Linksys WAP54G connecting to CISCO ACS via LEAP
I understand that Linksys WAP54G support WPA and 802.1x authentication. Will a cisco compatible client card get connected to the WAP54G via LEAP authentication to a Cisco ACS server ?
Connection scenario:-
Cisco compatible client card <-WPA/LEAP-> WAP54G <-WPA/LEAP-> Cisco ACS3.1
Pls advise if such setting is feasible.
Tks
This is really a question for Linksys support. The Cisco wireless BU has no involvement with the Linksy's product line. They operate as a totally separate wholly own subsidiary of Cisco.
As for LEAP, no, to my knowledge the Linksys AP does not support LEAP, which is not tested or part of the WPA certification program. To my knowledge the ONLY APs that support LEAP are Cisco Aironet APs.
If the Linksys supports WPA-Enterprise, then any client that supports WPA-Enterprise should work using EAP-TLS. The Cisco ACS server supports EAP-TLS.
One word of caution. Early CCX cards do not necessarily support WPA. The CCX specification and certification were out before WPA was released. You will need to check with the actual vendor of the card to verify WPA compatibility.;
Also there are two types of WPA. WPA-Personal, which supports only the WPA encryption, and the keys are handles by a Pre-shared Key input system (no radius server) and WPA-Enterprise, which is certified using WPA encryption an 802.1x EAP-TLS radius server (in fact using Microsoft and Funk Software servers). make sure that the Linksys supports WPA-enterprise, or it may not support 802.1x.
Bruce Alexander, Cisco
Similar Messages
-
Linksys E1200 Connecting with Cisco WAP4410n Wirelssly
I have a Linksys E1200 Wifi Router which is connected on LAN Port 1 with Switch. I have enable DHCP through my Server with Internet Connection Sharing.
Now I want to expand my wireless range with 5 WAP4410n in a building.
Can I connect Cisco WAP4410n with E1200 Router? If yes then what will be the WAP4410n AP Mode?
How can I Connect all 5 APs' with same SSID to expand my wireless range?
Moreover, I can access easily to Linksys E1200 on my machines easily within the range but I want to expand the range without the cable.You might post a direct link to this forum or particular thread if there is informaton on it available.
Jcol wrote:
Hi! I actually have a similar concern with my Ciscobusiness class device before, but I went to a different forum. Try community.cisco.com and I think they have the answers to your question. Hope this helps! -
No IP Address via DHCP connecting to Cisco WiFi via WPA - after update
Good Evening,
We use Cisco Aeronet WiFi devices at work and use WPA security. I was able to successfully connect via my MacBook Pro until an OS update a few weeks ago. Now I can connect and it appears that I authenticate - however I cannot get a valid IP address (just a 169.x.x.x address).
I can successfully connect to open and WEP networks - but WPA is an issue.
Is this a known issue?
I have applied the latest Airport update I believe.This is an old issue, I have yet to see a fix. I have the same problem; my MBP assigns its own IP address, and no matter what I do, it will connect to the network but not the internet. Interestingly, when I boot my iBook, which I first did to check settings (the iBook always connected easily) the MBP connected. It does this every time. As soon as the iBook boots, or wakes, the MBP does its thing, gets a valid IP address via DHCP, and connects. Even entering a manual address, will not connect the MBP to the internet. Deleting ports, and locations doesn't help.The MBP has connected on its own about three times out of (say) a hundred. Apple engineers here in Australia, said they'd never heard of the problem. Maybe they are asleep. Bah.
-
2008 R2 NPS wont connect to Cisco 1841 via Cisco VPN 5.0.03.0560
I am migrating our IAS server from 2003 R2 to 2008 R2 NPS that we use to authenticate VPN conenctions through AD. Currently works without issue on 2003 R2 server. Does not want to work on 2008 R2 NPS server.
We are using Cisco VPN client 5.0.03.0560 as the VPN client. Below is the log file when I try to connect. Can someone tell me what needs to be done on NPS to get this working? If more info is needed please ask and will supply.
Cisco Systems VPN Client Version 5.0.03.0560
Copyright (C) 1998-2007 Cisco Systems, Inc. All Rights Reserved.
Client Type(s): Windows, WinNT
Running on: 5.1.2600 Service Pack 3
Config file directory: C:\Program Files\Cisco Systems\VPN Client\
1 10:55:10.906 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
2 10:55:10.921 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
3 10:55:10.921 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server ".com"
4 10:55:10.921 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x.
