MGCP error

Hello,
I have two fxs ports as mgcp gateways defined. The ports should be used as fax gateways. Now I have a problem with internal fax transmissions.
Does anyone know what this debug output means (Cisco 1760 router)
/MGCP/mgcp_mp_get_not_entity(830):[lvl=2]Invalid parameter (pkt 0x850AA7B8 pkt->mgcp_parm_lines 0x
best regards
patrick

This problem may be on Fax failures on inbound and outbound calls through PSTN GW. Remove MGCP PRE package and try. It may be also T1 issues.

Similar Messages

  • 3845 MGCP Pri E1 CCM 7

    I am trying to register my MGCP gateway for use with 10 PRI E1 channels
    But debug mgcp error dives the following
    000132: *Dec  3 16:47:03.551 GMT: //-1/xxxxxxxxxxxx/MGCP/mgcp_mp_get_not_entity(830):[lvl=2]Invalid parameter (pkt 0x67A43378 pkt->mgcp_parm_lines 0x00000000)
    How do I find what parameter this is.
    show ccm
    No configurations downloaded
    Current state: Downloading XML file
    Configuration Download statistics:
            Download Attempted             : 1
              Download Successful          : 0
              Download Failed              : 0
              TFTP Download Failed         : 19
            Configuration Attempted        : 0
              Configuration Successful     : 0
              Configuration Failed(Parsing): 0
    Any help is appreciated.

    My host name was to long reduced it and now my gateway has registered

  • ASA 5505, error in Access Rule

    Hello.
    Tha ASA 5505 is working, but I try to allow http and https from internet to a server running 2012 Essentials. The server has the internal IP 192.168.0.100. I have created an Object called SERVER with IP 192.168.0.100
    The outside Interface is called ICE
    I have configured NAT:
    I have also configured Access Rules:
    But when I test it With the Packet Tracer I get an error:
    Whats wrong With the Access Rule?
    I do prefer the ASDM :)
    Best regards Andreas

    Hello Jeevak.
    This is the running config (Vlan 13 (Interface ICE) is the one in use:
    domain-name DOMAIN.local
    names
    name 192.168.0.150 Server1 description SBS 2003 Server
    name 192.168.10.10 IP_ICE
    name x.x.x.0 outside-network
    name x.x.x.7 IP_outside
    name 192.168.0.100 SERVER description Hovedserver
    interface Vlan1
     nameif inside
     security-level 100
     ip address 192.168.0.1 255.255.255.0
    interface Vlan2
     description Direct Connect
     backup interface Vlan13
     nameif outside
     security-level 0
     pppoe client vpdn group PPPoE_DirectConnect
     ip address pppoe
    interface Vlan3
     description Gjestenettet
     nameif dmz
     security-level 50
     ip address 10.0.0.1 255.255.255.0
    interface Vlan13
     description Backupnett ICE
     nameif ICE
     security-level 0
     ip address IP_ICE 255.255.255.0
    interface Vlan23
     description
     nameif USER
     security-level 50
     ip address 10.1.1.1 255.255.255.0
    interface Ethernet0/0
     switchport access vlan 2
    interface Ethernet0/1
     switchport access vlan 13
    interface Ethernet0/2
     switchport access vlan 23
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
     switchport access vlan 3
    interface Ethernet0/7
     switchport access vlan 3
    ftp mode passive
    clock timezone CEST 1
    clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
    dns domain-lookup dmz
    dns server-group DefaultDNS
     domain-name DOMAIN.local
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    access-list outside_access_in extended permit tcp any host IP_outside eq https
    access-list outside_access_in extended permit tcp any host IP_outside eq www
    access-list outside_access_in extended permit icmp any host IP_outside echo-reply
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list outside_access_in remark For RWW
    access-list DOMAINVPN_splitTunnelAcl standard permit any
    access-list inside_nat0_outbound extended permit ip any 192.168.0.192 255.255.255.192
    access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 192.168.0.192 255.255.255.192
    access-list DOMAIN_VPN_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
    access-list ICE_access_in extended permit tcp any host IP_ICE eq https
    access-list ICE_access_in extended permit tcp any host IP_ICE eq www
