Configuring cisco 857 for BM39

Similar Messages

• Configuring Cisco Router for use with Syslog Server

  Configuring Cisco Router for use with Syslog Server:
  Does anyone know of a good doc for this?
  -Ashley

  Start with that one: http://security-planet.de/wp-content/uploads/2008/12/logging-ios.pdf
  And if you need more informations, just ask what you want to achieve.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)

  OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.
  What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch? 
  Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?
  When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?
  Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet
  The ASA is connected to a checkpoint sub interface
  Any help would be beneficial as im new to cisco ASAs 
  Thanks
  Mark

  Mark
  If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?
  HTH
  Rick

• Configure cisco wlc for rsa authentication

                     Hi,
  I wanted to find out if it is possible to authenticate wireless networks using rsa. Currently we have a cisco wlc 2504, rsa authentication manager 7.1
  Do we require a cisco ACS device to make this work. Please advise.
  Thanks

  Yes it is possible.  The below is the list of items which you require to configure RSA authentication on WLC
  •1.       RSA Authentication Manager 6.1
  •2.       RSA Authentication Agent 6.1 for Microsoft Windows
  •3.       Cisco Secure ACS 4.0(1) Build 27
      Note: The RADIUS server that is included can be used in place of the Cisco ACS. See the RADIUS documentation that was included with the RSA Authentication Manager on how to configure the server.
  •4.       Cisco WLCs and Lightweight Access Points for Release 4.0 (version 4.0.155.0)
  For more information you can go through this link:
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a008090399a.shtml

• Configuring Cisco ISE for Authorization with External Radius Server attribute

  Hi,
  I'm trying to integrate an external radius server with Cisco ISE.
  I created an External Identity Store>Radius Token Server.
  I created a Identity Store sequence with just one identity store just as creadted above.
  And I was able to authenticate successfully.
  But when it comes to authorization.
  I observed we just have one tab named Authorization while creating Radius Token server.
  And it always refers to ACS:attribute_name.
  If I want to define a IETF radius attribute, (lets say class with attribute id as 25), how could I do it.
  In Cisco ACS we have a direct entry option in authorization tab where we can define the radius (IETF) attribute within Radius token server creation (within radius token server>Directory attribute tab).
  How ever I try to define the IETF attribute here (class,IETF:Class) I am not able to authorize with this attribute value.
  I tried with just one single authorization rule where it could hit.But observed it to go the default(as none of the rules defined matches the condition).
  Can anyone guide me how can we define a IETF radius attribute for authorization within Cisco ISE and what policy could we set it to work as authorization.
  Thanks in advance
  Senthil K

  This is the step of Creating and Editing RADIUS Vendors
  To create and edit a RADIUS vendor, complete the following steps:
  Step 1 From the Administration mega menu, choose Resources > RADIUS  Vendors.
  The RADIUS Vendors page appears with a list of RADIUS vendors that ISE  supports.
  Step 2 Click Create to create a new RADIUS vendor or click the radio  button next to the RADIUS vendor that
  you want to edit and click Edit.
  Step 3 Enter the following information:
  • Name—(Required) Name of the RADIUS vendor.
  • Description—An optional description for the vendor.
  • Vendor ID—(Required) The Internet Assigned Numbers Authority  (IANA)-approved ID for the
  vendor.
  • Vendor Attribute Type Field Length—(Required) The number of bytes  taken from the attribute value
  to be used to specify the attribute type. Valid values are 1, 2, and 4.  The default value is 1.
  • Vendor Attribute Size Field Length—(Required) The number of bytes  taken from the attribute value
  to be used to specify the attribute length. Valid values are 0 and 1.  The default value is 1.
  Step 4 Click Submit to save the RADIUS vendor.

