Jabber Mobile Remote Access - No Audio

Hi,
I have a Jabber MRA setup with windows jabber client version 9.7.4. Internally everything works perfectly, while externally users can login but only chatting is working no audio is being passed to both parties.
The setup consist of the following:
CUCM Version: 9.1.2.12900-11
IM & Presence Version: 9.1.1.41900-1
EXP-C&E version: 8.1.1
EXP-E is installed on a single leg with a natted IP.
I've noticed that the media isn't being routed from the call details on EXP-C & E.
Attached media error.
Any ideas,thanks for the help.

Hello All,
thanks for your all support.
as i am using single NIC in EXPE. if i go with dual nic, do i need NAT on firewall or it will work without NAT for jabber from outside?
i also want to know how can connect EXPE in dual NIC mode?
do i need to connect physically 2 inetrface to ASA as 1 to internal and 2 to external firewall?
currently i have configured UCS server 2nd physical port in DMZ vlan and connected it. if we use for dual nic how it will configure and work?
do i need to apply ip and NAT on LAN2 interface of EXPE for enable dual nic configuration?

Similar Messages

Ask the Expert: Plan, Design, and Implement Mobile Remote Access, the Cisco Collaboration Edge Architecture

Welcome to the Cisco® Support Community Ask the Expert conversation. This is an opportunity to learn and ask questions about planning, designing, and implementing mobile remote access (Cisco Collaboration Edge Architecture) with Cisco subject matter experts Aashish Jolly and Abhijit Anand.
Cisco Collaboration Edge Architecture is an architecture that provides VPN-less access of Cisco Unified Communications resources to Cisco Jabber® users. This discussion is dedicated to addressing questions about design best practices while implementing mobile remote access.
For more information, refer to the Unified Communications Mobile and Remote Access via Cisco VCS deployment guide.
Aashish Jolly is a network consulting engineer who is currently serving as the Cisco Unified Communications consultant for the ExxonMobil Global account. Earlier at Cisco, he was part of the Cisco Technical Assistance Center (TAC), where he helped Cisco partners with installation, configuring, and troubleshooting Cisco Unified Communications products such as Cisco Unified Communications Manager and Manager Express, Cisco Unity® solutions, Cisco Unified Border Element, voice gateways and gatekeepers, and more. He has been associated with Cisco Unified Communications for more than seven years. He holds a bachelor of technology degree as well as Cisco CCIE® Voice (#18500), CCNP® Voice, and CCNA® certifications and VMware VCP5 and Red Hat RHCE certifications.
Abhijit Singh Anand is a network consulting engineer with the Cisco Advanced Services field delivery team in New Delhi. His current role involves designing, implementing, and optimizing large-scale collaboration solutions for enterprise and defense customers. He has also been an engineer at the Cisco TAC. Having worked on multiple technologies including wireless and LAN switching, he has been associated with Cisco Unified Communications technologies since 2006. He holds a master’s degree in computer applications and multiple certifications, including CCIE Voice (#19590), RHCE, and CWSP and CWNP.
Remember to use the rating system to let Aashish and Abhijit know if you have received an adequate response.
Because of the volume expected during this event, our experts might not be able to answer every question. Remember that you can continue the conversation on the Cisco Support Community Collaboration, Voice and Video page, in the Jabber Clients subcommunity, shortly after the event. This event lasts through June 20, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

