MGCP error
Hello,
I have two fxs ports as mgcp gateways defined. The ports should be used as fax gateways. Now I have a problem with internal fax transmissions.
Does anyone know what this debug output means (Cisco 1760 router)
/MGCP/mgcp_mp_get_not_entity(830):[lvl=2]Invalid parameter (pkt 0x850AA7B8 pkt->mgcp_parm_lines 0x
best regards
patrick
This problem may be on Fax failures on inbound and outbound calls through PSTN GW. Remove MGCP PRE package and try. It may be also T1 issues.
Similar Messages
-
I am trying to register my MGCP gateway for use with 10 PRI E1 channels
But debug mgcp error dives the following
000132: *Dec 3 16:47:03.551 GMT: //-1/xxxxxxxxxxxx/MGCP/mgcp_mp_get_not_entity(830):[lvl=2]Invalid parameter (pkt 0x67A43378 pkt->mgcp_parm_lines 0x00000000)
How do I find what parameter this is.
show ccm
No configurations downloaded
Current state: Downloading XML file
Configuration Download statistics:
Download Attempted : 1
Download Successful : 0
Download Failed : 0
TFTP Download Failed : 19
Configuration Attempted : 0
Configuration Successful : 0
Configuration Failed(Parsing): 0
Any help is appreciated.My host name was to long reduced it and now my gateway has registered
-
ASA 5505, error in Access Rule
Hello.
Tha ASA 5505 is working, but I try to allow http and https from internet to a server running 2012 Essentials. The server has the internal IP 192.168.0.100. I have created an Object called SERVER with IP 192.168.0.100
The outside Interface is called ICE
I have configured NAT:
I have also configured Access Rules:
But when I test it With the Packet Tracer I get an error:
Whats wrong With the Access Rule?
I do prefer the ASDM :)
Best regards AndreasHello Jeevak.
This is the running config (Vlan 13 (Interface ICE) is the one in use:
domain-name DOMAIN.local
names
name 192.168.0.150 Server1 description SBS 2003 Server
name 192.168.10.10 IP_ICE
name x.x.x.0 outside-network
name x.x.x.7 IP_outside
name 192.168.0.100 SERVER description Hovedserver
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
interface Vlan2
description Direct Connect
backup interface Vlan13
nameif outside
security-level 0
pppoe client vpdn group PPPoE_DirectConnect
ip address pppoe
interface Vlan3
description Gjestenettet
nameif dmz
security-level 50
ip address 10.0.0.1 255.255.255.0
interface Vlan13
description Backupnett ICE
nameif ICE
security-level 0
ip address IP_ICE 255.255.255.0
interface Vlan23
description
nameif USER
security-level 50
ip address 10.1.1.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 13
interface Ethernet0/2
switchport access vlan 23
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
switchport access vlan 3
interface Ethernet0/7
switchport access vlan 3
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns domain-lookup dmz
dns server-group DefaultDNS
domain-name DOMAIN.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_access_in extended permit tcp any host IP_outside eq https
access-list outside_access_in extended permit tcp any host IP_outside eq www
access-list outside_access_in extended permit icmp any host IP_outside echo-reply
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list outside_access_in remark For RWW
access-list DOMAINVPN_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 192.168.0.192 255.255.255.192
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.192 255.255.255.192
access-list DOMAIN_VPN_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
access-list ICE_access_in extended permit tcp any host IP_ICE eq https
access-list ICE_access_in extended permit tcp any host IP_ICE eq www
access-list ICE_access_in extended permit icmp any host IP_ICE echo-reply
access-list ICE_access_in remark For RWW
access-list ICE_access_in remark For RWW
access-list USER_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm warnings
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu ICE 1500
mtu USER 1500
ip local pool VPNPool 192.168.10.210-192.168.10.225 mask 255.255.255.0
no failover
monitor-interface inside
monitor-interface outside
monitor-interface dmz
monitor-interface ICE
monitor-interface USER
icmp unreachable rate-limit 1 burst-size 1
icmp permit outside-network 255.255.255.0 outside
icmp permit 192.168.10.0 255.255.255.0 ICE
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (ICE) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (dmz) 1 10.0.0.0 255.255.255.0
nat (USER) 1 10.1.1.0 255.255.255.0
static (inside,ICE) tcp interface www SERVER www netmask 255.255.255.255
static (inside,outside) tcp interface www SERVER www netmask 255.255.255.255
static (inside,ICE) tcp interface https SERVER https netmask 255.255.255.255
static (inside,outside) tcp interface https SERVER https netmask 255.255.255.255
access-group outside_access_in in interface outside
access-group ICE_access_in in interface ICE
access-group USER_access_in in interface USER
route outside 0.0.0.0 0.0.0.0 x.x.x.1 1 track 123
route ICE 0.0.0.0 0.0.0.0 192.168.10.1 254
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 1
type echo protocol ipIcmpEcho x.x.x.1 interface outside
num-packets 3
frequency 10
sla monitor schedule 1 life forever start-time now
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
track 123 rtr 1 reachability
no vpn-addr-assign local
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
dhcpd address 10.0.0.10-10.0.0.39 dmz
dhcpd dns y.y.y.2 z.z.z.z interface dmz
dhcpd lease 6000 interface dmz
dhcpd enable dmz
dhcpd address 10.1.1.100-10.1.1.120 USER
dhcpd dns y.y.y.2 z.z.z.z interface USER
dhcpd lease 6000 interface USER
dhcpd domain USER interface USER
dhcpd enable USER
ntp server 64.0.0.2 source outside
group-policy DOMAIN_VPN internal
group-policy DOMAIN_VPN attributes
dns-server value 192.168.0.150
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value DOMAIN_VPN_splitTunnelAcl
default-domain value DOMAIN.local
class-map inspection_default
match default-inspection-traffic
class-map imblock
match any
class-map P2P
match port tcp eq www
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map type inspect im impolicy
parameters
match protocol msn-im yahoo-im
drop-connection log
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp
policy-map type inspect http P2P_HTTP
parameters
match request uri regex _default_gator
drop-connection log
match request uri regex _default_x-kazaa-network
drop-connection log
match request uri regex _default_msn-messenger
drop-connection log
match request uri regex _default_gnu-http-tunnel_arg
drop-connection log
policy-map IM_P2P
class imblock
inspect im impolicy
class P2P
inspect http P2P_HTTP
service-policy global_policy global
service-policy IM_P2P interface inside
prompt hostname context
: end
asdm image disk0:/asdm-524.bin
asdm location Server1 255.255.255.255 inside
asdm location IP_ICE 255.255.255.255 inside
asdm location outside-network 255.255.255.0 inside
asdm location SERVER 255.255.255.255 inside
no asdm history enable
What is wrong? Everything Works well except port forwarding.
Andreas -
B-channel oos and protocol error 510
Dear all,
I have some some issue couple of days ago. The telephony system of my client worked well and suddenly the cannot make external calls via E1. I checked the config and for me it seems to be ok. When I checked the SDL file, I can see the B channel out of service error message following by the
"MGCP PROTOCOL ERROR: <S1/SU1/DS1-0/[email protected]> CRCX error code: 510". They have A CUCM 6.0 and Cisco 2821 as gateway with 12.4 (25f) advance IP service IOS.
I perform the following actions without success:
-From the CUCM in the advance service I forced the Bchannel to bring it in service,
- no mgcp/mgcp, -reboot the CUCM and the Gateway,
-reset the controller throug CUCM,... in vain.
They contacted telco and has confirm that everything seems to be ok. Find below the information that can help you to undestand better
#sh run brief
Building configuration...
Current configuration : 4859 bytes
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname ATD-CCM-GW
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
aaa new-model
aaa authentication login default local
aaa authentication login local_authen local
aaa authorization exec default local
aaa authorization exec local_author local
aaa session-id common
clock timezone A 1
network-clock-participate slot 1
network-clock-select 1 E1 1/1/0
ip cef
ip domain name xx.xxxx.xxx
ip host ATD-CCM1 10.10.10.100
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
isdn switch-type primary-net5
isdn logging
voice-card 0
dspfarm
dsp services dspfarm
voice-card 1
no dspfarm
no voice call carrier capacity active
voice rtp send-recv
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729br8 bytes 40
voice class h323 1
h225 timeout tcp establish 3
crypto pki trustpoint TP-self-signed-635937996
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-635937996
revocation-check none
rsakeypair TP-self-signed-635937996
crypto pki certificate chain TP-self-signed-635937996
certificate self-signed 01
application
service alternate Default
controller E1 1/1/0
framing NO-CRC4
pri-group timeslots 1-31 service mgcp
interface GigabitEthernet0/0
description to_CCM
ip address 10.10.10.254 255.255.255.0
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface Serial1/1/0:15
no ip address
encapsulation hdlc
isdn switch-type primary-net5
isdn overlap-receiving
isdn incoming-voice voice
isdn bind-l3 ccm-manager
isdn bchan-number-order ascending
isdn sending-complete
no cdp enable
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.10..253
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
logging trap debugging
control-plane
voice-port 1/0/0
timing hookflash-out 50
voice-port 1/0/1
signal groundStart
timing hookflash-out 50
voice-port 1/0/2
signal groundStart
timing hookflash-out 50
voice-port 1/0/3
signal groundStart
timing hookflash-out 50
voice-port 1/1/0:15
ccm-manager fallback-mgcp
ccm-manager mgcp
no ccm-manager fax protocol cisco
ccm-manager music-on-hold
ccm-manager config server ATD-CCM1
ccm-manager config
mgcp
mgcp call-agent 10.10.10.100 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp modem passthrough voip redundancy
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
mgcp default-package fxr-package
no mgcp package-capability res-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
no mgcp explicit hookstate
mgcp rtp payload-type g726r16 static
mgcp bind control source-interface GigabitEthernet0/0
mgcp bind media source-interface GigabitEthernet0/0
mgcp profile default
dial-peer voice 999101 pots
service mgcpapp
port 1/0/1
forward-digits all
dial-peer voice 999102 pots
service mgcpapp
port 1/0/2
forward-digits all
dial-peer voice 999103 pots
service mgcpapp
port 1/0/3
forward-digits all
dial-peer voice 1 pots
service mgcpapp
incoming called-number .
direct-inward-dial
port 1/1/0:15
forward-digits all
dial-peer voice 999100 pots
service mgcpapp
port 1/0/0
gateway
timer receive-rtp 1200
scheduler allocate 20000 1000
ntp clock-period 17180351
ntp update-calendar
ntp server 10.10.10.9 source GigabitEthernet0/0
end
#sh controller e1
E1 1/1/0 is up.
Applique type is Channelized E1 - balanced
No alarms detected.
alarm-trigger is not set
Version info Firmware: 20090113, FPGA: 20, spm_count = 0
Framing is NO-CRC4, Line Code is HDB3, Clock Source is Line.
