VPN - Pix 515e for Cisco router

I have the following Setup and I can't seem to get the next tunnel. My end is a PIX 515e race 7.2 (4). The other end is a Cisco router-not sure of the model or version of the IOS.

PIX:

90 extended access-list allow ip host a.a.a.a host b.b.b.b

NAT (inside) - 0-90 access list

correspondence address card crypto mymap 20 90
card crypto mymap 20 peers set x.x.x.x
map mymap 20 set transformation-strong crypto
mymap outside crypto map interface
ISAKMP crypto identity hostname
crypto ISAKMP allow outside
crypto ISAKMP policy 8
preshared authentication
3des encryption
sha hash
Group 2
life 86400

tunnel-group x.x.x.x type ipsec-l2l
tunnel-group ipsec-attributes x.x.x.x
pre-shared key 12345

Router:

/ * Style definitions * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-margin : 0 ; mso-para-marge-bottom : .0001pt ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;} / * Définitions de style * / table. MsoNormalTable {mso-style-name : « Table Normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-margin : 0 ; mso-para-marge-bottom : .0001pt ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}

SDM_5 extended IP access list

permit ip host b.b.b.b host a.a.a.a

ISAKMP crypto key 12345 address y.y.y.y no.-xauth

map SDM_CMAP_1 5 ipsec-isakmp crypto

Description vpn for laboratory

defined peer y.y.y.y

game of transformation-ESP-3DES-SHA

match address SDM_5

I'm running him debugs following:

Debug crypto ipsec enabled at level 1
ISAKMP crypto debugging enabled at level 1

I get the following debug output:

August 16-04:16:10 [IKEv1]: IP = x.x.x.x, counterpart of drop table counterpart, didn't match!
August 16-04:16:10 [IKEv1]: IP = x.x.x.x, error: cannot delete PeerTblEntry

Isa HS her

IKE Peer: x.x.x.x
Type: user role: initiator
Generate a new key: no State: MM_WAIT_MSG2

Any ideas?

Thank you

Dave

If you see the MM_WAIT_MSG2, which means that her counterpart (the other side) does not answer and this side where you can see the status MM_WAIT_MSG2 sent the first message IKE, however, did not hear of the peer.

You can check if UDP/500 is stuck on the way between the 2 sites.

Try running traffic on the other side and see if you also get the same status of MM_WAIT_MSG2. If you do, that confirms 100% 500/UDP is blocked on the way between the 2 sites.

Tags: Cisco Security

Similar Questions

  • VPN between ASA and cisco router [phase2 question]

    Hi all

    I have a problem with IPSEC VPN between ASA and cisco router

    I think that there is a problem in the phase 2

    Can you please guide me where could be the problem.
    I suspect questions ACL on the router, but I cannot fix. ACL on the router is specified below

    Looking forward for your help

    Phase 1 is like that

    Cisco_router #sh crypto isakmp his

    IPv4 Crypto ISAKMP Security Association
    status of DST CBC State conn-id slot
    78.x.x.41 87.x.x.4 QM_IDLE 2006 0 ACTIVE

    and ASA

    ASA # sh crypto isakmp his

    ITS enabled: 1
    Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
    Total SA IKE: 1

    1 peer IKE: 78.x.x.41
    Type: L2L role: initiator
    Generate a new key: no State: MM_ACTIVE

    Phase 2 on SAA

    ASA # sh crypto ipsec his
    Interface: Outside
    Tag crypto map: Outside_map, seq num: 20, local addr: 87.x.x.4

    Outside_cryptomap_20 ip 172.19.209.0 access list allow 255.255.255.0 172.
    19.194.0 255.255.255.0
    local ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
    Remote ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
    current_peer: 78.x.x.41

    #pkts program: 8813, #pkts encrypt: 8813, #pkts digest: 8813
    #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0

    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 8813, model of #pkts failed: 0, #pkts Dang failed: 0
    #send errors: 0, #recv errors: 0

    local crypto endpt. : 87.x.x.4, remote Start crypto. : 78.x.x.41

    Path mtu 1500, fresh ipsec generals 58, media, mtu 1500
    current outbound SPI: C96393AB

    SAS of the esp on arrival:
    SPI: 0x3E9D820B (1050509835)
    transform: esp-3des esp-md5-hmac no
    running parameters = {L2L, Tunnel}
    slot: 0, id_conn: 7, crypto-card: Outside_map
    calendar of his: service life remaining (KB/s) key: (4275000/3025)
    Size IV: 8 bytes
    support for replay detection: Y
    outgoing esp sas:
    SPI: 0xC96393AB (3378746283)
    transform: esp-3des esp-md5-hmac no
    running parameters = {L2L, Tunnel}
    slot: 0, id_conn: 7, crypto-card: Outside_map
    calendar of his: service life remaining (KB/s) key: (4274994/3023)
    Size IV: 8 bytes
    support for replay detection: Y

    Phase 2 on cisco router

    protégé of the vrf: (none)
    local ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
    Remote ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
    current_peer 87.x.x.4 port 500
    LICENCE, flags is {origin_is_acl},
    #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
    #pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 0, #pkts compr. has failed: 0
    #pkts not unpacked: 0, #pkts decompress failed: 0
    Errors #send 0, #recv 0 errors

    local crypto endpt. : 78.x.x.41, remote Start crypto. : 87.x.x.4
    Path mtu 1452, ip mtu 1452, ip mtu BID Dialer0
    current outbound SPI: 0x0 (0)

    SAS of the esp on arrival:

    the arrival ah sas:

