Cisco 6004 VPC issue

Hi Friends,
We are experiencing issue in Cisco 6004 while creating VPC. We are unable to configure VPC because upon enabling the feature it is showing error.
Request if anybody can help us here.
TEST(config)# feature vpc
Error: while enabling/disabling service: vpc, err: (null) (0x4288005c)
TEST# sh license usage
Feature                      Ins Lic   Status Expiry Date Comments
                                 Count
FCOE_NPV_PKG                  No    -   Unused             -
FM_SERVER_PKG                 No    -   Unused             -
ENTERPRISE_PKG                No    -   Unused             -
FC_FEATURES_PKG               No    -   Unused             Grace 117D 4H
VMFEX_FEATURE_PKG             No    -   Unused             Grace 117D 5H
ENHANCED_LAYER2_PKG           No    -   Unused             -
LAN_BASE_SERVICES_PKG         Yes   -   In use Never       -
LAN_ENTERPRISE_SERVICES_PKG   No    -   Unused             -
TEST# show feature | i vpc
vpc                   1         disabled
TEST# show feature
Feature Name          Instance State
Flexlink              1         enabled
amt                   1         disabled
bfd                   1         disabled
bfd_app               1         disabled
bgp                   1         disabled
cts                   1         disabled
dhcp                  1         disabled
dot1x                 1         disabled
eigrp                 1         disabled
eigrp                 2         disabled
eigrp                 3         disabled
eigrp                 4         disabled
eth_port_sec          1         disabled
extended_credit       1         disabled
fabric-binding        1         disabled
fc-port-security      1         disabled
fcoe                  1         disabled
fcoe-npv              1         disabled
fcsp                  1         disabled
fex                   1         enabled
fport-channel-trunk   1         disabled
glbp                  1         disabled
hsrp_engine           1         disabled
http-server           1         disabled
interface-vlan        1         enabled
isis                  1         disabled
isis                  2         disabled
isis                  3         disabled
isis                  4         disabled
lacp                  1         enabled
ldap                  1         disabled
lldp                  1         enabled
msdp                  1         disabled
npiv                  1         disabled
npv                   1         disabled
oim                   1         disabled
ospf                  1         disabled
ospf                  2         disabled
ospf                  3         disabled
ospf                  4         disabled
ospfv3                1         disabled
ospfv3                2         disabled
ospfv3                3         disabled
ospfv3                4         disabled
pbr                   1         disabled
pim                   1         disabled
poe                   1         disabled
port_track            1         disabled
private-vlan          1         disabled
privilege             1         disabled
ptp                   1         disabled
rip                   1         disabled
rip                   2         disabled
rip                   3         disabled
rip                   4         disabled
scpServer             1         disabled
sftpServer            1         disabled
sshServer             1         enabled
tacacs                1         disabled
telnetServer          1         enabled
udld                  1         enabled
vmfex                 1         disabled
vpc                   1         disabled
vrrp                  1         disabled
vtp                   1         disabled
TEST#

I know this is a few months old so hopefully you already resolved the issue, but for anyone else searching:
Just got off a call with TAC trying to resolve this issue on my 5548UP.
Turns out that you cannot configure VPC if the flexlink feature is enabled. Disabled that feature, and everything worked for me.

Similar Messages

Cisco asa 5505 issues ( ROUTING AND PAT)

