Solved

Cisco VPN Client Connects to PIX Gateway but Cannot access resources

Posted on 2004-10-05
12
1,277 Views
Last Modified: 2012-05-05
I am able to connect to my Cisco VPN Gateway (PIX) with the VPN client, however am unable to access (even ping) any resources behind it. I saw someone else had a similar issue, but what he/she did to resolve it was not clear.

I have all the appropriate commands in place (this was tested and worked in a lab) but once I added other firewall policy rules and upgraded the software on the PIX and put it in production, I can connect, but not access resources.

The debug of the isakmp and ipsec processes are below:


crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
OAK_AG exchange
ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash SHA
ISAKMP:      default group 2
ISAKMP:      extended auth pre-share (init)
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash MD5
ISAKMP:      default group 2
ISAKMP:      extended auth pre-share (init)
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 3 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash SHA
ISAKMP:      default group 2
ISAKMP:      auth pre-share
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 4 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash MD5
ISAKMP:      default group 2
ISAKMP:      auth pre-share
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 5 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash SHA
ISAKMP:      default group 2
ISAKMP:      extended auth pre-share (init)
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 128
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 6 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash MD5
ISAKMP:      default group 2
ISAKMP:      extended auth pre-share (init)
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 128
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 7 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash SHA
ISAKMP:      default group 2
ISAKMP:      auth pre-share
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 128
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 8 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash MD5
ISAKMP:      default group 2
ISAKMP:      auth pre-share
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 128
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 9 against priority 10 policy
ISAKMP:      encryption 3DES-CBC
ISAKMP:      hash SHA
ISAKMP:      default group 2
ISAKMP:      extended auth pre-share (init)
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP (0): atts are not acceptable.
crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
OAK_AG exchange
ISAKMP (0): processing SA payload. message ID = 0

ISAKMP (0): Checking ISAKMP transform 1 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash SHA
ISAKMP:      default group 2
ISAKMP:      extended auth pre-share (init)
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 2 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash MD5
ISAKMP:      default group 2
ISAKMP:      extended auth pre-share (init)
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 3 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash SHA
ISAKMP:      default group 2
ISAKMP:      auth pre-share
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 4 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash MD5
ISAKMP:      default group 2
ISAKMP:      auth pre-share
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of  0x0 0x20 0xc4 0x9b
ISAKMP:      keylength of 256
ISAKMP (0): atts are not acceptable. Next payload is 3
ISAKMP (0): Checking ISAKMP transform 5 against priority 10 policy
ISAKMP:      encryption AES-CBC
ISAKMP:      hash SHA
ISAKMP:      default group 2
ISAKMP:      extended auth pre-share (init)
ISAKMP:      life type in seconds
ISAKMP:      life duration (VPI) of
crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
OAK_AG exchange
ISAKMP (0): processing HASH payload. message ID = 0
ISAKMP (0): processing NOTIFY payload 24578 protocol 1
        spi 0, message ID = 0
ISAKMP (0): processing notify INITIAL_CONTACTIPSEC(key_engine): got a queue even
t...

ISADB: reaper checking SA 0x101b0a4, conn_id = 0
ISADB: reaper checking SA 0x101a66c, conn_id = 0  DELETE IT!

VPN Peer: ISAKMP: Peer ip:24.27.90.74/500 Ref cnt decremented to:0 Total VPN Pee
rs:1
VPN Peer: ISAKMP: Deleted peer: ip:24.27.90.74/500 Total VPN peers:0
ISADB: reaper checking SA 0x101b0a4, conn_id = 0
crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
ISAKMP_TRANSACTION exchange
ISAKMP (0:0): processing transaction payload from 24.27.90.74. message ID = 1855
3924
ISAKMP: Config payload CFG_REQUEST
ISAKMP (0:0): checking request:
ISAKMP: attribute    IP4_ADDRESS (1)
ISAKMP: attribute    IP4_NETMASK (2)
ISAKMP: attribute    IP4_DNS (3)
ISAKMP: attribute    IP4_NBNS (4)
ISAKMP: attribute    ADDRESS_EXPIRY (5)
        Unsupported Attr: 5
ISAKMP: attribute    UNKNOWN (28672)
        Unsupported Attr: 28672
ISAKMP: attribute    UNKNOWN (28673)
        Unsupported Attr: 28673
ISAKMP: attribute    ALT_DEF_DOMAIN (28674)
ISAKMP: attribute    ALT_SPLIT_INCLUDE (28676)
ISAKMP: attribute    ALT_SPLITDNS_NAME (28675)
ISAKMP: attribute    ALT_PFS (28679)
ISAKMP: attribute    UNKNOWN (28683)
        Unsupported Attr: 28683
ISAKMP: attribute    ALT_BACKUP_SERVERS (28681)
ISAKMP: attribute    APPLICATION_VERSION (7)
ISAKMP: attribute    UNKNOWN (28680)
        Unsupported Attr: 28680
ISAKMP: attribute    UNKNOWN (28682)
        Unsupported Attr: 28682
ISAKMP: attribute    UNKNOWN (28677)
        Unsupported Attr: 28677
ISAKMP: attribute    UNKNOWN (28678)
        Unsupported Attr: 28678
ISAKMP (0:0): responding to peer config from 24.27.90.74. ID = 1588884442
return status is IKMP_NO_ERROR
crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
OAK_QM exchange
oakley_process_quick_mode:
OAK_QM_IDLE
ISAKMP (0): processing SA payload. message ID = 79589721

