WinXP L2TP, Linksys in Pix 6.2 - FIXED
PIX 515e 6.2 at the central office, VPN Linksys at the remote office L2L, trying to install WinXP SP3 & Vista VPN remote clients using L2TP. First question: is it even possible, without using the Cisco VPN client or the upgrade of the Pix OS? Second question: if it's possible, what's wrong with my current config? The L2L VPN works fine, but when the Windows XP client attempts to connect, that's what I get:
ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= (PIX outside address), src= (WinXP outside address),
dest_proxy= (PIX outside address)/255.255.255.255/17/1701 (type=1),
src_proxy= (WinXP internal address)/255.255.255.255/17/1701 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
IPSEC(validate_transform_proposal): proxy identities not supported
IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= (PIX outside address), src= (WinXP outside address),
dest_proxy= (PIX outside address)/255.255.255.255/17/1701 (type=1),
src_proxy= (WinXP internal address)/255.255.255.255/17/1701 (type=1),
protocol= ESP, transform= esp-3des esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
IPSEC(validate_transform_proposal): proxy identities not supportedISAKMP: IPSec policy invalidated proposal
ISAKMP : Checking IPSec proposal 2
6.2 (2) version PIX
Permitted connection ipsec sysopt
Sysopt connection permit-pptp
Sysopt connection permit-l2tp
Sysopt pl compatible ipsec
No sysopt route dnat
IP CO_WAN 255.255.224.0 allow Access-list sheep Remote_LAN 255.255.255.0
IP DMZ_LAN 255.255.255.0 allow Access-list sheep Remote_LAN 255.255.255.0
IP CO_LAN 255.255.255.0 allow Access-list sheep 10.100.100.0 255.255.255.0
IP pool local VPNPool 10.100.100.100 - 10.100.100.110
NAT (inside) 0 access-list sheep
Permitted connection ipsec sysopt
Sysopt connection permit-pptp
Sysopt connection permit-l2tp
Sysopt pl compatible ipsec
No sysopt route dnat
Crypto ipsec transform-set esp-3des esp-sha-hmac LINKSYS_TS
Crypto ipsec transform-set esp-3des esp-sha-hmac WINCLIENT_TS
Crypto ipsec transform-set transit mode WINCLIENT_TS
Dynamic crypto map L2TP 30 game of transformation-WINCLIENT_TS
ONLYMAP 10 ipsec-isakmp crypto map
card crypto ONLYMAP 10 correspondence address sheep
card crypto ONLYMAP 10 set pfs group2
card crypto ONLYMAP 10 set peer LINKSYS_IP
crypto ONLYMAP 10 the transform-set LINKSYS_TS value card
map ONLYMAP 600-isakmp dynamic L2TP ipsec crypto
ONLYMAP interface card crypto outside
ISAKMP allows outside
ISAKMP key * address LINKSYS_IP netmask 255.255.255.255
ISAKMP key * address 0.0.0.0 netmask 0.0.0.0
ISAKMP identity address
part of pre authentication ISAKMP policy 10
ISAKMP policy 10 3des encryption
ISAKMP policy 10 sha hash
10 2 ISAKMP policy group
ISAKMP life duration strategy 10 86400
part of pre authentication ISAKMP policy 20
ISAKMP policy 20 3des encryption
ISAKMP policy 20 chopping sha
20 2 ISAKMP policy group
ISAKMP duration strategy of life 20 28800
VPDN group WINCLIENTS accept l2tp call
VPDN group ppp authentication pap WINCLIENTS
VPDN group WINCLIENTS client configuration address local VPNPool
VPDN group WINCLIENTS customer DNS_IP dns configuration
VPDN group customer WINCLIENTS of local authentication
VPDN Hello 60 of the l2tp tunnel of the WINCLIENTS group
VPDN username username password *.
VPDN allow outside
Furthermore, I don't play with this old code of 6.2. If it does not support NAT - T and the customer is behind the NAT device, it could cause the problem. Some NAT device has the VPN-passthrough feature, you can turn it on and try.
Tags: Cisco Security
Similar Questions
-
PIX 501 and VPN Linksys router (WRV200)
I inherited a work where we have a Cisco PIX 501 firewall to a single site and Linksys WRV200 Router VPN on two other
sites. Asked me to connect these routers Linksys firewall PIX via the VPN.
According to me, the Linksys vpn routers can only connect via IPSec VPN, I'm looking for help on the configuration of the PIX 501 for the linksys to connect with the following, if possible.
Key exchange method: Auto (IKE)
Encryption: Auto, 3DES, AES128, AES192, AES256
Authentication: MD5
Pre Shared Key: xxx
PFS: Enabled
Life ISAKMP key: 28800
Life of key IPSec: 3600
The pix, I installed MDP and I tried to use the VPN wizard without result.
I chose the following settings when you make the VPN Wizard:
Type of VPN: remote VPN access
Interface: outside
Type of Client VPN device used: Cisco VPN Client
(can choose customer of Cisco VPN 3000, MS Windows Client by using the client MS Windows using L2TP, PPTP)
VPN clients group
Name of Group: RabyEstates
Pre Shared Key: rabytest
Scope of the Client authentication: disabled
Address pool
Name of the cluster: VPN - LAN
Starter course: 192.168.2.200
End of row: 192.168.2.250
Domain DNS/WINS/by default: no
IKE policy
Encryption: 3DES
Authentication: MD5
Diffie-Hellman group: Group 2 (1024 bits)
Transform set
Encryption: 3DES
Authentication: MD5
I have attached the log of the VPN Linksys router VPN.
