VPN not send traffic
Have a Cisco 3005 concentrator and some users are not able to route traffic because of the entry door is not not same as the VPN interface. The problem occurred after one of the groups has been removed from the appliance 3005. Users can connect, but cannot reach the remote network. When we look at "route print" the bridge which shows another IP other than the IP Address of the VPN virtual device Interface. Is there a way to force a change or clear the roads? Example;
Network Destination gateway metric Interface subnet mask
0.0.0.0 0.0.0.0 172.20.10.5 172.20.10.122 20
10.1.0.0 255.255.255.0 172.20.10.1 172.20.10.59 100
10.2.0.0 255.255.255.0 172.20.10.1 172.20.10.59 100
65.216.9.229 255.255.255.255 172.20.10.5 172.20.10.122 100
127.0.0.0 255.0.0.0 127.0.0.1 on route 306
127.0.0.1 255.255.255.255 127.0.0.1 on route 306
127.255.255.255 255.255.255.255 on-link 127.0.0.1 306
169.254.0.0 255.255.0.0 on a 172.20.10.122 route 296
169.254.255.255 255.255.255.255 on a 172.20.10.122 route 276
172.20.10.0 255.255.255.0 on a 172.20.10.122 route 276
172.20.10.0 255.255.255.0 on a 172.20.10.59 route 276
172.20.10.0 255.255.255.0 172.20.10.1 172.20.10.59 100
172.20.10.6 255.255.255.255 on a link 172.20.10.122 100
172.20.10.59 255.255.255.255 on a 172.20.10.59 route 276
172.20.10.122 255.255.255.255 on a 172.20.10.122 route 276
172.20.10.122 255.255.255.255 172.20.10.1 172.20.10.59 276
172.20.10.255 255.255.255.255 on a 172.20.10.122 route 276
172.20.10.255 255.255.255.255 on a 172.20.10.59 route 276
172.20.10.255 255.255.255.255 172.20.10.1 172.20.10.59 276
172.20.11.0 255.255.255.0 172.20.10.1 172.20.10.59 100
172.20.21.0 255.255.255.0 172.20.10.1 172.20.10.59 100
172.20.31.0 255.255.255.0 172.20.10.1 172.20.10.59 100
172.20.50.0 255.255.255.0 172.20.10.1 172.20.10.59 100
172.20.51.0 255.255.255.0 172.20.10.1 172.20.10.59 100
There are some parameters of NAT - T group, so it makes sense that some clients have the problem, but others do not. Good to know that another cause of a client VPN routing problem could be linked to the absence of NAT - T. I noticed your reply.
Tags: Cisco Security
Similar Questions
-
Can not pass traffic from the VPN client to remote VPN site to site
Hello
I can't get the traffic flowing between my VPN clients and my remote site-to-site VPN, I did step by step in this link:
my firewall says that the package is abandoned by statefull inspection.
But this should be the command "same-security-traffic..." "this problem must be resolved
% ASA-6-302020: built ICMP incoming connections for faddr gaddr laddr (nworks) 10.48.100.2/0 10.48.100.2/0 10.45.231.163/1
% ASA-6-302020: built outgoing ICMP connection for faddr gaddr laddr 10.45.231.163/1 10.45.231.163/1 10.48.100.2/0
% ASA-6-302021: disassembly ICMP connection for faddr gaddr laddr (nworks) 10.48.100.2/0 10.48.100.2/0 10.45.231.163/1
% ASA-6-302021: disassembly ICMP connection for faddr gaddr laddr 10.45.231.163/1 10.45.231.163/1 10.48.100.2/0
Is it all what you might think that I'm missing?
Best regards
Erik
Erik,
Please check it out because no decaps means the ASA does not what it is the other side of the tunnel.
If you send traffic and you will see the crypt increment... but nothing in return... 99% sure that the problem is at the other end.
Federico.
-
Hello
I'll put up a tunnel vpn site-to-site between two locations. Both have cisco ASA 5505 running a different version, I'll explain in more detail below. so far, I was able to get the tunnel to come but I can't seem to pass traffic, I work at this for days now and have not been able to understand why he will not pass traffic. Needless to say that the customer's PO would be on the fact that their VPN is not upward and they had to do by hand. I'll put the configs below, if possible can someone help me as soon as POSSIBLE, I really want to get this site up and running so that we do not lose the customer.
