Cat6509 - partial config loss
Hi,
I have two 6509's at the core of my network (MSFC's and Supervisor module's)
After an unexpected power cut the second core failed to boot up, I gave the unit another power cycle and the unit booted up. The router module booted ok.
However, when connecting into the second core (switching), most of the configuration had disappeared, i.e. hostname, motd, password, stp etc. basic module and vlan configuration was still in place.
I've looked extensively at the unit and can't see why it has lost part of its config, any idea's??????
Thanks
Brett
I think it's the nature of the beast . Every once in a great while we have seen this happen too with any of the catos boxes , haven't seen it on a IOS . It's pretty rare but it does happen. Think it happens if you happen to lose power and when the power comes on again and it has started to boot you lose power again is when it gets screwed up (speculation) . The only thing you can do is config net the config off your tftpboot server and continue on .
Similar Messages
-
Help with partial image loss from Viewer to Canvas
Hi--I'm brand new to FCP and would really appreciate any help with my problem. I'm creating 2 second video clips composed of four still images (15 frames...or 500ms each) laid back to back, then rendered. Very simple, I know. The individual images are tiff files that look great in the FCP Viewer. But in the Canvas, part of the image is missing. Specifically, in the center of each image there should be a + sign, about 1cm square. This + should remain constant thoughout the short movie, while the items around it vary (from image to image). (This is a psychology experiment, and the center + is a fixation cross.) The problem is that in the Viewer the + sign is intact, but in the Canvas (and the resulting rendered video), only the vertical bar of the + is present! This is true for every individual tiff, and for the resulting movie. The items around the fixation cross are fine. My question is WHY on earth does the central horizontal bar get "lost" between the Viewer and the Canvas? I've read the manuals, but obviously I've got something set wrong. Also, there is a considerable overall reduction in quality between the viewer and canvas, even though I'm trying my best to maximize video quality. Everything looks a bit blurry. Truly, all ideas are welcome. Sorry if it's obvious. Thanks.
G5 Mac OS X (10.4.3)steve, i'm viewing on my 23" cinema screen. i read up on quality and know that this is a no-no; that i should only judge quality when viewing on an ntsc monitor or good tv. the problem is that i'll ultimately be displaying these videos on my Dell LCD, so i've got to maximize what i've got. thanks to the discussion boards i have a short list of things to try now. thanks!
-heather -
Mighty Mouse: Frequent partial connection loss
It doesn't lose the movement sensor, only the button and finger touch scroll thingy.
It has happened several times and the only way to get it back is to switch the mouse off and on again.
Anyone else experiencing this problem?BUMP
-
while applying ACS 5.3 Config on Cisco Switches , due to partial config the username and password is not working ....
kindly guide how to recover the password ; even after reboot also we are not able to get access to device and ACS login also not workingI assume you have a username/password setup on the router,if so make the ACS inaccessible then by default you use the username on the router. If no username setup on router then will have to use the console connection
-
Variant Config on different document type
My situation is users are allowed to enter partial config in QT, but have to enter all config in OR.
For example, there are 10 characteristics for a material. In QT, users are optional to enter (say 5 out of 10). However, in OR, all 10 Characteristics must be entered. How can I achieve this?
If I set the characteristic as "required", it must be entered in both QT and OR. Can I do it according to different SD document type?
Thank you so much!Hi
You can set different MRP doc.type: purchase requisitions for standard purchase order / purchase requisition for subcontracting / purchase requisition for subcontracting at MRP group level
Using transaction OPPR u2013 Select plant u2013 Select/create MRP group under External procurement screen click on Scheduling/doc type.
And make sure that in material master u2013MRP1 view you are maintaining this MRP grp.
with regards,
VB -
I have a couple of questions about peer configuration.
The peers do not have to match end to end on VPN config?
I am looking at a scenario that has the main site configured to peer to the remote site's backup wireless router. The wireless router is facing the Internet, so the Main site has it's peer set to a Public Internet address.
The remote site is configured with a default route to the Wireless router, if the main mpls connection drops, all traffic is sent to the wireless router, then to the Internet.
The remote site route has a loopback interface 172.16.0.9.
A partial config is shown below, my questions are concnering the:
crypto isakmp key xxxx address 172.16.0.9
Why is this here if it is the loopback address of the router that owns this loopback?
crypto map PEFCU_Crypt local-address Loopback0
What is this line doing?
