Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ASA 5505 Site-to-Site tunnels not coming up

Posted on 2011-10-20
24
Medium Priority
?
686 Views
Last Modified: 2012-05-12
Greetings,

I am trying to configure site-to-site VPN for one of my clients, their setup is such,
They have their Server sitting in a data centre, and then they have a branch office in two different cities.  Currently they use watchgaurd firewalls at all ends to create two site-to-site tunnels at each end (one to data centre and one to other office) and it works fine.
Now, I am installing Cisco ASA 5505 at all these sites to replace watchguard boxes, even though I’ve done these kinds of setups for my other clients, I’m not getting much joy here. What brings me here is the fact that, to best of my knowledge the configurations (posted below) looks alright but I still have no active IPsec tunnels between these sites.  I’d be highly obliged if someone could point out where I’m going wrong, by looking at the configurations.
PS: I have devices plugged in at inside interface of each of these devices to make sure that there is some traffic present and all interfaces are up.

Data
ASA Version 8.2(5)
!
hostname Data
domain-name zxcv
enable password ccccccccc/ encrypted
passwd cccccccc/ encrypted
names
name 10.0.0.0 site1
name 10.0.1.0 site2
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 192.168.75.250 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.x y.y.y.y
!
boot system disk0:/asa825-k8.bin
ftp mode passive
dns server-group DefaultDNS
 domain-name zxcv
object-group network obj_any
access-list outside_1_cryptomap extended permit ip 192.168.75.0 255.255.255.0 site1 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.75.0 255.255.255.0 site1 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.75.0 255.255.255.0 site2 255.255.255.0
access-list outside_2_cryptomap extended permit ip 192.168.75.0 255.255.255.0 site2 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable 444
http 192.168.75.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer x.x.x.x
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs group1
crypto map outside_map 2 set peer y.y.y.y
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 192.168.75.50-192.168.75.110 inside
dhcpd dns 8.8.8.8 4.4.2.2 interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key *****
tunnel-group y.y.y.y type ipsec-l2l
tunnel-group y.y.y.y ipsec-attributes
 pre-shared-key *****
!
!
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f415cbb37c291c1532416399225d4140
: end
asdm location site2 255.255.255.0 inside
asdm location site1 255.255.255.0 inside
no asdm history enable
---------------------------------------------------------------------------
Site1
ASA Version 8.2(5)
!
hostname site1
domain-name zxcv
enable password ccccccccc/ encrypted
passwd ccccccccccc/ encrypted
names
name 10.0.1.0 site2
name 192.168.75.0 data
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.0.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.x y.y.y.y
!
boot system disk0:/asa825-k8.bin
ftp mode passive
dns server-group DefaultDNS
 domain-name zxcv
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network obj_any
access-list outside_1_cryptomap extended permit ip 10.0.0.0 255.255.255.0 site2 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 site2 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.255.0 data 255.255.255.0
access-list outside_2_cryptomap extended permit ip 10.0.0.0 255.255.255.0 data 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable 444
http 10.0.0.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer x.x.x.x
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs group1
crypto map outside_map 2 set peer y.y.y.y
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet 10.0.0.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 10.0.0.50-10.0.0.110 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd domain zxcv interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key *****
tunnel-group y.y.y.y type ipsec-l2l
tunnel-group y.y.y.y ipsec-attributes
 pre-shared-key *****
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:e4223d5e4f8c30a6ee12dbf830d8af44
: end
asdm location site2 255.255.255.0 inside
asdm location data 255.255.255.0 inside
no asdm history enable
------------------------------------------------------------------------
Site2
ASA Version 8.2(5)
!
hostname site2
domain-name zxcv
enable password ccccccccccc/ encrypted
passwd ccccccccccccc encrypted
names
name 10.0.0.0 site1
name 192.168.75.0 data
!
interface Ethernet0/0
 switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
 nameif inside
 security-level 100
 ip address 10.0.1.1 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address x.x.x.x y.y.y.y
!
boot system disk0:/asa825-k8.bin
ftp mode passive
dns server-group DefaultDNS
 domain-name zxcv
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network obj_any
access-list outside_1_cryptomap extended permit ip 10.0.1.0 255.255.255.0 site1 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.1.0 255.255.255.0 site1 255.255.255.0
access-list inside_nat0_outbound extended permit ip 10.0.1.0 255.255.255.0 data 255.255.255.0
access-list outside_2_cryptomap extended permit ip 10.0.1.0 255.255.255.0 data 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable 444
http 10.0.1.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer x.x.x.x
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs group1
crypto map outside_map 2 set peer y.y.y.y
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
!
dhcpd address 10.0.1.50-10.0.1.110 inside
dhcpd dns 8.8.8.8 8.8.4.4 interface inside
dhcpd enable inside
!

threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
tunnel-group x.x.x.x type ipsec-l2l
tunnel-group x.x.x.x ipsec-attributes
 pre-shared-key *****
tunnel-group y.y.y.y type ipsec-l2l
tunnel-group y.y.y.y ipsec-attributes
 pre-shared-key *****
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:a97de69d761968d5518991e811fd0379
: end
asdm location site1 255.255.255.0 inside
asdm location data 255.255.255.0 inside
no asdm history enable

0
Comment
Question by:Identity_reborn
  • 14
  • 9
24 Comments
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37002554
did you check with some debug runs to what point your VPNs are coming up or not? (debug crypto isa, debug crypto ipsec)
Also, did you set the VPNs up using the ASDM VPN wizard? Usually, s2s VPNs are pretty easy to get up and running with the help of the wizard ... maybe just drop the current config for the VPN and give it a try?
0
 

