Audiocodes MP112 at remote site not ringing.
Hi all,
In my topology I have a lync ENT FE pool at my HQ and then a branch with a STD FE server (All same site in topology). On the branch site, I have a paging system. In order for the paging to work being dialled from lync, I'm adding the audiocodes as
an analogue extention... as per some forums out there... I tested the ability to create an analogue extension with an AudioCode MP112 in my HQ office with a DID number in the HQ range of numbers... and it works perfectly... I got an old pots analogue
phone connected to the gateway, and dialling it makes the phone ring and voice comes through fine... this is all I need for my paging system. The paging system picks up the phone and then sends the audio through the PA system.
So, I changed the IP and the phone number on the audiocodes mp112... and shipped off the gateway to my branch site.... now it doesnt work... at all.. no matter how I configure it... I just get a 3 short busy signal and a line drop... Everything
seems to be configured correctly. In my call diagnostics reports I get the below. It seems that the HQ FE Pool is sending it to the std server on the branch fine, but that's where everything breaks...
On the last leg of the transport, I get "Analog device configured on an unknown gateway"... which is weird... cause my gateway does sit in my topology fine, so it's
not unknown... migrating the functionality to the branch office I first deleted the analogue gateway via remove-csanalogdevice, removed from topology... adding to topology on new branch site subnet... ran add-csanalogdevice with new IP in topology...
Googling the error below doesn't bring up any results... it's weird that I would be the only one ever getting this error... could anyone point me in a direction?
Report time:
12/2/2013 8:28:17 AM
Response code:
503
Diagnostic ID:
12018
Request type:
INVITE
Content type:
multipart/alternative
Source:
server.domain.com
Application:
OutboundRouting
From user URI:
[email protected]
To user URI:
[email protected]
From user agent:
UCCAPI/15.0.4420.1017 OC/15.0.4420.1017 (Microsoft Lync)
Diagnostic header:
12018; reason="Analog device configured on an unknown gateway"; source="SERVER.DOMAIN.COM"; DeviceNum="+18880001101"; gwName="10.100.254.18";
appName="OutboundRouting"; OriginalPresenceState="0"; CurrentPresenceState="0"; MeInsideUser="Yes"; ConversationInitiatedBy="0"; SourceNetwork="0"; RemotePartyCanDoIM="No"
Additional diagnostic
information
Seq #
Diagnostic ID
Source
Application
Diagnostic Header
1
25008
HQFESRV.domain.com
InterClusterRouting
25008; reason="Attempting to route to Primary Pool"; source="HQFESRV.domain.com"; clusterFqdn="branchserver.domain.com"; routingType="ToRouting";
appName="InterClusterRouting"
2
13004
branchserver.domain.com
InboundRouting
13004; reason="Request was proxied to one or more registered endpoints"; source="branchserver.domain.com";
Count="1"; appName="InboundRouting"
Page 1 of 1
Diagnostic Report
Report time:
12/2/2013 8:28:17 AM
Response code:
503
Diagnostic ID:
12018
Request type:
INVITE
Content type:
multipart/alternative
Source:
branchserver.domain.com
Application:
OutboundRouting
From user URI:
[email protected]
To user URI:
[email protected]
From user agent:
UCCAPI/15.0.4420.1017 OC/15.0.4420.1017 (Microsoft Lync)
Diagnostic header:
12018; reason="Analog device configured on an unknown gateway"; source="branchserver.domain.com"; DeviceNum="+18880001101"; gwName="10.100.254.18";
appName="OutboundRouting"
\\Tjopsta// http://www.tjopsta.net
Hi,
Please make sure the values of the parameter are correct when running New-CsAnalogDevice
Gateway
LineUri
RegistrarPool
SipAddress
Kent Huang
TechNet Community Support
Similar Messages
-
AP on remote site not showing up on WLC (edit)
Hi,
The AP at remote site A retrieve IP address from the FW.
From the WLC, i able to ping the IP address of the AP at remote site.
Only that on WLC, the AP at remote site not associated with the WLC.
What could be the possible reason?hi all,
below is WLC sysinfo:
show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.5.102.0
Bootloader Version............................... 1.0.18
Field Recovery Image Version..................... 1.0.0
Firmware Version................................. PIC 16.0
Build Type....................................... DATA + WPS
System Name...................................... WLC_NittoDenko
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.9.1.1279
IP Address....................................... 10.154.101.104
Last Reset....................................... Power on reset
System Up Time................................... 4 days 3 hrs 36 mins 53 sec
System Timezone Location.........................
System Stats Realtime Interval................... 5
System Stats Normal Interval..................... 180
--More-- or (q)uit
Configured Country............................... MY - Malaysia
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +22 C
External Temperature............................. +27 C
Fan Status....................................... 3600 rpm
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 0
Burned-in MAC Address............................ 24:E9:B3:46:FC:A0
Maximum number of APs supported.................. 5
=========
for AP not yet, i need to go to remote site to -
File does not exist on remote site, yet it does
I have been trying to understand how Dreamweaver handles remote files in CS5.
My server is setup as a remote server and a test server.
I open the remote file, it offers to get dependencies, so I click yes.