Current port master clock:recovered from backplane
Data in current interval (225 seconds elapsed):
0 Line Code Violations, 0 Path Code Violations
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
Total Data (last 3 15 minute intervals):
0 Line Code Violations, 0 Path Code Violations,
0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
#sh ccm-manager
MGCP Domain Name: ATD-CCM-GW.xx.xxxx.xxx
Priority Status Host
============================================================
Primary Registered 10.10.10.100
First Backup None
Second Backup None
Current active Call Manager: 10.10.10.100
Backhaul/Redundant link port: 2428
Failover Interval: 30 seconds
Keepalive Interval: 15 seconds
Last keepalive sent: 15:31:24 UTC Oct 19 2012 (elapsed time: 00:00:09)
Last MGCP traffic time: 15:31:24 UTC Oct 19 2012 (elapsed time: 00:00:09)
Last failover time: None
Last switchback time: None
Switchback mode: Graceful
MGCP Fallback mode: Enabled/OFF
Last MGCP Fallback start time: None
Last MGCP Fallback end time: None
MGCP Download Tones: Disabled
TFTP retry count to shut Ports: 2
Backhaul Link info:
Link Protocol: TCP
Remote Port Number: 2428
Remote IP Address: 10.10.10.100
Current Link State: OPEN
Statistics:
Packets recvd: 11
Recv failures: 0
Packets xmitted: 18
Xmit failures: 0
PRI Ports being backhauled:
Slot 1, VIC 1, port 0
Configuration Auto-Download Information
=======================================
Current version-id: 1350042385-8bfc9ed0-f85e-4435-8baf-3ad1ceefb55c
Last config-downloaded:00:00:00
Current state: Waiting for commands
Configuration Download statistics:
Download Attempted : 1
Download Successful : 1
Download Failed : 0
TFTP Download Failed : 0
Configuration Attempted : 1
Configuration Successful : 1
Configuration Failed(Parsing): 0
Configuration Failed(config) : 0
Last config download command: New Registration
Configuration Error History:
controller E1 1/1/0
no pri-group timeslots 1-31
FAX mode: disable
#debug isdn q931
#debug mgcp packet
009112: Oct 20 12:48:50.374: MGCP Packet received from 10.10.10.100:2427--->
CRCX 2359 S1/SU1/DS1-0/[email protected] MGCP 0.1
C: D000000001fbf9aa000000F500000001
X: 1f
L: p:20, a:PCMU, s:off, t:00
M: recvonly
R: D/[0-9ABCD*#]
Q: process,loop
<---
009113: Oct 20 12:48:50.382: MGCP Packet sent to 10.10.10.100:2427--->
200 2359 OK
I: 8
v=0
c=IN IP4 10.10.10.254
m=audio 18274 RTP/AVP 0 100
a=rtpmap:100 X-NSE/8000
a=fmtp:100 192-194
<---
009114: Oct 20 12:48:50.386: ISDN Se1/1/0:15 Q931d: srl_send_l3_pak:
source_id = CCM MANAGER 0x0003, dest_id = Q.921 0x0000, prim = DL_DATA_REQ 0x0240
priv_len = 4 int_id = 0x4636A628 datasize = 64
009115: Oct 20 12:48:50.386: ISDN Se1/1/0:15 Q931d: data =
009116: Oct 20 12:48:50.386: 4636A628000000030240043800010000
009117: Oct 20 12:48:50.386: 0802000105A104038090A31803A9839F
009118: Oct 20 12:48:50.386: 280B526F6C616E64202D2049546C0601
009119: Oct 20 12:48:50.386: 81313232307009803636393332313933
009120: Oct 20 12:48:50.386:
009121: Oct 20 12:48:50.434: MGCP Packet received from 10.10.10.100:2427--->
MDCX 2360 S1/SU1/DS1-0/[email protected] MGCP 0.1
C: D000000001fbf9aa000000F500000001
I: 8
X: 1f
L: p:20, a:PCMU, s:off, t:b8, fxr/fx:t38
M: recvonly
R: D/[0-9ABCD*#]
Q: process,loop
<---
009122: Oct 20 12:48:50.438: MGCP Packet sent to 10.10.10.100:2427--->
510 2360 fx: setting cannot be supported
<---
009123: Oct 20 12:48:50.438: ISDN Se1/1/0:15 Q931d: srl_send_l3_pak:
source_id = CCM MANAGER 0x0003, dest_id = Q.921 0x0000, prim = DL_DATA_REQ 0x0240
priv_len = 4 int_id = 0x4636A628 datasize = 25
009124: Oct 20 12:48:50.438: ISDN Se1/1/0:15 Q931d: data =
009125: Oct 20 12:48:50.438: 4636A628000000030240043800010000
009126: Oct 20 12:48:50.438: 0802000145080280AF
009127: Oct 20 12:48:50.462: MGCP Packet received from 10.10.10.100:2427--->
DLCX 2361 S1/SU1/DS1-0/[email protected] MGCP 0.1
C: D000000001fbf9aa000000F500000001
I: 8
X: 1f
S:
<---
ATD-CCM-GW#
009128: Oct 20 12:48:50.478: MGCP Packet sent to 10.10.10.100:2427--->
250 2361 OK
P: PS=0, OS=0, PR=0, OR=0, PL=0, JI=0, LA=0
<---
009129: Oct 20 12:48:50.478: ISDN Se1/1/0:15 Q931d: srl_send_l3_pak:
source_id = CCM MANAGER 0x0003, dest_id = Q.921 0x0000, prim = DL_DATA_REQ 0x0240
priv_len = 4 int_id = 0x4636A628 datasize = 21
009130: Oct 20 12:48:50.478: ISDN Se1/1/0:15 Q931d: data =
009131: Oct 20 12:48:50.478: 4636A628000000030240043800010000
009132: Oct 20 12:48:50.478: 080200015A
ATD-CCM-GW#
009133: Oct 20 12:49:03.002: MGCP Packet received from 10.10.10.100:2427--->
CRCX 2362 S1/SU1/DS1-0/[email protected] MGCP 0.1
C: D000000001fbf9ac000000F500000002
X: 1e
L: p:20, a:PCMU, s:off, t:b8, fxr/fx:t38
M: recvonly
R: D/[0-9ABCD*#]
Q: process,loop
<---
#sh mgcp statistics
UDP pkts rx 270, tx 270
Unrecognized rx pkts 0, MGCP message parsing errors 0
Duplicate MGCP ack tx 0, Invalid versions count 0
CreateConn rx 10, successful 1, failed 9
DeleteConn rx 1, successful 1, failed 0
ModifyConn rx 1, successful 0, failed 1
DeleteConn tx 0, successful 0, failed 0
NotifyRequest rx 0, successful 0, failed 0
AuditConnection rx 0, successful 0, failed 0
AuditEndpoint rx 61, successful 61, failed 0
RestartInProgress tx 4, successful 4, failed 0
Notify tx 193, successful 193, failed 0
ACK tx 63, NACK tx 10
ACK rx 197, NACK rx 0
IP address based Call Agents statistics:
IP address 10.10.10.100, Total msg rx 270,
successful 260, failed 10
System resource check is DISABLED. No available statistic
DS0 Resource Statistics
Utilization: 0.00 percent
Total channels: 34
Addressable channels: 34
Inuse channels: 0
Disabled channels: 0
Free channels: 34
sh controller e1
#sh network-clocks
Network Clock Configuration
Priority Clock Source Clock State Clock Type
1 E1 1/1/0 GOOD E1
10 Backplane GOOD PLL
Current Primary Clock Source
Priority Clock Source Clock State Clock Type
1 E1 1/1/0 GOOD E1
Thanks for your helpThe explanation for your syslog message is " The B-channel indicated by this alarm has gone out of service. Some of the more common reasons for a B-channel to go out of service include: Taking the channel out of service intentionally to perform maintenance on either the near- or far-end; MGCP gateway returns an error code 501 or 510 for a MGCP command sent from Cisco Unified Communications Manager (Unified CM); MGCP gateway doesn't respond to an MGCP command sent by Unified CM three times; a speed and duplex mismatch exists on the Ethernet port between Unified CM and the MGCP gateway"
Recommended action:
Check the Unified CM advanced service parameter, Change B-channel Maintenance Status to determine if the B-channel has been taken out of service intentionally; Check the Q.931 trace for PRI SERVICE message to determine whether a PSTN provider has taken the B-channel out of service; Reset the MGCP gateway; Check the speed and duplex settings on the Ethernet port. -
Site to Site VPN Setup: Error processing payload: Payload ID: 1
Hello,
I am currently getting the error Error processing payload: Payload ID: 1 when attempting to connect an old RV082 (local) to an ASA5520 (in lab). I'm not really sure what is causing this, going through what I've found via Google hasn't really helped much and I was hoping one of you could point me in the right direction.
I've attached a screen grab of the RV configuration and below is an (abridged) copy of the running config from the ASA. Any and all help would be amazing, I'm sure it's something simple that I'm overlooking but I just don;t have the experience with Cisco gear to nail it down.
Thank you very much!
Result of the command: "show running-config"
: Saved
ASA Version 9.0(3)
hostname epath-asa02
domain-name epathlearning.com
enable password hqamp6WHO7djZ5fP encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool REMOTE_VPN_POOL 192.168.5.201-192.168.5.205 mask 255.255.255.0
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address xx.xx.xx.xx 255.255.255.254
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 192.168.5.1 255.255.255.0
interface GigabitEthernet0/2
nameif storage
security-level 100
ip address 192.168.6.1 255.255.255.0
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
boot system disk0:/asa903-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 192.168.5.4
name-server 8.8.8.8
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu storage 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
asdm image disk0:/asdm-715-100.bin
asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,inside) source static any any destination static NETWORK_OBJ_192.168.5.200_29 NETWORK_OBJ_192.168.5.200_29 no-proxy-arp route-lookup
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.5.200_29 NETWORK_OBJ_192.168.5.200_29 no-proxy-arp route-lookup
nat (inside,outside) source static DMZ_Network DMZ_Network destination static NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.5.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer 208.103.76.212
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
email [email protected]
subject-name CN=xxxxxx
serial-number
ip-address xx.xx.xx.xx
keypair xxxxxxxxxxxxxx
proxy-ldc-issuer
crl configure
crypto ca trustpoint ASDM_TrustPoint1
crl configure
crypto ca trustpoint localtrust
crl configure
crypto ca trustpool policy
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
6c2527b9 deb78458 c61f381e a4c4cb66
quit
crypto ca certificate chain ASDM_TrustPoint0
certificate 825b0a53
308202c0 30820229 a0030201 02020482 5b0a5330 0d06092a 864886f7 0d010105
05003072 31143012 06035504 03130b65 70617468 2d617361 3032315a 30120603
55040513 0b4a4d58 31343531 4c314139 30180609 2a864886 f70d0109 08130b36
342e3134 2e38362e 3432302a 06092a86 4886f70d 01090216 1d657061 74682d61
73613032 2e657061 74686c65 61726e69 6e672e63 6f6d301e 170d3134 30323235
32313232 35345a17 0d323430 32323332 31323235 345a3072 31143012 06035504
03130b65 70617468 2d617361 3032315a 30120603 55040513 0b4a4d58 31343531
4c314139 30180609 2a864886 f70d0109 08130b36 342e3134 2e38362e 3432302a
06092a86 4886f70d 01090216 1d657061 74682d61 73613032 2e657061 74686c65
61726e69 6e672e63 6f6d3081 9f300d06 092a8648 86f70d01 01010500 03818d00
30818902 818100b4 95aafc2d e42e5ae5 18bdaebb 757c1062 1a841b50 81fe1416
64477fdb e191122d 8ffd10e5 4e4259fd 3e7ee914 6ab0ef7f 1c6291b4 03400042
ea19a125 401a274e 7e123153 d1a20628 1f870ccd 8b53d059 0948c352 83555659
a6d8ea17 87c25e3e 68d1d910 6157f218 4720733f 533f5784 e740c252 79981a4b
c8cfa891 7469ef02 03010001 a3633061 300f0603 551d1301 01ff0405 30030101
ff300e06 03551d0f 0101ff04 04030201 86301f06 03551d23 04183016 8014b0c8
dcea285f e8e1df05 8cf6558a 44a4875a 32a5301d 0603551d 0e041604 14b0c8dc
ea285fe8 e1df058c f6558a44 a4875a32 a5300d06 092a8648 86f70d01 01050500
03818100 54840176 9be7ba91 9d2dfa04 b3bebc8a 77dac595 4abef8d0 1c277a28
ea3cbbc9 65375d40 788f1349 e996d0a9 2f6923ef b47713a5 e5d2a03e 557b2a0d
c3042510 0c2d2a86 2c20aa31 71c38e1c 1f4227ad c676ffeb 684dfde4 d85a0ee8
06ecc072 fe261a36 58ee85cb c5b16004 adebae26 8105605a c6efed38 0c43acfd
acb0c31d
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 enable inside
crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
crypto ikev1 enable outside
crypto ikev1 enable inside
crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.168.5.3 255.255.255.255 inside
telnet timeout 5
ssh scopy enable
ssh 192.168.5.0 255.255.255.0 inside
ssh timeout 60
console timeout 0
management-access inside
dhcp-client update dns server both
dhcpd address 192.168.5.100-192.168.5.120 inside
dhcpd dns 192.168.5.4 8.8.4.4 interface inside
dhcpd update dns both override interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 12.10.191.251 source outside prefer
ssl trust-point ASDM_TrustPoint0 outside
ssl trust-point ASDM_TrustPoint0 inside
webvpn
enable outside
enable inside
anyconnect image disk0:/anyconnect-win-3.1.05152-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-3.1.05152-k9.pkg 2
anyconnect image disk0:/anyconnect-linux-64-3.1.05152-k9.pkg 3
anyconnect profiles Production_client_profile disk0:/Production_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
default-domain value
group-policy DfltGrpPolicy attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
group-policy GroupPolicy_Production internal
group-policy GroupPolicy_Production attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev2 ssl-client
default-domain value
webvpn
anyconnect profiles value Production_client_profile type user
group-policy GroupPolicy_208.103.76.212 internal
group-policy GroupPolicy_208.103.76.212 attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec
username zzzzzzzzzzzzzz password pwoiKxeLmKvYDJf5 encrypted
username root password nSkWYNJFu52Wl56e encrypted
tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
tunnel-group DefaultRAGroup general-attributes
address-pool REMOTE_VPN_POOL
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool REMOTE_VPN_POOL
authorization-server-group LOCAL
dhcp-server 192.168.5.1
authorization-required
tunnel-group Production type remote-access
tunnel-group Production general-attributes
address-pool REMOTE_VPN_POOL
default-group-policy GroupPolicy_Production
strip-realm
strip-group
tunnel-group Production webvpn-attributes
group-alias Production enable
tunnel-group 208.103.xxx.xxx type ipsec-l2l
tunnel-group 208.103.xxx.xxx general-attributes
default-group-policy GroupPolicy_208.103.xxx.xxx
tunnel-group 208.103.xxx.xxx ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
service call-home
call-home reporting anonymous
call-home
contact-email-addr [email protected]
profile CiscoTAC-1
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:9f04ecc9900e65a838e26d06af93a5be
: endHello,
It seems you are establishing ikev1 site to site vpn to linksys router.
On linksys router you have configured phase 1 policy to use aes-256, g5 and sha-1 where as non of the ikev1 policy on asa match matchs with it. Configure ikev1 policy to match the parameters on ASA.
crypto ikev1 policy 15
authentication pre-share
encryption aes-256
hash sha
group 5
HTH
"Please rate helpful posts" -
Getting 413 errors on a 5505 firewall.
I am very new to Cisco 5505 firewalls and have been trying to troubleshoot a VPN connectivity issue over the past few days. Recently the AT&T router was tested and nothing is being blocked from it. Since I do not know much about the firewall, I am unsure if there is an issue with the config or if the problem lies elsewhere. When I initially log in into the firewall I noticed that the DMZ interface shows Line down, Link down. The other interfaces, inside and outside, both show up, up. I am not sure if the DMZ should show down, down or not. I was not the tech that set this firewall up so checking the config really does not tell me much as I am unfamiliar with what I am looking at. The config has been posted below. Any help would be greatly appreciated!!
: Saved
ASA Version 8.2(5)
hostname xxxfw01
domain-name xxxxxx.lcl
enable password zgDyB1JJR5jIt22C encrypted
passwd 5nswNE6Ndj.ogXD4 encrypted
names
name 192.168.1.30 ideacom-adtran-router
name 12.179.58.67 outside-voip
name 10.0.4.0 inside-secondary
name 10.0.0.0 inside-primary
name 12.179.58.68 outside-secondary1
name 12.179.58.69 outside-secondary2
name 12.179.58.70 outside-secondary3
name 192.9.200.0 inside-old
name 12.179.58.71 outside-secondary4
name 12.179.58.72 outside-secondary5
name 12.179.58.73 outside-secondary6
name 12.179.58.74 outside-secondary7
name 12.179.58.75 outside-secondary8
name 12.179.58.126 outside-web-server
name 12.179.58.76 ouside-secondary9
name 12.179.58.77 outside-secondary10
name 12.179.58.78 outside-secondary11
name 12.179.58.79 outside-secondary12
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 2
interface Ethernet0/6
switchport access vlan 2
interface Ethernet0/7
switchport access vlan 3
interface Vlan1
nameif inside
security-level 100
ip address 10.0.1.11 255.255.255.0
ospf cost 10
interface Vlan2
nameif outside
security-level 0
ip address 12.179.58.66 255.255.255.192
ospf cost 10
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
ip address 192.168.1.10 255.255.255.0
ospf cost 10
pim accept-register list PIM_ACCPTREG_ACL
banner motd ATTENTION:
banner motd You are about to log into a private network. Unauthorized access is strictly prohibited.
banner motd Any attempts to do so will result in prosecution to the fullest extent of the law.
banner asdm ATTENTION:
banner asdm You are about to log into a private network. Unauthorized access is strictly prohibited.
banner asdm Any attempts to do so will result in prosecution to the fullest extent of the law.
