Intel and Cisco LWAPP - Sucess at last

I work for a large healthcare system that has a very large LWAPP deployment. We utilize the network for laptops, 7920 IP phones, and the new 7921 phones. We have HP laptops with Intel wireless cards. We have both the HP 6120 and 6320 laptops with the Intel 2915 and 3945 Intel wireless abg clients. There has always been a beacon interoperability problem between these intel clients and lwapp. This has been a huge issue that neither Intel nor Cisco has wanted to deal with.
The problem has finally been resolved with LWAPP code release 4.1.185.0. I upgraded my 4404-100 controllers to 4.1.185.0 to fix some possible arp issues I was seeing on our new Cisco 7921 phones. Not only did it resolve the arp problem, all my Intel problems went away.
It was interesting because I did the upgrade the night before I had HP and Intel engineers onsite to troubleshoot the interoperability issues - we were giving them one more chance to resolve the issue before we were probably going to switch to a different laptop and wireless card that had a proven record for working with LWAPP - like Thinkpad with atheros.
When the engineers arrived, the problem could not be reproduced - constant drops off the network and wild roaming (we have a very dense AP deployment (1232 & 1242 APs).
We recretaed the problem by downgrading a controller to 4.1.171.
I am extermely happy that we finally found a code to support the laptops and is also still compatabile with our 7921 phones. We have about 200 7921 phones we are deploying on 802.11a. We plan on keeping the data on b/g.
I am posting this just in case other people have similar issues.

We upgraded the WLC to 4.1.185 and we changed the power settings on the Intel card from the default to MAX.
Do a right click on your PC--->Properties---Hardware--->Device Manager--->Intel Wireless--->Properties--->Power Management.
Here is the straight talk from the Intel site:
If the wireless access point (AP) or broadband wireless router does not properly support the PSP feature, intermittent loss of wireless connection, inability to initiate a wireless connection, or poor wireless connection data performance could result. The symptoms may be more pronounced when on battery power.
Cause:
In a mobile environment, power save polling mode is a feature for extended battery life for mobile stations. The capability requires coordination between the AP/router and the laptop's wireless adapter for proper operations. Intel has discovered the feature may not be implemented correctly or completely in some wireless access points or wireless gateway devices.
Solution:
Contact the AP/router vendor for updated software or firmware that corrects the problem.
As a temporary workaround, manually set the wireless adapter to CAM (continually aware mode), which disables the PSP capability. To do this, in either Intel? PROSet/Wireless Software or the Network Control Panel Applet (NCPA), in the power management section, uncheck the DEFAULT / AUTO selection and set the slider for HIGHEST / MAXIMUM PERFORMANCE.
Notes:
To ensure the adapter is set to CAM - if the slider is already at the HIGHEST / MAXIMUM PERFORMANCE setting, move the slider to another setting and then back to HIGHEST / MAXIMUM PERFORMANCE.
Hope this helps.

Similar Messages

Could not resolve CISCO-LWAPP-CONTROLLER

Hi..
I have AP Cisco Aironet 1250. I want upgrade to LWAPP. AP using static IP address. When AP try to joinm error message displayed "DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER".
Loading file /c1250...
extracting info (292 bytes)
Image info:
    Version Suffix: k9w8-.124-10b.JDD
    Image Name: c1250-k9w8-mx.124-10b.JDD
    Version Directory: c1250-k9w8-mx.124-10b.JDD
    Ios Image Size: 4352512
    Total Image Size: 4352512
    Image Feature: WIRELESS LAN|LWAPP
    Image Family: C1250
    Wireless Switch Management Version: 4.2.207.0
Extracting files...
c1250-k9w8-mx.124-10b.JDD/ (directory) 0 (bytes)
extracting c1250-k9w8-mx.124-10b.JDD/c1250-k9w8-mx.124-10b.JDD (3956889 bytes)
%LWAPP-5-!CHANGED: LWAPP changed state to JOIN
%LWAPP-5-CHANGED: LWAPP changed state to IMAGE
Error messages:
*Jun 30 09:46:16.491: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
*Jun 30 09:46:16.491: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
*Jun 30 09:46:16.491: %LWAPP-5-CHANGED: LWAPP changed state to DISCOVERY
*Jun 30 09:46:16.651: %LWAPP-3-CLIENTEVENTLOG: Performing DNS resolution for CISCO-LWAPP-CONTROLLER
*Jun 30 09:46:16.651: %LWAPP-3-CLIENTERRORLOG: DNS Name Lookup: could not resolve CISCO-LWAPP-CONTROLLER
*Jun 30 09:46:16.651: Logging LWAPP message to 255.255.255.255.
Any help?
Thanks.

