Cisco 1812 router as ezvpn remote client

Hi guys,
I am having hard time on configuring ezvpn remote vpn connection.
Basically, we have Cisco 1812 router and two ISP connections.
Our network = 192.168.1.0; router IP address: 192.168.1.1
ISP 1 is working on Fastethernet 0 (and its gateway is 80.65.62.1) and ISP 2 is working on Dialer 0 (gateway: 200.75.207.200). VPN network: 10.0.0.0 (gateway 10.0.0.1).
We want to use ezvpn connection on Dialer0 interface and we do not have issue on connecting it, but as soon we connect it we encounter issues. It takes over our default route and points all traffic to Virtual-Access3 interface (which brings up as soon as ezvpn is connected, split-tunneling is disabled by the policy of organization we are connecting to).
We point our traffic via route-maps and it works but we have following issue now: we have 192.168.1.15 ip address (actually some VOIP software) which needs to go via same link as VPN goes (Dialer 0), and we point it via route map (route-map VPN 12) but as soon as we do that 192.168.1.15 can not ping anything. On the router when i execute
show ip nat translations
i can see that 192.168.1.15 is trying to do natting thru VPN gateway instead of Dialer0 gateway (200.75.207.200). I assume that i am missing something with NAT or something like that. Or is there any workaround for split tunneling? :)
I would appreciate your help.

Issue is resolved, however thanks.
You can close this thread.
Regards,
KS

Similar Messages

ZBF commands to open OpenVPN port in on Cisco 1812

Hello,
I am running an OpenVPN server on an internal private network on port 1194/UDP and would like to open this port for the internet on a Cisco 1812 router (this router uses Zone based firewall). For that purpose I have added the following configuration using the IOS CLI:
ip nat inside source static udp 10.0.0.5 1194 interface FastEthernet0 1194
ip port-map user-openvpn port udp 1194 description OpenVPN
access-list 103 permit udp any host 10.0.0.5 eq 1194
class-map type inspect match-all sdm-nat-openvpn-1
match access-group 103
policy-map type inspect sdm-pol-NATOutsideToInside-1
! other class types here for SSH & HTTP
class type inspect sdm-nat-openvpn-1
inspect
class class-default
drop log
Unfortunately the OpenVPN port is not accessible from the outside (internet). Does anyone know what I did wrong here? or maybe did I forget a configuration parameter?
Thanks for your help.
Best,
John

John,
The answer is, Nothing. You did not do anything wrong. Can you put logs on the Router to verify that maybe something else is being dropped?
Login via Telnet/SSH and do in config mode:
IP inspect log drop-pkt
Do term mon
Then try to initialize the VPN session and check what you get.
Mike Rojas.

Cisco 877W router and external ADSL modem

Cisco 877W router and external ADSL modem
In order to support ADSL2+ on a pre ADSL2+ router and in preparation for a later migration to BT infinity I am trying to configure the Router using an external adsl2+ modem appropriately.
The original configuration had 3 ports configured as one (internal lan) vlan and bridge group together with one wireless sub-interface, the remaining port configured a second vlan and bridge group with a second wireless sub- interface. The Dialer was a member of the second bridge group. This way the second wireless interface and associated bridge group provided a kind of DMZ for outbound access.
The configuration I am attempting is similar the lan ports remain the same, but port 0 as a member of the vlan and bridge group (now a pppoe client) associated with one of the wireless sub interfaces as per above. The ATM interface is downed. This nearly works except that if the wireless subinterface on this bridge group is configured the dialer no longer dials giving a 'no dialer string' error. If I do not configure that wireless sub interface all works well.
If anyone is interested to look I would appreciate any comments. I enclose a sanitised config in which you will note the 'commented out' wireless subnet interface (in red).
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname xxxxxxxxxxxxxxxxxxxxx
boot-start-marker
boot-end-marker
logging buffered 4096 warnings
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
aaa new-model
aaa group server radius sdm-vpn-server-group-2
aaa group server radius rad_eap
server 192.168.253.1 auth-port 1812 acct-port 1813
server 192.168.253.1 auth-port 1645 acct-port 1646
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_2 group sdm-vpn-server-group-2
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization exec default local
aaa authorization ipmobile default group rad_pmip
aaa authorization network sdm_vpn_group_ml_2 local
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-2834265337
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834265337
revocation-check none
rsakeypair TP-self-signed-2834265337
crypto pki certificate chain TP-self-signed-2834265337
certificate self-signed 01 nvram:IOS-Self-Sig#2F.cer
dot11 syslog
dot11 ssid GuestAP
   vlan 101
   authentication open
   authentication key-management wpa
   mbssid guest-mode
   wpa-psk ascii 7 113B162712001F4A2D2B25
dot11 ssid LanAP
   vlan 100
   authentication open eap eap_methods
   authentication network-eap eap_methods
   authentication key-management wpa
   mbssid guest-mode
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.252.1 192.168.252.8
ip dhcp excluded-address 192.168.252.15 192.168.252.254
ip dhcp pool sdm-pool1
   import all
   network 192.168.252.0 255.255.255.0
   domain-name XXX.Local
   dns-server xxx.xxx.xxx.xxx
   default-router 192.168.252.254
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip bootp server
no ip domain lookup
ip domain name XXX.Local
ip name-server xxx.xxx.xxx.xxx
ip name-server xxx.xxx.xxx.xxx
ip reflexive-list timeout 120
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
username administrator privilege 15 secret 5 £££££££££££££££££££££
class-map type inspect match-any IN_to_OUT_CLASS
match protocol tcp
match protocol udp
match protocol icmp
class-map type inspect match-any OUT_to_IN_CLASS
match protocol https
match protocol smtp extended
class-map type inspect match-any DMZ_to_IN_CLASS
match protocol http
match protocol https
match protocol smtp extended
policy-map type inspect DMZ_to_IN_POL
class type inspect DMZ_to_IN_CLASS
inspect
class class-default
drop log
policy-map type inspect IN_to_OUT_POL
class type inspect IN_to_OUT_CLASS
inspect
class class-default
drop log
policy-map type inspect OUT_to_IN_POL
class type inspect OUT_to_IN_CLASS
inspect
class class-default
drop log
zone security INSIDE
zone security OUTSIDE
zone security DMZ
zone-pair security OUT_TO_IN source OUTSIDE destination INSIDE
service-policy type inspect OUT_to_IN_POL
zone-pair security IN_TO_OUT source INSIDE destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_OUT source DMZ destination OUTSIDE
service-policy type inspect IN_to_OUT_POL
zone-pair security DMZ_TO_IN source DMZ destination INSIDE
service-policy type inspect DMZ_to_IN_POL
bridge irb
interface Loopback0
no ip address
interface Null0
no ip unreachables
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet0
description Outside Interface (PPPoE)
interface FastEthernet1
description Inside Interface
switchport access vlan 10
interface FastEthernet2
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface FastEthernet3
description Inside Interface
switchport access vlan 10
spanning-tree portfast
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
encryption vlan 100 mode ciphers aes-ccm tkip
encryption vlan 101 mode ciphers aes-ccm tkip
ssid GuestAP
ssid LanAP
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2437
station-role root
interface Dot11Radio0.100
description LanAP
encapsulation dot1Q 100
no ip route-cache
no cdp enable
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!interface Dot11Radio0.101
! description GuestAP
! encapsulation dot1Q 101
! no ip route-cache
! no cdp enable
! bridge-group 1
! bridge-group 1 subscriber-loop-control
! bridge-group 1 spanning-disabled
! bridge-group 1 block-unknown-source
! no bridge-group 1 source-learning
! no bridge-group 1 unicast-flooding
interface Vlan1
description $ES_LAN$
no ip address
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 1
bridge-group 1
interface Vlan10
no ip address
ip virtual-reassembly
bridge-group 10
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
zone-member security OUTSIDE
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXX
ppp chap password 7 xxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxx
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
interface Dialer0
no ip address
interface BVI10
description Inside Interface
ip address 192.168.253.254 255.255.255.0
ip access-group 101 in
ip helper-address 192.168.253.1
ip nat inside
ip virtual-reassembly
zone-member security INSIDE
interface BVI1
description DMZ Interface
ip address 192.168.252.254 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security DMZ
ip local pool SDM_POOL_1 192.168.20.9 192.168.20.14
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list Inside_Clients_NAT interface Dialer1 overload
ip nat inside source static 192.168.253.10 xxx.xxx.xxx.xxx
ip access-list extended DMZ_to_IN_POL
remark SDM_ACL Category=128
permit ip any any
ip access-list extended Inside_Clients_NAT
remark SDM_ACL Category=2
permit ip 192.168.253.0 0.0.0.255 any
logging 192.168.253.10
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 192.168.253.0 0.0.0.255
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.253.0 0.0.0.255 any
access-list 100 deny   ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 remark Auto generated by SDM for NTP (123) xxx.xxx.xxx.xxx
access-list 101 permit udp host xxx.xxx.xxx.xxx eq ntp host 192.168.253.254 eq ntp
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq telnet
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 22
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq www
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq 443
access-list 101 permit tcp 192.168.253.0 0.0.0.255 host 192.168.253.254 eq cmd
access-list 101 deny   tcp any host 192.168.253.254 eq telnet
access-list 101 deny   tcp any host 192.168.253.254 eq 22
access-list 101 deny   tcp any host 192.168.253.254 eq www
access-list 101 deny   tcp any host 192.168.253.254 eq 443
access-list 101 deny   tcp any host 192.168.253.254 eq cmd
access-list 101 deny   udp any host 192.168.253.254 eq snmp
access-list 101 permit ip any any
access-list 199 permit ip any host 10.1.1.1
dialer-list 1 protocol ip permit
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server host 192.168.253.1 auth-port 1812 acct-port 1813 key 7 XXXXXXXXXXXXXXXXXX
radius-server host 192.168.253.1 auth-port 1645 acct-port 1646 key 7 XXXXXXXXXXXXXXXXXX
radius-server vsa send accounting
control-plane
bridge 1 protocol ieee
bridge 1 route ip
bridge 10 protocol ieee
bridge 10 route ip
banner login C Border Router
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 100 in
privilege level 15
length 0
transport input telnet ssh
scheduler max-task-time 5000
scheduler interval 500
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
ntp server xxx.xxx.xxx.xxx source Dialer0 prefer
sntp server xxx.xxx.xxx.xxx
end

