CCE 507 stops forwarding traffic to internet

Our CE (which is our proxy server) constantly stops forwarding traffic to the internet. The engine does not freeze or lock up because I can telnet into it and reload and everything is fine then. This has starting happening in the last two weeks. The engine is integraded with Websense filtering. Could I be experiencing hardware issues? I did recently upgraded websense to the latest version and also upgraded the PIX 515 Firewall IOS to the latest. I am thinking maybe upgrade the IOS on the engine. Any guidance would be appreciated. Thanks in advance.

Apparently the version of Websense that I was running was not making the CE very happy. I upgraded to a new version and ever since the problem has not arise. But I am having one issue with the CE. There is one website that generates errors when going through the CE proxy server. Although when bypassing the proxy server(CE), there are no errors generated. It is only when going through the proxy that the error is generated. The error does not reflect a Websense blocking page. So it only leads me to believe that the problem is on the CE. I would like to upgrade the IOS on the CE to the latest software in an effort to resolve this. If I upgrade, should I be aware of any problems with the configuration not working after the upgrade. The device is a CE 507 with software version 2.51. Any history on this type of problem? Any help would be appreciated. I have pasted the exact error generated from the site. Thanks again.
Network Error
The server yearbookavenue1.jostens.com returned an invalid response to your request for http://yearbookavenue1.jostens.com/cgi-bin/exe2004/year2004.exe?f_4194e967209

Similar Messages

VPN stops forwarding traffic on subsequent connections (Cisco 861)