    access-list ICE_access_in extended permit icmp any host IP_ICE echo-reply
    access-list ICE_access_in remark For RWW
    access-list ICE_access_in remark For RWW
    access-list USER_access_in extended permit ip any any
    pager lines 24
    logging enable
    logging asdm warnings
    mtu inside 1500
    mtu outside 1500
    mtu dmz 1500
    mtu ICE 1500
    mtu USER 1500
    ip local pool VPNPool 192.168.10.210-192.168.10.225 mask 255.255.255.0
    no failover
    monitor-interface inside
    monitor-interface outside
    monitor-interface dmz
    monitor-interface ICE
    monitor-interface USER
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit outside-network 255.255.255.0 outside
    icmp permit 192.168.10.0 255.255.255.0 ICE
    asdm image disk0:/asdm-524.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    global (ICE) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    nat (dmz) 1 10.0.0.0 255.255.255.0
    nat (USER) 1 10.1.1.0 255.255.255.0
    static (inside,ICE) tcp interface www SERVER www netmask 255.255.255.255
    static (inside,outside) tcp interface www SERVER www netmask 255.255.255.255
    static (inside,ICE) tcp interface https SERVER https netmask 255.255.255.255
    static (inside,outside) tcp interface https SERVER https netmask 255.255.255.255
    access-group outside_access_in in interface outside
    access-group ICE_access_in in interface ICE
    access-group USER_access_in in interface USER
    route outside 0.0.0.0 0.0.0.0 x.x.x.1 1 track 123
    route ICE 0.0.0.0 0.0.0.0 192.168.10.1 254
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    http server enable
    http 192.168.0.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    sla monitor 1
     type echo protocol ipIcmpEcho x.x.x.1 interface outside
     num-packets 3
     frequency 10
    sla monitor schedule 1 life forever start-time now
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto dynamic-map outside_dyn_map 20 set pfs group1
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
    crypto dynamic-map outside_dyn_map 40 set pfs group1
    crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    track 123 rtr 1 reachability
    no vpn-addr-assign local
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    management-access inside
    dhcpd auto_config outside
    dhcpd address 10.0.0.10-10.0.0.39 dmz
    dhcpd dns y.y.y.2 z.z.z.z interface dmz
    dhcpd lease 6000 interface dmz
    dhcpd enable dmz
    dhcpd address 10.1.1.100-10.1.1.120 USER
    dhcpd dns y.y.y.2 z.z.z.z interface USER
    dhcpd lease 6000 interface USER
    dhcpd domain USER interface USER
    dhcpd enable USER
    ntp server 64.0.0.2 source outside
    group-policy DOMAIN_VPN internal
    group-policy DOMAIN_VPN attributes
     dns-server value 192.168.0.150
     vpn-tunnel-protocol IPSec
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value DOMAIN_VPN_splitTunnelAcl
     default-domain value DOMAIN.local
    class-map inspection_default
     match default-inspection-traffic
    class-map imblock
     match any
    class-map P2P
     match port tcp eq www
    policy-map type inspect dns preset_dns_map
     parameters
      message-length maximum 512
    policy-map type inspect im impolicy
     parameters
     match protocol msn-im yahoo-im
      drop-connection log
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect pptp
    policy-map type inspect http P2P_HTTP
     parameters
     match request uri regex _default_gator
      drop-connection log
     match request uri regex _default_x-kazaa-network
      drop-connection log
     match request uri regex _default_msn-messenger
      drop-connection log
     match request uri regex _default_gnu-http-tunnel_arg
      drop-connection log
    policy-map IM_P2P
     class imblock
      inspect im impolicy
     class P2P
      inspect http P2P_HTTP
    service-policy global_policy global
    service-policy IM_P2P interface inside
    prompt hostname context
    : end
    asdm image disk0:/asdm-524.bin
    asdm location Server1 255.255.255.255 inside
    asdm location IP_ICE 255.255.255.255 inside
    asdm location outside-network 255.255.255.0 inside
    asdm location SERVER 255.255.255.255 inside
    no asdm history enable
    What is wrong? Everything Works well except port forwarding.
