An Assignment And Study On Networking Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Network layer and routing process router consults a list of terms to transfer the incoming packet. Rules if they meet certain criteria (such as source and destination) should be empowered to obtain the desired effect.

If one is presented to the reader, the reader to send reference data, usually numbers, control panel, which is a very reliable processor. The control panel compares the number of references access control lists, grants or denies the request show, and send transaction log database. If access is denied on the basis of an Access Control List, the door remains locked. If a match between the credentials and access control lists, control relays, this in turn unlocks the doors. The control panel is not the signal from the door to prevent an alarm. Often the reader provides feedback, such as a flashing red LED denied and a flashing green LED granted access.

The above description illustrates a single factor business. Authority to be transferred into the area, the undermining of the Access Control List. For example, Alice is a right of access to space for servers, but not Bob. Alice now gives Bob her diploma or Bob takes, he can now access the server space. To prevent this, two-factor authentication can be used. In two-factor credential transaction and presented the second factor is required for access, another factor in a PIN code, the second reference, without operator intervention or biometric input.

There are three types (factors), the authenticity of the information:

Something the user knows, such as a password, pass-phrase or PIN

Something the user has, such as smart cards

While the user such as fingerprints, biometric measurements are investigated

Passwords are a common tool for verifying the identity of the user before access is given to information systems. In addition, the fourth factor authentication is now considered: one where you know the other person know that you provide the human factor authentication in situations where the system is set up for such scenarios. For example, a user password, but have forgotten their smart card. In such a scenario, if the user is the successful generation of the cohort to their smart cards and passwords present along with the existing factor of user problems and thus provide the user with two elements missing references, and three common factors to access get.

User authentication

Authentication is a security feature that allows administrators to control user access to the network .Network operating systems, including tools that enable administrators to restrict user-defined options and how and when they can log into the network numbers. Have the password complexity requirements, login, and logon location choices, such as remote login. In the user login, file system access control and user permissions determine which users can access the network and network user can perform actions (such as shutting down the system)

There are two ways to restrict access to documents: either the host name used by the browser, or require a username and password. The former can be used, for example, limiting the use of corporate documents. However, if people are allowed to access the files public float or the server administrator must be able to control access on an individual basis, may require a username and password, and then may have access to a file. This is called user authentication.

Establishing the identity of the user is in two steps: First, create a folder with your username and password. Second, to tell the server what resources need protection and that users are able to (enter a valid password) to access them.

User Authentication is the identification of users and user authentication allow access to certain restricted services, for example, the user must be identified as a student to get the performance of her, the user should be recognized as members of Colombian society to have access to the Oxford English Dictionary on-line users should be recognized as the system administrator can access files on network management, Colombia.

When connected to a network computer in your account, you can verify that your license

Colombia to use computational resources, and also have a user who is

A specific set of resources (files, email, etc.) to give the correct username and password.

Columbia site, you will find several different authentication methods. The two most common are. HT Access files (used to restrict access to the Colombian security server) and air (for remote user authentication application, Colombia).


A hardware device or Firewall software or a network or computer and then rejects them or forward packets based on a set of rules to the packet inspection. A firewall is hardware configured with two or more network interface is usually placed between the corporate LAN and WAN links. ISP WAN link, the city and other corporate LAN, or partner organization can connect to the network. The type of firewall you use and how you have configured WAN link located on the other side of the set by. A software firewall installed on the computer or server and just keeps all packets entering or leaving the computer. Based on predefined rules, the packets are discarded or sent to the OS.

A Firewall helps protect your computer anymore. The knowledge that comes with your computer from other computers, giving you more control over your computer with data and / or persons (including viruses and worms) to program your computer without invitation that want to protect online link restrictions against the motion.

A firewall is a barrier to the knowledge of Czech (often called traffic) coming from the internet or network and then turning it off or turn on your computer through your firewall settings twelve agree with, can idea because of it.

A firewall is a computer system or network that blocks unauthorized access to the official communication to enable her. It allows a device or devices or networks based on the set of rules and other criteria are configured to broadcast a series of rejection.

