Renewed Cert on ASA, Upgraded from AnyConnect 2.5 to 3.1

We had been running AnyConnect 2.5 against our ASA and the Cert on our ASA Expired. the 2.5 Client (and all of the iPad Clients) had a way of saying, its cool, connect anyway if the Cert is not valid.
I finially got around to renewing the cert on the ASA. We have an Internal CA that I renewed it against. So if the CA's Cert was not installed in your trusted Cert Store you would get an error. Many Clients can Connect just fine with the new 3.1 client, Auto-upgrade, etc (besides it lopping off the /vpn from the connection URL)
We have a few of the clients that cannot connect. they get an error like:
The certificate on the secured gateway is invalid. A VPN connection will not be established
They have the CA's Root Cert installed in their trusted Cert Store. The Cert on the ASA has the proper CN, and Expiration date, so that should not be the issue.
When I look in the Syslog I see:
%ASA-7-725008: SSL client outside-interface:<Client Public IP>/50088 proposes the following 8 cipher(s).
%ASA-6-725001: Starting SSL handshake with client outside-interface:<Client Public IP>/50088 for TLSv1 session.
%ASA-7-710005: TCP request discarded from <Client Public IP>/50089 to outside-interface:<ASA Public IP>/443
%ASA-6-106015: Deny TCP (no connection) from <Client Public IP>/50089 to <ASA Public IP>/443 flags FIN ACK on interface outside-interface
%ASA-7-710005: TCP request discarded from <Client Public IP>/50089 to outside-interface:<ASA Public IP>/443
%ASA-6-106015: Deny TCP (no connection) from <Client Public IP>/50089 to <ASA Public IP>/443 flags PSH ACK on interface outside-interface
%ASA-6-725007: SSL session with client outside-interface:<Client Public IP>/50089 terminated.
%ASA-4-113019: Group = SSL-VPN, Username = <userID>, IP = <Client Public IP>, Session disconnected. Session Type: SSL, Duration: 0h:00m:31s, Bytes xmt: 9787, Bytes rcv: 3991, Reason: User Requested
%ASA-6-716002: Group #%cLt#%SSLVPNGrpPolicy> User #%cLt#%<UserID>> IP #%cLt#%<Client Public IP>> WebVPN session terminated: User Requested.
%ASA-6-725002: Device completed SSL handshake with client outside-interface:<Client Public IP>/50089
The other Interesting thing is in ADSM when I monitor the VPN Connections, All of the Trouble users show up in the "Clientless SSL VPN/Clientless" Section, where as the users that work fine are all in the "SSL VPN Client/WithClient" section. Though all of the ones in the
"SSL VPN Client/WithClient" section have 'Clientless SSL-Tunnel DTLS-Tunnel' as the Protocol.
We have completely removed AnyConnect and Manually installed the Client.
We have connected to the ASA's SSLVPN URL and had it install the Client.
All the same result. It Connects, Asks for a Username/Password, Displayes the Warning Banner to accept, checks for pgrads, then on the Establishing VPN comes up with the Server's Certificate is invalid.
Is this a NAT/PAT issue on the remote end?
Any Suggestions for these guys?
Thank you,
Scott<-

AnyConnect 3.1 is a significant upgrade, even over 3.0.
Over 3.0 it adds an enhanced GUI (common between Windows and Mac), NAM enhancement, crypto suite B enhancements, HostScan/Posture performance enhancements, IPv6 support, better untrusted certificate handling, plug-in component tiles, etc.
3.0+ offers IPSec VPN client as opposed to SSL VPN.

Similar Messages

Cisco ASA Upgrade from 7.0(8) to 8.2(1)

Hi, i need to upgrade my 5510 ASA from 7.0(8) to 8.2(1) ( Please note its different query from my last thread)
what i found online is i will have to do this upgrade in sequence, that is
7.0.x -> 7.2.x --> 8.0.x --> 8.2.1
is that correct?
or i will go to 7.1.x first? like this
7.0.x--> 7.1.x -> 7.2.x --> 8.0.x --> 8.1.x--> 8.2.1
Please guide, Also i am assuming, reboot required after every upgrade right?

ok, i found something on another Cisco document. that is what i thought
To ensure that your configuration updates correctly, you must upgrade to each major release in turn. Therefore, to upgrade from Version 7.0 to Version 8.2, first upgrade from 7.0 to 7.1, then from 7.1 to 7.2, and finally from Version 7.2 to Version 8.2 (8.1 was only available on the ASA 5580). "

SSL cert on ASA 5512 from Thwate or Digitcert

I ran into the issue when I install SSL123 cert from Thwate . I did not have issue with SSL cert from DIgitcert- their process and steps are simple and using better encryoption - SHA256. Compare to Thwate - their support did not let me use SHA2 and I had to use SHA1 - according to some organisation SHA1 will be retired soon
Let me explain how to install SSL123 from Thwate into ASA 5510- you can follow their instruction - but generate CSR with 2048 - with 4096 did not work .Once you apply into their portal use SHA1 ( SHA2 did not work ) . Before you get email with their CA - install Root and Secondary intermidiate certificate - located in their website . After you get email with the new cert - you can install under Idendity certificates where still says pending .Note - there are CSR checker tools - before you apply it into CA _ google CSR checker - make sure your CSR does not have any errors
Note - When you install each certificate - trustpoint association could be in different order - example - ASDM_trustpoint0 , ASDM_trustpoint1 , ASDM_trustpoint2 etc . If you use the same ASDM_trustpoint0 for all certs- root , intermidiate and signed certificate - Did not work and you are getting ERROR - :Failed to parse or verify imported certificate
here is the link you can follow - https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO16141&actp=search&viewlocale=en_US&searchid=1429125296765
Finally you can check your SSL cert - google SSL checker to see if your chain as good all the way and what need to be fixed

First of all, you don't need the server names in the cert if your Exchange urls are configured to a load balanced url. Going forward, you will not be able to get a certificate from 3rd party with internal urls (server fqdn) in it.
When you export the certificate from CAS1, make sure that you include the private key as well (there will be a check box to tick) and import it back on CAS2.
If not, you can just import the certificate into CAS2 by selecting Import Exchange certificate in EMC and select the 3rd party cert (just like you imported on CAS1).
Yes, you need the certificate on both servers, otherwise you will get certificate errors on clients (assuming that there is some form of load balancing in place - NLB or hardware).

Advice on upgrading ASA 5510 from version 8.4(4)1

Hello all,
Due to an issue we need to upgrade our ASA. Cisco Support team recommended upgrading to version 8.4.7, but, as we'll upgrade, we'd like to upgrade to version 9.
We still use Cisco VPN Client for Remote Access VPNs so I'd like your advice on which version to install on ASA.
Would you recommend version 9.0.3? 9.1.X?
Thanks in advance,
Igor

We have a pretty huge ASA and ASASM complex, and we are just about finished upgrading from an assortment of 8.4.x, 8.5.x, and 8.6.x installs to 9.1.3 on everything. There is one gotcha on some systems in that there is a file system change or some sort of bug that is fixed in 8.4.5 I think. So you _may_ have to first upgrade to a newer version (8.4.7 would work) before going to 9.1.3.
Our Cisco team has recommended going to version 9.x, and this is supported by recent tickets I've had on our stuff still running on 8.x, as the TAC engineer often says we need to upgrade to version 9.
Four our setup, we had some fatal bugs in 8.4.6 and 8.4.7 that kept us running 8.4.5 for a very long time on some equipment.
Anyway, I would recommend going to 9.1.3, which is one removed from the recently recleased 9.1.4. Our AnyConnect VPN complex has been on 9.1.3 for a few months now with no issues. Be sure to read the release notes thoroughly as 9.x changes some command contexts, new features, etc.
Graham

After upgrading from ASA 8.2 to 9.1(2) not able to get web site

Dears,
ASA Version has been upgraded from 8.2 to 9.1(2). Since then, website is not accessible from outside.
Diagnosis:
Many web sites are deployed behind the ASA. When anyone accesses website from outside, the following error is reported: The page cannot be displayed. No issues have been reported with any other websites.
In the ASA, two different public subnets are in use in order to allow accessing the website from the public domain. No issues have been reported so far with the first subnet. The website is mapped to a public address in the second subnet. When the website is mapped to an IP address in the working subnet, the website is accessible from outside. As a workaround, this is applied and the website is up and running.
As the website is working fine with the second subnet, NAT and ACL configuration is fine. We have turned on logging in the ASDM, but no traffic was observed on the ASA for the non-working subnet. On the other hand, the traffic was noticed on the ASDM for the working subnet.
The working subnet is XX.YY.XX.X
Non working subnet is XX.YY.YY.X
The outside interface ip is XX.YY.XX.X (Working Subnet)
Tried to assign one ip address to the PC from non working subnet and connected to the Switch , its pinging from outside

Hi
Have you tried using packet tracer?

After i upgrade my ASA 5505 from 8.2 to 8.4 i can no longer connect to ASDM. showing connecting ..... please wait for hours now

after i upgrade my ASA 5505 from 8.2 to 8.4 i can no longer connect to ASDM. showing connecting ..... please wait for hours now

Ron
I recently looked at this question with a customer who has been running 8.2 and needs to get some features in newer code. We decided that it made more sense to go to 8.4 than to 8.3.
HTH
Rick

ASA Firewall Upgrade from 8.2,8.4, to 9.0

Dear All ,
we have five firewalls with the following details:
First Firewall
Hardware:   ASA5550, 4096 MB RAM, CPU Pentium 4 3000 MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.4(3) ,Device Manager Version 6.4(7)
    my question can i upgrade ASA IOS 8.4(3) to 9.0 directly without any issues also can i upgrade Device manager 6.4(7) to 7.0 without upgrading the       ASA IOS itself
Second Firewall
Hardware:   ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.2(3) ,Device Manager Version
6.2(3)
my question can i upgrade ASA IOS 8.2(3) to 9.0 directly without any issues also can i upgrade Device manager 6.2(3) to 7.0 without upgrading the       ASA IOS itself
Third Firewall
Hardware:   ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.4(3) ,Device Manager Version 6.4(7)
my question can i upgrade ASA IOS 8.4(3) to 9.0 directly without any issues also can i upgrade Device manager 6.4(7) to 7.0 without upgrading the       ASA IOS itself
Fourth Firewall
Hardware:   ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.4(3) ,Device Manager Version 6.4(7)
my question can i upgrade ASA IOS 8.4(3) to 9.0 directly without any issues also can i upgrade Device manager 6.4(7) to 7.0 without upgrading the       ASA IOS itself
fifth Firewall:
Hardware:   ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.2(3) ,Device Manager Version 6.2(3)
my question can i upgrade ASA IOS 8.2(3) to 9.0 directly without any issues also can i upgrade Device manager 6.2(3) to 7.0 without upgrading the       ASA IOS itself
please help i am doing the upgrading remotely using the ASDM and i don't want to do any upgrade could result disconnectivity.
Best regards

Hi Basel,
Honestly, I wouldn't suggest a direct upgrade from 8.2 to 9.0. This is a *major* upgrade. The recommended path to reach 9.0 would be from 8.2-->8.4-->9.0
Here are the release notes for 9.0:
http://www.cisco.com/en/US/docs/security/asa/asa90/release/notes/asarn90.html#wp690047
Per above document:
If you are upgrading from a pre-8.3 release, see also the Cisco ASA 5500 Migration Guide to Version 8.3 and Later
for important information about migrating your configuration.
Once you are on 8.3/8.4 (I would suggest 8.4 as a lot of issues were fixed post 8.3 as that was a huge transition from 8.2) upgrade to 9.0 is fairly simple.
Major part is upgrade from 8.2 to 8.4 as configuration changes and few things can be broken as a result. I would highly recommend you to check these docs before attempting an upgrade and also do it with some maintenence window so as to correct things in case they broke:
Following doc talks about 8.3 but it is applicable to direct upgrade to 8.4 as well:
https://supportforums.cisco.com/docs/DOC-12690
Release notes for 8.4:
http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html
Sourav

ASA 5520 upgrade from 8.4.6 to 9.1.2

Dear All,
I am having ASA 5520 in Active Standby failover configuration . I want to know if I can upgrade it from 8.4.6 to 9.1.2 using the zero downtime upgrade process mentioned on cisco site .
Below is the process :
Upgrade an Active/Standby Failover Configuration
Complete these steps in order to upgrade two units in an       Active/Standby failover configuration:
Download the new software to both units, and specify the new image to           load with the boot system command.
Refer to           Upgrade           a Software Image and ASDM Image using CLI for more           information.
Reload the standby unit to boot the new image by entering the           failover           reload-standby command on the active unit as shown           below:
active#failover reload-standby
When the standby unit has finished reloading and is in the Standby           Ready state, force the active unit to fail over to the standby unit by entering           the no           failover active command on the active unit.
active#no failover active
Note: Use the show             failover command in order to verify that the standby unit             is in the Standby Ready state.
Reload the former active unit (now the new standby unit) by entering           the reload command:
newstandby#reload
When the new standby unit has finished reloading and is in the           Standby Ready state, return the original active unit to active status by           entering the failover           active command:
newstandby#failover active
This completes the process of upgrading an Active/Standby Failover       pair.
Also after upgrade are there any changes required after IOS migration ( i.e are there any changes in the command line of 8.4.6 and 9.1.2 )
It is mentioned on cisco site that
Major Release
—You can upgrade from the last minor           release of the previous version to the next major release. For example, you can           upgrade from 7.9 to 8.0, assuming that 7.9 is the last minor version in the 7.x           release.

Hi Tushar,
The steps you mentioned are perfectly fine. There is no major difference in the commands of the 2 versions, it's just that in access-rule from 9.1 you have to any4 instead of any for ipv4 and any6 for ipv6. During conversion it will get convert automatically.
Also, please refer to the following document (release notes of 9.1.2) for viewing the new features added in that version:
http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.html#wp685480
- Prateek Verma

Upgrading ASA (5520) from 8.2(5) to 8.4(6)

Hi All,
I'm planing to upgrade my failover firewalls active/standby from 8.2.5 to 8.4.6. I read about the NAT and I think I'm ready for it cross fingers
My plane is
Upload the 8.4.6 and ASDM 7.1.3 for both firewalls then assgin the boot and ASDM image to the new files. After thaton the active firewall reload the standby and wait until its up and running (cross finger again) then force the active to be standby and reload the standby to get the new 8.4.6.
am I right about that? or should I upgrade to 8.3.1 or 8.3.1 first ?? please if it is, can you give me the full upgarde path?
Thanks in advance!!!

