Cisco Client + Dial up problems
I am experiencing a difficult issue with the Windows Cisco VPN Client (4.6.02)
The client connects fine over a cable broadband connection, but when connected over a dial up connection, the client generates a "Bad hash payload" type errorset.
Can anyone help with this? I have tried several hours of trouble shooting without any progress.
Thanks.
Cisco Systems VPN Client Version 4.6.02.0011
Copyright (C) 1998-2004 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.0.2195 Service Pack 4
Config file directory: C:\Program Files\SpheriX\SpheriX VPN\
1 16:18:38.171 03/20/07 Sev=Warning/3 IKE/0xE3000056
The received HASH payload cannot be verified
2 16:18:38.171 03/20/07 Sev=Warning/2 IKE/0xE300007D
Hash verification failed... may be configured with invalid group password.
3 16:18:38.171 03/20/07 Sev=Warning/2 IKE/0xE3000099
Failed to authenticate peer (Navigator:904)
4 16:18:38.171 03/20/07 Sev=Warning/2 IKE/0xE30000A5
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2202)
5 16:21:14.828 03/20/07 Sev=Warning/3 IKE/0xE3000056
The received HASH payload cannot be verified
6 16:21:14.828 03/20/07 Sev=Warning/2 IKE/0xE300007D
Hash verification failed... may be configured with invalid group password.
7 16:21:14.828 03/20/07 Sev=Warning/2 IKE/0xE3000099
Failed to authenticate peer (Navigator:904)
8 16:21:14.828 03/20/07 Sev=Warning/2 IKE/0xE30000A5
Unexpected SW error occurred while processing Aggressive Mode negotiator:(Navigator:2202)
Similar Messages
-
IPad IPSEC Cisco client - Additional route issue
Hi,
I am unsure if this problem has come about in recent iOS releases, or just something thats only become aparent now because someone has tried to use. I've never had any complaints prior to the last month or so.
When connecting to a VPN configuration on a Cisco router (which previously didnt work but has for about a year I guess), the iPad recieves additional routes just fine, as it should, but does not seem to work with them.
For example I have 2 networks
192.168.200.0/24
10.0.10.0/24
In my ACLs on the router I add both networks, and I have confirmed with an app on my ipad that it gets both routes. They have the exact same flags, mtu, and gateway.I can get to the 192.168.200.0/24 network, but not the 10.0.10.0/24 network, even though my network tools software says the correct route is in use. Its almost as if it is not encrypted
If i reverse the ACLs order, so i have the route to the 10.0.10.0/24 network first, then that network will work, and the 192.168.200.0/24 network will NOT, despite the route tables looking EXACTLY the same as the first instance.
If I connect via a PC cisco client, works fine. All routes work.
I've had reports (that I have yet to confirm as I do not have a Mac) that the built in VPN client in MacOS has the same issue, but the Cisco supplied VPN client has no issue.
It seems like its an issue with the apple OS software, but am open to suggestion - Anyone got any ideas?
LeighI know you don't have an ASA, but I just want to be clear about the information you've given so no one is misled. The ASA5500-SSL-25 license is a premium license, and with that one gets:
Robust posture assessment capabilities protect the integrity of the corporate network by restricting VPN access based on an endpoint's security posture. Prior to establishing connectivity, a system may be validated for compliance with various antivirus, personal firewall, or antispyware products, and may undergo additional system checks. An advanced endpoint assessment option is available to automate the process of remediating out-of-compliance endpoint security applications.
If one didn't want all that then one wouldn't it, and I didn't. I bought an unlimited anyconnect essentials license and mobile option for my 5520 for no more than $250 USD for both, and unlimited on a 5520 means 250 users since that is the max it can handle. On the Cisco ISR G2 routers, they're quite expensive units and I think licensing is higher.
But as far as the main point of discussion here, the real issue is that though IPsec will be around for years to come in site-to-site and dmvpn scenarios, on clients it is another story especially mobile. Apple collaborated with Cisco on the IPsec client for iOS because of the complexity of IPsec clients and that it had to work to drive iOS acceptance. That it took Now that SSL VPN client software has matured, it is only a matter of time before Apple yanks IPsec VPN from iOS altogether, and I wouldn't be surprised if they aren't as speedy about fixing bugs in the iOS built-in client as they once may have been. SSL VPNs are lighter and easier to install on mobile clients and it is not in Apple or Cisco's interest to support IPsec on the client on all platforms indefinitely (Cisco only grudgingly added Win64 support somewhat recently). It isn't perfect, but installing the client is much easier for our users to do, doesn't require a reboot on Windows or pre-10.6 Macs, and it unifies the experience across all platforms. I'm not even one to jump on the "latest thing" bandwagon normally, but even at the higher ISR router cost to get SSL VPN I'd have done it just from a user support perspective alone. If you can eliminate client support costs then there is a cost savings to me and my users that I factor in. -
CISCO 1841 with SHDSL Problem?