I click on Live view, then it tries to show me the following url
http://my_site.com/public_html/path/to/my/file/file.php
It should not put public_html in the path, and I did not specify this in my site setup. My root setting is /.
Anyway, If I change the url manually, then it shows correctly. Then it offers to discover dunamically linked files, which I agree to.
Now it tells me that 'Dynamically-related files could not be resolved because the site definition is not correct for this server'
If I try to open one of the files that it has discovered, I am told that it is not on the disk, so would I like to 'get it', so I agree.
Finally, I am told that 'Get operation failed since linked-file.php does not exist on remote site'
I suspect that this is all to do with my site definition, but I fiddled with the settings and can't resolve this. I think that the whole problem goes back to Dreamweaver's insistance on putting public_html in the path, but I can't stop it doing so.
Any suggestions?
Thanks
ianHi,
Well, yes I did manage to fix the dynamically linked resources issue. As mentioned above, I did need to mention public_html in my Root Directory setting in server setup (silly of me).
I had tried this at first, but it didn't work, as I had the server set as a test server and not a remote server, anyway, i now have it set as both and all is well.
Except that, the first issue that mentioned is still with me: namely, dreamweaver mentions the public_html in the url path when on live view, which is not correct and I don't know where it is inferring this from. I can change it manually, but this doesn't seem right to me. Am I still missing a setting?
In anwer to the questions:
1) My setting (now) in the Root Directory setting in DW is: /public_html/
2) My actual path on the server (that i mention in php scripts) is: /home/login_name/public_html//path/to/my/file/file.php
[In the advanced settings of DW site setup on the Local Info page I have set Links relative to Document option, although it does not seem to make a difference when I change it to Site Root.]
Any suggestions appreciated.
Thanks
Ian -
Logging in to remote site, reset safari does not clear the user login info?
I'm logging in to a remote site with a 2 step login. Authentication then citrix. User info is not cleared in the authentication portion when I reset safari. Must be stored somewhere else. Where should I look?
Launch the Keychain Access application and search for the server name.
-
Hi all , I have an exchange 2010 SP 2 environment with 2 sites , the remote site FL free busy has NEVER worked and I get this error on the remote site , is this related ?
thanks
Log Name: Application
Source: System.ServiceModel 3.0.0.0
Date: :
Event ID: 3
Task Category: WebHost
Level: Error
Keywords: Classic
User: SYSTEM
Computer: FL-CAS1.WOMBAT.LOCAL
free bust works from WITHIN the remote (FL ) site , but NEVER to the main (WASH) site , it has Never worked ,I am thing that this error is related
thanks I have no idea how to fix
Description:
WebHost failed to process a request.
Sender Information: System.ServiceModel.ServiceHostingEnvironment+HostingManager/17256489
Exception: System.ServiceModel.ServiceActivationException:
The service '/EWS/exchange.asmx' cannot be activated due to an exception during compilation. The exception message is: Could not find a base address that matches scheme http for the endpoint with binding CustomBinding. Registered base address schemes
are [https].. ---> System.InvalidOperationException:
Could not find a base address that matches scheme http for the endpoint with binding
++++Hi
This issue could be with corruption in Autodiscover and web services virtual directory
Replace Web.config file for Autodiscover and web services virtual directory from the other working site
Delete and Recreate Autodiscover and web services virtual directory
Do this only on the affected site
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com Thanks Sathish
(MVP) -
Login wizard - CF9 server - "Coldfusion not is not running on the remote site" - YES it is!
I use Dreamweaver to upkeep sites for several friends and clients. When I use the login wizzard on a server with CF8, it works fine. If I use it on a server with CF9, I can't get past the *Coldfusion not is not running on the remote site* error. Yes it is running. I've tried connecting using FTP, RDS, directly over the network - you name it. Same error.
Any suggestions?
Thanks
RickHi Rick
If you are trying to RDS log in to a remote server the host may have disabled this service... Most do, and should. Allowing remote RDS is a potential security risk. Check with your host to see if this is the case. If it is, it is always better to duplicate your host environment locally, that is be running CF9, and the database, be that MySQL, SQL Server, Access, or whatever locally and do all you development and testing there, then just upload the files when ready.
Hope this helps.
Lawrence Cramer - *Adobe Community Professional*
http://www.Cartweaver.com
Shopping Cart for Adobe Dreamweaver
available in PHP, ColdFusion, and ASP
Stay updated - http://blog.cartweaver.com -
Links not changed on REMOTE site
I posted a message similar to this one, but for some reason I
can't get to my message and reply.
I created a site and upon finishing the webpages I 'put' the
files to 'remote' site.
Not a single link has changed to the remote URL.
It shows all 'local' links and naturally it don't work. I
have no idea what I missed but doing it several times and even
re-creating everything ... same results. This is such a simple
automatic thing with any cheap editor, but DW it's a MAJOR problem
and so complicated that it takes more time to upload then create
the whole site.
Please send me a message if possible, because I am not able
to see my own message at Adobe for some reason.
thanks :)DW doesn't change links when it uploads. If the links are
broken locally,
the will be broken when you upload. Conversely, if they are
broken when you
upload, that means that they are broken locally too. To see
that they are
broken locally you will need to look at the code - an
absolute file:/// link
*will* appear to work locally, but it is still broken.
