F0283 VIF 1 / 2 B-42/44 down, reason: Bound Physical Interface Down
Hi
I have some issues after migrate from CX4 SAN to VNX SAN. Everything is moved from CX4 to VNX and I have disabled FC Uplink port that is connected to CX4. Both my FI's is only connected to VNX.
We want SAN boot on our ESXi host, and some of them is install on a boot LUN on VNX, and some other is install local at the Blade.
My issue is that all my host shall boot from SAN. But suddenly this fails.
I zones the host on our MDS switches, and does everything in VNX, so the host shall see its boot LUN. SAN Boot Target is changed so it sees the VNX SAN.
In the install I see my boot LUN, and install ESXi without any issues. Remove the installation media and reboots the server.
When it shall boot back up, it says:
Reboot and Select proper Boot device
or Insert Boot Media in selected Boot device and press a key.
And i gets 8 major error messages like this:
VIF 1 / 2 B-42/44 down, reason: Bound Physical Interface Down
What is wrong. I do the same thing now, as I did when I installed the hosts that is working.
Can you try to re-ack the Server the Profile is associated to. The error you're seeing usually means the host Iniitator interface (VIF) is down because it has no uplink to correclty pin to. You said you shut down the ports the CX4 was previously connected to by disabling it. Can you re-ack the blade which should re-pinn to the new/remaining uplink.
If that doesn't correct the problem I'd look into your boot policy. Double and triple check the boot targets entered in the profile and make sure they match the targets on the VNX, and that each one is online and logged into the MDS ("zone flogi database"). The symptoms you're seeing used to be common with Clariion arrays as they are Active/Passive. During the installation any available path has access to the LUN for the installation, but they rebooting required the first listed target in the boot policy to be the "owner" of the LUN. This was easily fixed by trespassing the LUN to the other Storage Processor on the array. With VNX I'm pretty sure they are Active/Active arrays so this shouldn't matter.
Regards,
Robert
Similar Messages
-
VIF Bound Physcial Interface Down
Hi Guys!
We are trying to connect FI 6248 (UCSM 2.1.1a) to Brocade 6510 swtich(One FI to one of the two Brocade switches separately). The ports are configured as FC Uplink port and the FI's work in End-host mode. We created the service profile. After associating the SP to one of the blades the two errors occurs immediately:
VIF <number> Bound Physical Interface Down
VIF <number> Bound Physical Interface Down
and this relates to the 2 vHBAs created in SP. Is this normal situation if OS isn't already installed on the host? We can't configure SAN zone from the brocade side because we don't see any WWPNs of the configured vHBAs in the SP. We see only FI's WWPNs(as I think). NPIV mode is enabled from the Brocade side.
Can someone explain what can cause this problem?Sergey,
This is expected if there is no OS installed yet, see the possible reasons for the VIF down in this bug:
https://tools.cisco.com/bugsearch/bug/CSCul99847
Rate ALL helpful answers.
-Kenny -
Pinned interface up, but Veth down?
Hey Guys
What reasons would a Veth be in nonParticipating mode and my northbound interfaces be in an up state?
The whole story behind this is every one of my Veths are down, including my FC VFCs (typically within ErrDisable - reason is pinned uplink is down)
everything is v(2.04a) / my uplinks are trunking appear fine, inluding eth and FC / it has been working fine (don't have a clue what I have changed to break it )
IE:
Major F0283 2012-10-12T11:55:02.574 241330 ether VIF 1 / 2 A-931 down, reason: Non participating
Po2 900 eth trunk up none a-10G(D) lacp
Veth931 900 eth trunk down nonPartcipating auto
Eth1/1/2 1 eth vntag up none 10G(D) --
//show
Po2 900 trunking --
interface port-channel2
description U: Uplink
switchport mode trunk
pinning border
switchport trunk native vlan 900
switchport trunk allowed vlan 1,55,900
speed 10000
interface Vethernet931
description server 1/2, VNIC DMZ-e-x-BE-FIA
switchport mode trunk
pinning server sticky border-interface port-channel2
pinning server pinning-failure link-down
no cdp enable
switchport trunk native vlan 900
switchport trunk allowed vlan 55,900
bind interface Ethernet1/1/2 channel 931
service-policy type queuing input default-in-policy
no shutdown
interface Ethernet1/1/2
switchport vntag max-vifs 118
no pinning server sticky
switchport mode vntag
fabric-interface Eth1/1
no shutdown
Thoughts?
Cheers
MeRealised I should have posted this within UCompute, rather than in here
Time for me to call on the beautiful TAC, as I'm seeing a few other strange things... such as unsucessful pinning on on FI but not the other.... I'm seeing my FIs Flogi, but not my vHBAs, etc. etc.
"show pinning server" FIA
Veth929 Yes(hard-pinned) Po1 4:12:23
Veth931 Yes(hard-pinned) - -
Veth933 Yes(hard-pinned) Po3 4:12:23
Veth935 Yes(hard-pinned) Po4 4:12:23
"show pinning server" FIB
Veth930 Yes(hard-pinned) Po1 3:57:15
Veth932 Yes(hard-pinned) Po2 3:57:15
Veth934 Yes(hard-pinned) Po3 3:57:15
Veth936 Yes(hard-pinned) Po4 3:57:15
Po1 Active Veth929
Po2 Active
Po3 Active Veth933
Po4 Active Veth935
Po1 Active Veth930
Po2 Active Veth932
Po3 Active Veth934
Po4 Active Veth936
Cheers
Me -
Problem with an IPv6 iface in a zone if the corresponding physical is down
Hi,
I have a non-global zone with an IPv6 interface setup using zonecfg:
add net
set address=<address>/10
set physical=<iface>
end
The corresponding physical interface is configured in the global zone and is a part of a VLAN, so, <iface> is something like ce123000 rather than ce0.
It works perfectly, but... I do not really need this interface in the global zone. Following these recommendations - http://forum.java.sun.com/thread.jspa?threadID=5075412&messageID=9274814 and http://www.sun.com/emrkt/campaign_docs/expertexchange/knowledge/solaris_grid_perf.html#26 - I am setting the interface 'down' using ifconfig in the global zone. The problem is that the interface in the non-global zone stops working at this point. (According to ifconfig, it is UP, but it does not seem to transmit any packets.) If I set the interface 'up' in the global zone, the interface in the non-global zone starts working again.
Am I doing/understanding something wrong? What can I do more to debug this? May this behavior be IPv6 or VLAN specific?
Thank you,
Vasiliy
Message was edited by:
vbaranovLooks toe like MAX and MIN are always going to be zero.
-
MPLS pseudowire Up on one side Down on the other
Hello,
I'm trying to setup another pseudowire between a 6509-E 12.2(17r)S4 and a 7201 12.4(12.2r)T. The 6509 says the vc is up:
Switch#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
Gi4/1 Ethernet 172.29.255.7 77 UP
But on the 7201 I'm getting:
Router#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
Gi0/3 Ethernet 172.29.255.10 77 DOWN
When I run show mpls l2transport vc detail it looks like:
Switch:
VC statistics:
transit packet totals: receive 0, send 35308
transit byte totals: receive 0, send 2745983
transit packet drops: receive 0, send 0
Router:
VC statistics:
packet totals: receive 35414, send 0
byte totals: receive 2754295, send 0
packet drops: receive 0, seq error 0, send 1421389
Weird that the switch is sending but not receiving and the router is receiving but not sending.
The topoligy is:
[6509-E] <-> [7201transit] <-> [7201]
The transit router has mpls ip enabled and has another functional pseudowire running across it.
Thanks in advance I'm pretty new to MPLS, please let me know if you need more information, I can post configs etc.
--WillHey Negandra,
Thank you for your response! How do I know if I have SIP/ES/ES+ cards? The two types of cards I have in the chassis are:
48 SFM-capable 48 port 10/100/1000mb RJ45 WS-X6548-GE-TX
24 CEF720 24 port 1000mb SFP
Are either of those capable?
--Will
*EDIT*
Also I have tried to terminate the pseudowire to a SVI on the 6509-E but I can't get it to come online.
CORE#show mpls l2transport vc
Local intf Local circuit Dest address VC ID Status
Gi4/3 Ethernet 172.x.x.x 2 ADMIN DOWN
Gi3/46 Ethernet 172.x.x.x 123 UP
Gi4/48 Ethernet 172.x.x.x 1337 DOWN
Gi4/5 Ethernet 172.x.x.x 4 ADMIN DOWN
Vl7 Eth VLAN 7 172.x.x.x 7 DOWN
CORE#show run int vlan7
Building configuration...
Current configuration : 91 bytes
interface Vlan7
no ip address
xconnect 172.29.255.7 7 encapsulation mpls
end
If I configure the pseudowire on a physical interface on the switch it comes up, what am I missing? Hardware limitation?
Thanks in advance,
--Will -
What trigger Line Protocol Down?
Hi,
Recently I encountered a problem on "line protocol down" as I'd posted on 4th April.
Could anyone direct me to any webpage or sites where there's a detail explaination of how & what would trigger a line protocol down. Or these kinda data-link failure. Thanks!
With regardsHi Friend,
There could be few reasons majorly physical layer issue when the line protocol goes down.
Can you please update which interface was showing line protocol down. Logical interface (SVI) on layer 3 switch, physical port on layer 2/3 switch or any physical interface on router?
If it is a physical interface on layer 2 switch it is majorly a physical layer issue or may be that particular vlan asscosiated to that port got deleted.
If it is a layer 3 logical interface showing line protocol down may be there is no vlan associated to that vlan configured on layer 2 switch port or no trunk carrying that vlan on that switch.
HTH, if yes please rate the post.
Ankur -
Sdlc interface down very often
Hello,
In my customer site, SDLC device connect to 2600. IOS version is 12.0.7T. Then access AS400 through DLSW function. We showed log and found the connected interface down very often. show log as below.
We checked AS400 log and didn't find the SDLC device inactive ever. And we check SDLC device, the device work well, user didn't find any problem??
We don't know why always log of message showed the interface down.
Anyone can help me??
.Jun 23 08:29:56 Taiwan: %LINK-3-UPDOWN: Interface Serial1/0, changed state to down
.Jun 23 08:29:57 Taiwan: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
.Jun 23 08:30:01 Taiwan: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
.Jun 23 08:30:02 Taiwan: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
.Jun 23 08:33:06 Taiwan: %LINK-3-UPDOWN: Interface Serial1/0, changed state to down
.Jun 23 08:33:07 Taiwan: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
.Jun 23 08:33:11 Taiwan: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
.Jun 23 08:33:12 Taiwan: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
.Jun 23 08:36:16 Taiwan: %LINK-3-UPDOWN: Interface Serial1/0, changed state to down
.Jun 23 08:36:17 Taiwan: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
.Jun 23 08:36:21 Taiwan: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
.Jun 23 08:36:22 Taiwan: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
.Jun 23 08:39:25 Taiwan: %LINK-3-UPDOWN: Interface Serial1/0, changed state to down
.Jun 23 08:39:26 Taiwan: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
.Jun 23 08:39:30 Taiwan: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
.Jun 23 08:39:31 Taiwan: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
JSB025a#sh inter se 1/0
Serial1/0 is up, line protocol is up
Hardware is CD2430 in sync mode
Description: connect to SNA pu2.1
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation SDLC, loopback not set
Half-duplex enabled.
cts-delay 0 milliseconds
dcd-txstart-delay 100 milliseconds
dcd-drop-delay 100 milliseconds
transmit-delay 0 milliseconds
Errors - 0 half duplex violation
Router link station role: PRIMARY (DCE)
Router link station metrics:
slow-poll 10 seconds
T1 (reply time out) 3000 milliseconds
N1 (max frame size) 12016 bits
N2 (retry count) 20
poll-pause-timer 10 milliseconds
poll-limit-value 1
k (windowsize) 7
modulo 8
sdlc vmac: 4000.2625.01--
sdlc addr 01 state is CONNECT (xid-poll)
cls_state is CLS_IN_SESSION
VS 5, VR 0, Remote VR 5, Current retransmit count 0
Hold queue: 0/200 IFRAMEs 116636/58170
TESTs 0/0 XIDs 40235/14460, DMs 6784/6736 FRMRs 0/0
RNRs 7/0 SNRMs 9757/0 DISC/RDs 9733/0 REJs 0/0
Poll: clear, Poll count: 0, ready for poll, chain: 01/01
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 9w3d
Queueing strategy: fifo
Output queue 0/40, 0 drops; input queue 0/75, 0 drops
5 minute input rate 0 bits/sec, 50 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
156063821 packets input, 318338246 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
11 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 11 abort
155708948 packets output, 337016303 bytes, 0 underruns
0 output errors, 0 collisions, 43092 interface resets
0 output buffer failures, 0 output buffers swapped out
106807 carrier transitions
DCD=up DSR=up DTR=up RTS=down CTS=downHi,
I believe that your line keeps bouncing due to Data
Carrier Detect(DCD) going down. I didn't see a copy
of the interface config but do you have the following
command under your interface?
half-duplex controlled-carrier
This in conjunction with the dcd-txstart-delay and
dcd-drop-delay settings will cause the DCE to drop
DCD frequently.
These are for very specialized environments which
probably are not what you have.
What is your environment, with respect to the
connection to the AS/400? Is it just a Cisco DCE
cable connected to an AS/400 cable? Or are there
other cables/switches/modems involved?
If you just have the Cisco DCE cable connected to
the AS/400's cable then you do not need that command.
Otherwise, it is possible you have a cable or
physical interface problem.
Please include your interface's config if this
information wasn't enough to resolve the problem.
Thanks and regards,
Ed Mazurek -
Router Managment Access when interface is down
Hi,
Please see the topology attached.
We have a customer network with number of routers/switches. We have a management network to manage devices via telnet/ssh.
On switches we have a vlan interface for switch management while on routers we have sub-interfaces ( 802.1Q trunk, with encapsulation) connected back to the switch for the management.
Problem :
Customer has ask us to give them a access to router/switches, we have give them telnet/ssh access via management network, to access router remotely customer ssh router (the sub-interface IP address F0/0.10 on router), but when the router interface Fa0/0.10 is down ( because switch at the remote end is down), customer cannot the telnet/ssh to router.
How can I allow customer to keep accessing the router while sub-interface on the router is down ( which they are telneting to)? I am happy to change to router config, but not sure which bits.
I can't create the loopback interface and assign the IP address to it from the managment network as the router subinterface F0/0.10 is already have IP address from that subnet and router gives overlapping mask error message.
I created the new looback interface on router and give is the same IP as of F0/0.10 and configure F0/0.10 as a IP unumbered loopback 0, it;s not working either for me.
Can I somehow configure the router to respond to the telnet/ssh when subinteface is down- I am happy to move the addresses, create new interfaces , change routing etc. but I can't change the network subnet that is already assigned to customer.
Please see the topology attached.
Any idea from anyone.
RegardsThanks for your responses.
I don't want to allocate the new subnet with /32 for the management as it will require many changes in the network such firewall etc.
There will be a single switch connected to the router physical interface F0/0, but there will be a multiple switches hanging off the first switch. ( all switches in the vlan10, including router sub-interface F0/0.10).
Customer will require access to both, switch(es) and router, customer understand that if the first switch ( that physically connects to the router interface F0/0 ) fails, access to all other switches will also fail, which is acceptable. At this point we must have access to router regardless we have lost access to the switch.