ISAKMP : Checking IPSec proposal 1

ISAKMP: transform 1, ESP_AES
ISAKMP:   attributes in transform:
ISAKMP:      authenticator is HMAC-MD5
ISAKMP:      key length is 256
ISAKMP:      encaps is 1
ISAKMP:      SA life type in seconds
ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xc4 0x9b IPSEC(validate_propos
al): transform proposal (prot 3, trans 12, hmac_alg 1) not supported

ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): skipping next ANDed proposal (1)
ISAKMP : Checking IPSec proposal 2

ISAKMP: transform 1, ESP_AES
ISAKMP:   attributes in transform:
ISAKMP:      authenticator is HMAC-SHA
ISAKMP:      key length is 256
ISAKMP:      encaps is 1
ISAKMP:      SA life type in seconds
ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xc4 0x9b IPSEC(validate_propos
al): transform proposal (prot 3, trans 12, hmac_alg 2) not supported

ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): skipping next ANDed proposal (2)
ISAKMP : Checking IPSec proposal 3

ISAKMP: transform 1, ESP_AES
ISAKMP:   attributes in transform:
ISAKMP:      authenticator is HMAC-MD5
ISAKMP:      key length is 128
ISAKMP:      encaps is 1
ISAKMP:      SA life type in seconds
ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xc4 0x9b IPSEC(validate_propos
al): transform proposal (prot 3, trans 12, hmac_alg 1) not supported

ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): skipping next ANDed proposal (3)
ISAKMP : Checking IPSec proposal 4

ISAKMP: transform 1, ESP_AES
ISAKMP:   attributes in transform:
ISAKMP:      authenticator is HMAC-SHA
ISAKMP:      key length is 128
ISAKMP:      encaps is 1
ISAKMP:      SA life type in seconds
ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xc4 0x9b IPSEC(validate_propos
al): transform proposal (prot 3, trans 12, hmac_alg 2) not supported

ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP (0): skipping next ANDed proposal (4)
ISAKMP : Checking IPSec proposal 5

ISAKMP: transform 1, ESP_AES
ISAKMP:   attributes in transform:
ISAKMP:      authenticator is HMAC-MD5
ISAKMP:      key length is 256
ISAKMP:      encaps is 1
ISAKMP:      SA life type in seconds
ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xc4 0x9b IPSEC(validate_propos
al): transform proposal (prot 3, trans 12, hmac_alg 1) not supported

ISAKMP (0): atts not acceptable. Next payload is 0
ISAKMP : Checking IPSec proposal 6

ISAKMP: transform 1, ESP_AES
ISAKMP:   attributes in transform:
ISAKMP:      authenticator is HMAC-SHA
ISAKMP:      key length is 256
ISAKMP:      encaps is 1
ISAKMP:      SA life type in seconds
ISAKMP:      SA life duration (VPI) of  0x0 0x20 0xc4 0x9b
crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
ISAKMP (0): processing NOTIFY payload 36136 protocol 1
        spi 0, message ID = 2766623497
ISAMKP (0): received DPD_R_U_THERE from peer 24.27.90.74
ISAKMP (0): sending NOTIFY message 36137 protocol 1
return status is IKMP_NO_ERR_NO_TRANS
crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
ISAKMP (0): processing NOTIFY payload 36136 protocol 1
        spi 0, message ID = 1450310135
ISAMKP (0): received DPD_R_U_THERE from peer 24.27.90.74
ISAKMP (0): sending NOTIFY message 36137 protocol 1
return status is IKMP_NO_ERR_NO_TRANS
crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
ISAKMP (0): processing NOTIFY payload 36136 protocol 1
        spi 0, message ID = 160143405
ISAMKP (0): received DPD_R_U_THERE from peer 24.27.90.74
ISAKMP (0): sending NOTIFY message 36137 protocol 1
return status is IKMP_NO_ERR_NO_TRANS
HOU-SC-FW-515E#
HOU-SC-FW-515E#
crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
ISAKMP (0): processing NOTIFY payload 36136 protocol 1
        spi 0, message ID = 400920988
ISAMKP (0): received DPD_R_U_THERE from peer 24.27.90.74
ISAKMP (0): sending NOTIFY message 36137 protocol 1
return status is IKMP_NO_ERR_NO_TRANS
crypto_isakmp_process_block:src:24.27.90.74, dest:<VPN_GW_IP> spt:500 dpt:500
ISAKMP (0): processing NOTIFY payload 36136 protocol 1
        spi 0, message ID = 4241242449
ISAMKP (0): received DPD_R_U_THERE from peer 24.27.90.74
ISAKMP (0): sending NOTIFY message 36137 protocol 1
return status is IKMP_NO_ERR_NO_TRANS
0
Comment
Question by:amitphilip
  • 4
  • 4
  • 4
12 Comments
 