Hello everyone,
I have a very strange problem on 2 (independent) Cisco 861 routers in different places.
They are both configured as easyVPN servers. One uses UDP, the other TCP. VPN clients connect by using Cisco VPN client software. This cannot be changed because the customer expects it this way. Both routers have the same problem:
* the first VPN connection after a reset works fine. Traffic passes through and it is perfectly usable. I can ping the internal network interface on the router side from the client without problems.
* the second connection (and all subsequent ones from different client machines etc.) connects fine, no errors on the client whatsoever (not sure I evaluated all possible debug output on the "server" side). However, no traffic passes through. Pings do not come back from the 861 anymore through the VPN tunnel.
I already enabled ICMP debugging and saw that pings are actually answered by the 861, but do not reach the client.The same seems to happen to any and all other packets as well.
* If I restart the 861 the very same thing happens: first VPN connection works fine. You disconnect, try another connection from the very same client computer, and it does not work anymore until the next router reset.
I append the configuration for sake of completeness. confidential parts are represented by XXX. Some ACLs are not in use right now; I used them for testing.
Quite frankly, I am out of ideas (and desperate).
Any ideas?
Best Regards
Mike
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname XXX
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 XXX
enable password 7 XXX
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
memory-size iomem 10
clock timezone Berlin 1
crypto pki trustpoint TP-self-signed-2638506017
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2638506017
revocation-check none
rsakeypair TP-self-signed-2638506017
no ip source-route
ip cef
no ip bootp server
ip domain name local
license udi pid CISCO861-K9 sn XXX
archive
log config
hidekeys
no spanning-tree vlan 1
username root privilege 15 secret 5 XXX
username remote secret 5 XXX
crypto ctcp port 10000
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp nat keepalive 20
crypto isakmp client configuration group vpn
key XXX
pool SDM_POOL_1
acl 104
netmask 255.255.255.0
crypto isakmp profile ciscocp-ike-profile-1
   match identity group vpn
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   client configuration group vpn
   virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
interface Loopback0
ip address 192.168.234.1 255.255.255.0
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.233.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip virtual-reassembly
ip tcp adjust-mss 1452
ip local pool SDM_POOL_1 192.168.234.2 192.168.234.127
ip forward-protocol nd
no ip http server
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 10.179.232.0 255.255.255.0 192.168.233.2
ip route 172.16.0.0 255.255.0.0 192.168.233.2
ip access-list log-update threshold 10
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.233.0 0.0.0.255
access-list 100 remark XXX
access-list 100 permit ip 192.168.233.0 0.0.0.255 any
access-list 100 permit ip 192.168.234.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=4
access-list 101 permit ip 192.168.233.0 0.0.0.255 any
access-list 101 permit ip 192.168.234.0 0.0.0.255 any
access-list 102 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255
access-list 103 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255 log
access-list 103 permit ip 192.168.234.0 0.0.0.255 192.168.233.0 0.0.0.255 log
access-list 104 permit ip 192.168.233.0 0.0.0.255 any log-input
access-list 104 permit ip 192.168.234.0 0.0.0.255 any log-input
no cdp run
control-plane
banner exec ^CCC
XXX
^C
banner login ^CCC
XXX
^C
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Hi,
I addded a dynamic crypto map to the configuration according to the document you sent. However, it does not work yet.
There must be some stupid mistake or mixup with the old config.
The router logs:
000038: *Mar 1 01:19:24.047 Berlin: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Aggressive mode failed with peer at XXX
000039: *Mar 1 01:19:29.403 Berlin: CTCP: cTCP connection entry not found. Dropping the packet
Correspondingly, the client retransmits a few times during a connection attempt and then fails.
The current configuration is:
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname XXX
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret XXX
enable password XXX
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
memory-size iomem 10
clock timezone Berlin 1
crypto pki trustpoint TP-self-signed-2638506017
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2638506017
revocation-check none
rsakeypair TP-self-signed-2638506017
no ip source-route
no ip cef
no ip bootp server
ip domain name local
license udi pid CISCO861-K9 sn XXX
archive
log config
hidekeys
no spanning-tree vlan 1
username root privilege 15 secret 5 XXX
username remote secret 5 XXX
crypto ctcp keepalive 10
crypto ctcp port 10000
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp nat keepalive 20
crypto isakmp client configuration group vpn
key XXX
pool SDM_POOL_1
acl 105
netmask 255.255.255.0
crypto isakmp client configuration group testgroup
key XXX
pool SDM_POOL_1
crypto isakmp profile ciscocp-ike-profile-1
   match identity group vpn
   client authentication list ciscocp_vpn_xauth_ml_1
   isakmp authorization list ciscocp_vpn_group_ml_1
   client configuration address respond
   client configuration group vpn
crypto isakmp profile VPNclient
   description VPN clients profile
   match identity group testgroup
   client authentication list clientauth
   isakmp authorization list groupauthor
   client configuration address respond
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
crypto dynamic-map dynmap 5
set transform-set ESP-3DES-SHA
set isakmp-profile VPNclient
crypto map mymap 10 ipsec-isakmp dynamic dynmap
interface Loopback0
ip address 192.168.234.1 255.255.255.0
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
mtu 1300
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
crypto map mymap
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.233.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip virtual-reassembly
ip tcp adjust-mss 1452
ip local pool SDM_POOL_1 192.168.234.2 192.168.234.127
ip forward-protocol nd
no ip http server
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 10.179.232.0 255.255.255.0 192.168.233.2
ip route 172.16.0.0 255.255.0.0 192.168.233.2
ip access-list log-update threshold 10
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.233.0 0.0.0.255
access-list 100 remark XXX
access-list 100 permit ip 192.168.233.0 0.0.0.255 any
access-list 100 permit ip 192.168.234.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=4
access-list 101 permit ip 192.168.233.0 0.0.0.255 any
access-list 101 permit ip 192.168.234.0 0.0.0.255 any
access-list 102 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255
access-list 103 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255 log
access-list 103 permit ip 192.168.234.0 0.0.0.255 192.168.233.0 0.0.0.255 log
access-list 104 permit ip 192.168.233.0 0.0.0.255 any log-input
access-list 104 permit ip 192.168.234.0 0.0.0.255 any log-input
access-list 105 permit ip 192.168.233.0 0.0.0.255 192.168.234.0 0.0.0.255
no cdp run
control-plane
banner exec ^CCC
XXX
^C
banner login ^CCC
XXX
^C
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

