Cisco 1801 setup

Similar Messages

• ISE cannot push the profile to the cisco network setup assistant?

  We have tried a few android devices with version 4.2+ but still got the error message ‘Unable to download profile.(Have you logged into the guest portal?)’ as shown at the bottom picture.
  In fact, we are connecting the devices to an open SSID which performs MAC filtering, then redirect to CWA and login with AD credentials,
  then redirect to Google play store and can successfully download the network setup assistant.
  Could you please advise the possible reasons that would cause this error message and make ISE cannot push the profile to the cisco network setup assistant?

  Here's a snipit from the Android spw.log.  I see that there is an error trying to verify the hostname.  Is it possible that this is caused by a non-trusted certificate?  I'm using the self-signed cert built into ISE.  I have an entry in the public DNS for guest.domain.com that resolves to the IP of my ISE server accessible from the guest subnet.  I'm allowing all traffic from the guest VLAN to the ISE vlan on the firewall and all traffic to/from the ISE server in the provisioning ACL I have applied by ISE on the WLC during native supplicant provisioning.  I know that guests can communicate with the ISE server since regular guest portal redirection works, just not the network setup assistant.  I've renamed the domain to domain.com in this snipit.
  2014.07.20 23:44:48 INFO:verion :4.4.4 SDK Level : 19
  2014.07.20 23:44:48 INFO:State :START
  2014.07.20 23:44:48 INFO:Starting Discovery
  2014.07.20 23:44:48 INFO:Starting ISEDiscoveryAsynchTask
  2014.07.20 23:44:48 INFO:DHCP Stringipaddr 192.168.30.110 gateway 192.168.30.1 netmask 255.255.255.0 dns1 208.67.222.222 dns2 208.67.220.220 DHCP server 192.168.30.1 lease 3600 seconds
  2014.07.20 23:44:48 INFO:DHCP ipaddress192.168.30.110
  2014.07.20 23:44:48 INFO:DHCP gateway192.168.30.1
  2014.07.20 23:44:48 INFO:Discoverng ISE http return code :200
  2014.07.20 23:44:48 INFO:ISEServer =guest.domain.com
  2014.07.20 23:44:48 INFO:session =0516a8c000001932f37acc53
  2014.07.20 23:44:48 INFO:Discovered using gateway :18786496
  2014.07.20 23:44:48 INFO:Discovered ise server = guest.domain.com
  2014.07.20 23:44:48 INFO:Discovered client mac = 5C-0A-5B-FC-37-0F
  2014.07.20 23:44:48 INFO:Server:Key=guest.domain.com:0516a8c000001932f37acc53
  2014.07.20 23:44:48 INFO:Downloading config fromguest.domain.com
  2014.07.20 23:44:48 INFO:checkServerTrusted call
  2014.07.20 23:44:48 INFO:checkServerTrusted call
  2014.07.20 23:44:48 ERROR:DownloadprofileAsynchTask
  2014.07.20 23:44:48 ERROR:java.io.IOException: Hostname 'guest.domain.com' was not verified
  2014.07.20 23:44:48 ERROR:Hostname 'guest.domain.com' was not verified
  2014.07.20 23:44:48 INFO:Internal system error.
  On the ISE side, here is the snippet of logs during the same time as when the android network setup assistant was run.
  2014-07-20 23:41:38,586 INFO   [DefaultQuartzScheduler_Worker-6][] cisco.cpm.infrastructure.utils.NodeGroupFWUtil -:::::- Applied Firewall rules for node group.
  2014-07-20 23:42:35,251 INFO   [AbandonedTransactionReaper][] com.cisco.epm.db.AbandonedTransactionReaper -:::::- In AbandonedTransactionReaper :  MaxActive : 20
  0 CurrentActive : 0 MaxIdle : 200 MinIdle : 0 CurrentIdle : 2
  2014-07-20 23:42:39,394 INFO   [AbandonedTransactionReaper][] com.cisco.epm.db.AbandonedTransactionReaper -::::PDPInitialization:- In AbandonedTransactionReaper
  :  MaxActive : 200 CurrentActive : 0 MaxIdle : 200 MinIdle : 0 CurrentIdle : 0
  2014-07-20 23:42:49,765 INFO   [DataSourceListener Thread][] api.services.persistance.dao.DistributionDAO -:::::- In DAO getRepository method for HostConfig Type
  : ACTIVE
  2014-07-20 23:42:56,805 INFO   [PDP-Heartbeats-0][] com.cisco.cpm.clustering.MnTClient -::::pdpha:- Removing session 0516a8c00000196f2a95cc53