I don't know if I'm going to answer your question. But here is my latest experience, about year ago. I just preformed an upgrade from 8.0.x to 8.4.4.1 on a pair of ASA 5510's in failover using CLI. The upgrade seem to go smooth from our end, but all connection did drop. We followed these steps here. NAT wasn't an issue for us.
Point is, there really isn't an upgrade path. Just reload stand-by unit, make it the active unit and watch the connections. Ours dropped don't know why.
Don't know if that helps,
Nick

Upgrading from PIX to ASA 5512X

Hi everyone,
We are in the middle of upgrading from two PIX's to some new ASA5512X's. To give you some background on the situation we are upgrading these since the PIXs are fairly old. We had one extra that we had to use since one PIX has failed already. The guy that implemented the PIXs orginally was learning how to do so as he went so there is alot of needless config in the PIX, atleast from what I can tell. Another guy that works with me has done some configuration on the new ASAs and has done the majority of it so far. Today we went to install the new ASAs and switch everything over hoping it would work, but that didn't happen. It seems that there is something wrong with our NAT and ACLs somewhere along the lines. The way our network is laid out is that we have two school campus with a site-to-site VPN one is 172.17.0.0/16 and the other is 172.18.0.0/16. We also have a remote-access VPN on both ASA's. When we connected the new ASAs up and brought up the interfaces, nothing on the inside could ping the internet nor the other side. The VPN showed active on the ASA's and each ASA could ping the others outside interface, but that was it. I have posted the configs below. If anyone could help out I would GREATLY appreciate it! Thank you in advance!
ASA1:
: Saved
: Written by enable_15 at 04:26:18.240 CDT Tue Mar 12 2013
ASA Version 8.6(1)2
hostname dallasroadASA
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 70.x.x.x 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.18.1.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 172.18.2.21
name-server 172.18.2.20
object network WS_VLAN2
subnet 172.17.2.0 255.255.255.0
object network WS_VLAN3
subnet 172.17.3.0 255.255.255.0
object network WS_VLAN4
subnet 172.17.4.0 255.255.255.0
object network WS_VLAN5
subnet 172.17.5.0 255.255.255.0
object network WS_VLAN6
subnet 172.17.6.0 255.255.255.0
object network WS_VLAN7
subnet 172.17.7.0 255.255.255.0
object network WS_VLAN8
subnet 172.17.8.0 255.255.255.0
object network WS_VLAN9
subnet 172.17.9.0 255.255.255.0
object network WS_VLAN10
subnet 172.17.10.0 255.255.255.0
object network WS_VLAN11
subnet 172.17.11.0 255.255.255.0
object network WS_VLAN12
subnet 172.17.12.0 255.255.255.0
object network WS_VLAN13
subnet 172.17.13.0 255.255.255.0
object network WS_VLAN14
subnet 172.17.14.0 255.255.255.0
object network WS_VLAN15
subnet 172.17.15.0 255.255.255.0
object network WS_VLAN16
subnet 172.17.16.0 255.255.255.0
object network DR_VLAN2
subnet 172.18.2.0 255.255.255.0
object network DR_VLAN3
subnet 172.18.3.0 255.255.255.0
object network DR_VLAN4
subnet 172.18.4.0 255.255.255.0
object network DR_VLAN5
subnet 172.18.5.0 255.255.255.0
object network DR_VLAN6
subnet 172.18.6.0 255.255.255.0
object network DR_VLAN7
subnet 172.18.7.0 255.255.255.0
object network DR_VLAN8
subnet 172.18.8.0 255.255.255.0
object network DR_VLAN9
subnet 172.18.9.0 255.255.255.0
object network DR_VLAN10
subnet 172.18.10.0 255.255.255.0
object network DR_CORE_SW
host 172.18.2.1
object network dallasdns02_internal
host 172.18.2.21
object network faithdallas03_internal
host 172.18.2.20
object network dns_external
host 70.x.x.x
object network WorthStreet
subnet 172.17.0.0 255.255.0.0
object network DallasRoad
subnet 172.18.0.0 255.255.0.0
object-group network DALLAS_VLANS
network-object object DR_VLAN10
network-object object DR_VLAN2
network-object object DR_VLAN3
network-object object DR_VLAN4
network-object object DR_VLAN5
network-object object DR_VLAN6
network-object object DR_VLAN7
network-object object DR_VLAN8
network-object object DR_VLAN9
object-group network WORTH_VLANS
network-object object WS_VLAN10
network-object object WS_VLAN11
network-object object WS_VLAN12
network-object object WS_VLAN13
network-object object WS_VLAN14
network-object object WS_VLAN15
network-object object WS_VLAN16
network-object object WS_VLAN2
network-object object WS_VLAN3
network-object object WS_VLAN4
network-object object WS_VLAN5
network-object object WS_VLAN6
network-object object WS_VLAN7
network-object object WS_VLAN8
network-object object WS_VLAN9
object-group network dallasitnetwork
network-object host 172.18.2.20
network-object host 172.18.2.40
object-group protocol tcpudp
protocol-object udp
protocol-object tcp
object-group network dallasroaddns
network-object host 172.18.2.20
network-object host 172.18.2.21
object-group service tcpservices tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq ssh
object-group network remotevpnnetwork
network-object 172.18.50.0 255.255.255.0
access-list L2LAccesslist extended permit ip 172.18.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list NONAT extended permit ip any 172.18.50.0 255.255.255.0
access-list inside_inbound_access extended permit ip 172.18.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list inside_inbound_access extended permit ip object-group dallasitnetwork any
access-list inside_inbound_access extended permit object-group tcpudp object-group dallasroaddns any eq domain
access-list inside_inbound_access extended permit ip host 172.18.4.10 any
access-list inside_inbound_access extended deny object-group tcpudp any any eq domain
access-list inside_inbound_access extended deny tcp any any eq smtp
access-list inside_inbound_access extended permit ip any any
access-list outside_inbound_access extended permit tcp any host 70.x.x.x object-group tcpservices
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnaddresspool 172.18.50.0-172.18.50.255
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static dallasdns02_internal dns_external
nat (inside,outside) source static faithdallas03_internal dns_external
nat (inside,outside) source dynamic any interface
nat (any,outside) source static remotevpnnetwork remotevpnnetwork destination static remotevpnnetwork remotevpnnetwork description NONAT for remote vpn users
nat (inside,outside) source static DallasRoad DallasRoad destination static WorthStreet WorthStreet
access-group outside_inbound_access in interface outside
access-group inside_inbound_access in interface inside
route outside 0.0.0.0 0.0.0.0 70.x.x.x 1
route inside 172.18.0.0 255.255.0.0 172.18.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
ldap attribute-map CISCOMAP
map-name VPNALLOW IETF-Radius-Class
map-value VPNALLOW FALSE NOACESS
map-value VPNALLOW TRUE ALLOWACCESS
dynamic-access-policy-record DfltAccessPolicy
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 172.17.2.28
server-port 389
ldap-base-dn DC=campus,DC=fcschool,DC=org
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password ****
ldap-login-dn CN=fcsadmin,CN=Users,DC=campus,DC=fcschool,DC=org
server-type microsoft
ldap-attribute-map CISCOMAP
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.17.11.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
crypto map outside_map 10 match address L2LAccesslist
crypto map outside_map 10 set peer 71.x.x.x
crypto map outside_map 10 set ikev1 transform-set myset
crypto map outside_map 10 set reverse-route
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 172.18.0.0 255.255.0.0 inside
ssh 172.17.0.0 255.255.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1
group-policy DfltGrpPolicy attributes
dns-server value 172.18.2.20
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
password-storage enable
group-policy DallasRoad internal
group-policy DallasRoad attributes
dns-server value 172.18.2.20 172.18.2.21
password-storage enable
default-domain value campus.fcschool.org
group-policy ALLOWACCESS internal
group-policy ALLOWACCESS attributes
banner value Now connected to the FCS Network
vpn-tunnel-protocol ikev1
username iwerkadmin password i6vIlW5ctGaR0l7n encrypted privilege 15
tunnel-group remoteaccessvpn type remote-access
tunnel-group remoteaccessvpn general-attributes
address-pool vpnaddresspool
authentication-server-group LDAP
tunnel-group 71.x.x.x type ipsec-l2l
tunnel-group 71.x.x.x ipsec-attributes
ikev1 pre-shared-key ****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:fd69fbd7a2cb0a6a125308dd85302198
: end
ASA2:
: Saved
: Written by enable_15 at 09:27:47.579 UTC Tue Mar 12 2013
ASA Version 8.6(1)2
hostname worthstreetASA
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 71.x.x.x 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.17.1.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa861-2-smp-k8.bin
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 172.17.2.23
name-server 172.17.2.28
object network mail_external
host 71.x.x.x
object network mail_internal
host 172.17.2.57
object network faweb_external
host 71.x.x.x
object network netclassroom_external
host 71.x.x.x
object network blackbaud_external
host 71.x.x.x
object network netclassroom_internal
host 172.17.2.41
object network nagios
host 208.x.x.x
object network DallasRoad_ASA
host 70.x.x.x
object network WS_VLAN2
subnet 172.17.2.0 255.255.255.0
object network WS_VLAN3
subnet 172.17.3.0 255.255.255.0
object network WS_VLAN4
subnet 172.17.4.0 255.255.255.0
object network WS_VLAN5
subnet 172.17.5.0 255.255.255.0
object network WS_VLAN6
subnet 172.17.6.0 255.255.255.0
object network WS_VLAN7
subnet 172.17.7.0 255.255.255.0
object network WS_VLAN8
subnet 172.17.8.0 255.255.255.0
object network WS_VLAN9
subnet 172.17.9.0 255.255.255.0
object network WS_VLAN10
subnet 172.17.10.0 255.255.255.0
object network WS_VLAN11
subnet 172.17.11.0 255.255.255.0
object network WS_VLAN12
subnet 172.17.12.0 255.255.255.0
object network WS_VLAN13
subnet 172.17.13.0 255.255.255.0
object network WS_VLAN14
subnet 172.17.14.0 255.255.255.0
object network WS_VLAN15
subnet 172.17.15.0 255.255.255.0
object network WS_VLAN16
subnet 172.17.16.0 255.255.255.0
object network DR_VLAN2
subnet 172.18.2.0 255.255.255.0
object network DR_VLAN3
subnet 172.18.3.0 255.255.255.0
object network DR_VLAN4
subnet 172.18.4.0 255.255.255.0
object network DR_VLAN5
subnet 172.18.5.0 255.255.255.0
object network DR_VLAN6
subnet 172.18.6.0 255.255.255.0
object network DR_VLAN7
subnet 172.18.7.0 255.255.255.0
object network DR_VLAN8
subnet 172.18.8.0 255.255.255.0
object network DR_VLAN9
subnet 172.18.9.0 255.255.255.0
object network DR_VLAN10
subnet 172.18.10.0 255.255.255.0
object network WS_CORE_SW
host 172.17.2.1
object network blackbaud_internal
host 172.17.2.26
object network spiceworks_internal
host 172.17.2.15
object network faweb_internal
host 172.17.2.31
object network spiceworks_external
host 71.x.x.x
object network WorthStreet
subnet 172.17.0.0 255.255.0.0
object network DallasRoad
subnet 172.18.0.0 255.255.0.0
object network remotevpnnetwork
subnet 172.17.50.0 255.255.255.0
object-group icmp-type echo_svc_group
icmp-object echo
icmp-object echo-reply
object-group service mail.fcshool.org_svc_group
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group service nagios_svc_group tcp
port-object eq 12489
object-group service http_s_svc_group tcp
port-object eq www
port-object eq https
object-group network DALLAS_VLANS
network-object object DR_VLAN10
network-object object DR_VLAN2
network-object object DR_VLAN3
network-object object DR_VLAN4
network-object object DR_VLAN5
network-object object DR_VLAN6
network-object object DR_VLAN7
network-object object DR_VLAN8
network-object object DR_VLAN9
object-group network WORTH_VLANS
network-object object WS_VLAN10
network-object object WS_VLAN11
network-object object WS_VLAN12
network-object object WS_VLAN13
network-object object WS_VLAN14
network-object object WS_VLAN15
network-object object WS_VLAN16
network-object object WS_VLAN2
network-object object WS_VLAN3
network-object object WS_VLAN4
network-object object WS_VLAN5
network-object object WS_VLAN6
network-object object WS_VLAN7
network-object object WS_VLAN8
network-object object WS_VLAN9
object-group network MailServers
network-object host 172.17.2.57
network-object host 172.17.2.58
network-object host 172.17.2.17
object-group protocol DM_INLINE_PROTOCOL
protocol-object ip
protocol-object udp
protocol-object tcp
object-group network DNS_Servers
network-object host 172.17.2.23
network-object host 172.17.2.28
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_access_in extended permit object-group mail.fcshool.org_svc_group any object mail_internal
access-list outside_access_in extended permit tcp object nagios object mail_internal object-group nagios_svc_group
access-list outside_access_in extended permit tcp any object faweb_external object-group http_s_svc_group
access-list outside_access_in extended permit tcp any object netclassroom_external object-group http_s_svc_group
access-list outside_access_in extended permit tcp any object blackbaud_external eq https
access-list outside_access_in extended permit tcp any object spiceworks_external object-group http_s_svc_group
access-list L2LAccesslist extended permit ip 172.17.0.0 255.255.0.0 172.18.0.0 255.255.0.0
access-list inside_inbound extended permit object-group TCPUDP object-group DNS_Servers any eq domain
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL host 172.17.15.10 any inactive
access-list inside_access_in extended permit tcp object-group MailServers any eq smtp
access-list inside_access_in extended permit tcp host 172.17.14.10 any eq smtp
access-list inside_access_in extended deny object-group TCPUDP any any eq domain
access-list inside_access_in extended deny tcp any any eq smtp
access-list inside_access_in extended permit ip any any
access-list vpn_access extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnaddresspool 172.17.50.1-172.17.50.255
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static mail_internal mail_external
nat (inside,outside) source static netclassroom_internal netclassroom_external
nat (inside,outside) source static faweb_internal faweb_external
nat (inside,outside) source static spiceworks_internal interface
nat (inside,outside) source static blackbaud_internal blackbaud_external
nat (inside,outside) source dynamic any interface
nat (inside,outside) source static WorthStreet WorthStreet destination static DallasRoad DallasRoad
nat (any,outside) source static remotevpnnetwork remotevpnnetwork destination static remotevpnnetwork remotevpnnetwork description NONAT for remote vpn users
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 71.x.x.x 1
route inside 172.17.0.0 255.255.0.0 172.17.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
ldap attribute-map CISCOMAP
map-name VPNALLOW IETF-Radius-Class
map-value VPNALLOW FALSE NOACESS
map-value VPNALLOW TRUE ALLOWACCESS
dynamic-access-policy-record DfltAccessPolicy
network-acl vpn_access
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 172.17.2.28
ldap-base-dn DC=campus,DC=fcschool,DC=org
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password Iw@FCS730w
ldap-login-dn CN=VPN Admin,CN=Users,DC=campus,DC=fcschool,DC=org
server-type microsoft
ldap-attribute-map CISCOMAP
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.17.0.0 255.255.0.0 inside
http 172.18.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
crypto map outside_map 10 match address L2LAccesslist
crypto map outside_map 10 set peer 70.x.x.x
crypto map outside_map 10 set ikev1 transform-set myset
crypto map outside_map 10 set reverse-route
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
telnet 172.17.0.0 255.255.0.0 inside
telnet 172.18.0.0 255.255.0.0 inside
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 172.17.0.0 255.255.0.0 inside
ssh 172.18.0.0 255.255.0.0 inside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access management
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
webvpn
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1
group-policy ALLOWACCESS internal
group-policy ALLOWACCESS attributes
banner value Now connected to the FCS Network
vpn-tunnel-protocol ikev1
username iwerkadmin password i6vIlW5ctGaR0l7n encrypted privilege 15
tunnel-group 70.x.x.x type ipsec-l2l
tunnel-group 70.x.x.x ipsec-attributes
ikev1 pre-shared-key FC$vpnn3tw0rk
tunnel-group remoteaccessvpn type remote-access
tunnel-group remoteaccessvpn general-attributes
address-pool vpnaddresspool
authentication-server-group LDAP
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:b599ba0f719f39b213e7f01fe55588ac
: end