• I am loosing configuration when I power off my Cisco 857 router

  I bought new Cisco 857 router from the shop. Router must have been used before as I couln't go in with default username/password cisco/cisco.
  Well I followed instruciton and reset password to username and password. Now I finally connected to the Cisco CP express over my IE browser.
  I found out that somebody was using a router from the shop so this is why I coun't log to it in the first place. Anyway problem is that when I changed configuration and applied settings it remembers it until I power it off. When I power it on again it remembers all settings from that shop.
  It reverts everything back: IP address, previous level 15 account and password - everything like after password reset.
  I tried it again and it again lost settings. So I found following instruction:
  http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a00800a65a5.shtml
  I followed it and changed again all settings on the router. My settings are again lost after power off/on. I noticed that when I do first bit it does show
  0x2102 not 0x2142 like they think that is password reset mode.
  Here is my output from Hyper Terminal:
  =============================
  Cisco#enableCisco#show startUsing 3359 out of 131072 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Cisco!boot-start-markerboot-end-marker!logging buffered 51200 warningsenable secret 5 $1$hpKF$Rc1tl6r45J8iHG7EN5jSk.!no aaa new-model!crypto pki trustpoint TP-self-signed-3185909327 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3185909327 revocation-check none rsakeypair TP-self-signed-3185909327!!crypto pki certificate chain TP-self-signed-3185909327 certificate self-signed 01 nvram:IOS-Self-Sig#5.cerdot11 syslogno ip dhcp use vrf connectedip dhcp excluded-address 10.10.10.1!ip dhcp pool ccp-pool   import all   network 10.10.10.0 255.255.255.248   default-router 10.10.10.1   lease 0 2!!ip cefno ip domain lookupip domain name molinary.com!!!username admin privilege 15 secret 5 $1$jD3j$r6ROikgGsIlcMTGjkxFQ6.username username privilege 15 password 0 password!!archive log config  hidekeys!!!!!interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto!interface ATM0.1 point-to-point description $ES_WAN$ ip nat outside ip virtual-reassembly pvc 0/38  encapsulation aal5mux ppp dialer  dialer pool-member 1 !!interface FastEthernet0!interface FastEthernet1!interface FastEthernet2!interface FastEthernet3!interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$ ip address 10.10.10.1 255.255.255.248 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452!interface Dialer0 ip address dhcp encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap pap callin ppp chap hostname [email protected] ppp chap password 0 netgear01 ppp pap sent-username [email protected] password 0 netgear01!ip forward-protocol nd!ip http serverip http access-class 23ip http authentication localip http secure-serverip http timeout-policy idle 60 life 86400 requests 10000ip nat inside source list 1 interface ATM0.1 overload!access-list 1 remark INSIDE_IF=Vlan1access-list 1 remark CCP_ACL Category=2access-list 1 permit 10.10.10.0 0.0.0.7dialer-list 1 protocol ip permitno cdp run!control-plane!banner exec ^C% Password expiration warning.-----------------------------------------------------------------------Cisco Configuration Professional (Cisco CP) is installed on this deviceand it provides the default username "cisco" for  one-time use. If you havealready used the username "cisco" to login to the router and your IOS imagesupports the "one-time" user option, then this username has already expired.You will not be able to login to the router with this username after you exitthis session.It is strongly suggested that you create a new username with a privilege levelof 15 using the following command.username <myuser> privilege 15 secret 0 <mypassword>Replace <myuser> and <mypassword> with the username and password youwant to use.-----------------------------------------------------------------------^Cbanner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C!line con 0 login local no modem enableline aux 0line vty 0 4 privilege level 15 login local transport input telnet ssh!scheduler max-task-time 5000endCisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#Cisco#show versionCisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARECisco uptime is 20 minutesSystem returned to ROM by power-onSystem image file is "flash:c850-advsecurityk9-mz.124-15.T12.bin"This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)Configuration register is 0x2102Cisco#Cisco#Cisco#Cisco#endTranslating "end"% Unknown command or computer name, or unable to find computer addressCisco#reloadProceed with reload? [confirm]*Mar  1 01:19:27.786: %SYS-5-RELOAD: Reload requested  by username on console. Reload Reason: Reload Command.System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARETechnical Support: http://www.cisco.com/techsupportCopyright (c) 2006 by cisco Systems, Inc.C850 series (Board ID: 2-149) platform with 65536 Kbytes of main memoryBooting flash:/c850-advsecurityk9-mz.124-15.T12.binSelf decompressing the image : ############################################## [OK]              Restricted Rights LegendUse, duplication, or disclosure by the Government issubject to restrictions as set forth in subparagraph(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013.           cisco Systems, Inc.           170 West Tasman Drive           San Jose, California 95134-1706Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_teamImage text-base: 0x8002007C, data-base: 0x814E7240This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible forcompliance with U.S. and local country laws. By using this product youagree to comply with applicable laws and regulations. If you are unableto comply with U.S. and local laws, return this product immediately.A summary of U.S. laws governing Cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf you require further assistance please contact us by sending email [email protected] 857 (MPC8272) processor (revision 0x400) with 59392K/6144K bytes of memory.Processor board ID FCZ140792J5MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x104 FastEthernet interfaces1 ATM interface128K bytes of non-volatile configuration memory.20480K bytes of processor board System flash (Intel Strataflash)no ip dhcp use vrf connected               ^% Invalid input detected at '^' marker.SETUP: new interface NVI0 placed in "shutdown" statePress RETURN to get started!*Mar  1 00:00:03.952: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Initialized*Mar  1 00:00:03.960: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Enabled*Mar  1 00:00:07.244: %LINK-3-UPDOWN: Interface FastEthernet0, changed state toup*Mar  1 00:00:08.413: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up*Mar  1 00:00:08.821: %SYS-5-CONFIG_I: Configured from memory by console*Mar  1 01:19:27.072: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up*Mar  1 01:19:27.352: %SYS-5-RESTART: System restarted --Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T12, RELEASE SOFTWARE (fc3)Technical Support: http://www.cisco.com/techsupportCopyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Fri 22-Jan-10 14:46 by prod_rel_team*Mar  1 01:19:27.352: %SNMP-5-COLDSTART: SNMP agent on host Cisco is undergoinga cold start*Mar  1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar  1 01:19:27.436: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF*Mar  1 01:19:27.540: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to down*Mar  1 01:19:28.072: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access1, changed state to up*Mar  1 01:19:28.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up*Mar  1 01:19:28.484: %LINK-5-CHANGED: Interface ATM0, changed state to administratively down*Mar  1 01:19:28.848: %LINK-5-CHANGED: Interface NVI0, changed state to administratively down*Mar  1 01:19:28.932: %LINK-3-UPDOWN: Interface FastEthernet3, changed state toup*Mar  1 01:19:28.936: %LINK-3-UPDOWN: Interface FastEthernet2, changed state toup*Mar  1 01:19:28.940: %LINK-3-UPDOWN: Interface FastEthernet1, changed state toup*Mar  1 01:19:29.484: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0, changed state to down*Mar  1 01:19:29.932: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet3, changed state to down*Mar  1 01:19:29.936: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet2, changed state to down*Mar  1 01:19:29.940: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1, changed state to down*Mar  1 01:19:29.948: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to upAuthorized access only!===========================================
  Please help me as I am stuck and can't go any further....

