Cisco 1801 setup
Hey folks,
I have blown the dust of my Cisco 1801 and looke the books out to put a decent router on my network now I am running my own server however I have hit a few bumps but totally stick now. Any help?
DHCP is disabled and I can't remember the subnet.
Connected with the console cable but finding my admin password isn't accepted
Running the password recovery but unable to access ROMMON using special command > break
I should get this but the ATA monitor libray just loads and I get stuck on the password screen.
*** System received an abort due to Break Key ***
signal= 0x3, code= 0x500, context= 0x813ac158
PC = 0x802d0b60, Vector = 0x500, SP = 0x80006030
rommon 1 >
From what I gather (still green behind the ears) the ROMMON command has been disabled.
Any way to get into my Cisco or do I need to reload the IOS on the flash card?
Here is my event log/putty output
Event log
2012-11-09 19:59:47 Opening serial device COM6
2012-11-09 19:59:47 Configuring baud rate 9600
2012-11-09 19:59:47 Configuring 8 data bits
2012-11-09 19:59:47 Configuring 1 data bits
2012-11-09 19:59:47 Configuring no parity
2012-11-09 19:59:47 Configuring no flow control
2012-11-09 19:59:52 Starting serial break at user request
2012-11-09 19:59:52 Starting serial break at user request
Putty Output
System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
C1800 platform with 131072 Kbytes of main memory with parity disabled
Upgrade ROMMON initialized
boot: unsupported boot device "c180x-adventerprisek9-mz.124-6.T2.bin"
System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
C1800 platform with 131072 Kbytes of main memory with parity disabled
Upgrade ROMMON initialized
program load complete, entry point: 0x80012000, size: 0xc0c0
Initializing ATA monitor library.......
program load complete, entry point: 0x80012000, size: 0xc0c0
Initializing ATA monitor library.......
program load complete, entry point: 0x80012000, size: 0x11b8f98
Self decompressing the image : ########################################################################################################################################################################################################################################################################################################################################################### [OK]
Restricted Rights Legend
Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.
cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706
Cisco IOS Software, C180X Software (C180X-ADVENTERPRISEK9-M), Version 12.4(6)T5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 06-Oct-06 17:18 by kellythw
Image text-base: 0x80012124, data-base: 0x820F0000
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 1801 (MPC8500) processor (revision 0x400) with 118784K/12288K bytes of memory.
Processor board ID FCZ113812MC, with hardware revision 0000
9 FastEthernet interfaces
1 ISDN Basic Rate interface
1 ATM interface
63488K bytes of ATA CompactFlash (Read/Write)
Installed image archive
Cheers folks, removing the USB to seriel cable and going direct from the com port on my server has solved it.Now I am to load a new IOS to the flash card?
My putty output in case it helps others
Password reset
monitor: command "boot" aborted due to user interrupt
rommon 1 > confreg 0x42
You must reset or power cycle for new config to take effect
rommon 2 > reset
After password reset
System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
C1800 platform with 131072 Kbytes of main memory with parity disabled
Upgrade ROMMON initialized
boot: unsupported boot device "c180x-adventerprisek9-mz.124-6.T2.bin"
System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
C1800 platform with 131072 Kbytes of main memory with parity disabled
Upgrade ROMMON initialized
boot: cannot open "flash:"
boot: cannot determine first file name on device "flash:"
System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
C1800 platform with 131072 Kbytes of main memory with parity disabled
Upgrade ROMMON initialized
boot: cannot open "flash:"
boot: cannot determine first file name on device "flash:"
System Bootstrap, Version 12.3(8r)YH8, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 2006 by cisco Systems, Inc.
C1800 platform with 131072 Kbytes of main memory with parity disabled
Upgrade ROMMON initialized
rommon 1 >
Similar Messages
-
ISE cannot push the profile to the cisco network setup assistant?
We have tried a few android devices with version 4.2+ but still got the error message ‘Unable to download profile.(Have you logged into the guest portal?)’ as shown at the bottom picture.
In fact, we are connecting the devices to an open SSID which performs MAC filtering, then redirect to CWA and login with AD credentials,
then redirect to Google play store and can successfully download the network setup assistant.