Customer want router to be accessible even if the switch(es) are down, as the router at the point router is fine and is still connected to the WAN network. Customer will lose the access to the switch(es) but should not lose the router access.
We have different IP subnets ( VRF's) for the customer data network ( LAN) and the router management, so I can't assign the router management IP address from the customer LAN subnet
Forgot to mentioned that we have three VRF's on router ( vrf-lite/ multi vrf) , one for customer data network, one for router management, one switch ( es) management.
Fa0/0.10 is in the switch management VRF, while router Loopback 0 is in the router VRF.
We have to maintain the vrf's to keep router and switch management traffic separate.
Router is always accessible to us ( not to customer) via router vrf hence its still available even if the router LAN management interface F0/0 is down.
Customer lose the access to both router and switch(es) if the F0/0 down.
The only option I can see would be to allocate a new subnet for customer router management and assign this to a new loopback and put under the switch management vrf.
Regards -
I'm trying to configure Fault Tolerance on a pair of 4710s. I followed the doc, and configured int gi1/4 as the fault tolerance interface, using vlan 12. However the GUI is saying FT Vlan Down
The troubleshooting wiki said check the physical connectivity, but everything there looks good. Each ACE can ping it's own IP, but not the router on that VLAN, or the peer. They're connected to a dedicated VLAN in a switch, and I even tried a crossover cable to directly connect the two.
Here's our config:
ace1/Admin# show running-config ft
Generating configuration....
ft interface vlan 12
ip address 192.168.12.1 255.255.255.0
peer ip address 192.168.12.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 12
query-interface vlan 1000
ft group 1
peer 1
peer priority 200
associate-context Admin
inservice
interface gigabitEthernet 1/4
description FT
ft-port vlan 12
no shutdown
Everything looks good, the interface is up/up, but I can't ping the peer. Gui shows FT Vlan Down. Here's a show ft peer...
ace1/Admin# show ft peer 1 detail
Peer Id : 1
State : FSM_PEER_STATE_DOWN
Maintenance mode : MAINT_MODE_OFF
FT Vlan : 12
FT Vlan IF State : UP
My IP Addr : 192.168.12.1
Peer IP Addr : 192.168.12.2
Query Vlan : 1000
Query Vlan IF State : UP, Manual validation - please ping peer
Peer Query IP Addr : 0.0.0.0
Heartbeat Interval : 300
Heartbeat Count : 20
Tx Packets : 0
Tx Bytes : 0
Rx Packets : 0
Rx Bytes : 0
Rx Error Bytes : 0
Tx Keepalive Packets : 0
Rx Keepalive Packets : 0
TL_CLOSE count : 0
FT_VLAN_DOWN count : 0
PEER_DOWN count : 2
SRG Compatibility : INIT
License Compatibility : INIT
FT Groups : 1
Any other ideas on what to check?
Thanks
TomHi Tom,
It looks the vlan and the physical interface are up. You can anyway check the following to confirm:
sh interface gi 1/4
sh interface vlan 12
In "sh interface gi 1/4 counters", do you see the "RX packets" counter increasing?
You should be able to ping 192.168.12.2 from 192.168.12.1 and vice versa. Which ip did you assign to the other peer. Should be:
ft interface vlan 12
peer ip address 192.168.12.2 255.255.255.0
ip address 192.168.12.1 255.255.255.0
no shutdown
You can check as well "sh ft stats" and see if the heartbeats counter are increasing.
Regarding to other interfaces, you mention that you can't ping devices on the ACE adjacent vlans. Are you allowing icmp traffic? For instance:
policy-map type management first-match management
class management
permit
class-map type management match-any management
match protocol icmp any
service-policy input management
Finally, did you check whether you are able to resolve mac addresses?
I hope it helps,
Olivier -
Cisco Prime Infrastructure 2.1 not send email alert when link down
Hello everyone
I use PI to monitor 1 switch and 1 firewall . When a link up/down on switch , PI immediately sends an email alert .
But when a link up/down on FW , PI not send any email alert . PI knows link up/down on a FW is a critical alarm ( it's show up on "Alarm Browser") , but not send email.
I enable all SNMP trap on FW , i tested that event on SolarWinds and it immediately sends an email alert . So there is no problem about FW configCauses of Errdisable
This feature was first implemented to handle special collision situations in which the switch detected excessive or late collisions on a port. Excessive collisions occur when a frame is dropped because the switch encounters 16 collisions in a row. Late collisions occur after every device on the wire should have recognized that the wire was in use. Possible causes of these types of errors include:
A cable that is out of specification (either too long, the wrong type, or defective)
A bad network interface card (NIC) card (with physical problems or driver problems)
A port duplex misconfiguration
A port duplex misconfiguration is a common cause of the errors because of failures to negotiate the speed and duplex properly between two directly connected devices (for example, a NIC that connects to a switch). Only half-duplex connections should ever have collisions in a LAN. Because of the carrier sense multiple access (CSMA) nature of Ethernet, collisions are normal for half duplex, as long as the collisions do not exceed a small percentage of traffic.
There are various reasons for the interface to go into errdisable. The reason can be:
Duplex mismatch
Port channel misconfiguration
BPDU guard violation
UniDirectional Link Detection (UDLD) condition
Late-collision detection
Link-flap detection
Security violation
Port Aggregation Protocol (PAgP) flap
Layer 2 Tunneling Protocol (L2TP) guard
DHCP snooping rate-limit
Incorrect GBIC / Small Form-Factor Pluggable (SFP) module or cable
Address Resolution Protocol (ARP) inspection
Inline power
Note: Error-disable detection is enabled for all of these reasons by default. In order to disable error-disable detection, use the no errdisable detect cause command. The show errdisable detect command displays the error-disable detection status. -
Unable to see interface on ASA 5510 Firewall
Hi All,
I am unable to see 4th interface on my firewall i.e fastether0/3 on my firewall ASA 5510.
Below is the output.
ciscoasa# sh int ip br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 x.x.x.x YES CONFIG up up
Ethernet0/1 x.x.x.x YES CONFIG up up
Ethernet0/2 unassigned YES unset administratively down down
Internal-Control0/0 127.0.1.1 YES unset up up
Internal-Data0/0 unassigned YES unset up up
Management0/0 192.168.1.1 YES CONFIG up up
Please suggest what could be the reason.
Regards
PankajHi Ramraj,
Even i have the base license for my ASA 5510 which is showing all the 4 interfaces in sh ver. I don't think so license would be an issue. There should be some IOS code bug that needs to be upgraded. If this goes for an OS upgrade it should get resolved.
Its not showing up in sh ver . As Karsten said he might be running on old IOS version.
fy-a# sh ver
Cisco Adaptive Security Appliance Software Version 8.4(4)1
Device Manager Version 6.4(5)
Compiled on Thu 14-Jun-12 11:20 by builders
System image file is "disk0:/asa844-1-k8.bin"
Config file at boot was "startup-config"
fy-a up 1 day 1 hour
Hardware: ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Ext: Ethernet0/0 : address is 2c54.2d0c.8f1a, irq 9
1: Ext: Ethernet0/1 : address is 2c54.2d0c.8f1b, irq 9
2: Ext: Ethernet0/2 : address is 2c54.2d0c.8f1c, irq 9
3: Ext: Ethernet0/3 : address is 2c54.2d0c.8f1d, irq 9
4: Ext: Management0/0 : address is 2c54.2d0c.8f1e, irq 11
5: Int: Not used : irq 11
6: Int: Not used : irq 5
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 50 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
Serial Number: JMX1AXXXXX
Running Permanent Activation Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Configuration register is 0x1
Configuration has not been modified since last system restart.
fy-a#
Ramraj please do correct me if am wrong.
Please do rate if the given information helps.
By
Karthik -
Internet Connection Became Slow after Introduction of Cisco ASA 5505 to the Network
I configured a Cisco ASA 5505 (Version Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(3)
in transparent firewall mode and inserted after Cisco 1700 router. However, the internet connection became very slow and users are compaining that they cannot load any pages.
My setup looks like:
Internet --> Cisco 1700 --> Cisco ASA 5505 --> LAN
The license information is:
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
This platform has a Base license.
The flash activation key is the SAME as the running key.
My running-config looks like:
ASA Version 7.2(3)
firewall transparent
hostname ciscoasa
domain-name default.domain.invalid
enable password 8Ry2YjIyt7RRXU24 encrypted
names
interface Vlan1
nameif inside
security-level 100
no shut
interface Vlan2
nameif outside
security-level 0
no shut
interface Ethernet0/0
switchport access vlan 2
no shut
interface Ethernet0/1
no shut
interface Ethernet0/2
no shut
interface Ethernet0/3
no shut
interface Ethernet0/4
no shut
interface Ethernet0/5
no shut
interface Ethernet0/6
no shut
interface Ethernet0/7
no shut
passwd 2KFQnbNIdI.2KYOU encrypted
regex urllist1 ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.[01]"
regex urllist2 ".*\.([Pp][Ii][Ff]|[Vv][Bb][Ss]|[Ww][Ss][Hh]) HTTP/1.[01]"
regex urllist3 ".*\.([Dd][Oo][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]"
regex urllist4 ".*\.([Zz][Ii][Pp]|[Tt][Aa][Rr]|[Tt][Gg][Zz]) HTTP/1.[01]"
regex domainlist1 "\.facebook\.com"
regex domainlist2 "\.diretube\.com"
regex domainlist3 "\.youtube\.com"
regex domainlist4 "\.vimeo\.com"
regex applicationheader "application/.*"
regex contenttype "Content-Type"
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list outside_in extended permit ip any any
access-list inside_mpc extended permit tcp any any eq www
access-list inside_mpc extended permit tcp any any eq 8080
pager lines 24
mtu outside 1500
mtu inside 1500
ip address 192.168.1.254 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map type regex match-any DomainBlockList
match regex domainlist1
match regex domainlist2
match regex domainlist3
match regex domainlist4
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
class-map type regex match-any URLBlockList
match regex urllist1
match regex urllist2
match regex urllist3
match regex urllist4
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-all AppHeaderClass
match response header regex contenttype regex applicationheader
class-map httptraffic
match access-list inside_mpc
class-map type inspect http match-all BlockURLsClass
match request uri regex class URLBlockList
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect http http_inspection_policy
parameters
protocol-violation action drop-connection
class AppHeaderClass
drop-connection log
match request method connect
drop-connection log
class BlockDomainsClass
reset log
class BlockURLsClass
reset log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
policy-map inside-policy
class httptraffic
inspect http http_inspection_policy
service-policy global_policy global
service-policy inside-policy interface inside
prompt hostname context
Cryptochecksum:8ab1a53df6ae3c202aee236d6080edfd
: end
Could the slow internet connection be due to license limitations? Or is there something wrong with my configuration?
Please see the configuration and help.
ThanksI have re-configured the ASA 5505 yesterday and so far it's working fine. I am not sure if the problem will re-appear later on. Anyways here is my sh tech-support
ciscoasa# sh tech-support
Cisco Adaptive Security Appliance Software Version 7.2(3)
Device Manager Version 5.2(3)
Compiled on Wed 15-Aug-07 16:08 by builders
System image file is "disk0:/asa723-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 14 hours 16 mins
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CNlite-MC-Boot-Cisco-1.2
SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
0: Int: Internal-Data0/0 : address is 001f.9ee8.ffa2, irq 11
1: Ext: Ethernet0/0 : address is 001f.9ee8.ff9a, irq 255
2: Ext: Ethernet0/1 : address is 001f.9ee8.ff9b, irq 255
3: Ext: Ethernet0/2 : address is 001f.9ee8.ff9c, irq 255
4: Ext: Ethernet0/3 : address is 001f.9ee8.ff9d, irq 255
5: Ext: Ethernet0/4 : address is 001f.9ee8.ff9e, irq 255
6: Ext: Ethernet0/5 : address is 001f.9ee8.ff9f, irq 255
<--- More --->
7: Ext: Ethernet0/6 : address is 001f.9ee8.ffa0, irq 255
8: Ext: Ethernet0/7 : address is 001f.9ee8.ffa1, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
VPN Peers : 10
WebVPN Peers : 2
Dual ISPs : Disabled
VLAN Trunk Ports : 0
This platform has a Base license.
Serial Number: JMX1211Z2N4
Running Activation Key: 0xaf0ed046 0xbcf18ebf 0x80b38508 0xba785cc0 0x05250493
Configuration register is 0x1
Configuration has not been modified since last system restart.
