IP sec VPN service module

Hi All,
we have a VPN service module that doesn't support AES 256 bits. is there a way to overcome this limitation by uploading a key? how can we do it if feasible?
thanks
Jean

if you require aes you need the newer VPN SPA.
http://www.cisco.com/en/US/prod/collateral/routers/ps368/product_data_sheet0900aecd8027c9ee_ps8768_Products_Data_Sheet.html
(assuming you have a 6500/7600...but you didn't state exactly what you have)

Similar Messages

  • VPN service module choice 7600-SSC-400 vs. SPA-IPSEC-2G

    Need to decide between the two VPN service module: 7600-SSC-400 and SPA-IPSEC-2G for a 6509 sup 720 3bxl. Not sure what is the difference and couldnt find too much info just searching the internet. What would be the benefits of one or another?

    Hello,
    You will need both. The 7600-SSC-400 is the carrier module of the SPA-IPSec-2G.
    There is more information on this via the following link:
    http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/6500series/76ovwvpn.html
    Warm Regards,
    Rose

  • VPN service module with EFM

    Dears,
            we are already user VPN module in our chassis 6500 where all communication lines are terminated.
    now we will using EFM line , but i am not sure how to cahnage configuration related to it.

    Hello,
    You will need both. The 7600-SSC-400 is the carrier module of the SPA-IPSec-2G.
    There is more information on this via the following link:
    http://www.cisco.com/en/US/docs/interfaces_modules/shared_port_adapters/configuration/6500series/76ovwvpn.html
    Warm Regards,
    Rose

  • Does ASA Service Module on 6509-E support Remote Access VPN ?

    I'm having a problem configuring Remote Access VPN (SSL, Anyconnect ect.) on ASA Service Module on 6509-E. Is this even supported  or am i wasting my time trying to make something work which will not work in a first place :) ? Site-to-Site works without any problems.
    Tech Info:
    6509-E running SUP 2T 15.1(2)SY
    ASA Module - WS-SVC-ASA-SM1 running image - asa912-smp-k8 & asdm-712
    Licenses on ASA:
    Encryption-DES - Enabled
    Encryption-3DES-AES  -Enabled
    Thanks in Advance for support.

    Are you running multiple context mode?
    If you are, remote access VPN is not supported in that case:
    "Note Multiple context mode only applies to IKEv2 and IKEv1 site to site and does not apply to AnyConnect, clientless SSL VPN, the legacy Cisco VPN client, the Apple native VPN client, the Microsoft native VPN client, or cTCP for IKEv1 IPsec."
    Reference.

  • Can log into Yosemite server (4.0) VPN service with a Mavericks client, but not Yosemite client

