Cisco PI client station vendor type

hi all,
i have cisco PI when i go to monitor>clients
i can see all the connected clients to my network as long as i can see their station vendor type "Dell,HP,Samsung,....."
I need to know how PI can detect the vendor type ?!
thanks in advance

device profiling can be done different way (like looking at DHCP, HTTP, OUI, etc). Refer below
http://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/7-5/NativeProfiling75.html
So PI can collect these information from WLC & report to you
HTH
Rasika
**** Pls rate all useful responses ****

Similar Messages

Calling issue with Cisco 7937 conference station

Hi Friends,
I am facing issue wiht Cisco 7937 conference station, our customer have various branch offices accross the world. All branches are connected over MPLS through service provider( SIP service provider) . there is a centralized CUCM and remote office have SIP Voice gateways .
When making calls from once remote site to another using Cisco 6921 phones calls working fine
When making calls from once remote site to another using Cisco 7937 conference station to make call any phone at remote office, calls are getting disconneted, remote phone rings when calls, but its gets fast busy tone when other party picks up the phone and not able to talk.
I suspect the issue with Codec but we have configured transcoders in VG and registered with CUCM
Please help me if any one experience such issue earlier.
Regards
Siva

hi Basant,
1. Actually tow phones A and B are registerd with centralized CUCM, A and B are located in two different locations, RTP traffic between And B pass through service provider.
Call Flow --> Phone A ---->CUCMRouterpattern--> SIP trunk ----> Voice gateway--->Service provider cloud---> Respective Voice Gateway---> CUCM -- Phone B
Show Run
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.02.27 15:14:52 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...
Current configuration : 12139 bytes
! Last configuration change at 06:35:59 UTC Tue Feb 25 2014
! NVRAM config last updated at 11:16:38 UTC Mon Feb 24 2014 by administrator
! NVRAM config last updated at 11:16:38 UTC Mon Feb 24 2014 by administrator
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname eucamvgw01
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.151-4.M5.bin
boot-end-marker
card type e1 0 0
logging buffered 51200 warnings
no logging console
no aaa new-model
no network-clock-participate wic 0
no ipv6 cef
ip source-route
ip traffic-export profile cuecapture mode capture
bidirectional
ip cef
ip multicast-routing
ip domain name drreddys.eu
ip name-server 10.197.20.1
ip name-server 10.197.20.2
multilink bundle-name authenticated
stcapp ccm-group 2
stcapp
stcapp feature access-code
stcapp feature speed-dial
stcapp supplementary-services
port 0/1/0
fallback-dn 5428025
port 0/1/1
fallback-dn 5428008
port 0/1/2
fallback-dn 5421462
port 0/1/3
fallback-dn 5421463
isdn switch-type primary-net5
crypto pki token default removal timeout 0
voice-card 0
dsp services dspfarm
voice call send-alert
voice call disc-pi-off
voice call convert-discpi-to-prog
voice rtp send-recv
voice service voip
ip address trusted list
ipv4 10.198.0.0 255.255.255.0
ipv4 152.63.1.0 255.255.255.0
address-hiding
allow-connections sip to sip
no supplementary-service h225-notify cid-update
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
fax-relay ans-disable
sip
rel1xx supported "track"
privacy pstn
no update-callerid
early-offer forced
call-route p-called-party-id
voice class uri 100 sip
host 41.206.187.71
voice class codec 10
codec preference 1 g711alaw
codec preference 2 g711ulaw
codec preference 3 ilbc
codec preference 4 g729r8
codec preference 5 g729br8
voice class codec 20
codec preference 1 g729br8
codec preference 2 g729r8
voice moh-group 1
moh flash:moh/Panjo.alaw.wav
description MOH G711 alaw
multicast moh 239.1.1.2 port 16384 route 10.198.2.9
voice translation-rule 1
rule 1 /^012237280$..$/ /54280\1/
rule 2 /^012236514$..$/ /54214\1/
rule 3 /^01223651081/ /5428010/
rule 4 /^01223506701/ /5428010/
voice translation-rule 2
rule 1 /^00$.+$/ /+\1/
rule 2 /^0$.+$/ /+44\1/
rule 3 /^$[0-9].+$/ /+\1/
voice translation-rule 3
rule 1 /^9$.+$/ /\1/
rule 2 /^\+44$.+$/ /0\1/
rule 3 /^\+$.+$/ /00\1/
voice translation-rule 4
rule 1 /^54280$..$/ /12237280\1/
rule 2 /^54214$..$/ /12236514\1/
rule 3 /^\+44$.+$/ /\1/
rule 4 /^.54280$..$/ /12237280\1/
rule 5 /^.54214$..$/ /12236514\1/
voice translation-rule 9
rule 1 /^$....$/ /542\1/
voice translation-rule 10
voice translation-rule 11
rule 1 /^\+44122372$....$/ /542\1/
rule 2 /^\+44122365$....$/ /542\1/
voice translation-rule 12
voice translation-rule 13
rule 1 /^$[18]...$/ /542\1/
voice translation-rule 14
voice translation-profile MPLS-incoming
translate calling 10
translate called 9
voice translation-profile MPLS-outgoing
translate calling 11
translate called 12
voice translation-profile PSTN-incoming
translate calling 2
translate called 1
voice translation-profile PSTN-outgoing
translate calling 4
translate called 3
voice translation-profile SRST-incoming
translate calling 14
translate called 13
license udi pid CISCO2921/K9 sn FGL145110RE
hw-module ism 0
hw-module pvdm 0/0
username administrator privilege 15 secret 5 $1$syu5$DsxdOgfS7Wltx78o4PV.60
redundancy
controller E1 0/0/0
ip tcp path-mtu-discovery
ip scp server enable
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description internal LAN
ip address 10.198.2.9 255.255.255.0
duplex auto
speed auto
interface ISM0/0
ip unnumbered GigabitEthernet0/0
service-module ip address 10.198.2.8 255.255.255.0
!Application: CUE Running on ISM
service-module ip default-gateway 10.198.2.9
interface GigabitEthernet0/1
description to TATA NGN
ip address 115.114.225.122 255.255.255.252
duplex auto
speed auto
interface GigabitEthernet0/2
description SIP Trunks external
ip address 79.121.254.83 255.255.255.248
ip access-group SIP-InBound in
ip traffic-export apply cuecapture size 8000000
duplex auto
speed auto
interface ISM0/1
description Internal switch interface connected to Internal Service Module
no ip address
shutdown
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.198.2.1
ip route 10.198.2.8 255.255.255.255 ISM0/0
ip route 41.206.187.0 255.255.255.0 115.114.225.121
ip route 77.37.25.46 255.255.255.255 79.121.254.81
ip route 83.245.6.81 255.255.255.255 79.121.254.81
ip route 83.245.6.82 255.255.255.255 79.121.254.81
ip route 95.223.1.107 255.255.255.255 79.121.254.81
ip route 192.54.47.0 255.255.255.0 79.121.254.81
ip access-list extended SIP-InBound
permit ip host 77.37.25.46 any
permit ip host 83.245.6.81 any
permit ip host 83.245.6.82 any
permit ip 192.54.47.0 0.0.0.255 any
permit icmp any any
permit ip host 95.223.1.107 any
deny ip any any log
control-plane
voice-port 0/1/0
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
voice-port 0/1/1
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
voice-port 0/1/2
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
voice-port 0/1/3
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
no ccm-manager fax protocol cisco
ccm-manager music-on-hold bind GigabitEthernet0/0
ccm-manager config server 152.63.1.19 152.63.1.100 172.27.210.5
ccm-manager sccp local GigabitEthernet0/0
ccm-manager sccp
mgcp profile default
sccp local GigabitEthernet0/0
sccp ccm 10.198.2.9 identifier 3 priority 3 version 7.0
sccp ccm 152.63.1.19 identifier 4 version 7.0
sccp ccm 152.63.1.100 identifier 5 version 7.0
sccp ccm 172.27.210.5 identifier 6 version 7.0
sccp
sccp ccm group 2
bind interface GigabitEthernet0/0
associate ccm 4 priority 1
associate ccm 5 priority 2
associate ccm 6 priority 3
associate ccm 3 priority 4
associate profile 1002 register CFB_UK_CAM_02
associate profile 1001 register XCODE_UK_CAM_02