Hi Marcelo,
Yes, there are some requirements for certificates in Expressway.
Expressway Core (Exp-C)
- Can be signed by either External or Internal CA
- Better to use a cluster name even if you start with 1 peer in Exp-C cluster. In the future, if more peers are added, changes would be minimal.
- Better to use FQDN of cluster as CN of certificate, this way the traversal zone configuration on Expressway-E won't require any change even if new peers are added to Exp-C cluster.
- If CUCM is mixed mode, include security profile names (in FQDN format) as Subject Alternate Names
- The Chat Node Aliases that are configured on the IM and Presence servers. They will be required only for Unified Communications XMPP federation deployments that intend to use both TLS and group chat. (Note that Unified Communications XMPP federation will be supported in a future Expressway release). The Expressway-C automatically includes the chat node aliases in the CSR, providing it has discovered a set of IM&P servers.
- For TLS b/w CUCM, IM-P & Exp-C
+ If using self-signed certificates on CUCM, IM/P. Load Cisco Tomcat, cup, cup-xmpp certificates from IM-P on Exp-C. Load callmanager, Cisco Tomcat certificates from CUCM on Exp-C.
+ If using Internal CA signed certificates on CUCM, IM/P. Load Root CA certificates on Exp-C.
+ Load CA certificate under tomcat-trust, cup-trust, cup-xmpp-trust on IM-P.
+ Load CA certificate under tomcat-trust, callmanager-trust on CUCM.
Expressway Edge (Exp-E)
- Signed by External CA
- Configured Unified Communications domain as Subject Alternate Name
- If using a cluster, select FQDN of this peer as CN and FQDN of Cluster + this peer as Subject Alternate Name.
- If XMPP federation is being deployed, enter the same Chat Node Aliases as entered in Exp-C.
For more details, please refer to the Certificate Creation Guide for Cisco Expressway x8.1.1
http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/expressway/config_guide/X8-1/Cisco-Expressway-Certificate-Creation-and-Use-Deployment-Guide-X8-1.pdf
- Aashish

Cannot login to Cisco Jabber 10.5.1 over Mobile and Remote Access

Hi,
We have deployed sucessfully VCS Expressway-C and VCS Expressway-E with only 1 zone which is "Unified Communication Traversal" and is for Mobile and Remote Access only. VCS-C and VCS-E are communicating and in statuses everything is active and working. Also VCS-C can communicate with CUCM and CUP (both version 10.5).
Problem is when I deploy Cisco Jabber 10.5.1 on computer outside of LAN and without VPN it start communicating with VCS-E, ask me for accepting certificate (we have certificate only intenally generated on Windows CA) and after that it is trying to connect and after few seconds it will tell me that it can't communicate with server.
Did any of you had same problem or can you advice how to troubleshoot? In Jabber logs there is only something like "Cannot authenticate" error message, but when I startup VPN I can authenticate without any problems.
Thanks

On Expressway-C are your HTTP Allow Lists setup properly? By default, and auto discovered CUCM and IMP should be listed via IP and Hostname, but if not, you'll need to insert manually.
Also, you can look at the config file your Expressway-E would be handing out to Jabber via this method.
From the internet, browse to:
https://vcse.yourdomain.com:8443/Y29sbGFiLmNvbQ/get_edge_config?service_name=_cisco-uds&service_name=_cuplogin
Where:
vcse is your Expressway-E hostname (or CNAME/A record)
yourdomain.com is your own domain
The first directory is your Base64 encoded domain name, remove and trailing equal signs (=)
The XML returned is basically the DNS SRV record information available as if internal for _cisco-uds and _cuplogin
TFTP DNS SRV is optional if you configured TFTP in IMP for your Legacy Clients.

Is there a way of remote accessing 'Games and More' on a mobile?

I am new to the forum, please excuse me if I am in the wrong space!
Is there a way of remotely accessing/executing Java applications that are residing in the 'Games and More.' folder on a mobile device?
e.g. Java application is downloaded into 'Games and More' and there is a requirement to execute the program from an ODP (On-Device-Portal). The ODP is external to the 'Games and More' folder but within the same mobile device.
Many thanks
Ian

IVM wrote:
Is there a way of remotely accessing/executing Java applications that are residing in the 'Games and More.' folder on a mobile device? No.
db

Remote access my time capsule when mobile me is no longer offered? And I do NOT have a static IP?

How can i remote access my time capsule when mobile me is no longer offered iCloud is months away and I do NOT have a static IP?
I feel that apple has crippled the functionality of my time capsule as I can no longer access the files abroad!

Try the advice in this thread.

Audio Tags in PDF do not play when in remote access

Have Acrobat Reader latest version installed on a Windows 8.1. When using remote access to play audio's all is fine but audio tags embedded in pdf's do not play? Any thoughts on issue here?

