Hi everyone,
Disclaimer - I do not have much experience with ASA devices so apologies if I've missed something incredibly obvious;
Im currently trying to setup anyconnect on a cisco ASAv (testing for the moment how the config should look like)
I've wiped the config and started from scratch but im not even able to access the ASA web interface - all I get is:
https://192.168.11.68:555 or https://192.168.11.68/admin
All show xyz took too long to respond
ERR_CONNECTION_TIMED_OUT
My pc has the 192.168.11.90 address
The virtual ASA running is with 192.168.11.68 outside interface;
Unless im doing packet tracer tests wrong - all come up with the dropped by implicit rule, np identity ifc - I suppose the global rule I have does not come in effect here -
ciscoasa(config)# packet-tracer input outside tcp 192.168.11.90 62000 192.168.11.68 https detailed
Phase: 1
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
found next-hop 192.168.11.68 using egress ifc identity
Phase: 2
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f9ac0f75ea0, priority=0, domain=nat-per-session, deny=false
hits=778, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7f9ac134b2f0, priority=0, domain=permit, deny=true
hits=768, user_data=0xa, cs_id=0x0, use_real_addr, flags=0x1000, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=any, dscp=0x0
input_ifc=outside, output_ifc=any
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
I also have issue when trying to connect via the ASDM - getting the error "unable to launch device manager";
But the logs from the app don’t show me anything in particular:
OK button clicked
java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method) at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) at java.net.AbstractPlainSocketImpl.connect(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at sun.security.ssl.SSLSocketImpl.connect(Unknown Source) at sun.net.NetworkClient.doConnect(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source) at [sun.net.www.protocol.https.HttpsClient.New](https://sun.net.www.protocol.https.HttpsClient.New)(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at [com.cisco.launcher.s.new](https://com.cisco.launcher.s.new)(Unknown Source) at com.cisco.launcher.s.actionPerformed(Unknown Source) at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.setPressed(Unknown Source) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) at java.awt.Component.processMouseEvent(Unknown Source) at javax.swing.JComponent.processMouseEvent(Unknown Source) at java.awt.Component.processEvent(Unknown Source) at java.awt.Container.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEventImpl(Unknown Source) at java.awt.EventQueue.access$500(Unknown Source) at [java.awt.EventQueue$3.run](https://java.awt.EventQueue$3.run)(Unknown Source) at [java.awt.EventQueue$3.run](https://java.awt.EventQueue$3.run)(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) at [java.awt.EventQueue$4.run](https://java.awt.EventQueue$4.run)(Unknown Source) at [java.awt.EventQueue$4.run](https://java.awt.EventQueue$4.run)(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at [java.awt.EventDispatchThread.run](https://java.awt.EventDispatchThread.run)(Unknown Source)
java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method) at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) at java.net.AbstractPlainSocketImpl.connect(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at sun.security.ssl.SSLSocketImpl.connect(Unknown Source) at sun.net.NetworkClient.doConnect(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source) at [sun.net.www.protocol.https.HttpsClient.New](https://sun.net.www.protocol.https.HttpsClient.New)(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at [com.cisco.launcher.s.new](https://com.cisco.launcher.s.new)(Unknown Source) at com.cisco.launcher.s.actionPerformed(Unknown Source) at javax.swing.AbstractButton.fireActionPerformed(Unknown Source) at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source) at javax.swing.DefaultButtonModel.setPressed(Unknown Source) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source) at java.awt.Component.processMouseEvent(Unknown Source) at javax.swing.JComponent.processMouseEvent(Unknown Source) at java.awt.Component.processEvent(Unknown Source) at java.awt.Container.processEvent(Unknown Source) at java.awt.Component.dispatchEventImpl(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source) at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source) at java.awt.Container.dispatchEventImpl(Unknown Source) at java.awt.Window.dispatchEventImpl(Unknown Source) at java.awt.Component.dispatchEvent(Unknown Source) at java.awt.EventQueue.dispatchEventImpl(Unknown Source) at java.awt.EventQueue.access$500(Unknown Source) at [java.awt.EventQueue$3.run](https://java.awt.EventQueue$3.run)(Unknown Source) at [java.awt.EventQueue$3.run](https://java.awt.EventQueue$3.run)(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) at [java.awt.EventQueue$4.run](https://java.awt.EventQueue$4.run)(Unknown Source) at [java.awt.EventQueue$4.run](https://java.awt.EventQueue$4.run)(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(Unknown Source) at java.awt.EventQueue.dispatchEvent(Unknown Source) at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source) at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at java.awt.EventDispatchThread.pumpEvents(Unknown Source) at [java.awt.EventDispatchThread.run](https://java.awt.EventDispatchThread.run)(Unknown Source)