associate profile 1000 register MTP_UK_CAM_02
dspfarm profile 1001 transcode
codec ilbc
codec g722-64
codec g729br8
codec g729r8
codec gsmamr-nb
codec pass-through
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 18
associate application SCCP
dspfarm profile 1002 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 2
associate application SCCP
dspfarm profile 1000 mtp
codec g711alaw
maximum sessions software 200
associate application SCCP
dial-peer cor custom
name SRSTMode
dial-peer cor list SRST
member SRSTMode
dial-peer voice 100 voip
description *** Inbound CUCM ***
translation-profile incoming PSTN-incoming
incoming called-number .
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 500 voip
description *** Inbound TATA MPLS ***
translation-profile incoming MPLS-incoming
session protocol sipv2
session target sip-server
incoming called-number ....
incoming uri from 100
voice-class codec 20
dtmf-relay rtp-nte
no vad
dial-peer voice 510 voip
description *** Outbound TATA MPLS ***
translation-profile outgoing MPLS-outgoing
destination-pattern 54[013-9]....
session protocol sipv2
session target ipv4:41.206.187.71
session transport udp
voice-class codec 20
dtmf-relay rtp-nte
no vad
dial-peer voice 520 voip
description *** Outbound TATA MPLS ***
translation-profile outgoing MPLS-outgoing
destination-pattern 5[0-35-9].....
session protocol sipv2
session target ipv4:41.206.187.71
session transport udp
voice-class codec 20
dtmf-relay rtp-nte
no vad
dial-peer voice 200 voip
description *** Inbound M12 *** 01223651081, 01223651440 - 01223651489
translation-profile incoming PSTN-incoming
session protocol sipv2
session target sip-server
session transport udp
incoming called-number 0122365....
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 201 voip
description *** Inbound M12 *** 012237280XX
translation-profile incoming PSTN-incoming
session protocol sipv2
session target sip-server
session transport udp
incoming called-number 012237280..
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 202 voip
description *** Inbound M12 *** 01223506701
translation-profile incoming PSTN-incoming
session protocol sipv2
session target sip-server
session transport udp
incoming called-number 01223506701
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 210 voip
description *** Outbound M12 ***
translation-profile outgoing PSTN-outgoing
destination-pattern +...T
session protocol sipv2
session target ipv4:83.245.6.81
session transport udp
dtmf-relay rtp-nte
codec g711alaw
no vad
dial-peer voice 211 voip
description *** Outbound ISDN for SRST and emergency ***
translation-profile outgoing PSTN-outgoing
destination-pattern 9.T
session protocol sipv2
session target ipv4:83.245.6.81
session transport udp
dtmf-relay rtp-nte
codec g711alaw
no vad
dial-peer voice 212 voip
description *** Outbound ISDN for emergency ***
translation-profile outgoing PSTN-outgoing
destination-pattern 11[02]
session protocol sipv2
session target ipv4:83.245.6.81
session transport udp
dtmf-relay rtp-nte
codec g711alaw
no vad
dial-peer voice 2000 voip
description *** Outbound to CUCM Primary ***
preference 1
destination-pattern 542....
session protocol sipv2
session target ipv4:152.63.1.19
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 2001 voip
description *** Outbound to CUCM Secondary ***
preference 2
destination-pattern 542....
session protocol sipv2
session target ipv4:152.63.1.100
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 2002 voip
description *** Outbound to CUCM Teritiary ***
preference 3
destination-pattern 542....
session protocol sipv2
session target ipv4:172.27.210.5
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 999010 pots
service stcapp
port 0/1/0
dial-peer voice 999011 pots
service stcapp
port 0/1/1
dial-peer voice 999012 pots
service stcapp
port 0/1/2
dial-peer voice 999013 pots
service stcapp
port 0/1/3
sip-ua
no remote-party-id
gatekeeper
shutdown
call-manager-fallback
secondary-dialtone 9
max-conferences 4 gain -6
transfer-system full-consult
ip source-address 10.198.2.9 port 2000
max-ephones 110
max-dn 400 dual-line no-reg
translation-profile incoming SRST-incoming
moh flash:/moh/Panjo.ulaw.wav
multicast moh 239.1.1.1 port 16384 route 10.198.2.9
time-zone 22
time-format 24
date-format dd-mm-yy
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 131
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
session-timeout 60
exec-timeout 60 0
privilege level 15
login local
transport input all
line vty 5 15
session-timeout 60
exec-timeout 60 0
privilege level 15
login local
transport input all
scheduler allocate 20000 1000
ntp server 10.1.30.1
end
eucamvgw01#
Sh SCCP
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.03.03 17:57:44 =~=~=~=~=~=~=~=~=~=~=~=
SCCP Admin State: UP
Gateway Local Interface: GigabitEthernet0/0
IPv4 Address: 10.198.2.9
Port Number: 2000
IP Precedence: 5
User Masked Codec list: None
Call Manager: 10.198.2.9, Port Number: 2000
Priority: 3, Version: 7.0, Identifier: 3
Call Manager: 152.63.1.19, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 4
Trustpoint: N/A
Call Manager: 152.63.1.100, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 5
Trustpoint: N/A
Call Manager: 172.27.210.5, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 6
Trustpoint: N/A
MTP Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Profile Identifier: 1000
Reported Max Streams: 400, Reported Max OOS Streams: 0
Supported Codec: g711alaw, Maximum Packetization Period: 30
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: rfc2833 pass-thru, Maximum Packetization Period: 30
Supported Codec: inband-dtmf to rfc2833 conversion, Maximum Packetization Period: 30
TLS : ENABLED
Transcoding Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Profile Identifier: 1001
Reported Max Streams: 36, Reported Max OOS Streams: 0
Supported Codec: ilbc, Maximum Packetization Period: 120
Supported Codec: g722r64, Maximum Packetization Period: 30
Supported Codec: g729br8, Maximum Packetization Period: 60
Supported Codec: g729r8, Maximum Packetization Period: 60
Supported Codec: gsmamr-nb, Maximum Packetization Period: 60
Supported Codec: pass-thru, Maximum Packetization Period: N/A
Supported Codec: g711ulaw, Maximum Packetization Period: 30
Supported Codec: g711alaw, Maximum Packetization Period: 30
Supported Codec: g729ar8, Maximum Packetization Period: 60
Supported Codec: g729abr8, Maximum Packetization Period: 60
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: rfc2833 pass-thru, Maximum Packetization Period: 30
Supported Codec: inband-dtmf to rfc2833 conversion, Maximum Packetization Period: 30
Conferencing Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Profile Identifier: 1002
Reported Max Streams: 16, Reported Max OOS Streams: 0
Supported Codec: g711ulaw, Maximum Packetization Period: 30
Supported Codec: g711alaw, Maximum Packetization Period: 30
Supported Codec: g729ar8, Maximum Packetization Period: 60
Supported Codec: g729abr8, Maximum Packetization Period: 60
Supported Codec: g729r8, Maximum Packetization Period: 60
Supported Codec: g729br8, Maximum Packetization Period: 60
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: rfc2833 pass-thru, Maximum Packetization Period: 30
Supported Codec: inband-dtmf to rfc2833 conversion, Maximum Packetization Period: 30
TLS : ENABLED
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070080
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20
Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070081
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20
Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070082
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070083
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20
Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
eucamvgw01#