An IP address of 0.0.0.0 = site
Site B IP = 1.1.1.1A Version of the site = 8.3.1
Version of the site B = 9.2.3__________________________
_________A RACE OF THE SITE CONFIGURATION
Output of the command: "sh run".
: Saved
:
ASA Version 8.3 (1)
!
hostname SDMCLNASA01
SDMCLNASA01 domain name. LOCAL
Select 5E8js/Fs7qxjxWdp of encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Vlan1
nameif inside
security-level 100
the IP 192.168.0.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
the IP 0.0.0.0 255.255.255.252
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
clock timezone CST - 6
clock to summer time recurring CDT
DNS lookup field inside
DNS domain-lookup outside
DNS server-group DefaultDNS
SDMCLNASA01 domain name. LOCAL
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
network of the NETWORK_OBJ_192.168.0.0_24 object
192.168.0.0 subnet 255.255.255.0
network of the NETWORK_OBJ_192.168.1.0_24 object
subnet 192.168.1.0 255.255.255.0
network lan_internal object
192.168.0.0 subnet 255.255.255.0
purpose of the smtp network
Home 192.168.0.245
Network http object
Home 192.168.0.245
rdp network object
Home 192.168.0.245
network ssl object
Home 192.168.0.245
network camera_1 object
host 192.168.0.13
network camerahttp object
host 192.168.0.13
service object 8081
source eq 8081 destination eq 8081 tcp service
Dvr description
network camera-http object
host 192.168.0.13
network dvr-http object
host 192.168.0.13
network dvr-mediaport object
host 192.168.0.13
object-group Protocol DM_INLINE_PROTOCOL_1
object-protocol udp
object-tcp protocol
object-group Protocol TCPUDP
object-protocol udp
object-tcp protocol
DM_INLINE_TCP_1 tcp service object-group
EQ port 3389 object
port-object eq www
EQ object of the https port
EQ smtp port object
DM_INLINE_TCP_2 tcp service object-group
port-object eq 34567
port-object eq 34599
EQ port 8081 object
permit access ip 192.168.0.0 scope list outside_1_cryptomap 255.255.255.0 192.168.1.0 255.255.255.0
outside_access_in list extended access permit tcp any any eq smtp
outside_access_in list extended access permit tcp any any DM_INLINE_TCP_1 object-group
outside_access_in list extended access permit tcp any any DM_INLINE_TCP_2 object-group
permit access ip 192.168.0.0 scope list inside_nat0_outbound 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any inside
ICMP allow all outside
don't allow no asdm history
ARP timeout 14400
NAT (inside, outside) static static source NETWORK_OBJ_192.168.1.0_24 destination NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.1.0_24
NAT (exterior, Interior) static static source NETWORK_OBJ_192.168.0.0_24 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.0.0_24
!
network lan_internal object
NAT dynamic interface (indoor, outdoor)
purpose of the smtp network
NAT (all, outside) interface static tcp smtp smtp service
Network http object
NAT (all, outside) interface static tcp www www service
rdp network object
NAT (all, outside) interface static service tcp 3389 3389
network ssl object
NAT (all, outside) interface static tcp https https service
network dvr-http object
NAT (all, outside) interface static 8081 8081 tcp service
network dvr-mediaport object
NAT (all, outside) interface static 34567 34567 tcp service
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 71.42.194.209 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
http server enable 8080
http 192.168.0.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 outside
http 71.40.221.136 255.255.255.252 inside
http 71.40.221.136 255.255.255.252 outside
http 192.168.0.0 255.255.255.0 outside
http 97.79.197.42 255.255.255.255 inside
http 97.79.197.42 255.255.255.255 outside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
card crypto outside_map 1 match address outside_1_cryptomap
card crypto outside_map 1 set peer 1.1.1.1
card crypto outside_map 1 set of transformation-ESP-3DES-SHA
outside_map interface card crypto outside
crypto isakmp identity address
crypto ISAKMP allow outside
crypto ISAKMP policy 65535
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd address 192.168.0.50 - 192.168.0.150 inside
dhcpd dns 192.168.0.245 209.18.47.62 interface inside
dhcpd SDMCLNASA01 field. LOCAL inside interface
dhcpd allow inside
!a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
attributes of Group Policy DfltGrpPolicy
Protocol-tunnel-VPN IPSec l2tp ipsec
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
pre-shared key *.
!
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
!
context of prompt hostname
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:462428c25e9748896e98863f2d8aeee7
: end________________________________
SITE B RUNNING CONFIG
Output of the command: "sh run".