Hi Derrick,
I just did the same for a customer; replaced 2 PIX515s failover cluster with 5512X. The NAT change is major with ASAs version 8.3 and later...
here's what you need: a manual NAT rule called twice NAT (policy NAT or NONAT is the old terminology) for the VPNs to work. also add the no-proxy-arp keyword:
nat (inside,outside) source static INSIDE_NETWORKS INSIDE_NETWORKS VPN_NETWORKS VPN_NETWORKS no-proxy-arp
nat (inside,outside) source static INSIDE_NETWORKS INSIDE_NETWORKS RA_VPN_NETWORKS RA_VPN_NETWORKS no-proxy-arp
then the dynamic PAT for internet access (after the twice NATs for VPN); could be a manual NAT like you did, or preferred an object NAT.
you did:
nat (inside,outside) source dynamic any interface
would also work with object nat:
object network INSIDE_NETWORKS
subnet ...
nat (inside,outside) dynamic interface
Same on the other side (except the networks are reversed since the inside network is now what the other side refers to as vpn network and vice versa)
If you don't put the no-proxy-arp, your NAT configuration will cause network issues.
also to be able to pass pings through ASA, add the following:
policy-map global_policy
class inspection_default
inspect icmp
The asa will do some basic inspection of the ICMP protocol with that config ex. it will make sure there is 1 echo-reply for each echo-request...
hope that helps,
Patrick

Upgrading from SSM-10 to ASA 5525x

We are upgrading from an ASA 5510 with a SSM-10 module to the 5525x ips. Can we simply copy the config from the SSM-10 to the 5525x?

Please refer the below document for the details regarding the catalog conversions.
http://helpx.adobe.com/photoshop-elements/kb/common-catalog-issues-upgrade-elements.html

Testing a Firewall upgrade from PIX 7.0.2 to ASA 8.4.5

I have upgraded from PIX 7.0.2, to ASA 8.4.5, and had some issues regarding the NAMES list, setup NETWORK-OBJECTS to get the HOSTS in the access-list added to the ASA.
The PIX script contained no NAT, only access-list, and when the script was copied onto the ASA, it was taken successfully.
I was wondering what methods are available to test the script I have compiled on the ASA, prior to switching from the PIX onto the ASA? what processes are normal to confirm the Firewall is operational, and the rulesets working ? any ideas / tools / commands would be welcome.

There are changes in the NAT syntax & Object Grouping. Also on VPN configurations.....
You need to make sure that certain things are taken care in new ASA which runs in 8.4 Version.
I have attached reference for NAT changes pre and post 8.3, which might be helpful for you.
Using the packet tracer command you can check the NAT rules are working and ACL is working fine.
packet tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed] [xml]
http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/command/reference/cmd_ref/p.html#wp1878788
Hope this helps....
Regards
Karthik

ASA 5585 IOS upgradation from 8.2(5) to 9.0(2)

Hi,
I am getting below warning messages when i am doing IOS upgradation of ASA5585.The current version of IOS is 8.2(5) and the converted version is 9.0(2). I would like to know whether i can ignore the warnings and move on with new version or need to do any manual changes in configuration.
This is my internet firewall which has DMZ as well.
WARNING: MIGRATION: ACE converted to real IP/port values based on
dynamic/static Policy NAT. The new ACE(s) need to be checked for enforcing policy NAT ACL
Thanks
Soumya

