Linksys WAP54G connecting to CISCO ACS via LEAP

I understand that Linksys WAP54G support WPA and 802.1x authentication. Will a cisco compatible client card get connected to the WAP54G via LEAP authentication to a Cisco ACS server ?
Connection scenario:-
Cisco compatible client card <-WPA/LEAP-> WAP54G <-WPA/LEAP-> Cisco ACS3.1
Pls advise if such setting is feasible.
Tks

This is really a question for Linksys support. The Cisco wireless BU has no involvement with the Linksy's product line. They operate as a totally separate wholly own subsidiary of Cisco.
As for LEAP, no, to my knowledge the Linksys AP does not support LEAP, which is not tested or part of the WPA certification program. To my knowledge the ONLY APs that support LEAP are Cisco Aironet APs.
If the Linksys supports WPA-Enterprise, then any client that supports WPA-Enterprise should work using EAP-TLS. The Cisco ACS server supports EAP-TLS.
One word of caution. Early CCX cards do not necessarily support WPA. The CCX specification and certification were out before WPA was released. You will need to check with the actual vendor of the card to verify WPA compatibility.;
Also there are two types of WPA. WPA-Personal, which supports only the WPA encryption, and the keys are handles by a Pre-shared Key input system (no radius server) and WPA-Enterprise, which is certified using WPA encryption an 802.1x EAP-TLS radius server (in fact using Microsoft and Funk Software servers). make sure that the Linksys supports WPA-enterprise, or it may not support 802.1x.
Bruce Alexander, Cisco

Similar Messages

Linksys E1200 Connecting with Cisco WAP4410n Wirelssly

I have a Linksys E1200 Wifi Router which is connected on LAN Port 1 with Switch. I have enable DHCP through my Server with Internet Connection Sharing.
Now I want to expand my wireless range with 5 WAP4410n in a building.
Can I connect Cisco WAP4410n with E1200 Router? If yes then what will be the WAP4410n AP Mode?
How can I Connect all 5 APs' with same SSID to expand my wireless range?
Moreover, I can access easily to Linksys E1200 on my machines easily within the range but I want to expand the range without the cable.

You might post a direct link to this forum or particular thread if there is informaton on it available.
Jcol wrote:
Hi! I actually have a similar concern with my Ciscobusiness class device before, but I went to a different forum. Try community.cisco.com and I think they have the answers to your question. Hope this helps!

No IP Address via DHCP connecting to Cisco WiFi via WPA - after update

Good Evening,
We use Cisco Aeronet WiFi devices at work and use WPA security. I was able to successfully connect via my MacBook Pro until an OS update a few weeks ago. Now I can connect and it appears that I authenticate - however I cannot get a valid IP address (just a 169.x.x.x address).
I can successfully connect to open and WEP networks - but WPA is an issue.
Is this a known issue?
I have applied the latest Airport update I believe.

This is an old issue, I have yet to see a fix. I have the same problem; my MBP assigns its own IP address, and no matter what I do, it will connect to the network but not the internet. Interestingly, when I boot my iBook, which I first did to check settings (the iBook always connected easily) the MBP connected. It does this every time. As soon as the iBook boots, or wakes, the MBP does its thing, gets a valid IP address via DHCP, and connects. Even entering a manual address, will not connect the MBP to the internet. Deleting ports, and locations doesn't help.The MBP has connected on its own about three times out of (say) a hundred. Apple engineers here in Australia, said they'd never heard of the problem. Maybe they are asleep. Bah.