    Andreas

  • B-channel oos and protocol error 510

    Dear all,
    I have some some issue couple of days ago. The telephony system of my client worked well and suddenly the cannot make external calls via E1. I checked the config and for me it seems to be ok. When I checked the SDL file, I can see the B channel out of service error message following by the
    "MGCP PROTOCOL ERROR: <S1/SU1/DS1-0/[email protected]> CRCX error code: 510". They have A CUCM 6.0 and Cisco 2821 as gateway with 12.4 (25f) advance IP service IOS.
    I perform the following actions without success:
    -From the CUCM in the advance service I forced the Bchannel to bring it in service,
    - no mgcp/mgcp, -reboot the CUCM and the Gateway,
    -reset the controller throug CUCM,... in vain.
    They contacted telco and has confirm that everything seems to be ok. Find below the information that can help you to undestand better
    #sh run brief
    Building configuration...
    Current configuration : 4859 bytes
    version 12.4
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    hostname ATD-CCM-GW
    boot-start-marker
    boot-end-marker
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 51200 debugging
    aaa new-model
    aaa authentication login default local
    aaa authentication login local_authen local
    aaa authorization exec default local
    aaa authorization exec local_author local
    aaa session-id common
    clock timezone A 1
    network-clock-participate slot 1
    network-clock-select 1 E1 1/1/0
    ip cef
    ip domain name xx.xxxx.xxx
    ip host ATD-CCM1 10.10.10.100
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    isdn switch-type primary-net5
    isdn logging
    voice-card 0
    dspfarm
    dsp services dspfarm
    voice-card 1
    no dspfarm
    no voice call carrier capacity active
    voice rtp send-recv
    voice class codec 1
    codec preference 1 g711ulaw
    codec preference 2 g711alaw
    codec preference 3 g729br8 bytes 40
    voice class h323 1
    h225 timeout tcp establish 3
    crypto pki trustpoint TP-self-signed-635937996
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-635937996
    revocation-check none
    rsakeypair TP-self-signed-635937996
    crypto pki certificate chain TP-self-signed-635937996
    certificate self-signed 01
    application
      service alternate Default
    controller E1 1/1/0
    framing NO-CRC4
    pri-group timeslots 1-31 service mgcp
    interface GigabitEthernet0/0
    description to_CCM
    ip address 10.10.10.254 255.255.255.0
    duplex auto
    speed auto
    interface GigabitEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    interface Serial1/1/0:15
    no ip address
    encapsulation hdlc
    isdn switch-type primary-net5
    isdn overlap-receiving
    isdn incoming-voice voice
    isdn bind-l3 ccm-manager
    isdn bchan-number-order ascending
    isdn sending-complete
    no cdp enable
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 10.10..253
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    logging trap debugging
    control-plane
    voice-port 1/0/0
    timing hookflash-out 50
    voice-port 1/0/1
    signal groundStart
    timing hookflash-out 50
    voice-port 1/0/2
    signal groundStart
    timing hookflash-out 50
    voice-port 1/0/3
    signal groundStart
    timing hookflash-out 50
    voice-port 1/1/0:15
    ccm-manager fallback-mgcp
    ccm-manager mgcp
    no ccm-manager fax protocol cisco
    ccm-manager music-on-hold
    ccm-manager config server ATD-CCM1 
    ccm-manager config
    mgcp
    mgcp call-agent 10.10.10.100 service-type mgcp version 0.1
    mgcp dtmf-relay voip codec all mode out-of-band
    mgcp rtp unreachable timeout 1000 action notify
    mgcp modem passthrough voip mode nse
    mgcp modem passthrough voip redundancy
    mgcp package-capability rtp-package
    mgcp package-capability sst-package
    mgcp package-capability pre-package
    mgcp default-package fxr-package
    no mgcp package-capability res-package
    no mgcp timer receive-rtcp
    mgcp sdp simple
    mgcp fax t38 inhibit
    no mgcp explicit hookstate
    mgcp rtp payload-type g726r16 static
    mgcp bind control source-interface GigabitEthernet0/0
    mgcp bind media source-interface GigabitEthernet0/0
    mgcp profile default
    dial-peer voice 999101 pots
    service mgcpapp
    port 1/0/1
    forward-digits all
    dial-peer voice 999102 pots
    service mgcpapp
    port 1/0/2
    forward-digits all
    dial-peer voice 999103 pots
      service mgcpapp
    port 1/0/3
    forward-digits all
    dial-peer voice 1 pots
    service mgcpapp
    incoming called-number .