  2014-07-20 23:42:56,806 WARN   [PDP-Heartbeats-0][] cpm.nsf.session.impl.SystemStateManager -::::pdpha:- Session 0516a8c00000196f2a95cc53 not found at complete
  2014-07-20 23:43:35,441 INFO   [portal-http-844314][] cisco.epm.license.flexlm.FlexlmFileHandler -:::::- Is License Valid for seId [1] = true
  2014-07-20 23:43:35,441 INFO   [portal-http-844314][] com.cisco.epm.license.LicensingManager -:::::- License is valid [true] for SeriveType [1]
  2014-07-20 23:43:35,750 WARN   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- --- GuestPortalUtils: Una
  ble to determine language. Defaulting to English
  2014-07-20 23:43:35,768 WARN   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- --- GuestPortalUtils: Una
  ble to determine language. Defaulting to English
  2014-07-20 23:43:35,768 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- initializing page definit
  ion
  2014-07-20 23:43:35,769 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- Created guest theme page
  def
  2014-07-20 23:44:18,090 WARN   [portal-http-844315][] cisco.cpm.guestportal.actions.SelfProvisioningAction -:test:0516a8c000001932f37acc53::guest:- ***BYOD Regi
  stration Data***
  macAddress: 5C:0A:5B:FC:37:0F
  portalUser: test
  authStoreName: Internal Users
  authStoreGuid: 78954c30-e0f0-11e3-af67-005056bf4689
  2014-07-20 23:44:18,113 INFO   [portal-http-844315][] com.cisco.epm.jms.AQMessgeHandler -:test:0516a8c000001932f37acc53::guest:- Publishing message for event [T
  xnCommit / commit] and message class[class com.cisco.epm.pap.api.transaction.Transaction]
  2014-07-20 23:44:18,167 WARN   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- --- GuestPortalUtils
  : Unable to determine language. Defaulting to English
  2014-07-20 23:44:18,168 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- initializing page de
  finition
  2014-07-20 23:44:18,169 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.CoAExecutorService -:test:0516a8c000001932f37acc53::guest:- Issue CoA reauth i
  n 2000 milliseconds for sessionName 0516a8c000001932f37acc53
  2014-07-20 23:44:18,171 WARN   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- --- GuestPortalUtils
  : Unable to determine language. Defaulting to English
  2014-07-20 23:44:18,172 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- initializing page de
  finition
  2014-07-20 23:44:18,173 INFO   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -:test:0516a8c000001932f37acc53::guest:- Created guest theme
  page def
  2014-07-20 23:44:20,171 INFO   [pool-19-thread-4][] cisco.cpm.guestportal.utils.CoAReauthTask -:test:0516a8c000001932f37acc53::guest:- Running CoAReauthTask for
   _sessionName 0516a8c000001932f37acc53
  2014-07-20 23:44:20,194 INFO   [pool-19-thread-4][] cisco.cpm.guestportal.utils.CoAReauthTask -:test:0516a8c000001932f37acc53::guest:- Issue Local CoA for sessi
  on 0516a8c000001932f37acc53
  2014-07-20 23:44:50,768 INFO   [ContainerBackgroundProcessor[StandardEngine[Catalina]]][] cpm.admin.infra.action.SessionCounterListener -:::::- sessionDestroyed
  - deducted one session from counter - Session ID - 0FFE9C73C9209D4EE2534558CB8F723B - Session Count - 0
  2014-07-20 23:46:58,502 INFO   [portal-http-844315][] cisco.epm.license.flexlm.FlexlmFileHandler -:::::- Is License Valid for seId [1] = true
  2014-07-20 23:46:58,502 INFO   [portal-http-844315][] com.cisco.epm.license.LicensingManager -:::::- License is valid [true] for SeriveType [1]
  2014-07-20 23:46:58,693 WARN   [portal-http-844315][] cisco.cpm.guestportal.utils.GuestPortalUtils -::0516a8c000001932f37acc53::guest:- --- GuestPortalUtils: Una
  ble to determine language. Defaulting to English
  2014-07-20 23:46:58,702 INFO   [portal-http-844315][] cisco.cpm.provisioning.cache.FlowStateCacheManager -::0516a8c000001932f37acc53::guest:- Deleted old flow st
  ate session with device id 5C-0A-5B-FC-37-0F