    SAS of the CFP on arrival:

    outgoing esp sas:

    outgoing ah sas:

    outgoing CFP sas:

    protégé of the vrf: (none)
    local ident (addr, mask, prot, port): (172.19.194.0/255.255.255.0/0/0)
    Remote ident (addr, mask, prot, port): (172.19.209.0/255.255.255.0/0/0)
    current_peer 87.x.x.4 port 500
    LICENCE, flags is {origin_is_acl},
    #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
    #pkts decaps: 8947, #pkts decrypt: 8947, #pkts check: 8947

    compressed #pkts: 0, unzipped #pkts: 0
    #pkts uncompressed: 0, #pkts compr. has failed: 0
    #pkts not unpacked: 0, #pkts decompress failed: 0
    Errors #send 0, #recv 0 errors

    local crypto endpt. : 78.x.x.41, remote Start crypto. : 87.x.x.4
    Path mtu 1452, ip mtu 1452, ip mtu BID Dialer0
    current outbound SPI: 0x3E9D820B (1050509835)

    SAS of the esp on arrival:
    SPI: 0xC96393AB (3378746283)
    transform: esp-3des esp-md5-hmac.
    running parameters = {Tunnel}
    Conn ID: 29, flow_id: Motorola SEC 1.0:29, card crypto: mycryptomap
    calendar of his: service life remaining (k/s) key: (4393981/1196)
    Size IV: 8 bytes
    support for replay detection: Y
    Status: ACTIVE

    the arrival ah sas:

    SAS of the CFP on arrival:

    outgoing esp sas:
    SPI: 0x3E9D820B (1050509835)
    transform: esp-3des esp-md5-hmac.
    running parameters = {Tunnel}
    Conn ID: 30, flow_id: Motorola SEC 1.0:30, card crypto: mycryptomap
    calendar of his: service life remaining (k/s) key: (4394007/1196)
    Size IV: 8 bytes
    support for replay detection: Y
    Status: ACTIVE

    outgoing ah sas:

    outgoing CFP sas:

    VPN configuration is less in cisco router

    access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.206.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.203.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect
    access-list 101 permit ip 172.19.209.0 0.0.0.255 172.19.194.0 0.0.0.255 connect

    access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.206.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.203.0 0.0.0.255 172.19.194.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect
    access-list 105 deny ip 172.19.209.0 0.0.0.255 172.19.194.0 0.0.0.255 connect

    sheep allowed 10 route map
    corresponds to the IP 105

    Crypto ipsec transform-set esp-3des esp-md5-hmac mytransformset

    mycryptomap 100 ipsec-isakmp crypto map
    the value of 87.x.x.4 peer
    Set transform-set mytransformset
    match address 101

    crypto ISAKMP policy 100
    BA 3des
    md5 hash
    preshared authentication
    Group 2
    ISAKMP crypto key xxx2011 address 87.x.x.4

    Your permit for 105 ACL statement should be down is changed to match because it is the most general ACL.

    You currently have:

    Extend the 105 IP access list
    5 permit ip 172.19.194.0 0.0.0.255 (18585 matches)
    10 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    30 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    50 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect

    It should be:

    Extend the 105 IP access list
    10 deny ip 172.19.194.0 0.0.0.255 172.19.206.0 0.0.0.255 connect
    30 deny ip 172.19.194.0 0.0.0.255 172.19.203.0 0.0.0.255 connect
    50 deny ip 172.19.194.0 0.0.0.255 172.19.209.0 0.0.0.255 connect

    IP 172.19.194.0 allow 60 0.0.0.255 (18585 matches)

    To remove it and add it to the bottom:

    105 extended IP access list

    not 5

    IP 172.19.194.0 allow 60 0.0.0.255 any

    Then ' delete ip nat trans. "

    and it should work now.

  • PIX 515E for VPN remote site

    Hello

    7.0 (1) version pix

    ASDM version 5.0 (1)

    I have a situation where you go paas-thanks to the VPN feature goes on our PIX 515E. I tried to put this on the pix using a VPN Wizard Site to site

    who is enabled. I was unable to connect to the pix from the remote site. Witch's journal replied negotiate the pix is OK and the success

    The problem is when I try to set up the tunnel to the top of the remote site. I fall without failure.

    where can I see the vpn pix for error log?

    is there a manual for the solution of site to site VPN using the wizard

    Help, please.

    Thanks in advance

    http://www.Cisco.com/en/us/partner/products/HW/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml#ASDM

    the section 'use adsm' (step 14) gives an example on how to set up vpn lan - lan via adsm

    Newspaper to go to the section "check".

  • IPSEC VPN between Pix 515E and 1841 router

    Hi all

    BACKGROUND

    We have implemented a site to site VPN IPSEC between a Pix 515E 8.0 operation (4) and an 1841 using static IP addresses at both ends. We used CCP on the router and the ASDM the pix to build initial tunnels. Now the site with the router is evolving into a dynamic IP address from the ISP so we have implemented dynamic DNS to update dynamic IP address.

    PROBLEM

    The problem is that ASDM will not allow us to set a domain as the address of peers, it will not accept an IP address. We believe that the solution will be to remove the static Crypto map and replace it with a dynamic Crypto map on the side of Pix. Our questions are simply; is this the best solution? can change us the original static list or is it better to delete and make a new dynamic encryption card? Y at - it a shortcut to change the config command-line? This is a real network, so just check it out before make us any changes on the live kit.

    Any help much appreciated.

    You don't have to change anything when the peer-address changes. The dynamic crypto map aims to take dynamic peer connections. The only thing to remember, is that only the dynamic peer can initiate the connection. And you reduce your security if you use Pre-Shared key that now you can use a generic-PSK character.

    As I remember, the PIX / ASA does not support the dynamic use of FQDNs for peer-resolution. This feature is supported in IOS.

    For a feature, it would be preferable to static IP addresses on both sides.

  • NPS Windows Help for authentication of aaa for Cisco router - is it safe?

    I am very confused about how all this works and was hoping someone could help me.

    I followed a bunch of tutorials online for authentication RADIUS of installation on a Cisco router and he did to a NPS Windows Server. Now I can ssh into the router my AD account.