This is the first time that I have ever worked with PIX so I'm still trying to figure the thing to, but I'm confident with the CCNA level network.
Thanks for your help!
Hello
Everything looks fine for me, try to have a computer in every network and ping between them. Check the newspapers/debug and fix them.
Let me know.
See you soon,.
Daniel
-
Problem with linksys e2500 (l2tp)
Router: linksys e2500
WIndows: XP
Country: Russia
Supplier: Flex
Hello!
I have a problem with the l2tp connection. My provider only supports l2tp (with encryption - interference). Where can I find option to turn off encryption - scrambling for l2tp? Or how I can fix (solve) the problem.
THX, best regards!
thx for the answer! I have a tplink, and it solve my problem with the internet. But I need of DDNS that work only with linksys (TZO.NET). I bought the account for 1 year. My tplink does not support DDNS (TZO.NET).
I'll try "you can try third tomato and DD - WRT firmware and see if it works" thx.
-
Allowing L2TP to pass through PIX Firewall
Hi all
Can someone help me on how to allow inbound l2tp connection on a pix? Behind the pix firewall, there is an ISA server as a vpn l2tp server. I can't allow l2tp on the pix.
Thank you very much!
Please use this doc as a guide-
Jon
-
Hello
I'm trying to set up a VPN L2TP on my PIX server to replace a PPTP server on a router.
I followed a few guides (though most seem to be for 6.3.x) and used what I have on a PIX VPN config knowledge, but I'm still to come against some issues.
I have debugging details that I hope someone can use to point me in the right direction.
Jun 30 11:38:54 [IKEv1]: IP = 84.93.217.110, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + KE (4) + NONCE (10) + NONE (0) total length : 180
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, processing ke payload
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, processing ISA_KE payload
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, processing nonce payload
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, constructing ke payload
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, constructing nonce payload
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, constructing Cisco Unity VID payload
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, constructing xauth V6 VID payload
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, Send IOS VID
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, Constructing ASA spoofing IOS Vendor ID payload (version: 1.0.0, capabilities: 20000001)
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, constructing VID payload
Jun 30 11:38:54 [IKEv1 DEBUG]: IP = 84.93.217.110, Send Altiga/Cisco VPN3000/Cisco ASA GW VID
Jun 30 11:38:54 [IKEv1]: Group = 84.93.217.110, IP = 84.93.217.110, Can't find a valid tunnel group, aborting...!
Jun 30 11:38:54 [IKEv1 DEBUG]: Group = 84.93.217.110, IP = 84.93.217.110, IKE MM Responder FSM error history (struct &0x42ed788)
, : MM_DONE, EV_ERROR-->MM_BLD_MSG4, EV_GROUP_LOOKUP-->MM_BLD_MSG4, EV_TEST_CERT-->MM_BLD_MSG4, EV_BLD_MSG4-->MM_BLD_MSG4, EV_TEST_CRACK-->MM_BLD_MSG4, EV_SECRET_KEY_OK-->MM_BLD_MSG4, NullEvent-->MM_BLD_MSG4, EV_GEN_SECRET_KEY Jun 30 11:38:54 [IKEv1 DEBUG]: Group = 84.93.217.110, IP = 84.93.217.110, IKE SA MM:87377a60 terminating: flags 0x01000002, refcnt 0, tuncnt 0
Jun 30 11:38:54 [IKEv1 DEBUG]: Group = 84.93.217.110, IP = 84.93.217.110, sending delete/delete with reason message
Jun 30 11:38:54 [IKEv1]: Group = 84.93.217.110, IP = 84.93.217.110, Removing peer from peer table failed, no match!
Jun 30 11:38:54 [IKEv1]: Group = 84.93.217.110, IP = 84.93.217.110, Error: Unable to remove PeerTblEntry
Here is my config:
crypto ipsec transform-set TRANS_ESP_3DES_MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set TRANS_ESP_3DES_MD5 mode transport
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set TUN_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside-dyn-map 20 set transform-set TRANS_ESP_3DES_MD5
crypto dynamic-map outside-dyn-map 30 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map outside-dyn-map 40 set transform-set TUN_ESP_3DES_SHA
crypto map outside-map 20 ipsec-isakmp dynamic outside-dyn-map
crypto map outside-map interface Outside
crypto isakmp enable Outside
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
...
group-policy VPN-Policy internal
group-policy VPN-Policy attributes
wins-server value 10.0.1.250
dns-server value 10.0.1.250
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value xxxx.co.uk
username xxxxxx password xxx nt-encrypted privilege 3
tunnel-group L2TP-VPN type ipsec-ra
tunnel-group L2TP-VPN general-attributes
address-pool (Inside) L2TP-Pool
authentication-server-group (Inside) LOCAL
default-group-policy VPN-Policy
tunnel-group L2TP-VPN ipsec-attributes
pre-shared-key *
tunnel-group L2TP-VPN ppp-attributes
authentication ms-chap-v2
Thanks in advance
Paul
Hi Paul
I do not recommend to use the dynamic cards the way which I suggesting that it is the right way to configure on the SAA.