    Sever Info:
    Yosemite Server 4.0 running on a late 2009 Mac Mini with 8 GB RAM with vpnd service enabled
    The server was upgraded to Yosemite - not clean install - this may not matter (see below)
    Airport extreme router with standard VPN UDP ports for L2TP forwarded to server (500, 1701, 4500)
    Client info:
    MB Air 13" early 2014 with 8 GB RAM
    Yosemite
    Mavericks 10.9.5 running as a Parallels virtual machine (don't ask - I need it to run an app for work that is not yet compatible with Yosemite)
    OD service is NOT running - no VPN connections ever occurred from ANY client with this service running - OD is not needed in my case fortunately
    With the OD service off, I can connect via the Mavericks virtual machine just fine, but not with Yosemite. With Yosemite, the ppp connection appears to occur, but server config requests appear to fall on deaf ears (client side doesn't appear to respond) until the connection times out. Can't figure out what triggers the client response to a server config request. Client side complains about no route to host and IP addresses don't get assigned to the connection.
    The connection happens successfully in an eyeblink with the Mavericks client. Same username/password/shared secret in both instances.
    Tried a generated .vpnconfig from the server, this also did not work.
    It's possible that it is an auth problem, but can't figure out how the process occurs or what may be going wrong. There does not seem to be an obvious way to increase the granularity of the logging such that it might give other hints - at least that I can find. I found plenty of references to VPN issues when people upgraded from Mountain Lion to Mavericks as well as work arounds for this. I tried the most promising looking of those - no love. I reverted everything back to stock install since I could at least connect with Mavericks.
    If log entries would be helpful, they are included below. I've stared at them long enough - perhaps a new set of eyes can provide a hint.
    In addition, I can find no documentation regarding the VPN service in Yosemite server so as to get a clue as to whether there have been changes in racoon since Mavericks.
    Thanks in advance for any suggestions. I would be glad to supply any other info needed for an accurate diagnosis .
    Pat
    ==
    Regarding the Yosemite client connection in the Yosemite server VPN Service log:
    2014-10-21 12:18:30 MDT
    Incoming call... Address given to client = 192.168.1.228
    Tue Oct 21 12:18:30 2014 : Directory Services Authentication plugin initialized
    Tue Oct 21 12:18:30 2014 : Directory Services Authorization plugin initialized
    Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
    Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
    Tue Oct 21 12:18:30 2014 : publish_entry SCDSet() failed: Success!
    Tue Oct 21 12:18:30 2014 : L2TP incoming call in progress from 'my.dotted.quad.address'...
    Tue Oct 21 12:18:30 2014 : L2TP received SCCRQ
    Tue Oct 21 12:18:30 2014 : L2TP sent SCCRP
    Tue Oct 21 12:18:30 2014 : L2TP received SCCCN
    Tue Oct 21 12:18:30 2014 : L2TP received ICRQ
    Tue Oct 21 12:18:30 2014 : L2TP sent ICRP
    Tue Oct 21 12:18:30 2014 : L2TP received ICCN
    Tue Oct 21 12:18:30 2014 : L2TP connection established.
    Tue Oct 21 12:18:30 2014 : using link 0
    Tue Oct 21 12:18:30 2014 : Using interface ppp0
    Tue Oct 21 12:18:30 2014 : Connect: ppp0 <--> socket[34:18]
    Tue Oct 21 12:18:30 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
    Tue Oct 21 12:18:33 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
    Tue Oct 21 12:18:36 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
    Tue Oct 21 12:18:39 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
    Tue Oct 21 12:18:42 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
    Tue Oct 21 12:18:45 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
    Tue Oct 21 12:18:48 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
    Tue Oct 21 12:18:51 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
    Tue Oct 21 12:18:54 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
    Tue Oct 21 12:18:57 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x93542b1> <pcomp> <accomp>]
    Tue Oct 21 12:19:00 2014 : LCP: timeout sending Config-Requests
    Tue Oct 21 12:19:00 2014 : Connection terminated.
    Tue Oct 21 12:19:00 2014 : L2TP disconnecting...
    Tue Oct 21 12:19:00 2014 : L2TP sent CDN
    Tue Oct 21 12:19:00 2014 : L2TP sent StopCCN
    Tue Oct 21 12:19:00 2014 : L2TP disconnected
    2014-10-21 12:19:00 MDT
       --> Client with address = 192.168.1.228 has hungup
    ==
    Client side log for this connection using the Yosemite client:
    Tue Oct 21 14:32:08 2014 : publish_entry SCDSet() failed: Success!
    Tue Oct 21 14:32:08 2014 : publish_entry SCDSet() failed: Success!
    Tue Oct 21 14:32:08 2014 : L2TP connecting to server 'myserver.com' (my.dotted.quad.address)...
    Tue Oct 21 14:32:08 2014 : IPSec connection started
    Tue Oct 21 14:32:09 2014 : IPSec connection established
    Tue Oct 21 14:32:10 2014 : L2TP connection established.
    Tue Oct 21 14:32:10 2014 : L2TP set port-mapping for en0, interface: 4, protocol: 0, privatePort: 0
    Tue Oct 21 14:32:10 2014 : Using interface ppp0
    Tue Oct 21 14:32:10 2014 : Connect: ppp0 <--> socket[34:18]
    Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 3fe4b3e8, Public Port: 0, TTL: 0.
    Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
    Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 3fe4b3e8
    Tue Oct 21 14:32:10 2014 : L2TP port-mapping for en0 fully initialized. Flagging up
    Tue Oct 21 14:32:25 2014 : write: No route to host
    Tue Oct 21 14:32:25 2014 : write: Host is down
    Tue Oct 21 14:32:28 2014 : write: Host is down
    Tue Oct 21 14:32:28 2014 : write: Host is down
    Tue Oct 21 14:32:31 2014 : write: Host is down
    Tue Oct 21 14:32:31 2014 : write: Host is down
    Tue Oct 21 14:32:34 2014 : write: Host is down
    Tue Oct 21 14:32:34 2014 : write: Host is down
    Tue Oct 21 14:32:37 2014 : write: Host is down
    Tue Oct 21 14:32:37 2014 : write: Host is down
    Tue Oct 21 14:32:40 2014 : LCP: timeout sending Config-Requests
    Tue Oct 21 14:32:40 2014 : Connection terminated.
    Tue Oct 21 14:32:40 2014 : L2TP disconnecting...
    Tue Oct 21 14:32:40 2014 : L2TP error sending CDN (Host is down)
    Tue Oct 21 14:32:40 2014 : L2TP clearing port-mapping for en0
    Tue Oct 21 14:32:40 2014 : L2TP disconnected
    ==
    Pertinent client side log for connection of Mavericks client to Yosemite server:
    Tue Oct 21 13:29:13 2014 : Connect: ppp0 <--> socket[34:18]
    Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0, interfaceIndex: 0, Protocol: None, Private Port: 0, Public Address: 3fe4b3e8, Public Port: 0, TTL: 0.
    Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 inconsistent. is Connected: 1, Previous interface: 4, Current interface 0
    Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 initialized. is Connected: 1, Previous publicAddress: (0), Current publicAddress 3fe4b3e8
    Tue Oct 21 13:29:13 2014 : L2TP port-mapping for en0 fully initialized. Flagging up
    Tue Oct 21 13:29:21 2014 : local  IP address 192.168.1.229
    Tue Oct 21 13:29:21 2014 : remote IP address 192.168.1.2
    Tue Oct 21 13:29:21 2014 : primary   DNS address 192.168.1.2
    Tue Oct 21 13:29:21 2014 : secondary DNS address 8.8.8.8
    Tue Oct 21 13:29:21 2014 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 10.0.1.38), current interface setting (name: ppp0, family: PPP, address: 192.168.1.229, subnet: 255.255.255.0, destination: 192.168.1.2).