Either hardware or software firewall, or both together to implement. Firewalls often linked to the Internet to private networks, intranets, realizing used especially to prevent unauthorized Internet users are. All entries or firewall, each message and those who meet the specified security criteria blocks out the message through the inspection intranet.

There are various types of firewall systems:

1. Packet filter: packets going through each network packet filtering and inspection accept or rejects on the basis of user-defined rules. While it is difficult to configure, it is quite effective and transparent largely to its users. It is disposed to IP deceiving.

2. Application gateway: N / FTP and Telnet server as a safety net for specific applications. It is very effective, but can introduce performance degradation.

3. Circuit-level gateway: UDP or TCP connection has been established to implement security. Connection, you no further flow of packets between the host can see.

4. Intercepts all messages entering the network, except the proxy server. Proxy server successfully hides.

Virus Protection

In connection to the Internet on existing networks, for viruses is a constant threat. Users download the programs bring disks from home, and open email attachments. All these reactions are normal computing activities, but can also carry viruses to the network. A virus is a program to replicate itself to other programs or documents distributed. Its sole purpose is to run the computer or network by deleting or corrupting files, formatting disks or discomfort large amounts of computer resources.

To prevent the spread of the virus, each desktop and server antivirus software is running. Most anti-virus software will detect and prevent worms. A virus scanner should be used in memory, so that any program or document file being accessed must be scanned. Documents to be controlled by the type of document can contain macros, and server run antivirus software that each file read or write from and to the scan driver server. If a server has been infected by other users requested file through the network, the virus can spread through the network in seconds.

Viruses and worms that spread via email attachments each day for years. It is easy to avoid just do not do this; open the e-mail attachments sent from someone you do not expect a message. Even if you know the sender, please note: you can use malware, programs, email, address book and send messages, what you think the message is safe. Most virus scanners actually see a virus or worm in an email, and often delete the attachment before ever reached in your position, but if the virus is very new, could not be detected.

Accessing the Internet

There are several ways to access the internet such as NAT, proxy server, routing and Firewalls, etc. Amount then proxy server is the best way for internet access because it has security, internet security and acceleration server.

Networks, a proxy server (or software application), which acts as an intermediary to requests of customers who are looking for resources from other server. Client connects to a proxy server; ask for some services, such as a file, connection, Web site or other means to another server. Proxy Server will assess applications according to your filter. For example, you can filter traffic to IP addresses or protocols. If the application is verified by the filter, proxy servers and provide resources to the appropriate services on behalf of a client calls. Optional proxy server capacity change in response to an application client or server, and sometimes he uses the power of the request and not contact the server. In this case, 'Cache' in response to a isolated server and return the application directly to the same content.

Content filtering proxy server typically supports user authentication for Internet Access Management. In addition, normally produces logs, or to provide detailed information on the site, access to certain users or monitor bandwidth usage statistics. He also said that the Foundation daemon and / or ICAP antivirus software to ensure that, prior to entering the network by scanning incoming content in real time for viruses and other malicious software security.



When we arrived the user office, at that time we shot some questions:

Have you installed the network equipment recently?

If yes, we need to check the driver, we think, the problem would come from driver or device because we also know that if we want to install the new hardware device we need to install the device's driver correlative. The driver must be flexible with the device

Check the connection icon from the taskbar, is it Enable or Disable?

Did you enter your account and password correctly?

If not sure, we'll advise you retry to log on again. Because we though, may be the user open the Caps Lock or Num Lock from the keyboard she didn't observe. After retry 3 or 4 times. The user still can't log on to the e-mail. We can sure that the problem was not from it.

Does this problem happen all the time or just only happen during specific times?

If it's not all the time just only happen that problem during specific times. We'll check the NIC, is it works correctly.

Click start menu bar and type cmd command.

Type ping command (ping for testing the connection is it good or bad of NIC.

After getting the info NIC work correctly, keep on checking IP Address, DNS and Default Gateway.