5 10:55:10.937 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
6 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
7 10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
8 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
9 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
10 10:55:11.203 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
11 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
12 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
13 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
14 10:55:11.140 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
15 10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
16 10:55:11.140 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
17 10:55:11.140 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x078F, Remote Port = 0x1194
18 10:55:11.140 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
19 10:55:11.140 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
20 10:55:11.203 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
21 10:55:11.203 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
22 10:55:11.203 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
23 10:55:11.203 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
24 10:55:11.203 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
25 10:55:11.203 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
26 10:55:11.203 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
27 10:55:11.250 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
28 10:55:11.250 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
29 10:55:15.484 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
30 10:55:15.484 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
31 10:55:21.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
32 10:55:31.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
33 10:55:41.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
34 10:55:51.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
35 10:55:52.593 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
36 10:55:52.593 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
37 10:55:52.609 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
38 10:55:52.593 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
39 10:56:01.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
40 10:56:07.656 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
41 10:56:07.656 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
42 10:56:11.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
43 10:56:21.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
44 10:56:22.656 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
45 10:56:22.656 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
46 10:56:31.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
47 10:56:37.765 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
48 10:56:37.765 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
49 10:56:41.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
50 10:56:51.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
51 10:56:52.812 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
52 10:56:52.812 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
53 10:57:01.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
54 10:57:07.562 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
55 10:57:07.562 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(Retransmission) from x.x.x.x
56 10:57:11.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
57 10:57:21.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
58 10:57:31.218 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
59 10:57:33.046 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
60 10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
61 10:57:33.046 06/05/14 Sev=Info/4 CM/0x63100018
User does not provide any authentication data
62 10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
63 10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB
64 10:57:33.046 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
65 10:57:33.046 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=A5D0259F68268513 R_Cookie=D90058DAEBC5310F) reason = DEL_REASON_RESET_SADB
66 10:57:33.046 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
67 10:57:33.062 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
68 10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
69 10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
70 10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
71 10:57:33.218 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
72 11:00:54.656 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
73 11:00:54.671 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
74 11:00:54.671 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server ".com"
75 11:00:54.687 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x
76 11:00:54.703 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
77 11:00:54.750 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
78 11:00:54.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
79 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
80 11:00:54.953 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
81 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
82 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
83 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
84 11:00:55.015 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
85 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
86 11:00:54.953 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
87 11:00:54.953 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
88 11:00:54.968 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
89 11:00:54.968 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
90 11:00:54.968 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x0798, Remote Port = 0x1194
91 11:00:54.968 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
92 11:00:54.968 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
93 11:00:55.000 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
94 11:00:55.000 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
95 11:00:55.000 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
96 11:00:55.000 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
97 11:00:55.015 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
98 11:00:55.015 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
99 11:00:55.015 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
100 11:00:58.765 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
101 11:00:58.765 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
102 11:01:05.250 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
103 11:01:15.250 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
104 11:01:25.250 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
105 11:01:30.312 06/05/14 Sev=Info/6 GUI/0x63B0000D
Disconnecting VPN connection.
106 11:01:30.312 06/05/14 Sev=Info/4 CM/0x63100006
Abort connection attempt before Phase 1 SA up
107 11:01:30.312 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
108 11:01:30.312 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB
109 11:01:30.328 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
110 11:01:30.328 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=B172E43640D94E73 R_Cookie=D90058DA499474F6) reason = DEL_REASON_RESET_SADB
111 11:01:30.328 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
112 11:01:30.328 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
113 11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
114 11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
115 11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
116 11:01:30.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
117 11:01:44.875 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
118 11:01:44.890 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
119 11:01:44.890 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server ".com"
120 11:01:44.906 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x
121 11:01:44.921 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
122 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
123 11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
124 11:01:45.296 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
125 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
126 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
127 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
128 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
129 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
130 11:01:45.234 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
131 11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
132 11:01:45.234 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
133 11:01:45.234 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x079B, Remote Port = 0x1194
134 11:01:45.234 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
135 11:01:45.234 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
136 11:01:45.250 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
137 11:01:45.250 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
138 11:01:45.281 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
139 11:01:45.281 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
140 11:01:45.281 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
141 11:01:45.281 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
142 11:01:45.296 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
143 11:01:45.296 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
144 11:01:45.296 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
145 11:01:53.625 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
146 11:01:53.625 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
147 11:01:53.640 06/05/14 Sev=Info/4 CM/0x63100018
User does not provide any authentication data
148 11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
149 11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB
150 11:01:53.640 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
151 11:01:53.640 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=07A59EB947FF6880 R_Cookie=D90058DA7E39EE62) reason = DEL_REASON_RESET_SADB
152 11:01:53.640 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
153 11:01:53.640 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
154 11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
155 11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
156 11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
157 11:01:53.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stopped
158 11:02:00.406 06/05/14 Sev=Info/4 CM/0x63100002
Begin connection process
159 11:02:00.421 06/05/14 Sev=Info/4 CM/0x63100004
Establish secure connection
160 11:02:00.421 06/05/14 Sev=Info/4 CM/0x63100024
Attempt connection with server "com"
161 11:02:00.421 06/05/14 Sev=Info/6 IKE/0x6300003B
Attempting to establish a connection with x.x.x.x
162 11:02:00.437 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to x.x.x.x
163 11:02:00.750 06/05/14 Sev=Info/4 IPSEC/0x63700008
IPSec driver successfully started
164 11:02:00.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
165 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
166 11:02:01.015 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from x.x.x.x
167 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer is a Cisco-Unity compliant peer
168 11:02:01.109 06/05/14 Sev=Info/6 GUI/0x63B00012
Authentication request attributes is 6h.