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.0.2.106
name-server 10.0.2.57
domain-name xxxxxxx.lcl
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network outside-ideacom-voip
network-object host 204.14.39.36
network-object host 204.16.49.4
network-object host 204.16.53.4
network-object host 204.16.57.4
object-group service ideacom-tcp-voip tcp
port-object range h323 1728
port-object range sip 5061
object-group service ideacom-udp-voip udp
port-object range 1024 65535
object-group network outside-secondary-range
network-object host outside-secondary1
network-object host outside-secondary2
network-object host outside-secondary3
network-object host outside-secondary4
object-group icmp-type DM_INLINE_ICMP_1
icmp-object echo
icmp-object echo-reply
access-list PIM_ACCPTREG_ACL extended permit ip 12.179.58.64 255.255.255.192 10.0.1.0 255.255.255.0 inactive
access-list inside_nat_outbound extended permit ip inside-secondary 255.255.255.0 any
access-list outside_access_in extended permit tcp object-group outside-ideacom-voip host ideacom-adtran-router object-group ideacom-tcp-voip inactive
access-list outside_access_in extended permit udp object-group outside-ideacom-voip host ideacom-adtran-router object-group ideacom-udp-voip inactive
access-list outside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1
access-list xxxxxxx-VPN_splitTunnelAcl standard permit inside-primary 255.255.0.0
access-list inside_nat0_outbound extended permit ip inside-primary 255.255.0.0 10.1.1.0 255.255.255.0
access-list DefaultRAGroup_splitTunnelAcl standard permit inside-primary 255.255.0.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool VPN-Pool 10.1.1.1-10.1.1.253 mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 2 outside-secondary1-outside-secondary12 netmask 255.0.0.0
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 access-list inside_nat_outbound norandomseq
nat (inside) 1 inside-primary 255.255.0.0
static (dmz,outside) outside-voip ideacom-adtran-router netmask 255.255.255.255 norandomseq
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 12.179.58.65 1
route inside inside-primary 255.255.0.0 10.0.1.10 1
timeout xlate 0:20:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 10.0.2.106
key *****
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http inside-primary 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps entity config-change
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-128-SHA ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map dmz_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map dmz_map interface dmz
crypto ca server
shutdown
crypto isakmp enable outside
crypto isakmp enable dmz
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh inside-primary 255.255.0.0 inside
ssh timeout 5
ssh version 2
console timeout 10
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 76.169.237.141 source outside
ntp server 69.31.13.15 source outside
ntp server 66.187.224.4 source outside
ntp server 10.0.2.106 source inside prefer
ntp server 75.13.24.211 source outside
ntp server 216.70.13.134 source outside
ntp server 66.102.105.230 source outside
ntp server 207.5.137.134 source outside
ntp server 66.93.39.87 source outside
ntp server 63.111.165.21 source outside
ntp server 67.52.51.34 source outside
ntp server 72.25.103.52 source outside
ntp server 72.3.133.147 source outside
ntp server 72.1.138.113 source outside
ntp server 68.227.90.101 source outside
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.0.2.106 10.0.2.56
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain value xxxxxxx.lcl
group-policy DfltGrpPolicy attributes
group-lock value DefaultWEBVPNGroup
group-policy xxxxxxx-VPN internal
group-policy xxxxxxx-VPN attributes
dns-server value 10.0.2.106 10.0.2.56
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value xxxxxxx-VPN_splitTunnelAcl
default-domain value hlgroup.lcl
username hlgvpn password GAfBJJMk5EnKUdM+KyBXfQ== nt-encrypted
username hlgvpn attributes
vpn-group-policy DefaultRAGroup
username admin password tU0js1787OyO3ldQ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-Pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group xxxxxxx-VPN type remote-access
tunnel-group xxxxxxx-VPN general-attributes
address-pool VPN-Pool
authentication-server-group RADIUS
default-group-policy xxxxxxx-VPN
password-management
tunnel-group xxxxxxx-VPN ipsec-attributes
pre-shared-key *****
tunnel-group xxxxxxx-VPN ppp-attributes
no authentication chap
no authentication ms-chap-v1
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
inspect ctiqbe
inspect dcerpc
inspect dns
inspect ils
inspect ipsec-pass-thru
inspect mgcp
inspect pptp
inspect snmp
inspect waas
inspect sip
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:ca21fc44d2f9d0485564fb474bceeb51
: end
asdm image disk0:/asdm-631.bin
asdm location ideacom-adtran-router 255.255.255.255 inside
asdm location outside-voip 255.255.255.255 inside
asdm location outside-secondary1 255.255.255.255 inside
asdm location inside-secondary 255.255.255.0 inside
asdm location inside-primary 255.255.0.0 inside
asdm location outside-secondary2 255.255.255.255 inside
asdm location outside-secondary3 255.255.255.255 inside
asdm location outside-secondary4 255.255.255.255 inside
asdm location outside-secondary5 255.255.255.255 inside
asdm location outside-secondary6 255.255.255.255 inside
asdm location outside-secondary7 255.255.255.255 inside
asdm location outside-secondary8 255.255.255.255 inside
asdm location outside-web-server 255.255.255.255 inside
asdm location ouside-secondary9 255.255.255.255 inside
asdm location outside-secondary10 255.255.255.255 inside
asdm location outside-secondary11 255.255.255.255 inside
asdm location outside-secondary12 255.255.255.255 inside
no asdm history enableHas this VPN setup ever worked prior to you taking over? If so, do you know of any changes that have been don't to the firewall configuration that could possibly have caused the issue?
Another thing to check out is why the DMZ interface is enabled for VPN.
I suggest making the following change and then test to see if the VPN comes up
no crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
If that solves the problem, next I would check your company's security policy to see if they require a Diffie Hellman group to be used during phase 2 of the VPN setup.
Please remember to select a correct answer and rate helpful posts -
CUOM error when trying to poll performance data from IPCC Express
Hi Network Professionals,
Using CUOM 2.1 SP1 I get an error when trying to access the Performance menu for a IPCC Express Server in the Service Level View.
Error Message:
Performance polling is not supported for the current capability.
The server is fully monitored and I get enviroment, system, interface and application information.
I the Polling Parameters menu (Voice Utilization Settings) the only parameter listed is "Communication Manager and Registred MGCP Gateway Utilization".
The IPCC Express version is 5.0.(2)SR01_Build045.
Is anything missing on the IPCC server? I have only configured it with SNMP.
Kind Regards
Johnny Olsenhi teresa.
well I bother you because I have a problem similar to that raised earlier, I have a vm INTAL CUOM 2.1 SP1 and the problem is that computers add-in-law his administration IPCC view the service level ... but when I fall into a custom group created the group and add the teams the same ip ipcc already visible, in my group I want to generate displays custom cloud but do not show me the equipment, except that I want to add IVR servers and I do not under any circumstances the samples .. lso probe and reset everything and anything related services, install the SP! and nothing. Can you help me with this or if I recommend CUOM up version of the 2.3 that I could not even see the difference with 2.1 CUOM thanks greetings -
Hi everyone,
it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
: Saved
ASA Version 9.1(1)
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ... encrypted
names
name 10.0.1.0 LAN-10-0-1-x
dns-guard
ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif Internal
security-level 100
ip address 10.0.1.254 255.255.255.0
interface Vlan2
nameif External
security-level 0
ip address dhcp setroute
regex BlockFacebook "facebook.com"
banner login This is a monitored system. Unauthorized access is prohibited.
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup Internal
dns domain-lookup External
dns server-group DefaultDNS
name-server 10.0.1.11
name-server 75.153.176.1
name-server 75.153.176.9
domain-name ingo.local
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network LAN-10-0-1-x
subnet 10.0.1.0 255.255.255.0
object network Company-IP1
host xxx.xxx.xxx.xxx
object network Company-IP2
host xxx.xxx.xxx.xxx
object network HYPER-V-DUAL-IP
range 10.0.1.1 10.0.1.2
object network LAN-10-0-1-X
access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389
tcp-map Normalizer
check-retransmission
checksum-verification
no pager
logging enable
logging timestamp
logging list Threats message 106023
logging list Threats message 106100
logging list Threats message 106015
logging list Threats message 106021
logging list Threats message 401004
logging buffered errors
logging trap Threats
logging asdm debugging
logging device-id hostname
logging host Internal 10.0.1.11 format emblem
logging ftp-bufferwrap
logging ftp-server 10.0.1.11 / asa *****
logging permit-hostdown
mtu Internal 1500
mtu External 1500
ip verify reverse-path interface Internal
ip verify reverse-path interface External
icmp unreachable rate-limit 1 burst-size 1
icmp deny any echo External
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (Internal,External) dynamic interface
object network LAN-10-0-1-x
nat (Internal,External) dynamic interface
object network HYPER-V-DUAL-IP
nat (Internal,External) static interface service tcp 3389 3389
access-group 100 in interface External
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server radius protocol radius
aaa-server radius (Internal) host 10.0.1.11
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console radius LOCAL
http server enable
http LAN-10-0-1-x 255.255.255.0 Internal
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map External_map interface External
crypto ca trustpoint srv01_trustpoint
enrollment terminal
crl configure
crypto ca trustpoint asa_cert_trustpoint
keypair asa_cert_trustpoint
crl configure
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
crl configure
crypto ca trustpool policy
crypto ca server
cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
issuer-name CN=...
database path disk0:/LOCAL_CA_SERVER/
smtp from-address ...
publish-crl External 44436
crypto ca certificate chain srv01_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain asa_cert_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain LOCAL-CA-SERVER
certificate <output omitted>
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable External client-services port 44455
crypto ikev2 remote-access trustpoint asa_cert_trustpoint
telnet timeout 5
ssh LAN-10-0-1-x 255.255.255.0 Internal
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh timeout 5
ssh version 2
console timeout 0
no vpn-addr-assign aaa
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
dhcpd dns 75.153.176.9 75.153.176.1
dhcpd domain ingo.local
dhcpd option 3 ip 10.0.1.254
dhcpd address 10.0.1.50-10.0.1.81 Internal
dhcpd enable Internal
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter use-database
dynamic-filter enable interface Internal
dynamic-filter enable interface External
dynamic-filter drop blacklist interface Internal
dynamic-filter drop blacklist interface External
ntp server 128.233.3.101 source External
ntp server 128.233.3.100 source External prefer
ntp server 204.152.184.72 source External
ntp server 192.6.38.127 source External
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
ssl trust-point asa_cert_trustpoint External
webvpn
port 44433
enable External
dtls port 44433
anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
anyconnect profiles profile1 disk0:/profile1.xml
anyconnect enable
smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
webvpn
anyconnect profiles value profile1 type user
username write.ingo password ... encrypted
username ingo password ... encrypted privilege 15
username tom.tucker password ... encrypted
class-map TCP
match port tcp range 1 65535
class-map type regex match-any BlockFacebook
match regex BlockFacebook
class-map type inspect http match-all BlockDomains
match request header host regex class BlockFacebook
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 1500
id-randomization
policy-map TCP
class TCP
set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
set connection timeout dcd
set connection advanced-options Normalizer
set connection decrement-ttl
policy-map type inspect http HTTP
parameters
protocol-violation action drop-connection log
class BlockDomains
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect dns preset_dns_map dynamic-filter-snoop
inspect http HTTP
service-policy global_policy global
service-policy TCP interface External
smtp-server 199.185.220.249
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
: end
Many thanks,
IngoHi Jose,
here is what I got now:
ASA(config)# sh run | begin tunnel-group
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPool
authorization-required
and DAP debugging still the same:
ASA(config)# DAP_TRACE: DAP_open: CDC45080
DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
DAP_TRACE: Username: tom.tucker, DAP_add_AC:
endpoint.anyconnect.clientversion="3.1.02026";
endpoint.anyconnect.platform="win";
DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
Thanks,
Ingo -
%ASA-7-710005: TCP request discarded error in Client to Site VPN in CISCO ASA 5510
Hi Friends,
I'm trying to built client to site VPN in CISCO ASA 5510 8.4(4) and getting below error while connecting cisco VPN client software. Also, I'm getting below log in ASA. Please help me to reslove.
Error in CISCO VPN Client Software:
Secure VPN Connection Terminated locally by the client.
Reason : 414 : Failed to establish a TCP connection.
