Cisco 880G+7 3G connection issue

Similar Messages

• Cisco ASA 5505 VPN connection issue ("Unable to add route")

  I'm trying to get IPSec VPN working onto a new Cisco ASA5505. Pretty standard configuration.
  Setup:
  * Cisco VPN client on Windows 7 (v5.0.07.0290 x64 on Laptop1 and v5.0.07.0440 x64 on Laptop2)
  * PPPoE/NAT and internal DHCP on the ASA were configured with the Startup Wizard in ASDM
  NATting is working fine - internal PCs get an IP address in the 192.168.2.0/24 range and can all access the Internet.
  I wanted to be able to connect from anywhere to the ASA in order to reach one of the internal servers. Should be pretty basic.
  First I tried with the built-in ASDM IPSec Wizard, instructions found here.
  VPN clients can connect to the ASA, are connected (until they're manually disconnected), but cannot reach the internal network nor the Internet. Note VPN client can connect fine to a different VPN site (not administered by myself).
  Client logs show following error messages:
  1 15:53:09.363 02/11/12 Sev=Warning/3     IKE/0xA300005F
  Firewall, Cisco Intrusion Prevention Security Agent, is not running, the client will not send firewall information to concentrator.
  2 15:53:13.593 02/11/12 Sev=Warning/2     CVPND/0xE3400013
  AddRoute failed to add a route with metric of 0: code 160
  Destination     192.168.1.255
  Netmask     255.255.255.255
  Gateway     172.16.1.1
  Interface     172.16.1.101
  3 15:53:13.593 02/11/12 Sev=Warning/2     CM/0xA3100024
  Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100165, Gateway: ac100101.
  4 15:54:30.425 02/11/12 Sev=Warning/2     CVPND/0xA3400015
  Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=172.16.1.101, error 0
  5 15:54:31.433 02/11/12 Sev=Warning/2     CVPND/0xA3400015
  Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=172.16.1.101, error 0
  6 15:54:32.445 02/11/12 Sev=Warning/2     CVPND/0xA3400015
  Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0
  7 20:50:45.355 02/11/12 Sev=Warning/3     IKE/0xA300005F
  Firewall, Cisco Intrusion Prevention Security Agent, is not running, the client will not send firewall information to concentrator.
  8 20:50:50.262 02/11/12 Sev=Warning/2     CVPND/0xE3400013
  AddRoute failed to add a route with metric of 0: code 160
  Destination     192.168.1.255
  Netmask     255.255.255.255
  Gateway     172.16.1.1
  Interface     172.16.1.100
  9 20:50:50.262 02/11/12 Sev=Warning/2     CM/0xA3100024
  Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100164, Gateway: ac100101.
  I've already tried the suggestions from this link, although the problem is different there (as the user can still access the internet, even without split tunneling, which I cannot).
  A show run shows the following output (note in the below I have tried a different VPN network: 192.168.3.0/24 instead of 172.16.1.0/24 seen in the Client log)
  Result of the command: "sh run"
  : Saved
  ASA Version 8.2(5)
  hostname AsaDWD
  enable password kLu0SYBETXUJHVHX encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.2.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  pppoe client vpdn group DW-VPDN
  ip address pppoe setroute
  ftp mode passive
  access-list inside_nat0_outbound extended permit ip any 192.168.3.0 255.255.255.240
  pager lines 24
  logging enable
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  ip local pool DWD-VPN-Pool 192.168.3.5-192.168.3.15 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  vpdn group DW-VPDN request dialout pppoe
  vpdn group DW-VPDN localname fa******@SKYNET
  vpdn group DW-VPDN ppp authentication pap
  vpdn username fa******@SKYNET password *****
  dhcpd auto_config outside
  dhcpd address 192.168.2.5-192.168.2.36 inside
  dhcpd domain DOMAIN interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy DWD internal
  group-policy DWD attributes
  vpn-tunnel-protocol IPSec
  username test password ******* encrypted privilege 0
  username test attributes
  vpn-group-policy DWD
  tunnel-group DWD type remote-access
  tunnel-group DWD general-attributes
  address-pool DWD-VPN-Pool
  default-group-policy DWD
  tunnel-group DWD ipsec-attributes
  pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
  message-length maximum client auto
  message-length maximum 512
  policy-map global_policy
  class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:3e6c9478a1ee04ab2e1e1cabbeddc7f4
  : end
  I've installed everything using the CLI as well (after a factory reset). This however yielded exactl the same issue.
  Following commands have been entered:
  ip local pool vpnpool 172.16.1.100-172.16.1.199 mask 255.255.255.0
  username *** password ****
  isakmp policy 1 authentication pre-share
  isakmp policy 1 encryption 3des
  isakmp policy 1 hash sha
  isakmp policy 1 group 2
  isakmp policy 1 lifetime 43200
  isakmp enable outside
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-SHA
  crypto dynamic-map outside_dyn_map 10 set reverse-route
  crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 288000
  crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map
  crypto map outside_map interface outside
  crypto isakmp nat-traversal
  sysopt connection permit-ipsec
  sysopt connection permit-vpn
  group-policy dwdvpn internal
  group-policy dwdvpn attributes
  vpn-tunnel-protocol IPSec
  default-domain value DWD
  tunnel-group dwdvpn type ipsec-ra
  tunnel-group dwdvpn ipsec-attributes
  pre-shared-key ****
  tunnel-group dwdvpn general-attributes
  authentication-server-group LOCAL
  default-group-policy dwdvpn
  Unfortunately I'm getting the same "AddRoute failed to add a route with metric of 0: code 160" error message.
  I'm very confused as this should be a pretty standard setup. I tried to follow the instructions on the Cisco site to the letter...
  The only "differences" in my setup are an internal network of 192.168.2.0 (with ASA IP address 192.168.2.254) and PPPoE with DHCP instead of no PPPoE at all.
  Does anyone know what's going on?