There are several firewall model and firewall company in the world

Rack-mountable - 1U, AC 120/230 V, 2 ports

Until now, organizations have focused on network perimeter security. However, many of today's attacks are introduced from inside the network. Laptops, PDAs and other network devices and every day, making it possible for legitimate users to infect the network or unwittingly allows hackers access to the network via a Trojan horse or spyware. For example, many worms propagated through the network after being introduced from an internal source. Once a single network device has infected the whole network can be affected very quickly. Rapid spread of worms, often called "flash" worms "or" Blitz ", can spread worldwide in minutes! With such costly threats becoming more widespread, organizations have realized that they offer better protection from worm attacks, the threat of unauthorized access and attacks on your internal network. Check Point Interspecta is an internal security gateway that blocks the spread of worms and attacks inside the network and provides network zone segmentation. Based on Check Point's proven security technologies: Check, Stately inspection and enforcement of Intelligence, and SMART (Security Management Architecture), Interspect is built specially for internal network security.

Device Type Firewall

Height (Rack Units) 1U

Width 16.7 in

Depth 21.5 in

Height 1.7 in

Weight 27.1 lbs.

Localization United States


Form Factor Rack-mountable

Ports Qty: 2

Connectivity Technology Wired

Data Transfer Rate 200 Mbps

Data Link Protocol Ethernet, Fast Ethernet, Gigabit Ethernet

Remote Management Protocol HTTP

Features Firewall protection, VLAN support, Stateful Packet Inspection (SPI), manageable, Fail-Open NIC (FON)

Expansion / Connectivity

Interfaces 1 x management 2 x network - Ethernet 10Base-T/100Base-TX/1000Base-T - RJ-45


Power Device Power supply - internal

Voltage Required AC 120/230 V (50/60 Hz)

Power Provided 320 Watt

Manufacturer Warranty

Service & Support 1 year warranty

Service & Support Details Limited warranty - 1 year New releases update - 1 year

Universal Product Identifiers

Brand Check Point Software Technologies

Part Number CPIS-INSP-210N-US

Rack-mountable - 4U, AC 120/230 V, max RAM: 8 GB, 8 ports

Cisco ASA 5580 Series with a throughput of the leading security solution, the industry's highest rate connections, much larger by this media-rich enterprise data center and Internet gateway, the excessive behavior and latency-sensitive applications designed to configure the policy interests, and a very low latency. This makes it very convenient tool for the safety of most voice, video and data backup, scientific or grid computing, and demanding applications such as financial trading systems to the needs of the organization.

Device Type Security appliance

Height (Rack Units) 4U

Installed Modules Qty (Max) 2 (6)

Width 19 in

Depth 26.5 in

Height 6.9 in

Weight 65.9 lbs

Processor / Memory / Storage

RAM Installed (Max) 8 GB

Flash Memory Installed (Max) 1 GB


Form Factor Rack-mountable

Ports Qty 8

Connectivity Technology Wired

Data Link Protocol Gigabit Ethernet

Network / Transport Protocol IPsec

Performance Firewall throughput: 6.5 Gbps VPN throughputs: 1 Gbps

Capacity Concurrent sessions: 1000000 IPsec VPN peers: 5000 Virtual interfaces (VLANs) : 100 SSL VPN peers : 2 Security policies : 2

Features Firewall protection, VPN support, load balancing, VLAN support

Encryption Algorithm DES, Triple DES, AES

Expansion / Connectivity

Expansion Slots Total (Free) 6 (4) x expansion slot

Interfaces 2 x management - Ethernet 1000 2 x Hi-Speed USB - 4 pin USB Type A 1 x management - console - RJ-45 8 x network - Ethernet 1000


Compliant Standards CE, FCC Class A certified, CISPR 22 Class A, EN 60950, EN 61000-3-2, VCCI Class A ITE, IEC 60950, EN 61000-3-3, EN55022 Class A, UL 60950, CSA 22.2 No. 60950, FCC Part 15