<--- More --->
------------------ show clock ------------------
18:32:58.254 UTC Tue Nov 26 2013
------------------ show memory ------------------
Free memory: 199837144 bytes (74%)
Used memory: 68598312 bytes (26%)
Total memory: 268435456 bytes (100%)
------------------ show conn count ------------------
1041 in use, 2469 most used
------------------ show xlate count ------------------
0 in use, 0 most used
------------------ show blocks ------------------
SIZE MAX LOW CNT
0 100 68 100
<--- More --->
4 300 299 299
80 100 92 100
256 100 94 100
1550 6174 6166 6174
2048 1124 551 612
------------------ show blocks queue history detail ------------------
History buffer memory usage: 2136 bytes (default)
------------------ show interface ------------------
Interface Internal-Data0/0 "", is up, line protocol is up
Hardware is y88acs06, BW 1000 Mbps
(Full-duplex), (1000 Mbps)
MAC address 001f.9ee8.ffa2, MTU not set
IP address unassigned
18491855 packets input, 11769262614 bytes, 0 no buffer
Received 213772 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops, 0 demux drops
18185861 packets output, 11626494317 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
<--- More --->
0 input reset drops, 0 output reset drops
input queue (curr/max packets): hardware (0/0) software (0/0)
output queue (curr/max packets): hardware (0/55) software (0/0)
Control Point Interface States:
Interface number is unassigned
Interface Internal-Data0/1 "", is administratively down, line protocol is up
Hardware is 88E6095, BW 1000 Mbps
(Full-duplex), (1000 Mbps)
MAC address 0000.0003.0002, MTU not set
IP address unassigned
18184216 packets input, 11625360131 bytes, 0 no buffer
Received 206655 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 switch ingress policy drops
18490057 packets output, 11768078777 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Loopback0 "_internal_loopback", is up, line protocol is up
Hardware is VirtualMAC address 0000.0000.0000, MTU 1500
IP address 127.1.0.1, subnet mask 255.255.0.0
<--- More --->
Traffic Statistics for "_internal_loopback":
1 packets input, 28 bytes
1 packets output, 28 bytes
1 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 28
Interface config status is active
Interface state is active
Interface Vlan1 "inside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001f.9ee8.ffa2, MTU 1500
IP address 192.168.1.254, subnet mask 255.255.255.0
Traffic Statistics for "inside":
7742275 packets input, 903584114 bytes
10645034 packets output, 10347291114 bytes
184883 packets dropped
1 minute input rate 320 pkts/sec, 35404 bytes/sec
1 minute output rate 325 pkts/sec, 313317 bytes/sec
<--- More --->
1 minute drop rate, 17 pkts/sec
5 minute input rate 399 pkts/sec, 59676 bytes/sec
5 minute output rate 483 pkts/sec, 503200 bytes/sec
5 minute drop rate, 9 pkts/sec
Control Point Interface States:
Interface number is 1
Interface config status is active
Interface state is active
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001f.9ee8.ffa3, MTU 1500
IP address 192.168.1.254, subnet mask 255.255.255.0
Traffic Statistics for "outside":
10750090 packets input, 10432619059 bytes
7541331 packets output, 870613684 bytes
109911 packets dropped
1 minute input rate 328 pkts/sec, 313770 bytes/sec
1 minute output rate 301 pkts/sec, 32459 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 485 pkts/sec, 503789 bytes/sec
5 minute output rate 387 pkts/sec, 57681 bytes/sec
5 minute drop rate, 2 pkts/sec
Control Point Interface States:
Interface number is 2
<--- More --->
Interface config status is active
Interface state is active
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001f.9ee8.ff9a, MTU not set
IP address unassigned
10749794 packets input, 10630700889 bytes, 0 no buffer
Received 2506 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
3 switch ingress policy drops
7541070 packets output, 1028190148 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/1 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
<--- More --->
Available but not configured via nameif
MAC address 001f.9ee8.ff9b, MTU not set
IP address unassigned
7741977 packets input, 1064586806 bytes, 0 no buffer
Received 211282 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
10644663 packets output, 10543362751 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/2 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9c, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
<--- More --->
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/3 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9d, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
<--- More --->
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/4 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9e, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
<--- More --->
Interface number is unassigned
Interface Ethernet0/5 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ff9f, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/6 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
<--- More --->
MAC address 001f.9ee8.ffa0, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
Interface Ethernet0/7 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex, Auto-Speed
Available but not configured via nameif
MAC address 001f.9ee8.ffa1, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
<--- More --->
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Control Point Interface States:
Interface number is unassigned
------------------ show cpu usage ------------------
CPU utilization for 5 seconds = 12%; 1 minute: 11%; 5 minutes: 11%
------------------ show cpu hogging process ------------------
Process: Dispatch Unit, NUMHOG: 1, MAXHOG: 133, LASTHOG: 140
LASTHOG At: 04:45:59 UTC Nov 26 2013
PC: 8be0f7
Traceback: 8bed19 8bf553 302b87 3030a5 2fad69 7674bf 75ca16
c6251d c62a4c c62f6c 75c653 767820 797f64 769c85
<--- More --->
------------------ show process ------------------
PC SP STATE Runtime SBASE Stack Process
Mwe 00c9bb24 01bb8700 013e3250 0 01733fc8 15616/16384 emweb/cifs
Lwe 001072ac 0176f9c4 013e32d0 0 0176d9f0 8132/8192 block_diag
Mrd 00223a67 01783d5c 013e33b0 314854 0177be18 25752/32768 Dispatch Unit
Msi 00f82847 01b07b84 013e3250 229 01b05bc0 7984/8192 y88acs06 OneSec Thread
Mwe 0011b1a5 01b09cfc 013e3250 0 01b07d88 7864/8192 Reload Control Thread
Mwe 00120606 01b1260c 013e5258 0 01b10988 7256/8192 aaa
Mwe 001486aa 01b19404 013e5ae8 0 01b15450 16020/16384 CMGR Server Process
Mwe 0014c3c5 01b1b4d4 013e3250 0 01b19570 7968/8192 CMGR Timer Process
Lwe 002227a1 01b239b4 013ee360 0 01b219f0 7524/8192 dbgtrace
Mwe 004e1ba5 01b29c34 013e3250 157 01b27d50 6436/8192 eswilp_svi_init
Mwe 01064b1d 01b4a7f4 013e3250 0 01b48890 7848/8192 Chunk Manager
Msi 008b61b6 01b52d54 013e3250 230 01b50da0 7856/8192 PIX Garbage Collector
Lsi 00ecb6ac 01b54e94 013e3250 12 01b52ec0 7552/8192 route_process
Mwe 008a5ddc 01b5dc04 0133b430 0 01b5bc40 8116/8192 IP Address Assign
Mwe 00acb779 01b60604 01346e10 0 01b5e640 8116/8192 QoS Support Module
Mwe 0091eba9 01b6275c 0133c530 0 01b60798 8116/8192 Client Update Task
Lwe 01083c8e 01b656d4 013e3250 123088 01b63770 7840/8192 Checkheaps
Mwe 00acfd7d 01b6b824 013e3250 623 01b69ad0 3476/8192 Quack process
Mwe 00b2a260 01b6dad4 013e3250 22 01b6bbf0 7364/8192 Session Manager
Mwe 00c55efd 01b78564 031d0478 4 01b74a50 14768/16384 uauth
<--- More --->
Mwe 00be3c9e 01b7aaec 0135c010 0 01b78b28 7524/8192 Uauth_Proxy
Mwe 00c52759 01b80e0c 01361770 0 01b7ee88 7712/8192 SMTP
Mwe 00c3f7b9 01b82eec 01361710 0 01b80fa8 7412/8192 Logger
Mwe 00c3fd26 01b8502c 013e3250 0 01b830c8 7492/8192 Thread Logger
Mwe 00f62272 01b9596c 013ac520 0 01b939c8 7188/8192 vpnlb_thread
Msi 00b4097c 01c598c4 013e3250 190 01c578f0 8000/8192 emweb/cifs_timer
Msi 005bd338 017a909c 013e3250 25855 017a7108 7412/8192 arp_timer
Mwe 005c76bc 01b486e4 013fba50 20643 01b46770 7348/8192 arp_forward_thread
Mwe 00c5a919 023fa5fc 013619e0 0 023f8648 7968/8192 tcp_fast
Mwe 00c5a6e5 023fc624 013619e0 0 023fa670 7968/8192 tcp_slow
Mwe 00c754d1 0240d42c 013628a0 0 0240b478 8100/8192 udp_timer
Mwe 0019cb17 01b404a4 013e3250 0 01b3e530 7984/8192 CTCP Timer process
Mwe 00efe8b3 0308c15c 013e3250 0 0308a208 7952/8192 L2TP data daemon
Mwe 00efef23 0308e194 013e3250 0 0308c230 7968/8192 L2TP mgmt daemon
Mwe 00eea02b 030c62ac 013a5c10 43 030c2338 16244/16384 ppp_timer_thread
Msi 00f62d57 030c82f4 013e3250 264 030c6360 7924/8192 vpnlb_timer_thread
Mwe 001b96e6 01b7cbbc 01b1e9c8 1 01b7ac48 7728/8192 IPsec message handler
Msi 001c9bac 01b8d4dc 013e3250 2917 01b8b548 7648/8192 CTM message handler
Mwe 00af93b8 031465b4 013e3250 0 03144640 7984/8192 ICMP event handler
Mwe 00831003 0314a724 013e3250 387 031467b0 16100/16384 IP Background
Mwe 0021b267 031a83c4 013123c0 31 03188450 123488/131072 tmatch compile thread
Mwe 009f2405 03290044 013e3250 0 0328c0c0 16072/16384 Crypto PKI RECV
Mwe 009f305a 03294144 013e3250 0 032901e0 16040/16384 Crypto CA
Mwe 0064d4fd 01b3e24c 013e3250 8 01b3c2f8 7508/8192 ESW_MRVL switch interrupt service
<--- More --->
Msi 00646f5c 032c134c 013e3250 3059378 032bf448 7184/8192 esw_stats
Lsi 008cbb80 032dc704 013e3250 3 032da730 7908/8192 uauth_urlb clean
Lwe 008afee7 034a0914 013e3250 197 0349e9b0 6636/8192 pm_timer_thread
Mwe 0052f0bf 034a35ac 013e3250 0 034a1648 7968/8192 IKE Timekeeper
Mwe 00520f6b 034a8adc 0132e2b0 0 034a4e38 15448/16384 IKE Daemon
Mwe 00bf5c78 034ac7ac 01360680 0 034aa7f8 8100/8192 RADIUS Proxy Event Daemon
Mwe 00bc32de 034ae79c 034dcbe0 0 034ac918 7208/8192 RADIUS Proxy Listener
Mwe 00bf5e0f 034b099c 013e3250 0 034aea38 7968/8192 RADIUS Proxy Time Keeper
Mwe 005aac4c 034b3154 013fb980 0 034b1250 7492/8192 Integrity FW Task
M* 008550a5 0009fefc 013e33b0 3183 034e3b20 24896/32768 ci/console
Msi 008eb694 034ed9d4 013e3250 2370 034ebc40 6176/8192 update_cpu_usage
Msi 008e6415 034f7dac 013e3250 1096 034f5eb8 6124/8192 NIC status poll
Mwe 005b63e6 03517d1c 013fbd10 1963 03515d78 7636/8192 IP Thread
Mwe 005becbe 03519e4c 013fbcb0 3 03517e98 7384/8192 ARP Thread
Mwe 004c2b36 0351befc 013fbae0 0 03519fe8 7864/8192 icmp_thread
Mwe 00c7722e 0351e06c 013e3250 0 0351c108 7848/8192 udp_thread
Mwe 00c5d126 0352008c 013fbd00 0 0351e228 7688/8192 tcp_thread
Mwe 00bc32de 03a6982c 03a5ee18 0 03a679b8 7512/8192 EAPoUDP-sock
Mwe 00266c15 03a6b614 013e3250 0 03a699e0 7032/8192 EAPoUDP
Mwe 005a6728 01b27b94 013e3250 0 01b25c30 7968/8192 Integrity Fw Timer Thread
- - - - 47686621 - - scheduler
- - - - 51253819 - - total elapsed
------------------ show failover ------------------
<--- More --->
ERROR: Command requires failover license
------------------ show traffic ------------------
inside:
received (in 51429.740 secs):
7749585 packets905087345 bytes
67 pkts/sec17013 bytes/sec
transmitted (in 51429.740 secs):
10653162 packets10355908020 bytes
40 pkts/sec201026 bytes/sec
1 minute input rate 412 pkts/sec, 51803 bytes/sec
1 minute output rate 475 pkts/sec, 522952 bytes/sec
1 minute drop rate, 24 pkts/sec
5 minute input rate 399 pkts/sec, 59676 bytes/sec
5 minute output rate 483 pkts/sec, 503200 bytes/sec
5 minute drop rate, 9 pkts/sec
outside:
received (in 51430.240 secs):
10758403 packets10441440193 bytes
42 pkts/sec203021 bytes/sec
transmitted (in 51430.240 secs):
7548339 packets872053854 bytes
<--- More --->
63 pkts/sec16037 bytes/sec
1 minute input rate 479 pkts/sec, 523680 bytes/sec
1 minute output rate 387 pkts/sec, 46796 bytes/sec
1 minute drop rate, 3 pkts/sec
5 minute input rate 485 pkts/sec, 503789 bytes/sec
5 minute output rate 387 pkts/sec, 57681 bytes/sec
5 minute drop rate, 2 pkts/sec
_internal_loopback:
received (in 51430.740 secs):
1 packets28 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51430.740 secs):
1 packets28 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Aggregated Traffic on Physical Interface
<--- More --->
Ethernet0/0:
received (in 51431.740 secs):
10758462 packets10640075825 bytes
42 pkts/sec206042 bytes/sec
transmitted (in 51431.740 secs):
7548383 packets1029818127 bytes
63 pkts/sec20023 bytes/sec
1 minute input rate 485 pkts/sec, 537048 bytes/sec
1 minute output rate 395 pkts/sec, 54546 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 485 pkts/sec, 511723 bytes/sec
5 minute output rate 387 pkts/sec, 65495 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/1:
received (in 51433.570 secs):
7749780 packets1066328930 bytes
67 pkts/sec20064 bytes/sec
transmitted (in 51433.570 secs):
10653359 packets10552787020 bytes
40 pkts/sec205006 bytes/sec
1 minute input rate 419 pkts/sec, 59621 bytes/sec
1 minute output rate 480 pkts/sec, 533950 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 399 pkts/sec, 67618 bytes/sec
<--- More --->
5 minute output rate 482 pkts/sec, 511073 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/2:
received (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/3:
received (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.730 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
<--- More --->
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/4:
received (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/5:
received (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51434.870 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
<--- More --->
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/6:
received (in 51435.010 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51435.010 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/7:
received (in 51435.010 secs):
0 packets0 bytes
0 pkts/sec0 bytes/sec
transmitted (in 51435.010 secs):
<--- More --->
0 packets0 bytes
0 pkts/sec0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
received (in 51435.510 secs):
18513901 packets11784250044 bytes
25 pkts/sec229023 bytes/sec
transmitted (in 51435.510 secs):
18207269 packets11641332179 bytes
19 pkts/sec226078 bytes/sec
1 minute input rate 891 pkts/sec, 595715 bytes/sec
1 minute output rate 863 pkts/sec, 588935 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 885 pkts/sec, 584035 bytes/sec
5 minute output rate 870 pkts/sec, 580393 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/1:
received (in 51436.010 secs):
18207323 packets11641364184 bytes
<--- More --->
19 pkts/sec226076 bytes/sec
transmitted (in 51436.010 secs):
18513954 packets11784281987 bytes
25 pkts/sec229022 bytes/sec
1 minute input rate 855 pkts/sec, 575808 bytes/sec
1 minute output rate 884 pkts/sec, 582339 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 869 pkts/sec, 578350 bytes/sec
5 minute output rate 883 pkts/sec, 581924 bytes/sec
5 minute drop rate, 0 pkts/sec
------------------ show perfmon ------------------
PERFMON STATS: Current Average
Xlates 0/s 0/s
Connections 17/s 6/s
TCP Conns 8/s 2/s
UDP Conns 7/s 2/s
URL Access 0/s 0/s
URL Server Req 0/s 0/s
TCP Fixup 0/s 0/s
TCP Intercept 0/s 0/s
HTTP Fixup 0/s 0/s
<--- More --->
FTP Fixup 0/s 0/s
AAA Authen 0/s 0/s
AAA Author 0/s 0/s
AAA Account 0/s 0/s
------------------ show counters ------------------
Protocol Counter Value Context
IP IN_PKTS 168960 Summary
IP OUT_PKTS 169304 Summary
IP TO_ARP 61 Summary
------------------ show history ------------------
------------------ show firewall ------------------
Firewall mode: Transparent
------------------ show running-config ------------------
<--- More --->
: Saved
ASA Version 7.2(3)
firewall transparent
hostname ciscoasa
enable password
names
interface Vlan1
nameif inside
security-level 100
interface Vlan2
nameif outside
security-level 0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
<--- More --->
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd
regex domain1 ".facebook\.com"
regex domain2 ".fb\.com"
regex domain3 ".youtube\.com"
ftp mode passive
access-list ACL_IN extended permit ip any any
pager lines 24
mtu inside 1500
mtu outside 1500
ip address 192.168.1.254 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
<--- More --->
arp timeout 14400
access-group ACL_IN in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map type regex match-any DomainBlockList
match regex domain1
match regex domain2
match regex domain3
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
<--- More --->
message-length maximum 512
match domain-name regex class DomainBlockList
drop-connection log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:bb5115ea1d14ee42e7961ef0c9aaed86
: end
<--- More --->
------------------ show startup-config errors ------------------
INFO: No configuration errors
------------------ console logs ------------------
Message #1 : Message #2 : Message #3 : Message #4 : Message #5 : Message #6 : Message #7 : Message #8 : Message #9 : Message #10 : Message #11 : Message #12 : Message #13 : Message #14 :
Total SSMs found: 0
Message #15 :
Total NICs found: 10
Message #16 : 88E6095 rev 2 Gigabit Ethernet @ index 09Message #17 : MAC: 0000.0003.0002
Message #18 : 88E6095 rev 2 Ethernet @ index 08Message #19 : MAC: 001f.9ee8.ffa1
Message #20 : 88E6095 rev 2 Ethernet @ index 07Message #21 : MAC: 001f.9ee8.ffa0
Message #22 : 88E6095 rev 2 Ethernet @ index 06Message #23 : MAC: 001f.9ee8.ff9f
Message #24 : 88E6095 rev 2 Ethernet @ index 05Message #25 : MAC: 001f.9ee8.ff9e
Message #26 : 88E6095 rev 2 Ethernet @ index 04Message #27 : MAC: 001f.9ee8.ff9d
Message #28 : 88E6095 rev 2 Ethernet @ index 03Message #29 : MAC: 001f.9ee8.ff9c
Message #30 : 88E6095 rev 2 Ethernet @ index 02Message #31 : MAC: 001f.9ee8.ff9b
Message #32 : 88E6095 rev 2 Ethernet @ index 01Message #33 : MAC: 001f.9ee8.ff9a
Message #34 : y88acs06 rev16 Gigabit Ethernet @ index 00 MAC: 001f.9ee8.ffa2
Message #35 :
Licensed features for this platform:
Message #36 : Maximum Physical Interfaces : 8
<--- More --->
Message #37 : VLANs : 3, DMZ Restricted
Message #38 : Inside Hosts : Unlimited
Message #39 : Failover : Disabled
Message #40 : VPN-DES : Enabled
Message #41 : VPN-3DES-AES : Enabled
Message #42 : VPN Peers : 10
Message #43 : WebVPN Peers : 2
Message #44 : Dual ISPs : Disabled
Message #45 : VLAN Trunk Ports : 0
Message #46 :
This platform has a Base license.