Hi,
Is there any update for your case?
Thanks.
Dharmesh Solanki

Jabber & mobility question

Hi!
I am trying to understand the variosu options for mobility for a Jabber on IPAD user when away from the office.
Found this:
1.) Cisco Jabber secure connect enables users who are away from the office Wi-Fi network to easily remain connected to corporate resources. When deployed together with the Cisco ASA 5500 Series Adaptive Security Appliance, the end user connectivity experience is secure, transparent, and friendly to today's proliferation of individually purchased mobile devices. When needed, the Cisco Jabber application - rather than the entire device or platform - initiates a secure Secure Sockets Layer (SSL) connection and validates the user credentials (whether authentication, authorization, and accounting [AAA] or digital certificates). Also, when the user returns to the office network, the Cisco Jabber application detects that the SSL tunnel is no longer required and breaks the tunnel down. Only application traffic from the Cisco Jabber application will traverse the enterprise, and other applications will not access corporate networks.
2) The Cisco AnyConnect™ solution is also a supported method of remote access, providing customers with multiple deployment options. When Cisco AnyConnect technology is used, all applications on the device will access the corporate network. Also, this technology is a separately distributed, configured, and operated application. The Cisco Jabber application does not control when Cisco AnyConnect technology is enabled or disabled. In this way, the Cisco Jabber application with integrated secure connectivity simplifies both the end user experience and the management and deployment effort
My questions:
1. I have heard rumors however that the Cisco Jabber secure connect will be discontinued, is that correct?
2. If the customer does not have Cisco's ASA FW, what are then the options? Could they continue to run another non- CIsco remote vpn client and then launch Jabber?
Many thanks in advance!
Anna

Cisco secure connect is only available for Android. IOS devices must use the mobile AnyConnect through the ASA..
Good news is it is only 105 dollar license to cover everyone. One time fee for the ASA license.
Sent from Cisco Technical Support iPad App

How to enable second HD DVR for remote access?

I easily got my first HD DVR setup for remote access and it worked perfetly for 1 day, then it stopped working. After 2 hours on the phone with tech support, we got it to work again. However, we were unable to get my second DVR setup. He said that I could only have one DVR setup for remote access, is that true? If not, any assistance would be much appreciated.
Thank you!

glcockrum wrote:
I easily got my first HD DVR setup for remote access and it worked perfetly for 1 day, then it stopped working. After 2 hours on the phone with tech support, we got it to work again. However, we were unable to get my second DVR setup. He said that I could only have one DVR setup for remote access, is that true? If not, any assistance would be much appreciated.
Thank you!
Are you speaking of Remote Access from the Web? ...or from a mobile phone?
For Web Access it is absolutely NOT TRUE!
I have TWO DVRs. I can access both remotely from the web and schedule or delete recordings.
The tech MAY have been speaking of (or confused about) the MULTI-ROOM capability that the DVR's have.
Only one of the DVRs can be (and is) a Home Media (or Multi-Room) DVR, and therefore can share recordings with my other NON-DVR STB and communicates with any computer on my home network for PC-based Audio, Vieo and Image files, as well as connecting to the certain Internet video streaming sites.
The other DVR is a standalone machine is this regard, but regardless, it still has remote access to control it from the Web.
(I do not know anything about the Remote Access from a mobile phone capability, since I do have a Verizon Wireless contract. THAT Remote Access may indeed be limited to just a single DVR.)