• Cisco Network Setup Assistant Unable to install the certificate on Android KitKat

  Greetings,
  I'm having issues with deploying the CA. Although the Cisco app fails, the user cert (but no CA) appears to install and is accessible during wifi setup. I am running the latest version of Cisco Network Setup Assistant 1.2.42. The phone is running Android KitKat 4.4.4, not rooted, running stock T-Mobile rom. I'm able to authenticate with the guest side, and get as far as Installing Certificates... Reference the screen shots attached. 
  Error message cisco Network Setup Assistant: "Unable to install the certificate. Exit the application and run it again to continue to the installation."
  I have ran the application several times, it keeps returning to this same message.
  After failure of the Cisco app, I noticed there is a certificate manager with CA cert and key, and than subsequently one new key continues to loop after until I cancel (also in screenshots).
  I have tried decryption, removing all security, and clearing credentials, yet the problem persists. Any help is appreciated. 

  Greetings,
  I'm having issues with deploying the CA. Although the Cisco app fails, the user cert (but no CA) appears to install and is accessible during wifi setup. I am running the latest version of Cisco Network Setup Assistant 1.2.42. The phone is running Android KitKat 4.4.4, not rooted, running stock T-Mobile rom. I'm able to authenticate with the guest side, and get as far as Installing Certificates... Reference the screen shots attached. 
  Error message cisco Network Setup Assistant: "Unable to install the certificate. Exit the application and run it again to continue to the installation."
  I have ran the application several times, it keeps returning to this same message.
  After failure of the Cisco app, I noticed there is a certificate manager with CA cert and key, and than subsequently one new key continues to loop after until I cancel (also in screenshots).
  I have tried decryption, removing all security, and clearing credentials, yet the problem persists. Any help is appreciated. 

• Cisco Network Setup Assistant with WIndows8

                     Hi, I'm trying to provisioning on Windows 8(Surface pro)
  When the Cisco Network setup Assistant is on, it asks 'network password' while the ssid is wpa2-enterprise.
  and I configured as it is on NSP.
  Is it a bug ??

  Hi,
  What version of ise are you on, also what is the windows native supplicant provisioning version? See if the release notes for 1.2 meet your current design.
  http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html#wp378491
  Thanks,
  Tarik Admani
  *Please rate helpful posts*

