Acl-100
if you create 100 acl with in that 100 acl we need to create new acl middle of that 100 acl how can you write acl middle of acl with out over write before create acl
In configuration mode, use the command "ip access-list extended 100". Then add your access-list lines specifiying a sequence number that inserts them in the desired location.
Reference:
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml#editacls
(Please scroll down to "Example1" in that linked document.)
Similar Messages
-
Hi all,
I have 2 routers connected and trying to make teh GRE come up over IPSEC, and i think my issue is lying with the ACL.
They are running old versions of IOS, and as such i need to have the crypto map on both the tunnel and physical interfaces.
I have tried 2 different ACL's.
ACL 100 - is an any any "catch all" list.
ACL 101 - is the typical GRE host to host list.
What i expect is that ALL traffic will be encrypted over this link.
Do I have the wrong impression? Maybe this is my issue.
When IPSEC is deployed on its own, everything is encrypted.
ACL 100 - What i see are :-
OSPF is not encrypted
PING's between the physical interfaces are encrypted and get through fine
PING's between the tunnel interfaces do not get through and are not answered
CHANGE to ACL 101
OSPF is not encrypted
PING's between the physical interfaces are not encrypted and get through fine
PING's between the tunnel interfaces are encrypted and get through fine
Config enclosed of the 2 routers.
It may be my expectation that everything would be encrypted.
Or else its my ACL.
The ACL is supposed to tell the router what traffic is to be encrypted. That is why i cannot see how the host to host GRE ACL would work for anything other than tunnel to tunnel traffic.
Appreciate any feedback.ACL 101 (access-list 101 permit gre host 10.1.1.1 host 10.1.1.2) is appropriate, and should result in the encapsulation (GRE and then IPSec) of site-to-site traffic routed through the tunnel interface.
Your Ethernet0 interfaces have not been rendered passive (passive-interface Ethernet0) in your OSPF config. I would not expect these OSPF packets to be encapsulated. Are your routers not then receiving topology information from both paths (via the tunnel and Ethernet0 interfaces)?
I think you should render Ethernet0 interfaces as passive so that routing info only comes through the IPSec + GRE tunnel.
Seeing the routing tables would be more beneficial than the "sh ip ospf neighbor" output.
Other than the application of the crypto map on the tunnel interface, the non-passive OSPF status of the Ethernet0 interfaces, and the fact that I am using an ESP transform in "Transport Mode", your config is much like my own. -
interface vlan 5
ip address 192.168.1.1 255.255.255.255
ip access-group 101 in
ip access-group 102 out
interface vlan 6
ip address 10.2.1.1 255.255.255.0
access-list 101 permit ip 192.168.1.0 255.255.255.0 10.2.1.0 255.255.255.0
access-list 102 permit 10.2.1.0 255.255.255.0 192.168.1.0 255.255.255.0
which means 101 says that vlan 5 will permit vlan 6 inside & 102 says that vlan 5 will reach vlan 6 out
can i use in this mannaer
access-list 101 10.2.1.0 0.0.0.255
access-list 102 192.168.1.0 0.0.0.255
is that the same?I suppose you are referring to standard ACLs, in which case the ACL number has to be below 100 (1 through 99).
The standard ACL only checks against the source address, whereas the extended ACL (100 through 199)checks both the source and destination. Extnded ACL is a lot more powerful since it allows to specify the protocol, source and destination protocol ports, etc. etc.
Hope this helps, -
Didn't update for so long, and now "Kernel is too old"
I had a pacman -Syu after a long time and now the system is completely unusable:
# ls
FATAL: kernel too old
# cat
FATAL: kernel too old
Since I can't even cat the logs, I'll paste the screen report of the installation:
# pacman -Syu
:: Synchronizing package databases...
core 36.6K 84.6K/s 00:00:00 [#######################################################] 100%
extra 461.2K 177.4K/s 00:00:03 [#######################################################] 100%
community-testing 12.6K 87.8K/s 00:00:00 [#######################################################] 100%
community 417.8K 263.1K/s 00:00:02 [#######################################################] 100%
archlinuxfr 26.3K 117.2K/s 00:00:00 [#######################################################] 100%
:: The following packages should be upgraded first :
pacman
:: Do you want to cancel the current operation
:: and upgrade these packages now? [Y/n]
resolving dependencies...
looking for inter-conflicts...
Targets (1): pacman-3.4.2-1
Total Download Size: 0.69 MB
Total Installed Size: 2.39 MB
Proceed with installation? [Y/n]
:: Retrieving packages from core...
pacman-3.4.2-1-x86_64 708.0K 418.4K/s 00:00:02 [#######################################################] 100%
checking package integrity...
(1/1) checking for file conflicts [#######################################################] 100%
(1/1) upgrading pacman [#######################################################] 100%
# pacman -Syu
:: Synchronizing package databases...
core is up to date
extra is up to date
community-testing is up to date
community is up to date
archlinuxfr is up to date
:: Starting full system upgrade...
warning: ruby: ignoring package upgrade (1.9.1_p429-1 => 1.9.2_p136-2)
resolving dependencies...
looking for inter-conflicts...
Targets (109): linux-api-headers-2.6.36.2-1 tzdata-2010o-1 glibc-2.12.2-2 attr-2.4.44-2 acl-2.2.49-2 ncurses-5.7-4 readline-6.1.002-2 bash-4.1.009-3
gdbm-1.8.3-8 gcc-libs-4.5.2-4 db-5.1.19-3 zlib-1.2.5-3 cracklib-2.8.18-1 pam-1.1.3-1 gmp-5.0.1-2 libcap-2.19-2 coreutils-8.9-1
perl-5.12.2-1 automake-1.11.1-2 binutils-2.21-2 run-parts-3.4.1-1 openssl-1.0.0.c-1 findutils-4.4.2-3 sed-4.2.1-3
ca-certificates-20090814+nmu2-1 cloog-ppl-0.15.10-2 libusb-1.0.8-1 libusb-compat-0.1.3-1 pcre-8.12-1 glib2-2.26.1-1
module-init-tools-3.12-2 pciutils-3.1.7-2 udev-165-1 device-mapper-2.02.79-1 popt-1.16-3 cryptsetup-1.2.0-1 curl-7.21.3-1
dash-0.5.6.1-2 dhcpcd-5.2.9-1 diffutils-3.0-2 e2fsprogs-1.41.14-1 elfutils-0.150-1 expat-2.0.1-6 filesystem-2010.12-1
fakeroot-1.14.5-1 file-5.05-1 freetype2-2.4.4-2 gawk-3.1.8-2 mpfr-3.0.0.p8-1 libmpc-0.8.2-3 gcc-4.5.2-4 gen-init-cpio-2.6.36-1
perl-error-0.17016-2 git-1.7.3.5-2 gzip-1.4-2 texinfo-4.13a-5 groff-1.21-1 hdparm-9.36-1 sqlite3-3.7.4-1 libsasl-2.1.23-5
libldap-2.4.23-1 heimdal-1.3.3-4 tar-1.25-1 libtool-2.4-2 libsm-1.2.0-1 xproto-7.0.20-1 libx11-1.4.1-1 libxt-1.0.9-1 libxext-1.2.0-1
imagemagick-6.6.6.10-2 inetutils-1.8-2 initscripts-2010.07-2 iptables-1.4.10-1 irssi-0.8.15-4 jfsutils-1.1.14-2 less-436-2
libjpeg-8.3.0-1 libmysqlclient-5.1.54-1 libpcap-1.1.1-2 libpng-1.4.5-1 libxdmcp-1.1.0-1 libxml2-2.7.8-1 lzo2-2.04-1 man-db-2.5.9-1
man-pages-3.32-1 mlocate-0.23.1-2 mysql-clients-5.1.54-1 mysql-5.1.54-1 nano-2.2.6-1 nginx-0.8.54-1 libedit-20090923_3.0-1
openssh-5.6p1-2 pacman-mirrorlist-20101223-1 patch-2.6.1-2 php-5.3.5-1 php-cgi-5.3.5-1 php-curl-5.3.5-1 php-gd-5.3.5-1
pkg-config-0.25-3 procinfo-ng-2.0.304-2 procps-3.2.8-3 python-3.1.3-1 reiserfsprogs-3.6.21-3 screen-4.0.3-10 sdparm-1.06-1
sudo-1.7.4.p6-1 syslog-ng-3.2.1-1 usbutils-001-2 which-2.20-4
Total Download Size: 112.34 MB
Total Installed Size: 619.29 MB
Proceed with installation? [Y/n]
:: Retrieving packages from core...
linux-api-headers-2.6.36.2-1-x86_64 542.1K 341.4K/s 00:00:02 [#######################################################] 100%
tzdata-2010o-1-x86_64 179.8K 154.4K/s 00:00:01 [#######################################################] 100%
glibc-2.12.2-2-x86_64 7.2M 1509.9K/s 00:00:05 [#######################################################] 100%
attr-2.4.44-2-x86_64 63.6K 117.8K/s 00:00:01 [#######################################################] 100%
acl-2.2.49-2-x86_64 132.6K 154.9K/s 00:00:01 [#######################################################] 100%
ncurses-5.7-4-x86_64 918.1K 518.1K/s 00:00:02 [#######################################################] 100%
readline-6.1.002-2-x86_64 289.0K 200.7K/s 00:00:01 [#######################################################] 100%
bash-4.1.009-3-x86_64 715.9K 202.9K/s 00:00:04 [#######################################################] 100%
gdbm-1.8.3-8-x86_64 35.5K 86.9K/s 00:00:00 [#######################################################] 100%
gcc-libs-4.5.2-4-x86_64 594.4K 373.4K/s 00:00:02 [#######################################################] 100%
db-5.1.19-3-x86_64 1085.7K 695.9K/s 00:00:02 [#######################################################] 100%
zlib-1.2.5-3-x86_64 78.2K 141.7K/s 00:00:01 [#######################################################] 100%
cracklib-2.8.18-1-x86_64 238.4K 238.4K/s 00:00:01 [#######################################################] 100%
pam-1.1.3-1-x86_64 618.8K 419.2K/s 00:00:01 [#######################################################] 100%
gmp-5.0.1-2-x86_64 422.9K 339.9K/s 00:00:01 [#######################################################] 100%
libcap-2.19-2-x86_64 32.7K 87.8K/s 00:00:00 [#######################################################] 100%
coreutils-8.9-1-x86_64 2009.9K 1144.5K/s 00:00:02 [#######################################################] 100%
perl-5.12.2-1-x86_64 12.5M 1471.6K/s 00:00:09 [#######################################################] 100%
automake-1.11.1-2-any 524.8K 381.4K/s 00:00:01 [#######################################################] 100%
binutils-2.21-2-x86_64 3.2M 772.0K/s 00:00:04 [#######################################################] 100%
run-parts-3.4.1-1-x86_64 7.8K 62.6K/s 00:00:00 [#######################################################] 100%
openssl-1.0.0.c-1-x86_64 3.6M 758.0K/s 00:00:05 [#######################################################] 100%
findutils-4.4.2-3-x86_64 370.3K 329.4K/s 00:00:01 [#######################################################] 100%
sed-4.2.1-3-x86_64 108.7K 175.3K/s 00:00:01 [#######################################################] 100%
ca-certificates-20090814+nmu2-1-any 108.8K 173.2K/s 00:00:01 [#######################################################] 100%
cloog-ppl-0.15.10-2-x86_64 112.6K 181.6K/s 00:00:01 [#######################################################] 100%
libusb-1.0.8-1-x86_64 42.8K 113.9K/s 00:00:00 [#######################################################] 100%
libusb-compat-0.1.3-1-x86_64 12.8K 94.2K/s 00:00:00 [#######################################################] 100%
pcre-8.12-1-x86_64 511.0K 325.0K/s 00:00:02 [#######################################################] 100%
glib2-2.26.1-1-x86_64 1527.8K 560.8K/s 00:00:03 [#######################################################] 100%
module-init-tools-3.12-2-x86_64 348.8K 245.6K/s 00:00:01 [#######################################################] 100%
pciutils-3.1.7-2-x86_64 219.6K 191.2K/s 00:00:01 [#######################################################] 100%
udev-165-1-x86_64 229.1K 249.0K/s 00:00:01 [#######################################################] 100%
device-mapper-2.02.79-1-x86_64 119.2K 138.6K/s 00:00:01 [#######################################################] 100%
popt-1.16-3-x86_64 58.7K 117.4K/s 00:00:01 [#######################################################] 100%
cryptsetup-1.2.0-1-x86_64 87.6K 164.7K/s 00:00:01 [#######################################################] 100%
dash-0.5.6.1-2-x86_64 69.5K 120.6K/s 00:00:01 [#######################################################] 100%
dhcpcd-5.2.9-1-x86_64 61.3K 112.7K/s 00:00:01 [#######################################################] 100%
diffutils-3.0-2-x86_64 274.7K 241.0K/s 00:00:01 [#######################################################] 100%
e2fsprogs-1.41.14-1-x86_64 571.1K 389.0K/s 00:00:01 [#######################################################] 100%
elfutils-0.150-1-x86_64 551.5K 294.0K/s 00:00:02 [#######################################################] 100%
expat-2.0.1-6-x86_64 103.8K 163.2K/s 00:00:01 [#######################################################] 100%
filesystem-2010.12-1-any 4.1K infG/s 00:00:00 [#######################################################] 100%
fakeroot-1.14.5-1-x86_64 47.0K 126.4K/s 00:00:00 [#######################################################] 100%
file-5.05-1-x86_64 196.5K 224.3K/s 00:00:01 [#######################################################] 100%
gawk-3.1.8-2-x86_64 686.5K 445.8K/s 00:00:02 [#######################################################] 100%
mpfr-3.0.0.p8-1-x86_64 324.4K 289.6K/s 00:00:01 [#######################################################] 100%
libmpc-0.8.2-3-x86_64 61.0K 122.1K/s 00:00:01 [#######################################################] 100%
gcc-4.5.2-4-x86_64 16.3M 1620.9K/s 00:00:10 [#######################################################] 100%
gen-init-cpio-2.6.36-1-x86_64 5.6K 45.3K/s 00:00:00 [#######################################################] 100%
gzip-1.4-2-x86_64 73.4K 146.8K/s 00:00:01 [#######################################################] 100%
texinfo-4.13a-5-x86_64 674.1K 492.7K/s 00:00:01 [#######################################################] 100%
groff-1.21-1-x86_64 2.4M 1065.6K/s 00:00:02 [#######################################################] 100%
hdparm-9.36-1-x86_64 64.2K 128.5K/s 00:00:01 [#######################################################] 100%
sqlite3-3.7.4-1-x86_64 362.7K 323.8K/s 00:00:01 [#######################################################] 100%
libsasl-2.1.23-5-x86_64 87.4K 139.2K/s 00:00:01 [#######################################################] 100%
libldap-2.4.23-1-x86_64 357.3K 319.0K/s 00:00:01 [#######################################################] 100%
heimdal-1.3.3-4-x86_64 1874.8K 935.5K/s 00:00:02 [#######################################################] 100%
tar-1.25-1-x86_64 559.6K 411.4K/s 00:00:01 [#######################################################] 100%
libtool-2.4-2-x86_64 377.7K 261.6K/s 00:00:01 [#######################################################] 100%
inetutils-1.8-2-x86_64 275.1K 218.4K/s 00:00:01 [#######################################################] 100%
initscripts-2010.07-2-x86_64 14.2K 47.8K/s 00:00:00 [#######################################################] 100%
iptables-1.4.10-1-x86_64 253.9K 218.9K/s 00:00:01 [#######################################################] 100%
jfsutils-1.1.14-2-x86_64 166.5K 176.4K/s 00:00:01 [#######################################################] 100%
less-436-2-x86_64 87.4K 121.4K/s 00:00:01 [#######################################################] 100%
libpcap-1.1.1-2-x86_64 174.9K 193.5K/s 00:00:01 [#######################################################] 100%
lzo2-2.04-1-x86_64 59.0K 107.6K/s 00:00:01 [#######################################################] 100%
man-db-2.5.9-1-x86_64 433.1K 250.6K/s 00:00:02 [#######################################################] 100%
man-pages-3.32-1-any 4.3M 1198.4K/s 00:00:04 [#######################################################] 100%
mlocate-0.23.1-2-x86_64 74.8K 103.9K/s 00:00:01 [#######################################################] 100%
nano-2.2.6-1-x86_64 300.9K 232.2K/s 00:00:01 [#######################################################] 100%
libedit-20090923_3.0-1-x86_64 184.4K 205.8K/s 00:00:01 [#######################################################] 100%
openssh-5.6p1-2-x86_64 507.2K 320.2K/s 00:00:02 [#######################################################] 100%
pacman-mirrorlist-20101223-1-any 2.1K infG/s 00:00:00 [#######################################################] 100%
patch-2.6.1-2-x86_64 61.1K 116.6K/s 00:00:01 [#######################################################] 100%
pkg-config-0.25-3-x86_64 30.5K 82.0K/s 00:00:00 [#######################################################] 100%
procinfo-ng-2.0.304-2-x86_64 39.9K 99.8K/s 00:00:00 [#######################################################] 100%
procps-3.2.8-3-x86_64 166.1K 190.4K/s 00:00:01 [#######################################################] 100%
reiserfsprogs-3.6.21-3-x86_64 211.8K 212.7K/s 00:00:01 [#######################################################] 100%
sdparm-1.06-1-x86_64 82.0K 164.0K/s 00:00:01 [#######################################################] 100%
sudo-1.7.4.p6-1-x86_64 315.5K 316.8K/s 00:00:01 [#######################################################] 100%
syslog-ng-3.2.1-1-x86_64 238.2K 237.3K/s 00:00:01 [#######################################################] 100%
usbutils-001-2-x86_64 163.9K 219.1K/s 00:00:01 [#######################################################] 100%
which-2.20-4-x86_64 13.7K 110.6K/s 00:00:00 [#######################################################] 100%
:: Retrieving packages from extra...
curl-7.21.3-1-x86_64 437.3K 313.2K/s 00:00:01 [#######################################################] 100%
freetype2-2.4.4-2-x86_64 457.8K 382.7K/s 00:00:01 [#######################################################] 100%
perl-error-0.17016-2-any 17.4K 70.3K/s 00:00:00 [#######################################################] 100%
git-1.7.3.5-2-x86_64 2.4M 1032.7K/s 00:00:02 [#######################################################] 100%
libsm-1.2.0-1-x86_64 47.0K 126.2K/s 00:00:00 [#######################################################] 100%
xproto-7.0.20-1-any 135.6K 180.3K/s 00:00:01 [#######################################################] 100%
libx11-1.4.1-1-x86_64 1954.9K 952.6K/s 00:00:02 [#######################################################] 100%
libxt-1.0.9-1-x86_64 394.6K 251.0K/s 00:00:02 [#######################################################] 100%
libxext-1.2.0-1-x86_64 92.8K 136.4K/s 00:00:01 [#######################################################] 100%
imagemagick-6.6.6.10-2-x86_64 1864.6K 720.4K/s 00:00:03 [#######################################################] 100%
irssi-0.8.15-4-x86_64 536.5K 309.7K/s 00:00:02 [#######################################################] 100%
libjpeg-8.3.0-1-x86_64 191.2K 209.6K/s 00:00:01 [#######################################################] 100%
libmysqlclient-5.1.54-1-x86_64 9.0M 1523.8K/s 00:00:06 [#######################################################] 100%
libpng-1.4.5-1-x86_64 187.2K 204.4K/s 00:00:01 [#######################################################] 100%
libxdmcp-1.1.0-1-x86_64 23.7K 87.0K/s 00:00:00 [#######################################################] 100%
libxml2-2.7.8-1-x86_64 1455.4K 632.8K/s 00:00:02 [#######################################################] 100%
mysql-clients-5.1.54-1-x86_64 153.0K 160.1K/s 00:00:01 [#######################################################] 100%
mysql-5.1.54-1-x86_64 7.7M 1286.1K/s 00:00:06 [#######################################################] 100%
php-5.3.5-1-x86_64 2.8M 911.5K/s 00:00:03 [#######################################################] 100%
php-cgi-5.3.5-1-x86_64 1613.4K 818.1K/s 00:00:02 [#######################################################] 100%
php-curl-5.3.5-1-x86_64 20.8K 72.1K/s 00:00:00 [#######################################################] 100%
php-gd-5.3.5-1-x86_64 75.6K 147.6K/s 00:00:01 [#######################################################] 100%
python-3.1.3-1-x86_64 7.7M 1299.6K/s 00:00:06 [#######################################################] 100%
screen-4.0.3-10-x86_64 461.3K 368.4K/s 00:00:01 [#######################################################] 100%
:: Retrieving packages from community...
nginx-0.8.54-1-x86_64 245.1K 253.2K/s 00:00:01 [#######################################################] 100%
checking package integrity...