Thanks
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key xxxx address 172.16.0.1
crypto isakmp key xxxx address 172.16.0.9
crypto ipsec transform-set 1234 esp-3des esp-md5-hmac
crypto map PEFCU_Crypt local-address Loopback0
crypto map PEFCU_Crypt 10 ipsec-isakmp
set peer 172.16.0.1
set transform-set 1234
match address 10
qos pre-classifyWe cannot conclude with the information provided. Can you post the complete configuration with the topology diagram? this will help to understand the problem better.
-
I have a WLC (4402) running version 5.2.193.0. The WLC used to have both interfaces connected to a single switch (LAG was enabled) with etherchannel on the switch end. It was changed such that each port on the WLC is connected to a different switch (for protection against switch failure). After I made the configuration changes, I tested by disconnecting port 1 of the WLC from the network. I had a wireless client performing a continuous ping on the network. When I disconnected the cable from port 1, the ping continued uninterrupted (which is what I expected). When I looked at the WLC, the APs had switched over to port 2. However, when I plugged the cable back into port 1, the wireless client could no longer access the network and was unable to access the network again until after I did a manual repair on the wireless adapter. I did not expect that. Any thoughts on why this happened?
For reference, I've attached a partial config output from the WLC (with any identifying info stripped out).Well for one... the subnet mask for the management and ap-managers are different:) MAnagement and ap-managet vlan should be set to '0' and the trunk port should be set to switchport mode trunk native vlan 133. Best practice to put an ip address on the service port also, but make sure it is not routable in your network. Still reviewing the config?
-
Oracle EPM 11.1.2 issue with system-jazn-data.xml & HIT entries
Have been working on configuring Oracle EPM 11.1.2 and have one final issue from the diagnostic utility that I cannot figure out. Configuration sequence is as follows and each step is installed in its own database:
Step 1 - Foundation/Shared Services/Calc Mgr/EPMA/Essbase to a single relational DB. I am not configuring the web server until the final step.
Step 2 - Hyperion Performance Scorecard
Step 3 - Planning
Step 4 - Profitability
Step 5 - RA and configure web server.
I have used both SQL Server Express 2008 and Oracle DB 11g and get the same result.
When I complete the install, restart all of the services, and run the diagnostic utility, I get a failure with foundation services indicating that the file "system-jazn-data.xml" cannot be found. No real help is provided with the error message and have found no help in the docs or on the web. I have searched the disk and the file seems to be in the proper place per the docs. I have done partial configs and do not get the error. I have then compared the system-jazn-data.xml file from the successful config to the system-jazn-data.xml file from the failed config they are identical. Both files seem to be bloated with tens of thousands of lines, most of them blank.
I had reached a point where I thought the issue was related to Performance Scorecard and removed that step. I am now getting the error again.
Anyone seeing this issue? Is it just a bogus message in the diagnostic report and can be ignored? Any other thoughts?
Thanks
EPMCloudUpdate - After going through the install many more times, I still do not know what the issue is, but I believe I have figured out how to resolve it. It appears that if you go back (after everything is installed and configured) and reconfigure the application server for Foundation services, the issue is corrected.
I am running some final test now and if I discover something different, I will update the post.
EPMCloud -
Equipment ABC indicator mapping
Hi PM Gurus
Need some help I need to fill up three fields in technical object master data which is existing.
1. Technical object type u2013 ( like rotating , fabricated , instruments etc..)
2. Catalog profile u2013 ( sub classification based on identified object type like pump in a rotating object type)
3. ABC indicator u2013 ( should be identified based on established parameters like frequency of failure and repair cost)
For 1&2. Technical object type - i had used the EQUI - long text field and if any match found like pump then it was identified as rotating equipment and pump catalog profile fileds are filled up . (Any best practices for mapping similar to this approach)
Any best practices / Mapping of fields to obtain the frequency of failure (like <1 year, 1-3 year , 3-10 year) & Repair cost of technical object ( based on this ranking of ABC indicator is to be carried out)
ThanksHI
A, B, C indicators are used to classify technical objects according certain criteria such as importance from production point of view say A- denoting those objects failure of which causes production loss & critical to the process & multiple implications in process
B - causes partial production loss
C-causes no production loss (have standby)
This indicator has to be assigned to technical object prior to transactions & you will get the failure analysis once you do transactions over a period of time. After wards you will come to know about the failure frequency & it will not follow any pattern. Hence failure to be analysed based on object class/object type/damage/cause/object part & also location & manufacturer etc.