  Yes, I have tried from a different laptop - same results. Using that laptop I can connect to a different IPSec site without issues.
  Please find my renewed config below:
  DWD-ASA(config)# sh run: Saved:ASA Version 8.2(5) !hostname DWD-ASAenable password ******* encryptedpasswd ****** encryptednames!interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 nameif inside security-level 100 ip address 192.168.2.254 255.255.255.0 !interface Vlan2 nameif outside security-level 0 pppoe client vpdn group DWD ip address pppoe setroute !ftp mode passiveaccess-list inside_nat0_outbound extended permit ip any 192.168.50.0 255.255.255.224 pager lines 24logging asdm informationalmtu inside 1500mtu outside 1500ip local pool vpnpool 192.168.50.10-192.168.50.20 mask 255.255.255.0icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 0 access-list inside_nat0_outboundnat (inside) 1 0.0.0.0 0.0.0.0timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyhttp server enablehttp 192.168.2.0 255.255.255.0 insidehttp 0.0.0.0 0.0.0.0 outsideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAPcrypto map outside_map interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400telnet timeout 5ssh 0.0.0.0 0.0.0.0 outsidessh timeout 5console timeout 0vpdn group DWD request dialout pppoevpdn group DWD localname *****@SKYNETvpdn group DWD ppp authentication papvpdn username *****@SKYNET password ***** dhcpd auto_config outside!dhcpd address 192.168.2.10-192.168.2.40 insidedhcpd enable inside!threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptwebvpn enable outside svc enablegroup-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpngroup-policy dwdipsec internalgroup-policy dwdipsec attributes vpn-tunnel-protocol IPSec default-domain value DWDDOMusername user1 password ***** encrypted privilege 0username user1 attributes vpn-group-policy dwdipsectunnel-group dwdipsec type remote-accesstunnel-group dwdipsec general-attributes address-pool vpnpool default-group-policy dwdipsectunnel-group dwdipsec ipsec-attributes pre-shared-key *****tunnel-group dwdssl type remote-accesstunnel-group dwdssl general-attributes address-pool vpnpool!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters  message-length maximum client auto  message-length maximum 512policy-map global_policy class inspection_default  inspect dns preset_dns_map   inspect ftp   inspect h323 h225   inspect h323 ras   inspect rsh   inspect rtsp   inspect esmtp   inspect sqlnet   inspect skinny    inspect sunrpc   inspect xdmcp   inspect sip    inspect netbios   inspect tftp   inspect ip-options !service-policy global_policy globalprompt hostname context no call-home reporting anonymousCryptochecksum:f5c8dd644aa2a27374a923671da1c834: endDWD-ASA(config)#

• Cisco UC540W DHCP Internet connection Issue.

  Hi guys, i would like some help trying to figure this out:
  We have an UC540 system in our office, we also have a broadband internet connection through a local ISP, the UC540 internet connection setup is DHCP, but when i connect the ONT cable into the WAN port, it doesnt get any ip address, i tried with other device (D-LINK router) and it works perfectly.
  I need your advice to let me know what i am missing. Here is the sh run configutarion, and no CLI changes have been made by the way.
  Thanks in advance for the assistance.                  

  ISP may have a temporary MAC lock to other router address. So you may need to stay with ISP device turned off some hours or a night before reconnecting Cisco.

• Connectivity issues between Cisco 2901 and Cisco SG300-52

  Hello,
  I am having some serious connectivity issues between the hosts in my LAN.
  My LAN is based on a Cisco 2901 router and a Cisco SG300-52 port switch.
  The issue that has been happening is that connections between hosts on the LAN (remote desktop, extended ping, etc) is very unstable, at some point I can see a 35% lost packets on an extended ping. This happens at any time of the day and from any host.
  All hosts are on the same Vlan(default Vlan) and on the same subnet. Some hosts have fixed IP addresses (servers and network equipment) and others obtain their IP address trough a DHCP reservation  established on the router (reserved with the MAC address of every host).
  I can provide further details if needed, because this issue is very serious and I would really appreciate any insight or support.
  Many thanks in advanced.
  Sair Amer
  EDIT:  After doing every test we could think of, we finally found the reason behind this problem.
  It turns out that the switch has problems handling communications between clients at different speeds, because most of the hosts connected were working at 100 Mbps but the servers were working at 1000 Mbps (and the communication between host and servers wasn't stable).
  After manually setting the speed on all ports to 100 Mbps the problems have stopped.
  Many thanks for you help on this issue. 