I have some issues with my cisco asa 5505 config. Please see details below:
NETWORK SETUP:
gateway( 192.168.223.191)   - cisco asa 5505 ( outside - 192.168.223.200 , inside - 192.168.2.253, DMZ - 172.16.3.253 ) -
ISSUES:
1)
no route from DMZ to outside
example:
ping from 172.16.3201 to the gateway
6          Jan 27 2014          11:15:33                    172.16.3.201          39728                              Failed to locate egress interface for ICMP from outside:172.16.3.201/39728 to 172.16.3.253/0
2)
not working access from external to DMZ AT ALL
ASA DETAILS:
cisco asa5505
Device license          Base
Maximum Physical Interfaces          8          perpetual
VLANs          3      DMZ Restricted
Inside Hosts          Unlimited          perpetual
configuration:
firewall200(config)# show run
: Saved
ASA Version 9.1(3)
hostname firewall200
domain-name test1.com
enable password xxxxxxxxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd XXXXXXXXXXX encrypted
names
interface Ethernet0/0
switchport access vlan 100
interface Ethernet0/1
switchport access vlan 200
interface Ethernet0/2
switchport access vlan 200
interface Ethernet0/3
switchport access vlan 200
interface Ethernet0/4
switchport access vlan 300
interface Ethernet0/5
switchport access vlan 300
interface Ethernet0/6
switchport access vlan 300
interface Ethernet0/7
switchport access vlan 300
interface Vlan100
nameif outside
security-level 0
ip address 192.168.223.200 255.255.255.0
interface Vlan200
mac-address 001b.539c.597e
nameif inside
security-level 100
ip address 172.16.2.253 255.255.255.0
interface Vlan300
no forward interface Vlan200
nameif DMZ
security-level 50
ip address 172.16.3.253 255.255.255.0
boot system disk0:/asa913-k8.bin
boot config disk0:/startup-config.cfg
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns server-group DefaultDNS
domain-name test1.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network office1-int
host 172.16.2.1
object network firewall-dmz-gateway
host 172.16.3.253
object network firewall-internal-gateway
host 172.16.2.253
object network com1
host 192.168.223.227
object network web2-ext
host 192.168.223.201
object network web2-int
host 172.16.3.201
object network gateway
host 192.168.223.191
object network office1-int
host 172.16.2.1
object-group network DMZ_SUBNET
network-object 172.16.3.0 255.255.255.0
object-group service www tcp
port-object eq www
port-object eq https
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any object web2-ext eq www
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-714.bin
no asdm history enable
arp DMZ 172.16.4.199 001b.539c.597e alias
arp DMZ 172.16.3.199 001b.539c.597e alias
arp timeout 14400
no arp permit-nonconnected
object network web2-int
nat (DMZ,outside) static web2-ext service tcp www www
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
route inside 172.168.2.0 255.255.255.0 192.168.223.191 1
route inside 172.168.3.0 255.255.255.0 192.168.223.191 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.223.227 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.223.227 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 inside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 172.16.2.10-172.16.2.10 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 176.58.109.199 source outside prefer
ntp server 81.150.197.169 source outside
ntp server 82.113.154.206
username xxxx password xxxxxxxxx encrypted
class-map DMZ-class
match any
policy-map global_policy
policy-map DMZ-policy
class DMZ-class
inspect icmp
service-policy DMZ-policy interface DMZ
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:9c73fa27927822d24c75c49f09c67c24
: end

