GRE IPSEC tunnel between 2 cisco routers
Hello all,
I have configure a GRE tunnel between 2 sites on cisco router,although the GRE tunnel works fine.
once i have configure the IPSEC ...tunnel, the same is not stable .it goes down after sometime & keeps going into MM_State
#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
x.x.x.x. x.x.x.x.x MM_NO_STATE 0 ACTIVE
although the GRE tunnel works fine
Regards
Tejas
Hi David,
it is quite strange but when i started this discussion my issue was that show crypto isakmp sa shows state as "MM_NO_STATE" but now the problem is different
now today morning, i followed some steps
step 1. configure simple GRE tunnel between my 2 locations , able to ping other end tunnel IP with source tunnel IP all works fine .
step 2. started conditional debug for peer along with crypto isakmp & cryptp ipsec debug on both locations.
step 3 implement the IPSEC config on both the router, i have attach the same in a separate file
Now the problem is IPSEC negotiation has been successful see output below but my tunnel is down
SITE A
sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
114.143.78.X 14.102.64.X QM_IDLE 1015 ACTIVE
SITE B
#sh crypto isakmp sa | include 14.102.64.X
14.102.64.X 114.143.78.X QM_IDLE 15532 ACTIVE
Now i am not sure why my tunnel is down ???
Please check the attach notepad
Regards
Tejas
Similar Messages
-
IPSec tunnel between 2 routers
Hello,
i'm trying to configure an IPSec VPN tunnel between 2 Cisco routers connected to internet via ATM interface, my router is a 1841 with network address 10.200.36.0, the remote router is a Cisco 877 with network address 192.168.9.0.
I tryied to follow some tutorials, without success because i still can't ping any IP address on the remote network and also the VPN tunnel is not up!
May you please help me giving a configuration template, or maybe let me know how to configure it step by step on mine and remote router?
Thank you very much!
Regards
RiccardoHere is an example. x.x.x.x and y.y.y.y are the public IPs of the routers:
hostname Router1
crypto isakmp policy 10
encr aes 256
auth pre
group 5
crypto isakmp key cisco1234 address y.y.y.y
crypto ipsec transform-set ESP-AES256-SHA1 esp-aes 256 esp-sha-hmac
crypto ipsec profile TunnelProfile
set transform ESP-AES256-SHA1
interface Tunnel0
ip address 10.255.255.0 255.255.255.254
tunnel source Dialer 0
tunnel destination y.y.y.y
tunnel mode ipsec ipv4
tunnel protection ipsec profile TunnelProfile
interface Dialer0
ip address x.x.x.x
ip route 192.168.9.0 255.255.255.0 Tunnel0
hostname Router2
crypto isakmp policy 10
encr aes 256
auth pre
group 5
crypto isakmp key cisco1234 address x.x.x.x
crypto ipsec tranform-set ESP-AES256-SHA1 esp-aes 256 esp-sha-hmac
crypto ipsec profile TunnelProfile
set transform ESP-AES256-SHA1
interface Tunnel0
ip address 10.255.255.1 255.255.255.254
tunnel source Dialer 0
tunnel destination x.x.x.x
tunnel mode ipsec ipv4
tunnel protection ipsec profile TunnelProfile
interface Dialer0
ip address y.y.y.y
ip route 10.200.36.0 255.255.255.0 Tunnel0
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
The difference of the IEEE802.1x Auth between Cisco Routers and Catalyst switches
Hello
I am investigating the difference of the IEEE802.1x Auth between Routers and Switches.
Basically dot1x auth is availlable on Catalyst Switches. however if I want to check to
PortBased Multi-Auth , MAC address Auth and any certification Auth with this feature,
Is it possible to integrate into Cisco Router such as Cisco 891F ?
In my opinion Cisco891F is also available to use basic IEEE802.1x but if it compares with Catalyst switches such as Cat3560X
I think there might be any unsupported feature on Cisco 891F.
I appreciate any information. thank you very much in advance.
