-24 16:16:01 I 14884 2556 [004] value of NAS-IP-Address: 172.16.8.1

  RDS 2011-10-24 16:16:01 I 2561 14884 [026] Vendor-Specific vsa id: 9

  RDS 2011-10-24 16:16:01 I 2596 14884 [001] cisco-av-pair value: ip:source - ip = 10.4.14.14

  RDS 2011-10-24 16:16:01 I 0282 14884 ExtensionPoint: run the configured scan extension points...

  RDS 2011-10-24 16:16:01 I 0314 14884 ExtensionPoint: advertising [AuthenticationExtension] provider [Cisco EAP generic]

  RDS 2011-10-24 16:16:01 I 0763 14884 ExtensionPoint: Message-[generic EAP] lack of EAP, ignorant...

  RDS 2011-10-24 16:16:01 I 0319 14884 ExtensionPoint: [GenericEAP.dll-> AuthenticationExtension] returned [1 - ignored]

  RDS 2011-10-24 16:16:01 I 0314 14884 ExtensionPoint: asking provider [Download Cisco ACL] [AuthenticationExtension]

  RDS 2011-10-24 16:16:01 I 0763 14884 ExtensionPoint: [DnldACLs] asking not a download of ACL, ignorant...

  RDS 2011-10-24 16:16:01 I 0319 14884 ExtensionPoint: [DnldACLs.dll-> AuthenticationExtension] returned [1 - ignored]

  RDS 2011-10-24 16:16:02 I 14884 0475 AuthorExtensionPoint: run the configured scan extension points...

  RDS 2011-10-24 16:16:02 I 14884 0507 AuthorExtensionPoint: requesting provider [Download Cisco ACL] [AuthorisationExtension]

  RDS 2011-10-24 16:16:02 I 0763 14884 ExtensionPoint: looking for ACL from [DnldACLs] to [user1]

  RDS 2011-10-24 16:16:02 I 0512 14884 AuthorExtensionPoint: [DnldACLs.dll-> AuthorisationExtension] returned [1 - ignored]

  RDS 2011-10-24 16:16:02 3360 14884 sent response code 2, id 22 to 172.16.8.1 on port 1025

  RDS 2011-10-24 16:16:02 I 2561 14884 [026] Vendor-Specific vsa id: 9

  RDS 2011-10-24 16:16:02 I 2596 14884 [001] cisco-av-pair value: ip:addr - pool = vpnpool

  RDS 2011-10-24 16:16:02 I 2561 14884 [026] Vendor-Specific vsa id: 9

  RDS 2011-10-24 16:16:02 I 2596 14884 [001] cisco-av-pair value: ip:wins - servers = 10.2.9.12 10.3.9.10 10.4.2.202

  RDS 2011-10-24 16:16:02 I 2561 14884 [026] Vendor-Specific vsa id: 9

  RDS 2011-10-24 16:16:02 I 2596 14884 [001] cisco-av-pair value: IP: DNS-servers = 10.2.9.12 10.3.9.10 10.4.2.202

  RDS 2011-10-24 16:16:02 I 2538 14884 [006] Type of Service value: 2

  RDS 2011-10-24 16:16:02 I 2538 14884 [007] value Framed-Protocol: 1

  RDS 2011-10-24 16:16:02 I 2538 14884 [013] box-Compression value: 1

  RDS 2011-10-24 16:16:02 I 14884 2556 [008] value box-IP-Address: 255.255.255.254

  RDS 2011-10-24 16:16:02 I 2519 14884 [025] value class: CISCOACS:002cb2a9/ac100801/3222274048

  -The second request-

  RDS 2011-10-24 16:16:02 0232 14884 request code 172.16.8.1:1645 host = 1 id = 23, length = 145 on port 1025

  RDS 2011-10-24 16:16:02 I 2519 14884 [001] value of username: User1

  RDS 2011-10-24 16:16:02 I 2519 14884 [002] value username-password: 06 EA 08 AB C7 8F 75 D0 A5 E5 AE B7 A8 1 48 96 b

