10.4.11 Client connection issue to 10.6 server

Similar Messages

• Exchange 2010 SP3 Rollup 8v2 causes client connectivity issues

  I installed SP3 Rollup 8v2 this weekend, going from 7. Since then we are having random client connectivity issues. New profiles can't be created, and some users can't access resources when booking meetings. We can do a registry fix to their machines to add
  a DS Server, but this is a workaround only. I have uninstalled the Rollup 8v2 and we are still having the issue.
  I thought 8v2 was supposed to fix this issue!

  Hi,
  According to your post, I understand that outlook client cannot connect to Exchange server to configure profile and cannot get list of resources room when upgrade to Exchange 2010 SP3 Rollup 8v2, the temporary solution is that specify the DC in registry.
  If I misunderstand your concern, please do not hesitate to let me know.
  Is there error message when configure Outlook failed?
  Please run Test E-mail AutoConfiguration and Outlook connection status to double confirm the URL and FQDN of Exchange server.
  As additional, please run below command to double check the state of Exchange system component:
  Get-ServerComponentstate -Identity “servername”
  If the state is Inactive, please run below command to active relevant component:
  Set-ServerComponentState <Identity> -Component “component name” -Requester HealthAPI -State Active
  More details about Server Component States in Exchange, for your reference:
  http://blogs.technet.com/b/exchange/archive/2013/09/26/server-component-states-in-exchange-2013.aspx
  Thanks
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Allen Wang
  TechNet Community Support

• AIR-SAP1602I-N-K9 client connectivity issue

  Hi All,
  Using AIR-SAP1602I-N-K9 Autonomous mode and clients connect using the WEP authentication. the problem is any new laptops were unable to associate with the AP.
  I have ran dot11 debug for client.
  %DOT11-6-ASSOC: Interface Dot11Radio0, Station  7018.8bf7.6814 Associated KEY_MGMT[NONE]
  %DOT11-4-ENCRYPT_MISMATCH: Possible encryption key mismatch between interface Dot11Radio0 and station 7018.8bf7.6814
   %DOT11-6-DISASSOC: Interface Dot11Radio0, Deauthenticating Station 7018.8bf7.6814 Reason: Sending station has left the BSS
  but unable find the cause. any suggestion to find the cause.
  current :
  flash:/ap1g2-k9w7-mx.152-2.JB/ap1g2-k9w7-mx.152-2.JB
  Regards,
  Channa

  Using AIR-SAP1602I-N-K9 Autonomous mode and clients connect using the WEP authentication
  WEP is no longer treated as "SECURE". So move away from using WEP. Use WPA2-PSK instead.
  Here is a very basic sample configuration with single SSID
  conf t
  hostname <AP_HOSTNAME>
  dot11 ssid <SSID_NAME>
  authentication open
  authentication key-management wpa version 2
  guest-mode
  wpa-psk ascii <SSID_PASSWORD>
  interface Dot11Radio0
  encryption mode ciphers aes-ccm
  ssid <SSID_NAME>
  no shutdown
  interface Dot11Radio1
  encryption mode ciphers aes-ccm
  ssid <SSID_NAME>
  no shutdown
  interface BVI1
  ip address dhcp
  end
  write memory
  HTH
  Rasika
  **** Pls rate all useful responses ****

• How to get clients connected in WMS on windows server 2008 with c# coding

  Sorry to bother anyone about this question.
  Can anyone knows how to retrieve amount of client connection to Windows Media Server in real time same as WMS does on server console by c# programming ?
  I got logfiles of WMS in system32 directory for details but it must be off-line of all connections which will able to get those informations for doing anything,but in this case I want real time client connection
  at online when a client connects to WMS that I will get amout of that client also.
  I have tried to search Windows Media Service SDK to develop this on my Windows 7 OS,but I did not find that really.
  Can anyone knows this,please ?
  Regards,
  BigBerm

  Hi SYaGCi,
  Denis is right this is actually documented in the Supported Platforms Documentation:
  "Windows 7 and Windows Server 2008 R2 are new platform support additions in Service Pack 3 which are only available for support on the SP3 full release install of SAP BusinessObjects Enterprise. The SP3 patch only release of SAP BusinessObjects Enterprise does not provide support for these two new platforms."
  Kind regards,
  John

