Version 4.0 Client VPN via a DSL connection

Similar Questions

• VPN between two computers xp via a dsl connection

  Is it possible to remotely connect to two computers xp via a dsl connection? Using vpn

  Hello

  To establish a VPN connection must act as a VPN server.

  There are hardware devices (such as some routers) that can do the job.

  Or try this, http://www.aeonity.com/frost/howto-windows-xp-vpn-server-setup

• Client VPN will travel not connected via 877w

  Hello

  I've implemented a Cisco 877w and it works very well for web access

  Client VPN on my laptop connects via the 877w and authenticates on my remote work ASA5510 firewall.

  Problem is after you connect to the ASA, I can not connect anything internally work network (10.0.0.0/24), ping, etc. RDP is back with no answer.

  I've attached the config, can someone tell me what I am missing, might access a list?

  Thanks for your help

  Chris

  This router is made PAT/NAT, Ipsec blocking.

  Activate Nat on the ASA course remote.

  ISAKMP nat - t or crypto isakmp nat - t

  HTH

  Sangaré

  Pls rate helpful messages

• Client VPN not open or connect

  Hello

  I'm currently running Client VPN 5.0.07.0440 on a Windows 7 Pro HP TouchSmart. The .pcf file is that the same iI uses the same network on many other om of machines.  When I double click the icon, the window opens, but when I double click on the login entry, the dialog box shows 'connection to the gateway security to xxx.xxx.xxx.xxx for a few seconds and then says no 'connected'.  I can't even login screen I can normally. This is a new mode of computer. All updates are downloaded for windows.

  I uninstalled the client and re-installed it re-boot after each step. I have ping for the address and had no problems. Avast, Malwarebytes as on other machines running. No other security software. My VPN is enabled in my network connections.

  Here is my log file:

  Cisco Systems VPN Client Version 5.0.07.0440
  Copyright (C) 1998-2010 Cisco Systems, Inc.. All rights reserved.
  Customer type: Windows, Windows NT
  Running: 6.1.7600
  Config files directory: C:\Program Files (x 86) \Cisco Systems\VPN Client\
   
  1 13:05:53.644 05/07/14 Sev = WARNING/3 IKE/0xE3000057
  The HASH payload received cannot be verified
   
  2 13:05:53.644 05/07/14 Sev = WARNING/2 IKE/0xE300007E
  Failed the hash check... may be configured with password invalid group.
   
  3 13:05:53.644 05/07/14 Sev = WARNING/2 IKE/0xE300009B
  Impossible to authenticate peers (Navigator: 915)
   
  4 13:05:53.645 05/07/14 Sev = WARNING/2 IKE/0xE30000A7
  SW unexpected error during the processing of negotiator aggressive Mode:(Navigator:2263)

  I know the names and passwords are correct, as they were copied from work files.

  Hope this is posted in the right group.

  Never had this problem after a lot of machines. Any help would be greatly appreciated.

  Thank you

  Since you get the message 'can be configured with password invalid group", perhaps your FCP file has been corrupted.

  I would recommend that you compare the profile pcf file (stored in "C:\Program Files (x 86) \Cisco Client\Profiles") on the machine of non-working with a working configuration.

  They can be viewed in a text editor or with a comparison (like the freeware ExamDiff) tool. The hashes from encrypted password Group (string in file preceded by "enc_GroupPwd =") must match.

• How can I get the Client VPN or NAT - ted connection

  I installed a router on a customer site to replace a PC that made the NAT on a cable modem connection.

  On the router THAT NAT is done to get all the s PC on the LAN to access the Internet.

  But... one of the users use a VPN client to get to his office. With the PC, there is no problem, but given that the router is in place it can not connect.

  Because I specialized on switched networks my knowledge; edge of NAT and VPN clients.

  Is there anyone who knows how to get this VPN client-session user to be NAT - ted?

  Kind regards

  Martijn Koopsen

  If you have some onfigured of overload, then you tap the traffic. In all cases, you should at least be able to establish a connection, as IPSec uses UDP 500 for the negotiation of the tunnel. If you are not able to pass all traffic, it is another question. Once the tunnel is established, the traffic can be encrypted using the Protocol ESP who cannot be tapped under normal circumstances. If this is a cisco IPsec client, then you must discover which is the feature of termination. If it's a hub 3K, you could activate IPSec over UDP to the problem of circumvention the ESP

  Hope that helps

  Jean Marc

• How to move the ASA of IPSEC VPN via UDP to TCP

  I have a client who has a remote desktop with 2 PCs than VPN in to their location of HQ. Previously, two computers where in different places now that they are in the same place. Both PC's are able to successfully establish a VPN connection to the CA by using the Version of the Client VPN Cisco 5.0.07.0290, but only 1 system actually passes the traffic and is able to access the resources at Headquarters.

  I asked another engineer, and they said ' you must configure IPSEC over TCP or use Anyconnect to have multiple clients behind the same PAT' public ed remote ip address... ". ». I would go with IPSEC for TCP connection, so I won't have to uninstall the old client and go through the process of installing the AnyConnect client. Here is the configuration of the ASA 5505 thanks in advance for any help.