    direct-inward-dial
    port 1/1/0:15
    forward-digits all
    dial-peer voice 999100 pots
    service mgcpapp
    port 1/0/0
    gateway
    timer receive-rtp 1200
    scheduler allocate 20000 1000
    ntp clock-period 17180351
    ntp update-calendar
    ntp server 10.10.10.9 source GigabitEthernet0/0
    end
    #sh controller e1
    E1 1/1/0 is up.
      Applique type is Channelized E1 - balanced
      No alarms detected.
      alarm-trigger is not set
      Version info Firmware: 20090113, FPGA: 20, spm_count = 0
      Framing is NO-CRC4, Line Code is HDB3, Clock Source is Line.
       Current port master clock:recovered from backplane
      Data in current interval (225 seconds elapsed):
         0 Line Code Violations, 0 Path Code Violations
         0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins
         0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
      Total Data (last 3 15 minute intervals):
         0 Line Code Violations, 0 Path Code Violations,
         0 Slip Secs, 0 Fr Loss Secs, 0 Line Err Secs, 0 Degraded Mins,
         0 Errored Secs, 0 Bursty Err Secs, 0 Severely Err Secs, 0 Unavail Secs
    #sh ccm-manager
    MGCP Domain Name: ATD-CCM-GW.xx.xxxx.xxx
    Priority        Status                   Host
    ============================================================
    Primary         Registered               10.10.10.100
    First Backup    None                    
    Second Backup   None                    
    Current active Call Manager:    10.10.10.100
    Backhaul/Redundant link port:   2428
    Failover Interval:              30 seconds
    Keepalive Interval:             15 seconds
    Last keepalive sent:            15:31:24 UTC Oct 19 2012 (elapsed time: 00:00:09)
    Last MGCP traffic time:         15:31:24 UTC Oct 19 2012 (elapsed time: 00:00:09)
    Last failover time:             None
    Last switchback time:           None
    Switchback mode:                Graceful
    MGCP Fallback mode:             Enabled/OFF
    Last MGCP Fallback start time:  None
    Last MGCP Fallback end time:    None
    MGCP Download Tones:            Disabled
    TFTP retry count to shut Ports: 2
    Backhaul Link info:
        Link Protocol:      TCP
        Remote Port Number: 2428
        Remote IP Address:  10.10.10.100
        Current Link State: OPEN
        Statistics:
            Packets recvd:   11
            Recv failures:   0
            Packets xmitted: 18
            Xmit failures:   0
        PRI Ports being backhauled:
            Slot 1, VIC 1, port 0
    Configuration Auto-Download Information
    =======================================
    Current version-id: 1350042385-8bfc9ed0-f85e-4435-8baf-3ad1ceefb55c
    Last config-downloaded:00:00:00
    Current state: Waiting for commands
    Configuration Download statistics:
               Download Attempted             : 1
                 Download Successful          : 1
                 Download Failed              : 0
                 TFTP Download Failed         : 0
               Configuration Attempted        : 1
                 Configuration Successful     : 1
                 Configuration Failed(Parsing): 0
                 Configuration Failed(config) : 0