• WLC 5508 7.0.98.0 has vpn client connection issues

  Hi
  my guest ssid is set to L2 security none and L3 Web policy and authentication local. clients that need to connect to some vpn server (internet) are reporting disconnection issues with the vpn session but not the wireless network. as soon as they get connected via another wireless internet connection the vpn connection gets stable. that makes me thing is in deed the my wireless network the one causing issues.  is there a know issues with the web authentication WLAN and vpn clients?  no firewall in the middle.
  Exclusionlist.................................... Disabled
  Session Timeout.................................. Infinity
  CHD per WLAN..................................... Enabled
  Webauth DHCP exclusion........................... Disabled
  Interface........................................ xxxxxxxxxxxxxxxx
  WLAN ACL......................................... unconfigured
  DHCP Server...................................... Default
  DHCP Address Assignment Required................. Disabled
  --More or (q)uit current module or <ctrl-z> to abort
  Quality of Service............................... Bronze (background)
  Scan Defer Priority.............................. 4,5,6
  Scan Defer Time.................................. 100 milliseconds
  WMM.............................................. Allowed
  Media Stream Multicast-direct.................... Disabled
  CCX - AironetIe Support.......................... Enabled
  CCX - Gratuitous ProbeResponse (GPR)............. Disabled
  CCX - Diagnostics Channel Capability............. Disabled
  Dot11-Phone Mode (7920).......................... Disabled
  Wired Protocol................................... None
  IPv6 Support..................................... Disabled
  Passive Client Feature........................... Disabled
  Peer-to-Peer Blocking Action..................... Disabled
  Radio Policy..................................... All
  DTIM period for 802.11a radio.................... 1
  DTIM period for 802.11b radio.................... 1
  Radius Servers
     Authentication................................ Disabled
     Accounting.................................... Disabled
     Dynamic Interface............................. Disabled
  Local EAP Authentication......................... Disabled
  Security
     802.11 Authentication:........................ Open System
     Static WEP Keys............................... Disabled
     802.1X........................................ Disabled
     Wi-Fi Protected Access (WPA/WPA2)............. Disabled
     CKIP ......................................... Disabled
     Web Based Authentication...................... Enabled
          ACL............................................. Unconfigured
          Web Authentication server precedence:
          1............................................... local
     Web-Passthrough............................... Disabled
     Conditional Web Redirect...................... Disabled
     Splash-Page Web Redirect...................... Disabled
     Auto Anchor................................... Disabled
     H-REAP Local Switching........................ Disabled
     H-REAP Learn IP Address....................... Enabled
     Client MFP.................................... Optional but inactive (WPA2 not configured)
     Tkip MIC Countermeasure Hold-down Timer....... 60
  Call Snooping.................................... Disabled
  Roamed Call Re-Anchor Policy..................... Disabled
  Band Select...................................... Disabled
  Load Balancing................................... Disabled

  Thanks Scott,
  We have two controllers and all the APs (50) are associated with the primary Controller,what is the best path to follow for the upgrade.
  we don't have Field recoversy image installed on our controller, do we have to do the FSU upgrade?
  (Cisco Controller) >show sysinfo
  Manufacturer's Name.............................. Cisco Systems Inc.
  Product Name..................................... Cisco Controller
  Product Version.................................. 7.0.98.0
  Bootloader Version............................... 1.0.1
  Field Recovery Image Version..................... N/A
  Firmware Version................................. FPGA 1.3, Env 1.6, USB console                                                        1.27
  Build Type....................................... DATA + WPS
  System Name...................................... Airespace_01
  System Location..................................
  System Contact...................................
  System ObjectID.................................. 1.3.6.1.4.1.9.1.1069
  IP Address....................................... 10.0.0.201
  Last Reset....................................... Power on reset
  System Up Time................................... 9 days 2 hrs 57 mins 21 secs
  System Timezone Location......................... (GMT -6:00) Central Time (US and Canada)
  Current Boot License Level....................... base
  Current Boot License Type........................ Permanent
  Next Boot License Level.......................... base
  Next Boot License Type........................... Permanent
  Configured Country............................... Multiple Countries:US,CN,DE,TW,HK
  Is the below Upgrade Path make sense ?
  1. Upgrade the Primary controller and reboot- wait till all APs associate with primary controller and download the new image
  2. Upgrade the secondary controller and reboot
  3. Failover the APs to secondary controller and test
  Siddhartha

