Cisco Client + Dial up problems

Similar Messages

• IPad IPSEC Cisco client - Additional route issue

  Hi,
  I am unsure if this problem has come about in recent iOS releases, or just something thats only become aparent now because someone has tried to use. I've never had any complaints prior to the last month or so.
  When connecting to a VPN configuration on a Cisco router (which previously didnt work but has for about a year I guess), the iPad recieves additional routes just fine, as it should, but does not seem to work with them.
  For example I have 2 networks
  192.168.200.0/24
  10.0.10.0/24
  In my ACLs on the router I add both networks, and I have confirmed with an app on my ipad that it gets both routes. They have the exact same flags, mtu, and gateway.I can get to the 192.168.200.0/24 network, but not the 10.0.10.0/24 network, even though my network tools software says the correct route is in use. Its almost as if it is not encrypted
  If i reverse the ACLs order, so i have the route to the 10.0.10.0/24 network first, then that network will work, and the 192.168.200.0/24 network will NOT, despite the route tables looking EXACTLY the same as the first instance.
  If I connect via a PC cisco client, works fine. All routes work.
  I've had reports (that I have yet to confirm as I do not have a Mac) that the built in VPN client in MacOS has the same issue, but the Cisco supplied VPN client has no issue.
  It seems like its an issue with the apple OS software, but am open to suggestion - Anyone got any ideas?
  Leigh

  I know you don't have an ASA, but I just want to be clear about the information you've given so no one is misled.  The ASA5500-SSL-25 license is a premium license, and with that one gets:
  Robust posture assessment capabilities protect the integrity of the corporate network by restricting VPN access based on an endpoint's security posture. Prior to establishing connectivity, a system may be validated for compliance with various antivirus, personal firewall, or antispyware products, and may undergo additional system checks. An advanced endpoint assessment option is available to automate the process of remediating out-of-compliance endpoint security applications.
  If one didn't want all that then one wouldn't it, and I didn't.  I bought an unlimited anyconnect essentials license and mobile option for my 5520 for no more than $250 USD for both, and unlimited on a 5520 means 250 users since that is the max it can handle.  On the Cisco ISR G2 routers, they're quite expensive units and I think licensing is higher.
  But as far as the main point of discussion here, the real issue is that though IPsec will be around for years to come in site-to-site and dmvpn scenarios, on clients it is another story especially mobile.  Apple collaborated with Cisco on the IPsec client for iOS because of the complexity of IPsec clients and that it had to work to drive iOS acceptance.  That it took Now that SSL VPN client software has matured, it is only a matter of time before Apple yanks IPsec VPN from iOS altogether, and I wouldn't be surprised if they aren't as speedy about fixing bugs in the iOS built-in client as they once may have been.  SSL VPNs are lighter and easier to install on mobile clients and it is not in Apple or Cisco's interest to support IPsec on the client on all platforms indefinitely (Cisco only grudgingly added Win64 support somewhat recently).  It isn't perfect, but installing the client is much easier for our users to do, doesn't require a reboot on Windows or pre-10.6 Macs, and it unifies the experience across all platforms.  I'm not even one to jump on the "latest thing" bandwagon normally, but even at the higher ISR router cost to get SSL VPN I'd have done it just from a user support perspective alone.  If you can eliminate client support costs then there is a cost savings to me and my users that I factor in.

• CISCO 1841 with SHDSL Problem?