  Building configuration...
  Current configuration : 4123 bytes
  ! Last configuration change at 12:06:16 PCTime Sat Jul 19 2014 by ccp
  version 15.2
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Foninsa
  boot-start-marker
  boot-end-marker
  no logging buffered
  enable secret 5 $1$BDbJ$HN3VP8nmywrGB55RCxPd30
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local 
  aaa session-id common
  clock timezone PCTime -4 0
  clock summer-time PCTime date Apr 6 2003 2:00 Oct 12 2003 12:00
  no ip cef
  ip dhcp excluded-address 192.168.1.1 192.168.1.10
  ip dhcp excluded-address 192.168.1.151 192.168.1.255
  ip dhcp pool FONINSA
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 8.8.8.8 8.8.4.4 
  ip dhcp pool Laptop-Sporta-Wifi
   host 192.168.1.10 255.255.255.0
  ip name-server 8.8.8.8
  ip name-server 8.8.4.4
  no ipv6 cef
  multilink bundle-name authenticated
  crypto pki trustpoint TP-self-signed-213585710
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-213585710
   revocation-check none
   rsakeypair TP-self-signed-213585710
  crypto pki certificate chain TP-self-signed-213585710
   certificate self-signed 01
    30820229 30820192
    quit
  license udi pid CISCO2901/K9 sn
  license boot module c2900 technology-package securityk9
  username ccp privilege 15 password
  redundancy
  interface Embedded-Service-Engine0/0
   no ip address
   shutdown
  interface GigabitEthernet0/0
   ip address 190.196.21.98 255.255.255.248
   ip nat outside
   ip virtual-reassembly in
   duplex auto
   speed auto
  interface GigabitEthernet0/1
   ip address 192.168.1.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly in
   duplex auto
   speed auto
  no ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  ip nat inside source list 1 interface GigabitEthernet0/0 overload
  ip nat inside source static tcp 192.168.1.3 21 190.196.21.98 21 extendable
  ip nat inside source static tcp 192.168.1.3 80 190.196.21.98 80 extendable
  ip nat inside source static udp 192.168.1.8 1194 190.196.21.98 1194 extendable
  ip nat inside source static tcp 192.168.1.4 3389 190.196.21.98 3389 extendable
  ip nat inside source static tcp 192.168.1.9 3389 190.196.21.98 10000 extendable
  ip nat inside source static tcp 192.168.1.3 3389 190.196.21.98 20000 extendable
  ip route 0.0.0.0 0.0.0.0 190.196.21.97
  access-list 1 permit 192.168.1.0 0.0.0.255
  control-plane
  line con 0
   password $
  line aux 0
  line 2
   no activation-character
   no exec
   transport preferred none
   transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
   stopbits 1
  line vty 0 5
   access-class 23 in
   privilege level 15
   password #
   transport input telnet ssh
  no scheduler allocate
  end

• Connectivity Issues Cisco ASA 5515 in Transparent Mode

  Hi,
  we´re having problems with one transparent mode setup at one customer site. The ASA is equiped with a CX Module, but we´re not using it, so far in the service policy rules it was enabled and matched all traffic, but in "monitor only" mode. There is a global acl that allows any-any-IP.
  Firewall-Info:
  - ASA Version 9.1(2) 
  - Interfaces gi0/0 + gi0/2 without any interface errors
  The ASA 5515x is configured as a "bump in the wire". In general our setup is working but with beginning of the installation of the firewall the customer faces following connection issues, without the firewall no problems:
  - Connections to SAP-Servers behind the MPLS begin to drop, affected all users
  - Incoming monitoring sessions (ping/snmp) from central management are facing ping timeouts, connection timeouts
  - http downloads are stopping, Customer: it will stop responding and the download will fail.
  In general the customer describes it this way: "We do not have the best connection here so once we connected the firewall all the problems are magnified"
  I recognized, that we unconfigured the default inspection during initial setup and reconfigured this entry for the cx module. So the the default inspection with all the settings are not present any more... How important are these settings? One phenomen is, that I´ve seen a large numbers of concurrent connections that increased over time. And we already had that situation, that the firewall reached the max-conn count.
  Should I try to reconfigure the default inspection, as it ships from factory? And whats the best way to check for problems? What can be the reason for the dropping connections?
  I attached a network plan and the firewall config, hopefully, that somebody has an idea. Of course I can provide additional information...
  Best Regards
  Sebastian

  Hi Vibhor,
  thanks for your reply. Does this also affect the traffic, even the setting is set to "Monitor Only" ?
  Is it recommend to configure the default-inspection rule as a default setting? 
  Further Question: I´ve read sth. about, that service policy rules must be "reloaded" to take effect, after they have been changed. Is that right and how do I reload them?
  Here is an output from sh asp drop, do I have to care about certain values? This values result from two connected users doing some downloads over a 2Mbit connection.
  ciscoasa# show asp drop
  Frame drop:
    Invalid encapsulation (invalid-encap)                                       10
    First TCP packet not SYN (tcp-not-syn)                                     114
    TCP failed 3 way handshake (tcp-3whs-failed)                                 3
    TCP RST/FIN out of order (tcp-rstfin-ooo)                                   18
    Dst MAC L2 Lookup Failed (dst-l2_lookup-fail)                               33
    L2 Src/Dst same LAN port (l2_same-lan-port)                                260
    FP L2 rule drop (l2_acl)                                                  2958
    Interface is down (interface-down)                                        9420
    No management IP address configured for TFW (tfw-no-mgmt-ip-config)        117
    Dropped pending packets in a closed socket (np-socket-closed)               66
  Thanks
  Sebastian