  CLIENTASA # sh run

  : Saved

  :

  ASA Version 7.2 (4)

  !

  hostname CLIENTASA

  domain client.local

  activate 72LucMgVuxp5I3Ox encrypted password

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  IP x.x.x.x where x.x.x.x

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  passive FTP mode

  DNS server-group DefaultDNS

  domain client.local

  standard SPLIT-TUNNEL access list permit 192.168.1.0 255.255.255.0

  outside_in list extended access permit tcp any any eq smtp

  outside_in list extended access permit tcp any any eq www

  outside_in list extended access permitted tcp everything any https eq

  access-list extended sheep allowed ip 192.168.1.0 255.255.255.0 10.99.99.0 255.255.255.0

  pager lines 24

  Enable logging

  recording of debug console

  debug logging in buffered memory

  asdm of logging of information

  Within 1500 MTU

  Outside 1500 MTU

  pool local IP VPN-10.99.99.100 - 10.99.99.200

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm - 523.bin

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0 access-list sheep

  NAT (inside) 1 192.168.1.0 255.255.255.0

  NAT (inside) 1 0.0.0.0 0.0.0.0

  public static tcp (indoor, outdoor) interface www 192.168.1.2 netmask 255.255.255.255 www

  public static tcp (indoor, outdoor) interface https 192.168.1.2 netmask 255.255.255.255 https

  public static tcp (indoor, outdoor) interface smtp 192.168.1.2 netmask 255.255.255.255 smtp

  Access-group outside_in in external interface

  Route outside 0.0.0.0 0.0.0.0 x.x.x.x 1

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  AAA authentication enable LOCAL console

  the ssh LOCAL console AAA authentication

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set esp-3des esp - esp-md5-hmac

  Crypto dynamic-map VPNDYN 1 set transform-set esp-3des

  vpn ipsec dynamic VPNDYN 65535-isakmp crypto map

  vpn outside crypto map interface

  crypto ISAKMP allow outside

  crypto ISAKMP policy 100

  preshared authentication

  the Encryption

  md5 hash

  Group 2

  life 86400

  crypto ISAKMP policy 65535

  preshared authentication

  the Encryption

  sha hash

  Group 2

  life 86400

  Telnet 0.0.0.0 0.0.0.0 inside

  Telnet timeout 5

  SSH 0.0.0.0 0.0.0.0 inside

  SSH 0.0.0.0 0.0.0.0 outdoors

  SSH timeout 5

  Console timeout 0

  dhcpd dns 192.168.1.2

  dhcpd outside auto_config

  !

  des-sha1 encryption SSL rc4 - md5

  VPN-POLICY group policy interns

  attributes of VPN-POLICY-group policy

  value of server DNS 192.16.1.2

  Split-tunnel-policy tunnelspecified

  Split-tunnel-network-list value of SPLIT TUNNEL

  admin PWpqnmc2BqJP9Qrb encrypted privilege 15 password username

  password encrypted vpn2 ZBNuNQsIyyMGbOB2 user name

  username vpn3 encrypted password 15c4LrPNccaj1Ufr

  vpn1 fsQgwXwSLokX6hEU encrypted password username

  tunnel-group CLIENTVPN type ipsec-ra

  attributes global-tunnel-group CLIENTVPN

  address VPN-POOL pool

  Group Policy - by default-VPN-POLICY

  IPSec-attributes tunnel-group CLIENTVPN

  pre-shared-key *.

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  !

  global service-policy global_policy

  context of prompt hostname

  Cryptochecksum:41bd95c164a63bb26b01c109ab1bd68a

  : end

  CLIENTASA #.

  Hello

  You can try adding

  Crypto isakmp nat-traversal 30

  And test connections

  I think that you need to add to use the TCP protocol

  Crypto isakmp ipsec-over-tcp 10000

  You will also need to change the Transparent tunnel setting on the profile of Client VPN software to use TCP instead of option of NAT/PAT.

  -Jouni

• Traffic of Client VPN routing via VPN Site to Site

  Hello

  We have the following scenario:

  • Office (192.168.2.x)
  • Data Center (212.64.x.x)
  • Home workers (192.168.2.x) (scope DHCP is in the office subnet)

  Connections:

  • Desktop to Data Center traffic is routed through a Site at IPSec VPN, which works very well.
  • Welcome to the office is routed through a Site IPSec VPN Client.

  The question we have right now, is the Client VPN works, and we have implemented a split tunnel which includes only the subnet of the Office for a list of network.

  What I have to do, is to route all traffic to home' to 'Data Center' by site to Site VPN is configured.

  I tried to add the ranges of IP data center to the list of Client VPN Split tunnel, but when I do that and try to connect at home, I just get a "connection timed out" or denied, as if she was protected by a firewall?

  Could you please let me know what I missed?