Best Regards,
Masanobu HiyoshiMany time in interviews asked comaprison between cisco routers and switches that i was answerless bcoz i dont have much knowledge about that.Can anyone provide me the compariosin sheet of the same.how are the cisco devices differ with each other how much Bandwidth each routres support and Etc...
Ummmm ... The most common question I get is "what is the difference between a router and a switch".
However, if you get a question like this, then my impression to this line of questioning are:
1. The candidate they are looking for has in-depth knowledge of routers and switches. And I mean IN-DEPTH!;
2. They are not looking for a candidate. They just want to stroke their ego. There is not alot of people who can give you the "names and numbers" of routers and switches at a snap of a finger. And if you do happen to know the answer, then and there, then expect a tougher follow-up question. -
IPSEC Tunnel between JUNIPER (SSG 20) and CISCO PIX 501
I have successfully established the IPSEC tunnel with juniper firewall by using cisco Pix 501 (6.3 version). The problem I am facing, I have network layer connectivity but after time interval I am not able to send the traffic on destination IP address on specific port, but can successfully PING the destination IP. On both firewalls the IPs are permitted for all ports.
Dear Mr.
The same problem has occured with me. -
Not Seeing NAT Translations Across GRE IPSec Tunnel
Hello,
I have a P2P GRE over IPSec tunnel beween two 3725s using NAT overload and the Internet as transport. I can reach the backside networks, tunnel endpoints, etc., and I have verified that the traffic is being encrypted. What I am not seeing however are any NAT translations taking place. They must be happeing because my traffic is being routed through the tunnel via the public interfaces. I am assuming that this is a result of the checksum being altered when the translation is done.
Would I be correct in assuming that I could use something like NAT Transparency or IPSec over TCP/UDP to fix the problem and begin seeing NAT translations?
Thanks for any help you guys may be able to provide!
Anthony, CCNA (Network/Voice)Can you send over the configurations
You seem to have a phase 1 issue, it's not negotiating correctly.
Thanks -
IPSEC tunnel between adsl router (1841-K9) and Windows ISA
Hi. Can anybody point me in the direction of how to achieve this?
Basically weve got a UC500 running CME. We want to send a home worker home with a router and a phone, and allow their router (probably an 1841 with a WIC 1ADSL and K9 pack) to connect to our SBS server with ISA on it and make an IPSEC tunnel.
Thanks!!!This is now showing up with running ssh over this tunnel. I can get the initial connection, but certain commands are not going through.
-
Help getting GRE IPsec tunnel setup
We are setting up an old office building as an offsite data center. The network cosists on a PIX 501 firewall and a 2811 router. I am attempting to setup a GRE tunnel over IPsec back to the main office. The main office consists of a PIX515, a 2821 router, and a 2921 router.
There is also an ASA5510 in our main office that is used as our primary connection for all of our external services and as a GRE endpoint for our other offices. The PIX515 is used to connect our main office clients to the internet and we would like traffic between it and our offsite data center to go across it as well. The default route is to use the ASA. We used policy based routing on the 2821 and 2921 routers to direct the appropriate traffic to the PIX515.
I have attached a PDF that shows a general overview.
Right now I am not able to get the tunnel setup. It appears that the offsite datacenter is sending packets but is not receiving any when I issue the “show crypto ipsec sa” commands on both firewalls. I will show the output of that command below.
Main Office
The external address 198.40.227.50.
The loopback address 10.254.10.6
The tunnel address 10.2.60.1
Offsite Datacenter
The external address 198.40.254.178
The loopback address 10.254.60.6
The tunnel address 10.2.60.2
The main office PIX515 Config (Edited – if I am missing something that you need please let me know).