: Saved
:
: Serial number: JMX1635Z1BV
: Material: ASA5505, 512 MB RAM, 500 MHz Geode Processor
:
ASA Version 9.2 (3)
!
ciscoasa hostname
activate qddbwnZVxqYXToV9 encrypted password
volatile xlate deny tcp any4 any4
volatile xlate deny tcp any4 any6
volatile xlate deny tcp any6 any4
volatile xlate deny tcp any6 any6
volatile xlate deny udp any4 any4 eq field
volatile xlate deny udp any4 any6 eq field
volatile xlate deny udp any6 any4 eq field
volatile xlate deny udp any6 any6 eq field
names of
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP 1.1.1.1 255.255.255.252
!
passive FTP mode
clock timezone CST - 6
clock to summer time recurring CDT
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
network camera_http object
host 192.168.1.13
network camera_media object
host 192.168.1.13
network of the NETWORK_OBJ_192.168.0.0_24 object
192.168.0.0 subnet 255.255.255.0
network of the NETWORK_OBJ_192.168.1.0_24 object
subnet 192.168.1.0 255.255.255.0
outside_access_in list extended access permit tcp any any eq 9000
outside_access_in list extended access permit tcp any any eq www
outside_access_in list extended access permit icmp any one
outside_cryptomap to access ip 192.168.1.0 scope list allow 255.255.255.0 object NETWORK_OBJ_192.168.0.0_24
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any inside
ICMP allow all outside
ASDM image disk0: / asdm - 732.bin
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
NAT (inside, outside) static static source NETWORK_OBJ_192.168.0.0_24 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.0.0_24
NAT (exterior, Interior) static static source NETWORK_OBJ_192.168.1.0_24 destination NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.0.0_24 NETWORK_OBJ_192.168.1.0_24
!
network camera_http object
NAT (all, outside) interface static tcp www www service
network camera_media object
NAT (all, outside) interface static 9000 9000 tcp service
!
NAT source auto after (indoor, outdoor) dynamic one interface
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 71.40.221.137 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
Crypto ipsec ikev2 AES256 ipsec-proposal
Protocol esp encryption aes-256
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES192
Protocol esp encryption aes-192
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES
Esp aes encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 proposal ipsec 3DES
Esp 3des encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal OF
encryption protocol esp
Esp integrity sha - 1, md5 Protocol
Crypto ipsec pmtu aging infinite - the security association
card crypto outside_map 1 match address outside_cryptomap
card crypto outside_map 1 peer set 0.0.0.0
card crypto outside_map 1 set transform-set ESP-3DES-SHA ikev1
outside_map interface card crypto outside
trustpool crypto ca policy
IKEv2 crypto policy 1
aes-256 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 10
aes-192 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 20
aes encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 30
3des encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 40
the Encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
Crypto ikev1 allow outside
IKEv1 crypto policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH stricthostkeycheck
SSH timeout 5
SSH group dh-Group1-sha1 key exchange
Console timeout 0dhcpd address 192.168.1.50 - 192.168.1.150 inside
dhcpd dns 192.168.0.245 209.18.47.61 interface inside
dhcpd SDPHARR field. LOCAL inside interface
dhcpd allow inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
WebVPN
AnyConnect essentials
attributes of Group Policy DfltGrpPolicy
Ikev1 VPN-tunnel-Protocol
internal GroupPolicy_0.0.0.0 group strategy
attributes of Group Policy GroupPolicy_0.0.0.0
VPN-tunnel-Protocol ikev1, ikev2
tunnel-group 0.0.0.0 type ipsec-l2l
tunnel-group 0.0.0.0 ipsec-attributes
IKEv1 pre-shared-key *.
remote control-IKEv2 pre-shared-key authentication *.
pre-shared-key authentication local IKEv2 *.
!
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
!
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:19031ab1e3bae21d7cc8319fb7ecf0eb
: endSorry my mistake.
Delete this if it's still there
card crypto external_map 1 the value reverse-road
Add this to both sides
card crypto outside_map 1 the value reverse-road
Sorry about that.
Mike
-
VPN tunnel stopped sending traffic
Hello
One of our VPN tunnels ceased to send traffic... Is there a way where we can reset the tunnel again because I know that there is no change in config on the tunnel
THX
Shyam
Hi Shyam,
To clear the tunnel, you can make one:
PIX:
clear the isa cry his
delete the ipsec cry his
IOS:
cry clear isa
Claire crying its
HTH,
Rate if this helped!