Cisco Jabber client installation issue

I am trying to install Jabber Client 9.6(1) with this installation command
msiexec.exe /i CiscoJabberSetup.msi /quiet CLEAR=1 AUTHENTICATOR=CUP CUP_ADDRESS=1.2.3.4
but it didn't set account type as cisco IM & Presence instead it stays in Automatic
Is there any correct property to set it to Cisco IM & Presence as account type. Thanks for your help.

That is the correct, documented structure of the command so I'm unsure why it didn't work. Have you considered doing DNS SRV records instead? It's both the recommended and far easier way to get this done.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_6/InstallConfig/JABW_BK_CDFE9752_00_installation-and-configuration/JABW_BK_CDFE9752_00_installation-and-configuration_chapter_0100.html#JABW_CN_S8703698_00
If DNS really isn't an option for you, you could also consider creating an MST file using ORCA and using that instead of manual CLI switches.
If CLI switches are really your only option and no one has a better idea, try an older release (e.g. 9.2.6) just to see if it ever works. Depending on the outcome, it may be time for a TAC case.
Please remember to rate helpful responses and identify helpful or correct answers.

Need HELPS! ASA 5505 8.4 Cisco VPN Client cannot ping any internal host

Hi:
Need your great help for my new ASA 5505 (8.4)
I just set a new ASA 5505 with 8.4. However, I cannot ping any host after VPN in with Cisco VPN client. Please see below posted configuration file, thanks for any suggestion.
ASA Version 8.4(3)
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.29.8.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 177.164.222.140 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns server-group DefaultDNS
domain-name ABCtech.com
same-security-traffic permit inter-interface
object network obj_any
subnet 172.29.8.0 255.255.255.0
object service RDP
service tcp source eq 3389
object network orange
host 172.29.8.151
object network WAN_173_164_222_138
host 177.164.222.138
object service SMTP
service tcp source eq smtp
object service PPTP
service tcp source eq pptp
object service JT_WWW
service tcp source eq www
object service JT_HTTPS
service tcp source eq https
object network obj_lex
subnet 172.29.88.0 255.255.255.0
description Lexington office network
object network obj_HQ
subnet 172.29.8.0 255.255.255.0
object network guava
host 172.29.8.3
object service L2TP
service udp source eq 1701
access-list VPN_Tunnel_User standard permit 172.29.8.0 255.255.255.0
access-list VPN_Tunnel_User standard permit 172.29.88.0 255.255.255.0
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended deny tcp any any eq 135
access-list inside_access_in extended deny tcp any eq 135 any
access-list inside_access_in extended deny udp any eq 135 any
access-list inside_access_in extended deny udp any any eq 135
access-list inside_access_in extended deny tcp any any eq 1591
access-list inside_access_in extended deny tcp any eq 1591 any
access-list inside_access_in extended deny udp any eq 1591 any
access-list inside_access_in extended deny udp any any eq 1591
access-list inside_access_in extended deny tcp any any eq 1214
access-list inside_access_in extended deny tcp any eq 1214 any
access-list inside_access_in extended deny udp any any eq 1214
access-list inside_access_in extended deny udp any eq 1214 any
access-list inside_access_in extended permit ip any any
access-list inside_access_in extended permit tcp any any eq www
access-list inside_access_in extended permit tcp any eq www any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq 33
89
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq sm
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq pp
tp
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ww
w
access-list outside_access_in extended permit tcp any host 177.164.222.138 eq ht
tps
access-list outside_access_in extended permit gre any host 177.164.222.138
access-list outside_access_in extended permit udp any host 177.164.222.138 eq 17
01
access-list outside_access_in extended permit ip any any
access-list inside_access_out extended permit icmp any any
access-list inside_access_out extended permit ip any any
access-list outside_cryptomap extended permit ip 172.29.8.0 255.255.255.0 172.29
.88.0 255.255.255.0
access-list inside_in extended permit icmp any any
access-list inside_in extended permit ip any any
access-list inside_in extended permit udp any any eq isakmp
access-list inside_in extended permit udp any eq isakmp any
access-list inside_in extended permit udp any any
access-list inside_in extended permit tcp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool ABC_HQVPN_DHCP 172.29.8.210-172.29.8.230 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm history enable
arp timeout 14400
nat (inside,outside) source static orange interface service RDP RDP
nat (inside,outside) source static obj_HQ obj_HQ destination static obj_lex obj_
lex route-lookup
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_WWW JT_W
WW
nat (inside,outside) source static guava WAN_173_164_222_138 service JT_HTTPS JT
_HTTPS
nat (inside,outside) source static guava WAN_173_164_222_138 service RDP RDP
nat (inside,outside) source static guava WAN_173_164_222_138 service SMTP SMTP
nat (inside,outside) source static guava WAN_173_164_222_138 service PPTP PPTP
nat (inside,outside) source static guava WAN_173_164_222_138 service L2TP L2TP
object network obj_any
nat (inside,outside) dynamic interface
access-group inside_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 177.164.222.142 1
route inside 172.29.168.0 255.255.255.0 172.29.8.253 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server Guava protocol nt
aaa-server Guava (inside) host 172.29.8.3
timeout 15
nt-auth-domain-controller guava
user-identity default-domain LOCAL
http server enable
http 172.29.8.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_VPN_Set esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set Remote_vpn_set esp-3des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto dynamic-map outside_dyn_map 20 set ikev1 transform-set Remote_VPN_Set
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 173.190.123.138
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5
ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ES
P-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 172.29.8.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside vpnclient-wins-override
dhcprelay server 172.29.8.3 inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
group-policy ABCtech_VPN internal
group-policy ABCtech_VPN attributes
dns-server value 172.29.8.3
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN_Tunnel_User
default-domain value ABCtech.local
group-policy GroupPolicy_10.8.8.1 internal
group-policy GroupPolicy_10.8.8.1 attributes
vpn-tunnel-protocol ikev1 ikev2
username who password eicyrfJBrqOaxQvS encrypted
tunnel-group 10.8.8.1 type ipsec-l2l
tunnel-group 10.8.8.1 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 10.8.8.1 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
tunnel-group ABCtech type remote-access
tunnel-group ABCtech general-attributes
address-pool ABC_HQVPN_DHCP
authentication-server-group Guava
default-group-policy ABCtech_VPN
tunnel-group ABCtech ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 173.190.123.138 type ipsec-l2l
tunnel-group 173.190.123.138 general-attributes
default-group-policy GroupPolicy_10.8.8.1
tunnel-group 173.190.123.138 ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 remote-authentication certificate
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect pptp
inspect ftp
inspect netbios
smtp-server 172.29.8.3
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:6a26676668b742900360f924b4bc80de
: end