    Now that I got it to work, I go to the settings to make sure everything is secure.

    On my router, the config is pretty simple:

    aaa new-modelaaa group server radius WINDOWS_NPSserver-private 123.123.123.123 auth-port 1812 acct-port 1813 key mykeyaaa authentication login default local group WINDOWS_NPS
    
    ip domain-name MyDomcrypto key generate rsa
    
    (under vty and console)# login authentication default
    On the NPS Windows:
    • I created a new RADIUS client for the router.
    • Created a secret shared and specified Cisco as the name of the seller.
    • Created a new strategy of network with my desired conditions.
    • And now the frame of the configuration of the network policy that worries me:
    
    
    So initially I thought my AD credentials were being sent over the wire in plain text, but I did a capture and saw this:
    
    
    
    How is my password being encrypted and how strong is the encryption?
    
    Another thing is how can I configure aaa authentication with mschapv2? The documentation I saw for mschapv2 uses the "ppp authentication ms-chap-v2" command, but I'm not using ppp I'm using aaa with a radius server.
     
    

    Hello

    RADIUS encrypts the password, but sends the username in clear. GANYMEDE encrypts the user name and password.

    You can find the encryption used by RADIUS in the RFC scheme:

    https://Tools.ietf.org/html/rfc2865#page-27

    MS-Chap-V2 is used for the authentication of users such as the remote access and vpn, not management switch

    Thank you

    John

  • PowerConnect 6248 switch for Cisco router

    Hello

    I'm new to this forum and I have a problem at the moment between a Cisco router and a dell pc6248. The problem is that I lost conectivity in VLAN 1 when I connect the router to a trunk port in the switch, however I conectivity VLAN 2 through this link to trunk. The configuration of the switch:

    interface ethernet 1/g48

    switchport mode trunk

    switchport trunk allowed vlan add 1-2

    output

    interface ethernet 1/g43

    switchport mode access

    switchport access vlan 2

    output

    On router

    fast interface 0/1

    no ip address

    no downtime

    fast interface 0/1.1

    encapsulation dot1q 1 native

    IP 192.200.3.1 255.255.255.0

    fast interface 0/1.2

    encapsulation dot1q 2

    IP 192.168.51.33 255.255.255.248

    output

    With the above configuration, I lost conectivity with the host in the vlan 1 - 192.200.3.x/24, but I win conectivity VLAN 2, when I connect the router to the 48 trunk port in the switch. This means that the trunk link for VLAN 2 work but not for VLAN 1.

    I read on the port of general mode, where I can configure the pvid of the port as 1 (vlan1) and it would be the unttag VLAN (even natively in Cisco), and I can configure the VLAN 2 like the tag, all this in the same port. What do you think about this? Someone have set up something like that?

    Best regards

    Erasmo

    PD: I write from Chile, I apologize for my English.

    I agree with you, I would try the general mode on the PowerConnect switch.

    mode console # switchport general

    Console # switchport General allowed vlan add 2 tag

    Console # switchport pvid General 1

    Keep us updated.

  • PIX 501 for Cisco 3640 VPN router

    -Start ciscomoderator note - the following message has been changed to remove potentially sensitive information. Please refrain from publishing confidential information about the site to reduce the risk to the security of your network. -end of the note ciscomoderator-

    Have a 501 PIX and Cisco 3640 router. The 3640 is configured for dynamic map for VPN. The PIX 501 is set to pointing to the 3640 router static map. I can establish a tunnel linking the PIX to the router and telnet to a machine AIX on the inside network to the router. When I try to print on the network of the PIX 501 inside it fails.

    What Miss me? I added the configuration for the PIX and the router.

    Here are the PIX config:

    PIX Version 6.1 (1)

    ethernet0 nameif outside security0

    nameif ethernet1 inside the security100

    enable encrypted password xxxxxxxxxxxxxxxx

    xxxxxxxxxxxxx encrypted passwd

    pixfirewall hostname

    fixup protocol ftp 21

    fixup protocol http 80

    fixup protocol h323 1720

    fixup protocol rsh 514

    fixup protocol rtsp 554

    fixup protocol smtp 25

    fixup protocol sqlnet 1521

    fixup protocol sip 5060

    fixup protocol 2000 skinny

    names of

    pager lines 24

    interface ethernet0 10baset

    interface ethernet1 10full

    Outside 1500 MTU

    Within 1500 MTU

    IP address outside dhcp setroute

    IP address inside 192.168.1.1 255.255.255.0

    alarm action IP verification of information

    alarm action attack IP audit

    PDM logging 100 information

    history of PDM activate

    ARP timeout 14400

    Global 1 interface (outside)

    NAT (inside) 1 0.0.0.0 0.0.0.0 0 0

    Timeout xlate 0:05:00

    Timeout conn 01:00 half-closed 0: 10:00 udp 0:02:00 CPP 0: h323 from 10:00 0:05:00 sip 0:30:00 sip_media 0:02:00

    Timeout, uauth 0:05:00 absolute

    GANYMEDE + Protocol Ganymede + AAA-server

    RADIUS Protocol RADIUS AAA server

    Enable http server

    http 192.168.1.0 255.255.255.0 inside

    No snmp server location

    No snmp Server contact

    SNMP-Server Community public

    No trap to activate snmp Server

    enable floodguard

    No sysopt route dnat

    Telnet timeout 5

    SSH timeout 5

    dhcpd address 192.168.1.2 - 192.168.1.33 inside

    dhcpd lease 3600

    dhcpd ping_timeout 750

    dhcpd outside auto_config

    dhcpd allow inside

    Terminal width 80

    Cryptochecksum:XXXXXXXXXXXXXXXXXXX

    : end

    Here is the router config

    Router #sh runn

    Building configuration...