    Tue Oct 21 13:29:21 2014 : Committed PPP store
    Tue Oct 21 13:29:21 2014 : Committed PPP store
    Tue Oct 21 13:52:32 2014 : [DISCONNECT]
    Tue Oct 21 13:52:32 2014 : Hangup (SIGHUP)
    Tue Oct 21 13:52:32 2014 : Connection terminated.
    Tue Oct 21 13:52:32 2014 : Connect time 23.4 minutes.
    Tue Oct 21 13:52:32 2014 : Sent 2674664 bytes, received 10680854 bytes.
    Tue Oct 21 13:52:32 2014 : L2TP disconnecting...
    Tue Oct 21 13:52:32 2014 : L2TP clearing port-mapping for en0
    Tue Oct 21 13:52:32 2014 : L2TP disconnected
    ==
    Regarding the Mavericks client connection in the Yosemite server VPN Service log:
    2014-10-21 12:09:48 MDT Incoming call... Address given to client = 192.168.1.226
    Tue Oct 21 12:09:48 2014 : Directory Services Authentication plugin initialized
    Tue Oct 21 12:09:48 2014 : Directory Services Authorization plugin initialized
    Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
    Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
    Tue Oct 21 12:09:48 2014 : publish_entry SCDSet() failed: Success!
    Tue Oct 21 12:09:48 2014 : L2TP incoming call in progress from ‘my.dotted.quad.address’…
    Tue Oct 21 12:09:48 2014 : L2TP received SCCRQ
    Tue Oct 21 12:09:48 2014 : L2TP sent SCCRP
    Tue Oct 21 12:09:48 2014 : L2TP received SCCCN
    Tue Oct 21 12:09:48 2014 : L2TP received ICRQ
    Tue Oct 21 12:09:48 2014 : L2TP sent ICRP
    Tue Oct 21 12:09:49 2014 : L2TP received ICCN
    Tue Oct 21 12:09:49 2014 : L2TP connection established.
    Tue Oct 21 12:09:49 2014 : using link 0
    Tue Oct 21 12:09:49 2014 : Using interface ppp0
    Tue Oct 21 12:09:49 2014 : Connect: ppp0 <--> socket[34:18]
    Tue Oct 21 12:09:49 2014 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4bc40d9f> <pcomp> <accomp>]
    Tue Oct 21 12:09:49 2014 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x71598937> <pcomp> <accomp>]
    Tue Oct 21 12:09:49 2014 : lcp_reqci: returning CONFACK.
    Tue Oct 21 12:09:49 2014 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x71598937> <pcomp> <accomp>]
    Tue Oct 21 12:09:49 2014 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4bc40d9f> <pcomp> <accomp>]
    Tue Oct 21 12:09:49 2014 : sent [LCP EchoReq id=0x0 magic=0x4bc40d9f]
    Tue Oct 21 12:09:49 2014 : sent [CHAP Challenge id=0x73 <074a110a5e0620296b1937345c34090e>, name = “myserver.private”]
    Tue Oct 21 12:09:49 2014 : rcvd [LCP EchoReq id=0x0 magic=0x71598937]
    Tue Oct 21 12:09:49 2014 : sent [LCP EchoRep id=0x0 magic=0x4bc40d9f]
    Tue Oct 21 12:09:49 2014 : rcvd [LCP EchoRep id=0x0 magic=0x71598937]
    Tue Oct 21 12:09:49 2014 : rcvd [CHAP Response id=0x73 <dfed1e41e1fb8c1132387c3d7792b1880000000000000000b2b163259cbe410aae792093680ba7 a89da3b46737c0d8d200>, name = "somelocaluser"]
    Tue Oct 21 12:09:54 2014 : sent [CHAP Success id=0x73 "S=00EDB07933CE697641E2263A2A76386389512329 M=Access granted"]
    Tue Oct 21 12:09:54 2014 : CHAP peer authentication succeeded for somelocaluser
    Tue Oct 21 12:09:54 2014 : DSAccessControl plugin: User 'somelocaluser' authorized for access
    Tue Oct 21 12:09:54 2014 : sent [IPCP ConfReq id=0x1 <addr 192.168.1.2>]
    Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfReq id=0x1]
    Tue Oct 21 12:09:54 2014 : rcvd [CHAP Response id=0x73 <dfed1e41e1fb8c1132387c3d7792b1880000000000000000b2b163259cbe410aae792093680ba7 a89da3b46737c0d8d200>, name = "somelocaluser"]
    Tue Oct 21 12:09:54 2014 : sent [CHAP Success id=0x73 "S=00EDB07933CE697641E2263A2A76386389512329 M=Access granted"]
    Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns3 0.0.0.0>]
    Tue Oct 21 12:09:54 2014 : ipcp: returning Configure-NAK
    Tue Oct 21 12:09:54 2014 : sent [IPCP ConfNak id=0x1 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
    Tue Oct 21 12:09:54 2014 : rcvd [IPV6CP ConfReq id=0x1 <addr fe80::021c:42ff:febf:bf66>]
    Tue Oct 21 12:09:54 2014 : Unsupported protocol 0x8057 received
    Tue Oct 21 12:09:54 2014 : sent [LCP ProtRej id=0x2 80 57 01 01 00 0e 01 0a 02 1c 42 ff fe bf bf 66]
    Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfReq id=0x1 <route vers 16777216> <domain vers 16777216>]
    Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfRej id=0x1 <route vers 16777216>]
    Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfAck id=0x1 <addr 192.168.1.2>]
    Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfAck id=0x1]
    Tue Oct 21 12:09:54 2014 : rcvd [IPCP ConfReq id=0x2 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
    Tue Oct 21 12:09:54 2014 : ipcp: returning Configure-ACK
    Tue Oct 21 12:09:54 2014 : sent [IPCP ConfAck id=0x2 <addr 192.168.1.226> <ms-dns1 192.168.1.2> <ms-dns3 8.8.8.8>]
    Tue Oct 21 12:09:54 2014 : ipcp: up
    Tue Oct 21 12:09:54 2014 : found interface en0 for proxy arp
    Tue Oct 21 12:09:54 2014 : local  IP address 192.168.1.2
    Tue Oct 21 12:09:54 2014 : remote IP address 192.168.1.226
    Tue Oct 21 12:09:54 2014 : Received acsp/dhcp dictionaries
    Tue Oct 21 12:09:54 2014 : Received acsp/dhcp dictionaries
    Tue Oct 21 12:09:54 2014 : l2tp_wait_input: Address added. previous interface setting (name: en0, address: 192.168.1.2), current interface setting (name: ppp0, family: PPP, address: 192.168.1.2, subnet: 255.255.255.0, destination: 192.168.1.226).
    Tue Oct 21 12:09:54 2014 : rcvd [ACSCP ConfReq id=0x2 <domain vers 16777216>]
    Tue Oct 21 12:09:54 2014 : sent [ACSCP ConfAck id=0x2 <domain vers 16777216>]
    Tue Oct 21 12:09:54 2014 : Received protocol dictionaries
    Tue Oct 21 12:09:54 2014 : Committed PPP store
    Tue Oct 21 12:09:54 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
        <domain: name private>
        <domain: name local>]
    Tue Oct 21 12:09:54 2014 : rcvd [IP data <src addr 192.168.1.226> <dst addr 255.255.255.255> <BOOTP Request> <type INFORM> <client id 0x08000000010000> <parameters = 0x6 0x2c 0x2b 0x1 0xf9 0xf>]
    Tue Oct 21 12:09:54 2014 : sent [IP data <src addr 192.168.1.2> <dst addr 192.168.1.226> <BOOTP Reply> <type ACK> <server id 0xc0a80102> <domain name "local">]
    Tue Oct 21 12:09:57 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
        <domain: name private>
        <domain: name local>]
    Tue Oct 21 12:10:00 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
        <domain: name private>
        <domain: name local>]
    Tue Oct 21 12:10:03 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
        <domain: name private>
        <domain: name local>]
    Tue Oct 21 12:10:06 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
        <domain: name private>
        <domain: name local>]
    Tue Oct 21 12:10:09 2014 : sent [ACSP data <payload len 24, packet seq 0, CI_DOMAINS, flags: START END REQUIRE-ACK>
        <domain: name private>
        <domain: name local>]
    Tue Oct 21 12:10:09 2014 : rcvd [LCP TermReq id=0x2 "User request"]
    Tue Oct 21 12:10:09 2014 : LCP terminated by peer (User request)
    Tue Oct 21 12:10:09 2014 : ipcp: down
    Tue Oct 21 12:10:09 2014 : sent [LCP TermAck id=0x2]
    Tue Oct 21 12:10:09 2014 : l2tp_wait_input: Address deleted. previous interface setting (name: en0, address: 192.168.1.2), deleted interface setting (name: ppp0, family: PPP, address: 192.168.1.2, subnet: 255.255.255.0, destination: 192.168.1.226).
    Tue Oct 21 12:10:09 2014 : L2TP received CDN
    Tue Oct 21 12:10:09 2014 : Connection terminated.
    Tue Oct 21 12:10:09 2014 : Connect time 0.4 minutes.
    Tue Oct 21 12:10:09 2014 : Sent 1003 bytes, received 646 bytes.
    Tue Oct 21 12:10:09 2014 : L2TP disconnecting...
    Tue Oct 21 12:10:09 2014 : L2TP disconnected
    2014-10-21 12:10:09 MDT   --> Client with address = 192.168.1.226 has hungup