Power Device Power supply - hot-plug / redundant - plug-in module

Installed Qty 2

Max Supported Qty 2

Voltage Required AC 120/230 V ( 50/60 Hz )

Power Provided 800 Watt

Environmental Parameters

Min Operating Temperature 50 °F

Max Operating Temperature 95 °F

Humidity Range Operating 10 - 90%

Universal Product Identifiers

Brand Cisco Systems

Part Number ASA5580-20-8GE-K9

GTIN 00882658201486

Cisco ASA 5550 Firewall Edition Bundle-security appliance

Rack-mountable - 1U, AC 120/230 V, max RAM: 4 GB

The Cisco ASA 5500 Series Firewall Edition enables businesses to securely deploy mission-critical applications and networks is a highly reliable manner, while significant investment protection and lower operating costs through a unique, modular design. A business in order to protect networks from unauthorized access is the best policy for the Cisco ASA 5500 Series Firewall Edition of police services. These services combine the industry-leading VPN services to enable businesses to securely extend their networks across low cost Internet connections to business partners, remote offices and mobile workers. This flexible solution can adapt as the needs of an organization develops an ever-changing landscape of security threats to businesses the ability to easily integrate market-leading intrusion prevention, antivirus, antispam, anti-spyware, URL filtering, and other advanced content security services for additional layers of protection. Combined with Cisco management and monitoring solutions, the Cisco ASA 5500 Series Firewall Edition is a world-class safety lower operating costs..

Amount 3 firewall I suggest you use this one .


Device Type Security appliance

Height (Rack Units) `1U

Width 17.5 in

Depth 13.2 in

Height 1.7 in

Weight 22 lbs

Processor / Memory / Storage

RAM Installed (Max) 4 GB

Flash Memory Installed (Max) 64 MB flash


Form Factor Rack-mountable

Connectivity Technology Wired

Data Link Protocol Ethernet, Fast Ethernet, Gigabit Ethernet

Network / Transport Protocol IPsec

Performance VPN throughput: 425 Mbps Firewall throughputs: 1.2 Gbps

Capacity SSL VPN peers: 2 IPsec VPN peers: 5000 Virtual interfaces (VLANs) : 250

Features Firewall protection, VPN support, load balancing, VLAN support, High Availability

Encryption Algorithm DES, Triple DES, AES, SSL

Expansion / Connectivity

Expansion Slots Total (Free) 4 (4) x SFP (mini-GBIC) 1 memory

Interfaces 8 x network - Ethernet 10Base-T/100Base-TX/1000Base-T - RJ-45 1 x network - Ethernet 10Base-T/100Base-TX - RJ-45 1 x serial - auxiliary - RJ-45 2 x Hi-Speed USB - 4 pin USB Type A 1 x management - console - RJ-45


Compliant Standards CE, FCC Class A certified, CISPR 22 Class A, EN 60950, EN 61000-3-2, UL 1950, VCCI Class A ITE, IEC 60950, EN 61000-3-3, CSA 22.2 No. 950, EN55022 Class A, ACA TS001, AS/NZS 3260, FCC Part 15


Power Device Power supply - internal

Voltage Required AC 120/230 V (50/60 Hz)

Environmental Parameters

Min Operating Temperature 32 °F

Max Operating Temperature 104 °F

Humidity Range Operating 5 - 95%

Universal Product Identifiers

Brand Cisco Systems

Part Numbers ASA5550-BUN-K9, ASA5550-K8

GTIN 00882658096334


Accessing the WWW

HTTP client using a random port above port 1023 on the client computer, and normally connect to the Transmission Control Protocol (TCP) port 80 web server. When more security and encryption are required, Secure Sockets Layer (SSL) can be configured on a Web server to encrypt all data transmitted between client and server. When SSL is conducted, a Web server typically accepts connections on TCP port 443 instead of TCP port 80

Configuring a firewall-members

Inbound rules are necessary only if the host Web server that is available on the Internet. Firewall policy to ensure that access to the Web server is limited to only HTTP or HTTPS connections. The table shows the firewall are required to provide access to the Web server internal IP address of from any client on the Internet. The table assumes that the firewall is used to reject all except those specified methodology, which means that if a firewall receives traffic for a protocol that is not on the list of firewall, the firewall is abandoned.