  Hi David White,
  Alternatively, after password recovery you can modify the configuration to be what you want, and then issue:
     write memory
  to save the configuration.  You can then verify that your changes have been saved to the startup config by issuing:
     show startup-config"
  The only good thing is that when I switch off a router it erase configuration except my new password which I created after password reset. Everything else is getting vanished (ADSL settings, DHCP, routing ) everything. Even new admin accounts I created.
  Well have a question to your above comments. I am new in Cisco so please put as much detail as you can for me to understand. When you say modify configuration do you mean to go to Cisco CP Express graphical interface and then connect router to hyper terminal and execute above commands?
  Why router doesn't remember this anyway. There must be some option to change in configuration to make thing permanent when I hit apply changes in Cisco CO Express otherwise it is pointless to heve it.
  Phillip
  write memory
  is
  copy running-config startup-config"
  Can't this be done via Cisco CP Express or set up router to copy this every time I change this in graphical interface rather going to command line to achnoledge it?
  I understand your concern about this router and somebodie's configuration details as you want things to be un-used when you buy them - true. ADSL details belongs to the shop which sold me the router so that is why I don't make a big problem about this. We take most of hardware from this shop and have discount and many good deals with them so I think they have been just testing it and forgot to erease their config. It might be that someone has returned router to the shop and they have repaired it and tested it.
  I hope this is a normal behaviour of this router as I have option to replace it in case this is a fault.
  Could you please write me step by step guide how can I make changed options stay permanently on router?
  thank you
  Dragan