Error in CISCO ASA 5510
%ASA-7-710005: TCP request discarded from <Public IP> /49276 to outside:<Outside Interface IP of my ASA> /10000
ASA Configuration:
XYZ# sh run
: Saved
ASA Version 8.4(4)
hostname XYZ
domain-name XYZ
enable password 3uLkVc9JwRA1/OXb level 3 encrypted
enable password R/x90UjisGVJVlh2 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
nameif outside_rim
security-level 0
ip address 1.1.1.1 255.255.255.252
interface Ethernet0/1
duplex full
nameif XYZ_DMZ
security-level 50
ip address 172.1.1.1 255.255.255.248
interface Ethernet0/2
speed 100
duplex full
nameif outside
security-level 0
ip address 2.2.2.2 255.255.255.252
interface Ethernet0/3
speed 100
duplex full
nameif inside
security-level 100
ip address 3.3.3.3 255.255.255.224
interface Management0/0
shutdown
no nameif
no security-level
no ip address
boot system disk0:/asa844-k8.bin
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
name-server xx.xx.xx.xx
domain-name XYZ
object network obj-172.17.10.3
host 172.17.10.3
object network obj-10.1.134.0
subnet 10.1.134.0 255.255.255.0
object network obj-208.75.237.0
subnet 208.75.237.0 255.255.255.0
object network obj-10.7.0.0
subnet 10.7.0.0 255.255.0.0
object network obj-172.17.2.0
subnet 172.17.2.0 255.255.255.0
object network obj-172.17.3.0
subnet 172.17.3.0 255.255.255.0
object network obj-172.19.2.0
subnet 172.19.2.0 255.255.255.0
object network obj-172.19.3.0
subnet 172.19.3.0 255.255.255.0
object network obj-172.19.7.0
subnet 172.19.7.0 255.255.255.0
object network obj-10.1.0.0
subnet 10.1.0.0 255.255.0.0
object network obj-10.2.0.0
subnet 10.2.0.0 255.255.0.0
object network obj-10.3.0.0
subnet 10.3.0.0 255.255.0.0
object network obj-10.4.0.0
subnet 10.4.0.0 255.255.0.0
object network obj-10.6.0.0
subnet 10.6.0.0 255.255.0.0
object network obj-10.9.0.0
subnet 10.9.0.0 255.255.0.0
object network obj-10.11.0.0
subnet 10.11.0.0 255.255.0.0
object network obj-10.12.0.0
subnet 10.12.0.0 255.255.0.0
object network obj-172.19.1.0
subnet 172.19.1.0 255.255.255.0
object network obj-172.21.2.0
subnet 172.21.2.0 255.255.255.0
object network obj-172.16.2.0
subnet 172.16.2.0 255.255.255.0
object network obj-10.19.130.201
host 10.19.130.201
object network obj-172.30.2.0
subnet 172.30.2.0 255.255.255.0
object network obj-172.30.3.0
subnet 172.30.3.0 255.255.255.0
object network obj-172.30.7.0
subnet 172.30.7.0 255.255.255.0
object network obj-10.10.1.0
subnet 10.10.1.0 255.255.255.0
object network obj-10.19.130.0
subnet 10.19.130.0 255.255.255.0
object network obj-XXXXXXXX
host XXXXXXXX
object network obj-145.248.194.0
subnet 145.248.194.0 255.255.255.0
object network obj-10.1.134.100
host 10.1.134.100
object network obj-10.9.124.100
host 10.9.124.100
object network obj-10.1.134.101
host 10.1.134.101
object network obj-10.9.124.101
host 10.9.124.101
object network obj-10.1.134.102
host 10.1.134.102
object network obj-10.9.124.102
host 10.9.124.102
object network obj-115.111.99.133
host 115.111.99.133
object network obj-10.8.108.0
subnet 10.8.108.0 255.255.255.0
object network obj-115.111.99.129
host 115.111.99.129
object network obj-195.254.159.133
host 195.254.159.133
object network obj-195.254.158.136
host 195.254.158.136
object network obj-209.164.192.0
subnet 209.164.192.0 255.255.224.0
object network obj-209.164.208.19
host 209.164.208.19
object network obj-209.164.192.126
host 209.164.192.126
object network obj-10.8.100.128
subnet 10.8.100.128 255.255.255.128
object network obj-115.111.99.130
host 115.111.99.130
object network obj-10.10.0.0
subnet 10.10.0.0 255.255.0.0
object network obj-115.111.99.132
host 115.111.99.132
object network obj-10.10.1.45
host 10.10.1.45
object network obj-10.99.132.0
subnet 10.99.132.0 255.255.255.0
object-group network Serversubnet
network-object 10.10.1.0 255.255.255.0
network-object 10.10.5.0 255.255.255.192
object-group network XYZ_destinations
network-object 10.1.0.0 255.255.0.0
network-object 10.2.0.0 255.255.0.0
network-object 10.3.0.0 255.255.0.0
network-object 10.4.0.0 255.255.0.0
network-object 10.6.0.0 255.255.0.0
network-object 10.7.0.0 255.255.0.0
network-object 10.11.0.0 255.255.0.0
network-object 10.12.0.0 255.255.0.0
network-object 172.19.1.0 255.255.255.0
network-object 172.19.2.0 255.255.255.0
network-object 172.19.3.0 255.255.255.0
network-object 172.19.7.0 255.255.255.0
network-object 172.17.2.0 255.255.255.0
network-object 172.17.3.0 255.255.255.0
network-object 172.16.2.0 255.255.255.0
network-object 172.16.3.0 255.255.255.0
network-object host 10.50.2.206
object-group network XYZ_us_admin
network-object 10.3.1.245 255.255.255.255
network-object 10.5.33.7 255.255.255.255
network-object 10.211.5.7 255.255.255.255
network-object 10.3.33.7 255.255.255.255
network-object 10.211.3.7 255.255.255.255
object-group network XYZ_blr_networkdevices
network-object 10.200.10.0 255.255.255.0
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.21
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.22
access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
access-list XYZ_PAT extended permit ip 10.19.130.0 255.255.255.0 any
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.159.133
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.158.136
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 any
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 209.164.192.0 255.255.224.0
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.208.19
access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.192.126
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
access-list nonat extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
access-list nonat extended permit ip object-group Serversubnet object-group XYZ_destinations
access-list nonat extended permit ip 10.10.1.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list nonat extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
access-list nonat extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list Guest_PAT extended permit ip 10.8.108.0 255.255.255.0 any
access-list Cacib extended permit ip 10.8.100.128 255.255.255.128 145.248.194.0 255.255.255.0
access-list Cacib_PAT extended permit ip 10.8.100.128 255.255.255.128 any
access-list New_Edge extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list XYZ_global extended permit ip 10.7.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
access-list XYZ_global extended permit ip 172.17.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.17.3.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.3.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.7.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.2.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.3.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.4.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.6.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.9.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.11.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.12.0.0 255.255.0.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.19.1.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 172.21.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.16.2.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.2.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.3.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
access-list XYZ_global extended permit ip 172.30.7.0 255.255.255.0 host 10.19.130.201
access-list XYZ_global extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
access-list XYZ_global extended permit ip object-group Serversubnet object-group XYZ_destinations
access-list XYZ_global extended permit ip object-group XYZ_destinations object-group Serversubnet
access-list ML_VPN extended permit ip host 115.111.99.129 209.164.192.0 255.255.224.0
access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.208.19
access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.192.126
access-list Da_VPN extended permit ip host 10.9.124.100 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.101 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.102 host 10.125.81.88
access-list Da_VPN extended permit ip host 10.9.124.100 10.125.81.0 255.255.255.0
access-list Da_VPN extended permit ip host 10.9.124.101 10.125.81.0 255.255.255.0
access-list Da_VPN extended permit ip host 10.9.124.102 10.125.81.0 255.255.255.0
access-list Sr_PAT extended permit ip 10.10.0.0 255.255.0.0 any
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.86.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.86.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.80.64 255.255.255.192
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.64.0 255.255.240.0
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.85.46
access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.86.46
access-list XYZ_reliance extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
access-list coextended permit ip host 2.2.2.2 host XXXXXXXX
access-list coextended permit ip host XXXXXXXXhost 2.2.2.2
access-list ci extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
access-list ci extended permit ip 208.75.237.0 255.255.255.0 10.1.134.0 255.255.255.0
access-list acl-outside extended permit ip host 57.66.81.159 host 172.17.10.3
access-list acl-outside extended permit ip host 80.169.223.179 host 172.17.10.3
access-list acl-outside extended permit ip any host 172.17.10.3
access-list acl-outside extended permit tcp any host 10.10.1.45 eq https
access-list acl-outside extended permit tcp any any eq 10000
access-list acl-outside extended deny ip any any log
pager lines 10
logging enable
logging buffered debugging
mtu outside_rim 1500
mtu XYZ_DMZ 1500
mtu outside 1500
mtu inside 1500
ip local pool XYZ_c2s_vpn_pool 172.30.10.51-172.30.10.254
icmp unreachable rate-limit 1 burst-size 1
icmp permit any outside
icmp permit any inside
no asdm history enable
arp timeout 14400
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-208.75.237.0 obj-208.75.237.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.7.0.0 obj-10.7.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.2.0 obj-172.17.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.3.0 obj-172.17.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.2.0 obj-172.19.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.3.0 obj-172.19.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.7.0 obj-172.19.7.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.3.0.0 obj-10.3.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.4.0.0 obj-10.4.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.6.0.0 obj-10.6.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.9.0.0 obj-10.9.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.11.0.0 obj-10.11.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.12.0.0 obj-10.12.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.1.0 obj-172.19.1.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.21.2.0 obj-172.21.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.16.2.0 obj-172.16.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.2.0 obj-172.30.2.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.3.0 obj-172.30.3.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.7.0 obj-172.30.7.0 no-proxy-arp route-lookup
nat (inside,any) source static Serversubnet Serversubnet destination static XYZ_destinations XYZ_destinations no-proxy-arp route-lookup
nat (inside,any) source static obj-10.10.1.0 obj-10.10.1.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-XXXXXXXX obj-XXXXXXXX no-proxy-arp route-lookup
nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-145.248.194.0 obj-145.248.194.0 no-proxy-arp route-lookup
nat (inside,outside) source static obj-10.1.134.100 obj-10.9.124.100
nat (inside,outside) source static obj-10.1.134.101 obj-10.9.124.101
nat (inside,outside) source static obj-10.1.134.102 obj-10.9.124.102
nat (inside,outside) source dynamic obj-10.8.108.0 interface
nat (inside,outside) source dynamic obj-10.19.130.0 obj-115.111.99.129
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.159.133 obj-195.254.159.133
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.158.136 obj-195.254.158.136
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.0 obj-209.164.192.0
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.208.19 obj-209.164.208.19
nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.126 obj-209.164.192.126
nat (inside,outside) source dynamic obj-10.8.100.128 obj-115.111.99.130
nat (inside,outside) source dynamic obj-10.10.0.0 obj-115.111.99.132
nat (inside,outside) source static obj-10.10.1.45 obj-115.111.99.133
nat (inside,outside) source dynamic obj-10.99.132.0 obj-115.111.99.129
object network obj-172.17.10.3
nat (XYZ_DMZ,outside) static 115.111.99.134
access-group acl-outside in interface outside
route outside 0.0.0.0 0.0.0.0 115.111.23.129 1
route outside 0.0.0.0 0.0.0.0 115.254.127.130 10
route inside 10.10.0.0 255.255.0.0 10.8.100.1 1
route inside 10.10.1.0 255.255.255.0 10.8.100.1 1
route inside 10.10.5.0 255.255.255.192 10.8.100.1 1
route inside 10.8.100.128 255.255.255.128 10.8.100.1 1
route inside 10.8.108.0 255.255.255.0 10.8.100.1 1
route inside 10.19.130.0 255.255.255.0 10.8.100.1 1
route inside 10.99.4.0 255.255.255.0 10.99.130.254 1
route inside 10.99.132.0 255.255.255.0 10.8.100.1 1
route inside 10.1.134.0 255.255.255.0 10.8.100.1 1
route outside 208.75.237.0 255.255.255.0 115.111.23.129 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set vpn2 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn6 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set vpn5 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn7 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set vpn4 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn1 esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set vpn_reliance esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set c2s_vpn esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 86400
crypto dynamic-map dyn1 1 set ikev1 transform-set c2s_vpn
crypto dynamic-map dyn1 1 set reverse-route
crypto map vpn 1 match address XYZ
crypto map vpn 1 set peer XYZ Peer IP
crypto map vpn 1 set ikev1 transform-set vpn1
crypto map vpn 1 set security-association lifetime seconds 3600
crypto map vpn 1 set security-association lifetime kilobytes 4608000
crypto map vpn 2 match address NE
crypto map vpn 2 set peer NE_Peer IP
crypto map vpn 2 set ikev1 transform-set vpn2
crypto map vpn 2 set security-association lifetime seconds 3600
crypto map vpn 2 set security-association lifetime kilobytes 4608000
crypto map vpn 4 match address ML_VPN
crypto map vpn 4 set pfs
crypto map vpn 4 set peer ML_Peer IP
crypto map vpn 4 set ikev1 transform-set vpn4
crypto map vpn 4 set security-association lifetime seconds 3600
crypto map vpn 4 set security-association lifetime kilobytes 4608000
crypto map vpn 5 match address XYZ_global
crypto map vpn 5 set peer XYZ_globa_Peer IP
crypto map vpn 5 set ikev1 transform-set vpn5
crypto map vpn 5 set security-association lifetime seconds 3600
crypto map vpn 5 set security-association lifetime kilobytes 4608000
crypto map vpn 6 match address Da_VPN
crypto map vpn 6 set peer Da_VPN_Peer IP
crypto map vpn 6 set ikev1 transform-set vpn6
crypto map vpn 6 set security-association lifetime seconds 3600
crypto map vpn 6 set security-association lifetime kilobytes 4608000
crypto map vpn 7 match address Da_Pd_VPN
crypto map vpn 7 set peer Da_Pd_VPN_Peer IP
crypto map vpn 7 set ikev1 transform-set vpn6
crypto map vpn 7 set security-association lifetime seconds 3600
crypto map vpn 7 set security-association lifetime kilobytes 4608000
crypto map vpn interface outside
crypto map vpn_reliance 1 match address XYZ_rim
crypto map vpn_reliance 1 set peer XYZ_rim_Peer IP
crypto map vpn_reliance 1 set ikev1 transform-set vpn_reliance
crypto map vpn_reliance 1 set security-association lifetime seconds 3600
crypto map vpn_reliance 1 set security-association lifetime kilobytes 4608000
crypto map vpn_reliance interface outside_rim
crypto map mymap 1 ipsec-isakmp dynamic dyn1
crypto isakmp identity address
no crypto isakmp nat-traversal
crypto ikev1 enable outside_rim
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28800
crypto ikev1 policy 2
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 4
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28000
crypto ikev1 policy 5
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 43200
crypto ikev1 policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.8.100.0 255.255.255.224 inside
telnet timeout 5
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
no threat-detection basic-threat
no threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy XYZ_c2s_vpn internal
username testadmin password oFJjANE3QKoA206w encrypted
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXXtype ipsec-l2l
tunnel-group XXXXXXXXipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XXXXXXXX type ipsec-l2l
tunnel-group XXXXXXXX ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group XYZ_c2s_vpn type remote-access
tunnel-group XYZ_c2s_vpn general-attributes
address-pool XYZ_c2s_vpn_pool
tunnel-group XYZ_c2s_vpn ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect ip-options
service-policy global_policy global
privilege show level 3 mode exec command running-config
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command crypto
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:caa7476cd348ed89b95d37d4e3c9e1d8
: end
XYZ#Thanks Javier.