Table - the firewall to access internal web server

Transport Protocol

Source Protocol

Source IP

 Target IP Target Port

Port Action

HTTP TCP Any Any Allow 80

HTTPS 443 TCP Any Any Allow

Web access is the most common form of traffic through the firewall for an organization. Two commonly used to access the Web as Microsoft Internet Explorer and Firefox. From the perspective of a firewall, it does not matter which browser you use, because the two browsers use the HTTP or HTTPS (Secure HTTP) protocol.

Except for the landing approach, chances are good that your network users want to access web resources on the Internet. The table shows the firewall that are necessary for the firewall to allow internal network users to the network to access the Web server on the Internet using HTTP or HTTPS.

If the web server on the Internet using anything other than the default TCP ports 80 and 443, a firewall rule to prevent internal users from accessing these Web resources. It includes all the fresh content such as chat, video and audio streaming, which could be integrated into the website.

Instant Messengers and chat room

Instant messaging (IM) is a form of real-time online text-based communication of two or more people who use personal computers or other devices commonly used software customers. The text of the user sends to the network, such as the Internet. More advanced instant messaging client software also supports the enhanced communication mode, such as real-time voice or video calls.

Online chat and instant messaging, such as e-mail communications and other technologies as perceived by the user real-time chat simultaneously are occurring different. Some systems allow you to send a message to the present there is no "connection" (offline message), thereby eliminating the instant messaging and e-mail between the different (often by some of the relevant e-mail account to send messages to complete.)

Receive real-time directly or reply by allowing effective and efficient communication. In many cases, including instant messaging capabilities, you can make more and more popular. For example, users can see each other, or to speak freely with the camera, directly in the use of a microphone and speakers or headphones Internet access. Many programs allow clients to transfer files as well, although it is usually caused by file size limit allowed.

Can usually be saved for future reference conversation text. Instant messaging is usually connected to local history information and makes it similar to the persistent e-mail.

Every modern instant messaging services are generally provided to customers, both individually installed software, or browser-based client. It is a service company is usually only work, but allow some limited functionality with other services. There is also a third-party client software application connects most major IM services. Is Adium, Digsby, Meebo, and Miranda IM, Pidgin, Qnext, Saab Messenger and Trillian is simple, but very few.

Standard free instant messaging applications offer features like file transfer, contact lists, while the possibility of conversation, etc., that may be all of the features that the needs of small businesses, but larger organizations require more complex applications that can work together . Finding solutions for applications that use the corporate version of the applications for instant messaging. These include titles such as XMPP, Lotus also Microsoft Office Communicator, etc., which are often integrated with other enterprise applications such as workflow systems. These business applications, or Enterprise Application Integration (EAI), are based on certain restrictions in order to store data in a uniform format.

Most attempts to create just one expression of the largest, to transfer the IM (AOL, Yahoo and Microsoft) has failed, and each of them continues to ninth protocol exercise of his power.

But as was discovered, the proposed IETF, Reuters agreed to precentor the first set seal connecting services in September 2003. In this article designed and enabled MSN Messenger ICQ users to speak with someone Reuters Messaging, pro-versa. Consequently, Microsoft, Yahoo and AOL solution to arrive, even with Microsoft Live Communication Server 2005 users that he has spoken to the ears of users of Instant Messaging. Agreement for arbitration by SIP, simple, protocol interoperability fee listed and connection to public appointed to join the snow message. Separated, October 13, 2005 was reported to Microsoft Yahoo to three quarters of 2006, working on SIP: simple, followed, in December 2005, and in our scholarship that has AOL Google's Google Talk users will be able to speak "The aim and users of ICQ, which she kept for a reason.

There are two behaviors to association many different protocols:

One possibility for the IM client application to combine several different protocols.