(109/109) checking for file conflicts [#######################################################] 100%
( 1/109) upgrading linux-api-headers [#######################################################] 100%
( 2/109) upgrading tzdata [#######################################################] 100%
( 3/109) upgrading glibc [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 4/109) upgrading attr [#######################################################] 100%
( 5/109) upgrading acl [#######################################################] 100%
( 6/109) upgrading ncurses [#######################################################] 100%
( 7/109) upgrading readline [#######################################################] 100%
( 8/109) upgrading bash [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 9/109) upgrading gdbm [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 10/109) upgrading gcc-libs [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 11/109) upgrading db [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 12/109) upgrading zlib [#######################################################] 100%
( 13/109) upgrading cracklib [#######################################################] 100%
( 14/109) upgrading pam [#######################################################] 100%
( 15/109) upgrading gmp [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 16/109) upgrading libcap [#######################################################] 100%
( 17/109) upgrading coreutils [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 18/109) upgrading perl [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 19/109) upgrading automake [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 20/109) upgrading binutils [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 21/109) upgrading run-parts [#######################################################] 100%
( 22/109) upgrading openssl [#######################################################] 100%
( 23/109) upgrading findutils [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 24/109) upgrading sed [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 25/109) upgrading ca-certificates [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 26/109) upgrading cloog-ppl [#######################################################] 100%
( 27/109) upgrading libusb [#######################################################] 100%
( 28/109) installing libusb-compat [#######################################################] 100%
( 29/109) upgrading pcre [#######################################################] 100%
( 30/109) upgrading glib2 [#######################################################] 100%
( 31/109) upgrading module-init-tools [#######################################################] 100%
( 32/109) upgrading pciutils [#######################################################] 100%
( 33/109) upgrading udev [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 34/109) upgrading device-mapper [#######################################################] 100%
( 35/109) upgrading popt [#######################################################] 100%
( 36/109) upgrading cryptsetup [#######################################################] 100%
( 37/109) upgrading curl [#######################################################] 100%
( 38/109) upgrading dash [#######################################################] 100%
( 39/109) upgrading dhcpcd [#######################################################] 100%
( 40/109) upgrading diffutils [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 41/109) upgrading e2fsprogs [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 42/109) upgrading elfutils [#######################################################] 100%
( 43/109) upgrading expat [#######################################################] 100%
( 44/109) upgrading filesystem [#######################################################] 100%
warning: /etc/profile installed as /etc/profile.pacnew
warning: /etc/hosts installed as /etc/hosts.pacnew
warning: /etc/fstab installed as /etc/fstab.pacnew
warning: /etc/gshadow installed as /etc/gshadow.pacnew
FATAL: kernel too old
error: command failed to execute correctly
( 45/109) upgrading fakeroot [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 46/109) upgrading file [#######################################################] 100%
( 47/109) upgrading freetype2 [#######################################################] 100%
( 48/109) upgrading gawk [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 49/109) upgrading mpfr [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 50/109) upgrading libmpc [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 51/109) upgrading gcc [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 52/109) upgrading gen-init-cpio [#######################################################] 100%
( 53/109) upgrading perl-error [#######################################################] 100%
( 54/109) upgrading git [#######################################################] 100%
( 55/109) upgrading gzip [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 56/109) upgrading texinfo [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 57/109) upgrading groff [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 58/109) upgrading hdparm [#######################################################] 100%
( 59/109) upgrading sqlite3 [#######################################################] 100%
( 60/109) installing libsasl [#######################################################] 100%
Optional dependencies for libsasl
cyrus-sasl: saslauthd
cyrus-sasl-plugins: authentication plugins other than sasldb
( 61/109) installing libldap [#######################################################] 100%
( 62/109) upgrading heimdal [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 63/109) upgrading tar [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 64/109) upgrading libtool [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 65/109) upgrading libsm [#######################################################] 100%
( 66/109) upgrading xproto [#######################################################] 100%
( 67/109) upgrading libx11 [#######################################################] 100%
( 68/109) upgrading libxt [#######################################################] 100%
( 69/109) upgrading libxext [#######################################################] 100%
( 70/109) upgrading imagemagick [#######################################################] 100%
( 71/109) upgrading inetutils [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 72/109) upgrading initscripts [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 73/109) upgrading iptables [#######################################################] 100%
( 74/109) upgrading irssi [#######################################################] 100%
( 75/109) upgrading jfsutils [#######################################################] 100%
( 76/109) upgrading less [#######################################################] 100%
( 77/109) upgrading libjpeg [#######################################################] 100%
( 78/109) upgrading libmysqlclient [#######################################################] 100%
( 79/109) upgrading libpcap [#######################################################] 100%
( 80/109) upgrading libpng [#######################################################] 100%
( 81/109) upgrading libxdmcp [#######################################################] 100%
( 82/109) upgrading libxml2 [#######################################################] 100%
( 83/109) upgrading lzo2 [#######################################################] 100%
( 84/109) upgrading man-db [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 85/109) upgrading man-pages [#######################################################] 100%
( 86/109) upgrading mlocate [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 87/109) upgrading mysql-clients [#######################################################] 100%
( 88/109) upgrading mysql [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 89/109) upgrading nano [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
( 90/109) upgrading nginx [#######################################################] 100%
( 91/109) installing libedit [#######################################################] 100%
( 92/109) upgrading openssh [#######################################################] 100%
warning: /etc/ssh/sshd_config installed as /etc/ssh/sshd_config.pacnew
( 93/109) upgrading pacman-mirrorlist [#######################################################] 100%
warning: /etc/pacman.d/mirrorlist installed as /etc/pacman.d/mirrorlist.pacnew
( 94/109) upgrading patch [#######################################################] 100%
( 95/109) upgrading php [#######################################################] 100%
warning: /etc/php/php.ini installed as /etc/php/php.ini.pacnew
( 96/109) upgrading php-cgi [#######################################################] 100%
( 97/109) upgrading php-curl [#######################################################] 100%
( 98/109) upgrading php-gd [#######################################################] 100%
( 99/109) upgrading pkg-config [#######################################################] 100%
(100/109) upgrading procinfo-ng [#######################################################] 100%
(101/109) upgrading procps [#######################################################] 100%
(102/109) upgrading python [#######################################################] 100%
(103/109) upgrading reiserfsprogs [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
(104/109) upgrading screen [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
(105/109) upgrading sdparm [#######################################################] 100%
(106/109) upgrading sudo [#######################################################] 100%
(107/109) upgrading syslog-ng [#######################################################] 100%
warning: /etc/syslog-ng.conf installed as /etc/syslog-ng.conf.pacnew
(108/109) upgrading usbutils [#######################################################] 100%
(109/109) upgrading which [#######################################################] 100%
FATAL: kernel too old
error: command failed to execute correctly
FATAL: kernel too old
error: command failed to execute correctly
I think I have some mismatch between glibc and the kernel now, but the question is: how do I get out of this? This installation is on a VPS and I only have remote access. In case of emergency I can just restore yesterday's backup, but first I'd like to know if there is some other solution.
ThanksLol, I had the same problem just now:) System became completely unusable!
Luckily I found the old glibc package without too much trouble, and with the help of a LiveCD I manually extracted the package and put the old files back in place. All back to normal. Phew!
I'm kinda happy I didn't have to setup a Vserver for it:)
My 10 year old pc, now performing admirably as a simple router, lives on! -
Access-list in Cisco 3560 Series Switch
Guys,
I will be implementing access-lists in 3560 switch. Hope you can help me with the configuration. I'm planning to block all ports by default and only allow ports that the user need to access. The ports will be as follows, tcp - 80, 81, 8080, 25, 110, 143. For udp - 23 and port used by IP Phone.
Hope you can help me guys.
Thanks,
Johnand then dont forget to call this access-list on the interface or vlan you want to apply it.
You can use a number for the ACL > 100 or a name as indicated earlier.
If you go with just a number :
access-list 100 permit tcp any any eq 80 81 ...
access-list 100 permit udp any any eq 23
int g1/0/1
ip access-group NAME in
OR
ip access-group 100 in
As for example :
NMS-3750-A(config-if)#ip acc
NMS-3750-A(config-if)#ip access-group ?
<1-199> IP access list (standard or extended)
<1300-2699> IP expanded access list (standard or extended)
WORD Access-list name -
RPC fails through 881 Point to point Tunnel for VEEAM
Hi I have inherited 2 881's
We are setting up a Veeam server to Replicate a Hyper-V host.
When I try and add the remote hyper-v server through the P2P VPN VEEAM comes back with an error. "Unable to connect via WMI".
WMI is enabled on the target server firewalls are down and AV software removed. If I'm in the same subnet the WMI works. It feels like the VPN is blocking WMI.
Everything else seems to be working through the P2P VPN.
Thanks
Traffic is initiated through device 1
881 Device 1 Config
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all sdm-nat-https-1
match access-group 102
match protocol https
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-http-1
inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect CCP-Voice-permit
inspect
class class-default
pass
policy-map type inspect ccp-permit
class type inspect SDM_EASY_VPN_SERVER_PT
pass
class class-default
drop
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class class-default
drop log
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
interface Loopback0
no ip address
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $FW_OUTSIDE$$ETH-WAN$
ip address 216.x.x.x255.255.255.240
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
crypto map SDM_CMAP_1
crypto ipsec df-bit clear
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet4
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 10.10.11.1 255.255.255.0
ip access-group 130 in
ip access-group 130 out
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
ip local pool SDM_POOL_1 10.10.21.10 10.10.21.80
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 216.123.165.1 permanent
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.10.11.5 25 interface FastEthernet4 25
ip nat inside source static tcp 10.10.11.5 9091 interface FastEthernet4 9091
ip nat inside source static tcp 10.10.11.9 80 interface FastEthernet4 80
ip nat inside source static tcp 10.10.11.9 443 interface FastEthernet4 443
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_IP
remark CCP_ACL Category=1
permit ip any any
no logging trap
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 23 permit 10.10.11.0 0.0.0.255
access-list 23 permit 10.10.21.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 216.123.165.0 0.0.0.15 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 10.10.11.5
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 10.10.11.9
access-list 103 remark CCP_ACL Category=4
access-list 103 permit ip 10.10.11.0 0.0.0.255 any
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 105 remark CCP_ACL Category=0
access-list 105 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255 log
access-list 106 deny ip 10.10.11.0 0.0.0.255 10.10.21.0 0.0.0.255
access-list 106 permit ip 10.10.11.0 0.0.0.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255 log
access-list 108 remark CCP_ACL Category=0
access-list 108 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 120 remark CCP_ACL Category=16
access-list 120 permit ip 10.10.10.0 0.0.0.255 any
access-list 120 permit ip 10.10.11.0 0.0.0.255 any
access-list 120 permit ip 10.10.21.0 0.0.0.255 any
access-list 130 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 130 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 130 permit ip any any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 106
control-plane
banner exec ^CC
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CC
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
^C
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
transport input telnet ssh
scheduler max-task-time 5000
end
CarePathBackupRouter#
881 Device 2 Config
service-policy type inspect sdm-policy-sdm-cls--1
zone-pair security sdm-zp-sll-zone-in-zone source ssl-zone destination in-zone
service-policy type inspect sdm-pol-ssl-vpn-traffic
zone-pair security sdm-zp-dmz-zone-out-zone source dmz-zone destination out-zone
service-policy type inspect sdm-policy-sdm-cls--2
interface Loopback0
ip address 10.10.50.1 255.255.255.0
interface FastEthernet0
switchport access vlan 2
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $FW_OUTSIDE$$ETH-WAN$
ip address 216.x.x.x255.255.255.248
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
crypto map SDM_CMAP_1
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet4
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Virtual-Template5
ip unnumbered FastEthernet4
zone-member security ssl-zone
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
interface Vlan2
description $FW_DMZ$
ip address 10.10.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security dmz-zone
ip local pool SDM_POOL_1 10.10.50.2 10.10.50.30
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.10.10.5 25 interface FastEthernet4 25
ip nat inside source static tcp 10.10.20.100 80 interface FastEthernet4 80
ip nat inside source list 120 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.20.100 443 interface FastEthernet4 443
ip nat inside source static tcp 10.10.10.5 9091 216.x.x.x9091 extendable
ip access-list extended DMZOutbound
remark CCP_ACL Category=128
permit ip host 10.10.20.4 any
permit ip host 10.10.20.5 any
ip access-list extended LANtoDMZ
remark CCP_ACL Category=128
permit ip any host 10.10.20.5
permit ip any host 10.10.20.4
permit ip any host 10.10.20.100
ip access-list extended SDM_4
remark CCP_ACL Category=4
remark IPSec Rule
permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
ip access-list extended SDM_IP
remark CCP_ACL Category=1
permit ip any any
ip access-list extended VPNZtoDMZ
remark CCP_ACL Category=128
permit ip any host 10.10.20.5
permit ip any host 10.10.20.4
ip access-list extended VPNtoDMZ
remark CCP_ACL Category=128
permit ip any host 10.10.20.5
ip access-list extended WANtoOWA
remark CCP_ACL Category=128
permit ip any host 10.10.10.5
ip access-list extended WebsiteViewer
remark CCP_ACL Category=128
permit ip host 10.10.20.5 any
permit ip host 10.10.20.4 any
ip access-list extended dmz-traffic
remark CCP_ACL Category=1
permit ip any host 10.10.20.1
permit ip any host 10.10.20.2
permit ip any host 10.10.20.3
permit ip any host 10.10.20.4
permit ip any host 10.10.20.5
permit ip any host 10.10.20.6
permit ip any host 10.10.20.7
permit ip any host 10.10.20.8
permit ip any host 10.10.20.9
permit ip any host 10.10.20.10
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.10.20.0 0.0.0.255
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 10.10.20.0 0.0.0.255
access-list 23 permit 10.10.50.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 10.10.20.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip 10.10.20.0 0.0.0.255 any
access-list 101 permit ip 207.164.203.24 0.0.0.7 any
access-list 102 remark CCP_ACL Category=0
access-list 102 permit tcp any host 192.168.1.111 eq smtp
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 10.10.20.5
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 10.10.20.100
access-list 105 remark CCP_ACL Category=4
access-list 105 permit ip host 10.10.10.0 any
access-list 105 permit ip host 10.10.20.0 any
access-list 105 permit ip host 10.10.50.0 any
access-list 120 deny ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 120 deny ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255
access-list 120 deny ip 10.10.20.0 0.0.0.255 10.10.50.0 0.0.0.255
access-list 120 permit ip 10.10.10.0 0.0.0.255 any
access-list 120 permit ip 10.10.20.0 0.0.0.255 any
access-list 121 permit ip 10.10.50.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 121 permit ip 10.10.50.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 150 permit tcp any any eq 8081
access-list 190 permit ip any host 10.10.10.7
access-list 190 permit ip host 10.10.10.7 any
no cdp run
control-plane
banner exec ^CCCCCCCCCC
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CCCCCCCCCC
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
^C
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
transport input telnet ssh
scheduler max-task-time 5000
webvpn gateway gateway_1
ip address 216.x.x.xport 8081
ssl trustpoint TP-self-signed-3840840377
inservice
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context WebVPN
title "CarePath WebVPN"
secondary-color white
title-color #669999
text-color black
ssl authenticate verify all
url-list "CarePath"
heading "CarePath Websites"
url-text "CPNet" url-value "http://10.10.10.100/CPnet/"
url-text "CarePath External Website" url-value "http://www.carepath.ca"
url-text "Navigator" url-value "http://10.10.10.103"
policy group policy_1
url-list "CarePath"
functions svc-enabled
svc address-pool "SDM_POOL_1"
svc msie-proxy option auto
svc split include 10.10.0.0 255.255.0.0
svc dns-server primary 10.10.10.5
virtual-template 5
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_2
gateway gateway_1
max-users 20
inservice
end
CarePathRouterB#Ok I think I messed up.
Here's the configs again.
Device 1
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.10.08 11:11:23 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...