By default, Microsoft Windows does not support L2TP connections to servers behind a NAT, it is a
Limitation of Microsoft, not a limitation of the ASA or any Cisco device. On the links below you can find more information about how to edit the Windows registry so that it connects to a server behind a NAT, because editing the registry is dangerous to the computer, this must be done at your own risk:http://support.Microsoft.com/kb/926179
http://support.Microsoft.com/kb/818043/ -
No Audio, video or ringtone - Sprint Palm Pixi
We had our Pixi since June with no problems. Suddenly this morning ringtone no longer works and the ringer switch is turned on. When you examine the ringing options, previews play with no sound. Stored .mp3 files don't produce audio. When you go to YouTube there is no audio or video, but the marker of time ahead by showing that the video plays. Preloaded videos won't play at all, giving back an error message.
I tried a soft reset without effect. Nothing has changed between last night and today that should affect the phone and the phone never had a wired headset.
What else can we try? Thank you!
Mark V.
Mark,
I recently had the same problem with audio and video, as well as my camera wouldn't take photos. It all started after downloading the new version 1.4.5. I had to download WebOs Doctor on the computer and follow the instructions to reload the update on my Pixi. It fixed all the problems and is now at 100 percent operation. Let me know if it solves your problem.
also, make sure that you run the backup feature before you run webos doctor.
Sincerely,
Carl
-
I can connect to the router via a cable. but for the last 2 weeks cannot connect to my wireless. I can connect to my nieghboro router / wireless.
Linksys called said they could fix my laptop for 120.00. Thought that first of all try my friends online. This is the page they were on and the message about the value undefined... Any help out there?
I would like to be able to put this info myself with your help
in the registry HKEY_LOCAL_MACHINE, SOFTWARE, MICROSOFT Editor, ROUTER, ROUTER MANAGER, NAME / by DEFAULT, TYPE/REG_SZ, DATA / (value not set)
Hi Chris,
Welcome to the Microsoft community where you can find all the answers related to Windows.
According to the description, you are having problems with the wireless connection with.
Do you have an error message when you try to connect wirelessly?
Perform the steps from the link below and see if it helps.
Windows wireless and wired network connection problems
Meet us if you experience problems with the wireless connection or any other problem of Windows, and we would be happy to help you.
Good day!
Hope this information helps.
-
My wireless HP 3150 printer is inaccessible with my wireless network. My router is a Linksys E3000.
Here's what I did:
* install the program HP and did all the steps
* Use the USB cable to configure my network SSID & password
* When I remove the USB cable and try to connect to wireless network:
* my printer has an IP address given by the router (via DHCP): 192.168.1.115
* I see this IP on the DHCP of the router table* I can ping the IP address of the router, but not from any other machine on the network
Any ideas?
Let's set a static IP address on the printer. Set it to 192.168.1.10 which is outside the range of the DHCP by default for Linksys routers. Use a fixed channel as the 1, 6 or 11, never 'auto '. Try to reinstall the software and try again.
-
Stop the alt to move the focus in the menu?
Hello
Whenever I press Alt the focus is placed on the menu bar, as it does with other windows programs.
This means that I must escape the menu whenever I have the zoom, which is long and extremely irritating.
Anyone know how to stop this behavior for indesign and photoshop remain centered on the home page rather than go to the menu bar?
Vista Windows indesign running it through the cloud creative and Photoshop elements 9 installed on disk.
In addition, this problem will persist when I switch to a new machine of windows 7 in a few weeks?
Many thanks in advance,
Ally@Tartan Pixie
I fixed it using this script in Autohotkey:
~ Alt UP::send!
This means that when you release Alt, Alt is practically pressed again.
This tweak does not remove the focus on the menu bar, but it removes the effect of rocking Alt in the menu bar.
Thus, the focus is on as long as you keep Alt pressed. The menu bar lose his accent when you relase ALT.
-
PIX 515 to Linksys BEFSX41 VPN
Hello.
I searched the forums and the best info I could come up with on this topic, this was one person saying "Eureka, I did it!" and then several hundred "Please send me your config" responses.
I managed to establish a tunnel between the pix and the Linksys router, and I can ping through the tunnel.
But nothing else ping seems to go through the tunnel. The access-lists on the pix are not limited on the port, and (for testing), I have the great open linksys firewall. So I don't know where I went wrong.
I was hoping that this could be a common situation and someone could point me in the right direction to find the solution.
Thank you!
In addition,
Check the order of your ACL. A firewall and a router do not ACL in the same order. Should not discourage you, but I have yet to see a router Linksys do very well a PIX. For some reason the Linksys routers seem to drop packets for unexplained reasons...
-
PIX from Linksys LAN 2 problems of virtual PRIVATE networks
I have a client that replaces a router Linksys with a PIX. The Linksys is configured today with a LAN 2 LAN VPN connection to another Linksys. I enclose the Linksys configuration, but I can't get the PIX to encrypt packets to send to the Linksys site successfully, or against vice. I know that this subject has been beaten to death, but I still need help. Can someone look at the Linksys config and tell me what this requires side PIX? Thanks for any help!