Thank you one more time for everthing. It is workingin indeed
Reason why maybe sometimes I had some 'weird' results was because I had all devices connected to the same switch.Separtated all networks to a different switches helped.Anyway if you could take a look one last time to my configuration and let me know if it's good enough to deploy it on live ( only www for all , ssh restricted from outside, lan to dmz) .Thanks one more time.
show run
: Saved
ASA Version 9.1(3)
hostname firewall200
domain-name test1.com
enable password xxxxxxxxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd xxxxxxxxxxxx encrypted
names
interface Ethernet0/0
switchport access vlan 100
interface Ethernet0/1
switchport access vlan 200
interface Ethernet0/2
switchport access vlan 200
interface Ethernet0/3
switchport access vlan 200
interface Ethernet0/4
switchport access vlan 300
interface Ethernet0/5
switchport access vlan 300
interface Ethernet0/6
switchport access vlan 300
interface Ethernet0/7
switchport access vlan 300
interface Vlan100
nameif outside
security-level 0
ip address 192.168.223.200 255.255.255.0
interface Vlan200
mac-address 001b.539c.597e
nameif inside
security-level 100
ip address 172.16.2.253 255.255.255.0
interface Vlan300
no forward interface Vlan200
nameif DMZ
security-level 50
ip address 172.16.3.253 255.255.255.0
boot system disk0:/asa913-k8.bin
boot config disk0:/startup-config.cfg
ftp mode passive
clock timezone GMT/BST 0
clock summer-time GMT/BDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup inside
dns domain-lookup DMZ
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 8.8.4.4
domain-name test1.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network firewall-dmz-gateway
host 172.16.3.253
object network firewall-internal-gateway
host 172.16.2.253
object network com1
host 192.168.223.227
object network web2-ext
host 192.168.223.201
object network web2-int
host 172.16.3.201
object network gateway
host 192.168.223.191
object network office1-int
host 172.16.2.1
object-group network DMZ_SUBNET
network-object 172.16.3.0 255.255.255.0
object-group service www tcp
port-object eq www
port-object eq https
access-list DMZ_access_in extended permit icmp any any
access-list DMZ_access_in extended permit ip any any
access-list DMZ_access_in extended permit tcp 172.16.3.0 255.255.255.0 interface outside eq ssh
access-list outside_access_in extended permit tcp any object web2-int eq www
access-list outside_access_in extended permit tcp any object web2-int eq ssh
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu DMZ 1500
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any DMZ
asdm image disk0:/asdm-714.bin
no asdm history enable
arp DMZ 172.16.4.199 001b.539c.597e alias
arp DMZ 172.16.3.199 001b.539c.597e alias
arp timeout 14400
no arp permit-nonconnected
object network web2-int
nat (DMZ,outside) static web2-ext net-to-net
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
route outside 0.0.0.0 0.0.0.0 192.168.223.191 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.223.227 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 outside
http 172.163.2.5 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.223.227 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 outside
ssh 172.16.3.253 255.255.255.255 outside
ssh 172.163.2.5 255.255.255.255 inside
ssh timeout 60
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 176.58.109.199 source outside prefer
ntp server 81.150.197.169 source outside
ntp server 82.113.154.206
username xxxxx password xxxxxxxxx encrypted
class-map DMZ-class
match any
policy-map global_policy
policy-map DMZ-policy
class DMZ-class
inspect icmp
service-policy DMZ-policy interface DMZ
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f264c94bb8c0dd206385a6b72afe9e5b
: end

Cisco vpn client issue on windows 8.1 pro

I am using Cisco RV325-k9 router, I am configure "Easy vpn" in this router.
Our some users use Windows 7 pro and others users use Windows 8.1 pro with Cisco vpn client version 5.0.070290.
Issue is VPN client connected but not access remote machine and ping on windows 8.1 pro machines. but Working fine on windows 7 pro.
But When i am using wifi through MTS wifi usb device then working fine.
Please find the attached screenshot of VPN Client Statistics.
Please give me a solution.
Regards
Sanjib

Hi Sanjib,
Cisco VPN clinet is not supported for the windows version 8.1. And also it is EOL announced. Might be the below mentioned work around might help you. Try this.
http://www.vmwareandme.com/2013/12/solved-windows-8-and-windows-81-cisco.html#.U9tCdxCrOxo
Regards
Karthik

Cisco Ironport Certificate ISsue

Hai All,
We have cisco ironport WSA 370 version 7.5 .
We need to decrypt some https traffic . But the issue is our corporate AD support only 2048 bit cert. But our WSA box only support 1024.
Heared that asycos 7.7 (new release) support 2048 bit cert. When i check the 7.7 guide, its not mentioned. Can you please suggest???

Hi Mohamed,
There is a feature request so the WSA can generate 2048 bit certificate; but you can upload a an Intermediate root signing certificate to the appliance.
Look for "Uploading a Root Certificate and Key"
https://www.cisco.com/en/US/docs/security/wsa/wsa7.7/User_Guide/WSA_7.7.0_UserGuide.pdf
HTH,
Luis Silva
"If you need PDI (Planning, Design, Implement) assistance feel free to reach"
http://www.cisco.com/web/partners/tools/pdihd.html

Cisco Professional Configuration Issue with SG 500 52P

I have a new SG500-52P switch installed for a small business and am upgrading to a Cisco 2910 router this weekend. I am trying to view the new switch on CCPE but it keeps saying that the device is undiscoverable. I have HTTP and HTTPS enabled on the switch. Is this switch able to be used with CCPE? It is not a requirement because the web interface does work when I manually log on to the switch, but I was wanting to use CCPE for the router and switch if possible.

hi have you made sure that you have trunked for all vlans on your trunk links as i had a similar issue because i only trunked for one vlan on the link thinking that it would trunk for all by putting the link into trunk mode?