• AnyConnect Secure Mobility Client Connection Issue

  Hello all,
  I am specifically having issue of unable to connect do VPN using AnyConnect Secure Mobility Client. This issue is only happening on my Windows7 machine. All of this use to work before properly without any issue. All of sudden now I am getting below error when I initiate the AnyConnect client from last few days. The errors are as below in sequence:
  1) Posture Assessment Failed: Hotscan prelogin error
  2) An Error has occured while running HotScan. Please attempt to connect again
  Message HIstory shows below:
  Wed Feb 05 00:34:28 2014] Posture Assessment: Required for access
  [Wed Feb 05 00:34:28 2014] Posture Assessment: Checking for updates...
  [Wed Feb 05 00:34:30 2014] Posture Assessment: Updating...
  [Wed Feb 05 00:34:32 2014] Posture Assessment: Initiating...
  [Wed Feb 05 00:34:37 2014] Posture Assessment: Failed
  Wed Feb 05 00:34:28 2014] Posture Assessment: Required for access
  [Wed Feb 05 00:34:28 2014] Posture Assessment: Checking for updates...
  [Wed Feb 05 00:34:30 2014] Posture Assessment: Updating...
  [Wed Feb 05 00:34:32 2014] Posture Assessment: Initiating...
  [Wed Feb 05 00:34:37 2014] Posture Assessment: Failed
  Any idea whats causing this issue on my machine?
  Thanks,
  bws

  What are the prelogin checks specified in your dap.xml file? Verify your client meets those checks.

• Auto Discover Mobile Client Connectivity issue.

  I am currently working on getting mobility working for our lync environment.  I have followed online articles for setting up the mobility service and while I have not got a true reverse proxy put in place yet I have a question regarding the autodiscover.
  When I go to https://lyncdiscover.ourdomain.com/autodiscover/autodiscoverservice.aspx/root/sipuri=[email protected]
  I get the following results
  {"AccessLocation":"External","Root":{"Links":[{"href":"https:\/\/lyncfe-v01.ourdomain.local\/Autodiscover\/AutodiscoverService.svc\/root\/domain","token":"Domain"},{"href":"https:\/\/lyncfe-v01.ourdomain.local\/Autodiscover\/AutodiscoverService.svc\/root\/user","token":"User"}]}}The problem is that is our local internal URL not the external URL. I believe the setting comes from the Topology Builder under the Standard Front End Server for External web services FQDN as that is what is set there. My question is should that be changed to the FQDN of the edge server or the FQDN of the reverse proxy server? Also should that be the public ourdomain.com or remain the internal ourdomain.local?I hope this makes sense. I am just taking this piece by piece as I was hoping to get my android phone working internally on Wifi at the very least.Also for testing purposes I just pointed our firewall and setup nat from 80 -> 8080 and 443 -> 4443 to test that the external website was working and it is that is how I was able to get the auto discover information. I know this is not secure or ideal I am simply taking this one step at a time to ensure I get this working properly.Thank you for everyone's help.
  KK