Hi Jody,
Apologies delay in replying. I have done the following:
Made two of the FE ports vlan1,BVI1 (for LAN traffic)
Left one port as VLAN10 as the pppoe client conected to the externalmodem
Made the last port VLAN10 as well and gave it an IP addess as for a DMZ client.
I have DHCP configured to serve the DMZ addresses.
This all works for LAN clients and also works for a client attachedto that physical DMZ port.
When I added a dot11radio sub interface into VLAN 10 the wireless client did not get an IP lease. Everything else continued to work.
I had never thought about this before, but if a dot11radio interface is on the same vlan (but not being part ofa bridge group) why are DHCP broadcasts not propogating to all the vlan members as I would have expected. I recognise that this isa limit in my understanding.
If I then made VLAN10 a member of a new Bridge Group, I lost WAN connectivity as per original posting.
I cannot add another VLAN due to the 2 vlan limit in this image.
Finally regarding your comment about giving it what it wants, what exactly did you have in mind. The dialer already has a dial string parameters configured.
Think I am about to give upon this.
Regards,

RADIUS and Cisco 2611 router

Greetings. First, let me start by saying I am an idiot, I know I am an idiot, and I apologize for wasting everyone's time. I have actually RTFM, many RTFMs, in fact, and I still have not found a resolution.
Second, I am trying to set up a RADIUS server in my test network. I have installed ClearBox RADIUS on a Windows 2000 system. I have the following configuration on my Cisco 2611 router:
Using 2297 out of 29688 bytes
! Last configuration change at 17:20:27 PDT Tue May 20 2008
! NVRAM config last updated at 17:20:29 PDT Tue May 20 2008
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname Tester
logging buffered 10000 debugging
aaa new-model
aaa group server radius RadiusServers
server 172.26.0.2 auth-port 1812 acct-port 1813
aaa authentication login default group RadiusServers local
aaa authentication login localauth local
aaa authentication ppp default if-needed group radius local
aaa authorization exec default group radius local
aaa authorization network default group radius local
aaa accounting delay-start
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
aaa processes 6
enable secret xxx
username test password xxx
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip domain-lookup
no ip bootp server
interface Loopback0
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/0
description To Main Network
ip address X.X.X.X 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
full-duplex
no cdp enable
interface Ethernet0/1
description To Internal Network
ip address 172.26.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
load-interval 30
full-duplex
no cdp enable
ip nat pool test X.X.X.X X.X.X.X netmask 255.255.255.128
ip nat inside source list 3 pool test overload
ip nat inside destination list 3 pool test
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X
no ip http server
ip radius source-interface Ethernet0/1
access-list 3 permit 172.26.0.0 0.0.0.255
no cdp run
snmp-server community public RO 15
radius-server host 172.26.0.2 auth-port 1812 acct-port 1813 key secret
radius-server retransmit 3
radius-server key secret
line con 0
password xxx
logging synchronous
line aux 0
line vty 0 4
access-class 10 in
password 7 1234567890
logging synchronous
ntp clock-period 17208108
ntp server 192.43.244.18
end
My RADIUS server is up and responding to requests, but my router does not appear to be forwarding authentication requests to it. In fact, when I log into the router using HyperTerm, it times out, and I end up authenticating locally.
I really don't care whether my Cisco equipment authenticates against the RADIUS server, but I do need to get it set up to authenticate my users so I can track their time online. What have I missed in my router configuration? Why isn't it forwarding user authentication requests to the RADIUS server.
Thank you for any assistance you may be able to provide.

I have found that if I am in the middle of composing a response, and I open the thread in another browser window (to refer to it), when I go to submit my response, it doesn't get posted. Perhaps you are running into the same thing.
The command I shared:
aaa authentication enable default group radius local
... was erroneous. The keyword should have been "enable", as you have discovered.
Therefore use:
aaa authentication enable default group radius enable
When I view a Wireshark trace I see the following:
AVP: l=18 t=User-Password(2): Decrypted: "user-PWD\000\000\000\000\000\000\000\000"
Like you, I see the user password appended with the group of \000 grouping's.
Note the word "Decrypted" which confirms that the password entered in Wireshark is a match with that entered on the AAA client (for what that's worth).
I'm not sure if I suggested that this would confirm that the server and client were using the same shared secret. If I did, I miss-spoke. I think we would have to gauge the server's response to the attributes we see passed by the client.
The Wireshark decryption is much more dramatic with TACACS+ because the whole payload is encrypted.
My issue with your PPPoE is that I saw no "interface" on the router that is configured to perform such authentication. I do seem to recall a global authentication command with the PPP keyword perhaps. I have not attempted to do this, and am not sure whether the interfaces in your router will support this method. Perhaps someone else will weigh in with an opinion.
However, there are other mainstream authentication methods that I think you should investigate as well.
You could implement 802.1x on a switch so that a host has to authenticate before it can gain Layer 3 access to the LAN. Depending on the platform, you can download VLAN assignments and ACLs.
I believe the router also supports 802.1x, but that may determine whether a host can get "through" the router. I have not had cause to investigate 802.1x on the router. I may do so in the future to authorize access to IPsec tunnels.
The router is also likely to support Authentication Proxy. This feature intercepts a user's attempt to browse resources on the other side of the router. User specific ACLs can be downloaded to the router (from RADIUS) to control what resources a user can access.
I think you should:
1. Resolve the issue(s) with AAA logins on the router. It'll establish a baseline of functionality, and give you some short term joy.
2. Investigate whether PPPoE support exists on your router's interfaces.
3. Read up on 802.x and Authentication Proxy (docs on Cisco web site).
4. Decide which methods appeals to you.
5. Dive in.
I'd lose the self-deprecation. I don't think it will serve you well. If you're treated badly, move to a newsgroup where the participants display a higher level of emotional maturity. I don't think you will have an issue on the Cisco forums. Others would probably step in.
I'm going to be absent for several days, so if you don't receive any response, it will be for said reason.
Good luck.