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com
- Template Triage!
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
http://www.macromedia.com/support/search/
- Macromedia (MM) Technotes
==================
"webkruzer1" <[email protected]> wrote in
message
news:f4esj0$oq7$[email protected]..
>I posted a message similar to this one, but for some
reason I can't get to
>my
> message and reply.
>
> I created a site and upon finishing the webpages I 'put'
the files to
> 'remote'
> site.
> Not a single link has changed to the remote URL.
> It shows all 'local' links and naturally it don't work.
I have no idea
> what I
> missed but doing it several times and even re-creating
everything ... same
> results. This is such a simple automatic thing with any
cheap editor, but
> DW
> it's a MAJOR problem and so complicated that it takes
more time to upload
> then
> create the whole site.
> Please send me a message if possible, because I am not
able to see my own
> message at Adobe for some reason.
> thanks :)
> -
Remote Site Password Not Saved
Dreamweaver 8.0.2 does not save the username and password to
my remote site even though I have checked the box to do so. Once I
set the username and P/W, it remembers for that session only, but
fogets it when I restart the application.
Any fixes?Check the Adobe TechNotes (Knowledgebase) for one about I E 7
and DW.
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.dreamweavermx-templates.com
- Template Triage!
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
http://www.macromedia.com/support/search/
- Macromedia (MM) Technotes
==================
"hurricane51" <[email protected]> wrote in
message
news:ek90v0$k2t$[email protected]..
> Dreamweaver 8.0.2 does not save the username and
password to my remote
> site
> even though I have checked the box to do so. Once I set
the username and
> P/W,
> it remembers for that session only, but fogets it when I
restart the
> application.
>
> Any fixes?
> -
Remote site Passwords not saving
Well, after finding a topic that was very similar, I
downloaded the update to 8.0.2 and installed it. But my problem
still persists. Every time I close DW, and then re-open it, the
remote site passwords are lost again.
NOTE: after installing the DW8 update, the software doe not
indicate anywhere that is is upgraded. "About" still says version
8.0
All help will be greatly appreciated.If the program doesn't say 8.0.2, then it didn't update. Did
you run the
installer or just download the file?
Nancy Gill
Adobe Community Expert
Author: Dreamweaver 8 e-book for the DMX Zone
Co-Author: Dreamweaver MX: Instant Troubleshooter (August,
2003)
Technical Editor: DMX 2004: The Complete Reference, DMX 2004:
A Beginner''s
Guide, Mastering Macromedia Contribute
Technical Reviewer: Dynamic Dreamweaver MX/DMX: Advanced PHP
Web Development
"KE6IRJ" <[email protected]> wrote in
message
news:ep6jp4$k36$[email protected]..
> Well, after finding a topic that was very similar, I
downloaded the update
> to
> 8.0.2 and installed it. But my problem still persists.
Every time I
> close DW,
> and then re-open it, the remote site passwords are lost
again.
>
> NOTE: after installing the DW8 update, the software doe
not indicate
> anywhere
> that is is upgraded. "About" still says version 8.0
>
> All help will be greatly appreciated.
> -
GWTDOMAIN Service request not forwarded to remote site gwerrno(402019)
Hi
my tuxedo sometime take errors as followed:
084405.guzqz2!GWTDOMAIN.11056: LIBGW_CAT:1029: ERROR: Service request not forwarded to remote site:"TPESVCERR - server error while handling request" gwerrno*(402019)*
084521.guzqz2!GWTDOMAIN.11056: LIBGW_CAT:1029: ERROR: Service request not forwarded to remote site:"TPESVCERR - server error while handling request" gwerrno(402019)
OS: SCO Open Server506
tuxedo version: 6.5
patchlev: 455
it will come OK each time 10-20 minutes after it take such errors.
I checked the pq and IPCs . there seems to be no blocked process or queqes .
have anybody solved problem like this?