2008 R2 NPS wont connect to Cisco 1841 via Cisco VPN 5.0.03.0560

I am migrating our IAS server from 2003 R2 to 2008 R2 NPS that we use to authenticate VPN conenctions through AD. Currently works without issue on 2003 R2 server. Does not want to work on 2008 R2 NPS server.
We are using Cisco VPN client 5.0.03.0560 as the VPN client. Below is the log file when I try to connect. Can someone tell me what needs to be done on NPS to get this working? If more info is needed please ask and will supply.
Cisco Systems VPN Client Version 5.0.03.0560
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3
Config file directory: C:\Program Files\Cisco Systems\VPN Client\
1      10:55:10.906 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
2      10:55:10.921 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
3      10:55:10.921 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server ".com"
4      10:55:10.921 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x.
5      10:55:10.937 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
6      10:55:11.140 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
7      10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
8      10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
9      10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
10     10:55:11.203 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
11     10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
12     10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
13     10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
14     10:55:11.140 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
15     10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
16     10:55:11.140 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
17     10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x078F, Remote Port = 0x1194
18     10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device
19     10:55:11.140 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
20     10:55:11.203 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
21     10:55:11.203 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
22     10:55:11.203 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
23     10:55:11.203 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
24     10:55:11.203 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
25     10:55:11.203 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
26     10:55:11.203 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
27     10:55:11.250 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
28     10:55:11.250 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
29     10:55:15.484 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
30     10:55:15.484 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
31     10:55:21.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
32     10:55:31.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
33     10:55:41.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
34     10:55:51.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
35     10:55:52.593 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
36     10:55:52.593 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
37     10:55:52.609 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
38     10:55:52.593 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
39     10:56:01.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
40     10:56:07.656 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
41     10:56:07.656 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
42     10:56:11.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
43     10:56:21.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
44     10:56:22.656 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
45     10:56:22.656 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
46     10:56:31.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
47     10:56:37.765 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
48     10:56:37.765 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
49     10:56:41.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
50     10:56:51.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
51     10:56:52.812 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
52     10:56:52.812 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
53     10:57:01.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
54     10:57:07.562 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
55     10:57:07.562 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
56     10:57:11.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
57     10:57:21.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
58     10:57:31.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
59     10:57:33.046 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
60     10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
61     10:57:33.046 06/05/14 Sev=Info/4 CM/0x63100018
User does not provide any authentication data
62     10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
63     10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB
64     10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
65     10:57:33.046 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB
66     10:57:33.046 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
67     10:57:33.062 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
68     10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
69     10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
70     10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
71     10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
72     11:00:54.656 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
73     11:00:54.671 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
74     11:00:54.671 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server ".com"
75     11:00:54.687 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x
76     11:00:54.703 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
77     11:00:54.750 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
78     11:00:54.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
79     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
80     11:00:54.953 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
81     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
82     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
83     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
84     11:00:55.015 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
85     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
86     11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
87     11:00:54.953 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
88     11:00:54.968 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
89     11:00:54.968 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
90     11:00:54.968 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x0798, Remote Port = 0x1194
91     11:00:54.968 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device
92     11:00:54.968 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
93     11:00:55.000 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
94     11:00:55.000 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
95     11:00:55.000 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