Hello,
I´am new in cisco WIC configuration. I have a CISCO 1841 with a interface: 1SHDSL v3 and i want to connect to my ISP over a PPoE encapsulation.
I just make the new interface connection in SDM, but the synchronism with the ISP not work. The ISP tell me that VPI/VCI is 0.35 and the annex is the A.
I live in the Europe, but i think that the annex A is for POTS lines and Annex B for ISDN, right?? My line is ADSL Analog.
My startup-configuration is that:
Router#show run
Building configuration...
Current configuration : 2974 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging message-counter syslog
no aaa new-model
dot11 syslog
ip source-route
ip cef
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-2879799878
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2879799878
revocation-check none
rsakeypair TP-self-signed-2879799878
crypto pki certificate chain TP-self-signed-2879799878
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383739 37393938 3738301E 170D3131 30343233 32303532
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38373937
39393837 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BE34 379A4D5D 1DA98B67 708AF8D4 221F1BE5 C5947EEA FF931EF4 37AD8A2C
C786C8D9 88E97474 D32FE0F0 10C048B9 6F5DA580 55241E61 9B0D849A D9E7182A
04D6C8E0 0C748DC7 0D8B4777 252CD4E1 01A1CEFC D57069CD C1B5E071 E591212D
80BE3A50 9062884E 57F4BF0C C0EFBF12 6509E384 E1196B8B 11C42280 80806D4B
F9290203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 801FF21F
B68B4902 F183264C 381B00FF 31E04AD1 301D0603 551D0E04 16041480 1FF21FB6
8B4902F1 83264C38 1B00FF31 E04AD130 0D06092A 864886F7 0D010104 05000381
810072E2 23CBEABC B0D8ED1B 09835CAD 6D4D92C7 31880AF1 B9EC00DC 12DBDC2B
637FD4AB 39051AF3 04D3D948 180AB27A FFF66B33 6E44AB03 5280EC27 3C68C054
B365F6E3 5272D96F 9BBBC96E 228CC9C7 84F3CC48 28479B47 D8ADD129 7BF495FF
D8AFCA02 F8096B3C 581E68AA 16A00112 49FCED96 83DD2847 BA07F69D 9195248B EF31
quit
username INEM privilege 15 secret 5 $1$2Jgp$bV.OuBughjgSIOLuCr6Kn16FP.
archive
log config
hidekeys
controller DSL 0/0/0
mode atm
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet0/1
description Conection to CISCO SDM
ip address 10.10.10.1 255.255.255.248
ip tcp adjust-mss 1412
duplex auto
speed auto
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
interface ATM0/0/0.1 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
interface Dialer0
ip address dhcp
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname r353535
ppp chap password 0 xdfgdfg
ppp pap sent-username r353535 password 0 xdfgdfg
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
login
scheduler allocate 20000 1000
end
Some one can help me please?
thanksHello,
Can you explain me please the reason of my WIC 1SHDSL-v3 not work in ADSL lines ?
Thank you,
Best Regards -
Duplicating de confirmation for Clients with credit problems
Hi,
We are using GATP to confirmed the sales orders quantities. In the check instructions,
we are using check availability and then RBA (product substitution)
When I create a sales order for a client with credit problems the confirmed quantity
is being duplicated after releasing the order.
The steps I am following are next:
1. VA01: create sales order (i.e: order product D 10 PC, I got 10 PC of product E confirmed because of the RBA)
2. VKM3: Release the order
3. VA03: display the sales order
(it duplicates the lines with confirmed quantity - i.e: I got line 10: product D 0 PC confirmed; line 11: product E 10 PC confirmed; line 12: product E 10 PC confirmed, so line 12 is repeating line 11)
We have explore any issues related to the availability check, but it seems to be a problem with the configuration of the credit processing.
Have you ever had this issue? Any recommendation to solve it?