  Result of the command: "show running-config"
  : Saved
  :
  ASA Version 8.2(5)
  !
  hostname ciscoasa
  domain-name skiddle.internal
  enable password xxx encrypted
  passwd xxx encrypted
  names
  name 188.39.51.101 dev.skiddle.com description Dev External
  name 192.168.2.201 dev.skiddle.internal description Internal Dev server
  name 164.177.128.202 www-1.skiddle.com description Skiddle web server
  name 192.168.2.200 Newserver
  name 217.150.106.82 Holly
  !
  interface Ethernet0/0
  switchport access vlan 2
  !
  interface Ethernet0/1
  !
  interface Ethernet0/2
  !
  interface Ethernet0/3
  shutdown
  !
  interface Ethernet0/4
  shutdown
  !
  interface Ethernet0/5
  shutdown
  !
  interface Ethernet0/6
  shutdown
  !
  interface Ethernet0/7
  shutdown
  !
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.2.254 255.255.255.0
  !
  interface Vlan2
  nameif outside
  security-level 0
  ip address 192.168.3.250 255.255.255.0
  !
  !
  time-range Workingtime
  periodic weekdays 9:00 to 18:00
  !
  ftp mode passive
  clock timezone GMT/BST 0
  clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
  dns domain-lookup inside
  dns server-group DefaultDNS
  name-server Newserver
  domain-name skiddle.internal
  same-security-traffic permit inter-interface
  object-group service Mysql tcp
  port-object eq 3306
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group network rackspace-public-ips
  description Rackspace Public IPs
  network-object 164.177.132.16 255.255.255.252
  network-object 164.177.132.72 255.255.255.252
  network-object 212.64.147.184 255.255.255.248
  network-object 164.177.128.200 255.255.255.252
  object-group network Cuervo
  description Test access for cuervo
  network-object host Holly
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_3 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_4 tcp
  port-object eq www
  port-object eq https
  access-list inside_access_in extended permit ip any any
  access-list outside_access_in remark ENABLES Watermark Wifi ACCESS TO DEV SERVER!
  access-list outside_access_in extended permit tcp 188.39.51.0 255.255.255.0 interface outside object-group DM_INLINE_TCP_4 time-range Workingtime
  access-list outside_access_in remark ENABLES OUTSDIE ACCESS TO DEV SERVER!
  access-list outside_access_in extended permit tcp any interface outside object-group DM_INLINE_TCP_3
  access-list outside_access_in remark Public Skiddle Network > Dev server
  access-list outside_access_in extended permit tcp 192.168.3.0 255.255.255.0 interface outside eq www
  access-list outside_access_in extended permit tcp object-group rackspace-public-ips interface outside eq ssh
  access-list outside_access_in remark OUTSIDE ACCESS TO DEV SERVER
  access-list outside_access_in extended permit tcp object-group Cuervo interface outside object-group DM_INLINE_TCP_1 inactive
  access-list outside_access_in extended permit tcp 192.168.3.0 255.255.255.0 host dev.skiddle.internal object-group DM_INLINE_TCP_2 inactive
  access-list inside_access_in_1 remark HTTP OUT
  access-list inside_access_in_1 extended permit tcp any any eq www
  access-list inside_access_in_1 remark HTTPS OUT
  access-list inside_access_in_1 extended permit tcp any any eq https
  access-list inside_access_in_1 remark SSH OUT
  access-list inside_access_in_1 extended permit tcp any any eq ssh
  access-list inside_access_in_1 remark MYSQL OUT
  access-list inside_access_in_1 extended permit tcp any host 164.177.128.200 object-group Mysql
  access-list inside_access_in_1 remark SPHINX OUT
  access-list inside_access_in_1 extended permit tcp any host 164.177.128.200 eq 3312
  access-list inside_access_in_1 remark DNS OUT
  access-list inside_access_in_1 extended permit object-group TCPUDP host Newserver any eq domain
  access-list inside_access_in_1 remark PING OUT
  access-list inside_access_in_1 extended permit icmp any any
  access-list inside_access_in_1 remark Draytek Admin
  access-list inside_access_in_1 extended permit tcp any 192.168.3.0 255.255.255.0 eq 4433
  access-list inside_access_in_1 remark Phone System
  access-list inside_access_in_1 extended permit tcp any 192.168.3.0 255.255.255.0 eq 35300 log disable
  access-list inside_access_in_1 remark IPSEC VPN OUT
  access-list inside_access_in_1 extended permit udp any host 94.236.41.227 eq 4500
  access-list inside_access_in_1 remark IPSEC VPN OUT
  access-list inside_access_in_1 extended permit udp any host 94.236.41.227 eq isakmp
  access-list inside_access_in_1 remark Office to Rackspace OUT
  access-list inside_access_in_1 extended permit ip 192.168.2.0 255.255.255.0 object-group rackspace-public-ips
  access-list inside_access_in_1 remark IMAP OUT
  access-list inside_access_in_1 extended permit tcp any any eq imap4
  access-list inside_access_in_1 remark FTP OUT
  access-list inside_access_in_1 extended permit tcp any any eq ftp
  access-list inside_access_in_1 remark FTP DATA out
  access-list inside_access_in_1 extended permit tcp any any eq ftp-data
  access-list inside_access_in_1 remark SMTP Out
  access-list inside_access_in_1 extended permit tcp any any eq smtp
  access-list outside_1_cryptomap extended permit ip 192.168.2.0 255.255.255.0 object-group rackspace-public-ips
  access-list inside_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 object-group rackspace-public-ips
  access-list inside_nat0_outbound extended permit ip any 192.168.2.128 255.255.255.224
  access-list inside_1_cryptomap extended permit ip 192.168.2.0 255.255.255.0 object-group rackspace-public-ips
  access-list outside_1_cryptomap_1 extended permit tcp 192.168.2.0 255.255.255.0 object-group rackspace-public-ips eq ssh
  access-list RACKSPACE-cryptomap_1 extended permit ip 192.168.2.0 255.255.255.0 object-group rackspace-public-ips
  access-list RACKSPACE-TEST extended permit ip host 94.236.41.227 any
  access-list RACKSPACE-TEST extended permit ip any host 94.236.41.227
  access-list InternalForClientVPNSplitTunnel remark Inside for VPN
  access-list InternalForClientVPNSplitTunnel standard permit 192.168.2.0 255.255.255.0
  access-list InternalForClientVPNSplitTunnel remark Rackspace
  access-list InternalForClientVPNSplitTunnel standard permit 164.177.128.200 255.255.255.252
  access-list InternalForClientVPNSplitTunnel remark Rackspace
  access-list InternalForClientVPNSplitTunnel standard permit 164.177.132.16 255.255.255.252
  access-list InternalForClientVPNSplitTunnel remark Rackspace
  access-list InternalForClientVPNSplitTunnel standard permit 164.177.132.72 255.255.255.252
  access-list InternalForClientVPNSplitTunnel remark Rackspace
  access-list InternalForClientVPNSplitTunnel standard permit 212.64.147.184 255.255.255.248
  pager lines 24
  logging enable
  logging console debugging
  logging monitor debugging
  logging buffered debugging
  logging trap debugging
  logging asdm warnings
  logging from-address [email protected]/* */
  logging recipient-address [email protected]/* */ level errors
  mtu inside 1500
  mtu outside 1500
  ip local pool CiscoVPNDHCPPool 192.168.2.130-192.168.2.149 mask 255.255.255.0
  ip verify reverse-path interface inside
  ip verify reverse-path interface outside
  ipv6 access-list inside_access_ipv6_in permit tcp any any eq www
  ipv6 access-list inside_access_ipv6_in permit tcp any any eq https
  ipv6 access-list inside_access_ipv6_in permit tcp any any eq ssh
  ipv6 access-list inside_access_ipv6_in permit icmp6 any any
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any outside
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp interface www dev.skiddle.internal www netmask 255.255.255.255
  static (inside,outside) tcp interface ssh dev.skiddle.internal ssh netmask 255.255.255.255
  access-group inside_access_in in interface inside control-plane
  access-group inside_access_in_1 in interface inside
  access-group inside_access_ipv6_in in interface inside
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 192.168.3.254 10
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication telnet console LOCAL
  aaa authentication enable console LOCAL
  http server enable 4433
  http 192.168.1.0 255.255.255.0 inside
  http 192.168.2.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec security-association lifetime seconds 86400
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
  crypto map outside_map 1 match address RACKSPACE-cryptomap_1
  crypto map outside_map 1 set pfs
  crypto map outside_map 1 set peer 94.236.41.227
  crypto map outside_map 1 set transform-set ESP-AES-128-SHA
  crypto map outside_map 1 set security-association lifetime seconds 86400
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ca certificate chain _SmartCallHome_ServerCA
  certificate ca xxx
  quit
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication crack
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 20
  authentication rsa-sig
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 40
  authentication crack
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 50
  authentication rsa-sig
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 60
  authentication pre-share
  encryption aes-192
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 70
  authentication crack
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 80
  authentication rsa-sig
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 90
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 100
  authentication crack
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 110
  authentication rsa-sig
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 120
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 130
  authentication crack
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 140
  authentication rsa-sig
  encryption des
  hash sha
  group 2
  lifetime 86400
  crypto isakmp policy 150
  authentication pre-share
  encryption des
  hash sha
  group 2
  lifetime 86400
  telnet 192.168.1.0 255.255.255.0 inside
  telnet 192.168.2.0 255.255.255.0 inside
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  !
  dhcprelay server 192.68.2.200 inside
  threat-detection basic-threat
  threat-detection scanning-threat
  threat-detection statistics host
  threat-detection statistics access-list
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ntp server 194.35.252.7 source outside prefer
  webvpn
  port 444
  svc image disk0:/anyconnect-macosx-i386-2.4.1012-k9.pkg 1 regex "Intel Mac OS X"
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol IPSec webvpn
  group-policy skiddlevpn internal
  group-policy skiddlevpn attributes
  dns-server value 192.168.2.200
  vpn-tunnel-protocol IPSec l2tp-ipsec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value InternalForClientVPNSplitTunnel
  default-domain value skiddle.internal
  username bensebborn password *** encrypted privilege 0
  username bensebborn attributes
  vpn-group-policy skiddlevpn
  username benseb password gXdOhaMts7w/KavS encrypted privilege 15
  tunnel-group 94.236.41.227 type ipsec-l2l
  tunnel-group 94.236.41.227 ipsec-attributes
  pre-shared-key *****
  tunnel-group skiddlevpn type remote-access
  tunnel-group skiddlevpn general-attributes
  address-pool CiscoVPNDHCPPool
  default-group-policy skiddlevpn
  tunnel-group skiddlevpn ipsec-attributes
  pre-shared-key *****
  !
  class-map inspection_default
  match default-inspection-traffic
  !
  !
  policy-map type inspect dns preset_dns_map
  parameters
  message-length maximum client auto
  message-length maximum 512
  policy-map global_policy
  class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  policy-map global-policy
  class inspection_default
  inspect icmp
  inspect icmp error
  inspect ipsec-pass-thru
  inspect ftp
  !
  service-policy global_policy global
  smtp-server 164.177.128.203
  prompt hostname context
  call-home reporting anonymous
  Cryptochecksum:6c2eb43fa1150f9a5bb178c716d8fe2b
  : end
  