169 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DPD
170 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports DWR Code and DWR Text
171 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports XAUTH
172 11:02:01.015 06/05/14 Sev=Info/5 IKE/0x63000001
Peer supports NAT-T
173 11:02:01.031 06/05/14 Sev=Info/6 IKE/0x63000001
IOS Vendor ID Contruction successful
174 11:02:01.031 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to x.x.x.x
175 11:02:01.031 06/05/14 Sev=Info/6 IKE/0x63000055
Sent a keepalive on the IPSec SA
176 11:02:01.031 06/05/14 Sev=Info/4 IKE/0x63000083
IKE Port in use - Local Port = 0x079E, Remote Port = 0x1194
177 11:02:01.031 06/05/14 Sev=Info/5 IKE/0x63000072
Automatic NAT Detection Status:
Remote end is NOT behind a NAT device
This end IS behind a NAT device
178 11:02:01.031 06/05/14 Sev=Info/4 CM/0x6310000E
Established Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system
179 11:02:01.078 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
180 11:02:01.078 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from x.x.x.x
181 11:02:01.078 06/05/14 Sev=Info/5 IKE/0x63000045
RESPONDER-LIFETIME notify has value of 86400 seconds
182 11:02:01.078 06/05/14 Sev=Info/5 IKE/0x63000047
This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now
183 11:02:01.078 06/05/14 Sev=Info/5 IKE/0x6300002F
Received ISAKMP packet: peer = x.x.x.x
184 11:02:01.078 06/05/14 Sev=Info/4 IKE/0x63000014
RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from x.x.x.x
185 11:02:01.078 06/05/14 Sev=Info/4 CM/0x63100015
Launch xAuth application
186 11:02:06.406 06/05/14 Sev=Info/4 CM/0x63100017
xAuth application returned
187 11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to x.x.x.x
188 11:02:06.406 06/05/14 Sev=Info/4 CM/0x63100018
User does not provide any authentication data
189 11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000001
IKE received signal to terminate VPN connection
190 11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000017
Marking IKE SA for deletion (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB
191 11:02:06.406 06/05/14 Sev=Info/4 IKE/0x63000013
SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to x.x.x.x
192 11:02:06.406 06/05/14 Sev=Info/4 IKE/0x6300004B
Discarding IKE SA negotiation (I_Cookie=E9F0E2EDD6D85F48 R_Cookie=D90058DA2BBDFC93) reason = DEL_REASON_RESET_SADB
193 11:02:06.406 06/05/14 Sev=Info/5 CM/0x63100025
Initializing CVPNDrv
194 11:02:06.421 06/05/14 Sev=Info/6 CM/0x63100046
Set tunnel established flag in registry to 0.