Help me to find a Cisco VPN router

Hello,
I recently bought a TP-LINK router in order to set up a local network connected to a foreign VPN server (which is supporting MS-CHAP v2 protocol).
I configured my router the following way: on the “WAN” screen of the menu « Network », I selected the “L2TP” option, introduced my username and my password, then selected the “Dynamic IP” option and finally introduced the VPN server e-mail address.
It worked but not perfectly: it was possible to access some web sites through the VPN server but with some other web sites it didn’t work. For these web sites, it is necessary to use a "Secret” code (I successfully accessed these web sites using my iPad with such a “Secret” code). Unfortunately it is not possible to introduce such a code in my router.
I am now trying to find a router that allows the introduction of such a “Secret” code. I found routers with the possibility of introducing a “Secret” code but with “Static IP” instead of “Dynamic IP” but I found none with the possibility of introducing a “Secret” code with “dynamic IP”.
Do you know of a Cisco router - reasonably priced - which could solve my problem? Thank you for the help.
Best regards,
Jacques.

Jacques,
To ensure I understand exactly what you are asking for, I would like to ask you a couple of questions please.
Are you looking to have the router act as a client to the remote VPN server or site-to-site?
Since you mentioned trying to add all the credentials and information to the WAN interface, it appears to be a client setup. I am setting up some routers in the lab to validate my findings. I would just like some clarification. Our routers do have the ability to allow for L2TP, PPTP, and IPSEC passthrough if the credentials could be applied to the clients. I look forward to your response so I can answer as accurate as possible. Meanwhile see below:
WAN Interface Configurable as:
Rtr Model
PPTP Client
L2TP Client
RV110
Y
Y*
*username and password, no secret option
RV120
Y
Y
Secret option is available for L2TP
RV130
Y
Y*
*username and password, no secret option
RV180
Y
Y
Secret option is available for L2TP
RV215
Y
Y*
*username and password, no secret option
RV220
Y
Y
Secret option is available for L2TP
RV315
N
Y**
**username and password, no secret option, created as a subinterface
and requires VLAN ID
RV320
Y
N
L2TP Passthrough
RV325
Y
N*
L2TP Passthrough

Static routes, ISDN & different remote IP addresses

Scenario:
My client has 4 sites situated around an ISP MPLS cloud. All 4 CE routers connect to ISP PE equipment via different access circuits (See attached diagram).
The central site has Cisco 2800 router with 10M LES circuit into MPLS cloud (FastEthernet i/f) and ISDN BRI i/f for incoming calls from 3 remote sites.
The 3 remote sites are Cisco 1800 routers all with ISDN dial-out i/fs and 1 site has numbered X21 serial link into MPLS cloud, whilst other 2 sites have IP unnumbered DSL circuits.
Problem:
1. Routing on the 4 routers is by static routes only, as ISP does not permit routing protocol.
2. Central router does not know if the remote DSL & X21 circuits have gone down, as they are all access circuits into MPLS cloud.
3. Central router (2800) needs floating static routes to change so that packets route via ISDN when remote sites dial in, but these are proving problematic to configure, as both the ISDN and FastEther i/fs show as up on the 2800 under normal operation. So the routes stay as the higher weighted route all the time, regardless of whether the remote has dialled in or not.
The remote routers (3) can dial in fine when their Serial or ATM interfaces go down (using backup command on i/fs). I have tried using floating static routes on the central router using 10.1.0.0/29 addresses assigned to the 4 ISDN interfaces, but the floating static remains up all the time, as the interface on the central router stays up all the time (as expected). The ISDN static route therefore stays in the routing table all the time, even when there is no ISDN call into the central site. The config on the central router is as follows:
interface BRI0/1/0
ip address 10.1.0.1 255.255.255.248
encapsulation ppp
isdn switch-type basic-net3
ppp authentication chap
ip route 172.16.2.0 255.255.255.0 10.1.0.2
ip route 172.16.2.0 255.255.255.0 10.0.0.1 200
ip route 172.16.3.0 255.255.255.0 10.1.0.3
ip route 172.16.3.0 255.255.255.0 10.0.0.1 200
ip route 172.16.4.0 255.255.255.0 10.1.0.4
ip route 172.16.4.0 255.255.255.0 10.0.0.1 200
The only way I think I can get around this problem in a simple manner is to have floating static routes with higher weights assigned to completely different IP addresses than the local ISDN interface. In the past I have seen that async modems dialing into a PRI circuit appear as directly connected in the routing table of an AS5300 (and work), even though they may be different network addresses than the PRI Dialer i/f address. An example of the static routes on the central router would be as follows:
ip route 172.16.2.0 255.255.255.0 2.2.2.2 (Route to site 1 only when ISDN backup is invoked)
ip route 172.16.2.0 255.255.255.0 10.0.0.1 200 (Route to site 1 under normal conditions, i.e when remote has NOT dialled central via ISDN)
ip route 172.16.3.0 255.255.255.0 3.3.3.3 (Route to site 2 only when ISDN backup is invoked)
ip route 172.16.3.0 255.255.255.0 10.0.0.1 200 (Route to site 2 under normal conditions, i.e when remote has NOT dialled central via ISDN)
ip route 172.16.4.0 255.255.255.0 4.4.4.4 (Route to site 3 only when ISDN backup is invoked)
ip route 172.16.4.0 255.255.255.0 10.0.0.1 200 (Route to site 3 under normal conditions, i.e when remote has NOT dialled central via ISDN)
Questions:
1. Has anyone experienced this type of problem across multiple access circuits?
2. Has anyone tried to implement different IP addresses at the remote ends of an ISDN network? (See diagram below) I want to try /32 addresses on the 4 routers, e.g 1.1.1.1, 2.2.2.2, 3.3.3.3 and 4.4.4.4. (Dont have time to lab test this solution)
3. Can anyone suggest a simple solution?

What you want is object tracking, which will resolve this problem.
This technology sets up an object that pings a remote address. You use a route map to force the ping out of the interface that appears to remain up, in this case the MPLS main interface.
When a link fails somewhere, the object no longer gets a response and transitions to the down state.
You can use a static route that tracks the object to become active, this will be used to activate your local ISDN.
This was described in Packet Magazine 2ndQ 2004, here:
http://www.cisco.com/web/about/ac123/ac114/downloads/packet/packet/apr04/pdfs/apr04.pdf
Read the article about Static and Policy Routing Enhancements, its excellent and should help you out.
Another way would be to build a GRE based VPN over the existing MPLS network, have you considerd that?
Andy

Does Cisco 857 router support Easy VPN?!!

Hi,
I've a Cisco 857 router with a 12.4(6)T IOS.
I want to configure it to act as an Easy VPN server, to allow my remote clients -using cisco vpn clients- to access the internal resourses behind the router.
Is it applicable with this router model?!!
thanks and regards,
Ala

Ala, upsolutely, you would probably need advance k9 security image, check at software advisory tools and slect software features for your platform.
sofware advisory
http://tools.cisco.com/Support/Fusion/FusionHome.do
857 Models See table 3 Software feature
http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps6195/product_data_sheet0900aecd8028a9a9_ps380_Products_Data_Sheet.html
HTH
Rgds
Jorge

DHCP issue on Cisco IOS router

Hi experts,
I recently got complaints that some clients can't get IP address through the DHCP server configured on a Cisco IOS router. I turned on debugging on DHCP events and packets and I see the following logs.
Mar 22 15:33:41: DHCPD: DHCPREQUEST received from client 0100.1b63.f246.8c.
Mar 22 15:33:41: DHCPD: Finding a relay for client 0100.1b63.f246.8c on interface FastEthernet1/0.10.
Mar 22 15:33:41: DHCPD: Seeing if there is an internally specified pool class:
Mar 22 15:33:41:   DHCPD: htype 1 chaddr 001b.63f2.468c
Mar 22 15:33:41:   DHCPD: remote id 020a0000cf6050011000000a
Mar 22 15:33:41:   DHCPD: circuit id 00000000
Mar 22 15:34:02: DHCPD: DHCPREQUEST received from client 0100.1b63.f246.8c.
Mar 22 15:34:02: DHCPD: Finding a relay for client 0100.1b63.f246.8c on interface FastEthernet1/0.10.
Mar 22 15:34:02: DHCPD: Seeing if there is an internally specified pool class:
Mar 22 15:34:02:   DHCPD: htype 1 chaddr 001b.63f2.468c
Mar 22 15:34:02:   DHCPD: remote id 020a0000cf6050011000000a
Mar 22 15:34:02:   DHCPD: circuit id 00000000
Then it will repeat and repeat for this MAC. Any reason why the router is not assigning an IP to it? It actually happens to some other MACs as well... They are from different vendors and located on different switches... I can't really find a pattern for this problem... The DHCP pool hasn't run out and it still has available IPs in it.
Thanks