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin-top:0cm;
mso-para-margin-right:0cm;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0cm;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
You configuration is not correct. You can remove the line ‘domain-name CISCO-LWAPP-CONTROLLER.mydomain.com’ or replace it with ‘domain-name mydomain.com’ and configure the DNS server with both "CISCO-LWAPP-CONTROLLER.mydomain.com" and "CISCO-CAPWAP-CONTROLLER.mydomain.com" pointing to 172.16.00.25.
I suggest that you remove this line and forget about DNS and go for DHCP option 60 and 43 as you already have configured. You do not need both the DNS configuration and DHCP option 43.
Since you have configured ‘option 60 ascii "Cisco AP c1250"’ and ‘option 43 hex f104ac100019’ then your 1250s should try to associate with the controller 172.16.00.25.
Please post more of the syslog and look for events regarding DHCP option 43.
Is the address 172.16.00.25 for the WLC correct?
Regards,
André

CISCO-LWAPP-CONTROLLER

Hello,
I am trying to get this officeextend working.
I connected the ap and checked the H-Reap box and then officeextend and gave it a public ip. This public ip is NAT'd to the dmz controller on the firewall. (The dmz controller is 5508 running code 6.0.199.4)
I have connected this officeextend 1132 ap to a broadband connection and this gets an ip of 192.168.1.23 on its fa0 interface. all good till now.
when i console onto the officeextend 1132 AP, i get an error msg could not resolve Cisco-LWAPP-Controller.abc.uk....domain server (192.168.1.254) and Cisco-CAPWAP-Controller.home.uk...think it needs DNS set to the public ip on the local asdl box, is it ?
if this is the case, I am not sure if i can do this as this is controlled by the ISP

I have added this now scott on the management interface but still cant get the AP to join the controller. This AP is connected to a broadband wireless router connected back to a ADSL router that has the DNS settings
(also i cant see any traffic hitting on ports 5246 and 5247 on the firewall. so think this AP is not trying to go out )
it comes up with
CAPWAP-5-DHCP_RENEW: Could not discover WLC using DHCP IP. Renewing DHCP IP.
Translating "CISCO-CAPWAP-CONTROLLER.Abc.uk"...domain server (192.168.1.254)
*Apr 8 16:25:39.983: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
Translating "CISCO-LWAPP-CONTROLLER.Abc"...domain server (192.168.1.254)
*Apr 8 16:25:42.095: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROLLER.Abc.uk
config on AP
service password-encryption
hostname AP6400.f14d.b6ba
logging rate-limit console 9
enable secret 5 $1$ACEH$BuOIS/RYEP5ZXvWxbyCFS/
aaa new-model
aaa authentication login default local
aaa authentication login reap_eap_methods group radius
aaa session-id common
eap profile lwapp_eap_profile
method fast
crypto pki trustpoint Cisco_IOS_MIC_cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
crypto pki trustpoint cisco-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
crypto pki trustpoint airespace-device-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
crypto pki trustpoint airespace-new-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
crypto pki trustpoint airespace-old-root-cert
revocation-check none
rsakeypair Cisco_IOS_MIC_Keys
username Cisco secret 5 $1$2zkE$CaKkr5zDUWwltKRFvrIto0
ip ssh version 2
interface Dot11Radio0
no ip route-cache
mbssid
speed basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
power client local
packet retries 64 drop-packet
interface Dot11Radio0.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip route-cache
mbssid
power client local
packet retries 64 drop-packet
interface Dot11Radio1.2
encapsulation dot1Q 2 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
ip address dhcp client-id FastEthernet0
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
no ip http server
logging trap errors
logging origin-id string AP:6400.f14d.b6ba
logging facility kern
logging snmp-trap notifications
logging snmp-trap informational
logging snmp-trap debugging
logging 255.255.255.255
radius-server local
no authentication eapfast
no authentication leap
no authentication mac
nas 66.11.22.33 key 7 111D110C041B18030A2632253C363832
group hreap
control-plane
line con 0
line vty 0 4
transport input none
line vty 5 15
transport input none
end