Hello Wayne,
Can you use a different subnet range than the internal interface, this could cause you a LOT of issues and hours on troubleshooting, so use a dedicated different Ip address range...
I can see that the local Pool range is included into the inside interface Ip address subnet range, change that and the related config ( NAT,etc, ) and let us know what happens,
Regards,
Julio
Security Trainer

Problem with Cisco VPN client and HP elitebook 2530p windows 7 64-bit

Hi there
I have a HP Elitebook 2530p which i upgraded to windows 7 64-bit. I installed the Cisco VPN client application (ver. 5.0.07.0290 and also 64-bit) and the HP connection manager to connect to the internet through a modem Qualcomm gobi 1000 (that is inside the laptop). When I connect to the VPN, it connects (I write the username and password) but there is no traffic inside de virtual adapter for my servers. When I connect to the internet through wire or wireless internet, I connect de VPN client and there is no problem to establish communication to my servers.
I tried everything, also change the driver and an earlier version of the HP connection manager application. I also talked to HP and they told me that there was a report with this kind of problem and it was delivered to Cisco. I don’t know where is the problem.
Could anyone help me?
Thanks to all.

You can try to update Deterministic Network Enhancer to the below listed release which supports
WWAN Drivers.
http://www.citrix.com/lang/English/lp/lp_1680845.asp.
DNE now supports WWAN devices in Win7. Before downloading the latest version of DNEUpdate from the links below, be sure you have the latest
drivers for your network adapters by downloading them from the vendors websites.
For 64-bit: ftp://files.citrix.com/dneupdate64.msi
Hope that helps.

IOS VPN will not respond to Cisco VPN Client connections.

Hi all,
I am about to set my routers on fire here.
I have two 2921 ISRs both with Security licenses on separate leased lines. I have configured one to accept VPN connections from our Cisco VPN Client remote workers.
I have followed the set up process I used on another site with an 1841/Sec router and the same clients and I have also checked against the config given in the latest IOS15 EasyVPN guide.
With all debugs active, all I see is
038062: Dec 8 14:03:04.519: ISAKMP (0): received packet from x.y.z.z dport 500 sport 60225 Global (N) NEW SA
038063: Dec 8 14:03:04.519: ISAKMP: Created a peer struct for x.y.z.z, peer port 60225
038064: Dec 8 14:03:04.519: ISAKMP: New peer created peer = 0x3972090C peer_handle = 0x8001D881
038065: Dec 8 14:03:04.523: ISAKMP: Locking peer struct 0x3972090C, refcount 1 for crypto_isakmp_process_block
038066: Dec 8 14:03:04.523: ISAKMP:(0):Setting client config settings 3E156D70
038067: Dec 8 14:03:10.027: ISAKMP (0): received packet from x.y.z.z dport 500 sport 60225 Global (R) MM_NO_STATE
Below is the abridged config.
System image file is "flash0:c2900-universalk9-mz.SPA.154-1.T1.bin"
aaa new-model
aaa authentication login default local
aaa authentication login VPNAUTH local
aaa authorization exec default local
aaa authorization network VPN local
aaa session-id common
crypto isakmp policy 10
encr aes
authentication pre-share
group 14
crypto isakmp client configuration group VPN
key ****-****-****-****
dns 192.168.177.207 192.168.177.3
domain xxx.local
pool VPNADDRESSES
acl REVERSEROUTE
crypto ipsec transform-set HASH esp-aes esp-sha-hmac
mode tunnel
crypto ipsec profile IPSECPROFILE
set transform-set HASH
crypto dynamic-map VPN 1
set transform-set HASH
reverse-route
crypto map VPN client authentication list VPNAUTH
crypto map VPN isakmp authorization list VPN
crypto map VPN client configuration address respond
crypto map VPN 65535 ipsec-isakmp dynamic VPN
ip local pool VPNADDRESSES 172.16.198.16 172.16.198.31
ip access-list extended REVERSEROUTE
permit ip 192.168.0.0 0.0.255.255 any
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended FIREWALL
2 permit udp any host a.b.c.d eq non500-isakmp
3 permit udp any host a.b.c.d eq isakmp
4 permit ahp any host a.b.c.d
5 permit esp any host a.b.c.d
If anyone can see anything wrong, I would be so pleased and it would save the destruction of an ostensibly innocent router.
Thanks,
Paul

> I actually love you. Thank you so much.
Sorry, I'm married ... ;-)
> Im not using a virtual template. Can I get away without the Crypto Map if I use one...? All my tunnels are VTIs
oh yes, I could have seen that ...
crypto isakmp profile VPN-RA
match identity group VPN
client authentication list VPNAUTH
isakmp authorization list VPN
client configuration address respond
virtual-template 1
interface Virtual-Template1 type tunnel
description Tunnel fuer Cisco VPN-Client
ip unnumbered GigabitEthernet0/0
ip virtual-reassembly in
tunnel mode ipsec ipv4
tunnel protection ipsec profile IPSECPROFILE
Your isakmp-config and ipsec profile stays the same.