Please help. Thanks a lot
=======================================
pq
Prog Name Queue Name # Serve WkQueued # Queued Ave. Len Machine
C00000 00001.00015 1 0 0 0.0 SITE1
BBL 140000 1 0 0 0.0 SITE1
DMADM 00001.00010 1 0 0 0.0 SITE1
WSL 00001.00005 1 0 0 0.0 SITE1
GWTDOMAIN gwgrp 1 0 0 0.0 SITE1
C00000 00001.00011 1 0 0 0.0 SITE1
B31296 00003.00060 1 0 0 0.0 SITE1
GWADM 00001.00020 1 0 0 0.0 SITE1
================================
IPCS
ipcs -a
IPC status from /dev/kmem as of Thu Sep 25 09:03:30 2008
T ID KEY MODE OWNER GROUP CREATOR CGROUP CBYTES QNUM QBYTES LSPID LRPID STIME RTIME CTIME
Message Queues:
q 16141 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:32
q 27406 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:32
q 21263 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:32
q 22288 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:32
q 4881 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 11055 11054 23:11:32 23:11:32 23:11:32
q 8466 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 11054 11055 23:11:32 23:11:32 23:11:32
q 22291 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 11065 11056 9:01:36 9:01:36 23:11:32
q 13588 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 11056 11059 9:01:33 9:01:33 23:11:32
q 277 0x00000000 rw-rw-- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:32
q 24854 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 11059 11062 10:53:01 10:53:01 23:11:32
q 18711 0x00000000 rw-rw-- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:32
q 24856 0x00000000 rw-rw-- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:32
q 29465 0x00000000 rw-rw-- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:32
q 11546 0x00000000 rw-rw-- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:32
q 29467 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 11059 11063 9:01:26 9:01:26 23:11:33
q 15132 0x00000000 rw-rw-- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:33
q 15133 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 11057 11064 16:04:23 16:04:23 23:11:33
q 6942 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 11059 11065 9:01:33 9:01:33 23:11:33
q 29471 0x00000000 rw-rw-- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:33
q 11040 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:33
q 29473 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:33
q 15138 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 11059 11068 11:09:39 11:09:39 23:11:33
q 15651 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:34
q 7460 0x00000000 -Rrw-rw---- rmtsrv informix rmtsrv informix 0 0 32768 0 0 no-entry no-entry 23:11:34
T ID KEY MODE OWNER GROUP CREATOR CGROUP NATTCH SEGSZ CPID LPID ATIME DTIME CTIME
Shared Memory:
m 0 0x000018e5 --rw-rw-rw- root sys root sys 2 23228 547 549 11:44:34 no-entry 11:44:34
m 12307 0x0002c309 rw-rw-- rmtsrv informix rmtsrv informix 23 791012 11049 11150 8:59:50 8:59:56 23:11:30
m 12308 0x00000000 rw----- rmtsrv informix rmtsrv informix 4 1568 11050 11053 23:11:32 no-entry 23:11:32
m 12309 0x00000000 rw----- rmtsrv informix rmtsrv informix 2 69967 11055 11056 23:11:32 no-entry 23:11:32
T ID KEY MODE OWNER GROUP CREATOR CGROUP NSEMS OTIME CTIME
Semaphores:
s 26009 0x0002c309 ra-ra-- rmtsrv informix rmtsrv informix 3 9:03:21 23:11:30
s 26010 0x00000000 ra-ra-- rmtsrv informix rmtsrv informix 243 no-entry 23:11:30
s 26011 0x00000000 ra-ra-- rmtsrv informix rmtsrv informix 243 no-entry 23:11:30
s 13012 0x00000000 ra-ra-- rmtsrv informix rmtsrv informix 243 no-entry 23:11:30
s 26013 0x00000000 ra-ra-- rmtsrv informix rmtsrv informix 243 no-entry 23:11:30
s 26014 0x00000000 ra-ra-- rmtsrv informix rmtsrv informix 28 7:55:00 23:11:32
Edited by: user7335851 on 2008-9-25 上午2:19There's a similar case to that in which the solution was to upgrade the patchlev of Tuxedo software. The latest RP for Tuxedo 6.5 resolve some issues related to GWTDOMAIN process.
501. CR266129 Tuxedo 6.5 RP496: LIBGW_CAT:1029 Service request not forwarded - TPELIMIT (S-34477)
517. CR342496 Tx 6.5 [propagation] pq in tmadmin report too large number for GWTDOMAIN, not match ipcs results (S-42376)
Many things related to domains have been fixed.
I hope that solves your problem.
Regards. -
Image not visible on remote site
HI,
I have a set of pages made with templates . There is a
problem however : certain images don't appear on the remote site
and are replaced by red crosses.
I send an example : when clicking on the image , a wider
version should appear but instead there's a little red cross . It
works fine on my preview browser. Do you know how to solve this ?
Thanks .
This is a link to the file, try to cclick on the image :
http://perso.wanadoo.fr/brunierbrunojulier/IllustrationsFrame-02monument1.htmlYou are linking to your template which you have uploaded (?):
<a href="Templates/IllustrationsFrame-02girlWaving.dwt"
class="navigation2">WavingGirl</a></td>
Jo
"bejim" <[email protected]> wrote in message
news:e389mc$1p5$[email protected]..
> HI,
> I have a set of pages made with templates . There is a
problem however :
> certain images don't appear on the remote site and are
replaced by red
> crosses.
> I send an example : when clicking on the image , a wider
version should
> appear
> but instead there's a little red cross . It works fine
on my preview
> browser.
> Do you know how to solve this ? Thanks .
> This is a link to the file, try to cclick on the image :
>
http://perso.wanadoo.fr/brunierbrunojulier/IllustrationsFrame-02monument1.html
>
> -
How to restore a remote site after a crash?
I have read the site management FAQ and it mentions to restore your files you can go to your remote site and load back to your local site.
Could anyone offer some help to my situation?
I suffered a hard drive failure, I'm running windows xp, dwcs4 and the site is hosted. I have reinstalled windows and dw. The site was created as per all the tutorials and I managed to save a copy of the site folder but not as per the saving instructions in the FAQ. I just have a root folder with all the pages in.
Could someone point me to a tutorial or how to?
Thanks in advance
Jim"I managed to save a copy of the site folder but not as per the saving instructions in the FAQ. I just have a root folder with all the pages in."
You lost me here. Not sure what you mean.
Create a new site definition for local and remote sites, connect to your remote site then click Get. That's all you need to do. -
VPN Clients cannot access remote site
Hey there,
I am pretty new in configuring Cisco devices and now I need some help.