Current configuration : 14737 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname CarePathBackupRouter
boot-start-marker
boot-end-marker
logging message-counter syslog
logging buffered 10000
no logging console
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
--More-- aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
memory-size iomem 10
crypto pki trustpoint TP-self-signed-3598019594
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3598019594
revocation-check none
rsakeypair TP-self-signed-3598019594
crypto pki certificate chain TP-self-signed-3598019594
certificate self-signed 01
3082025D 308201C6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33353938 30313935 3934301E 170D3132 30333038 32333235
30395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 35393830
31393539 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B290 42576863 0D990847 52965EB6 37067C00 38E8AFDC A2A4352C 5DD36F7A
--More-- 2F5CA25C B586E580 00E7F634 2437B446 DEF48F61 DA8D307C 47157F18 ED555E11
D7AEEF72 6C6CE291 1506D9E3 EF32D956 2E7677D6 710B370E 5A8E5115 33A92F11
44562D62 1452435C 3723126B E279C9DE 217077CF 1320D7C2 CF1BE495 1351B500
7B210203 010001A3 81843081 81300F06 03551D13 0101FF04 05300301 01FF302E
0603551D 11042730 25822343 61726550 61746842 61636B75 70526F75 7465722E
796F7572 646F6D61 696E2E63 6F6D301F 0603551D 23041830 1680142D A4BC83A1
785F6C73 DD8A98F1 8CBFACB1 D1287530 1D060355 1D0E0416 04142DA4 BC83A178
5F6C73DD 8A98F18C BFACB1D1 2875300D 06092A86 4886F70D 01010405 00038181
00B02915 B9C40F05 DC7DE975 67982D89 6C781413 5C2F0F3A 76CEEFD1 45DE776D
6D2B875F 0109EBBA E106BD35 CAE1F188 4D038977 E8FC77AC E8E1FC8A 14C88C3F
8CE98F32 69C1C7A8 E9C6394D 8A285A40 701115EC FBBB092D 23B13FA5 977D82EA
E5090F60 DC0B3480 96BDC5BB C1393AB0 5C135C70 6DA3926E 233E0824 982F6010 FF
quit
ip source-route
ip dhcp excluded-address 10.10.10.1
ip cef
no ip domain lookup
ip domain name yourdomain.com
ip port-map user-protocol--1 port tcp 9091
--More-- ip inspect log drop-pkt
no ipv6 cef
multilink bundle-name authenticated
vtp mode transparent
username vinadmin privilege 15 secret 5 $1$fDR/$CNiqlhaGh1/86.yaksu9J1
username bannayar secret 5 $1$WQH0$lqEvJa6vyCgG8P6ZCKFV30
username kabaines secret 5 $1$qghZ$KIzZ4AvLHuxpxdT8lPXu00
username ecousineau secret 5 $1$0vGF$/hFzdgUsjNy4KhQbBEJXX1
username ddepetrillo secret 5 $1$J.Z.$r2Hvj0wy65KdU2DB8RybI.
username dfulogsi secret 5 $1$mBGJ$pOTWXESj5IrNoHcp4a6Dg1
username whryniuk secret 5 $1$aiXM$V7Ivp7w9WGPfp7ZvNUuxw.
username lhryniuk secret 5 $1$ZMWh$q1TcQiQCnOcOc3386C60./
username dthomson secret 5 $1$oSuN$9iRmSxMzpFiJZ7J./DXwN/
username smoore secret 5 $1$DRy7$yYXbtjMqP6eNVNWf82qit1
username wpowell secret 5 $1$gK57$oUtnIg6xk6tV8xofNCWZj.
username pcarter secret 5 $1$FNOP$kwi.OJx9PTQqYRFFc3Lw11
username mferguson secret 5 $1$JAkk$yZ8gLDfpLjhoBUY2xiKGt0
username kmcdonald secret 5 $1$e6zr$WxiKO0Aqee2mUb3GtcOwK1
username drorovan secret 5 $1$q/bp$qpIgTq2zo3CUZtsMKYB9d/
--More-- username jragaz secret 5 $1$3xZ7$Cvg8Er8k5khygwd.Dg/Xh1
username pmajor secret 5 $1$u7up$X0HemguPY9Ng1vKxcAz.81
username borovan secret 5 $1$4Lje$BYGyz2EhCxE.FVql5tddA0
username jgowing secret 5 $1$YAsY$36ioJChe4Se786FyVOwZO/
username GGarcia secret 5 $1$9QO0$qEaHekjre5tWLc4HNnLhd/
username rbergeron secret 5 $1$8oB6$yk3IoBFJo/ndzRCoQTGPQ1
username rsimpson secret 5 $1$dnSM$KOiCXCpX6jgv/Z/WLt/qM0
username kgodbout secret 5 $1$xDkJ$OoOKh8KtQDy4h2CsnGl1V/
username amcgowan secret 5 $1$e9fw$xByQdweSgJKomCoa42Xhd.
username mstevelic secret 5 $1$dM72$u3W/r5o.WIULnYZMVLx.00
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key CarePathPSKJ0k1r address 63.250.109.214 255.255.255.248
crypto isakmp client configuration group VPNGroup
key Pa$$w0rd
dns 10.10.11.5
domain carepath.local
pool SDM_POOL_1
--More-- acl 103
max-users 70
crypto isakmp profile ciscocp-ike-profile-1
match identity group VPNGroup
client authentication list ciscocp_vpn_xauth_ml_1
isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec df-bit clear
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to Carepath HO
set peer 63.250.109.214
--More-- set transform-set ESP-3DES-SHA1
match address 107
archive
log config
hidekeys
vlan 2-3,10,20
vlan 30
name Internal
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
match access-group 105
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
match access-group 108
class-map type inspect match-all sdm-nat-http-1
match access-group 102
match protocol http
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 101
--More-- match protocol user-protocol--1
class-map type inspect match-all sdm-nat-smtp-1
match access-group 101
match protocol smtp
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any CCP-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
--More-- match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
--More-- match protocol udp
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all sdm-nat-https-1
match access-group 102
match protocol https
class-map type inspect match-all ccp-protocol-http
match protocol http
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-user-protocol--1-1
inspect
class type inspect sdm-nat-http-1
--More-- inspect
class type inspect sdm-nat-https-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect CCP-Voice-permit
inspect
class class-default
pass
policy-map type inspect ccp-permit
class type inspect SDM_EASY_VPN_SERVER_PT
pass
--More-- class class-default
drop
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class class-default
drop log
zone security out-zone
zone security in-zone
zone security ezvpn-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
--More-- zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
interface Loopback0
no ip address
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $FW_OUTSIDE$$ETH-WAN$
ip address 216.123.165.9 255.255.255.240
--More-- ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
crypto map SDM_CMAP_1
crypto ipsec df-bit clear
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet4
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 10.10.11.1 255.255.255.0
ip access-group 130 in
ip access-group 130 out
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
--More-- !
ip local pool SDM_POOL_1 10.10.21.10 10.10.21.80
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 216.123.165.1 permanent
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.10.11.5 25 interface FastEthernet4 25
ip nat inside source static tcp 10.10.11.5 9091 interface FastEthernet4 9091
ip nat inside source static tcp 10.10.11.9 80 interface FastEthernet4 80
ip nat inside source static tcp 10.10.11.9 443 interface FastEthernet4 443
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
permit esp any any
--More-- ip access-list extended SDM_IP
remark CCP_ACL Category=1
permit ip any any
no logging trap
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 23 permit 10.10.11.0 0.0.0.255
access-list 23 permit 10.10.21.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 216.123.165.0 0.0.0.15 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 10.10.11.5
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 10.10.11.9
access-list 103 remark CCP_ACL Category=4
access-list 103 permit ip 10.10.11.0 0.0.0.255 any
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 105 remark CCP_ACL Category=0
--More-- access-list 105 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255 log
access-list 106 deny ip 10.10.11.0 0.0.0.255 10.10.21.0 0.0.0.255
access-list 106 permit ip 10.10.11.0 0.0.0.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255 log
access-list 108 remark CCP_ACL Category=0
access-list 108 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 120 remark CCP_ACL Category=16
access-list 120 permit ip 10.10.10.0 0.0.0.255 any
access-list 120 permit ip 10.10.11.0 0.0.0.255 any
access-list 120 permit ip 10.10.21.0 0.0.0.255 any
access-list 130 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 130 permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 130 permit ip any any
no cdp run
--More-- !
route-map SDM_RMAP_1 permit 1
match ip address 106
control-plane
banner exec ^CC
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
--More-- Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CC
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
--More-- NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
^C
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 23 in
transport input telnet ssh
scheduler max-task-time 5000
end
CarePathBackupRouter#
Device 2
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.10.08 11:05:59 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...
Current configuration : 29587 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot system flash c880data-universalk9-mz.124-24.5.T.bin
boot-end-marker
security passwords min-length 1
logging buffered 4096
enable secret 5 $1$tRc6$Pk3N1aDAx4E2rAYAJ90mH1
aaa new-model
aaa authentication login default local
--More-- aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-3840840377
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3840840377
revocation-check none
rsakeypair TP-self-signed-3840840377
crypto pki certificate chain TP-self-signed-3840840377
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383430 38343033 3737301E 170D3134 30393132 31303431
34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
--More-- 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38343038
34303337 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E66E C34A4C46 E413B794 5FB510D3 A306C684 9ED25F03 4B850571 D8E7561B
F66A4AA7 AE9E606C B440A785 3CE4A763 1C1A52FF 112D4CB9 CB755AA5 479F1508
775EED5D EEE09429 6D62FA24 C2B053F8 B8A09A91 3B5EAD10 9B7E2B0A 5AA92137
13DF18C1 4616B18C FD3662C1 A2813A66 2484E2B5 C56B607A 92E21E0F BD0D54CB
01930203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 15526F75 7465722E 63617265 70617468 2E6C6F63 616C301F
0603551D 23041830 168014D4 3B765BFE CE03F36B 9714FB7D 1E31015E 9B5D2830
1D060355 1D0E0416 0414D43B 765BFECE 03F36B97 14FB7D1E 31015E9B 5D28300D
06092A86 4886F70D 01010405 00038181 0081DE27 6994F293 40268BED F231747F
A0FB4FE6 BAD884C8 D9395782 35FD0450 57E74E6E E8E3575E 8F08FC1D 2916A16D
5DDBA88C 1299FF6C D7293908 DE3CFF1E 29B1BC43 48D68718 51ED7651 E032E50C
B6DC8607 56D2E957 46DDC00F BF5B81AC 9AA2CB21 1E566639 10E207E3 21CB0127
61C16AF4 CB1B5AEE 3559D0B2 3AC9603B E5
quit
ip source-route
ip dhcp excluded-address 10.10.20.1 10.10.20.10
ip dhcp excluded-address 10.10.10.1 10.10.10.19
ip dhcp excluded-address 10.10.10.91 10.10.10.254
--More-- ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.10.10.5
lease 0 2
ip dhcp pool sdm-pool1
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
no ip cef
ip domain name carepath.local
ip name-server 10.10.10.5
no ipv6 cef
multilink bundle-name authenticated
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
--More--
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
--More-- server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
username forrestja secret 5 $1$0M.C$jSf2s6jBJc.BhOHEQz6Z7/
username Mckyedo secret 5 $1$.oVV$osTs3rwN6PDW1r1ratB/Y/
username kabaines secret 5 $1$05fS$aQmBAn5OPzemwHISAcjA91
username ecousineau secret 5 $1$chbt$y8i/cTvlKaoi7M6IK9XQz0
username danidepetrillo secret 5 $1$ClAB$cL.ISVieN3dtuXKYboyiO/
username ddepetrillo secret 5 $1$/8z2$zo9yhdXX0injN5sR.o.gc.
username dfulogsi secret 5 $1$7kTK$48wgcGO5ne4/p069y6hNX.
username whryniuk secret 5 $1$4K6u$hQkC7ZproSeYzXuF6C9z61
username lhryniuk secret 5 $1$XHHt$MFNNStOiC6dgfY93laFrU1
username amcgowan secret 5 $1$40Fm$O5QuPgLtQU0uq.9KbxW0M1
username dthomson secret 5 $1$CAZB$VF0qQbZ/zECKv3QfIDhuD.
username cshirley secret 5 $1$A395$0hL0DnNysybt51exyXWrN1
username smoore secret 5 $1$YFq4$j7UTBgdbQMikKGyDhAPCP.
username jzemaitis secret 5 $1$KiOv$Y22d.91YFkVaDcHc9JfL90
--More-- username wpowell secret 5 $1$ECmG$dQvMWSXWQqPSM/SWMm6Ja0
username vinadmin privilege 15 secret 5 $1$XJMD$kQLDFx1u5IKBNqtMtg4dL0
username Admin secret 5 $1$O3rB$H003Fl.KI7vNzSxRpsB5t.
username shirleyco secret 5 $1$aTod$A91adrDfFQrKx31aAe3/z0
username mferguson secret 5 $1$XISU$UjnnmGN22rzIf7xnX0CEc.
username kmcdonald secret 5 $1$cv4K$uuotKYnegG6.y4R7YRiyW1
username mstevelic secret 5 $1$.isq$wi/HGo0IkZWmoBY..QEeD/
username drorovan secret 5 $1$L799$Sz04d/XVM/g5Y62z5W.1/0
username jragaz secret 5 $1$hmK5$z/tvrdohCMiEprCW9p9Yq.
username pmajor secret 5 $1$CxxE$9hgS21SbVhVdOmUaRdvgs/
username borovan secret 5 $1$fsw9$ZIIUltJ9Cc7nBpmuswIDs.
username leedo secret 5 $1$xnMk$6IQf2FzK1L5QMgjfRx8.h.
username jgowing secret 5 $1$EVEP$YjxyE5Lw.hcivE.JqbH0Y/
username royst secret 5 $1$/wbP$W3daZVjU3bYAtR9x01nEh.
username rbergeron secret 5 $1$EeAx$ipFbCd0SwjTLUB/8pCMxR0
username rsimpson secret 5 $1$cvh6$0MVp4eSyhij0NCX6NUDGK1
username ssaraydarian secret 5 $1$YJV7$v14qULB7TFYsTEVcvyC8o.
username Leeke secret 5 $1$IH5i$.yJJW7mKF.sD7DIr53AXc0
username hooman secret 5 $1$eJ3J$OKcje0Q.K5o.IOJJ.it0D1
username cmills secret 5 $1$QH8Z$QZqY8kJEvpp/WBQIAl7yn0
username bannayar secret 5 $1$erc7$EhY2OUL2okAuJw6.VFwvW.
username alstiburek secret 5 $1$5FSX$5RJb1h0NBYyH6q93aXT3U.
username pcarter secret 5 $1$dVJI$EnovCDfEe3SakN15Q9kkW.
--More-- username dlinardos password 0 zckNW80240*
username janarthans view root secret 5 $1$A5c8$x/d03.bT3e29fTJ2Iunt/1
username palmerb view root secret 5 $1$MlTf$szxQvyRJBzRnofARAWP0z0
username lrobichaud privilege 0 secret 5 $1$nztN$hieW9P/XYakZ8aDxvc/hc/
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp key CarePathPSKJ0k1r address 216.x.x.x
crypto isakmp client configuration group VPNGroup
key Pa$$w0rd
dns 10.10.10.5
domain Carepath.local
pool SDM_POOL_1
acl 100
--More-- max-users 28
netmask 255.255.255.0
crypto isakmp profile ciscocp-ike-profile-1
match identity group VPNGroup
client authentication list ciscocp_vpn_xauth_ml_1
isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Apply the crypto map on the peer router's interface having IP address 216.x.x.x that connects to this router.
set peer 216.x.x.x
set transform-set ESP-3DES-SHA1
--More-- match address SDM_4
archive
log config
hidekeys
ip ftp username cisco
ip ftp password <removed>
class-map type inspect match-all sdm-cls-VPNOutsideToInside-1
match access-group 107
class-map type inspect match-all sdm-cls-VPNOutsideToInside-3
match access-group 109
class-map type inspect match-all sdm-cls-VPNOutsideToInside-2
match access-group 108
class-map type inspect imap match-any ccp-app-imap
match invalid-command
class-map type inspect match-any ccp-cls-protocol-p2p
match protocol edonkey signature
match protocol gnutella signature
match protocol kazaa2 signature
match protocol fasttrack signature
--More-- match protocol bittorrent signature
class-map type inspect match-all sdm-nat-http-1
match access-group 103
match protocol http
class-map type inspect match-any https
match protocol https
class-map type inspect match-all sdm-cls-sdm-pol-NATOutsideToInside-1-1
match class-map https
match access-group name WANtoOWA
class-map type inspect match-all sdm-nat-http-2
match access-group 104
match protocol http
class-map type inspect match-all sdm-nat-smtp-1
match access-group 102
match protocol tcp
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect match-any CCP-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
--More-- class-map type inspect match-any SDM_VPN_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_VPN_PT
match access-group 106
match class-map SDM_VPN_TRAFFIC
class-map type inspect match-any http
match protocol dns
match protocol http
match protocol https
match protocol icmp
match protocol smtp
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
--More-- match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all sdm-cls--2
match class-map http
match access-group name DMZOutbound
class-map type inspect match-all sdm-cls--1
match access-group name VPNZtoDMZ
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect gnutella match-any ccp-app-gnutella
match file-transfer
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
--More-- match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect msnmsgr match-any ccp-app-msn-otherservices
match service any
class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices
match service any
class-map type inspect match-all ipsec-class
match protocol isakmp
match protocol ipsec-msft
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map type inspect aol match-any ccp-app-aol-otherservices
match service any
--More-- class-map type inspect match-all webvpn-8081
match access-group 150
class-map type inspect match-all ccp-protocol-pop3
match protocol pop3
class-map type inspect match-any sdm-ssl-vpn-traffic
match access-group 121
class-map type inspect pop3 match-any ccp-app-pop3
match invalid-command
class-map type inspect kazaa2 match-any ccp-app-kazaa2
match file-transfer
class-map type inspect match-all ccp-protocol-p2p
match class-map ccp-cls-protocol-p2p
class-map type inspect msnmsgr match-any ccp-app-msn
match service text-chat
class-map type inspect ymsgr match-any ccp-app-yahoo
match service text-chat
class-map type inspect match-any WebsiteViewer
match protocol smtp
match protocol https
match protocol http
match protocol ftp
class-map type inspect match-all ccp-protocol-im
match class-map ccp-cls-protocol-im
--More-- class-map type inspect match-all ccp-invalid-src
match access-group 101
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect http match-any ccp-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
--More-- match request method options
match request method poll
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect match-any ccp-dmz-protocols
match protocol http
class-map type inspect edonkey match-any ccp-app-edonkey
match file-transfer
--More-- match text-chat
match search-file-name
class-map type inspect http match-any ccp-http-blockparam
match request port-misuse im
match request port-misuse p2p
match req-resp protocol-violation
class-map type inspect match-all ccp-dmz-traffic
match access-group name dmz-traffic
match class-map ccp-dmz-protocols
class-map type inspect match-all sdm-cls-ccp-permit-dmzservice-2
match access-group name VPNtoDMZ
class-map type inspect match-all sdm-cls-ccp-permit-dmzservice-3
match class-map WebsiteViewer
match access-group name WebsiteViewer
class-map type inspect edonkey match-any ccp-app-edonkeydownload
match file-transfer
class-map type inspect match-all ccp-protocol-imap
match protocol imap
class-map type inspect aol match-any ccp-app-aol
match service text-chat
class-map type inspect match-all sdm-cls-ccp-permit-dmzservice-1
match access-group name LANtoDMZ
class-map type inspect edonkey match-any ccp-app-edonkeychat
--More-- match search-file-name
match text-chat
class-map type inspect http match-any ccp-http-allowparam
match request port-misuse tunneling
class-map type inspect match-all ccp-protocol-http
match protocol http
class-map type inspect fasttrack match-any ccp-app-fasttrack
match file-transfer
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-VPNOutsideToInside-1
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
inspect
class class-default
--More-- drop
policy-map type inspect p2p ccp-action-app-p2p
class type inspect edonkey ccp-app-edonkeychat
log
allow
class type inspect edonkey ccp-app-edonkeydownload
log
allow
class type inspect fasttrack ccp-app-fasttrack
log
allow
class type inspect gnutella ccp-app-gnutella
log
allow
class type inspect kazaa2 ccp-app-kazaa2
log
allow
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-cls-sdm-pol-NATOutsideToInside-1-1
inspect
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-http-1
--More-- inspect
class type inspect sdm-nat-http-2
inspect
class type inspect sdm-ssl-vpn-traffic
inspect
class type inspect ccp-icmp-access
inspect
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
inspect
class class-default
drop
policy-map type inspect im ccp-action-app-im
class type inspect aol ccp-app-aol
log
allow
class type inspect msnmsgr ccp-app-msn
log
allow
class type inspect ymsgr ccp-app-yahoo
--More-- log
allow
class type inspect aol ccp-app-aol-otherservices
log
reset
class type inspect msnmsgr ccp-app-msn-otherservices
log
reset
class type inspect ymsgr ccp-app-yahoo-otherservices
log
reset
policy-map type inspect imap ccp-action-imap
class type inspect imap ccp-app-imap
log
policy-map type inspect pop3 ccp-action-pop3
class type inspect pop3 ccp-app-pop3
log
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-protocol-imap
--More-- inspect
service-policy imap ccp-action-imap