  Hello,
  I´am new in cisco WIC configuration. I have a CISCO 1841 with a interface: 1SHDSL v3 and i want to connect to my ISP over a PPoE encapsulation.
  I just make the new interface connection in SDM, but the synchronism with the ISP not work. The ISP tell me that VPI/VCI is 0.35 and the annex is the A.
  I live in the Europe, but i think that the annex A is for POTS lines and Annex B for ISDN, right?? My line is ADSL Analog.
  My startup-configuration is that:
  Router#show run
  Building configuration...
  Current configuration : 2974 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Router
  boot-start-marker
  boot-end-marker
  logging message-counter syslog
  no aaa new-model
  dot11 syslog
  ip source-route
  ip cef
  no ipv6 cef
  multilink bundle-name authenticated
  crypto pki trustpoint TP-self-signed-2879799878
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-2879799878
  revocation-check none
  rsakeypair TP-self-signed-2879799878
  crypto pki certificate chain TP-self-signed-2879799878
  certificate self-signed 01
    3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 32383739 37393938 3738301E 170D3131 30343233 32303532
    33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38373937
    39393837 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100BE34 379A4D5D 1DA98B67 708AF8D4 221F1BE5 C5947EEA FF931EF4 37AD8A2C
    C786C8D9 88E97474 D32FE0F0 10C048B9 6F5DA580 55241E61 9B0D849A D9E7182A
    04D6C8E0 0C748DC7 0D8B4777 252CD4E1 01A1CEFC D57069CD C1B5E071 E591212D
    80BE3A50 9062884E 57F4BF0C C0EFBF12 6509E384 E1196B8B 11C42280 80806D4B
    F9290203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
    551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 801FF21F
    B68B4902 F183264C 381B00FF 31E04AD1 301D0603 551D0E04 16041480 1FF21FB6
    8B4902F1 83264C38 1B00FF31 E04AD130 0D06092A 864886F7 0D010104 05000381
    810072E2 23CBEABC B0D8ED1B 09835CAD 6D4D92C7 31880AF1 B9EC00DC 12DBDC2B
    637FD4AB 39051AF3 04D3D948 180AB27A FFF66B33 6E44AB03 5280EC27 3C68C054
    B365F6E3 5272D96F 9BBBC96E 228CC9C7 84F3CC48 28479B47 D8ADD129 7BF495FF
    D8AFCA02 F8096B3C 581E68AA 16A00112 49FCED96 83DD2847 BA07F69D 9195248B EF31
          quit
  username INEM privilege 15 secret 5 $1$2Jgp$bV.OuBughjgSIOLuCr6Kn16FP.
  archive
  log config
    hidekeys
  controller DSL 0/0/0
  mode atm
  interface FastEthernet0/0
  no ip address
  shutdown
  duplex auto
  speed auto
  interface FastEthernet0/1
  description Conection to CISCO SDM
  ip address 10.10.10.1 255.255.255.248
  ip tcp adjust-mss 1412
  duplex auto
  speed auto
  interface ATM0/0/0
  no ip address
  no atm ilmi-keepalive
  interface ATM0/0/0.1 point-to-point
  pvc 0/35
    pppoe-client dial-pool-number 1
  interface Dialer0
  ip address dhcp
  ip mtu 1452
  encapsulation ppp
  dialer pool 1
  dialer-group 1
  ppp authentication chap pap callin
  ppp chap hostname r353535
  ppp chap password 0 xdfgdfg
  ppp pap sent-username r353535 password 0  xdfgdfg
  ip forward-protocol nd
  ip http server
  ip http authentication local
  ip http secure-server
  dialer-list 1 protocol ip permit
  control-plane
  line con 0
  line aux 0
  line vty 0 4
  login
  scheduler allocate 20000 1000
  end
  Some one can help me please?
  thanks

  Hello,
  Can you explain me please the reason of my WIC 1SHDSL-v3 not work in ADSL lines ?
  Thank you,
  Best Regards

• Duplicating de confirmation for Clients with credit problems

  Hi,
  We are using GATP to confirmed the sales orders quantities. In the check instructions,
  we are using check availability and then RBA (product substitution)
  When I create a sales order for a client with credit problems the confirmed quantity
  is being duplicated after releasing the order.
  The steps I am following are next:
  1.        VA01: create sales order (i.e: order product D 10 PC, I got 10 PC of product E confirmed because of the RBA)
  2.        VKM3: Release the order
  3.        VA03: display the sales order
  (it duplicates the lines with confirmed quantity - i.e: I got line 10: product D 0 PC confirmed; line 11: product E 10 PC confirmed; line 12: product E 10 PC confirmed, so line 12 is repeating line 11)
  We have explore any issues related to the availability check, but it seems to be a problem with the configuration of the credit processing.
  Have you ever had this issue? Any recommendation to solve it?
  Thanks a lot in advance.

  777,
  Are you using product allocation?
  In what case you see duplicate confirmation? in case of partial delivered order? if so check OSS note 1442425.
  Regards,
  Harshil Desai

• Linksys Cisco WVC210 Network Camera - Problem

  Hello Cisco Members,
  I have problem with one Linksys Cisco WVC210 Network Camera.
  When I Power ON, the PowerLED blinking, other 3 GreenLED light and on LCD Display have nothing.
  I make 30 seconds push resset button, 30 seconds power OFF and havent result. When I connect it to
  Router with DHCP, this camera can not take IP Address... I do not understand where is a problem with
  this camera.
  I write here to get a fix of this problem.
  Regards,
  Vivendi

  Try power on and after 90 seconds go to the Browser and type in 192.168.1.99 (assuming you are on the 192.168.1.xx LAN network) and see if you are able to get to the firmware page, if yes try reload the firmware, if you are not then I would recommend returning the product by getting in touch with Cisco's Tech Support and get an RMA number and instructions on returning the product and get a replacement.
  Alan.