Cisco ISE CWA issue

Good Day,
I have Cisco ISE 1.2 with Cisco 2960 NAD.
I configured the authorization for the employee successfully, but my issue is with the guest users the link is not redirected.
Please advise what I have put in the authentication policy default rule?? deny access ?
And on the switch I should put the guest connect to a specific ports or I have to configure specific VLAN in the authorization profile?
Appreciate your support,

In your authorization policy you are giving your Wired-Guest the same result as Wired-Webauth.
First time through you don't know he's a guest so he hits Wired-Webauth and gets redirected. Second time through, you have him in guest flow, so you know he's an authenticated guest, he hits Wired-Guest, but you send him the same permissions "Web_Auth". Create a profile that you want to give to your authenticated guests - Guest_Allowed for instance.

Need help on cisco CUCM license issue

Hi Team,
I am using 9.0 version CUCM . This machine i have cloned from some other CUCM .So after logging into to CUCM web admin i am getting an error like The system is operating with an insufficient number of licenses. Configure additional licenses in your Enterprise License Manager in order to restore the ability to provision users and devices. So i tried to login to ELM Manager for applying license .But ELM is giving an error like invalid username and password. I am using the same username and password which i used to login into cucm web admin .
So can some one please help on this issue.
Thanks,
Sasikumar.

Try this,
Unknown username and password for Enterprise License Manager login
Description
I do not know the username and password of the system when it was originally installed, so I cannot log into Enterprise License Manager.
Resolution
Log into the platform CLI with the OS administration credentials and use the license management list users command to view the username to use for signing into the Enterprise License Manager application. If you are not sure what the password is for this username, you can use the license management change user password command to change this password.
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/elmuserguide/9_0_1/CUCM_BK_E596FD72_00_enterprise-license-manager-user-90_chapter_0101.html#CUCM_RF_I970430F_00
HTH
Manish

Cisco Aironet 1140 Issues (Dropping clients, 5GHz issue, AP Switching)

Greetings,
We've been having issues for a while with these Aironet 1140's. We have two of them in the office and the issue is similar to the first issue displayed in this post:
https://supportforums.cisco.com/docs/DOC-26228
The only difference is that I can't do this since we don't use a controller.
We're using Mac clients on Lion/Mt. Lion. We have no issues connecting to the access points, but occassionally the user will drop off one of the AP's(Access Point 2). Recently I changed the setup from TKIP/WPA to AES-CCM/WPA to get the PHY address to 802.11N instead of 802.11G. I got the speeds working fine, but I suppose this caused an issue of people dropping off at different times. I noticed if I remove the SSID from the preferred list and reconnect it goes from WPA to WPA2. Not sure if this is relevant information, just trying to list what I can to resolve this issue. I haven't had any reported issues with the other Access Point(Access Point 1).
Another issue we have is getting the radio to work on 5GHz for Access Point 1. It seems when a user is connected to the 5GHz signal, it will not load any web pages. Can ping out just fine, and ping internally as well. I've checked to see if the client is getting an IP address, and it is. It also has DNS set to 8.8.8.8 and another DNS IP we use. The other Access Point seems to work just fine with 5GHz enabled. Both work with 2.4GHz with no issues at all.
Lastly, clients are not switching Access Points to the strongest signal. I've tried this test with 5+ machines running different OS's from Snow Leopard to Mt. Lion. The client will not switch over passively, the Laptop must be closed and reopened to re-establish the connection to grab the closest signal. This isn't a huge issue, but it's something I'd like to get fixed. This could have been an ongoing issue before I switched the AP's to AES-CCM, but I've only noticed it after the fact.
If there's any additional information needed that could help resolve these issues, let me know.
Thanks!