• Connectivity issues for random phones in CUCM 8.6 on Vmware

  I have a client that has problems with around half of there ip phones (6921 & 7945) after a situation with overheating in the serverroom. 
  The solutions was a 1 Publisher, 1 subscriber setup with each on a separate Vmware server. 
  The Publisher is connected to the Core Switch which is further connected to 4 distribution switches which again connect to 5 more distribution switches. They have around 200 ip phones connected to these switches that get assigned IP's with DHCP. 
  The physical disk that the Subscriber was on was destroyed the incident. The Publisher they recovered, but to do this they had to recreate the vm descriptor file and attach it to the flat-file. 
  So the current situation is that the system is running with only 1 Publisher and no Subscriber.
  There is also a license warning in the CCM Admin section, stating a License Overage (2 nodes used, but only 1 licensed.)
  The license status is not invalid though, and the license state is "Uploaded". This second node I suppose might be the Subscirber that no longer exists? The phones have more than enough licenses.
  When powered up the system seems to run as it should, but only about half the phones have connectivity to and can register with CUCM.
  I have tried to reboot some phones remotely by cutting the power on the switch interfaces where they are attached, but that made no difference.
  The console log on the phones that are down show TFTP Timeout & File Transfer Error.
  The phones that are up and running can be pinged successfully from the CUCM cli, but when pinging the others I get "Destination Host Unreachable".
  The strange thing is that it seems completely random as to what phones are up or down. On all switches there are connected phones with both working and non-working connections to CUCM.
  To try to pinpoint the fault I chose 2 devices on the same switch and compared the config for each interface, one that has connectivity and is registered, and one that does not have connectivity and is unreachable.
  Everything seems to be identical so I can't see what causes this error on the one, but not on the other.
  Also when I ping the ip phone with no connectivity to CUCM from any of the switches, the ping is successful.
  Anyone know what could be the cause of this behaviour?

  Hello and thank you for your time.
  The phones get there IP’s from a DHCP Server (Not the built in one in CUCM, but an external server). I have tested that the DHCP process works by powering off a phone (one of the phones with connectivity issues), deleting the lease, and then powering the phone back on and seeing the device request and receive a new lease.
  There is only one CCM group active and both servers are in this group with the Publisher as highest priority server. All phones are in the same Device Pool attached to this group.
  There are a lot of warnings regarding dbReplication & missing node due to the subscriber being gone. Also there is an issue with NTP server (see below). I will post more on this tomorrow morning.
  I have also attached the console log from one of the phones that can't register.
  NTP Alert:
  At Tue Jan 13 21:24:10 BRST 2015 on node 192.168.50.2; the following SyslogSeverityMatchFound events generated:  SeverityMatch : Critical MatchedEvent : Jan 13 21:23:49 CUCMPUB user 2 ntpRunningStatus.sh: Primary node NTP server; 192.168.50.6; is currently inaccessible or down. Verify the network between the primary and secondary nodes.  Check the status of NTP on both the primary and secondary nodes via CLI 'utils ntp status'.  If the network is fine; try restarting NTP using CLI 'utils ntp restart'. AppID : Cisco Syslog Agent ClusterID :  NodeID : CUCMPUB  TimeStamp : Tue Jan 13 21:23:49 BRST 2015   SeverityMatch : Critical MatchedEvent : Jan 13 21:23:53 CUCMPUB user 2 ntpRunningStatus.sh: The local NTP client is off by more than the acceptable threshold of 3 seconds from its remote NTP system peer.  The normal remedy is for NTP Watch Dog to automatically restart NTP.  However; an unusual number of automatic NTP restarts have already occurred on this node.  No additional automatic NTP restarts will be done until NTP time synchronization stabilizes. This is likely due to an excessive number of VMware Virtual Machine migrations or Storage VMotions.  Please consult your VMware Infrastructure Support Team. AppID : Cisco Syslog Agent ClusterID :  NodeID : CUCMPUB  TimeStamp : Tue Jan 13 21:23:53 BRST 2015

• Wi-Fi Connection Issue at Startup When NAS configured as Login Item

  Hi!
  I recently ran into internet connection issue during startup. I managed to find the culprit (it's the firewall) but I believe there should be more behind just blaming the firewall for it.
  Before I go any further, it would be best if I try to explain the setup that I have. Also, note that I'm a newbie when it comes to terms like DHCP, IP address, IPv4, IPv6, etc. I think I may have an idea what they do, but I'm not quite sure whether that idea jibes with the real thing. Whatever. Anyways, here's the setup.
  For the internet connection at my place, I use a Cisco wifi router and an Airport Extreme Base Station. The Cisco router has been set up to have its own wi-fi network, while the Airport Extreme Base Station is connected to the Cisco router using ethernet. I set up a separate wi-fi network for the Airport Extreme Base Station and almost all of my devices are connected using the Airport Extreme's wi-fi network.
  I have 3 external hard drives connected to a USB hub, which in turn is connected to the Airport Extreme base station.
  2 Macbooks. One is a white, late 2007 MacBook running Lion. The other is a MacBook Pro running Mountain Lion. I turned the firewall on for both Macbooks.
  Initially, there was no problem connecting to the internet and also the 3 external hard drives from the Airport Extreme. I did the wireless connecting to the external hard drives manually after startup (open finder > navigate to airport extreme at the sidebar > click on the hard drives one by one until the eject icon and folders are shown). You can imagine how soon this got annoying for me (yeah, I shutdown my macbooks everytime I finish with them, it's a habit). So I put these external hard drives as a login item at startup (in the system preference setting for accounts) so that I won't have to do this everytime I start my macbooks.
  This is where it got interesting.
  For my MBPro, during startup the wi-fi icon at the menu bar will show that it was trying to connect and then the '!' symbol is shown. When I go to system preference > network, there was a message about self-assigned IP. I notice that it starts with 169, which is not the usual IP assigned to devices in my home network. This, however, usually did not last long. Soon enough the '!' symbol is gone and the wi-fi connection becomes normal with finder windows popping up showing folders for the external drives. It's a minor annoyance, waiting for the '!' symbol to go away (I think it got something to do with DHCP settings sent from the router and the self-assigned IP address, but again I'm not sure), but at least the MBPro can connect in the end.
  For my white MB though, things didn't go well. The '!' remains in the wi-fi icon and there was no internet connection, no matter how long I waited. Even after removing the external drives from login items the problem persists during startup. If I remember correctly sometimes there is a pop-up saying that the computer could not connect to the airport extreme server (this also happens on the MBPro).
  I initially tried resetting the wi-fi setup (removing the network from the list of known network in system preference > network, removing the wi-fi network password from keychain access) to no avail (in both macbooks). As mentioned above, I also tried to remove the network hard drives from login item but even after that the connection problem persisted in my white Macbook, while the MBPro initially showed the same symptom before finally managing to connect with the proper IP address.
  Finally, after googling through forums some people suggested that turning off the firewall might work. I did so, and voila, it did remedy the situation. Both Macbooks manage to connect to the internet during startup without any fuss, and both even manage to connect to the network drives during startup (I put them in again as login items to see if it would cause further trouble).
  So, the firewall was the culprit. But it only started acting up AFTER I put the network drives as login items.
  Can anyone explain the cause of this?
  Anyways, thanks for reading!

