utility of hash (md5)

Hello

I need to write a batch in PL/SQL program to read a file and then encrypt information before storing in the oracle tables. The only requirement is to use the hash (md5) 3rd party to encrypt the information. How to use utility hash 3rd party in pl/sql codes? is it still possible to use some 3rd party utilities in pl/sql? I would appreciate for your comments/suggestions/advice.


Thank you

Jon

Why is it a requirement of the company? If Oracle and third-party utility use the same algorithm, they produce the same results. It seems not be no advantage to make possible a third component to the image, which would complicate just architecture.

If you're absolutely sure you want more complex architecture for no apparent gain, how is this updated third-party component implemented? You try to call a DLL or shared library? What operating system is running Oracle database? What version of Oracle?

Justin

Tags: Database

Similar Questions

  • Missing hash MD5 CUCM/CUC Upgrade OS on page

    I have been through several improvements CUCM and CUC but, at least one of them I noticed he had a hash MD5 Checksum of lack and white in CUCM BONES page just as I started the installation.

    I understand that if it does not match the checksum of when you downloaded from Cisco / PUT which is bad, but what happened when blank/lack just in the page of the OS?

    Thank you

    Dan

    Hi Dan,.

    If it is a upgrade file that has been downloaded from cisco.com you much download again trying to minimize the interference of the antivirus, vpn etc and see if the problem persists. I've seen a few cases of TAC where this scenario was known, but the upgrade went through and I don't see a bug for this as has been seen on different versions including 7.x. You can also open a TAC case to put the file published for you and try it.

    Manish

  • Hash MD5 for PIX515 IOS does not match check

    I've recently updated our firewall PIX515 release 7.2.2 to 7.2.4 and I wanted to check the hash MD5 for the downloaded IOS. However the hash generated on the PIX using the verify command does not match the hash that is published on the website of download of cisco. Published f2f6b88ea1b4a0b33045b3b18d0fb852, generated hash hash is fdcd... I checked the MD5 7.2.2 on a firewall, I have not yet updated and does not correspond to either. Am I missing something?

    OK, so you've downloaded an intermediate version - 7.2.4 (30), instead of the main exit of 7.2.4.

    7.2.4 checksum (30) is correct and corresponds to which advised you earlier: fdcd3a9d884baf0ec0aad78048f0e441

    You can check it out here:

    http://www.Cisco.com/cgi-bin/software/tablebuild/doftp.pl?ftpfile=Cisco/internal/special/ciscosecure/PIX/pix724-30.bin&app=tablebuild&status=showC2A

    Hope that clarifies the confusion.

  • Please give me the number of hash MD5 to check the file .iso from win7

    Please give me the number of hash MD5 to check the file in win7 because when I try to install win7 (after dload web) its saying some files are missing if please check the files and restart the installation process. so I need to check the file I downloaded is full or not

    Please send me the file md5 hash as soon as possible

    Windows 7 RC Build 7100 x 86
    File name: 7100.0.090421 - 1700_x86fre_client_en-us_Retail_Ultimate - GRC1CULFRER_EN_DVD.iso
    Size: 2.35 GB
    MD5 Hash: 8867C13330F56A93944BCD46DCD73590

    Windows 7 RC Build 7100 x 64
    File name: 7100.0.090421 - 1700_x64fre_client_en-us_Retail_Ultimate - GRC1CULFRER_EN_DVD.iso
    Size: 3.04 GB
    MD5 Hash: 98341AF35655137966E382C4FEAA282D

  • Windows 7 MD5 / Hash of SAHA-1

    I bought Windows 7 Home Premium of the offer of student offered by Microsoft; I already downloaded and such and I found a guide to create the files extracted to the .box file in an ISO and I obviously know its validity. But, I'm curious as to what that the hash MD5/SAHA-1 is for the Windows 7 Home Premium 32-bit (x 86) retail ISO, not the RTM ISO MSDN.

    I already know how to get the hash of the ISO bootable, I created the guide.

    Is the version of Windows, I bought and downloaded Windows 7 Home Premium 32 - bit (x 86) updated. I think it's the upgrade of retail.

    Hi all

    Thanks for posting. For more information on image of Digital River or how to get an image please contact them directly as they will be able to provide you with the information you need.

    https://Windows7.digitalriver.com/servlet/ControllerServlet?Action=DisplayContactFormPage&locale=en_US&siteid=mswpus

    I hope this helps!
    Shawn - Support Engineer - MCP, MCDST
    Microsoft Answers Support Engineer
    Visit our Microsoft answers feedback Forum and let us know what you think

  • Generate the MD5 hash in ALSB mail flow

    Does anyone know how to generate a hash MD5 of a username/password in a stream of messages ALSB?

    Pete

    Hello

    Use can use the legend of Java to generate hash Codes.