  You must even-Security-enabled traffic intra-interface to allow communication between vpn VPN.

  With respect,

  Safwan

  Remember messages useful rate.

• Deploy the latest version of View Client via Web Interface?

  Hello

  Last week I was given an article ( http://www.networkworld.com/news/2011/021011-windows-fix-vmware-software.html ) and this KB ( http://kb.vmware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 1034262 ( )

  I wonder if there is an update also the Manager of the view for the latest version of the client will be available for those who connect to the display server?  Or is there a way I can deploy this client within the display server?

  We have many student users who now have connection problems, and the new version of the client solves this problem.  I'm just trying to discover the best deployment mechanism.

  Thanks for your comments!

  There is a downloads.war on connection brokers folder that contains all of the installation of the system.  It's also simple to replace these files with new clients named in the same way.  Here's a write up to someone in another thread.

  http://www.christowles.com/2011/02/VMware-view-45-client-353760.html

• OSX 10.11.3 can't VPN via AnyConnect 3.1.14018 iPhone6 ASA 5550 Verizon hotspot

  I did a lot of research on this, found similar questions, but not this exact one.

  I have a Mac OSX 10.11.3 using Cisco AnyConnect 3.1.14018.  It can VPN to our ASA version sw 8.2 (5) 55 perfectly fine on any LAN or Wifi.  He cannot complete a VPN connection using an iPhone to Verizon 6 running the latest iOS via mobile access point.  The VPN itself requires a certificate and a name of user and password (from the AD authentication).

  During the attempt, on Mac, we get the error: client VPN could not check the IP forwarding table changes. A VPN connection can be established.

  The connection can be established in other hotspots, Android on Verizon, IOS on AT & T, no problem.  IOS on Verizon?  Nope.  No luck with Verizon to support.

  The only thing that stands in the firewall log when the connection attempt fails: group user IP <123.45.123.234>transmitting large package 1456 (line 1399).

  Any ideas?

  Thank you!

  Please try to disable IPv.6 from the MAC interface

• Client VPN und Cisco asa 5505 tunnel work but no traffic

  Hi all

  I am new to this forum and Don t have a lot of experience with Cisco, so I hope I can get help from specialists.

  I have the following problem:

  I installed und konfigured ASA 5505 for use with vpn client. I would like to access the local network from outside through vpn.

  To test, I installed ASA 5505 with ADSL (pppoe) and tried to give access to the internal network.

  Of course whenever I have recive the supplier's different IP address, but it didn't is not a problem reconfigure in the vpn client.