PIX Version 7.2(2)
interface Ethernet0
mac-address 5475.d0ba.5012
nameif outside
security-level 0
ip address 198.40.227.50 255.255.255.240
interface Ethernet1
nameif inside
security-level 100
ip address 10.10.10.3 255.255.0.0
access-list outside_cryptomap_60 extended permit gre host 10.254.10.6 host 10.254.60.6
access-list outside_cryptomap_60 extended permit ip host 10.254.10.6 host 10.254.60.6
global (outside) 1 interface
nat (outside) 1 10.60.0.0 255.255.0.0
nat (inside) 0 access-list noNat
route outside 0.0.0.0 0.0.0.0 198.40.227.49 1
route inside 10.60.0.0 255.255.0.0 10.10.10.1 1
route inside 10.254.10.6 255.255.255.255 10.10.10.253 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto dynamic-map ClientVPN_dyn_map 10 set transform-set ESP-3DES-SHA
crypto map cr-lakeavemap 10 match address outside_cryptomap_60
crypto map cr-lakeavemap 10 set peer 198.40.254.178
crypto map cr-lakeavemap 10 set transform-set ESP-3DES-SHA
crypto map cr-lakeavemap 65535 ipsec-isakmp dynamic ClientVPN_dyn_map
crypto map cr-lakeavemap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
tunnel-group DefaultRAGroup ipsec-attributes
isakmp keepalive threshold 10 retry 2
tunnel-group 198.40.254.178 type ipsec-l2l
tunnel-group 198.40.254.178 ipsec-attributes
The offsite datacenter PIX501 config (again edited)
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
access-list crvpn permit gre host 10.254.60.6 host 10.254.10.6
access-list crvpn permit ip host 10.254.60.6 host 10.254.10.6
mtu outside 1500
mtu inside 1500
ip address outside 198.40.254.178 255.255.255.240
ip address inside 10.60.10.2 255.255.0.0
route outside 0.0.0.0 0.0.0.0 198.40.254.177 1
route inside 10.2.60.2 255.255.255.255 10.60.10.1 1
route inside 10.254.60.6 255.255.255.255 10.60.10.1 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map ClientVPN_dyn_map 10 match address ClientVPN
crypto dynamic-map ClientVPN_dyn_map 10 set transform-set ESP-3DES-SHA
crypto map cr-lakeavemap 10 ipsec-isakmp
crypto map cr-lakeavemap 10 match address crvpn
crypto map cr-lakeavemap 10 set peer 198.40.227.50
crypto map cr-lakeavemap 10 set transform-set ESP-3DES-SHA
crypto map cr-lakeavemap 65535 ipsec-isakmp dynamic ClientVPN_dyn_map
crypto map cr-lakeavemap client authentication LOCAL
crypto map cr-lakeavemap interface outside
isakmp enable outside
isakmp key ******** address 198.40.227.50 netmask 255.255.255.255
isakmp identity address
isakmp keepalive 10
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
Output of the “show crypto ipsec sa” command
From the main office
Crypto map tag: cr-lakeavemap, seq num: 10, local addr: 198.40.227.50
access-list outside_cryptomap_60 permit gre host 10.254.10.6 host 10.254.60.6
local ident (addr/mask/prot/port): (10.254.10.6/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.254.60.6/255.255.255.255/47/0)
current_peer: 198.40.254.178
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 18867, #pkts decrypt: 18867, #pkts verify: 18867
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 198.40.227.50, remote crypto endpt.: 198.40.254.178
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: D78E63C9
inbound esp sas:
spi: 0x5D63434C (1566786380)
transform: esp-3des esp-sha-hmac none
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 2, crypto-map: cr-lakeavemap
sa timing: remaining key lifetime (kB/sec): (4274801/7527)
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0xD78E63C9 (3616433097)
transform: esp-3des esp-sha-hmac none
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 2, crypto-map: cr-lakeavemap
sa timing: remaining key lifetime (kB/sec): (4275000/7527)
IV size: 8 bytes
replay detection support: Y
From the offsite datacenter
local ident (addr/mask/prot/port): (10.254.60.6/255.255.255.255/47/0)
remote ident (addr/mask/prot/port): (10.254.10.6/255.255.255.255/47/0)
current_peer: 198.40.227.50:500
dynamic allocated peer ip: 0.0.0.0
PERMIT, flags={origin_is_acl,}
#pkts encaps: 22360, #pkts encrypt: 22360, #pkts digest 22360
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0, #pkts decompress failed: 0
#send errors 1156, #recv errors 0
local crypto endpt.: 198.40.254.178, remote crypto endpt.: 198.40.227.50
path mtu 1500, ipsec overhead 56, media mtu 1500
current outbound spi: 5d63434c
inbound esp sas:
spi: 0xd78e63c9(3616433097)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 1, crypto map: cr-lakeavemap
sa timing: remaining key lifetime (k/sec): (4608000/6604)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x5d63434c(1566786380)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 2, crypto map: cr-lakeavemap
sa timing: remaining key lifetime (k/sec): (4607792/6596)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
I'm not sure where the issue lies and have beat my head on this for awhile so any help/insight is greatly appreciated. If there is anything else you'd like to see please let me know.Hi Joe,
This should be moved to a VPN forum, however, something comes up Really quickly from the problem. Here:
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
Thats from the Pix on the Main office, so I think the GRE traffic is not either getting or being encrypted. I am assuming this is the IP address of the router behind the main office 10.254.10.6 is that correct?