195 11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
196 11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
197 11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x63700014
Deleted all keys
198 11:02:06.750 06/05/14 Sev=Info/4 IPSEC/0x6370000A
IPSec driver successfully stoppedI am using 2008 R2 NPS as radius server. 1841 ISR as VPN device. Here are debug loghs from Cisco 1841
1430434: .Jun 9 2014 12:06:59.187 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430435: .Jun 9 2014 12:06:59.187 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/140
1430436: .Jun 9 2014 12:06:59.191 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
1430437: .Jun 9 2014 12:06:59.191 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430438: .Jun 9 2014 12:06:59.191 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430439: .Jun 9 2014 12:06:59.191 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430440: .Jun 9 2014 12:06:59.191 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430441: .Jun 9 2014 12:06:59.191 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430442: .Jun 9 2014 12:06:59.191 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430443: .Jun 9 2014 12:06:59.191 PDT: RADIUS: Response (140) failed decrypt
1430444: .Jun 9 2014 12:07:05.246 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430445: .Jun 9 2014 12:07:05.246 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
1430446: .Jun 9 2014 12:07:05.250 PDT: RADIUS: Received from id 1645/140 10.1.4.7:1645, Access-Reject, len 20
1430447: .Jun 9 2014 12:07:05.250 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430448: .Jun 9 2014 12:07:05.250 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430449: .Jun 9 2014 12:07:05.250 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430450: .Jun 9 2014 12:07:05.250 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430451: .Jun 9 2014 12:07:05.250 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430452: .Jun 9 2014 12:07:05.250 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430453: .Jun 9 2014 12:07:05.254 PDT: RADIUS: Response (140) failed decrypt
1430454: .Jun 9 2014 12:07:08.574 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp x.x.9.47(21303) -> x.x.109.122(5038), 1 packet
1430455: .Jun 9 2014 12:07:09.826 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430456: .Jun 9 2014 12:07:09.826 PDT: RADIUS: Retransmit to (10.1.4.7:1645,1646) for id 1645/140
1430457: .Jun 9 2014 12:07:09.830 PDT: RADIUS: Received from id 1645/140 10.1.x.x:1645, Access-Reject, len 20
1430458: .Jun 9 2014 12:07:09.830 PDT: RADIUS: authenticator 06 F7 D9 7C 40 F4 9A FB - E1 81 EE EC 66 84 48 B7
1430459: .Jun 9 2014 12:07:09.830 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430460: .Jun 9 2014 12:07:09.830 PDT: RADIUS: packet dump: 038C001406F7D97C40F49AFBE181EEEC668448B7
1430461: .Jun 9 2014 12:07:09.830 PDT: RADIUS: expected digest: 7AAF1DE8D8190BC4D8B9B66437405BBA
1430462: .Jun 9 2014 12:07:09.830 PDT: RADIUS: response authen: 06F7D97C40F49AFBE181EEEC668448B7
1430463: .Jun 9 2014 12:07:09.830 PDT: RADIUS: request authen: 2669BD0BEF3749C79C551EABB4B4D105
1430464: .Jun 9 2014 12:07:09.830 PDT: RADIUS: Response (140) failed decrypt
1430465: .Jun 9 2014 12:07:14.210 PDT: RADIUS: no sg in radius-timers: ctx 0x62A26CC8 sg 0x0000
1430466: .Jun 9 2014 12:07:14.210 PDT: RADIUS: No response from (10.1.4.7:1645,1646) for id 1645/140
Log Buffer (4096 bytes):
6E7C
1430534: .Jun 9 2014 12:09:50.586 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430535: .Jun 9 2014 12:09:50.586 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430536: .Jun 9 2014 12:09:50.590 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430537: .Jun 9 2014 12:09:50.590 PDT: RADIUS: Response (141) failed decrypt
1430538: .Jun 9 2014 12:09:51.902 PDT: %SEC-6-IPACCESSLOGRL: access-list logging rate-limited or missed 12 packets
1430539: .Jun 9 2014 12:09:55.638 PDT: %SEC-6-IPACCESSLOGP: list 112 denied tcp x.x.245.x(1602) -> x.32.x.x(445), 1 packet
1430540: .Jun 9 2014 12:09:55.974 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430541: .Jun 9 2014 12:09:55.974 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
1430542: .Jun 9 2014 12:09:55.978 PDT: RADIUS: Received from id 1645/141 10.1.4.7:1645, Access-Reject, len 20
1430543: .Jun 9 2014 12:09:55.978 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430544: .Jun 9 2014 12:09:55.978 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430545: .Jun 9 2014 12:09:55.978 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430546: .Jun 9 2014 12:09:55.978 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430547: .Jun 9 2014 12:09:55.978 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430548: .Jun 9 2014 12:09:55.978 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430549: .Jun 9 2014 12:09:55.978 PDT: RADIUS: Response (141) failed decrypt
1430550: .Jun 9 2014 12:09:58.070 PDT: %SEC-6-IPACCESSLOGP: list 102 denied tcp 27.x.x.x(33281) -> 12.x.x.x(80), 1 packet
1430551: .Jun 9 2014 12:10:00.326 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430552: .Jun 9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_DEAD: RADIUS server 10.1.x.x:1645,1646 is not responding.