  Ok update on my progress.
  we updated our UCC certificate that we bought for our edge server.  That certificate had the following in it
  sip.ourdomain.com
  webconf.ourdomain.com
  we added
  dialin.ourdomain.com
  meet.ourdomain.com
  lyncdiscover.ourdomain.com
  I left the External Web Services FQDN as lyncdiscover.ourdomain.com
  I then put that cert on the Reverse Proxy server.  I then tested using testconnectivity.microsoft.com and the autodiscover test and everything passed.  This is the good news.
  Now the bad.
  When I run the connectivity test if I manually select the server and put in sip.ourdomain.com and choose port 5061 the test passes but if I choose port 443 which apparently the mobile clients use as I do not see a spot to change that at it fails stating
  that 
  The SSL certificate failed one or more certificate validation checks.
  The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
  Elapsed Time: 192 ms.
  I checked the External Cert on the edge server and sip.ourdomain.com and webconf.ourdomain.com are listed.
  The Edge Pool has been configured to have SIP Access, Web Conf service and A/V service all point to sip.ourdomain.com using ports 5061, 444, 443
  Can someone point to me what I have setup incorrectly?
  This seems like I am very close to actually having this working.  Almost like I can see the light.
  Thank you,
  KK

• AnyConnenct Secure Mobility Client connect issue

  Hello
  i am getting the following message if i try to connect to the customer network via the AnyConnect VPN Client 3.1.06073:
  "The VPN connection was terminated to enforce a newly determinated tunnel MTU and could not be automatically re-istablished. A new connection is necessary, which requires re-authentification."
  If i try to reconnect, i am getting the same message again.
  How i can fix it?
  my notebook configuration:
  lenovo t440s
  Windows 8.1 64bit
  Only Windows Firewall is active.
  I can succesfully connect to the same customer network from my another notebook with Windows 7.
  Thanks
  Dimi

  Hi,
  I hope those link can help you ;)
  http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116881-technote-anyconnect-00.html
  https://supportforums.cisco.com/discussion/11159936/cisco-anyconnect-vpn-client-keeps-reconnecting
  Br,
  Mustapha

• Client connection issue

  Hi, I have a client who has a problem when trying to publish
  with Contribute
  He can edit a page with no problem but when he tries to
  publish his changes, he gets the message:
  the server may be down or not responding
  He has all the relevant information for connection, the key
  etc and i can publish with no problems?
  Has anyone got any ideas on this as its been going on for
  nearly a year now
  He has tried this from work and also from home with the same
  result
  Cheers
  Cass

  If a specific FTP account has been used in establishing a
  manual Contribute connection, then check that the FTP account has
  sufficient privileges on the server, i.e. it should have Read,
  Write, Append, Delete Files and List, Create, Remove Directories
  etc.
  Rgds
  lukaro

• Lion server/Mountain Lion client connection issue

  I am trying to set up our work Lion Server to use open directory. The DNS settings are fine on the server side but the Mountain Lion clients cannot bind to the server. We are hoping to get a static IP soon so the directors can access the network remotely but I want to get this cracked before I take that step.
  The server was set up normally as far as I'm aware (I didn't set it up).
  I'm wondering if I upgrade the server to Mountain Lion if that will help, it seems as though open directory is easier to manage wit ML. Would I need to reinstall server and start from scratch?
  Any help much appreciated, excuse my ignorance I am a bit of a novice but do have some experience.

  After force Quit the option Notes is not marked in the new configured Profile. I check it in a new VM and fresh clean install and have the same problem.
  If is it not marked, the Sync not with the Server and save only localy.
  Have you check it with an other Mac or Device too?

• 64 bits client connecting to a 32 bits server

  I need to know if connecting a 64 bits client to a 32 bits server is possible and if there is any issue with that ?

  There should not be any issue as long as client and server version are compatible.
  check metalink
  Client / Server / Interoperability Support Between Different Oracle Versions
  Doc ID: Note:207303.1
  Client/Server interoperability is only limited by the version of them not platform and 32bit/64bit.

• Locked folders for 10.4.7 clients connecting to 10.3.9 server

  I'm not sure if this is a 10.4.7 client issue, or a 10.3.9 server issue.
  I recently upgraded several clients to 10.4.7. They connect to my server which is 10.3.9. When connecting via AFP from my 10.4.7 clients, several folders would display the "Lock" on the folder icon and I would not have permissions to add a new file to that folder. If I connected from a 10.4.5 or earlier client (I did not have any 10.4.6 clients), the folder would not appear to be locked and I would be able to create a new file in that folder. SMB connection works fine from 10.4.7 client. The folder did not appear to be locked from the 10.3.9 server when I logged on locally to the server.
  The only way to resolve this was to connect remotely to the server from my 10.4.7 client and remove the check next to Locked in the GetInfo window of each folder that was affected, as long as I was the owner of the folder.
  Any thoughts on way this may have occurred? I'm looking for a more global fix.