LVL 3

Expert Comment

by:Felix2000
ID: 12235756
Hard to tell without seeing some of your config.
Sounds like it might be the range of IP's that's being assigned to your VPN clients is not in the no nat list.

So if you vpn ip's were .75-79 you would add this

access-list 80 permit ip any host 192.168.1.75
access-list 80 permit ip any host 192.168.1.76
access-list 80 permit ip any host 192.168.1.77
access-list 80 permit ip any host 192.168.1.78
access-list 80 permit ip any host 192.168.1.79

nat (inside) 0 access-list 80

Otherwise please post some relivant config details.

Thanks
-= Felix 2000 =-
0
 

Author Comment

by:amitphilip
ID: 12237822
I believe I have the required configuration....  As I mentioned, this worked at one time in a lab, till I added other ACLs (which should not affect it anyway because of the sysopt permit ipsec command) and routes. see below (172.16.14.0/24 is the ip pool assigned to vpn clients):

access-list 102 permit ip 172.16.10.0 255.255.255.0 172.16.14.0 255.255.255.0
access-list 102 permit ip 172.16.11.0 255.255.255.0 172.16.14.0 255.255.255.0
access-list 102 permit ip 172.16.12.0 255.255.255.0 172.16.14.0 255.255.255.0
access-list 102 permit ip 172.16.13.0 255.255.255.0 172.16.14.0 255.255.255.0

ip local pool ippool 172.16.14.1-172.16.14.254

global (outside) 1 <public PAT address>
nat (inside) 0 access-list 102
nat (inside) 1 172.16.10.0 255.255.255.0 0 0
nat (inside) 1 172.16.11.0 255.255.255.0 0 0
nat (inside) 1 172.16.12.0 255.255.255.0 0 0
nat (inside) 1 172.16.13.0 255.255.255.0 0 0

route outside 0.0.0.0 0.0.0.0 <Next hop IP of Internet Gateway> 1
route inside 172.16.10.0 255.255.255.0 172.16.13.6 1
route inside 172.16.11.0 255.255.255.0 172.16.13.6 1
route inside 172.16.12.0 255.255.255.0 172.16.13.6 1
route inside 172.16.13.0 255.255.255.0 172.16.13.6 1
route outside 172.16.14.0 255.255.255.0 <IP of PIX outside interface> 1

sysopt connection permit-ipsec
crypto ipsec transform-set myset esp-des esp-md5-hmac
crypto dynamic-map dynmap 10 set transform-set myset
crypto map mymap 10 ipsec-isakmp dynamic dynmap
crypto map mymap interface outside
isakmp enable outside
isakmp identity address
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption des
isakmp policy 10 hash md5
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup vpn3000 address-pool ippool
vpngroup vpn3000 dns-server 172.16.11.154
vpngroup vpn3000 wins-server 172.16.11.154
vpngroup vpn3000 split-tunnel 102
vpngroup vpn3000 password ********
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12238205
>route inside 172.16.10.0 255.255.255.0 172.16.13.6 1
Assuming that your PIX inside interface is addressed 172.16.13.x
Assuming that your PIX inside interface has 255.255.255.0 mask
Assuming that the local users' default gateway is 172.16.13.6
Whatever the router is @ 172.16.13.6 needs a route for the 172.16.14.0/24 subnet pointing to the PIX

Other ACLs can affect the traffic if you have applied any to the inside interface. The sysopt only affects the outside interface.
0
 

Author Comment

by:amitphilip
ID: 12238505
Yes, the PIX inside interface has IP 172.16.13.6, but the mask is 255.255.255.252

Local users' default gateway is the router that they connect to, and this router has a default route pointing to the PIX inside interface (172.16.13.6)

I have listed below ACLs on the inside interface of the PIX (they should not be stoppping anything as far as I know, but you can have a look... maybe I should just have a permit ip any any ?)

access-list acl_in permit icmp any any log
access-list acl_in permit tcp any any
access-list acl_in permit udp any any

access-group acl_in in interface inside

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12238600
Remove the acl from the inside interface completely for testing.
Then yes, if you simply want a way to log all icmp packets:
   access-list acl_in permit icmp any any log
   access-list acl_in permit ip any any

There are other methods of handling the icmp issue other than using acls, depending on what your goal is..