• Cisco outbound Dialer MRPG test calls command

  Hi Dear,
  Can you please tell me someone about this command.
  What is the cisco sccp dialer test call command on the cmd.
  It should be  smilar command on the cmd 
  c:\ test x 01545051
  I could not remember correctly.
  Thanks and Regards

  The utility is dialogictest
  This is for SCCP only though so wouldn't work in a recent install. Details are in the Cisco Outbound Option guide:
  From the \icm\bin directory on the Dialer, type the following to run the DialogicTest utility, type Dialogictest softphone <number of ports in the Dialer port map> <CallManager name or IP address> <dialer ID> <starting channelID> <custname>
  where:
  The CallManager name or IP address indicates the Unified CM TFTP server machine.
  The dialer ID is the numeric identifier obtained above from the Dialer table.
  The starting channel ID indicates the first port ID in the Dialer (usually 0). This creates simulated Dialer ports based on the port map configuration.
  The custname is the ICM customer name.
  Choose a phone station on the ACD that has a "caller ID" display and note its phone number. This phone station is called to validate connectivity between the Dialer and the station. Using DialogicTest, dial this station using the following syntax: >d 0 <station #> 30
  where d is the abbreviation for "Dial," 0 is the first channel in the port map, station # is the actual number to reach the phone station, and 30 represents the amount of time DialogicTest attempts to ring the phone station. For example, to dial station 51001, the command is >d 0 51001 30.

• Cisco Prime 2.1 problem with API/Client

  Hi,
  im having a problem with the API output i get from Cisco Prime Infrastructure. The URL im trying to GET info from is:
  https://<URL>/webacs/api/v1/data/Clients
  The output shows that im missing data from a specific ID. Example:
  {"@url":"https:\/\/prime.lmv.lm.se\/webacs\/api\/v1\/data\/Clients\/1280389614","@type":"Clients","$":"1280389614"}
  Then i try to GET the info regarding this ID: https://<URL>/webacs/api/v1/data/Clients/1280389614
  {"errorDocument":{"httpResponseCode":500,"httpMethod":"GET","message":"No such entity as Clients \/ 1280389614.-PRS-101","id":"presentation.PRS-101","uriPath":"data\/Clients\/1280389614","queryParams":"{}"}}
  So something is wrong here, so when i add ".full=true" parameter i get the following error as it cannot show the client data:
  https://<URL>/webacs/api/v1/data/Clients.json?.full=true&.firstResult=1000&.maxResults=1000
  {"errorDocument":{"httpResponseCode":500,"httpMethod":"GET","message":"Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'; nested exception is org.hibernate.HibernateException: Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'","exception":"org.springframework.orm.hibernate3.HibernateSystemException: Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'; nested exception is org.hibernate.HibernateException: Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'","uriPath":"data\/Clients","queryParams":"{.full=[true], .firstResult=[1000], .maxResults=[1000]}"}}
  Any idea how to solve this issue, how can i find the client that is causing this problem? In my script im reading all the clients in the network to a third party application. But right now its hard to get this output in a smart way. It might be resolved in 2.2, but it feels like the data i corrupt in some way so i doubt that this error is related to the version?
  Best Regards // Mattias Andersson

  Hi,
  I have also run into this problem on two different Prime 2.1-systems when trying to get all Client-data available. I haven't figured out a way to fix it more than making small calls (.maxResults=100) then trying to pin-point and skip the ID giving the error. I've been using 2.2 for a while now but haven't tested the Client-API that much yet. I'll experiment some more on it and see if I can recreate the problem to see if it's related to the version.

• Cisco PI&MSE client historical report problem

  hi all
  I have cisco pi1.4 and mse7.6 and I was able to see the client on the map but suddenly there is no historical data appear regarding the wireless clients.
  the cas is configured and the historical parameters are configured.
  please advice.
  thanks in advance.

  Hello, could you provide a screenshot with the problem and for which reports it happens?
  Thanks!