Remote access to Time Capsule won't work

Over the past couple of months I've been doing lots of research and planning into replacing my Mac Pro and old MacBook Pro with a new Mac setup. I was looking for efficiency, productivity and ultimate portability so the Macbook Pro Retina and Time Capsule grabbed my attention.
I was interested in the MacBook Pro Retina for work (travel) and home leisure use. Due to having so much music and video iTunes content, I was interested in purchasing a Time Capsule and a secondary external hard drive, placing all my iTunes content on the Time Capsule which I would then back up to the external hard drive when I was at home. I would then setup Time Capsule to be accessible over the internet so that I could view my media content through iTunes wherever in the world I was (internet speeds permitting of course). By doing this I could carry only my work files with me on the 512GB SSD Macbook Pro Retina, but could access the Time Capsule media files remotely, either via wi-fi or by tethering my iPhone 5.
So I purchased a Time Capsule to test my theory. I followed online guidance on how to achieve such a setup and using my 2008 MacBook Pro (which runs Snow Leopard) and a friends internet connection I got the system to work. I was able to remotely contact Time Capsule and watch High Def video content via wireless internet and even tethered to my iPhone. So I went and purchased a Macbook Pro Retina (running Mountain Lion) and set about setting up the system in the same way. But this is where something's gone wrong. I can't connect to the Time Capsule over the internet at all.
The Air Port utility has been updated to version 6 which is lacking the ability to instruct the Time Capsule to "Allow access over WAN". I thought I'd make sure it still connected via the internet using my old MacBook Pro, which had definitely worked perfectly just a couple weeks earlier, and that won't work either. I can't find the option to "Allow access over WAN" within Airport Utility 5.6.1 either? And the simple apple script application that I wrote (following an online guide) to open the remote connection to Time Capsule with the double left click on an icon has stopped working too.
I don't pretend to be a network engineer and I'm no I.T. expert, though I usually manage to teach myself what I need to know to sort issues like this out, but this has gotten me really stumped! I tried downloading an old version of Airport Utility to see if that had the "Allow access over WAN" feature (within the 'Disks' > 'File Sharing' area of Airport Utility) but my Mac OS won't allow the old versions to run.
Perhaps the version of Airport Utility I used on my Macbook Pro a couple of weeks ago didn't have the "Allow access over WAN" check box either and I just didn't notice - which is likely unless Airport Utility updates itself in the background without any prompts etc. I certainly didn't notice a software update for it any time over the past few days. Either way, I don't understand how it could have been working a few days back and now it's suddenly not.
I used this guides to gain remote access to Time Capsule successfully just a couple of weeks ago:
http://www.youtube.com/watch?v=SIQ7SzA1cK4
Can anyone shed any light on the issue and point me toward a fix please? I'd appreciate the help.

Thanks LaPastenague. I'm not sure if I have a static IP but I can confirm it hasn't changed in the past month.
I've pretty much come to the conclusion that what I want to do isn't really possible using Time Capsule. Like I mentioned, I had remote access working a couple of weeks ago but it seems like apple have updated the firmware or airport software to remove something that was necessary to remotely connect in the same way. And even if I did get it working I think it would still be so restrictive, requiring a fast wifi or mobile phone tethered connection to view my media files over the internet.
I got connected via iCloud and B.T.M.M. but the connection was very slow and video wouldn't stream well at all (painful). It seems that the speed constraints would make it very frustrating each time I simply wanted to look through my vast iTunes music collection or movie library. Album covers won't appear either.
Even if it were possible to connect via a static IP I just don't think that the WAN connection would be stable or fast enough to offer an efficint solution(?), so I'll probably have to by an external portable HD and use Time Capsule for Time Machine and Printer Sharing.
I wish I could stream my iTunes movies and music successfully over the internet, but right now it just doesn't seem possible.

Jabber Mobile and CallManager SU2a - desk phone control issue

Wanted to put this out there in case anyone has seen it yet and found a fix, or to hopefully save the next person some headache...
Starting to pilot Jabber Mobile via MRA (Collab Edge). We were running CallManager 9.1.2 base, and there was a known bug with audio and the mobile client, that required a jump to at least SU1. Since SU2a was out, the engineer i was working with recommended just jumping up to that SU. The problem is, though, it breaks the ability to handoff calls between a desk phone or softphone and the mobile client. If a call is started from either of those, and you try to hand it off to the mobile client, it won't work. But, if you start a call from the mobile client, you can hand it off to the desk phone or softphone all day long...
The current 'fix' is to upgrade to 10.5 CallManager, which makes no sense...my TAC engineer currently is working with the BU developers, but hasn't gotten any good info as of yet.
Has anyone else come across this yet?

cgoodale2 -- wanted to put an update in here for you and anyone else who stumbles across this...my SE gave me the following response from the BU - 'This function is not supported in version 9. He will need to upgrade to 10'. So, you're pretty much spot-on with having to go to 10.5...which is beyond frustrating, since I've had folks (my SE being one of them...) who said that they had it working on 9.1, SU1...
Good luck to you! I hope your upgrade goes smoothly...I always get nervous making a significant jump like that.