1430553: .Jun 9 2014 12:10:00.326 PDT: %RADIUS-4-RADIUS_ALIVE: RADIUS server 10.1.x.x:1645,1646 is being marked alive.
1430554: .Jun 9 2014 12:10:00.326 PDT: RADIUS: Retransmit to (10.1.x.x:1645,1646) for id 1645/141
1430555: .Jun 9 2014 12:10:00.330 PDT: RADIUS: Received from id 1645/141 10.1.x.x:1645, Access-Reject, len 20
1430556: .Jun 9 2014 12:10:00.330 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430557: .Jun 9 2014 12:10:00.330 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430558: .Jun 9 2014 12:10:00.330 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430559: .Jun 9 2014 12:10:00.330 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430560: .Jun 9 2014 12:10:00.330 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430561: .Jun 9 2014 12:10:00.330 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430562: .Jun 9 2014 12:10:00.334 PDT: RADIUS: Response (141) failed decrypt
1430563: .Jun 9 2014 12:10:01.713 PDT: %SEC-6-IPACCESSLOGDP: list 102 denied icmp 175.x.x.x -> x.x.x.104 (3/3), 1 packet
1430564: .Jun 9 2014 12:10:05.841 PDT: RADIUS: no sg in radius-timers: ctx 0x637771F4 sg 0x0000
1430565: .Jun 9 2014 12:10:05.841 PDT: RADIUS: Retransmit to (10.x.x.x:1645,1646) for id 1645/141
1430566: .Jun 9 2014 12:10:05.845 PDT: RADIUS: Received from id 1645/141 10.x.x.x:1645, Access-Reject, len 20
1430567: .Jun 9 2014 12:10:05.845 PDT: RADIUS: authenticator 97 45 CF 5A D4 B8 41 8A - 59 D9 C9 7E 72 58 6E 7C
1430568: .Jun 9 2014 12:10:05.845 PDT: RADIUS: response-authenticator decrypt fail, pak len 20
1430569: .Jun 9 2014 12:10:05.845 PDT: RADIUS: packet dump: 038D00149745CF5AD4B8418A59D9C97E72586E7C
1430570: .Jun 9 2014 12:10:05.845 PDT: RADIUS: expected digest: DE950EACA36AD5E6CE5A0148663AB1AD
1430571: .Jun 9 2014 12:10:05.845 PDT: RADIUS: response authen: 9745CF5AD4B8418A59D9C97E72586E7C
1430572: .Jun 9 2014 12:10:05.849 PDT: RADIUS: request authen: E39E7226C93AFEDCAF03A49F11FDA193
1430573: .Jun 9 2014 12:10:05.849 PDT: RADIUS: Response (141) failed decrypt -
Please help me configure authentic connection with Caller ID via ISDN 30B+D using Cisco ACS
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
Hi all
I have set up a dial up connection between to PC's at remote site and center. It using ISDN 30B+D which is configured on Router 3845. Currently I have configured authentic connection with username and password using Cisco ACS. To enhance the security configuration I want to authenticate both the phone number which dialup with Cisco ACS. And currently I have not done this. Please help me solve this problem.
Thanks so much
Longn1) I deleted bridge-utils, netcfg
2) I edited /etc/hostapd/hostapd.conf:
interface=wlan0
#bridge=br0
edited /etc/dnsmasq.conf:
interface=wlan0
dhcp-range=192.168.0.2,192.168.0.255,255.255.255.0,24h
and edited /etc/rc.local:
ifconfig wlan0 192.168.0.1 netmask 255.255.255.0
ifconfig wlan0 up
3) I added in autostart these daemons: hostapd, dnsmasq and iptables.
Profit! -
How can I connect a Cisco 7940 phone to a trixbox via SIP
how can I connect a Cisco 7940 phone and CIsco 7970 to a trixbox via SIP
...by configuring the trixbox according to the required configuration and changing your firmware on the phones to SIP{
=============================
Please remember to rate useful posts, by clicking on the stars below.
============================= -
How do I connect an HP printer via Linksys printserver to a wireless network
Hi:
I have an HP laptop running Windows Vista 32-bit Home Premium.
It is connected wirelessly to the Internet via a Motorola SBG6580 cable Gateway.
I have an HP C6280 All-In-One printer/copier/scanner: wireless is not built-in.
A Linksys WPSM54G Printerserver is connected (hardwired) to the printer.