Hi ,
Sorry, I forgot to mention that we have upgraded from 8.2->8.4.6>9.02.
We have multiple warning messages like below. A huge number of inbound access rules have been created in new version and we are worried whether this will creat a security loop.
WARNING: MIGRATION: ACE converted to real IP/port values based on
dynamic/static Policy NAT. The new ACE(s) need to be checked for enforcing policy NAT ACL
216.163.252.25
8.2(5)
access-list outside extended permit udp host 216.163.252.25 host 203.99.194.163
access-list outside extended permit esp host 216.163.252.25 host 203.99.194.163
access-list Metlife-VPN extended permit ip 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.237.164.0 255.255.254.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.237.241.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.230.107.128 255.255.255.224 host 216.163.252.25
access-list inside1 extended permit udp 10.237.164.0 255.255.254.0 host 216.163.252.25
access-list inside1 extended permit ip 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list inside1 extended permit ip 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit esp 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit ip 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit esp 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit ip host 10.239.23.177 host 216.163.252.25
access-list outside extended permit ip any host 203.99.194.163
9.0(2)
object network obj-216.163.252.25
host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.237.164.0 255.255.254.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.237.241.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.230.107.128 255.255.255.224 host 216.163.252.25
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.56
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.72
access-list outside extended permit udp host 216.163.252.25 10.239.24.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.15
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.94
access-list outside extended permit udp host 216.163.252.25 host 10.239.24.138
access-list outside extended permit udp host 216.163.252.25 10.239.23.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.101
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.208
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.20
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.78
access-list outside extended permit udp host 216.163.252.25 10.239.48.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.73
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.204
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.178
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.187
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.28
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.144
access-list outside extended permit udp host 216.163.252.25 host 10.239.48.105
access-list outside extended permit udp host 216.163.252.25 10.237.23.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.179
access-list outside extended permit udp host 216.163.252.25 10.237.164.0 255.255.254.0
access-list outside extended permit udp host 216.163.252.25 10.239.50.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.46
access-list outside extended permit udp host 216.163.252.25 host 10.237.165.120
access-list outside extended permit udp host 216.163.252.25 10.239.50.0 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.11
access-list outside extended permit udp host 216.163.252.25 host 10.239.48.142
access-list outside extended permit udp host 216.163.252.25 host 10.239.48.12
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.45
access-list outside extended permit udp host 216.163.252.25 host 10.237.173.12
access-list outside extended permit udp host 216.163.252.25 host 10.237.164.72
access-list outside extended permit udp host 216.163.252.25 host 10.237.173.13
access-list outside extended permit udp host 216.163.252.25 host 10.239.20.145
access-list outside extended permit udp host 216.163.252.25 host 10.239.41.23
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.128
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.146
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.137
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.144
access-list outside extended permit udp host 216.163.252.25 10.230.144.64 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.229.32.0 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.242.50.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.153
access-list outside extended permit udp host 216.163.252.25 host 10.242.50.68
access-list outside extended permit udp host 216.163.252.25 host 10.232.8.176
access-list outside extended permit udp host 216.163.252.25 10.242.0.128 255.255.255.128
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.198
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.199
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.201
access-list outside extended permit udp host 216.163.252.25 10.230.107.192 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.202
access-list outside extended permit udp host 216.163.252.25 10.237.226.0 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 10.242.146.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.197
access-list outside extended permit udp host 216.163.252.25 host 10.229.59.109
access-list outside extended permit udp host 216.163.252.25 10.242.97.128 255.255.255.128
access-list outside extended permit udp host 216.163.252.25 10.242.36.64 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.237.241.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.237.241.14
access-list outside extended permit udp host 216.163.252.25 host 10.237.241.68
access-list outside extended permit udp host 216.163.252.25 host 10.237.241.94
access-list outside extended permit udp host 216.163.252.25 host 10.237.173.15
access-list outside extended permit udp host 216.163.252.25 10.242.212.0 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.242.51.128 255.255.255.128
access-list outside extended permit udp host 216.163.252.25 10.242.210.192 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 host 10.242.146.18
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.168
access-list outside extended permit udp host 216.163.252.25 host 10.239.48.31
access-list outside extended permit udp host 216.163.252.25 host 10.242.195.204
access-list outside extended permit udp host 216.163.252.25 10.242.195.192 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.230.241.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 10.230.103.128 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.144
access-list outside extended permit udp host 216.163.252.25 10.230.107.128 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 10.211.202.224 255.255.255.240
access-list outside extended permit udp host 216.163.252.25 host 10.211.211.221
access-list outside extended permit udp host 216.163.252.25 host 10.229.34.43
access-list outside extended permit udp host 216.163.252.25 host 10.229.34.49
access-list outside extended permit udp host 216.163.252.25 host 10.232.38.160
access-list outside extended permit udp host 216.163.252.25 host 10.232.130.93
access-list outside extended permit udp host 216.163.252.25 host 10.233.38.151
access-list outside extended permit udp host 216.163.252.25 host 10.236.147.50
access-list outside extended permit udp host 216.163.252.25 host 10.236.147.71
access-list outside extended permit udp host 216.163.252.25 host 10.236.147.83
access-list outside extended permit udp host 216.163.252.25 host 10.236.180.4
access-list outside extended permit udp host 216.163.252.25 host 10.237.9.83
access-list outside extended permit udp host 216.163.252.25 host 10.237.9.93
access-list outside extended permit udp host 216.163.252.25 host 10.237.77.39
access-list outside extended permit udp host 216.163.252.25 host 10.237.77.74
access-list outside extended permit udp host 216.163.252.25 host 10.237.77.76
access-list outside extended permit udp host 216.163.252.25 host 10.237.173.8
access-list outside extended permit udp host 216.163.252.25 host 10.237.241.24
access-list outside extended permit udp host 216.163.252.25 host 10.237.241.183
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.13
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.71
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.108
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.109
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.120
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.170
access-list outside extended permit udp host 216.163.252.25 host 10.239.24.26
access-list outside extended permit udp host 216.163.252.25 host 10.239.24.158
access-list outside extended permit udp host 216.163.252.25 host 10.239.24.222
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.20
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.34
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.41
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.42
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.52
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.60
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.64
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.73
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.81
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.82
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.90
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.114
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.141
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.151
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.155
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.205
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.224
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.233
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.238
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.239
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.251
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.26
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.52
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.57
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.72
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.90
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.93
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.107
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.161
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.171
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.184
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.185
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.196
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.208
access-list outside extended permit udp host 216.163.252.25 host 10.239.38.17
access-list outside extended permit udp host 216.163.252.25 host 10.239.41.34
access-list outside extended permit udp host 216.163.252.25 host 10.239.41.68
access-list outside extended permit udp host 216.163.252.25 host 10.239.41.72
access-list outside extended permit udp host 216.163.252.25 host 10.239.41.78
access-list outside extended permit udp host 216.163.252.25 host 10.239.48.143
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.10
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.15
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.31
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.35
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.52
access-list outside extended permit udp host 216.163.252.25 host 10.239.60.100
access-list outside extended permit udp host 216.163.252.25 host 10.239.67.18
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.17
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.23
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.34
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.42
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.53
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.75
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.76
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.77
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.114
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.117
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.118
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.120
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.136
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.143
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.15
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.17
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.35
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.48
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.90
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.116
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.140
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.168
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.183
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.26
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.53
access-list outside extended permit udp host 216.163.252.25 host 10.242.11.29
access-list outside extended permit udp host 216.163.252.25 host 10.242.11.31
access-list outside extended permit udp host 216.163.252.25 host 10.242.11.80
access-list outside extended permit udp host 216.163.252.25 host 10.242.11.81
access-list outside extended permit udp host 216.163.252.25 host 10.242.22.133
access-list outside extended permit udp host 216.163.252.25 host 10.242.22.134
access-list outside extended permit udp host 216.163.252.25 host 10.242.22.154
access-list outside extended permit udp host 216.163.252.25 host 10.242.36.76
access-list outside extended permit udp host 216.163.252.25 host 10.242.36.79
access-list outside extended permit udp host 216.163.252.25 host 10.242.36.118
access-list outside extended permit udp host 216.163.252.25 host 10.242.146.29
access-list outside extended permit udp host 216.163.252.25 host 10.242.158.227
access-list outside extended permit udp host 216.163.252.25 host 10.242.195.197
access-list outside extended permit udp host 216.163.252.25 host 207.41.226.145
access-list outside extended permit udp host 216.163.252.25 10.233.38.144 255.255.255.248
access-list outside extended permit udp host 216.163.252.25 10.230.132.160 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 10.230.134.0 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 10.242.68.160 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 10.233.38.150 255.255.255.222
access-list outside extended permit udp host 216.163.252.25 10.229.144.0 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.236.84.64 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.237.84.128 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.239.47.192 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.242.90.64 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.230.137.128 255.255.255.128
access-list outside extended permit udp host 216.163.252.25 10.239.56.0 255.255.255.128
access-list outside extended permit udp host 216.163.252.25 10.237.22.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.56
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.72
access-list outside extended permit esp host 216.163.252.25 10.239.24.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.15
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.94
access-list outside extended permit esp host 216.163.252.25 host 10.239.24.138
access-list outside extended permit esp host 216.163.252.25 10.239.23.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.101
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.208
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.20
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.78
access-list outside extended permit esp host 216.163.252.25 10.239.48.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.73
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.204
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.178
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.187
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.28
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.144
access-list outside extended permit esp host 216.163.252.25 host 10.239.48.105
access-list outside extended permit esp host 216.163.252.25 10.237.23.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.179
access-list outside extended permit esp host 216.163.252.25 10.237.164.0 255.255.254.0
access-list outside extended permit esp host 216.163.252.25 10.239.50.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.46
access-list outside extended permit esp host 216.163.252.25 host 10.237.165.120
access-list outside extended permit esp host 216.163.252.25 10.239.50.0 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.11
access-list outside extended permit esp host 216.163.252.25 host 10.239.48.142
access-list outside extended permit esp host 216.163.252.25 host 10.239.48.12
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.45
access-list outside extended permit esp host 216.163.252.25 host 10.237.173.12
access-list outside extended permit esp host 216.163.252.25 host 10.237.164.72
access-list outside extended permit esp host 216.163.252.25 host 10.237.173.13
access-list outside extended permit esp host 216.163.252.25 host 10.239.20.145
access-list outside extended permit esp host 216.163.252.25 host 10.239.41.23
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.128
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.146
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.137
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.144
access-list outside extended permit esp host 216.163.252.25 10.230.144.64 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.229.32.0 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.242.50.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.153
access-list outside extended permit esp host 216.163.252.25 host 10.242.50.68
access-list outside extended permit esp host 216.163.252.25 host 10.232.8.176
access-list outside extended permit esp host 216.163.252.25 10.242.0.128 255.255.255.128
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.198
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.199
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.201
access-list outside extended permit esp host 216.163.252.25 10.230.107.192 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.202
access-list outside extended permit esp host 216.163.252.25 10.237.226.0 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 10.242.146.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.197
access-list outside extended permit esp host 216.163.252.25 host 10.229.59.109
access-list outside extended permit esp host 216.163.252.25 10.242.97.128 255.255.255.128
access-list outside extended permit esp host 216.163.252.25 10.242.36.64 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.237.241.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.237.241.14
access-list outside extended permit esp host 216.163.252.25 host 10.237.241.68
access-list outside extended permit esp host 216.163.252.25 host 10.237.241.94
access-list outside extended permit esp host 216.163.252.25 host 10.237.173.15
access-list outside extended permit esp host 216.163.252.25 10.242.212.0 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.242.51.128 255.255.255.128
access-list outside extended permit esp host 216.163.252.25 10.242.210.192 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 host 10.242.146.18
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.168
access-list outside extended permit esp host 216.163.252.25 host 10.239.48.31
access-list outside extended permit esp host 216.163.252.25 host 10.242.195.204
access-list outside extended permit esp host 216.163.252.25 10.242.195.192 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.230.241.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 10.230.103.128 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.144
access-list outside extended permit esp host 216.163.252.25 10.230.107.128 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 10.211.202.224 255.255.255.240
access-list outside extended permit esp host 216.163.252.25 host 10.211.211.221
access-list outside extended permit esp host 216.163.252.25 host 10.229.34.43
access-list outside extended permit esp host 216.163.252.25 host 10.229.34.49
access-list outside extended permit esp host 216.163.252.25 host 10.232.38.160
access-list outside extended permit esp host 216.163.252.25 host 10.232.130.93
access-list outside extended permit esp host 216.163.252.25 host 10.233.38.151
access-list outside extended permit esp host 216.163.252.25 host 10.236.147.50
access-list outside extended permit esp host 216.163.252.25 host 10.236.147.71
access-list outside extended permit esp host 216.163.252.25 host 10.236.147.83
access-list outside extended permit esp host 216.163.252.25 host 10.236.180.4
access-list outside extended permit esp host 216.163.252.25 host 10.237.9.83
access-list outside extended permit esp host 216.163.252.25 host 10.237.9.93
access-list outside extended permit esp host 216.163.252.25 host 10.237.77.39
access-list outside extended permit esp host 216.163.252.25 host 10.237.77.74
access-list outside extended permit esp host 216.163.252.25 host 10.237.77.76
access-list outside extended permit esp host 216.163.252.25 host 10.237.173.8
access-list outside extended permit esp host 216.163.252.25 host 10.237.241.24
access-list outside extended permit esp host 216.163.252.25 host 10.237.241.183
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.13
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.71
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.108
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.109
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.120
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.170
access-list outside extended permit esp host 216.163.252.25 host 10.239.24.26
access-list outside extended permit esp host 216.163.252.25 host 10.239.24.158
access-list outside extended permit esp host 216.163.252.25 host 10.239.24.222
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.20
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.34
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.41
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.42
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.52
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.60
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.64
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.73
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.81
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.82
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.90
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.114
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.141
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.151
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.155
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.205
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.224
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.233
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.238
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.239
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.251
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.26
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.52
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.57
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.72
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.90
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.93
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.107
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.161
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.171
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.184
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.185
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.196
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.208
access-list outside extended permit esp host 216.163.252.25 host 10.239.38.17
access-list outside extended permit esp host 216.163.252.25 host 10.239.41.34
access-list outside extended permit esp host 216.163.252.25 host 10.239.41.68
access-list outside extended permit esp host 216.163.252.25 host 10.239.41.72
access-list outside extended permit esp host 216.163.252.25 host 10.239.41.78
access-list outside extended permit esp host 216.163.252.25 host 10.239.48.143
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.10
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.15
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.31
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.35
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.52
access-list outside extended permit esp host 216.163.252.25 host 10.239.60.100
access-list outside extended permit esp host 216.163.252.25 host 10.239.67.18
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.17
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.23
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.34
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.42
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.53
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.75
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.76
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.77
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.114
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.117
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.118
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.120
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.136
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.143
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.15
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.17
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.35
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.48
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.90
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.116
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.140
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.168
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.183
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.26
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.53
access-list outside extended permit esp host 216.163.252.25 host 10.242.11.29
access-list outside extended permit esp host 216.163.252.25 host 10.242.11.31
access-list outside extended permit esp host 216.163.252.25 host 10.242.11.80
access-list outside extended permit esp host 216.163.252.25 host 10.242.11.81
access-list outside extended permit esp host 216.163.252.25 host 10.242.22.133
access-list outside extended permit esp host 216.163.252.25 host 10.242.22.134
access-list outside extended permit esp host 216.163.252.25 host 10.242.22.154
access-list outside extended permit esp host 216.163.252.25 host 10.242.36.76
access-list outside extended permit esp host 216.163.252.25 host 10.242.36.79
access-list outside extended permit esp host 216.163.252.25 host 10.242.36.118
access-list outside extended permit esp host 216.163.252.25 host 10.242.146.29
access-list outside extended permit esp host 216.163.252.25 host 10.242.158.227
access-list outside extended permit esp host 216.163.252.25 host 10.242.195.197
access-list outside extended permit esp host 216.163.252.25 host 207.41.226.145
access-list outside extended permit esp host 216.163.252.25 10.233.38.144 255.255.255.248
access-list outside extended permit esp host 216.163.252.25 10.230.132.160 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 10.230.134.0 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 10.242.68.160 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 10.233.38.150 255.255.255.222
access-list outside extended permit esp host 216.163.252.25 10.229.144.0 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.236.84.64 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.237.84.128 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.239.47.192 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.242.90.64 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.230.137.128 255.255.255.128
access-list outside extended permit esp host 216.163.252.25 10.239.56.0 255.255.255.128
access-list outside extended permit esp host 216.163.252.25 10.237.22.0 255.255.255.0
access-list inside1 extended permit udp 10.237.164.0 255.255.254.0 host 216.163.252.25
access-list inside1 extended permit ip 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list inside1 extended permit ip 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit esp 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit ip 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit esp 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit ip host 10.239.23.177 host 216.163.252.25
nat (inside,outside) source dynamic obj-10.239.48.0 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25
nat (inside,outside) source dynamic obj-10.237.164.0-01 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25
nat (inside,outside) source dynamic obj-10.229.32.0 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25
nat (inside,outside) source dynamic obj-10.242.146.0 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25
nat (inside,outside) source dynamic obj-10.237.241.0 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25
nat (inside,outside) source dynamic obj-10.230.107.128 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25

Upgrade ASA Software from 8.3.2 to 8.4.3

Hi,
does anybody did an Upgrade from an 8.3 version to the new version 8.4.3 and can give some hints or links to read?
I only have a production system and nothing to test and I don' want to get a nasty surprise...
Thanks a lot in advance

If you're already on 8.3(2) you've already gotten past the tricky bit - the new NAT syntax and access-list object use. There are some minor changes with identity NAT in going up to 8.4(3) as described here but that's about it as far as things to watch out for.
The TAC is quite helpful and it is a good idea to open a case proactively just to have them on hand to take a quick look at any issues that come up. The TAC security team deals with these upgrades every day and is very adept at zeroing in on the root cause of any issues you are having and setting things straight within in few minutes.