Author Comment

by:Identity_reborn
ID: 37002600
@ Garry-G

VPNs are not coming up at all for some reason, and yes I have set these up using ASDM wizards.
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37002618
OK, then try a ping from end points while running the "debug crypto isa 250" command on the initiating side ...
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:Identity_reborn
ID: 37002649
@ Garry-G

Endpoints are dumb ASDL routers, I've assigned static IPs to their LAN interfaces to keep the 'inside' interface of the ASAs alive, also I'm managing these devices for a central location via ASDM (cant SSH in from outside into these devices) it would let me run any debug commands.
0
 

Author Comment

by:Identity_reborn
ID: 37002661
Sorry meant to say 'it wouldn't let me run debug commands through ASDM'.
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37002694
Add your IP temporarily for SSH ...
0
 
LVL 18

Expert Comment

by:max_the_king
ID: 37003493
Hi,
I'd try and delete the
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set pfs group2
on both the ASA
They're not necessary and have caused me trouble a few times in my implementations

With command line you just put a "no" before any of those commands, while in ASDM you should uncheck it
good luck
0
 

Author Comment

by:Identity_reborn
ID: 37003622
@ Max_the_king

I've tried creating these tunnels with PFS diabled as well, but with no luck.

0
 

Author Comment

by:Identity_reborn
ID: 37003718
@ Garry-G

I cant seem to ssh into any of the devices (even after generating crypto rsa key and making an exception in firewall) would packet tracer utility in ASDM any good?
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37004777
You're probably missing the Option for authentication ... without it, the ASA will not enable the SSH feature ..
Go to Device Managment, Users/AAA, AAA Access. Turn on SSH Authentication with Server Group local ...
0
 

Author Comment

by:Identity_reborn
ID: 37004929
Molrning,

I've ennabled Server group local for SSH, but its the same thing an blank putty screen and that's all, also I SSH into port 444.

0
 

Author Comment

by:Identity_reborn
ID: 37007101
@ Garry-G

Update
I've got the SSH session up and running, started debug crypto isa 250, and pinged from end point.

I m not getting any reply back for my pings as if the tunnels are non existent and hence the topic.
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37007461
Are you getting any output from the debug? What does "show crypto isa sa" and "show crypto ipsec sa" output?
0
 

Author Comment

by:Identity_reborn
ID: 37007775
Crypto ipsec shows all counters as zeros and the others show crypto commands would not show any thing.
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37008577
Hm ... if not even isakmp comes up, there's something basic wrong ...

The outside interfaces have official IPs, don't they? Is there any output from the "debug crypto isa" command? Both initiating and receiving end ...
0
 

Author Comment

by:Identity_reborn
ID: 37009563
The fact that I can connect to these devices remotely, proves that the outside interfaces IP are setup correctly. However, I agree with you that some basic config is missing or wrong.

Also. there is no output from debug crypto isa.


PS: I'm certain that the pre-shared key and peer IP are correct as well. Could there be any rule(s)
missing from the firewall?

0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37010309
Hm ... comparing the config to one that's working for me, I used "regular" isakmp/ipsec instead of l2l tunnel ... so adding something like this might be worth a try:

crypto map outside_map 1 ipsec-isakmp
crypto map outside_map 2 ipsec-isakmp
isakmp key PW1 address x.x.x.x netmask 255.255.255.255 no-xauth no-config-mode
isakmp key PW2 address y.y.y.y netmask 255.255.255.255 no-xauth no-config-mode
isakmp keepalive 60 5
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption aes-256
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 86400
isakmp policy 2 authentication pre-share
isakmp policy 2 encryption aes-256
isakmp policy 2 hash sha
isakmp policy 2 group 2
isakmp policy 2 lifetime 86400

Open in new window

0
 

Author Comment

by:Identity_reborn
ID: 37010787
I'd certainly give that a try.

I've noticed that ADSL routers plugged into inside interfaces (to keep them up) are not generating any traffic at all, I can access them only via their web interface.

Considering the fact, that they are on internal range of the ASA firewalls (10.0.0.7, 10.0.1.7 and 192.168.75.7), I can  port forward these hosts so i can access there web interfaces. But when I put in a static NAT and an access rule to allow in http into these hosts I can't get to their web interfaces, any clues why?
0
 

Author Comment

by:Identity_reborn
ID: 37021354
@ Garry-G

Hi,

I've tried adding those lines but to no avail :(
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37022369
Do you now get any output from the "debug crypto isakmp 250" line?
0
 

Author Comment

by:Identity_reborn
ID: 37022503
Sadly No...
0
 
LVL 18

Expert Comment

by:Garry Glendown
ID: 37022567
So you e.g. do a ping to an inside address of the remote location, and nothing happens on the firewall? No attempt to set up the tunnel? Are you even getting the packets, i.e. is the firewall really your default gateway? Can you set up a packet trace to confirm the packets aren't going to some other place instead?
0
 

Accepted Solution

by:
Identity_reborn earned 0 total points
ID: 37053481
Hi,

Finally got it working.

All I did was, went on all of the sites, did a factory-reset on the ASA devices and loaded them up with exact same configuration (described in the original question). And, tunnels came up magically, with full IP connectivity!!!

Thanks to Garry-G for initial support.

PS: I do not have a scientific explanation, but it works!!
0
 

Author Closing Comment

by:Identity_reborn
ID: 37081711
I do not have a scientific explanation, but it works!!
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question