Could you please advise the possible reasons that would cause this error message and make ISE cannot push the profile to the cisco network setup assistant?Here's a snipit from the Android spw.log. I see that there is an error trying to verify the hostname. Is it possible that this is caused by a non-trusted certificate? I'm using the self-signed cert built into ISE. I have an entry in the public DNS for guest.domain.com that resolves to the IP of my ISE server accessible from the guest subnet. I'm allowing all traffic from the guest VLAN to the ISE vlan on the firewall and all traffic to/from the ISE server in the provisioning ACL I have applied by ISE on the WLC during native supplicant provisioning. I know that guests can communicate with the ISE server since regular guest portal redirection works, just not the network setup assistant. I've renamed the domain to domain.com in this snipit.
2014.07.20 23:44:48 INFO:verion :4.4.4 SDK Level : 19
2014.07.20 23:44:48 INFO:State :START
2014.07.20 23:44:48 INFO:Starting Discovery
2014.07.20 23:44:48 INFO:Starting ISEDiscoveryAsynchTask
2014.07.20 23:44:48 INFO:DHCP Stringipaddr 192.168.30.110 gateway 192.168.30.1 netmask 255.255.255.0 dns1 208.67.222.222 dns2 208.67.220.220 DHCP server 192.168.30.1 lease 3600 seconds
2014.07.20 23:44:48 INFO:DHCP ipaddress192.168.30.110
2014.07.20 23:44:48 INFO:DHCP gateway192.168.30.1
2014.07.20 23:44:48 INFO:Discoverng ISE http return code :200
2014.07.20 23:44:48 INFO:ISEServer =guest.domain.com
2014.07.20 23:44:48 INFO:session =0516a8c000001932f37acc53
2014.07.20 23:44:48 INFO:Discovered using gateway :18786496
2014.07.20 23:44:48 INFO:Discovered ise server = guest.domain.com
2014.07.20 23:44:48 INFO:Discovered client mac = 5C-0A-5B-FC-37-0F
2014.07.20 23:44:48 INFO:Server:Key=guest.domain.com:0516a8c000001932f37acc53
2014.07.20 23:44:48 INFO:Downloading config fromguest.domain.com
2014.07.20 23:44:48 INFO:checkServerTrusted call
2014.07.20 23:44:48 INFO:checkServerTrusted call
2014.07.20 23:44:48 ERROR:DownloadprofileAsynchTask
2014.07.20 23:44:48 ERROR:java.io.IOException: Hostname 'guest.domain.com' was not verified
2014.07.20 23:44:48 ERROR:Hostname 'guest.domain.com' was not verified
2014.07.20 23:44:48 INFO:Internal system error.
On the ISE side, here is the snippet of logs during the same time as when the android network setup assistant was run.
2014-07-20 23:41:38,586 INFO [DefaultQuartzScheduler_Worker-6][] cisco.cpm.infrastructure.utils.NodeGroupFWUtil -:::::- Applied Firewall rules for node group.
2014-07-20 23:42:35,251 INFO [AbandonedTransactionReaper][] com.cisco.epm.db.AbandonedTransactionReaper -:::::- In AbandonedTransactionReaper : MaxActive : 20
0 CurrentActive : 0 MaxIdle : 200 MinIdle : 0 CurrentIdle : 2
2014-07-20 23:42:39,394 INFO [AbandonedTransactionReaper][] com.cisco.epm.db.AbandonedTransactionReaper -::::PDPInitialization:- In AbandonedTransactionReaper
: MaxActive : 200 CurrentActive : 0 MaxIdle : 200 MinIdle : 0 CurrentIdle : 0
2014-07-20 23:42:49,765 INFO [DataSourceListener Thread][] api.services.persistance.dao.DistributionDAO -:::::- In DAO getRepository method for HostConfig Type
: ACTIVE
2014-07-20 23:42:56,805 INFO [PDP-Heartbeats-0][] com.cisco.cpm.clustering.MnTClient -::::pdpha:- Removing session 0516a8c00000196f2a95cc53
2014-07-20 23:42:56,806 WARN [PDP-Heartbeats-0][] cpm.nsf.session.impl.SystemStateManager -::::pdpha:- Session 0516a8c00000196f2a95cc53 not found at complete
2014-07-20 23:43:35,441 INFO [portal-http-844314][] cisco.epm.license.flexlm.FlexlmFileHandler -:::::- Is License Valid for seId [1] = true
2014-07-20 23:43:35,441 INFO [portal-http-844314][] com.cisco.epm.license.LicensingManager -:::::- License is valid [true] for SeriveType [1]