Thanks a lot in advance.777,
Are you using product allocation?
In what case you see duplicate confirmation? in case of partial delivered order? if so check OSS note 1442425.
Regards,
Harshil Desai -
Linksys Cisco WVC210 Network Camera - Problem
Hello Cisco Members,
I have problem with one Linksys Cisco WVC210 Network Camera.
When I Power ON, the PowerLED blinking, other 3 GreenLED light and on LCD Display have nothing.
I make 30 seconds push resset button, 30 seconds power OFF and havent result. When I connect it to
Router with DHCP, this camera can not take IP Address... I do not understand where is a problem with
this camera.
I write here to get a fix of this problem.
Regards,
VivendiTry power on and after 90 seconds go to the Browser and type in 192.168.1.99 (assuming you are on the 192.168.1.xx LAN network) and see if you are able to get to the firmware page, if yes try reload the firmware, if you are not then I would recommend returning the product by getting in touch with Cisco's Tech Support and get an RMA number and instructions on returning the product and get a replacement.
Alan. -
Cisco outbound Dialer MRPG test calls command
Hi Dear,
Can you please tell me someone about this command.
What is the cisco sccp dialer test call command on the cmd.
It should be smilar command on the cmd
c:\ test x 01545051
I could not remember correctly.
Thanks and RegardsThe utility is dialogictest
This is for SCCP only though so wouldn't work in a recent install. Details are in the Cisco Outbound Option guide:
From the \icm\bin directory on the Dialer, type the following to run the DialogicTest utility, type Dialogictest softphone <number of ports in the Dialer port map> <CallManager name or IP address> <dialer ID> <starting channelID> <custname>
where:
The CallManager name or IP address indicates the Unified CM TFTP server machine.
The dialer ID is the numeric identifier obtained above from the Dialer table.
The starting channel ID indicates the first port ID in the Dialer (usually 0). This creates simulated Dialer ports based on the port map configuration.
The custname is the ICM customer name.
Choose a phone station on the ACD that has a "caller ID" display and note its phone number. This phone station is called to validate connectivity between the Dialer and the station. Using DialogicTest, dial this station using the following syntax: >d 0 <station #> 30
where d is the abbreviation for "Dial," 0 is the first channel in the port map, station # is the actual number to reach the phone station, and 30 represents the amount of time DialogicTest attempts to ring the phone station. For example, to dial station 51001, the command is >d 0 51001 30. -
Cisco Prime 2.1 problem with API/Client
Hi,
im having a problem with the API output i get from Cisco Prime Infrastructure. The URL im trying to GET info from is:
https://<URL>/webacs/api/v1/data/Clients
The output shows that im missing data from a specific ID. Example:
{"@url":"https:\/\/prime.lmv.lm.se\/webacs\/api\/v1\/data\/Clients\/1280389614","@type":"Clients","$":"1280389614"}
Then i try to GET the info regarding this ID: https://<URL>/webacs/api/v1/data/Clients/1280389614
{"errorDocument":{"httpResponseCode":500,"httpMethod":"GET","message":"No such entity as Clients \/ 1280389614.-PRS-101","id":"presentation.PRS-101","uriPath":"data\/Clients\/1280389614","queryParams":"{}"}}
So something is wrong here, so when i add ".full=true" parameter i get the following error as it cannot show the client data:
https://<URL>/webacs/api/v1/data/Clients.json?.full=true&.firstResult=1000&.maxResults=1000
{"errorDocument":{"httpResponseCode":500,"httpMethod":"GET","message":"Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'; nested exception is org.hibernate.HibernateException: Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'","exception":"org.springframework.orm.hibernate3.HibernateSystemException: Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'; nested exception is org.hibernate.HibernateException: Exception while invoking valueOf method 'getEnum' of enumeration class 'class com.cisco.ncs.nbi.client.ClientProtocolEnum'","uriPath":"data\/Clients","queryParams":"{.full=[true], .firstResult=[1000], .maxResults=[1000]}"}}
Any idea how to solve this issue, how can i find the client that is causing this problem? In my script im reading all the clients in the network to a third party application. But right now its hard to get this output in a smart way. It might be resolved in 2.2, but it feels like the data i corrupt in some way so i doubt that this error is related to the version?