Another method of application server settings to combine many different protocols. The approach to communicating with the server to change the role of other services. Customers do not know or care about other IM protocols can. For example, LCS 2005 public IM connectivity. These approaches is very popular in XMPP server, but the so-called reverse engineering of transportation projects on or off any other protocol formats involved with the project, like are prone to problems.

Some approaches allow companies to offer their own instant messaging network to be created, providing limited access to the server (often their system as a whole in the firewall) and the management of user rights. Other communications companies, users can connect both inside and outside the corporate LAN via a secure protocol HTTPS firewall friendly. Typically, a company focused on the chat server has some advantages, such as pre-populated contact lists, integrated authentication and improve security and privacy .Example, Trillian had a few corrections and modifications to release its users access to MSN, AOL, Yahoo and networks, after changes to these networks. Major IM providers typically cite the need for formal agreements and security concerns as reasons for these changes.

Use proprietary protocols have meant that many IM networks were incompatible, and people were able to reach friends in other networks. He paid dearly for instant messaging format.

The main purpose of a chat room to share with other user groups through text messages. In general, people in the same session the ability to distinguish between talking to chat instant messaging program, which are more typical one-on-one communication design rooms. During a particular chat room users are generally connected through a common interest or other similar connections, and there is a wide range of topics chat room dining. The new technology allows the sharing of files and network cameras used in some programs.

Some people who visit chat rooms use them as a place to experience online sex, pornography, or computer network known love. Although there is no body to see your partner, you will find exciting descriptive text.

Many Internet users can chat and instant messaging display or send your own photos and users can choose to exchange pictures of nudity or sexual activity. This has led to the sexual exploitation of minors' potential concern.

Chat rooms usually have stringent rules that require users to follow in order to preserve the integrity and security for its users. In particular, in rooms for children, the rules generally do not allow users to use offensive language or promote hate mail, violence and other negative factors. Also chat rooms often do not allow advertising in their rooms or flooding, which always fills the screen with repetitive text. Input from the Caps Lock is usually considered shouting and is not recommended.

Sometimes the chat centers are moderated either by limiting who is allowed to speak (not often), if you have comments approved by moderators (often represented as a visitor to ask questions or celebrity), or by having moderation volunteers patrol the place to look for disruptive behavior or otherwise undesirable.

However, the most commonly used chat rooms are not moderated and users can type what they personally choose to send.

E mail Usage policy

Use the [company name] Personal E-mail is permitted and encouraged to support such purposes and commercial use.

However, the [company name] has e-mail policy that employees should ensure that it:

-Compliance with applicable laws.

-In a way acceptable to use e-mail.

-Do not create unnecessary business risk of the company by their misuse of the Internet.

Unacceptable behavior

-telecommunications company to set up personal businesses or send chain letters.

-Business confidential information is sent to an outside location.

-Distribution, transportation or storage of images, text, or may be deemed indecent, obscene, pornographic or illegal content.

-Distribution, transportation or storage of images, text or content is considered discriminatory, abusive or insulting, in that respect is a personal attack, sexist or racist, or may be considered harassment.

-Access method, which is a violation of copyright, copyright information.

-Company or other organization stormed the system or unauthorized password / email use.

-Broadcasting in the social, political, religious or other business related matters unsolicited personal views.

-Send unsolicited commercial or advertising content.

-Activities, deliberately wasting staff effort or network resources.

-Introduction to the corporate network to any computer virus or malware in the form.


[Business Name] agreed to use e-mail is a valuable business tool. However, to exploit this potential, negative impact on employee productivity and company reputation.

In addition, the company E-mail all the resources for commercial purposes. What systems the company the right to review and examine all records in the system data.

To ensure that this policy, the company also reserves the right to use monitoring software to evaluate the use and e-mail by subject. This is the only legitimate purpose of monitoring is carried out in accordance with procedures approved by staff.


Employees who feel that is consistent with this policy, they will face disciplinary procedures of the Company. If an employee was found to violate standards, they face penalties from verbal warning to termination. Factor depends on the actual application of sanctions, such as the seriousness of the breach and employee disciplinary records. The procedures are specific to your business. They should reflect the normal operating procedures and penalties yours. You should bring this from the beginning, including the right to use your strategy.