  After the connection is established (vpn tunnel work) I can see my external network packets. But I Don t have any connection to the internal network.

  I erased my setup yesterday and tried to reconfigure ASA again. I didn t tested yesterday, because it was too late. And I know that I Don t have the authorization rule at present by the ACL. But I think I'm having the same problem again. (tunnel but no traffic).

  What I did wrong. Could someone let me know what I have to do today.

  With hope for your help Dimitri.

  ASA configuration after reset and basic configuration: works to the Internet from within the course.

  : Saved

  : Written by enable_15 to the CEDT 20:29:18.909 Sunday, August 29, 2010

  !

  ASA Version 8.2 (2)

  !

  ciscoasa hostname

  activate 2KFQnbNIdI.2KYOU encrypted password

  2KFQnbNIdI.2KYOU encrypted passwd

  names of

  !

  interface Vlan1

  nameif inside

  security-level 100

  IP 192.168.1.1 255.255.255.0

  !

  interface Vlan2

  nameif outside

  security-level 0

  PPPoE client vpdn group home

  IP address pppoe setroute

  !

  interface Ethernet0/0

  switchport access vlan 2

  !

  interface Ethernet0/1

  !

  interface Ethernet0/2

  !

  interface Ethernet0/3

  !

  interface Ethernet0/4

  !

  interface Ethernet0/5

  !

  interface Ethernet0/6

  !

  interface Ethernet0/7

  !

  boot system Disk0: / asa822 - k8.bin

  passive FTP mode

  clock timezone THATS 1

  clock to summer time CEDT recurring last Sun Mar 02:00 last Sun Oct 03:00

  DNS domain-lookup outside

  DNS server-group DefaultDNS

  Server name 194.25.0.60

  Server name 194.25.0.68

  DM_INLINE_TCP_1 tcp service object-group

  port-object eq www

  EQ object of the https port

  inside_access_in list extended access permitted udp 192.168.1.0 255.255.255.0 no matter what eq field open a debug session

  inside_access_in list extended access permitted tcp 192.168.1.0 255.255.255.0 any object-group DM_INLINE_TCP_1 open a debug session

  inside_access_in list extended access deny ip any any debug log

  inside_nat0_outbound to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.0.0 255.255.0.0

  permit inside_nat0_outbound to access extended list ip 192.168.10.0 255.255.255.0 192.168.10.0 255.255.255.128

  homegroup_splitTunnelAcl list standard access allowed 192.168.10.0 255.255.255.0

  pager lines 24

  Enable logging

  asdm of logging of information

  Outside 1500 MTU

  Within 1500 MTU

  IP local pool homepool 192.168.10.1 - 192.168.10.100 mask 255.255.255.0

  ICMP unreachable rate-limit 1 burst-size 1

  ASDM image disk0: / asdm-625 - 53.bin

  ASDM location 192.168.0.0 255.255.0.0 inside

  ASDM location 192.168.10.0 255.255.255.0 inside

  don't allow no asdm history

  ARP timeout 14400

  Global 1 interface (outside)

  NAT (inside) 0-list of access inside_nat0_outbound

  NAT (inside) 1 0.0.0.0 0.0.0.0

  inside_access_in access to the interface inside group

  Timeout xlate 03:00

  Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

  Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

  Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

  Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

  timeout tcp-proxy-reassembly 0:01:00

  dynamic-access-policy-registration DfltAccessPolicy

  Enable http server

  http 192.168.1.0 255.255.255.0 inside

  No snmp server location

  No snmp Server contact

  Server enable SNMP traps snmp authentication linkup, linkdown cold start

  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

  Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

  Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

  Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

  Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

  Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

  life crypto ipsec security association seconds 28800

  Crypto ipsec kilobytes of life - safety 4608000 association

  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

  Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

  outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

  outside_map interface card crypto outside

  crypto ISAKMP allow outside

  crypto ISAKMP policy 10

  preshared authentication

  3des encryption

  sha hash

  Group 2

  life 86400

  Telnet timeout 5

  SSH timeout 5

  Console timeout 0

  VPDN group home request dialout pppoe

  VPDN group House localname 04152886790

  VPDN group House ppp authentication PAP

  VPDN username 04152886790 password 1

  dhcpd outside auto_config

  !

  dhcpd address 192.168.1.5 - 192.168.1.36 inside

  dhcpd allow inside

  !

  a basic threat threat detection

  Statistics-list of access threat detection

  no statistical threat detection tcp-interception

  TFTP server 192.168.1.5 inside c:/tftp-root

  WebVPN

  Group Policy inner residential group

  attributes of the strategy of group home group

  value of 192.168.1.1 DNS server

  Protocol-tunnel-VPN IPSec

  Split-tunnel-policy tunnelspecified

  value of Split-tunnel-network-list homegroup_splitTunnelAcl

  username user01 encrypted password privilege 0 v5P40l1UGvtJa7Nn

  user01 username attributes

  VPN-strategy group home group

  tunnel-group home group type remote access

  attributes global-tunnel-group home group

  address homepool pool

  Group Policy - by default-homegroup

  tunnel-group group residential ipsec-attributes

  pre-shared-key ciscotest

  !

  class-map inspection_default

  match default-inspection-traffic

  !

  !

  type of policy-card inspect dns preset_dns_map

  parameters

  maximum message length automatic of customer

  message-length maximum 512

  Policy-map global_policy

  class inspection_default

  inspect the preset_dns_map dns

  inspect the ftp

  inspect h323 h225

  inspect the h323 ras

  inspect the rsh

  inspect the rtsp

  inspect esmtp

  inspect sqlnet

  inspect the skinny

  inspect sunrpc

  inspect xdmcp

  inspect the sip

  inspect the netbios

  inspect the tftp

  Review the ip options

  !

  global service-policy global_policy

  context of prompt hostname

  Cryptochecksum:930e6cddf25838e47ef9633dc2f07acb

  : end

  Hello

  Normally, you want a static public IP address on the ASA to allow it to receive connections from VPN clients (avoid to change the IP address all the time).