  Having the same issue here.
  Working on a 10.3.9 fileserver, the 10.4.5 clients have no problems. The problem occured when updating to 10.4.6.
  It has something to do with newer AppleShare components in 10.4.6.
  Now we're using a work-around on the updated machines, it's described here as a solution for PhotoShop-problems, but it worked for our problem too.
  http://www.adobe.com/support/techdocs/333037.html
  On our 10.4.5 machines we're still waiting with updating untill this issue is solved. (If it ever will be). Else i think we'll need to upgrade our server.
  G5   Mac OS X (10.4.6)  

• VPN client connect to CISCO 887 VPN Server bat they stop at router!!

  Hi
  my scenario is as follows
  SERVER1 on lan (192.168.5.2/24)
  |
  |
  CISCO-887 (192.168.5.4) with VPN server
  |
  |
  INTERNET
  |
  |
  VPN Cisco client on xp machine
  My connection have public ip address assegned by ISP, after ppp login.
  I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
  All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
  But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN.
  They can ping only router!!!
  They are configured with Cisco VPN client (V5.0.007) with "Enabled Trasparent Tunnelling" and "IPSec over UDP NAT/PAT".
  What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
  Peraps ACL problem?
  Building configuration...
  Current configuration : 5019 bytes
  ! Last configuration change at 05:20:37 UTC Tue Apr 24 2012 by adm
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname gate
  boot-start-marker
  boot-end-marker
  no logging buffered
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authentication login ciscocp_vpn_xauth_ml_2 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa authorization network ciscocp_vpn_group_ml_2 local
  aaa session-id common
  memory-size iomem 10
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-453216506
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-453216506
  revocation-check none
  rsakeypair TP-self-signed-453216506
  crypto pki certificate chain TP-self-signed-453216506
  certificate self-signed 01
          quit
  ip name-server 212.216.112.222
  ip cef
  no ipv6 cef
  password encryption aes
  license udi pid CISCO887VA-K9 sn ********
  username adm privilege 15 secret 5 *****************
  username user1 secret 5 ******************
  controller VDSL 0
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group EXTERNALS
  key 6 *********\*******
  dns 192.168.5.2
  wins 192.168.5.2
  domain domain.local
  pool SDM_POOL_1
  save-password
  crypto isakmp profile ciscocp-ike-profile-1
     match identity group EXTERNALS
     client authentication list ciscocp_vpn_xauth_ml_2
     isakmp authorization list ciscocp_vpn_group_ml_2
     client configuration address respond
     virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA1
  set isakmp-profile ciscocp-ike-profile-1
  interface Loopback0
  ip address 10.10.10.10 255.255.255.0
  interface Ethernet0
  no ip address
  shutdown
  interface ATM0
  no ip address
  no atm ilmi-keepalive
  interface ATM0.1 point-to-point
  pvc 8/35
    encapsulation aal5snap
    protocol ppp dialer
    dialer pool-member 1
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface Virtual-Template1 type tunnel
  ip unnumbered Dialer0
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  interface Vlan1
  ip address 192.168.5.4 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nat inside
  ip virtual-reassembly in
  interface Dialer0
  ip address negotiated
  ip nat outside
  ip virtual-reassembly in
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname ******@*******.****
  ppp chap password 0 alicenewag
  ppp pap sent-username ******@*******.**** password 0 *********
  ip local pool SDM_POOL_1 192.168.5.20 192.168.5.50
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip nat inside source list 1 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  access-list 1 remark INSIDE_IF=Vlan1
  access-list 1 remark CCP_ACL Category=2
  access-list 1 permit 192.168.5.0 0.0.0.255
  access-list 100 remark CCP_ACL Category=4
  access-list 100 permit ip 192.168.5.0 0.0.0.255 any
  dialer-list 1 protocol ip permit
  line con 0
  line aux 0
  line vty 0 4
  transport input all
  end