Hi Alain, thanks for quick reply. The followings contain the output that you required. I hided the prefix of the IP with a.b.c. Thanks!
interface FastEthernet1/0.10
description : DHCP for EXHIBITION VLAN
encapsulation dot1Q 10
ip address a.b.c.1 255.255.255.128
no ip redirects
no ip unreachables
no ip proxy-arp
end
r#sh ip dhcp pool
Pool EXHIBIT :
Utilization mark (high/low)    : 100 / 0
Subnet size (first/next)       : 0 / 0
Total addresses                : 126
Leased addresses               : 47
Pending event                  : none
1 subnet is currently in the pool :
Current index        IP address range                    Leased addresses
a.b.c.118        a.b.c.1      - a.b.c.126     47
#sh run | in/be dhcp
no ip dhcp use vrf connected
ip dhcp excluded-address a.b.c.1 a.b.c.11
ip dhcp excluded-address a.b.c.126
ip dhcp excluded-address a.b.c.100 a.b.c.101
ip dhcp excluded-address a.b.c.51
ip dhcp pool EXHIBIT
   network a.b.c.0 255.255.255.128
   default-router a.b.c.1
   dns-server 207.172.3.8 207.172.3.9
   domain-name xyz.com
#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
a.b.c.19        0168.7f74.6260.9b       Mar 23 2011 01:56 PM    Automatic
a.b.c.52        0100.4854.897d.17       Mar 23 2011 12:53 PM    Automatic
a.b.c.56        0100.4063.e7b5.b2       Mar 23 2011 03:33 PM    Automatic
a.b.c.57        0100.1b63.f246.8c       Mar 23 2011 03:34 PM    Automatic
a.b.c.68        015c.5948.0b97.d6       Mar 22 2011 05:59 PM    Automatic
a.b.c.69        0168.7f74.626d.67       Mar 23 2011 07:07 AM    Automatic
a.b.c.70        0198.fc11.5027.1d       Mar 22 2011 07:04 PM    Automatic
a.b.c.71        01dc.2b61.04ba.af       Mar 22 2011 10:26 PM    Automatic
a.b.c.72        017c.c537.58e6.64       Mar 22 2011 08:37 PM    Automatic
a.b.c.73        017c.6d62.3303.57       Mar 23 2011 03:54 AM    Automatic
a.b.c.74        0124.ab81.cda4.68       Mar 23 2011 05:01 AM    Automatic
a.b.c.75        0100.1e52.8f11.a5       Mar 23 2011 02:47 PM    Automatic
a.b.c.76        0100.264a.5fc8.e3       Mar 23 2011 07:13 AM    Automatic
a.b.c.77        017c.6d62.38cd.40       Mar 23 2011 02:06 PM    Automatic
a.b.c.78        0100.1d4f.f647.79       Mar 23 2011 02:37 PM    Automatic
a.b.c.79        0100.26b0.8637.3d       Mar 23 2011 01:16 PM    Automatic
a.b.c.81        0130.694b.e9de.82       Mar 23 2011 03:19 PM    Automatic
a.b.c.82        0100.21e9.6864.80       Mar 23 2011 12:04 PM    Automatic
a.b.c.83        0124.ab81.63e6.b5       Mar 23 2011 09:38 AM    Automatic
a.b.c.84        0100.16b6.0455.c2       Mar 23 2011 09:42 AM    Automatic
a.b.c.85        0100.1302.4c96.9e       Mar 23 2011 09:49 AM    Automatic
a.b.c.86        0140.a6d9.741c.e0       Mar 23 2011 12:12 PM    Automatic
a.b.c.87        0100.264a.b8e9.50       Mar 23 2011 10:16 AM    Automatic
a.b.c.88        0140.a6d9.4911.67       Mar 23 2011 03:19 PM    Automatic
a.b.c.89        013c.7437.1e32.96       Mar 23 2011 10:27 AM    Automatic
a.b.c.90        01d8.3062.689c.4b       Mar 23 2011 11:55 AM    Automatic
a.b.c.91        0158.946b.4df8.bc       Mar 23 2011 10:49 AM    Automatic
a.b.c.92        0100.2215.7368.26       Mar 23 2011 10:23 AM    Automatic
a.b.c.93        0100.23df.76ea.90       Mar 23 2011 02:33 PM    Automatic
a.b.c.94        0124.ab81.708d.83       Mar 23 2011 03:58 PM    Automatic
a.b.c.95        0100.1cb3.163d.5a       Mar 23 2011 03:13 PM    Automatic
a.b.c.96        01cc.08e0.2aeb.96       Mar 23 2011 01:27 PM    Automatic
a.b.c.97        0188.c663.d0d0.55       Mar 23 2011 01:57 PM    Automatic
a.b.c.98        0100.1b77.08bb.89       Mar 23 2011 01:15 PM    Automatic
a.b.c.99        0100.1ec2.47d7.19       Mar 23 2011 12:43 PM    Automatic
a.b.c.102       0100.1310.8e74.78       Mar 23 2011 12:41 PM    Automatic
a.b.c.103       0100.24d6.58b0.82       Mar 23 2011 01:44 PM    Automatic
a.b.c.104       0100.2608.7df2.68       Mar 23 2011 03:23 PM    Automatic
a.b.c.106       01c8.bcc8.1a86.41       Mar 23 2011 03:56 PM    Automatic
a.b.c.107       01a4.6706.1e54.94       Mar 23 2011 04:08 PM    Automatic
a.b.c.108       017c.c537.46ac.0e       Mar 23 2011 02:41 PM    Automatic
a.b.c.111       0100.037f.0ea2.19       Mar 23 2011 02:47 PM    Automatic
a.b.c.112       01d8.3062.75c5.9c       Mar 23 2011 03:33 PM    Automatic
a.b.c.113       0021.9116.449e          Mar 23 2011 03:36 PM    Automatic
a.b.c.114       0100.1ff3.46d9.a9       Mar 23 2011 03:40 PM    Automatic
a.b.c.116       0104.1e64.4a0d.a3       Mar 23 2011 04:21 PM    Automatic
a.b.c.117       0190.27e4.4ae8.94       Mar 23 2011 04:24 PM    Automatic
Thanks!

Cisco DSL-Router 876W: VPN with Apple Builtin PPTP??

Hello
I spoke last week to someone about the VPN Problems with several Firewalls and Routers. I hate it to use VPN Tracker, Cisco VPN Client or IP Securitas. I would like to use only the builtin VPN Clients of the Apple OS X.
He suggest me to use Cisco 876 Router. That VPN should support the builtin VPN Client of Apple. Has some member of this forum testet this Router and get the VPN working?
I tried to contact Cisco here in Switzerland, but they have nearly any know-how of Apple Products
Who can help me?
Regards
Gérard

Hello
We had installed the Cisco Router with the VPN Server.
It is possible to make a connection with the builtin PPTP Client of Apple. The Connection is very instable. It disconnect every X minutes.
Ferther I am not able to use all the Apple Remote Desktop funktion. So I see the ARD Client at the VPN Site. Im am able to see which Program is running and are also able to update the ARD Client.
But the Control and Show Funktion off ARD ist not working.
So this solution ist not useable to do Remote Maintanance
Has someone the same problems or an idea why it is not working
Regard
Gérard