2014-07-20 23:43:35,750 WARN [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- --- GuestPortalUtils: Una
ble to determine language. Defaulting to English
2014-07-20 23:43:35,768 WARN [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- --- GuestPortalUtils: Una
ble to determine language. Defaulting to English
2014-07-20 23:43:35,768 INFO [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- initializing page definit
ion
2014-07-20 23:43:35,769 INFO [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- Created guest theme page
def
2014-07-20 23:44:18,090 WARN [portal-http-844315][] cisco.cpm.guestportal.actions.SelfProvisioningAction -:test:0516a8c000001932f37acc53::guest:- ***BYOD Regi
stration Data***
macAddress: 5C:0A:5B:FC:37:0F
portalUser: test
authStoreName: Internal Users
authStoreGuid: 78954c30-e0f0-11e3-af67-005056bf4689
2014-07-20 23:44:18,113 INFO [portal-http-844315][] com.cisco.epm.jms.AQMessgeHandler -:test:0516a8c000001932f37acc53::guest:- Publishing message for event [T
xnCommit / commit] and message class[class com.cisco.epm.pap.api.transaction.Transaction]
2014-07-20 23:44:18,167 WARN [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- --- GuestPortalUtils
: Unable to determine language. Defaulting to English
2014-07-20 23:44:18,168 INFO [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- initializing page de
finition
2014-07-20 23:44:18,169 INFO [portal-http-844315][] cisco.cpm.guestportal.utils.CoAExecutorService -:test:0516a8c000001932f37acc53::guest:- Issue CoA reauth i
n 2000 milliseconds for sessionName 0516a8c000001932f37acc53
2014-07-20 23:44:18,171 WARN [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- --- GuestPortalUtils
: Unable to determine language. Defaulting to English
2014-07-20 23:44:18,172 INFO [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- initializing page de
finition
2014-07-20 23:44:18,173 INFO [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- Created guest theme
page def
2014-07-20 23:44:20,171 INFO [pool-19-thread-4][] cisco.cpm.guestportal.utils.CoAReauthTask -:test:0516a8c000001932f37acc53::guest:- Running CoAReauthTask for
_sessionName 0516a8c000001932f37acc53
2014-07-20 23:44:20,194 INFO [pool-19-thread-4][] cisco.cpm.guestportal.utils.CoAReauthTask -:test:0516a8c000001932f37acc53::guest:- Issue Local CoA for sessi
on 0516a8c000001932f37acc53
2014-07-20 23:44:50,768 INFO [ContainerBackgroundProcessor[StandardEngine[Catalina]]][] cpm.admin.infra.action.SessionCounterListener -:::::- sessionDestroyed
- deducted one session from counter - Session ID - 0FFE9C73C9209D4EE2534558CB8F723B - Session Count - 0
2014-07-20 23:46:58,502 INFO [portal-http-844315][] cisco.epm.license.flexlm.FlexlmFileHandler -:::::- Is License Valid for seId [1] = true
2014-07-20 23:46:58,502 INFO [portal-http-844315][] com.cisco.epm.license.LicensingManager -:::::- License is valid [true] for SeriveType [1]
2014-07-20 23:46:58,693 WARN [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- --- GuestPortalUtils: Una
ble to determine language. Defaulting to English
2014-07-20 23:46:58,702 INFO [portal-http-844315][] cisco.cpm.provisioning.cache.FlowStateCacheManager -::0516a8c000001932f37acc53::guest:- Deleted old flow st
ate session with device id 5C-0A-5B-FC-37-0F -
Cisco Network Setup Assistant Unable to install the certificate on Android KitKat
Greetings,
I'm having issues with deploying the CA. Although the Cisco app fails, the user cert (but no CA) appears to install and is accessible during wifi setup. I am running the latest version of Cisco Network Setup Assistant 1.2.42. The phone is running Android KitKat 4.4.4, not rooted, running stock T-Mobile rom. I'm able to authenticate with the guest side, and get as far as Installing Certificates... Reference the screen shots attached.