Shakti -
Calls making short 'blip' and disconnecting
Hello everyone,
I'm having a strange issue and was wondering where I should start my troubleshooting. (We're using CallManager Express)
My receptionist tells me that during the week, randomly and intermittently, when someone calls the main phone line, the phone makes a short 'blip' sound and shows up as a missed call.
The night service setting was a suspicion but that's configured correctly everyday from 5pm to 8am the next day.
Has anyone seen this happen and could help me?
Thanks,
AliVery informative, thanks Fred.
The
network-clock-participate wic 1
was already configured on the router, but I added
network-clock-select 1 t1 0/1/0
and it set the line as primary clock source. Before that it was
sh network-clocks
Network Clock Configuration
Priority Clock Source Clock State Clock Type
10 Backplane GOOD PLL
Current Primary Clock Source
Priority Clock Source Clock State Clock Type
10 Backplane GOOD PLL
and now it's
sh network-clocks
Network Clock Configuration
Priority Clock Source Clock State Clock Type
1 T1 0/1/0 GOOD T1
10 Backplane GOOD PLL
Current Primary Clock Source
Priority Clock Source Clock State Clock Type
1 T1 0/1/0 GOOD T1
I tried adding network-clock-participate aim as well but it said the slot doesn't support or is empty so forget that...
Do you think this would alleviate the problem?
Here's a partial config of the router:
memory-size iomem 10
clock timezone PST -8
clock summer-time MST recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
network-clock-participate wic 1
network-clock-select 1 T1 0/1/0
no ip source-route
ip tcp synwait-time 10
voice-card 0
no dspfarm
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
h323
sip
registrar server expires max 3600 min 3600
voice class codec 1
codec preference 1 g711ulaw
voice translation-rule 1
rule 1 /6779/ /5001/
rule 2 /6779/ /2001/
rule 3 /0419/ /2098/
rule 4 /0418/ /7777/
voice translation-rule 2
voice translation-rule 9
rule 1 /^911$/ /911/
rule 2 /^9\(.*\)/ /\1/
voice translation-profile IncomingMain
translate called 1
controller T1 0/1/0
mode ccs frame-forwarding
framing esf
linecode b8zs
channel-group 1 timeslots 13-24
ds0-group 0 timeslots 1-10 type e&m-wink-start dtmf dnis
translation-rule 1
Rule 1 6779 5001
Rule 2 6775 2099
Rule 3 #### 2001
Rule 4 0418 7777
Rule 5 0417 2010
voice-port 0/0/0
voice-port 0/0/1
voice-port 0/1/0:0
translate calling 1
translate called 1
voice-port 0/3/0
auto-cut-through
operation 4-wire
signal immediate
voice-port 0/3/1
operation 4-wire
Thanks again,
Ali -
Outlook does not send meeting requests at all.
Hi all
My problem is both annoyingly simple and frustratingly annoying, but so far i haven't been able to solve it, nor has our IT department.
In short, my Outlook doesn't send meeting requests to invite attendees. (My colleagues, same exchange server) I am the only one having this problem. When i send out a meeting request, it appears double in my calendar (asking me to accept) but nothing shows
up in my sent items, nor in their calendar. If i delete the event, this is sent out; new ones and updates are not.
To my knowledge, I use the standard IPM.Appointment form, but have used another standard form in the past (which was removed.)
A new profile doesn't help, nor does uninstalling / reinstalling Outlook 2007. I installed Outlook 2010 - same phenomenon.
It has worked all the time, but stopped working about 10 months ago, no apparent cause.
I should add that I can send out meeting requests through Exchange from my iPad and iPhone, just not from my computer. (and no, they are not related - the time i got iPad and iPhone everything worked)
OS is Windows 7 Professional 64 bits, MS Office 2010, various applications installed but none related to calendar useage / sync / ...
I am local admin, this is my work PC so no 'dubious' SW installed, nor authorised.
According to the server guys, there is nothing exceptional like the forms attached to my account - they claim it's something local, but also have no clue what it might be. Even Mr. Google or Ms. Bing do not provide an answer, so i'm hoping someone here might
outsmart everyone else and come up with a solution.