But i have revised the VPN confuration. Below are the latest configs. with this latest configs. I'm getting username & password screen while connecting cisco vpn client software. once we entered the login credential. it shows "security communication channel" then it goes to "not connected" state. Can you help me to fix this.
access-list ACL-RA-SPLIT standard permit host 10.10.1.3
access-list ACL-RA-SPLIT standard permit host 10.10.1.13
access-list ACL-RA-SPLIT standard permit host 10.91.130.201
access-list nonat line 1 extended permit ip host 10.10.1.3 172.30.10.0 255.255.255.0
access-list nonat line 2 extended permit ip host 10.10.1.13 172.30.10.0 255.255.255.0
access-list nonat line 3 extended permit ip host 10.91.130.201 172.30.10.0 255.255.255.0
ip local pool CO-C2S-VPOOL 172.30.10.51-172.30.10.254 mask 255.255.255.0
group-policy CO-C2S internal
group-policy CO-C2S attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list vlauel ACL-RA-SPLIT
dns-server value 10.10.1.3
tunnel-group TUN-RA-SPLIT type remote-access
tunnel-group TUN-RA-SPLIT general-attributes
default-group-policy CO-C2S
address-pool CO-C2S-VPOOL
tunnel-group TUN-RA-SPLIT ipsec-attributes
pre-shared-key sekretk3y
username ra-user1 password passw0rd1 priv 1
group-policy CO-C2S internal
group-policy CO-C2S attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list vlauel ACL-RA-SPLIT
dns-server value 10.10.1.3
tunnel-group TUN-RA-SPLIT type remote-access
tunnel-group TUN-RA-SPLIT general-attributes
default-group-policy CO-C2S
address-pool CO-C2S-VPOOL
tunnel-group TUN-RA-SPLIT ipsec-attributes
pre-shared-key *********
username ******* password ******** priv 1
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set 3DES
crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
crypto isakmp identify address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encr 3des
hash sha
crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set transform-set 3DES
crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
crypto map vpn interface outside
crypto isakmp identify address
crypto isakmp enable outside
crypto isakmp policy 100
authentication pre-share
encr 3des
hash sha
group 1
lifetime 3600 -
When first login in via the web page. When going to Configure menu and choosing CUCME to enter it manually, I get:
Error: Login to CUCME failed with the new values. Check the new CUCME configuration and enter the correct values.
hostname: 172.23.0.1
web user name: admin
web password: cisco
Sip gateway hostname: 172.23.0.1
ccn reporting historical
database local
description "se-172-23-0-2"
end reporting
ccn subsystem sip
gateway address "172.23.0.1"
mwi sip unsolicited
end subsystem
BR2-ROUTER#sh run
Building configuration...
Current configuration : 5264 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname BR2-ROUTER
boot-start-marker
boot-end-marker
card type t1 0 3
logging message-counter syslog
logging buffered 51200 warnings
no aaa new-model
clock timezone MST -7
clock summer-time MDT recurring
network-clock-participate wic 3
dot11 syslog
ip source-route
ip cef
ip dhcp excluded-address 172.21.0.1 172.21.0.49
ip dhcp excluded-address 172.21.0.59 172.21.0.254
ip dhcp excluded-address 172.20.0.1 172.20.0.10
ip dhcp pool CME
network 172.21.0.0 255.255.255.0
option 150 ip 172.21.0.1
default-router 172.21.0.1
ip dhcp pool LAPTOPS
network 172.20.0.0 255.255.255.0
default-router 172.20.0.2
dns-server 10.10.10.1
no ip domain lookup
ip domain name wilson.com
no ipv6 cef
multilink bundle-name authenticated
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service h225-notify cid-update
sip
bind control source-interface GigabitEthernet0/0.20
bind media source-interface GigabitEthernet0/0.20
registrar server expires max 600 min 60
voice register global
mode cme
source-address 172.21.0.1 port 5060
max-dn 4
max-pool 4
authenticate register
timezone 12
time-format 24
date-format YY-M-D
voicemail 3600
tftp-path flash:
create profile sync 0021447056000116
ntp-server 174.137.67.50 mode directedbroadcast
voice register dn 1
number 3006
call-forward b2bua busy 3600
call-forward b2bua mailbox 3006
call-forward b2bua noan 3600 timeout 12
name rp-sip-1-16
label SIP 511-5016
mwi
voice register pool 1
id mac FCFB.FBCA.30CE
type 7965
number 1 dn 1
dtmf-relay rtp-nte
username 3006 password cisco
description 687-3006
codec g711ulaw
voice-card 0
username admin privilege 15 secret 5 $1$..D.$orbTsqgPSvNkMpfjjkg5q.
archive
log config
hidekeys
controller T1 0/3/0
cablelength long 0db
controller T1 0/3/1
cablelength long 0db
interface Loopback0
ip address 172.23.0.1 255.255.255.252
ip ospf network point-to-point
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
no ip address
duplex auto
speed auto
interface GigabitEthernet0/0.10
encapsulation dot1Q 10 native
ip address 172.20.0.2 255.255.255.0
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 172.21.0.1 255.255.255.0
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 172.22.0.1 255.255.255.0
interface GigabitEthernet0/1
ip address 192.168.1.138 255.255.252.0
duplex auto
speed auto
interface Integrated-Service-Engine1/0
ip unnumbered Loopback0
service-module ip address 172.23.0.2 255.255.255.252
service-module ip default-gateway 172.23.0.1
no keepalive
ip forward-protocol nd
ip route 172.23.0.2 255.255.255.255 Integrated-Service-Engine1/0
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:/gui
access-list 23 permit 10.10.10.0 0.0.0.7
nls resp-timeout 1
cpd cr-id 1
control-plane
ccm-manager fax protocol cisco
mgcp fax t38 ecm
dial-peer voice 3600 voip
destination-pattern 36..
session protocol sipv2
session target ipv4:192.168.1.144
dtmf-relay sip-notify
codec g711ulaw
no vad
sip-ua
retry invite 3
timers trying 400
mwi-server ipv4:192.168.1.144 expires 3600 port 5060 transport udp
gatekeeper
shutdown
telephony-service
no auto-reg-ephone
em logout 0:0 0:0 0:0
max-ephones 10
max-dn 10 no-reg both
ip source-address 172.23.0.1 port 2000
voicemail 3600
max-conferences 8 gain -6
call-forward pattern .T
web admin system name admin password cisco
dn-webedit
transfer-system full-consult
transfer-pattern .T
create cnf-files version-stamp Jan 01 2002 00:00:00
ephone-dn 1
number 3007
description 687-9898-3007
name Vatos locos
call-forward busy 3600
call-forward noan 3600 timeout 12
ephone-dn 2
number 3008
description 687-9898-3008
name Vatos locos2
call-forward busy 3600
call-forward noan 3600 timeout 12
ephone-dn 3 octo-line
number 3009
huntstop channel 6
ephone-dn 4
number 7999....
mwi on
ephone-dn 5
number 7998....
mwi off
ephone 1
device-security-mode none
description TESTTTTT
mac-address FCFB.FBCA.3406
max-calls-per-button 5
busy-trigger-per-button 4
type 7965
button 1:1 2:3
ephone 2
device-security-mode none
description TESTTTTT
mac-address FCFB.FBCA.3030
max-calls-per-button 4
busy-trigger-per-button 3
type 7965
button 1:2 2:3
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet
scheduler allocate 20000 1000
ntp server 174.137.67.50
end
BR2-ROUTER#
Apr 12 2011 16:23:12 gui/admin_user.js
122 585532 Mar 30 2011 05:48:46 phone/7975/cnu75.8-3-2-27.sbn
123 2453636 Mar 30 2011 05:48:56 phone/7975/cvm75sccp.8-3-2-27.sbn
124 326315 Mar 30 2011 05:48:58 phone/7975/dsp75.8-3-2-27.sbn
125 557786 Mar 30 2011 05:49:00 phone/7975/jar75sccp.8-3-2-27.sbn
126 638 Mar 30 2011 05:49:02 phone/7975/SCCP75.8-3-3S.loads
127 642 Mar 30 2011 05:49:02 phone/7975/term75.default.loads
128 0 Mar 30 2011 05:49:02 phone/7941-7961
129 2494499 Mar 30 2011 05:49:12 phone/7941-7961/apps41.8-3-2-27.sbn
130 547146 Mar 30 2011 05:49:16 phone/7941-7961/cnu41.8-3-2-27.sbn
131 2340 Apr 02 2011 03:55:02 April012011.txt
132 3579 Apr 12 2011 03:52:42 softkeyDefault_kpml.xml
133 69 Apr 12 2011 03:52:40 syncinfo.xml
134 2682 Apr 12 2011 03:52:42 SEPFCFBFBCA30CE.cnf.xml
135 1882 Apr 12 2011 03:52:42 SIPDefault.cnf
136 3613 Apr 12 2011 03:52:42 softkeyDefault.xml
137 3987 Apr 12 2011 16:23:10 gui/admin_user.html
138 1029 Apr 12 2011 16:23:14 gui/CiscoLogo.gif
139 617 Apr 12 2011 16:23:14 gui/CME_GUI_README.TXT
140 953 Apr 12 2011 16:23:14 gui/Delete.gif
141 16344 Apr 12 2011 16:23:14 gui/dom.js
142 864 Apr 12 2011 16:23:16 gui/downarrow.gif
143 6146 Apr 12 2011 16:23:16 gui/ephone_admin.html
144 4558 Apr 12 2011 16:23:16 gui/logohome.gif
145 3866 Apr 12 2011 16:23:16 gui/normal_user.html
146 78428 Apr 12 2011 16:23:18 gui/normal_user.js
147 1347 Apr 12 2011 16:23:18 gui/Plus.gif
148 843 Apr 12 2011 16:23:18 gui/sxiconad.gif
149 174 Apr 12 2011 16:23:18 gui/Tab.gif
150 2431 Apr 12 2011 16:23:20 gui/telephony_service.html
151 870 Apr 12 2011 16:23:20 gui/uparrow.gif
152 9968 Apr 12 2011 16:23:20 gui/xml-test.html
153 3412 Apr 12 2011 16:23:20 gui/xml.templateFixed. Routing issue:
Routing issue:
ip http access-class 23 !!!!!! Preconfigured from Factory
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:/gui
access-list 23 permit 10.10.10.0 0.0.0.7 !!!!!! Preconfigured from Factory
To fix
No ip http access-class 23 -
Sip 500 Internal Server Error Reason: Q.850;cause=16
Please help in understanding what is wrong in the config .Incoming calls don't work.
show run:
voice service voip
ip address trusted list
ipv4 87.226.136.164 255.255.255.255
ipv4 172.16.24.0 255.255.255.0
ipv4 188.254.68.66 255.255.255.255
ipv4 188.254.68.67 255.255.255.255
ipv4 188.254.69.66 255.255.255.255
ipv4 188.254.69.67 255.255.255.255
ipv4 46.38.52.68 255.255.255.255
address-hiding
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback cisco
sip
voice class codec 1
codec preference 1 g729br8
codec preference 2 g729r8
codec preference 3 g711alaw
codec preference 4 g711ulaw
voice class codec 2
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
codec preference 4 g729br8
voice translation-rule 1
rule 1 /XXX5397962/ /1999/
voice translation-rule 2
rule 1 /XXX55317577/ /1999/
voice translation-rule 3
rule 1 /5555317884/ /1999/
voice translation-profile ROS
translate called 1
voice translation-profile ROS2
translate called 2
voice translation-profile ROS3
translate called 3
interface FastEthernet0/0
ip address 178.208.X.X 255.255.255.248
ip access-group INBOUND in
no ip unreachables
ip verify unicast reverse-path
ip nat outside
ip inspect IPFW in
ip inspect IPFW out
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
interface FastEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.110.0.200 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 172.16.24.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
h323-gateway voip interface
h323-gateway voip bind srcaddr 172.16.24.254
ip dns server
ip nat inside source list NAT interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 178.208.X.X
ip route 192.168.0.0 255.255.0.0 Null0 254
sccp local FastEthernet0/1.2
sccp ccm 172.16.24.101 identifier 1 version 7.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 1 register XCODE123456
keepalive retries 1
keepalive timeout 10
switchover method immediate
switchback method immediate
dspfarm profile 1 transcode
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 6
associate application SCCP
dial-peer voice 10000 voip
tone ringback alert-no-PI
description ROSTELECOM Incoming
translation-profile incoming ROS
destination-pattern 74955397962
session protocol sipv2
session target ipv4:87.226.136.164
session transport udp
incoming called-number XXXX5397962
dtmf-relay rtp-nte
codec g711ulaw
dial-peer voice 10010 voip
tone ringback alert-no-PI
description ROSTELECOM Incoming
translation-profile incoming ROS2
destination-pattern XXX55317577
session protocol sipv2
session target ipv4:87.226.136.164
session transport udp
incoming called-number 75555317577
dtmf-relay rtp-nte
codec g711ulaw
dial-peer voice 10020 voip
tone ringback alert-no-PI
description ROSTELECOM Incoming
translation-profile incoming ROS3
preference 1
destination-pattern 5555317884
session protocol sipv2
session target ipv4:188.254.68.66
session transport udp
incoming called-number 5555317884
dtmf-relay rtp-nte
codec g711ulaw
dial-peer voice 10021 voip
tone ringback alert-no-PI
description ROSTELECOM Incoming
translation-profile incoming ROS
preference 2
destination-pattern 5555317884
session protocol sipv2
session target ipv4:188.254.69.66
session transport udp
incoming called-number 5555317884
dtmf-relay rtp-nte
codec g711ulaw
dial-peer voice 2 voip
tone ringback alert-no-PI
description to CUCM_PUB
destination-pattern 1...
session target ipv4:172.16.24.101
voice-class codec 2
dtmf-relay rtp-nte
debug ccsip all:
c2801#
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpIPv4SocketReads: Msg enqueued for SPI with IP addr: [188.254.68.66]:9290, local_address:[ - ]
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 2 for event 1
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWNewConnMsg: context=0x0
06:19:26: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
INVITE sip:[email protected];user=phone SIP/2.0
Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a(STATE_IDLE, SUBSTATE_NONE)
06:19:26: //-1/xxxxxxxxxxxx/SIP/T3c000c-1
Call-ID: isbc6994325518770806443-1385214296-16204
Fransport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Transport 1, SentBy Port 5060
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone MSK to SIP default timezone = GMT
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 929rom:
<sip:[email protected];user=phone>;tag=sbc09026994325from (STATE_NONE, SUBSTATE_NONE) to (STATE_IDLE, SUBSTATE_NONE)
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Transport 1, SentBy Port 5060
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone MSK to SIP default timezone = GMT
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 518770806443
ddress_to_bind: return addr 178.208.X.Xone>
06:19:26: //-1/EE5EC9DD8170/SIP/State/sipSPIChangeState: 0x6A874E70 : State change from (STATE_NONE, SUBSTATE_NONE) to (STATE_IDLE, SUBSTATE_NONE)
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Transport 1, SentBy Port 5060
0
CSeq: 1 INVITE
Min-SE: 90
Session-Expires: 3600;refresher=u6:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Convac
Contact: <sip:[email protected]:9290;user=phone>
A //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: rellow: INVITE,CANCEL,BYE,ACK,REFER,UPDATE,INFO,PRACK
Supported:turn addr 178.208.X.X
06:19:26: //-1/EE5EC9DD8170/SIP/St timer,100rel
Diversion: <sip:[email protected]>;privacyate/sipSPIChangeState: 0x6A874E70 : State change from (STATE_NONE, SUBSTATE_NONE) to (STATE_IDLE, SUBSTATE_NONE)
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Transport 1,
Sen=off;screen=no;reason=unknown,<sip:[email protected]>;priv6:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponsacy=off;screen=no;reason=unknown
Max-Forwards: 70
User-AgenteInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Tra: VCS 5.8.2.56-03
Content-Length: 393
Content-Type: applicatnsport 1, SentBy Port 9290ion/sdp
v=0
o=- 12060 26053 IN IP4 188.254.68.67
s=SBC call
c=IN IP4 188.254.68.67
t=0 0
m=audio 24402 RTP/AVP 8 0 18 98 96 97 101
a=rtpmap:98 G.729a/8000
a=rtpmap:96 G.729ab/8000
a=rtpmap:97 G.729b/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=fmtp:18 annexb=no
a=ptime:10
a=X-vrzcap:vbd Ver=1 Mode=FaxPr ModemRtpRed=0
a=X-vrzcap:identification bin=DSR2866 Prot=mgcp App=MG
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_new_msg_preprocessor: Checking Invite Dialog
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIAddContextToTable: Added context(0x6A874E70) with key=[52] to table
06:19:26: //-1/000000000000/SIP/Info/sipSPI_ipip_vcc_Initialization: Entry...