ASA appears to randomly stop forwarding/routing traffic

Hi guys, got a curly one -
Our ASA appears to randomly stop forwarding traffic between interfaces. Traffic does not forward for several minutes, then it starts again. After a while the traffic stops again for a few minutes, and the cycle repeats.
If you are on a directly connected network you can still ping the ASAs local interface (I have ICMP turned on for testing). However you cannot ping the ASA from any remote network. I can ping or trace all the way up to the last hop without an issue. You also cannot ping across the ASA to servers on the other side, even from the immediate next hop (which as I mentioned above, still works) .
This would appear to point to a routing problem? Strangely, routing still functions for the management network - I have had no problems reaching the command line from elsewhere in the network.
Has anyone encountered something similar to this before?
Relevent ASA configuration commands below:
interface GigabitEthernet0/1
description DMZ Trunk interface
no nameif
no security-level
no ip address
interface GigabitEthernet0/1.220
description F5 DMZ Internal
vlan 220
nameif DMZInternal
security-level 50
ip address 172.17.20.1 255.255.255.0 standby 172.17.20.2
interface GigabitEthernet0/2
nameif Internal
security-level 100
ip address 172.17.99.254 255.255.255.0 standby 172.17.99.253
icmp permit any DMZInternal
icmp permit any Internal
route management 0.0.0.0 0.0.0.0 172.17.42.1 1
route Internal 172.16.0.0 255.240.0.0 172.17.99.1 1
EDIT: sorry forgot to post -
#sh ver
Cisco Adaptive Security Appliance Software Version 8.3(2)
Device Manager Version 6.4(1)
Compiled on Fri 30-Jul-10 17:49 by builders
System image file is "disk0:/asa832-k8.bin"
Config file at boot was "startup-config"

Hi Dan - I suggest you ask this in the forum.
hth
Herbert

10/100 ports stop forwarding on Cat.4506 SupII Cat7.6.7

On one location of our campus various 10/100 ports stop forwarding traffic after some time (port stays in notconnected state, sometimes with linkled on, sometimes off).
This happens on various ports of both Cat.4506 systems on both line-card types:
WS-X4232-GB-RJ
WS-X4148-RJ
We already replaced linecards, without succes.
Does anyone know what's wrong ?

Peter,
You would probably have a better chance of getting a solution to this issue by posting on the LAN switching forum.
Hope this helps,

5505 stops passing traffic with 9.1.3

I have a 5505 setup in my home office. It generally works well but I noticed when I upgraded it to 9.1.2.8 it would stop passing traffic after a few days. I figured this was just the interim release blues and waited until 9.1.3 came out. However, with 9.1.3 the problem is even worse. I'm actually not exactly sure what's going on. Here's what I've noticed:
I get a lot of DNS connections with the "h" flag (H.225 traffic) set. This seems like it might have some relation to the problem:
UDP outside 216.218.130.2:53 inside 192.168.234.146:50705, idle 0:00:18, bytes 534, flags h
I also get these in 9.1.2 (which works fine), but far fewer. When traffic stops passing on my ASA, I notice that I have tons of these connections in 9.1.3.
When traffic stops passing, the ASA itself can no longer get to the Internet. I can't ping my Comcast router (actually in my office, L2 adjacent to ASA). I also have some SLA probes going to the Internet which fail. If I do a clear conn all, then everything starts working again for a while. The BTF (dynamic-filter) feature seems to make it worse. If I remove it (remove dynamic-filter-snoop part) then it takes a lot longer before it stops passing traffic:
policy-map global_policy
class inspection_default
inspect dns dns-ipm dynamic-filter-snoop
What's really strange, is even if I remove all service-policy commands, I still get connections with the "h" flag. I don't believe that should be possible so perhaps a bug?
Ideas?