    Current configuration: 6500 bytes

    !

    version 12.2

    no service button

    tcp KeepAlive-component snap-in service

    a tcp-KeepAlive-quick service

    horodateurs service debug datetime localtime

    Log service timestamps datetime localtime

    no password encryption service

    !

    router host name

    !

    start the flash slot1:c3640 - ik9o3s - mz.122 - 16.bin system

    queue logging limit 100

    activate the password xxxxxxxxxxxxxxxxx

    !

    clock TimeZone Central - 6

    clock summer-time recurring CENTRAL

    IP subnet zero

    no ip source route

    !

    !

    no ip domain-lookup

    !

    no ip bootp Server

    inspect the name smtp Internet IP

    inspect the name Internet ftp IP

    inspect the name Internet tftp IP

    inspect the IP udp Internet name

    inspect the tcp IP Internet name

    inspect the name DMZ smtp IP

    inspect the name ftp DMZ IP

    inspect the name DMZ tftp IP

    inspect the name DMZ udp IP

    inspect the name DMZ tcp IP

    audit of IP notify Journal

    Max-events of po verification IP 100

    !

    crypto ISAKMP policy 1

    BA 3des

    preshared authentication

    Group 2

    !

    crypto ISAKMP policy 20

    BA 3des

    preshared authentication

    Group 2

    ISAKMP crypto key address x.x.180.133 xxxxxxxxxxx

    ISAKMP crypto keys xxxxxxxxxxx address 0.0.0.0 0.0.0.0

    !

    !

    Crypto ipsec transform-set esp-3des esp-sha-hmac vpn test

    Crypto ipsec transform-set esp-3des esp-sha-hmac PIXRMT

    !

    dynamic-map crypto dny - Sai 25

    game of transformation-PIXRMT

    match static address PIX1

    !

    !

    static-card 10 map ipsec-isakmp crypto

    the value of x.x.180.133 peer

    the transform-set vpn-test value

    match static address of Hunt

    !

    map ISCMAP 15-isakmp ipsec crypto dynamic dny - isc

    !

    call the rsvp-sync

    !

    !

    !

    controller T1 0/0

    framing ESF

    linecode b8zs

    Slots 1-12 channels-group 0 64 speed

    Description controller to the remote frame relay

    !

    controller T1 0/1

    framing ESF

    linecode b8zs

    Timeslots 1-24 of channel-group 0 64 speed

    Description controller for internet link SBIS

    !

    interface Serial0/0:0

    Description CKT ID 14.HXGK.785129 Frame Relay to Remote Sites

    bandwidth 768

    no ip address

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    encapsulation frame-relay

    frame-relay lmi-type ansi

    !

    interface Serial0 / point to point 0:0.17

    Description Frame Relay to xxxxxxxxxxx location

    IP unnumbered Ethernet1/0

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    IP nat inside

    No arp frame relay

    dlci 17 frame relay interface

    !

    interface Serial0 / point to point 0:0.18

    Description Frame Relay to xxxxxxxxxxx location

    IP unnumbered Ethernet1/0

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    IP nat inside

    No arp frame relay

    dlci 18 frame relay interface

    !

    interface Serial0 / point to point 0:0.19

    Description Frame Relay to xxxxxxxxxxx location

    IP unnumbered Ethernet1/0

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    IP nat inside

    No arp frame relay

    dlci 19 frame relay interface

    !

    interface Serial0 / point to point 0:0.20

    Description Frame Relay to xxxxxxxxxxxxx location

    IP unnumbered Ethernet1/0

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    IP nat inside

    No arp frame relay

    dlci 20 frame relay interface

    !

    interface Serial0 / point to point 0:0.21

    Description Frame Relay to xxxxxxxxxxxx

    IP unnumbered Ethernet1/0

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    IP nat inside

    No arp frame relay

    dlci 21 frame relay interface

    !

    interface Serial0 / point to point 0:0.101

    Description Frame Relay to xxxxxxxxxxx

    IP unnumbered Ethernet1/0

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    IP nat inside

    No arp frame relay

    dlci 101 frame relay interface

    !

    interface Serial0/1:0

    CKT ID 14.HCGS.785383 T1 to ITT description

    bandwidth 1536

    IP address x.x.76.14 255.255.255.252

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    NAT outside IP

    inspect the Internet IP on

    no ip route cache

    card crypto ISCMAP

    !

    interface Ethernet1/0

    IP 10.1.1.1 255.255.0.0

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    IP nat inside

    no ip route cache

    no ip mroute-cache

    Half duplex

    !

    interface Ethernet2/0

    IP 10.100.1.1 255.255.0.0

    no ip redirection

    no ip unreachable

    no ip proxy-arp

    IP nat inside

    no ip route cache

    no ip mroute-cache

    Half duplex

    !

    router RIP

    10.0.0.0 network

    network 192.168.1.0

    !

    IP nat inside source list 112 interface Serial0/1: 0 overload

    IP nat inside source static tcp 10.1.3.4 443 209.184.71.138 443 extensible

    IP nat inside source static tcp 10.1.3.4 9869 209.184.71.138 9869 extensible

    IP nat inside source 10.1.3.2 static 209.184.71.140

    IP nat inside source static 10.1.3.6 209.184.71.139

    IP nat inside source static 10.1.3.8 209.184.71.136

    IP nat inside source static tcp 10.1.3.10 80 209.184.71.137 80 extensible

    IP classless

    IP route 0.0.0.0 0.0.0.0 x.x.76.13

    IP route 10.2.0.0 255.255.0.0 Serial0 / 0:0.19

    IP route 10.3.0.0 255.255.0.0 Serial0 / 0:0.18

    IP route 10.4.0.0 255.255.0.0 Serial0 / 0:0.17

    IP route 10.5.0.0 255.255.0.0 Serial0 / 0:0.20

    IP route 10.6.0.0 255.255.0.0 Serial0 / 0:0.21

    IP route 10.7.0.0 255.255.0.0 Serial0 / 0:0.101

    no ip address of the http server

    !