Remote Client copy issues

Hi,
I have performed a remoted client copy of ECP300 to ECQ system using
SAP_ALL Profile and the client copied successfully. After the client
copy some users are complainting that not all data moved over or there
are some major differences. I know the client copy finished but the
users are saying the client copy is not a exact copy of ECP.Are there
any functional or abap post configuration that needs to happen after
this remote client copy? From the client copy logs, it seem like all
the tables got copied over. Please advise as this is very critical.
I have attached 2 issues reported by users and the client copy log with
details. I have also attached the data dictionary differences of the 2
system ECP and ECQ using SCC9 --> RFC SYSTEM COMPARISON.
Target Client                220
Source Client (incl. Auth.) 265
   Source Client User Master 265
Copy Type                    Local Copy
Profile                      SAP_ALL
Status                       Successfully Completed
User                         SAP*
Start on                     01/07/2011 / 23:16:01
Last Entry on                01/08/2011 / 03:53:31
Statistics for this Run
- No. of Tables                  56787 of     56787
- Number of Exceptions               1
- Deleted Lines                  11478
- Copied Lines               152345539
/ISDFPS/CS_EXLST     Field Missing Remote     IS-DFS-MM     /ISDFPS/MM_CS     SAP     TRANSP          Exception List: Overwritten Purchase Requisitions     SAPKGED04G
/SAPMP/GT_FDE_T1     Table Missing Remote     IS-MP     /SAPMP/FAST_DATA_ENTRY_GEN_APP     SAP     TRANSP          IMG: Fast Entry in Trading Contract General Settings     SAPK-603DDINECCDIMP
/SAPMP/GT_FDE_T2     Table Missing Remote     IS-MP     /SAPMP/FAST_DATA_ENTRY_GEN_APP     SAP     TRANSP          Fast Entry in Trading Contract: Transfer from Info Record     SAPK-603DDINECCDIMP
AD01DLI     Field Missing Remote     PS-REV     AD01     SAP     TRANSP          Dynamic items (DI)
ADPIC_MIGO_SET     Table Missing Remote     IS-AD-MPN     ADPIC     SAP     TRANSP          Customizing Settings for MIGO     SAPK-603DDINECCDIMP
ADPIC_MIGO_USR     Table Missing Remote     IS-AD-MPN     ADPIC     SAP     TRANSP          Customizing Settings for MIGO     SAPK-603DDINECCDIMP
MPDCD     Field Missing Remote     IS-AD-MPD     AD_MPD     SAP     TRANSP          MPD: OBSOLETE - Counter Data for Maintenance Document Items     SAPK-603DDINECCDIMP
MPDCUST_DATA_FLG     Table Missing Remote     IS-AD-MPD     AD_MPD     SAP     TRANSP          Customising table to store the data container flag     SAPK-603DDINECCDIMP
MPDCUST_EFFT_DOC     Table Missing Remote     IS-AD-MPD     AD_MPD     SAP     TRANSP          Customising table to store effectivity data for documents     SAPK-603DDINECCDIMP
MPDCUST_EFFT_TO     Table Missing Remote     IS-AD-MPD     AD_MPD     SAP     TRANSP          Cust. table to store effectivity data from technical objects     SAPK-603DDINECCDIMP
MPDCYCLE     Table Missing Remote     IS-AD-MPD     AD_MPD     SAP     TRANSP          MPD: Cycle Data for Maintenance Document Items     SAPK-603DDINECCDIMP
MPDEFFECT     Table Missing Remote     IS-AD-MPD     AD_MPD     SAP     TRANSP          MPD effectivity data     SAPK-603DDINECCDIMP
MPDITEM     Table Missing Remote     IS-AD-MPD     AD_MPD     SAP     TRANSP          Maintenance Plan Items     SAPK-603DDINECCDIMP
MPDPSD     Field Missing Remote     IS-AD-MPD     AD_MPD     SAP     TRANSP          MPD: MPD and MP header data     SAPK-603DDINECCDIMP
ADMPN_RBA_CGRP     Table Missing Remote     IS-AD-MPN     AD_MPN_RBA_DDIC     SAP     TRANSP          Check Groups for APO ATP     SAPK-603DDINECCDIMP
TMCNV     Convertible -> Local     CA-GTF-TS     BMG     SAP     TRANSP          Data on Material Numbers Conversion
CRFH     Field Missing Remote     PP-BD-PRT     CF     SAP     TRANSP          CIM production resource/tool master data
CKIS     Field Missing Remote     CO-PC-PCP     CK     SAP     TRANSP          Items Unit Costing/Itemization Product Costing
KALM     Field Missing Remote     CO-PC-PCP     CK     SAP     TRANSP          Costing Run: Costing Objects
KEKO     Field Missing Remote     CO-PC-PCP     CK     SAP     TRANSP          Product Costing - Header Data
MLCR     Field Missing Remote     CO-PC-ACT     CKML     SAP     TRANSP          Material Ledger Document: Currencies and Values
VSAFKO_CN     Field Missing Remote     PS-SIM     CNVS     SAP     TRANSP          Version: Order header data for PP orders
VSAFPO_CN     Field Missing Remote     PS-SIM     CNVS     SAP     TRANSP          Version: Order items in PP orders
VSAFVC_CN     Field Missing Remote     PS-SIM     CNVS     SAP     TRANSP          Version: Operation in order
VSAUFK_CN     Field Missing Remote     PS-SIM     CNVS     SAP     TRANSP          Version: Order master data     SAPK-603DDINSAPAPPL
VSFPLT_CN     Field Missing Remote     PS-SIM     CNVS     SAP     TRANSP          Version: Billing schedule: Dates
VSPLAF_CN     Field Missing Remote     PS-SIM     CNVS     SAP     TRANSP          Version: Planned order
VSRESB_CN     Field Missing Remote     PS-SIM     CNVS     SAP     TRANSP          Version: Reservation/Dependent requirements
VSRSADD_CN     Field Missing Remote     PS-SIM     CNVS     SAP     TRANSP          Version: Additional fields for reservation
VSVBAK_CN     Field Missing Remote     PS-SIM     CNVS     SAP     TRANSP          Version: Sales document: Header data
VSVBAP_CN     Field Missing Remote     PS-SIM     CNVS     SAP     TRANSP          Version: Sales document: Item data
RSADD     Field Missing Remote     PS-MAT     CN_MAT     SAP     TRANSP          Additional fields for reservation
TCNTM05     Field Missing Remote     PS-ST-OPR-NET     CN_NET_OPR     SAP     TRANSP          Assignment Components to Groups
AFKO     Field Missing Remote     PP-SFC     CO     SAP     TRANSP          Order header data PP orders
AFPO     Field Missing Remote     PP-SFC     CO     SAP     TRANSP          Order item
AFVC     Field Missing Remote     PP-SFC     CO     SAP     TRANSP          Operation within an order     SAPK-603DDINSAPAPPL
AFFW     Field Missing Remote     PP-SFC-EXE-CON     CORU     SAP     TRANSP          Goods Movements with Errors from Confirmations
AFRU     Field Missing Remote     PP-SFC-EXE-CON     CORU     SAP     TRANSP          Order Confirmations     SAPK-603DDINSAPAPPL
AFRV     Field Missing Remote     PP-SFC-EXE-CON     CORU     SAP     TRANSP          Confirmation pool
PLPO     Field Missing Remote     PP-BD-RTG     CP     SAP     TRANSP          Task list - operation/activity
STPO     Field Missing Remote     LO-MD-BOM     CS     SAP     TRANSP          BOM item
T414     Field Missing Remote     LO-MD-BOM     CS     SAP     TRANSP          Explosion Types
CJITO_02     Table Missing Remote     IS-A-JIT     DI_JITOUT     SAP     TRANSP          Customizing Table for Definition of Tolerances     SAPK-603DDINECCDIMP
CJITO_02T     Table Missing Remote     IS-A-JIT     DI_JITOUT     SAP     TRANSP          Text Table to Define the Tolerances     SAPK-603DDINECCDIMP
JITOCO     Field Missing Remote     IS-A-JIT     DI_JITOUT     SAP     TRANSP          Call Components JIT Outbound     SAPK-603DDINECCDIMP
S2L_GLOBAL_DATA     Field Missing Remote     IS-A-S2L     DI_S2L     SAP     TRANSP          User-specific Save for Global Settings     SAPK-603DDINECCDIMP
LFA1     Field Missing Remote     FI     FBASCORE     SAP     TRANSP          Vendor Master (General Section)
KNKK     Field Missing Remote     FI-AR-AR     FBD     SAP     TRANSP          Customer master credit management: Control area data
VIMI01     Field Missing Remote     RE     FVVI     SAP     TRANSP          Rental unit - Master data
VIOB01     Field Missing Remote     RE     FVVI     SAP     TRANSP          Business entities
VIOB02     Field Missing Remote     RE     FVVI     SAP     TRANSP          Property master data
VIOB03     Field Missing Remote     RE     FVVI     SAP     TRANSP          Real estate building master
VIOB27     Field Missing Remote     RE     FVVI     SAP     TRANSP          Relationship between properties and buildings
VIOB38     Field Missing Remote     RE     FVVI     SAP     TRANSP          Relationship between Real Estate objects and SAP-PS
PEG_TXPT     Field Missing Remote     IS-AD-GPD     GPD     SAP     TRANSP          Pegging: Record of intransit stock in cross plant transfers     SAPKGES01G
VEKP     Field Missing Remote     LO-HU-BF     HANDLING_UNITS     SAP     TRANSP          Handling Unit - Header Table
EQUI     Field Missing Remote     PM-EQM-EQ     IEQM     SAP     TRANSP          Equipment master data     SAPK-603DDINSAPAPPL
EQUZ     Field Missing Remote     PM-EQM-EQ     IEQM     SAP     TRANSP          Equipment time segment
MHIO     Field Missing Remote     PM-PRM-TL     IPRM     SAP     TRANSP          Call Object from Maintenance Order