Best Regards // Mattias AnderssonHi,
I have also run into this problem on two different Prime 2.1-systems when trying to get all Client-data available. I haven't figured out a way to fix it more than making small calls (.maxResults=100) then trying to pin-point and skip the ID giving the error. I've been using 2.2 for a while now but haven't tested the Client-API that much yet. I'll experiment some more on it and see if I can recreate the problem to see if it's related to the version. -
Cisco PI&MSE client historical report problem
hi all
I have cisco pi1.4 and mse7.6 and I was able to see the client on the map but suddenly there is no historical data appear regarding the wireless clients.
the cas is configured and the historical parameters are configured.
please advice.
thanks in advance.Hello, could you provide a screenshot with the problem and for which reports it happens?
Thanks! -
Cisco RV130W VPN firewall problems
Dear Supports:
I am newbie with Cisco, and I bought a Cisco RV130W wireless VPN router last week but
I got same problem with this router.
1)I have installed a DHCP server in our internal network so I have disabled the DHCP
service under network > LAN > LAN configuration > Server Settings(DHCP), but after
this action, all of our wireless device can not get IP again, finally I have
enabled the DHCP relay and put the DHCP server IP to "Remote DHCP Server" field, and
the problem seems fixed, may I know I have take a right action ? And if the answer
is yes, what is the usage for the DHCP Server "Disable" option ?
2)When I set DHCP to Disable, I find that dashboard still showing that the DHCP
server still in "Enabled" status (Dashboard right top corner > LAN (local network)
Interface > DHCP Server: Enabled), may I know it is a firmware bug or just some
setting I missed ?
3)WiFi signal is weak but I can not find any setting to control signal strong, some
times the SSID disappeared, finally I find that because I placed a Ext. USB 3.0 HDD
aside the router, after I remove the HDD and the SSID never disappear again, but I
don't know why this case happened and how can I prevent those case happened again?
4)In dashboard I find that VPN server > PPTP User: 0/1 , but in user manual I also
find that PPTP VPN > 10 PPTP tunnels for remote client access, may I know in
actually the router supports 1 or 10 PPTP user(s) ?
5)The PPTP VPN will disconnect automatically after connected 10~15 mins, I have try with 2 android device , one is running android 4.2 with native VPN client , and another one is running android 4.4.2 with apps "VpnRoot" , can you let me some hints how to trace and fix the problem ?
Thank for the support and I am wait for the reply , thanks.This document demonstrates how to configure a connection between a router and the Cisco VPN Client 4.x using Remote Authentication Dial-In User Service (RADIUS) for user authentication. Cisco IOS? Software Releases 12.2(8)T and later support connections from Cisco VPN Client 3.x. The VPN Clients 3.x and 4.x use Diffie Hellman (DH) group 2 policy. The isakmp policy # group 2 command enables the VPN Clients to connect.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml -
Cisco ASA 5510 - Cisco Client Can Connect To VPN But Can't Ping!
Hi,
I have an ASA 5510 with the configuration below. I have configure the ASA as remote access vpn server with cisco vpn client, my problem now is I can connect but I can't ping.
Config
ciscoasa# sh run
: Saved
ASA Version 8.0(3)
hostname ciscoasa
enable password 5QB4svsHoIHxXpF/ encrypted
names
name xxx.xxx.xxx.xxx SAP_router_IP_on_SAP
name xxx.xxx.xxx.xxx ISA_Server_second_external_IP
name xxx.xxx.xxx.xxx Mail_Server
name xxx.xxx.xxx.xxx IncomingIP
name xxx.xxx.xxx.xxx SAP
name xxx.xxx.xxx.xxx WebServer
name xxx.xxx.xxx.xxx cms_eservices_projects_sharepointold
name 192.168.2.2 isa_server_outside
interface Ethernet0/0
nameif outside
security-level 0
ip address IncomingIP 255.255.255.248
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.253 255.255.255.0
management-only
passwd 123
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
object-group service TCP_8081 tcp
port-object eq 8081
object-group service DM_INLINE_TCP_1 tcp
port-object eq 3389
port-object eq ftp
port-object eq www
port-object eq https
port-object eq smtp
port-object eq pop3
port-object eq 3200
port-object eq 3300
port-object eq 3600
port-object eq 3299
port-object eq 3390
port-object eq 50000
port-object eq 3396
port-object eq 3397
port-object eq 3398
port-object eq imap4
port-object eq 587
port-object eq 993
port-object eq 8000
port-object eq 8443
port-object eq telnet
port-object eq 3901
group-object TCP_8081
port-object eq 1433
port-object eq 3391
port-object eq 3399
port-object eq 8080
port-object eq 3128
port-object eq 3900
port-object eq 3902
port-object eq 7777
port-object eq 3392
port-object eq 3393
port-object eq 3394
port-object eq 3395
port-object eq 92
port-object eq 91
port-object eq 3206
port-object eq 8001
port-object eq 8181