Trying for ASDM Version file; url = https://192.168.11.68/admin/
java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method) at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) at java.net.AbstractPlainSocketImpl.connect(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at sun.security.ssl.SSLSocketImpl.connect(Unknown Source) at sun.security.ssl.BaseSSLSocketImpl.connect(Unknown Source) at sun.net.NetworkClient.doConnect(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source) at [sun.net.www.protocol.https.HttpsClient.New](https://sun.net.www.protocol.https.HttpsClient.New)(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source) at com.cisco.launcher.y.a(Unknown Source) at com.cisco.launcher.y.if(Unknown Source) at com.cisco.launcher.r.a(Unknown Source) at [com.cisco.launcher.s.do](https://com.cisco.launcher.s.do)(Unknown Source) at com.cisco.launcher.s.null(Unknown Source) at [com.cisco.launcher.s.new](https://com.cisco.launcher.s.new)(Unknown Source) at com.cisco.launcher.s.access$000(Unknown Source) at com.cisco.launcher.s$2.a(Unknown Source) at [com.cisco.launcher.g$2.run](https://com.cisco.launcher.g$2.run)(Unknown Source) at [java.lang.Thread.run](https://java.lang.Thread.run)(Unknown Source)
Trying for IDM. url=https://192.168.11.68/idm/idm.jnlp/
java.net.ConnectException: Connection timed out: connect
at java.net.DualStackPlainSocketImpl.connect0(Native Method) at java.net.DualStackPlainSocketImpl.socketConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source) at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source) at java.net.AbstractPlainSocketImpl.connect(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at sun.security.ssl.SSLSocketImpl.connect(Unknown Source) at sun.security.ssl.BaseSSLSocketImpl.connect(Unknown Source) at sun.net.NetworkClient.doConnect(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.protocol.https.HttpsClient.<init>(Unknown Source) at [sun.net.www.protocol.https.HttpsClient.New](https://sun.net.www.protocol.https.HttpsClient.New)(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at com.cisco.launcher.w.a(Unknown Source) at com.cisco.launcher.s.for(Unknown Source) at [com.cisco.launcher.s.new](https://com.cisco.launcher.s.new)(Unknown Source) at com.cisco.launcher.s.access$000(Unknown Source) at com.cisco.launcher.s$2.a(Unknown Source) at [com.cisco.launcher.g$2.run](https://com.cisco.launcher.g$2.run)(Unknown Source) at [java.lang.Thread.run](https://java.lang.Thread.run)(Unknown Source)
I have tried to edit the exclusions in java security to include the address of the ASA to no avail
Here is the current config if that helps, I havent even added nat (I don’t believe I need it at this point as first I want to find out why I cant access the webpage):
ciscoasa(config)# show run
: Saved
:
: Serial Number: 9A5CX2PA9U0
: Hardware: ASAv, 1024 MB RAM, CPU Xeon 5500 series 3392 MHz
:
ASA Version 9.8(4)32
!
hostname ciscoasa
domain-name ciscoASA
enable password $sha512$5000$2PO4iev/ZhVwHDZjUTpOLQ==$7UZvDMLmDKpkZWW7ovccAQ== pbkdf2
names
no mac-address auto
ip local pool Anyconnect 10.10.30.30-10.10.30.254 mask 255.255.255.0
!
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address 10.10.30.1 255.255.255.0
!
interface GigabitEthernet0/1
nameif outside
security-level 0
ip address dhcp
!
interface Management0/0
management-only
shutdown
no nameif
no security-level
no ip address
!
ftp mode passive
dns server-group DefaultDNS
domain-name ciscoASA
object network obj-Anyconnect-network
subnet 10.10.30.0 255.255.255.0
access-list outside extended permit ip any any
access-list outside extended permit icmp any any
access-list acl_SPLIT-TUNNEL standard permit 10.10.30.0 255.255.255.0
pager lines 23
mtu outside 1500
mtu inside 1500
no failover
no failover wait-disable
no monitor-interface service-module
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-openjre-7131-101.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
arp rate-limit 8192
access-group outside global
route outside 0.0.0.0 0.0.0.0 192.168.11.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
timeout conn-holddown 0:00:15
timeout igp stale-route 0:01:10
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication login-history
http server enable
http redirect outside 80
no snmp-server location
no snmp-server contact
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpoint _SmartCallHome_ServerCA
no validation-usage
crl configure
crypto ca trustpool policy
auto-import
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 0509
……….