I have a 5505 setup in my home office. It generally works well but I noticed when I upgraded it to 9.1.2.8 it would stop passing traffic after a few days. I figured this was just the interim release blues and waited until 9.1.3 came out. However, with 9.1.3 the problem is even worse. I'm actually not exactly sure what's going on. Here's what I've noticed:
I get a lot of DNS connections with the "h" flag (H.225 traffic) set. This seems like it might have some relation to the problem:
UDP outside 216.218.130.2:53 inside 192.168.234.146:50705, idle 0:00:18, bytes 534, flags h
I also get these in 9.1.2 (which works fine), but far fewer. When traffic stops passing on my ASA, I notice that I have tons of these connections in 9.1.3.
When traffic stops passing, the ASA itself can no longer get to the Internet. I can't ping my Comcast router (actually in my office, L2 adjacent to ASA). I also have some SLA probes going to the Internet which fail. If I do a clear conn all, then everything starts working again for a while. The BTF (dynamic-filter) feature seems to make it worse. If I remove it (remove dynamic-filter-snoop part) then it takes a lot longer before it stops passing traffic:
policy-map global_policy
class inspection_default
inspect dns dns-ipm dynamic-filter-snoop
What's really strange, is even if I remove all service-policy commands, I still get connections with the "h" flag. I don't believe that should be possible so perhaps a bug?
Ideas?

My macbook pro (lion 10.7.2) stopped connecting to wireless internet even though network indicates it is connected - full bars.

My macbook pro (10.7.2) just stopped connecting to the internet. 2 other macs in the house are working fine. All 3 are in the same room as the airport. The macbook network icon indicates it is connected with full bars. We have turned the computer off and on, but no effect. Any ideas?

Have you tried turning Airport off and then on again? My own q about this is somewhere in the answered q's--what worked was either the Airport on-off or something my phone company did while I was fiddling with Airport. Good luck!
Gail

How to Stop Forward scheluding process in Sales order(VA01)

Hi ,
How to Deactivate forward scheduling proposal in sales order.....
In current systen, we have both forward and Backword scheduling process based on the material availability.
What is the customization required to do in SPRO or Master dsata changes to stop forward scheduling proposal in sales order....
Thanks & Regards
Sudheer Madisetty

HI Gopal,
Thanks for your reply
Apart form OVLY, Any other customization required to be done...?
Regards
Sudheer

Macbook pro just stopped connecting to wireless internet.

I have tried restarting it and deleting the old usernames and paswords, but nothing works. I thought it might be an internet problem but i am having the same problem at home and school.
Can anyone help me?

My macbook stopped connecting to wireless internet. Ive tried everything. HELP!
Open System Preferences then select the Network tab.
Cick Assist me... then click Diagnostics
If any of the buttons on the left are red click Continue.
That should help narrow down whether it's Wi-Fi or your settings or your ISP.
Might be something in this article you haven't tried yet > Troubleshooting Wi-Fi issues

How do I forward traffic to an IP Address from a gateway through an extreme?

I have a DVR for a Camera system attached to a WiFi Ethernet device (becuase there is too far a distance between the DVR and Cable Gateway). When it was attached directly attached to the cable modem, I used Port Forwarding to route traffic to the DVR. That worked great. NOW I have to use the WiFi adapter and that is connecting to the Airport Extreme. The Aiport Extreme is connected to that cable modem.
So I understand how to forward traffic from the modem to an IP address (the Extreme's IP perhaps ??) but then how do I send that traffic through the Extreme to the wifi-ethernet adapter connected to the DVR ?