class type inspect ccp-protocol-pop3
inspect
service-policy pop3 ccp-action-pop3
class type inspect ccp-protocol-p2p
inspect
service-policy p2p ccp-action-app-p2p
class type inspect ccp-protocol-im
inspect
service-policy im ccp-action-app-im
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect http ccp-action-app-http
class type inspect http ccp-http-blockparam
log
allow
class type inspect http ccp-app-httpmethods
log
reset
class type inspect http ccp-http-allowparam
--More-- log
allow
policy-map type inspect ccp-permit
class type inspect SDM_EASY_VPN_SERVER_PT
pass
class class-default
drop
policy-map type inspect sdm-policy-sdm-cls--1
class type inspect sdm-cls--1
inspect
class class-default
drop
policy-map type inspect sdm-pol-Out-to-Self
class type inspect SDM_VPN_PT
pass
class type inspect webvpn-8081
class type inspect SDM_EASY_VPN_SERVER_TRAFFIC
pass
class class-default
drop
policy-map type inspect sdm-pol-ssl-vpn-traffic
class type inspect sdm-ssl-vpn-traffic
inspect
--More-- class class-default
drop
policy-map type inspect sdm-policy-sdm-cls--2
class type inspect sdm-cls--2
inspect
class class-default
drop
policy-map type inspect ccp-permit-dmzservice
class type inspect sdm-cls-ccp-permit-dmzservice-3
inspect
class type inspect sdm-cls-ccp-permit-dmzservice-2
inspect
class type inspect sdm-cls-ccp-permit-dmzservice-1
inspect
class type inspect ccp-dmz-traffic
inspect
class type inspect CCP-Voice-permit
inspect
class type inspect sdm-nat-smtp-1
inspect
class type inspect sdm-nat-http-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-1
--More-- inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
inspect
class class-default
pass
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class type inspect sdm-cls-VPNOutsideToInside-1
inspect
class type inspect sdm-cls-VPNOutsideToInside-2
inspect
class type inspect sdm-cls-VPNOutsideToInside-3
inspect
class class-default
drop log
zone security dmz-zone
zone security out-zone
zone security in-zone
zone security ezvpn-zone
--More-- zone security ssl-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security ccp-zp-in-dmz source in-zone destination dmz-zone
service-policy type inspect ccp-permit-dmzservice
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-dmz source out-zone destination dmz-zone
service-policy type inspect ccp-permit-dmzservice
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect sdm-pol-Out-to-Self
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-zone-dmz-zone source ezvpn-zone destination dmz-zone
--More-- service-policy type inspect sdm-policy-sdm-cls--1
zone-pair security sdm-zp-sll-zone-in-zone source ssl-zone destination in-zone
service-policy type inspect sdm-pol-ssl-vpn-traffic
zone-pair security sdm-zp-dmz-zone-out-zone source dmz-zone destination out-zone
service-policy type inspect sdm-policy-sdm-cls--2
zone-pair security sdm-zp-VPNOutsideToInside-1 source out-zone destination ssl-zone
service-policy type inspect sdm-pol-VPNOutsideToInside-1
interface Loopback0
ip address 10.10.50.1 255.255.255.0
interface FastEthernet0
switchport access vlan 2
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
--More-- interface FastEthernet4
description $FW_OUTSIDE$$ETH-WAN$
ip address 63.250.109.214 255.255.255.248
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
crypto map SDM_CMAP_1
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet4
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Virtual-Template5
ip unnumbered FastEthernet4
zone-member security ssl-zone
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
--More-- ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
interface Vlan2
description $FW_DMZ$
ip address 10.10.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security dmz-zone
ip local pool SDM_POOL_1 10.10.50.2 10.10.50.30
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4 63.250.109.209
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 10.10.10.5 25 interface FastEthernet4 25
--More-- ip nat inside source static tcp 10.10.20.100 80 interface FastEthernet4 80
ip nat inside source static tcp 10.10.20.100 443 interface FastEthernet4 443
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.10.5 9091 63.250.109.214 9091 extendable
ip access-list extended DMZOutbound
remark CCP_ACL Category=128
permit ip host 10.10.20.4 any
permit ip host 10.10.20.5 any
ip access-list extended LANtoDMZ
remark CCP_ACL Category=128
permit ip any host 10.10.20.5
permit ip any host 10.10.20.4
permit ip any host 10.10.20.100
ip access-list extended SDM_4
remark CCP_ACL Category=4
remark IPSec Rule
permit ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
ip access-list extended SDM_AH
remark CCP_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark CCP_ACL Category=1
--More-- permit esp any any
ip access-list extended SDM_IP
remark CCP_ACL Category=1
permit ip any any
ip access-list extended VPNZtoDMZ
remark CCP_ACL Category=128
permit ip any host 10.10.20.5
permit ip any host 10.10.20.4
ip access-list extended VPNtoDMZ
remark CCP_ACL Category=128
permit ip any host 10.10.20.5
ip access-list extended WANtoOWA
remark CCP_ACL Category=128
permit ip any host 10.10.10.5
ip access-list extended WebsiteViewer
remark CCP_ACL Category=128
permit ip host 10.10.20.5 any
permit ip host 10.10.20.4 any
ip access-list extended dmz-traffic
remark CCP_ACL Category=1
permit ip any host 10.10.20.1
permit ip any host 10.10.20.2
permit ip any host 10.10.20.3
--More-- permit ip any host 10.10.20.4
permit ip any host 10.10.20.5
permit ip any host 10.10.20.6
permit ip any host 10.10.20.7
permit ip any host 10.10.20.8
permit ip any host 10.10.20.9
permit ip any host 10.10.20.10
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.10.20.0 0.0.0.255
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 10.10.20.0 0.0.0.255
access-list 23 permit 10.10.50.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 10.10.20.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
--More-- access-list 101 permit ip 10.10.20.0 0.0.0.255 any
access-list 101 permit ip 207.164.203.24 0.0.0.7 any
access-list 102 remark CCP_ACL Category=0
access-list 102 permit tcp any host 192.168.1.111 eq smtp
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 10.10.20.5
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 10.10.20.100
access-list 105 remark CCP_ACL Category=4
access-list 105 permit ip host 10.10.10.0 any
access-list 105 permit ip host 10.10.20.0 any
access-list 105 permit ip host 10.10.50.0 any
access-list 106 remark CCP_ACL Category=128
access-list 106 permit ip host 216.x.x.x any
access-list 107 remark CCP_ACL Category=0
access-list 107 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 108 remark CCP_ACL Category=0
access-list 108 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 109 remark CCP_ACL Category=0
access-list 109 permit ip 10.10.11.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 120 remark CCP_ACL Category=18
access-list 120 deny ip 10.10.10.0 0.0.0.255 10.10.50.0 0.0.0.255
access-list 120 deny ip 10.10.20.0 0.0.0.255 10.10.50.0 0.0.0.255
--More-- access-list 120 deny ip 10.10.10.0 0.0.0.255 10.10.11.0 0.0.0.255
access-list 120 permit ip 10.10.20.0 0.0.0.255 any
access-list 120 permit ip 10.10.10.0 0.0.0.255 any
access-list 121 permit ip 10.10.50.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 121 permit ip 10.10.50.0 0.0.0.255 10.10.20.0 0.0.0.255
access-list 150 permit tcp any any eq 8081
access-list 190 permit ip any host 10.10.10.7
access-list 190 permit ip host 10.10.10.7 any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 120
control-plane
banner exec ^CCCCCCCCCCCCC
--More--
% Password expiration warning.
--More--
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
--More--
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
--More-- this session.
It is strongly suggested that you create a new username with a privilege level
--More--
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
--More--
Replace <myuser> and <mypassword> with the username and password you
want to use.
--More--
^C
banner login ^CCCCCCCCCCCCC
--More--
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
--More--
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
--More--
PUBLICLY-KNOWN CREDENTIALS
--More-- Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
--More--
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
--More--
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
--More--
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
--More--
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
^C
line con 0
--More-- no modem enable
line aux 0
line vty 0 4
access-class 23 in
transport input telnet ssh
scheduler max-task-time 5000
webvpn gateway gateway_1
ip address 216.x.x.x port 8081
ssl trustpoint TP-self-signed-3840840377
inservice
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context WebVPN
title "CarePath WebVPN"
secondary-color white
title-color #669999
text-color black
ssl authenticate verify all
--More-- !
url-list "CarePath"
heading "CarePath Websites"
url-text "CPNet" url-value "http://10.10.10.100/CPnet/"
url-text "CarePath External Website" url-value "http://www.carepath.ca"
url-text "Navigator" url-value "http://10.10.10.103"
policy group policy_1
url-list "CarePath"
functions svc-enabled
svc address-pool "SDM_POOL_1"
svc msie-proxy option auto
svc split include 10.10.0.0 255.255.0.0
svc dns-server primary 10.10.10.5
virtual-template 5
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_2
gateway gateway_1
max-users 20
inservice
end
--More--
Router# -
EzVPN sometimes ping only in one direction or only one interface
Guys, I have lots of 857's routers in the field with mostly the latest OS - 12.4(15)T17 making ezVPN connections to a 2951 with 15.1(4)M5.
All the 857's have lookback and vlan interfaces similar to :
interface Loopback0
ip address 50.43.8.1 255.255.255.255
ip tcp adjust-mss 1452
end
interface Vlan1
ip address 40.43.8.1 255.255.255.128
ip tcp adjust-mss 1452
crypto ipsec client ezvpn SMS_VPN inside
end
This is my Dialer interface :
interface Dialer0
ip ddns update hostname my_custom_host_name
ip ddns update SMS_DynDNS
ip address negotiated
ip access-group 102 in
ip access-group 101 out
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
ppp authentication chap pap callin
ppp chap hostname my_hostname
ppp chap password 0 my_password
ppp pap sent-username my_hostname password 0 my_password
ppp ipcp dns request accept
crypto ipsec client ezvpn SMS_VPN
And their crypto's are defined as :
crypto ipsec client ezvpn SMS_VPN
connect auto
group HW_Client key my_client_key
mode network-extension
peer my_peer_ip
acl 100
username my_username password my_password
xauth userid mode local
Now lately for some or other reason we have instances where I can ping either the VLAN or the LOOPBACK interface, but not both. Or I have instances where the 2951 can ping all the interfaces on the 857, but the 857 can not ping the 2951. Or I have instances where the 2951 can not ping the 857, but the 857 can ping the 2951.
The way I have been fixing this is either to add crypto ipsec client ezvpn SMS_VPN inside to the loopback interface, or if it is there already to remove it. This usually works for a few days, but then suddenly I have to reverse this again. If that does not work then I usually do lots of clear crypt sess and/or clear crypt ipsec client ezvpn on the 857, or clear crypt sess remote 857_ip_address from the 2951 and then suddenly it starts working again.
Surely there must be something wrong, but I just can not figure out what. Any ideas ?!Bump ... Anyone please ...
-
Cannot establish multiple simultaneous PPTP connections with the CISCO 1841.
Hello everyone;
I have recently tested a PPTP connection with a CISCO 1841 router and got success. I have configured a windows 7 client and successfully connected to the router and was able to access the documents in the server PC that I have mentioned in the attached diagram. I have created number of different users in the CISCO 1841 too. While some one is having a connection, another user cannot connect to it, which means multiple simultaneous connections aren't possible. Do I have to create a ACL for the PPTP and if yes, How ?
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.100.1/25
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 100
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Inbound inspection rule is SDM_LOW
--------------------------------------------------------------------------------------------ACL 100-----------------------------
deny icmp any any echo-reply
deny ip host 255.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip host 66.163.169.186 any
permit ip any any (122467027 matches)As long as you have the inspection engine enabled on the ASA, it shouldn't freak out of the different IP as it will inspect the call signalling and will NAT it accordingly, BUT, for simplicity, I agree with you, it would cause a lot of troubleshooting headache if there is problem as well as reconfiguration of IP on the host ends.
Here is the NAT FYI:
object network obj-10.10.96.0
subnet 10.10.96.0 255.255.255.0
object network obj-192.168.96.0
subnet 192.168.96.0 255.255.255.0
object network obj-10.10.14.0
subnet 10.10.14.0 255.255.255.0
object network obj-10.1.0.0
subnet 10.1.0.0 255.255.255.0
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-10.10.11.0
subnet 10.10.11.0 255.255.255.0
object network obj-192.168.11.0
subnet 192.168.11.0 255.255.255.0
nat (inside,outside) source static obj-10.10.96.0 obj-192.168.96.0 destination static obj-10.10.14.0 obj-10.10.14.0
nat (inside,outside) source static obj-10.1.0.0 obj-192.168.1.0 destination static obj-10.10.14.0 obj-10.10.14.0
nat (inside,outside) source static obj-10.10.11.0 obj-192.168.11.0 destination static obj-10.10.14.0 obj-10.10.14.0 -
Hi all, I have a 2811 [Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(11)XJ, RELEASE SOFTWARE (fc1)] and I don´t know why, sometimes the router just stop routing. I perform a "show ip route" or "show arp" and seems to be everything ok. Interfaces are all up, and a site-to-site vpn active but no traffic between the sites.
Does anybody know what could be happening or what command should I execute the next time?
Best regards
Carlos
PD: Sorry for my english :-)!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp key **** address **** no-xauth
crypto isakmp client configuration group vpn
key voicentersdm
pool SDM_POOL_1
acl 100
netmask 255.255.255.0
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set esp-aes256-sha esp-aes 256 esp-sha-hmac
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 11 ipsec-isakmp
description ****
set peer ****
set transform-set esp-aes256-sha
match address 102
interface FastEthernet0/0
description Internet$ETH-WAN$
ip address ****
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
no cdp enable
crypto map SDM_CMAP_1
interface FastEthernet0/1
description ****
ip address 172.16.156.2 2555.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
interface FastEthernet0/0/0
description LAN
interface FastEthernet0/0/1
description mpls
switchport access vlan 100
interface FastEthernet0/0/2
interface FastEthernet0/0/3
interface Vlan1
description $ES_LAN$
ip address ****
ip nat inside
ip virtual-reassembly
interface Vlan100
description mpls
ip address ****
ip nat inside
ip virtual-reassembly
ip local pool SDM_POOL_1 192.168.2.1 192.168.2.5
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 **** name default_route
ip route 10.0.0.0 255.255.254.0 190.3.65.57
ip route 10.0.2.0 255.255.255.0 10.0.254.9
ip route 10.0.3.0 255.255.255.0 10.0.254.9
ip route 10.0.254.0 255.255.255.248 10.0.254.9
ip route 10.48.25.0 255.255.255.0 172.16.156.1
ip route 10.92.16.0 255.255.255.0 172.16.156.1
ip route 10.92.17.0 255.255.255.0 172.16.156.1
ip route 10.92.24.0 255.255.255.0 172.16.156.1
ip route 10.92.48.0 255.255.255.0 172.16.156.1
ip route 10.92.49.0 255.255.255.0 172.16.156.1
ip route 10.92.50.0 255.255.255.0 172.16.156.1
ip route 10.92.55.0 255.255.255.0 172.16.156.1
ip route 170.51.242.0 255.255.255.0 172.16.156.1
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool nat-claro 172.16.156.2 172.16.156.200 netmask 255.255.255.0
ip nat pool nat-claro-chaco 172.16.157.2 172.16.157.200 netmask 255.255.255.0
ip nat inside source route-map ****
ip nat inside source route-map ****
logging trap notifications
logging 10.20.1.234
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 10.20.0.0 0.0.255.255 any
access-list 100 permit ip 172.16.156.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=18
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.16.80
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.16.177
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.17.234
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.16.4
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.16.51
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.16.52
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.16.243
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.16.242
access-list 101 permit ip 10.20.0.0 0.0.255.255 10.92.48.0 0.0.0.255
access-list 101 permit ip 10.20.0.0 0.0.255.255 10.92.49.0 0.0.0.255
access-list 101 permit ip 10.20.0.0 0.0.255.255 10.92.50.0 0.0.0.255
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.55.11
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 170.51.242.162
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.55.12
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.55.13
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.55.21
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.55.15
access-list 101 permit ip 10.20.0.0 0.0.255.255 host 10.92.16.86
access-list 101 permit ip 10.0.0.0 0.255.255.255 host 10.92.55.16
access-list 102 permit ip 10.20.0.0 0.0.255.255 10.0.0.0 0.0.1.255
access-list 102 permit ip 10.92.0.0 0.0.255.255 10.0.0.0 0.0.1.255
access-list 102 permit ip 10.20.0.0 0.0.255.255 192.168.10.0 0.0.0.255
access-list 102 permit ip 10.92.0.0 0.0.255.255 192.168.10.0 0.0.0.255
access-list 102 permit ip 10.0.2.0 0.0.0.255 10.0.0.0 0.0.1.255
access-list 103 permit ip 10.0.0.0 0.0.1.255 host 10.92.16.80
access-list 103 permit ip 10.0.0.0 0.0.1.255 host 10.92.16.177
access-list 103 permit ip 10.0.0.0 0.0.1.255 host 10.92.17.234
access-list 103 permit ip 10.0.0.0 0.0.1.255 host 10.92.16.4
access-list 103 permit ip 10.0.0.0 0.0.1.255 host 10.92.16.51
access-list 103 permit ip 10.0.0.0 0.0.1.255 host 10.92.16.52
access-list 103 permit ip 10.0.0.0 0.0.1.255 host 10.92.16.243
access-list 103 permit ip 10.0.0.0 0.0.1.255 host 10.92.16.242
access-list 103 permit ip 10.0.2.0 0.0.0.255 host 10.92.16.80
access-list 103 permit ip 10.0.2.0 0.0.0.255 host 10.92.16.243
access-list 103 permit ip 10.0.2.0 0.0.0.255 host 10.92.16.242
access-list 103 permit ip 10.0.0.0 0.0.1.255 host 10.92.55.15
access-list 103 permit ip 10.0.2.0 0.0.0.255 host 10.92.55.15
access-list 103 permit ip 10.0.3.0 0.0.0.255 host 10.92.16.80
access-list 103 permit ip 10.0.3.0 0.0.0.255 host 10.92.16.177
access-list 103 permit ip 10.0.3.0 0.0.0.255 host 10.92.17.234
access-list 103 permit ip 10.0.2.0 0.0.0.255 host 10.92.16.177
access-list 103 permit ip 10.0.2.0 0.0.0.255 host 10.92.17.234
access-list 103 permit ip 10.0.2.0 0.0.0.255 host 10.92.16.4
access-list 103 permit ip 10.0.2.0 0.0.0.255 host 10.92.16.51
access-list 103 permit ip 10.0.2.0 0.0.0.255 host 10.92.16.52
access-list 103 permit ip 10.0.3.0 0.0.0.255 host 10.92.16.4
access-list 103 permit ip 10.0.3.0 0.0.0.255 host 10.92.16.51
access-list 103 permit ip 10.0.3.0 0.0.0.255 host 10.92.16.52
access-list 103 permit ip 10.0.3.0 0.0.0.255 host 10.92.16.243
access-list 103 permit ip 10.0.3.0 0.0.0.255 host 10.92.16.242
access-list 103 permit ip 10.0.3.0 0.0.0.255 host 10.92.55.15
access-list 103 permit ip 10.0.0.0 0.0.1.255 host 10.92.55.21
access-list 104 permit ip 10.20.0.0 0.0.255.255 10.0.2.0 0.0.0.255
access-list 104 permit ip 10.92.0.0 0.0.255.255 10.0.2.0 0.0.0.255
no cdp run
route-map *** permit 10
match ip address 101
route-map *** permit 20
match ip address 103
! -
**** MPLS over IP using low-end routers ****
I have a situation where the customer would like to run 2 different vrf's to keep there traffic completely seperated. I need to use DMVPN for the point to point link between the two router becouse 1 router will be a static base station and the other will be a remote unit connecting to the base router via the internet from differing locations. There will will more than one remote in the future.