Error message cisco Network Setup Assistant: "Unable to install the certificate. Exit the application and run it again to continue to the installation."
I have ran the application several times, it keeps returning to this same message.
After failure of the Cisco app, I noticed there is a certificate manager with CA cert and key, and than subsequently one new key continues to loop after until I cancel (also in screenshots).
I have tried decryption, removing all security, and clearing credentials, yet the problem persists. Any help is appreciated.Greetings,
I'm having issues with deploying the CA. Although the Cisco app fails, the user cert (but no CA) appears to install and is accessible during wifi setup. I am running the latest version of Cisco Network Setup Assistant 1.2.42. The phone is running Android KitKat 4.4.4, not rooted, running stock T-Mobile rom. I'm able to authenticate with the guest side, and get as far as Installing Certificates... Reference the screen shots attached.
Error message cisco Network Setup Assistant: "Unable to install the certificate. Exit the application and run it again to continue to the installation."
I have ran the application several times, it keeps returning to this same message.
After failure of the Cisco app, I noticed there is a certificate manager with CA cert and key, and than subsequently one new key continues to loop after until I cancel (also in screenshots).
I have tried decryption, removing all security, and clearing credentials, yet the problem persists. Any help is appreciated. -
Cisco Network Setup Assistant with WIndows8
Hi, I'm trying to provisioning on Windows 8(Surface pro)
When the Cisco Network setup Assistant is on, it asks 'network password' while the ssid is wpa2-enterprise.
and I configured as it is on NSP.
Is it a bug ??Hi,
What version of ise are you on, also what is the windows native supplicant provisioning version? See if the release notes for 1.2 meet your current design.
http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp378491
Thanks,
Tarik Admani
*Please rate helpful posts* -
ADSL drops 4-5 times a day with Cisco 1801
Hello
I have had this on going problem with a Cisco 1801. It loses its connection to the ISP about 4-5 times a day. I have looked at other posts and tried the recommendations but it still happens.
Can you help?
1801#sh dsl int atm 0
ATM0
Alcatel 20190 chipset information
ATU-R (DS) ATU-C (US)
Modem Status: Showtime (DMTDSL_SHOWTIME)
DSL Mode: ITU G.992.1 (G.DMT) Annex A
ITU STD NUM: 0x03 0x2
Vendor ID: 'STMI' 'TSTC'
Vendor Specific: 0x0000 0x0000
Vendor Country: 0x0F 0xB5
Chip ID: C196 (0)
DFE BOM: DFE3.0 Annex A (1)
Capacity Used: 100% 53%
Noise Margin: 3.0 dB 23.0 dB
Output Power: 19.5 dBm 12.5 dBm
Attenuation: 48.0 dB 24.0 dB
FEC ES Errors: 0 0
ES Errors: 2883 42
SES Errors: 0 0
LOSES Errors: 0 0
UES Errors: 0 0
Defect Status: None None
Last Fail Code: None
Watchdog Counter: 0xCF
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction: 0x00
Interrupts: 4207 (0 spurious)
PHY Access Err: 0
Activations: 16
LED Status: ON
LED On Time: 100
LED Off Time: 100
Init FW: init_3.0.33_nobist.bin
Operation FW: AMR-3.0.033.bin
FW Source: external
FW Version: 3.0.33
Interleave Fast Interleave Fast
Speed (kbps): 3968 0 448 0
Cells: 19357 0 16389003 0
Reed-Solomon EC: 43465 0 26 0
CRC Errors: 0 0 5 0
Header Errors: 0 0 5 0
Total BER: 0E-0 0E-0
Leakage Average BER: 0E-0 0E-0
ATU-R (DS) ATU-C (US)
Bitswap: enabled enabled
Bitswap success: 0 0
Bitswap failure: 0 0
LOM Monitoring : Disabled
DMT Bits Per Bin
000: 0 0 0 0 0 0 2 5 6 7 7 7 8 8 8 8
010: 8 8 7 7 7 7 7 6 6 6 5 5 4 3 0 0
020: 0 0 0 0 0 A A B B B B B B B 8 B
030: B B B B B B B B B B B A B B A A
040: 0 A A A A 2 A A A A A A A A A A
050: A A A A 9 9 9 9 9 A A 9 9 9 9 9
060: A A A A A A A A A 9 A A 9 9 9 9
070: 9 9 9 9 9 9 9 9 9 9 9 7 9 7 8 7
080: 7 4 4 6 7 5 5 5 4 7 5 8 6 8 6 8
090: 5 8 4 7 6 7 6 7 6 7 6 6 6 5 5 4
0A0: 0 0 3 4 5 5 6 0 6 5 5 2 5 4 5 4
0B0: 3 2 2 2 3 4 4 2 2 3 2 2 2 3 3 4
0C0: 0 4 2 4 4 3 2 2 2 2 2 2 2 2 2 2
0D0: 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0E0: 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 0
0F0: 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0
DSL: Training log buffer capability is not enabled
sh log
000230: Jan 25 13:13:15.378 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down
000231: Jan 25 13:13:37.998 UTC: %LINK-3-UPDOWN: Interface ATM0, changed state to upFirst of all it seems the line is severely attenuated:
Capacity Used: 100% 53%
Noise Margin: 3.0 dB 23.0 dB
Attenuation: 48.0 dB 24.0 dB
FEC ES Errors: 0 0
ES Errors: 2883 42
If you could have telco select a better pair that would probably help. If you have a support contract, there is newer FW that the one you're using via ftp, under /cisco/access/800. I'm not sure if that would help anyway. -