    1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
    Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
    2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
    There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
    3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
    You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
    In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
    You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
    Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
    4. Here's a summary of what you need to do, if you choose to proceed:
    ☞ Copy a line of text in this window to the Clipboard.
    ☞ Paste into the window of another application.
    ☞ Wait for the test to run. It usually takes a few minutes.
    ☞ Paste the results, which will have been copied automatically, back into a reply on this page.
    The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
    5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
    6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
    7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
    Triple-click anywhere in the line of text below on this page to select it:
    PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n   ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */   /;' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test osascript\ -e );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|corru|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:|suhel| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '/S*/*/Ca*/*xpc* >&- ||echo No' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,Ex}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,In{p,ter},iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents XPC\ cache Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "${s[63]}"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 20 32 25;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
    Copy the selected text to the Clipboard by pressing the key combination command-C.
    8. Launch the built-in Terminal application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
    Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
    9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
    exec bash
    and press return. Then paste the script again.
    10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return  three times at the password prompt. Again, the script will still run.
    If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
    11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
    [Process completed]
    to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
    12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
    At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
    If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
    13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
    14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
    Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

  • Question on how does load balancing work on Firewall Services Module (FWSM)

    Hi everyone,
    I have a question about the algorithm of load balancing on Firewall Services Module (FWSM).
    I understand that the FWSM supports up to three equal cost routes on the same interface for load balancing.
    Please see a lower simple figure.
    outside inside
    --- L3 SW --+
    |
    MHSRP +--- FWSM ----
    |
    --- L3 SW --+
    I am going to configure the following default routes on FWSM point to each MHSRP VIP (192.168.13.29 and 192.168.13.30) for load balancing.
    route outside_1 0.0.0.0 0.0.0.0 192.168.13.29 1
    route outside_1 0.0.0.0 0.0.0.0 192.168.13.30 1      
    However I don't know how load balancing work on FWSM.
    On FWSM, load balancing work based on
    Per-Destination ?
    Per-Source ?
    Per-Packet ?
    or
    Other criteria ?
    Your information would be greatly appreciated.
    Best Regards,

    Configuring "tunnel default gateway' on the concentrator allowed traffic to flow as desired through the FWSM.
    FWSM is not capable of performing policy based routing, the additional static routes for the VPN load balancing caused half of the packets to be lost. As a result, it appears that the VPN concentrators will not be able to load balance.

  • Service Module is trying to recover from error - Please help

    HI Guys
    I am currently installing a NM-AIR -WLC 6  wireless module in a 2811 and its giving me the follwing errors below and status
    I have checked the troubleshooting pdf and says might be possible hardware error ,but before i go down that road would like to know if any of the engineers have solved this problem
    Info about router and module is as follows
    Router#service-module wlan-controller 1/0 status
    Service Module is Cisco wlan-controller1/0
    Service Module supports session via TTY line 66
    Service Module is trying to recover from error
    Service Module status is not available
    Router#
    Trying to reset Service Module wlan-controller1/0
    *Mar 28 21:49:06.379: %LINEPROTO-5-UPDOWN: Line protocol on Interface wlan-controller1/0, changed state to down
    *Mar 28 21:49:26.379: %LINEPROTO-5-UPDOWN: Line protocol on Interface wlan-controller1/0, changed state to up
    Router#
    Router#service-module wlan-controller 1/0 status
    Service Module is Cisco wlan-controller1/0
    Service Module supports session via TTY line 66
    Service Module is trying to recover from reset/shutdown
    Service Module status is not available
    sh version
    Router#sh ver  
    Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(15)T17, RELEASE SOFTWARE (fc2)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2012 by Cisco Systems, Inc.
    Compiled Tue 24-Jan-12 07:41 by prod_rel_team
    ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)
    Router uptime is 28 minutes
    System returned to ROM by power-on
    System image file is "flash:c2800nm-advipservicesk9-mz.124-15.T17.bin"
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    Cisco 2811 (revision 53.51) with 249856K/12288K bytes of memory.
    Processor board ID FCZ0932701R
    2 FastEthernet interfaces
    1 Serial(sync/async) interface
    1 terminal line
    1 Virtual Private Network (VPN) Module
    1 cisco Wireless LAN Controller(s)
    DRAM configuration is 64 bits wide with parity enabled.
    239K bytes of non-volatile configuration memory.
    62720K bytes of ATA CompactFlash (Read/Write)
    Configuration register is 0x2102
    Router#