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Transport 1, SentBy Port 9290
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling reg_invoke_ip_first_hop()
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling ip_best_local_address()
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: return addr 178.208.X.X
06:19:26: //-1/EE5EC9DD8170/SIP/State/sipSPIChangeState: 0x6A874E70 : State change from (STATE_NONE, SUBSTATE_NONE) to
c2801#L
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIUaddCcbToUASReqTable: ****Adding to UAS Request table.
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIUaddCcbToTable: Added to table. ccb=0x6
c2801#a
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIMatchSrcIp
c2801#mat: VIA URL:sip:188.254.68.66:9290, Host:188.254.68.66
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetShrlPeer: Try match incoming dialpeer for Calling number: : 9067259847
06:19:26:ched for incoming call
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Precondition tag absent in Require/Supported h
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetFromCalledPartyId: P-Called-Party-ID header not found
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetPeerByCalledPartyId: P-Called-Party-ID not found or parse error
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: No match found for P-Called-Party-ID
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Peer tag 10020 matched for incoming call
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Precondition tag absent in Require/Supported header
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling reg_invoke_ip_first_hop()
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling ip_best_local_address()
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: return addr 178.208.X.X
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Precondition tag absent in Require/Supported header
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Checking Video Type Rate=-1 video_codec_allowed=1F
06:19:26: //-1/EE5EC9DD8170/SIP/Media/sipSPICopyStunConfigFromPeerToCCB: Firewall traversal is not enabled
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetModemInfoPerCall: peer_callID=0
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: xcoder high-density disabled
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Flow Mode set to FLOW_THROUGH
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Media forking disabled
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIContinueNewMsgInvite: Calling name , number 9067259847, Calling oct3 0x00, oct_3a 0x80, ext_priv 0x00, Called number
5555317884, oct3 0x00
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIContinueNewMsgInvite: Carrier id code , prev_cid NONE, next_cid NONE, prev_tgrp NONE, next_tgrp NONE
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIContinueNewMsgInvite: Requires reliable-provisional support
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIValidateRequestUri: Not Enabled
06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIRscmsmAvail: Value returned by check is = 0
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_IsSDPPassthruEnabled: - 0
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_GetHdrPassthruCfg: Hdr passthrough config:1 tag:0
06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SESSION_REFRESH_REQ
06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: dir:2, method:102, resp_code:0, container:6A01759C
06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLExtractSessionExpiresHdr:
Session-Expires value: 3600 refresher: uac
06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLExtractMinSEHdr: Min-SE Duration: 90
06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLGetInternalSREvent: E_STSL_INITIAL_SR_REQ
06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLInitialSRReqPeerEventGen: sending received session expires to the peer leg
06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLPrintTDContainer: Peer-Event: E_STSL_PASS_ST_PARAMS, SE Value:3600, SE Refresher:uac, Min-SE Value:1800,
flags:2001
06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLMain:
SE: 3600;refresher:uac peer refresher:none, flags:2001, posted event:E_STSL_INVALID_PEER_EVENT, reason:4
Configured SE:1800, Configured Min-SE:1800
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIProcessHistoryInfoHeader: No HI headers recvd from app container
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIProcessReplacesHeader: No replaces hdr found
SIP: Warning: Unrecognized attribute (X-vrzcap)
SIP: Warning: Unrecognized attribute (X-vrzcap)
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoMediaNegotiation: Number of m-lines = 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIValidateConnectionAddress: Dest port = 24402
SIP: (129) Attribute mid, level 1 instance 1 not found.
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_media_ip_address_to_bind: calling reg_invoke_ip_first_hop()
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_media_ip_address_to_bind: calling ip_best_local_address()
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_media_ip_address_to_bind: return addr 178.208.X.X
06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 178.208.X.X
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(98) reserved for codec g729r8
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(98) reserved for codec g729r8
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(96) reserved for codec g729abr8
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(96) could not be reserved
as its in use by other codec g729abr8
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPT: Requested payload-Type (96) is reserved by another application
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPayloadunused: Unreserving dynamic payload type 96
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIAllocateFreeDynamicPT: Allocating free Dynamic Payload : 99 for Codec:
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(97) reserved for codec g729br8
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(97) could not be reserved
as its in use by other codec g729br8
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPT: Requested payload-Type (97) is reserved by another application
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPayloadunused: Unreserving dynamic payload type 97
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIAllocateFreeDynamicPT: Allocating free Dynamic Payload : 102 for Codec:
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(101) reserved for codec No Codec
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPayloadunused: Unreserving dynamic payload type 99
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(101) could not be reserved
as its in use by other codec No Codec
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPT: Requested payload-Type (101) is reserved by another application
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPayloadunused: Unreserving dynamic payload type 103
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPayloadunused: Unreserving dynamic payload type 101
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIAllocateFreeDynamicPT: Allocating free Dynamic Payload : 101 for Codec:
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoAudioNegotiation: Codec (g711ulaw) Negotiation Successful on Static Payload for m-line 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoPtimeNegotiation: One ptime attribute found - value:10
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/convert_ptime_to_codec_bytes: Values :Codec: g711ulaw ptime :10, codecbytes: 80
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711ulaw codecbytes :80, ptime: 10
06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPIDoPtimeNegotiation: Offered ptime:10, Negotiated ptime:10 Negotiated codec bytes: 80 for codec g711ulaw
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPISetFaxFlags: FAX_PASSTHROUGH = 0, END_FAX_PASSTHROUGH = 0
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoDTMFRelayNegotiation: m-line index 1
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(101) reserved for codec
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIReserveRtpNtePayload: Reserved the payload type 101 for RTP-NTE
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoDTMFRelayNegotiation: RTP-NTE DTMF relay option
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoDTMFRelayNegotiation: Case of partial named event(NE) match in fmtp list of events.
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sip_sdp_get_modem_relay_cap_params: V150 NSE payload = 0, SSE payload = 0, SPRT payload=0
06:19:26: //129/EE5EC9DD8170/SIP/Info/sip_select_modem_relay_params: X-tmr not present in SDP. Disable modem relay
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIGetSDPDirectionAttribute: No direction attribute present or multiple direction attributes that can't be handled for m-
line:1 and num-a-lines:0
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoAudioNegotiation: Codec negotiation successful for media line 1
payload_type=0, codec_bytes=80, codec=g711ulaw, dtmf_relay=rtp-nte
stream_type=voice+dtmf (1), dest_ip_address=188.254.68.67, dest_port=24402
06:19:26: //129/EE5EC9DD8170/SIP/State/sipSPIChangeStreamState: Stream (callid = -1) State changed from (STREAM_DEAD) to (STREAM_ADDING)
06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPIUpdCallWithSdpInfo:
Preferred Codec : g711ulaw, bytes :160
Preferred DTMF relay : rtp-nte
Preferred NTE payload : 101
Early Media : No
Delayed Media : No
Bridge Done : No
New Media : No
DSP DNLD Reqd : No
06:19:26: //129/EE5EC9DD8170/SIP/Info/resolve_media_ip_address_to_bind: Media already bound, use existing source_media_ip_addr
06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 178.208.X.X
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer:
callId 129 peer 0 flags 0x201 state STATE_IDLE
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_vcc_ProcessXcoderNeeded: xcoder_attached not yet initialised for this call.
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer: Xcoder not yet used for the call
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
CallID 129, Peer CallID 0, sdp 0x69EC3234 channels 0x6A8763C4
06:19:26: //129/EE5EC9DD8170/SIP/Info/copy_channels:
callId 129 size 0 ptr 0x6899F6D4)
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
CCB t38 version 0 ipip_caps version 0
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
CCB fax rate 2 ipip_caps rate 14400
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: reset the switch..
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
Hndl ptype 8 mline 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g711alaw
06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found:
Codec to be matched: 6
06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found: No match for the codecs found..
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
Hndl ptype 0 mline 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g711ulaw
06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found:
Codec to be matched: 5
06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found: codecs[i] = 5 & codec = 5 are same..
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: ADD AUDIO CODEC 5
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711ulaw codecbytes :80, ptime: 10
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Media negotiation done: stream->negotiated_ptime=10,stream->negotiated_codec_bytes=80,
coverted ptime=10 stream->mline_index=1, media_ndx=1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
failed to update call entry
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
Adding codec 5 ptype 0 time 10, bytes 80 as channel 0 mline 1 ss 1 188.254.68.67:24402
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
Hndl ptype 18 mline 1
06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPISelectCodecVersion: Codec (g729r8) is not in preferred list
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: An exact codec match not configured, using interoperable codec g729r8
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g729r8
06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found:
Codec to be matched: 16
06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found: No match for the codecs found..
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
Hndl ptype 98 mline 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
Hndl ptype 96 mline 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
Hndl ptype 97 mline 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
Hndl ptype 101 mline 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: setting ipip_caps DTMF to RFC2833: callid = 129, dtmf = 6
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Copy sdp to channel- AFTER CODEC FILTERING: ccb->pld.ipip_caps.codecInfo[channel_ndx].codec
= 5
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Copy sdp to channel- AFTER CODEC FILTERING: ccb->pld.ipip_caps.codecInfo[channel_ndx].codec
= -1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer:
callId 129 flags 0x100 state STATE_IDLE
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer:
Report initial call media
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer: ccb->flags 0x804000C, ccb->pld.flags_ipip 0x201
06:19:26: //129/EE5EC9DD8170/SIP/Info/copy_channels:
callId 129 size 240 ptr 0x69E20A34)
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer:
CCSIP: Unable to report channel ind
06:19:26: //129/EE5EC9DD8170/SIP/Info/ccsip_update_srtp_caps: 5798: Posting Remote SRTP caps to other callleg.