Which WLC interface should be resolved from cisco-lwapp-controller.domain

Hi,
we use several 4402 wlc and want the aps connect to connect to them via dns discovery.
It would be fine if somebody could tell me to which ip address (in our dns database) I have to add an alias for cisco-lwapp-controller.<domain>.
Is it the management interface, the ap manager interface or one/all dynamic interface(s)?
Is there any hint concerning this in the documentation?
Best Regards,
Thorsten

You use the management interface of the WLC.
Here is a good link also if you have issues:
http://www.cisco.com/en/US/products/ps6366/products_tech_note09186a00808f8599.shtml#backinfo

Macbook wireless and Cisco base station causes kernel panics

So my company uses Macbooks and Cisco wireless base stations. For some reason, when they use bother ethernet, and the wireless, the Macbook will kernel panic for no apparent reason. So since we have a fast wired network, I have been advising those Macbook users to turn off wireless and use the wired network. Wouldn't you know, the kernel panics go away. Is anyone aware of an issue with the wireless chipset in the Macbooks and the wireless chipsets in the Ciscos not liking to play with one another? I know it's the wireless in the Macbooks as if I use any other wireless base station from Apple or Linksys, the issue is not there. I should also mention that when people use those Macbooks on the wireless every once in a while, they get an access control list error. We do not have ACLs for our wireless. Our PowerBooks and iBooks do not exhibit any of these issues on the same network, so we know it is an issue with Intel based Macs. Any ideas?

I'm having a similar problem at college (they use Cisco equipment). On most of the campus everything is fine, but in the area near my classes (typically), wireless causes the mac to panic.
I asked at IT, and came back more confused (apparently, they use the same model WAPs throughout the college, so they couldn't see why one particular WAP would cause this. They guessed it was to do with the huge amount of traffic that particular WAP gets, with it being in the Computing department and all).

Differents dvds for Intel and G4?????

Hi, i have one mac based on intel and a G4, can i install the mac os x updated (10.4) from the dvd of my intel based system into the G4(now it has the 10.3)??????
Thanks

The DVDs are different.
Also, It sounds like a risky thing to do, if it doesn't work, it could destroy any info on the G4. It won't physically hurt it though.
Last but not least, the Software Police will hunt you down because Apple's EULA states one purchased system software per one computer.
PS: I was just kidding about the Software Police.

LWAPP cannot translate cisco-lwapp-controller

Hi all:
I had add a hostname to DNS server as CISCO-LWAPP-CONTROLLER . and i use my controller as a internal DHCP server , it will assign ip to a lot of vlan. My lightweigh ap cannot translate the cisco-lwapp-controller and other a record at DNS server .

Can you translate that on the local lan? Verify that the manamgement and ap-manager is configured for vlan "0" untagged and that the trunk port is setup with the native vlan of the WLC management and ap-manager interface. If you console in the ap and power cycle the ap, what does the log show. Post the log so we can take a look at it.

HP J4853A and Cisco SFP Module 100BASE-FX

Hello Everyone!
Will HP J4853A and Cisco SFP Module 100BASE-FX modules be compatible?
Thank you!