Cisco VPN Client installation freezes on Windows 7

Hello,
I am in need of some help installing the Cisco VPN Client on a Windows 7 workstation.
Here are some details:
Cisco VPN Client Version: 5.0.07.0410
Operation System: Microsoft Windows 7 Enterprise, 32-bit, version 6.1, build 7600
PC Hardware: IBM Thinkpad T42, Type 2373-7WE
Issue Description:
I attempted to install the Cisco VPN Client on the computer with the local administrator account in Windows 7. The computer was given a clean installation of Microsoft Windows 7 Enterprise (Existing HDD partitions were deleted and formatted). After the OS installation, I installed the network driver via Windows Update, and proceeded to run the installation for the Cisco VPN Client. The installation apears to proceed smoothly until the installation progress indicator reaches the point where it states that it is installing the "Deterministic Network Enhancer." Shortly reaching this point, the Windows CPU Usage monitor reaches 100% and the operating system freezes.
I have tried the following actions, which failed to successfully install the software:
a) Installing Cisco VPN Client 5.0.00.0340 produced the same problem.
b) Reformatted the hard drive, installed Windows 7, and tried to install the Cisco VPN Client again, but failed.
c) Used Windows 7 System Restore to restore OS state prior to the installation of the Cisco VPN Client. Then, ran Citrix's winfix.exe tool. After that, I ran Citrix's dneupdate.msi program for 32-bit Windows operating systems, but that also crashed the OS mid-way through the installation/update.
d) This URL from Citrix (http://www.citrix.com/lang/English/lp/lp_1680845.asp) suggested changing a Windows registry key, then try re-installing the Cisco VPN Client. However, that did not work.
I am at a loss as to how to resolve this issue. If anyone can provide some suggestions or a solution to this issue, I would greatly appreciate it.
Regards,
Samson

Welcome to the forums !
The only version of 10gR2 that is certified/supported on Win 7 Pro or higher is 10.2.0.5. Pl see this related thread for further information
Re: Oracle 10g 64 bit install on Windows 7 platform
http://download.oracle.com/docs/cd/B19306_01/relnotes.102/b14264/toc.htm#CHDFHIEA
10.2.0.5 is only available on My Oracle Support, access to which requires a valid support contract purchased from Oracle
HTH
Srini

Failed to install Cisco VPN client 5.0.07.0440 on win 7 64bit [Error 1722]

Hi Gurus,when I tried to install Cisco VPN Client 5.0.07.0440 on Win 7 64bit, the system would pop up an Error 1722( Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor.) at the last stage of copying files. Then it would roll back .
I had tried to clean the temp files, restart windows installer services, and also re-register the MSIEXEC file. However, it would still pop up the error during the installation. For our company, it is a common issue. So, could you please offer me some advice on this?

Thank you for your reply.
I had checked the software again and found out.
1. The MSI installer package is fine, because I can install the software on another PC.
2. It is not like that, because I can start the installation procedure and run it smoothly until on the 88% of copying files.
For now, I had only found this issue on one PC.
Thanks.