• How to Configure an Cisco 5505 for PPTP VPN connectivity

  I currently have a Cisco ASA 5505(ASA Version 8.2(1), and ASDM gui version 6.2) and a Windows 2008 R2 server with one NIC card. Currently the router is connected to the interent sucessfully using the 'outside' interface(devices connected to the 'inside' interface have access to the internet and are assigned IP addresses via DHCP on the Windows 2008 Server which is also connected to the 'inside' interface) When connected with a client on the inside interface I can establish a VPN connection with the W2008 server, however when I try to connect through the internet I cannot. I have tried researching this on the internet, but have not had much luck. I know it has something to do with pptp port and allowing gre, but I am not familiar enough with configuring Cisco devices or the language they use, to configure this router. I feel as though I am missing something small but very critical. Any help or feedback you can provide regarding this issue is most appreicated, thank you.
  *Edit: I have attached a network diagram of what I am trying to accomplish, and I have also attached a dump of the current running-config.

  Hi,
  Below is the link to the admin guide for the RV042.  Chapter 9 covers the configuration of site to site VPN’s and begins on page 123. 
  http://www.cisco.com/en/US/docs/routers/csbr/rv0xx/administration/guide/rv0xx_AG_78-19576.pdf
  If you need further assistance please feel free to contact Cisco Small Business for help in configuring and troubleshooting your VPN.
  Thank you,
  Jason Nickle

• Configure Nexus 7k for TACACS in Cisco ACS

  Hi,
  Please advise on how to configure Cisco Nexus 7k for TACACS to authenticate in Cisco ACS. Our Cisco ACS is getting users from the Active
  Directory.
  Please advise if the below config are acceptable:
  feature tacacs+
  tacacs-server key KEY
  tacacs-server timeout 20
  tacacs-server host 1.1.1.1 key KEY
  aaa group server tacacs+ TEST
      server 1.1.1.1
      use-vrf management
      source-interface mgmt0
  tacacs-server directed-request
  aaa authentication login default group TEST
  aaa authentication login console none
  aaa authorization commands default group TEST
  aaa accounting default group TEST
  aaa authentication login error-enable

  Hi,
  What OS version are u using on your servers?
  Craig

• Configuring SYNCE/PTP on Cisco 7600 and Cisco MWR for NSN NodeB

  Hi to All,
  I would to ask for support on how i can establish the PTP between Cisco MWR 2941-DC and a NSN NodeB. The Cisco MWR is connected to a Cisco 7600 with SPA-2X1GE-SYNCE where the SSU/OSN clock is connected on the BITS ports. Hope you can assist me with the configurations.
  Thanks,
  Eugene

  Dear Genedeath,
    I have noticed that you posted this message since last year ..... have you ever been able to solve the case??
  I had a glance to the diagram and it looks quite similar to my case.
  I need to configure a Cisco MWR2941 for the very first time  in order to support SyncE for packet Abis between a NSN FlexyBSC and a NSN BTS.
  BTS---------------Gig x/y MWR Gig x/x-----------------------FlexyBSC
  I guess the source clock would be provided by BSC...
  Can you support me according to your experience ??
  thanks and regards!
  Mauro

• Configuration of Cisco 2911 for Asterisk

  Hi all
  I use Cisco 2911 for Asterisk phone system communicate with external.
  However, sometime I can make call in and out. Sometime, just call in or out. Sometime, cannot make any call.
  I think it is the NAT, PAT and ACL in Cisco 2911 problem.  This Cisco is also a gateway to internet for users.
  Please any advice
  Thanks a lot
  Here is the configuration:
  Router#show run
  Building configuration...
  Current configuration : 1981 bytes
  ! Last configuration change at 20:06:06 UTC Thu Nov 14 2013
  ! NVRAM config last updated at 15:04:59 UTC Tue Nov 5 2013
  ! NVRAM config last updated at 15:04:59 UTC Tue Nov 5 2013
  version 15.1
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Router
  boot-start-marker
  boot-end-marker
  enable secret 5 xxxxx
  no aaa new-model
  memory-size iomem 20
  no ipv6 cef
  ip source-route
  ip cef
  multilink bundle-name authenticated
  crypto pki token default removal timeout 0
  license udi pid CISCO2911/K9 sn FTX1603AH9C
  interface Embedded-Service-Engine0/0
  no ip address
  interface GigabitEthernet0/0
  description internal-LAN
  ip address 172.x.x.x 255.255.0.0
  ip nat inside
  ip virtual-reassembly in
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  no ip address
  duplex auto
  speed auto
  interface GigabitEthernet0/1.1
  encapsulation dot1Q 11
  ip address 172.16.x.x 255.255.240.0
  interface GigabitEthernet0/2
  description internet
  ip address 50.240.x.x 255.255.255.240
  ip nat outside
  ip virtual-reassembly in
  duplex auto
  speed auto
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source list 100 interface GigabitEthernet0/2 overload
  ip route profile
  ip route 0.0.0.0 0.0.0.0 50.240.x.x
  ip route 0.0.0.0 0.0.0.0 172.10.0.30 name ROUTE-VPN-REMOTE
  ip route 172.16.240.0 255.255.254.0 172.10.x.x
  access-list 100 permit ip 172.10.0.0 0.0.255.255 any
  access-list 100 permit ip 172.16.240.0 0.0.0.255 any
  access-list 100 permit udp any any range 5004 5090
  access-list 100 permit udp any any range 10000 20000
  control-plane
  line con 0
  line aux 0
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
  stopbits 1
  line vty 0 4
  login
  transport input all
  scheduler allocate 20000 1000
  end