• ADSL drops 4-5 times a day with Cisco 1801

  Hello
  I have had this on going problem with a Cisco 1801. It loses its connection to the ISP about 4-5 times a day. I have looked at other posts and tried the recommendations but it still happens.
  Can you help?
  1801#sh dsl int atm 0
  ATM0
  Alcatel 20190 chipset information
  ATU-R (DS) ATU-C (US)
  Modem Status: Showtime (DMTDSL_SHOWTIME)
  DSL Mode: ITU G.992.1 (G.DMT) Annex A
  ITU STD NUM: 0x03 0x2
  Vendor ID: 'STMI' 'TSTC'
  Vendor Specific: 0x0000 0x0000
  Vendor Country: 0x0F 0xB5
  Chip ID: C196 (0)
  DFE BOM: DFE3.0 Annex A (1)
  Capacity Used: 100% 53%
  Noise Margin: 3.0 dB 23.0 dB
  Output Power: 19.5 dBm 12.5 dBm
  Attenuation: 48.0 dB 24.0 dB
  FEC ES Errors: 0 0
  ES Errors: 2883 42
  SES Errors: 0 0
  LOSES Errors: 0 0
  UES Errors: 0 0
  Defect Status: None None
  Last Fail Code: None
  Watchdog Counter: 0xCF
  Watchdog Resets: 0
  Selftest Result: 0x00
  Subfunction: 0x00
  Interrupts: 4207 (0 spurious)
  PHY Access Err: 0
  Activations: 16
  LED Status: ON
  LED On Time: 100
  LED Off Time: 100
  Init FW: init_3.0.33_nobist.bin
  Operation FW: AMR-3.0.033.bin
  FW Source: external
  FW Version: 3.0.33
  Interleave Fast Interleave Fast
  Speed (kbps): 3968 0 448 0
  Cells: 19357 0 16389003 0
  Reed-Solomon EC: 43465 0 26 0
  CRC Errors: 0 0 5 0
  Header Errors: 0 0 5 0
  Total BER: 0E-0 0E-0
  Leakage Average BER: 0E-0 0E-0
  ATU-R (DS) ATU-C (US)
  Bitswap: enabled enabled
  Bitswap success: 0 0
  Bitswap failure: 0 0
  LOM Monitoring : Disabled
  DMT Bits Per Bin
  000: 0 0 0 0 0 0 2 5 6 7 7 7 8 8 8 8
  010: 8 8 7 7 7 7 7 6 6 6 5 5 4 3 0 0
  020: 0 0 0 0 0 A A B B B B B B B 8 B
  030: B B B B B B B B B B B A B B A A
  040: 0 A A A A 2 A A A A A A A A A A
  050: A A A A 9 9 9 9 9 A A 9 9 9 9 9
  060: A A A A A A A A A 9 A A 9 9 9 9
  070: 9 9 9 9 9 9 9 9 9 9 9 7 9 7 8 7
  080: 7 4 4 6 7 5 5 5 4 7 5 8 6 8 6 8
  090: 5 8 4 7 6 7 6 7 6 7 6 6 6 5 5 4
  0A0: 0 0 3 4 5 5 6 0 6 5 5 2 5 4 5 4
  0B0: 3 2 2 2 3 4 4 2 2 3 2 2 2 3 3 4
  0C0: 0 4 2 4 4 3 2 2 2 2 2 2 2 2 2 2
  0D0: 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
  0E0: 0 0 0 0 0 0 0 0 0 2 2 2 2 2 2 0
  0F0: 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0
  DSL: Training log buffer capability is not enabled
  sh log
  000230: Jan 25 13:13:15.378 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down
  000231: Jan 25 13:13:37.998 UTC: %LINK-3-UPDOWN: Interface ATM0, changed state to up

  First of all it seems the line is severely attenuated:
  Capacity Used: 100% 53%
  Noise Margin: 3.0 dB 23.0 dB
  Attenuation: 48.0 dB 24.0 dB
  FEC ES Errors: 0 0
  ES Errors: 2883 42
  If you could have telco select a better pair that would probably help. If you have a support contract, there is newer FW that the one you're using via ftp, under /cisco/access/800. I'm not sure if that would help anyway.