    For more information on how to generate MD5 hashes of the files pls look @ http://edocs.bea.com/md5_utilities.html

    Thank you
    -Srinivas

  • Is it possible that I can use at the back of my machine product keys to activate a Windows XP SP3 as a copy authentic?

    real operating system

    I bought 8 computers to set up an Internet Café which is windows xp professional authentic, one day, I was attacked by a power serge that crashed all my hard drives in the computers and had nothing to recovery... I replaced all the hard drives and surprisingly enough my original CD with the real BONES has a lot of scratches and can install the operating system. The version I have is only SP3 and is not authentic. I always authentic labels with product keys of the defective operating system stuck in each of the computers. Is it possible that I can use the product keys for SP3 as a copy is authentic?

    You need get the good one, the CORRESPONDENT XP installation CD.

    So, if all COA stickers indicate an OEM version of Windows XP Pro (MS level does not count), so if you can get a real GENERIC OEM Windows XP Pro installation CD (MS level does not count), simply use the product key on the COA sticker.
    You say that the version available is "not true." Because I don't know what you have, with the exception because it is not a true generic OEM XP Pro installation CD, I recommend that you do NOT use. Although hard to find, there are reputable dealers who sell this authentic CD. You can also borrow one from someone you know. Alternatively download the file .iso for him, but ONLY if YOU KNOW WHAT YOU DO! Fortunately there are values of hash MD5 and SHA1, published online to verify that you have the right pair. But if you don't know what you're doing, you could very well end with something that's plagued malware!

  • PIX with H & S VPN DMZ hosting web server to the hub

    Ok

    Heres a problem which I think would be quite common for these even remotely conscious of security. Unfortunately, my knowledge of the PIX (as well as other Cisco devices) is still in phase of 'growth '.

    So, here's the problem. I have a WAN put in place with PIXen and SonicWalls, we are set up in a design essentially Hub and Spoke (fine ok so it is partially meshed). We recently decided to pull the trigger on getting a 'real' web site and everything went relatively well that getting up and rolling. (even with my notice of 3 days/deadline), but here's the problem: I set up the web server on the DMZ to the hub pix, and I figured out (the easy part) how to set things so in the Home Office, people can connect to the web server by using the internal address, but I don't know what to do for people in remote offices with VPN home connections. I tried to define static routes, I tried to add the DMZ to the VPN trigger, I tried to do both of the last things together, and I checked that I have rules allowing traffic to the VPN outside the DMZ on the inside. So, what else can I I get?

    I have no problem by configuring a PIX for all basic ups and VPN even at this stage, I can do most of it through the CLI (even if I still want to do more through the PDM). My biggest stumbling block on the PIX has so far was when I actually involve this pesky DMZ...

    I actually two PIX in my office, two for my network domestic (one for my place in the States and one for my place in the Japan), so if you can help me, I'll be the two problems and do not forget to give a rating of excellent reviews!

    so I guess that leaves me to the place where I scream...

    Help!

    and I humbly await your comments.

    the current pix configuration should look at sth like this,

    IP access-list 101 permit

    IP access-list 110 permit

    Global 1 interface (outside)

    (Inside) NAT 0-list of access 101

    NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

    Permitted connection ipsec sysopt

    Crypto ipsec transform-set esp-3des esp-md5-hmac superset

    myvpn 10 ipsec-isakmp crypto map

    correspondence address card crypto myvpn 10 110

    card crypto myvpn 10 set by peer

    superset of myvpn 10 transform-set card crypto

    interface myvpn card crypto outside

    ISAKMP allows outside

    ISAKMP key

     address netmask 255.255.255.255
    

    isakmp identity address
    

    isakmp nat-traversal 20
    

    isakmp policy 10 authentication pre-share
    

    isakmp policy 10 encryption 3des
    

    isakmp policy 10 hash md5
    

    isakmp policy 10 group 2
    

    isakmp policy 10 lifetime 86400
    

    now, to add dmz on top of the existing vpn, add the following to the pix (and apply the same concept on the remote end device)
    

    access-list 102 permit ip
    

    access-list 110 permit ip
    

    nat (dmz) 0 access-list 102

  • unique hardware ID?

    Does anyone know if the hardware id (Device.device.hardwareID) is "somewhat" unique? I need to get something like that, is not necessarily unique, but identifiable, as a hash value. At first I wanted to use a hashed MD5 Device.device.pin, but to use it, I need to ask the user for permission, and I don't think that users like that :/ Just in case, mine looks like this 100669XXX (XXX are other numbers)

    Unique identifier for a specific device is PIN or would be number (which is somewhat the same thing).

    They are protected by the action of the user, because it is considered to be personal information.

    Hardward Id - is the same for all the rules.

  • Problem with IPSEC tunnel between Cisco PIX and Cisco ASA

    Hi all!