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer: do cc_api_caps_ind()
06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPIUpdCallWithSdpInfo:
Stream type : voice+dtmf
Media line : 1
State : STREAM_ADDING (2)
Stream address type : 1
Callid : -1
Negotiated Codec : g711ulaw, bytes :80
Nego. Codec payload : 0 (tx), 0 (rx)
Negotiated DTMF relay : rtp-nte
Negotiated NTE payload : 101 (tx), 101 (rx)
Negotiated CN payload : 0
Media Srce Addr/Port : [178.208.X.X]:0
Media Dest Addr/Port : [188.254.68.67]:24402
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIHandleInviteMedia:
Negotiated Codec : g711ulaw, bytes :80
Preferred Codec : g711ulaw, bytes :160
Preferred DTMF relay 1 : 6
Preferred DTMF relay 2 : 0
Negotiated DTMF relay : 6
Preferred and Negotiated NTE payloads: 101 101
Preferred and Negotiated NSE payloads: 100 0
Preferred and Negotiated Modem Relay: 0 0
Preferred and Negotiated V150.1 Modem Passthrough: 0 0
Preferred and Negotiated V150.1 Modem Relay: 0 0
Preferred and Negotiated Modem Relay GwXid: 1 0
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoQoSNegotiationWithMediaLine: QOS negotiation for mline_index 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoStreamQoSNegotiation: Best effort
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPICanSetFallbackFlag: Local Fallback is not active
06:19:26: //-1/xxxxxxxxxxxx/SIP/Media/sipSPIReserveRtpPort: reserved port 17550 for stream 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUpdateSrcSdpFixedPart: Reserving rtp port for stream 1, src_port=17550
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetMediaDirectionForStream: Setting Media direction SENDRECV for stream 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUpdateSrcSdpVariablePart: Setting stream 1 portnum to 17550
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUpdateSrcSdpVariablePart:
SIP update src sdp, negoitated codec 5, payload type 0
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUpdateSrcSdpVariablePart: Negotiated method of dtmf relayand pyld: 6 101
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIAddBillingInfoToCcb: sipCallId for billing records = isbc6994325518770806443-1385214296-16204
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetContentCPA: No CPA found in inbound container
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIProcessCPA: No x-cisco-cpa content found
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_GetHdrPassthruCfg: Hdr passthrough config:1 tag:0
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_IsContentPassthruEnabled: - 0
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_ExtractPassthruContentFromSipContainer: Passthru Content Not Enabled
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_store_channel_info: Store channelInfo in CallInfo
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_store_channel_info: dtmf negotiation done, storing negotiated dtmf = 6,
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIShrlCall: Check peer: 10020 for Shared-Line call, callid: 129
06:19:26: //129/EE5EC9DD8170/SIP/Info/ccsip_set_bearer_capability:
Bearer Capability: Speech (0x00)
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetContentQSIG: No QSIG Body found in inbound container
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetContentQ931: No RawMsg Body found in inbound container
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICreateNewRawMsg: No Data to form The Raw Message
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIContinueNewMsgInvite: ccsip_api_call_setup_ind returned: SIP_SUCCESS
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUaddccCallIdToTable: Adding call id 81 to table
06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SESSION_REFRESH_RESP
06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: dir:1, method:102, resp_code:100, container:6A0173E4
06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLValidateSessRefreshMsg: Ignoring 1xx response for session timer processing
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPISendInviteResponse: Associated container=0x6A0173E4 to Invite Response 100
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPITransportSendMessage: msg=0x6A5A1A34, addr=188.254.68.66, port=9290, sentBy_port=9290, local_addr=, is_req=0,
transport=1, switch=0, callBack=0x0
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: Trying to send resp=0x6A5A1A34 to default port=9290
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostRequestConnection: Posting UDP conn create request for addr=188.254.68.66, port=9290, context=0x68ABB118
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportSetConnWaitTimer: Wait timer set for connection=0x68ABCB0C,addr=188.254.68.66, port=9290
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportSetConnWaitTimer:
Wait Conn Timer started for 5000 msec
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipCreateConnInstance: Created new initiated conn=0x68ABCB0C, connid=-1, addr=188.254.68.66, port=9290, local_addr=,
transport=UDP
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:188.254.68.66, rport:9290 with laddr:
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipInstanceGetConnectionId: Registering gcb=0x6A874E70 with connection=0x68ABCB0C
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: Waiting for Connection for sending msg=0x6A5A1A34
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPITransportSendMessage: Deferred sending msg=0x6A5A1A34
06:19:26: //129/EE5EC9DD8170/SIP/State/sipSPIChangeState: 0x6A874E70 : State change from (STATE_IDLE, SUBSTATE_NONE) to (STATE_RECD_INVITE, SUBSTATE_NONE)
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIProcessContactInfo: Previous Hop 188.254.68.66:9290
06:19:26: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_PROCEEDING
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_event_handler: switch(ev.ev_id: 165)
06:19:26: //129/EE5EC9DD8170/SIP/Info/ccsip_event_handler:
ccsip_event_handler: peer ID 130 chans 0x6780D478 event 165 flags 0x844001C 0x100 0x601 data 0x6780D478
06:19:26: //129/EE5EC9DD8170/SIP/Info/ccsip_event_handler:
ccsip_event_handler: CC_EV_H245_SET_MODE: peer ID 130 chans 0x6780D478 event 165 flags 0x844001C 0x100 0x601 data 0x6780D478, type = 1
06:19:26: //129/EE5EC9DD8170/SIP/Info/ccsip_gw_set_sipspi_mode: Setting SPI mode to SIP-H323
06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SET_MODE
06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLMain:
SE: 3600;refresher:uac peer refresher:none, flags:2001, posted event:E_STSL_INVALID_PEER_EVENT, reason:4
Configured SE:1800, Configured Min-SE:1800
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_event_handler: CC_R_SUCCESS_WITH_CONFIRMED
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 3 for event 3
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 2 for event 58
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWConnectionCreated: context=0x68ABB118
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerProcessConnCreated: gConnTab=0x68ABB118, addr=188.254.68.66, port=9290, local_addr=, connid=3,
transport=UDP
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerProcessConnCreated: connection instance created for addr:188.254.68.66, port:9290 local_addr=
local_port=57282
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportStopConnWaitTimer: Wait timer stopped for connection=0x68ABCB0C,addr=188.254.68.66, port=9290
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipInstanceHandleConnectionCreated: Moving connection=0x68ABCB0C, connid=3 state to established. local_addr=,
local_port=57282
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportPostInternalMsg: Posting Internal Msg type=0
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 2 for event 63
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x6A5A1A34, addr=188.254.68.66, port=9290, local_addr=, connId=3 for UDP
06:19:26: //129/EE5EC9DD8170/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a3c000c-1
From: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
To: <sip:[email protected];user=phone>
Date: Sat, 23 Nov 2013 13:42:29 GMT
Call-ID: isbc6994325518770806443-1385214296-16204
CSeq: 1 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
06:19:26: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_ALERTING
06:19:26: //-1/xxxxxxxxxxxx/SIP/Error/ccsip_call_service_msg: ccb NULL, unable to update the callinfo ui parameters
06:19:26: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_MEDIA_EVENT
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 3 for event 5
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIAddCiscoGcid: Fatal Error in parsing CCB/Msg
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIStoreTunnelData: Container /RawMessage Absent
06:19:26: //129/EE5EC9DD8170/SIP/Error/sipSPI_ipip_set_history_info_header: Not SIP2SIP mode
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUaddCcbToUASRespTable: ****Adding to UAS Response table.
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUaddCcbToTable: Added to table. ccb=0x6A874E70 key=isbc6994325518770806443-1385214296-1620415B6280-0
06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SESSION_REFRESH_RESP
06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: dir:1, method:102, resp_code:180, container:6A017B1C
06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLValidateSessRefreshMsg: Ignoring 1xx response for session timer processing
06:19:26: //129/EE5EC9DD8170/SIP/Event/sipSPICreateRpid: Received Octet3A=0x00 -> Setting ;screen=no ;privacy=off
06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPISendInviteResponse: Associated container=0x6A017B1C to Invite Response 180
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPISendInviteResponse: Sending 180 Response to the Transport Layer
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPITransportSendMessage: msg=0x6A5A1A34, addr=188.254.68.66, port=9290, sentBy_port=9290, local_addr=, is_req=0,
transport=1, switch=0, callBack=0x618A57B8
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: Trying to send resp=0x6A5A1A34 to default port=9290
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:188.254.68.66, rport:9290 with laddr:
06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: Connection obtained...sending msg=0x6A5A1A34
06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x6A5A1A34, addr=188.254.68.66, port=9290, local_addr=, connId=3 for UDP
06:19:26: //129/EE5EC9DD8170/SIP/Info/sentInviteResponse18x: Sent a 18x Response
06:19:26: //129/EE5EC9DD8170/SIP/Info/sentInviteResponse18x: Transaction active. Facilities will be queued.
06:19:26: //129/EE5EC9DD8170/SIP/State/sipSPIChangeState: 0x6A874E70 : State change from (STATE_RECD_INVITE, SUBSTATE_NONE) to (STATE_SENT_ALERTING, SUBSTATE_NONE)
06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 3 for event 30ty-ID:
<sip:[email protected]>;party=called;screen=no;privacy=off
Contact: <sip:[email protected]:5060>
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
06:19:27: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpIPv4SocketReads: Msg enqueued for SPI with IP addr: [188.254.68.66]:9290, local_address:[ - ]
06:19:27: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpIPv4SocketReads: Msg enqueued for SPI with IP addr: [188.254.68.66]:9290, local_address:[ - ]
06:19:27: //129/EE5EC9DD8170/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a3c000c-2
From: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
To: <sip:[email protected];user=phone>;tag=15B6280-0
Date: Sat, 23 Nov 2013 13:42:30 GMT
Call-ID: isbc6994325518770806443-1385214296-16204
Server: Cisco-SIPGateway/IOS-12.x
CSeq: 2 PRACK
Content-Length: 0
06:19:27: //129/EE5EC9DD8170/SIP/Msg/ccsipDisplayMsg:
Sent:
UPDATE sip:[email protected]:9290;user=phone SIP/2.0
Via: SIP/2.0/UDP 178.208.X.X:5060;branch=z9hG4bK120
From: <sip:[email protected];user=phone>;tag=15B6280-0
To: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
Date: Sat, 23 Nov 2013 13:42:30 GMT
Call-ID: isbc6994325518770806443-1385214296-16204
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Timestamp: 1385214150
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 UPDATE
Contact: <sip:[email protected]:5060>
Min-SE: 1800
Remote-Party-ID: <sip:[email protected]>;party=called;screen=yes;privacy=off
Content-Length: 0
06:19:27: //129/EE5EC9DD8170/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a3c000c-2
From: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
To: <sip:[email protected];user=phone>;tag=15B6280-0
Date: Sat, 23 Nov 2013 13:42:30 GMT
Call-ID: isbc6994325518770806443-1385214296-16204
Server: Cisco-SIPGateway/IOS-12.x
CSeq: 2 PRACK
Content-Length: 0
06:19:31: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpIPv4SocketReads: Msg enqueued for SPI with IP addr: [188.254.68.66]:9290, local_address:[ - ]
06:19:31: //129/EE5EC9DD8170/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 500 Internal Server Error
Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a3c000c-1
From: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
To: <sip:[email protected];user=phone>;tag=15B6280-0
Date: Sat, 23 Nov 2013 13:42:30 GMT
Call-ID: isbc6994325518770806443-1385214296-16204
CSeq: 1 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Reason: Q.850;cause=16
Content-Length: 0
06:19:31: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpIPv4SocketReads: Msg enqueued for SPI with IP addr: [188.254.68.66]:9290, local_address:[ - ]
06:19:31: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 2 for event 1
06:19:31: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWNewConnMsg: context=0x0
06:19:31: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
ACK sip:[email protected];user=phone SIP/2.0
Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a3c000c-1
Call-ID: isbc6994325518770806443-1385214296-16204
From: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
To: <sip:[email protected];user=phone>;tag=15B6280-0
CSeq: 1 ACK
Max-Forwards: 70
Content-Length: 0
06:19:31: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_new_msg_preprocessor: Checking Invite Dialog
06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPIFindCcbUASRespTable: *****CCB found in UAS Response table. ccb=0x6A874E70
06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPIUdeleteCcbFromTable: Deleting from table. ccb=0x6A874E70 key=isbc6994325518770806443-1385214296-1620415B6280-0
06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPIFlushEventBufferQueue: There are 0 events on the internal queue that are going to be free'd
06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPIStopRequestPendingTimer: Stopping Request Pending Timer
06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_free_codec_profile: Codec Profiles Freed
06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPIUfreeOneCCB: Freeing ccb 6A874E70
06:19:31: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetContextFromTable: NO context for key[52]
c2801#
c2801#Hi Ahmed,
Looking at the logs, it seems some important messages are missing..
can you please again collect the following debugs ?
- debug voip ccapi inout
- debug ccsip all
- debug voice translation
Thanks,
Piyush -
An error message "B channel out of service".
Much thanks for you spent time to answer my question.
I set the "E1 Enhanced Card" on VG200 for MGCP and work with CCM3.3.2.
Also the IOS of VG200 has been upgraded to version 12.3<3a>.
But this error also will generated of each B channel.Could you help me to solve the problem ?
Thanks !When I checked , it looks like
DTMF Events Through SIP Signaling
DTMF Relay for SIP Calls Using Named Telephone Events (NTE)
H.323 Dual Tone Multifrequency (DTMF) Relay Using Named Telephone Events
MGCP Based Fax (T.38) and DTMF Relay
VG200 doesnt support the above. But in other platforms it is supported in - 12.3(3) -
Sip 503 service unavailable and sip 500 internal server error
Hi guys,could any one help me in the following.
ITSP-->Voice gateway configured as CUBE-->CUCM-->UCCX
I am moving a system from cme and aa enviroment to cucm and uccx
The VGW is configured as CUBE and also is added as h323 gateway on cucm.
When i tested the debug ccsip messages shows
Sip 503 service unavailable or
sip 500 internal server error.
I can't now provide any debugs cause i am not on site,only on Saturday.
As i read in previous discussion that could be the bind source address problem but i had this configured.
Also i tried to configure the gateway instead of h232 to use sip trunk from cucm,but after this the incoming calls didn't even reach the router,the debug ccsip messages showed nothing.
For now can any one advice me to what these 2 errors related to.
What could be missing?
Thanks in advance.Hi there : can some one explain the reason that i am getting this sip error with itsp:
here is the debug of ccsip messages:
Received:
INVITE sip:[email protected];user=phone SIP/2.0
Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
Call-ID: isbc6994325518768294927-1385194135-11717
From: [email protected];user=phone>;tag=sbc09106994325518768294927
To:
CSeq: 1 INVITE
Min-SE: 90
Session-Expires: 3600;refresher=uac
Contact:
Allow: INVITE,CANCEL,BYE,ACK,REFER,UPDATE,INFO,PRACK
Supported: timer,100rel
Diversion: [email protected]>;privacy=off;screen=no;reason=unknown,[email protected]>;privacy=off;screen=no;reason=unknown
Max-Forwards: 70
User-Agent: VCS 5.8.2.56-03
Content-Length: 394
Content-Type: application/sdp
v=0
o=- 87852 198805 IN IP4 188.254.68.67
s=SBC call
c=IN IP4 188.254.68.67
t=0 0
m=audio 23682 RTP/AVP 8 0 18 98 96 97 101
a=rtpmap:98 G.729a/8000
a=rtpmap:96 G.729ab/8000
a=rtpmap:97 G.729b/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=fmtp:18 annexb=no
a=ptime:10
a=X-vrzcap:vbd Ver=1 Mode=FaxPr ModemRtpRed=0
a=X-vrzcap:identification bin=DSR2866 Prot=mgcp App=MG
00:43:23: //11/FDB448CE8020/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
From: [email protected];user=phone>;tag=sbc09106994325518768294927
To:
Date: Sat, 23 Nov 2013 08:06:29 GMT
Call-ID: isbc6994325518768294927-1385194135-11717
CSeq: 1 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
00:43:23: //11/FDB448CE8020/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 503 Service Unavailable
Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
From: [email protected];user=phone>;tag=sbc09106994325518768294927
To:
c2801#er=phone>;tag=27BA64-1DAE
Date: Sat, 23 Nov 2013 08:06:29 GMT
Call-ID: isbc6994325518768294927-1385194135-11717
CSeq: 1 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Reason: Q.850;cause=38
Content-Length: 0
00:43:23: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
ACK sip:[email protected];user=phone SIP/2.0
Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
Call-ID: isbc6994325518768294927-1385194135-11717
From: [email protected];user=phone>;tag=sbc09106994325518768294927
To: ;tag=27BA64-1DAE
CSeq: 1 ACK
Max-Forwards: 70
Content-Length: 0
show run:
voice service voip
ip address trusted list
ipv4 87.226.136.164 255.255.255.255
ipv4 172.16.24.0 255.255.255.0
ipv4 188.254.68.66 255.255.255.255
ipv4 188.254.68.67 255.255.255.255
ipv4 188.254.69.66 255.255.255.255
ipv4 188.254.69.67 255.255.255.255
ipv4 46.38.52.68 255.255.255.255
address-hiding
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback cisco
sip
voice class codec 1
codec preference 1 g729br8
codec preference 2 g729r8
codec preference 3 g711alaw
codec preference 4 g711ulaw
voice class codec 2
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
codec preference 4 g729br8
voice translation-rule 1
rule 1 /XXX5397962/ /1999/
voice translation-rule 2
rule 1 /XXX55317577/ /1999/
voice translation-rule 3
rule 1 /5555317884/ /1999/
voice translation-profile ROS
translate called 1
voice translation-profile ROS2
translate called 2
voice translation-profile ROS3
translate called 3
interface FastEthernet0/0
ip address 178.208.129.221 255.255.255.248
ip access-group INBOUND in
no ip unreachables
ip verify unicast reverse-path
ip nat outside
ip inspect IPFW in
ip inspect IPFW out
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
interface FastEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.110.0.200 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 172.16.24.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
h323-gateway voip interface
h323-gateway voip bind srcaddr 172.16.24.254
ip dns server
ip nat inside source list NAT interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 178.208.X.X
ip route 192.168.0.0 255.255.0.0 Null0 254
sccp local FastEthernet0/1.2
sccp ccm 172.16.24.101 identifier 1 version 7.0
sccp
sccp ccm group 1
associate ccm 1 priority 1
associate profile 1 register XCODE123456
keepalive retries 1
keepalive timeout 10
switchover method immediate
switchback method immediate
dspfarm profile 1 transcode
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 6
associate application SCCP
dial-peer voice 10000 voip
tone ringback alert-no-PI
description ROSTELECOM Incoming
translation-profile incoming ROS
destination-pattern 74955397962
session protocol sipv2
session target ipv4:87.226.136.164
session transport udp
incoming called-number XXXX5397962
dtmf-relay rtp-nte
codec g711ulaw
dial-peer voice 10010 voip
tone ringback alert-no-PI
description ROSTELECOM Incoming
translation-profile incoming ROS2
destination-pattern XXX55317577
session protocol sipv2
session target ipv4:87.226.136.164
session transport udp
incoming called-number 75555317577
dtmf-relay rtp-nte
codec g711ulaw
dial-peer voice 10020 voip
tone ringback alert-no-PI
description ROSTELECOM Incoming
translation-profile incoming ROS3
preference 1
destination-pattern 5555317884
session protocol sipv2
session target ipv4:188.254.68.66
session transport udp
incoming called-number 5555317884
dtmf-relay rtp-nte
codec g711ulaw
dial-peer voice 10021 voip
tone ringback alert-no-PI
description ROSTELECOM Incoming
translation-profile incoming ROS
preference 2
destination-pattern 5555317884
session protocol sipv2
session target ipv4:188.254.69.66
session transport udp
incoming called-number 5555317884
dtmf-relay rtp-nte
codec g711ulaw
dial-peer voice 2 voip
tone ringback alert-no-PI
description to CUCM_PUB
destination-pattern 1...