    Last config download command: New Registration
    Configuration Error History:
    controller E1 1/1/0
    no pri-group timeslots 1-31
    FAX mode: disable
    #debug isdn q931
    #debug mgcp packet
    009112: Oct 20 12:48:50.374: MGCP Packet received from 10.10.10.100:2427--->
    CRCX 2359 S1/SU1/DS1-0/[email protected] MGCP 0.1
    C: D000000001fbf9aa000000F500000001
    X: 1f
    L: p:20, a:PCMU, s:off, t:00
    M: recvonly
    R: D/[0-9ABCD*#]
    Q: process,loop
    <---
    009113: Oct 20 12:48:50.382: MGCP Packet sent to 10.10.10.100:2427--->
    200 2359 OK
    I: 8
    v=0
    c=IN IP4 10.10.10.254
    m=audio 18274 RTP/AVP 0 100
    a=rtpmap:100 X-NSE/8000
    a=fmtp:100 192-194
    <---
    009114: Oct 20 12:48:50.386: ISDN Se1/1/0:15 Q931d: srl_send_l3_pak:
    source_id = CCM MANAGER 0x0003, dest_id = Q.921 0x0000, prim = DL_DATA_REQ 0x0240
    priv_len = 4 int_id = 0x4636A628 datasize = 64
    009115: Oct 20 12:48:50.386: ISDN Se1/1/0:15 Q931d: data =
    009116: Oct 20 12:48:50.386:           4636A628000000030240043800010000
    009117: Oct 20 12:48:50.386:           0802000105A104038090A31803A9839F
    009118: Oct 20 12:48:50.386:           280B526F6C616E64202D2049546C0601
    009119: Oct 20 12:48:50.386:           81313232307009803636393332313933
    009120: Oct 20 12:48:50.386:
    009121: Oct 20 12:48:50.434: MGCP Packet received from 10.10.10.100:2427--->
    MDCX 2360 S1/SU1/DS1-0/[email protected] MGCP 0.1
    C: D000000001fbf9aa000000F500000001
    I: 8
    X: 1f
    L: p:20, a:PCMU, s:off, t:b8, fxr/fx:t38
    M: recvonly
    R: D/[0-9ABCD*#]
    Q: process,loop
    <---
    009122: Oct 20 12:48:50.438: MGCP Packet sent to 10.10.10.100:2427--->
    510 2360 fx: setting cannot be supported
    <---
    009123: Oct 20 12:48:50.438: ISDN Se1/1/0:15 Q931d: srl_send_l3_pak:
    source_id = CCM MANAGER 0x0003, dest_id = Q.921 0x0000, prim = DL_DATA_REQ 0x0240
    priv_len = 4 int_id = 0x4636A628 datasize = 25
    009124: Oct 20 12:48:50.438: ISDN Se1/1/0:15 Q931d: data =
    009125: Oct 20 12:48:50.438:           4636A628000000030240043800010000
    009126: Oct 20 12:48:50.438:           0802000145080280AF
    009127: Oct 20 12:48:50.462: MGCP Packet received from 10.10.10.100:2427--->
    DLCX 2361 S1/SU1/DS1-0/[email protected] MGCP 0.1
    C: D000000001fbf9aa000000F500000001
    I: 8
    X: 1f
    S:
    <---
    ATD-CCM-GW#
    009128: Oct 20 12:48:50.478: MGCP Packet sent to 10.10.10.100:2427--->
    250 2361 OK
    P: PS=0, OS=0, PR=0, OR=0, PL=0, JI=0, LA=0
    <---
    009129: Oct 20 12:48:50.478: ISDN Se1/1/0:15 Q931d: srl_send_l3_pak:
    source_id = CCM MANAGER 0x0003, dest_id = Q.921 0x0000, prim = DL_DATA_REQ 0x0240
    priv_len = 4 int_id = 0x4636A628 datasize = 21
    009130: Oct 20 12:48:50.478: ISDN Se1/1/0:15 Q931d: data =
    009131: Oct 20 12:48:50.478:           4636A628000000030240043800010000
    009132: Oct 20 12:48:50.478:           080200015A
    ATD-CCM-GW#
    009133: Oct 20 12:49:03.002: MGCP Packet received from 10.10.10.100:2427--->
    CRCX 2362 S1/SU1/DS1-0/[email protected] MGCP 0.1
    C: D000000001fbf9ac000000F500000002
    X: 1e
    L: p:20, a:PCMU, s:off, t:b8, fxr/fx:t38
    M: recvonly