All employees, contractors and temporary workers, who have the right to use e-mail services company, to sign a contract to confirm understanding and acceptance of this policy.


Select Local Mode (Debug this system)

Click Next button. The table will appear below.

Select IPV4

Enter Remote Name

Select Non IPsec Parameter's checkbox

Click the Start Diagnosis button to start Diagnosis

-----------Local Mode Diagnosis: Start - 2010/11/16(01hr:14min:42sec)-----------

Log Location: C:\Users\MYOAUNG\AppData\Roaming\IPSecureLogs\LocalMode2010-11-16(01hr-14min-42sec)

Local IP:, Remote Machine:

System Info:

--Passed: System information(software, hardware, active processes, active network connections) collected. View Output Logs for details

Network Interface Diagnosis:

--Passed: Network Interface configured correctly

Ping (Remote Reachability) Diagnosis:

Passed: Remote machine,"", is reachable from host

NAP Client Diagnosis:

NAP client is active and running. NAP logs collected.

IPsec Service Diagnosis:

--Passed: IPsec services are up and running

----BFE up and running

----IKEext/Policy agent up and running

Live Debugging: Start

WFPUtil Diagnosis:

(If you did not repro the issue while the tool was running, ignore WFPUtil Diagnosis)

This Diagnosis report is for negotiation between host and

Failed: No IKE negotiations found between Host machine and This could be because:

--1.Wrong value was entered for the Desitnation IP Address (Client2 IP)

--2.Wrong log was provided

--3.IPSec is not monitoring traffic between Host machine and

Live Debugging: End

IPsec SA, Filter Diagnosis:

--Failed: No Main mode SA exists between and

--Failed: No Quick mode SA exists between and

--Information: No Legacy MM policies applied on this system

--Information: No active IKEEXT rule was found on this system

--Failed: No policies on this system

--Information: No legacy MM outbound filters between exist between and

--Information: No Legacy MM inbound filters between exist between and

-----------Local Mode Diagnosis: End - 2010/11/16(01hr: 15min: 18sec) -----------

Select the Non IPsec Parameter's check box and then click the Start Diagnosis button to run.

-----------Local Mode Diagnosis: Start - 2010/11/16(01hr:40min:13sec)-----------

Log Location: C:\Users\MYOAUNG\AppData\Roaming\IPSecureLogs\LocalMode2010-11-16(01hr-40min-13sec)

Local IP:, Remote Machine:

IPsec Service Diagnosis:

--Passed : IPsec services are up and running

----BFE up and running

----IKEext/Policy agent up and running

Live Debugging: Start

--Information: Enabling RRAS Trace

WFPUtil Diagnosis:

(If you did not repro the issue while the tool was running, ignore WFPUtil Diagnosis)

This Diagnosis report is for negotiation between host and

Failed: No IKE negotiation found between Host machine and This could be because:

--1.Wrong value was entered for the Desitnation IP Address(Client2 IP)

--2.Wrong log was provided

--3.IPSec is not monitoring traffic between Host machine and

Live Debugging: End

RRAS Diagnosis:

--Passed: RRAS is switched off, implying no external policies

--Information: Disabling RRAS trace that was enabled during live debugging.RRAS logs copied.

Registry and Events Diagnosis:

--Passed: System, Application and Security event logs collected

Windows Firewall Diagnosis:

--Information: Firewall is active

IPsec SA, Filter Diagnosis:

--Failed: No Main mode SA exists between and

--Failed: No Quick mode SA exists between and

--Information: No Legacy MM policies applied on this system

--Information: No active IKEEXT rule was found on this system

--Failed: No policies on this system

--Information: No legacy MM outbound filters between exist between and

--Information: No Legacy MM inbound filters between exist between and

-----------Local Mode Diagnosis: End - 2010/11/16(01hr: 40min: 26sec) -----------

Reference From:



Networking Essentials (Fifth Edition)