    !

    PIX1 static extended IP access list

    IP 10.1.0.0 allow 0.0.255.255 192.168.1.0 0.0.0.255

    IP access-list extended hunting-static

    IP 10.1.0.0 allow 0.0.255.255 192.168.1.0 0.0.0.255

    extended IP access vpn-static list

    ip permit 192.168.1.0 0.0.0.255 10.1.0.0 0.0.255.255

    IP 192.0.0.0 allow 0.255.255.255 10.1.0.0 0.0.255.255

    access-list 1 refuse 10.0.0.0 0.255.255.255

    access-list 1 permit one

    access-list 12 refuse 10.1.3.2

    access-list 12 allow 10.1.0.0 0.0.255.255

    access-list 12 allow 10.2.0.0 0.0.255.255

    access-list 12 allow 10.3.0.0 0.0.255.255

    access-list 12 allow 10.4.0.0 0.0.255.255

    access-list 12 allow 10.5.0.0 0.0.255.255

    access-list 12 allow 10.6.0.0 0.0.255.255

    access-list 12 allow 10.7.0.0 0.0.255.255

    access-list 112 deny ip host 10.1.3.2 everything

    access-list 112 refuse ip 10.1.0.0 0.0.255.255 192.168.1.0 0.0.0.255

    access-list 112 allow ip 10.1.0.0 0.0.255.255 everything

    access-list 112 allow ip 10.2.0.0 0.0.255.255 everything

    access-list 112 allow ip 10.3.0.0 0.0.255.255 everything

    access-list 112 allow ip 10.4.0.0 0.0.255.255 everything

    access-list 112 allow ip 10.5.0.0 0.0.255.255 everything

    access-list 112 allow ip 10.6.0.0 0.0.255.255 everything

    access-list 112 allow ip 10.7.0.0 0.0.255.255 everything

    access-list 120 allow ip host 10.100.1.10 10.1.3.7

    not run cdp

    !

    Dial-peer cor custom

    !

    !

    !

    !

    connection of the banner ^ CCC

    ******************************************************************

    WARNING - Unauthorized USE strictly PROHIBITED!

    ******************************************************************

    ^ C

    !

    Line con 0

    line to 0

    password xxxxxxxxxxxx

    local connection

    Modem InOut

    StopBits 1

    FlowControl hardware

    line vty 0 4

    exec-timeout 15 0

    password xxxxxxxxxxxxxx

    opening of session

    !

    end

    Router #.

    Add the following to the PIX:

    > permitted connection ipsec sysopt

    This indicates the PIX around all ACLs for IPsec traffic. Now that your IPSec traffic is still subject to the standard rules of PIX, so launched inside the traffic is allowed to go in, but off-initiated traffic is not.

  • VPN with ASA 5500 VPN with PIX 515E vs

    I wonder what are the differences between the use of an exisitng PIX 515E for VPN remote users as appossed to acquire an ASA 5500 VPN remote users? Information or advice are appreciated to help me lean toward one or the other.

    Craig

    According to the version of the code that you run on the PIX on the PIX or ASA VPN features must be the same. So if the choice is not based on differences in features, what else would help guide the choice? You can consider if the existing PIX has sufficient resources to add the extra processing VPN load or if you should put that on another box. You might consider that the PIX is an older product range, and his end is near, while the ASA is the product that is the strategic replacement for the PIX. Given a choice I probably prefer to use a technology newer than the old technology. I also believe that the ASA will give you more choice of technology to go forward (a way of better growth) while the PIX provides current capacity but no path of growth.

    On the other hand, there is the aspect of consider that using the existing PIX does not need not to buy something new and ASA would be an expense you have to cover in the budget. And for some people the budget constraint is an important consideration.

    HTH

    Rick

  • Cisco router check ipsec site to site vpn tunnetl time?

    I have a Cisco router that has a tunnel vpn to another depending on the location. Now, I want to check how long the VPN for up/construction. I know not if on the SAA, he has this 'sh l2l vpn-sessiondb' command that will allow me to view the tunnel for how long time. Don't seem to find the correct command for Cisco router. If you know the order let me know! Thank you.

    Hello

    I suppose there might be some differences between different platforms (except ASA) VPN or at least it seems to me

    You can try the following command

    View details remote crypto session

    Partial output from one of our routers

    Interface: Port-channel20

    Profile:

    Duration: 01:21:02

    The session state: UP-ACTIVE

    Hope this helps

    -Jouni

  • Cisco VPN Client behind PIX 515E,-> VPN concentrator

    I'm trying to configure a client as follows:

    The user is running Cisco VPN Client 4.0. They are behind a 6.1 PIX 515E (4), and I need to connect to a VPN concentrator located outside of our network. We use PAT for address translation. As far as I know, to allow ipsec through Firewall 1 tunnel, I need to upgrade the pix to 6.3 and activate "fixup protocol esp-ike.

    Is there another way to do this? I am also curious to know how much more easy/better this will work if we were dealing with pptp.

    You don't necessarily need to fixup protocol esp-ike active. The remote Hub there encapsulation NAT - T enabled so that clients behind the NAT can run?