  Make sure you are using the passkey found on the Homehub and not your email password. You may need to "Forget" the connection on the phone and scan again then enter passkey.

• Cisco Movi 4.2 Presence issues.

  Hi Experts,
  I did a search and saw that similar question was asked various times. However, it did not applied in my scenario. I am having a Cisco Telepresence VCS Expressway starter pack running on X6.1 firmware.
  I was login to my Movi account and saw "User 1" is online under my favourite list. When I tried connecting to "User 1", I got the error "Call failed - The user could not be found. The user is offline or does not exist" (User 1 was never online).
  I logout my Movi accounrt and login again. This time round, "User 1" is offline.
  The other time was "User 2" saw "User 3" was in Busy status but "User 3" was never online. User 2's PC was rebooted and re-login into Movi and saw User 3 offline.
  Anything that I should do to overcome this?
  Thanks

  Hi,
  Is there any reason why use "Treat as Authenticated" instead of "Check
  Credentials"?, We notice that when set to "Treat As Authenticated", user
  can login with any password? Our default zone is set to "Check
  credentials". Please advise, thanks.
  Best regards
  Yeoh Wee Nam, CTS-D
  aljaiswa
  05-04-12 11:37 AM
  Please respond to
  "[email protected]"
  To
  Tandberg SUPPORT/NETe2Asia@NETe2Asia
  cc
  Subject
  - Re: Cisco Movi 4.2 Presence issues.
  Home
  Re: Cisco Movi 4.2 Presence issues.
  created by Alok Jaiswal in TelePresence - View the full discussion
  Hi Wee,
  I addition to what Magnus has pointed out i would like you to check the
  bug "CSCtt34812".
  The condition you were saying could be related to bug mentioned where the
  MOVI after deregistering doesn't publish its OFFLINE status and shows
  online. I can't say much but it would be more clear with logs.
  workaround: Change the Default Zone's authentication policy from "Do Not
  Check Credentials" to "Treat As Authenticated"
  for more details refer to Cisco BUG tool kit and check the release notes
  for Cisco Jabber 4.3
  http://www.cisco.com/en/US/docs/telepresence/endpoint/movi/release_note/Jabber_Video_Release_Notes_4-3.pdf
  The bug would be fixed in combination of x7.x and jabber 4.3
  Thanks
  Alok
  Reply to this message by going to Home
  Start a new discussion in TelePresence at Home

• Connecting Issues

  I currently have DSL access with a Westell A90-750015-07 router and a Cisco wireless adapter. I seem to have issues connecting at times to the Internet, especially since we had a recent storm. One night I'm able to get on, the next I can't. And when I am able to go online, it is usually after several tries. My computer is in the bedroom and the router is in the kitchen, which may have something to do with the connection issue because there is not a closer jack.
  Usually what I end up doing is turning off the computer, restarting, or shutting down completely, turning off the router and taking the adapter out and turning back on. Usually I could then get back on, but seems a hassle.
  Since I got on now, the connection has stayed on, thankfully. Sometimes it goes while I'm on, then will come back on. It's a pain because it's been like this consistently.
  I have a networking cable, however, it's been a while since I used it. Verizon's Technical Support helped me the last time. I'm not sure if something needs to be reconfigured since the storm so this does not keep happening. They did something while the cable was plugged in, then I was able to go back to using the wireless adapter to connect. I don't suppose anyone would have instructions. I'm also unsure which one it gets plugged into. I believe it's Ethernet on my HP desktop, but on the router I'm unsure which one it goes into, like E1/Uplink, E2, E3, or E4/Data. I tried earlier with all of them, even turned the router off, then would restart the computer but nothing happened.
  Any guidance would be much appreciated.
  Solved!
  Go to Solution.