    Have a strange problem with one of our tunnel ipsec for one of our customers, we can open the tunnel of the customers of the site, but not from our site, don't understand what's wrong, if it would be a configuration problem should can we not all up the tunnel.

    On our side as initiator:

    Jan 14 13:53:26 172.27.1.254% PIX-7-702208: ISAKMP Phase 1 Exchange started (local 1.1.1.1 (initiator), remote 2.2.2.2)

    Jan 14 13:53:26 172.27.1.254% PIX-7-702210: Exchange of ISAKMP Phase 1 is complete (local 1.1.1.1 (initiator), remote 2.2.2.2)

    Jan 14 13:53:26 172.27.1.254% 6-PIX-602202: ISAKMP connected session (local 1.1.1.1 (initiator), remote 2.2.2.2)

    Jan 14 13:53:26 172.27.1.254% PIX-6-602201: Phase 1 ISAKMP Security Association created (local 1.1.1.1/500 (initiator), 2.2.2.2/500 remotely, authentication = pre-action, encryption = 3DES-CBC, hash = SHA, group = 2, life = 86400 s)

    Jan 14 13:53:26 172.27.1.254% PIX-7-702209: ISAKMP Phase 2 Exchange started (local 1.1.1.1 (initiator), remote 2.2.2.2)

    Jan 14 13:53:26 172.27.1.254% PIX-7-702201: ISAKMP Phase 1 delete received (local 1.1.1.1 (initiator), remote 2.2.2.2)

    Jan 14 13:53:26 172.27.1.254% PIX-6-602203: ISAKMP disconnected session (local 1.1.1.1 (initiator), remote 2.2.2.2)

    Jan 14 13:53:56 172.27.1.254% PIX-7-702303: sa_request, CBC (MSG key in English) = 1.1.1.1, dest = 2.2.2.2, src_proxy = 172.27.1.10/255.255.255.255/0/0 (type = 1), dest_proxy = 192.168.100.18/255.255.255.255/0/0 (type = 1), Protocol is ESP transform = lifedur hmac-sha-esp, esp-3des 28800 = s and 4608000 Ko, spi = 0 x 0 (0), id_conn = 0, keysize = 0, flags = 0 x 4004

    The site of the customer like an answering machine:

    14 jan 11:58:23 172.27.1.254% PIX-7-702208: ISAKMP Phase 1 Exchange started (local 1.1.1.1 (answering machine), 2.2.2.2 remote)

    14 jan 11:58:23 172.27.1.254% PIX-7-702210: Exchange of ISAKMP Phase 1 is complete (local 1.1.1.1 (answering machine), 2.2.2.2 remote)

    14 jan 11:58:23 172.27.1.254% 6-PIX-602202: ISAKMP connected session (local 1.1.1.1 (answering machine), 2.2.2.2 remote)

    14 jan 11:58:23 172.27.1.254% PIX-6-602201: Phase 1 ISAKMP Security Association created (local 1.1.1.1/500 (answering machine), distance 2.2.2.2/500, authentication = pre-action, encryption = 3DES-CBC, hash = MD5, group = 1, life = 86400 s)

    14 jan 11:58:23 172.27.1.254% PIX-7-702209: ISAKMP Phase 2 Exchange started (local 1.1.1.1 (answering machine), 2.2.2.2 remote)

    14 jan 11:58:23 172.27.1.254% PIX-6-602301: its created, (his) sa_dest = 2.2.2.2, sa_prot = 50, sa_spi = 0x9de820bd (2649235645) sa_trans = sa_conn_id of hmac-sha-esp, esp-3des = 116

    14 jan 11:58:23 172.27.1.254% PIX-7-702211: Exchange of ISAKMP Phase 2 is complete (local 1.1.1.1 (answering machine), 2.2.2.2 remote)

    Jan 14 12:28:54 172.27.1.254% PIX-6-602302: SA deletion, (his) sa_dest = 2.2.2.2, sa_prot = 50, sa_spi = 0x9de820bd (2649235645), sa_trans = esp-3desesp-sha-hmac, sa_conn_id = 116

    Kind regards

    Johan

    From my experience when a tunnel is launched on one side, but it is not on the other hand, that the problem is with an inconsistency of the isakmp and ipsec policies, mainly as ipsec policies change sets and corresponding address with ASA platform when a tunnel is not a statically defined encryption card he sometimes use the dynamic tag to allocate this vpn connection. To check if this is the case go ahead and make a "crypto ipsec to show his" when the tunnel is active on both sides, see on the SAA if the corresponding tunnel is the static encryption card set or if it presents the dynamic encryption card.

    I advise you to go to the settings on both sides and ensure that they are both in the opposite direction.