  If you connect via VPN, check the following:

  1. the tunnel is established:

  HS cry isa his

  Must say QM_IDLE or MM_ACTIVE

  2 traffic is flowing (encrypted/decrypted):

  HS cry ips its

  3. Enter the command:

  management-access inside

  And check if you can PING the inside ASA VPN client IP.

  4. check that the default gateway for the LAN internal ASA within intellectual property (or there is a road to the ASA to send traffic to the VPN clients).

  Federico.

• Client VPN does not start when you use RDP

  I have a few people that RDP in Windows 2000 Server. The console client VPN starts very well (4.7 4.6 & tried). When accessing remotely via RDP, you try to start the VPN client throws the error:

  "Error 56: the Service VPN from Cisco Systems Inc. has not been started." Please start this service and try again. »

  Helpful service is started and it works very well from the console.

  If this is the case, then I guess that this version may have a bug.

  personally, I always use the v4.0.3(a). I was testing v4.6, however, it kept crashing my machine so finally that I dropped.

• Client VPN connects but not internal LAN access or Ping

  Hi all.

  I'm new on this forum and kindly asking for your help because I'm stuck.

  I have an ADSL router cisco 877 which I configured easy VPN server.
  Now the Cisco VPN client ver 5.0 to connect successfully to the VPN server, but when you try to access/ping computers on the internal network, there is no response.

  The configuration is below. Please let know us where I was going or what I missed.
  [code]

  Building configuration...

  Current configuration: 4574 bytes
  !
  version 12.4
  no service button
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  encryption password service
  !
  boot-start-marker
  boot-end-marker
  !
  enable secret 5 $1$ $86dn J8HrK9kCQ8G9aPAm6xe4o1
  enable password 7 13151601181B54382F
  !
  AAA new-model
  !
  !
  AAA authentication login default local
  AAA authentication login internal_affairs_vpn_1 local
  AAA authorization exec default local
  AAA authorization internal_affairs_vpn_group_1 LAN
  !
  !
  AAA - the id of the joint session
  !
  Crypto pki trustpoint TP-self-signed-2122144568
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 2122144568
  revocation checking no
  rsakeypair TP-self-signed-2122144568
  !
  !
  TP-self-signed-2122144568 crypto pki certificate chain
  self-signed certificate 03
  30820248 308201B 1 A0030201 02020103 300 D 0609 2A 864886 F70D0101 04050030
  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
  69666963 32313232 31343435 6174652D 3638301E 170 3032 30333032 32303537
  31375A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
  4F532D53 5369676E 656C662D 43 65727469 66696361 74652 32 31323231 65642D
  34343536 3830819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
  8100D3EA 07EC5D66 F4DD8ACC 5540BDBE 009B3C26 598EC99C D99D935A 51292F96
  F495E5A9 8D012B0E 73EA7639 3B 586799 187993F5 ED9CA31C 788756DD 6BDB1B2B
  4D7AA7F0 B07CF82F F2A29E86 E18B442C 550E22D2 E92D9914 105B7D59 253BBEA1
  D84636B4 A4B4B300 7946CE84 E9A63D2E 7789B03A 6ADDB04E B21EC207 CCFEAE0B
  30 HAS A 50203 010001, 3 1 130101 301B 0603 030101FF FF040530 0F060355 70306E30
  551 1104 14301282 10494E54 45524E41 4C5F4146 46414952 53301F06 03551D 23
  04183016 8014FA0F B3C9C651 7FD91EFA 3F63EAE8 6C83C80D 8AE2301D 0603551D
  0E041604 14FA0FB3 C9C6517F D91EFA3F 63EAE86C 83C80D8A E2300D06 092A 8648
  86F70D01 01040500 03818100 A1026DDC C91CAEB2 3C62AF92 D6B25EB2 CA 950, 920
  313BCF26 4A35B039 A4F806A0 8CB54D11 6AF1ABAA A770604B 4403F345 0351361B
  E2CF2950 26974F4A 95951862 401A4F76 C816590C 2FFCB115 9A8B3E96 4373FFE1
  33D744F7 E0FDDE61 B5B48497 9516C3C6 A3157957 C621668E A83B5E33 2420F962
  9142DD9E B6E9D74A 899A 9653
  quit smoking
  dot11 syslog
  IP cef
  No dhcp use connected vrf ip
  DHCP excluded-address IP 10.10.10.1
  !
  IP dhcp pool dhcplan
  Network 10.0.0.0 255.0.0.0
  DNS-server 196.0.50.50 81.199.21.94
  default router 10.10.10.1
  Rental 7
  !
  !
  property intellectual auth-proxy max-nodata-& 3
  property intellectual admission max-nodata-& 3
  name of the IP-server 81.199.21.94
  !
  !
  !
  VPN username password 7 095A5E07
  username fred privilege 15 password 7 1411000E08
  username ciscovpn password 7 01100F175804101F2F
  !
  !
  crypto ISAKMP policy 1
  BA 3des
  preshared authentication
  Group 2
  !
  ISAKMP crypto client configuration group internal_affairs_vpn
  key *.
  DNS 196.0.50.50 81.199.21.94
  pool ippool
  ACL 108
  !
  !
  Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
  !
  Crypto-map dynamic internal_affairs_DYNMAP_1 10
  Set transform-set RIGHT
  market arriere-route
  !
  !
  card crypto client internal_affairs_CMAP_1 of authentication list internal_affairs_vpn
  card crypto isakmp authorization list internal_affairs_vpn_group_1 internal_affairs_CMAP_1
  client configuration address card crypto internal_affairs_CMAP_1 answer
  ipsec 10-isakmp crypto map internal_affairs_CMAP_1 Dynamics internal_affairs_DYNMAP_1
  !
  Archives
  The config log
  hidekeys
  !
  !
  !
  Bridge IRB
  !
  !
  interface Loopback0
  2.2.2.2 the IP 255.255.255.255
  !
  ATM0 interface
  no ip address
  ATM vc-per-vp 512
  No atm ilmi-keepalive
  PVC 0/32
  aal5snap encapsulation
  Protocol ip inarp
  !
  DSL-automatic operation mode
  Bridge-Group 1
  !
  interface FastEthernet0
  !
  interface FastEthernet1
  !
  interface FastEthernet2
  !
  interface FastEthernet3
  !
  interface Vlan1
  description of the local lan interface
  IP 10.10.10.1 255.0.0.0
  IP nat inside
  IP virtual-reassembly
  !
  interface BVI1
  internet interface Description
  IP 197.0.4.174 255.255.255.252
  NAT outside IP
  IP virtual-reassembly
  internal_affairs_CMAP_1 card crypto
  !
  IP local pool ippool 192.168.192.1 192.168.192.200
  IP forward-Protocol ND
  IP route 0.0.0.0 0.0.0.0 196.0.4.173
  !
  IP http server
  local IP http authentication
  IP http secure server
  IP nat inside source list interface BVI1 NAT overload
  IP nat inside source static tcp 2.2.2.2 23 23 BVI1 interface
  !
  NAT extended IP access list
  allow an ip
  !
  access-list 108 allow ip 10.0.0.0 0.255.255.255 192.168.192.0 0.0.0.255
  !
  !
  !
  control plan
  !
  Bridge Protocol ieee 1
  1 channel ip bridge
  !
  Line con 0
  password 7 0216054818115F3348
  no activation of the modem
  line to 0
  line vty 0 4
  password 7 06160E325F59590B01
  !
  max-task-time 5000 Planner
  end