  There are some VSP where they do the NAT.  If your VSP (like mine) do the NAT, then you need to globally disable NAT in your Asterisk.
  My VSP also recommends I disable ALG on my router.
  So you need to ask you VSP.

• Configuring Cisco 8800 phones for VPN

  Does anyone know how to configure 8800 phones for VPN?  I am particularly interested on 8861/8851 models.
  Thanks,
  Carlos

  So I opened a TAC case and they provided me with the solution:
  "Usually you upload the Cisco_Manufacturing_CA certificate on the ASA but with the new models we should upload the Cisco_Manufacturing_CA_SHA2 creating a new trustpoint on the ASA"
  The security guide does not specify about this cert, it only mentions Cisco_Manufacturing_CA .
  Thanks,
  Carlos

• Port Forwarding for PcANYWHERE on Cisco 857

  Does anybody have a step by step guide on how to open and direct a port on the CISCO 857 router to allow remote operation using PcANYWHERE?
  I have access to my Cisco 857 SDM but cannot work it out.

  Excuse ingnorance but need more info.
  Where do I type this statement? Where would I type PC ip address so Router knows to direct PcAnywhere port enquiries to correct PC on the network.

• Does Cisco 857 router support Easy VPN?!!

  Hi,
  I've a Cisco 857 router with a 12.4(6)T IOS.
  I want to configure it to act as an Easy VPN server, to allow my remote clients -using cisco vpn clients- to access the internal resourses behind the router.
  Is it applicable with this router model?!!
  thanks and regards,
  Ala

  Ala, upsolutely, you would probably need advance k9 security image, check at software advisory tools and slect software features for your platform.
  sofware advisory
  http://tools.cisco.com/Support/Fusion/FusionHome.do
  857 Models See table 3 Software feature
  http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps6195/product_data_sheet0900aecd8028a9a9_ps380_Products_Data_Sheet.html
  HTH
  Rgds
  Jorge