The wireless clients/devices decides which WAPs to join. It's not a "Cisco thing". It's the standard.
That's what I figured, it's just an issue we have been having lately and trying to rule out the possibility it might be an Access Point issue.
Did you enable WPA and WPA2??? Apple does not like to "choose". You have to either use WPA OR WPA2.
Actually, yes I should have included my steps of trying to resolve the issue. For some reason, the SSID would not appear in the listing of SSID's so I removed the preferred connection, which was WPA, and manually added it to be WPA2 Personal on the client. Still saw some issues with a few users, others seem to have rectified or they're not telling me.
I checked the event logs on the device and saw this:
Packet to client e0f8.4735.c16e reached max retries, removing the client
After some research, it was recommended to raise the packet retry value to 128. I haven't received any complaints from the 3 people that usually complain about dropped wifi yet, but it's still too soon to say.
The only thing I can think of is the signal strength. Disable the 2.4 Ghz and see what signal strength you are getting with the 5.0 Ghz.
It should not be signal strength since I am about 10 feet away on my test machine which has the issue as well as any other clients in any distance long enough to grab the connection. I will try turning off 2.4 when there's nobody in the office tomorrow in the morning to see if that actually works. I would like to have it dual band though since we're not all at 5GHz here. With this issue, I was actually fearing that there just may be an issue with the 5GHz radio hardware. We also have an extra 1140 laying around I used for testing; the 5GHz radio worked with identical settings to the one not working.
Thanks for the reply! I will take a look at what you suggested a little further and keep this updated if increasing the packet retry value actually rectified the problem just in case someone else has the same issue.

ISM-SRE-300-K9 & Cisco Configuration Professional Issue

hi there,
i have a cisco 2901 router running CME 8.6 the router has a ISM-SRE-300-K9 card init with Unity Express 8.0.5 installed.
i am having issues with Cisco configuration professional and configuring the module
under module configuration the status is "module is not reachable", if i click on details i get further information "unable to execute command from the module. module is either reloading or is in failed state. you must make the module up and refresh the module"
i have tried reloading, resetting and refreshing the module but the issue is still present
i have accessed the module from the CLI set it in offline mode and factory defaulted it and the same issue is still present
the only thing i can think is that this is a bug with CCP as the loopback interface which the module is using can be pinged fine from the router so the message makes no sense.
any ideas

Is you problem with CCP or the module itself ?
Because, CCP bugs and limitations aside, the module can be normally be installed, configured and managed using CLI or its web interface (after software is initially loaded).

Windows 8 Cisco VPN Client Issue

I connect to several of my customers with the Cisco VPN Client Version 5.0.07.0290 and all has been working fine. In the last week, virtually every Windows 8 machine has stopped working. The client connects fine, shows it's connected, but if I go to Status -> Statistics it just shows 0 in the Bytes Received and Sent. The Bypassed and Discarded increases, but I am unable to reach any system. Does anyone know what causes this or how to resolve it? This is a HUGE problem for me as all of the work we do for our customers is via their VPNs. Every non-Windows 8 PC still works fine. And these Windows 8 PCs have been working fine until just the last week. Browsing through, I've seen posts with this same issue, but none related to Windows 8 recently. They are all Windows 7, and my Windows 7 machines are working flawlessly.
Someone help!
Thanks,
Brian

Hi Brian,
IPSEC client on Windows 8 machine is not supported.
Cisco VPN Client 5.0.07 supports the following Microsoft OSs:
•Windows 7 on x64 (64-bit)
•Windows 7 on x86 (32-bit) only
•Windows Vista on both x86 (32-bit) and x64
•Windows XP on x86
VPN Client does not support the Tablet PC 2004/2005; and Windows 2000, NT, 98, and ME.
VPN Client supports smart card authentication on Windows 7, Vista, and XP. However, VPN Client does not support the ST Microelectronics smart card Model ST23YL80, and smart cards from the same family.
VPN Client supports up to one Ethernet adapter and one PPP adapter. It does not support the establishment of a VPN connection over a tethered link.
VPN Client 5.0.x is incompatible with the combination of Cisco Unified Video Advantage 2.1.2 and McAfee HIPS Patch 4 Build 688. To avoid system failures, uninstall either of these two applications, upgrade McAfee to the latest version, or use VPN Client 4.6.x.
To install the VPN Client, you need
•Pentium®-class processor or greater
•Microsoft TCP/IP installed. (Confirm via Start > Settings > Control Panel > Network > Protocols or Configuration.)
•50 MB hard disk space.
•128 MB RAM
(256 MB recommended)
•Administrator privileges
The VPN Client supports the following Cisco VPN devices:
•Cisco Series 5500 Adaptive Security Appliance, Version 7.0 or later.
•Cisco VPN 3000 Series Concentrator, Version 3.0 or later.
•Cisco PIX Firewall, Version 6.2.2(122) or Version 6.3(1).
•Cisco IOS Routers, Version 12.2(8)T or later.
you can get more information from following link:-
http://www.cisco.com/en/US/docs/security/vpn_client/cisco_vpn_client/vpn_client5007/release/notes/vpnclient5007.html#wp63537
Regards,
Naresh