• Cisco RV130W VPN firewall problems

  Dear Supports:
  I am newbie with Cisco, and I bought a Cisco RV130W wireless VPN router last week but 
  I got same problem with this router.
  1)I have installed a DHCP server in our internal network so I have disabled the DHCP 
  service under network > LAN > LAN configuration > Server Settings(DHCP), but after 
  this action, all of our wireless device can not get IP again, finally I have 
  enabled the DHCP relay and put the DHCP server IP to "Remote DHCP Server" field, and 
  the problem seems fixed, may I know I have take a right action ? And if the answer 
  is yes, what is the usage for the DHCP Server "Disable" option ?
  2)When I set DHCP to Disable, I find that dashboard still showing that the DHCP 
  server still in "Enabled" status (Dashboard right top corner > LAN (local network)
  Interface > DHCP Server: Enabled), may I know it is a firmware bug or just some 
  setting I missed ?
  3)WiFi signal is weak but I can not find any setting to control signal strong, some 
  times the SSID disappeared, finally I find that because I placed a Ext. USB 3.0 HDD 
  aside the router, after I remove the HDD and the SSID never disappear again, but I 
  don't know why this case happened and how can I prevent those case happened again?
  4)In dashboard I find that VPN server > PPTP User: 0/1 , but in user manual I also 
  find that PPTP VPN > 10 PPTP tunnels for remote client access, may I know in 
  actually the router supports 1 or 10 PPTP user(s) ?
  5)The PPTP VPN will disconnect automatically after connected 10~15 mins, I have try with 2 android device , one is running android 4.2 with native VPN client , and another one is running android 4.4.2 with apps "VpnRoot" , can you let me some hints how to trace and fix the problem ?
  Thank for the support and I am wait for the reply , thanks.

  This document demonstrates how to configure a connection between a router and the Cisco VPN Client 4.x using Remote Authentication Dial-In User Service (RADIUS) for user authentication. Cisco IOS? Software Releases 12.2(8)T and later support connections from Cisco VPN Client 3.x. The VPN Clients 3.x and 4.x use Diffie Hellman (DH) group 2 policy. The isakmp policy # group 2 command enables the VPN Clients to connect.
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml

• Cisco ASA 5510 - Cisco Client Can Connect To VPN But Can't Ping!