  • PIX: Cisco VPN Client connects but no routing

    Hello

    We have a Cisco PIX 515 with software 7.1 (2). He accepts Cisco VPN Client connections with no problems, but no routing does to internal networks directly connected to the PIX. For example, my PC is affected by the IP 172.16.2.57 and then ping does not respond to internal Windows server 172.16.0.12 or trying to RDP. The most irritating thing is that these attempts are recorded in the system log, but always ended with "SYN timeout", as follows:

    2009-01-06 23:23:01 Local4.Info 217.15.42.214% 302013-6-PIX: built 3315917 for incoming TCP connections (172.16.2.57/1283) outside:172.16.2.57/1283 inside: ALAI2 / 3389 (ALAI2/3389)

    2009-01-06 23:23:31 Local4.Info 217.15.42.214% 302014-6-PIX: TCP connection disassembly 3315917 for outside:172.16.2.57/1283 inside: ALAI2 / 3389 duration 0:00:30 bytes 0 SYN Timeout

    2009-01-06 23:23:31 Local4.Debug 217.15.42.214% 7-PIX-609002: duration of disassembly-outside local host: 172.16.2.57 0:00:30

    We tried to activate and deactivate "nat-control", "permit same-security-traffic inter-interface" and "permit same-security-traffic intra-interface", but the results are the same: the VPN connection is successfully established, but remote clients cannot reach the internal servers.

    I enclose the training concerned in order to understand the problem:

    interface Ethernet0

    Speed 100

    full duplex

    nameif outside

    security-level 0

    IP address xx.yy.zz.tt 255.255.255.240

    !

    interface Ethernet1

    nameif inside

    security-level 100

    172.16.0.1 IP address 255.255.255.0

    !

    access extensive list ip 172.16.0.0 inside_nat0_outbound allow 255.255.255.0 172.16.2.56 255.255.255.248

    !

    access extensive list ip 172.16.0.0 outside_cryptomap_dyn_20 allow 255.255.255.0 172.16.2.56 255.255.255.248

    !

    VPN_client_group_splitTunnelAcl list standard access allowed 172.16.0.0 255.255.255.0

    !

    IP local pool pool_vpn_clientes 172.16.2.57 - 172.16.2.62 mask 255.255.255.248

    !

    NAT-control

    Global xx.yy.zz.tt 12 (outside)

    NAT (inside) 0-list of access inside_nat0_outbound

    NAT (inside) 12 172.16.0.12 255.255.255.255

    !

    internal VPN_clientes group strategy

    attributes of Group Policy VPN_clientes

    xxyyzz.NET value by default-field

    internal VPN_client_group group strategy

    attributes of Group Policy VPN_client_group

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list VPN_client_group_splitTunnelAcl

    xxyyzz.local value by default-field

    !

    I join all the details of the cryptographic algorithms because the VPN is successfully completed, as I said at the beginning. In addition, routing tables are irrelevant in my opinion, because the inaccessible hosts are directly connected to the internal LAN of the PIX 515.

    Thank you very much.

    can you confirm asa have NAT traversal allow otherwise, activate it in asa and vpn clients try again.

    PIX / ASA 7.1 and earlier versions

    PIX (config) #isakmp nat-traversal 20

    PIX / ASA 7.2 (1) and later versions

    PIX (config) #crypto isakmp nat-traversal 20

  • Cisco VPN Client Authentication - PIX 515E-UR

    Hi all

    I need your expert help on the following issues I have:

    1. I would like to create more than 1 client VPN on my PIX-515E groups. This is so that I can give a different part of the internal network access to different type of VPN connection. For example, I want a group to have no XAUTH, while the other group must use RADIUS XAUTH. Is it possible for me to do this? I see the PIX automatically enable RADIUS on both groups of VPN clients.

    2. the RADIUS server is a Microsoft ISA with IAS server and it is located on the PIX inside interface. The VPN endpoint is external interface of the PIX. Is there a problem with this Setup? Do I need to have the RADIUS server that is located on the external interface?

    3 can. what command I use to debug RADIUS authentication?

    Thanks in advance for your help.

    Hi vincent,.

    (1) you can use the vpngroup *-authentication server ipaddress to specify the IP address of the Radius Server on a particular group... If you do not specify this, the authentication of the user is made locally... also check for vpngroup * order of user authentication

    (2) there should be no problem with the installation of your... should work fine... If the RADIUS is outdoors, it is subject to many attacks... so have it inside...

    (3) use the "RADIUS session debug" or "debug aaa authentication..."

    I hope this helps... all the best... the rate of responses if found useful

    REDA

  • PIX 515E and remote access VPN

    I use a PIX 515E with: ASDM Version: 5,0000 51 PIX Version: 8.0 (4) and configure it with remote access VPN.

    I would like to get an email every time that a user login (and or disconnection) to the VPN. Remote clients use the Cisco VPN Client.

    Any help is appreciated,

    Hello

    Here is a link to the email configuration when you log in to the ASA/PIX: http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc7

    Then you can create a list of message to send the logs only for the connection/disconnection of the VPN user: http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc18

    There is a wire that is linked here: https://supportforums.cisco.com/discussion/10798976/asa-email-logging-issue

  • PIX 515E - VPN connections

    Hello

    I have pix 515E and I configured a VPN on it. My users connect to my network from the internet via the Cisco VPN client.

    I have problem, only their LAN machine can do VPN from Cisco VPN client to my network at once.

    Users are connected to the internet via an ADSL router and the LAN switch.

    --------------------------------------------------

    PIX Config:

    6.3 (4) version PIX

    interface ethernet0 car

    Auto interface ethernet1

    ethernet0 nameif outside security0

    nameif ethernet1 inside the security100

    enable encrypted password xxxxxxxxxxxxxxx

    xxxxxxxxxxxxxxxx encrypted passwd

    hostname ABCDEFGH

    ABCD.com domain name

    clock timezone IS - 5

    clock to summer time EDT recurring

    fixup protocol dns-length maximum 512

    fixup protocol ftp 21

    fixup protocol h323 h225 1720

    fixup protocol h323 ras 1718-1719

    fixup protocol http 80

    fixup protocol rsh 514

    fixup protocol rtsp 554

    fixup protocol sip 5060

    fixup protocol sip udp 5060

    fixup protocol 2000 skinny

    fixup protocol smtp 25

    fixup protocol sqlnet 1521

    fixup protocol tftp 69

    inside_out to the list of allowed access nat0_acl ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0

    list of allowed shared access ip 192.168.1.0 255.255.255.0 192.168.1.0 255.255.255.0

    pager lines 24

    Outside 1500 MTU

    Within 1500 MTU

    IP address outside xxx.xxx.xxx.xxx 255.255.255.0

    IP address inside 192.168.1.1 255.255.255.0

    alarm action IP verification of information

    alarm action attack IP audit

    IP local pool vpnpool 192.168.2.1 - 192.168.2.254

    PDM logging 100 information

    history of PDM activate

    ARP timeout 14400

    Global interface 10 (external)