Kernel panc & Cisco VPN client

Can someone take a look at the below and tell me if the Cisco VPN client is crashing my system? Thanks.
Interval Since Last Panic Report: 1353403 sec
Panics Since Last Report: 1
Anonymous UUID: 847B0480-8E72-4988-862B-D1FCA722F3BB
Tue Oct 6 09:47:56 2009
panic(cpu 0 caller 0x2a6ac2): Kernel trap at 0x002929e6, type 14=page fault, registers:
CR0: 0x8001003b, CR2: 0x0829a2ec, CR3: 0x00100000, CR4: 0x000006e0
EAX: 0x46a95b84, EBX: 0x00003b78, ECX: 0x000000af, EDX: 0x000005a4
CR2: 0x0829a2ec, EBP: 0x5bd4be68, ESI: 0x0829a2ec, EDI: 0x46a95e6c
EFL: 0x00010216, EIP: 0x002929e6, CS: 0x00000008, DS: 0x00000010
Error code: 0x00000000
Backtrace (CPU 0), Frame : Return Address (4 potential args on stack)
0x5bd4bbf8 : 0x21acfa (0x5ce650 0x5bd4bc2c 0x223156 0x0)
0x5bd4bc48 : 0x2a6ac2 (0x590a50 0x2929e6 0xe 0x590c1a)
0x5bd4bd28 : 0x29c968 (0x5bd4bd40 0x50 0x5bd4be68 0x2929e6)
0x5bd4bd38 : 0x2929e6 (0xe 0x5bd40048 0x10 0x5c730010)
0x5bd4be68 : 0x5c7383e5 (0x5bd4bed0 0x5bd4becc 0x5bd4bed4 0x5bd4bed8)
0x5bd4bef8 : 0x31772d (0x0 0x8247604 0x2 0x5bd4bf74)
0x5bd4bf68 : 0x317b37 (0x0 0x5748ee00 0x0 0x7a6442c)
0x5bd4bfc8 : 0x29c68c (0x7a64404 0x0 0x29c69b 0x7be07a8)
Kernel Extensions in backtrace (with dependencies):
com.cisco.nke.ipsec(2.0.1)@0x5c736000->0x5c7a4fff
BSD process name corresponding to current thread: kernel_task
Mac OS version:
10B504
Kernel version:
Darwin Kernel Version 10.0.0: Fri Jul 31 22:47:34 PDT 2009; root:xnu-1456.1.25~1/RELEASE_I386
System model name: MacBookPro3,1 (Mac-F4238BC8)
System uptime in nanoseconds: 2747345949935
unloaded kexts:
com.apple.driver.AppleFileSystemDriver 2.0 (addr 0x556e2000, size 0x12288) - last unloaded 127144562322
loaded kexts:
com.cisco.nke.ipsec 2.0.1
com.vmware.kext.vmnet 2.0.6
com.vmware.kext.vmioplug 2.0.6
com.vmware.kext.vmci 2.0.6
com.vmware.kext.vmx86 2.0.6
com.Logitech.Control Center.HID Driver 3.1.0
com.apple.driver.AppleHWSensor 1.9.2d0 - last loaded 32472308361
com.apple.driver.AppleUpstreamUserClient 3.0.5
com.apple.DontSteal_Mac_OSX 7.0.0
com.apple.GeForce 6.0.2
com.apple.driver.AudioIPCDriver 1.1.0
com.apple.driver.AppleHDA 1.7.4a1
com.apple.driver.SMCMotionSensor 3.0.0d4
com.apple.driver.AirPort.Atheros 411.19.4
com.apple.kext.AppleSMCLMU 1.4.5d1
com.apple.driver.AppleIntelMeromProfile 19
com.apple.driver.AppleIRController 161
com.apple.driver.ACPISMCPlatformPlugin 3.4.0a20
com.apple.driver.AppleLPC 1.4.6
com.apple.driver.AppleBacklight 170.0.2
com.apple.iokit.AppleYukon2 3.1.14b1
com.apple.filesystems.autofs 2.1.0
com.apple.driver.AppleUSBTrackpad 1.8.0b4
com.apple.driver.AppleUSBTCKeyEventDriver 1.8.0b4
com.apple.driver.AppleUSBTCKeyboard 1.8.0b4
com.apple.driver.Oxford_Semi 2.5.0
com.apple.iokit.SCSITaskUserClient 2.5.1
com.apple.iokit.IOAHCIBlockStorage 1.5.0
com.apple.driver.AppleAHCIPort 2.0.0
com.apple.driver.AppleUSBHub 3.7.8
com.apple.driver.AppleIntelPIIXATA 2.5.0
com.apple.BootCache 31
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0d1
com.apple.driver.AppleFWOHCI 4.3.4
com.apple.driver.AppleEFINVRAM 1.3.0
com.apple.driver.AppleUSBEHCI 3.7.5
com.apple.driver.AppleUSBUHCI 3.7.5
com.apple.driver.AppleRTC 1.3
com.apple.driver.AppleHPET 1.4
com.apple.driver.AppleSmartBatteryManager 160.0.0
com.apple.driver.AppleACPIButtons 1.3
com.apple.driver.AppleSMBIOS 1.4
com.apple.driver.AppleACPIEC 1.3
com.apple.driver.AppleAPIC 1.4
com.apple.security.sandbox 0
com.apple.security.quarantine 0
com.apple.nke.applicationfirewall 2.0.11
com.apple.driver.AppleIntelCPUPowerManagementClient 90.0.0
com.apple.driver.AppleIntelCPUPowerManagement 90.0.0
com.apple.driver.AppleProfileReadCounterAction 17
com.apple.driver.AppleProfileTimestampAction 10
com.apple.driver.AppleProfileThreadInfoAction 14
com.apple.driver.AppleProfileRegisterStateAction 10
com.apple.driver.AppleProfileKEventAction 10
com.apple.driver.AppleProfileCallstackAction 20
com.apple.iokit.IOSurface 73.0
com.apple.iokit.IOBluetoothSerialManager 2.2.1f7
com.apple.iokit.IOSerialFamily 10.0.2
com.apple.driver.DspFuncLib 1.7.4a1
com.apple.iokit.IOAudioFamily 1.7.0fc16
com.apple.kext.OSvKernDSPLib 1.3
com.apple.nvidia.nv50hal 6.0.2
com.apple.NVDAResman 6.0.2
com.apple.iokit.IOFireWireIP 2.0.3
com.apple.iokit.IO80211Family 300.20
com.apple.iokit.AppleProfileFamily 40
com.apple.driver.AppleHDAController 1.7.4a1
com.apple.iokit.IOHDAFamily 1.7.4a1
com.apple.driver.AppleSMC 3.0.1d2
com.apple.driver.IOPlatformPluginFamily 3.4.0a20
com.apple.iokit.IONDRVSupport 2.0
com.apple.iokit.IOGraphicsFamily 2.0
com.apple.iokit.IONetworkingFamily 1.8
com.apple.driver.CSRUSBBluetoothHCIController 2.2.1f7
com.apple.driver.AppleUSBBluetoothHCIController 2.2.1f7
com.apple.iokit.IOBluetoothFamily 2.2.1f7
com.apple.iokit.IOUSBHIDDriver 3.7.5
com.apple.iokit.IOSCSIBlockCommandsDevice 2.5.1
com.apple.driver.AppleUSBMergeNub 3.7.5
com.apple.driver.AppleUSBComposite 3.7.5
com.apple.iokit.IOFireWireSerialBusProtocolTransport 2.0.0
com.apple.iokit.IOFireWireSBP2 4.0.5
com.apple.iokit.IOSCSIMultimediaCommandsDevice 2.5.1
com.apple.iokit.IOBDStorageFamily 1.6
com.apple.iokit.IODVDStorageFamily 1.6
com.apple.iokit.IOCDStorageFamily 1.6
com.apple.iokit.IOATAPIProtocolTransport 2.5.0
com.apple.iokit.IOSCSIArchitectureModelFamily 2.5.1
com.apple.driver.XsanFilter 402.1
com.apple.iokit.IOAHCIFamily 2.0.0
com.apple.iokit.IOUSBUserClient 3.7.5
com.apple.iokit.IOATAFamily 2.5.0
com.apple.iokit.IOFireWireFamily 4.1.7
com.apple.driver.AppleEFIRuntime 1.3.0
com.apple.iokit.IOUSBFamily 3.7.8
com.apple.iokit.IOHIDFamily 1.6.0
com.apple.iokit.IOSMBusFamily 1.1
com.apple.security.TMSafetyNet 6
com.apple.kext.AppleMatch 1.0.0d1
com.apple.driver.DiskImages 281
com.apple.iokit.IOStorageFamily 1.6
com.apple.driver.AppleACPIPlatform 1.3
com.apple.iokit.IOPCIFamily 2.6
com.apple.iokit.IOACPIFamily 1.3.0
System Profile:
Model: MacBookPro3,1, BootROM MBP31.0070.B07, 2 processors, Intel Core 2 Duo, 2.2 GHz, 4 GB, SMC 1.16f11
Graphics: NVIDIA GeForce 8600M GT, GeForce 8600M GT, PCIe, 128 MB
Memory Module: global_name
AirPort: spairportwireless_card_type_airportextreme (0x168C, 0x87), Atheros 5416: 2.0.19.4
Bluetooth: Version 2.2.1f7, 2 service, 0 devices, 1 incoming serial ports
Network Service: AirPort, AirPort, en1
PCI Card: pci168c,24, sppci_othernetwork, PCI Slot 5
Serial ATA Device: FUJITSU MHW2120BH, 111.79 GB
Parallel ATA Device: MATSHITADVD-R UJ-857E
USB Device: Built-in iSight, 0x05ac (Apple Inc.), 0x8502, 0xfd400000
USB Device: Apple Internal Keyboard / Trackpad, 0x05ac (Apple Inc.), 0x021a, 0x5d200000
USB Device: IR Receiver, 0x05ac (Apple Inc.), 0x8242, 0x5d100000
USB Device: Bluetooth USB Host Controller, 0x05ac (Apple Inc.), 0x8205, 0x1a100000
USB Device: USB Receiver, 0x046d (Logitech Inc.), 0xc525, 0x1a200000
FireWire Device: OEM ATA Device 00, G-TECH, Up to 800 Mb/sec