  Hi,
  I have an ASA 5510 with the configuration below. I have configure the ASA as remote access vpn server with cisco vpn client, my problem now is I can connect but I can't ping.
  Config
  ciscoasa# sh run
  : Saved
  ASA Version 8.0(3)
  hostname ciscoasa
  enable password 5QB4svsHoIHxXpF/ encrypted
  names
  name xxx.xxx.xxx.xxx SAP_router_IP_on_SAP
  name xxx.xxx.xxx.xxx ISA_Server_second_external_IP
  name xxx.xxx.xxx.xxx Mail_Server
  name xxx.xxx.xxx.xxx IncomingIP
  name xxx.xxx.xxx.xxx SAP
  name xxx.xxx.xxx.xxx WebServer
  name xxx.xxx.xxx.xxx cms_eservices_projects_sharepointold
  name 192.168.2.2 isa_server_outside
  interface Ethernet0/0
  nameif outside
  security-level 0
  ip address IncomingIP 255.255.255.248
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 192.168.2.1 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.253 255.255.255.0
  management-only
  passwd 123
  ftp mode passive
  clock timezone EEST 2
  clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
  object-group service TCP_8081 tcp
  port-object eq 8081
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq 3389
  port-object eq ftp
  port-object eq www
  port-object eq https
  port-object eq smtp
  port-object eq pop3
  port-object eq 3200
  port-object eq 3300
  port-object eq 3600
  port-object eq 3299
  port-object eq 3390
  port-object eq 50000
  port-object eq 3396
  port-object eq 3397
  port-object eq 3398
  port-object eq imap4
  port-object eq 587
  port-object eq 993
  port-object eq 8000
  port-object eq 8443
  port-object eq telnet
  port-object eq 3901
  group-object TCP_8081
  port-object eq 1433
  port-object eq 3391
  port-object eq 3399
  port-object eq 8080
  port-object eq 3128
  port-object eq 3900
  port-object eq 3902
  port-object eq 7777
  port-object eq 3392
  port-object eq 3393
  port-object eq 3394
  port-object eq 3395
  port-object eq 92
  port-object eq 91
  port-object eq 3206
  port-object eq 8001
  port-object eq 8181
  port-object eq 7778
  port-object eq 8180
  port-object eq 22222
  port-object eq 11001
  port-object eq 11002
  port-object eq 1555
  port-object eq 2223
  port-object eq 2224
  object-group service RDP tcp
  port-object eq 3389
  object-group service 3901 tcp
  description 3901
  port-object eq 3901
  object-group service 50000 tcp
  description 50000
  port-object eq 50000
  object-group service Enable_Transparent_Tunneling_UDP udp
  port-object eq 4500
  access-list inside_access_in remark connection to SAP
  access-list inside_access_in extended permit ip 192.168.2.0 255.255.255.0 host SAP_router_IP_on_SAP
  access-list inside_access_in remark VPN Outgoing - PPTP
  access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any eq pptp
  access-list inside_access_in remark VPN Outgoing - GRE
  access-list inside_access_in extended permit gre 192.168.2.0 255.255.255.0 any
  access-list inside_access_in remark VPN - GRE
  access-list inside_access_in extended permit gre any any
  access-list inside_access_in remark VPN Outgoing - IKE Client
  access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq isakmp
  access-list inside_access_in remark VPN Outgoing - IPSecNAT - T
  access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq 4500
  access-list inside_access_in remark DNS Outgoing
  access-list inside_access_in extended permit udp any any eq domain
  access-list inside_access_in remark DNS Outgoing
  access-list inside_access_in extended permit tcp any any eq domain
  access-list inside_access_in remark Outoing Ports
  access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any object-group DM_INLINE_TCP_1
  access-list inside_access_in extended permit ip 172.16.1.0 255.255.255.0 any
  access-list outside_access_in extended permit ip any any
  access-list outside_access_in extended permit tcp any any eq pptp
  access-list outside_access_in extended permit gre any any
  access-list outside_access_in extended permit gre any host Mail_Server
  access-list outside_access_in extended permit tcp any host Mail_Server eq pptp
  access-list outside_access_in extended permit esp any any
  access-list outside_access_in extended permit ah any any
  access-list outside_access_in extended permit udp any any eq isakmp
  access-list outside_access_in extended permit udp any any object-group Enable_Transparent_Tunneling_UDP
  access-list VPN standard permit 192.168.2.0 255.255.255.0
  access-list corp_vpn extended permit ip 192.168.2.0 255.255.255.0 172.16.1.0 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu management 1500
  ip local pool POOL 172.16.1.10-172.16.1.20 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-603.bin
  no asdm history enable
  arp timeout 14400
  nat-control
  global (outside) 2 Mail_Server netmask 255.0.0.0
  global (outside) 1 interface
  global (inside) 2 interface
  nat (inside) 0 access-list corp_vpn
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp Mail_Server 8001 ISA_Server_second_external_IP 8001 netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server 8000 ISA_Server_second_external_IP 8000 netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server pptp isa_server_outside pptp netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server smtp isa_server_outside smtp netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server 587 isa_server_outside 587 netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server 9444 isa_server_outside 9444 netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server 9443 isa_server_outside 9443 netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server 3389 isa_server_outside 3389 netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server 3390 isa_server_outside 3390 netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server 3901 isa_server_outside 3901 netmask 255.255.255.255
  static (inside,outside) tcp SAP 50000 isa_server_outside 50000 netmask 255.255.255.255
  static (inside,outside) tcp SAP 3200 isa_server_outside 3200 netmask 255.255.255.255
  static (inside,outside) tcp SAP 3299 isa_server_outside 3299 netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server www isa_server_outside www netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server https isa_server_outside https netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server pop3 isa_server_outside pop3 netmask 255.255.255.255
  static (inside,outside) tcp Mail_Server imap4 isa_server_outside imap4 netmask 255.255.255.255
  static (inside,outside) tcp cms_eservices_projects_sharepointold 9999 isa_server_outside 9999 netmask 255.255.255.255
  static (inside,outside) 192.168.2.0  access-list corp_vpn
  access-group outside_access_in in interface outside
  access-group inside_access_in in interface inside
  route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  http 192.168.1.0 255.255.255.0 management
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set transet esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map dynmap 10 set pfs
  crypto dynamic-map dynmap 10 set transform-set transet ESP-3DES-SHA
  crypto map cryptomap 10 ipsec-isakmp dynamic dynmap
  crypto map cryptomap interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  no crypto isakmp nat-traversal
  telnet 192.168.2.0 255.255.255.0 inside
  telnet 192.168.1.0 255.255.255.0 management
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx interface inside
  dhcpd domain domain.local interface inside
  threat-detection basic-threat
  threat-detection statistics host
  threat-detection statistics access-list
  tftp-server management 192.168.1.123 /
  group-policy mypolicy internal
  group-policy mypolicy attributes
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value VPN
  username vpdn password 123
  username vpdn attributes
  vpn-group-policy mypolicy
  service-type remote-access
  tunnel-group mypolicy type remote-access
  tunnel-group mypolicy general-attributes
  address-pool POOL
  default-group-policy mypolicy
  tunnel-group mypolicy ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect pptp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:b8bb19b6cb05cfa9ee125ad7bc5444ac
  : end
  Thank you very much.