Message #47 :
Message #48 : Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Message #49 : Boot microcode : CNlite-MC-Boot-Cisco-1.2
Message #50 : SSL/IKE microcode: CNlite-MC-IPSEC-Admin-3.03
Message #51 : IPSec microcode : CNlite-MC-IPSECm-MAIN-2.04
Message #52 : --------------------------------------------------------------------------
Message #53 : . .
Message #54 : | |
Message #55 : ||| |||
Message #56 : .|| ||. .|| ||.
Message #57 : .:||| | |||:..:||| | |||:.
Message #58 : C i s c o S y s t e m s
Message #59 : --------------------------------------------------------------------------
<--- More --->
Message #60 :
Cisco Adaptive Security Appliance Software Version 7.2(3)
Message #61 :
Message #62 : ****************************** Warning *******************************
Message #63 : This product contains cryptographic features and is
Message #64 : subject to United States and local country laws
Message #65 : governing, import, export, transfer, and use.
Message #66 : Delivery of Cisco cryptographic products does not
Message #67 : imply third-party authority to import, export,
Message #68 : distribute, or use encryption. Importers, exporters,
Message #69 : distributors and users are responsible for compliance
Message #70 : with U.S. and local country laws. By using this
Message #71 : product you agree to comply with applicable laws and
Message #72 : regulations. If you are unable to comply with U.S.
Message #73 : and local laws, return the enclosed items immediately.
Message #74 :
Message #75 : A summary of U.S. laws governing Cisco cryptographic
Message #76 : products may be found at:
Message #77 : http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
Message #78 :
Message #79 : If you require further assistance please contact us by
Message #80 : sending email to [email protected].
Message #81 : ******************************* Warning *******************************
Message #82 :
<--- More --->
Message #83 : Copyright (c) 1996-2007 by Cisco Systems, Inc.
Message #84 : Restricted Rights Legend
Message #85 : Use, duplication, or disclosure by the Government is
Message #86 : subject to restrictions as set forth in subparagraph
Message #87 : (c) of the Commercial Computer Software - Restricted
Message #88 : Rights clause at FAR sec. 52.227-19 and subparagraph
Message #89 : (c) (1) (ii) of the Rights in Technical Data and Computer
Message #90 : Software clause at DFARS sec. 252.227-7013.
Message #91 : Cisco Systems, Inc.
Message #92 : 170 West Tasman Drive
Message #93 : San Jose, California 95134-1706
ciscoasa# -
Site-to-site VPN failover via 3G HWIC
Small problem. Branch utilizes a 2811 router connected via MPLS to core via serial interface. If serial ip sla reachability fails, fire up the cell interface, dial out and connect to the internet. Establish ipsec tunnel to a peer ASA and pass local LAN traffic over the tunnel. Problem is the tunnel does come up and I am 'briefly' able to communicate across the tunnel but then *poof*. No more communication. Tried multiple ideas and thoughts (different encypt, authentication etc). I am thinking that per my config, the IPSEC session is trying to establish before the dialer session is fully up, thus potentially causing problems with the authentication to the peer. Any help would be appreciated. Here is the debug of isakmp, ipsec, dialer and ppp when I manually kill the serial interface:
14th_Street(config)#int s0/1/0:0
14th_Street(config-if)#shut
14th_Street(config-if)#
*Nov 25 17:44:55.011 UTC: %BGP-5-ADJCHANGE: neighbor xxx.xxx.xxx.xxx Down Interface flap
*Nov 25 17:44:55.911 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:55.911 UTC: Ce0/0/0 DDR: place call
*Nov 25 17:44:55.911 UTC: Ce0/0/0 DDR: Dialing cause ip (s=xxx.xxx.xxx.xxx, d=xxx.xxx.xxx.xxx)
*Nov 25 17:44:55.911 UTC: Ce0/0/0 DDR: Attempting to dial cdma
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Attempting async line dialer script
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Dialing using Modem script: cdma & System script: none
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: process started
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Asserting DTR
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Chat script cdma started
*Nov 25 17:44:55.915 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:56.999 UTC: %LINK-5-CHANGED: Interface Serial0/1/0:0, changed state to administratively down
*Nov 25 17:44:56.999 UTC: Se0/1/0:0 PPP: Sending Acct Event[Down] id[1]
*Nov 25 17:44:56.999 UTC: Se0/1/0:0 CDPCP: State is Closed
*Nov 25 17:44:56.999 UTC: Se0/1/0:0 IPCP: State is Closed
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 PPP: Phase is TERMINATING
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 LCP: State is Closed
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 PPP: Phase is DOWN
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 IPCP: Remove route to xxx.xxx.xxx.xxx
*Nov 25 17:44:57.007 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:57.099 UTC: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down
*Nov 25 17:44:57.811 UTC: CHAT0/0/0: Chat script cdma finished, status = Success
*Nov 25 17:44:58.031 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0:0, changed state to down
*Nov 25 17:44:58.031 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:58.035 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:58.911 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:45:00.027 UTC: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to up
*Nov 25 17:45:00.027 UTC: Ce0/0/0 DDR: Dialer statechange to up
*Nov 25 17:45:00.027 UTC: Ce0/0/0 DDR: Dialer call has been placed
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Using dialer call direction
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Treating connection as a callout
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Session handle[FD000001] Session id[2]
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Phase is ESTABLISHING, Active Open
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Authorization NOT required
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: No remote authentication for call-out
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: O CONFREQ [Closed] id 1 len 20
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: MagicNumber 0x13255539 (0x050613255539)
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.031 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: I CONFREQ [REQsent] id 0 len 24
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MRU 1500 (0x010405DC)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACCM 0x00000000 (0x020600000000)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MagicNumber 0xCD87E220 (0x0506CD87E220)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: O CONFACK [REQsent] id 0 len 24
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MRU 1500 (0x010405DC)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACCM 0x00000000 (0x020600000000)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MagicNumber 0xCD87E220 (0x0506CD87E220)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: I CONFACK [ACKsent] id 1 len 20
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MagicNumber 0x13255539 (0x050613255539)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: State is Open
*Nov 25 17:45:00.035 UTC: Ce0/0/0 PPP: Phase is FORWARDING, Attempting Forward
*Nov 25 17:45:00.035 UTC: Ce0/0/0 PPP: Phase is ESTABLISHING, Finish LCP
*Nov 25 17:45:00.039 UTC: Ce0/0/0 PPP: Phase is UP
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: O CONFREQ [Closed] id 1 len 22
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: Address 0.0.0.0 (0x030600000000)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 PPP: Process pending ncp packets
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: I CONFREQ [REQsent] id 0 len 10
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x030642AEA8C0)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: O CONFACK [REQsent] id 0 len 10
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x030642AEA8C0)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 1 len 22
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 2 len 22
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 2 len 4
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 3 len 22
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 3 len 4
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 4 len 22
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: I CONFACK [ACKsent] id 4 len 22
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: State is Open
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: Install negotiated IP interface address xxx.xxx.xxx.xxx
*Nov 25 17:45:00.059 UTC: IPSEC(recalculate_mtu): reset sadb_root 4975A1A8 mtu to 1500
*Nov 25 17:45:00.063 UTC: Ce0/0/0 IPCP: Install route to xxx.xxx.xxx.xxx
*Nov 25 17:45:00.063 UTC: Ce0/0/0 DDR: dialer protocol up
*Nov 25 17:45:00.067 UTC: Ce0/0/0 IPCP: Add link info for cef entry xxx.xxx.xxx.xxx
*Nov 25 17:45:01.027 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/0/0, changed state to up
*Nov 25 17:45:29.763 UTC: DDR: IP Address is (xxx.xxx.xxx.xxx) for (Ce0/0/0)
*Nov 25 17:45:29.763 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= xxx.xxx.xxx.xxx, remote= xxx.xxx.xxx.xxx,
local_proxy= 192.168.221.0/255.255.255.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 86400s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Nov 25 17:45:29.767 UTC: ISAKMP:(0): SA request profile is (NULL)
*Nov 25 17:45:29.767 UTC: ISAKMP: Created a peer struct for xxx.xxx.xxx.xxx, peer port 500
*Nov 25 17:45:29.767 UTC: ISAKMP: New peer created peer = 0x47AC3A08 peer_handle = 0x80000002
*Nov 25 17:45:29.767 UTC: ISAKMP: Locking peer struct 0x47AC3A08, refcount 1 for isakmp_initiator
*Nov 25 17:45:29.767 UTC: ISAKMP: local port 500, remote port 500
*Nov 25 17:45:29.767 UTC: ISAKMP: set new node 0 to QM_IDLE
*Nov 25 17:45:29.771 UTC: insert sa successfully sa = 4B6322B8
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xxx
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-07 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-03 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): beginning Main Mode exchange
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_NO_STATE
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Nov 25 17:45:29.927 UTC: ISAKMP (0:0): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_NO_STATE
*Nov 25 17:45:29.927 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): processing SA payload. message ID = 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): processing vendor id payload
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): processing IKE frag vendor id payload
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Support for IKE Fragmentation not enabled
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xxx
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): local preshared key found
*Nov 25 17:45:29.931 UTC: ISAKMP : Scanning profiles for xauth ...
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
*Nov 25 17:45:29.931 UTC: ISAKMP: encryption 3DES-CBC
*Nov 25 17:45:29.931 UTC: ISAKMP: hash SHA
*Nov 25 17:45:29.931 UTC: ISAKMP: default group 2
*Nov 25 17:45:29.931 UTC: ISAKMP: auth pre-share
*Nov 25 17:45:29.931 UTC: ISAKMP: life type in seconds
*Nov 25 17:45:29.931 UTC: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):atts are acceptable. Next payload is 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Acceptable atts:actual life: 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Acceptable atts:life: 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Fill atts in sa vpi_length:4
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Returning Actual lifetime: 86400
*Nov 25 17:45:29.931 UTC: ISAKMP:(0)::Started lifetime timer: 86400.
*Nov 25 17:45:29.971 UTC: ISAKMP:(0): processing vendor id payload
*Nov 25 17:45:29.971 UTC: ISAKMP:(0): processing IKE frag vendor id payload
*Nov 25 17:45:29.971 UTC: ISAKMP:(0):Support for IKE Fragmentation not enabled
*Nov 25 17:45:29.971 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Nov 25 17:45:29.971 UTC: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
*Nov 25 17:45:29.971 UTC: ISAKMP:(0): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_SA_SETUP
*Nov 25 17:45:29.975 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Nov 25 17:45:29.975 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Nov 25 17:45:29.975 UTC: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
*Nov 25 17:45:30.171 UTC: ISAKMP (0:0): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_SA_SETUP
*Nov 25 17:45:30.171 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Nov 25 17:45:30.171 UTC: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
*Nov 25 17:45:30.171 UTC: ISAKMP:(0): processing KE payload. message ID = 0
*Nov 25 17:45:30.219 UTC: ISAKMP:(0): processing NONCE payload. message ID = 0
*Nov 25 17:45:30.219 UTC: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xxx
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): vendor ID is Unity
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): vendor ID seems Unity/DPD but major 71 mismatch
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): vendor ID is XAUTH
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): speaking to another IOS box!
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):vendor ID seems Unity/DPD but hash mismatch
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Old State = IKE_I_MM4 New State = IKE_I_MM4
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Send initial contact
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Nov 25 17:45:30.223 UTC: ISAKMP (0:1001): ID payload
next-payload : 8
type : 1
address : xxx.xxx.xxx.xxx
protocol : 17
port : 500
length : 12
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Total payload length: 12
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_KEY_EXCH
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001):Old State = IKE_I_MM4 New State = IKE_I_MM5
*Nov 25 17:45:30.495 UTC: ISAKMP (0:1001): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_KEY_EXCH
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): processing ID payload. message ID = 0
*Nov 25 17:45:30.495 UTC: ISAKMP (0:1001): ID payload
next-payload : 8
type : 1
address : xxx.xxx.xxx.xxx
protocol : 17
port : 500
length : 12
*Nov 25 17:45:30.495 UTC: ISAKMP:(0):: peer matches *none* of the profiles
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): processing HASH payload. message ID = 0
*Nov 25 17:45:30.495 UTC: ISAKMP:received payload type 17
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): vendor ID is DPD
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001):SA authentication status:
authenticated
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001):SA has been authenticated with xxx.xxx.xxx.xxx
*Nov 25 17:45:30.495 UTC: ISAKMP: Trying to insert a peer xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx/500/, and inserted successfully 47AC3A08.
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Old State = IKE_I_MM5 New State = IKE_I_MM6
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Old State = IKE_I_MM6 New State = IKE_I_MM6
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):beginning Quick Mode exchange, M-ID of 458622291
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):QM Initiator gets spi
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Node 458622291, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Nov 25 17:45:30.715 UTC: ISAKMP (0:1001): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing HASH payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing SA payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001):Checking IPSec proposal 1
*Nov 25 17:45:30.715 UTC: ISAKMP: transform 1, ESP_3DES
*Nov 25 17:45:30.715 UTC: ISAKMP: attributes in transform:
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life type in seconds
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life type in kilobytes
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
*Nov 25 17:45:30.715 UTC: ISAKMP: encaps is 1 (Tunnel)
*Nov 25 17:45:30.715 UTC: ISAKMP: authenticator is HMAC-SHA
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001):atts are acceptable.