    HI Guys
    And it gets worse I am now getting the following error
    Router#service-module wlan-controller 1/0 status
    Service Module is Cisco wlan-controller1/0
    Service Module supports session via TTY line 66
    Service Module is failed
    Service Module status is not available
    regards Thags Govender

  • Cisco ASA 5505 Remote Access IP/Sec VPN Connectivity Issues

    We have a Cisco ASA that we use just for Remote Access VPN. It uses UDP and was working fine for about 2 months. Recently clients have had intermittent issues when connecting from home. The following message is display by the Cisco VPN Client :
    "Secure VPN connection terminated locally by the Client. Reason 412: The remote peer is no longer responding"
    Upon looking at a client side packet capture, I notice that no response is being given back to the client for the udp packets sent to the ASA on udp 500. If I login to the ASA from the LAN and send a single ping FROM the ASA, then the client can connect without issue. I don't understand the significance of the needed outbound ping since ping is not used by the client to test if the ASA is alive.
    Once again this is a remote access udp ip/sec VPN. I set most of it up with the VPN wizard and then backed up the config. The issue started happening at least a month after setup (maybe two) and I restored to the saved config just in-case, but the issue remains.
    Any insight would be greatly appreciated.
    I'm using IOS 831 and have tried 821 and 823 as one thread that I found recommended downgraded to 821.
    Thanks much,
    Justin

    Javier,
    I logged into the ASA last time the VPN went down. I issued the following commands:
    debug crypto isakmp 190
    debug crypto ipsec 190
    capture outside-cap interface outside match udp any any
    I then used a remote access tool to access the client and tried to connect. I got absolutely nothing from debugging. So I issued the following command:
    show capture outside | include 500
    and also got nothing. So I issued the following command:
    ping 4.2.2.2
    Upon which my normal deug messaged began to showup, so I issued the show capture outside command again and recieved the expected output below:
       1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 868
       2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 444
       3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 172
       4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
       5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
       6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
       7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 60
       8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 204
       9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
      10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 252
      11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 868
      12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 444
      13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 172
      14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
      15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
      16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
      17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
      18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 204
      19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 252
      20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 1036
      21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
      22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 188
      23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
      34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
      35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
      70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 100
    174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 500
    377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000:  udp 100    1: 15:44:18.570160 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 868
       2: 15:44:18.579269 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 444
       3: 15:44:18.703866 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 172
       4: 15:44:18.706567 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
       5: 15:44:18.831499 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
       6: 15:44:19.024061 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 76
       7: 15:44:19.111963 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 60
       8: 15:44:19.517185 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 204
       9: 15:44:19.521350 802.1Q vlan#2 P0 REMOTE_IP.1151 > OFFICE_IP.500:  udp 92
      10: 15:44:19.522723 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1151:  udp 252
      11: 15:44:42.121957 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 868
      12: 15:44:42.130822 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 444
      13: 15:44:42.228397 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 172
      14: 15:44:42.231036 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
      15: 15:44:42.329557 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
      16: 15:44:42.521091 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 76
      17: 15:44:42.610167 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
      18: 15:44:42.649258 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 204
      19: 15:44:42.653790 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 252
      20: 15:44:42.789342 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 1036
      21: 15:44:42.792119 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
      22: 15:44:42.800846 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 188
      23: 15:44:42.892120 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 60
      34: 15:44:54.446220 802.1Q vlan#2 P0 REMOTE_IP.1155 > OFFICE_IP.500:  udp 92
      35: 15:44:54.447913 802.1Q vlan#2 P0 OFFICE_IP.500 > REMOTE_IP.1155:  udp 92
      70: 15:45:01.825000 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 100
    174: 15:45:03.417764 802.1Q vlan#2 P0 OFFICE_IP.10000 > REMOTE_IP.10000:  udp 500
    377: 15:45:07.881500 802.1Q vlan#2 P0 REMOTE_IP.10000 > OFFICE_IP.10000:  udp 100
    It would seem as if no traffic reached the ASA until some outbound traffic to an arbitrary public IP. In this case I sent an echo request to a public DNS server. It seems almost like a state-table issue although I don't know how ICMP ties in.
    Once again, any insight would be greatly appreciated.
    Thanks,
    Justin