 - "icmp" commands
 - "ip audit" commands (IDS)
0
 
LVL 3

Expert Comment

by:Felix2000
ID: 12239991
I didn't think the remote pool could be that of the outside interface(or isn't normally so), because then you are coming from a lower security interface to a higher so you need acl, static etc...  for every type of traffic

It may work I've just never seen it made to the outisde interface.
I though the pix bridges incomming vpn's somewhere in the middle closer to the inside.

-= Felix =-
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 79

Expert Comment

by:lrmoore
ID: 12240388
Felix,
I don't see anywhere in here where the vpn address pool is on the same subnet as the outside interface.. it is a different subnet than the inside interface, which is accepted and recommended, but it is still a private subnet, therefore has no relation to the outside interface. You are correct that a terminated VPN appears sort of "in between" the interfaces. That's one primary reason for using a different subnet...



I did notice one more item...

>nat (inside) 0 access-list 102
>vpngroup vpn3000 split-tunnel 102

You have the same access-list being used by two separate processes. I know this is exactly according to the Cisco examples, but it is not recommended practice by TAC..

You can create identical acls:

access-list 102 permit ip 172.16.10.0 255.255.255.0 172.16.14.0 255.255.255.0
access-list 102 permit ip 172.16.11.0 255.255.255.0 172.16.14.0 255.255.255.0
access-list 102 permit ip 172.16.12.0 255.255.255.0 172.16.14.0 255.255.255.0
access-list 102 permit ip 172.16.13.0 255.255.255.0 172.16.14.0 255.255.255.0

access-list 103 permit ip 172.16.10.0 255.255.255.0 172.16.14.0 255.255.255.0
access-list 103 permit ip 172.16.11.0 255.255.255.0 172.16.14.0 255.255.255.0
access-list 103 permit ip 172.16.12.0 255.255.255.0 172.16.14.0 255.255.255.0
access-list 103 permit ip 172.16.13.0 255.255.255.0 172.16.14.0 255.255.255.0

Then apply one to the nat process, and one as the split-tunnel acl:
   nat (inside) 0 access-list 102
   vpngroup vpn3000 split-tunnel 103



0
 
LVL 3

Expert Comment

by:Felix2000
ID: 12241187
My mistake I looked at this line and assumed it was

route outside 172.16.14.0 255.255.255.0 <IP of PIX outside interface> 1
0
 

Author Comment

by:amitphilip
ID: 12241233
Ok, thanks for the suggestions. I took off the ACL from the inside interface of the pix. I also created two separate ACL statements for the  nat (inside) 0 and split tunnel command as shown above, but still cannot get to anything on the inside.

I am wondering whether I need the following route statement (it was not there when I tested this and had it working before:

route outside 172.16.14.0 255.255.255.0 <IP of PIX outside interface> 1

Thanks,
AP
0
 
LVL 3

Assisted Solution

by:Felix2000
Felix2000 earned 150 total points
ID: 12241298
Like I was saying the VPN client sare kinda bridged half way between the inside and outside.

They are not full inside because you can't go back out the outside interface for something different like internet(the pix prevents hair pin routing, so it definately knows it came from the outside)
But it gets the security level of the inside interface.

I run VPN on my pix and I don't have any extra routes.

What and where is the default gateway for the 172.16.14.0 clients?

-= Felix =-
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 350 total points
ID: 12241561
>route outside 172.16.14.0 255.255.255.0 <IP of PIX outside interface> 1
Absolutely, this will kill your VPN connectivity. Please remove it..
0
 

Author Comment

by:amitphilip
ID: 12254387
Folks, thanks for your help.
I removed the route statement, but it still did not help.

I however did get it working.  There wer 2 issues:

1) A colleague enabled 3DES and AES on the PIX, so when comparing transforms, it was never getting to DES ( as seen in the PIX debug of the isakmp transactions). I changed the config so that the transform set and isakmp policy used 3DES instead of DES.  This got it working past phase 1, however I was still unable to ping anything on the inside.

2) The second thing that you notice on the PIX debug of the ISAKMP transaction is "IKMP_NO_ERR_NO_TRANS", and I believe it should be "IKMP_NO_ERR".  This was fixed by adding the isakmp nat-traversal command.

-AP
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco 877 VA no ADSL connection.? 2 184
DMVPN 3 85
Recommendations for Cheap Small Gigabit Router 9 116
Cisco ASA 5505 with Verizon Fios 10 104
This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now