Problem in upgrading from CUCM 8.5.1 to CUCM 8.6.2

Unable to upgarde cucm 8.5 to 8.6 ,
installed referesh upgrade cop file . tried on SFTP and using local DVD same below error displayed . Any one have any solution please share .
Installation Status
File
UCSInstall_UCOS_8.6.2.21900-5.sgn.iso
Start Time
Mon Dec 10 14:31:47 GST 2013
Status
Error encountered: An unknown error occurred while accessing the upgrade file.
12/10/2013 13:44:37 file_list.sh|Starting file_list.sh|<LVL::Info>
12/10/2013 13:44:37 file_list.sh|Parse argument method=remote_sftp|<LVL::Debug>
12/10/2013 13:44:37 file_list.sh|Parse argument source_dir=/|<LVL::Debug>
12/10/2013 13:44:37 file_list.sh|Parse argument dest_file=/var/log/install/downloaded_versions|<LVL::Debug>
12/10/2013 13:44:37 file_list.sh|Parse argument remote_host=10.2.102.68|<LVL::Debug>
12/10/2013 13:44:37 file_list.sh|Parse argument user_name=cisco|<LVL::Debug>
12/10/2013 13:44:37 file_list.sh|Process remote SFTP request|<LVL::Info>
12/10/2013 13:44:37 file_list.sh|Calling SFTP command with metering off|<LVL::Debug>
12/10/2013 13:44:38 file_list.sh|SFTP command complete (0)|<LVL::Debug>
12/10/2013 13:44:38 file_list.sh|List file (pre-filtered):|<LVL::Debug>
12/10/2013 13:44:38 file_list.sh|(CAPTURE) UCSInstall_UCOS_8.6.2.21900-5.sgn.iso|<LVL::Debug>
12/10/2013 13:44:38 file_list.sh|(CAPTURE) ciscocm.refresh_upgrade_v1.1.cop.sgn|<LVL::Debug>
12/10/2013 13:44:38 file_list.sh|/opt/cisco/install/bin/filter file=/var/log/install/downloaded_versions|<LVL::Debug>
12/10/2013 13:44:38 filter|Parse argument file=/var/log/install/downloaded_versions|<LVL::Debug>
12/10/2013 13:44:38 filter|No patch type specified. Optional.|<LVL::Debug>
12/10/2013 13:44:38 filter|No upgrade mode specifed. Optional.|<LVL::Debug>
12/10/2013 13:44:43 filter|Processing filter candidate names|<LVL::Debug>
12/10/2013 13:44:43 filter|Process "UCSInstall_UCOS_8.6.2.21900-5.sgn.iso"|<LVL::Debug>
12/10/2013 13:44:43 filter|    Match against patch pattern (UCSInstall_UCOS_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.iso)|<LVL::Debug>
12/10/2013 13:44:43 filter|    Match against patch pattern (UCSInstall_UCOS_UNRST_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.iso)|<LVL::Debug>
12/10/2013 13:44:43 filter|    Match against patch pattern (UCSInstall_UCOS_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.sgn.iso)|<LVL::Debug>
12/10/2013 13:44:43 filter|INorOUT=IN UCSInstall_UCOS_8.6.2.21900-5.sgn.iso: Filter passed.|<LVL::Debug>
12/10/2013 13:44:43 filter|Process "ciscocm.refresh_upgrade_v1.1.cop.sgn"|<LVL::Debug>
12/10/2013 13:44:43 filter|    Match against patch pattern (UCSInstall_UCOS_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.iso)|<LVL::Debug>
12/10/2013 13:44:43 filter|    Match against patch pattern (UCSInstall_UCOS_UNRST_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.iso)|<LVL::Debug>
12/10/2013 13:44:43 filter|    Match against patch pattern Signed Standard upgrade patch file (UCSInstall_UCOS_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.sgn.iso)|<LVL::Debug>
12/10/2013 13:44:43 filter|    Match against patch pattern (UCSInstall_UCOS_UNRST_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.sgn.iso)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against es pattern (UCSInstall_UCOS_ES[0-9]*_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.iso)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against es pattern (UCSInstall_UCOS_UNRST_ES[0-9]*_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.iso)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against es pattern (UCSInstall_UCOS_ES[0-9]*_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.sgn.iso)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against es pattern (UCSInstall_UCOS_UNRST_ES[0-9]*_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.sgn.iso)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against su pattern (UCSInstall_UCOS_SU[0-9]*_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.iso)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against su pattern (UCSInstall_UCOS_UNRST_SU[0-9]*_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.iso)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against su pattern (UCSInstall_UCOS_SU[0-9]*_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.sgn.iso)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against su pattern (UCSInstall_UCOS_UNRST_SU[0-9]*_[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.sgn.iso)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (dp-ffr.[1-9]-[0-9]-[0-9]+.*.cop)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (dp-ffr.[1-9]-[0-9]-[0-9]+.*.cop.sgn)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (cm-locale-.*_.*-[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.cop)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (cm-locale-.*_.*-[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.cop.sgn)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (po-locale-.*_.*-[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.cop)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (po-locale-.*_.*-[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.cop.sgn)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (cmterm-devicepack[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.cop)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (cmterm-devicepack[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.cop.sgn)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (cmterm-.*\.cop)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (cmterm-.*\.cop\.sgn)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (uc-locale-.*_.*-[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.cop)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (uc-locale-.*_.*-[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.cop.sgn)|<LVL::Debug>
12/10/2013 13:44:44 filter|    Match against cop pattern (uc-friendly-[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.cop)|<LVL::Debug>
12/10/2013 13:44:45 filter|    Match against cop pattern (uc-friendly-[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+-[0-9]+.cop.sgn)|<LVL::Debug>
12/10/2013 13:44:45 filter|    Match against cop pattern (ciscocm..*.cop)|<LVL::Debug>
12/10/2013 13:44:45 filter|    Match against cop pattern (ciscocm..*.cop.sgn)|<LVL::Debug>
12/10/2013 13:44:45 filter|INorOUT=IN ciscocm.refresh_upgrade_v1.1.cop.sgn: Filter passed.|<LVL::Debug>
12/10/2013 13:44:45 file_list.sh|List file (post-filtered):|<LVL::Debug>
12/10/2013 13:44:45 file_list.sh|(CAPTURE) <?xml version="1.0" encoding="UTF-8"?>|<LVL::Debug>
12/10/2013 13:44:45 file_list.sh|(CAPTURE) <InstallList>|<LVL::Debug>
12/10/2013 13:44:45 file_list.sh|(CAPTURE)     <InstallItem type="patch" secure-file="UCSInstall_UCOS_8.6.2.21900-5.sgn.iso" version="8.6.2.21900-5" file="UCSInstall_UCOS_8.6.2.21900-5.sgn.iso" reboot="no" signed="yes"/>|<LVL::Debug>
12/10/2013 13:44:45 file_list.sh|(CAPTURE)     <InstallItem type="cop" secure-file="ciscocm.refresh_upgrade_v1.1.cop.sgn" version="0.0.0.0-0" file="ciscocm.refresh_upgrade_v1.1.cop" reboot="no" signed="yes"/>|<LVL::Debug>
12/10/2013 13:44:45 file_list.sh|(CAPTURE) </InstallList>|<LVL::Debug>
12/10/2013 13:44:45 file_list.sh|success|<LVL::Info>
12/10/2013 13:44:45 file_list.sh|file_list.sh complete (rc=0)|<LVL::Info>
12/10/2013 13:44:53 upgrade_validate_file.sh|Starting upgrade_validate_file.sh|<LVL::Info>
12/10/2013 13:44:53 upgrade_validate_file.sh|Parse argument method=remote_sftp|<LVL::Debug>
12/10/2013 13:44:53 upgrade_validate_file.sh|Parse argument source_dir=/|<LVL::Debug>
12/10/2013 13:44:53 upgrade_validate_file.sh|Parse argument file_name=UCSInstall_UCOS_8.6.2.21900-5.sgn.iso|<LVL::Debug>
12/10/2013 13:44:53 upgrade_validate_file.sh|Parse argument remote_host=10.2.102.68|<LVL::Debug>
12/10/2013 13:44:53 upgrade_validate_file.sh|Parse argument user_name=cisco|<LVL::Debug>
12/10/2013 13:44:53 upgrade_validate_file.sh|Parse argument file_type=patch|<LVL::Debug>
12/10/2013 13:44:53 upgrade_validate_file.sh|Parse argument file_signed=yes|<LVL::Debug>
12/10/2013 13:44:53 upgrade_validate_file.sh|Process remote SFTP request|<LVL::Info>
12/10/2013 13:44:53 upgrade_validate_file.sh|Get //UCSInstall_UCOS_8.6.2.21900-5.sgn.iso size via sftp|<LVL::Debug>
12/10/2013 13:44:54 upgrade_validate_file.sh|Size of file obtained from sftp is 4793341952|<LVL::Debug>
12/10/2013 13:44:54 upgrade_validate_file.sh|Total space needed is 9586683904|<LVL::Debug>
12/10/2013 13:44:54 upgrade_validate_file.sh|Check free space|<LVL::Info>
12/10/2013 13:44:54 upgrade_validate_file.sh|There is enough space on device to proceed.|<LVL::Info>
12/10/2013 13:44:54 upgrade_validate_file.sh|(CAPTURE)   Free space : 25916985344|<LVL::Debug>
12/10/2013 13:44:54 upgrade_validate_file.sh|(CAPTURE) Space needed : 19827077120|<LVL::Debug>
12/10/2013 13:44:54 upgrade_validate_file.sh|Remote SFTP request complete (0)|<LVL::Info>
12/10/2013 13:44:54 upgrade_validate_file.sh|success|<LVL::Info>
12/10/2013 13:44:54 upgrade_validate_file.sh|upgrade_validate_file.sh complete (rc=0)|<LVL::Info>
12/10/2013 13:44:54 upgrade_validate_file.sh|Unmount DVD|<LVL::Info>
12/10/2013 13:44:57 upgrade_get_file.sh|Starting upgrade_get_file.sh|<LVL::Info>
12/10/2013 13:44:57 upgrade_get_file.sh|Parse argument method=remote_sftp|<LVL::Debug>
12/10/2013 13:44:57 upgrade_get_file.sh|Parse argument source_dir=/|<LVL::Debug>
12/10/2013 13:44:57 upgrade_get_file.sh|Parse argument file_name=UCSInstall_UCOS_8.6.2.21900-5.sgn.iso|<LVL::Debug>
12/10/2013 13:44:57 upgrade_get_file.sh|Parse argument dest_dir=/common/download/|<LVL::Debug>
12/10/2013 13:44:57 upgrade_get_file.sh|Parse argument remote_host=10.2.102.68|<LVL::Debug>
12/10/2013 13:44:57 upgrade_get_file.sh|Parse argument user_name=cisco|<LVL::Debug>
12/10/2013 13:44:57 upgrade_get_file.sh|Parse argument version=8.6.2.21900-5|<LVL::Debug>
12/10/2013 13:44:57 upgrade_get_file.sh|Parse argument file_type=patch|<LVL::Debug>
12/10/2013 13:44:57 upgrade_get_file.sh|Parse argument file_signed=yes|<LVL::Debug>
12/10/2013 13:45:08 upgrade_get_file.sh|Process remote SFTP request|<LVL::Info>
12/10/2013 13:45:08 upgrade_get_file.sh|source_dir=/, dest_file=/common/download//UCSInstall_UCOS_8.6.2.21900-5.sgn.iso, file_name=UCSInstall_UCOS_8.6.2.21900-5.sgn.iso|<LVL::Debug>
12/10/2013 13:45:08 upgrade_get_file.sh|Starting SFTP|<LVL::Debug>
12/10/2013 14:29:34 upgrade_get_file.sh|Mount /common/download//UCSInstall_UCOS_8.6.2.21900-5.sgn.iso on /mnt/source|<LVL::Info>
12/10/2013 14:29:34 upgrade_get_file.sh|Download of iso file RTMTStart|<LVL::Notice>
12/10/2013 14:29:34 upgrade_get_file.sh|Create md5 "/common/download/UCSInstall_UCOS_8.6.2.21900-5.sgn.iso.md5"|<LVL::Info>
12/10/2013 14:30:49 upgrade_get_file.sh|MD5(/common/download/UCSInstall_UCOS_8.6.2.21900-5.sgn.iso)= e8:da:df:9a:3a:61:ee:27:4d:c5:4f:7b:77:78:bc:f1|<LVL::Debug>
12/10/2013 14:30:49 upgrade_get_file.sh|Create md5 complete|<LVL::Info>
12/10/2013 14:30:49 upgrade_get_file.sh|Authenticate file "/common/download/8.6.2.21900-5/checksum_file.sgn"|<LVL::Info>
12/10/2013 14:30:49 upgrade_get_file.sh|File authentication complete|<LVL::Debug>
12/10/2013 14:30:49 upgrade_get_file.sh|authenticating ISO name, filename=UCSInstall_UCOS_8.6.2.21900-5.sgn.iso, isoname=UCSInstall_UCOS_8.6.2.21900-5.sgn.iso|<LVL::Debug>
12/10/2013 14:30:49 upgrade_get_file.sh|Download of iso file RTMTFinish|<LVL::Notice>
12/10/2013 14:30:49 upgrade_get_file.sh|Checking for preflight script|<LVL::Debug>
12/10/2013 14:30:49 upgrade_get_file.sh|Executing preflight script: /mnt/source/Cisco/install/bin/preflight isolocation=/mnt/source|<LVL::Info>
12/10/2013 14:30:49 preflight|Starting preflight|<LVL::Info>
12/10/2013 14:30:49 preflight|Validate preflight data|<LVL::Info>
12/10/2013 14:30:49 preflight|Preflight data validation complete|<LVL::Info>
12/10/2013 14:30:49 preflight|Determine upgrade type|<LVL::Info>
12/10/2013 14:30:50 preflight|Active RH version = 4AS|<LVL::Debug>
12/10/2013 14:30:50 preflight|New os version(xml) = 5Server|<LVL::Debug>
12/10/2013 14:30:50 preflight|HW model = VMware|<LVL::Debug>
12/10/2013 14:30:50 preflight|Upgrade type = RU|<LVL::Debug>
12/10/2013 14:30:50 preflight|Obtain product type|<LVL::Info>
12/10/2013 14:30:53 preflight|Obtained product type CallManager|<LVL::Info>
12/10/2013 14:30:53 preflight|Processing preflight install mode|<LVL::Info>
12/10/2013 14:30:53 preflight|Set preflight cancel utility|<LVL::Info>
12/10/2013 14:30:53 preflight|Execute install preflight commands for CallManager:RU from /mnt/source/Cisco/install/preflight.xml|<LVL::Info>
12/10/2013 14:30:53 preflight|Found 10 preflight commands to execute|<LVL::Debug>
12/10/2013 14:30:53 preflight|Execute preflight command (1/10): mkdir -p /common/preflight/CM/RU|<LVL::Debug>
12/10/2013 14:30:53 preflight|Preflight command returns 0|<LVL::Debug>
12/10/2013 14:30:53 preflight|Execute preflight command (2/10): cp -f /usr/local/platform/conf/dynamicConfig.xml /common/preflight/CM/RU/dynamicConfig.xml|<LVL::Debug>
12/10/2013 14:30:53 preflight|Preflight command returns 1|<LVL::Debug>
12/10/2013 14:30:53 preflight|(CAPTURE) cp: cannot stat `/usr/local/platform/conf/dynamicConfig.xml': No such file or directory|<LVL::Debug>
12/10/2013 14:30:53 preflight|Preflight command did not complete (1). Continuing command processing...|<LVL::Warn>
12/10/2013 14:30:53 preflight|Execute preflight command (3/10): cp -f /usr/local/thirdparty/jakarta-tomcat/webapps/cmplatform/WEB-INF/pages/install/dynamic.jsp /common/preflight/CM/RU/dynamic.jsp|<LVL::Debug>
12/10/2013 14:30:53 preflight|Preflight command returns 1|<LVL::Debug>
12/10/2013 14:30:53 preflight|(CAPTURE) cp: cannot stat `/usr/local/thirdparty/jakarta-tomcat/webapps/cmplatform/WEB-INF/pages/install/dynamic.jsp': No such file or directory|<LVL::Debug>
12/10/2013 14:30:53 preflight|Preflight command did not complete (1). Continuing command processing...|<LVL::Warn>
12/10/2013 14:30:53 preflight|Execute preflight command (4/10): cp -f /usr/local/thirdparty/jakarta-tomcat/webapps/cmplatform/WEB-INF/pages/install/install-confirm-content.jsp /common/preflight/CM/RU/install-confirm-content.jsp|<LVL::Debug>
12/10/2013 14:30:53 preflight|Preflight command returns 0|<LVL::Debug>
12/10/2013 14:30:53 preflight|Execute preflight command (5/10): cp -f /mnt/source/Cisco/install/dynamicConfig_RU.xml /usr/local/platform/conf/dynamicConfig.xml|<LVL::Debug>
12/10/2013 14:30:53 preflight|Preflight command returns 0|<LVL::Debug>
12/10/2013 14:30:53 preflight|Execute preflight command (6/10): mkdir -p /usr/local/thirdparty/jakarta-tomcat/webapps/cmplatform/WEB-INF/pages/install|<LVL::Debug>
12/10/2013 14:30:53 preflight|Preflight command returns 0|<LVL::Debug>
12/10/2013 14:30:53 preflight|Execute preflight command (7/10): cp -f /mnt/source/Cisco/install/dynamic_RU.jsp /usr/local/thirdparty/jakarta-tomcat/webapps/cmplatform/WEB-INF/pages/install/dynamic.jsp|<LVL::Debug>
12/10/2013 14:30:53 preflight|Preflight command returns 0|<LVL::Debug>
12/10/2013 14:30:53 preflight|Execute preflight command (8/10): cp -f /mnt/source/Cisco/install/install-confirm-content_RU.jsp /usr/local/thirdparty/jakarta-tomcat/webapps/cmplatform/WEB-INF/pages/install/install-confirm-content.jsp|<LVL::Debug>
12/10/2013 14:30:53 preflight|Preflight command returns 0|<LVL::Debug>
12/10/2013 14:30:53 preflight|Execute preflight command (9/10): /mnt/source/Cisco/install/bin/tempDynamic.preflight /mnt/source/Cisco/install/dynamic_RU.jsp dynamic.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|Preflight command returns 0|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:53 starting tempDynamic.preflight...|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:53 Source dir/file = /mnt/source/Cisco/install/dynamic_RU.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:53 Destination file name = dynamic.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 Copying /mnt/source/Cisco/install/dynamic_RU.jsp to /usr/local/thirdparty/jakarta-tomcat/temp/1-cmplatform/WEB-INF/pages/install/dynamic.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 added/replaced /usr/local/thirdparty/jakarta-tomcat/temp/1-cmplatform/WEB-INF/pages/install/dynamic.jsp successfully|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 Copying /mnt/source/Cisco/install/dynamic_RU.jsp to /usr/local/thirdparty/jakarta-tomcat/temp/2-cmplatform/WEB-INF/pages/install/dynamic.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 added/replaced /usr/local/thirdparty/jakarta-tomcat/temp/2-cmplatform/WEB-INF/pages/install/dynamic.jsp successfully|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 Copying /mnt/source/Cisco/install/dynamic_RU.jsp to /usr/local/thirdparty/jakarta-tomcat/temp/4-cmplatform/WEB-INF/pages/install/dynamic.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 added/replaced /usr/local/thirdparty/jakarta-tomcat/temp/4-cmplatform/WEB-INF/pages/install/dynamic.jsp successfully|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 ... tempDynamic.preflight completed|<LVL::Debug>
12/10/2013 14:30:54 preflight|Execute preflight command (10/10): /mnt/source/Cisco/install/bin/tempDynamic.preflight /mnt/source/Cisco/install/install-confirm-content_RU.jsp install-confirm-content.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|Preflight command returns 0|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 starting tempDynamic.preflight...|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 Source dir/file = /mnt/source/Cisco/install/install-confirm-content_RU.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 Destination file name = install-confirm-content.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 Copying /mnt/source/Cisco/install/install-confirm-content_RU.jsp to /usr/local/thirdparty/jakarta-tomcat/temp/1-cmplatform/WEB-INF/pages/install/install-confirm-content.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 added/replaced /usr/local/thirdparty/jakarta-tomcat/temp/1-cmplatform/WEB-INF/pages/install/install-confirm-content.jsp successfully|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 Copying /mnt/source/Cisco/install/install-confirm-content_RU.jsp to /usr/local/thirdparty/jakarta-tomcat/temp/2-cmplatform/WEB-INF/pages/install/install-confirm-content.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 added/replaced /usr/local/thirdparty/jakarta-tomcat/temp/2-cmplatform/WEB-INF/pages/install/install-confirm-content.jsp successfully|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 Copying /mnt/source/Cisco/install/install-confirm-content_RU.jsp to /usr/local/thirdparty/jakarta-tomcat/temp/4-cmplatform/WEB-INF/pages/install/install-confirm-content.jsp|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 added/replaced /usr/local/thirdparty/jakarta-tomcat/temp/4-cmplatform/WEB-INF/pages/install/install-confirm-content.jsp successfully|<LVL::Debug>