*Nov 25 17:45:30.715 UTC: IPSEC(validate_proposal_request): proposal part #1
*Nov 25 17:45:30.715 UTC: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= xxx.xxx.xxx.xxx,
local_proxy= 192.168.221.0/255.255.255.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Nov 25 17:45:30.715 UTC: Crypto mapdb : proxy_match
src addr : 192.168.221.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing NONCE payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing ID payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing ID payload. message ID = 458622291
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): processing NOTIFY RESPONDER_LIFETIME protocol 3
spi 399189113, message ID = 458622291, sa = 4B6322B8
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001):SA authentication status:
authenticated
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): processing responder lifetime
*Nov 25 17:45:30.719 UTC: ISAKMP (1001): responder lifetime of 28800s
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): Creating IPSec SAs
*Nov 25 17:45:30.719 UTC: inbound SA from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (f/i) 0/ 0
(proxy 0.0.0.0 to 192.168.221.0)
*Nov 25 17:45:30.719 UTC: has spi 0x498026E2 and conn_id 0
*Nov 25 17:45:30.719 UTC: lifetime of 28790 seconds
*Nov 25 17:45:30.719 UTC: lifetime of 4608000 kilobytes
*Nov 25 17:45:30.719 UTC: outbound SA from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (f/i) 0/0
(proxy 192.168.221.0 to 0.0.0.0)
*Nov 25 17:45:30.719 UTC: has spi 0x17CB2479 and conn_id 0
*Nov 25 17:45:30.719 UTC: lifetime of 28790 seconds
*Nov 25 17:45:30.719 UTC: lifetime of 4608000 kilobytes
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:30.723 UTC: ISAKMP:(1001):deleting node 458622291 error FALSE reason "No Error"
*Nov 25 17:45:30.723 UTC: ISAKMP:(1001):Node 458622291, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Nov 25 17:45:30.723 UTC: ISAKMP:(1001):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE
*Nov 25 17:45:30.723 UTC: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Nov 25 17:45:30.723 UTC: Crypto mapdb : proxy_match
src addr : 192.168.221.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
*Nov 25 17:45:30.723 UTC: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer xxx.xxx.xxx.xxx
*Nov 25 17:45:30.723 UTC: IPSEC(policy_db_add_ident): src 192.168.221.0, dest 0.0.0.0, dest_port 0
*Nov 25 17:45:30.723 UTC: IPSEC(create_sa): sa created,
(sa) sa_dest= xxx.xxx.xxx.xxx, sa_proto= 50,
sa_spi= 0x498026E2(1233135330),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2001
*Nov 25 17:45:30.723 UTC: IPSEC(create_sa): sa created,
(sa) sa_dest= xxx.xxx.xxx.xxx, sa_proto= 50,
sa_spi= 0x17CB2479(399189113),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2002
*Nov 25 17:45:30.723 UTC: IPSEC(update_current_outbound_sa): updated peer xxx.xxx.xxx.xxx current outbound sa to SPI 17CB2479
*Nov 25 17:45:46.935 UTC: ISAKMP (0:1001): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Nov 25 17:45:46.935 UTC: ISAKMP: set new node -1909459720 to QM_IDLE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): processing HASH payload. message ID = -1909459720
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = -1909459720, sa = 4B6322B8
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):deleting node -1909459720 error FALSE reason "Informational (in) state 1"
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):DPD/R_U_THERE received from peer xxx.xxx.xxx.xxx, sequence 0x7BDFE4C6
*Nov 25 17:45:46.939 UTC: ISAKMP: set new node -777989143 to QM_IDLE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 1224841120, message ID = -777989143
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): seq. no 0x7BDFE4C6
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):purging node -777989143
*Nov 25 17:45:46.943 UTC: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
*Nov 25 17:45:46.943 UTC: ISAKMP:(1001):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
And here is the config:
Building configuration...
Current configuration : 10137 bytes
version 12.4
service pad to-xot
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec show-timezone
service timestamps log datetime msec show-timezone
service password-encryption
hostname Test
boot-start-marker
boot-end-marker
card type t1 0 1
logging message-counter syslog
logging buffered 4096
aaa new-model
aaa authentication login default local
aaa authentication ppp network local-case
aaa authorization console
aaa authorization exec default local
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
network-clock-participate wic 1
network-clock-select 1 T1 0/1/0
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.121.1 192.168.121.99
ip dhcp excluded-address 192.168.121.200 192.168.121.254
ip dhcp excluded-address 192.168.221.1 192.168.221.99
ip dhcp excluded-address 192.168.221.200 192.168.221.254
ip dhcp pool Voice
network 192.168.121.0 255.255.255.0
option 150 ip 10.101.90.6
default-router 192.168.121.254
ip dhcp pool Data
network 192.168.221.0 255.255.255.0
default-router 192.168.221.254
dns-server 10.1.90.189 10.5.100.30
no ip bootp server
no ip domain lookup
ip domain name xxxxxx
ip multicast-routing
no ipv6 cef
multilink bundle-name authenticated
chat-script cdma "" "ATDT#777" TIMEOUT 60 "CONNECT"
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip moved-temporarily
fax protocol pass-through g711ulaw
no fax-relay sg3-to-g3
h323
modem passthrough nse codec g711ulaw
sip
header-passing error-passthru
outbound-proxy ipv4:xxx.xxx.xxx.xxx
early-offer forced
midcall-signaling passthru
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
voice class h323 1
h225 timeout tcp establish 3
voice translation-rule 1
rule 1 // // type any international
voice translation-rule 3
rule 1 /^8/ //
voice translation-profile International
translate called 1
voice translation-profile OutboundRedirecting
translate called 3
voice-card 0
no dspfarm
dsp services dspfarm
username xx
archive
log config
hidekeys
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key xxxxxxxxx address xxx.xxx.xxx.xxx
crypto ipsec transform-set CellFOSet esp-3des esp-sha-hmac
crypto map CellFOMap 1 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set security-association lifetime seconds 190
set transform-set CellFOSet
match address 100
controller T1 0/1/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
ip tftp source-interface FastEthernet0/0.1
track 1 ip sla 1 reachability
class-map match-all VOICE
match ip dscp ef
class-map match-any VOICE-CTRL
match ip dscp af31
match ip dscp cs3
policy-map WAN-EDGE
class VOICE
priority 384
set ip dscp ef
class VOICE-CTRL
set ip dscp af21
bandwidth 32
class class-default
fair-queue
set ip dscp default
interface Loopback0
ip address 192.168.222.21 255.255.255.255
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.222.21
interface FastEthernet0/0
description Physical Interface for Data VLAN 10 and Voice VLAN 20
no ip address
ip flow ingress
ip pim sparse-dense-mode
no ip route-cache cef
duplex auto
speed auto
interface FastEthernet0/0.1
description Interface to Data VLAN 10
encapsulation dot1Q 10
ip address 192.168.221.254 255.255.255.0
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip pim sparse-dense-mode
ip virtual-reassembly
no cdp enable
interface FastEthernet0/0.2
description Interface to Voice VLAN 20
encapsulation dot1Q 20
ip address 192.168.121.254 255.255.255.0
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip pim sparse-dense-mode
no cdp enable
interface FastEthernet0/1
description Unused port
no ip address
shutdown
duplex auto
speed auto
no cdp enable
interface Cellular0/0/0
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer string cdma
dialer-group 1
async mode interactive
ppp chap hostname [email protected]
ppp chap password 7 xxxxxxxxxxxxxxxx
ppp ipcp dns request
crypto map CellFOMap
interface Serial0/1/0:0
ip address xxx.xxx.xxx.xxx 255.255.255.252
ip flow ingress
ip flow egress
encapsulation ppp
service-policy output WAN-EDGE
router bgp 65000
no synchronization
bgp log-neighbor-changes
bgp suppress-inactive
network xxx.xxx.xxx.xxx mask 255.255.255.252
network 192.168.121.0
network 192.168.221.0
network 192.168.222.21 mask 255.255.255.255
neighbor xxx.xxx.xxx.xxx remote-as 15270
default-information originate
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/1/0:0 track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 20
no ip http server
no ip http secure-server
ip flow-export source FastEthernet0/0.1
ip flow-export version 5
ip flow-export destination 10.1.90.25 2055
ip nat inside source list 100 interface Cellular0/0/0 overload
ip access-list standard MON_SNMP_RO
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
ip radius source-interface FastEthernet0/0.1
ip sla 1
icmp-echo xxx.xxx.xxx.xxx
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now
logging trap notifications
logging 10.1.90.167
access-list 100 remark = FO to C0/0/0 for Branch =
access-list 100 permit ip 192.168.221.0 0.0.0.255 any
access-list 100 permit ip any any
access-list 100 deny eigrp any any
access-list 100 deny igmp any any
dialer-list 1 protocol ip list 100
snmp-server community xxx RO
snmp-server enable traps tty
<---------- Truncated to remove VoIP Rules -------------->
banner motd ^C
This is a proprietary system.
^C
line con 0
line aux 0
line 0/0/0
script dialer cdma
modem InOut
no exec
rxspeed 3100000
txspeed 1800000
line vty 0 4
transport input telnet
line vty 5 15
transport input telnet
scheduler allocate 20000 1000
ntp server 10.1.99.5
endHi,
Here is configurations from my Lab ASA5520 with Dual ISP
interface GigabitEthernet0/0
description Primary ISP
nameif WAN-1
security-level 0
ip address 192.168.101.2 255.255.255.0
interface GigabitEthernet0/1
description Secondary ISP
nameif WAN-2
security-level 0
ip address 192.168.102.2 255.255.255.0
interface GigabitEthernet0/2
description LAN
nameif LAN
security-level 100
ip address 10.0.20.2 255.255.255.0
route WAN-1 0.0.0.0 0.0.0.0 192.168.101.1 1 track 200
route WAN-2 0.0.0.0 0.0.0.0 192.168.102.1 254
route LAN 10.0.0.0 255.255.255.0 10.0.20.1 1
access-list L2L-VPN-CRYPTOMAP remark Encryption Domain
access-list L2L-VPN-CRYPTOMAP extended permit ip 10.0.0.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list LAN-NAT0 extended permit ip 10.0.0.0 255.255.255.0 10.10.10.0 255.255.255.0
nat (LAN) 0 access-list LAN-NAT0
sla monitor 200
type echo protocol ipIcmpEcho 192.168.101.1 interface WAN-1
num-packets 3
timeout 1000
frequency 5
sla monitor schedule 200 life forever start-time now
track 200 rtr 200 reachability
crypto ipsec transform-set AES-256 esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map CRYPTOMAP 10 match address L2L-VPN-CRYPTOMAP
crypto map CRYPTOMAP 10 set peer 192.168.103.2
crypto map CRYPTOMAP 10 set transform-set AES-256
crypto map CRYPTOMAP interface WAN-1
crypto map CRYPTOMAP interface WAN-2
crypto isakmp enable WAN-1
crypto isakmp enable WAN-2
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
tunnel-group 192.168.103.2 type ipsec-l2l
tunnel-group 192.168.103.2 ipsec-attributes
pre-shared-key *****
Hope this helps
- Jouni -
ASA 5505 Unable to assign ip to DMZ vlan interface
hi all,
I have ASA 5505 with base license.
I created 3rd vlan on it.it was created.
but i am unable to assign IP to it.
i assign ip address it takes it.
But when i do sh int ip brief it does not show any ip.
ciscoasa# sh int ip brief
Interface IP-Address OK? Method Status Prot
ocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset up up
Ethernet0/2 unassigned YES unset up up
Ethernet0/3 unassigned YES unset administratively down down
Ethernet0/4 unassigned YES unset administratively down down
Ethernet0/5 unassigned YES unset administratively down down
Ethernet0/6 unassigned YES unset administratively down down
Ethernet0/7 unassigned YES unset administratively down down
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset up up
Vlan1 192.168.1.1 YES CONFIG up up
Vlan2 192.168.11.2 YES CONFIG up up
Vlan3 unassigned YES manual up up*************************************************************
Virtual0 127.0.0.1 YES unset up up
ciscoasa# config t
ciscoasa(config)# int vlan 3
ciscoasa(config-if)# ip ad
ciscoasa(config-if)# ip address 192.168.12.2 255.255.255.0
ciscoasa(config-if)# end
ciscoasa# wr mem
Building configuration...
Cryptochecksum: 808baaba ced2a226 07cfb41f 9f6ec4f8
4608 bytes copied in 1.630 secs (4608 bytes/sec)
[OK]
ciscoasa# sh int ip brief
Interface IP-Address OK? Method Status Prot
ocol
Ethernet0/0 unassigned YES unset up up
Ethernet0/1 unassigned YES unset up up
Ethernet0/2 unassigned YES unset up up
Ethernet0/3 unassigned YES unset administratively down down
Ethernet0/4 unassigned YES unset administratively down down
Ethernet0/5 unassigned YES unset administratively down down
Ethernet0/6 unassigned YES unset administratively down down
Ethernet0/7 unassigned YES unset administratively down down
Internal-Data0/0 unassigned YES unset up up
Internal-Data0/1 unassigned YES unset up up
Vlan1 192.168.1.1 YES CONFIG up up
Vlan2 192.168.11.2 YES CONFIG up up
Vlan3 unassigned YES manual up up
Virtual0 127.0.0.1 YES unset up up
ciscoasa# sh ver
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(9)
Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"
ciscoasa up 3 days 17 hours
Hardware: ASA5505, 256 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Int: Internal-Data0/0 : address is 001d.a24d.ed0e, irq 11
1: Ext: Ethernet0/0 : address is 001d.a24d.ed06, irq 255
2: Ext: Ethernet0/1 : address is 001d.a24d.ed07, irq 255
3: Ext: Ethernet0/2 : address is 001d.a24d.ed08, irq 255
4: Ext: Ethernet0/3 : address is 001d.a24d.ed09, irq 255
5: Ext: Ethernet0/4 : address is 001d.a24d.ed0a, irq 255
6: Ext: Ethernet0/5 : address is 001d.a24d.ed0b, irq 255
7: Ext: Ethernet0/6 : address is 001d.a24d.ed0c, irq 255
8: Ext: Ethernet0/7 : address is 001d.a24d.ed0d, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : Unlimited
Failover : Disabled
VPN-DES : Enabled
VPN-3DES-AES : Enabled
SSL VPN Peers : 2
Total VPN Peers : 10
Dual ISPs : Disabled
VLAN Trunk Ports : 0
Shared License : Disabled
AnyConnect for Mobile : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials : Disabled
Advanced Endpoint Assessment : Disabled
UC Phone Proxy Sessions : 2
<--- More --->
Need to know does this License support IP to 3rd vlan ?
Thanks
MaheshHi Julio,
I tried to config namef if but here is result
ciscoasa# sh run int vlan 3
interface Vlan3
description DMZ to 3550 New Switch
no nameif
security-level 50
ip address 192.168.12.2 255.255.255.0
ciscoasa# config t
ciscoasa(config)# int vlan 3
ciscoasa(config-if)# name
ciscoasa(config-if)# namei
ciscoasa(config-if)# nameif DMZ
ERROR: This license does not allow configuring more than 2 interfaces with
nameif and without a "no forward" command on this interface or on 1 interface(s)
with nameif already configured. -
Cisco ASA 5505 - 2 internal Networks
Hi new to ASA's,
Been trying to get the following setup working for ages but can't see what I am missing:
(Got image from another post but exactly what I want but cannot get working)
I can get ping between subnets but nothing else and Lan 2 cannot get to internet.
The reolution for this guy was the following I believe; (from his config he has ASA v8.2)
same-security-traffic permit intra-interface
access-list NONAT permit ip 192.168.50.0 255.255.255.0 10.0.50.0255.255.255.0
access-list NONAT permit ip 10.0.50.0 255.255.255.0 192.168.50.0 255.255.255.0
nat (inside) 0 access-list NONAT
I have tried this but I have ASA v8.4 and whilst commands 1 - 3 work command 4 doesn't.
I get a message about the command being deprecated. I couldn't find a new version I could understand.
Hope nothing stupid and simple but any help greatly appreciated.