  • XML Publisher with Service Module - Service Request Reports -- URGENT

    Hi all ... any pointers/help/guidance with the problem listed below would be much appreciated.
    I'm working in the context of the Oracle Service Module & Service Request Reports.
    I'm required to configure the XML Publisher Responsibility seeded functionality with the service module reports.
    Listed below are the two reporting requirements that I'm considering , corresponding to the following seeded XMLP Responsibility seeded components:
    (I'm quoting an extract from the Oracle TeleService Implementation & User Guide here).
    Detailed Report
    Data Definition: Service Request Detail Definition (CS_SR_DETAIL_DEF)
    Corresponding Template: Service Request Detail Report Template (CS_SR_DETAIL_TMP.en)
    Template Description: Includes all of the available service request attributes including charges, the two descriptive flexfields, and extensible attributes.
    Summary Report
    Data Definition: Service Request Summary Definition (CS_SR_SUMMARY_DEF)
    Corresponding Template: Service Request Summary Report Template (CS_SR_SUMMARY_TMP_en)
    Template Description: Includes a subset of the detailed report attributes including the same charges information as the detailed report.
    When I log into the EBS >> XML Publisher Administrator Responsibility >> Service Application ... I find these seeded XMLP components, together with the preview data, downloadable templates & sample output.
    The question is:
    Where (responsibility/application/navigation/etc.) do I find the seeded EBS Service Reports to provide the expected XML input to the seeded XMLP Service Request Data Definitions & Templates????
    Notes ...
    I have found the following two reports, under the Service Application in EBS, set their output type to XML and viewed the output of the submitted request:
    - Service Request Detail Report
    - Service Request Summary Report
    ... but each of these two reports produce XML output of a different data model/structure to that expected by each of the corresponding seeded XMLP data-definitions/templates.
    Additionally, I cannot find any corresponding concurrent program definitions on the system with the same SHORT-NAME/CODE as the seeded XMLP data definitions themselves i.e. CS_SR_DETAIL_DEF and CS_SR_SUMMARY_DEF.
    Are the necessary reports not actually seeded within EBS? Do the seeded XMLP data definitions & templates require development of new Concurrent Programs from scratch to access the database tables and provide the necessary data/input, or am I missing something here??

    I am sure you found a solution to your problem. If not, to give a pointer to this issue, I guess these reports are gererated right from the service request screen and this definition is used there.This report can be generated from several places based on where you are within SR scree.
    Thanks
    Nagamohan

  • How can I configure Lion server to accept inbound VPN (L2TP) connections while connected as client to another vpn service?

    I have what I believe to be a unique need;
    I have a MacPro (1,1) running Lion with Server app.
    I require that this particular machine be connected as a client to a VPN server, while at the same time acting as a VPN server for my network.
    The PPTP connection configuration is such that "Send all traffic over VPN connection" is checked.
    If PPTP client is NOT connected, I can connect to Lion as VPN server. As soon as I make the connection from Lion as a client, I can no longer
    connect to Lion VPN server.
    I understand this is because I am forcing all traffic out the virtual interface (tun0) and eth0 is no longer listening on the local network.
    1. Is it possible to bind the VPN client (on Lion Server) to a particular interface? If I could tell the PPTP client to only use eth1 as the interface of choice, my assumption would be that eth0 would then be free to accept incoming connections.
    2. Is it possible to bind the VPN service  (on Lion Server) to a particular interface? if I could tell the vpn serviec to only listen on eth1, and in turn tell the PPTP client to NOT communicate on eth1 but only eth0 then perhaps I could separate the communications?
    In my head, it seems as though both of the above options would be required in order to use Lion as both a VPN server and VPN client
    Any and all help appreciated.

    This is a standard facet of most VPNs - the problem lies in your NAT router since both clients appear to come from the same IP address as far as the VPN server is concerned, and the router can't separate out the traffic.
    There are a couple of solutions.
    First, the built-in VPN server supports L2TP and PPTP protocols. You should be able to connect one system under each protocol, so that gets your two machines connected.
    Second, you can replace your NAT router with one that supports multiple VPN clients (often termed 'VPN passthrough').
    Third, setup a site-to-site tunnel so that your entire LAN is connected to the VPN (this saves you from having to run a separate VPN client on each machine, but is typically only worth it when you have more machines).

  • Lion 10.7.2 VPN service not working

    Hi,
    I have a clean installation of 10.7.2 on a Mac Pro which is not able to provide VPN service.  Here's what is configured:
    *OD Master - users and groups in place
    *firewall active with allow rules for all necessary VPN ports (500, 1701, 4500)
    *port forwarding on router to server IP address of 500, 1701 and 4500
    *pre-shared key in place
    *VPN server turned on
    I spent over an hour on the phone with Apple Enterprise Support and they finally conceded "the engineers have informed us that there is a bug with the VPN service and that it is being looked at currently. It will hopefully be addressed in the pending OS update." 
    Steps to reproduce:
    1. client is configured with approprate IP address, username, password and PSK
    2. client attempts to connect
    3. server's VPN log which should be in /var/log/ppp/vpnd.log is not populating with any new data, but the top-level "all messages" in console is showing a slew of information.  Here is what is displaying:
    12/4/11 8:42:41.340 PM          racoon          Connecting.
    12/4/11 8:42:41.340 PM          racoon          IPSec Phase1 started (Initiated by peer).
    12/4/11 8:42:41.340 PM          racoon          IKE Packet: receive success. (Responder, Main-Mode message 1).
    12/4/11 8:42:41.341 PM          racoon          IKE Packet: transmit success. (Responder, Main-Mode message 2).
    12/4/11 8:42:41.400 PM          racoon          IKE Packet: receive success. (Responder, Main-Mode message 3).
    12/4/11 8:42:41.423 PM          racoon          IKE Packet: transmit success. (Responder, Main-Mode message 4).
    12/4/11 8:42:44.297 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
    12/4/11 8:42:47.300 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
    12/4/11 8:42:50.303 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
    12/4/11 8:43:02.316 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
    12/4/11 8:43:17.332 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
    12/4/11 8:43:35.350 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
    12/4/11 8:43:56.373 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
    12/4/11 8:44:20.399 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
    12/4/11 8:44:47.428 PM          racoon          IKE Packet: transmit success. (Phase1 Retransmit).
    All that is displaying in the /var/log/ppp/vpnd.log is:
    2011-12-04 19:39:29 EST          Loading plugin /System/Library/Extensions/L2TP.ppp
    2011-12-04 19:39:29 EST          Listening for connections...
    2011-12-04 19:49:36 EST          terminating on signal 15
    #End-Date: 2011-12-04 19:49:36 EST
    #Start-Date: 2011-12-04 19:49:38 EST
    #Fields: date time s-comment
    2011-12-04 19:49:38 EST          Loading plugin /System/Library/Extensions/L2TP.ppp
    2011-12-04 19:49:38 EST          Listening for connections...
    2011-12-04 20:04:13 EST          terminating on signal 15
    #End-Date: 2011-12-04 20:04:13 EST
    #Start-Date: 2011-12-04 20:04:30 EST
    #Fields: date time s-comment
    2011-12-04 20:04:30 EST          Loading plugin /System/Library/Extensions/L2TP.ppp
    2011-12-04 20:04:30 EST          Listening for connections...
    I am hoping that this comes down to a bad port forwarding issue.  Does anything seen in the above logs indicate that to you?
    What would my next step be for trying to repair the VPN service?  I want to avoid a reinstall if possible.
    Thanks
    Pete