I have 2 site here:
site A
Cisco 891
external IP: 195.xxx.yyy.zzz
VPN Gateway for Remote users
local IP: VLAN10 10.133.10.0 /23
site B
Cisco 891
external IP: 62.xxx.yyy.zzz
local IP VLAN10 10.133.34.0 /23
Those two sites are linked together with a Site-to-Site VPN. Accessing files or ressources from one site to the other is working fine while connected to the local LAN.
I configured VPN connection with Radius auth. VPN clients can connect to Site A, get an IP adress from VPN Pool (172.16.100.2-100) and can access files and servers on site A. But for some reason they cannot access ressources on site B. I already added the site B network to the ACL and when connecting with VPN it shows secured routes to 10.133.10.0 and 10.133.34.0 in the statistics. Same thing for other VPN Tunnels to ERP system.
What is missing here to make it possible to reach remote sites when connected through VPN? I had a look at the logs but could not find anything important.
Here is the config of site A
Building configuration...
Current configuration : 24257 bytes
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Englerstrasse
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
aaa new-model
aaa group server radius Radius-AD
server 10.133.10.5 auth-port 1812 acct-port 1813
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_2 group Radius-AD local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
clock timezone Berlin 1 0
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
crypto pki trustpoint TP-self-signed-27361994
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-27361994
revocation-check none
rsakeypair TP-self-signed-27361994
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki certificate chain TP-self-signed-27361994
certificate self-signed 01
30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373336 31393934 301E170D 31323038 32373038 30343238
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323733 36313939
3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B709
64CE1874 BF812A9F 0B761522 892373B9 10F0BB52 6263DCDB F9877AA3 7BD34E53
BCFDA45C 2A991777 4DDC7E6B 1FCEE36C B6E35679 C4A18771 9C0F871F 38310234
2D89A4FF 37B616D8 362B3103 A8A319F2 10A72DC7 490A04AC 7955DF68 32EF9615
9E1A3B31 2A1AB243 B3ED3E35 F4AAD029 CDB1F941 5E794300 5C5EF8AE 5C890203
010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
18301680 14D0F5E7 D3A9311D 1675AA8F 38F064FC 4D04465E F5301D06 03551D0E
04160414 D0F5E7D3 A9311D16 75AA8F38 F064FC4D 04465EF5 300D0609 2A864886
F70D0101 05050003 818100AB 2CD4363A E5ADBFB0 943A38CB AC820801 117B52CC
20216093 79D1F777 2B3C0062 4301CF73 094B9CA5 805F585E 04CF3301 9B839DEB
14A334A2 F5A5316F C65EEF21 0B0DF3B5 F4322440 F28B984B E769876D 6EF94895
C3D5048A A4E2A180 12DF6652 176942F8 58187D7B D37B1F1A 4DDD7AE9 5189F9AF
AF3EF676 26AD3F31 D368F5
quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
no ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip inspect log drop-pkt
ip inspect name CCP_MEDIUM appfw CCP_MEDIUM
ip inspect name CCP_MEDIUM ftp
ip inspect name CCP_MEDIUM h323
ip inspect name CCP_MEDIUM sip
ip inspect name CCP_MEDIUM https
ip inspect name CCP_MEDIUM icmp
ip inspect name CCP_MEDIUM netshow
ip inspect name CCP_MEDIUM rcmd
ip inspect name CCP_MEDIUM realaudio
ip inspect name CCP_MEDIUM rtsp
ip inspect name CCP_MEDIUM sqlnet
ip inspect name CCP_MEDIUM streamworks
ip inspect name CCP_MEDIUM tftp
ip inspect name CCP_MEDIUM udp
ip inspect name CCP_MEDIUM vdolive
ip inspect name CCP_MEDIUM imap reset
ip inspect name CCP_MEDIUM smtp
ip cef
no ipv6 cef
appfw policy-name CCP_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
parameter-map type inspect global
log dropped-packets enable
multilink bundle-name authenticated
redundancy
ip tcp synwait-time 10
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Voice-1
match dscp ef
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any CCP-Management-1
match dscp cs2
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
policy-map sdm-qos-test-123
class class-default
policy-map sdmappfwp2p_CCP_MEDIUM
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
policy-map CCP-QoS-Policy-1
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
class CCP-Voice-1
priority percent 33
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
crypto ctcp port 10000
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key REMOVED address 62.20.xxx.yyy
crypto isakmp key REMOVED address 195.243.xxx.yyy
crypto isakmp key REMOVED address 195.243.xxx.yyy
crypto isakmp key REMOVED address 83.140.xxx.yyy
crypto isakmp client configuration group VPN_local
key REMOVED
dns 10.133.10.5 10.133.10.7
wins 10.133.10.7
domain domain.de
pool SDM_POOL_2
acl 115
crypto isakmp profile ciscocp-ike-profile-1
match identity group VPN_local
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA11 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA1 esp-des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA11
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to62.20.xxx.xxx
set peer 62.20.xxx.xxx
set transform-set ESP-3DES-SHA
match address 105
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel to195.243.xxx.xxx
set peer 195.243.xxx.xxx
set transform-set ESP-3DES-SHA4
match address 107
crypto map SDM_CMAP_1 3 ipsec-isakmp
description Tunnel to83.140.xxx.xxx
set peer 83.140.xxx.xxx
set transform-set ESP-DES-SHA1
match address 118
interface Loopback2
ip address 192.168.10.1 255.255.254.0
interface Null0
no ip unreachables
interface FastEthernet0
switchport mode trunk
no ip address
spanning-tree portfast
interface FastEthernet1