BTW, I have reset my ASA back to defaults except internet access is working and internet LAN as I made some many changes I feared one my conflict with the other.
Many thanks for any views or help.Hi Jumora,
Thanks for the reply.
The 192 network behind the ASA can access the internet but the 10 network past the 1841 router can't.
I have setup tcp bypass already as that got me at least remote access to the PC's on the 10 network from the 192 network.
I had the 1841 router set to use the interface on the 192 subnet as the route to the 0.0.0.0 0.0.0.0 network but I couldn't get out but have just changed this to go to the inside interface of the ASA and can now ping 8.8.8.8 for example but still not internet access.
Also I have found that the ASA seems to occasionally when it feels like it block pings from the 10 subnet to devices in the 192 subnet...... annoying for testing! but I can still access shares even though the ping fails.
e.g. as per above yesterday it stopped when I enabled icmp error inspection but when I switched that off it worked again. Then suddenly again today with no changes it has stopped working again, drives me nuts the inconsistency!
I couldn't find an attach option for the show tech so it has made this post massive.... apologies for that....
ASA5505# show tech
Cisco Adaptive Security Appliance Software Version 8.4(4)1
Device Manager Version 6.4(9)
Compiled on Thu 14-Jun-12 11:20 by builders
System image file is "disk0:/asa844-1-k8.bin"
Config file at boot was "startup-config"
ASA5505 up 8 days 23 hours
Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
Boot microcode : CN1000-MC-BOOT-2.00
SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
IPSec microcode : CNlite-MC-IPSECm-MAIN-2.06
Number of accelerators: 1
0: Int: Internal-Data0/0 : address is 4403.a7a2.e7c7, irq 11
1: Ext: Ethernet0/0 : address is 4403.a7a2.e7bf, irq 255
2: Ext: Ethernet0/1 : address is 4403.a7a2.e7c0, irq 255
3: Ext: Ethernet0/2 : address is 4403.a7a2.e7c1, irq 255
4: Ext: Ethernet0/3 : address is 4403.a7a2.e7c2, irq 255
5: Ext: Ethernet0/4 : address is 4403.a7a2.e7c3, irq 255
6: Ext: Ethernet0/5 : address is 4403.a7a2.e7c4, irq 255
7: Ext: Ethernet0/6 : address is 4403.a7a2.e7c5, irq 255
8: Ext: Ethernet0/7 : address is 4403.a7a2.e7c6, irq 255
9: Int: Internal-Data0/1 : address is 0000.0003.0002, irq 255
10: Int: Not used : irq 255
11: Int: Not used : irq 255
Licensed features for this platform:
Maximum Physical Interfaces : 8 perpetual
VLANs : 3 DMZ Restricted
Dual ISPs : Disabled perpetual
VLAN Trunk Ports : 0 perpetual
Inside Hosts : 50 perpetual
Failover : Disabled perpetual
VPN-DES : Enabled perpetual
VPN-3DES-AES : Enabled perpetual
AnyConnect Premium Peers : 2 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 10 perpetual
Total VPN Peers : 12 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has a Base license.
Serial Number: JMX3434343T
Running Permanent Activation Key: 0x8509ef7f 0x2cff5895 0xa4675895 0x7989798 0xc1323132
Configuration register is 0x1
Configuration last modified by enable_15 at 16:21:28.863 UTC Wed Oct 23 2013
------------------ show disk0: controller ------------------
Flash Model: SMART CF
------------------ show clock ------------------
04:43:59.822 UTC Thu Oct 24 2013
------------------ show crashinfo ------------------
No crash file found.
------------------ show module ------------------
Mod Card Type Model Serial No.
0 ASA 5505 Adaptive Security Appliance ASA5505 JMX3434343T
Mod MAC Address Range Hw Version Fw Version Sw Version
0 1255.a3a4.e3bf to 1233.a4a4.e4c4 0.1 1.0(12)13 8.4(4)1
Mod SSC Application Name Status SSC Application Version
Mod Status Data Plane Status Compatibility
0 Up Sys Not Applicable
------------------ show memory ------------------
Free memory: 283382600 bytes (53%)
Used memory: 253488312 bytes (47%)
Total memory: 536870912 bytes (100%)
------------------ show conn count ------------------
76 in use, 704 most used
------------------ show xlate count ------------------
80 in use, 814 most used
------------------ show vpn-sessiondb summary ------------------
No sessions to display.
------------------ show blocks ------------------
SIZE MAX LOW CNT
0 400 399 400
4 100 99 99
80 347 332 347
256 200 192 195
1550 6374 6306 6371
2048 1200 1199 1200
2560 264 264 264
4096 100 99 100
8192 100 99 100
16384 100 99 100
65536 16 15 16
CORE LIMIT ALLOC HIGH CNT FAILED
0 24576 26 26 25 0
------------------ show blocks queue history detail ------------------
History buffer memory usage: 2832 bytes (default)
History analysis time limit: 100 msec
Please see 'show blocks exhaustion snapshot' for more information
------------------ show interface ------------------
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 4403.a7a2.e7bf, MTU not set
IP address unassigned
8257648 packets input, 9051289473 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
6222 switch ingress policy drops
6399241 packets output, 1011134108 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Control Point Interface States:
Interface number is 3
Interface config status is active
Interface state is active
Interface Ethernet0/1 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 4403.a7a2.e7c0, MTU not set
IP address unassigned
1330699 packets input, 312264395 bytes, 0 no buffer
Received 63097 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
1738131 packets output, 637935280 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Control Point Interface States:
Interface number is 4
Interface config status is active
Interface state is active
Interface Ethernet0/2 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 4403.a7a2.e7c1, MTU not set
IP address unassigned
5028958 packets input, 693527818 bytes, 0 no buffer
Received 28835 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
1 switch ingress policy drops
7782140 packets output, 8316018900 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Control Point Interface States:
Interface number is 5
Interface config status is active
Interface state is active
Interface Ethernet0/3 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 4403.a7a2.e7c2, MTU not set
IP address unassigned
17048409 packets input, 21350059442 bytes, 0 no buffer
Received 75081 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
18 switch ingress policy drops
8319277 packets output, 5138543287 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Control Point Interface States:
Interface number is 6
Interface config status is active
Interface state is active
Interface Ethernet0/4 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 4403.a7a2.e7c3, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Control Point Interface States:
Interface number is 7
Interface config status is not active
Interface state is active
Interface Ethernet0/5 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 4403.a7a2.e7c4, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Control Point Interface States:
Interface number is 8
Interface config status is not active
Interface state is active
Interface Ethernet0/6 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex, Auto-Speed
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 4403.a7a2.e7c5, MTU not set
IP address unassigned
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
0 packets output, 0 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Control Point Interface States:
Interface number is 9
Interface config status is not active
Interface state is active
Interface Ethernet0/7 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Input flow control is unsupported, output flow control is unsupported
Available but not configured via nameif
MAC address 4403.a7a2.e7c6, MTU not set
IP address unassigned
7293552 packets input, 4521902362 bytes, 0 no buffer
Received 6520 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops
0 switch ingress policy drops
16232858 packets output, 21234947011 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 rate limit drops
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Control Point Interface States:
Interface number is 10
Interface config status is active
Interface state is active
Interface Internal-Data0/0 "", is up, line protocol is up
Hardware is y88acs06, BW 1000 Mbps, DLY 10 usec
(Full-duplex), (1000 Mbps)
Input flow control is unsupported, output flow control is unsupported
MAC address 4403.a2a2.e2c2, MTU not set
IP address unassigned
15222257 packets input, 10134321711 bytes, 0 no buffer
Received 173531 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 L2 decode drops, 0 demux drops
15128507 packets output, 10256870512 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 input reset drops, 0 output reset drops, 0 tx hangs
input queue (blocks free curr/low): hardware (512/487)
output queue (blocks free curr/low): hardware (512/450)
Control Point Interface States:
Interface number is 2
Interface config status is active
Interface state is active
Interface Internal-Data0/1 "", is up, line protocol is up
Hardware is 88E6095, BW 1000 Mbps, DLY 10 usec
(Full-duplex), (1000 Mbps)
Input flow control is unsupported, output flow control is unsupported
MAC address 0000.0003.0002, MTU not set
IP address unassigned
15128465 packets input, 10256855882 bytes, 0 no buffer
Received 1967 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 pause input, 0 resume input
0 switch ingress policy drops
15222217 packets output, 10134318430 bytes, 0 underruns
0 pause output, 0 resume output
0 output errors, 0 collisions, 0 interface resets
0 late collisions, 0 deferred
0 switch egress policy drops
0 input reset drops, 0 output reset drops
Control Point Interface States:
Interface number is 11
Interface config status is active
Interface state is active
Interface Vlan1 "inside", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
MAC address 4403.a7a2.e7c7, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
Traffic Statistics for "inside":
4183727 packets input, 523675346 bytes
5702790 packets output, 5851485425 bytes
142576 packets dropped
1 minute input rate 22 pkts/sec, 2839 bytes/sec
1 minute output rate 30 pkts/sec, 22751 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 33 pkts/sec, 3746 bytes/sec
5 minute output rate 46 pkts/sec, 20906 bytes/sec
5 minute drop rate, 1 pkts/sec
Control Point Interface States:
Interface number is 14
Interface config status is active
Interface state is active
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
MAC address 4403.a7a2.e7c7, MTU 1492
IP address 98.22.77.33, subnet mask 255.255.255.255
Traffic Statistics for "outside":
10541983 packets input, 11433817622 bytes
3793777 packets output, 526586888 bytes
13654 packets dropped
1 minute input rate 47 pkts/sec, 41657 bytes/sec
1 minute output rate 18 pkts/sec, 2802 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 80 pkts/sec, 38519 bytes/sec
5 minute output rate 29 pkts/sec, 3749 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 15
Interface config status is active
Interface state is active
Interface Virtual0 "_internal_loopback", is up, line protocol is up
Hardware is Virtual MAC address 0000.0000.0000, MTU 1500
IP address 127.0.0.1, subnet mask 255.255.255.0
Traffic Statistics for "_internal_loopback":
1 packets input, 28 bytes
1 packets output, 28 bytes
1 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Control Point Interface States:
Interface number is 12
Interface config status is active
Interface state is active
------------------ show cpu usage ------------------
CPU utilization for 5 seconds = 12%; 1 minute: 8%; 5 minutes: 8%
------------------ show cpu hogging process ------------------
Process: Unicorn Admin Handler, PROC_PC_TOTAL: 1, MAXHOG: 23, LASTHOG: 23
LASTHOG At: 06:01:57 UTC Oct 15 2013
PC: 0x0853e1f4 (suspend)
Process: Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 23, LASTHOG: 23
LASTHOG At: 06:01:57 UTC Oct 15 2013