Problem with VPN client on Cisco 1801
Hi,
I have configured a new router for a customer.
All works fine but i have a strange issue with the VPN client.
When i start the VPN the client don't close the connection, ask for password, start to negotiate security policy the show the not connected status.
This is the log form the VPN client:
Cisco Systems VPN Client Version 5.0.07.0290
Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 6.1.7601 Service Pack 1
Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
1 14:37:59.133 04/08/13 Sev=Info/6 GUI/0x63B00011
Reloaded the Certificates in all Certificate Stores successfully.
2 14:38:01.321 04/08/13 Sev=Info/4 CM/0x63100002
Begin connection process
3 14:38:01.335 04/08/13 Sev=Info/4 CM/0x63100004
Establish secure connection
4 14:38:01.335 04/08/13 Sev=Info/4 CM/0x63100024
Attempt connection with server "asgardvpn.dyndns.info"
5 14:38:02.380 04/08/13 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with 79.52.36.120.
6 14:38:02.384 04/08/13 Sev=Info/4 IKE/0x63000001
Starting IKE Phase 1 Negotiation
7 14:38:02.388 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 79.52.36.120
8 14:38:02.396 04/08/13 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
9 14:38:02.396 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
10 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 79.52.36.120
11 14:38:02.460 04/08/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 79.52.36.120
12 14:38:02.506 04/08/13 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
13 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
14 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports DPD
15 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
16 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
17 14:38:02.460 04/08/13 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
18 14:38:02.465 04/08/13 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
19 14:38:02.465 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 79.52.36.120
20 14:38:02.465 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
21 14:38:02.465 04/08/13 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0xCEFD, Remote Port = 0x1194
22 14:38:02.465 04/08/13 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
23 14:38:02.465 04/08/13 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
24 14:38:02.502 04/08/13 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = 79.52.36.120
25 14:38:02.502 04/08/13 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 79.52.36.120
26 14:38:02.502 04/08/13 Sev=Info/4 CM/0x63100015
Launch xAuth application
27 14:38:07.623 04/08/13 Sev=Info/4 CM/0x63100017
xAuth application returned
28 14:38:07.623 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 79.52.36.120
29 14:38:12.656 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
30 14:38:22.808 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
31 14:38:32.949 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
32 14:38:43.089 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
33 14:38:53.230 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
34 14:39:03.371 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
35 14:39:13.514 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
36 14:39:23.652 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
37 14:39:33.807 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
38 14:39:43.948 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
39 14:39:54.088 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
40 14:40:04.233 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
41 14:40:14.384 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
42 14:40:24.510 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
43 14:40:34.666 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
44 14:40:44.807 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
45 14:40:54.947 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
46 14:41:05.090 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
47 14:41:15.230 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
48 14:41:25.370 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
49 14:41:35.524 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
50 14:41:45.665 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
51 14:41:55.805 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
52 14:42:05.951 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
53 14:42:16.089 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
54 14:42:26.228 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
55 14:42:36.383 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