I have tried quiet a few combinations to try and make it happen, but to no avail.
Anyway that may have something please let me know. here are the following prereq's.
1. Hub and spoke top (spoke ip unknown to base)
2. Link to hub from spoke will be IP 1 int/ 1 add
3. Link between 2 will need AES 256 encryption.
4. Must transport 2 different VRF's.
5. would like to use OSPF or EIGRP.
Thank you,
Rick PayneYou could maybe use a combination of DMVPN, ezVPN and Multi-VRF. I have written down a quick and dirty config for the server side.. This is not tested at all just written in notepad from my head.. so there may very well be lots of errors... but you'll maybe get some ideas...
aaa authentication login spoke-auth local
aaa authorization network spoke-group local
username spoke1 password cisco123
ip vrf red
rd 1:1
route-target export 1:1
route-target import 1:1
ip vrf blue
rd 2:2
route-target export 2:2
route-target import 2:2
crypto keyring spoke-keys
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
crypto isakmp policy 1
encr aes 256
hash sha
authentication pre-share
group 2
crypto isakmp client configuration address-pool local spoke-pool
crypto isakmp client configuration group spokes
key cisco123
pool spoke-pool
acl 100
save-password
crypto isakmp profile spoke-group-profile
keyring spoke-keys
match identity group spokes
client authentication list spoke-auth
isakmp authorization list spoke-group
client configuration address respond
crypto ipsec transform-set aes-sha esp-aes 256 esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set aes-sha
set isakmp-profile spoke-group-profile
reverse-route
crypto map cmap 10 ipsec-isakmp dynamic dynmap
interface Loopback100
ip vrf forwarding red
ip address 192.168.99.1 255.255.255.255
interface Loopback200
ip vrf forwarding blue
ip address 192.168.99.2 255.255.255.255
interface Tunnel100
ip vrf forwarding red
ip address 192.168.101.1 255.255.255.0
no ip redirects
ip mtu 1436
ip nhrp authentication dmvpnred
ip nhrp map multicast dynamic
ip nhrp network-id 100001
ip nhrp holdtime 300
delay 1000
tunnel source Loopback100
tunnel mode gre multipoint
tunnel key 100001
interface Tunnel200
ip vrf forwarding blue
ip address 192.168.201.1 255.255.255.0
no ip redirects
ip mtu 1436
ip nhrp authentication dmvpnblue
ip nhrp map multicast dynamic
ip nhrp network-id 200001
ip nhrp holdtime 300
delay 1000
tunnel source Loopback200
tunnel mode gre multipoint
tunnel key 200001
interface FastEthernet0/0
description To INTERNET
ip address 192.0.2.2 255.255.255.252
crypto map cmap
interface FastEthernet0/1
description To INSIDE
no ip address
interface FastEthernet0/1.100
description To one network
encapsulation dot1q 100
ip vrf forwarding red
ip address 192.168.100.1 255.255.255.0
interface FastEthernet0/1.200
description To the other network
encapsulation dot1q 200
ip vrf forwarding blue
ip address 192.168.200.1 255.255.255.0
router eigrp 1
address-family ipv4 vrf red
network 192.168.100.0 0.0.0.255
network 192.168.101.0 0.0.0.255
exit-address-family
address-family ipv4 vrf blue
network 192.168.200.0 0.0.0.255
network 192.168.201.0 0.0.0.255
exit-address-family
ip local pool spoke-pool 10.10.10.1 10.10.10.200
ip classless
ip route 0.0.0.0 0.0.0.0 192.0.2.1
ip route 192.168.99.1 255.255.255.255 Loopback100
ip route 192.168.99.2 255.255.255.255 Loopback200
ip route 192.168.100.0 255.255.255.0 FastEthernet0/0 192.0.2.1 global
ip route 192.168.200.0 255.255.255.0 FastEthernet0/0 192.0.2.1 global
access-list 100 permit ip 192.168.99.0 0.0.0.255 any -
CBAC: creating temporary entries in another interface?
Hi,
I am trying to understand the example at http://www.cisco.com/en/US/docs/ios/sec_data_plane/configuration/guide/sec_cfg_content_ac.html#wp1002224 in which the "ip inspect" command is applied to Ethernet 1/0 but the document says that the dynamic temporary entries will be created in the ACL 100 which is applied to another interface (Etherent 1/1). Is this true? I am under the impression that "ip inspect ... in" will add entries to the outbound ACL for the same interface, while
"ip inspect ... out" will add entries to the inbound ACL for the same interface.
Thanks in advance!Hello Ka,
You do not need it, as soon as you have the inspection the returning traffic that matches the connections being inspected by CBAC will be allowed and will overwrite any ACL denying that traffic.
I think its a way to see things because as an example:
Inside------Router----Outside
Lets say you have an ACL denying all traffic on the outside interface inbound direction, with CBAC configure on the inside for outbound TCP connections, all the TCP traffic returning for a connection that matches the traffic being inspected will be allowed ( so yes a temporary entry will be added to the inbound ACL on the outside interface.
That is the whole purpose of CBAC ( A stateful firewall)
Regards,
Julio -
[SOLVED] Glibc and filesystem update, I screwed it up
Hi,
I read the announcement and tried to update via "pacman -Syu", however pacman gave the message
filesystem: /usr/lib64 exists in filesystem
Ok, so I did
pacman -Syu --ignore filesystem glibc
Unfortunately I didn't think of 'ignoring' lib32-glibc and I think this screwed everything up:
sudo pacman -Syu --ignore filesystem glibc
[sudo] password for nuc:
:: Synchronisiere Paketdatenbanken...
core ist aktuell
extra ist aktuell
community ist aktuell
multilib ist aktuell
archlinuxfr ist aktuell
:: Starte komplette Systemaktualisierung...
Warnung: balz: Lokale Version (1.15-4) ist neuer als archlinuxfr (1.15-2)
Warnung: filesystem: Ignoriere Paket-Aktualisierung (2012.12-1 => 2013.01-1)
Löse Abhängigkeiten auf...
Warnung: Abhängigkeits-Zyklus entdeckt:
Warnung: lib32-gcc-libs wird vor seiner Abhängigkeit gcc-libs-multilib installiert werden
Suche nach Zwischenkonflikten...
Pakete (26): bash-4.2.042-2 cifs-utils-5.9-1 colord-0.1.28-1 cpupower-3.7-5
ethtool-1:3.7-1 gcc-libs-multilib-4.7.2-4 gcc-multilib-4.7.2-4
gnupg-2.0.19-4 gpgme-1.3.1-5 json-c-0.10-1
lib32-gcc-libs-4.7.2-4 lib32-glibc-2.17-2 lib32-libgl-9.0.2-1
lib32-libglapi-9.0.2-1 lib32-pango-1.32.5-1
libtorrent-rasterbar-1:0.16.7-1 libwbclient-3.6.11-2
linux-api-headers-3.7.4-1 macchanger-1.5.0-6 mkinitcpio-0.12.0-3
perl-error-0.17019-1 smbclient-3.6.11-2 sudo-1.8.6.p5-1
xorg-server-1.13.2-1 xorg-server-common-1.13.2-1 glibc-2.17-2
Gesamtgröße der zu installierenden Pakete: 271,63 MiB
Größendifferenz der Aktualisierung: 5,31 MiB
Installation fortsetzen? [J/n]
(26/26) Überprüfe Paket-Integrität [----------------------] 100%
(26/26) Lade Paket-Dateien [----------------------] 100%
(26/26) Prüfe auf Dateikonflikte [----------------------] 100%
(26/26) Überprüfe verfügbaren Festplattenspeicher [----------------------] 100%
( 1/26) Aktualisiere linux-api-headers [----------------------] 100%
( 2/26) Aktualisiere glibc [----------------------] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
( 3/26) Aktualisiere bash [----------------------] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
( 4/26) Aktualisiere libwbclient [----------------------] 100%
( 5/26) Aktualisiere cifs-utils [----------------------] 100%
( 6/26) Aktualisiere colord [----------------------] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
( 7/26) Aktualisiere cpupower [----------------------] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
( 8/26) Aktualisiere ethtool [----------------------] 100%
( 9/26) Aktualisiere lib32-glibc [----------------------] 100%
(10/26) Aktualisiere lib32-gcc-libs [----------------------] 100%
(11/26) Aktualisiere gcc-libs-multilib [----------------------] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(12/26) Aktualisiere gcc-multilib [----------------------] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(13/26) Aktualisiere gnupg [----------------------] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(14/26) Aktualisiere gpgme [----------------------] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(15/26) Aktualisiere json-c [----------------------] 100%
(16/26) Aktualisiere lib32-libglapi [----------------------] 100%
(17/26) Aktualisiere lib32-libgl [----------------------] 100%
(18/26) Aktualisiere lib32-pango [----------------------] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(19/26) Aktualisiere libtorrent-rasterbar [----------------------] 100%
(20/26) Aktualisiere macchanger [----------------------] 100%
(21/26) Aktualisiere mkinitcpio [----------------------] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(22/26) Aktualisiere perl-error [----------------------] 100%
(23/26) Aktualisiere smbclient [----------------------] 100%
(24/26) Aktualisiere sudo [----------------------] 100%
(25/26) Aktualisiere xorg-server-common [----------------------] 100%
(26/26) Aktualisiere xorg-server [----------------------] 100%
"Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)" means something like "Could not call execv (file or diretory not found)"
So what should I do now? I didn't restart the system yet.
best regards
nuc
Last edited by nuc (2013-01-29 16:36:24)I have the same problem "Konnte execv nicht aufrufen" (can't call execv) when i updated my system. Now i can't sudo anymore. Have anybody an Idea how to solve this Problem?
Here's my terminal output (sorry for the german output, but my system language is german):
sudo pacman -Syu
:: Synchronisiere Paketdatenbanken...
cinnarch-repo 333,0 B 257K/s 00:00 [######################] 100%
cinnarch-repo 31,4 KiB 151K/s 00:00 [######################] 100%
cinnarch-core ist aktuell
core 105,2 KiB 567K/s 00:00 [######################] 100%
extra 1436,9 KiB 877K/s 00:02 [######################] 100%
community 1878,2 KiB 729K/s 00:03 [######################] 100%
multilib 93,9 KiB 666K/s 00:00 [######################] 100%
:: Starte komplette Systemaktualisierung...
Warnung: filesystem: Lokale Version (1:2012.12-1) ist neuer als core (2013.01-1)
Löse Abhängigkeiten auf...
Suche nach Zwischenkonflikten...
Pakete (31): acl-2.2.51-3 bash-4.2.042-2 calibre-0.9.16-1
cantarell-fonts-0.0.12-1 cifs-utils-5.9-1 clementine-1.1.1-4
clutter-gst-2.0.0-1 clutter-gtk-1.4.2-1 colord-0.1.28-1
evolution-data-server-3.6.3-1 gcc-4.7.2-4 gcc-libs-4.7.2-4
glibc-2.17-2 json-c-0.10-1 lib32-gcc-libs-4.7.2-4
lib32-glibc-2.17-2 libgee-0.6.7-1 liblastfm-1.0.6-1
libwbclient-3.6.11-2 linux-api-headers-3.7.4-1
mkinitcpio-0.12.0-3 mtools-4.0.18-1 ruby-atk-1.2.0-1
ruby-gdkpixbuf2-1.2.0-1 ruby-glib2-1.2.0-1 ruby-gtk2-1.2.0-1
ruby-pango-1.2.0-1 smbclient-3.6.11-2 sudo-1.8.6.p5-1
transmission-cli-2.76-2 transmission-gtk-2.76-2
Gesamtgröße des Downloads: 69,55 MiB
Gesamtgröße der zu installierenden Pakete: 338,41 MiB
Größendifferenz der Aktualisierung: 0,55 MiB
Installation fortsetzen? [J/n] j
:: Empfange Pakete von core...
acl-2.2.51-3-x86_64 132,9 KiB 502K/s 00:00 [######################] 100%
linux-api-headers-3... 614,9 KiB 737K/s 00:01 [######################] 100%
glibc-2.17-2-x86_64 7,7 MiB 971K/s 00:08 [######################] 100%
bash-4.2.042-2-x86_64 788,3 KiB 577K/s 00:01 [######################] 100%
gcc-libs-4.7.2-4-x86_64 768,5 KiB 711K/s 00:01 [######################] 100%
gcc-4.7.2-4-x86_64 18,4 MiB 748K/s 00:25 [######################] 100%
mkinitcpio-0.12.0-3-any 28,9 KiB 241K/s 00:00 [######################] 100%
sudo-1.8.6.p5-1-x86_64 576,9 KiB 428K/s 00:01 [######################] 100%
:: Empfange Pakete von extra...
cantarell-fonts-0.0... 56,6 KiB 503K/s 00:00 [######################] 100%
libwbclient-3.6.11-... 26,7 KiB 417K/s 00:00 [######################] 100%
cifs-utils-5.9-1-x86_64 65,7 KiB 545K/s 00:00 [######################] 100%
liblastfm-1.0.6-1-x... 214,6 KiB 651K/s 00:00 [######################] 100%
clutter-gst-2.0.0-1... 58,1 KiB 536K/s 00:00 [######################] 100%
clutter-gtk-1.4.2-1... 34,3 KiB 356K/s 00:00 [######################] 100%
colord-0.1.28-1-x86_64 288,8 KiB 508K/s 00:01 [######################] 100%
evolution-data-serv... 2,9 MiB 868K/s 00:03 [######################] 100%
json-c-0.10-1-x86_64 30,0 KiB 529K/s 00:00 [######################] 100%
libgee-0.6.7-1-x86_64 102,7 KiB 284K/s 00:00 [######################] 100%
mtools-4.0.18-1-x86_64 173,4 KiB 452K/s 00:00 [######################] 100%
smbclient-3.6.11-2-... 7,9 MiB 1001K/s 00:08 [######################] 100%
transmission-cli-2.... 587,7 KiB 225K/s 00:03 [######################] 100%
transmission-gtk-2.... 708,0 KiB 647K/s 00:01 [######################] 100%
:: Empfange Pakete von community...
calibre-0.9.16-1-x86_64 19,3 MiB 958K/s 00:21 [######################] 100%
clementine-1.1.1-4-... 4,3 MiB 719K/s 00:06 [######################] 100%
ruby-glib2-1.2.0-1-... 101,5 KiB 293K/s 00:00 [######################] 100%
ruby-atk-1.2.0-1-x86_64 18,4 KiB 176K/s 00:00 [######################] 100%
ruby-gdkpixbuf2-1.2... 14,6 KiB 182K/s 00:00 [######################] 100%
ruby-pango-1.2.0-1-... 34,4 KiB 270K/s 00:00 [######################] 100%
ruby-gtk2-1.2.0-1-x... 233,1 KiB 376K/s 00:01 [######################] 100%
:: Empfange Pakete von multilib...
lib32-glibc-2.17-2-... 2,7 MiB 755K/s 00:04 [######################] 100%
lib32-gcc-libs-4.7.... 732,4 KiB 499K/s 00:01 [######################] 100%
(31/31) Überprüfe Paket-Integrität [######################] 100%
(31/31) Lade Paket-Dateien [######################] 100%
(31/31) Prüfe auf Dateikonflikte [######################] 100%
(31/31) Überprüfe verfügbaren Festplattenspeicher [######################] 100%
( 1/31) Aktualisiere acl [######################] 100%
( 2/31) Aktualisiere linux-api-headers [######################] 100%
( 3/31) Aktualisiere glibc [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
( 4/31) Aktualisiere bash [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
( 5/31) Aktualisiere calibre [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
( 6/31) Aktualisiere cantarell-fonts [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
( 7/31) Aktualisiere libwbclient [######################] 100%
( 8/31) Aktualisiere cifs-utils [######################] 100%
( 9/31) Aktualisiere liblastfm [######################] 100%
(10/31) Aktualisiere clementine [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(11/31) Aktualisiere clutter-gst [######################] 100%
(12/31) Aktualisiere clutter-gtk [######################] 100%
(13/31) Aktualisiere colord [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(14/31) Aktualisiere evolution-data-server [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(15/31) Aktualisiere gcc-libs [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(16/31) Aktualisiere gcc [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(17/31) Aktualisiere json-c [######################] 100%
(18/31) Aktualisiere lib32-glibc [######################] 100%
(19/31) Aktualisiere lib32-gcc-libs [######################] 100%
(20/31) Aktualisiere libgee [######################] 100%
(21/31) Aktualisiere mkinitcpio [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(22/31) Aktualisiere mtools [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
Neue optionale Abhängigkeiten für mtools
libsm: required by floppyd
(23/31) Aktualisiere ruby-glib2 [######################] 100%
(24/31) Aktualisiere ruby-atk [######################] 100%
(25/31) Aktualisiere ruby-gdkpixbuf2 [######################] 100%
(26/31) Aktualisiere ruby-pango [######################] 100%
(27/31) Aktualisiere ruby-gtk2 [######################] 100%
(28/31) Aktualisiere smbclient [######################] 100%
(29/31) Aktualisiere sudo [######################] 100%
(30/31) Aktualisiere transmission-cli [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden
(31/31) Aktualisiere transmission-gtk [######################] 100%
Konnte execv nicht aufrufen (Datei oder Verzeichnis nicht gefunden)
Fehler: Befehl konnte nicht korrekt ausgeführt werden -
[SOLVED] mkarchiso: ERROR: failed to detect root filesystem
hi guys!
i am now trying to build my own live archlinux distribution with archiso and with the command "mkarchiso"
at the first step in installing the base when it installs linux and execute "mkinitcpio" it shows me this error:
( 73/111) installing linux [#####################################################################] 100%
>>> Updating module dependencies. Please wait ...
>>> Generating initial ramdisk, using mkinitcpio. Please wait...
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
==> Starting build: 3.9.9-1-ARCH
-> Running build hook: [base]
-> Running build hook: [udev]
-> Running build hook: [autodetect]
==> ERROR: failed to detect root filesystem
-> Running build hook: [modconf]
-> Running build hook: [block]
-> Running build hook: [filesystems]
-> Running build hook: [keyboard]
-> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip initcpio image: /boot/initramfs-linux.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: 3.9.9-1-ARCH
-> Running build hook: [base]
-> Running build hook: [udev]
-> Running build hook: [modconf]
-> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: bfa
==> WARNING: Possibly missing firmware for module: aic94xx
-> Running build hook: [filesystems]
-> Running build hook: [keyboard]
-> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip initcpio image: /boot/initramfs-linux-fallback.img
==> Image generation successful
i continue the process with that error and in the "run" step i did this command
# mkarchiso -w work/x86_64/ -r mkinitcpio -p linux run
[root@fuhrer livecd]# mkarchiso -w work/x86_64/ -r mkinitcpio -p linux run
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: run
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work/x86_64/
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Run command: mkinitcpio
==> Starting dry run: 3.9.9-1-ARCH
-> Running build hook: [base]
-> Running build hook: [udev]
-> Running build hook: [autodetect]
==> ERROR: failed to detect root filesystem
-> Running build hook: [modconf]
-> Running build hook: [block]
-> Running build hook: [filesystems]
-> Running build hook: [keyboard]
-> Running build hook: [fsck]
==> Generating module dependencies
==> Dry run complete, use -g IMAGE to generate a real image
and the big problem shows when i build the iso file and "dd" it to USB disk, when i choose to boot the live archlinux it tell me
ERROR: failed to detect root filesystem
and that you cannot log to tty
any suggestions?