    Ok, so, the best FIRST test is to try from the local lan, same lan as the Lion server. L2TP works fine for me, PPTP definitely has a bug. You can configure the VPN connection in your network system preferences on the client machine. Just put in your local server IP.
    The idea here is to first make sure VPN works on the LAN (which is useless of course but great for troubleshooting), once it does, THEN you can go to the next step and troubleshoot the remote connection.

  • How can I configure Home Sharing to work through a consumer VPN service?

    I recently purchased a year subscription to a VPN service know as Private Intenet Access (PIA). With this VPN executable program connected to it's servers, my data is "filtered" through it behind the router. The router IS NOT configure with the vpn so I can controll which devices use the VPN. Addiotionally, if I want I can configure the VPN as a proxy instead of just running the program ( i would use the proxy for mobile devices).
    My question is this: Is there an efficient way to configure iTunes and/or Apple TV3 in order to be able to use PIA while home sharing. I notice, often times that home sharing on the Apple TV will not read the Windows maching that has home sharing enabled through iTunes. But other machines work fine. Sometimes, depending on the "order" of the networks I connect to home sharing will work from the particular machine.
    for example:
    I can connect to the internet if I connect to my wifi and then enable the VPN (PIA) but cannot home share. However, if I connect to PIA then connect to the Wifi, it will work witout an issue.
    The real issue is that when the Apple TV and pr PC go to sleep these connecting can wake up connecting in a different order.
    I can only think to perhaps manually enter in the proxy info supplied by PIA to Apple TV. But there are not real instructions on how to do so.
    I know this question is broad and scattered, but I am hoping that someone out there has had or having the same issue with some kind of resolution.
    I've chatted online with PIA reps and they aren't entirely Apple savy. So here I am.
    Any help in the right direction is greatly appreciated!!
    -Cheers

    check out these links:
    Troubleshooting security software issues
    Troubleshooting Home Sharing
    and, last but not least, see this discussion concerning bonjour being the culprit.

  • How to configure link between 2921 and SM-D-ES3G-48-P EtherSwitch Service Module

    hi,
    I can't do that like the procedure given by Cisco.
    http://www.cisco.com/en/US/partner/docs/routers/access/interfaces/software/feature/guide/eesm_sw.html#wp1942894
    Cisco Procedure :
    interface gi10/0
    ip address x.x.x.x x.x.x.x
    service-module gigabitethernet 1/0 session
    My result :
    R2921-8CPITR-1(config)#int gi 1/1
    R2921-8CPITR-1(config-if)#ip address 2.2.2.2 255.255.255.192
    % IP addresses may not be configured on L2 links.
    R2921-8CPITR-1(config-if)
    R2921-8CPITR-1(config)#interface gigabitEthernet 1/1.1 ?
    % Unrecognized command
    R2921-8CPITR-1(config)#interface gigabitEthernet 1/1 ?
      <cr>
    R2921-8CPITR-1(config)#
    the session is not possible also ?
    R2921-8CPITR-1#service-module gigabitEthernet 1/1 sess
                                                      ^
    % Invalid input detected at '^' marker.
    R2921-8CPITR-1#
    The routeur said that it's not a L3 port, so how to configure it to allow communication between the 2921 and the card ?
    Is there a bug with that version I'm in 15.1(4)M4 ????
    R2921-8CPITR-1#sh ver
    Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2012 by Cisco Systems, Inc.
    Compiled Tue 20-Mar-12 18:57 by prod_rel_team
    ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
    R2921-8CPITR-1 uptime is 19 hours, 21 minutes
    System returned to ROM by power-on
    System restarted at 16:00:45 GAB Fri Sep 14 2012
    System image file is "flash0:c2900-universalk9-mz.SPA.151-4.M4.bin"
    Last reload type: Normal Reload
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    Cisco CISCO2921/K9 (revision 1.0) with 479232K/45056K bytes of memory.
    Processor board ID FGL1618119E
    6 Gigabit Ethernet interfaces
    2 terminal lines
    DRAM configuration is 64 bits wide with parity enabled.
    255K bytes of non-volatile configuration memory.
    250880K bytes of ATA System CompactFlash 0 (Read/Write)
    License Info:
    License UDI:
    Device#   PID                   SN
    *0        CISCO2921/K9          FGL1618119E
    Technology Package License Information for Module:'c2900'
    Technology    Technology-package           Technology-package
                  Current       Type           Next reboot
    ipbase        ipbasek9      Permanent      ipbasek9
    security      None          None           None
    uc            None          None           None
    data          None          None           None
    Configuration register is 0x2102
    R2921-8CPITR-1#