Currently, the printer is connected to the laptop via USB cable, and I am able to print.
(Previously, my wireless network connectivity was via a Linksys WRT54G router,
along with a modem. These were replaced with the Gateway.)
How do I setup wireless connectivity between the Printserver and the Gateway ?
I am not very network savvy (yet) , so I am not familiar with wireless connectivity details.
Any ideas ???
Thank you
DaleBrFrom what I can tell you need help connecting the Linksys printer server to your network. Linksys has good instructions for the configuring the printserver. I've linked that site.
After the printer server is on line you might need to change the printer driver setings to reflect the new settings. A driver software reinstall should do that.
Please mark the post that solves your problem as "Accepted Solution"
Sometimes it takes several posts back and forth to get to a solution - please be patient.
I am employed by HP -
Cisco ACS 5.1 802.1x auth fails on LAN when WLAN connected
I am running Cisco ACS 5.1 802.1x with certificate based authentication for Wired and Wireless connections. The issue that I am having is that when a user comes in from home with their laptop the wireless connection works, they pass the authentication and have network access fine. But when the plug the laptop into a docking station the LAN connection fails and gets put in the Auth Failure Vlan.
A reboot of the phone/ shut/no shut fixes this, but I really need to find a resolution
This is an intermittent fault and only effects users with both LAN and WLAN enabled.
Running ACS 5.1.0.44, all Cisco 3750s - c3750-ipservicesk9-mz.122-55.SE.
Certificates are issues by group policy and only using computer authentication.
any help would be greatly appreciated
ThanksAfter a long TAC case with Cisco we discovered that the Mitel phone was not sending the EAPoL-Logoff packet so the switch still thought that the device off the back of the phone was connected.
There are no EAPoL-Logoff messages seen on switch when laptop is disconnected/port is shut down.
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_1.99/Dot1X_Deployment/Dot1x_Dep_Guide.html#wp386903
This feature is supported by most IP phones - I do not know if Mitel phones support that but we cannot see this message in the debugs you sent.
As a workaround we can configure inactivity timer (by default it is infinity):
http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_55_se/commmand/reference/cli1.html#wp11888691
This did resolve all our issues,
Aaron -
AIR-AP1141N connected to Cisco linksys E1200
Does anyone know if it possible to get dhcp service to an AP1141N when it is connected to > Cisco Linksys E1200 > cable modem?
The AP gets an IP for the BVI1 interface, the client associates but I get no IP assigment for the client.
What am I missing?
You may be wondering why I am doing this considering that the linksys is already wireless router. It is just a test to see if it possible. The linksys provides IP's and internet access just fine when the AP is not in the mix.At one time I had a netgear wireless router and I was able to make this work. I replaced the netgear with the cisco linksys E1200 and now I cannot get it to work.
Attached is the AP config that I used when the netgear was in use.
The only think that is different now is that the IP addr that is assigned to the BVI1 interface.
The default gate on the netgear was the same as you see here.
=
Building configuration...
Current configuration : 2109 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname mbtest
logging rate-limit consol
no aaa new-model
dot11 syslog
dot11 ssid mbvisitor
vlan 101
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 10681B415124185A54
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
encryption vlan 101 mode ciphers aes-ccm
ssid mbvisitor
antenna gain 0
speed basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
no dot11 extension aironet
interface Dot11Radio0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
no keepalive
i
interface GigabitEthernet0.101
encapsulation dot1Q 101
no ip route-cache
bridge-group 101
no bridge-group 101 source-learning
bridge-group 101 spanning-disabled
interface BVI1
ip address 192.168.1.4 255.255.255.0
no ip route-cache
ip default-gateway 192.168.1.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
line con 0
line vty 0 4
login local -
Hi All
I am new to the CISCO ACS software ,at present our vpn clients are being authenticated using the cisco acs
My problem is when they get connected they are being assigned with a subnet mask and gateway can any one help me to find out where it is configured and how can it be changed .
NOTE :- there is no radius attribute IETF configured on the acsVPN users do not necessarily receive their ip address and mask etc via radius. This may very well be performed by an ip pool on the vpn device. In that case, only the authentication would be done via ACS.
What device are you using?
Can you post the config?
regards,
Leo -
ACE 4700 and Cisco ACS aaa authentication
ACE version Software
loader: Version 0.95
system: Version A1(7b) [build 3.0(0)A1(7b)
Cisco ACS version 4.0.1
I am trying to authenticate admin users with AAA authentication for ACE management.