-Kanishka
-
VPN not iniate on one side.
Hi all
I have a bit of an embarrassing question VPN site-to-site framework. The tunnel comes from the other end, but will not initiate traffic on this end. I have a 7.0 (4) ASA 5510 and the other side is a 12.2 (18) Cisco IOS router on what appears to be a 6509. Both hosts are using public address. If I run a trace of this end he spends just by the ASA and heads to the internet like there is no tunnel at all. If pings aside other tunnel will be fine and then the ASA sends traffic through the tunnel.
Any help would be appreciated.
Scott
Thanks for the update! If it's static static, then tunnel should appear fine when emanating from each side.
Now, you said that when you have removed the restriction of port on the ACL IPSEC everything has worked well. So, the obvious question is, what is configured on the remote site. If it is configured for all Ports or specific ports. If all ports, then you need to configure your side to match the same. If not, I've seen behavior like this, where the IPSEC Security Association is created only if launched from a remote website where you have a 'LICENCE' IP and the side of the answering machine is configured with specific ports.
Can you let us know what is the ACL IPSEC configured on the router.
Kind regards
Arul
* Please Note If this can help *.
-
How to send traffic in the clear?
Hi all
am I right to say that to send traffic in the clear through the VPN, I add a deny statement in the access list that corresponds to the card encryption?
Depends on the ACL.
Usually allow you all VPN traffic and explicit refuse at the end of the ACL takes care of him.
If you want to exclude some of the traffic which is "part" of the statement of the permit, you can use a statement "ban" UNTIL instructed to permit to exclude that traffic.
Concerning
Farrukh
-
Site to another tunnel not succeeded traffic Windows
Have a problem with a static to the dynamic VPN from Site to Site between 2 ASA5505. Tunnel is in place and can test both ways isn't a problem, can also travel and web remote RDP. However, I can't browse the network or obtain any authentication DC pass.
My VPN clients are all no this problem. I post the config of the remote site.
The config may have got a bit messed up in attempts, please let me know if you see something, I'm leaning toward the ACL.
Sho run
: Saved
:
ASA 5,0000 Version 22
!
ASA-2 host name
domain internal.monaco.com
enable the encrypted password xxxxx
encrypted passwd xxxx
names of
!
interface Ethernet0/0
Description external connection
switchport access vlan 2
!
interface Ethernet0/1
Description internal LAN
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 10.16.2.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address dhcp setroute
!
Group object BasicPortsUDP
object-group network
object-network 172.16.0.0 255.255.0.0
object-group, internal network
Local Group object
Inside_in access-list - BEGIN Note: Out bound ACL (update: August 20, 2013).
access-list Inside_in note--> Allow shared Internet use
Inside_in list extended access permit tcp any any OutgoingTCP object-group
Inside_in list of permitted udp access all all OutgoingUDP object-group
Inside_in list extended access permit icmp any one
Note Inside_in access - list--> explicit DENY ALL
Inside_in deny ip extended access list a whole
Inside_in access-list - END - note
Note Inside_in access - list--> allow the VPN to hand traffic
Inside_in list extended access permitted ip object-group main object-group internal
Inside_in list extended access permitted group ip object-group main internal objectmoved here
Outside_in access-list - BEGIN Note: ACL related (update: 15/12/2006).
Outside_in list extended access permitted group ip object-group main internal object
Note Outside_in access - list-> allow ICMP traffic
Outside_in list extended access permit icmp any any echo response
Outside_in list extended access allow all unreachable icmp
Outside_in list extended access permit icmp any any traceroute
Note Outside_in access - list-> explicit DENY ALL
Outside_in deny ip extended access list a whole
Outside_in access-list - END - note
no_nat allowed extended access list main object-group Local ip object-group
VPN_to_Main list extended access allowed object-group object-group main Local ip
NAT allowed ip extended access list a whole
pager lines 24Hi Brad,
Since the issue is considered by speciifc traffic/application, could you please raise the plotter output on the two ASAs package (in the outbound direction) to check if the flow is correct for non-working traffic.