MHIS     Field Missing Remote     PM-PRM-TL     IPRM     SAP     TRANSP          Maintenance plan history
EQBS     Field Missing Remote     LO-MD-SN     IQSM     SAP     TRANSP          Serial Number Stock Segment
OBJK     Field Missing Remote     LO-MD-SN     IQSM     SAP     TRANSP          Plant Maintenance Object List     SAPK-603DDINSAPAPPL
SER01     Field Missing Remote     LO-MD-SN     IQSM     SAP     TRANSP          Document Header for Serial Numbers for Delivery
SER02     Field Missing Remote     LO-MD-SN     IQSM     SAP     TRANSP          Document Header for Serial Nos for Maint.Contract (SD Order)
T377X     Field Missing Remote     LO-MD-SN     IQSM     SAP     TRANSP          Documents Allowed for Serial Number Management
CJIT01     Field Missing Remote     IS-A-JIT     ISAUTO_JIT     SAP     TRANSP          JIT: Call Control     SAPK-603DDINECCDIMP
VLCADDCUST     Table Missing Remote     IS-A-VMS     ISAUTO_VLC     SAP     TRANSP          VELO: Table for VMS additional end customer     SAPK-603DDINECCDIMP
AFIH     Field Missing Remote     PM-WOC-MO     IWO1     SAP     TRANSP          Maintenance order header
AUFM     Field Missing Remote     PM-WOC-MO     IWO1     SAP     TRANSP          Goods movements for order
AUFK     Field Missing Remote     CO-OM-OPA     KAUF     SAP     TRANSP          Order master data     SAPK-603DDINSAPAPPL
CEZP     Field Missing Remote     CO-PC-OBJ-PER     KKPK     SAP     TRANSP          Reporting Points Line Items
CPZP     Field Missing Remote     CO-PC-OBJ-PER     KKPK     SAP     TRANSP          Reporting Points - Periodic Totals Values
PABHD     Field Missing Remote     PP-KAB     LAPA     SAP     TRANSP          JIT call header record
PABIT     Field Missing Remote     PP-KAB     LAPA     SAP     TRANSP          JIT call items
LTAK     Field Missing Remote     LE-WM     LVS     SAP     TRANSP          WM transfer order header
ASMD     Field Missing Remote     MM-SRV     MASB     SAP     TRANSP          Service Master: Basic Data
CHVW     Field Missing Remote     MM-IM     MB     SAP     TRANSP          Table CHVW for Batch Where-Used List
ISEG     Field Missing Remote     MM-IM     MB     SAP     TRANSP          Physical Inventory Document Items
MKPF     Field Missing Remote     MM-IM     MB     SAP     TRANSP          Header: Material Document
MSEG     Field Missing Remote     MM-IM     MB     SAP     TRANSP          Document Segment: Material
RESB     Field Missing Remote     MM-IM     MB     SAP     TRANSP          Reservation/dependent requirements     SAPK-603DDINSAPAPPL
MCIPMIS     Field Missing Remote     PM-IS-REP     MCI     SAP     TRANSP          PMIS: Master data characteristics for PMIS before image
MDTB     Field Missing Remote     PP-MRP-BD     MD     SAP     TRANSP          MRP Table
PLAF     Field Missing Remote     PP-MRP-BD     MD     SAP     TRANSP          Planned order
PKHD     Field Missing Remote     PP-KAB     MD05     SAP     TRANSP          Control Cycle     SAPK-603DDINSAPAPPL
TPK02     Field Missing Remote     PP-KAB     MD05     SAP     TRANSP          Key for Controlling Control Cycle: External Replenishment     SAPK-603DDINSAPAPPL
T459K     Field Missing Remote     PP-MP-DEM     MDPB     SAP     TRANSP          Control table for customer requirements
EBAN     Field Missing Remote     MM-PUR     ME     SAP     TRANSP          Purchase Requisition     SAPK-603DDINSAPAPPL
EKBE     Field Missing Remote     MM-PUR     ME     SAP     TRANSP          History per Purchasing Document
EKBEH     Field Missing Remote     MM-PUR     ME     SAP     TRANSP          Removed PO History Records
EKEK     Field Missing Remote     MM-PUR     ME     SAP     TRANSP          Header Data for Scheduling Agreement Releases
EKES     Field Missing Remote     MM-PUR     ME     SAP     TRANSP          Vendor Confirmations
EKET     Field Missing Remote     MM-PUR     ME     SAP     TRANSP          Scheduling Agreement Schedule Lines
EKKO     Field Missing Remote     MM-PUR     ME     SAP     TRANSP          Purchasing Document Header
EKPO     Field Missing Remote     MM-PUR     ME     SAP     TRANSP          Purchasing Document Item
EKRS     Field Missing Remote     MM-PUR     ME     SAP     TRANSP          ERS Procedure: Goods (Merchandise) Movements to be Invoiced
MARA     Field Missing Remote     LO-MD-MM     MG     SAP     TRANSP          General Material Data
MARC     Field Missing Remote     LO-MD-MM     MG     SAP     TRANSP          Plant Data for Material     SAPK-603DDINSAPAPPL
MARM     Field Missing Remote     LO-MD-MM     MG     SAP     TRANSP          Units of Measure for Material
MCH1     Field Missing Remote     LO-MD-MM     MG     SAP     TRANSP          Batches (if Batch Management Cross-Plant)
MCHA     Field Missing Remote     LO-MD-MM     MG     SAP     TRANSP          Batches
MVKE     Field Missing Remote     LO-MD-MM     MG     SAP     TRANSP          Sales Data for Material
T130F     Field Missing Remote     LO-MD-MM     MG     SAP     TRANSP          Field attributes
T134     Field Missing Remote     LO-MD-MM     MG     SAP     TRANSP          Material Types
MVRA     Field Missing Remote     LO-MD-MM     MGVERS     SAP     TRANSP          Cross-version fields for MARA     SAPKGES01G
MVRC     Field Missing Remote     LO-MD-MM     MGVERS     SAP     TRANSP          Cross-version fields for MARC     SAPKGES01G
MVRM     Field Missing Remote     LO-MD-MM     MGVERS     SAP     TRANSP          Units of Measure for Material     SAPKGES01G
MVVE     Field Missing Remote     LO-MD-MM     MGVERS     SAP     TRANSP          Sales Data for Material     SAPKGES01G
MILL_T399X     Field Missing Remote     IS-MP-PP     MILL_PP     SAP     TRANSP          Parameters for Partitioning Order - Order Type     SAPK-603DDINECCDIMP
ESLH     Field Missing Remote     MM-SRV     ML     SAP     TRANSP          Service Package Header Data
ESLL     Field Missing Remote     MM-SRV     ML     SAP     TRANSP          Lines of Service Package
RSEG     Field Missing Remote     MM-IV     MRM     SAP     TRANSP          Document Item: Incoming Invoice     SAPK-603DDINSAPAPPL
ADRC     Field Missing Remote     BC-SRV-ADR     SZAD     SAP     TRANSP          Addresses (Business Address Services)
VBAK     Field Missing Remote     SD-SLS     VA     SAP     TRANSP          Sales Document: Header Data     SAPK-603DDINSAPAPPL
VBAP     Field Missing Remote     SD-SLS     VA     SAP     TRANSP          Sales Document: Item Data     SAPK-603DDINSAPAPPL
VBEP     Field Missing Remote     SD-SLS     VA     SAP     TRANSP          Sales Document: Schedule Line Data
VBKD     Field Missing Remote     SD-SLS     VA     SAP     TRANSP          Sales Document: Business Data     SAPK-603DDINSAPAPPL
CHVW_INC     Field Missing Remote     LO-BM     VB     SAP     TRANSP          Batch Where-Used List- N:M Assignment for Order
VBRK     Field Missing Remote     SD-BIL     VF     SAP     TRANSP          Billing Document: Header Data     SAPK-603DDINSAPAPPL
VBRP     Field Missing Remote     SD-BIL     VF     SAP     TRANSP          Billing Document: Item Data     SAPK-603DDINSAPAPPL
KONDH     Field Missing Remote     SD-MD-CM     VKON     SAP     TRANSP          Conditions: Batch Strategy - Data Division
LIKP     Field Missing Remote     LE-SHP     VL     SAP     TRANSP          SD Document: Delivery Header Data     SAPK-603DDINSAPAPPL
LIPS     Field Missing Remote     LE-SHP     VL     SAP     TRANSP          SD document: Delivery: Item data     SAPK-603DDINSAPAPPL
VALW     Field Missing Remote     LE-SHP     VL     SAP     TRANSP          Delivery Plan: Definition of Route Schedule
KNVV     Field Missing Remote     LO-MD-BP-CM     VS     SAP     TRANSP          Customer Master Sales Data
KNA1     Field Missing Remote     LO-MD-BP-CM     VSCORE     SAP     TRANSP          General Data in Customer Master
FPLA     Field Missing Remote     SD-BF     VZ     SAP     TRANSP          Billing Plan
FPLT     Field Missing Remote     SD-BF     VZ     SAP     TRANSP          Billing Plan: Dates
TFPLT     Field Missing Remote     SD-BF     VZ     SAP     TRANSP          Date Type for Billing Plan Type
VBSK     Field Missing Remote     SD-BF     VZ     SAP     TRANSP          Collective Processing for a Sales Document Header
VBUK     Field Missing Remote     SD-BF     VZ     SAP     TRANSP          Sales Document: Header Status and Administrative Data
VBUP     Field Missing Remote     SD-BF     VZ     SAP     TRANSP          Sales Document: Item Status
WBHI     Field Missing Remote     LO     WB2B_DDIC     SAP     TRANSP          Trading Contract: Item Data
LFM1     Field Missing Remote     LO-MD-BP-VM     WLIF     SAP     TRANSP          Vendor master record purchasing organization data
LFM2     Field Missing Remote     LO-MD-BP-VM     WLIF     SAP     TRANSP          Vendor Master Record: Purchasing Data
ZPPWRKMAP     Convertible -> Local     BC     ZDEV     PTANAKI     TRANSP          PP-012: Work Center Mapping     ECDK901192