  • Site to Site VPN links

    Hi guys, I am currently configuring a VPN connection between 2 sites, I replaced a few cryptographic cards with ipsec tunnel interfaces instead.   However I do not know what configuration lines are always required following is excerpts from the configuration, both sites have similar configurations but the documentation I found does not show the use of the online political isakmp crypto, but when I remove it the link is unable to implement.

    crypto isakmp policy 3 encr 3des hash md5  authentication pre-sharegroup 2 lifetime 20000!!crypto isakmp key keygoeshere address xxx.xxx.xxx.xxxcrypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac !crypto ipsec profile Site-to-Siteset transform-set ESP-3DES-SHA1 !!interface Tunnel0 description --- Connection to WA --- ip address 192.168.250.1 255.255.255.252 tunnel source Dialer1 tunnel destination xxx.xxx.xxx.xxx tunnel mode ipsec ipv4 tunnel path-mtu-discovery tunnel protection ipsec profile Site-to-Site!router rip version 2 passive-interface Vlan1 network 192.168.1.0 network 192.168.250.0!

    Andrew,

    If you plan to use IPsec as the VPN Protocol, you cannot remove the crypto isakmp policy (because it is used for negotiation of phase 1 between VPN endpoints).

    You use IPsec profiles, it's because you are establishing VTI or GRE VPN tunnels?

    Of VPN are what type you trying to set up?

    Federico.

  • L2L dynamic peers with no dynamic peers

    Hi all

    Can't see to fight my way out of this configuration.  We have a router configured with the dynamic IPSec L2L counterparts and remote access to (pretty much using this configuration: LINK ).  I'm not use to the keychain / configuration profile.  But try adding a tunnel without a profile, perhaps 'non-dynamique' peer?

    Here is the configuration:

    crypto keyring spokes 
      pre-shared-key address 0.0.0.0 0.0.0.0 key PSK1
    !
    crypto isakmp policy 10
     encr aes
     authentication pre-share
     group 2
    !
    crypto isakmp policy 20
     encr 3des
     hash md5
     authentication pre-share
     group 2
    crypto isakmp key L2L-PSK2 address 76.113.24.103
    crypto isakmp keepalive 10 10
    crypto isakmp nat keepalive 10
    !
    crypto isakmp client configuration group VPN-Users
     key PSK1
     pool ippool
     acl 171
    !
    crypto isakmp profile VPNclient
       match identity group VPN-Users
       client authentication list default
       isakmp authorization list groupauthor
       client configuration address respond
    crypto isakmp profile L2L
       keyring spokes
       match identity address 0.0.0.0        
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
    crypto ipsec transform-set transform-1 esp-3des esp-md5-hmac 
    crypto ipsec transform-set testset esp-3des esp-md5-hmac 
    crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac 
    !
    crypto dynamic-map DynIPSecMap01 2
     set transform-set ESP-3DES-MD5 
     set isakmp-profile VPNclient
    crypto dynamic-map DynIPSecMap01 5
     description tunnel_to_EEUU
     set transform-set testset 
     match address 110
    !
    !
    crypto map IPSecMap01 10 ipsec-isakmp 
     description REMO_ST_VPN
     set peer 76.113.24.103
     set transform-set ESP-AES-SHA 
     match address REMO_ST_VPN
    crypto map IPSecMap01 10000 ipsec-isakmp dynamic DynIPSecMap01 

    interface Serial0/0/0:0
     ip address 178.31.76.1 255.255.255.252
     ip flow ingress
     ip flow egress
     ip nat outside
     ip virtual-reassembly
     crypto map IPSecMap01
     
    ip access-list extended REMO_ST_VPN
     permit ip 172.18.38.0 0.0.0.255 172.16.202.0 0.0.0.255
    !
    access-list 10 permit 65.122.15.2
    access-list 110 permit ip 172.18.35.0 0.0.0.255 10.1.2.0 0.0.0.255
    access-list 110 permit ip 172.18.38.0 0.0.0.255 10.1.2.0 0.0.0.255

    We are failing on Phase 1 because the PSK does not match.  And this error:

    ISAKMP: (3134): key not found in the profile key, abandonment of exchange rings

    Can someone point me in the right direction?

    Thanks for your time and support,

    Nick

    Try to create a new crypto isakmp profile to match the INVESTIGATION period off the coast of the L2L counterpart.  Then create a new door-key crypto for this peer instead of using the command "isakmp crypto key.

  • VPN PIX 506e to Linksys RV042?

    I'm kind of a rookie of Cisco and need help to set up a virtual private network:

    I replaced a Netopia R910 with a Linksys RV042.  I have set the parameters of the best that I could.  I am trying to reconnect the VPN site to site of our network (192.168.0.x private, public xxx.xxx.109.202) to the remote network (xxx.xxx.131.50 192.168.38.x and private, public).

    In the Linksys VPN shows connected but no traffic coming.  I can't ping anything on the remote subnet.

    It worked fine with the R910 and no settings have changed on the PIX, other new pre-shared keys that match.