port-object eq 7778
port-object eq 8180
port-object eq 22222
port-object eq 11001
port-object eq 11002
port-object eq 1555
port-object eq 2223
port-object eq 2224
object-group service RDP tcp
port-object eq 3389
object-group service 3901 tcp
description 3901
port-object eq 3901
object-group service 50000 tcp
description 50000
port-object eq 50000
object-group service Enable_Transparent_Tunneling_UDP udp
port-object eq 4500
access-list inside_access_in remark connection to SAP
access-list inside_access_in extended permit ip 192.168.2.0 255.255.255.0 host SAP_router_IP_on_SAP
access-list inside_access_in remark VPN Outgoing - PPTP
access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any eq pptp
access-list inside_access_in remark VPN Outgoing - GRE
access-list inside_access_in extended permit gre 192.168.2.0 255.255.255.0 any
access-list inside_access_in remark VPN - GRE
access-list inside_access_in extended permit gre any any
access-list inside_access_in remark VPN Outgoing - IKE Client
access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq isakmp
access-list inside_access_in remark VPN Outgoing - IPSecNAT - T
access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq 4500
access-list inside_access_in remark DNS Outgoing
access-list inside_access_in extended permit udp any any eq domain
access-list inside_access_in remark DNS Outgoing
access-list inside_access_in extended permit tcp any any eq domain
access-list inside_access_in remark Outoing Ports
access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit ip 172.16.1.0 255.255.255.0 any
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any any eq pptp
access-list outside_access_in extended permit gre any any
access-list outside_access_in extended permit gre any host Mail_Server
access-list outside_access_in extended permit tcp any host Mail_Server eq pptp
access-list outside_access_in extended permit esp any any
access-list outside_access_in extended permit ah any any
access-list outside_access_in extended permit udp any any eq isakmp
access-list outside_access_in extended permit udp any any object-group Enable_Transparent_Tunneling_UDP
access-list VPN standard permit 192.168.2.0 255.255.255.0
access-list corp_vpn extended permit ip 192.168.2.0 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool POOL 172.16.1.10-172.16.1.20 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 2 Mail_Server netmask 255.0.0.0
global (outside) 1 interface
global (inside) 2 interface
nat (inside) 0 access-list corp_vpn
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp Mail_Server 8001 ISA_Server_second_external_IP 8001 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 8000 ISA_Server_second_external_IP 8000 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server pptp isa_server_outside pptp netmask 255.255.255.255
static (inside,outside) tcp Mail_Server smtp isa_server_outside smtp netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 587 isa_server_outside 587 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 9444 isa_server_outside 9444 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 9443 isa_server_outside 9443 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3389 isa_server_outside 3389 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3390 isa_server_outside 3390 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3901 isa_server_outside 3901 netmask 255.255.255.255
static (inside,outside) tcp SAP 50000 isa_server_outside 50000 netmask 255.255.255.255
static (inside,outside) tcp SAP 3200 isa_server_outside 3200 netmask 255.255.255.255
static (inside,outside) tcp SAP 3299 isa_server_outside 3299 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server www isa_server_outside www netmask 255.255.255.255
static (inside,outside) tcp Mail_Server https isa_server_outside https netmask 255.255.255.255
static (inside,outside) tcp Mail_Server pop3 isa_server_outside pop3 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server imap4 isa_server_outside imap4 netmask 255.255.255.255
static (inside,outside) tcp cms_eservices_projects_sharepointold 9999 isa_server_outside 9999 netmask 255.255.255.255
static (inside,outside) 192.168.2.0 access-list corp_vpn
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set transet esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set pfs
crypto dynamic-map dynmap 10 set transform-set transet ESP-3DES-SHA
crypto map cryptomap 10 ipsec-isakmp dynamic dynmap
crypto map cryptomap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx interface inside
dhcpd domain domain.local interface inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
tftp-server management 192.168.1.123 /
group-policy mypolicy internal
group-policy mypolicy attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN
username vpdn password 123
username vpdn attributes
vpn-group-policy mypolicy
service-type remote-access
tunnel-group mypolicy type remote-access
tunnel-group mypolicy general-attributes