96     11:00:55.000 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
97     11:00:55.015 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
98     11:00:55.015 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
99     11:00:55.015 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
100    11:00:58.765 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
101    11:00:58.765 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
102    11:01:05.250 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
103    11:01:15.250 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
104    11:01:25.250 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
105    11:01:30.312 06/05/14 Sev=Info/6 GUI/0x63B0000D
Disconnecting VPN connection.
106    11:01:30.312 06/05/14 Sev=Info/4 CM/0x63100006
Abort connection attempt before Phase 1 SA up
107    11:01:30.312 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
108    11:01:30.312 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB
109    11:01:30.328 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
110    11:01:30.328 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB
111    11:01:30.328 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
112    11:01:30.328 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
113    11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
114    11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
115    11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
116    11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
117    11:01:44.875 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
118    11:01:44.890 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
119    11:01:44.890 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server ".com"
120    11:01:44.906 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x
121    11:01:44.921 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
122    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
123    11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
124    11:01:45.296 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
125    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
126    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
127    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
128    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
129    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
130    11:01:45.234 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
131    11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
132    11:01:45.234 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
133    11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x079B, Remote Port = 0x1194
134    11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device
135    11:01:45.234 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
136    11:01:45.250 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
137    11:01:45.250 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
138    11:01:45.281 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
139    11:01:45.281 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
140    11:01:45.281 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
141    11:01:45.281 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
142    11:01:45.296 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
143    11:01:45.296 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
144    11:01:45.296 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
145    11:01:53.625 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
146    11:01:53.625 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
147    11:01:53.640 06/05/14 Sev=Info/4 CM/0x63100018
User does not provide any authentication data
148    11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
149    11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB
150    11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
151    11:01:53.640 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB
152    11:01:53.640 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
153    11:01:53.640 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
154    11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
155    11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
156    11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
157    11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
158    11:02:00.406 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
159    11:02:00.421 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
160    11:02:00.421 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server "com"
161    11:02:00.421 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x
162    11:02:00.437 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
163    11:02:00.750 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
164    11:02:00.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
165    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
166    11:02:01.015 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
167    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
168    11:02:01.109 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
169    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
170    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
171    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
172    11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
173    11:02:01.031 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
174    11:02:01.031 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
175    11:02:01.031 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
176    11:02:01.031 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x079E, Remote Port = 0x1194
177    11:02:01.031 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
   Remote end is NOT behind a NAT device
   This   end IS behind a NAT device
178    11:02:01.031 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
179    11:02:01.078 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
180    11:02:01.078 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
181    11:02:01.078 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
182    11:02:01.078 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
183    11:02:01.078 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
184    11:02:01.078 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
185    11:02:01.078 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
186    11:02:06.406 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
187    11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
188    11:02:06.406 06/05/14 Sev=Info/4 CM/0x63100018
User does not provide any authentication data
189    11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
190    11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB
191    11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
192    11:02:06.406 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB
193    11:02:06.406 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
194    11:02:06.421 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
195    11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
196    11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
197    11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
198    11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped

I am using 2008 R2 NPS as radius server. 1841 ISR as VPN device. Here are debug loghs from Cisco 1841
1430434: .Jun 9 2014 12:06:59.187 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430435: .Jun 9 2014 12:06:59.187 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/140
1430436: .Jun 9 2014 12:06:59.191 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
1430437: .Jun 9 2014 12:06:59.191 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430438: .Jun 9 2014 12:06:59.191 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430439: .Jun 9 2014 12:06:59.191 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430440: .Jun 9 2014 12:06:59.191 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430441: .Jun 9 2014 12:06:59.191 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430442: .Jun 9 2014 12:06:59.191 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430443: .Jun 9 2014 12:06:59.191 PDT: RADIUS: Response (140) failed decrypt
1430444: .Jun 9 2014 12:07:05.246 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430445: .Jun 9 2014 12:07:05.246 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
1430446: .Jun 9 2014 12:07:05.250 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
1430447: .Jun 9 2014 12:07:05.250 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430448: .Jun 9 2014 12:07:05.250 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430449: .Jun 9 2014 12:07:05.250 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430450: .Jun 9 2014 12:07:05.250 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430451: .Jun 9 2014 12:07:05.250 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430452: .Jun 9 2014 12:07:05.250 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430453: .Jun 9 2014 12:07:05.254 PDT: RADIUS: Response (140) failed decrypt
1430454: .Jun 9 2014 12:07:08.574 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp x.x.9.47(21303) -> x.x.109.122(5038), 1 packet
1430455: .Jun 9 2014 12:07:09.826 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430456: .Jun 9 2014 12:07:09.826 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
1430457: .Jun 9 2014 12:07:09.830 PDT: RADIUS: Received from id 1645/140 10.1.x.x:1645, Access-Reject, len 20
1430458: .Jun 9 2014 12:07:09.830 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430459: .Jun 9 2014 12:07:09.830 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430460: .Jun 9 2014 12:07:09.830 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430461: .Jun 9 2014 12:07:09.830 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430462: .Jun 9 2014 12:07:09.830 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430463: .Jun 9 2014 12:07:09.830 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430464: .Jun 9 2014 12:07:09.830 PDT: RADIUS: Response (140) failed decrypt
1430465: .Jun 9 2014 12:07:14.210 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430466: .Jun 9 2014 12:07:14.210 PDT: RADIUS: No response from (10.1.4.7:1645,1646) for id 1645/140
Log Buffer (4096 bytes):
6E7C
1430534: .Jun 9 2014 12:09:50.586 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430535: .Jun 9 2014 12:09:50.586 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430536: .Jun 9 2014 12:09:50.590 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430537: .Jun 9 2014 12:09:50.590 PDT: RADIUS: Response (141) failed decrypt
1430538: .Jun 9 2014 12:09:51.902 PDT: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
1430539: .Jun 9 2014 12:09:55.638 PDT: %SEC-6-IPACCESSLOGP: list 112 denied tcp x.x.245.x(1602) -> x.32.x.x(445), 1 packet
1430540: .Jun 9 2014 12:09:55.974 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430541: .Jun 9 2014 12:09:55.974 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
1430542: .Jun 9 2014 12:09:55.978 PDT: RADIUS: Received from id 1645/141 10.1.4.7:1645, Access-Reject, len 20
1430543: .Jun 9 2014 12:09:55.978 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430544: .Jun 9 2014 12:09:55.978 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430545: .Jun 9 2014 12:09:55.978 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430546: .Jun 9 2014 12:09:55.978 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430547: .Jun 9 2014 12:09:55.978 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430548: .Jun 9 2014 12:09:55.978 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430549: .Jun 9 2014 12:09:55.978 PDT: RADIUS: Response (141) failed decrypt
1430550: .Jun 9 2014 12:09:58.070 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp 27.x.x.x(33281) -> 12.x.x.x(80), 1 packet
1430551: .Jun 9 2014 12:10:00.326 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430552: .Jun 9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.1.x.x:1645,1646 is not responding.
1430553: .Jun 9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.1.x.x:1645,1646 is being marked alive.
1430554: .Jun 9 2014 12:10:00.326 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/141
1430555: .Jun 9 2014 12:10:00.330 PDT: RADIUS: Received from id 1645/141 10.1.x.x:1645, Access-Reject, len 20
1430556: .Jun 9 2014 12:10:00.330 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430557: .Jun 9 2014 12:10:00.330 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430558: .Jun 9 2014 12:10:00.330 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430559: .Jun 9 2014 12:10:00.330 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430560: .Jun 9 2014 12:10:00.330 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430561: .Jun 9 2014 12:10:00.330 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430562: .Jun 9 2014 12:10:00.334 PDT: RADIUS: Response (141) failed decrypt
1430563: .Jun 9 2014 12:10:01.713 PDT: %SEC-6-IPACCESSLOGDP: list 102 denied icmp 175.x.x.x -> x.x.x.104 (3/3), 1 packet
1430564: .Jun 9 2014 12:10:05.841 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430565: .Jun 9 2014 12:10:05.841 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
1430566: .Jun 9 2014 12:10:05.845 PDT: RADIUS: Received from id 1645/141 10.x.x.x:1645, Access-Reject, len 20
1430567: .Jun 9 2014 12:10:05.845 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430568: .Jun 9 2014 12:10:05.845 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430569: .Jun 9 2014 12:10:05.845 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430570: .Jun 9 2014 12:10:05.845 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430571: .Jun 9 2014 12:10:05.845 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430572: .Jun 9 2014 12:10:05.849 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430573: .Jun 9 2014 12:10:05.849 PDT: RADIUS: Response (141) failed decrypt