The isakmp key command you entered does two things:
1. It identifies what pre-shared key for use with the remote peer (as both ends must use the same value) and the No.-xauth and non-config-mode say the pix as the vpn ipsec is a lan-to-lan (aka site-to-site) config and do not expect to do the authentication of the vpn RAS users. This is because the code pix can put an end to these two types of vpn on the same interface connections, so it must be able to determine when and when not to authentic additional user for ras vpn users.
Glad that your problem has been resolved.
-
VPN PIX 506e to Linksys RV042?
I'm kind of a rookie of Cisco and need help to set up a virtual private network:
I replaced a Netopia R910 with a Linksys RV042. I have set the parameters of the best that I could. I am trying to reconnect the VPN site to site of our network (192.168.0.x private, public xxx.xxx.109.202) to the remote network (xxx.xxx.131.50 192.168.38.x and private, public).
In the Linksys VPN shows connected but no traffic coming. I can't ping anything on the remote subnet.
It worked fine with the R910 and no settings have changed on the PIX, other new pre-shared keys that match.
Here are the PIX config and the RV042 config is attached as an image.
Thank you very much for your help!
Building configuration...
: Saved
:
PIX Version 6.3(3)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ************ encrypted
passwd *************** encrypted
hostname pixfirewall
domain-name ciscopix.com
clock timezone PST -8
clock summer-time PDT recurring
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
name 192.168.1.0 FirstStreet
name 192.168.38.2 Sco
name xxx.xxx.130.94 FirstWan
name 192.168.4.0 Oakurst
name 192.168.7.0 Clovis
name 192.168.3.0 Madera
name 192.168.0.0 TomJ
name xxx.xxx.131.58 FMLFirst
name xxx.xxx.131.22 Integrity
name 192.168.6.0 TJhome
name 192.168.38.10 Server2
name xxx.xxx.117.182 ClovisPublicIP
name xxx.xxx.100.239 OakurstPublicIP
name xxx.xxx.174.185 MaderaPublicIP
name 192.168.38.64 VideoS1
object-group network FMLRemoteOffices
description Public IP's and Internal Subnets for All Remote Offices
network-object OakurstPublicIP 255.255.255.255
network-object MaderaPublicIP 255.255.255.255
network-object ClovisPublicIP 255.255.255.255
network-object xxx.xxx.109.202 255.255.255.255
access-list inside_outbound_nat0_acl permit ip 192.168.38.0 255.255.255.0 Clovis 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.38.0 255.255.255.0 Oakurst 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.38.0 255.255.255.0 TJhome 255.255.255.0
access-list inside_outbound_nat0_acl permit ip 192.168.38.0 255.255.255.0 Madera 255.255.255.0
access-list inside_outbound_nat0_acl permit ip any host 192.168.38.248
access-list inside_outbound_nat0_acl permit ip any 192.168.38.248 255.255.255.248
access-list outside_access_in permit tcp any host xxx.xxx.131.54 eq https
access-list outside_access_in permit icmp any any echo-reply
access-list outside_access_in remark Sage e-prescription service 8423
access-list outside_access_in permit tcp any host xxx.xxx.131.54 eq 8423
access-list outside_access_in permit tcp any host xxx.xxx.131.53 eq 1202
access-list outside_access_in permit tcp any host xxx.xxx.131.52 eq 7000
access-list outside_cryptomap_20 permit ip 192.168.38.0 255.255.255.0 Clovis 255.255.255.0
access-list outside_cryptomap_80 permit ip 192.168.38.0 255.255.255.0 Oakurst 255.255.255.0
access-list outside_cryptomap_120 permit ip 192.168.38.0 255.255.255.0 Madera 255.255.255.0
access-list outside_cryptomap_100 permit ip 192.168.38.0 255.255.255.0 TJhome 255.255.255.0
no pager
logging on
icmp permit any echo-reply outside
icmp permit any echo-reply inside
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.131.50 255.255.255.248
ip address inside 192.168.38.4 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPNDHCP 192.168.38.248-192.168.38.252
ip local pool DHCP39 192.168.39.1-192.168.39.254
pdm location Integrity 255.255.255.255 outside
pdm location 192.168.38.0 255.255.255.0 inside
pdm location FirstStreet 255.255.255.0 inside
pdm location FirstStreet 255.255.255.0 outside
pdm location Sco 255.255.255.255 inside
pdm location FirstWan 255.255.255.255 outside
pdm location Oakurst 255.255.255.0 outside
pdm location Clovis 255.255.255.0 outside
pdm location TJhome 255.255.255.0 outside
pdm location Madera 255.255.255.0 outside
pdm location TomJ 255.255.255.0 outside
pdm location 0.0.0.0 255.255.255.255 outside
pdm location xxx.xxx.141.217 255.255.255.255 outside
pdm location 192.168.38.111 255.255.255.255 inside
pdm location 192.168.38.3 255.255.255.255 inside
pdm location FMLFirst 255.255.255.255 outside
pdm location xxx.xxx.130.15 255.255.255.255 outside
pdm location 128.0.0.0 128.0.0.0 outside
pdm location xxx.xxx.109.202 255.255.255.255 outside
pdm location Server2 255.255.255.255 inside
pdm location ClovisPublicIP 255.255.255.255 outside
pdm location OakurstPublicIP 255.255.255.255 outside
pdm location MaderaPublicIP 255.255.255.255 outside
pdm location 192.168.38.248 255.255.255.255 outside
pdm location TomJ 255.255.255.0 inside
pdm location VideoS1 255.255.255.255 inside
pdm location 192.168.38.21 255.255.255.255 inside
pdm group FMLRemoteOffices outside
pdm logging debugging 500
no pdm history enable
arp timeout 14400
global (outside) 1 xxx.xxx.131.51
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) xxx.xxx.131.54 Server2 netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.131.53 192.168.38.21 netmask 255.255.255.255 0 0
static (inside,outside) xxx.xxx.131.52 VideoS1 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.131.49 1
route inside FirstStreet 255.255.255.0 192.168.38.254 1
timeout xlate 3:00:00
timeout conn 4:00:00 half-closed 2:00:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