If so, I would put a capture on the Pix to see if the GRE traffic is getting to that PIX on the inside (Unencrupted but Encapsulated on GRE) and make sure that it is not being dropped. To ensure that, you can see the logs on the PIX and see if the firewall is dropping the GRE previous being encrypted.
Also, a packet tracer can be run to ensure that the Traffic has a VPN phase which would indicate that it is following the correct phases and it would be encrypted.
Let me know.
Mike Rojas. -
GRE IPSec between Cisco 2811 and FortiGate 110C
Hello,
Does anybody know if it is possible to configure GRE IPSec tunnel between Cisco 2811 router and FortiGate 110C firewall? I know that FortiGate supports IPSec and GRE tunnels, but maybe somebody succeeded in establishing an IPSec GRE between those routers? Could you also give a link to the appropriate documentation if it is possible?Hi,
You can configure the GRE tunnel on the 2811.
I'm aware that you can configure sort of a GRE tunnel on the Fortinet as well, but I have not seen a GRE tunnel between a Cisco and other vendor.
I've only seen GRE tunnels between Cisco devices (however I have not tried it to assure you that it will not work :-()
Federico. -
Hi We have a problem with an IPSec tunnel between our Cisco 1812 and a partners Cisco router. 3 times in the last 2 months the tunnel has stopped responding, in that we can no longer access the server at the partners site or ping it. When we check our router it states the VPN connection is up and tests ok. We have found that cycling the power on our router fixes this issue. Unfortunatly the link is business critical and have little time to diagnose the problem. I can't see anything in the cisco logs relating to the VPN. Was wondering if this could be a problem at our partners end and any advise on how to diagnose this problem next time it happens would be greatly appreciated.
Stephen WeightmanHi Stephen,
What we are expericing could be related to the lifetime not matching. If the tunnel on our router shows up but it does not work then there is a possibility that it is not up on their end. So this is how we should proceed in this :
1. When the problem occurs, you need to first check the tunnel status by issuing the command :
sh cry isak sa
What we are looking for is the source ip, dest ip, and status.
2. If it shows up on both the routers then we need to look into the ipsec SAs:
sh cry ipsec sa peer
We are looking for the status of the tunnel. The specific informatio to look for is the pkts encaps and decaps, inbound ESP sa and outbound ESP sa. Please be onformed that it has to be done on both the routers.
3. Another thing to check is when this problem occurs, do we see the pkts encaps increasing on our router.
4. If we see the tunnel up on our end but down on their end, does the problem go away if we just clear the SAs instead of rebooting the router.
5. Another thing to look for is the IPSEC SA lifetime in the show run. It should match.
HTH,
Please rate if it helps,
Regards,
Kamal -
IPSec Tunnel: Idle timeout
Friends,
I gonna configure ipsec tunnel between to sites. I want that tunnel remain up almost all the time. For this if i configure "crypto ipsec security-association idle-time" to its maximum value, is there any issue doing this. Means i want to not, if it has any disadvange. Will it kill my router resources? As you know when ipsec tunnel come up, it drops few packets and also add delay in communication that i want to mitigate. Need your comments please.