Last edited by fuhrer (2013-07-22 17:05:07)First run it, without any modification to learn how it works. Check if works. Modify as you need. Check if works...
Do not worry about the mkinitcpio error, because such initramfs images should not be used for boot live medium. You can see that profiles uses own mkinitcpio.conf with at least archiso hook
Running mkarchiso directly is not the right way, at least if you do not know how things works.
[root@exequiel tmp]# cp -r /usr/share/archiso/configs/baseline .
[root@exequiel tmp]# cd baseline
[root@exequiel baseline]# ./build.sh
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: init
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Pacman config file: /etc/pacman.conf
[mkarchiso] INFO: Installing packages to 'work/root-image/'...
:: Synchronizing package databases...
core 103.0 KiB 12.6M/s 00:00 [############################################################################] 100%
extra 1439.7 KiB 11.2M/s 00:00 [############################################################################] 100%
community 1990.1 KiB 11.2M/s 00:00 [############################################################################] 100%
multilib 107.3 KiB 11.6M/s 00:00 [############################################################################] 100%
:: There are 51 members in group base:
:: Repository core
1) bash 2) bzip2 3) coreutils 4) cronie 5) cryptsetup 6) device-mapper 7) dhcpcd 8) diffutils 9) e2fsprogs 10) file 11) filesystem 12) findutils 13) gawk 14) gcc-libs 15) gettext 16) glibc
17) grep 18) gzip 19) heirloom-mailx 20) inetutils 21) iproute2 22) iputils 23) jfsutils 24) less 25) licenses 26) linux 27) logrotate 28) lvm2 29) man-db 30) man-pages 31) mdadm 32) nano
33) netctl 34) pacman 35) pciutils 36) pcmciautils 37) perl 38) procps-ng 39) psmisc 40) reiserfsprogs 41) sed 42) shadow 43) sysfsutils 44) systemd-sysvcompat 45) tar 46) texinfo 47) usbutils
48) util-linux 49) vi 50) which 51) xfsprogs
Enter a selection (default=all):
resolving dependencies...
looking for inter-conflicts...
Packages (111):
Name New Version Net Change
core/acl 2.2.52-1 0.39 MiB
core/archlinux-keyring 20130525-2 0.49 MiB
core/attr 2.4.47-1 0.19 MiB
core/ca-certificates 20130610-1 0.25 MiB
core/cracklib 2.8.22-3 1.20 MiB
core/curl 7.31.0-1 1.73 MiB
core/db 5.3.21-1 15.30 MiB
core/dbus 1.6.12-1 1.63 MiB
core/dirmngr 1.1.1-1 0.49 MiB
core/expat 2.1.0-2 0.61 MiB
core/gdbm 1.10-1 0.37 MiB
core/glib2 2.36.3-2 11.66 MiB
core/gmp 5.1.2-1 2.07 MiB
core/gnupg 2.0.20-2 7.14 MiB
core/gpgme 1.4.2-1 0.68 MiB
core/groff 1.22.2-3 8.94 MiB
core/hwids 20130607-1 1.28 MiB
core/iana-etc 2.30-3 3.44 MiB
core/iptables 1.4.19.1-1 1.38 MiB
core/kbd 1.15.5-4 2.83 MiB
core/keyutils 1.5.5-5 0.18 MiB
core/kmod 14-1 0.45 MiB
core/krb5 1.11.3-1 3.86 MiB
core/libarchive 3.1.2-1 3.19 MiB
core/libassuan 2.1.1-1 0.17 MiB
core/libcap 2.22-5 0.13 MiB
core/libffi 3.0.13-3 0.10 MiB
core/libgcrypt 1.5.2-1 0.68 MiB
core/libgpg-error 1.12-1 0.33 MiB
core/libgssglue 0.4-1 0.19 MiB
core/libksba 1.3.0-1 0.30 MiB
core/libldap 2.4.35-4 2.15 MiB
core/libpipeline 1.2.4-1 0.08 MiB
core/libsasl 2.1.26-4 0.54 MiB
core/libssh2 1.4.3-1 1.19 MiB
core/libtirpc 0.2.3-1 0.68 MiB
core/libusbx 1.0.15-1 0.15 MiB
core/linux-api-headers 3.8.4-1 4.58 MiB
core/linux-firmware 20130610-1 51.25 MiB
core/lzo2 2.06-1 0.61 MiB
core/mkinitcpio 0.14.0-1 0.16 MiB
core/mkinitcpio-busybox 1.20.2-1 0.34 MiB
core/mpfr 3.1.2-1 1.50 MiB
core/ncurses 5.9-5 9.75 MiB
core/openresolv 3.5.5-1 0.04 MiB
core/openssl 1.0.1.e-3 11.38 MiB
core/pacman-mirrorlist 20130626-1 0.02 MiB
core/pam 1.1.6-4 3.41 MiB
core/pambase 20130113-1 0.04 MiB
core/pcre 8.33-1 4.83 MiB
core/pinentry 0.8.3-1 0.33 MiB
core/popt 1.16-6 0.43 MiB
core/pth 2.0.7-4 0.21 MiB
core/readline 6.2.004-1 1.20 MiB
core/run-parts 4.3.4-1 0.11 MiB
core/systemd 204-3 14.59 MiB
core/sysvinit-tools 2.88-11 0.07 MiB
core/tzdata 2013d-1 1.84 MiB
core/xz 5.0.5-1 0.90 MiB
core/zlib 1.2.8-1 0.30 MiB
core/bash 4.2.045-4 3.51 MiB
core/bzip2 1.0.6-4 0.25 MiB
core/coreutils 8.21-2 13.27 MiB
core/cronie 1.4.9-5 0.15 MiB
core/cryptsetup 1.6.1-2 0.71 MiB
core/device-mapper 2.02.98-4 0.52 MiB
core/dhcpcd 5.6.8-3 0.16 MiB
core/diffutils 3.3-1 0.43 MiB
core/e2fsprogs 1.42.8-1 3.16 MiB
core/file 5.14-1 2.71 MiB
core/filesystem 2013.05-2 0.01 MiB
core/findutils 4.4.2-5 1.70 MiB
core/gawk 4.1.0-1 2.11 MiB
core/gcc-libs 4.8.1-1 3.41 MiB
core/gettext 0.18.3-1 11.10 MiB
core/glibc 2.17-6 35.24 MiB
core/grep 2.14-2 1.33 MiB
core/gzip 1.6-1 0.18 MiB
core/heirloom-mailx 12.5-3 0.46 MiB
core/inetutils 1.9.1-6 0.97 MiB
core/iproute2 3.9.0-2 1.37 MiB
core/iputils 20121221-2 0.21 MiB
core/jfsutils 1.1.15-4 0.98 MiB
core/less 458-1 0.22 MiB
core/licenses 20130203-1 0.53 MiB
core/linux 3.9.9-1 63.98 MiB
core/logrotate 3.8.5-1 0.07 MiB
core/lvm2 2.02.98-4 3.10 MiB
core/man-db 2.6.5-1 1.26 MiB
core/man-pages 3.52-1 4.63 MiB
core/mdadm 3.2.6-4 1.18 MiB
core/nano 2.2.6-2 1.49 MiB
core/netctl 1.1-1 0.16 MiB
core/pacman 4.1.2-1 4.04 MiB
core/pciutils 3.2.0-3 0.34 MiB
core/pcmciautils 018-7 0.05 MiB
core/perl 5.18.0-1 47.64 MiB
core/procps-ng 3.3.8-2 0.59 MiB
core/psmisc 22.20-1 0.73 MiB
core/reiserfsprogs 3.6.23-1 0.95 MiB
core/sed 4.2.2-3 0.76 MiB
core/shadow 4.1.5.1-6 3.88 MiB
core/sysfsutils 2.1.0-8 0.17 MiB
core/systemd-sysvcompat 204-3 0.03 MiB
core/tar 1.26-4 2.33 MiB
core/texinfo 5.1-1 8.62 MiB
core/usbutils 007-1 0.17 MiB
core/util-linux 2.23.1-2 8.92 MiB
core/vi 1:050325-3 0.33 MiB
core/which 2.20-6 0.06 MiB
core/xfsprogs 3.1.11-1 3.29 MiB
Total Installed Size: 427.79 MiB
:: Proceed with installation? [Y/n]
(111/111) checking keys in keyring [############################################################################] 100%
(111/111) checking package integrity [############################################################################] 100%
(111/111) loading package files [############################################################################] 100%
(111/111) checking for file conflicts [############################################################################] 100%
(111/111) checking available disk space [############################################################################] 100%
( 1/111) installing linux-api-headers [############################################################################] 100%
( 2/111) installing tzdata [############################################################################] 100%
( 3/111) installing iana-etc [############################################################################] 100%
( 4/111) installing filesystem [############################################################################] 100%
warning: directory permissions differ on /tmp/baseline/work/root-image/run/
filesystem: 1777 package: 755
( 5/111) installing glibc [############################################################################] 100%
( 6/111) installing ncurses [############################################################################] 100%
( 7/111) installing readline [############################################################################] 100%
( 8/111) installing bash [############################################################################] 100%
( 9/111) installing bzip2 [############################################################################] 100%
( 10/111) installing gcc-libs [############################################################################] 100%
( 11/111) installing db [############################################################################] 100%
( 12/111) installing zlib [############################################################################] 100%
( 13/111) installing cracklib [############################################################################] 100%
( 14/111) installing libgssglue [############################################################################] 100%
( 15/111) installing libtirpc [############################################################################] 100%
( 16/111) installing pambase [############################################################################] 100%
( 17/111) installing pam [############################################################################] 100%
( 18/111) installing attr [############################################################################] 100%
( 19/111) installing acl [############################################################################] 100%
( 20/111) installing gmp [############################################################################] 100%
( 21/111) installing libcap [############################################################################] 100%
( 22/111) installing coreutils [############################################################################] 100%
( 23/111) installing run-parts [############################################################################] 100%
( 24/111) installing cronie [############################################################################] 100%
Optional dependencies for cronie
pm-utils: defer anacron on battery power
smtp-server: send job output via email
smtp-forwarder: forward job output to email server
( 25/111) installing expat [############################################################################] 100%
( 26/111) installing dbus [############################################################################] 100%
Optional dependencies for dbus
libx11: dbus-launch support
( 27/111) installing pcre [############################################################################] 100%
( 28/111) installing libffi [############################################################################] 100%
( 29/111) installing glib2 [############################################################################] 100%
Optional dependencies for glib2
python2: for gdbus-codegen and gtester-report
elfutils: gresource inspection tool
( 30/111) installing kbd [############################################################################] 100%
( 31/111) installing kmod [############################################################################] 100%
( 32/111) installing hwids [############################################################################] 100%
( 33/111) installing libgpg-error [############################################################################] 100%
( 34/111) installing libgcrypt [############################################################################] 100%
( 35/111) installing shadow [############################################################################] 100%
( 36/111) installing util-linux [############################################################################] 100%
( 37/111) installing xz [############################################################################] 100%
( 38/111) installing systemd [############################################################################] 100%
Initializing machine ID from random generator.
ln -s '/usr/lib/systemd/system/[email protected]' '/etc/systemd/system/getty.target.wants/[email protected]'
:: Append 'init=/usr/lib/systemd/systemd' to your kernel command line in your
bootloader to replace sysvinit with systemd, or install systemd-sysvcompat
Optional dependencies for systemd
cryptsetup: required for encrypted block devices [pending]
libmicrohttpd: systemd-journal-gatewayd
quota-tools: kernel-level quota management
python: systemd library bindings
systemd-sysvcompat: symlink package to provide sysvinit binaries [pending]
( 39/111) installing device-mapper [############################################################################] 100%
( 40/111) installing popt [############################################################################] 100%
( 41/111) installing cryptsetup [############################################################################] 100%
( 42/111) installing dhcpcd [############################################################################] 100%
( 43/111) installing diffutils [############################################################################] 100%
( 44/111) installing e2fsprogs [############################################################################] 100%
( 45/111) installing file [############################################################################] 100%
( 46/111) installing findutils [############################################################################] 100%
( 47/111) installing mpfr [############################################################################] 100%
( 48/111) installing gawk [############################################################################] 100%
( 49/111) installing gettext [############################################################################] 100%
Optional dependencies for gettext
cvs: for autopoint tool
( 50/111) installing grep [############################################################################] 100%
( 51/111) installing less [############################################################################] 100%
( 52/111) installing gzip [############################################################################] 100%
( 53/111) installing gdbm [############################################################################] 100%
( 54/111) installing perl [############################################################################] 100%
( 55/111) installing openssl [############################################################################] 100%
Optional dependencies for openssl
ca-certificates [pending]
( 56/111) installing libsasl [############################################################################] 100%
( 57/111) installing libldap [############################################################################] 100%
( 58/111) installing keyutils [############################################################################] 100%
( 59/111) installing krb5 [############################################################################] 100%
( 60/111) installing heirloom-mailx [############################################################################] 100%
Optional dependencies for heirloom-mailx
smtp-forwarder: for sending mail
( 61/111) installing inetutils [############################################################################] 100%
( 62/111) installing iptables [############################################################################] 100%
( 63/111) installing iproute2 [############################################################################] 100%
Optional dependencies for iproute2
linux-atm: ATM support
( 64/111) installing sysfsutils [############################################################################] 100%
( 65/111) installing iputils [############################################################################] 100%
Optional dependencies for iputils
xinetd: for tftpd
( 66/111) installing jfsutils [############################################################################] 100%
( 67/111) installing licenses [############################################################################] 100%
( 68/111) installing linux-firmware [############################################################################] 100%
( 69/111) installing mkinitcpio-busybox [############################################################################] 100%
( 70/111) installing lzo2 [############################################################################] 100%
( 71/111) installing libarchive [############################################################################] 100%
( 72/111) installing mkinitcpio [############################################################################] 100%
Optional dependencies for mkinitcpio
xz: Use lzma or xz compression for the initramfs image [pending]
bzip2: Use bzip2 compression for the initramfs image [pending]
lzop: Use lzo compression for the initramfs image
mkinitcpio-nfs-utils: Support for root filesystem on NFS
( 73/111) installing linux [############################################################################] 100%
>>> Updating module dependencies. Please wait ...
>>> Generating initial ramdisk, using mkinitcpio. Please wait...
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
==> Starting build: 3.9.9-1-ARCH
-> Running build hook: [base]
-> Running build hook: [udev]
-> Running build hook: [autodetect]
==> ERROR: failed to detect root filesystem
-> Running build hook: [modconf]
-> Running build hook: [block]
-> Running build hook: [filesystems]
-> Running build hook: [keyboard]
-> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip initcpio image: /boot/initramfs-linux.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: 3.9.9-1-ARCH
-> Running build hook: [base]
-> Running build hook: [udev]
-> Running build hook: [modconf]
-> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: bfa
==> WARNING: Possibly missing firmware for module: aic94xx
-> Running build hook: [filesystems]
-> Running build hook: [keyboard]
-> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip initcpio image: /boot/initramfs-linux-fallback.img
==> Image generation successful
Optional dependencies for linux
crda: to set the correct wireless channels of your country
( 74/111) installing logrotate [############################################################################] 100%
Optional dependencies for logrotate
cron: scheduled log rotation
( 75/111) installing lvm2 [############################################################################] 100%
( 76/111) installing groff [############################################################################] 100%
Optional dependencies for groff
netpbm: for use together with man -H command interaction in browsers
psutils: for use together with man -H command interaction in browsers
libxaw: for gxditview
( 77/111) installing libpipeline [############################################################################] 100%
( 78/111) installing man-db [############################################################################] 100%
it's recommended to create an initial
database running as root:
"/usr/bin/mandb --quiet"
Optional dependencies for man-db
gzip [pending]
( 79/111) installing man-pages [############################################################################] 100%
( 80/111) installing mdadm [############################################################################] 100%
( 81/111) installing nano [############################################################################] 100%
( 82/111) installing openresolv [############################################################################] 100%
( 83/111) installing netctl [############################################################################] 100%
Optional dependencies for netctl
dialog: for the menu based wifi assistant
dhclient: for DHCP support (or dhcpcd)
dhcpcd: for DHCP support (or dhclient) [pending]
wpa_supplicant: for wireless networking support
ifplugd: for automatic wired connections through netctl-ifplugd
wpa_actiond: for automatic wireless connections through netctl-auto
ifenslave: for bond connections
bridge-utils: for bridge connections
ppp: for pppoe connections
( 84/111) installing sed [############################################################################] 100%
( 85/111) installing ca-certificates [############################################################################] 100%
( 86/111) installing libssh2 [############################################################################] 100%
( 87/111) installing curl [############################################################################] 100%
( 88/111) installing pth [############################################################################] 100%
( 89/111) installing libksba [############################################################################] 100%
( 90/111) installing libassuan [############################################################################] 100%
( 91/111) installing pinentry [############################################################################] 100%
Optional dependencies for pinentry
gtk2: for gtk2 backend
qt4: for qt4 backend
( 92/111) installing dirmngr [############################################################################] 100%
( 93/111) installing gnupg [############################################################################] 100%
Optional dependencies for gnupg
curl: gpg2keys_curl [pending]
libldap: gpg2keys_ldap [pending]
libusb-compat: scdaemon
( 94/111) installing gpgme [############################################################################] 100%
( 95/111) installing pacman-mirrorlist [############################################################################] 100%
( 96/111) installing archlinux-keyring [############################################################################] 100%
( 97/111) installing pacman [############################################################################] 100%
>>> Run `pacman-key --init; pacman-key --populate archlinux`
>>> to import the data required by pacman for package verification.
>>> See: https://www.archlinux.org/news/having-pacman-verify-packages
Optional dependencies for pacman
fakeroot: for makepkg usage as normal user
( 98/111) installing pciutils [############################################################################] 100%
( 99/111) installing pcmciautils [############################################################################] 100%
(100/111) installing procps-ng [############################################################################] 100%
(101/111) installing psmisc [############################################################################] 100%
(102/111) installing reiserfsprogs [############################################################################] 100%
(103/111) installing sysvinit-tools [############################################################################] 100%
(104/111) installing systemd-sysvcompat [############################################################################] 100%
(105/111) installing tar [############################################################################] 100%
(106/111) installing texinfo [############################################################################] 100%
(107/111) installing libusbx [############################################################################] 100%
(108/111) installing usbutils [############################################################################] 100%
Optional dependencies for usbutils
python2: for lsusb.py usage
coreutils: for lsusb.py usage [pending]
(109/111) installing vi [############################################################################] 100%
Optional dependencies for vi
heirloom-mailx: used by the preserve command for notification [pending]
(110/111) installing which [############################################################################] 100%
(111/111) installing xfsprogs [############################################################################] 100%
[mkarchiso] INFO: Packages installed successfully!
[mkarchiso] INFO: Installing packages to 'work/root-image/'...
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
resolving dependencies...
looking for inter-conflicts...
Packages (1):
Name New Version Net Change
core/syslinux 4.06-2 3.35 MiB
Total Installed Size: 3.35 MiB
:: Proceed with installation? [Y/n]
(1/1) checking keys in keyring [############################################################################] 100%
(1/1) checking package integrity [############################################################################] 100%
(1/1) loading package files [############################################################################] 100%
(1/1) checking for file conflicts [############################################################################] 100%
(1/1) checking available disk space [############################################################################] 100%
(1/1) installing syslinux [############################################################################] 100%
==> If you want to use syslinux as your bootloader
==> edit /boot/syslinux/syslinux.cfg and run
==> # /usr/bin/syslinux-install_update -i -a -m
==> to install it.