http server enable
http Integrity 255.255.255.255 outside
http xxx.xxx.141.217 255.255.255.255 outside
http xxx.xxx.109.202 255.255.255.255 outside
http 192.168.38.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
sysopt connection permit-pptp
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map outside_dyn_map 30 set transform-set ESP-DES-MD5
crypto dynamic-map outside_dyn_map 50 set transform-set ESP-3DES-MD5
crypto map outside_map 20 ipsec-isakmp
crypto map outside_map 20 match address outside_cryptomap_20
crypto map outside_map 20 set peer ClovisPublicIP
crypto map outside_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 80 ipsec-isakmp
crypto map outside_map 80 match address outside_cryptomap_80
crypto map outside_map 80 set peer OakurstPublicIP
crypto map outside_map 80 set transform-set ESP-DES-MD5
crypto map outside_map 100 ipsec-isakmp
crypto map outside_map 100 match address outside_cryptomap_100
crypto map outside_map 100 set peer xxx.xxx.174.234
crypto map outside_map 100 set transform-set ESP-DES-MD5
crypto map outside_map 120 ipsec-isakmp
crypto map outside_map 120 match address outside_cryptomap_120
crypto map outside_map 120 set peer MaderaPublicIP
crypto map outside_map 120 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
isakmp enable outside
isakmp key ******** address xxx.xxx.141.217 netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address ClovisPublicIP netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address xxx.xxx.64.82 netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address xxx.xxx.67.172 netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address OakurstPublicIP netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address xxx.xxx.24.157 netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address xxx.xxx.174.234 netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address xxx.xxx.88.137 netmask 255.255.255.255
isakmp key ******** address MaderaPublicIP netmask 255.255.255.255 no-xauth no-config-mode
isakmp key ******** address xxx.xxx.109.202 netmask 255.255.255.255 no-xauth no-config-mode
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
isakmp policy 40 authentication pre-share
isakmp policy 40 encryption 3des
isakmp policy 40 hash md5
isakmp policy 40 group 2
isakmp policy 40 lifetime 86400
vpngroup FMLREASYVPN address-pool VPNDHCP
vpngroup FMLREASYVPN dns-server 192.168.38.3
vpngroup FMLREASYVPN idle-time 1800
vpngroup FMLREASYVPN password ********
vpngroup Brevium address-pool VPNDHCP
vpngroup Brevium dns-server 192.168.38.3
vpngroup Brevium idle-time 1800
vpngroup Brevium password ********
telnet 192.168.38.0 255.255.255.0 inside
telnet TomJ 255.255.255.0 inside
telnet timeout 5
ssh Integrity 255.255.255.255 outside
ssh 99.15.109.202 255.255.255.255 outside
ssh timeout 5
management-access inside
console timeout 0
vpdn group PPTP-VPDN-GROUP accept dialin pptp
vpdn group PPTP-VPDN-GROUP ppp authentication chap
vpdn group PPTP-VPDN-GROUP ppp authentication mschap
vpdn group PPTP-VPDN-GROUP ppp encryption mppe auto
vpdn group PPTP-VPDN-GROUP client configuration address local VPNDHCP
vpdn group PPTP-VPDN-GROUP client configuration dns 192.168.38.3
vpdn group PPTP-VPDN-GROUP pptp echo 60
vpdn group PPTP-VPDN-GROUP client authentication local
vpdn username admin password *********
vpdn username tonette password *********
vpdn username rosie password *********
vpdn username cts password *********
vpdn username MaderaFMLR password *********
vpdn username ruth password *********
vpdn username fogg password *********
vpdn username lanier password *********
vpdn username lanier2 password *********
vpdn username justin password *********
vpdn username mike password *********
vpdn username heather password *********
vpdn username Brevium password *********
vpdn username jeremiah password *********
vpdn enable outside
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
username admin password *************** encrypted privilege 15
terminal width 80
Cryptochecksum:******************************
: end
[OK]
NAT exemption, you must add the following:
inside_outbound_nat0_acl ip 192.168.38.0 access list allow TomJ 255.255.255.0 255.255.255.0
-
Site to Site VPN between PIX and Linksys RV042
I am trying to create a tunnel between a 506th PIX and a Linksys RV042 vpn . I configured the Phase 1 and Phase 2 as well as the transformation defined and interested traffic and connected to the external interface, but it will not create the tunnel. Configurations are as follows:
506th PIX running IOS 6.3
part of pre authentication ISAKMP policy 40
ISAKMP policy 40 cryptographic 3des
ISAKMP policy 40 sha hash
40 2 ISAKMP policy group
ISAKMP duration strategy of life 40 86400
ISAKMP key * address 96.10.xxx.xxx netmask 255.255.255.255
access-list 101 permit ip 192.168.21.0 255.255.255.0 192.168.1.0 255.255.255.0crypto map Columbia_to_Office 10 ipsec-isakmp
crypto Columbia_to_Office 10 card matches the address 101
card crypto Columbia_to_Office 10 set peer 96.10.xxx.xxx
10 Columbia_to_Office transform-set ESP-3DES-SHA crypto card game
Columbia_to_Office interface card crypto outsideLinksys RV042
Configuration of local groups
IP only
IP address: 96.10.xxx.xxx
Type of local Security group: subnet
IP address: 192.168.1.0
Subnet mask: 255.255.255.0Configuration of the remote control groups
IP only
IP address: 66.192.xxx.xxx
Security remote control unit Type: subnet
IP address: 192.168.21.0
Subnet mask: 255.255.255.0IPSec configuration
Input mode: IKE with preshared key
Group Diffie-Hellman phase 1: group2
Phase 1 encryption: 3DES
Authentication of the phase 1: SHA1
Life of ITS phase 1: 86400
Phase2 encryption: 3DES
Phase2 authentication: SHA1
Phase2 life expectancy: 3600 seconds
Pre-shared key *.I'm a novice on the VPN. Thanks in advance for your expertise.