  Here is the output:
  ciscoasa# packet-tracer input outside icmp 172.16.1.10 8 0 192.168.2.1
  Phase: 1
  Type: FLOW-LOOKUP
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Found no matching flow, creating a new flow
  Phase: 2
  Type: UN-NAT
  Subtype: static
  Result: ALLOW
  Config:
  static (inside,outside) 192.168.2.0  access-list corp_vpn
  nat-control
    match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
      static translation to 192.168.2.0
      translate_hits = 0, untranslate_hits = 139
  Additional Information:
  NAT divert to egress interface inside
  Untranslate 192.168.2.0/0 to 192.168.2.0/0 using netmask 255.255.255.0
  Phase: 3
  Type: ACCESS-LIST
  Subtype: log
  Result: ALLOW
  Config:
  access-group outside_access_in in interface outside
  access-list outside_access_in extended permit ip any any
  Additional Information:
  Phase: 4
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 5
  Type: CP-PUNT
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 6
  Type: INSPECT
  Subtype: np-inspect
  Result: ALLOW
  Config:
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect icmp
  service-policy global_policy global
  Additional Information:
  Phase: 7
  Type: INSPECT
  Subtype: np-inspect
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 8
  Type: VPN
  Subtype: ipsec-tunnel-flow
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 9
  Type: NAT-EXEMPT
  Subtype: rpf-check
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 10
  Type: NAT
  Subtype: rpf-check
  Result: ALLOW
  Config:
  static (inside,outside) 192.168.2.0  access-list corp_vpn
  nat-control
    match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
      static translation to 192.168.2.0
      translate_hits = 0, untranslate_hits = 140
  Additional Information:
  Phase: 11
  Type: ACCESS-LIST
  Subtype:
  Result: DROP
  Config:
  Implicit Rule
  Additional Information:
  Result:
  input-interface: outside
  input-status: up
  input-line-status: up
  output-interface: inside
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (acl-drop) Flow is denied by configured rule

• Cisco 804 and ISDN problems

  I've got a problem that I could use some input on. We have several
  Cisco 804 routers that we use for our teleworkers at home. They have
  standard PC's that connect to the ethernet interface on the router
  and to a Siemens phone with Optiset teleworking adaptor via 9 pin
  serial cable and COM1 port on the PC.
  On the router, we are running the BRI0 and Dialer1 interface with
  PPP multilink. I can get the router connect to our DC here in
  Seattle without problem. The problem comes while trying to use
  Siemens callbridge.
  With the phone connected to POTS2 and not signed into callbridge, I
  can pickup the handset and get a dial tone. I then sign into
  callbridge which takes the phone (via the serial cable) and connects
  it to a server (over Ethernet) here in our office in Seattle. This
  succeeds, however when we then go off hook while signed into
  callbridge, we don't get a dial tone.
  I should step back for a second and state then when not signed into
  CB, and pick up the phone, we'll see the router release BRI0:2 and
  give it a voice (dial tone) signal. When signed into CB, this does
  not happen. We are also seeing the error below:
  ISDN BRI0: isdn_is_bchannel_available: No Free B-channels
  I've got ISDN Events and q931 debugging on and am not seeing anything beside the error above that would point to a problem. Cisco has a 20 page debug all that they are going through to search for an answer.
  Any chance that anyone has worked with this before?
  Thanks,
  James

  I would say that this is because the router is connected over 1 b channel to your seattle office and then when you log in with your callbridge you are using the second b channel so when you goto use the phone the router simply has no more b channels to use to carry your phone call which is why you get no dial tone.As BRI ONLY HAS 2*64Kbits b channels and 16Kbits d channel(signalling)

• PPTP VPDN and Cisco Client errors

  Hello there, i have configured a cisco 1841 router as a vpn server for microsoft pptp client access. When connecting outside my local lan it hangs at verifying username and password then gives me error 619 message "remote computer did not respond so port was closed". I am however able to connect on my local lan. I also have Cisco's VPN client configured on the router which works fine and able to receive emails in microsoft outlook but cannot send any emails. The emails just sit in the outbox till i connect to my local lan.Anyone who has experienced a similar problem? I have tried all the configs in the the forum and problem still persists. Any solutions?? Thanks