    Here are the PIX config and the RV042 config is attached as an image.

    Thank you very much for your help!

    Building configuration...
    
: Saved
    
:
    
PIX Version 6.3(3)
    
interface ethernet0 auto
    
interface ethernet1 auto
    
nameif ethernet0 outside security0
    
nameif ethernet1 inside security100
    
enable password ************ encrypted
    
passwd *************** encrypted
    
hostname pixfirewall
    
domain-name ciscopix.com
    
clock timezone PST -8
    
clock summer-time PDT recurring
    
fixup protocol dns maximum-length 512
    
fixup protocol ftp 21
    
fixup protocol h323 h225 1720
    
fixup protocol h323 ras 1718-1719
    
fixup protocol http 80
    
fixup protocol rsh 514
    
fixup protocol rtsp 554
    
fixup protocol sip 5060
    
fixup protocol sip udp 5060
    
fixup protocol skinny 2000
    
fixup protocol smtp 25
    
fixup protocol sqlnet 1521
    
fixup protocol tftp 69
    
names
    
name 192.168.1.0 FirstStreet
    
name 192.168.38.2 Sco
    
name xxx.xxx.130.94 FirstWan
    
name 192.168.4.0 Oakurst
    
name 192.168.7.0 Clovis
    
name 192.168.3.0 Madera
    
name 192.168.0.0 TomJ
    
name xxx.xxx.131.58 FMLFirst
    
name xxx.xxx.131.22 Integrity
    
name 192.168.6.0 TJhome
    
name 192.168.38.10 Server2
    
name xxx.xxx.117.182 ClovisPublicIP
    
name xxx.xxx.100.239 OakurstPublicIP
    
name xxx.xxx.174.185 MaderaPublicIP
    
name 192.168.38.64 VideoS1
    
object-group network FMLRemoteOffices
    
  description Public IP's and Internal Subnets for All Remote Offices
    
  network-object OakurstPublicIP 255.255.255.255
    
  network-object MaderaPublicIP 255.255.255.255
    
  network-object ClovisPublicIP 255.255.255.255
    
  network-object xxx.xxx.109.202 255.255.255.255
    
access-list inside_outbound_nat0_acl permit ip 192.168.38.0 255.255.255.0 Clovis 255.255.255.0
    
access-list inside_outbound_nat0_acl permit ip 192.168.38.0 255.255.255.0 Oakurst 255.255.255.0
    
access-list inside_outbound_nat0_acl permit ip 192.168.38.0 255.255.255.0 TJhome 255.255.255.0
    
access-list inside_outbound_nat0_acl permit ip 192.168.38.0 255.255.255.0 Madera 255.255.255.0
    
access-list inside_outbound_nat0_acl permit ip any host 192.168.38.248
    
access-list inside_outbound_nat0_acl permit ip any 192.168.38.248 255.255.255.248
    
access-list outside_access_in permit tcp any host xxx.xxx.131.54 eq https
    
access-list outside_access_in permit icmp any any echo-reply
    
access-list outside_access_in remark Sage e-prescription service 8423
    
access-list outside_access_in permit tcp any host xxx.xxx.131.54 eq 8423
    
access-list outside_access_in permit tcp any host xxx.xxx.131.53 eq 1202
    
access-list outside_access_in permit tcp any host xxx.xxx.131.52 eq 7000
    
access-list outside_cryptomap_20 permit ip 192.168.38.0 255.255.255.0 Clovis 255.255.255.0
    
access-list outside_cryptomap_80 permit ip 192.168.38.0 255.255.255.0 Oakurst 255.255.255.0
    
access-list outside_cryptomap_120 permit ip 192.168.38.0 255.255.255.0 Madera 255.255.255.0
    
access-list outside_cryptomap_100 permit ip 192.168.38.0 255.255.255.0 TJhome 255.255.255.0
    