56 14:42:46.523 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
57 14:42:56.664 04/08/13 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
58 14:43:02.748 04/08/13 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=2B1FFC3754E3B290 R_Cookie=73D546631A33B5D6) reason = DEL_REASON_CANNOT_AUTH
59 14:43:02.748 04/08/13 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 79.52.36.120
60 14:43:03.248 04/08/13 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=2B1FFC3754E3B290 R_Cookie=73D546631A33B5D6) reason = DEL_REASON_CANNOT_AUTH
61 14:43:03.248 04/08/13 Sev=Info/4 CM/0x63100014
Unable to establish Phase 1 SA with server "asgardvpn.dyndns.info" because of "DEL_REASON_CANNOT_AUTH"
62 14:43:03.248 04/08/13 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
63 14:43:03.262 04/08/13 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
64 14:43:03.262 04/08/13 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
65 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
66 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
67 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
68 14:43:03.265 04/08/13 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
And this is the conf from the 1801:
hostname xxx
boot-start-marker
boot-end-marker
enable secret 5 xxx
aaa new-model
aaa authentication login xauthlist local
aaa authorization network groupauthor local
aaa session-id common
dot11 syslog
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.1.1 10.0.1.10
ip dhcp excluded-address 10.0.1.60 10.0.1.200
ip dhcp excluded-address 10.0.1.225
ip dhcp excluded-address 10.0.1.250
ip dhcp pool LAN
network 10.0.1.0 255.255.255.0
default-router 10.0.1.10
dns-server 10.0.1.200 8.8.8.8
domain-name xxx
lease infinite
ip name-server 10.0.1.200
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip inspect log drop-pkt
ip inspect name Firewall cuseeme
ip inspect name Firewall dns
ip inspect name Firewall ftp
ip inspect name Firewall h323
ip inspect name Firewall icmp
ip inspect name Firewall imap
ip inspect name Firewall pop3
ip inspect name Firewall rcmd
ip inspect name Firewall realaudio
ip inspect name Firewall rtsp
ip inspect name Firewall esmtp
ip inspect name Firewall sqlnet
ip inspect name Firewall streamworks
ip inspect name Firewall tftp
ip inspect name Firewall vdolive
ip inspect name Firewall udp
ip inspect name Firewall tcp
ip inspect name Firewall https
ip inspect name Firewall http
multilink bundle-name authenticated
username xxx password 0 xxxx
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group xxx
key xxx
dns 10.0.1.200
wins 10.0.1.200
domain xxx
pool ippool
acl 101
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set xauthtransform esp-des esp-md5-hmac
crypto dynamic-map dynmap 10
set transform-set myset
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
archive
log config
hidekeys
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
dsl operating-mode adsl2+
hold-queue 224 in
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
ip address 10.0.1.10 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp pap sent-username aliceadsl password 0 aliceadsl
crypto map clientmap
ip local pool ippool 10.16.20.1 10.16.20.200
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 10.0.1.2
ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 10.0.1.60 1056 interface Dialer0 1056
ip nat inside source static tcp 10.0.1.60 1056 interface Dialer0 1056
ip nat inside source static tcp 10.0.1.60 3111 interface Dialer0 3111
ip nat inside source static udp 10.0.1.60 3111 interface Dialer0 3111
ip nat inside source list 101 interface Dialer0 overload
access-list 101 remark *** ACL nonat ***
access-list 101 deny ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
access-list 101 permit ip 10.0.1.0 0.0.0.255 any
access-list 150 remark *** ACL split tunnel ***
access-list 150 permit ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
control-plane
line con 0
no modem enable
line aux 0
line vty 0 4
password xxx
scheduler max-task-time 5000
end
Anyone can help me ?
Sometimes the vpn can be vreated using the iPhone or iPad vpn client...I am having a simuliar issue with my ASA 5505 that I have set up. I am trying to VPN into the Office. I have no problem accessing the Office network when I am on the internet without the ASA 5505. After I installed the 5505, and there is internet access, I try to connect to the Office network without success. The VPN connects with the following error.
3 Dec 31 2007 05:30:00 305006 xxx.xx.114.97
regular translation creation failed for protocol 50 src inside:192.168.1.9 dst outside:xxx.xx.114.97
HELP? -
This post needs to go across a few forums but I will start here first.