Yes, version PIX 6.3 does not support HS running nat or sh run crypto.
Please please post the complete config if you don't mind.
Please also try to send traffic between subnets 2 and get the output of:
See the isa scream his
See the ipsec scream his
-
Press L2L VPN, IPSEC, and L2TP PIX connections
Hi all
I'm trying to implement a solution on my FW PIX (pix804 - 24.bin) to be able to support a VPN L2L session with VPN dynamic user sessions where clients will use a mix of IPSEC(Nat detection) and L2TP. We have always supported things IPSEC and that worked great for many years. I'm now trying to Add L2TP support, so that I can support Android phones/ipads, etc. as well as Windows with built in VPN l2tp clients clients. Everything works well except for the new features of L2TP. Allows you to complete one phase but then tries to use the card encryption that is used for the VPN L2L. It seems to fail because IP addresses are not in the configured ACL to the crypto-map L2L. Does anyone know if there are any questions all these configurations support both. And if not can you see what I have wrong here, which would make it not work. Here are the relevant training:
C515 - A # sh run crypto
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set of society-ras-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac company-l2tp
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Dynamic crypto map company-ras 1 correspondence address company-dynamic
company Dynamics-card crypto-ras 1 set pfs
Dynamic crypto map company-ras 1 transform-set ESP-SHA-3DES ESP-3DES-MD5 company-ras
Dynamic crypto map company-ras 1 lifetime of security association set seconds 28800
company Dynamics-card crypto-ras 1 kilobytes of life together - the association of safety 4608000
crypto dynamic-map-ras company 2 address company-dynamic game
crypto dynamic-map company-ras 2 transform-set of society-l2tp
crypto dynamic-map company-ras 2 set security association lifetime seconds 28800
company Dynamics-card crypto-ras 2 kilobytes of life together - the association of safety 4608000
card crypto company-map 1 correspondence address company-colo
card crypto company-card 1 set pfs
card crypto company-card 1 set counterpart colo-pix-ext
card crypto card company 1 value transform-set ESP-3DES-MD5 SHA-ESP-3DES
company-map 1 lifetime of security association set seconds 28800 crypto
card company-card 1 set security-association life crypto kilobytes 4608000
company-card 1 set nat-t-disable crypto card
company-card 2 card crypto ipsec-isakmp dynamic company-ras
business-card interface card crypto outside
crypto isakmp identity address
crypto ISAKMP allow outsideCrypto isakmp nat-traversal 3600
crypto ISAKMP policy 1
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 2
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
C515 - A # sh run tunnel-group
attributes global-tunnel-group DefaultRAGroup
company-ras address pool
Group-LOCAL radius authentication server
Group Policy - by default-l2tp
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared-key *.
tunnel-group DefaultRAGroup ppp-attributes
PAP Authentication
No chap authentication
ms-chap-v2 authentication
eap-proxy authentication
type tunnel-group company-ras remote access
tunnel-group global company-ras-attributes
company-ras address pool
Group-LOCAL radius authentication server
tunnel-group company-ras ipsec-attributes
pre-shared-key *.
type tunnel-group company-admin remote access
attributes global-tunnel-group company-admin
company-admin address pool
Group-LOCAL radius authentication server
company strategy-group-by default-admin
IPSec-attributes of tunnel-group company-admin
pre-shared-key *.
PPP-attributes of tunnel-group company-admin
No chap authentication
ms-chap-v2 authentication
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group ipsec-attributes x.x.x.x
pre-shared-key *.