  Since this is a named ACL, you need to change ACL configuration mode:

  NAT extended IP access list

  Then, make the changes.

  Federico.

• SQL more unable to connect (computers connected via a DSL router)

  Hello!
  
  I have two computers connected locally via a DSL router. His IP address is 192.168.1.64 IP of the other is 192.168.1.65.
  "I'm trying to connect to 192.168.1.64 via SQL more 192.168.1.66 by running the following command: sqlplus system@"192.168.1.64/orcl.168.1.100 "and receive this error message:" ORA-12170: TNS: Connect timeout occurred. " I thought it was the default Windows Firewall that has caused this and changed the windows firewall settings in 192.168.1.64 adding port 1521 in the list of windows firewall. Now, I get this error: "ORA-12541: listener TNS:no.»
  
  Published by: totalnewby on June 12, 2010 10:53

  totalnewby wrote:
  Hello!

  I have two computers connected locally via a DSL router. His IP address is 192.168.1.64 IP of the other is 192.168.1.65.
  "I'm trying to connect to 192.168.1.64 via SQL more 192.168.1.66 by running the following command: sqlplus system@"192.168.1.64/orcl.168.1.100 "and receive this error message:" ORA-12170: TNS: Connect timeout occurred. " I thought it was the default Windows Firewall that has caused this and changed the windows firewall settings in 192.168.1.64 adding port 1521 in the list of windows firewall. Now, I get this error: "ORA-12541: listener TNS:no.»

  Published by: totalnewby on June 12, 2010 10:53

  =================================

  Suppose you have the following in your tnsnames.ora:

  Larry =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = myhost) (PORT = 1521))
  )
  (CONNECT_DATA =
  (SERVICE_NAME = curley)
  )
  )

  Now, when you issue a connect, say like this:

  $> sqlplus scott/tiger@larry

  TNS will appear in your tnsnames.ora for an entry called "larry". Then, tns sends a request to (PORT = 1521) on (HOST = myhost) to aid (PROTOCOL = TCP), requesting a connection to (SERVICE_NAME = curley).

  Where's (HOST = myhost) on the network? When the request is passed to tns to the next layer in the network stack, the name "myhost" resolves to an IP address, either via a file 'hosts' local, through DNS, or possibly other mechanisms being used less. Alternatively, you can hard-code the IP (HOST = 123.456.789.101) in the tnsnames.ora.

  Then, the request arrives at port 1521 myhost. If all goes well, there is a listener on myhost configured to listen on port 1521, and this listener knows SERVICE_NAME = curley. If so, you'll be connected.

  A few important points.

  First, the listener is a process only the side server. It's all in life seeks applications for reception for connections to the databases and set up these connections. Once the connection is established, the listener is out of the picture. It creates the connection. It does not support the connection. A listener, linking an oracle of the House, listening on a single port, use multiple instances of database in several versions of several houses. It is unnecessary complexity to try to have several headphones. It's like the telephone company, to build a separate table for each customer.

  Secondly, the tnsnames.ora file is a client-side problem. Its purpose is to address resolution - the equivalent of the 'hosts' file tns further to the bottom of the network stack. The only reason it exists on a host computer is because this machine also can run client processes.

  What can go wrong?

  First, there may not be an entry for 'larry' in your tnsnames file. In this case, you get "ORA-12154: TNS: could not resolve the connect identifier specified" no need to go looking for a problem on the host, with the listener, etc.. If you cannot place a phone call because you do not know the number (cannot find your phonebook (tnsnames.ora) or can not find the party looking for listed in it (no entry for larry)) you don't look at problems at the switchboard.

  Perhaps the entry for larry was found, but myhost could not be resolved to an IP address (for example there is no entry for myhost in the local hosts file). This will mean by "ORA-12545: Connect failed because target host or object does not exist.

  Maybe there is an entry for MyServer in the local hosts file, but it specified a bad IP address. This will mean by "ORA-12545: Connect failed because target host or object does not exist.

  Maybe the INVESTIGATION period was good, but there is no listener running: "ORA-12541: TNS:no listener.

  Maybe the INVESTIGATION period was good, there is a listener to myhost, but he is listening on a different port. "ORA-12560: TNS:protocol adapter error.