  Ok.
  #1 An original or very old style NID with a spark gap and ground wire can even get spiders in it that could cause an issue. Inspect the NID first before thinking of changes or wiring.
  http://en.wikipedia.org/wiki/Network_interface_device
  http://en.wikipedia.org/wiki/Demarcation_point
  Running a good quality wire CAT5, no need for CAT6,  directly to the NID for the DSL modem jack may help. That is what I had done with mine. Depending on the number of loads or amount of wire in the house could also cause issues. But if the user's signal quality is not being pulled low due to a wiring issues, it would usually indicate a problem elsewhere. Unless there was noise being picked up on the premises wiring. Wire DSL directly to the NID and install a filter there for all other in house wiring may help. There used to be available what was called a NID Filter, and I am sure you can still get them.
  Ideal Connection if house wiring is an issue, or very old, and lengthy. Install a filter / splitter at the NID.
  Run CAT5 directly to the NID location, and install a dedicated jack for the DSL modem.
  Remove all in house wiring from the NID.
  Connect piece of CAT5 from the NID to the filter / splitter input
  Connect all existing phone lines to the phone side of the filter output.
  Connect the new DSL CAT5 directly to the NID before the filter / splitter, or to the DSL side of the filter / splitter, depending on the device purchased.
  This will take all the existing premises wiring out of the picture unless there is a short circuit or excessive load somewhere in the house.
  At this point all the single filters could be removed because the DSL is filtered at the NID.
  http://www.homephonewiring.com/dsl.html
  #2 You can test outbound to Giganews. But giganews has/had a test that will check your inbound connection from their servers to you.
  I heard from another user that
  Giganews is being watched very closely because of multipart binaries, and pirated material. MP3s and Video Content. 7 years ago you could get 10-20 MP3 albums in a single day, and that was with a 15/5 fios connection. So they started providing an encrypted connection service for an added fee. I have not messed with news groups for a very long time. Now with deep packet inspection, and other enforcement, I would not even think of it. No news I want there. But there may be content that people want? They may even be checking and limiting speed from that domain. Never tested. But let me see. It looks as if reverse trace routes and speed tests are being blocked by Verizon from Giganews to my router.
          Reverse Traceroute
          Tool news.giganews.com
          traceroute to *.*.*.*, 30 hops max, 60 byte packets
          1 gw1-g-vlan201.dca.giganews.com (216.196.98.4) 0 ms 0 ms 0 ms
          2 te0-0-0-7.mpd22.iad02.atlas.cogentco.com (38.122.67.49) 0 ms 0 ms te0-7-0-9.mpd22.iad02.atlas.cogentco.com (38.122.62.193) 0 ms
          3 te0-0-0-4.ccr21.iad02.atlas.cogentco.com (154.54.31.105) 0 ms 0 ms te0-2-0-0.ccr21.iad02.atlas.cogentco.com (154.54.31.101) 0 ms
          4 uunet.iad01.atlas.cogentco.com (154.54.13.138) 28 ms verizon.iad01.atlas.cogentco.com (154.54.10.226) 40 ms uunet.iad01.atlas.cogentco.com (154.54.13.138) 28 ms
          5 0.ae1.RES-BB-RTR2.verizon-gni.net (152.63.32.157) 41 ms 41 ms 0.ae2.RES-BB-RTR1.verizon-gni.net (152.63.34.22) 13 ms
          6 * * *
          7 * * *
          8 * * *
          9 * * *
          10 * * *
          11 * * *
          12 * * *
          13 * * *
          14 * * *
          15 * * *
          16 * * Max number of unresponsive hops reached (firewall or filter?)
  #3 Have the provider run a local loop test to see if any problems are indicated. If there are, then they could run the test with everything in the house disconnected, except the new DSL modem connection. If issues are still indicated, then the DSL provider needs to make connections on the local loop. Another user told me that they had issues when it rained, and it was because construction had left a splice box open on a line somewhere.
  If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

• N1KV - Connectivity issues

  Hi all,
  I  am trying to bring up my first N1KV in a lab environment and I am  having some weird connectivity issues. Hope someone can help !!
  I've  been working together with our VM team and we have the following  installed and configured. We have ESX 4.1 installed on an HP DL360 G7  with 4 NIC's and the VMNic's are assigned as follow.
  -  vmnic0 to vSwitch0 with the following portgroups (Service Console,  N1KV-Control, N1KV-Mgmt, N1KV-Packet and VMKernel) and all portgroups  are in the same VLAN.
  - vmnic1 to vSwitch1 for vMotion traffic
  - vmnic2 to vSwitch2 for VM data
  - vmnic3 to vSwitch3 for VM data
  I  have VSM and VEM version 4.2(1)SV1(4) installed on the same ESX host  and connected to vCenter with the following port-profile and svs-domain  configured. I am using L3 mode for VSM and VEM communication I believe  this is what Cisco recommends going forward.
  port-profile type ethernet system-uplink
    vmware port-group
    switchport mode access
    switchport access vlan 7
    no shutdown
    system vlan 7
    description ServiceConsole-Contrl-Packet-Mgmt
    state enabled
  port-profile type ethernet vMotion-uplink
    vmware port-group
    switchport mode access
    switchport access vlan 21
    no shutdown
    description vMotion uplink
    state enabled
  port-profile type ethernet W0AA0159-VM-Data-Uplink
    vmware port-group
    switchport mode trunk
    switchport trunk allowed vlan 8,99
    channel-group auto mode active
    no shutdown
    description W0AA0159 VM Data Uplink
    state enabled
  port-profile type vethernet VM-Data-VLAN8
    vmware port-group
    switchport mode access
    switchport access vlan 8
    no shutdown
    description VM Data VLAN8 Server Farm
    state enabled
  port-profile type vethernet VM-Data-VLAN99
    vmware port-group
    switchport mode access
    switchport access vlan 99
    no shutdown
    description VM Data VLAN99 Web-App Server Farm
    state enabled
  port-profile type vethernet vMotion
    vmware port-group
    switchport mode access
    switchport access vlan 21
    no shutdown
    description vMotion
    state enabled
  port-profile type vethernet System-Console
    vmware port-group
    switchport mode access
    switchport access vlan 7
    no shutdown
    system vlan 7
    description vMotion
    state enabled
  port-profile type vethernet L3vmkernel
    capability l3control
    vmware port-group
    switchport mode access
    switchport access vlan 7
    no shutdown
    system vlan 7
    state enabled
  svs-domain
    domain id 101
    control vlan 1
    packet vlan 1
    svs mode L3 interface mgmt0
  Here is my problem:
  When  I move vmnic0 to the system-uplink port-profile with N1KV-Control,  N1KV-Mgmt, N1KV-Packet map to System-Console port-profile, and VMKernel  maps to L3vmkernel port-profile, all seems to work fine at this point. I  can see the VEM comes online and all is good. But when I start moving  the second vmnic over (either vmnic1, vmnic1 or vmnic3 don't matter) all  hosts got disconnected, vCenter shows all hosts disconnected. And the  only way to bring the environment back is to log into ESX and run ESX  commands to delete and recreate the vmnic's then map them back to  vSwitch.
  Has  anyone ran into this issue before ? Could it be that vmnic is assigned  to the vSwitch that you can't move it over to the N1KV ?
  Thanks in advance !!! I appreciate any inputs / suggestions !!!
  D.