ISAKMP keepalive retry threshold 15 10
C515 - A # sh run Group Policy
attributes of Group Policy DfltGrpPolicy
Server DNS 10.10.10.20 value 10.10.10.21
Protocol-tunnel-VPN IPSec
enable PFS
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value company-SPLIT-TUNNEL-ACL
company.int value by default-field
NAC-parameters DfltGrpPolicy-NAC-framework-create value
internal strategy of company-admin group
attributes of the strategy of company-admin group
WINS server no
DHCP-network-scope no
VPN-access-hour no
VPN - 20 simultaneous connections
VPN-idle-timeout 30
VPN-session-timeout no
Protocol-tunnel-VPN IPSec l2tp ipsec
disable the IP-comp
Re-xauth disable
Group-lock no
enable PFS
Split-tunnel-network-list value company-ADMIN-SPLIT-TUNNEL-ACL
L2TP strategy of Group internal
Group l2tp policy attributes
Server DNS 10.10.10.20 value 10.10.10.21
Protocol-tunnel-VPN l2tp ipsec
disable the PFS
Split-tunnel-policy tunnelall
company.int value by default-field
NAC-parameters DfltGrpPolicy-NAC-framework-create valueRelevant debug output
C515 - Has # Sep 03 02:09:33 [IKEv1 DEBUG]: IP = 66.25.14.195, Oakley proposal is acceptable
Sep 03 02:09:33 [IKEv1 DEBUG]: IP = 66.25.14.195, IKE Peer included IKE fragmentation capability flags: Main Mode: real aggressive Mode: false
Sep 03 02:09:33 [IKEv1 DEBUG]: IP = 66.25.14.195, IKE SA proposal # 1, turn # 1 entry IKE acceptable Matches # 3 overall
Sep 03 02:09:33 [IKEv1]: IP = 66.25.14.195, connection landed on tunnel_group DefaultRAGroup
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, status of automatic NAT detection: remote endpoint IS behind a NAT device this end is NOT behind a NAT device
Sep 03 02:09:33 [IKEv1]: IP = 66.25.14.195, connection landed on tunnel_group DefaultRAGroup
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, previously allocated memory of liberation for permission-dn-attributes
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, PHASE 1 COMPLETED
Sep 03 02:09:33 [IKEv1]: IP = 66.25.14.195, for this connection Keep-alive type: None
Sep 03 02:09:33 [IKEv1]: IP = 66.25.14.195, Keep-alives configured on, but the peer does not support persistent (type = None)
Sep 03 02:09:33 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 66.25.14.195, timer to generate a new key to start P1: 21600 seconds.
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, data received in payload ID remote Proxy Host: address 172.16.0.104 17 of the Protocol, Port 0
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, data received in payload ID local Proxy Host: address x.x.x.x, 17 of the Protocol, Port 1701
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, detected L2TP/IPSec session.
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, QM IsRekeyed its not found old addr
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, static check card Crypto, check card company card, seq = 1 =...
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, static check card Crypto card = company-map, seq = 1, ACL does not proxy IDs src:66.25.14.195 dst: x.x.x.x
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, tunnel IPSec rejecting: no entry for crypto for proxy card proxy remote 66.25.14.195/255.255.255.255/17/0 local x.x.x.x/255.255.255.255/17/1701 on the outside interface
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, error QM WSF (P2 struct & 0x501c1f0, mess id 0xa181b866).
Sep 03 02:09:33 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 66.25.14.195, case of mistaken IKE responder QM WSF (struct & 0x501c1f0), : QM_DONE EV_ERROR--> QM_BLD_MSG2 EV_NEGO_SA--> QM_BLD_MSG2, EV_IS_REKEY--> QM_BLD_MSG2, EV_CONFIRM_SA--> QM_BLD_MSG2, EV_PROC_MSG--> QM_BLD_MSG2, EV_HASH_OK--> QM_BLD_MSG2, NullEvent--> QM_BLD_MSG2, EV_COMP_HASH
Sep 03 02:09:33 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, peer table correlator Removing failed, no match!
Sep 03 02:09:33 [IKEv1]: ignoring msg SA brand with Iddm 204910592 dead because ITS removal
Sep 03 02:10:05 [IKEv1 DEBUG]: IP = 66.25.14.195, Oakley proposal is acceptable
Sep 03 02:10:05 [IKEv1 DEBUG]: IP = 66.25.14.195, IKE Peer included IKE fragmentation capability flags: Main Mode: real aggressive Mode: false
Sep 03 02:10:05 [IKEv1 DEBUG]: IP = 66.25.14.195, IKE SA proposal # 1, turn # 1 entry IKE acceptable Matches # 3 overall
Sep 03 02:10:05 [IKEv1]: IP = 66.25.14.195, connection landed on tunnel_group DefaultRAGroup
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, status of automatic NAT detection: remote endpoint IS behind a NAT device this end is NOT behind a NAT device
Sep 03 02:10:05 [IKEv1]: IP = 66.25.14.195, connection landed on tunnel_group DefaultRAGroup
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, previously allocated memory of liberation for permission-dn-attributes
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, PHASE 1 COMPLETED
Sep 03 02:10:05 [IKEv1]: IP = 66.25.14.195, for this connection Keep-alive type: None
Sep 03 02:10:05 [IKEv1]: IP = 66.25.14.195, Keep-alives configured on, but the peer does not support persistent (type = None)
Sep 03 02:10:05 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 66.25.14.195, timer to generate a new key to start P1: 21600 seconds.
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, data received in payload ID remote Proxy Host: address 172.16.0.104 17 of the Protocol, Port 0
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, data received in payload ID local Proxy Host: address x.x.x.x, 17 of the Protocol, Port 1701
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, detected L2TP/IPSec session.