quit
telnet timeout 5
ssh stricthostkeycheck
ssh 192.168.11.0 255.255.255.0 outside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl cipher default custom "AES256-SHA:AES128-SHA:DES-CBC3-SHA"
ssl cipher tlsv1 custom "AES256-SHA:AES128-SHA:DES-CBC3-SHA"
ssl cipher dtlsv1 custom "AES256-SHA:AES128-SHA:DES-CBC3-SHA"
webvpn
port 555
enable outside
dtls port 556
hsts
enable
max-age 31536000
include-sub-domains
no preload
anyconnect image disk0:/anyconnect-win-4.9.06037-webdeploy-k9.pkg 1
anyconnect enable
tunnel-group-list enable
cache
disable
error-recovery disable
group-policy gp_Anyconnect internal
group-policy gp_Anyconnect attributes
dns-server value 192.168.11.1
vpn-tunnel-protocol ssl-client
split-tunnel-policy tunnelspecified
split-tunnel-network-list value acl_SPLIT-TUNNEL
default-domain value ciscoASA
webvpn
anyconnect ssl dtls enable
dynamic-access-policy-record DfltAccessPolicy
username admin password $sha512$5000$Mxu7/puUc7yTDgk2DGMlhg==$gKMnlCwocUhsRATjrmmG+Q== pbkdf2 privilege 15
username cisco password $sha512$5000$ul6mbqQIotWXfBrwokk+Uw==$6Q9F7KgQZGVtOU3LhVQXDQ== pbkdf2 privilege 15
tunnel-group prof_ANYCONNECT type remote-access
tunnel-group prof_ANYCONNECT general-attributes
address-pool Anyconnect
default-group-policy gp_Anyconnect
tunnel-group prof_ANYCONNECT webvpn-attributes
group-alias ciscoASAanyconnect enable
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
no tcp-inspection
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [callhome@cisco.com](mailto:callhome@cisco.com)
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
profile License
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination transport-method http
Cryptochecksum:deaafa9e857956c3c2f8a64eff1a15c0
: end
ciscoasa(config)#
Its not licensed but I believe I should still be able to have up to 2 anyconnect clients if im understanding it right?
ciscoasa(config)# show ver
Cisco Adaptive Security Appliance Software Version 9.8(4)32
Firepower Extensible Operating System Version 2.2(2.138)
Device Manager Version 7.13(1)
Compiled on Mon 16-Nov-20 12:53 PST by builders
System image file is "boot:/asa984-32-smp-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 12 hours 23 mins
Hardware: ASAv, 1024 MB RAM, CPU Xeon 5500 series 3392 MHz,
Model Id: ASAv5
Internal ATA Compact Flash, 1024MB
Slot 1: ATA Compact Flash, 8192MB
BIOS Flash Firmware Hub @ 0x0, 0KB
0: Ext: Management0/0 : address is 000c.298f.6350, irq 10
1: Ext: GigabitEthernet0/0 : address is 000c.298f.635a, irq 5
2: Ext: GigabitEthernet0/1 : address is 000c.298f.6364, irq 9
License mode: Smart Licensing
ASAv Platform License State: Unlicensed
No active entitlement: no feature tier and no throughput level configured
*Memory resource allocation is more than the permitted limit.
Licensed features for this platform:
Maximum VLANs : 25
Inside Hosts : Unlimited
Failover : Active/Standby
Encryption-DES : Enabled
Encryption-3DES-AES : Enabled
Security Contexts : 0
Carrier : Disabled
AnyConnect Premium Peers : 2
AnyConnect Essentials : Disabled
Other VPN Peers : 50
Total VPN Peers : 50
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
Advanced Endpoint Assessment : Disabled
Shared License : Disabled
Total TLS Proxy Sessions : 2
Botnet Traffic Filter : Enabled
Cluster : Disabled
Serial Number: 9A5CX2PA9U0
Image type : Release
Key version : A
Configuration last modified by enable_15 at 13:00:49.789 UTC Wed Apr 7 2021
ciscoasa(config)#
If anyone has any suggestions/advice what to check or configure, it would be much appreciated.
Thank you!