12/10/2013 14:30:54 preflight|(CAPTURE) 12/10/2013 14:30:54 ... tempDynamic.preflight completed|<LVL::Debug>
12/10/2013 14:30:54 preflight|Exiting with result 0|<LVL::Info>
12/10/2013 14:30:54 upgrade_get_file.sh|preflight rc=0|<LVL::Debug>
12/10/2013 14:30:54 upgrade_get_file.sh|Preflight completed successfully|<LVL::Info>
12/10/2013 14:30:56 upgrade_get_file.sh|success|<LVL::Info>
12/10/2013 14:30:56 upgrade_get_file.sh|upgrade_get_file.sh complete (rc=0)|<LVL::Info>
12/30/2014 14:31:49 sd_cancelInstall.sh|Canceling active side processes
12/30/2014 14:31:49 sd_cancelInstall.sh|Canceling active side processes done
12/30/2014 14:31:49 sd_cancelInstall.sh|Canceling inactive side processes
12/30/2014 14:31:50 sd_cancelInstall.sh|Canceling inactive side processes done
12/10/2013 14:31:55 upgrade_install.sh|Starting Upgrade -- upgrade_install.sh|<LVL::Info>
12/10/2013 14:31:55 upgrade_install.sh|Parse argument version=8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:31:55 upgrade_install.sh|Parse argument dest_dir=/common/download/|<LVL::Debug>
12/10/2013 14:31:55 upgrade_install.sh|Parse argument work_dir=/var/log/install|<LVL::Debug>
12/10/2013 14:31:59 upgrade_install.sh|/usr/local/platform/bin/startcsa status|<LVL::Debug>
12/10/2013 14:31:59 upgrade_install.sh|CSA Status = 0|<LVL::Debug>
12/10/2013 14:31:59 upgrade_install.sh|(CAPTURE) Cisco Security Agent is running with pid 23124|<LVL::Debug>
12/10/2013 14:31:59 upgrade_install.sh|CSA Status = 0|<LVL::Debug>
12/10/2013 14:31:59 upgrade_install.sh|/etc/init.d/ciscosec stop|<LVL::Debug>
12/10/2013 14:32:14 upgrade_install.sh|(CAPTURE) Stopping ciscosec: [ OK ]|<LVL::Debug>
12/10/2013 14:32:14 upgrade_install.sh|Upgrade the system|<LVL::Info>
12/10/2013 14:32:14 upgrade_install.sh|Copy /mnt/source/Cisco/base_scripts/upgrade_manager.sh to /common/download/8.6.2.21900-5/upgrade_manager.sh|<LVL::Info>
12/10/2013 14:32:14 upgrade_install.sh|Copy /mnt/source/Cisco/base_scripts/upgrade_manager.sh to /common/download/8.6.2.21900-5/upgrade_manager.sh complete|<LVL::Info>
12/10/2013 14:32:14 upgrade_install.sh|Start upgrade manager|<LVL::Info>
12/10/2013 14:32:14 upgrade_install.sh|/common/download/8.6.2.21900-5/upgrade_manager.sh type=upgrade basepath=/common/download/8.6.2.21900-5 file_name= logfile=/var/log/install/install_log_2013-12-30.13.44.35.log resultfile=/var/log/install/upgrade-results.xml work_dir=/var/log/install intf_file=/common/download/8.6.2.21900-5/upgrade_manager.xml|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Cleanup data from a prior upgrade attempt|<LVL::Info>
12/10/2013 14:32:14 upgrade_manager.sh|Removing any /grub/boot/grub/grub.conf.recovery|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Invalidate upgrade partition|<LVL::Info>
12/10/2013 14:32:14 upgrade_manager.sh|Clean up rpm any stale __db. files in rpmdb on the to side|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Removing any master RPM from /partB|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Removing any /partB/etc/opt/cisco/install.conf|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Invalidate any product configuration file|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Parse argument type=upgrade|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Parse argument basepath=/common/download/8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Parse argument file_name=|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Parse argument logfile=/var/log/install/install_log_2013-12-30.13.44.35.log|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Parse argument resultfile=/var/log/install/upgrade-results.xml|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Parse argument work_dir=/var/log/install|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Parse argument intf_file=/common/download/8.6.2.21900-5/upgrade_manager.xml|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|upgrade_type="upgrade"|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|L2 upgrade|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Initialize install support functions|<LVL::Info>
12/10/2013 14:32:14 upgrade_manager.sh|Calling "source /mnt/source/Cisco/install/bin/install_func"|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Initialize install support functions complete|<LVL::Info>
12/10/2013 14:32:14 upgrade_manager.sh|Check for Refresh Upgrade|<LVL::Info>
12/10/2013 14:32:14 upgrade_manager.sh|Check if /mnt/source/upgradeConfig.xml exists|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Checking RedHat release version (4AS, 5Server)|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Initiate Refresh Upgrade|<LVL::Info>
12/10/2013 14:32:14 upgrade_manager.sh|Copy /mnt/source/Cisco/install/bin/refresh_upgrade to /common/download/8.6.2.21900-5/refresh_upgrade|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Check that /common/download/8.6.2.21900-5/refresh_upgrade exists and is executable|<LVL::Debug>
12/10/2013 14:32:14 upgrade_manager.sh|Calling exec /common/download/8.6.2.21900-5/refresh_upgrade type=upgrade basepath=/common/download/8.6.2.21900-5 file_name= logfile=/var/log/install/install_log_2013-12-30.13.44.35.log resultfile=/var/log/install/upgrade-results.xml work_dir=/var/log/install intf_file=/common/download/8.6.2.21900-5/upgrade_manager.xml|<LVL::Debug>
12/10/2013 14:32:14 refresh_upgrade|Parse argument type=upgrade|<LVL::Debug>
12/10/2013 14:32:14 refresh_upgrade|Parse argument basepath=/common/download/8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:32:14 refresh_upgrade|Parse argument file_name=|<LVL::Debug>
12/10/2013 14:32:14 refresh_upgrade|Parse argument logfile=/var/log/install/install_log_2013-12-30.13.44.35.log|<LVL::Debug>
12/10/2013 14:32:14 refresh_upgrade|Parse argument resultfile=/var/log/install/upgrade-results.xml|<LVL::Debug>
12/10/2013 14:32:14 refresh_upgrade|Parse argument work_dir=/var/log/install|<LVL::Debug>
12/10/2013 14:32:14 refresh_upgrade|Parse argument intf_file=/common/download/8.6.2.21900-5/upgrade_manager.xml|<LVL::Debug>
12/10/2013 14:32:14 refresh_upgrade|No 'to' version specified. Extracting it from base path.|<LVL::Debug>
12/10/2013 14:32:14 refresh_upgrade|NEW_VERSION updated to 8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:32:14 refresh_upgrade|Refresh Upgrade Starting|<LVL::Info>
12/10/2013 14:32:14 refresh_upgrade|IOWAIT monitor starting|<LVL::Info>
12/10/2013 14:32:14 refresh_upgrade|Checksum the upgrade source on /mnt/source|<LVL::Info>
12/10/2013 14:32:14 refresh_upgrade|Calling sha1sum -c /common/download/8.6.2.21900-5/checksum_file|<LVL::Debug>
12/10/2013 14:34:14 refresh_upgrade|Checksum complete|<LVL::Info>
12/10/2013 14:34:14 refresh_upgrade|Initialize staging area|<LVL::Info>
12/10/2013 14:34:14 refresh_upgrade|Initialize globals for hard drive|<LVL::Debug>
12/10/2013 14:34:14 refresh_upgrade|Calling rm -rf /common/refresh_upgrade /common/component|<LVL::Debug>
12/10/2013 14:34:23 refresh_upgrade|Copy /mnt/source to /common/refresh_upgrade|<LVL::Info>
12/10/2013 14:34:23 refresh_upgrade|Execute find /mnt/source and cpio to /common/refresh_upgrade. This may take several minutes.|<LVL::Debug>
12/10/2013 14:37:31 refresh_upgrade|Copy source files to staging area complete|<LVL::Info>
12/10/2013 14:37:31 refresh_upgrade|Initialize staging area complete|<LVL::Info>
12/10/2013 14:37:31 refresh_upgrade|Prepare Refresh Upgrade support directory|<LVL::Info>
12/10/2013 14:37:31 refresh_upgrade|Make /common/mnt/product_img mount point|<LVL::Info>
12/10/2013 14:37:32 refresh_upgrade|Calling umount /common/mnt/product_img|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Setup support directories|<LVL::Info>
12/10/2013 14:37:33 refresh_upgrade|Calling rm -rf /common/download/8.6.2.21900-5/Cisco|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling mkdir -p /common/download/8.6.2.21900-5/Cisco|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Create /common/cisco link to /common/download/8.6.2.21900-5/Cisco|<LVL::Info>
12/10/2013 14:37:33 refresh_upgrade|Calling rm -rf /common/cisco|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling ln -s /common/download/8.6.2.21900-5/Cisco /common/cisco|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Copy files from /common/refresh_upgrade/images/product.img to /common/download/8.6.2.21900-5/Cisco|<LVL::Info>
12/10/2013 14:37:33 refresh_upgrade|Calling mount /common/refresh_upgrade/images/product.img /common/mnt/product_img -o loop|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling cp -rf /common/mnt/product_img/bin/iproduct.sh /common/download/8.6.2.21900-5/Cisco/bin/iproduct.sh|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling cp -rf /common/mnt/product_img/bin/ihardware.sh /common/download/8.6.2.21900-5/Cisco/bin/ihardware.sh|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling cp -rf /common/mnt/product_img/bin/ihistory.sh /common/download/8.6.2.21900-5/Cisco/bin/ihistory.sh|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling cp -rf /common/mnt/product_img/bin/xproduct.sh /common/download/8.6.2.21900-5/Cisco/bin/xproduct.sh|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling cp -rf /common/mnt/product_img/bin/xcomponent.sh /common/download/8.6.2.21900-5/Cisco/bin/xcomponent.sh|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling cp -rf /common/mnt/product_img/bin/xplatformconfig.sh /common/download/8.6.2.21900-5/Cisco/bin/xplatformconfig.sh|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling cp -rf /common/mnt/product_img/bin/install_emailer /common/download/8.6.2.21900-5/Cisco/bin/install_emailer|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling cp -rf /common/mnt/product_img/bin/component_install /common/download/8.6.2.21900-5/Cisco/bin/component_install|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Calling umount /common/mnt/product_img|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|Setup install information in /common/download/8.6.2.21900-5/Cisco|<LVL::Info>
12/10/2013 14:37:33 refresh_upgrade|Calling ln -s /common/refresh_upgrade/Cisco/install /common/download/8.6.2.21900-5/Cisco/install|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) Mail notification cancelled - smtp server address for email not found! [/usr/local/platform/conf/platformConfig.xml]|<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:33 refresh_upgrade|(CAPTURE) |<LVL::Debug>
12/10/2013 14:37:36 refresh_upgrade|Setting up cisco specific enviroment|<LVL::Info>
12/10/2013 14:37:36 refresh_upgrade|PATH=/common/download/8.6.2.21900-5/Cisco/bin:/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/sbin:/home/sftpuser:/root/.security|<LVL::Debug>
12/10/2013 14:37:36 refresh_upgrade|LD_LIBRARY_PATH=/common/download/8.6.2.21900-5/Cisco/lib:/opt/cisco/install/lib:|<LVL::Debug>
12/10/2013 14:37:36 refresh_upgrade|PYTHONPATH=/common/download/8.6.2.21900-5/Cisco/python:/usr/local/cm/lib:/usr/local/cm/lib:/usr/local/cm/lib:|<LVL::Debug>
12/10/2013 14:37:36 refresh_upgrade|CISCO_INSTALL_CONF_PATH=/common/download/8.6.2.21900-5/Cisco/install/conf|<LVL::Debug>
12/10/2013 14:37:36 refresh_upgrade|CISCO_INSTALL_BIN_PATH=/common/download/8.6.2.21900-5/Cisco/bin /opt/cisco/install/bin /usr/local/bin/base_scripts|<LVL::Debug>
12/10/2013 14:37:36 refresh_upgrade|CISCO_PLATFORMCONF_PATH=/common/cisco /usr/local/platform/conf|<LVL::Debug>
12/10/2013 14:37:36 refresh_upgrade|CISCO_INSTALL_LIB_PATH=/usr/local/bin/base_scripts|<LVL::Debug>
12/10/2013 14:37:36 refresh_upgrade|Set logging globals for upgrade|<LVL::Info>
12/10/2013 14:37:36 refresh_upgrade|Before: ILOG_CONTEXT="Upgrade", ILOG_FILE="/var/log/install/install_log_2013-12-30.13.44.35.log", ILOG_RESULTS_FILE="/var/log/install/upgrade-results.xml"|<LVL::Debug>
12/10/2013 14:37:36 refresh_upgrade|After: ILOG_CONTEXT="Upgrade", ILOG_FILE="/common/log/install/install_log_2013-12-30.13.44.35.log", ILOG_RESULTS_FILE="/common/log/install/upgrade-results.xml"|<LVL::Debug>
12/10/2013 14:37:36 refresh_upgrade|Initialize APIs|<LVL::Info>
12/10/2013 14:37:36 refresh_upgrade|Initializing the product API|<LVL::Info>
12/10/2013 14:37:37 refresh_upgrade|Initializing the hardware API|<LVL::Info>
12/10/2013 14:37:38 ServerApiManager|INITIALIZE: sam_legacy_mode_init=1|<LVL::Debug>
12/10/2013 14:37:46 ServerApiManager|INITIALIZE: sam_hssi_mode_init=0|<LVL::Debug>
12/10/2013 14:37:46 refresh_upgrade|Initializing the history log API|<LVL::Info>
12/10/2013 14:37:46 refresh_upgrade|Initializing the xplatformconfig API|<LVL::Info>
12/10/2013 14:37:46 refresh_upgrade|Initializing the xproduct API|<LVL::Info>
12/10/2013 14:37:46 refresh_upgrade|Initialize setup functions|<LVL::Info>
12/10/2013 14:37:46 refresh_upgrade|Calling "source /common/download/8.6.2.21900-5/Cisco/install/setup/utils.sh"|<LVL::Debug>
12/10/2013 14:37:46 refresh_upgrade|Initialize setup functions complete|<LVL::Info>
12/10/2013 14:37:46 refresh_upgrade|Getting deployment ID from active side|<LVL::Info>
12/10/2013 14:37:46 refresh_upgrade|Copy /usr/local/platform/conf/platformConfig.xml to /common/cisco/platformConfig.xml|<LVL::Info>
12/10/2013 14:37:46 refresh_upgrade|Calling "cp /usr/local/platform/conf/platformConfig.xml /common/cisco/platformConfig.xml"|<LVL::Debug>
12/10/2013 14:37:48 refresh_upgrade|Check if the upgrade is allowed|<LVL::Info>
12/10/2013 14:37:48 refresh_upgrade|Validate hardware for the upgrade|<LVL::Info>
12/10/2013 14:37:48 refresh_upgrade|Hardware is supported for the upgrade|<LVL::Info>
12/10/2013 14:37:50 refresh_upgrade|Validate hardware for "callmanager" deployment|<LVL::Info>
12/10/2013 14:37:50 refresh_upgrade|Hardware is supported for "callmanager" deployment|<LVL::Info>
12/10/2013 14:37:50 refresh_upgrade|Validate from version 8.5.1.10000-26|<LVL::Info>
12/10/2013 14:37:50 refresh_upgrade|Upgrade from 8.5.1.10000-26 allowed|<LVL::Info>
12/10/2013 14:37:50 refresh_upgrade|Validate free space for the upgrade|<LVL::Info>
12/10/2013 14:37:50 refresh_upgrade|(CAPTURE) Free space: 26040668160, Needed space: 15014745300|<LVL::Debug>
12/10/2013 14:37:50 refresh_upgrade|Free space validation complete|<LVL::Info>
12/10/2013 14:37:50 refresh_upgrade|Run component export scripts|<LVL::Debug>
12/10/2013 14:37:50 component_install|Initializing xproduct.sh API|<LVL::Debug>
12/10/2013 14:37:50 component_install|Initializing xcomponent.sh API|<LVL::Debug>
12/10/2013 14:37:50 component_install|Initializing xplatformconfig.sh API|<LVL::Debug>
12/10/2013 14:37:50 component_install|Parse argument export|<LVL::Debug>
12/10/2013 14:37:50 component_install|Parse argument mode=refresh-upgrade|<LVL::Debug>
12/10/2013 14:37:50 component_install|Parse argument install_root=/common/refresh_upgrade/Cisco|<LVL::Debug>
12/10/2013 14:37:50 component_install|Parse argument data_root=/common|<LVL::Debug>
12/10/2013 14:37:50 component_install|Run component export scripts, mode refresh-upgrade|<LVL::Info>
12/10/2013 14:37:50 component_install|Initialize product data, mode refresh-upgrade|<LVL::Info>
12/10/2013 14:37:50 component_install|Initialize "to" side product version|<LVL::Info>
12/10/2013 14:37:50 component_install|Access "to" side API|<LVL::Debug>
12/10/2013 14:37:50 component_install|Got version 8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:37:50 component_install|Initialize "to" side product version complete|<LVL::Info>
12/10/2013 14:37:50 component_install|Initialize "from" side product version|<LVL::Info>
12/10/2013 14:37:50 component_install|Access "from" side API|<LVL::Debug>
12/10/2013 14:37:50 component_install|Got version 8.5.1.10000-26|<LVL::Debug>
12/10/2013 14:37:50 component_install|Initialize "from" side product version complete|<LVL::Info>
12/10/2013 14:37:50 component_install|Initialize product data complete|<LVL::Info>
12/10/2013 14:37:50 component_install|Initialize component data, mode refresh-upgrade|<LVL::Info>
12/10/2013 14:37:50 component_install|Initialize ucos "to" side version|<LVL::Info>
12/10/2013 14:37:50 component_install|Access "to" side API|<LVL::Debug>
12/10/2013 14:37:51 component_install|Got version 8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:37:51 component_install|Initialize ucos "to" side version complete|<LVL::Info>
12/10/2013 14:37:51 component_install|Initialize ucos "from" side version|<LVL::Info>
12/10/2013 14:37:51 component_install|Component ucos available on active side|<LVL::Debug>
12/10/2013 14:37:51 component_install|Access "from" side API|<LVL::Debug>
12/10/2013 14:37:51 component_install|Got version 8.5.1.10000-26|<LVL::Debug>
12/10/2013 14:37:51 component_install|Initialize ucos "from" side version complete|<LVL::Info>
12/10/2013 14:37:51 component_install|Initialize global data complete|<LVL::Info>
12/10/2013 14:37:51 component_install|Build the command list for ucos|<LVL::Info>
12/10/2013 14:37:51 component_install|Initialize command list|<LVL::Debug>
12/10/2013 14:37:51 component_install|Build ucos export phase commands|<LVL::Debug>
12/10/2013 14:37:51 component_install|Processing ucos export element|<LVL::Debug>
12/10/2013 14:37:51 component_install|Building the command list for ucos is complete|<LVL::Info>
12/10/2013 14:37:51 component_install|Command execution for ucos component RTMTStart|<LVL::Notice>
12/10/2013 14:37:51 component_install|Execute commands in the command list for ucos component|<LVL::Info>
12/10/2013 14:37:51 component_install|No commands to execute for ucos component|<LVL::Info>
12/10/2013 14:37:51 component_install|Command execution for ucos component is complete|<LVL::Info>
12/10/2013 14:37:51 component_install|Command execution for ucos component RTMTFinish|<LVL::Notice>
12/10/2013 14:37:51 component_install|Initialize component data, mode refresh-upgrade|<LVL::Info>
12/10/2013 14:37:51 component_install|Initialize ucplatform "to" side version|<LVL::Info>
12/10/2013 14:37:51 component_install|Access "to" side API|<LVL::Debug>
12/10/2013 14:37:51 component_install|Got version 8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:37:51 component_install|Initialize ucplatform "to" side version complete|<LVL::Info>
12/10/2013 14:37:51 component_install|Initialize ucplatform "from" side version|<LVL::Info>
12/10/2013 14:37:51 component_install|Component ucplatform available on active side|<LVL::Debug>
12/10/2013 14:37:51 component_install|Access "from" side API|<LVL::Debug>
12/10/2013 14:37:51 component_install|Got version 8.5.1.10000-26|<LVL::Debug>