Cisco RV220W + ProtectLink Issues with Netflix Instant on Samsung Device

I am trying ProtectLink product on my RV220W router. I am having issues with Netflix Instant on a Samsung DVD player and internet features on a Samsung TV (Youtube, Pandora, Flickr, etc.). I am quite certain the issues started after I installed ProtectLink on my router.
I have added the IP address of both devices to "Approved Client" list.
Overflow Control is set to "Temporarily block URL requests", and Web Reputation is enabled set to "medium" (Blocks most Web threats).
URL filtering is also enabled for some categories.
Please let me know if I have misconfigured ProtectLink.
Thanks.

We have ProtectLink Web configured the exact same as you.
Under URL Filtering we have everything checked under 'Harmful' except for 'Web Advertisements'. Enabling the filtering of 'Web Advertisements' caused us some issues with some sites. That was unfortunate because we really liked the able to filter that content.
We have no other filtering enabled.
We haven't run into any issues at all once we unchecked 'Web Advertisements'. As a matter of fact, we have found that ProtectLink Web does such a good job that none of our IPS signatures are triggered. ProtectLink filters out the garbage before it gets to that layer.
If you can't tell, we are EXTREMELY pleased with Trend Micro's ProtectLink Web funtionality. We do not use the Gateway or End Point functionality. And we don't plan to any time soon.
We have a SA540 whereas you have an RV220W. From your post above, it seems that the functionality is implemented the same in both devices.
We purchased the 3-year license for ProtectLink Web from www dot provantage dot com. We buy most of our Cisco stuff from them because their prices are great and we have had nothing but good experiences from them (although I think we bought our 3 year support contract for our SA540 from CDW).
I am not sure why you are running into issues with your devices. We have 40+ devices that connect to our network on any given day. The devices include things such as Mac and Windows laptops, Windows workstations running XP and 7 (Ultimate 32-bit and 64-bit), tablets (Xooms, iPads, etc.), smart phones (iPhones, etc.), Samsung TVs, Denon AVRs, D-Link security cameras, even some game consoles (Wii, PS3, Xbox 360). I could go on and on. Our SA540 never skips a beat. It's solid as a rock.

Cisco ATA 186 Issue

Hi there,
I configured both ports of a Cisco ATA 186 connected to CM 4.1. On both ports I've configured Analogue telephones. The telephone working on the 1st port works fine, but the phone connected to 2nd port will ring once and the connection is broken. If I change the ports then, the phone on the first port will work fine but the phone connected to the 2nd port got the same issue.
I hope someone can help me sort out this issue.
Thanks.

Hi Sana,
Just a thought here, but the second port of an ATA only supports g.711;
Have a look at these two good posts that relate to this type of issue;
From Paul @ Cisco;
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=General&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddc9467/3#selected_message
From Jan;
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddf3e5c/4#selected_message
Hope this helps!
Rob

Cisco Router View issue

Dear All,
I have configured ZFS 6.5 on Netware
I have a Cisco 2500 Router, configured SNMP like -
snmp-server community public RW
snmp-server enable traps snmp
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer-2
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps bgp
snmp-server enable traps rsvp
snmp-server enable traps frame-relay
snmp-server enable traps rtr
snmp-server host 192.168.10.2 public
My ZFS server's ip is 192.168.10.2, i have given Router's Lan ip to
NetExplorer's Router Seed also now my Router is been discovered via ZFS and
it is shown in Atlas View also, I have tried to double click on it, then it
shows Services within Services i can see Switch/Bridge, but by Double
Clicking it a "Unified Port Traffic View" Dialog Box Appears which says,
"Discovery could not retrieve the complete property of this node".
Now what to do by which it should start giving information..
Regards
Vikas