    NAT (inside) 0-list of access inside_out-nat0_acl

    NAT (inside) 10 0.0.0.0 0.0.0.0 0 0

    Route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1

    Timeout xlate 03:00

    Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225

    H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00

    Timeout, uauth 0:05:00 absolute

    GANYMEDE + Protocol Ganymede + AAA-server

    AAA-server GANYMEDE + 3 max-failed-attempts

    AAA-server GANYMEDE + deadtime 10

    RADIUS Protocol RADIUS AAA server

    AAA-server RADIUS 3 max-failed-attempts

    AAA-RADIUS deadtime 10 Server

    AAA-server RADIUS (inside) host ABCDE timeout 10

    AAA-server local LOCAL Protocol

    RADIUS protocol radius AAA-server

    Radius max-failed-attempts 3 AAA-server

    AAA-radius deadtime 10 Server

    RADIUS protocol AAA-server partnerauth

    AAA-server partnerauth max-failed-attempts 3

    AAA-server deadtime 10 partnerauth

    partnerauth AAA-server (host ABCDEFG myvpn1 timeout 10 Interior)

    Enable http server

    http 192.168.1.0 255.255.255.0 inside

    No snmp server location

    No snmp Server contact

    SNMP-Server Community public

    No trap to activate snmp Server

    enable floodguard

    Permitted connection ipsec sysopt

    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

    Crypto-map dynamic outside_dyn_map 20 the transform-set ESP-3DES-MD5 value

    map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map

    card crypto client outside_map of authentication partnerauth

    outside_map interface card crypto outside

    ISAKMP allows outside

    ISAKMP key * address 0.0.0.0 netmask 0.0.0.0

    ISAKMP identity address

    part of pre authentication ISAKMP policy 8

    ISAKMP strategy 8 3des encryption

    ISAKMP strategy 8 md5 hash

    8 2 ISAKMP policy group

    ISAKMP life duration strategy 8 the 86400

    part of pre authentication ISAKMP policy 10

    ISAKMP policy 10 3des encryption

    ISAKMP policy 10 sha hash

    10 2 ISAKMP policy group

    ISAKMP life duration strategy 10 86400

    vpngroup myvpn address vpnpool pool

    vpngroup myvpn ABCDE dns server

    vpngroup myvpn by default-field ABCD.com

    splitting myvpn vpngroup split tunnel

    vpngroup idle 1800 myvpn-time

    vpngroup myvpn password *.

    Telnet 192.168.1.0 255.255.255.0 inside

    Telnet timeout 5

    SSH timeout 5

    Console timeout 0

    dhcpd address 192.168.1.200 - 192.168.1.254 inside

    dhcpd dns ABCDE

    dhcpd lease 3600

    dhcpd ping_timeout 750

    field of dhcpd ABCD.com

    dhcpd outside auto_config

    dhcpd allow inside

    Terminal width 80

    --------------------------------------------------

    Thanks in advance.

    -Amit

    Try to add the "isakmp nat-traversal" command to your PIX. I suspect what happens is that Remote LAN users is translated to a single IP address as they pass through the DSL connection. I also assume that the machine doing the translation has a capacity of IPSec passthrough. Linksys routers would be a good example of this type of NAT device that allows IPSec pull-out.

    If that's the case, that a single VPN connection will be able to operate both. The above command will turn PIX detect clients that are located behind a NAT device, and then try to configure the VPN sessions in UDP packets and so to work around the limitation of NAT and IPSec passthrough device.

  • Controller of domain and DNS behind RRAS without VPN connected directly to the internet with a Cisco router

    I hava a ME Cisco 3400 with physical single port available for a cable connection.

    The ISP give me an IP address interface = 89.120.29.89 to act as a gateway to the IP Address of the host, which is provided for in the order 89.120.29.90.

    The host computer is a dual Xeon computer with two NICs for LAN and WAN.

    Fields of application: to install a windows 2008 R2 between public and private network server.

    Even though I know it's not recomanded, I put the DNS role and directories Active Directory roles installed on the same computer, the computer above, (I do not have enough computer for roles different place on different computers)

    The desired configuration:

    To have installed with his roles behind a WS2008R2 has RRAS. without a VPN.

    b with VPN

    and for WAN access for the client computers of the private LAN Windows 7 OS. (The basin of LAN address 192.168.0.1 - 255).

    First step : to have internet access in the browser (I use Google chrome) (without taking into account the DNS and AD)

    Network configuration:

    Map NETWORK WAN, at the top of the stack of liaison in the Control Panel/network connections and sharing:

    Host IP: 89.120.29.90

    Mask: 255.255.255.252

    Gateway: 89.120.29.89

    DNS: 193.231.100.130 my ISP name server address.

    OK, I can browse the internet.

    Second stage. (Consider DNS and Active Directories)

    DNS instaled role for this computer.

    AD installed as a global catalog.