(ps - i'm quite sure it isn't "stupid user error" either, I'm an IT specialist/consultant/developer - but this one baffles me and everyone looking for it...)
Added info - on my PC, when logging in with a different account but connecting to my own exchange account, it works.
Replacing forms related info from the user/appdata folder of the functional user towards the non-functional user account didn't work. (even though the information was different)
No difference in the registry as i can see.
Tried to add ForceFormReload to the registry - no use.
I activated logging, also nothing in there.
I also receive no error whatsoever, it really is like Outlook simply isn't configured to send out meeting requests anymore...
Also, no errors in the event viewer in case you were wondering.
When working offline, it is clear that the meeting requests simply do not enter the 'outbox'. (cancellations do)
Assuming it might be a corrupt DLL somewhere, i scheduled a Chkdsk C: /F/R this evening. A long shot, yes, but grasping at straws here...
Thanks in advance for your help,
Kind regards,
Dennissolved - completely uninstalled, reboot
removed all keys in HKEY_CURRENT_USER\Software\Microsoft\Office\14.0 (the entire folder)
removed all outlook related registry keys in HKEY_CURRENT_USER\Software\Microsoft\Office\11.0 and 12.0, also in 8.0 and 9.0
removed HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook completely
rebooted
installed Office Pro2010 again, and now it works.
so in short - there was a messed-up registry key somewhere in there, that was missed by installing it, or even completely reinstalling it.
FYI - all my settings remained the same, no info or config loss except the colour profile i used...
Grtz,
Dennis -
CSS - Load balancing to Microsoft 2008 Sharepoint Application
We are tring to load balance using the CSS 11503 to two Servers running Microsoft Sharepoint 2008. Everything is working fine as far as load balancing is cocerned. But what we want is if the Microsoft Sharepoint 2008 Application is down one one server then we do not want any request for this application to be sent to this server. What sort of keepalive should we be using, because TCP port 80 is still up and responds when the Microsoft Sharepoint 2008 Application is down on this server.
I do not know much about how Microsoft Sharepoint 2008 Application interfaces / interacts with IIS and port 80, etc.
Any suggestions?Partial Config:
===============
service FRED30
ip address x.x.x..100
protocol tcp
port 80
redundant-index 3
keepalive port 80
keepalive type http
active
service FRED31
ip address x.x.x.101
protocol tcp
port 80
redundant-index 4
keepalive port 80
keepalive type http
active
When we do the above where we have
"keepalive type http"
and then do a show keepalive we get the State as DOWN - why? But if we take out the keepalive type http command from the above services then we don't see the state as DOWN.
But even when it says DOWN we can still connect to port 80 without problem.
CSS# sh keepalive AUTO_FRED30
Name: AUTO_FRED30 Index: 7 State: Down
Description: Auto generated for service for FRED30
Address: x.x.x.100 Port: 80
Type: HTTP:HEAD:/
Keepalive Error: General failure
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
FRED30
sh keepalive FRED31
Name: AUTO_FRED31 Index: 9 State: Down
Description: Auto generated for service FRED31
Addresess: x.x.x.101 Port: 80
Type: HTTP:HEAD:/
Keepalive Error: General failure
Frequency: 5
Max Failures: 3
Retry Frequency: 5
Dependent Services:
FRED31 -
Hello,
We have a CSS 11503 with the following partial config
==================
service 10.10.10.221-1724
ip address 10.10.10.1
keepalive type tcp
port 1724
keepalive port 1724
active
service 10.10.10.222-1724
ip address 10.10.10.1
keepalive type tcp
keepalive port 1724
port 1724
string string1
active
content 10.10.10.1-80-website
vip address 10.10.10.1
no persistent
advanced-balance arrowpoint-cookie
add service 10.10.10.221-1724
add service 10.10.10.222-1724
port 80
protocol tcp
url "/*"
active
============================
There is connectivity from CSS to both IP's, 10.10.10.221 and 10.10.10.222. Problem we face is as following:
A client can hit web site on both servers by going to http://10.10.10.221:1724 and http://10.10.10.222:1724.
With service started on 10.10.10.221 and 10.10.10.222, a client PC can hit website by using http://10.10.10.1.
With step 2 above, connection count increasing on "service 10.10.10.221-1724" service.