Hi,
What is the volume of data you copied. Also have you followed the best practice of minimal/no activity in the source client.
The dictionary differences seems to be becuase of some SPs not applied in your ECP system yet
Regards,
Sanujit

Cisco 877 router - Cisco IP phone won't register with SIP provider

Hi all,
I'm having a problem with a Cisco SPA504G phone not registering with the SIP carrier over the Internet. We've recently rolled out a Cisco 877 router onto a new NBN business connection and can't get the pre-configured IP phone to register.
When we tested the phone with the NBN-provided Netgear router, it worked fine, as it did with the previous Cisco 1841 router we were using on a different link.
The way it's setup is using VLANs to define the internal subnets, which are then assigned to the physical interfaces (since the 887 doesn't allow IP assignments to the interfaces directly).
VLAN 100 is the internal network and has a SBS2011 server – assigned to F0 – IP range is 192.168.1.0
VLAN 200 is the guest network and has Internet access only – assigned to F1 – IP range is 10.1.1.0
VLAN 500 is the WAN network and connects to the NBN upstream box – assigned to F3 – external IP address assigned by DHCP
I've been playing around with access lists, nat rules, basically everything in my limited Cisco knowledge to try and figure this out, but to no avail. I have even configured what I believe is unrestricted access to IP, UDP and TCP outbound and inbound to all VLANs and still can't get it to register.
Tried isolating the issue by creating a new VLAN and assigning it to the spare interface and basically allowing everything in and out, but still no luck.
The problem has to be something on the router – probably some small line of config I haven’t removed or added.
I am going to pull my hair out soon, so would really appreciate some assistance from the Cisco gurus out there.
My client has just purchased about 10 of these handsets from their provider so I need to fix this ASAP. The guy who provided them wasn't very helpful, and basically said I'm on my own once we tested using the NBN-provided Netgear router.
Happy to post my config as well.
Please help!!!!

Current configuration : 4912 bytes
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router1
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
no ip source-route
ip dhcp excluded-address 10.1.1.1
ip dhcp pool GUEST
network 10.1.1.0 255.255.255.0
dns-server 10.1.1.1 203.50.2.71 139.130.4.4
default-router 10.1.1.1
ip cef
no ip domain lookup
ip domain name network.local
ip name-server 192.168.1.123
ip name-server 203.23.53.12
ip name-server 197.12.32.86
ip name-server 8.8.8.8
no ipv6 cef
license udi pid CISCO887VA-K9 sn FGL171220XY
username admin privilege 15 secret 5 $1$aNsm$N1BCQYkoi8gnURyvloYEX/
controller VDSL 0
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
bridge-group 10
pvc 8/35
interface FastEthernet0
description NAC - Internal network
switchport access vlan 100
no ip address
interface FastEthernet1
description NAC - Guest network
switchport access vlan 200
no ip address
interface FastEthernet2
no ip address
shutdown
interface FastEthernet3
description **** WAN Port ****
switchport access vlan 500
no ip address
interface Vlan1
no ip address
bridge-group 10
hold-queue 100 out
interface Vlan100
description NAC - Internal Vlan
ip address 192.168.1.1 255.255.255.0
ip access-group IN-100 in
ip access-group OUT-100 out
ip nat inside
ip virtual-reassembly in
interface Vlan200
description NAC - Guest Vlan
ip address 10.1.1.1 255.255.255.0
ip access-group IN-200 in
ip access-group OUT-200 out
ip nat inside
ip virtual-reassembly in
interface Vlan500
description **** WAN Vlan ****
ip address dhcp
ip nat outside
no ip virtual-reassembly in
no ip forward-protocol nd
ip http server
ip http access-class 23
ip http secure-server
ip dns server
ip nat inside source list NAT-100 interface Vlan500 overload
ip nat inside source list NAT-200 interface Vlan500 overload
ip nat inside source static tcp 192.168.1.123 25 interface Vlan500 25
ip nat inside source static tcp 192.168.1.123 443 interface Vlan500 443
ip nat inside source static tcp 192.168.1.123 3389 interface Vlan500 3399
ip nat inside source static tcp 192.168.1.123 80 interface Vlan500 80
ip nat inside source static tcp 192.168.1.123 4125 interface Vlan500 4125
ip nat inside source static tcp 192.168.1.124 3389 interface Vlan500 3390
ip nat inside source static tcp 192.168.1.123 987 interface Vlan500 987
ip nat inside source static tcp 192.168.1.123 1723 interface Vlan500 1723
ip route 0.0.0.0 0.0.0.0 55.234.52.43
ip access-list extended IN-100
permit udp any any range bootps bootpc
deny ip 10.1.1.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended IN-200
permit udp any any range bootps bootpc
permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended NAT-100
deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended NAT-200
deny ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended OUT-100
permit udp any range bootps bootpc any
deny ip 10.1.1.0 0.0.0.255 any
permit ip any 192.168.1.0 0.0.0.255
ip access-list extended OUT-200
permit udp any range bootps bootpc any
deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip any 10.1.1.0 0.0.0.255
access-list 23 permit 59.23.164.52
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 permit 10.1.1.0 0.0.0.255
access-list 23 permit 120.146.0.0 0.0.255.255
access-list 23 permit 149.185.12.0 0.0.0.255
access-list 23 permit 110.44.28.0 0.0.0.255
access-list 23 permit 110.44.26.0 0.0.0.255
access-list 23 permit 103.25.212.0 0.0.0.255
access-list 23 permit any
bridge 10 protocol ieee
banner motd ^C
* Authorized personnel only! *
^C
line con 0
login local
no modem enable
line aux 0
line vty 0 4
password password01
login local
transport input all
end