    Same issue here.
    I just waited a few minutes and the interface went down and back up, this time it was a L3 interface.
    My guess is that it was booting the switch module IOS, and it detected it until it was fully booted:
    Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
    Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down
    Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to down
    Apr 11 05:26:52.091: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
    Apr 11 05:26:52.795: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
    Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
    Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down
    Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to down
    Apr 11 05:26:53.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
    Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface Embedded-Service-Engine0/0, changed state to administratively down
    Apr 11 05:27:46.895: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
    Apr 11 05:27:46.947: %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
    Apr 11 05:27:47.031: %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
    Apr 11 05:27:47.083: %LINK-5-CHANGED: Interface GigabitEthernet1/0, changed state to administratively down
    Apr 11 05:27:47.895: %LINEPROTO-5-UPDOWN: Line protocol on Interface Embedded-Service-Engine0/0, changed state to down
    Apr 11 05:27:48.083: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to down
    Apr 11 05:27:49.283: %IP-5-WEBINST_KILL: Terminating DNS process
    Apr 11 05:27:52.499: %LINK-3-UPDOWN: Interface GigabitEthernet1/1, changed state to up
    Apr 11 05:27:53.087: %SYS-5-RESTART: System restarted --
    Cisco IOS Software, C2951 Software (C2951-UNIVERSALK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2012 by Cisco Systems, Inc.
    Compiled Tue 04-Sep-12 16:50 by prod_rel_team
    Apr 11 05:27:53.255: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
    Apr 11 05:27:53.499: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up
    Apr 11 05:28:21.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
    Apr 11 05:29:22.091: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down
    Apr 11 05:29:22.095: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
    Router>en
    Router#sh ip int brief
    Interface                  IP-Address      OK? Method Status                Protocol
    Embedded-Service-Engine0/0 unassigned      YES unset  administratively down down
    GigabitEthernet0/0         unassigned      YES unset  administratively down down
    GigabitEthernet0/1         unassigned      YES unset  administratively down down
    GigabitEthernet0/2         unassigned      YES unset  administratively down down
    GigabitEthernet1/0         unassigned      YES unset  administratively down down
    GigabitEthernet1/1         unassigned      YES unset  up                    down
    Vlan1                      unassigned      YES unset  down                  down
    Router#
    Apr 11 05:29:46.106: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to upconf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    Router(config)#int g1/0
    Router(config-if)#ip add 1.1.1.1 255.255.255.0
    Router(config-if)#no shut
    Router(config-if)#
    Apr 11 05:30:09.046: %LINK-3-UPDOWN: Interface GigabitEthernet1/0, changed state to up
    Apr 11 05:30:10.046: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up
    Router(config-if)#end

  • Lion Server 10.7.4 VPN service not using my Active Directory domain for authentication

    I have Lion Server 10.7.4 setup on a Mac Mini and I have enabled the VPN service for both L2TP and PPTP. The Mac Mini is joined to my Windows Domain at a functional level of Server 2008 R2. I have set the authentication paths to point to my domain in Directory Utility.
    What I would like to have happen is for my laptop to be able to VPN into my office network remotely using domain credentials and not local account credentials on the Mac Mini itself. This is a process I have done numerous times on Windows boxes, but for some reason the only way I can get the VPN to work on this instance of Lion Server 10.7.4 is by authenticating using local accounts only.
    Does Lion Server 10.7.4 only authenticate VPN users based on it's local account schema? Or can it truly authenticate against an active directory domain?
    Any suggestions or help is greatly appreciated. Thanks,

    Hi g-pirtle,
    Yes, I had already done that a few days ago. I was able to add the desired AD group to the allowed users/groups for the VPN service. Thats exactly what is so weird about this...it allows me to search for and add an AD user or group to the list of allowed users/groups, but then when I actually try to use a domain account to authenticate to the VPN is just gives me the "cannot authenticate" error. Very strange.
    I wondered if for some reason Apple is only allowing local accounts to be authenticated against. Sounds crazy, but I cannot for the life of me get this to work. I also wondered if Kerberizing the server would help, but when I go to join a Kerberos realm in Open Directory inside of Server Admin, it just has no realm listed in the drop down menu.
    Other than that, all other aspects of the Mac Mini being joined to the AD domain seems to be good. I'm really stumped here...
    Thanks again,

  • Lion Server VPN Service/Class C IPs/Bonjour

    In order to deploy Lion Server's VPN service, you obviously are required to enter an IP range to assign. We are running a standard class C network here, with systems running on 192.168.1.x. The problem is that if a user is accessing the VPN from a remote location that also uses the same IP scheme, then they won't be able to connect. Is there a simple way to deal with this? Is the only way to fix the problem to re-assign every IP address on our network a more unique address scheme? We have a large network and that would be unwieldy.
    Also, will it be possible to use Bonjour over the VPN? We want to be able to share network resources as if the user was physically connected to our LAN.
    Thanks in advance for your answers!

    Linc Davis wrote:
    Also, will it be possible to use Bonjour over the VPN?
    Bonjour doesn't work over a routed connection. You would need to use something like this:
    Slinkware
    Thanks for this link Linc. From descriptions and reviews it sounds like exactly what I was looking for to propagate Bonjour service discovery to a remote Mac. Being a little naive I had set up an OS X Server VPN expecting Bonjour to "just work" once a remote Mac connected!
    In particular the Slinkware web site has a detailed description on how to set up certificate authentication which improves security (geeky but very well detailed).

Maybe you are looking for

  • To set up a new phone

    Can I set up a new iphone and not restore from the iCloud and have the savegame on it with it but dont have all the things on it! For ex i want to set up my new iphone without iCloud because my ipod touch is jailbroken an wont do have the jailbroken

  • Help with file sharing

    I am unable to find the "apps" selection under device in itunes (windows) now and thus no longer have access to file sharing . I do have an app on my ipod touch 5 that requires file sharing to copy files from/to. That app is "my disk". I presume that

  • MIR7  changing posting date to system date when period is closed

    Dear Experts, For FI park document, there is a setting in customising to set the posting date to system date during posting when the posting period in FI is closed. Is there a way to do  this in LIV for MIR7 to set posting date to system date when th

  • HT4641 Since the ISO update I can not open any x.docx or x.xlsx or zipx

    I used to the pages, quick office and textilus for documents. For Xls I have used  calc free xls, numbers and quickoffice. For the zip file I have used the izip pro. Now none of the new office format (docx,xlsx) or zipx would open.

  • Is anyone else having issues with icloud passwords?

    Three times in the past week I have has to reset my password, without any idea of why.  I use Outlook for mail on my mackbook pro & am now being told that the password I am entering is once again incorrect, although it is still working on my iPhone