  RDS 2011-10-24 16:16:02 I 2538 14884 [005] NAS-Port value:-1072693248

  RDS 2011-10-24 16:16:02 I 2538 14884 [006] Type of Service value: 2

  RDS 2011-10-24 16:16:02 I 2538 14884 [007] value Framed-Protocol: 1

  RDS 2011-10-24 16:16:02 I 2519 14884 [030] value Called-Station-Id: 172.16.8.1

  RDS 2011-10-24 16:16:02 I 2519 14884 [031] value of Calling-Station-Id: 10.4.14.14

  RDS 2011-10-24 16:16:02 I 2538 14884 [061] NAS-Port-Type value: 5

  RDS 2011-10-24 16:16:02 I 2533 14884 [066] Tunnel-Client-Endpoint value: [T1] 10.4.14.14

  RDS 2011-10-24 16:16:02 I 14884 2556 [004] value of NAS-IP-Address: 172.16.8.1

  RDS 2011-10-24 16:16:02 I 2561 14884 [026] Vendor-Specific vsa id: 9

  RDS 2011-10-24 16:16:02 I 2596 14884 [001] cisco-av-pair value: ip:source - ip = 10.4.14.14

  RDS 2011-10-24 16:16:02 I 0282 14884 ExtensionPoint: run the configured scan extension points...

  RDS 2011-10-24 16:16:02 I 0314 14884 ExtensionPoint: advertising [AuthenticationExtension] provider [Cisco EAP generic]

  RDS 2011-10-24 16:16:02 I 0763 14884 ExtensionPoint: Message-[generic EAP] lack of EAP, ignorant...

  RDS 2011-10-24 16:16:02 I 0319 14884 ExtensionPoint: [GenericEAP.dll-> AuthenticationExtension] returned [1 - ignored]

  RDS 2011-10-24 16:16:02 I 0314 14884 ExtensionPoint: asking provider [Download Cisco ACL] [AuthenticationExtension]

  RDS 2011-10-24 16:16:02 I 0763 14884 ExtensionPoint: [DnldACLs] asking not a download of ACL, ignorant...

  RDS 2011-10-24 16:16:02 I 0319 14884 ExtensionPoint: [DnldACLs.dll-> AuthenticationExtension] returned [1 - ignored]

  RDS 2011-10-24 16:16:02 P 2237 14884 user: User1 - Windows user unknown or invalid password

  RDS 2011-10-24 16:16:02 3360 14884 sent response code 3, id 23 to 172.16.8.1 on port 1025

  RDS 2011-10-24 16:16:02 I 2519 14884 [018] value Reply-Message: rejected...

  RDS 2011-10-24 16:16:03 0232 14884 request code 10.2.47.200:1812 host = 1 id = 254, length = 227 on port 32769

  RDS 2011-10-24 16:16:03 2788 14884 (VSA unknown Vendor ID 14179)

  GBA debug:

  -First application-

  AUTH 24/10/2011 16:16:01 I 0365 13060 external DB [NTAuthenDLL.dll]: from [user01] user authentication
  AUTH 24/10/2011 16:16:01 I 0365 13060 external DB [NTAuthenDLL.dll]: Windows authentication attempt for the user1 user

  AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: authentication Windows successfully (by DCCORPMSK04)
  AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: information get RAS to the user user1 DCCORPMSK04

  -The second request-
  AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: from [user1] user authentication
  AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: Windows authentication attempt for the user1 user
  AUTH 24/10/2011 16:16:02 0365 13060 external DB [NTAuthenDLL.dll]: Windows authentication FAILED (Error 1326 L)
  AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: retry authentication to the CORP domain
  AUTH 24/10/2011 16:16:02 I 0365 13060 external DB [NTAuthenDLL.dll]: Windows authentication attempt for the user1 user
  AUTH 24/10/2011 16:16:02 0365 13060 external DB [NTAuthenDLL.dll]: Windows authentication FAILED (Error 1326 L)

  The ASA config:

  Crypto ikev1 allow outside
  Crypto ikev1 allow inside
  IKEv1 crypto ipsec-over-tcp port 10000
  life 86400
  IKEv1 crypto policy 65535
  authentication rsa - sig
  3des encryption
  md5 hash
  Group 2
  life 86400

  !

  internal Cert_auth group strategy
  attributes of Group Policy Cert_auth
  client ssl-VPN-tunnel-Protocol ikev1 l2tp ipsec
  Split-tunnel-policy tunnelspecified
  value of Split-tunnel-network-list aclVPN2
  the address value vpnpool pools
  rule of access-client-none

  !

  attributes global-tunnel-group DefaultRAGroup
  address (inside) vpnpool pool
  address vpnpool pool
  authentication-server-group RADIUS01
  authorization-server-group RADIUS01
  authorization-server-group (inside) RADIUS01
  Group Policy - by default-Cert_auth

  !