Best Regards
RameezThere are few ways to keep tunnel open
-Periodic isakmp keepalives
crypto isakmp keepalive
-How you suggest increasing ipsec idle-timer and also ike/ipsec lifetime
isakmp policy 20 lifetime
crypto ipsec security-association lifetime
-Running NTP between the 2 routers thru the ipsec tunnel
I think there are no big issue.. we used this when IP sec between Cisco and non-Cisco device had problem to come up from non-Cisco side so we decided keep tunnel up
M. -
Tunnel Traffic going inside IPSEC tunnel
Hi Everyone,
Site A has IP Sec Tunnel to Site B via ASA.
Now Switch on Site A has GRE tunnel and destination of that tunnel is going inside the IPSEC tunnel.
In other words IPSEC tunnel between 2 sites is also carrying the GRE Tunnel Traffic.
Which command i can run on ASA to know if IPSEC is carrying GRE tunnel traffic or
What line in ASA config will tell me that this IPSEC is also carrying GRE tunnel traffic?
Thanks
MAheshHi Jouni,
I can not put config here.
But here is the info
sh crypto map shows ASA outside interface say GGG this interface has ipsec connection to other site.
also sh conn all | inc GRE shows bunch of output.
It shows ASA outside inetrface which is to WAN say GGG 8 times and it has say subnet range
GRE GGG 10.22.31.4 XY 10.x.x.x.x
GRE GGG 10.22.31.4 XY 10.x.x.x
GRE GGG 10.22.31.3
GRE GGG 10.22.31.3
GRE GGG 10.22.31.3
GRE GGG 10.22.31.4
GRE GGG 10.22.31.4
GRE GGG 10.22.31.4
Where XY is interface of ASA which is next hop to tunnel destination.
IP 10.x.x.x is the tunnel source IP which is loopback on the switch.
Do you know why it has 2 entries for same ASA interface XY ?
Also it has other entries for other ASA interface.
So does number of entries tell us number of GRE connections running ?
Thanks
MAhesh
Message was edited by: mahesh parmar -
Ipsec tunnel c7204vxr to c1941isr
I have a site ipsec tunnel between a c7204vxr and a c1941isr. The tunnel is established successfully but I am noticing packet drops on the ingress to the c7204 from the c1941. Specifically, there is an ssl website that is being accessed that is behind the 1941. When a node from behind the 7204 is accessing it, 27 packets traverse successfully from the 7204 to the 1941. On the return, 38 packets are sent from the 1941 and only 21 make it to the 7204(this is determined from tracking acl hit counts placed at inside interfaces of the 1941 and 7204). The log at the 7204 shows even less packets then that arrived(only two). The c7204 ios does not have ability for ip inspect log drop-pkt. The crypto acl is a full ip acl(access-list 105 permit ip <net> <mask> <net> <mask>). There are no other firewalls or natting happening between the endpoints. I can ping nodes on both sides of the tunnel successfully with no loss or drops. A packet capture of the access attempt shows the node behind the 1941 continually sending tls, ssl, and tcp packets to the node behind the 7204 without response. What other tools could be used to interrogate this?
Try doing a Embedded packet capture for ESP packets on the Wan interfaces of the routers and do a ping test. Use ICMP packets of specific size and then extract the captures and check for the packets that are a little bigger than the size of packets you have sent.
Then you can count them to see if all the packets of those size are being received. If the count is less then there is a ESP packet loss on the ISP path. -
IPSEC VPN between two like networks
Hello --
For the past few days I have been banging my head against the wall with this problem.
I have two IP networks that have the same IPs that I need to create an IPSEC tunnel between.
Here is a crude diagram:
192.168.1.0/24--[cisco 1920]--Internet--[cisco RV082]--192.168.1.0/24
I know I need to do some kind of NAT,but from what I've been poking around in the RV082 it doesn't look like it can do it.