• Problem with VPN client on Cisco 1801

  Hi,
  I have configured a new router for a customer.
  All works fine but i have a strange issue with the VPN client.
  When i start the VPN the client don't close the connection, ask for password, start to negotiate security policy the show the not connected status.
  This is the log form the VPN client:
  Cisco Systems VPN Client Version 5.0.07.0290
  Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.
  Client Type(s): Windows, WinNT
  Running on: 6.1.7601 Service Pack 1
  Config file directory: C:\Program Files (x86)\Cisco Systems\VPN Client\
  1      14:37:59.133  04/08/13  Sev=Info/6          GUI/0x63B00011
  Reloaded the Certificates in all Certificate Stores successfully.
  2      14:38:01.321  04/08/13  Sev=Info/4          CM/0x63100002
  Begin connection process
  3      14:38:01.335  04/08/13  Sev=Info/4          CM/0x63100004
  Establish secure connection
  4      14:38:01.335  04/08/13  Sev=Info/4          CM/0x63100024
  Attempt connection with server "asgardvpn.dyndns.info"
  5      14:38:02.380  04/08/13  Sev=Info/6          IKE/0x6300003B
  Attempting to establish a connection with 79.52.36.120.
  6      14:38:02.384  04/08/13  Sev=Info/4          IKE/0x63000001
  Starting IKE Phase 1 Negotiation
  7      14:38:02.388  04/08/13  Sev=Info/4          IKE/0x63000013
  SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to 79.52.36.120
  8      14:38:02.396  04/08/13  Sev=Info/4          IPSEC/0x63700008
  IPSec driver successfully started
  9      14:38:02.396  04/08/13  Sev=Info/4          IPSEC/0x63700014
  Deleted all keys
  10     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x6300002F
  Received ISAKMP packet: peer = 79.52.36.120
  11     14:38:02.460  04/08/13  Sev=Info/4          IKE/0x63000014
  RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from 79.52.36.120
  12     14:38:02.506  04/08/13  Sev=Info/6          GUI/0x63B00012
  Authentication request attributes is 6h.
  13     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x63000001
  Peer is a Cisco-Unity compliant peer
  14     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x63000001
  Peer supports DPD
  15     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x63000001
  Peer supports DWR Code and DWR Text
  16     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x63000001
  Peer supports XAUTH
  17     14:38:02.460  04/08/13  Sev=Info/5          IKE/0x63000001
  Peer supports NAT-T
  18     14:38:02.465  04/08/13  Sev=Info/6          IKE/0x63000001
  IOS Vendor ID Contruction successful
  19     14:38:02.465  04/08/13  Sev=Info/4          IKE/0x63000013
  SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to 79.52.36.120
  20     14:38:02.465  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  21     14:38:02.465  04/08/13  Sev=Info/4          IKE/0x63000083
  IKE Port in use - Local Port =  0xCEFD, Remote Port = 0x1194
  22     14:38:02.465  04/08/13  Sev=Info/5          IKE/0x63000072
  Automatic NAT Detection Status:
     Remote end is NOT behind a NAT device
     This   end IS behind a NAT device
  23     14:38:02.465  04/08/13  Sev=Info/4          CM/0x6310000E
  Established Phase 1 SA.  1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
  24     14:38:02.502  04/08/13  Sev=Info/5          IKE/0x6300002F
  Received ISAKMP packet: peer = 79.52.36.120
  25     14:38:02.502  04/08/13  Sev=Info/4          IKE/0x63000014
  RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from 79.52.36.120
  26     14:38:02.502  04/08/13  Sev=Info/4          CM/0x63100015
  Launch xAuth application
  27     14:38:07.623  04/08/13  Sev=Info/4          CM/0x63100017
  xAuth application returned
  28     14:38:07.623  04/08/13  Sev=Info/4          IKE/0x63000013
  SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to 79.52.36.120
  29     14:38:12.656  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  30     14:38:22.808  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  31     14:38:32.949  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  32     14:38:43.089  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  33     14:38:53.230  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  34     14:39:03.371  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  35     14:39:13.514  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  36     14:39:23.652  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  37     14:39:33.807  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  38     14:39:43.948  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  39     14:39:54.088  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  40     14:40:04.233  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  41     14:40:14.384  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  42     14:40:24.510  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  43     14:40:34.666  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  44     14:40:44.807  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  45     14:40:54.947  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  46     14:41:05.090  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  47     14:41:15.230  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  48     14:41:25.370  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  49     14:41:35.524  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  50     14:41:45.665  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  51     14:41:55.805  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  52     14:42:05.951  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  53     14:42:16.089  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  54     14:42:26.228  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  55     14:42:36.383  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  56     14:42:46.523  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  57     14:42:56.664  04/08/13  Sev=Info/6          IKE/0x63000055