  Try these links:
  http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml
  http://www.cisco.com/en/US/tech/tk827/tk369/tech_configuration_examples_list.html

• Cisco AP1121G Workgroup Bridge Problem

  Hello,
  For reference I have attached the following:
  Network Diagram
  Ping Results Table
  Configurations for 1811 router, ap1121g root access point, ap1121g wgb.
  I am seeking assistance with the following problem.
  Referring to the attached network diagram, I cannot communicate past the ap1121g-wgb in either direction.
  Also attached is a result table of ping attempts through the ap1121wgb from each side.
  I don't have a problem with the wireless connections. The ap1121g's associate ok.
  Based on the ping results the problem appears to be in the ap1121g-wgb configuration, but I have run out of ideas.
  The following two cisco documents have been my main reference, besides the cisco command lookup site.
  http://www.cisco.com/en/US/customer/products/hw/wireless/ps430/products_configuration_example09186a00805b9b87.shtml
  http://www.cisco.com/en/US/docs/wireless/access_point/12.4_21a_JA1/configuration/guide/scg12421aJA1-chap19-wgb-standby.pdf
  Any insight will be greatly appreciated.
  Thanks...

  Robert,
  Going back to your original post and looking through the example given in the first URL, I spotted a few lines in the example configurations which apply to older revisions of code, but not newer AP code, so they may be misleading. Based on the parameter availability of station-role workgroup-bridge in your last message, would you be wiling to try the following?
  Reset both 1121 APs to factory default configuration (#write erase -- do not save config to startup if prompted)
  Give each AP an IP address on BVI1 so that both APs are in the same subnet
  Apply the following configuration to the infrastrucuture (root) AP:
  dot11 ssid WGB-SSID
  authentication open
  interface dot11radio 0
  ssid WGB-SSID
  station-role root
  no shutdown
  Apply the following configuration to the workgroup-bridge (client) AP:
  dot11 ssid WGB-SSID
  authentication open
  interface dot11radio 0
  ssid WGB-SSID
  station-role workgroup-bridge
  no shutdown
  The intended goal with this exercise is to get rid of all config and to try only basic required elements of a WGB configuration, starting with fresh factory defaults. Let's see if it will work for you as a bare-bones setup and then you can add other configuration like encryption and ACLs back in later.
  Justin