There is no activty on "service 10.10.10.222-1724"
When we stop services on 10.10.10.221, client can no longer access web site using http://10.10.10.1. In this situation, connection counter on "service 10.10.10.222-1724" increases with each attempt to access web site but the page on client machine times out.
With service stopped on 10.10.10.221, client can access web site using server IP, http://10.10.10.222:1724
Restarting service on 10.10.10.221 makes access to website usig http://10.10.10.1, load balancer IP.
When capturing packets using wireshark, we see that the client machine sends re-transmission on "HTTP Get" and evantually times out.
With behavior above, it is clear that the server at 10.10.10.222 is active. What we cannot understand is why web site is inaccessible thru load balancer using http://10.10.10.1.
Please help.
Thanks,
Paresh.Hi Paresh,
To troubleshoot this, I would recommend doing a traffic capture on the server vlan to see what is really happening with the connection.
One thing worth checking would be comparing the routing configured on both servers. If the traffic back from the server towards the client is not going through the CSS, the connection would fail, with the exact symptoms you are describing.
Regards
Daniel -
Cisco AnyConnect Configuration
Can someone assist me with configuring Cisco AnyConnect VPN? For some reason with the config below, I seem to get connected but then my internet connection randomly drops and reconnects. Ive tried several different times to get this to work properly but Im obivously missing something here. Any help is appreciated.
ASA Version 8.2(2)
hostname FW01
enable password .MlTybcgwEXNF1HM encrypted
passwd .MlTybcgwEXNF1HM encrypted
names
dns-guard
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan2
description ### Link to Internet ###
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan3
description ### Link to GUEST WIFI ###
nameif guest
security-level 50
ip address 172.16.10.1 255.255.255.0
interface Vlan4
description ### Link to INSIDE LAN ###
nameif inside
security-level 100
ip address 172.16.1.1 255.255.255.0
interface Vlan5
description ### Link to INSIDE WIFI ###
nameif insidewifi
security-level 50
ip address 172.16.2.1 255.255.255.0
interface Ethernet0/0
description ### Link to Internet ###
switchport access vlan 2
interface Ethernet0/1
description ### Link to GUEST WIFI ###
switchport access vlan 3
interface Ethernet0/2
description ### Link to INSIDE LAN ###
switchport access vlan 4
interface Ethernet0/3
description ### Link to INSIDE WIFI ###
switchport access vlan 5
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
banner exec
banner exec ******* ENGLISH *** ATTENTION *** ENGLISH *** ATTENTION *** ENGLISH **********
banner exec *
banner exec * This system is for the use of authorized users only.
banner exec * Individuals using this system are subject to having all of their
banner exec * activities on this system monitored and recorded by system
banner exec * personnel.
banner exec *
banner exec * Anyone using this system expressly consents to such monitoring
banner exec * and is advised that if such monitoring reveals possible
banner exec * evidence of criminal activity, system personnel may provide the
banner exec * evidence of such monitoring to law enforcement officials.
banner exec *
banner exec ******* ENGLISH *** ATTENTION *** ENGLISH *** ATTENTION *** ENGLISH **********
banner exec
banner exec
banner exec Name:.......FW01
banner exec Address:....172.16.1.1
banner exec Location:...CST -5
ftp mode passive
clock timezone CST -5
same-security-traffic permit inter-interface
access-list inside extended permit ip any any
access-list outside extended permit ip any any
access-list guest extended permit udp any host 172.16.1.102 eq domain
access-list guest extended permit udp any host 172.16.1.103 eq domain
access-list guest extended permit udp any any range bootps tftp
access-list guest extended deny ip any 172.16.1.0 255.255.255.0 log
access-list guest extended deny ip any 172.16.2.0 255.255.255.0 log
access-list guest extended permit ip any any
access-list insidewifi extended permit ip any any
access-list Outside_In extended permit tcp any any eq 3389
pager lines 50
logging enable
logging list TEST level alerts
logging buffered debugging
logging asdm informational