I have an 857W router which I want to replace my home ADSL router with.
I can setup the ADSL / routing no problem but I am struggling to find a good resource on setting up the wireless.
Can anyone guide me to some basic setup guides to securing the wireless on this box.
ThanksYou can find some good all round examples:-
http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/enetintr.html -
EA3500 Cisco Connect Setup problem?
So i recently resetted my Linksys EA3500 and i lost the CD so i download the Cisco Connect for the EA3500.I connected my EA3500 using the ethernet cable to my laptop,run the setup,and then on 25% it said that no wireless routers were found.I already connected it using an ethernet cable i dont understand why it is still not found.What should i do?
Hi geraldicg , make sure that the wireless switch on your computer is turned on. I recommend that you try another laptop (if available). If no luck, configure the router manually by accessing 192.168.1.1 or myrouter.local. Check this out:
Title: Accessing your Linksys Smart Wi-Fi Account through a web browser -
Hi Guys,
Here is my basic setup
I have an ASA 5512 gig0 connects to the internet
G1 connects to the inside on 192.168.35.254 then plugs direct into a switch.
I'm confused on the setup to get the IPS running. do i need to set the IPS in the same range as my inside interface? and also what do i set the IPS gateway to 192.168.35.254 my inside ASA interface?
Once this is done done a need to setup a rule within the MPF to foward all traffic to it?
Thanks
James.Also check these helpful ASA IPS config links
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/modules_ips.pdf
http://itzecurity.blogspot.co.uk/2013/12/configuring-cisco-asa-ips-module.html
p://www.cisco.com/c/en/us/td/docs/security/asa/asa84/asdm64/configuration_guide/asdm_64_config/modules_ips.pdf
http://www.cisco.com/c/en/us/td/docs/security/ips/7-1/configuration/guide/cli/cliguide71/cli_asa_ips.html -
Cisco Connect setup stuck at 90% Linksys E900
Hi,
Today evening i had to restart my routers settings and I also formatted (don't know if it's a good word in english, i mean recovering operating system) my disk and now i can't install Cisco Connection Again on my laptop (win8). The setup process is always stuck at 90% (after few or more minutes there's message that configurating failed...), what's wierd is that i can explore the internet and use settings of router in web browser ( http://192.168.1.1 ) when setup is stuck. After getting "FAIL message" i cant use internet anymore.
I beg for your help! ;<
Thanks in advance.Do you want to use the Cisco Connect software? If not, then you can always go for manual troubleshooting. Linksys designe cisco connect as a tool to help manage the router. If you need to use it, I suggest that you download the software from the linksys website and start all over again. Before you run the software, reset the router first for 10 seconds, reboot the router and once it's ready run cisco connect.
Just make sure that you do not have any firewalls enabled or antivirus software that may interfere with the setup process. Again if you don't need the software jsut go with manual troubleshooting. You always have different options. -
Cisco vlan setup w a windows 2003 dhcp server help
Can anyone give me some tips or point me to some documentation on setting up a catalyst 4500 series w vlans and a windows 2003 server w associated dhcp scopes? Just for curiosity, what is a good vlan design for a college. I was thinking a student, a staff, a faculty, and a guest and or mgmt vlan. Also, on the guest vlan how would I setup an outbound acl to only allow port 80 traffic? Thanks in advance.
Hi
Try to limit the number of users per vlan to no more than a class C subnet if you can. We use half a class C /25 network in our offices.
If you can break up the vlans to match the different type of users then that would be a good start. It means you can further down the line apply different security policies to the different vlans which in your situation you may well want to do. Don't worry if for example you need to use 2 or 3 vlans for students it's not a problem.
Attached is a link for 4500 configuration. You need to look at the following chapters primarily
1) Configuring VLAN's VTP & VMPS.
2) Configuring Layer 3 interfaces. Look at the section on logical layer 3 SVI's.
http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/conf.html
On the guest vlan you would need something like (assuming guest vlan subnet range is 192.168.1.0/24
access-list 120 permit tcp 192.168.1.0 255.255.255.0 any eq www
access-list 120 deny ip 192.168.1.0 255.255.255.0 any
and apply it on the inbound vlan interface. ie. if your vlan for guest users is vlan 20
switch(config)# vlan 20
switch(config-if)# ip access-group 120 in
As for the W2003 server, not done much with windows. You will need DHCP manager which should be under admin tools. Make sure you exclude the addresses for each subnet that you allocate to the 4500 layer 3 interfaces ie
switch(config)# vlan 20
switch(config-t)# ip address 192.168.1.1 255.255.255.0
In your DHCP scope 192.168.1.1 will be the default gateway for your clients and you should exclude this from the scope.