Collect the following:
detailed entry of Packet-trace
Thank you
Shakur
-
Mail application not send messages on MacBook Pro (stuck in the Outbox)
Have a MacBook Pro (late 2011), running Version OS X El Capitan 10.11.6 (but I had this problem for months, maybe further on OS X Yosemite (i.e. I don't remember this problem starting after an update of the OS)
2.4 GHz Intel Core i7, 8 GB of DDR3 1333 MHz memory processor
I have two accounts in Mail Version 9.3 (3124) - my iCloud email and my Yahoo email. 90% of all works, I can receive messages, delete messages, move messages, etc. However sending my Yahoo account does not work to Send Mail app in my iCloud account doesn't work (even if it's not instant - just sent a test and he was sitting in my Outbox for about 6 minutes;) I got my iPhone running stopwatch, but it resets twice as it is wont to do since download iOS 10, but that's a topic for ANOTHER post), however anything sent from my account Yahoo is located in the Outbox for DAYS (usually until I realize that I forgot the problem, silently curse me and copy - paste the message via the site Web of Yahoo in Chrome).
I tried Yahoo to disconnect and reconnect it. I tried to remove the 'sandbox' suggestion of Linc Davis here: Mail is stuck in my Outbox?
I really want to plan a Genius Bar appointment for this but I'm frustrated because I use the Mail App every day and often forget I can not send him, and then e-mails sit for days before I noticed the small Outbox (1) in the sidebar! Please help me Apple community, you're my only hope.
Mail > window > connection doctor
-
Messages are not send to non-Apple users, is no longer syncing with iPhone
I can't use Messages to send messages to non-Apple users ("your message cannot be sent.'), or it syncs with my iPhone. I have all the settings in place, it has just stopped working.
Hey Tux Kapono,
I understand that you have updated to macOS Sierra, and now you can not send SMS messages. I know it's nice to be able to have continuity in your messages on devices, so I'm happy to help you.
There are a few settings that should be checked to make sure that everything is correctly configured for this feature. This article has more information on the subject:
Use continuity to connect to your Mac, iPhone, iPad, iPod touch and Apple Watch - Apple Support
Set up SMS and MMS messaging
Use this feature with any Mac, iPhone, iPad, or iPod touch that satisfies the requirements of continuity system. Make sure that your devices are configured as follows:
- Each device is connected to iCloud with the same Apple ID.
- On iPhone, go to settings > Messages > Send and receive. Make sure the Apple ID at the top of the screen is the same Apple ID you use for iMessage on other devices. Add a check to your address, phone number, so that you can be reached by both iMessage. Do the same on your iPad or iPod touch.
- On iPhone, go to settings > Messages > transfer, text messages, then choose which devices to send and receive text messages from the iPhone. A verification code and then on each device. Enter this code on your iPhone.
- On Mac, open Messages, and then choose message > Preferences. Click accounts, and then select your account from iMessage. Make sure the Apple ID shown here is the same Apple ID you use on other devices. Add a control to your phone number and email address.
Use the SMS and MMS messaging
To use this feature, simply start conversations as usual in the Messages application on any of your devices. Alternatively, you can start a conversation by clicking a phone number in Safari, Contacts, calendar, or other applications detecting phone numbers. All your incoming and outgoing messages on all your devices.
Thank you for using communities Support from Apple. See you soon!
-
Hi, lost all my favorites... won't let me sign in the habit/recognize the password... will not send confirmation e-mail. WTF...
Please help, I just changed to Chrome and it's my first experience...
Do you know why your bookmarks have disappeared?
What the rest of the profile?
Look at your desktop. You see a folder called; Old Firefox?
https://support.Mozilla.org/en-us/KB/recovering-important-data-from-an-old-profile
https://support.Mozilla.org/en-us/KB/back-and-restore-information-Firefox-profiles
Start Firefox in Safe Mode {web link} by holding down the < shift >
(Mac options) key and then from Firefox. Is always the problem? -
Since Thunderbird updated to 38.2.0 it will not send the password. It connects to the e-mail server but does nothing after that. I can not get any message. I am able to send mail without problem. I use as a GMX.FR mail server.
https://support.Mozilla.org/en-us/KB/cannot-receive-messages
-
I have 80 email addresses and when I try to send to all 1 will not send
I have to send to a group of people in an email that I sent a file for each of them to be. Now when I send to this group he will not send one and I have to separately add to include him. I removed his contact and he readded with no luck. Any ideas?
Most email providers impose a limit on the number of recipients when sending a message.
What is the limit imposed by your email provider?
Who do you use?example:
Gmail has a limit of 100
I heard that BT have a limit of 49 for emails grouped, but difficult to extract this information from them.I heard Virgin Media impose a 250 emails per day limit regardless of whether send you 250 as group mails or 250 separate mails.