logging mail TEST
logging from-address [email protected]
logging recipient-address ************* level errors
mtu outside 1500
mtu guest 1500
mtu inside 1500
mtu insidewifi 1500
ip local pool SSLClientPool 172.16.9.1-172.16.9.2 mask 255.255.255.0
ip audit name FW01-INFO info action alarm
ip audit name FW01-ATTACK attack action alarm reset
ip audit interface outside FW01-INFO
ip audit interface outside FW01-ATTACK
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 2005 disable
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply outside
icmp permit any guest
icmp permit any inside
icmp permit any insidewifi
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (guest) 1 172.16.10.0 255.255.255.0
nat (inside) 1 172.16.1.0 255.255.255.0
nat (insidewifi) 1 172.16.2.0 255.255.255.0
static (inside,outside) tcp interface 3389 172.16.1.200 3389 netmask 255.255.255.255
static (inside,guest) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
static (inside,insidewifi) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
access-group Outside_In in interface outside
access-group guest in interface guest
access-group inside in interface inside
access-group insidewifi in interface insidewifi
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 172.16.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
fragment chain 1 outside
sysopt noproxyarp outside
service resetoutside
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn sslvpn.moore.net
subject-name CN=sslvpn.moore.net
keypair sslvpnkeypair
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 956e1350
308201ef 30820158 a0030201 02020495 6e135030 0d06092a 864886f7 0d010105
0500303c 31193017 06035504 03131073 736c7670 6e2e6d6f 6f72652e 6e657431
1f301d06 092a8648 86f70d01 09021610 73736c76 706e2e6d 6f6f7265 2e6e6574
301e170d 31323037 32383034 34363133 5a170d32 32303732 36303434 3631335a
303c3119 30170603 55040313 1073736c 76706e2e 6d6f6f72 652e6e65 74311f30
1d06092a 864886f7 0d010902 16107373 6c76706e 2e6d6f6f 72652e6e 65743081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100c8 167e2c3d
04c16a6c b6639fda c60f085a 8ea6a2ea 6e0bcafb acb3ec8e 3c659274 37636c34
0df9e770 17fb97f6 c2b8641e ff3675f3 3d906e01 a7056bb0 9c0bf54c 3475729e
74caf157 068464d3 e235c46f a8525867 c3911d9c 760253d0 c7bbb7c8 84f91f92
858866c6 e0c1033d 6cfba6f0 b732158f 3d2d7ef5 9bbb0821 4d093f02 03010001
300d0609 2a864886 f70d0101 05050003 81810062 65e2455a cb4e87ea 7879099d
06ed1c5e 7eab180a 4d7564be c36810eb fe6a5bb9 94348ded 1336d811 d0949342
2718400c 8cc32395 23e7d722 3e2758a9 a2116a38 07500bd5 5b96f3c2 1d7c5769
dc5b876b 858cb447 355aa323 abbaf45d bed3814d a04f503a 21cddb47 aaecd5aa
1c82f701 22969424 f6845937 a21568a1 ecaa0e
quit
telnet timeout 5
ssh 172.16.1.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
management-access inside
dhcpd dns 172.16.1.102
dhcpd ping_timeout 750
dhcprelay server 172.16.1.102 inside
dhcprelay enable guest
dhcprelay enable insidewifi
dhcprelay setroute guest
dhcprelay setroute insidewifi
dhcprelay timeout 60
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 172.16.0.0 255.255.0.0
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 211.233.40.78
ntp server 61.153.197.226
ntp server 202.150.213.154 prefer
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
svc image disk0:/anyconnect-dart-win-2.5.6005-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy SSLClientPolicy internal
group-policy SSLClientPolicy attributes
dns-server value 172.16.1.102 172.16.1.103
vpn-tunnel-protocol svc
default-domain value moore.net
address-pools value SSLClientPool
username gmoore_a password PNUmTwjDhevRqhkT encrypted privilege 15
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
default-group-policy SSLClientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
smtp-server 68.1.17.8
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:847a9a2b25e6a8ea2d4b68d17cdd41d2
: end
no asdm history enableJavier,
Thanks for the explaination. I have one more question, maybe I should open a seperate discussion. If so please let me know...
After I got the Anyconnect VPN configuraiton working I tried to configure LDAP configuration. Now when I try to connect I get and error stating
"Login denied. Your environment does not meet the access criteria defined by your administrator."