Hope this is enough to get you started
Jon -
Cisco Error: Setup failed to launch installation engine
When launching the CSA installation, I am getting an error that says "Setup failed to launch installation engine. Access denied." This agent kit has been deployed to hundreds of servers with no problems. Has anyone see this problem before or know of a solution?
Check your access rights and the version of Installshield on the server. I've seen a conlict with newer versions (1/3/2003 or newer) of Ikernel.exe left over from other installations.
-
Can anyone tell me how I would set up dsl on my soho router, The config I have seen has the atm0 setup and also a dialler interface setup, Is this the way it must be done , cant you just set it up on the atm interface ?
Carl,
How are you connecting to your ISP, PPPoE, PPPoA or neither? There are different ways to configure you Soho 97. The dialer interface is used mostly for authentication purposes as is the case with some connection methods, again dependent upon what protocol you are using with your ISP.
HTH ~ Joel -
I am trying to install an 1100 series AP, it gets a IP addres from DHCP. when I try to get to that IP address from the web to configure the AP, it will not connect. What am I doing wrong?
nevermind i have the wrong AP,
thanks!
-James -
Hi all, When setting up a proper 3 layer model, i.e core,distribution,access what do they normally do, would you put the vlans on the distribution and have them routed there, or routed at the core ?
The Core Layer :
The core layer provides an optimized and reliable transport structure by forwarding traffic at very high speeds. In other words, the core layer switches packets as fast as possible. Devices at the core layer should not be burdened with any processes that stand in the way of switching packets at top speed. This includes the following:
Access-list checking
Data encryption
Address translation
The Distribution Layer :
The distribution layer is located between the access and core layers and helps differentiate the core from the rest of the network. The purpose of this layer is to provide boundary definition using access lists and other filters to limit what gets into the core. Therefore, this layer defines policy for the network. A policy is an approach to handling certain kinds of traffic, including the following:
Routing updates
Route summaries
VLAN traffic
Address aggregation
Use these policies to secure networks and to preserve resources by preventing unnecessary traffic.
If a network has two or more routing protocols, such as Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP), information between the different routing domains is shared, or redistributed, at the distribution layer.
The Access Layer :
The access layer supplies traffic to the network and performs network entry control. End users access network resources by way of the access layer. Acting as the front door to a network, the access layer employs access lists designed to prevent unauthorized users from gaining entry. The access layer can also give remote sites access to the network by way of a wide-area technology, such as Frame Relay, ISDN, or leased lines.
HTH,
Thanks
Raj
Maybe you are looking for
-
Two Questions: Shifty Pages and AP Div Backgrounds
Hi, so I have two problems that have been getting on my nerves. The first is that, whenever a page on my website, http://www.omniearths.com/, has a scrollbar, everything that is centered shifts to the side to accomodate the new, smaller space. Is the
-
Can't see typed text in fillable forms in Adobe Reader x unless you click back in the field?
We have fillable forms and when employees open them they can type in but as soon as they tab to the next field you can't see text in previous field unless you click back into that field with your mouse. Then when you click on print it prints the for
-
Hi Experts, Please help me out with this....I need to have boxes for all the records..Like if I have 10 records then i need to have the boxes which have been printed fr the first record should get printed for the other 10 records... But this is nt ha
-
Binding Controller context nodes to two (RFC)models
Hi group, i have an table, which is based on an BAPI_GET. This table is editable - and I want to update the data in R/3 with another bapi BAPI_SET. BAPI_GET and BAPI_SET have the same structure T_DATA as "table". Unfortunately I cannot bind the eleme
-
Make identical text hyperlinks in InDesign
I have lots of text with the same URL destination, such as 123ABC.com within an InDesign document. I want to make each one a hyperlink. Is there a way I can do that quickly instead of having to go to each section of text that has 123ABC.com and makin