I had the same problem, and I think Cisco VPN client causes crashes in SL ( I had at least 3 crashes everyday) after uninstalling Cisco VPN client I don't have crashes anymore
for uninstalling :
1- open terminal
2-cd /
3-type cd /usr/local/bin ( hit return)
4-type ls and hit return ( to be sure that vpn_uninstall is there)
5-Type sudo ./vpn_uninstall ( hit return)
6- type your admin pass.
7- for the question type yes( hit return)
8- do the same as 7
then your good to go
for using built-in cisco vpn in snow leopard follow the instructions of this url
http://erbmicha.com/2009/09/07/how-to-cisco-vpn-with-snow-leopard-via-pcf-file/

Cisco VPN Client 5.0.07.0440 Fails Installation on Win7 64

Dears,
I went to istall the Cisco VPN Client SW. I used "vpnclient-winx64-msi-5.0.07.0440-k9" installator. But the installation on my laptoop finished with the Error 1722.
Here is fagment from the log file:
MSI (s) (74:B0) [12:07:23:006]: Product: Cisco Systems VPN Client 5.0.07.0440 -- Error 1722. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action CsCaExe_VAInstall, location: C:\Program Files (x86)\Cisco Systems\VPN Client\VAInst64.exe, command: nopopup i "C:\Program Files (x86)\Cisco Systems\VPN Client\Setup\CVirtA64.inf CS_VirtA
I use the Windows 7 Home Premium 64bit on my laptop, the UAC is switched OFF and the antivir SW is uninstalled and my account has administrators rights.
I looked for it on the net but I did not found satisfactory solution.
Please do knows somebody how can I solve this issue??
Thanks Milan

Hello Paul,
This seems to be a known issue:
Client cvpnd.exe errors on bootup if certain vendor's firewall installed.
However, just to try further options, what if you try this?
Restart VPN Client Service if You Install VPN Client before Zone Alarm
Also check: Check Point Integrity Firewall Incompatibility, found in the link above.
From the Zone Alarm FW, make sure you have the following advanced firewall options enabled:
Allow VPN protocols
Allow uncommon protocols at high security
Enable IPv6 networking
HTH
Portu.

Cisco VPN client behind NAT

Hi,
We have to setup a VPN connection from a user workstation in our private
network to a third party host.
We have to use the Cisco VPN client v4.0.2 (B).
BM 3.8SP3 with static and dynamic NAT.
2 filter exceptions:
UDP port 500 stateful private network to public host IP
UDP port 10000 stateful private network to public host IP.
We can login to their Cisco box but after that we cannot ping to their
hosts.

Bert wrote:
> Hi Caterina,
>
> I get it worked!
>
> I changed the connection type in the Cisco client to TCP (port 10000).
>
> I deleted the UDP filter exception for port 10000.
> Finally I added a filter for TCP.
>
> So with 2 filter exceptions it seems to work now:
> VPN1 -> source: port 500, destination port 500, stateful, UDP
> VPN2 -> source: port All, destination port 10000, stateful TCP
>
> Now I can ping to hosts at the other side and connect to their
> network with Net use etc.
>
> Thanks for your help.
>
> Regards,
> Bert.
Thank you Bert, you just save me hours of work!
Dan Verbarg
BHDP Architecture
Cincinnati, OH

Single TaskButton in the Cisco CAD Client is not functioning

Hi ALL,
we are facing issues with respect to Cisco CAD Client application.
We are using I.C.M Version 7.5.8.
1)We have a set of Task Buttons configured, where as one of the Buton is configured for a Blind Transfer(InThis Case TASK1) is not functioning randomly.
2)We have configured this to transfer back to I.V.R.sometimes after clicking twice or thrice, it works some times it does not transfer at all.
3)No Error is observed, except the call is not getting transferd back to I.V.R.
4)Have gathered the Agent Level Desktop logs and noticed TimeOut Messages .Please find below the LOG Snippet for reference.
2011-09-19 17:09:46:070 DEBUG [0xadc] Agent: MF1756 User clicked TASK1 button
2011-09-19 17:09:46:070 DEBUG [0xadc] AppearanceEventWnd.cpp[1780] CAppearanceEventWnd::DoActions: BEGIN
2011-09-19 17:09:46:070 DEBUG [0xadc] AppearanceEventWnd.cpp[2105] CAppearanceEventWnd::GatherInformation: End
2011-09-19 17:09:46:070 DEBUG [0xadc] AppearanceEventWnd.cpp[1829] CAppearanceEventWnd::DoActions: Executing action Call Control
2011-09-19 17:09:46:070 DEBUG [0xadc] Agent: AC0810 Executing Action: Blind Transfer Type: Call Control, String: BlindTransfer
2011-09-19 17:09:46:070 DEBUG [0xadc] Agent: MF2650 BlindTransfer: Actually doing single step transfer with callID 44529571
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1047 ==================== BEGIN CompleteTransfer ====================
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1048 CompleteTransfer:                HeldCallID: 44529571
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1049 CompleteTransfer:          ConsultantCallID: 44529571
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1066 CompleteTransfer: Requesting Single Step Transfer.
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1081 CompleteTransfer: Successfully complete single step transfer call. ConsultantCallID 44529571 - HeldCallID 44529571
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1110 ==================== END CompleteTransfer ====================
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0598 OnCTIOSFailureEvent: Failure Code [eUnknownObjectID]
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0609 OnCTIOSFailureEvent: ErrorMessage [[call.5002.44522460.12180] Couldn't find CallConnection with DeviceID of 39451880.]
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0856 Peripheral Error: The request failed because a timeout limit was exceeded.
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0598 OnCTIOSFailureEvent: Failure Code [eUnknownEventID]
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0609 OnCTIOSFailureEvent: ErrorMessage [[call.5002.44522460.12180]::Operation eSingleStepTransferRequest was not successful on object call.5002.44522460.12180.]
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0856 Peripheral Error: The request failed because a timeout limit was exceeded.
2011-09-19 17:09:46:070 DEBUG [0xadc] Agent: MF1756 User clicked TASK1 button
2011-09-19 17:09:46:070 DEBUG [0xadc] AppearanceEventWnd.cpp[1780] CAppearanceEventWnd::DoActions: BEGIN
2011-09-19 17:09:46:070 DEBUG [0xadc] AppearanceEventWnd.cpp[2105] CAppearanceEventWnd::GatherInformation: End
2011-09-19 17:09:46:070 DEBUG [0xadc] AppearanceEventWnd.cpp[1829] CAppearanceEventWnd::DoActions: Executing action Call Control
2011-09-19 17:09:46:070 DEBUG [0xadc] Agent: AC0810 Executing Action: Blind Transfer Type: Call Control, String: BlindTransfer
2011-09-19 17:09:46:070 DEBUG [0xadc] Agent: MF2650 BlindTransfer: Actually doing single step transfer with callID 44529571
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1047 ==================== BEGIN CompleteTransfer ====================
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1048 CompleteTransfer:                HeldCallID: 44529571
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1049 CompleteTransfer:          ConsultantCallID: 44529571
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1066 CompleteTransfer: Requesting Single Step Transfer.
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1081 CompleteTransfer: Successfully complete single step transfer call. ConsultantCallID 44529571 - HeldCallID 44529571
2011-09-19 17:09:46:070 DEBUG [0xadc] PhoneDev: PD1110 ==================== END CompleteTransfer ====================
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0598 OnCTIOSFailureEvent: Failure Code [eUnknownObjectID]
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0609 OnCTIOSFailureEvent: ErrorMessage [[call.5002.44522460.12180] Couldn't find CallConnection with DeviceID of 39451880.]
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0856 Peripheral Error: The request failed because a timeout limit was exceeded.
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0598 OnCTIOSFailureEvent: Failure Code [eUnknownEventID]
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0609 OnCTIOSFailureEvent: ErrorMessage [[call.5002.44522460.12180]::Operation eSingleStepTransferRequest was not successful on object call.5002.44522460.12180.]
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0856 Peripheral Error: The request failed because a timeout limit was exceeded.
Kindly request to give your suggestions for occurence of this error , which is happening for only single TASK BUTTON