    R: D/[0-9ABCD*#]
    Q: process,loop
    <---
    #sh mgcp statistics
    UDP pkts rx 270, tx 270
    Unrecognized rx pkts 0, MGCP message parsing errors 0
    Duplicate MGCP ack tx 0, Invalid versions count 0
    CreateConn rx 10, successful 1, failed 9
    DeleteConn rx 1, successful 1, failed 0
    ModifyConn rx 1, successful 0, failed 1
    DeleteConn tx 0, successful 0, failed 0
    NotifyRequest rx 0, successful 0, failed 0
    AuditConnection rx 0, successful 0, failed 0
    AuditEndpoint rx 61, successful 61, failed 0
    RestartInProgress tx 4, successful 4, failed 0
    Notify tx 193, successful 193, failed 0
    ACK tx 63, NACK tx 10
    ACK rx 197, NACK rx 0
    IP address based Call Agents statistics:
    IP address 10.10.10.100, Total msg rx 270,
                      successful 260, failed 10
    System resource check is DISABLED. No available statistic
    DS0 Resource Statistics
    Utilization: 0.00 percent
    Total channels: 34
    Addressable channels: 34
    Inuse channels: 0
    Disabled channels: 0
    Free channels: 34
    sh controller e1
    #sh network-clocks
      Network Clock Configuration
      Priority      Clock Source    Clock State     Clock Type
         1          E1 1/1/0        GOOD            E1         
        10          Backplane       GOOD            PLL        
      Current Primary Clock Source
      Priority      Clock Source    Clock State     Clock Type
         1          E1 1/1/0        GOOD            E1     
    Thanks for your help

    The explanation for your syslog message is " The B-channel indicated by this alarm has gone out of service. Some of the more common reasons for a B-channel to go out of service include: Taking the channel out of service intentionally to perform maintenance on either the near- or far-end; MGCP gateway returns an error code 501 or 510 for a MGCP command sent from Cisco Unified Communications Manager (Unified CM); MGCP gateway doesn't respond to an MGCP command sent by Unified CM three times; a speed and duplex mismatch exists on the Ethernet port between Unified CM and the MGCP gateway"
    Recommended action:
    Check the Unified CM advanced service parameter, Change B-channel Maintenance Status to determine if the B-channel has been taken out of service intentionally; Check the Q.931 trace for PRI SERVICE message to determine whether a PSTN provider has taken the B-channel out of service; Reset the MGCP gateway; Check the speed and duplex settings on the Ethernet port.

  • Site to Site VPN Setup: Error processing payload: Payload ID: 1

    Hello,
    I am currently getting the error Error processing payload: Payload ID: 1 when attempting to connect an old RV082 (local) to an ASA5520 (in lab). I'm not really sure what is causing this, going through what I've found via Google hasn't really helped much and I was hoping one of you could point me in the right direction.
    I've attached a screen grab of the RV configuration and below is an (abridged) copy of the running config from the ASA. Any and all help would be amazing, I'm sure it's something simple that I'm overlooking but I just don;t have the experience with Cisco gear to nail it down. 
    Thank you very much!