no pager
    
logging on
    
icmp permit any echo-reply outside
    
icmp permit any echo-reply inside
    
mtu outside 1500
    
mtu inside 1500
    
ip address outside xxx.xxx.131.50 255.255.255.248
    
ip address inside 192.168.38.4 255.255.255.0
    
ip audit info action alarm
    
ip audit attack action alarm
    
ip local pool VPNDHCP 192.168.38.248-192.168.38.252
    
ip local pool DHCP39 192.168.39.1-192.168.39.254
    
pdm location Integrity 255.255.255.255 outside
    
pdm location 192.168.38.0 255.255.255.0 inside
    
pdm location FirstStreet 255.255.255.0 inside
    
pdm location FirstStreet 255.255.255.0 outside
    
pdm location Sco 255.255.255.255 inside
    
pdm location FirstWan 255.255.255.255 outside
    
pdm location Oakurst 255.255.255.0 outside
    
pdm location Clovis 255.255.255.0 outside
    
pdm location TJhome 255.255.255.0 outside
    
pdm location Madera 255.255.255.0 outside
    
pdm location TomJ 255.255.255.0 outside
    
pdm location 0.0.0.0 255.255.255.255 outside
    
pdm location xxx.xxx.141.217 255.255.255.255 outside
    
pdm location 192.168.38.111 255.255.255.255 inside
    
pdm location 192.168.38.3 255.255.255.255 inside
    
pdm location FMLFirst 255.255.255.255 outside
    
pdm location xxx.xxx.130.15 255.255.255.255 outside
    
pdm location 128.0.0.0 128.0.0.0 outside
    
pdm location xxx.xxx.109.202 255.255.255.255 outside
    
pdm location Server2 255.255.255.255 inside
    
pdm location ClovisPublicIP 255.255.255.255 outside
    
pdm location OakurstPublicIP 255.255.255.255 outside
    
pdm location MaderaPublicIP 255.255.255.255 outside
    
pdm location 192.168.38.248 255.255.255.255 outside
    
pdm location TomJ 255.255.255.0 inside
    
pdm location VideoS1 255.255.255.255 inside
    
pdm location 192.168.38.21 255.255.255.255 inside
    
pdm group FMLRemoteOffices outside
    
pdm logging debugging 500
    
no pdm history enable
    
arp timeout 14400
    
global (outside) 1 xxx.xxx.131.51
    
nat (inside) 0 access-list inside_outbound_nat0_acl
    
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
    
static (inside,outside) xxx.xxx.131.54 Server2 netmask 255.255.255.255 0 0
    
static (inside,outside) xxx.xxx.131.53 192.168.38.21 netmask 255.255.255.255 0 0
    
static (inside,outside) xxx.xxx.131.52 VideoS1 netmask 255.255.255.255 0 0
    
access-group outside_access_in in interface outside
    
route outside 0.0.0.0 0.0.0.0 xxx.xxx.131.49 1
    
route inside FirstStreet 255.255.255.0 192.168.38.254 1
    
timeout xlate 3:00:00
    
timeout conn 4:00:00 half-closed 2:00:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
    
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
    
timeout uauth 0:05:00 absolute
    
aaa-server TACACS+ protocol tacacs+
    
aaa-server RADIUS protocol radius
    
aaa-server LOCAL protocol local
    
aaa authentication ssh console LOCAL
    
http server enable
    
http Integrity 255.255.255.255 outside
    
http xxx.xxx.141.217 255.255.255.255 outside
    
http xxx.xxx.109.202 255.255.255.255 outside
    
http 192.168.38.0 255.255.255.0 inside
    
no snmp-server location
    
no snmp-server contact
    
snmp-server community public
    
no snmp-server enable traps
    
floodguard enable
    
sysopt connection permit-ipsec
    
sysopt connection permit-pptp
    
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    
crypto dynamic-map outside_dyn_map 30 set transform-set ESP-DES-MD5
    
crypto dynamic-map outside_dyn_map 50 set transform-set ESP-3DES-MD5
    
crypto map outside_map 20 ipsec-isakmp
    
crypto map outside_map 20 match address outside_cryptomap_20
    
crypto map outside_map 20 set peer ClovisPublicIP
    
crypto map outside_map 20 set transform-set ESP-DES-MD5
    
crypto map outside_map 80 ipsec-isakmp
    
crypto map outside_map 80 match address outside_cryptomap_80
    
crypto map outside_map 80 set peer OakurstPublicIP
    
crypto map outside_map 80 set transform-set ESP-DES-MD5
    
crypto map outside_map 100 ipsec-isakmp
    
crypto map outside_map 100 match address outside_cryptomap_100
    
crypto map outside_map 100 set peer xxx.xxx.174.234
    
crypto map outside_map 100 set transform-set ESP-DES-MD5
    
crypto map outside_map 120 ipsec-isakmp
    
crypto map outside_map 120 match address outside_cryptomap_120
    
crypto map outside_map 120 set peer MaderaPublicIP
    
crypto map outside_map 120 set transform-set ESP-DES-MD5
    
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    
crypto map outside_map interface outside
    
isakmp enable outside
    
isakmp key ******** address xxx.xxx.141.217 netmask 255.255.255.255 no-xauth no-config-mode
    
isakmp key ******** address ClovisPublicIP netmask 255.255.255.255 no-xauth no-config-mode
    
isakmp key ******** address xxx.xxx.64.82 netmask 255.255.255.255 no-xauth no-config-mode
    
isakmp key ******** address xxx.xxx.67.172 netmask 255.255.255.255 no-xauth no-config-mode
    
isakmp key ******** address OakurstPublicIP netmask 255.255.255.255 no-xauth no-config-mode
    
isakmp key ******** address xxx.xxx.24.157 netmask 255.255.255.255 no-xauth no-config-mode
    