Then at the bottom of the AnyConnect client I see
"Access Denied: Your system does not meet policy requirement (DAP)
Looking at the DAP configuration I cant see what the policy is not accepting. The partial config is below
ASA Version 8.2(2)
same-security-traffic permit inter-interface
access-list inside extended permit ip any any
access-list outside extended permit ip any any
access-list guest extended permit udp any host 172.16.1.102 eq domain
access-list guest extended permit udp any host 172.16.1.103 eq domain
access-list guest extended permit udp any any range bootps tftp
access-list guest extended deny ip any 172.16.1.0 255.255.255.0 log
access-list guest extended deny ip any 172.16.2.0 255.255.255.0 log
access-list guest extended permit ip any any
access-list insidewifi extended permit ip any any
access-list Outside_In extended permit tcp any any eq 3389
access-list SSLClientProfile_SPLIT standard permit 172.16.1.0 255.255.255.0
access-list SSLClientProfile_SPLIT standard permit 172.16.2.0 255.255.255.0
access-list nonat_inside extended permit ip 172.16.1.0 255.255.255.0 172.16.9.0 255.255.255.0
access-list nonat_insidewifi extended permit ip 172.16.2.0 255.255.255.0 172.16.9.0 255.255.255.0
pager lines 50
logging enable
logging list TEST level alerts
logging buffered debugging
logging asdm informational
logging mail TEST
logging from-address [email protected]
logging recipient-address [email protected] level errors
mtu outside 1500
mtu guest 1500
mtu inside 1500
mtu insidewifi 1500
ip local pool SSLClientPool 172.16.9.1-172.16.9.2 mask 255.255.255.0
ip audit name FW01-INFO info action alarm
ip audit name FW01-ATTACK attack action alarm reset
ip audit interface outside FW01-INFO
ip audit interface outside FW01-ATTACK
ip audit signature 2000 disable
ip audit signature 2001 disable
ip audit signature 2004 disable
ip audit signature 2005 disable
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any echo-reply outside
icmp permit any guest
icmp permit any inside
icmp permit any insidewifi
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (guest) 1 172.16.10.0 255.255.255.0
nat (inside) 0 access-list nonat_inside
nat (inside) 1 172.16.1.0 255.255.255.0
nat (insidewifi) 0 access-list nonat_insidewifi
nat (insidewifi) 1 172.16.2.0 255.255.255.0
static (inside,outside) tcp interface 3389 172.16.1.200 3389 netmask 255.255.255.255
static (inside,guest) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
static (inside,insidewifi) 172.16.1.0 172.16.1.0 netmask 255.255.255.0
access-group Outside_In in interface outside
access-group guest in interface guest
access-group inside in interface inside
access-group insidewifi in interface insidewifi
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record SSLVPNPolicy
description "SSL VPN Policy (AD Login)"
dynamic-access-policy-record DfltAccessPolicy
action terminate
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 172.16.1.102
server-port 389
ldap-base-dn DC=MOORE,DC=NET
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=LDAP Service Account,OU=ServiceAccounts,OU=MooreNetwork,DC=moore,DC=net
server-type microsoft
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 172.16.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
fragment chain 1 outside
sysopt noproxyarp outside
service resetoutside
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
fqdn sslvpn.moore.net
subject-name CN=sslvpn.moore.net
keypair sslvpnkeypair
crl configure
crypto ca certificate chain ASDM_TrustPoint0
certificate 956e1350
308201ef 30820158 a0030201 02020495 6e135030 0d06092a 864886f7 0d010105
0500303c 31193017 06035504 03131073 736c7670 6e2e6d6f 6f72652e 6e657431
1f301d06 092a8648 86f70d01 09021610 73736c76 706e2e6d 6f6f7265 2e6e6574
301e170d 31323037 32383034 34363133 5a170d32 32303732 36303434 3631335a
303c3119 30170603 55040313 1073736c 76706e2e 6d6f6f72 652e6e65 74311f30
1d06092a 864886f7 0d010902 16107373 6c76706e 2e6d6f6f 72652e6e 65743081
9f300d06 092a8648 86f70d01 01010500 03818d00 30818902 818100c8 167e2c3d
04c16a6c b6639fda c60f085a 8ea6a2ea 6e0bcafb acb3ec8e 3c659274 37636c34
0df9e770 17fb97f6 c2b8641e ff3675f3 3d906e01 a7056bb0 9c0bf54c 3475729e
74caf157 068464d3 e235c46f a8525867 c3911d9c 760253d0 c7bbb7c8 84f91f92
858866c6 e0c1033d 6cfba6f0 b732158f 3d2d7ef5 9bbb0821 4d093f02 03010001