  Hello,
  Your pool of VPN addresses is overlapping with the interface vlan1.
  Since proxy-arp is disabled on that interface, it will never work
  2 solutions
  1- Pool uses a different network than 192.168.5
  2- Enable ip proxy-arp on interface vlan1
  Cheers,
  Olivier

• VPN client connect to CISCO 887 VPN Server but I can't ping Local LAN

  Hi
  my scenario is as follows
  SERVER1 on lan (192.168.1.4)
  |
  |
  CISCO-887 (192.168.1.254)
  |
  |
  INTERNET
  |
  |
  VPN Cisco client on windows 7 machine
  My connection have public ip address assegned by ISP, after ppp login.
  I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
  All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
  But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN. I can't even ping the gateway 192.168.1.254
  I'm using Cisco VPN client (V5.0.07) with "IPSec over UDP NAT/PAT".
  What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
  Perhaps ACL problem?
  Building configuration...
  Current configuration : 4921 bytes
  ! Last configuration change at 14:33:06 UTC Sun Jan 26 2014 by NetasTest
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname TestLab
  boot-start-marker
  boot-end-marker
  enable secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw
  aaa new-model
  aaa authentication login default local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authentication login ciscocp_vpn_xauth_ml_2 local
  aaa authorization exec default local
  aaa authorization network ciscocp_vpn_group_ml_1 local
  aaa authorization network ciscocp_vpn_group_ml_2 local
  aaa session-id common
  memory-size iomem 10
  crypto pki trustpoint TP-self-signed-3013130599
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3013130599
  revocation-check none
  rsakeypair TP-self-signed-3013130599
  crypto pki certificate chain TP-self-signed-3013130599
  certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33303133 31333035 3939301E 170D3134 30313236 31333333
  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30313331
  33303539 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100A873 940DE7B9 112D7C1E CEF53553 ED09B479 24721449 DBD6F559 1B9702B7
  9087E94B 50CBB29F 6FE9C3EC A244357F 287E932F 4AB30518 08C2EAC1 1DF0C521
  8D0931F7 6E7F7511 7A66FBF1 A355BB2A 26DAD318 5A5A7B0D A261EE22 1FB70FD1
  C20F1073 BF055A86 D621F905 E96BD966 A4E87C95 8222F1EE C3627B9A B5963DCE
  AE7F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14E37481 4AAFF252 197AC35C A6C1E8E1 E9DF5B35 27301D06
  03551D0E 04160414 E374814A AFF25219 7AC35CA6 C1E8E1E9 DF5B3527 300D0609
  2A864886 F70D0101 05050003 81810082 FEE61317 43C08637 F840D6F8 E8FA11D5
  AA5E49D4 BA720ECB 534D1D6B 1A912547 59FED1B1 2B68296C A28F1CD7 FB697048
  B7BF52B8 08827BC6 20B7EA59 E029D785 2E9E11DB 8EAF8FB4 D821C7F5 1AB39B0D
  B599ECC1 F38B733A 5E46FFA8 F0920CD8 DBD0984F 2A05B7A0 478A1FC5 952B0DCC
  CBB28E7A E91A090D 53DAD1A0 3F66A3
  quit
  no ip domain lookup
  ip cef
  no ipv6 cef
  license udi pid CISCO887VA-K9 sn ***********
  username ******* secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw
  username ******* secret 4 Qf/16YMe96arcCpYI46YRa.3.7HcUGTBeJB3ZyRxMtE
  controller VDSL 0
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp client configuration group EXTERNALS
  key NetasTest
  dns 8.8.4.4
  pool VPN-Pool
  acl 120
  crypto isakmp profile ciscocp-ike-profile-1
  match identity group EXTERNALS
  client authentication list ciscocp_vpn_xauth_ml_2
  isakmp authorization list ciscocp_vpn_group_ml_2
  client configuration address respond
  virtual-template 1
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  mode tunnel
  crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
  mode tunnel
  crypto ipsec profile CiscoCP_Profile1
  set transform-set ESP-3DES-SHA1
  set isakmp-profile ciscocp-ike-profile-1
  interface Ethernet0
  no ip address
  shutdown
  interface ATM0
  no ip address
  no atm ilmi-keepalive
  hold-queue 224 in
  pvc 8/35
  pppoe-client dial-pool-number 1
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface Virtual-Template1 type tunnel
  ip address 192.168.2.1 255.255.255.0
  tunnel mode ipsec ipv4
  tunnel protection ipsec profile CiscoCP_Profile1
  interface Vlan1
  ip address 192.168.1.254 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  ip tcp adjust-mss 1452
  interface Dialer0
  ip address negotiated
  ip mtu 1452
  ip nat outside
  ip virtual-reassembly in
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname ****
  ppp chap password 0 *********
  ppp pap sent-username ****** password 0 *******
  no cdp enable
  ip local pool VPN-Pool 192.168.2.210 192.168.2.215
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip nat inside source list 100 interface Dialer0 overload
  ip route 0.0.0.0 0.0.0.0 Dialer0
  access-list 100 remark
  access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  access-list 100 remark
  access-list 100 permit ip 192.168.1.0 0.0.0.255 any
  access-list 120 remark
  access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  line con 0
  exec-timeout 5 30
  password ******
  no modem enable
  line aux 0
  line vty 0 4
  password ******
  transport input all
  end
  Best Regards,