isakmp key ******** address xxx.xxx.174.234 netmask 255.255.255.255 no-xauth no-config-mode
    
isakmp key ******** address xxx.xxx.88.137 netmask 255.255.255.255
    
isakmp key ******** address MaderaPublicIP netmask 255.255.255.255 no-xauth no-config-mode
    
isakmp key ******** address xxx.xxx.109.202 netmask 255.255.255.255 no-xauth no-config-mode
    
isakmp policy 20 authentication pre-share
    
isakmp policy 20 encryption des
    
isakmp policy 20 hash md5
    
isakmp policy 20 group 2
    
isakmp policy 20 lifetime 86400
    
isakmp policy 40 authentication pre-share
    
isakmp policy 40 encryption 3des
    
isakmp policy 40 hash md5
    
isakmp policy 40 group 2
    
isakmp policy 40 lifetime 86400
    
vpngroup FMLREASYVPN address-pool VPNDHCP
    
vpngroup FMLREASYVPN dns-server 192.168.38.3
    
vpngroup FMLREASYVPN idle-time 1800
    
vpngroup FMLREASYVPN password ********
    
vpngroup Brevium address-pool VPNDHCP
    
vpngroup Brevium dns-server 192.168.38.3
    
vpngroup Brevium idle-time 1800
    
vpngroup Brevium password ********
    
telnet 192.168.38.0 255.255.255.0 inside
    
telnet TomJ 255.255.255.0 inside
    
telnet timeout 5
    
ssh Integrity 255.255.255.255 outside
    
ssh 99.15.109.202 255.255.255.255 outside
    
ssh timeout 5
    
management-access inside
    
console timeout 0
    
vpdn group PPTP-VPDN-GROUP accept dialin pptp
    
vpdn group PPTP-VPDN-GROUP ppp authentication chap
    
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
    
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
    
vpdn group PPTP-VPDN-GROUP client configuration address local VPNDHCP
    
vpdn group PPTP-VPDN-GROUP client configuration dns 192.168.38.3
    
vpdn group PPTP-VPDN-GROUP pptp echo 60
    
vpdn group PPTP-VPDN-GROUP client authentication local
    
vpdn username admin password *********
    
vpdn username tonette password *********
    
vpdn username rosie password *********
    
vpdn username cts password *********
    
vpdn username MaderaFMLR password *********
    
vpdn username ruth password *********
    
vpdn username fogg password *********
    
vpdn username lanier password *********
    
vpdn username lanier2 password *********
    
vpdn username justin password *********
    
vpdn username mike password *********
    
vpdn username heather password *********
    
vpdn username Brevium password *********
    
vpdn username jeremiah password *********
    
vpdn enable outside
    
dhcpd lease 3600
    
dhcpd ping_timeout 750
    
dhcpd auto_config outside
    
username admin password *************** encrypted privilege 15
    
terminal width 80
    
Cryptochecksum:******************************
    
: end
    
[OK]

    NAT exemption, you must add the following:

    inside_outbound_nat0_acl ip 192.168.38.0 access list allow TomJ 255.255.255.0 255.255.255.0

  • VPN on ASA5510 statics to dynamics of several peers.

    Hi all

    I have the following configuration:

    crypto ipsec transform-set myset esp-3des esp-md5-hmac
    
    crypto ipsec security-association lifetime seconds 28800
    
    crypto ipsec security-association lifetime kilobytes 4608000
    
    crypto dynamic-map cisco 1 set transform-set myset
    
    crypto map dyn-map 20 ipsec-isakmp dynamic cisco
    
    crypto map dyn-map interface outside
    
    crypto isakmp enable outside
    
    crypto isakmp policy 10
    
    authentication pre-share
    
    encryption 3des
    
    hash md5
    
    group 2
    
    lifetime 86400
    
    crypto isakmp policy 20
    
    authentication pre-share
    
    encryption des
    
    hash md5
    
    group 2
    
    lifetime 86400
    

    tunnel-group DefaultL2LGroup ipsec-attributes
    
    pre-shared-key *************

    This configuration works for a unique dynamic counterpart, and it also works if I add peers with the same pre-shared-key.

    However, I would add tunnel groups for many different peers dynamic in order to have different pre-shared keys for each of them; I tried several times but I don't see any work phase 1.

    Can someone help me with this?

    Thank you very much.

    If it is dynamic to static IPSec LAN-to-LAN tunnel, the answer is no, you can set different pre shared key for dynamic lan-to-lan tunnels because the peer ip address might be different. However, if the peer address is static, you can create a static encryption card (However, which requires static configuration for each remote peer).

  • Customer remote cannot access the server LAN via VPN

    Hi friends,

    I'm a new palyer in ASA.

    My business is small. We need to the LAN via VPN remote client access server.