This is the output from sh interface:
GigabitEthernet0/1 is down, line protocol is down (notconnect)
Hardware is Gigabit Ethernet, address is f029.2950.8119 (bia f029.2950.8119)
MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not set
Auto-duplex, Auto-speed, link type is auto, media type is 1000BaseLX SFP
input flow-control is off, output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
As you can see the switch detects SFP as 1000BaseLX SFP, however it is 100Base FX

LACP between SRW2048 and Cisco 3750

Hi,
I have been trying to set up a LACP link between my SRW2048 and Cisco 3750 using two gigabit ethernet links.
Whenever i plug one cable in the interface does not come back up.
I have already sucessfully been able to create a LACP link between the 3750 and a catalyst 2960 for two cables.
Both interfaces at both units are set up as trunks for Vlans 1 (default and untagged), 4, 99, 101, and 102, then the Port-channel / LAG set also as a trunk with the same vlans.
Does anyone have any ideas why the interface is not even initialising?
If i plug a SRW2048 LAG'd interface into a normal access (vlan1) port on the 3750 it works fine, and vice versa with the 3750 to the SRW2048.
Below is a extract of logs from both:
-- Log from SRW2048
1   2147483579   07-Oct-2008 16:12:24    Informational   %LINK-I-Up: ch1
2   2147483580   07-Oct-2008 16:12:24    Informational   %LINK-I-Up: Vlan 102
3   2147483581   07-Oct-2008 16:12:24    Informational   %LINK-I-Up: Vlan 101
4   2147483582   07-Oct-2008 16:12:24    Informational   %LINK-I-Up: Vlan 99
5   2147483583   07-Oct-2008 16:12:24    Informational   %LINK-I-Up: Vlan 5
6   2147483584   07-Oct-2008 16:12:24    Informational   %TRUNK-I-PORTADDED: Port g4 added to ch1
7   2147483585   07-Oct-2008 16:12:19    Informational   %LINK-I-Up: g4
## Plugged back into standard vlan1 access port ##
## Plugged into LACP enabled port on 3750 ##
## Unlugged from standard vlan1 access port ##
8   2147483586   07-Oct-2008 16:11:10    Warning   %LINK-W-Down: ch1
9   2147483587   07-Oct-2008 16:11:10    Warning   %LINK-W-Down: g4
10 2147483588   07-Oct-2008 16:11:10    Warning   %LINK-W-Down: Vlan 102
11 2147483589   07-Oct-2008 16:11:10    Warning   %LINK-W-Down: Vlan 101
12 2147483590   07-Oct-2008 16:11:10    Warning   %LINK-W-Down: Vlan 99
13 2147483591   07-Oct-2008 16:11:10    Warning   %LINK-W-Down: Vlan 5
14 2147483592   07-Oct-2008 16:11:10    Warning   %TRUNK-W-PORTREMOVED: Port g4 removed from ch1
-- Log from Catalyst 3750
mercury#terminal monitor
mercury#
Oct 7 15:10:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet   1/0/17, changed state to down
Oct 7 15:10:45: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/17, changed state    to down
Oct 7 15:11:54: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/17, changed state    to up
Oct 7 15:11:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet   1/0/17, changed state to up
mercury#

The linksys documentation is a little thin on the ground all over.
However, if i have got this correct the Admin key needs to be the same for all interfaces in the same LAG for one switch i.e not the same for both ends of the cable?
As for the priority, i assumed this was to do with how the switch dealt with with interfaces were to be active if there were more in the group than could be allowed - to allow for backup links. Is this correct?
Thanks for your reply.

Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis

We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.

Hi,
So you have N7k acting as L3 with servers connected to 4510?.
Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
This will help narrow down if issue is between server to 4510 or 4510 to N7k.
Thanks,
Nagendra

Mavericks VPN dropouts with native VPN client and Cisco IPSec

Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?

Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?

Communication problem between Cisco 3560 and Cisco SG300.

Dear Support,
I have a Cisco SG300 and Cisco 3560 switches.
3560 is my Core Switch and SG300 is access switch.
From 3560 VLAN information is not passed to SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Please suggest how this issue is resolve.
Regards,
JItesh Mahajan.