  Hello,
  We need additional information to further investigate this behavior. Please open a TAC service request with following logs after re-creating the issue.
  VSM log file ( SSH session output file )
  show tech-support svs | no-more
  VEM log bundle
  SSH into ESXi host and execute " vem-support all " command
  Padma

• BTFORN/OPENZONE Connection issue via laptop (ok on...

  Hi all, I know there are a few issues about connetcign to the hotspots - But I am able to conenct via the wireless on my iphone via a hotspot, but on my laptop I get the yellow circle with explantaion mark when trying to connect via my laptop (I am away from home for a few weeks)  any suggestions, its says I'm connected to the hotspot but not the internet.
  Thanks all

  Also look at this:
  https://supportforums.cisco.com/docs/DOC-17314
  Issues with IPSEC-VPN client and Verizon VZ4G LTE network
  VERSION 2  
  Introduction
  Core Issue
  Resolution
  Introduction
  This document explains why IPSEC VPN clients don't work on Verizon 4g network.
  Core Issue
  The Cisco IPSEC VPN client is able to connect to VPN gateways without any issues over the Verizon 4g network. However once connected, the client is not able to pass any traffic at all. The counters on the client indicate that the client is encrypting data however, there are no increments to the decrypt counters. This issue is seen on the entire gamut of windows OSs. One of the deal breakers with the new Verizon 4g network is that the new LG VL600 and Pantech UML290 run a privately routed IP (10.) address that ONLY allows outbound traffic - no inbound traffic can be passed through. This means that if you have a need for remote access to a device, Verizon's new 3G/4G-capable devices will not allow you to access them like you could with a 3G-only modem.
  Resolution
  Based on suggestions made by Verizons it seems as though the following things need to be attempted:
  1. enable Nat-T. For more information regarding nat-traversal please refer to the following documents:
       a. IPSEC over NAT-T on IOS devices
       b. IPSEC over NAT-T on ASA
  2. enable IPSEC-over-TCP. For more information regarding enabling IPSEC over TCP please refer to the following documents:
       a. IPSEC over TCP on IOS devices
       b. Enabling IPSEC over TCP on ASA
  3. Use Anyconnect rather than IPSEC
  4. The other option is to go with the Sprint 4g network instead which apparently does support remote access to applications.

• RV320 Intermittent connectivity issues

  We have been having intermittent problems with internet (WAN) connectivity on my wife's small business computer network.  Connectivity will be fine for a day or so, and then we will have a period of poor and frequently interrupted connectivity.  I have our router (a Cisco RV320K9NA) set to send me notifications about problems, and when our internet connection is disrupted, I receive the following notifications from the router:
  Mar 28 07:31:11 2015 routeree1df4 Network Log:  NSD FAIL WAN[1]
  Mar 28 07:32:11 2015 routeree1df4 Network Log:  NSD SUCCESS WAN[1]
  Mar 28 07:36:05 2015 routeree1df4 Network Log:  NSD FAIL WAN[1]
  Mar 28 07:39:08 2015 routeree1df4 Network Log:  NSD SUCCESS WAN[1]
  Mar 28 07:39:48 2015 routeree1df4 Network Log:  NSD FAIL WAN[1]
  Mar 28 07:40:58 2015 routeree1df4 Network Log:  NSD SUCCESS WAN[1]
  The above is a sample, there are many more notifications of this type in the log.
  Our network configuration is as follows:
  Our internet provider's cable modem is connected to our router, which is connected to a Netgear ProSafe 24 port switch.  All of our network devices and computers are connected to the switch.
  We have tried many things to fix this problem.  Our internet provider (Time Warner) has replaced their cable modem. We have replaced our router.  My wife increased the speed of our network connection based on usage data from the internet provider. I have replaced the ethernet cable between the router and the cable modem.
  We have not been able to reproduce the connectivity problem when we directly connect a laptop to the cable modem, so the internet provider has decided that the issue must be internal to our network and/or router, washing their hands of the whole problem.
  I'm technically proficient, but I'm no networking technician, so I'm looking for help and suggestions to fix this problem.  Thanks in advance for any suggestions that you can offer.

  No, it was wireless. Here is the same test run whilst wired in. I don't understand this though. I wasn't complaining about the speed? I was complaining about the general intermittent connectivity issues we experience, and the regular lack of availability the service provides. Perhaps these are standard tests you have to run beforehand?
  The last time I complained about my connectivity issues was in February. If you have access to the ticketing tool, you'll be able to see the nature of my complaint. It was ticket number: VOL051-4263008159178. Something was "done at the exchange" and someone logged onto my HH3 and changed the wireless channel and that "fixed" it. Trouble is, it's been the same ever since. We have a few hours where the connection is stable, then we'll start to get packet losses when trying to connect to sites like Google.co.uk, Bt.com etc etc.
  I'm no expert, but this is clearly more than an issue with the wireless channel and some spurious problem at the exchange. This is a continuing nightmare for us which is preventing us from accessing the internet for hours at a time and therefore taking full advantage of the services we pay a lot of money for!