PC: 0x0853e1f4 (suspend)
Call stack: 0x0853e1f4 0x0853ec36 0x0854182c 0x0869cc4b 0x08415ae7 0x0840ae40 0x0806e6cf
0x08aade2b 0x0806e6cf 0x084a0a44 0x0849986d 0x08499aac 0x08499dd6 0x084a0909
Process: Unicorn Admin Handler, PROC_PC_TOTAL: 2, MAXHOG: 18, LASTHOG: 18
LASTHOG At: 06:01:57 UTC Oct 15 2013
PC: 0x0853fb48 (suspend)
Process: Unicorn Admin Handler, NUMHOG: 2, MAXHOG: 18, LASTHOG: 18
LASTHOG At: 06:01:57 UTC Oct 15 2013
PC: 0x0853fb48 (suspend)
Call stack: 0x0853fb48 0x0853fd1d 0x0853e1bc 0x0853ec36 0x0854182c 0x0869cc4b 0x08415ae7
0x0840ae40 0x0806e6cf 0x08aade2b 0x0806e6cf 0x084a0a44 0x0849986d 0x08499aac
Process: Unicorn Admin Handler, PROC_PC_TOTAL: 2, MAXHOG: 24, LASTHOG: 24
LASTHOG At: 06:01:57 UTC Oct 15 2013
PC: 0x084167d2 (suspend)
Process: Unicorn Admin Handler, NUMHOG: 2, MAXHOG: 24, LASTHOG: 24
LASTHOG At: 06:01:57 UTC Oct 15 2013
PC: 0x084167d2 (suspend)
Call stack: 0x08538afd 0x0853fa3a 0x0853fd1d 0x0853e1bc 0x0853ec36 0x0854182c 0x0869cc4b
0x08415ae7 0x0840ae40 0x0806e6cf 0x08aade2b 0x0806e6cf 0x084a0a44 0x0849986d
Process: Unicorn Admin Handler, PROC_PC_TOTAL: 1, MAXHOG: 12, LASTHOG: 12
LASTHOG At: 06:01:57 UTC Oct 15 2013
PC: 0x08ee9b4e (suspend)
Process: Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 12, LASTHOG: 12
LASTHOG At: 06:01:57 UTC Oct 15 2013
PC: 0x08ee9b4e (suspend)
Call stack: 0x08ee9e12 0x084a1032 0x0849986d 0x08499aac 0x08499dd6 0x084a0909 0x080689bc
Process: Dispatch Unit, PROC_PC_TOTAL: 2, MAXHOG: 12, LASTHOG: 12
LASTHOG At: 06:01:57 UTC Oct 15 2013
PC: 0x081e208a (suspend)
Process: Dispatch Unit, NUMHOG: 2, MAXHOG: 12, LASTHOG: 12
LASTHOG At: 06:01:57 UTC Oct 15 2013
PC: 0x081e208a (suspend)
Call stack: 0x081e208a 0x080689bc
Process: Unicorn Admin Handler, NUMHOG: 1, MAXHOG: 180, LASTHOG: 180
LASTHOG At: 07:24:33 UTC Oct 19 2013
PC: 0x0806a8c2 (suspend)
Call stack: 0x0806a8c2 0x08a8ebd7 0x08a8f7c8 0x08a914fa 0x080ddd6f 0x080df9db 0x080f4132
0x080f5b16 0x080dd956 0x080de0ef 0x080de876 0x080dea37 0xdd6e6c1c 0xdd6e71b5
Process: rtcli async executor process, NUMHOG: 14, MAXHOG: 94, LASTHOG: 82
LASTHOG At: 07:28:06 UTC Oct 19 2013
PC: 0x08f262e3 (suspend)
Call stack: 0x0806a881 0x08f262e3 0x08f432a2 0x09064ba8 0x0903dfa9 0x0904f88d 0x0903ed70
0x09036221 0x0903d29b 0x0903d49f 0x09035ffa 0x09055321 0x0903dfa9 0x0904f88d
Process: rtcli async executor process, PROC_PC_TOTAL: 27, MAXHOG: 319, LASTHOG: 88
LASTHOG At: 07:28:06 UTC Oct 19 2013
PC: 0x08f4212d (suspend)
Process: rtcli async executor process, NUMHOG: 27, MAXHOG: 319, LASTHOG: 88
LASTHOG At: 07:28:06 UTC Oct 19 2013
PC: 0x08f4212d (suspend)
Call stack: 0x08069faa 0x08f4212d 0x08f260b6 0x08f27b85 0x08f27c35 0xcb147b98
Process: rtcli async executor process, PROC_PC_TOTAL: 12, MAXHOG: 45, LASTHOG: 10
LASTHOG At: 07:28:14 UTC Oct 19 2013
PC: 0x08f2594b (suspend)
Process: rtcli async executor process, NUMHOG: 12, MAXHOG: 45, LASTHOG: 10
LASTHOG At: 07:28:14 UTC Oct 19 2013
PC: 0x08f2594b (suspend)
Call stack: 0x0806a881 0x08f2594b 0x08f27b85 0x08f27c35 0xcb147b98
Process: Unicorn Admin Handler, NUMHOG: 4, MAXHOG: 11, LASTHOG: 11
LASTHOG At: 07:28:14 UTC Oct 19 2013
PC: 0x0806a8c2 (suspend)
Call stack: 0x0806a8c2 0x08a8ebd7 0x08b9aa46 0x08b9ad0e 0x080dc76f 0xdd6e6961 0xdd6e71b5
0xdd6e7b07 0xdd6e8d5c 0xdd6e138d 0xdd6e247a 0x080dcb22 0x0849f899 0x084981c7
Process: rtcli async executor process, PROC_PC_TOTAL: 83, MAXHOG: 298, LASTHOG: 119
LASTHOG At: 07:28:16 UTC Oct 19 2013
PC: 0x08f262e3 (suspend)
Process: rtcli async executor process, NUMHOG: 47, MAXHOG: 298, LASTHOG: 119
LASTHOG At: 07:28:16 UTC Oct 19 2013
PC: 0x08f262e3 (suspend)
Call stack: 0x0806a881 0x08f262e3 0x08f38fad 0x08f3acc0 0x0905a29e 0x0905b2ba 0x0903dfa9
0x0903ecb5 0x0904f6f5 0x0903ed70 0x09036221 0x0903d29b 0x0903d49f 0x09035ffa
Process: Unicorn Admin Handler, NUMHOG: 3, MAXHOG: 180, LASTHOG: 180
LASTHOG At: 07:28:16 UTC Oct 19 2013
PC: 0x0806a8c2 (suspend)
Call stack: 0x0806a881 0x0806a8c2 0x0816261b 0x095302a7 0x0954abef 0x0954acc3 0x0815aabe
0x08134da6 0x08c64632 0x08ea8079 0x08ea8481 0x08ea85f7 0x08f41adc 0x0806e6cf
Process: Unicorn Admin Handler, NUMHOG: 3, MAXHOG: 15, LASTHOG: 15
LASTHOG At: 07:28:20 UTC Oct 19 2013
PC: 0x0806a8c2 (suspend)
Call stack: 0x0806a881 0x0806a8c2 0x0947a399 0x0946d24d 0x0946d364 0x08c2b0e6 0x08c38f65
0x08ea810b 0x08ea8481 0x08ea85f7 0x08f41adc 0x0806e6cf 0x08f3cc48 0x092afca6
Process: Unicorn Admin Handler, NUMHOG: 3, MAXHOG: 64, LASTHOG: 64
LASTHOG At: 07:28:20 UTC Oct 19 2013
PC: 0x0806a8c2 (suspend)
Call stack: 0x0806a881 0x0806a8c2 0x0947a3e4 0x09479cf9 0x094750eb 0x08c3f645 0x08c3fcab
0x08c2b235 0x08c38f65 0x08ea810b 0x08ea8481 0x08ea85f7 0x08f41adc 0x0806e6cf
Process: IP Thread, NUMHOG: 4, MAXHOG: 14, LASTHOG: 14
LASTHOG At: 07:28:24 UTC Oct 19 2013
PC: 0x0806a8c2 (suspend)
Call stack: 0x0806a8c2 0x0947a399 0x0946d24d 0x0946d364 0x08c2b0e6 0x08c38f65 0x08ea810b
0x08ea8481 0x08ea85f7 0x08ea5f86 0x090e086e 0x090e0b6e 0x090b9a99 0x090b6b00
Process: Unicorn Admin Handler, PROC_PC_TOTAL: 22, MAXHOG: 180, LASTHOG: 64
LASTHOG At: 07:28:24 UTC Oct 19 2013
PC: 0x0806a8c2 (suspend)
Process: IP Thread, NUMHOG: 4, MAXHOG: 64, LASTHOG: 64
LASTHOG At: 07:28:24 UTC Oct 19 2013
PC: 0x0806a8c2 (suspend)
Call stack: 0x0806a8c2 0x0947a3e4 0x09479cf9 0x094750eb 0x08c3f645 0x08c3fcab 0x08c2b235
0x08c38f65 0x08ea810b 0x08ea8481 0x08ea85f7 0x08ea5f86 0x090e086e 0x090e0b6e
CPU hog threshold (msec): 10.240
Last cleared: None
------------------ show process ------------------
PC SP STATE Runtime SBASE Stack Process
Lwe 0x08058ba4 0xc82baf84 0x0a345788 0 0xc82b7078 15760/16384 block_diag
Mrd 0x081e1e11 0xc82ed54c 0x0a346144 430188 0xc82cd6e0 120548/131072 Dispatch Unit
Msi 0x087509a4 0xc82fdcb4 0x0a3458b0 713 0xc82f9da8 15688/16384 WebVPN KCD Process
Msi 0x09200c7b 0xc839b3d4 0x0a3458b0 3466 0xc83974c8 15688/16384 y88acs06 OneSec Thread
Mwe 0x080718dd 0xc83a3804 0x0a3458b0 0 0xc839f948 15808/16384 Reload Control Thread
Mwe 0x080849b9 0xc83ae79c 0x0a346e2c 0 0xc83aabe0 15256/16384 aaa
Mwe 0x08f4212d 0xc8d3d1e4 0x0a3458b0 9 0xc83aed78 15056/16384 UserFromCert Thread
Mwe 0x08f4212d 0xc9003fe4 0x0a3458b0 14 0xc83b2f50 14528/16384 aaa_shim_thread
Mwe 0x080b477c 0xc83bfa1c 0x0a347eb4 0 0xc83bbb20 15760/16384 CMGR Server Process
Mwe 0x080b6ded 0xc83c3b64 0x0a3458b0 0 0xc83bfcb8 15832/16384 CMGR Timer Process
Lwe 0x081e0474 0xc83d83bc 0x0a3568e0 0 0xc83d44b0 15488/16384 dbgtrace
Mwe 0x084de0ed 0xc83ef574 0x0a3458b0 0 0xc83e76d8 31680/32768 idfw_proc
Mwe 0x084ea35b 0xc83f75b4 0x0a3458b0 0 0xc83ef708 32216/32768 idfw_service
Mwe 0x084f5fc5 0xc83fb70c 0x0a3458b0 0 0xc83f78a0 15524/16384 idfw_adagent
Mwe 0x085351b5 0xc84038dc 0x0a3458b0 89 0xc83ffbd0 11568/16384 eswilp_svi_init
Mwe 0x08f4212d 0xc8770564 0x0a3458b0 0 0xc8433aa0 15280/16384 netfs_thread_init
Mwe 0x09576795 0xc844c10c 0x0a3458b0 0 0xc8448290 15848/16384 Chunk Manager
Msi 0x08ae10be 0xc84508ac 0x0a3458b0 3523 0xc844c9c0 15656/16384 PIX Garbage Collector
Mwe 0x08ac328a 0xc8461a0c 0x0a1d5d24 0 0xc845db00 16104/16384 IP Address Assign
Mwe 0x08d0477a 0xc85f7534 0x0a251838 0 0xc85f3628 16104/16384 QoS Support Module
Mwe 0x08b5c32a 0xc85fb70c 0x0a1d6c88 0 0xc85f7800 16104/16384 Client Update Task
Lwe 0x095d54f5 0xc860009c 0x0a3458b0 109750 0xc85fc1f0 14448/16384 Checkheaps
Mwe 0x08d093ed 0xc861080c 0x0a3458b0 454 0xc86089a0 19328/32768 Quack process
Mwe 0x08d8569d 0xc86189c4 0x0a3458b0 533 0xc8610b38 31952/32768 Session Manager
Mwe 0x08ed964d 0xc8620cd4 0xcadf5b08 8 0xc861ce68 15464/16384 uauth
Mwe 0x08e66621 0xc8624f0c 0x0a264a10 0 0xc8621000 15632/16384 Uauth_Proxy
Msp 0x08ea87de 0xc86313d4 0x0a3458b0 561 0xc862d4c8 15688/16384 SSL
Mwe 0x08ed72d4 0xc863554c 0x0a26bc14 0 0xc8631660 15708/16384 SMTP
Mwe 0x08ed170c 0xc86396a4 0x0a26af38 23255 0xc86357f8 13608/16384 Logger
Mwe 0x08ecfd1d 0xc863d80c 0x0a3458b0 0 0xc8639990 15784/16384 Syslog Retry Thread
Mwe 0x08ecadf5 0xc86419d4 0x0a3458b0 0 0xc863db28 15600/16384 Thread Logger
Mwe 0x08ed50b4 0xc866457c 0x0a26b5e0 0 0xc8660680 15464/16384 syslogd
Mwe 0x09132032 0xc8681094 0x0a2a5688 0 0xc867d1a8 15328/16384 vpnlb_thread
Mwe 0x092037ec 0xc86916c4 0x0a2aa9e8 0 0xc868d808 16024/16384 pci_nt_bridge
Mwe 0x082beb95 0xc8756e44 0x0a3458b0 0 0xc8752fb8 15864/16384 TLS Proxy Inspector
Msi 0x08da221c 0xc87d44a4 0x0a3458b0 2749 0xc87d0598 15688/16384 emweb/cifs_timer
Mwe 0x08852cc4 0xc88291f4 0x0a1c4c44 0 0xc88252f8 15712/16384 netfs_mount_handler
Msi 0x086b4248 0xc8316454 0x0a3458b0 27304 0xc8312568 15312/16384 arp_timer
Mwe 0x086bc58e 0xc8447fb4 0x0a371110 0 0xc84440f8 16024/16384 arp_forward_thread
Mwe 0x08eddb77 0xc8f2e27c 0x0a26c680 0 0xc8f2a380 15672/16384 tcp_fast
Mwe 0x08ee69a8 0xc8f3229c 0x0a26c680 0 0xc8f2e3b0 15656/16384 tcp_slow
Mwe 0x08f1df34 0xc8f42fac 0x0a2745d0 0 0xc8f3f0b0 16000/16384 udp_timer
Mwe 0x0814110d 0xc8fb133c 0xc83ca8d0 4 0xc8fad4a0 15664/16384 IPsec message handler
Mwe 0x087515c6 0xc8fdc834 0x0a376060 1 0xc8fd8958 16056/16384 Lic TMR
Mwe 0x087513bc 0xc8fe0884 0x0a1c0ea0 242 0xc8fdc988 16088/16384 Lic HA
Msi 0x08153267 0xc84270dc 0x0a3458b0 54986 0xc8423440 13872/16384 CTM message handler
Mwe 0x0811bd2d 0xc843bb8c 0x0a3458b0 0 0xc8437ce0 15832/16384 CTCP Timer process
Mwe 0x090d3d95 0xc843fbac 0x0a3458b0 0 0xc843bd10 15816/16384 L2TP data daemon
Mwe 0x090d6605 0xc9b5b24c 0x0a3458b0 0 0xc9b573b0 15816/16384 L2TP mgmt daemon
Mwe 0x090c2b27 0xc9b9339c 0x0a29a3ec 2228 0xc9b8f4e0 15480/16384 ppp_timer_thread
Msi 0x0913239d 0xc9b973ec 0x0a3458b0 4093 0xc9b93510 15640/16384 vpnlb_timer_thread
Mwe 0x081c7708 0xc9c67c84 0x0a13ef88 2899 0xc9c47f18 118548/131072 tmatch compile thread
Mwe 0x08d38b2d 0xcac940cc 0x0a3458b0 0 0xcac90210 15848/16384 ICMP event handler
Mwe 0x0908081d 0xcac98254 0x0a3458b0 0 0xcac943a8 15832/16384 Dynamic Filter VC Housekeeper
Mwe 0x08a1b612 0xcacc47f4 0x0a3458b0 819 0xcacc0938 13860/16384 IP Background
Mwe 0x08c26e63 0xcaed904c 0x0a3458b0 0 0xcaed51a0 15832/16384 Crypto CA
Mwe 0x08c60c18 0xcaedd1e4 0x0a3458b0 0 0xcaed9338 15896/16384 CERT API
Mwe 0x08c257d5 0xcaee6e24 0x0a3458b0 0 0xcaee2f58 15928/16384 Crypto PKI RECV
Mwe 0x0878dd85 0xc862d1cc 0x0a3458b0 187 0xc8629330 15272/16384 ESW_MRVL switch interrupt service
Mwe 0x08cae62c 0xc866c89c 0x0a1ea7e0 0 0xc86689b0 15832/16384 lina_int
Mrd 0x0959948b 0xc8684f1c 0x0a346144 28493079 0xc8681340 13824/16384 esw_stats
Lsi 0x08af3199 0xc86958bc 0x0a3458b0 152 0xc86919a0 15704/16384 uauth_urlb clean
Lwe 0x08acbd76 0xc83ff8b4 0x0a3458b0 4432 0xc83fba38 14308/16384 pm_timer_thread
Mwe 0x08555f8d 0xc8418b0c 0x0a3458b0 0 0xc8414c60 15832/16384 IKE Common thread
Mwe 0x0858cecd 0xcaf8688c 0x0a3458b0 0 0xcaf82a60 15704/16384 IKE Timekeeper
Mwe 0x0857bad1 0xcaf8ccc4 0x0a1bc678 1 0xcaf890e8 12116/16384 IKE Daemon
Mwe 0x08629eb3 0xcaf90c64 0x0a3458b0 964 0xcaf8d118 14744/16384 IKEv2 Daemon
Mwe 0x08628e7c 0xcaf94ff4 0x0a3458b0 1095 0xcaf91148 15640/16384 IKEv2 DPD Client Process
Mwe 0x08e7d2e4 0xcafafd7c 0x0a2690f4 0 0xcafabe90 16072/16384 RADIUS Proxy Event Daemon
Mwe 0x08e41f35 0xcafb3d74 0xcb07e358 7 0xcafb0028 14912/16384 RADIUS Proxy Listener
Mwe 0x08e7ca0d 0xcafb806c 0x0a3458b0 0 0xcafb41c0 15832/16384 RADIUS Proxy Time Keeper
Mwe 0x086a1e44 0xcafbc184 0x0a3710c8 0 0xcafb8358 15264/16384 Integrity FW Task
Mrd 0x082c923a 0xcaffce54 0x0a346144 0 0xcaff8f98 14552/16384 CP Threat-Detection Processing
Mwe 0x081fb74e 0xcb0cc4bc 0x09c4a8bc 2497 0xcb0acd60 122448/131072 ci/console
Msi 0x08b0ea8c 0xcb0d0e14 0x0a3458b0 217583 0xcb0ccef8 14004/16384 update_cpu_usage
Mwe 0x08ef5ff5 0xcb0d4ecc 0x0a3458b0 77 0xcb0d1090 15360/16384 npshim_thread
Msi 0x08b0eb14 0xcb0e1224 0x0a3458b0 0 0xcb0dd428 13104/16384 NIC status poll
Mwe 0x08dd5f2c 0xcb0e54bc 0x0a259ec8 228 0xcb0e15c0 15540/16384 SNMP Notify Thread
Mwe 0x086aba0e 0xcb12ebe4 0x0a37170c 235813 0xcb126d08 25428/32768 IP Thread
Mwe 0x086b31fe 0xcb132d9c 0x0a371100 9150 0xcb12eea0 9700/16384 ARP Thread
Mwe 0x084be3ae 0xcb136f8c 0x0a3716c8 1743 0xcb1331b0 12696/16384 icmp_thread