  Sent a keepalive on the IPSec SA
  58     14:43:02.748  04/08/13  Sev=Info/4          IKE/0x63000017
  Marking IKE SA for deletion  (I_Cookie=2B1FFC3754E3B290 R_Cookie=73D546631A33B5D6) reason = DEL_REASON_CANNOT_AUTH
  59     14:43:02.748  04/08/13  Sev=Info/4          IKE/0x63000013
  SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to 79.52.36.120
  60     14:43:03.248  04/08/13  Sev=Info/4          IKE/0x6300004B
  Discarding IKE SA negotiation (I_Cookie=2B1FFC3754E3B290 R_Cookie=73D546631A33B5D6) reason = DEL_REASON_CANNOT_AUTH
  61     14:43:03.248  04/08/13  Sev=Info/4          CM/0x63100014
  Unable to establish Phase 1 SA with server "asgardvpn.dyndns.info" because of "DEL_REASON_CANNOT_AUTH"
  62     14:43:03.248  04/08/13  Sev=Info/5          CM/0x63100025
  Initializing CVPNDrv
  63     14:43:03.262  04/08/13  Sev=Info/6          CM/0x63100046
  Set tunnel established flag in registry to 0.
  64     14:43:03.262  04/08/13  Sev=Info/4          IKE/0x63000001
  IKE received signal to terminate VPN connection
  65     14:43:03.265  04/08/13  Sev=Info/4          IPSEC/0x63700014
  Deleted all keys
  66     14:43:03.265  04/08/13  Sev=Info/4          IPSEC/0x63700014
  Deleted all keys
  67     14:43:03.265  04/08/13  Sev=Info/4          IPSEC/0x63700014
  Deleted all keys
  68     14:43:03.265  04/08/13  Sev=Info/4          IPSEC/0x6370000A
  IPSec driver successfully stopped
  And this is the conf from the 1801:
  hostname xxx
  boot-start-marker
  boot-end-marker
  enable secret 5 xxx
  aaa new-model
  aaa authentication login xauthlist local
  aaa authorization network groupauthor local
  aaa session-id common
  dot11 syslog
  no ip cef
  no ip dhcp use vrf connected
  ip dhcp excluded-address 10.0.1.1 10.0.1.10
  ip dhcp excluded-address 10.0.1.60 10.0.1.200
  ip dhcp excluded-address 10.0.1.225
  ip dhcp excluded-address 10.0.1.250
  ip dhcp pool LAN
     network 10.0.1.0 255.255.255.0
     default-router 10.0.1.10
     dns-server 10.0.1.200 8.8.8.8
     domain-name xxx
     lease infinite
  ip name-server 10.0.1.200
  ip name-server 8.8.8.8
  ip name-server 8.8.4.4
  ip inspect log drop-pkt
  ip inspect name Firewall cuseeme
  ip inspect name Firewall dns
  ip inspect name Firewall ftp
  ip inspect name Firewall h323
  ip inspect name Firewall icmp
  ip inspect name Firewall imap
  ip inspect name Firewall pop3
  ip inspect name Firewall rcmd
  ip inspect name Firewall realaudio
  ip inspect name Firewall rtsp
  ip inspect name Firewall esmtp
  ip inspect name Firewall sqlnet
  ip inspect name Firewall streamworks
  ip inspect name Firewall tftp
  ip inspect name Firewall vdolive
  ip inspect name Firewall udp
  ip inspect name Firewall tcp
  ip inspect name Firewall https
  ip inspect name Firewall http
  multilink bundle-name authenticated
  username xxx password 0 xxxx
  crypto isakmp policy 3
  encr 3des
  authentication pre-share
  group 2 
  crypto isakmp client configuration group xxx
  key xxx
  dns 10.0.1.200
  wins 10.0.1.200
  domain xxx
  pool ippool
  acl 101 
  crypto ipsec transform-set myset esp-3des esp-sha-hmac
  crypto ipsec transform-set xauthtransform esp-des esp-md5-hmac
  crypto dynamic-map dynmap 10
  set transform-set myset
  crypto map clientmap client authentication list userauthen
  crypto map clientmap isakmp authorization list groupauthor
  crypto map clientmap client configuration address respond
  crypto map clientmap 10 ipsec-isakmp dynamic dynmap
  archive  
  log config
    hidekeys
  interface ATM0
  no ip address
  no atm ilmi-keepalive
  pvc 8/35
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
  dsl operating-mode adsl2+
  hold-queue 224 in
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  interface FastEthernet3
  interface Vlan1
  ip address 10.0.1.10 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  interface Dialer0
  ip address negotiated
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  dialer pool 1
  ppp authentication chap callin
  ppp pap sent-username aliceadsl password 0 aliceadsl
  crypto map clientmap
  ip local pool ippool 10.16.20.1 10.16.20.200
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer0
  ip route 0.0.0.0 0.0.0.0 10.0.1.2
  ip http server
  no ip http secure-server
  ip nat inside source list 1 interface Dialer0 overload
  ip nat inside source static udp 10.0.1.60 1056 interface Dialer0 1056
  ip nat inside source static tcp 10.0.1.60 1056 interface Dialer0 1056
  ip nat inside source static tcp 10.0.1.60 3111 interface Dialer0 3111
  ip nat inside source static udp 10.0.1.60 3111 interface Dialer0 3111
  ip nat inside source list 101 interface Dialer0 overload
  access-list 101 remark *** ACL nonat ***
  access-list 101 deny   ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
  access-list 101 permit ip 10.0.1.0 0.0.0.255 any
  access-list 150 remark *** ACL split tunnel ***
  access-list 150 permit ip 10.0.1.0 0.0.0.255 10.16.20.0 0.0.0.255
  control-plane
  line con 0
  no modem enable
  line aux 0
  line vty 0 4
  password xxx
  scheduler max-task-time 5000
  end 
  Anyone can help me ?
  Sometimes the vpn can be vreated using the iPhone or iPad vpn client...