Optional dependencies for syslinux
perl-passwd-md5: For md5pass
perl-digest-sha1: For sha1pass
mtools: For mkdiskimage and syslinux support
gptfdisk: For GPT support
util-linux: For isohybrid [installed]
[mkarchiso] INFO: Packages installed successfully!
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: run
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Run command: mkinitcpio -c /etc/mkinitcpio-archiso.conf -k /boot/vmlinuz-linux -g /boot/archiso.img
==> Starting build: 3.9.9-1-ARCH
-> Running build hook: [base]
-> Running build hook: [udev]
-> Running build hook: [archiso]
-> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: bfa
==> WARNING: Possibly missing firmware for module: aic94xx
-> Running build hook: [filesystems]
==> Generating module dependencies
==> Creating gzip initcpio image: /boot/archiso.img
==> Image generation successful
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: prepare
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Cleaning up what we can on root-image...
[mkarchiso] INFO: Done!
[mkarchiso] INFO: Target 'work/iso/arch/x86_64/root-image.fs.sfs' does not exist, making it from 'work/root-image'
[mkarchiso] INFO: Creating ext4 image of 1025 MiB...
mke2fs 1.42.8 (20-Jun-2013)
Discarding device blocks: done
warning: 256 blocks unused.
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
65664 inodes, 262144 blocks
0 blocks (0.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=268435456
8 block groups
32768 blocks per group, 32768 fragments per group
8208 inodes per group
Superblock backups stored on blocks:
32768, 98304, 163840, 229376
Allocating group tables: done
Writing inode tables: done
Writing superblocks and filesystem accounting information: done
[mkarchiso] INFO: Done!
[mkarchiso] INFO: Mounting 'work/root-image.fs' on 'work/mnt/root-image'
[mkarchiso] INFO: Total: 1008 MiB (100%) | Used: 2 MiB (1%) | Avail: 1007 MiB (99%)
[mkarchiso] INFO: Copying 'work/root-image/' to 'work/mnt/root-image/'...
[mkarchiso] INFO: Done!
[mkarchiso] INFO: Total: 1008 MiB (100%) | Used: 552 MiB (55%) | Avail: 457 MiB (45%)
[mkarchiso] INFO: Unmounting 'work/mnt/root-image'
[mkarchiso] INFO: Creating SquashFS image for 'work/root-image.fs', This may take some time...
Parallel mksquashfs: Using 2 processors
Creating 4.0 filesystem on work/root-image.fs.sfs, block size 131072.
Exportable Squashfs 4.0 filesystem, gzip compressed, data block size 131072
compressed data, compressed metadata, compressed fragments, compressed xattrs
duplicates are removed
Filesystem size 193188.71 Kbytes (188.66 Mbytes)
18.41% of uncompressed filesystem size (1049632.29 Kbytes)
Inode table size 10918 bytes (10.66 Kbytes)
33.19% of uncompressed inode table size (32898 bytes)
Directory table size 31 bytes (0.03 Kbytes)
88.57% of uncompressed directory table size (35 bytes)
Number of duplicate files found 0
Number of inodes 2
Number of files 1
Number of fragments 0
Number of symbolic links 0
Number of device nodes 0
Number of fifo nodes 0
Number of socket nodes 0
Number of directories 1
Number of ids (unique uids + gids) 1
Number of uids 1
root (0)
Number of gids 1
root (0)
[mkarchiso] INFO: Image creation done in 01:46 minutes
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: checksum
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Target 'work/iso/arch/checksum.i686.md5' does not exist, making it from 'work/iso/arch'
[mkarchiso] INFO: Creating checksum file for self-test (i686)...
[mkarchiso] INFO: Done!
[mkarchiso] INFO: Target 'work/iso/arch/checksum.x86_64.md5' does not exist, making it from 'work/iso/arch'
[mkarchiso] INFO: Creating checksum file for self-test (x86_64)...
[mkarchiso] INFO: Done!
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: iso
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Image name: archlinux-2013.07.21-x86_64.iso
[mkarchiso] INFO: Disk label: ARCH_201307
[mkarchiso] INFO: Disk publisher: Arch Linux <http://www.archlinux.org>
[mkarchiso] INFO: Disk application: Arch Linux Live/Rescue CD
[mkarchiso] INFO: Target 'out/archlinux-2013.07.21-x86_64.iso' does not exist, making it from 'work/iso'
[mkarchiso] INFO: Creating ISO image...
xorriso 1.3.0 : RockRidge filesystem manipulator, libburnia project.
Drive current: -outdev 'stdio:out/archlinux-2013.07.21-x86_64.iso'
Media current: stdio file, overwriteable
Media status : is blank
Media summary: 0 sessions, 0 data blocks, 0 data, 4155m free
Added to ISO image: directory '/'='/tmp/baseline/work/iso'
xorriso : UPDATE : 16 files added in 1 seconds
xorriso : UPDATE : 16 files added in 1 seconds
xorriso : NOTE : Copying to System Area: 432 bytes from file '/tmp/baseline/work/iso/isolinux/isohdpfx.bin'
libisofs: NOTE : Aligned image size to cylinder size by 177 blocks
xorriso : UPDATE : 16.90% done
xorriso : UPDATE : 82.85% done
ISO image produced: 105472 sectors
Written to medium : 105472 sectors at LBA 0
Writing to 'stdio:out/archlinux-2013.07.21-x86_64.iso' completed successfully.
[mkarchiso] INFO: Done! | 206M out/archlinux-2013.07.21-x86_64.iso
Booting:
:: running early hook [udev]
:: running hook [udev]
:: Triggering uevents...
:: running hook [archiso]
:: Mounting '/dev/disk/by-label/ARCH_201307' to '/run/archiso/bootmnt'
:: Device '/dev/disk/by-label/ARCH_201307' mounted successfully.
:: Mounting /run/archiso/cowspace (tmpfs) filesystem, size=75%...
:: Mounting '/dev/loop0' to '/run/archiso/sfs/root-image'
:: Device '/dev/loop0' mounted successfully.
:: Creating '/run/archiso/cowspace/persistent_ARCH_201307/x86_64/root-image.cow' as non-persistent.
:: Mounting '/dev/mapper/arch_root-image' to '/new_root/'
:: Device '/dev/mapper/arch_root-image' mounted successfully.
:: running cleanup hook [udev]
Welcome to Arch Linux!
Expecting device dev-ttyS0.device...
[ OK ] Reached target Remote File Systems.
[ OK ] Listening on LVM2 metadata daemon socket.
[ OK ] Listening on Device-mapper event daemon FIFOs.
[ OK ] Listening on Delayed Shutdown Socket.
[ OK ] Listening on /dev/initctl Compatibility Named Pipe.
[ OK ] Listening on udev Kernel Socket.
[ OK ] Listening on udev Control Socket.
[ OK ] Reached target Paths.
[ OK ] Reached target Encrypted Volumes.
[ OK ] Set up automount Arbitrary Executable File Formats F...utomount Point.
[ OK ] Listening on Journal Socket.
Mounting POSIX Message Queue File System...
Starting Setup Virtual Console...
Starting Create static device nodes in /dev...
Mounting Huge Pages File System...
Starting Apply Kernel Variables...
Mounting Debug File System...
Mounting Configuration File System...
Starting udev Coldplug all Devices...
Starting Journal Service...
[ OK ] Started Journal Service.
[ OK ] Reached target Swap.
Mounting Temporary Directory...
Starting Remount Root and Kernel File Systems...
[ OK ] Mounted POSIX Message Queue File System.
[ OK ] Started Remount Root and Kernel File Systems.
[ OK ] Started Setup Virtual Console.
[ OK ] Started Apply Kernel Variables.
[ OK ] Mounted Huge Pages File System.
[ OK ] Mounted Debug File System.
[ OK ] Started Create static device nodes in /dev.
[ OK ] Mounted Configuration File System.
[ OK ] Mounted Temporary Directory.
Starting udev Kernel Device Manager...
Starting Load Random Seed...
[ OK ] Started Load Random Seed.
[ OK ] Started udev Kernel Device Manager.
[ OK ] Reached target Local File Systems (Pre).
[ OK ] Reached target Local File Systems.
Starting Trigger Flushing of Journal to Persistent Storage...
Starting Recreate Volatile Files and Directories...
[ OK ] Started udev Coldplug all Devices.
[ OK ] Started Recreate Volatile Files and Directories.
Starting Update UTMP about System Reboot/Shutdown...
[ OK ] Started Trigger Flushing of Journal to Persistent Storage.
[ OK ] Started Update UTMP about System Reboot/Shutdown.
[ OK ] Reached target System Initialization.
[ OK ] Reached target Timers.
[ OK ] Listening on D-Bus System Message Bus Socket.
[ OK ] Reached target Sockets.
[ OK ] Reached target Basic System.
Starting Permit User Sessions...
Starting D-Bus System Message Bus...
[ OK ] Started D-Bus System Message Bus.
Starting Login Service...
[ OK ] Started Permit User Sessions.
Starting Getty on tty1...
[ OK ] Started Getty on tty1.
[ OK ] Started Login Service.
[ OK ] Found device /dev/ttyS0.
Starting Serial Getty on ttyS0...
[ OK ] Started Serial Getty on ttyS0.
[ OK ] Reached target Login Prompts.
[ OK ] Reached target Multi-User System.
[ OK ] Reached target Graphical Interface.
Arch Linux 3.9.9-1-ARCH (ttyS0)
localhost login: -
[solved] Archiso failing
[root@logan-archlinux releng]# ./build.sh -v build single core
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
repo is up to date
warning: skipping target: glibc
warning: skipping target: linux-api-headers
warning: skipping target: tzdata
warning: skipping target: zlib
warning: skipping target: gcc-libs
warning: skipping target: udev
warning: skipping target: util-linux
warning: skipping target: filesystem
warning: skipping target: iana-etc
warning: skipping target: bash
warning: skipping target: readline
warning: skipping target: ncurses
warning: skipping target: coreutils
warning: skipping target: shadow
warning: skipping target: pam
warning: skipping target: db
warning: skipping target: cracklib
warning: skipping target: libtirpc
warning: skipping target: libgssglue
warning: skipping target: acl
warning: skipping target: attr
warning: skipping target: gmp
warning: skipping target: libcap
warning: skipping target: libusb-compat
warning: skipping target: libusb
warning: skipping target: glib2
warning: skipping target: pcre
warning: skipping target: libffi
warning: skipping target: module-init-tools
warning: skipping target: pciutils
warning: skipping target: libgcrypt
warning: skipping target: libgpg-error
warning: skipping target: expat
warning: skipping target: lib32-util-linux
Targets (213): acl-2.2.51-1 attr-2.4.46-1 autoconf-2.68-2 automake-1.11.1-3
bash-4.2.020-1 binutils-2.21.1-2 bison-2.5-3 bzip2-1.0.6-3
ca-certificates-20111025-2 cloog-0.16.3-1 coreutils-8.14-1
cracklib-2.8.18-2 crda-1.1.2-1 cronie-1.4.8-1 curl-7.23.1-2
db-5.2.36-2 dbus-core-1.4.16-1 device-mapper-2.02.88-1
dhcpcd-5.2.12-4 dialog-1.1_20111020-1 diffutils-3.2-1
dnsutils-9.8.1-2 e2fsprogs-1.41.14-2 eventlog-0.2.12-3
expat-2.0.1-7 file-5.09-1 filesystem-2011.10-1
findutils-4.4.2-4 gawk-4.0.0-2 gcc-4.6.2-1 gcc-libs-4.6.2-1
gdbm-1.10-1 glib2-2.30.2-1 glibc-2.14.1-1 gmp-5.0.2-3
gpm-1.20.6-7 grep-2.10-1 groff-1.21-2 grub-0.97-21
gzip-1.4-4 hdparm-9.37-2 iana-etc-2.30-2 idnkit-1.0-2
ifenslave-1.1.0-7 inetutils-1.8-6 initscripts-2011.11.3-1
iproute2-2.6.39-2 iptables-1.4.12.1-2 iputils-20101006-2
ipw2100-fw-1.3-6 ipw2200-fw-3.1-4 isl-0.07-1 iw-3.0-1
kbd-1.15.3-2 keyutils-1.5.2-2 krb5-1.9.2-1 libarchive-2.8.5-2
libcap-2.22-2 libfetch-2.33-3 libffi-3.0.10-1
libgcrypt-1.5.0-1 libgpg-error-1.10-1 libgssglue-0.3-1
libmpc-0.9-2 libnl-1.1-3 libpcap-1.1.1-4 libpipeline-1.2.0-2
librpcsecgss-0.19-7 libsasl-2.1.23-8 libssh2-1.3.0-1
libtirpc-0.2.2-2 libusb-1.0.8-2 libusb-compat-0.1.3-2
licenses-2.9-1 linux-3.1.4-1 linux-api-headers-3.0.1-1
linux-atm-2.5.2-1 linux-docs-3.1.4-1 linux-firmware-20111101-1
linux-headers-3.1.4-1 logrotate-3.8.1-1 lzo2-2.06-1
m4-1.4.16-2 make-3.82-4 man-db-2.6.0.2-3 man-pages-3.35-1
mdadm-3.2.2-4 mkinitcpio-0.8.0-3 mkinitcpio-busybox-1.19.2-1
mkinitcpio-nfs-utils-0.2-2 module-init-tools-3.16-2
mpfr-3.1.0.p3-1 nano-2.2.6-2 ncurses-5.9-2
net-tools-1.60.20110819cvs-3 netcfg-2.6.8-1
nilfs-utils-2.0.23-1 openssh-5.9p1-5 openssl-1.0.0.e-1
pacman-3.5.4-4 pacman-mirrorlist-20111026-1 pam-1.1.5-1
patch-2.6.1-3 pciutils-3.1.8-1 pcre-8.20-1 perl-5.14.2-4
pkg-config-0.26-2 popt-1.16-4 ppl-0.11.2-2
procinfo-ng-2.0.304-3 procps-3.2.8-4 psmisc-22.14-1
readline-6.2.002-1 rfkill-0.4-3 rpcbind-0.2.0-5
run-parts-4.0.4-1 sdparm-1.06-2 sed-4.2.1-4 shadow-4.1.4.3-2
sysfsutils-2.1.0-7 syslinux-4.04-2 syslog-ng-3.3.3-1
sysvinit-2.88-3 tar-1.26-2 texinfo-4.13a-6 tzdata-2011n-1
udev-175-1 udev-compat-175-1 usbutils-004-1
util-linux-2.20.1-1 vi-1:050325-2 wget-1.13.4-1 which-2.20-5
wireless-regdb-2011.04.28-1 wireless_tools-29-5
wpa_actiond-1.1-3 wpa_supplicant-0.7.3-4 xinetd-2.3.14-8
xz-5.0.3-1 zd1211-firmware-1.4-5 zlib-1.2.5-4
foldingathome-gpu-nvidia-6.41-1 lib32-nvidia-utils-290.10-1
lib32-libxvmc-1.0.6-3 lib32-libxv-1.0.6-1
lib32-libxext-1.2.0-1 lib32-libx11-1.4.4-1 lib32-libxcb-1.7-2
xcb-proto-1.6-2 lib32-libxdmcp-1.1.0-1 xproto-7.0.22-1
lib32-glibc-2.14.1-1 libxdmcp-1.1.0-1 lib32-libxau-1.0.6-2
libxau-1.0.6-1 libxcb-1.7-2 kbproto-1.0.5-1 libx11-1.4.4-1
xextproto-7.2.0-1 libxext-1.3.0-1 videoproto-2.3.1-1
libxv-1.0.6-1 libxvmc-1.0.6-1 lib32-zlib-1.2.5-6
lib32-gcc-libs-4.6.2-1 gcc-libs-multilib-4.6.2-1
nvidia-utils-290.10-1 xorg-server-1.11.2-2 libxfont-1.4.4-1
freetype2-2.4.8-1 libfontenc-1.1.0-1 fontsproto-2.1.1-1
libpciaccess-0.12.1-1 libdrm-2.4.27-1 pixman-0.24.0-1
xorg-server-common-1.11.2-2 xkeyboard-config-2.4.1-2
xorg-xkbcomp-1.2.3-1 libxkbfile-1.0.7-1 xorg-setxkbmap-1.2.0-2
xorg-fonts-misc-1.0.1-1 xorg-fonts-encodings-1.0.4-1
xorg-fonts-alias-1.0.2-2 xorg-font-utils-7.6-2
xorg-bdftopcf-1.0.3-1 xorg-mkfontdir-1.0.6-2
xorg-mkfontscale-1.0.9-1 xorg-font-util-1.2.0-1
fontconfig-2.8.0-1 xf86-input-evdev-2.6.0-4
opencl-nvidia-290.10-1 libcl-1.1-2 lib32-cuda-toolkit-3.0-1
lib32-nvcuda-3.0-4 wine-git-20111204-1 mesa-7.11.2-1
libxt-1.1.1-1 libsm-1.2.0-1 libice-1.0.7-1 dri2proto-2.6-1
glproto-1.4.14-1 lib32-mesa-7.11.2-1 lib32-libxt-1.1.1-1
lib32-libsm-1.2.0-1 lib32-libice-1.0.7-1
lib32-util-linux-2.19-1 libxxf86dga-1.1.2-1 xf86dgaproto-2.1-2
lib32-libxxf86dga-1.1.2-1 libxi-1.4.3-1 inputproto-2.0.2-1
lib32-libxi-1.4.1-1 desktop-file-utils-0.18-1
Total Download Size: 10.38 MB
Proceed with download? [Y/n]
:: Retrieving packages from extra...
downloading opencl-nvidia-290.10-1-x86_64.pkg.tar.xz...
downloading libcl-1.1-2-x86_64.pkg.tar.xz...
:: Retrieving packages from multilib...
downloading gcc-libs-multilib-4.6.2-1-x86_64.pkg.tar.xz...
checking package integrity...
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: create
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work/x86_64
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Pacman config file: /etc/pacman.conf
[mkarchiso] INFO: Packages: base
[mkarchiso] INFO: Installing packages to 'work/x86_64/root-image/'...
:: Synchronizing package databases...
core 101.7K 39.6K/s 00:00:03 [######################] 100%
extra 1144.7K 39.3K/s 00:00:29 [######################] 100%
community 1881.2K 39.2K/s 00:00:48 [######################] 100%
multilib 57.5K 39.9K/s 00:00:01 [######################] 100%
repo 1.5K 29.9M/s 00:00:00 [######################] 100%
:: There are 57 members in group base:
:: Repository core
1) bash 2) binutils 3) bzip2 4) coreutils 5) cronie 6) cryptsetup
7) device-mapper 8) dhcpcd 9) diffutils 10) e2fsprogs 11) file
12) filesystem 13) findutils 14) gawk 15) gcc-libs 16) gettext
17) glibc 18) grep 19) grub 20) gzip 21) heirloom-mailx 22) inetutils
23) initscripts 24) iputils 25) jfsutils 26) less 27) licenses
28) linux 29) logrotate 30) lvm2 31) man-db 32) man-pages 33) mdadm
34) nano 35) pacman 36) pciutils 37) pcmciautils 38) perl 39) ppp
40) procps 41) psmisc 42) reiserfsprogs 43) sed 44) shadow
45) sysfsutils 46) syslog-ng 47) sysvinit 48) tar 49) texinfo 50) udev
51) usbutils 52) util-linux 53) vi 54) wget 55) which
56) wpa_supplicant 57) xfsprogs
Enter a selection (default=all):
resolving dependencies...
looking for inter-conflicts...