• Cisco Jabber for Mac - Directory Lookup and Contact Fields

  Hello,
  After having issues myself with Cisco Jabber for Mac 9.2 specifically with Active Directory lookups not working, or contact information not populating (and therefore not being able to call users from the contact list as no telephone information exists) I am including a sample jabber-config.xml file that works for me.
  Please note: there are many different ways to configure this. What I will be showing is the method that works for me and my deployment, which is pretty standard.
  As always and as a disclaimer, once again, this is what has worked for my deployment scenario. Always keep backups of your configuration files, and always be mindful of anything you have configured already, especially in the jabber-config.xml file.
  Background
  My deployment is based on CUCM 9, with 1 publisher and 2 subscribers. I also have a CUCM IM & Presence 9.0 server. This assumes that you have already configured your deployment and Jabber is functioning already, albeit with the aforementioned issues.
  As for Active Directory, my deployment will be based on Windows 2008 R2 Domain Controllers running in native 2008 mode. For this example, we will be searching directly against one of the DCs with a Global Catalogue role. Please be aware that in large deployments you will have to plan accordingly with regards to lookup traffic from Jabber clients to the DCs.
  Also, as of Cisco Jabber for Mac 9, the client no longer can search via the CUCM internal directory (which may be made of local end users, Active Directory synced users, or a mix of both) and this must be done via a LDAP mechanism.
  Scenario
  In this deployment scenario, Cisco Jabber for Windows is working properly - you can search and add people from Active Directory, and contacts in your contact list have all the appropriate fields populated from Active Directory. However, when trying the same with Jabber for Mac, Jabber for iPhone or Jabber for iPad you notice that you cannot perform a directory lookup, and if you add people directly (for example, [email protected]) the user only has the IM field populated. No telephone, email or additional information is displayed.
  Solution
  Whereas Cisco Jabber for Windows uses the EDI mechanism (native Windows), whereby when running from a computer that is on the domain (or in the event that you are search for contacts in another Active Directory domain where a domain trust exists) , Jabber for Mac / iPhone / iPad uses the BDI mechanism.
  In this case, you will need to provision a jabber-config.xml file that you will upload to your TFTP server (or Publisher) that will be "downloaded" by your Jabber for Mac client and also used by the iPhone and iPad client. You can configure many options in the jabber-config.xml file, but for this example we will place just the information that we need to order for these clients to request and display Active Directory information.
  Please note that the configuration may vary depending on your deployment, but at the very least we will be:
  - Configuring a DC where we will perform the lookup.
  - Configure credentials that will be used to perform the lookup. This will be an Active Directory account that has read rights on the Active Directory domain. Please note that these credentials are saved in plain text in the file, so ensure that the account that you will be using is not privileged.
  - Configure the server port that we will be using to perform the lookup.
  - Configure the Search Base. This is basically where we want the directory lookup to happen. You can either choose for this lookup to start at the "base" of the domain (and therefore the search will iterate through all the user accounts and and OUs below the root base) or define a specific OU where you want to search.
  Caution!
  - There is a current limitation with Cisco Jabber for Mac whereby you can only have 1 search base configured. Please keep this in mind if, like me, you have multiple OUs (like an OU for each company in your organization) and under these OUs you have sub OUs as a user account container.
  - If using the top level search base, unless you specify a filter, you will potentially be able to search for all user accounts in the domain. You will need to configure the <BDIBaseFilter> parameter if you want to fine tune your search ability.
  Steps
  These are the steps I have followed. Other steps or considerations may vary.
  - Log in to your TFTP server and download the jabber-config.xml file and keep it as a backup. If you are already using the jabber-config.xml file for other purposes, do not worry - you can add your BDI information parameters inside.
  - Remove the jabber-config.xml file
  - Edit the jabber-config.xml file and configure thus:
  <?xml version="1.0" encoding="UTF-8"?>
  <config version="1.0">
      <Directory>
          <DirectoryServerType>BDI</DirectoryServerType>
          <BDILDAPServerType>AD</BDILDAPServerType>
          <BDIPrimaryServerName>DOMAIN CONTROLLER IP ADDRESS</BDIPrimaryServerName>
          <BDIPresenceDomain>YOUR PRESENCE DOMAIN</BDIPresenceDomain>
          <BDIServerPort1>3268</BDIServerPort1>
          <BDISearchBase1>YOUR SEARCH BASE</BDISearchBase1>
          <BDIConnectionUsername>[email protected]</BDIConnectionUsername>
          <BDIConnectionPassword>PASSWORD</BDIConnectionPassword>
          <BDIEnableTLS>0</BDIEnableTLS>
      </Directory>
  </config>
  For example, let´s assume the following:
  - Domain controller IP address is 10.1.1.2 .
  - Your presence domain is test.local .
  - Your search base will be test.local using the top level of the domain.
  - Your username with which you will be doing your searches is called walt . Usually you can either identify walt as test.local\walt or [email protected] . It is always best, in these sort of scenarios, to use the UPN convention so we will be configuring a [email protected] .
  - The password is the Active Directory password for the account walt .
  - I have disabled TLS in my case. There are issues with the Jabber for Mac client when using other security methods.
  <?xml version="1.0" encoding="UTF-8"?>
  <config version="1.0">
      <Directory>
          <DirectoryServerType>BDI</DirectoryServerType>
          <BDILDAPServerType>AD</BDILDAPServerType>
          <BDIPrimaryServerName>10.1.1.2</BDIPrimaryServerName>
          <BDIPresenceDomain>test.local</BDIPresenceDomain>
          <BDIServerPort1>3268</BDIServerPort1>
          <BDISearchBase1>DC=test,DC=local</BDISearchBase1>
          <BDIConnectionUsername>[email protected]</BDIConnectionUsername>
          <BDIConnectionPassword>walt01!</BDIConnectionPassword>
          <BDIEnableTLS>0</BDIEnableTLS>
      </Directory>
  </config>
  One you have configured the jabber-config.xml file, you will now need to upload it to you TFTP server. Once uploaded, you will need to restart the Cisco TFTP service. Again, my TFTP server is on my CUCM publisher, so:
  - I go to Cisco Unified OS Administration on my Publisher server, TFTP File Management and I upload jabber-config.xml to / directory
  - I then go to Cisco Unified Serviceability on my Publisher server, I locate the Cisco TFTP service and I restart the service
  Once this is done, you can figure up your Jabber for Mac client. As a test, on your Mac (using Terminal) go to:
  /Users/username/Library/Application Support/Cisco/Unified Communications/Jabber/Config
  In here you will see several files, but what we want to see is jabber-config.xml . As soon as you start the Jabber for Mac client and log in, the jabber-config.xml file will download from your TFTP server and get saved here. When you see it appear, just type in your terminal window more jabber-config.xml and make sure that the output is the same as the xml file you created.
  From there, try doing directory search. If you have previously added contacts and they still lack attribute information, you will need to remove them (sometimes it will not refresh properly) and add them again from the directory.
  I will be updating this guide and ammending anything that is incorrect, but this is meant to be a quick checklist and steps to get this, at least in the most very basic version, up and running for Jabber for Mac.