Please help me configure authentic connection with Caller ID via ISDN 30B+D using Cisco ACS

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
Hi all
I have set up a dial up connection between to PC's at remote site and center. It using ISDN 30B+D which is configured on Router 3845. Currently I have configured authentic connection with username and password using Cisco ACS. To enhance the security configuration I want to authenticate both the phone number which dialup with Cisco ACS. And currently I have not done this. Please help me solve this problem.
Thanks so much
Longn

1) I deleted bridge-utils, netcfg
2) I edited /etc/hostapd/hostapd.conf:
interface=wlan0
#bridge=br0
edited /etc/dnsmasq.conf:
interface=wlan0
dhcp-range=192.168.0.2,192.168.0.255,255.255.255.0,24h
and edited /etc/rc.local:
ifconfig wlan0 192.168.0.1 netmask 255.255.255.0
ifconfig wlan0 up
3) I added in autostart these daemons: hostapd, dnsmasq and iptables.
Profit!

How can I connect a Cisco 7940 phone to a trixbox via SIP

how can I connect a Cisco 7940 phone and CIsco 7970 to a trixbox via SIP

...by configuring the trixbox according to the required configuration and changing your firmware on the phones to SIP{
=============================
Please remember to rate useful posts, by clicking on the stars below.
=============================

How do I connect an HP printer via Linksys printserver to a wireless network

Hi:
I have an HP laptop running Windows Vista 32-bit Home Premium.
It is connected wirelessly to the Internet via a Motorola SBG6580 cable Gateway.
I have an HP C6280 All-In-One printer/copier/scanner: wireless is not built-in.
A Linksys WPSM54G Printerserver is connected (hardwired) to the printer.
Currently, the printer is connected to the laptop via USB cable, and I am able to print.
(Previously, my wireless network connectivity was via a Linksys WRT54G router,
along with a modem. These were replaced with the Gateway.)
How do I setup wireless connectivity between the Printserver and the Gateway ?
I am not very network savvy (yet) , so I am not familiar with wireless connectivity details.
Any ideas ???
Thank you
DaleBr

From what I can tell you need help connecting the Linksys printer server to your network. Linksys has good instructions for the configuring the printserver. I've linked that site.
After the printer server is on line you might need to change the printer driver setings to reflect the new settings. A driver software reinstall should do that.
Please mark the post that solves your problem as "Accepted Solution"
Sometimes it takes several posts back and forth to get to a solution - please be patient.
I am employed by HP

Cisco ACS 5.1 802.1x auth fails on LAN when WLAN connected

I am running Cisco ACS 5.1 802.1x with certificate based authentication for Wired and Wireless connections. The issue that I am having is that when a user comes in from home with their laptop the wireless connection works, they pass the authentication and have network access fine. But when the plug the laptop into a docking station the LAN connection fails and gets put in the Auth Failure Vlan.
A reboot of the phone/ shut/no shut fixes this, but I really need to find a resolution
This is an intermittent fault and only effects users with both LAN and WLAN enabled.
Running ACS 5.1.0.44, all Cisco 3750s - c3750-ipservicesk9-mz.122-55.SE.
Certificates are issues by group policy and only using computer authentication.
any help would be greatly appreciated
Thanks

After a long TAC case with Cisco we discovered that the Mitel phone was not sending the EAPoL-Logoff packet so the switch still thought that the device off the back of the phone was connected.
There are no EAPoL-Logoff messages seen on switch when laptop is disconnected/port is shut down.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_1.99/Dot1X_Deployment/Dot1x_Dep_Guide.html#wp386903
This feature is supported by most IP phones - I do not know if Mitel phones support that but we cannot see this message in the debugs you sent.
As a workaround we can configure inactivity timer (by default it is infinity):
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/commmand/reference/cli1.html#wp11888691
This did resolve all our issues,
Aaron

AIR-AP1141N connected to Cisco linksys E1200

    Does anyone know if it possible to get dhcp service to an AP1141N when it is connected to > Cisco Linksys E1200 > cable modem?
The AP gets an IP for the BVI1 interface, the client associates but I get no IP assigment for the client.
What am I missing?
You may be wondering why I am doing this considering that the linksys is already wireless router. It is just a test to see if it possible. The linksys provides IP's and internet access just fine when the AP is not in the mix.

At one time I had a netgear wireless router and I was able to make this work. I replaced the netgear with the cisco linksys E1200 and now I cannot get it to work.
Attached is the AP config that I used when the netgear was in use.
The only think that is different now is that the IP addr that is assigned to the BVI1 interface.
The default gate on the netgear was the same as you see here.
=
Building configuration...
Current configuration : 2109 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname mbtest
logging rate-limit consol
no aaa new-model
dot11 syslog
dot11 ssid mbvisitor
   vlan 101
   authentication open
   authentication key-management wpa version 2
   guest-mode
   wpa-psk ascii 7 10681B415124185A54
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 101 mode ciphers aes-ccm
ssid mbvisitor
antenna gain 0
speed basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
interface Dot11Radio0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
i
interface GigabitEthernet0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 101
no bridge-group 101 source-learning
bridge-group 101 spanning-disabled
interface BVI1
ip address 192.168.1.4 255.255.255.0
no ip route-cache
ip default-gateway 192.168.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
login local

CISCO ACS

Hi All
I am new to the CISCO ACS software ,at present our vpn clients are being authenticated using the cisco acs
My problem is when they get connected they are being assigned with a subnet mask and gateway can any one help me to find out where it is configured and how can it be changed .
NOTE :- there is no radius attribute IETF configured on the acs