Problem with Cisco 861W router and outgoing VPN

We have a Cisco 861W router that is blocking an outgoing PPTP on the internal access point only. The outgoing VPN works when the traffic is through a wired connection or the connection is on another access point. We fail to make a connection only when connection to the 861W's internal Access Point.
Here is the Access Point Configuration:
Current configuration : 2100 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname obap
enable secret 5 $1$.1RF$go1D7WITXUn3s8TUaw3tC.
no aaa new-model
dot11 syslog
dot11 ssid OLIVER
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 0 XXXXXXXXXXX
username XXXXXX privilege 15 secret 5 $1$Wc0K$OzcQDDQfjHP6La31eXMoG/
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid OLIVER
antenna gain 0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
description the embedded AP GigabitEthernet 0 is an internal interface connecti
ng AP with the host router
no ip address
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 192.168.0.2 255.255.255.0
no ip route-cache
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
banner login ^CC
% Password change notice.
Default username/password setup on AP is cisco/cisco with priv¾ilege level 15.
It is strongly suggested that you create a new username with privilege level
15 using the following command for console security.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to
use. After you change your username/password you can turn off this message
by configuring "no banner login" and "no banner exec" in privileged mode.
^C
line con 0
privilege level 15
login local
no activation-character
line vty 0 4
login local
cns dhcp
end
obap#
Here is the Router's Configuration:
Current configuration : 5908 bytes
! No configuration change since last restart
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname obrouter
boot-start-marker
boot-end-marker
logging buffered 51200
logging console critical
enable secret 5 $1$i9XE$DjxFVAEC9nC4/r6EQKCd6/
no aaa new-model
memory-size iomem 10
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-1856757619
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1856757619
revocation-check none
rsakeypair TP-self-signed-1856757619
crypto pki certificate chain TP-self-signed-1856757619
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383536 37353736 3139301E 170D3036 30313032 31323030
34345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353637
35373631 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B1A4 FB786547 3D582260 03DB768D 116BDE9A 309FBA04 B53F77B0 BFE32344
7C3439B3 97192B36 760A9411 1D5C7549 8D86F532 ABA44F53 0D08B7F4 A9A747D5
071330C3 65BF25A8 927F3596 29BB5A80 90C8D169 22268476 3B8DDE1E FDB7170D
B4820D03 5580A849 A92C7E76 9AC10867 505A2FEE 64360741 7F9DBDBF 3D79982C
F81D0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 156F6272 6F757465 722E6272 75736868 6F672E63 6F6D301F
0603551D 23041830 168014D8 5BC2FFB2 967A4C7B 11B44122 5C8D31F7 749B9230
1D060355 1D0E0416 0414D85B C2FFB296 7A4C7B11 B441225C 8D31F774 9B92300D
06092A86 4886F70D 01010405 00038181 005901F1 C239074B B8213567 CF7B65BF
DAFE4557 69B2A3B1 5F2593C7 A54B9598 23FD5E7A 563AA6E0 AFB25801 FA0061E8
F9545372 DB600B3A BE68AE65 1EDA593E 6A0C96B8 5A4136AF 393F9AAC 651E1C36
B8B7C6C0 47936C24 D2ECE9A5 9446EE32 FC7461FA AD8CF1CE A7FBF341 07E9C3C6
505AB88D 0E7FCAFC 5792298A E5E4D1FE CC
        quit
no ip source-route
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp pool ccp-pool1
   import all
   network 192.168.0.0 255.255.255.0
   dns-server 216.49.160.10 216.49.160.66
   default-router 192.168.0.1
ip cef
no ip bootp server
ip domain name brushhog.com
ip name-server 216.49.160.10
ip name-server 216.49.160.66
license udi pid CISCO861W-GN-A-K9 sn FTX155281FY
username tech38 privilege 15 secret 5 $1$d/4Z$n/23EsXbzfHF5XfJ8Nv.y0
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
duplex auto
speed auto
pppoe-client dial-pool-number 1
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXXXXXXXXX
ppp chap password 7 XXXXXXXXXXXXXXXX
ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXX
no cdp enable
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.25 80 interface Dialer0 80
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you
want to use.
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Any help would be appreciated

Hello,
i have the same problem with router CISCO861W-GN-E-K9. Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
Can someone help?
Thank you.
Here is my config for internal AP and router.

Sleep blocked by "active remote client"

Using powercfg -requests I get:
[DRIVER] Filesystem\srvnet
An active remote client has recently sent requests to this machine
This blocks sleep mode (a "feature" of sleep mode).
I have tried disabling wake for sleep on adaptors. Disabling home group. disabling media center, unistalling windows media, disable auto update, no media sharing....
Because there is a long timeout of maybe 15 minutes or longer on this it so it is hard to diagnose if it is coming from the local machine or the other Win 7 on the network. The problem seemed to start when I upgrade the second machine from Vista though not 100% sure.
Seems like each machine keeps the other awake? I have also suspected the Dlink router and turned all of its "added value" features off. Where is this "remote client" and how to diagnose?
Is there a setting to at least turn the time out to a minute or less?
One machine runnning Win 7 7600 64 before and after this problem started. The other was Vista and now Win 7 7600 32 since the problem began in BOTH machines.

Try creating and then leaving a Homegroup between the machine having the sleep problem and the other(s) keeping it awake.
I developed the same insomnia problem described here on one of my networked group of Windows 7 machines after enabling media streaming but declining to create a Homegroup (when the option to create one was presented during the media streaming setup process).
I struggled with various solutions, all to no avail, except disconnecting the problematic machine from the others on the network (not a solution). Ultimately I determined that certain other machines on the network would keep the problematic machine awake.
I was able to identify the affected machines by disconnecting various combinations of machines from the network until the problematic machine slept normally.
Ultimately, the problem disappeared after I created a Homegroup, joined all the affected machines, and then left the Homegroup from all machines. After a forced sleep using the shutdown menu on all the affected machines, and subsequent manual wake,
they now all sleep and wake normally, as expected, according to the power plan settings.
I suspect that by declining to create the Homegroup when prompted, it leaves some inchoate remnant of Homegroup creation lingering around on one or more machines, which in turn results in repeated requests being sent from one machine to the other, keeping
the other awake.

VNC access to remote clients assigned address from vpnclient ip pool

Hi,
I was wondering if anyone knows if it is possible to vnc to remote vpn clients that are assigned an address from a client IP pool defined on the pix.
The remote clients are using cisco vpn client, the access-list is a dynamic acl downloaded from a tacacs server.
thanks.

It is not possible to vnc to remote vpn clients that are assigned an address from a client IP pool defined on the pix

Router WRV54G Quick vpn client 1.10 ruuing on XP (remotel...

router WRV54G
Quick vpn client 1.10 ruuing on XP (remotely)
well, the client can connect to VPN router and i can verify the status online on tab vpn BUT
after 2-3 min. client receive the error message
"the gateway not responding"
AND
if client tries to ping from command prompt to the local ip addresses he find "negociating IP security"
status of router is :
- all security including firewall is disabled
- i have public IP address on Router having 255.255.255.0 subnet
- my local subnet is 10.10.1.x
please tell me what should be done
Thanks
Message Edited by SHAQ on 12-18-2007 09:26 AM

try upgrading / reflashing the firmware of the wrv54g to the latest available from www.linksys.com/download
try changing the MTU size on the client router to 1452
check whether it makes any difference

Cisco 1812 router as ezvpn remote client

Similar Messages

Maybe you are looking for