Can you create a Remote Access VPN connection to tunnel DMZ LAN and Inside Networks simultaneously?

I have a customer that has a ASA 5510 version 8.3 with IPSEC Client Access that includes some of their networks on the Inside interface. The issue they are having is when their mobile users connect with the vpn client (which is using split tunneling), they can no longer access their web server applications that are running in the DMZ. Without the client connected, they access the web servers via the external public IP. Once they are connected via vpn, their default dns server becomes the internal AD DNS server, which resolves the DNS of the web servers to the private DMZ ip address.
Can a Remote Access VPN client connection be allowed to connect to both the DMZ interface and the Inside Interface? I had always only setup RA VPN clients to connect to networks on the Inside Interface.
I tried adding the DMZ network to the Split Tunnel list, but I could not access anything it while connected to vpn using the private IP addresses.

Yes, you should be able to access DMZ subnets as well if they are added to the split tunnel ACL. You could check the NAT exemption configuration for the DMZ and also check if the ASA is forwarding the packet through DMZ interface by configuring captures on the DMZ interface.
Share the configuration if you want help with the NAT exemption part.

Remote access VPN client gets connected fails on hosts in LAN

Hi,
VPN client gets connected fine, I have a inter VLAN routing happening on the switch in the LAN so all the LAN hosts have gateway IP on the switch, I have the defult route pointing to ASA inside interface on the switch, the switch I can reach after Remote Access VPN is connected how ever I cannot ping/connect to other hosts in the LAN and if I make the gateway point to the ASA then that host is accessible, any suggestions? I really want to have gateway to be the Switch as I have other networks reachable through the Switch (Intranet routing)

Hi Mashal,
Thanks for your time,
VPN Pool(Client) 192.168.100.0/24
Internal Subnets 192.9.200.0/24(VLAN 4000) and 192.168.2.0/24 (VLAN 1000)
=============
On the Switch
=============
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.2.5 to network 0.0.0.0
     172.32.0.0/24 is subnetted, 1 subnets
C       172.32.0.0 is directly connected, Vlan101
C    192.168.200.0/24 is directly connected, Vlan2000
C    192.9.200.0/24 is directly connected, Vlan4000
S    192.168.250.0/24 [1/0] via 192.9.200.125
S    192.168.1.0/24 [1/0] via 192.9.200.125
C    192.168.2.0/24 is directly connected, Vlan1000
S    192.168.252.0/24 [1/0] via 192.9.200.125
S*   0.0.0.0/0 [1/0] via 192.168.2.5
===============
On ASA
===============
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
Gateway of last resort is 172.32.0.2 to network 0.0.0.0
C    172.32.0.0 255.255.255.0 is directly connected, outside
C    192.9.200.0 255.255.255.0 is directly connected, inside
C    192.168.168.0 255.255.255.0 is directly connected, failover
C    192.168.2.0 255.255.255.0 is directly connected, MGMT
S    192.168.100.2 255.255.255.255 [1/0] via 172.32.0.2, outside
S    192.168.100.3 255.255.255.255 [1/0] via 172.32.0.2, outside
S*   0.0.0.0 0.0.0.0 [1/0] via 172.32.0.2, outside
We don't need route print on the PC for now as I can explain what is happening I can get complete access to the 192.168.2.0/24 (VLAN 1000) but for 192.9.200.0/24 (VLAN 4000) above from the switch I can only ping IP's on the switches/pair but cannot have any tcp connections, which explains the default route being pointed on the switch is on VLAN 1000, now my issue is How do I get access to VLAN 4000 as you can see these two are on different Interfaces/zones on the ASA and please note with default gateway pointing to ASA I will have access to both the VLAN's it is only when I move the gateway pointing to Switch I loose tcp connections to one VLAN depending on the default route on the being pointing to on the switch.
So we are left to do with how to on the switch with default route.

Exchange Server 2013 and Remote Access VPN on a single server running Windows Server 2012?