• Wireless Connectivity Issue with 802.11n.

  We have a 5508 Controller and sixteen 1142 APs.
  Several of our laptops were experiencing connectivity issues over Wireless.  Older laptops that do not support 11n are not having any problems.
  I disabled 802.11n for both 'a' and 'b/g' in the Controller.  Now the newer laptops connect with no issues.
  They would in fact connect to the APs while 11n was available, just no Internet Access - (cannot ping DG, etc).  Disabling/Enabling the laptop WL adapter would allow brief access (sometimes), but they'd quickly lose Internet Access once again.
  Our WLANs are configured for WPA2/AES.
  This looks like a 802.11n configuration issue at either the Controller or the Laptops (or both).  Both are using the Default settings for 801.11n.
  Any recommendations for correcting this?  Are there best practice guidelines for configuring 802.11n?
  Thanks.
  - Jay

  Configure 802.11n on the WLC
  http://www.cisco.com/en/US/customer/products/ps6366/products_tech_note09186a0080a3443f.shtml

• WAP2000 and iPhone connectivity issues?

  I have several WAP2000 (Firmware 2.0.0.5), and while they work fine for PC's, iPhones, iPod touches cannot connect to them.
  Well, they connect briefly, get an IP address from the router, and immediately drop the connection to re-connect again.
  I have tried changing channels, eliminating all but one of the AP's, and so forth.
  Has anyone else had issues with this firmware?  I see posts where people are saying their iPhones connect up fine.  This happens on versions 3.x and 4.x of the iphone O.S.  It's not limited to one iphone or ipod touch; we've tried several.
  If anyone else is running 2.0.0.5 of the firmware and they are having success with an iphone, can you please tell me your settings?
  Thanks in advance!
  --Greg

  Greg,
  I think I have the same problem but with a Blackberry Storm 2.  (I posted in the last two days--Look for WAP2000 and Storm 2)  I see the Storm 2 connect successfully to the WAP2000 but then never establish a connection to the Blackberry Enterprise Server (BES)...Necessary to do anything useful with a Blackberry device.  A few months aga (Before I had my Storm 2) I had borrowed an iPhone for a week.  During that time I tried to use my WiFi but it never seemed to work (ie Established a WiFi link but then couldn't do anything else with it.).  Since I didn't have it long and WiFi wasn't the object of my testing I ignored the problem.  Now troubleshooting my Storm 2 problem and realizing that other WiFi devices on my network have been experiencing issues (the Storm 2 appears to have been most impacted) it is very likely that the iPhone I borrowed was experiencing the same problem.
  You can read my previous post but a quick summary--> When I used a packet analyzer (Wireshark) I saw that my router was issuing ARP address discovery broadcasts to the Storm 2's IP address but the Storm 2 was not responding.  I had tested the same setup with a different wireless access point (Linksys WAP54G) and saw the Storm 2 properly respond (and the Storm 2 worked perfectly when connected to the WAP54G).  I concluded that the WAP2000 was either not forwarding the ARP broadcast to the Storm 2 or it was not forwarding the Storm 2's response back to the LAN.
  I created a work around the now allows my Storm 2 (and multiple other devices) to function successfully on the network.  I have a Cisco ASA5505 firewall that has a ststic ARP table and is capable or proxy-arp (ie.  It can respond to ARP requests on behalf of devices on the network).  I simply created an entry for my Storm 2 and now it functions properly.  I also had a laptop and an IP security camera that had intermittent connectivity issues.  When I added static ARP entries for these items their problems disappeared as well.
  I don't think this is a settings issues so I am hoping Cisco confirms this as a bug and issues a firmware update.
  I hope this helps.
  --Gerhard Wittreich

• Windows 8 - AnyConnect 3.0.2052 - Connection Issues

  Hello,
  I have connection issues with AnyConnect 3.0.2052 on Windows 8.
  I have a brand new Samsung Ativ Ultrabook here running Windows 8 Professional.
  The same AnyConnect client version runs fine on Windows 7, but I can't get it working on the Samsung with Win 8.
  After clicking Connect in the client and typing in the username and pw I see the welcome message and accept it, then I get the message
  AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.
  After clicking OK it shows
  The VPN client driver has encountered an error. Please restart your computer or device, then try again.
  The message history shows "Establishing VPN - Attempting to repair VPN Adapter..."
  Restarting the computer doesn't help.
  I already tried the registry hack and imported the certificate as described here
  http://vipinvgopal.com/cisco-anyconnect-vpn-client-connection-error-in-windows-8/
  ICS is not activated.
  I run a ISA 570W and I'm not allowed to download other AnyConnect clients from the download center, for whatever reasons...
  As I said, other computers are working fine, so I'm sure it's a problem with Windows 8.
  Any ideas?
  Kind regards,
  Dominik

  I installed the latest version of AnyConnect.
  However after clicking Connect in the client I now immediately get the error
  Connection attempt has failed due to network or PC issue.
  I don't even get the dialog for username and pw
  I already disabled Avira Professional and explicitly allowed the AnyConnect client in the Windows firewall settings to make connections, but with the same effect.
  When I browse the server address in IE or firefox on the same notebook it's working fine and also clients on other notebooks are working with the server.