-
Work around for the Ical does not send do not issue invitations
If I understand the problem, ical will not send an invitation email to someone it detects has an ical account. People don't know they have an invitation or they use Google or Outlook to their calendars. Despite everything, they just don't receive invitations to your meetings. For some reason, Apple does not change the rules.
I was going to start using my Google Calendar and just invite myself, but I used my Gmail account as my ID for Apple. Ah, the tangled web we weave when we try to be cute with Apple products.
In any case, I was wondering if anyone had a work around for this problem "iCal don't send invitations." I want just the people I work with in voluntary organizations to get an email with an invitation attached. Has anyone found a way around this? I'm about to go to Evite!
Thank you
You can invite people to events using their e-mail address or their name. To invite people by name, they must be in your Contacts application with an email address, or they must use the same service calendar CalDAV or Exchange as you (for example, your company's employees).
Invite people using window addresses
- Choose window > presentation.
- Search people, then drag them to the event.
Send an email or a message for guests
- Control-click on the event.
- Choose send all guests or Message all guests.
Add guests to the Contacts
- Force or double-click on a click event.
- Hold the pointer over a guest, and then click the pop-up menu .
- Choose Add to Contacts.If you do not see Add to Contacts, but you do not show Contact card, the guest is already in Contacts.
- An apple article is here: Calendar (El Capitan): invite people to events
-
Why not send emails since update?
I can receive but not send messages. My outgoing server settings are correct. The server (Network Solutions) works very well. I changed the password, no luck. Can I send and receive from a mobile phone. Grateful for the help quickly.
could you post a screenshot of these parameters in the client of the EM.
Seriously, they look like a dogs breakfast. The incoming parameters for 15 or 20 years ago and the outgoing settings one would expect to see currently
jchopkins, com seems to be registered with Network solutions. See http://www.who.is/whois/jchopkins.com
I guess also that accommodation occurs here. Network Solutions recommend settings see http://www.networksolutions.com/support/pop-imap-settings/
Outgoing mail server = smtp.yourdomain.com
The outgoing server requires authentication
Do NOT select "Log on using Secure Password Authentication".
Use the same Username and Password as Incoming "
Port Server outgoing = 2525 or 587
The Port is subject to change according to individual preferences of your ISP if your with comcast use 587.
On this basis, please go to the menu Tools > accounts settings > outgoing (SMTP) server and change connection to zero security. Normal password authentication method and set the port based on your ISP.
-
Thunderbird can answer but not send new messages!
I am experienced thunderbird and computer, confused by the present user.
I created a new account to my website for email host.
It receives very well, he RESPONDS very well, it crashes when sending.
100% reproducible.When sending, it seems to send then to hang on the copy at the stage of the sent folder.
My sent folder is a nested folder box to receive/send, because my host site just think it's the way it should be. I have no reason to think that is related, except its different from my other accounts.
I can manually copy sent the record fine. Changed the setting to save the files to in the narrative, without effect.I have settings leave a message in the same folder on the responses, so suspect, that he can't copy sent,.
even if she has no other similar questions.Once it crashes, the secondary window of mail is dead. It will not send again, close it makes a warning dialog box.
So, I guess, it is a weird to my mail host response, but I have no way to diagnose further.
It baffles me why it would make a difference if it is a response or a new email.Webmail host is inmotionhosting.com
Thanks for the pointers.
just something to try.
Tools > account settings > server settings > advanced and enter the Inbox. (including the.) as the personal namespace and allow the server to ignore it. Restart Thunderbird after the change.
Maybe you are looking for
-
How can I get rid of the ads and pop ups?
I have a lot of intrusive interference of pop ups sites and ads.
-
Flickering screen or pumping on G560 during execution of a stack
Hello I have a G560 with Windows 7 64 bit. When the laptop running on battery power the screen quite often wavers (especially in the half lower) or it looks like a light pumping. The laptop has an Intel HD graph installed. I installed the latest driv
-
error of redeclaration exporting DLL sgtruct
Another day another problem. Fisrtly, I would like to thank to all those who want to help these a quite obvious N00b in the field of the ICB. I am going through a learning curve steep with CVI at the moment... My problem is: I get an error of "Redéc
-
Pavilion Slimline 400: Installation problem
I tried in vain to install my old Bejeweled game on my brand new HP Pavilion Slimline 400 office. No matter how many times I clicked on the Install of the game on my screen button, nothing happened. Oddly, I had no problem installing the same game
-
How to enlarge or reduce a document scanned or copied on my officejet 6700 model h711n product CN583A