  Hello, 
  Thanks for this post! It works, I can do lookup and also I can add found contact to contact list and get information about contact from LDAP.
  One more question: - I can't get all information about contact. I don't get e.c mobile phone number and more others attributes. I have tried to expand your file as follows:
  <?xml version="1.0" encoding="UTF-8"?>
  <config version="1.0">
      <Directory>
          <DirectoryServerType>BDI</DirectoryServerType>
          <BDILDAPServerType>AD</BDILDAPServerType>
          <BDIPrimaryServerName>IP of AD</BDIPrimaryServerName>
          <BDIPresenceDomain>Presence Domain</BDIPresenceDomain>
          <BDIServerPort1>3268</BDIServerPort1>
          <BDISearchBase1> Search Base</BDISearchBase1>
          <BDIConnectionUsername>User</BDIConnectionUsername>
          <BDIConnectionPassword>Password</BDIConnectionPassword>
          <BDIEnableTLS>0</BDIEnableTLS>
          <BDISipUri>msRTCSIP-PrimaryUserAddress</BDISipUri>
          <BDIPhotoSource>thumbnailPhoto</BDIPhotoSource>
          <BDIBusinessPhone>telephoneNumber</BDIBusinessPhone>
          <BDIMobilePhone>mobile</BDIMobilePhone>
          <BDIHomePhone>homePhone</BDIHomePhone>
          <BDIOtherPhone>otherTelephone</BDIOtherPhone>
          <BDITitle>title</BDITitle>
          <BDICompanyName>company</BDICompanyName>
          <BDILocation>co</BDILocation>
          <BDIPostalCode>postalCode</BDIPostalCode>
          <BDICity>l</BDICity>
          <BDIState>st</BDIState>
          <BDIStreetAddress>streetAddress</BDIStreetAddress>
      </Directory>
  </config>
  But it didn't help.
  When I capture lookup via Wireshark, I can see that Jabbers sends search request with bunch of attributes, but from LDAP answer contains only 8 attributes. (see attached screenshots)

• Cisco Jabber for Windows Voicemail issue

  At this I'm in processing of implementation Cisco Jabber UC solution for big Company.
  I use CUCM 9.1.2, Cisco IM and Presence 9.1.2, CUC 9.1.2, Cisco Jabber for Windows 9.6.1.
  I have issue in Cisco Jabber with VoiceMail Integration - when I leave voice message for any user,
  than this message is arrived only him Cisco IP Phone, but not in him Cisco Jabber.
  From Cisco Jabber Connectivity status in help menu I see that VoiceMail service is successfully connected
  and I see VoiceMail button in Cisco Jabber.
  How can I resolve this issue?

  Have you configured the UC Service profile on CUCM with both Voicemail server and mailbox servers?