  I've updated ios to c870-advipservicesk9-mz.124-24.T8.bin  and tried to ping from rv320 to 871 and vice versa. Ping stil not working.
  router#sh crypto session detail 
  Crypto session current status
  Code: C - IKE Configuration mode, D - Dead Peer Detection     
  K - Keepalives, N - NAT-traversal, T - cTCP encapsulation     
  X - IKE Extended Authentication, F - IKE Fragmentation
  Interface: Dialer0
  Uptime: 00:40:37
  Session status: UP-ACTIVE     
  Peer: 93.190.178.205 port 500 fvrf: (none) ivrf: (none)
        Phase1_id: 192.168.1.100
        Desc: (none)
    IKE SA: local 93.190.177.103/500 remote 93.190.178.205/500 Active 
            Capabilities:(none) connid:2001 lifetime:07:19:22
    IPSEC FLOW: permit ip 10.1.1.0/255.255.255.0 10.1.2.0/255.255.255.0 
          Active SAs: 4, origin: dynamic crypto map
          Inbound:  #pkts dec'ed 0 drop 30 life (KB/Sec) 4500544/1162
          Outbound: #pkts enc'ed 5 drop 0 life (KB/Sec) 4500549/1162

• Lync 2010 client connecting to 2013 persistent chat server

  Since we never had Group Chat in our 2010 environment, I have no idea how it works and now that we have 2013 Persistent Chat, I am struggling with getting the Lync 2010 connected. The 2013 client works just fine as it is integrated into the client. I found
  out Lync 2010 needs a separate Chat client to run along side the IM client.
  I installed this client but from there I have no idea how to connect it to the 2013 Chat server. I created the endpoint on the Lync 2013 server according to the article
  http://technet.microsoft.com/en-us/library/jj204901.aspx but something else needs to be done. I just don't know what. Not even sure where to start looking. Many of our Lync clients have
  to use 2010 because the OS is XP so I need to find out how to get these users to work with Persistent Chat.
  I am not sure what the point is of creating the End point according to the article. I am sure its necessary but not sure how it fits into the clients using it to connect. What does the article mean when it says "Next, configure Persistent Chat clients
  to use that SIP address as their contact object". Do you need Group Chat functioning in 2010 for this to even work?
  The problem is we never had Group Chat with 2010 so I am sure there are some settings missing like DNS records etc...

  If you have users running legacy clients (such as Microsoft Lync 2010 these users might find the default Persistent Chat URIs difficult to work with and difficult to use when pointing their legacy client towards the pool. Because of this,
  administrators need to use the New-CsPersistentChatEndpoint cmdlet to create an additional contact object for the pool, a contact object that provides a friendlier, easier-to-use URI.
  Lisa Zheng
  TechNet Community Support