VPN users do not necessarily receive their ip address and mask etc via radius. This may very well be performed by an ip pool on the vpn device. In that case, only the authentication would be done via ACS.
What device are you using?
Can you post the config?
regards,
Leo

ACE 4700 and Cisco ACS aaa authentication

ACE version Software
loader: Version 0.95
system: Version A1(7b) [build 3.0(0)A1(7b)
Cisco ACS version 4.0.1
I am trying to authenticate admin users with AAA authentication for ACE management.
This is what I've done:
ACE-lab/Admin(config)# tacacs-server host 192.168.3.10 key 123456 port 49
warning: numeric key will not be encrypted
ACE-lab/Admin(config)# aaa group server tacacs+ cciesec
ACE-lab/Admin(config-tacacs+)# server ?
<A.B.C.D> TACACS+ server name
ACE-lab/Admin(config-tacacs+)# server 192.168.3.10
can not find the TACACS+ server
specified TACACS+ server not found, please configure it using tacacs-server host ... and then retry
ACE-lab/Admin(config-tacacs+)#
Why am I getting this error? I have full
connectivity between the ACE and the ACS
server. Furthermore, the ACS server
works fine with other Cisco IOS devices.
Please help. Thanks.

Thanks. Now I have another problem. I CAN
log into the ACE via tacacs+ account(s).
However, I get error when I try going into
configuration mode:
ACE-lab login: ngx1
Password:
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2007 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
ACE-lab/Admin# conf t
^
% invalid command detected at '^' marker.
ACE-lab/Admin#
The ngx1 account can access other Cisco
routers/switches just fine and can go into
enable mode just fine. Only issue on the ACE.
Any ideas? Thanks.

Cisco ACS config file

Hi all,
I have a cisco ACS V.4.0 server and want to get the config file. How can I get the CLI command prompt ? Or, Any where I can get the config file ?
Thanks
Leung Che Man

You can always take ACS backup from the GUI by going to System Configuration >> Click ACS Backup >> enter the FTP information >> Backup now.
Performing a Manual ACS Backup
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/sba.html#wp222516
Once you connected to ACS via CLI the default username and password if not changed would be
user= Administrator
Pass= setup
Establishing a Serial Console Connection
http://cisco.biz/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/appliance/instalap.html#wpxref17544
Backing Up ACS Data From the Serial Console
http://cisco.biz/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/appliance/admap.html#wp1057928
Regds,
JK
Do rate helpful posts-

Issue with certifcate on Cisco ACS

We are wanting to authenticate our internal wireless users using our Cisco ACS running 5.3. The ACS will poll our Active Directory environment for the username and password provided. I created a CSR on the ACS and provided it to Entrust. They provided me with a root, chain and server certificate. I binded the server certificate to the CSR under System Administration>Local Server Certificates>Local Certificates. I then added the chain and root certificates to the location Users and Identity Stores>Certificate Authorities. When I try to connect on a client laptop it asks for a username and password but after entering that information I am presented with the below certificate warning. This certificate is from Entrust and I see the root certificate in the root store on the laptop. Any ideas what would cause this. TAC does not seem to have any answers. They say it is a client machine problem.

From the problem description, it's clear that you're attempting to connect user on a wireless network via peap. From the ACS stand point, your configuration looks good. However, I'd like to know what all certificate have you installed on the client side. Do we have complete chain installed on the client that includes Root CA and intermediate (if any). Would you mind emailing me your complete certificate chain for my reference?
Also, let me know what OS and supplicant are we running on end client?
~BR
Jatin Katyal
**Do rate helpful posts**

How many concurrent connections that an ACS server version 4.2 latest patch can handle?