no ip address
spanning-tree portfast
interface FastEthernet2
no ip address
spanning-tree portfast
interface FastEthernet3
no ip address
spanning-tree portfast
interface FastEthernet4
description Internal LAN
switchport access vlan 10
switchport trunk native vlan 10
no ip address
spanning-tree portfast
interface FastEthernet5
no ip address
spanning-tree portfast
interface FastEthernet6
no ip address
spanning-tree portfast
interface FastEthernet7
no ip address
spanning-tree portfast
interface FastEthernet8
description $FW_OUTSIDE$$ETH-WAN$
ip address 62.153.xxx.xxx 255.255.255.248
ip access-group 113 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect CCP_MEDIUM out
no ip virtual-reassembly in
ip verify unicast reverse-path
duplex auto
speed auto
crypto map SDM_CMAP_1
service-policy input sdmappfwp2p_CCP_MEDIUM
service-policy output CCP-QoS-Policy-1
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet8
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
interface Vlan1
no ip address
interface Vlan10
description $FW_INSIDE$
ip address 10.133.10.1 255.255.254.0
ip access-group 112 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
ip local pool SDM_POOL_1 192.168.10.101 192.168.10.200
ip local pool VPN_Pool 192.168.20.2 192.168.20.100
ip local pool SDM_POOL_2 172.16.100.2 172.16.100.100
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip forward-protocol nd
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 62.153.xxx.xxx
ip access-list extended VPN1
remark VPN_Haberstrasse
remark CCP_ACL Category=4
permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
ip radius source-interface Vlan10
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 195.243.xxx.xxx
access-list 23 permit 10.133.10.0 0.0.1.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.133.10.0 0.0.1.255 any
access-list 101 remark CCP_ACL Category=16
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
access-list 102 remark auto generated by CCP firewall configuration
access-list 102 remark CCP_ACL Category=1
access-list 102 deny ip 10.10.10.0 0.0.0.7 any
access-list 102 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 102 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 102 permit icmp any host 62.153.xxx.xxx unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 103 remark auto generated by CCP firewall configuration
access-list 103 remark CCP_ACL Category=1
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit udp any host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp any host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp any host 62.153.xxx.xxx
access-list 103 permit ahp any host 62.153.xxx.xxx
access-list 103 permit udp host 194.25.0.60 eq domain any
access-list 103 permit udp host 194.25.0.68 eq domain any
access-list 103 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
access-list 103 deny ip 10.10.10.0 0.0.0.7 any
access-list 103 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 103 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 103 permit icmp any host 62.153.xxx.xxx unreachable
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
access-list 104 remark CCP_ACL Category=4
access-list 104 permit ip 10.133.10.0 0.0.1.255 any
access-list 105 remark CCP_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
access-list 106 permit ip 10.10.10.0 0.0.0.7 any
access-list 106 permit ip 10.133.10.0 0.0.1.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 108 remark Auto generated by SDM Management Access feature
access-list 108 remark CCP_ACL Category=1
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq telnet
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 22
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq www
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 443
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq cmd
access-list 108 deny tcp any host 10.133.10.1 eq telnet
access-list 108 deny tcp any host 10.133.10.1 eq 22
access-list 108 deny tcp any host 10.133.10.1 eq www
access-list 108 deny tcp any host 10.133.10.1 eq 443
access-list 108 deny tcp any host 10.133.10.1 eq cmd
access-list 108 deny udp any host 10.133.10.1 eq snmp
access-list 108 permit ip any any
access-list 109 remark CCP_ACL Category=1
access-list 109 permit ip 10.133.10.0 0.0.1.255 any
access-list 109 permit ip 10.10.10.0 0.0.0.7 any
access-list 109 permit ip 192.168.10.0 0.0.1.255 any
access-list 110 remark CCP_ACL Category=1
access-list 110 permit ip host 195.243.xxx.xxx any
access-list 110 permit ip host 84.44.xxx.xxx any
access-list 110 permit ip 10.133.10.0 0.0.1.255 any
access-list 110 permit ip 10.10.10.0 0.0.0.7 any
access-list 110 permit ip 192.168.10.0 0.0.1.255 any
access-list 111 remark CCP_ACL Category=4
access-list 111 permit ip 10.133.10.0 0.0.1.255 any
access-list 112 remark CCP_ACL Category=1
access-list 112 permit udp host 10.133.10.5 eq 1812 any
access-list 112 permit udp host 10.133.10.5 eq 1813 any
access-list 112 permit udp any host 10.133.10.1 eq non500-isakmp
access-list 112 permit udp any host 10.133.10.1 eq isakmp
access-list 112 permit esp any host 10.133.10.1
access-list 112 permit ahp any host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1645 host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1646 host 10.133.10.1
access-list 112 remark auto generated by CCP firewall configuration
access-list 112 permit udp host 10.133.10.5 eq 1812 host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1813 host 10.133.10.1
access-list 112 permit udp host 10.133.10.7 eq domain any
access-list 112 permit udp host 10.133.10.5 eq domain any