address-pool POOL
default-group-policy mypolicy
tunnel-group mypolicy ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp
service-policy global_policy global
prompt hostname context
Cryptochecksum:b8bb19b6cb05cfa9ee125ad7bc5444ac
: end
Thank you very much.Here is the output:
ciscoasa# packet-tracer input outside icmp 172.16.1.10 8 0 192.168.2.1
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (inside,outside) 192.168.2.0 access-list corp_vpn
nat-control
match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
static translation to 192.168.2.0
translate_hits = 0, untranslate_hits = 139
Additional Information:
NAT divert to egress interface inside
Untranslate 192.168.2.0/0 to 192.168.2.0/0 using netmask 255.255.255.0
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit ip any any
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
Additional Information:
Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (inside,outside) 192.168.2.0 access-list corp_vpn
nat-control
match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
static translation to 192.168.2.0
translate_hits = 0, untranslate_hits = 140
Additional Information:
Phase: 11
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule -
I've got a problem that I could use some input on. We have several
Cisco 804 routers that we use for our teleworkers at home. They have
standard PC's that connect to the ethernet interface on the router
and to a Siemens phone with Optiset teleworking adaptor via 9 pin
serial cable and COM1 port on the PC.
On the router, we are running the BRI0 and Dialer1 interface with
PPP multilink. I can get the router connect to our DC here in
Seattle without problem. The problem comes while trying to use
Siemens callbridge.
With the phone connected to POTS2 and not signed into callbridge, I
can pickup the handset and get a dial tone. I then sign into
callbridge which takes the phone (via the serial cable) and connects
it to a server (over Ethernet) here in our office in Seattle. This
succeeds, however when we then go off hook while signed into
callbridge, we don't get a dial tone.
I should step back for a second and state then when not signed into
CB, and pick up the phone, we'll see the router release BRI0:2 and
give it a voice (dial tone) signal. When signed into CB, this does
not happen. We are also seeing the error below:
ISDN BRI0: isdn_is_bchannel_available: No Free B-channels
I've got ISDN Events and q931 debugging on and am not seeing anything beside the error above that would point to a problem. Cisco has a 20 page debug all that they are going through to search for an answer.
Any chance that anyone has worked with this before?
Thanks,
JamesI would say that this is because the router is connected over 1 b channel to your seattle office and then when you log in with your callbridge you are using the second b channel so when you goto use the phone the router simply has no more b channels to use to carry your phone call which is why you get no dial tone.As BRI ONLY HAS 2*64Kbits b channels and 16Kbits d channel(signalling)
-
PPTP VPDN and Cisco Client errors
Hello there, i have configured a cisco 1841 router as a vpn server for microsoft pptp client access. When connecting outside my local lan it hangs at verifying username and password then gives me error 619 message "remote computer did not respond so port was closed". I am however able to connect on my local lan. I also have Cisco's VPN client configured on the router which works fine and able to receive emails in microsoft outlook but cannot send any emails. The emails just sit in the outbox till i connect to my local lan.Anyone who has experienced a similar problem? I have tried all the configs in the the forum and problem still persists. Any solutions?? Thanks
Try these links:
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00801e51e2.shtml
http://www.cisco.com/en/US/tech/tk827/tk369/tech_configuration_examples_list.html -
Cisco AP1121G Workgroup Bridge Problem
Hello,
For reference I have attached the following:
Network Diagram
Ping Results Table
Configurations for 1811 router, ap1121g root access point, ap1121g wgb.
I am seeking assistance with the following problem.
Referring to the attached network diagram, I cannot communicate past the ap1121g-wgb in either direction.
Also attached is a result table of ping attempts through the ap1121wgb from each side.
I don't have a problem with the wireless connections. The ap1121g's associate ok.
Based on the ping results the problem appears to be in the ap1121g-wgb configuration, but I have run out of ideas.
The following two cisco documents have been my main reference, besides the cisco command lookup site.
http://www.cisco.com/en/US/customer/products/hw/wireless/ps430/products_configuration_example09186a00805b9b87.shtml
http://www.cisco.com/en/US/docs/wireless/access_point/12.4_21a_JA1/configuration/guide/scg12421aJA1-chap19-wgb-standby.pdf
Any insight will be greatly appreciated.