12/10/2013 14:37:51 component_install|Initialize ucplatform "from" side version complete|<LVL::Info>
12/10/2013 14:37:51 component_install|Initialize global data complete|<LVL::Info>
12/10/2013 14:37:51 component_install|Build the command list for ucplatform|<LVL::Info>
12/10/2013 14:37:51 component_install|Initialize command list|<LVL::Debug>
12/10/2013 14:37:51 component_install|Build ucplatform export phase commands|<LVL::Debug>
12/10/2013 14:37:51 component_install|Processing ucplatform export element|<LVL::Debug>
12/10/2013 14:37:51 component_install|Processing ucplatform script element|<LVL::Debug>
12/10/2013 14:37:51 component_install|Add "security_prepare RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt" to command list|<LVL::Debug>
12/10/2013 14:37:52 component_install|Processing ucplatform script element|<LVL::Debug>
12/10/2013 14:37:52 component_install|Add "password_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt" to command list|<LVL::Debug>
12/10/2013 14:37:52 component_install|Processing ucplatform script element|<LVL::Debug>
12/10/2013 14:37:52 component_install|Add "ssh_keys_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt" to command list|<LVL::Debug>
12/10/2013 14:37:52 component_install|Processing ucplatform script element|<LVL::Debug>
12/10/2013 14:37:52 component_install|Add "installed_options_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt" to command list|<LVL::Debug>
12/10/2013 14:37:52 component_install|Processing ucplatform script element|<LVL::Debug>
12/10/2013 14:37:52 component_install|Add "platform_certs_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt" to command list|<LVL::Debug>
12/10/2013 14:37:52 component_install|Processing ucplatform script element|<LVL::Debug>
12/10/2013 14:37:52 component_install|Add "servm_export RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt" to command list|<LVL::Debug>
12/10/2013 14:37:52 component_install|Processing ucplatform script element|<LVL::Debug>
12/10/2013 14:37:52 component_install|Add "network_files_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt" to command list|<LVL::Debug>
12/10/2013 14:37:52 component_install|Processing ucplatform script element|<LVL::Debug>
12/10/2013 14:37:52 component_install|Add "drf_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt" to command list|<LVL::Debug>
12/10/2013 14:37:52 component_install|Building the command list for ucplatform is complete|<LVL::Info>
12/10/2013 14:37:52 component_install|Command execution for ucplatform component RTMTStart|<LVL::Notice>
12/10/2013 14:37:52 component_install|Execute commands in the command list for ucplatform component|<LVL::Info>
12/10/2013 14:37:52 component_install|Search path is /common/refresh_upgrade/Cisco/ucplatform/scripts:/usr/local/cm/script|<LVL::Debug>
12/10/2013 14:37:52 component_install|Checking command /common/refresh_upgrade/Cisco/ucplatform/scripts/security_prepare|<LVL::Debug>
12/10/2013 14:37:52 component_install|Execute "/common/refresh_upgrade/Cisco/ucplatform/scripts/security_prepare RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt"|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Parse arguments|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Validate arguments|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Initialize global variables|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Handle Security Information|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Export security information|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Export /etc/shadow file|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Export login warning message|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Export SFTP data|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Export DRF data|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Export CCM Service Data|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Export IPSec Data|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|get_fips_status returning partB fips_cnf as 0|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Export Racoon Data|<LVL::Debug>
12/10/2013 14:37:52 security_prepare|Export Tomcat Data|<LVL::Debug>
12/10/2013 14:37:53 security_prepare|security information prepare successful|<LVL::Info>
12/10/2013 14:37:53 component_install|Search path is /common/refresh_upgrade/Cisco/ucplatform/scripts:/usr/local/cm/script|<LVL::Debug>
12/10/2013 14:37:53 component_install|Checking command /common/refresh_upgrade/Cisco/ucplatform/scripts/password_migrate|<LVL::Debug>
12/10/2013 14:37:53 component_install|Execute "/common/refresh_upgrade/Cisco/ucplatform/scripts/password_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt"|<LVL::Debug>
12/10/2013 14:37:53 password_migrate|Handle password information|<LVL::Debug>
12/10/2013 14:37:53 password_migrate|Export password information|<LVL::Info>
12/10/2013 14:37:53 password_migrate|Calling mkdir -p /common/component/ucplatform/etc/pam.d|<LVL::Info>
12/10/2013 14:37:53 password_migrate|password information migrate successful|<LVL::Info>
12/10/2013 14:37:53 component_install|Search path is /common/refresh_upgrade/Cisco/ucplatform/scripts:/usr/local/cm/script|<LVL::Debug>
12/10/2013 14:37:53 component_install|Checking command /common/refresh_upgrade/Cisco/ucplatform/scripts/ssh_keys_migrate|<LVL::Debug>
12/10/2013 14:37:53 component_install|Execute "/common/refresh_upgrade/Cisco/ucplatform/scripts/ssh_keys_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt"|<LVL::Debug>
12/10/2013 14:37:53 component_install|Search path is /common/refresh_upgrade/Cisco/ucplatform/scripts:/usr/local/cm/script|<LVL::Debug>
12/10/2013 14:37:53 component_install|Checking command /common/refresh_upgrade/Cisco/ucplatform/scripts/installed_options_migrate|<LVL::Debug>
12/10/2013 14:37:53 component_install|Execute "/common/refresh_upgrade/Cisco/ucplatform/scripts/installed_options_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt"|<LVL::Debug>
12/10/2013 14:37:55 component_install|Search path is /common/refresh_upgrade/Cisco/ucplatform/scripts:/usr/local/cm/script|<LVL::Debug>
12/10/2013 14:37:55 component_install|Checking command /common/refresh_upgrade/Cisco/ucplatform/scripts/platform_certs_migrate|<LVL::Debug>
12/10/2013 14:37:55 component_install|Execute "/common/refresh_upgrade/Cisco/ucplatform/scripts/platform_certs_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt"|<LVL::Debug>
12/10/2013 14:37:55 platform_certs_migrate|Source major version: 8|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|Export platform certificates|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|starting refresh upgrade export certs copy|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|creating /common/component/ucplatform|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|starting refresh upgrade export certs copy|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|creating /common/component/ucplatform|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|exporting certmon config|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|creating /common/component/ucplatform/config|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|copy /usr/local/platform/conf/certMonitorConfig.xml /common/component/ucplatform/conf/|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|Export bulk sftp config|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|sftp config not available|<LVL::Info>
12/10/2013 14:37:55 platform_certs_migrate|platform certificates migrate successful|<LVL::Info>
12/10/2013 14:37:55 component_install|Search path is /common/refresh_upgrade/Cisco/ucplatform/scripts:/usr/local/cm/script|<LVL::Debug>
12/10/2013 14:37:55 component_install|Checking command /common/refresh_upgrade/Cisco/ucplatform/scripts/servm_export|<LVL::Debug>
12/10/2013 14:37:55 component_install|Execute "/common/refresh_upgrade/Cisco/ucplatform/scripts/servm_export RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt"|<LVL::Debug>
12/10/2013 14:37:56 servm_export|Start servm Export processing|<LVL::Info>
12/10/2013 14:37:56 servm_export|Copying /usr/local/cm//../platform/conf/activate.conf to /common/component/ucplatform|<LVL::Info>
12/10/2013 14:37:56 servm_export|Copying /usr/local/cm//../platform/conf/services.conf to /common/component/ucplatform|<LVL::Info>
12/10/2013 14:37:56 servm_export|SUCCESS: servm Export processing completed|<LVL::Info>
12/10/2013 14:37:56 component_install|Search path is /common/refresh_upgrade/Cisco/ucplatform/scripts:/usr/local/cm/script|<LVL::Debug>
12/10/2013 14:37:56 component_install|Checking command /common/refresh_upgrade/Cisco/ucplatform/scripts/network_files_migrate|<LVL::Debug>
12/10/2013 14:37:56 component_install|Execute "/common/refresh_upgrade/Cisco/ucplatform/scripts/network_files_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt"|<LVL::Debug>
12/10/2013 14:37:56 network_files_migrate|Export network configuration files to /common/component/ucplatform/etc/sysconfig/network-scripts|<LVL::Info>
12/10/2013 14:37:56 network_files_migrate|Calling mkdir -p /common/component/ucplatform/etc/sysconfig/network-scripts|<LVL::Debug>
12/10/2013 14:37:56 network_files_migrate|Calling mkdir -p /common/component/ucplatform/common|<LVL::Debug>
12/10/2013 14:37:56 network_files_migrate|Copy network configuration files|<LVL::Info>
12/10/2013 14:37:56 network_files_migrate|Copying /etc/sysconfig/network-scripts/ifcfg-eth0 to /common/component/ucplatform/etc/sysconfig/network-scripts/ifcfg-eth0|<LVL::Debug>
12/10/2013 14:37:56 network_files_migrate|Copying /etc/sysconfig/network to /common/component/ucplatform/etc/sysconfig/network|<LVL::Debug>
12/10/2013 14:37:56 network_files_migrate|Copying /etc/hosts to /common/component/ucplatform/etc/hosts|<LVL::Debug>
12/10/2013 14:37:57 network_files_migrate|Copying /etc/resolv.conf to /common/component/ucplatform/etc/resolv.conf|<LVL::Debug>
12/10/2013 14:37:57 network_files_migrate|Copying //etc/nsswitch.conf to /common/component/ucplatform/etc/nsswitch.conf|<LVL::Debug>
12/10/2013 14:37:57 network_files_migrate|Copy network configuration files complete|<LVL::Info>
12/10/2013 14:37:57 network_files_migrate|Export network configuration files complete|<LVL::Info>
12/10/2013 14:37:57 component_install|Search path is /common/refresh_upgrade/Cisco/ucplatform/scripts:/usr/local/cm/script|<LVL::Debug>
12/10/2013 14:37:57 component_install|Checking command /common/refresh_upgrade/Cisco/ucplatform/scripts/drf_migrate|<LVL::Debug>
12/10/2013 14:37:57 component_install|Execute "/common/refresh_upgrade/Cisco/ucplatform/scripts/drf_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform /usr/local/cm/ /common/log/install/capture.txt"|<LVL::Debug>
12/10/2013 14:37:57 component_install|Command execution for ucplatform component is complete|<LVL::Info>
12/10/2013 14:37:57 component_install|Command execution for ucplatform component RTMTFinish|<LVL::Notice>
12/10/2013 14:37:57 component_install|Initialize component data, mode refresh-upgrade|<LVL::Info>
12/10/2013 14:37:57 component_install|Initialize ucplatform_cluster "to" side version|<LVL::Info>
12/10/2013 14:37:57 component_install|Access "to" side API|<LVL::Debug>
12/10/2013 14:37:57 component_install|Got version 8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:37:57 component_install|Initialize ucplatform_cluster "to" side version complete|<LVL::Info>
12/10/2013 14:37:57 component_install|Initialize ucplatform_cluster "from" side version|<LVL::Info>
12/10/2013 14:37:57 component_install|Component ucplatform_cluster available on active side|<LVL::Debug>
12/10/2013 14:37:57 component_install|Access "from" side API|<LVL::Debug>
12/10/2013 14:37:57 component_install|Got version 8.5.1.10000-26|<LVL::Debug>
12/10/2013 14:37:57 component_install|Initialize ucplatform_cluster "from" side version complete|<LVL::Info>
12/10/2013 14:37:57 component_install|Initialize global data complete|<LVL::Info>
12/10/2013 14:37:57 component_install|Build the command list for ucplatform_cluster|<LVL::Info>
12/10/2013 14:37:57 component_install|Initialize command list|<LVL::Debug>
12/10/2013 14:37:57 component_install|Build ucplatform_cluster export phase commands|<LVL::Debug>
12/10/2013 14:37:57 component_install|Processing ucplatform_cluster export element|<LVL::Debug>
12/10/2013 14:37:57 component_install|Processing ucplatform_cluster script element|<LVL::Debug>
12/10/2013 14:37:57 component_install|Add "platform_sso_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform_cluster /usr/local/cm/ /common/log/install/capture.txt" to command list|<LVL::Debug>
12/10/2013 14:37:57 component_install|Building the command list for ucplatform_cluster is complete|<LVL::Info>
12/10/2013 14:37:57 component_install|Command execution for ucplatform_cluster component RTMTStart|<LVL::Notice>
12/10/2013 14:37:57 component_install|Execute commands in the command list for ucplatform_cluster component|<LVL::Info>
12/10/2013 14:37:57 component_install|Search path is /common/refresh_upgrade/Cisco/ucplatform_cluster/scripts:/usr/local/cm/script|<LVL::Debug>
12/10/2013 14:37:57 component_install|Checking command /common/refresh_upgrade/Cisco/ucplatform_cluster/scripts/platform_sso_migrate|<LVL::Debug>
12/10/2013 14:37:57 component_install|Execute "/common/refresh_upgrade/Cisco/ucplatform_cluster/scripts/platform_sso_migrate RU Export 8.6.2.21900-5 8.5.1.10000-26 /common/component/ucplatform_cluster /usr/local/cm/ /common/log/install/capture.txt"|<LVL::Debug>
12/10/2013 14:37:58 platform_sso_migrate|Source major version: 8|<LVL::Info>
12/10/2013 14:37:58 component_install|Command execution for ucplatform_cluster component is complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Command execution for ucplatform_cluster component RTMTFinish|<LVL::Notice>
12/10/2013 14:37:58 component_install|Initialize component data, mode refresh-upgrade|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize thirdparty "to" side version|<LVL::Info>
12/10/2013 14:37:58 component_install|Access "to" side API|<LVL::Debug>
12/10/2013 14:37:58 component_install|Got version 8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:37:58 component_install|Initialize thirdparty "to" side version complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize thirdparty "from" side version|<LVL::Info>
12/10/2013 14:37:58 component_install|Component thirdparty available on active side|<LVL::Debug>
12/10/2013 14:37:58 component_install|Access "from" side API|<LVL::Debug>
12/10/2013 14:37:58 component_install|Got version 8.5.1.10000-26|<LVL::Debug>
12/10/2013 14:37:58 component_install|Initialize thirdparty "from" side version complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize global data complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Build the command list for thirdparty|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize command list|<LVL::Debug>
12/10/2013 14:37:58 component_install|Build thirdparty export phase commands|<LVL::Debug>
12/10/2013 14:37:58 component_install|Processing thirdparty export element|<LVL::Debug>
12/10/2013 14:37:58 component_install|Building the command list for thirdparty is complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Command execution for thirdparty component RTMTStart|<LVL::Notice>
12/10/2013 14:37:58 component_install|Execute commands in the command list for thirdparty component|<LVL::Info>
12/10/2013 14:37:58 component_install|No commands to execute for thirdparty component|<LVL::Info>
12/10/2013 14:37:58 component_install|Command execution for thirdparty component is complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Command execution for thirdparty component RTMTFinish|<LVL::Notice>
12/10/2013 14:37:58 component_install|Initialize component data, mode refresh-upgrade|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize serviceability_core "to" side version|<LVL::Info>
12/10/2013 14:37:58 component_install|Access "to" side API|<LVL::Debug>
12/10/2013 14:37:58 component_install|Got version 8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:37:58 component_install|Initialize serviceability_core "to" side version complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize serviceability_core "from" side version|<LVL::Info>
12/10/2013 14:37:58 component_install|Component serviceability_core available on active side|<LVL::Debug>
12/10/2013 14:37:58 component_install|Access "from" side API|<LVL::Debug>
12/10/2013 14:37:58 component_install|Got version 8.5.1.10000-26|<LVL::Debug>
12/10/2013 14:37:58 component_install|Initialize serviceability_core "from" side version complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize global data complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Build the command list for serviceability_core|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize command list|<LVL::Debug>
12/10/2013 14:37:58 component_install|Build serviceability_core export phase commands|<LVL::Debug>
12/10/2013 14:37:58 component_install|Processing serviceability_core export element|<LVL::Debug>
12/10/2013 14:37:58 component_install|Building the command list for serviceability_core is complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Command execution for serviceability_core component RTMTStart|<LVL::Notice>
12/10/2013 14:37:58 component_install|Execute commands in the command list for serviceability_core component|<LVL::Info>
12/10/2013 14:37:58 component_install|No commands to execute for serviceability_core component|<LVL::Info>
12/10/2013 14:37:58 component_install|Command execution for serviceability_core component is complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Command execution for serviceability_core component RTMTFinish|<LVL::Notice>
12/10/2013 14:37:58 component_install|Initialize component data, mode refresh-upgrade|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize database "to" side version|<LVL::Info>
12/10/2013 14:37:58 component_install|Access "to" side API|<LVL::Debug>
12/10/2013 14:37:58 component_install|Got version 8.6.2.21900-5|<LVL::Debug>
12/10/2013 14:37:58 component_install|Initialize database "to" side version complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize database "from" side version|<LVL::Info>
12/10/2013 14:37:58 component_install|Component database available on active side|<LVL::Debug>
12/10/2013 14:37:58 component_install|Access "from" side API|<LVL::Debug>
12/10/2013 14:37:58 component_install|Got version 8.5.1.10000-26|<LVL::Debug>
12/10/2013 14:37:58 component_install|Initialize database "from" side version complete|<LVL::Info>
12/10/2013 14:37:58 component_install|Initialize global data complete|<LVL::Info>