  I am having a simuliar issue with my ASA 5505 that I have set up. I am trying to VPN into the Office. I have no problem accessing the Office network when I am on the internet without the ASA 5505. After I installed the 5505, and there is internet access, I try to connect to the Office network without success. The VPN connects with the following error.
  3 Dec 31 2007 05:30:00 305006 xxx.xx.114.97
  regular translation creation failed for protocol 50 src inside:192.168.1.9 dst outside:xxx.xx.114.97
  HELP?

• Cisco 857 setup

  This post needs to go across a few forums but I will start here first.
  I have an 857W router which I want to replace my home ADSL router with.
  I can setup the ADSL / routing no problem but I am struggling to find a good resource on setting up the wireless.
  Can anyone guide me to some basic setup guides to securing the wireless on this box.
  Thanks

  You can find some good all round examples:-
  http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/enetintr.html

• EA3500 Cisco Connect Setup problem?

  So i recently resetted my Linksys EA3500 and i lost the CD so i download the Cisco Connect for the EA3500.I connected my EA3500 using the ethernet cable to my laptop,run the setup,and then on 25% it said that no wireless routers were found.I already connected it using an ethernet cable i dont understand why it is still not found.What should i do?

  Hi geraldicg , make sure that the wireless switch on your computer is turned on. I recommend that you try another laptop (if available). If no luck, configure the router manually by accessing 192.168.1.1 or myrouter.local. Check this out: 
  Title: Accessing your Linksys Smart Wi-Fi Account through a web browser  

• Cisco 5512 setup

  Hi Guys,
  Here is my basic setup
  I have an ASA 5512 gig0 connects to the internet
  G1 connects to the inside on 192.168.35.254 then plugs direct into a switch.
  I'm confused on the setup to get the IPS running. do i need to set the IPS in the same range as my inside interface? and also what do i set the IPS gateway to 192.168.35.254 my inside ASA interface?
  Once this is done done a need to setup a rule within the MPF to foward all traffic to it?
  Thanks
  James.

  Also check these helpful ASA IPS config  links
  http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/modules_ips.pdf
  http://itzecurity.blogspot.co.uk/2013/12/configuring-cisco-asa-ips-module.html
  p://www.cisco.com/c/en/us/td/docs/security/asa/asa84/asdm64/configuration_guide/asdm_64_config/modules_ips.pdf
  http://www.cisco.com/c/en/us/td/docs/security/ips/7-1/configuration/guide/cli/cliguide71/cli_asa_ips.html

• Cisco Connect setup stuck at 90% Linksys E900

  Hi,
  Today evening i had to restart my routers settings and I also formatted (don't know if it's a good word in english, i mean recovering operating system) my disk and now i can't install Cisco Connection Again on my laptop (win8). The setup process is always stuck at 90% (after few or more minutes there's message that configurating failed...),  what's wierd is that i can explore the internet and use settings of router in web browser ( http://192.168.1.1 ) when setup is stuck. After getting "FAIL message" i cant use internet anymore.
  I beg for your help! ;<
  Thanks in advance.

  Do you want to use the Cisco Connect software? If not, then you can always go for manual troubleshooting. Linksys designe cisco connect as a tool to help manage the router. If you need to use it, I suggest that you download the software from the linksys website and start all over again. Before you run the software, reset the router first for 10 seconds, reboot the router and once it's ready run cisco connect.
  Just make sure that you do not have any firewalls enabled or antivirus software that may interfere with the setup process. Again if you don't need the software jsut go with manual troubleshooting. You always have different options.

• Cisco vlan setup w a windows 2003 dhcp server help

  Can anyone give me some tips or point me to some documentation on setting up a catalyst 4500 series w vlans and a windows 2003 server w associated dhcp scopes? Just for curiosity, what is a good vlan design for a college. I was thinking a student, a staff, a faculty, and a guest and or mgmt vlan. Also, on the guest vlan how would I setup an outbound acl to only allow port 80 traffic? Thanks in advance.