Just by way of background, I have been installing and administering network servers, e-mail systems, VPN servers, and the like for many years. However, my involvement with Exchange and Windows Server has been mostly on the forensics and data recovery
level, or as a (sophisticated) user. I have never tried to deploy either from scratch before. My deployment experiences have been mostly with Linux in recent years, and with small private or personal "servers" running such cutting edge
software as Windows XP back when it was new. And even NetWare once.
When a client asked me if I could set up a server for his business, running Exchange Server (since they really want Outlook with all of its bells and whistles to work, particularly calendars) and providing VPN access for a shared file store, I figured it
could not be too difficult given that its a small business, with only a few users, and nothing sophisticated in the way of requirements. For reasons that don't bear explaining here, he was not willing to use a vendor hosting Exchange services or cloud
storage. There is no internal network behind the server; it is intended to be a stand-alone server, hanging off a static IP address on the Internet, providing the entirely mobile work-force of about 10 people with Exchange-hosted e-mail for their computers
and phones, a secure file store, and not much else. If Exchange didn't need it, I would not need to install Active Directory, for example. We have no direct need for its services.
So I did the research and it appears, more by implication than outright assertion, that I should be able to run Windows Server 2012 with Exchange Server 2013 on a server that also hosts Remote Access (VPN only) and does nothing else. And it appears
I ought to be able to do it without virtualizing any of it. However, I have spent the last three or four days fighting one mysterious issue after another. I had Remote Access VPN working and fairly stable very quickly (although it takes a very
long time to become available after the server boots), and it has mostly remained reliable throughout although at times while installing Exchange it seems to have dropped out on me. But I've always been able to get it back after scrounging through the
logs to find out what is bothering it. I have occasionally, for a few minutes at a time, had Exchange Server willing to do everything it should do (although not always everything at the same time). At one point I even received a number of e-mails
on my BlackBerry that had been sent to my test account on the Exchange Server, and was able to send an e-mail from my BlackBerry to an outside account.
But then Exchange Server just stopped. There are messages stuck in the queues, among other issues, but the Exchange Administration Center refuses now to display anything (after I enter my Administrator password, I just get a blank screen, whether on
the server or remotely).
So, I am trying to avoid bothering all of you any more than I have to, but let me just begin with the basic question posed in the title: Can I run Exchange Server (and therefore Active Directory and all of its components) and Remote Access (VPN only) on
a single Windows Server 2012 server? And if so, do I have to run virtual machines (which will require adding more memory to the server, since I did not plan for it when I purchased it)? If it can be done, can anyone provide any pointers on what
the pitfalls are that may be causing my problems? I am happy to provide whatever additional information anyone might like to help figure it out.
Thanks!

An old thread but I ran into this issue and thought I share my solution since I ran into the same issue. Configuring VPN removes the HTTPS 443 binding on the Default Site in IIS for some strange reason; just go and editing the bindings, add HTTPS and things
should be back to normal.

Inside lan is not reachable even after cisco Remote access vpn client connected to router C1841 But can ping to the router inside interface and loop back interface but not able to ping even to the directly connected inside device..??