session target ipv4:172.16.24.101
voice-class codec 2
dtmf-relay rtp-nte
I see in the debug that the itsp over g729 family codecs but not g711 at all
This system was working with this dialpeers before with same provider ,just i have added the dial-peer 2 .
I have changed the codec to match what is offered by itsp but no difference,still getting the same message.
PLZ help ASAP. -
Error Cisco 892f-w Wireless driver lwapp and capwap controller
Hello, greetings to cisco support community, I write to ask for help for my router, I have trouble lifting the wireless network, I hope you can help me thanks.
Upon entering cli ap: I have this error:
*Jul 3 22:33:04.951: %CAPWAP-3-STATIC_TO_DHCP_IP: Could not discover WLC using
static IP. Forcing AP to use DHCP.
*Jul 3 22:33:14.959: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination
*Jul 3 22:33:15.083: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne
d DHCP address 10.10.10.4, mask 255.255.255.248, hostname AP6400.f1cf.6738
Translating "CISCO-CAPWAP-CONTROLLER"...domain server (8.8.8.8)
Translating "CISCO-LWAPP-CONTROLLER"...domain server (8.8.8.8)
*Jul 3 22:33:18.959: %CAPWAP-3-ERRORLOG: Did not get log server settings from D
HCP.
*Jul 3 22:33:19.083: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
LER
*Jul 3 22:33:19.207: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLL
ER
Here is my configuration
Natural#SHOW RUNNing-config
Building configuration...
Current configuration : 5681 bytes
! Last configuration change at 19:56:22 UTC Wed Oct 16 2013 by juanrifle
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Natural
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no aaa new-model
memory-size iomem 10
service-module wlan-ap 0 bootimage autonomous
crypto pki trustpoint TP-self-signed-634714217
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634714217
revocation-check none
rsakeypair TP-self-signed-634714217
crypto pki certificate chain TP-self-signed-634714217
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 36333437 31343231 37301E17 0D313331 30313131 38343833
395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3633 34373134
32313730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
E814BC99 A2374C6C C52A0828 7D8D2215 5220B891 63F3CB16 C03D6F00 F3ECF2E9
BE71FB32 9D1388FA 608C3267 3105F7E9 4A0FADDB C3031255 2054BF5D 971D4B0F
AD5914F8 8D7E9CF3 FBDDD586 63C8D981 3C32F53F E43CE93F 20930CFA 9F6055E7
810AF11D D8CBF7EA D6D5B680 B9AA465C EA9D533B A8E39059 6401101F D81939C9
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014A1 4A274F69 1972E173 6F458E3E 67212F22 A21F3F30 1D060355
1D0E0416 0414A14A 274F6919 72E1736F 458E3E67 212F22A2 1F3F300D 06092A86
4886F70D 01010505 00038181 006B165B E1CABC78 F125A399 A8DB860B 7A134E69
A342D73A A5215D08 E675406C 318E1877 EFCBB5E8 747291F3 6D39D0CD DD38FE96
E4829127 A2BB4F47 CF1BA9A1 43631C0B BE5932A7 BDE1EAEB 98F832AC 83EAB223
141BB6A0 3ECD607B 8E126FDC 5AC8AD12 28F8DB6A 9742994B 063610C6 D5144944
8A129632 AC689172 1B108332 44
quit
ip cef
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.145
ip dhcp excluded-address 10.10.10.153
ip dhcp excluded-address 10.10.10.1 10.10.10.2
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server 8.8.8.8 200.87.100.10
lease 0 2
ip dhcp pool ccp
dns-server 8.8.8.8 200.87.100.10
ip dhcp pool Oficina wireless pool
import all
network 10.10.10.144 255.255.255.248
default-router 10.10.10.145
dns-server 8.8.8.8 200.87.100.10
ip dhcp pool guest pool
import all
network 10.10.10.152 255.255.255.248
default-router 10.10.10.153
dns-server 8.8.8.8 200.87.100.10
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO892FW-A-K9 sn FTX172783RH
username ******** privilege 15 password 0 ******
username ******** privilege 15 secret 4 df2cx1EOReyOFTzHQGHyju0MCCMPPDggzToRobK46
vI
redundancy
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
interface FastEthernet0
no ip address
spanning-tree portfast
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface FastEthernet4
no ip address
interface FastEthernet5
no ip address
interface FastEthernet6
no ip address
interface FastEthernet7
no ip address
interface FastEthernet8
description modem adsl
ip address dhcp
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk allowed vlan 1-3,1002-1005
switchport mode trunk
no ip address
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface Vlan2
description wireless oficina
ip address 10.10.10.145 255.255.255.248
ip nat inside
ip virtual-reassembly in
interface Vlan3
description wireless guest
ip address 10.10.10.153 255.255.255.248
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-export destination 10.10.10.5 2055
ip nat inside source list 110 interface FastEthernet8 overload
ip sla auto discovery
access-list 10 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 110 permit ip 10.10.10.0 0.0.0.255 any
access-list 120 remark wireless guest Restriction
access-list 120 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps
access-list 120 permit ip 10.10.10.152 0.0.0.7 any
access-list 120 deny ip 10.10.10.152 0.0.0.7 0.0.0.0 255.255.255.0
access-list 120 deny ip 10.10.10.152 0.0.0.7 172.16.0.0 0.15.255.255
access-list 120 deny ip 10.10.10.152 0.0.0.7 192.168.0.0 0.0.255.255
no cdp run
control-plane
mgcp profile default
line con 0
login local
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
end
Natural#Hi Andrew,
LAP always download the image run on a WLC (in this case 3850). So no point upgrade LAP independantly as it will always sync with image run on the controller it joins.
In this case you can upgrade 3850 to 3.3.2 (which is the latest image as of today) if you are not already running that code
HTH
Rasika
**** Pls rate all useful resposnes **** -
IPSec Spoof Detected error on VPN route
I'm trying to set up a new VPN user/group/policy to replace a flawed old version that used IP addresses from the same pool as the inside VLAN. As of right now I have most things configured but am unable to establish a connection to a service host on the inside VLAN with the new configuration. The old configuration works fine. Other services like RDP are working fine on the new configuration.
I *thought* that I had everything configured to use the new IP addresses in ACL lists, NAT Excemptions and the like but must have a conflict or missing rule somewhere I can't spot. Using the packet tracer everything works except when I test 192.168.16.x -> 192.168.15.x on interface outside, it says "IPSEC Spoof Detected" as the reason for dropping packets. When attempting to establish the connection there is no errors, just "Built inbound TCP..." followed by "Teardown TCP... SYN Timeout 00:30"
For the record the 192.168.16.100-150 pool is the correct VPN address pool.
Once I have it working 100% I'd like to remove the 192.168.15.200-250 pool from the ASDM configuration.
My configurations:
: Saved
ASA Version 8.2(5)
hostname SEMC-TEST
enable password D37rIydCZ/bnf1uj encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.15.0 192.168.15.0 description Internal Network devices
ddns update method DDNS_Update
ddns both
interval maximum 0 4 0 0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
description VLAN to inside hosts
nameif inside
security-level 100
ddns update hostname 0.0.0.0
ddns update DDNS_Update
dhcp client update dns server both
ip address 192.168.15.1 255.255.255.0
interface Vlan2
description External VLAN to internet
nameif outside
security-level 0
ip address xx.xx.xx.xx 255.255.255.248
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 216.221.96.37
name-server 8.8.8.8
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip 192.168.16.0 255.255.255.0 any
access-list outside_access_in extended permit ip 192.168.15.192 255.255.255.192 any
access-list outside_access_in extended permit ip 192.168.15.0 255.255.255.0 192.168.16.0 255.255.255.0
access-list Remote_test_splitTunnelAcl standard permit 192.168.15.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.15.0 255.255.255.0 192.168.15.192 255.255.255.192
access-list inside_nat0_outbound extended permit ip 192.168.15.0 255.255.255.0 192.168.16.0 255.255.255.0
access-list inside_access_in extended permit ip 192.168.15.192 255.255.255.192 any
access-list inside_access_in extended permit ip interface inside interface inside
access-list inside_access_in extended permit ip any 192.168.15.192 255.255.255.192
access-list inside_access_in extended permit icmp any any
access-list inside_access_in extended permit ip any 192.168.16.0 255.255.255.0
access-list inside_access_in extended permit ip 192.168.16.0 255.255.255.0 any
access-list inside_access_in remark Block Internet Traffic
access-list inside_access_out extended permit icmp 192.168.15.0 255.255.255.0 any
access-list inside_access_out extended permit ip 192.168.15.192 255.255.255.192 any
access-list inside_access_out extended permit ip 192.168.15.0 255.255.255.0 192.168.15.192 255.255.255.192
access-list inside_access_out extended permit ip 192.168.16.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_IP_Alt 192.168.16.100-192.168.16.150 mask 255.255.255.0
ip local pool VPN_IP_Pool 192.168.15.200-192.168.15.250 mask 255.255.255.0
ipv6 access-list inside_access_ipv6_in permit ip interface inside interface inside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo-reply inside
icmp permit any echo-reply outside
icmp permit any outside
no asdm history enable
arp timeout 14400
nat-control
global (inside) 2 interface
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound_2
access-group inside_access_in in interface inside
access-group inside_access_ipv6_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.15.0 255.255.255.0 inside
http 192.168.16.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd auto_config outside
dhcpd address 192.168.15.200-192.168.15.250 inside
dhcpd enable inside
no threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 192.168.15.101 source inside
ntp server 192.168.15.100 source inside prefer
webvpn
group-policy Remote_test_Alt internal
group-policy Remote_test_Alt attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Remote_test_splitTunnelAcl
group-policy Remote_test internal
group-policy Remote_test attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Remote_test_splitTunnelAcl
username StockUser password t6a0Nv8HUfWtUdKz encrypted privilege 0
username StockUser attributes
vpn-group-policy Remote_test
username StockUser2 password t6a0Nv8HUfWtUdKz encrypted privilege 0
username StockUser2 attributes
vpn-group-policy Remote_test_Alt
tunnel-group Remote_test type remote-access
tunnel-group Remote_test general-attributes
address-pool VPN_IP_Pool
default-group-policy Remote_test
tunnel-group Remote_test ipsec-attributes
pre-shared-key *****
tunnel-group Remote_test2 type remote-access
tunnel-group Remote_test2 general-attributes
address-pool VPN_IP_Alt
default-group-policy Remote_test_Alt
tunnel-group Remote_test2 ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect icmp error
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:834543b67beaaa65578d8032d7d272c3
: endHarry,
I appreciate the reply and apologise for taking so long to respond myself. When trying to connect to the service it still fails, I was using the Packet Tracer as a quicker means of testing.
However, after further investigation Friday I believe the issue I am having may be with the service itself. It is a specialized device which, after reviewing its routing table has no route for 192.168.16.x addresses. I cannot update this configuration without scheduling a critical downtime hopefully within the next week.
Again I appreciate the response but unfortunately my issue might not have to do with the VPN configuration at all!
Maybe you are looking for
-
Playback head lag in LPX 10.0.4
I'm working on sessions I began with Logic Pro 9. They seem to have imported cleanly into Logic Pro X. However, in Logic Pro X the playback head is lagging behind the visual representation of the audio by at least half a bar. A serious bug -- unless
-
Need help regarding Sapscripts
Hi! I would like to ask if there's anyone here who knows where I can find exercises or technical designs for practice regarding Sapscripts? It would be better if the Sapscript exercise or technical design would be "start from scratch" so as to ensur
-
How do we know that some of the jobs have been held up in the BW system.And
How do we know that some of the jobs have been held up in the BW system.And after we know that some of the jobs have been held up, how do we restart it?Please provide me an answer.It is very important.I will assign points Regards, Poonam
-
When do I need to use a cell editor in a JTree?
I'm currently trying to add checkboxes to nodes in a JTree. I use a panel containing the check box and a label for rendering. I did this because I want only the checkbox to respond to a mouse click and not the text associated with it. I've read sever
-
Adobe Reader 9.1 Won't Open Some Files
Updated to Adobe Reader 9.1 and some web-based files will not open. I receive a blank page with the message "The system cannot find the file specified." Is there a solution or setting for this?