    I have an ASA5510 with version 7.0. I have configured remote access VPN and it can establish the tunnel with success. But I can not access the server.

    Client VPN is 5.0.07.0290 version. Encrypted packages have increased but the decrypted packet is 0 in the VPN client statistics, after I connected successfully.

    Next to the ASA, I show crypto ipsec sa, just deciphering the packets increase.

    Who can help me?

    Thank you very much.

    The following configuration:

    ASA Version 7.0(7)
    
    !
    
    hostname VPNhost
    
    names
    
    dns-guard
    
    !
    
    interface Ethernet0/0
    
    nameif outside
    
    security-level 10
    
    ip address 221.122.96.51 255.255.255.240
    
    !
    
    interface Ethernet0/1
    
    nameif inside
    
    security-level 100
    
    ip address 192.168.42.199 255.255.255.0
    
    !
    
    interface Ethernet0/2
    
    shutdown
    
    no nameif
    
    no security-level
    
    no ip address
    
    !
    
    interface Management0/0
    
    shutdown
    
    no nameif
    
    no security-level
    
    no ip address
    
    management-only
    
    !
    
    ftp mode passive
    
    dns domain-lookup inside
    
    access-list PAT_acl extended permit ip 192.168.42.0 255.255.255.0 any
    
    access-list allow_PING extended permit icmp any any inactive
    
    access-list Internet extended permit ip host 221.122.96.51 any inactive
    
    access-list VPN extended permit ip 192.168.42.0 255.255.255.0 192.168.43.0 255.255.255.0
    
    access-list VPN extended permit ip 192.168.43.0 255.255.255.0 192.168.42.0 255.255.255.0
    
    access-list CAPTURE extended permit ip host 192.168.43.10 host 192.168.42.251
    
    access-list CAPTURE extended permit ip host 192.168.42.251 host 192.168.43.10
    
    pager lines 24
    
    mtu outside 1500
    
    mtu inside 1500
    
    ip local pool testpool 192.168.43.10-192.168.43.20
    

    arp timeout 14400
    
    global (outside) 1 interface
    
    nat (inside) 0 access-list VPN
    
    nat (inside) 1 access-list PAT_acl
    
    route outside 0.0.0.0 0.0.0.0 221.122.96.49 10
    

    
    
    username testuser password 123
    
    aaa authentication ssh console LOCAL
    
    aaa local authentication attempts max-fail 3
    

    no sysopt connection permit-ipsec
    
    crypto ipsec transform-set FirstSet esp-des esp-md5-hmac
    
    crypto dynamic-map dyn1 1 set transform-set FirstSet
    
    crypto dynamic-map dyn1 1 set reverse-route
    
    crypto map mymap 1 ipsec-isakmp dynamic dyn1
    
    crypto map mymap interface outside
    
    isakmp enable outside
    
    isakmp policy 1 authentication pre-share
    
    isakmp policy 1 encryption des
    
    isakmp policy 1 hash md5
    
    isakmp policy 1 group 2
    
    isakmp policy 1 lifetime 86400
    
    isakmp nat-traversal  3600
    
    tunnel-group testgroup type ipsec-ra
    
    tunnel-group testgroup general-attributes
    
    address-pool testpool
    
    tunnel-group testgroup ipsec-attributes
    
    pre-shared-key *
    
    telnet timeout 5
    

    ssh timeout 10
    
    console timeout 0
    

    : end

    Topology as follows:

    Hello

    Configure the split for the VPN tunneling.

    1. Create the access list that defines the network behind the ASA.

      ciscoasa(config)#access-list Split_Tunnel_List remark The corporate network behind the ASA. ciscoasa(config)#access-list Split_Tunnel_List standard permit 10.0.1.0 255.255.255.0

    2. Mode of configuration of group policy for the policy you want to change.

      ciscoasa(config)#group-policy hillvalleyvpn attributes ciscoasa(config-group-policy)#

    3. Specify the policy to split tunnel. In this case, the policy is tunnelspecified.

      ciscoasa(config-group-policy)#split-tunnel-policy tunnelspecified

    4. Specify the access tunnel split list. In this case, the list is Split_Tunnel_List.

      ciscoasa(config-group-policy)#split-tunnel-network-list value Split_Tunnel_List

    5. Type this command:

      ciscoasa(config)#tunnel-group hillvalleyvpn general-attributes

    6. Associate the group with the tunnel group policy

      ciscoasa(config-tunnel-ipsec)# default-group-policy hillvalleyvpn

    7. Leave the two configuration modes.

      ciscoasa(config-group-policy)#exit ciscoasa(config)#exit ciscoasa#

    8. Save configuration to non-volatile RAM (NVRAM) and press enter when you are prompted to specify the name of the source file.

    Kind regards
    Abhishek Purohit
    CCIE-S-35269

Maybe you are looking for