    Result of the command: "show running-config"
    : Saved
    ASA Version 9.0(3) 
    hostname epath-asa02
    domain-name epathlearning.com
    enable password hqamp6WHO7djZ5fP encrypted
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    ip local pool REMOTE_VPN_POOL 192.168.5.201-192.168.5.205 mask 255.255.255.0
    interface GigabitEthernet0/0
     nameif outside
     security-level 0
     ip address xx.xx.xx.xx 255.255.255.254 
    interface GigabitEthernet0/1
     nameif inside
     security-level 100
     ip address 192.168.5.1 255.255.255.0 
    interface GigabitEthernet0/2
     nameif storage
     security-level 100
     ip address 192.168.6.1 255.255.255.0 
    interface GigabitEthernet0/3
     shutdown
     no nameif
     no security-level
     no ip address
    interface Management0/0
     shutdown
     no nameif
     no security-level
     no ip address
    boot system disk0:/asa903-k8.bin
    ftp mode passive
    clock timezone EST -5
    clock summer-time EDT recurring
    dns domain-lookup inside
    dns server-group DefaultDNS
     name-server 192.168.5.4
     name-server 8.8.8.8
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    pager lines 24
    logging enable
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu storage 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any outside
    icmp permit any inside
    asdm image disk0:/asdm-715-100.bin
    asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,inside) source static any any destination static NETWORK_OBJ_192.168.5.200_29 NETWORK_OBJ_192.168.5.200_29 no-proxy-arp route-lookup
    nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.5.200_29 NETWORK_OBJ_192.168.5.200_29 no-proxy-arp route-lookup
    nat (inside,outside) source static DMZ_Network DMZ_Network destination static NETWORK_OBJ_192.168.10.0_24 NETWORK_OBJ_192.168.10.0_24 no-proxy-arp route-lookup
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication telnet console LOCAL 
    aaa authentication ssh console LOCAL 
    http server enable
    http 192.168.5.0 255.255.255.0 inside
    http 0.0.0.0 0.0.0.0 outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac 
    crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
    crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac 
    crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
    crypto ipsec ikev2 ipsec-proposal DES
     protocol esp encryption des
     protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal 3DES
     protocol esp encryption 3des
     protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES
     protocol esp encryption aes
     protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES192
     protocol esp encryption aes-192
     protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES256
     protocol esp encryption aes-256
     protocol esp integrity sha-1 md5
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
    crypto map outside_map 1 match address outside_cryptomap
    crypto map outside_map 1 set peer 208.103.76.212 
    crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 1 set ikev2 ipsec-proposal DES 3DES AES AES192 AES256
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map inside_map interface inside
    crypto ca trustpoint _SmartCallHome_ServerCA
     crl configure
    crypto ca trustpoint ASDM_TrustPoint0
     enrollment self
     email [email protected]
     subject-name CN=xxxxxx
     serial-number
     ip-address xx.xx.xx.xx
     keypair xxxxxxxxxxxxxx
     proxy-ldc-issuer
     crl configure
    crypto ca trustpoint ASDM_TrustPoint1
     crl configure
    crypto ca trustpoint localtrust
     crl configure
    crypto ca trustpool policy
    crypto ca certificate chain _SmartCallHome_ServerCA
     certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
        308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130 
        0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117 
        30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b 
        13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504 
        0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72 
        20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56 
        65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043 
        65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31 
        30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b 
        30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20 
        496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65 
        74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420 
        68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329 
        3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365 
        63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7 
        0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597 
        a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10 
        9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc 
        7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b 