  RADIUS protocol AAA-server RADIUS01
  AAA-server host 10.2.9.224 RADIUS01 (inside)
  key *.
  RADIUS-common-pw *.
  AAA-server host 10.4.2.223 RADIUS01 (inside)
  key *.

  Hello

  It is a 'classic' error and has nothing to do with dual authentication, but rather with the fact that you do both radius and authorization of RADIUS authentication.

  If you remove this line:

  authorization-server-group RADIUS01

  you will see that it starts to work properly

  In short: when ASA no authorization of RADIUS, it sends a request to access radius with the username as a password, that's why you see the second application fails all the time.

  This is because the RADIUS authorization is intended to be used when authentication happens using certificates (only) so there is no password.

  Also note that within the RADIUS protocol, authentication and authorization are not separate things, both occur in a single step. So if the ASA makes the radius authentication, he already gets the user attributes in the authentication step and it makes no sense to also make a separate authorization stage (except in a few very rare scenario where you have 2 radius servers, one for authentication and another for permission).

  HTH

  Herbert

• Could not connect to Server-CentOS linux virtual desktop of Windows 8 client

  Unable to connect to the virtual office CentOS 6 using vWorkspace.

  Implementation error "could not connect to the server.

  XRDP installed correctly as I can successfully RDP using RDP client from a Windows 8 client.

  Forest licences on the broker for connections,

  0 NCSDSK01. LABORATORY. REDARMOUR.CO.UK10.20.1.1819226174E610C20BD20DBB133C34DA791DC2219DA08BF977B6A0A1AA17FFC12106CD17403A242F3EF1AF61598B08900899588552513AC7CDABC2E7DF1408B8D9B4F0CD7987351BB35D10F3F5DDCDB1595428A57DB0BBD06EA26057F64D7315A25DD1405A96E9EADB5E93BFC48FAF7C5B5FAE750676214FC747EA171F9FCBE52A3FAB6BDC89964F930F9478AE24E7ADAF4AE86C6CF06D00797F252F7C2E1FB617D41D820F584D9773B83144C63DCF9B17E174F73C99C9446ADEDBA478E741EEC914D7F433C8C124C2493F6BE9AD8945541F4D646B4987882941EBCC80EA01725CFDABD1F1AD49947265C98CADF19657AE2A7BD100DEF4138097F1AF577A2C6BF08CentOS%systemroot%\explorer.exe1011121

  2013-09-23 22:33:10.510-748 11032 - broker - INFO - # message collection accepted...

  2013-09-23 22:33:10.510-748 11032 - broker - INFO - heartbeat: NCSDSK01.lab.redarmour.co.uk (10.20.1.181)

  2013-09-23 22:33:10.510 - 748 - 11032 - broker - DEBUG - CDbManager: Re-use of conn = 0x053f2510 (50)

  2013-09-23 22:33:10.510-748 11032 - broker - INFO - get the status of the remote computer.

  2013-09-23 22:33:10.526 - conn - broker - DEBUG - CDbManager:keeping 748-11032 = 0x053f2510 (50, lastCount = 49)

  2013-09-23 22:33:10.526 - 748 - 11032 - broker - INFO - CDbManager:connection held 17 ms

  2013-09-23 22:33:10.526-748 11032 - broker - INFO - # message Finished collection (MS = 17)

  2013-09-23 22:33:11.509-748 11032 - broker - INFO - # message collection accepted...

  DNS resolves the virtual machine very well and the broker for connections indicates that the virtual computer is off and online. The installed Virtual Office Extensions and service that runs successfully.

  CentOS VM is joined to the domain active directory.

  Watch it records all service broker of successful connection messages

  Any idea?

  This question is not met at the time of the request.