Vjohari,
It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at
http://support.novell.com.
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://support.novell.com/forums)
Be sure to read the forum FAQ about what to expect in the way of responses:
http://support.novell.com/forums/faq_general.html
If this is a reply to a duplicate posting, please ignore and accept our apologies
and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Cisco PIX SIP Issue

Hello All,
I am having an issue with running SIP through my Cisco Pix. A VOIP solution has just been installed, and softphones from the outside are trying to call in using SIP and are failing. The configuration is below. and the code is 6.3 (5). You'll see below that I have the no fixup protocol for sip, as the fixup wasn't working either. Is there something that needs to be configured that I'm missing or could this be a bug in the code? Any other show commands or debug commands I can provide if needed. The call manager server in the below config is 1.2.3.4. Thanks in advance for all your help, you guys are always so helpful.
XXXt# show ver
Cisco PIX Firewall Version 6.3(5)
Cisco PIX Device Manager Version 3.0(4)
Compiled on Thu 04-Aug-05 21:40 by morlee
XXX up 1 hour 45 mins
Hardware:   PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz
Flash E28F640J3 @ 0x300, 8MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
0: ethernet0: address is 001c.582b.3c65, irq 10
1: ethernet1: address is 001c.582b.3c66, irq 11
Licensed Features:
Failover:                    Disabled
VPN-DES:                     Enabled
VPN-3DES-AES:                Enabled
Maximum Physical Interfaces: 2
Maximum Interfaces:          4
Cut-through Proxy:           Enabled
Guards:                      Enabled
URL-filtering:               Enabled
Inside Hosts:                Unlimited
Throughput:                  Unlimited
IKE peers:                   Unlimited
This PIX has a Restricted (R) license.
XXXt# show run
: Saved
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password vQ0/erypfvYyzFoc encrypted
passwd vQ0/erypfvYyzFoc encrypted
hostname DTPIX35thst
domain-name digitaltransitions.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
no fixup protocol sip 5060
no fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list out_in permit udp any host 1.2.3.4 eq 5060
access-list out_in permit tcp any host 1.2.3.43 eq 5060
pager lines 24
logging on
logging buffered informational
logging trap informational
logging queue 2048
mtu outside 1500
mtu inside 1500
ip address outside 4.34.119.130 255.255.255.248
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpn_pool 192.168.100.50-192.168.100.75
pdm location 192.168.1.250 255.255.255.255 inside
pdm location 192.168.1.252 255.255.255.255 inside
pdm location 65.215.8.100 255.255.255.255 inside
pdm location 192.168.100.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 1.2.3.4 172.20.1.2 netmask 255.255.255.255 0 0
access-group out_in in interface outside
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:00:00 sip_media 0:00:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
aaa authentication ssh console LOCAL
http server enable
http 199.96.104.108 255.255.255.255 outside
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable

Hi Jumora,
No need to troubleshoot this direct issue anymore. The client will be upgrading to an ASA 5505. Is there anything you may know of before I configure the ASA that I need to do to allow SIP through with no issues? Thanks again Jumora

Cisco IME Reporting Issue

Hi,
Cisco IME 7.2.7 is able to get events from IPS sensor but during report generation we get "No records found"
Reports are getting generated for last 400 hrs for BASIC TOP SIGNATURES.
We have events for last 100 hrs with HIGH severity level but for those NO report of TOP Signatures with high severity were generated for last 100 hr.
Please if there is something we are missing in configuring IME or there is some other issue with report generation do let us know ASAP.
Thanks in advance.
Regards,
Gurjit Singh
Network Engineer
Spooster IT Services

Hi all,
P.S:Please find attached captures for Events in last 100 hrs with high severity, reports for 100 hrs, Report for 400 hrs.
The events are generated with high severity but there are no corresponding reports.
What all reasons can be there?
Regards,
Gurjit Singh
Network Engineer
Spooster IT Services

Cisco 6004 VPC issue

Similar Messages

Maybe you are looking for