300d0609 2a864886 f70d0101 05050003 81810062 65e2455a cb4e87ea 7879099d
06ed1c5e 7eab180a 4d7564be c36810eb fe6a5bb9 94348ded 1336d811 d0949342
2718400c 8cc32395 23e7d722 3e2758a9 a2116a38 07500bd5 5b96f3c2 1d7c5769
dc5b876b 858cb447 355aa323 abbaf45d bed3814d a04f503a 21cddb47 aaecd5aa
1c82f701 22969424 f6845937 a21568a1 ecaa0e
quit
telnet timeout 5
ssh 172.16.1.0 255.255.255.0 inside
ssh timeout 20
console timeout 0
management-access inside
dhcpd dns 172.16.1.102
dhcpd ping_timeout 750
dhcprelay server 172.16.1.102 inside
dhcprelay enable guest
dhcprelay enable insidewifi
dhcprelay setroute guest
dhcprelay setroute insidewifi
dhcprelay timeout 60
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 172.16.0.0 255.255.0.0
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 211.233.40.78
ntp server 61.153.197.226
ntp server 202.150.213.154 prefer
ssl trust-point ASDM_TrustPoint0 outside
webvpn
enable outside
svc image disk0:/anyconnect-dart-win-2.5.6005-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy SSLClientPolicy internal
group-policy SSLClientPolicy attributes
dns-server value 172.16.1.102 172.16.1.103
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SSLClientProfile_SPLIT
default-domain value moore.net
address-pools value SSLClientPool
username gmoore_a password PNUmTwjDhevRqhkT encrypted privilege 15
tunnel-group SSLClientProfile type remote-access
tunnel-group SSLClientProfile general-attributes
authentication-server-group LDAP LOCAL
default-group-policy SSLClientPolicy
tunnel-group SSLClientProfile webvpn-attributes
group-alias SSLVPNClient enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
smtp-server 68.1.17.8
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:db7d3afda8f35ce1733b3fcd3f5f468d
: end
no asdm history enable -
Custom cptone questions...
I'm trying to define and use a custom cptone. But no matter what I do I can't seem to get it to take effect.
For testing I'm basically trying to set every possible tone to the equivalent of a dial tone.
As far as naming the custom cptone when I'm in the voice port itself it only allows me to use the predefined names including Custom1 and Custom2. So I tried to create those below but I don't think it is actually using them.
What am I doing wrong? A partial config is below. This is a 2600xm IOS 12.4(7)
Thanks in advance.
Shawn
voice class custom-cptone Custom1
dualtone busy
frequency 350 440
dualtone ringback
frequency 350 440
dualtone reorder
frequency 350 440
dualtone out-of-service
frequency 350 440
dualtone number-unobtainable
frequency 350 440
dualtone disconnect
frequency 350 440
voice class custom-cptone C1
dualtone busy
frequency 350 440
dualtone ringback
frequency 350 440
dualtone reorder
frequency 350 440
dualtone out-of-service
frequency 350 440
dualtone number-unobtainable
frequency 350 440
dualtone disconnect
frequency 350 440
voice-port 1/0:8
output attenuation 0
cptone C1
timeouts call-disconnect 5
timeouts wait-release 1
connection plar 11455
music-threshold -70Hi,
Sorry I missed this reply till now.
Thanks, however I tried this but it is not a valid command.
Router(config-voiceport)#supervisory custom-cptone c1
^
% Invalid input detected at '^' marker.
In the voice port config the only valid options for supervisory are:
Router(config-voiceport)#supervisory ?
disconnect Configure supervisory disconnect lcfo
Any other thoughts?
Thanks,
Shawn
Maybe you are looking for
-
Scenario: When a visitor comes to our website and creates a login, we are pushing their profile information to Eloqua via the Eloqua web services api. However, because they have not filled out an Eloqua form or clicked through an email, their page vi
-
Where can i buy a power adapter?
Hi, my unit is WRT54G. It was purchased a long time ago by a friend but she could not use it because there is no power adapter. Where can I get one here in Manila, Philippines? Thanks
-
Hi Abapers, Please tell me the Transaction code to upload data in Table T023 (Master-Material Group Creation) Regards Sundar
-
Why won't my coversations start with iMessage?
So after the update to iOS 7 my coversations won't start with iMessage. First i send a text then that person answers with iMessage and then it works...
-
Audio no longer works! in FCP
I have a new FCP Studio and all of a sudden there is no audio. I must of done something but don't know what.