This is what I've done:
ACE-lab/Admin(config)# tacacs-server host 192.168.3.10 key 123456 port 49
warning: numeric key will not be encrypted
ACE-lab/Admin(config)# aaa group server tacacs+ cciesec
ACE-lab/Admin(config-tacacs+)# server ?
<A.B.C.D> TACACS+ server name
ACE-lab/Admin(config-tacacs+)# server 192.168.3.10
can not find the TACACS+ server
specified TACACS+ server not found, please configure it using tacacs-server host ... and then retry
ACE-lab/Admin(config-tacacs+)#
Why am I getting this error? I have full
connectivity between the ACE and the ACS
server. Furthermore, the ACS server
works fine with other Cisco IOS devices.
Please help. Thanks.Thanks. Now I have another problem. I CAN
log into the ACE via tacacs+ account(s).
However, I get error when I try going into
configuration mode:
ACE-lab login: ngx1
Password:
Cisco Application Control Software (ACSW)
TAC support: http://www.cisco.com/tac
Copyright (c) 1985-2007 by Cisco Systems, Inc. All rights reserved.
The copyrights to certain works contained herein are owned by
other third parties and are used and distributed under license.
Some parts of this software are covered under the GNU Public
License. A copy of the license is available at
http://www.gnu.org/licenses/gpl.html.
ACE-lab/Admin# conf t
^
% invalid command detected at '^' marker.
ACE-lab/Admin#
The ngx1 account can access other Cisco
routers/switches just fine and can go into
enable mode just fine. Only issue on the ACE.
Any ideas? Thanks. -
Hi all,
I have a cisco ACS V.4.0 server and want to get the config file. How can I get the CLI command prompt ? Or, Any where I can get the config file ?
Thanks
Leung Che ManYou can always take ACS backup from the GUI by going to System Configuration >> Click ACS Backup >> enter the FTP information >> Backup now.
Performing a Manual ACS Backup
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/sba.html#wp222516
Once you connected to ACS via CLI the default username and password if not changed would be
user= Administrator
Pass= setup
Establishing a Serial Console Connection
http://cisco.biz/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/appliance/instalap.html#wpxref17544
Backing Up ACS Data From the Serial Console
http://cisco.biz/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/4.0/installation/guide/appliance/admap.html#wp1057928
Regds,
JK
Do rate helpful posts- -
Issue with certifcate on Cisco ACS
We are wanting to authenticate our internal wireless users using our Cisco ACS running 5.3. The ACS will poll our Active Directory environment for the username and password provided. I created a CSR on the ACS and provided it to Entrust. They provided me with a root, chain and server certificate. I binded the server certificate to the CSR under System Administration>Local Server Certificates>Local Certificates. I then added the chain and root certificates to the location Users and Identity Stores>Certificate Authorities. When I try to connect on a client laptop it asks for a username and password but after entering that information I am presented with the below certificate warning. This certificate is from Entrust and I see the root certificate in the root store on the laptop. Any ideas what would cause this. TAC does not seem to have any answers. They say it is a client machine problem.
From the problem description, it's clear that you're attempting to connect user on a wireless network via peap. From the ACS stand point, your configuration looks good. However, I'd like to know what all certificate have you installed on the client side. Do we have complete chain installed on the client that includes Root CA and intermediate (if any). Would you mind emailing me your complete certificate chain for my reference?
Also, let me know what OS and supplicant are we running on end client?
~BR
Jatin Katyal
**Do rate helpful posts** -
How many concurrent connections that an ACS server version 4.2 latest patch can handle?
I have about 50 routers and layer-3 switches that autheticate via tacacs+. The AAA server used to be on a Linux machine running open-source tacacs+ built by me. I have a perl script that will log into all 50 devices at the same time to collect statistics. This script is multi-threaded. Everything is working fine so far.
I recently out-sourced the AAA function to a 3rd party company, not by my choice. The 3rd party uses Cisco ACS version 4.2 with the latest patch running on Windows 2003 Enterprise Server with 16GB RAM and quad processors with quad-cores, IBM x3650-M2 hardware. The connectivity between the 3rd party and my company is through a DS-3 connection. Maximum bandwidth over this DS-3 connection is less than 10Mbps at most.
I noticed that for the past 3 months I have multiple failures with this perl script due to authentication failure with the ACS server. If I just run the script again a few routers/switches, there are no issues; however, whenever I started the script to log into 50 devices all at the same time, it will fail. If I made the configuration on all routers/switches to point back to the old open-source tacacs+ server, the issue goes away. The minute I switched back to the
new ACS server, the issue came back. If I modified the script to hit one device at a time, it works fine. I think it is the ACS server can not handle a lot
of AAA requests at the same time.