  Maybe the INVESTIGATION period was good, there is a listener to myhost, listening on the specified port, it's unknown SERVICE_NAME = curley. "ORA-12514: TNS:listener is not currently of service requested in connect descriptor.

  =====================================

• Can I have a copy of KB2982791? My client VPN application

  Original title: Please, please, please can I have a copy of KB2982791? My client VPN application

  Yes, I am aware that MS has w / drew this patch.

  However, I don't have the choice. I SHOULD have the patch and am willing to take the risk. My client is a Government, and their VPN is administered by people who insist that I have this patch in order to do my job.

  Can I PLEASE have the patch? If my system has problems, I'll take the risk. I can't change my client--their admins VPN will ALWAYS REQUIRE MS PATCHES, even if MS released their.

  I implore anyone who wants to hear it.

  Computers belongs to me - I'm an entrepreneur owner unique to Montgomery Co. MD [whose] VPN is administered by people who insist that I have this patch in order to do my job.

  Well, I'm afraid that you are between the proverbial rock and hard place, my friend.

  KB2982791 was "fired" shortly before midnight (Pacific time) on August 15, 2014. KB2982791 is no longer available through Windows Update. KB2982791 is no longer available via the MS Download Center or from the Microsoft Update Catalog. In addition, Microsoft informed uninstall KB2982791 if it is currently installed.

  If the admins of the County cannot understand the FAQ update on this page...

  
  Why this bulletin has been revised August 15, 2014?
  Microsoft revised this bulletin to address known issues related to the installation of security update 2982791. Microsoft is investigating the behavior associated with the installation of this update and will update this bulletin when more information is available. Microsoft recommends customers to uninstall this update. As an additional precaution, Microsoft has removed the 2982791 security update download links. For instructions on how to uninstall this update, see Microsoft Knowledge Base Article 2982791.

  .. .you need to slam a few heads together (or contact their TAM Microsoft).

  I suspect upgrading kernel (MS14-045) re-Mode drivers - will be released very soon (for example, early next week?), probably under a new KB number. [Those who say cannot know & those who say can't know.]

  Good luck on Monday morning!

  PS: Here is the consumer, specific peer-to-peer support forums. You'd better post in Win7 IT Pro-specifiques forums-online http://social.technet.microsoft.com/Forums/windows/en-US/home#category=w7itpro [or in the forums partner if you are a MS Partner]

• The VPN client VPN connection behind other PIX PIX

  I have the following problem:

  I wanted to establish the VPN connection the client VPN to PIX on GPRS / 3G, but I didn t have a bit of luck with PIX IOS version 6.2 (2).

  So I upgraded PIX to 6.3 (4) to use NAT - T and VPN client to version 4.0.5

  I have configured PIX with NAT-T(isakmp nat-traversal 20), but I still had a chance, he would not go through the 1st phase. As soon as I took nat-traversal isakmp off he started working, and we can connect to our servers.

  Now, I want to connect to the VPN client behind PIX to our customer PIX network. VPN connection implements without problem, but we can not access the servers. If I configure NAT - T on the two PIX, or only on the customer PIX or only on our PIX, no VPN connection at all.

  If I have to connect VPN client behind PIX to the customer's network and you try to PING DNS server for example, on our PIX, I have following error:

  305006: failed to create of portmap for domestic 50 CBC protocol translation: dst outside:194.x.x.x 10.10.1.x

  194.x.x.x is our customer s address IP PIX

  I understand that somewhere access list is missing, but I can not understand.

  Of course, I can configure VPN site to site, but we have few customers and take us over their servers, so it'd just connect behind PIX VPN and client connection s server, instead of the first dial-in and then establish a VPN connection.

  Can you please help me?

  Thank you in advan

  The following is extracted from ASK THE DISCUSSION FORUM of EXPERTS with Glenn Fullage of Cisco.

  I've cut and pasted here for you to read, I think that the problem mentioned below:

  Question:

  Hi Glenn,.

  Following is possible?

  I have the vpn client on my PC, my LAN is protected by a pix. I can launch the vpn client to connect to remote pix. Authenticates the vpn client and the remote pix makes my PC with the assigned ip appropriate to its pool of ip address.

  The problem that I am facing is that I can not anything across the pix remote ping from my PC which is behind my pix. Can you please guide me what I have to do to make this work, if it is possible?

  My PC has a static ip address assigned with the default gateway appropriate pointing to my s pix inside interface.

  Thank you very much for any help provided in advance.

  Response from Glenn:

  First of all, make sure that the VPN connection works correctly when the remote PC is NOT behind a PIX. If that works fine, but then breaks when put behind a PIX, it is probably that the PIX is PAT, which usually breaks IPSec. Add the following command on your PIX VPN client is behind:

  fixup protocol esp-ike

  See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/df.htm#wp1067379 for more details.

  If it still has issues, you can turn on NAT - T on the remote PIX that ends the VPN, the client and the remote PIX must encapsulate then all IPSec in UDP packets that your PIX will be able to PA correctly. Add the following command on the remote PIX:

  ISAKMP nat-traversal

  See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#wp1027312 for more details.

  NAT - T is a standard for the encapsulation of the UDP packets inot IETF IPSec packets.

  ESP IPSec (Protocol that use your encrypted data packets) is an IP Protocol, it is located just above IP, rather than being a TCP or UDP protocol. For this reason, it has no TCP/UDP port number.

  A lot of features that make the translation of address of Port (PAT) rely on a single to PAT TCP/UDP source port number ' ing. Because all traffic is PAT would be at the same source address, must be certain uniqueness to each of its sessions, and most devices use the port number TCP/UDP source for this. Because IPSec doesn't have one, many features PAT fail to PAT it properly or at all, and the data transfer fails.

  NAT - T is enabled on both devices of the range, they will determine during the construction of the tunnel there is a PAT/NAT device between them, and if they detect that there is, they automatically encapsulate every IPSec packets in UDP packets with a port number of 4500. Because there is now a port number, PAT devices are able to PAT it correctly and the traffic goes normally.

  Hope that helps.