I have about 50 routers and layer-3 switches that autheticate via tacacs+. The AAA server used to be on a Linux machine running open-source tacacs+ built by me. I have a perl script that will log into all 50 devices at the same time to collect statistics. This script is multi-threaded. Everything is working fine so far.
I recently out-sourced the AAA function to a 3rd party company, not by my choice. The 3rd party uses Cisco ACS version 4.2 with the latest patch running on Windows 2003 Enterprise Server with 16GB RAM and quad processors with quad-cores, IBM x3650-M2 hardware. The connectivity between the 3rd party and my company is through a DS-3 connection. Maximum bandwidth over this DS-3 connection is less than 10Mbps at most.
I noticed that for the past 3 months I have multiple failures with this perl script due to authentication failure with the ACS server. If I just run the script again a few routers/switches, there are no issues; however, whenever I started the script to log into 50 devices all at the same time, it will fail. If I made the configuration on all routers/switches to point back to the old open-source tacacs+ server, the issue goes away. The minute I switched back to the
new ACS server, the issue came back. If I modified the script to hit one device at a time, it works fine. I think it is the ACS server can not handle a lot
of AAA requests at the same time.
Does anyone know how many concurrent connections that an ACS 4.2, with latest patches on Windows 2003 Enterprise Server with lot of memory and CPU power, can handle? I can't seem to find this anywhere on Cisco website.
Thanks in advance.

No, Im not saying ACS cannot cope.
Concurrency and latency are very different things. ACS CSTacacs can handle many 100s of simple authentications/authorisations per second with users in the internal database. If 1000s of devices all send traffic in the same instant it would take some seconds to work through the backlog of traffic.
Also, worth considering that a limited number of tasks within ACS (or threads) can actually handle a much greater number of "logins" because they are generally multi-message allowing ACS to keep lots of plates spinning.
If users are in an external databases the latency (per authentication) can increase depending on where the users are (eg Windows AD) and if bad enough can have a serious effect on the overall authentication rate. At which point customers normally turn to load balancing.
If your device timeouts are 20 seconds (totally reasonable) I suggest the issue is more likely to be something else... a bug, perhaps specific to v4.2?

VPN client connect to CISCO 887 VPN Server bat they stop at router!!

Hi
my scenario is as follows
SERVER1 on lan (192.168.5.2/24)
|
|
CISCO-887 (192.168.5.4) with VPN server
|
|
INTERNET
|
|
VPN Cisco client on xp machine
My connection have public ip address assegned by ISP, after ppp login.
I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN.
They can ping only router!!!
They are configured with Cisco VPN client (V5.0.007) with "Enabled Trasparent Tunnelling" and "IPSec over UDP NAT/PAT".
What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
Peraps ACL problem?
Building configuration...
Current configuration : 5019 bytes
! Last configuration change at 05:20:37 UTC Tue Apr 24 2012 by adm
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname gate
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
memory-size iomem 10
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-453216506
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-453216506
revocation-check none
rsakeypair TP-self-signed-453216506
crypto pki certificate chain TP-self-signed-453216506
certificate self-signed 01
        quit
ip name-server 212.216.112.222
ip cef
no ipv6 cef
password encryption aes
license udi pid CISCO887VA-K9 sn ********
username adm privilege 15 secret 5 *****************
username user1 secret 5 ******************
controller VDSL 0
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EXTERNALS
key 6 *********\*******
dns 192.168.5.2
wins 192.168.5.2
domain domain.local
pool SDM_POOL_1
save-password
crypto isakmp profile ciscocp-ike-profile-1
   match identity group EXTERNALS
   client authentication list ciscocp_vpn_xauth_ml_2
   isakmp authorization list ciscocp_vpn_group_ml_2
   client configuration address respond
   virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA1
set isakmp-profile ciscocp-ike-profile-1
interface Loopback0
ip address 10.10.10.10 255.255.255.0
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
ip address 192.168.5.4 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ******@*******.****
ppp chap password 0 alicenewag
ppp pap sent-username ******@*******.**** password 0 *********
ip local pool SDM_POOL_1 192.168.5.20 192.168.5.50
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
dialer-list 1 protocol ip permit
line con 0
line aux 0
line vty 0 4
transport input all
end

Hello,
Your pool of VPN addresses is overlapping with the interface vlan1.
Since proxy-arp is disabled on that interface, it will never work
2 solutions
1- Pool uses a different network than 192.168.5
2- Enable ip proxy-arp on interface vlan1
Cheers,
Olivier

Linksys WAP54G connecting to CISCO ACS via LEAP

Similar Messages

Maybe you are looking for