Mwe 0x08f1f443 0xcb13b1e4 0x0a3458b0 158 0xcb137348 15728/16384 udp_thread
Mwe 0x08ee0f44 0xcb13f0bc 0x0a37178c 0 0xcb13b4e0 15288/16384 tcp_thread
Mwe 0x08f4212d 0xcb1bccd4 0x0a3458b0 12848 0xcb13fd70 26600/32768 rtcli async executor process
Mwe 0x090e408d 0xcb4dff64 0x0a3458b0 0 0xcb4dc0a8 14608/16384 PPPOE background daemon
Mwe 0x090e53c4 0xcb4e3fb4 0x0a29aa4c 1 0xcb4e00d8 14656/16384 PPPOE CLI daemon
Mwe 0x0824ff45 0xcb501e4c 0x0a3458b0 258 0xcb4fdf90 15624/16384 Timekeeper
Mwe 0x08e41f35 0xcb89a6d4 0xcb89eb10 7 0xcb896998 15392/16384 EAPoUDP-sock
Mwe 0x0822323d 0xcb89e544 0x0a3458b0 0 0xcb89a9c8 15016/16384 EAPoUDP
Mwe 0x08204371 0xcb3df9dc 0x0a3458b0 149 0xcb3dbb20 15168/16384 DHCPD Timer
Mwe 0x082066a1 0xcb3e6404 0x0a3458b0 1286 0xcb3e25a8 7172/16384 dhcp_daemon
Mwe 0x0910dfd4 0xcbc3b4e4 0x0a2a5380 0 0xcbc335e8 32472/32768 vpnfol_thread_msg
Msi 0x09116252 0xcbc3fac4 0x0a3458b0 2657 0xcbc3bbd8 15656/16384 vpnfol_thread_timer
Mwe 0x09114882 0xcbc44074 0x0a2a53c0 0 0xcbc401c8 16008/16384 vpnfol_thread_sync
Msi 0x09115fdc 0xcbc486b4 0x0a3458b0 11061 0xcbc447b8 15672/16384 vpnfol_thread_unsent
Mwe 0x0869e365 0xc8689384 0x0a3458b0 0 0xc86854d8 15832/16384 Integrity Fw Timer Thread
Msi 0x08852fd6 0xc868d55c 0x0a3458b0 206 0xc8689670 15656/16384 netfs_vnode_reclaim
Mwe 0x08f4212d 0xcb2a1914 0x0a3458b0 1277 0xcbd38510 15008/16384 Unicorn Proxy Thread
Mwe 0x0825afcb 0xcbc61254 0x0a3458b0 335 0xcbc5d788 14272/16384 emweb/https
Mwe 0x08eef828 0xcbd4dd0c 0xcbd4fd7c 0 0xcbd49fd0 14888/16384 listen/telnet
Mwe 0x08aac530 0xcbdbd754 0xcbd6c9fc 102 0xcbd9def8 127432/131072 Unicorn Admin Handler
Mwe 0x08aab345 0xcbddd644 0x0a3458b0 105 0xcbdbdf28 123712/131072 Unicorn Admin Handler
Mwe 0x08cd7c6f 0xcaf358cc 0x0a49edc8 0 0xcaf31bb0 15384/16384 qos_metric_daemon
Mwe 0x08218c82 0xcb2693fc 0x0a3458b0 3 0xcb265560 13248/16384 DHCP Client
Mwe 0x08f1d929 0xcb4bb0fc 0xc8f3ece4 0 0xcb4b3300 31552/32768 DHCPC Receiver
M* 0x08a86f55 0xdcc1df2c 0x0a346144 274 0xcb34deb8 19696/32768 telnet/ci
- - - - 0 - - DATAPATH-0-455
- - - - 744377118 - - scheduler
- - - - 774156778 - - total elapsed
------------------ show kernel process ------------------
PID PPID PRI NI VSIZE RSS WCHAN STAT RUNTIME COMMAND
1 0 20 0 2080768 616 3725686580 S 630 init
2 0 15 -5 0 0 3725738556 S 0 kthreadd
3 2 15 -5 0 0 3725692956 S 0 ksoftirqd/0
4 2 15 -5 0 0 3725728656 S 0 events/0
5 2 15 -5 0 0 3725728656 S 0 khelper
50 2 15 -5 0 0 3725728656 S 0 kblockd/0
53 2 15 -5 0 0 3726777703 S 0 kseriod
99 2 20 0 0 0 3725848262 S 0 pdflush
100 2 20 0 0 0 3725848262 S 0 pdflush
101 2 15 -5 0 0 3725861131 S 0 kswapd0
102 2 15 -5 0 0 3725728656 S 0 aio/0
103 2 15 -5 0 0 3725728656 S 0 nfsiod
214 2 15 -5 0 0 3725728656 S 0 hid_compat
215 2 15 -5 0 0 3725728656 S 0 rpciod/0
240 1 16 -4 1789952 600 3725997327 S 4 udevd
272 240 18 -2 1785856 564 3725997327 S 0 udevd
277 240 18 -2 1785856 552 3725997327 S 0 udevd
421 1 20 0 5201920 1600 4294967295 S 11 lwsmd
423 421 20 0 16736256 3600 4294967295 S 102 lwregd
448 1 20 0 2084864 512 3725686580 S 1 sh
449 448 20 0 10186752 528 4294967295 S 2 lina_monitor
451 449 0 -20 440270848 53000 4294967295 S 77713055 lina
------------------ show kernel cgroup-controller detail ------------------
memory controller:
memory.limit_in_bytes: unlimited
memory.usage_in_bytes: 61665280 (11%)
memory.max_usage_in_bytes: 64245760 (12%)
memory.failcnt: 0
tasks:
group "normal"
memory.limit_in_bytes: unlimited
memory.usage_in_bytes: 77824 (0%)
memory.max_usage_in_bytes: 544768 (0%)
memory.failcnt: 0
tasks:
PID RSS COMMAND
1 630784 init
2 0 kthreadd
3 0 ksoftirqd/0
4 0 events/0
5 0 khelper
50 0 kblockd/0
53 0 kseriod
99 0 pdflush
100 0 pdflush
101 0 kswapd0
102 0 aio/0
103 0 nfsiod
214 0 hid_compat
215 0 rpciod/0
240 614400 udevd
272 577536 udevd
277 565248 udevd
448 524288 sh
group "privileged"
memory.limit_in_bytes: unlimited
memory.usage_in_bytes: 22327296 (4%)
memory.max_usage_in_bytes: 22515712 (4%)
memory.failcnt: 0
tasks:
PID RSS COMMAND
449 540672 lina_monitor
450 0 lina_monitor
451 54280192 lina
452 0 lina
453 0 lina
454 0 lina
455 0 lina
group "restricted"
memory.limit_in_bytes: 23068672 (4%)
memory.usage_in_bytes: 1724416 (0%)
memory.max_usage_in_bytes: 1900544 (0%)
memory.failcnt: 0
tasks:
PID RSS COMMAND
421 1638400 lwsmd
422 0 lwsmd
423 3686400 lwregd
425 0 lwregd
426 0 lwregd
427 0 lwregd
428 0 lwregd
429 0 lwregd
430 0 lwsmd
431 0 lwsmd
432 0 lwsmd
433 0 lwsmd
434 0 lwsmd
cpu controller:
cpu.shares: 1024
cpuacct.usage: 777015353084076
tasks:
group "normal"
cpu.shares: 1024
cpuacct.usage: 53525955783 (0%)
tasks:
PID RSS COMMAND
1 630784 init
2 0 kthreadd
3 0 ksoftirqd/0
4 0 events/0
5 0 khelper
50 0 kblockd/0
53 0 kseriod
99 0 pdflush
100 0 pdflush
101 0 kswapd0
102 0 aio/0
103 0 nfsiod
214 0 hid_compat
215 0 rpciod/0
240 614400 udevd
272 577536 udevd
277 565248 udevd
448 524288 sh
449 540672 lina_monitor
450 0 lina_monitor
451 54280192 lina
452 0 lina
453 0 lina
454 0 lina
group "privileged"
cpu.shares: 16384
cpuacct.usage: 776952528547140 (100%)
tasks:
PID RSS COMMAND
455 0 lina
group "restricted"
cpu.shares: 1024
cpuacct.usage: 1291957168 (0%)
tasks:
PID RSS COMMAND
421 1638400 lwsmd
422 0 lwsmd
423 3686400 lwregd
425 0 lwregd
426 0 lwregd
427 0 lwregd
428 0 lwregd
429 0 lwregd
430 0 lwsmd
431 0 lwsmd
432 0 lwsmd
433 0 lwsmd
434 0 lwsmd
------------------ show traffic ------------------
inside:
received (in 422169.300 secs):
4183910 packets 523687951 bytes
9 pkts/sec 1006 bytes/sec
transmitted (in 422169.300 secs):
5702974 packets 5851550584 bytes
3 pkts/sec 13006 bytes/sec
1 minute input rate 22 pkts/sec, 2839 bytes/sec
1 minute output rate 30 pkts/sec, 22751 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 33 pkts/sec, 3746 bytes/sec
5 minute output rate 46 pkts/sec, 20906 bytes/sec
5 minute drop rate, 1 pkts/sec
outside:
received (in 422169.300 secs):
10542135 packets 11433861540 bytes
4 pkts/sec 27002 bytes/sec
transmitted (in 422169.300 secs):
3793870 packets 526596330 bytes
8 pkts/sec 1003 bytes/sec
1 minute input rate 47 pkts/sec, 41657 bytes/sec
1 minute output rate 18 pkts/sec, 2802 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 80 pkts/sec, 38519 bytes/sec
5 minute output rate 29 pkts/sec, 3749 bytes/sec
5 minute drop rate, 0 pkts/sec
_internal_loopback:
received (in 422168.950 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 422168.950 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Aggregated Traffic on Physical Interface
Ethernet0/0:
received (in 776992.730 secs):
8257731 packets 9051312645 bytes
5 pkts/sec 11002 bytes/sec
transmitted (in 776992.730 secs):
6399342 packets 1011145708 bytes
2 pkts/sec 1002 bytes/sec
1 minute input rate 26 pkts/sec, 24481 bytes/sec
1 minute output rate 20 pkts/sec, 3472 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 40 pkts/sec, 20147 bytes/sec
5 minute output rate 29 pkts/sec, 4280 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/1:
received (in 776992.730 secs):
1330771 packets 312271947 bytes
1 pkts/sec 3 bytes/sec
transmitted (in 776992.730 secs):
1738316 packets 638003030 bytes
2 pkts/sec 3 bytes/sec
1 minute input rate 4 pkts/sec, 405 bytes/sec
1 minute output rate 11 pkts/sec, 3333 bytes/sec
<--- More --->
1 minute drop rate, 0 pkts/sec
5 minute input rate 7 pkts/sec, 735 bytes/sec
5 minute output rate 13 pkts/sec, 4410 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/2:
received (in 776993.220 secs):
5028958 packets 693527818 bytes
0 pkts/sec 2 bytes/sec
transmitted (in 776993.220 secs):
7782202 packets 8316039741 bytes
4 pkts/sec 10000 bytes/sec
1 minute input rate 1 pkts/sec, 153 bytes/sec
1 minute output rate 2 pkts/sec, 391 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 1 pkts/sec, 187 bytes/sec
5 minute output rate 3 pkts/sec, 1011 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/3:
received (in 776993.220 secs):
17219822 packets 21609826615 bytes
0 pkts/sec 27005 bytes/sec
transmitted (in 776993.220 secs):
8373382 packets 5142266559 bytes
5 pkts/sec 6004 bytes/sec
<--- More --->
1 minute input rate 8384 pkts/sec, 12695156 bytes/sec
1 minute output rate 2657 pkts/sec, 203156 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 8010 pkts/sec, 12112337 bytes/sec
5 minute output rate 2525 pkts/sec, 188122 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/4:
received (in 776993.680 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 776993.680 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/5:
received (in 776993.690 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 776993.690 secs):
<--- More --->
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/6:
received (in 776994.140 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
transmitted (in 776994.140 secs):
0 packets 0 bytes
0 pkts/sec 0 bytes/sec
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Ethernet0/7:
received (in 776994.140 secs):
7328915 packets 4524298170 bytes
<--- More --->
3 pkts/sec 5004 bytes/sec
transmitted (in 776994.140 secs):
16345245 packets 21405489647 bytes
4 pkts/sec 27001 bytes/sec
1 minute input rate 2330 pkts/sec, 158045 bytes/sec
1 minute output rate 7422 pkts/sec, 11264540 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2481 pkts/sec, 168427 bytes/sec
5 minute output rate 7977 pkts/sec, 12105867 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/0:
received (in 776994.640 secs):
15222548 packets 10134365294 bytes
3 pkts/sec 13004 bytes/sec
transmitted (in 776994.640 secs):
15128813 packets 10256961010 bytes
2 pkts/sec 13001 bytes/sec
1 minute input rate 45 pkts/sec, 24860 bytes/sec
1 minute output rate 49 pkts/sec, 26647 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 73 pkts/sec, 24918 bytes/sec
5 minute output rate 75 pkts/sec, 26334 bytes/sec
5 minute drop rate, 0 pkts/sec
Internal-Data0/1:
<--- More --->
received (in 776994.640 secs):
15128721 packets 10256943282 bytes
2 pkts/sec 13001 bytes/sec
transmitted (in 776994.640 secs):
15222455 packets 10134357062 bytes
3 pkts/sec 13004 bytes/sec
1 minute input rate 48 pkts/sec, 26530 bytes/sec
1 minute output rate 45 pkts/sec, 24826 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 75 pkts/sec, 26323 bytes/sec
5 minute output rate 73 pkts/sec, 24908 bytes/sec
5 minute drop rate, 0 pkts/sec
------------------ show perfmon ------------------
PERFMON STATS: Current Average
Xlates 0/s 0/s
Connections 0/s 0/s
TCP Conns 0/s 0/s
UDP Conns 0/s 0/s
URL Access 0/s 0/s
URL Server Req
Maybe you are looking for
-
Drivers for Windows 7 64-bit for HP Pavilion 15-p125ng
Can any one help me with Drivers for Windows 7 64-bit for HP Pavilion 15-p125ng? I'll be very grateful for any answers This question was solved. View Solution.
-
My Cam says it is in use by another program.
Hello, I have just bought a new Rocketfish Notebook Camera and got a program that will run it on ichat for my mac mini. It is a USB cord and I have used Mac Cam to help but everytime I try using the camera, it says that it is in use by another progra
-
Arabic text not showing properly (chat & presenter)
Hi, We've two issues with Arabic text: 1- In the chat window when you type a sentence (say السلام عليكم ورحمة الله it appears backward الله ورحمة عليكم السلام) 2- When using Presenter in PowerPoint any Arabic word when exported appears in reverse and
-
Purchased Music NOT transferring from ITunes to IPod
AArgh. I have an older version of IPod (non-clickwheel) with the latest vesion of IPod Software (2.2) installed AND ITunes 6.0 AND I've repaired permissions, restarted, all the common troubleshooting actions taken place. My Purchased from ITunes musi
-
Compare date from xml data to new Date() in Repeater
Hi All I am using repeater and while those following 2 display the same (when reaching the current day) <mx:Label text="{new Date().getDate().toString()}"/> <mx:Label text="{r.currentItem.dayofmonth}"/> the following line display nothing <mx:Label vi