I am on my mobile phone getting an address of 10...83 through the router 10...1.
Then the DVR setup on 10...69 IS accessible.
When I switch my wifi off (on the mobile phone) and I use the ip address (23…94) of the modem w/ port specification I do not get connected.
When I plug DIRECTLY into the Cable Modem and get an IP address of 10…53, via (Mac OS X) I CAN access the DVR again with ip of 10…69.
When I use WIFI (via the AE) I get an IP Address of 10…44 and CAN access the DVR as well.
I have also confirmed traffic is port forwarding to .69:7000 as per the port specified on the DVR.
So with all that it is confirmed, I tried it again and and still not working...
THEN I reset the AE, Resset the Wifi Adapter, Reset the DVR and updated Firmwares, started with the basics outline from everyone and IT'S WORKING!!
I believe it was actually all the AE and requiring a reset on that device.
Thank you again for all the help, this was a fun challenge!

Firefox has stopped forwarding my mail to my Mac Mail.

I had to change my Firefox password lately, so that it does not match my Mac Mail password. Then Firefox stopped forwarding my mail to my Mac Mail box.

Also make sure that you do not run Firefox in permanent Private Browsing mode.
*https://support.mozilla.com/kb/Private+Browsing
*You enter Private Browsing mode if you select: Tools > Options > Privacy > History: Firefox will: "Never Remember History"
*To see all History and Cookie settings, choose: Tools > Options > Privacy, choose the setting <b>Firefox will: Use custom settings for history</b>
* Deselect: [ ] "Permanent Private Browsing mode"

How to stop and start IGS(internet graphic server)

Hi Techies
How to stop and start IGS(internet graphic server) in Solaries
IGS is 7.0 1patch
Is this the command to stop and start IGS
stopigs and startigs
If this correct will there be any issues if i stop the IGS from the above command
Thank You
Haroon

Hoi Haroon
On base 6.40 there were stopigs/startigs scripts, yes. When we upgraded our systems to 7.0 I encountered the same problem, the igs could be stopped, but not started anymore (externally). Can you check, if the startigs/stopigs-scripts are 7.0 or 6.40.
I then opened an oss and got as answer:
"To start and to stop the igs there's only the offical way by stopping and starting the sap system".
However I found a solution to start and stop:
start:
nohup /sapmnt/<SID>/exe/igswd_mt -mode=profile pf=/usr/sap/<SID>/SYS/profile/<Instaneprofile> &
e.g.:
nohup /sapmnt/P72/exe/igswd_mt -mode=profile pf=/usr/sap/P72/SYS/profile/P72_DVEBMGS01_migzmc10 &
stop:
--> stopigs, therefore the 6.40-stopigs script has to remain in the exe directory.
Hope this helps.
Regards Patrick

Switch port in dot1x multi-auth mode stops passing traffic

Dear All,
I am experiencing a problem on a Catalyst 4510 (cat4500-ipbasek9-mz.122-53.SG.bin) with 802.1x configured. Client PCs are connected via a mini desktop switch to a Cat 4510 switched port in multi-auth mode. The configuration of the port follows:
interface GigabitEthernet2/34
switchport mode access
ip arp inspection limit rate 30
authentication host-mode multi-auth
authentication port-control auto
authentication periodic
authentication timer reauthenticate server
dot1x pae authenticator
dot1x timeout tx-period 5
dot1x max-reauth-req 6
spanning-tree portfast
ip verify source vlan dhcp-snooping
end
It happens from time to time that the Cat 4510 port stops passing traffic. Reconnecting the mini switch recovers the communication. Client PCs connected to the mini switch seem to be authorized at the moment when the problem occures. The RADIUS Termination-Action attribute is set to RADIUS-Request. The problem is not present if "authentication periodic" is disabled.
Did anyone experience a simmilar problem? Any advice?
Thanks.
Mirek