One way I tried to get this to work is like this:
192.168.1.0/24--[cisco 1920]--Internet--[cisco RV082]-192.168.33.0/24-[Belkin N300 consumer router]--192.168.1.0/24
But once I changed the Belkin's LAN IP to 192.168.1.1/24 I lost connectivity to it's "WAN" port, I was pinging it from the LAN side of the 1920. (I think it was trying to route traffic over it's LAN port even though it came over it's WAN port)
Does anyone have some pointers to get me going in the right direction?
Thanks,
Greg SmytheHi Greg,
If you have same subnet on both the ends then yes you are right the NAT is the only option. You need to do the NAT on both the devices. As you said that RV can't do that i don't think so you have any othe roption than to change the subnet on one of the end. Which is not an easy option
Thanks
Jeet -
Two separate L2L tunnels between same two ASA
I have a large MPLS fully meshed network with two main locations, both of which have an ASA with internet access as well as the MPLS access. I need to be able to provide a backup connection between the two main locations in the event one of the MPLS links to one or the other goes down.
I am considering using a L2L IPSEC tunnel between the two ASA's but the interesting traffic for the tunnel is different depending on which of the links is down and there fore I would need two different tunnels. I have my servers and remote desktop servers at one of the main sites and the other main site has another organization attached to it externally that the servers must be able to access.
Is there a way of creating two separate L2L tunnels between the two ASA's? Could I perhaps assign two public IP addresses to each of the ASA's and then create the tunnels between different endpoints on each ASA?
Does anyone have another possible solution to the problem?
GeneYou should be able to do what you want using IP SLA. Please see this excellent blog post which documents one way to accomplish it.
Hope this helps. -
AP registration over IPSEC Tunnel(ASA)
Guys,
I have my WAP sitting behind ASA and have ipsec tunnel between ASA and router.below is the topology:-
WAP>>ASA<<< IPSEC TUNNEL>>> Router<<<WLC
Recently we have replaced router with ASA 5505 for security reasons and since then WAP is not able to registered to WLC. we have VPN tunnel up and working. Even WAP is able to ping to WLC ip address.
Do we have any special configuration in my ASA considering my above topology. I can confirm that capwap and lwap ports are opened in asa.
Please let me know if some one has faced this issue before.Hi,
I hope you have already allowed the below mentioned ports as per your requirement.
You must enable these ports:
Enable these UDP ports for LWAPP traffic:
Data - 12222
Control - 12223
Enable these UDP ports for mobility traffic:
16666 - 16666
16667 - 16667
Enable UDP ports 5246 and 5247 for CAPWAP traffic.
TCP 161 and 162 for SNMP (for the Wireless Control System [WCS])
These ports are optional (depending on your requirements):
UDP 69 for TFTP
TCP 80 and/or 443 for HTTP or HTTPS for GUI access
TCP 23 and/or 22 for Telnet or SSH for CLI access
Also if it goes over the IPSec VPN, MTU size for the path between AP and WLC should be of 1500, if it has the lesser MTU, then communication fails.
Can you get me your WLC and ASA OS versions?
Regards
Karthik
Maybe you are looking for
-
HT1420 How can I deauthorize an iTunes account for a computer I no longer possess?
How can I deauthorize an iTunes account for a computer I no longer possess?
-
Why I feel Quicktime ripped me off - and how their CS made it worse
Ok so this was about 6 months ago. I had been interested in learning more and more about QT, and finally to spend the money to upgrade to QT Pro. I think the standard at the time was version 6. I authorized a credit card payment for the $60 or whatev
-
Problem with field ZZLOGSYS_FI field
Hi people, i have the following problem: i'm transferring data from an extraction in a SRM server, using the RSA3 tx. During simulation the ZZLOGSYS_FI field, on the table to move towards BW, gets filled. But using the RSA1 tx on BW (right click on t
-
Assistance in converting/downgrading CS5 file to CS3 version?
Hi, I noticed in a few other threads that several kind members of this forum have offered to convert files that were created in InDesign CS5 (in my case a trial version) into a format compatible with InDesign CS3 (which I have installed on my system)
-
Ive been browsing around the forums and net for two days and cant find a fix to help me. I cant get the desktop manager to work on my computer. bluetooth options is greyed out and when i plug the phone in via usb cabel it doesn't recognize it. Its no