• Cisco 801 ISDN Router Problem

  Hi at all,
  I need your experience with this device! I will implement a remote connection to a customer.
  Following constellation:
  My PC --> Our ISDN NTBA --> provider --> Phone System customer --> S0 --> ISDN 801 Router --> End Device
  My problem is when I call the phone number with my mobile phone the call takes place, the router brings up the channel and hold this for a few seconds.
  The he kick me out than he can´t speak with my end device.
  When I do this with my remote pc nothing happens only this.
  He hangs up and I must restart this application to do the next attempt. How can I fix this problem?
  The debug isdn q931 shows this:
  00:34:24: ISDN BR0 Q931: RX <- SETUP pd = 8  callref = 0x01
  Sending Complete
  Bearer Capability i = 0x8890
    Standard = CCITT
    Transer Capability = Unrestricted Digital
    Transfer Mode = Circuit
    Transfer Rate = 64 kbit/s
  Channel ID i = 0x8A
  Calling Party Number i = 0x0083, 'xxxxxxx'
    Plan:Unknown, Type:Unknown
  Called Party Number i = 0x80, '69'
    Plan:Unknown, Type:Unknown
  00:34:24: %DIALER-6-BIND: Interface BR0:2 bound to profile Di1
  00:34:103079215104: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up
  00:34:24: ISDN BR0 Q931: TX -> CALL_PROC pd = 8  callref = 0x81
  Channel ID i = 0x8A
  00:34:24: ISDN BR0 Q931: RX <- CONNECT_ACK pd = 8  callref = 0x01
  Channel ID i = 0x8A
  00:34:24: ISDN BR0 Q931: TX -> ALERTING pd = 8  callref = 0x81
  00:34:24: ISDN BR0 Q931: RX <- RELEASE_COMP pd = 8  callref = 0x01
  Cause i = 0x85D1 - Invalid call reference value
  00:34:24: ISDN BR0 Q931: TX -> CONNECT pd = 8  callref = 0x81
  00:34:24: %ISDN-6-CONNECT: Interface BRI0:2 is now connected to xxxxxxxx
  00:34:24: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
  00:34:24: %DIALER-6-UNBIND: Interface BR0:2 unbound from profile Di1
  00:34:24: ISDN BR0 Q931: RX <- RELEASE_COMP pd = 8  callref = 0x01
  Cause i = 0x85D1 - Invalid call reference value
  00:34:24: ISDN BR0 Q931: L3_Go: L3_GetUser_NLCB returned NULL cid 0x0 cr 0x81 ev 0x5A ces 1 -- Message ignored
  00:34:24: ISDN BR0 Q931: RX <- RELEASE_COMP pd = 8  callref = 0x01
  Cause i = 0x85D1 - Invalid call reference value
  00:34:24: ISDN BR0 Q931: L3_Go: L3_GetUser_NLCB returned NULL cid 0x0 cr 0x81 ev 0x5A ces 1 -- Message ignored
  00:34:27: ISDN BR0 Q931: RX <- DISCONNECT pd = 8  callref = 0x01
  Cause i = 0x8090 - Normal call clearing
  Facility i = 0x91A11302029372020122300AA1053003020100820101
  - ETSI Supplementary Service, Invoke, AOC-D Charging Units: 0
  00:34:27: ISDN BR0 Q931: RX <- RELEASE_COMP pd = 8  callref = 0x01
  And this is my configuration on the Cisco 801 ISDN Router:
  sh run
  Building configuration...
  Current configuration : 1539 bytes
  version 12.3
  no service pad
  service timestamps debug uptime
  service timestamps log uptime
  no service password-encryption
  hostname customer
  boot-start-marker
  boot system flash c800-y6-mw.123-3i.bin
  boot-end-marker
  logging buffered 4096 debugging
  enable secret 5 $1$4sbt$qMDQoozleDqJstTzC2P8I1
  username admin password 7 01000505571F0303
  aaa new-model
  aaa authentication login default local
  aaa authentication ppp default local
  aaa session-id common
  ip subnet-zero
  no ip domain lookup
  isdn switch-type basic-net3
  interface Ethernet0
  description connection
  ip address 192.168.1.254 255.255.255.0
  no keepalive
  interface BRI0
  description connected to Dial-inPC (ISDN)
  no ip address
  encapsulation ppp
  dialer pool-member 1
  isdn switch-type basic-net3
  isdn incoming-voice data
  isdn answer1 12
  isdn send-alerting
  isdn sending-complete
  isdn static-tei 0
  interface Dialer0
  description connected to Dial-inPC (ISDN)
  ip unnumbered Ethernet0
  encapsulation ppp
  no ip split-horizon
  dialer pool 1
  peer default ip address pool test
  no cdp enable
  ppp authentication chap
  ppp multilink
  router rip
  version 2
  network 192.168.1.0
  no auto-summary
  ip local pool test 192.168.1.10 192.168.1.11
  ip classless
  no ip http server
  dialer-list 1 protocol ip permit
  line con 0
  exec-timeout 0 0
  transport preferred all
  transport output all
  stopbits 1
  line vty 0 4
  transport preferred all
  transport input all
  transport output all
  no rcapi server
  end
  I hope anyone have or had this constellation too with a solution that works.
  Many Thanks in advance,
  Mario

  Hi at all,
  We found a solution for this Problem !!
  We always and always got this error:
  %PQUICC-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
  The problem was the cable! The following pin-out is required:
                                          1 ----- 1
                                          2 ----- 2
                                          3 ----- 6
                                          4 ----- 5
                                          5 ----- 4
                                          6 ----- 3
                                          7 ----- 7
                                          8 ----- 8 
  We used this and the fault has disappeared!!
  The only problem that still exists:
  After the first connection the router must be rebooted because otherwise no more additional session is established.
  Thanks for all answers.
  Regards,
  Mario

• SNMP Discovery of clients through WLC problems

  I have a client with a 2112 WLC and 1252AG radios. The clients work fine, but an SNMP management server can not reach any of the clients over the wireless. Before the WLC and new AP's were installed, they were running older Cisco Autonomous AP's and had no problems with SNMP.  My monitoring system uses SNMP and it can reach the WLC just fine, so there doesnt appear to be any issues on the switched network.
  What can be blocking the SNMP on the WLC?

  the WLC, by default doesn't communicate when you bridge the VLANs. Do the clients need to be in the same subnet as the SNMP server? If not, remove the interface and they should be able to communicate.
  If they do need to hVe in that subnet, then you need to enable management via dynamic interface
  Config network mgmt-via-dynamic-interface enable
  Sent from Cisco Technical Support iPhone App