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, QM IsRekeyed its not found old addr
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, static check card Crypto, check card company card, seq = 1 =...
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, static check card Crypto card = company-map, seq = 1, ACL does not proxy IDs src:66.25.14.195 dst: x.x.x.x
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, tunnel IPSec rejecting: no entry for crypto for proxy card proxy remote 66.25.14.195/255.255.255.255/17/0 local x.x.x.x/255.255.255.255/17/1701 on the outside interface
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, error QM WSF (P2 struct & 0x501c1f0, mess id 0xa5db9562).
Sep 03 02:10:05 [IKEv1 DEBUG]: Group = DefaultRAGroup, IP = 66.25.14.195, case of mistaken IKE responder QM WSF (struct & 0x501c1f0), : QM_DONE EV_ERROR--> QM_BLD_MSG2 EV_NEGO_SA--> QM_BLD_MSG2, EV_IS_REKEY--> QM_BLD_MSG2, EV_CONFIRM_SA--> QM_BLD_MSG2, EV_PROC_MSG--> QM_BLD_MSG2, EV_HASH_OK--> QM_BLD_MSG2, NullEvent--> QM_BLD_MSG2, EV_COMP_HASH
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, peer table correlator Removing failed, no match!
Sep 03 02:10:05 [IKEv1]: ignoring msg SA brand with Iddm 204914688 dead because ITS removalThe outputs of two debugging who worry are the following:
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, data received in payload ID remote Proxy Host: address 172.16.0.104 17 of the Protocol, Port 0
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, data received in payload ID local Proxy Host: address x.x.x.x, 17 of the Protocol, Port 1701Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, static check card Crypto, check card company card, seq = 1 =...
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, static check card Crypto card = company-map, seq = 1, ACL does not proxy IDs src:66.25.14.195 dst: x.x.x.x
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, tunnel IPSec rejecting: no entry for crypto for proxy card proxy remote 66.25.14.195/255.255.255.255/17/0 local x.x.x.x/255.255.255.255/17/1701 on the outside interface
Sep 03 02:10:05 [IKEv1]: Group = DefaultRAGroup, IP = 66.25.14.195, error QM WSF (P2 struct & 0x501c1f0, mess id 0xa5db9562).This seems to indicate that his NAT detection but then do not assign to the entry card cryptography because networks are encrypted are not in the configured ACL that is true. He needs to use dynamic input and it doesn't seem to be.
I need to create another dynamic map entry to make it work instead of add lines to the same dynamic with a lower (higher) priority map entry?
Thanks in advance for any help here.
Hello
That won't do the trick, l2tp clients are picky kindda, so you know if they do not hit the correct strategy first they just stop trying. Follow these steps:
correspondence from the company of dynamic-map crypto-ras 1 address company-dynamic
No crypto-card set pfs dynamic company-ras 1
No crypto dynamic-map company-ras-1 transform-set ESP-SHA-3DES ESP-3DES-MD5 company-ras
Dynamic crypto map company-ras 1 transform-set company-l2tp SHA-ESP-3DES ESP-3DES-MD5 company-ras
The foregoing will not affect existing customers of IPsec at all, these clients will not use the statement of pfs and will link even if the correspondence address is not configured (it is optional), besides Cisco IPsec clients will be affected first the mode of transport policy and fail however they will continue to try and hit another police PH2.
Regarding your last question, I was referring specifically to the support of l2tp for android, and Yes, you will need to run one of these versions.
http://www.Cisco.com/en/us/docs/security/ASA/asa82/release/notes/asarn82.html#wp431562
Tavo-
-
Often lose pix or graphics when sending e-mail. How can I fix it?
What Redirection with pix or graphic email, notification that "some pix can not send." What can I do to avoid this problem?
Hi Don Davis1141929,
What version of Windows you are running on your computer? (Windows 7, Vista, or XP?)Which e-mail application do you use?What is the exact error message you use?Maybe this tutorial can help you:
Maybe you are looking for
-
Will save my profile folder also save the tabs now, I opened?
Will save my profile also folder save my current open tabs? As after I migrate, it will allow me to restore what I opened before not only bookmarks and web history?
-
Satellite P200D - 12f PSPBQE - Question about the temperature of the CPU/GFX
Hey guys,. Here are the specs of the laptop:TOSHIBA Satellite P200D-12F series laptop - AMD processor Turion 64 X 2 TL - 62 2.1 GHz 2 MB of Cache, memory 2048 MB DDR2-667 SO-Dimm (2 x 1024), drive optical drive DVD Super Multi, 250 GB SATA, 5400 obr/
-
Transfer of Hypercard 2.2
How to transfer data from Hypercard 2.2. in a PC environment? I have a PowerBook Duo 280 and want to migrate my files on a PC. Thank you.
-
RunDLL error on startup - Windows 7
Hello. Every time when I start my computer, I get the following error message: There was a problem starting C:\Users\duckalas\AppData\Local\Temp\dplaasks.dll The specified module could not be found. Please tell us how to solve this error. Thank you v
-
Toshiba laptop keyboard not working not properly
Today my daughter was doing the work of the school on my old Toshiba laptop purchased in February 2012. It crashed at 12 Dec, Toshiba gave me the whole term on fixig so I had to have local difficulty. Even after it was fixed, it never was the same a