We have the same issue on 3750E switch running 12.2.(58)SE

Only system vlans forward traffic on 1000v

I am trying to migrate to a Nexus 1000v vDS but only VM's in the system VLAN can forward traffic. I do not want to make my voice vlan a system VLAN but that is the only way I can get a VM in that VLAN to work properly. I have a host with its vmk in the L3Control port group. From the VSM, a show module shows the VEM 3 with an "ok" status. I currently only have 1 NIC under the vDS control. My VM's using the VM_Network port group work fine and can forward traffic normally. When I put a VM in the Voice_Network port group I lose communication with it. If I add vlan 5 as a system vlan to my Uplink port profile then the VM's in the Voice_Network work properly. I thought you shouldn't create system vlans for each vlan and only use it for critical management functions so I would rather not make it a system vlan. Below is my n1k config. The upstream switch is a 2960X with the "switchport mode trunk" command. Am I missing something that is not allowing VLAN 5 to communicate over the Uplink port profile?
port-profile type ethernet Unused_Or_Quarantine_Uplink
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet Unused_Or_Quarantine_Veth
vmware port-group
shutdown
description Port-group created for Nexus1000V internal usage. Do not use.
state enabled
port-profile type vethernet VM_Network
vmware port-group
switchport mode access
switchport access vlan 1
no shutdown
system vlan 1
max-ports 256
description VLAN 1
state enabled
port-profile type vethernet L3-control-vlan1
capability l3control
vmware port-group L3Control
switchport mode access
switchport access vlan 1
no shutdown
system vlan 1
state enabled
port-profile type ethernet iSCSI-50
vmware port-group "iSCSI Uplink"
switchport mode trunk
switchport trunk allowed vlan 50
switchport trunk native vlan 50
mtu 9000
channel-group auto mode active
no shutdown
system vlan 50
state enabled
port-profile type vethernet iSCSI-A
vmware port-group
switchport access vlan 50
switchport mode access
capability iscsi-multipath
no shutdown
system vlan 50
state enabled
port-profile type vethernet iSCSI-B
vmware port-group
switchport access vlan 50
switchport mode access
capability iscsi-multipath
no shutdown
system vlan 50
state enabled
port-profile type ethernet Uplink
vmware port-group
switchport mode trunk
switchport trunk allowed vlan 1,5
no shutdown
system vlan 1
state enabled
port-profile type vethernet Voice_Network
vmware port-group
switchport mode access
switchport access vlan 5
no shutdown
max-ports 256
description VLAN 5
state enabled