Targets (104): linux-api-headers-3.0.1-1 tzdata-2011n-1 glibc-2.14.1-1
ncurses-5.9-2 readline-6.2.002-1 bash-4.2.020-1 zlib-1.2.5-4
binutils-2.21.1-2 bzip2-1.0.6-3 gcc-libs-4.6.2-1 db-5.2.36-2
cracklib-2.8.18-2 libgssglue-0.3-1 libtirpc-0.2.2-2
pam-1.1.5-1 attr-2.4.46-1 acl-2.2.51-1 shadow-4.1.4.3-2
gmp-5.0.2-3 libcap-2.22-2 coreutils-8.14-1 run-parts-4.0.4-1
cronie-1.4.8-1 iana-etc-2.30-2 filesystem-2011.10-1
util-linux-2.20.1-1 libusb-1.0.8-2 libusb-compat-0.1.3-2
pcre-8.20-1 libffi-3.0.10-1 glib2-2.30.2-1
module-init-tools-3.16-2 pciutils-3.1.8-1 udev-175-1
device-mapper-2.02.88-1 libgpg-error-1.10-1 libgcrypt-1.5.0-1
popt-1.16-4 cryptsetup-1.4.0-2 dhcpcd-5.2.12-4
diffutils-3.2-1 e2fsprogs-1.41.14-2 file-5.09-1
findutils-4.4.2-4 gawk-4.0.0-2 gettext-0.18.1.1-4 grep-2.10-1
sed-4.2.1-4 grub-0.97-21 gzip-1.4-4 gdbm-1.10-1
perl-5.14.2-4 openssl-1.0.0.e-1 libsasl-2.1.23-8
libfetch-2.33-3 libldap-2.4.26-5 keyutils-1.5.2-2
krb5-1.9.2-1 heirloom-mailx-12.5-3 inetutils-1.8-6
iproute2-2.6.39-2 kbd-1.15.3-2 sysvinit-2.88-3
initscripts-2011.11.3-1 sysfsutils-2.1.0-7 iputils-20101006-2
jfsutils-1.1.15-3 less-444-2 licenses-2.9-1
linux-firmware-20111101-1 mkinitcpio-busybox-1.19.2-1
xz-5.0.3-1 expat-2.0.1-7 libarchive-2.8.5-2
mkinitcpio-0.8.0-3 linux-3.1.4-1 logrotate-3.8.1-1
lvm2-2.02.88-1 texinfo-4.13a-6 groff-1.21-2
libpipeline-1.2.0-2 man-db-2.6.0.2-3 man-pages-3.35-1
mdadm-3.2.2-4 nano-2.2.6-2 pacman-mirrorlist-20111026-1
pacman-3.5.4-4 pcmciautils-018-1 libnl-1.1-3 libpcap-1.1.1-4
ppp-2.4.5-3 procps-3.2.8-4 psmisc-22.14-1
reiserfsprogs-3.6.21-4 eventlog-0.2.12-3 syslog-ng-3.3.3-1
tar-1.26-2 usbutils-004-1 vi-1:050325-2 wget-1.13.4-1
which-2.20-5 dbus-core-1.4.16-1 wpa_supplicant-0.7.3-4
xfsprogs-3.1.7-1
Total Download Size: 0.00 MB
Total Installed Size: 404.29 MB
Proceed with installation? [Y/n]
(104/104) checking package integrity [######################] 100%
( 1/104) installing linux-api-headers [######################] 100%
( 2/104) installing tzdata [######################] 100%
Optional dependencies for tzdata
bash: required by tzselect
( 3/104) installing glibc [######################] 100%
( 4/104) installing ncurses [######################] 100%
( 5/104) installing readline [######################] 100%
( 6/104) installing bash [######################] 100%
( 7/104) installing zlib [######################] 100%
( 8/104) installing binutils [######################] 100%
( 9/104) installing bzip2 [######################] 100%
( 10/104) installing gcc-libs [######################] 100%
( 11/104) installing db [######################] 100%
( 12/104) installing cracklib [######################] 100%
( 13/104) installing libgssglue [######################] 100%
( 14/104) installing libtirpc [######################] 100%
( 15/104) installing pam [######################] 100%
( 16/104) installing attr [######################] 100%
( 17/104) installing acl [######################] 100%
( 18/104) installing shadow [######################] 100%
( 19/104) installing gmp [######################] 100%
( 20/104) installing libcap [######################] 100%
( 21/104) installing coreutils [######################] 100%
( 22/104) installing run-parts [######################] 100%
( 23/104) installing cronie [######################] 100%
Optional dependencies for cronie
smtp-server: sending cron job output via email
( 24/104) installing iana-etc [######################] 100%
( 25/104) installing filesystem [######################] 100%
( 26/104) installing util-linux [######################] 100%
Optional dependencies for util-linux
perl: for chkdupexe support
( 27/104) installing libusb [######################] 100%
( 28/104) installing libusb-compat [######################] 100%
( 29/104) installing pcre [######################] 100%
( 30/104) installing libffi [######################] 100%
( 31/104) installing glib2 [######################] 100%
Optional dependencies for glib2
python2: for gdbus-codegen
( 32/104) installing module-init-tools [######################] 100%
( 33/104) installing pciutils [######################] 100%
Optional dependencies for pciutils
sh: required by update-pciids
( 34/104) installing udev [######################] 100%
( 35/104) installing device-mapper [######################] 100%
( 36/104) installing libgpg-error [######################] 100%
( 37/104) installing libgcrypt [######################] 100%
( 38/104) installing popt [######################] 100%
( 39/104) installing cryptsetup [######################] 100%
( 40/104) installing dhcpcd [######################] 100%
( 41/104) installing diffutils [######################] 100%
( 42/104) installing e2fsprogs [######################] 100%
( 43/104) installing file [######################] 100%
( 44/104) installing findutils [######################] 100%
( 45/104) installing gawk [######################] 100%
( 46/104) installing gettext [######################] 100%
Optional dependencies for gettext
cvs: for autopoint tool
( 47/104) installing grep [######################] 100%
( 48/104) installing sed [######################] 100%
( 49/104) installing grub [######################] 100%
Optional dependencies for grub
xfsprogs: freezing of xfs /boot in install-grub script
( 50/104) installing gzip [######################] 100%
( 51/104) installing gdbm [######################] 100%
( 52/104) installing perl [######################] 100%
( 53/104) installing openssl [######################] 100%
Optional dependencies for openssl
ca-certificates
( 54/104) installing libsasl [######################] 100%
( 55/104) installing libfetch [######################] 100%
( 56/104) installing libldap [######################] 100%
( 57/104) installing keyutils [######################] 100%
( 58/104) installing krb5 [######################] 100%
( 59/104) installing heirloom-mailx [######################] 100%
Optional dependencies for heirloom-mailx
smtp-forwarder: for sending mail
( 60/104) installing inetutils [######################] 100%
( 61/104) installing iproute2 [######################] 100%
Optional dependencies for iproute2
linux-atm: ATM support
( 62/104) installing kbd [######################] 100%
( 63/104) installing sysvinit [######################] 100%
( 64/104) installing initscripts [######################] 100%
Optional dependencies for initscripts
bridge-utils: Network bridging support
dhcpcd: DHCP network configuration
net-tools: legacy network support
wireless_tools: Wireless networking
( 65/104) installing sysfsutils [######################] 100%
( 66/104) installing iputils [######################] 100%
( 67/104) installing jfsutils [######################] 100%
( 68/104) installing less [######################] 100%
( 69/104) installing licenses [######################] 100%
( 70/104) installing linux-firmware [######################] 100%
( 71/104) installing mkinitcpio-busybox [######################] 100%
( 72/104) installing xz [######################] 100%
( 73/104) installing expat [######################] 100%
( 74/104) installing libarchive [######################] 100%
( 75/104) installing mkinitcpio [######################] 100%
Optional dependencies for mkinitcpio
xz: Use lzma or xz compression for the initramfs image
bzip2: Use bzip2 compression for the initramfs image
lzop: Use lzo compression for the initramfs image
mkinitcpio-nfs-utils: Support for root filesystem on NFS
( 76/104) installing linux [######################] 100%
>>> Updating module dependencies. Please wait ...
>>> Generating initial ramdisk, using mkinitcpio. Please wait...
==> Building image from preset: 'default'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux.img
==> Starting build: 3.1.4-1-ARCH
-> Parsing hook: [base]
-> Parsing hook: [udev]
-> Parsing hook: [autodetect]
-> Parsing hook: [pata]
-> Parsing hook: [scsi]
-> Parsing hook: [sata]
-> Parsing hook: [filesystems]
-> Parsing hook: [usbinput]
==> Generating module dependencies
==> Creating gzip initcpio image: /boot/initramfs-linux.img
==> Image generation successful
==> Building image from preset: 'fallback'
-> -k /boot/vmlinuz-linux -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: 3.1.4-1-ARCH
-> Parsing hook: [base]
-> Parsing hook: [udev]
-> Parsing hook: [pata]
-> Parsing hook: [scsi]
-> Parsing hook: [sata]
-> Parsing hook: [filesystems]
-> Parsing hook: [usbinput]
==> Generating module dependencies
==> Creating gzip initcpio image: /boot/initramfs-linux-fallback.img
==> Image generation successful
Optional dependencies for linux
crda: to set the correct wireless channels of your country
( 77/104) installing logrotate [######################] 100%
( 78/104) installing lvm2 [######################] 100%
( 79/104) installing texinfo [######################] 100%
( 80/104) installing groff [######################] 100%
Optional dependencies for groff
netpbm: for use together with man -H command interaction in browsers
psutils: for use together with man -H command interaction in browsers
( 81/104) installing libpipeline [######################] 100%
( 82/104) installing man-db [######################] 100%
it's recommended to create an initial
database running as root:
"/usr/bin/mandb --quiet"
Optional dependencies for man-db
less
gzip
( 83/104) installing man-pages [######################] 100%
( 84/104) installing mdadm [######################] 100%
( 85/104) installing nano [######################] 100%
( 86/104) installing pacman-mirrorlist [######################] 100%
( 87/104) installing pacman [######################] 100%
Optional dependencies for pacman
fakeroot: for makepkg usage as normal user
curl: for rankmirrors usage
( 88/104) installing pcmciautils [######################] 100%
( 89/104) installing libnl [######################] 100%
( 90/104) installing libpcap [######################] 100%
( 91/104) installing ppp [######################] 100%
( 92/104) installing procps [######################] 100%
( 93/104) installing psmisc [######################] 100%
( 94/104) installing reiserfsprogs [######################] 100%
( 95/104) installing eventlog [######################] 100%
( 96/104) installing syslog-ng [######################] 100%
Optional dependencies for syslog-ng
logrotate: for rotating log files
( 97/104) installing tar [######################] 100%
( 98/104) installing usbutils [######################] 100%
Optional dependencies for usbutils
python2: for lsusb.py usage
coreutils: for lsusb.py usage
( 99/104) installing vi [######################] 100%
Optional dependencies for vi
mailx: used by the preserve command for notification
(100/104) installing wget [######################] 100%
Optional dependencies for wget
ca-certificates: HTTPS downloads
(101/104) installing which [######################] 100%
(102/104) installing dbus-core [######################] 100%
(103/104) installing wpa_supplicant [######################] 100%
Optional dependencies for wpa_supplicant
wpa_supplicant_gui: wpa_gui program
(104/104) installing xfsprogs [######################] 100%
Generating locales...
de_DE.UTF-8... done
en_US.UTF-8... done
Generation complete.
[mkarchiso] INFO: Packages installed successfully!
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: create
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work/x86_64
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Pacman config file: /etc/pacman.conf
[mkarchiso] INFO: Packages: memtest86+ syslinux mkinitcpio-nfs-utils nbd curl
[mkarchiso] INFO: Installing packages to 'work/x86_64/root-image/'...
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
repo is up to date
resolving dependencies...
looking for inter-conflicts...
Targets (7): memtest86+-4.20-1 syslinux-4.04-2 mkinitcpio-nfs-utils-0.2-2
nbd-2.9.23-1 ca-certificates-20111025-2 libssh2-1.3.0-1
curl-7.23.1-2
Total Download Size: 0.00 MB
Total Installed Size: 7.59 MB
Proceed with installation? [Y/n]
(7/7) checking package integrity [######################] 100%
(1/7) installing memtest86+ [######################] 100%
For using memtest86+ please modifiy your bootloaders.
If /boot is on root partitions:
==> GRUB add this to /boot/grub/menu.lst
title Memtest86+ [/boot/memtest86+/memtest.bin]
kernel (hd?,?)/boot/memtest86+/memtest.bin
==> Lilo add this to lilo.conf
image = /boot/memtest86+/memtest.bin
label = "Memtest86+"
If /boot is on seperate partition then just use /memtest86+/memtest.bin
without /boot prefix.
(2/7) installing syslinux [######################] 100%
==> If you want to use syslinux as your bootloader
==> edit /boot/syslinux/syslinux.cfg and run
==> # /usr/sbin/syslinux-install_update -i -a -m
==> to install it.
Optional dependencies for syslinux
perl-passwd-md5: For md5pass
perl-digest-sha1: For sha1pass
mtools: For mkdiskimage and syslinux
(3/7) installing mkinitcpio-nfs-utils [######################] 100%
(4/7) installing nbd [######################] 100%
(5/7) installing ca-certificates [######################] 100%
(6/7) installing libssh2 [######################] 100%
(7/7) installing curl [######################] 100%
Generating locales...
de_DE.UTF-8... done
en_US.UTF-8... done
Generation complete.
[mkarchiso] INFO: Packages installed successfully!
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: create
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work/x86_64
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Pacman config file: /etc/pacman.conf
tallocentoext-gpu-nvidia Packages: aif
[mkarchiso] INFO: Installing packages to 'work/x86_64/root-image/'...
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
repo is up to date
error: target not found: aif
==> ERROR: Failed to install all packages
[root@logan-archlinux releng]#
It keeps failing on aif. I don't know why either since it's there in extra when I go looking for it.
root@logan-archlinux releng]# pacman -S aif
resolving dependencies...
looking for inter-conflicts...
Targets (2): libui-sh-2011.10.09-2 aif-2011.10.09-2
Total Download Size: 0.07 MB
Total Installed Size: 0.46 MB
Proceed with installation? [Y/n]
The same thing happens with a fresh base install in the chroot and a freesh git clone of archiso, infact that is what caused it with my older chroot that I've been working on. I updated archiso and it's been broken since.
Is this a bug?
Last edited by biltong (2011-12-05 15:15:05)[root@logan-archlinux releng]# ./build.sh -v build single core
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: create
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work/x86_64
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Pacman config file: /etc/pacman.conf
[mkarchiso] INFO: Packages: base
[mkarchiso] INFO: These packages are already installed, skipping.
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: create
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work/x86_64
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Pacman config file: /etc/pacman.conf
[mkarchiso] INFO: Packages: memtest86+ syslinux mkinitcpio-nfs-utils nbd curl
[mkarchiso] INFO: These packages are already installed, skipping.
[mkarchiso] INFO: Configuration settings
[mkarchiso] INFO: Command: create
[mkarchiso] INFO: Architecture: x86_64
[mkarchiso] INFO: Working directory: work/x86_64
[mkarchiso] INFO: Installation directory: arch
[mkarchiso] INFO: Pacman config file: /etc/pacman.conf
gaminientsome-gpu-nvidia Packages: aif
[mkarchiso] INFO: Installing packages to 'work/x86_64/root-image/'...
mount: sysfs already mounted or /tmp/releng/work/x86_64/root-image/sys busy
mount: according to mtab, sysfs is already mounted on /tmp/releng/work/x86_64/root-image/sys
mount: proc already mounted or /tmp/releng/work/x86_64/root-image/proc busy
mount: according to mtab, proc is already mounted on /tmp/releng/work/x86_64/root-image/proc
:: Synchronizing package databases...
core is up to date
extra is up to date
community is up to date
multilib is up to date
repo is up to date
error: target not found: aif
==> ERROR: Failed to install all packages
Still not working.
EDIT: Fail, I forgot to save it. >_< thanks djgera!
Last edited by biltong (2011-12-05 15:14:44) -
I have a question how can you GRE tunnel on a cisco router 800 series set for a site to site vpn ipsec + gre who can help me?
Please change highlighted line below.
R1
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key key address 84.197.161.59 <<<<<<<<< I assume, this is your R2 public address.
Please copy the highlighted line on Router R1.
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE-CRYTPO 1 ipsec-isakmp
set peer 84.197.161.59 <<<<<<<<<< Do the same, and make sure you put the R2 public address.
set transform-set ESP-AES-128-SHA
set pfs group5
match address 100
reverse-route
access-list 100 permit ip host xxx.xxx.xxx.xxx host 84.197.161.59 < x is on acl 100 is public address of the R1.
interface Tunnel0
ip address 11.11.11.1 255.255.255.252
ip ospf mtu-ignore
keepalive 3 2
tunnel source GigabitEthernet0
tunnel destination 84.197.161.59 <<<<<<<<<<<<<<<<<< this is router R2's public address.
ip mtu 1400
interface GigabitEthernet0
crypto map OUTSIDE-CRYTPO
Please change highlighted line below R2
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key key address xxx.xxx.xxx.xxx <<<<<<<<<<<<< R1 public address.
Please copy the highlighted line on R2.
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto map OUTSIDE-CRYTPO 1 ipsec-isakmp
set peer xxx.xxx.xxx.xxx <<<<<<<<<<<<<<<<< R1 public address.
set transform-set ESP-AES-128-SHA
set pfs group5
match address 100
reverse-route
access-list 100 permit ip host 84.197.161.59 host xxx.xxx.xxx.xxx << X is R1 public ip address.
interface Tunnel0
ip address 11.11.11.2 255.255.255.252
ip ospf mtu-ignore
keepalive 3 2
ip mtu 1400
tunnel source GigabitEthernet0
tunnel destination xxx.xxx.xxx.xxx <<<<<<<<<<< X is public address of the R1.
interface GigabitEthernet0
crypto map OUTSIDE-CRYTPO
Hope that helps.
thanks
Maybe you are looking for
-
How do I restore iCloud mailboxes from Time Machine without losing new mail?
This morning when I opened my laptop and checked my email, Apple Mail decided to flag every single email in my three separate Apple-related accounts ([email protected],[email protected], and [email protected])—some 14,500+ emails total. None of the emails in my comcast or
-
Full of features: Lumia Denim Update
Hey, Lumia Denim update has started rolling out to selected devices and markets, and will continue to rollout in several waves. A wider rollout of Lumia Denim to all Lumia devices running Windows Phone 8.1, is expected to begin in early January, foll
-
Duplicate y-axis labels on charts for small data values -- is this a bug?
Hi, I have several charts where the data values are small (1,2,3). The y-axis labels are duplicated for these charts. For example, if the data value was 2 the y-axis labels display as 0 1 1 1 2 2 2. I know that I can manually set the maximum y-axis v
-
Error when creating ssh keys for Oracle RAC on Solaris 10
I'm in the process of configuring 2 node oracle cluster running on Sun cluster 3.2 /solaris 10 OS. I have followed this oracle guide to when creating keys (oracle document No =B14205-01) But im having problem when executing this step bash-3.00$ scp a
-
Where can I find the path to the location where incoming mail is stored for the users ? I checked several paths I know, but I'm unsure a bit.