Hi Sathya,
The message below is a generic error, you will have to look more into all the PG logs (jgw, opc, pim, cg, ctios) to see why the SST is failing.
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0856 Peripheral Error: The request failed because a timeout limit was exceeded.
2011-09-19 17:09:46:086 DEBUG [0xf58] PhoneDev: ES0598 OnCTIOSFailureEvent: Failure Code [eUnknownEventID]
Use the HeldCallID and ConsultantCallID from agent dbg to track the call in the PG logs for further clues.
If you are not after RCA, cycle the PG services this should help however most likely the problem might reoccur after sometime.
Thanks,
Shirish.

Resources for migration from legacy Cisco VPN client to AnyConnect?

As the legacy client is now officially EOL'd, and it is having issues with Windows 7 - the need has presented itself to migrate to AnyConnect.
The complicating issue here is that many of the machines that need to be migrated connect remotely and never touch a corporate LAN - as such - I need to devise a means to remotely and seamlessly (as much as possible) migrate from old to new. Sounds a bit like changing the wings on a flying plane, but I'm guessing others have had to face the same issue. By procrastinating this migration - my hope is that your blood spilled will be mine saved? (Just kidding. Sorta).
Any tips, input, suggestion, procedures, FAQs, good luck wishes, etc. greatly appreciated.
Cheers,
JP

Hi Andy
Anyconnect licensing is a little complicated, but 99% of the time you only need the "Essentials" AnyConnect license for your ASAs. This gives you everything that you have using the old Cisco VPN Client.
Essentials is licensed per ASA, and not per user like the other ASA AnyConnect licenses.
AnyConnect Premium gives you all that Essentials give you plus "clientless" VPN (Web portal type stuff).
Configuration wize - it's pretty simple and similar to how you configure the old VPN support. There's a wizard to assist you in configuring it if you like that kind of thing.
HTH
Barry Hesk
Intrinsic Network Solutions

IPhone 2.1 now supports Cisco VPN Client to IOS router

Just tested it. The Cisco VPN Client in iPhone 2.1 now connects to my IOS router. Excellent.

I have a Cisco 1812 with 12.4(20)T. I know that 12.4(6)T and some other versions have an issue with the negotiation of IPSec policies which basically means that only the first proposal is considered. If the first proposal matches you have a connection. If it does not match, the connection is refused even though other proposals would be O.K.
The relevant isakmp/ipsec config should be:
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group myvpn
key mysecretkey
dns 10.0.0.2 10.0.0.3
wins 10.0.0.2
domain mydomain.example.com
pool ippool
acl 150
split-dns mydomain.example.com
netmask 255.255.255.0
crypto isakmp profile ike-myvpn-profile
match identity group myvpn
client authentication list userauthen
isakmp authorization list groupauthor
client configuration address respond
virtual-template 2
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile myvpn
set transform-set ESP-3DES-SHA
set isakmp-profile ike-myvpn-profile
interface Virtual-Template2 type tunnel
ip unnumbered FastEthernet1
ip nat inside
ip virtual-reassembly
tunnel mode ipsec ipv4
tunnel protection ipsec profile myvpn
See also http://www.cisco.com/en/US/docs/ios/security/configuration/guide/secipsec_virt_tunnl_ps6441_TSD_Products_Configuration_GuideChapter.html
If you have IOS 12.4(6)T or similar which has the bug I have mentioned you have to use aes instead of 3des for the transform set. The first proposal of the iPhone is aes. Be sure to check the "debug crypto ipsec" and "debug crypto isakmp" output for troubleshooting.

ASA500: migrate from Cisco VPN Client to native Windows VPN connection

We have a need at this time for only one of our computers to allow 2 Windows users to connect to our network thru VPN (it's a work share situation, they will not both be logged on the same day). We happily use the old Cisco VPN client for everyone else. But the old client will not install twice on the same machine, nor is there the option to "install for any user".
Thinking to KISS and not invest at this point, trying to get Windows native VPN to work ?
What combination of settings will work in its properties->security tab to do the same IKE IPsec over UDP(NAT) and with group auth along with the individual's login?
... (so no reconfiguration is needed in the ASA?)
Or are one of the other "type of VPN" will need minimal change on the ASA ?

Thank you.
I found this: http://www.cisco.com/c/en/us/td/docs/security/asa/asa72/configuration/guide/conf_gd/l2tp_ips.html#wp1041306
Will this have any effect on the rest of the users?
Step 1 Specify IPSec to use transport mode rather than tunnel mode with the mode keyword of the crypto ipsec transform-set command:
hostname(config)# crypto ipsec transform-set trans_name mode transport

Cisco PI client station vendor type

Similar Messages

Maybe you are looking for