Does anyone know how many concurrent connections that an ACS 4.2, with latest patches on Windows 2003 Enterprise Server with lot of memory and CPU power, can handle? I can't seem to find this anywhere on Cisco website.
Thanks in advance.No, Im not saying ACS cannot cope.
Concurrency and latency are very different things. ACS CSTacacs can handle many 100s of simple authentications/authorisations per second with users in the internal database. If 1000s of devices all send traffic in the same instant it would take some seconds to work through the backlog of traffic.
Also, worth considering that a limited number of tasks within ACS (or threads) can actually handle a much greater number of "logins" because they are generally multi-message allowing ACS to keep lots of plates spinning.
If users are in an external databases the latency (per authentication) can increase depending on where the users are (eg Windows AD) and if bad enough can have a serious effect on the overall authentication rate. At which point customers normally turn to load balancing.
If your device timeouts are 20 seconds (totally reasonable) I suggest the issue is more likely to be something else... a bug, perhaps specific to v4.2? -
VPN client connect to CISCO 887 VPN Server bat they stop at router!!
Hi
my scenario is as follows
SERVER1 on lan (192.168.5.2/24)
|
|
CISCO-887 (192.168.5.4) with VPN server
|
|
INTERNET
|
|
VPN Cisco client on xp machine
My connection have public ip address assegned by ISP, after ppp login.
I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN.
They can ping only router!!!
They are configured with Cisco VPN client (V5.0.007) with "Enabled Trasparent Tunnelling" and "IPSec over UDP NAT/PAT".
What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
Peraps ACL problem?
Building configuration...
Current configuration : 5019 bytes
! Last configuration change at 05:20:37 UTC Tue Apr 24 2012 by adm
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname gate
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
memory-size iomem 10
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-453216506
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-453216506
revocation-check none
rsakeypair TP-self-signed-453216506
crypto pki certificate chain TP-self-signed-453216506
certificate self-signed 01
quit
ip name-server 212.216.112.222
ip cef
no ipv6 cef
password encryption aes
license udi pid CISCO887VA-K9 sn ********
username adm privilege 15 secret 5 *****************
username user1 secret 5 ******************
controller VDSL 0
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EXTERNALS
key 6 *********\*******
dns 192.168.5.2
wins 192.168.5.2
domain domain.local
pool SDM_POOL_1
save-password
crypto isakmp profile ciscocp-ike-profile-1
match identity group EXTERNALS
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA1
set isakmp-profile ciscocp-ike-profile-1
interface Loopback0
ip address 10.10.10.10 255.255.255.0
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
ip address 192.168.5.4 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ******@*******.****
ppp chap password 0 alicenewag
ppp pap sent-username ******@*******.**** password 0 *********
ip local pool SDM_POOL_1 192.168.5.20 192.168.5.50
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
dialer-list 1 protocol ip permit
line con 0
line aux 0
line vty 0 4
transport input all
endHello,
Your pool of VPN addresses is overlapping with the interface vlan1.
Since proxy-arp is disabled on that interface, it will never work
2 solutions
1- Pool uses a different network than 192.168.5
2- Enable ip proxy-arp on interface vlan1
Cheers,
Olivier
Maybe you are looking for
-
Black screen after login, Mountain Lion on Macbook pro 13 inch early 2011 SSD 256 GB
After entering my pw at the login screen, I get a black screen This started after battery got fully drained accidentally. It has happened in the past after battery gets fully drained accidentally, and I have to reboot several times until it boots pro
-
The following issues exist when you run the diagnostic tools without the debugger for Windows universal app projects (Debug > Start Diagnostic Tools without Debugging): When the startup project is a C++ universal app set to deploy to a physical Windo
-
I have lost all sound,webcam & dvd driver
I have tried re-installing drivers. But shows as no device's found
-
How SAP integrate with XML interface & Easyship applications for labelling
Dear All, My client has a requirement to use DHL for its shipments and shipment labelling is required. However, as per DHL's response that DHL Express label is a complex presentation that does not lend itself the standard labeling options under SAP,
-
Pages spell check and Mac dictionary
I find it annoying that Pages' spell-check is not synchronized with Mac Dictionary/Thesaurus. There are words I type that are shown as misspelled, but exist in the Dictionary program. Why not sync the two? It's annoying how many legitimate words Page