    NETWORK WAN server that is directly connected to the Cisco router:

    Conection area 3

    Properties:

    Client for Microsoft Netwaork: not verified

    Network Load Balancing: not verified

    File and shared printer: not verified

    QoSPacketScheduler: not verified;

    Microsoft Network Monitor 3 pilot: not verified

    IPv4                                                     ;  checked

    Pilot a Link Layer Topology Mapper i/o: checked

    Link layer Discover responder: checked

    IPv4 tab

    Host IP: 89.120.29.90

    Mask: 255.255.255.252

    Gateway: 89.120.29.89

    DNS: 193.231.100.130 my ISP name server address.

    under the tab advanced

    IP settings : even that, tab IPV4 with automatic metric check;

    DNS tab :

    Add primary and connection suffixes DNS specific: not verified

    Add suffixes primary DNS suffixes parents: not verified

    Add this DNS suffixes: no

    Registry deals with this connection in DNS: not verified;

    Use this connection DNS suffix in DNS registration: not verified;

    WINS tab : enable search LMHOST: not verified

    Enable NetBios over TCP IP: don't check;

    Disable NetBios on TCP IP: checked;

    Connection to the local network 2

    Properties :

    Client for Microsoft Netwaork: checked

    Network Load Balancing: no

    File and shared printer: checked

    QoS Packet Scheduler: not verified;

    Microsoft Network Monitor 3 pilot: not verified

    IPv4 checked

    Pilot a Link Layer Topology Mapper i/o: checked

    Link layer Discover responder: checked

    IPv4 tab

    NETWORK LAN CARD: 192.168.0.101

    Mask: 255.255.255.0

    Gateway: 192.168.0.1

    under Advanced tab:

    IP settings : even that, tab IPV4 with automatic metric check;

    DNS tab :

    Add primary and connection suffixes DNS specific: checked

    Add suffixes primary DNS suffixes parents: not verified

    Add this DNS suffixes: no

    Registry deals with this connection in DNS: checked;

    Use this connection DNS suffix in DNS registration: checked;

    WINS tab : enable search LMHOST: not verified

    Enable NetBios over TCP IP: check;

    Disable NetBios on TCP IP: not verified;

    Install RRAS as NAT (NAT) under any condition imposed by DHCP(not installed) in ideea that RRAS will generate the private IP address of the DHCP allocator.

    In any case, for the beginning, I have a fix IP, do not get IP automatically.

    At this point, it gets the configuration simple posible for RRAS follows:

    3, LAN connection that corespond to the WAN interface IP:

    "NAT configured for the following Internet interface: Local Area Connection 3.
    The clients on the local network will assign the IP addresses of the following range:

    network address: 192.168.0.0. netmask 255.255.0.0.

    After Windows RRAS are open:

    The Network Interfaces tab:

    NICs are enabled and connected;

    UAL remotely & policies:

    Launch NPS,

    on the NPS server tab:

    Allow access to successful Active Directory directories:

    Properties: authentication: port 1812,1645

    kept port 1813,1646;

    on the accounting tab: nothing;

    under NPS policies:

    Grant permission for the RRAS server under builin\Administrator of the accounts;

    On strategy and the type of server unspecified (NAT do not exist as an entry in the drop-down list server dwn)

    under the static road: nothing;

    under the IPv4 tab or both are there(there IP) and are up

    under NAT

    Connection to the local network 3: public interface connected to the internet

    enable NAT on this interface:

    under the address pool: ISP addresses public;(two addresses)

    under the terms of service and the ports: Web server: http 80.

    (I have I have a static IP address for the client computer in mind, I set up a single customer).

    At the client computer :

    configured as domain customer and added to the users AD and computer AD

    logon to the domain:

    Local Area Connection

    Properties:

    Client for Microsoft Netwaork: checked

    Network Load Balancing: not verified

    File sharing and printer: checked

    QoS Packet Scheduler: checked;

    Microsoft Network Monitor 3 pilot: not verified

    IPv4                                                     ;  checked

    Pilot a Link Layer Topology Mapper i/o: checked

    Link layer Discover responder: checked

    IPv4 tab

    Host IP: 192.168.0.101

    Mask: 255.255.0.0

    Gateway: 192.168.0.1

    DNS: (auto-add the same to the local machine).

    under the tab advanced

    IP settings : even that, tab IPV4 with automatic metric check;

    DNS tab :

    Add primary and connection suffixes DNS specific: checked

    Add suffixes primary DNS suffixes parents: not verified

    Add this DNS suffixes: no

    Registry deals with this connection in DNS: checked;

    Use this connection DNS suffix in DNS registration: checked;

    WINS tab : enable search LMHOST: not verified

    Enable NetBios over TCP IP: checked;

    Disable NetBios on TCP IP: not verified;

    right now the 192.168.0.101 client cannot connect to internet through RRAS.

    ;

    This issue is beyond the scope of this site and must be placed on Technet or MSDN

    http://social.technet.Microsoft.com/forums/en-us/home

    http://social.msdn.Microsoft.com/forums/en-us/home

Maybe you are looking for

  • multiple instances of vi

    Hello I have the same VI being called a few times, I work. But each instance must have different parameters that is passed. I've set up along the lines of: http://digital.ni.com/public.nsf/allkb/9CE784F50F816EA18625751900775EBB Is it possible to have

  • I have an error code of 646, while trying to do an update.

    code 646 error why I got it and how to fix it? Try to do a windows update. have windows vista. 'HELP '.

  • Problems installing Windows Vista Edition Family Service Pack 1

    Windows Update was performed several times, each time trying to install Service Pack 1. Supposedly, it was 6 times with success but never appears in the control panel / system.

  • F2480 An error occurred during communication with the HP imaging device

    I've been troubleshooting for hours, the solutions provided by HP do not fix the issue. I get the following scanner twain, preview is loaded and crashes for no apparent reason, then after a few minutes, the error is displayed. I have Windows 8.1 Pro

  • Error with installing windows 7 32 bit.

    Hello, I was using 8.1 64-bit windows on my Dell Studio 1555 laptop. for using windows 10 64 bit, I installed with 7 home premium but I have the product key for windows 7 Home premium, but now, while installing windows 7 64 bit home edition premium,