Thanks...Robert,
Going back to your original post and looking through the example given in the first URL, I spotted a few lines in the example configurations which apply to older revisions of code, but not newer AP code, so they may be misleading. Based on the parameter availability of station-role workgroup-bridge in your last message, would you be wiling to try the following?
Reset both 1121 APs to factory default configuration (#write erase -- do not save config to startup if prompted)
Give each AP an IP address on BVI1 so that both APs are in the same subnet
Apply the following configuration to the infrastrucuture (root) AP:
dot11 ssid WGB-SSID
authentication open
interface dot11radio 0
ssid WGB-SSID
station-role root
no shutdown
Apply the following configuration to the workgroup-bridge (client) AP:
dot11 ssid WGB-SSID
authentication open
interface dot11radio 0
ssid WGB-SSID
station-role workgroup-bridge
no shutdown
The intended goal with this exercise is to get rid of all config and to try only basic required elements of a WGB configuration, starting with fresh factory defaults. Let's see if it will work for you as a bare-bones setup and then you can add other configuration like encryption and ACLs back in later.
Justin -
Hi at all,
I need your experience with this device! I will implement a remote connection to a customer.
Following constellation:
My PC --> Our ISDN NTBA --> provider --> Phone System customer --> S0 --> ISDN 801 Router --> End Device
My problem is when I call the phone number with my mobile phone the call takes place, the router brings up the channel and hold this for a few seconds.
The he kick me out than he can´t speak with my end device.
When I do this with my remote pc nothing happens only this.
He hangs up and I must restart this application to do the next attempt. How can I fix this problem?
The debug isdn q931 shows this:
00:34:24: ISDN BR0 Q931: RX <- SETUP pd = 8 callref = 0x01
Sending Complete
Bearer Capability i = 0x8890
Standard = CCITT
Transer Capability = Unrestricted Digital
Transfer Mode = Circuit
Transfer Rate = 64 kbit/s
Channel ID i = 0x8A
Calling Party Number i = 0x0083, 'xxxxxxx'
Plan:Unknown, Type:Unknown
Called Party Number i = 0x80, '69'
Plan:Unknown, Type:Unknown
00:34:24: %DIALER-6-BIND: Interface BR0:2 bound to profile Di1
00:34:103079215104: %LINK-3-UPDOWN: Interface BRI0:2, changed state to up
00:34:24: ISDN BR0 Q931: TX -> CALL_PROC pd = 8 callref = 0x81
Channel ID i = 0x8A
00:34:24: ISDN BR0 Q931: RX <- CONNECT_ACK pd = 8 callref = 0x01
Channel ID i = 0x8A
00:34:24: ISDN BR0 Q931: TX -> ALERTING pd = 8 callref = 0x81
00:34:24: ISDN BR0 Q931: RX <- RELEASE_COMP pd = 8 callref = 0x01
Cause i = 0x85D1 - Invalid call reference value
00:34:24: ISDN BR0 Q931: TX -> CONNECT pd = 8 callref = 0x81
00:34:24: %ISDN-6-CONNECT: Interface BRI0:2 is now connected to xxxxxxxx
00:34:24: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down
00:34:24: %DIALER-6-UNBIND: Interface BR0:2 unbound from profile Di1
00:34:24: ISDN BR0 Q931: RX <- RELEASE_COMP pd = 8 callref = 0x01
Cause i = 0x85D1 - Invalid call reference value
00:34:24: ISDN BR0 Q931: L3_Go: L3_GetUser_NLCB returned NULL cid 0x0 cr 0x81 ev 0x5A ces 1 -- Message ignored
00:34:24: ISDN BR0 Q931: RX <- RELEASE_COMP pd = 8 callref = 0x01
Cause i = 0x85D1 - Invalid call reference value
00:34:24: ISDN BR0 Q931: L3_Go: L3_GetUser_NLCB returned NULL cid 0x0 cr 0x81 ev 0x5A ces 1 -- Message ignored
00:34:27: ISDN BR0 Q931: RX <- DISCONNECT pd = 8 callref = 0x01
Cause i = 0x8090 - Normal call clearing
Facility i = 0x91A11302029372020122300AA1053003020100820101
- ETSI Supplementary Service, Invoke, AOC-D Charging Units: 0
00:34:27: ISDN BR0 Q931: RX <- RELEASE_COMP pd = 8 callref = 0x01
And this is my configuration on the Cisco 801 ISDN Router:
sh run
Building configuration...