  Hi
  Try to limit the number of users per vlan to no more than a class C subnet if you can. We use half a class C /25 network in our offices.
  If you can break up the vlans to match the different type of users then that would be a good start. It means you can further down the line apply different security policies to the different vlans which in your situation you may well want to do. Don't worry if for example you need to use 2 or 3 vlans for students it's not a problem.
  Attached is a link for 4500 configuration. You need to look at the following chapters primarily
  1) Configuring VLAN's VTP & VMPS.
  2) Configuring Layer 3 interfaces. Look at the section on logical layer 3 SVI's.
  http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/31sg/configuration/guide/conf.html
  On the guest vlan you would need something like (assuming guest vlan subnet range is 192.168.1.0/24
  access-list 120 permit tcp 192.168.1.0 255.255.255.0 any eq www
  access-list 120 deny ip 192.168.1.0 255.255.255.0 any
  and apply it on the inbound vlan interface. ie. if your vlan for guest users is vlan 20
  switch(config)# vlan 20
  switch(config-if)# ip access-group 120 in
  As for the W2003 server, not done much with windows. You will need DHCP manager which should be under admin tools. Make sure you exclude the addresses for each subnet that you allocate to the 4500 layer 3 interfaces ie
  switch(config)# vlan 20
  switch(config-t)# ip address 192.168.1.1 255.255.255.0
  In your DHCP scope 192.168.1.1 will be the default gateway for your clients and you should exclude this from the scope.
  Hope this is enough to get you started
  Jon

• Cisco Error: Setup failed to launch installation engine

  When launching the CSA installation, I am getting an error that says "Setup failed to launch installation engine. Access denied." This agent kit has been deployed to hundreds of servers with no problems. Has anyone see this problem before or know of a solution?

  Check your access rights and the version of Installshield on the server. I've seen a conlict with newer versions (1/3/2003 or newer) of Ikernel.exe left over from other installations.

• Cisco dsl setup

  Can anyone tell me how I would set up dsl on my soho router, The config I have seen has the atm0 setup and also a dialler interface setup, Is this the way it must be done , cant you just set it up on the atm interface ?

  Carl,
  How are you connecting to your ISP, PPPoE, PPPoA or neither? There are different ways to configure you Soho 97. The dialer interface is used mostly for authentication purposes as is the case with some connection methods, again dependent upon what protocol you are using with your ISP.
  HTH ~ Joel

• Cisco 1130AG setup

  I am trying to install an 1100 series AP, it gets a IP addres from DHCP. when I try to get to that IP address from the web to configure the AP, it will not connect. What am I doing wrong?

  nevermind i have the wrong AP,
  thanks!
  -James

• Cisco lan setup

  Hi all, When setting up a proper 3 layer model, i.e core,distribution,access what do they normally do, would you put the vlans on the distribution and have them routed there, or routed at the core ?

  The Core Layer :
  The core layer provides an optimized and reliable transport structure by forwarding traffic at very high speeds. In other words, the core layer switches packets as fast as possible. Devices at the core layer should not be burdened with any processes that stand in the way of switching packets at top speed. This includes the following:
  Access-list checking
  Data encryption
  Address translation
  The Distribution Layer :
  The distribution layer is located between the access and core layers and helps differentiate the core from the rest of the network. The purpose of this layer is to provide boundary definition using access lists and other filters to limit what gets into the core. Therefore, this layer defines policy for the network. A policy is an approach to handling certain kinds of traffic, including the following:
  Routing updates
  Route summaries
  VLAN traffic
  Address aggregation
  Use these policies to secure networks and to preserve resources by preventing unnecessary traffic.
  If a network has two or more routing protocols, such as Routing Information Protocol (RIP) and Interior Gateway Routing Protocol (IGRP), information between the different routing domains is shared, or redistributed, at the distribution layer.
  The Access Layer :
  The access layer supplies traffic to the network and performs network entry control. End users access network resources by way of the access layer. Acting as the front door to a network, the access layer employs access lists designed to prevent unauthorized users from gaining entry. The access layer can also give remote sites access to the network by way of a wide-area technology, such as Frame Relay, ISDN, or leased lines.
  HTH,
  Thanks
  Raj