access-list 112 deny ip 62.153.xxx.xxx 0.0.0.7 any
access-list 112 deny ip 10.10.10.0 0.0.0.7 any
access-list 112 deny ip host 255.255.255.255 any
access-list 112 deny ip 127.0.0.0 0.255.255.255 any
access-list 112 permit ip any any
access-list 113 remark CCP_ACL Category=1
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.60.16.0 0.0.0.255 192.168.10.0 0.0.1.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.60.16.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq non500-isakmp
access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq isakmp
access-list 113 permit esp host 83.140.100.4 host 62.153.xxx.xxx
access-list 113 permit ahp host 83.140.100.4 host 62.153.xxx.xxx
access-list 113 permit ip host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit ip host 84.44.xxx.xxx host 62.153.xxx.xxx
access-list 113 remark auto generated by CCP firewall configuration
access-list 113 permit udp host 194.25.0.60 eq domain any
access-list 113 permit udp host 194.25.0.68 eq domain any
access-list 113 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
access-list 113 permit udp host 194.25.0.60 eq domain host 62.153.xxx.xxx
access-list 113 permit udp any host 62.153.xxx.xxx eq non500-isakmp
access-list 113 permit udp any host 62.153.xxx.xxx eq isakmp
access-list 113 permit esp any host 62.153.xxx.xxx
access-list 113 permit ahp any host 62.153.xxx.xxx
access-list 113 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 113 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 113 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 113 remark Pop3
access-list 113 permit tcp host 82.127.xxx.xxx eq 8080 host 62.153.xxx.xxx
access-list 113 remark Pop3
access-list 113 permit tcp any eq pop3 host 62.153.xxx.xxx
access-list 113 remark SMTP
access-list 113 permit tcp any eq 465 host 62.153.xxx.xxx
access-list 113 remark IMAP
access-list 113 permit tcp any eq 587 host 62.153.xxx.xxx
access-list 113 deny ip 10.133.10.0 0.0.1.255 any
access-list 113 deny ip 10.10.10.0 0.0.0.7 any
access-list 113 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 113 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 113 permit icmp any host 62.153.xxx.xxx unreachable
access-list 113 deny ip 10.0.0.0 0.255.255.255 any
access-list 113 deny ip 172.16.0.0 0.15.255.255 any
access-list 113 deny ip 192.168.0.0 0.0.255.255 any
access-list 113 deny ip 127.0.0.0 0.255.255.255 any
access-list 113 deny ip host 255.255.255.255 any
access-list 113 deny ip host 0.0.0.0 any
access-list 113 deny ip any any log
access-list 114 remark auto generated by CCP firewall configuration
access-list 114 remark CCP_ACL Category=1
access-list 114 deny ip 10.133.10.0 0.0.1.255 any
access-list 114 deny ip 10.10.10.0 0.0.0.7 any
access-list 114 permit icmp any any echo-reply
access-list 114 permit icmp any any time-exceeded
access-list 114 permit icmp any any unreachable
access-list 114 deny ip 10.0.0.0 0.255.255.255 any
access-list 114 deny ip 172.16.0.0 0.15.255.255 any
access-list 114 deny ip 192.168.0.0 0.0.255.255 any
access-list 114 deny ip 127.0.0.0 0.255.255.255 any
access-list 114 deny ip host 255.255.255.255 any
access-list 114 deny ip host 0.0.0.0 any
access-list 114 deny ip any any log
access-list 115 remark VPN_Sub
access-list 115 remark CCP_ACL Category=5
access-list 115 permit ip 10.133.10.0 0.0.1.255 172.16.0.0 0.0.255.255
access-list 115 permit ip 10.133.34.0 0.0.1.255 172.16.0.0 0.0.255.255
access-list 115 permit ip 10.133.20.0 0.0.0.255 any
access-list 116 remark CCP_ACL Category=4
access-list 116 remark IPSec Rule
access-list 116 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 117 remark CCP_ACL Category=4
access-list 117 remark IPSec Rule
access-list 117 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 118 remark CCP_ACL Category=4
access-list 118 remark IPSec Rule
access-list 118 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 106
control-plane
mgcp profile default
line con 0
transport output telnet
line 1
modem InOut
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
session-timeout 45
access-class 110 in
transport input telnet ssh
line vty 5 15
access-class 109 in
transport input telnet ssh
scheduler interval 500
endThe crypto ACL for the site to site vpn should also include the vpn client pool, otherwise, traffic from the vpn client does not match the interesting traffic for the site to site vpn.
On Site A:
should include "access-list 107 permit ip 172.16.100.0 0.0.0.255 10.133.34.0 0.0.1.255"
You should also remove the following line as the pool is incorrect:
access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
On Site B:
should include: permit ip 10.133.34.0 0.0.1.255 172.16.100.0 0.0.0.255"
NAT exemption on site B should also be configured with deny on the above ACL. -
Cisco ASA 5505 IPSec tunnel won't establish until remote site attempts to connect
I have a site to site IPSec tunnel setup and operational but periodically the remote site goes down, because of a somewhat reliable internet connection. The only way to get the tunnel to re-establish is to go to the remote site and simply issue a ping from a workstation on the remote network. We were having this same issue with a Cisco PIX 506E but decided to upgrade the hardware and see if that resolve the issue. It ran for well over a year and our assumtions was that the issue was resolved. I was looking in the direction of the security-association lifetime but if we power cycle the unit, I would expect that it would kill the SA but even after power cycling, the VPN does not come up automatically.