hi gupta ,
admin:run sql car select * from tbl_event_log
Failed to get Connection.Connector(NOT CONNECTED: Driver=com.informix.jdbc.IfxDr                                                 iver;)
admin:run sql car select * from tbl_system_preferences
Failed to get Connection.Connector(NOT CONNECTED: Driver=com.informix.jdbc.IfxDriver;)
restarted the below sevices
Cisco CDR Agent
Cisco Database Layer Monitor
Cisco CDR Repository Manager
Cisco CAR                 Scheduler
Cisco SOAP - CDRonDemand                 Service
Cisco CAR Web                 Service
while accessing cdr reporting showing below error .
------------------------------------------WARNING-----------------------------------------
* Cluster wide parameter 'Call Diagnostics Enabled flag' is set to false. Hence no QoS information will be generated on calls. If required, please configure the same from service parameter page for Call Manager service.
* Problem in determining 2M/HWM breach status. Tbl_System_Preferences table might be corrupted. Please click on the 'Restore Defaults' button to update the table with default values.
* Tbl_System_Preferences table is corrupted. Please click on the 'Restore Defaults' button to update the table with default values.
* Problem in determining Loader Configuration. Tbl_System_Preferences table might be corrupted. Please click on the 'Restore Defaults' button to update the table with default values.
-------------------------------------------NOTICE------------------------------------------
* Problem in determining Billing Tables status. Please check the CAR DB for tables Tbl_Billing_Data and Tbl_Billing_Error.
* Problem in getting the Mail parameters. It might result in   mails/alerts/notifications not been sent to CAR Administrators. Please   configure this at CAR->System->System Parameters->Mail   Parameters.
* Mail id for 'ccmadmin' is not available. CAR Reports/Notifications/Alert Emails might not be able to sent to this user properly. Please configure a mail id in end user configuration page.
if we apllied Restore Defaults ,geting below error
Error Code
Error Description
30029
Direct access to this screen is not allowed.
and try to access system and data base , getting below error
Error Code
Error Description
10012
Database Error. Contact System Administrator.
Does any other way to avoid cdr and do the istallation .

Renewed Cert on ASA, Upgraded from AnyConnect 2.5 to 3.1

Similar Messages

Maybe you are looking for