Below is the output you requested. Thank you.
~ # vemcmd show card
Card UUID type 2: 4c4c4544-004c-5110-804a-b9c04f564831
Card name: synergvm5
Switch name: synergVSM
Switch alias: DvsPortset-0
Switch uuid: 7d e9 0d 50 b3 3b 25 47-64 14 61 c0 3f c0 7b d9
Card domain: 4094
Card slot: 3
VEM Tunnel Mode: L3 Mode
L3 Ctrl Index: 49
L3 Ctrl VLAN: 1
VEM Control (AIPC) MAC: 00:02:3d:1f:fe:02
VEM Packet (Inband) MAC: 00:02:3d:2f:fe:02
VEM Control Agent (DPA) MAC: 00:02:3d:4f:fe:02
VEM SPAN MAC: 00:02:3d:3f:fe:02
Primary VSM MAC : 00:50:56:aa:70:b9
Primary VSM PKT MAC : 00:50:56:aa:70:bb
Primary VSM MGMT MAC : 00:50:56:aa:70:ba
Standby VSM CTRL MAC : 00:50:56:aa:70:b6
Management IPv4 address: 172.30.2.64
Management IPv6 address: 0000:0000:0000:0000:0000:0000:0000:0000
Primary L3 Control IPv4 address: 172.30.100.1
Secondary VSM MAC : 00:00:00:00:00:00
Secondary L3 Control IPv4 address: 0.0.0.0
Upgrade : Default
Max physical ports: 32
Max virtual ports: 216
Card control VLAN: 1
Card packet VLAN: 1
Control type multicast: No
Card Headless Mode : No
       Processors: 16
Processor Cores: 8
Processor Sockets: 2
Kernel Memory:   62904468
Port link-up delay: 5s
Global UUFB: DISABLED
Heartbeat Set: True
PC LB Algo: source-mac
Datapath portset event in progress : no
Licensed: Yes
~ # vemcmd show port
LTL   VSM Port Admin Link State PC-LTL SGID Vem Port Type
   24     Eth3/8     UP   UP    FWD       0          vmnic7
   49      Veth1     UP   UP    FWD       0            vmk1
   50      Veth2     UP   UP    FWD       0        XP-Voice.eth0
   51      Veth3     UP   UP    FWD       0        synergPresence.eth0
~ # vemcmd show port vlans
                          Native VLAN   Allowed
LTL   VSM Port Mode    VLAN    State* Vlans
   24     Eth3/8   T          1   FWD    1
   49      Veth1   A          1   FWD    1
   50      Veth2   A          1   FWD    1
   51      Veth3   A          5   FWD    5
* VLAN State: VLAN State represents the state of allowed vlans.
~ # vemcmd show bd
Number of valid BDS: 10
BD 1, vdc 1, vlan 1, swbd 1, 5 ports, ""
Portlist:
BD 2, vdc 1, vlan 3972, swbd 3972, 0 ports, ""
Portlist:
BD 3, vdc 1, vlan 3970, swbd 3970, 0 ports, ""
Portlist:
BD 4, vdc 1, vlan 3969, swbd 3969, 2 ports, ""
Portlist:
      8
      9
BD 5, vdc 1, vlan 3968, swbd 3968, 3 ports, ""
Portlist:
      1 inban
      5 inband port securit
     11
BD 6, vdc 1, vlan 3971, swbd 3971, 2 ports, ""
Portlist:
     14
     15
BD 7, vdc 1, vlan 5, swbd 5, 1 ports, ""
Portlist:
     51 synergPresence.eth0
BD 8, vdc 1, vlan 50, swbd 50, 0 ports, ""
Portlist:
BD 9, vdc 1, vlan 77, swbd 77, 0 ports, ""
Portlist:
BD 10, vdc 1, vlan 199, swbd 199, 0 ports, ""
Portlist:
~ #

How ASA forwarding traffic to AIP-SSM

Hi All,
Can someone help how ASA device forwarding traffic to AIP-SSM? I'm not taking abt Configuration part like Class-map, policy-map and service policy....want to understand the traffic flow from ASA once traffic matched with ACL to AIP-SSM.
From one of Cisoc document, understood that the module using a Cisco Propietary protocol for communicating with ASA appliance.
================================================================================================================
FYR from Cisco Website:
Q. How does the Cisco ASA AIP-SSM plug into and communicate with the appliance?
A. The Cisco ASA AIP-SSM plugs directly into the SSM slot in the Cisco ASA appliance's chassis. This provides a direct connection to the appliance's backplane. Once the module is installed, a proprietary protocol runs over the bus and controls data flow and messaging between the module and appliance.
================================================================================================================
Regards,
S.Vinoth

Hey ,
as you mentioned above , it uses a cisco Probietary protocol for that communication , there are two interfaces , control channel and data channnel , data channel is where the traffic being forwarded , the backplane is the connection between the ASA and the IPS interface .
Hope that this helps .
Mohammad.

Simulator Play/Stop/Forward chapter buttons

This is probably the easiest of questions, figuring as such since I searched the forums and I don't see anything on it. I am new to DVDSP and can kind of find my way around, but need help on some things.
I have a movie I have exported out of FCP with chapter markers as an m2v file with sound as ac3. Placed in DVDSP and then pointed each text item on the menu to go to the chapters and they work however when I use the Simulator, the play, stop, forward and back chapter buttons don't work.

Answered.

CCE 507 stops forwarding traffic to internet

Similar Messages

Maybe you are looking for