Dear Aleksandra,
Below Configuration is right or wrong for 3560 and SG300.
3560 Configuration:
interface GigabitEthernet0/23
switchport trunk encapsulation dot1q
switchport trunk allowed vlan remove VLAN 1
switchport native vlan 1
switchport trunk allowed vlan 1,2,10,11
switchport mode trunk
SG300 Configuration:
interface gigabitethernet49
spanning-tree link-type point-to-point
switchport mode general
switchport general allowed vlan add 2,10-11 tagged
macro description switch
Regards,
JItesh Mahajan.

Site-to-Site VPN between Cisco ASA 5505 (8.4) and Cisco Router (IOS 15.2)

Hi, I'm trying to create Site-to-Site VPN between Cisco ASA 5505 and Cisco Router 3945.
I've tried create configuration with and without ASA wizard, but anyway it doesn't work.
Please help me to find where is the issue.
I have two sites and would like to get access from 192.168.83.0 to 192.168.17.0
192.168.17.0 --- S1.S1.S1.S1 (IOS Router) ==================== S2.S2.S2.S2 (ASA 5505) --- 192.168.83.0
Here is my current configuration.
Thanks for your help.
IOS Configuration
version 15.2
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key cisco address 198.0.183.225
crypto isakmp invalid-spi-recovery
crypto ipsec transform-set AES-SET esp-aes esp-sha-hmac
mode transport
crypto map static-map 1 ipsec-isakmp
set peer S2.S2.S2.S2
set transform-set AES-SET
set pfs group2
match address 100
interface GigabitEthernet0/0
ip address S1.S1.S1.S1 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map static-map
interface GigabitEthernet0/1
ip address 192.168.17.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
access-list 100 permit ip 192.168.17.0 0.0.0.255 192.168.83.0 0.0.0.255
ASA Configuration
ASA Version 8.4(3)
interface Ethernet0/0
switchport access vlan 2
interface Vlan1
nameif inside
security-level 100
ip address 192.168.83.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address S2.S2.S2.S2 255.255.255.248
ftp mode passive
same-security-traffic permit intra-interface
object network inside-network
subnet 192.168.83.0 255.255.255.0
object network datacenter
host S1.S1.S1.S1
object network datacenter-network
subnet 192.168.17.0 255.255.255.0
object network NETWORK_OBJ_192.168.83.0_24
subnet 192.168.83.0 255.255.255.0
access-list outside_access_in extended permit icmp any any echo-reply
access-list outside_access_in extended deny ip any any log
access-list outside_cryptomap extended permit ip 192.168.83.0 255.255.255.0 object datacenter-network
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpn_pool 192.168.83.200-192.168.83.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source dynamic inside-network interface
nat (inside,outside) source static inside-network inside-network destination static inside-network inside-network no-proxy-arp route-lookup
nat (inside,outside) source static inside-network inside-network destination static datacenter-network datacenter-network no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_192.168.83.0_24 NETWORK_OBJ_192.168.83.0_24 destination static datacenter-network pdatacenter-network no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 DEFAULT_GATEWAY 1
crypto ipsec ikev1 transform-set vpn-transform-set esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set vpn-transform-set mode transport
crypto ipsec ikev1 transform-set L2L_SET esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set L2L_SET mode transport
crypto dynamic-map dyno 10 set ikev1 transform-set vpn-transform-set
crypto map vpn 1 match address outside_cryptomap
crypto map vpn 1 set pfs
crypto map vpn 1 set peer S1.S1.S1.S1
crypto map vpn 1 set ikev1 transform-set L2L_SET
crypto map vpn 20 ipsec-isakmp dynamic dyno
crypto map vpn interface outside
crypto isakmp nat-traversal 3600
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
group-policy GroupPolicy_S1.S1.S1.S1 internal
group-policy GroupPolicy_S1.S1.S1.S1 attributes
vpn-tunnel-protocol ikev1
group-policy remote_vpn_policy internal
group-policy remote_vpn_policy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec
username artem password 8xs7XK3To4s5WfTvtKAutA== nt-encrypted
username admin password rqiFSVJFung3fvFZ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool vpn_pool
default-group-policy remote_vpn_policy
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group S1.S1.S1.S1 type ipsec-l2l
tunnel-group S1.S1.S1.S1 general-attributes
default-group-policy GroupPolicy_S1.S1.S1.S1
tunnel-group S1.S1.S1.S1 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f55f10c19a0848edd2466d08744556eb
: end