Hii frnds,
here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
Below is the out put from the router
r1#sh run
Building configuration...
Current configuration : 3488 bytes
! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname r1
boot-start-marker
boot-end-marker
enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
aaa new-model
aaa authentication login local-console local
aaa authentication login userauth local
aaa authorization network groupauth local
aaa session-id common
dot11 syslog
ip source-route
ip cef
ip domain name r1.com
multilink bundle-name authenticated
license udi pid CISCO1841 sn FHK145171DM
username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group ra-vpn
key xxxxxx
domain r1.com
pool vpn-pool
acl 150
save-password
include-local-lan
max-users 10
crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
crypto dynamic-map RA 1
set transform-set my-vpn
reverse-route
crypto map ra-vpn client authentication list userauth
crypto map ra-vpn isakmp authorization list groupauth
crypto map ra-vpn client configuration address respond
crypto map ra-vpn 1 ipsec-isakmp dynamic RA
interface Loopback0
ip address 10.2.2.2 255.255.255.255
interface FastEthernet0/0
bandwidth 8000000
ip address 117.239.xx.xx 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map ra-vpn
interface FastEthernet0/1
description $ES_LAN$
ip address 192.168.10.252 255.255.255.0 secondary
ip address 10.10.10.1 255.255.252.0 secondary
ip address 172.16.0.1 255.255.252.0 secondary
ip address 10.10.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpn-pool 172.18.1.1   172.18.1.100
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip dns server
ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
ip nat inside source list 100 pool INTERNETPOOL overload
ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
access-list 100 permit ip 10.10.7.0 0.0.0.255 any
access-list 100 permit ip 10.10.10.0 0.0.1.255 any
access-list 100 permit ip 172.16.0.0 0.0.3.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
control-plane
line con 0
login authentication local-console
line aux 0
line vty 0 4
login authentication local-console
transport input telnet ssh
scheduler allocate 20000 1000
end
r1>sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
S*    0.0.0.0/0 [1/0] via 117.239.xx.xx
      10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C        10.2.2.2/32 is directly connected, Loopback0
C        10.10.7.0/24 is directly connected, FastEthernet0/1
L        10.10.7.1/32 is directly connected, FastEthernet0/1
C        10.10.8.0/22 is directly connected, FastEthernet0/1
L        10.10.10.1/32 is directly connected, FastEthernet0/1
      117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        117.239.xx.xx/28 is directly connected, FastEthernet0/0
L        117.239.xx.xx/32 is directly connected, FastEthernet0/0
      172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.16.0.0/22 is directly connected, FastEthernet0/1
L        172.16.0.1/32 is directly connected, FastEthernet0/1
      172.18.0.0/32 is subnetted, 1 subnets
S        172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
      192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.10.0/24 is directly connected, FastEthernet0/1
L        192.168.10.252/32 is directly connected, FastEthernet0/1
r1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id status
117.239.xx.xx   49.206.59.86    QM_IDLE           1043 ACTIVE
IPv6 Crypto ISAKMP SA
r1 #sh crypto ipsec sa
interface: FastEthernet0/0
    Crypto map tag: giet-vpn, local addr 117.239.xx.xx
   protected vrf: (none)
   local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
   remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
   current_peer 49.206.59.86 port 50083
     PERMIT, flags={}
    #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
    #pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
    #pkts compressed: 0, #pkts decompressed: 0
    #pkts not compressed: 0, #pkts compr. failed: 0
    #pkts not decompressed: 0, #pkts decompress failed: 0
    #send errors 0, #recv errors 0
     local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
     path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
     current outbound spi: 0x550E70F9(1427009785)
     PFS (Y/N): N, DH group: none
     inbound esp sas:
      spi: 0x5668C75(90606709)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel UDP-Encaps, }
        conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
        sa timing: remaining key lifetime (k/sec): (4550169/3437)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE
     inbound ah sas:
     inbound pcp sas:
     outbound esp sas:
      spi: 0x550E70F9(1427009785)
        transform: esp-3des esp-md5-hmac ,
        in use settings ={Tunnel UDP-Encaps, }
        conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
        sa timing: remaining key lifetime (k/sec): (4550170/3437)
        IV size: 8 bytes
        replay detection support: Y
        Status: ACTIVE
     outbound ah sas:
     outbound pcp sas:

hi Maximilian Schojohann..
First i would like to Thank you for showing interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF " Router cpu processer goes to 99% and hangs...
In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
so plz give me an alternate solution ....thanks in advance....

How do I set up remote access to my HD thats hooked to New Airport Extreme

Hi Everyone,
I want to have remote access to my hard drive which is hooked up to the USB Port on the back of the Airport Extreme. I have tried many different configurations and watched youtube videos to help me, to no avail. Apparently there are many ways to do this, but no luck!
Thanks for your help and if you have screen shots even more helpful.
I know I can't be the only one with this question and Apple doesn't make it easy since I called them and they want me to sign up for Mobile Me for $99/yr,
Thanks in Advance,
Robert

I should mention that its the only router I have which is hard wired via cable to modem.

Jabber Mobile Remote Access - No Audio

Similar Messages

Maybe you are looking for