Any assistance would be appreciated.
ASA Version 8.2(1)
hostname KRPS-FW
domain-name lottonline.org
enable password uniQue
passwd uniQue
names
interface Vlan1
nameif inside
security-level 100
ip address 10.20.30.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
description Inside Network on VLAN1
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
description Inside Network on VLAN1
ftp mode passive
dns server-group DefaultDNS
domain-name lottonline.org
access-list NONAT extended permit ip 10.20.30.0 255.255.255.0 10.20.20.0 255.255.255.0
access-list NONAT extended permit ip 10.20.30.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list NONAT extended permit ip 10.20.30.0 255.255.255.0 192.168.15.0 255.255.255.0
access-list KWPS-BITP extended permit ip 10.20.30.0 255.255.255.0 10.20.20.0 255.255.255.0
access-list KWPS-BITP extended permit ip 10.20.30.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list KWPS-BITP extended permit ip 10.20.30.0 255.255.255.0 192.168.15.0 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0
access-group OUTSIDE_ACCESS_IN in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.20.30.0 255.255.255.0 inside
http 10.20.20.0 255.255.255.0 inside
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DYNMAP 65535 set transform-set ESP-AES-256-SHA
crypto map VPNMAP 1 match address KWPS-BITP
crypto map VPNMAP 1 set peer xxx.xxx.xxx.001
crypto map VPNMAP 1 set transform-set ESP-AES-256-SHA
crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNMAP
crypto map VPNMAP interface outside
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
ssh timeout 5
console timeout 0
management-access inside
tunnel-group xxx.xxx.xxx.001 type ipsec-l2l
tunnel-group xxx.xxx.xxx.001 ipsec-attributes
pre-shared-key somekeyHi there,
I had same issue with PIX 506E and it was not even a circuit issue and I got ride of it and problem got fixed with PIX515E
I don't know, the device is too old to stay alive.
thanks -
One WLC for Headquarter and Remote Site
Hi
I have a question about the WLC remote deployment.
We have the following design at the moment:
Headquarter
- Network 192.168.49.0 /24
- WLC 4402 Version 4.2.61.0
-- 3 x LAP1252
-- Layer 3 LWAPP
-- SSID wep
-- SSID wpa
- Windows PDC with Active Directory, DHCP Server and local Data Storage
- ACS Version 3.2 for TACACS and RADIUS authentication --> External DB to Active Directory
Remote Site
- Network 192.168.50.0 /24
- 2 x LAP1252
-- SSID wep
-- SSID wpa
- Windows PDC with Active Directory, DHCP Server and local Data Storage
- ACS Version 3.2 for TACACS and RADIUS authentication --> External DB to Active Directory
Connection between Headquarter and Remote Site
- 2 Mbit ADSL
The problem is, that the wireless clients on the remote site get an ip address out of the headquarter DHCP Range 192.168.49.0 /24. The users on the remote site
most of the time only use the local data server in the remote office. With the actual design the hole traffic is switched over the 2 Mbit ADSL connection the the
WLC in the headquarter and back to the remote site. That works but it is not that performant.
The problem could be solved with HREAP, but what I think is, that it is not possible to have the same SSID at headquarter and remote site with different VLANs.
How can I achieve, that the clients on the remote site connect to the same SSID (wep or wpa), get an ip address from the remote site DHCP server (192.168.50.0)
and the traffic is switched localy.
I hope you understand what the problem is.
Thanks in advance for your help!Yes, putting the remote AP's in HREAP mode will allow the same WLANs to be available on the AP's but the traffic would be locally switched at the AP instead of being tunneled back to the controller. After you put the AP in HREAP mode you then would configure which VLAN you want traffic for each WLAN to be dumped onto for that AP.
Maybe you are looking for
-
List of PO's created with reference to WBS element
Dear Experts, I am looking for all the PO's that are created with reference to a WBS element, Can you please suggest a T-code? Thanks & Regards, Manish
-
How to use read text for VF03 for a particular header text ID...
Hello Experts, How do we read the text from a given text ID? in my speccs, it says that I need to get the text from a given text ID for invoices(VF03). Thank you guys and take care!
-
How do I stop pdf viewer from printing 4 pages per page?
When I print a file off pdf viewer in firefox, my printout comes out 4 pages per page, even though I check advanced settings and verify that it is set to 1 page per page. I do not know where else I can look to correct this problem.
-
ShutdownHook and connection pooling
I have 10 different java processes running concurrently. Each of them access the DB and do the database operation through common DB java class that implements JDBC. Now i have added a shutdown hook in each of the 10 processes for graceful shutdown. A
-
802.1x - fallback to unauthorized network access
Hello Is there possible to uncheck box "fallback to unauthorized network access" for 802.1x via GPO? Cheers, Kriss