Current configuration : 1539 bytes
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname customer
boot-start-marker
boot system flash c800-y6-mw.123-3i.bin
boot-end-marker
logging buffered 4096 debugging
enable secret 5 $1$4sbt$qMDQoozleDqJstTzC2P8I1
username admin password 7 01000505571F0303
aaa new-model
aaa authentication login default local
aaa authentication ppp default local
aaa session-id common
ip subnet-zero
no ip domain lookup
isdn switch-type basic-net3
interface Ethernet0
description connection
ip address 192.168.1.254 255.255.255.0
no keepalive
interface BRI0
description connected to Dial-inPC (ISDN)
no ip address
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
isdn incoming-voice data
isdn answer1 12
isdn send-alerting
isdn sending-complete
isdn static-tei 0
interface Dialer0
description connected to Dial-inPC (ISDN)
ip unnumbered Ethernet0
encapsulation ppp
no ip split-horizon
dialer pool 1
peer default ip address pool test
no cdp enable
ppp authentication chap
ppp multilink
router rip
version 2
network 192.168.1.0
no auto-summary
ip local pool test 192.168.1.10 192.168.1.11
ip classless
no ip http server
dialer-list 1 protocol ip permit
line con 0
exec-timeout 0 0
transport preferred all
transport output all
stopbits 1
line vty 0 4
transport preferred all
transport input all
transport output all
no rcapi server
end
I hope anyone have or had this constellation too with a solution that works.
Many Thanks in advance,
MarioHi at all,
We found a solution for this Problem !!
We always and always got this error:
%PQUICC-1-LOSTCARR: Unit 0, lost carrier. Transceiver problem?
The problem was the cable! The following pin-out is required:
1 ----- 1
2 ----- 2
3 ----- 6
4 ----- 5
5 ----- 4
6 ----- 3
7 ----- 7
8 ----- 8
We used this and the fault has disappeared!!
The only problem that still exists:
After the first connection the router must be rebooted because otherwise no more additional session is established.
Thanks for all answers.
Regards,
Mario -
SNMP Discovery of clients through WLC problems
I have a client with a 2112 WLC and 1252AG radios. The clients work fine, but an SNMP management server can not reach any of the clients over the wireless. Before the WLC and new AP's were installed, they were running older Cisco Autonomous AP's and had no problems with SNMP. My monitoring system uses SNMP and it can reach the WLC just fine, so there doesnt appear to be any issues on the switched network.
What can be blocking the SNMP on the WLC?the WLC, by default doesn't communicate when you bridge the VLANs. Do the clients need to be in the same subnet as the SNMP server? If not, remove the interface and they should be able to communicate.
If they do need to hVe in that subnet, then you need to enable management via dynamic interface
Config network mgmt-via-dynamic-interface enable
Sent from Cisco Technical Support iPhone App
Maybe you are looking for
-
How To Reinstall Mac Xerox Drivers
I made the mistake of installing the Xerox Phaser 6360 drivers from the Xerox site. It caused long delays when trying to print - got the spinning beachball for up to a minute each time I tried to print. I'd like to reinstall the Apple Drivers. I have
-
Error while creating logical port from WSDL in SOAMANAGER
Hi, I am trying to create a logical port for the webservice TerritoryCRMBasicDataByIDQueryResponse_In with the WSDL http://usciq9e.wdf.sap.corp:50077/sap/bc/srt/wsdl/sdef_TERRITORYCRMBASICDATABYIDQUERY/wsdl11/ws_policy/document?sap-client=506 In SOA
-
Telephone number does not get truncated in BP Master Record
Hi All, Our requirement is to truncate the space between telephone number and extension on BP master record on WEB UI. But we are unable to figure out how to do this. So kindly suggest what kind of configuration or development need to be done. Thanks
-
Data recovery of trashed files
I recently lost some data on a Hard Drive by inadvertently tossing a folder in a the trash and emptying it. ( there is no software for carelessness). My back up software just mirrored the affected drive and erased the data from the back up drive. I h
-
Font not appearing in illustrator
HAPPY NEW YEAR to everyone! I have downloaded the free font Baveuse and installed it in my Font Book .. using a Mac, 10.8.2. Font appears in photoshop but not illustrator. I have validated the font, shut down illustrator, shut down the computer bu