Thanks for helping me again. I really appreciate.
I don't hve any NAT-exemptions in Cisco IOS Router. Transform-set I will change soon, but I've tried with tunnel mode and it didn't work.
Maybe NAT-exemptions is the issue. Can you advice me which exemptions should be in Cisco IOS Router?
Because on Cisco ASA I guess I have everything.
Here is show crypto session detail
router(config)#do show crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: GigabitEthernet0/0
Session status: DOWN
Peer: 198.0.183.225 port 500 fvrf: (none) ivrf: (none)
      Desc: (none)
      Phase1_id: (none)
IPSEC FLOW: permit ip 192.168.17.0/255.255.255.0 192.168.83.0/255.255.255.0
        Active SAs: 0, origin: crypto map
        Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
        Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
Should I see something in crypto isakmp sa?
pp-border#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
IPv6 Crypto ISAKMP SA
Thanks again for your help.

PO and down pmt made in last F.Y and now cancel PO w/out cancel the down p

Hello Guru's
Please help me for below scenario.
Our client was created Imported PO and down payment made in last F.Y and now some reasons they want to cancel the PO and create new domestic PO with same PR.
But down payment was cleared and accounts are audited they don't want to reversal the down payment.
How it is possible to cancel the PO without reversal of down payment.
and i reversed the DPR remain down payment is same and tried to cancel the PO line item but it is showing below error.
Diagnosis
You have attempted to delete or block an item that is not yet closed.
An item is regarded as closed if:
o no GR blocked stocks exist
o all down (advance) payments made to date have been taken into
account
o the quantity delivered is the same as the quantity invoiced
o all delivery costs have been taken into account
o the quantity delivered is the same as the quantity issued (only in
the case of stock transport orders).
Please provide me the posible solutions urgently.
Best Regards
Ranganadh

An item is regarded as closed if:
o no GR blocked stocks exist
o all down (advance) payments made to date have been taken into
account
o the quantity delivered is the same as the quantity invoiced
o all delivery costs have been taken into account
o the quantity delivered is the same as the quantity issued (only in
the case of stock transport orders).
Verify any of above reasons holds not true.Check p.o history.
Edited by: Jeyakanthan A on Jan 4, 2011 5:31 PM

Transfer VOIP Calls Between Cisco Desk Phone and Cisco Jabber For IPhone 9.5

Does anyone know how to transfer an active voip call from a Cisco IP Desk Phone to Cisco Jabber for IPhone? I can transfer a call from Cisco Jabber for IPhone to my Cisco IP Desk Phone no problem. I put the call on hold and then click "Resume" on my Cisco IP Desk Phone. However I cannot do the same but the other way around. If I put the call on hold on my Cisco IP Desk Phone, I see "no active call" on my Jabber client. The only information I could find slighlty relevant was using the Mobility Key/Remote Destination Profile feature however this defeats the object as this will forward to an external number, e.g. mobile and I just want to transfer the call within the VOIP environment between the two devices that are using the same directory number.
I am using Cisco Call Manager 9.1(2), Cisco Presence 9.1 and Cisco Jabber for IPhone 9.5.
Any help would be greatly appreciated.
Kind Regards,
Paul Parker.

Did you ever find an answer to this ?
I am seeing the same behavior and trying so see if I can put calls on hold and pick them up both ways also.
The only answer I seem to have found is to use park instead
That would/should work but I would just prefer to hold/unhold
Just not sure why we would not be able to hold/unhold on what is essentially a "shared" line
Does anyone have this working for them ?

Intel and Cisco LWAPP - Sucess at last

Similar Messages

Maybe you are looking for