        15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845 
        63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8 
        18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced 
        4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f 
        81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201 
        db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868 
        7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101 
        ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8 
        45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777 
        2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a 
        1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406 
        03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973 
        69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403 
        02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969 
        6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b 
        c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973 
        69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30 
        1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603 
        551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355 
        1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609 
        2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80 
        4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e 
        b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a 
        6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc 
        481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16 
        b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0 
        5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8 
        6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28 
        6c2527b9 deb78458 c61f381e a4c4cb66
      quit
    crypto ca certificate chain ASDM_TrustPoint0
     certificate 825b0a53
        308202c0 30820229 a0030201 02020482 5b0a5330 0d06092a 864886f7 0d010105 
        05003072 31143012 06035504 03130b65 70617468 2d617361 3032315a 30120603 
        55040513 0b4a4d58 31343531 4c314139 30180609 2a864886 f70d0109 08130b36 
        342e3134 2e38362e 3432302a 06092a86 4886f70d 01090216 1d657061 74682d61 
        73613032 2e657061 74686c65 61726e69 6e672e63 6f6d301e 170d3134 30323235 
        32313232 35345a17 0d323430 32323332 31323235 345a3072 31143012 06035504 
        03130b65 70617468 2d617361 3032315a 30120603 55040513 0b4a4d58 31343531 
        4c314139 30180609 2a864886 f70d0109 08130b36 342e3134 2e38362e 3432302a 
        06092a86 4886f70d 01090216 1d657061 74682d61 73613032 2e657061 74686c65 
        61726e69 6e672e63 6f6d3081 9f300d06 092a8648 86f70d01 01010500 03818d00 
        30818902 818100b4 95aafc2d e42e5ae5 18bdaebb 757c1062 1a841b50 81fe1416 
        64477fdb e191122d 8ffd10e5 4e4259fd 3e7ee914 6ab0ef7f 1c6291b4 03400042 
        ea19a125 401a274e 7e123153 d1a20628 1f870ccd 8b53d059 0948c352 83555659 
        a6d8ea17 87c25e3e 68d1d910 6157f218 4720733f 533f5784 e740c252 79981a4b 
        c8cfa891 7469ef02 03010001 a3633061 300f0603 551d1301 01ff0405 30030101 
        ff300e06 03551d0f 0101ff04 04030201 86301f06 03551d23 04183016 8014b0c8 
        dcea285f e8e1df05 8cf6558a 44a4875a 32a5301d 0603551d 0e041604 14b0c8dc 
        ea285fe8 e1df058c f6558a44 a4875a32 a5300d06 092a8648 86f70d01 01050500 
        03818100 54840176 9be7ba91 9d2dfa04 b3bebc8a 77dac595 4abef8d0 1c277a28 
        ea3cbbc9 65375d40 788f1349 e996d0a9 2f6923ef b47713a5 e5d2a03e 557b2a0d 
        c3042510 0c2d2a86 2c20aa31 71c38e1c 1f4227ad c676ffeb 684dfde4 d85a0ee8 
        06ecc072 fe261a36 58ee85cb c5b16004 adebae26 8105605a c6efed38 0c43acfd 
        acb0c31d
      quit
    crypto ikev2 policy 1
     encryption aes-256
     integrity sha
     group 5 2
     prf sha
     lifetime seconds 86400
    crypto ikev2 policy 10
     encryption aes-192
     integrity sha
     group 5 2
     prf sha
     lifetime seconds 86400
    crypto ikev2 policy 20
     encryption aes
     integrity sha
     group 5 2
     prf sha
     lifetime seconds 86400
    crypto ikev2 policy 30
     encryption 3des
     integrity sha
     group 5 2
     prf sha
     lifetime seconds 86400
    crypto ikev2 policy 40
     encryption des
     integrity sha
     group 5 2
     prf sha
     lifetime seconds 86400
    crypto ikev2 enable outside client-services port 443
    crypto ikev2 enable inside
    crypto ikev2 remote-access trustpoint ASDM_TrustPoint0
    crypto ikev1 enable outside
    crypto ikev1 enable inside
    crypto ikev1 policy 5
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    crypto ikev1 policy 10
     authentication pre-share
     encryption des
     hash sha
     group 2
     lifetime 86400
    telnet 192.168.5.3 255.255.255.255 inside
    telnet timeout 5
    ssh scopy enable
    ssh 192.168.5.0 255.255.255.0 inside
    ssh timeout 60
    console timeout 0
    management-access inside
    dhcp-client update dns server both
    dhcpd address 192.168.5.100-192.168.5.120 inside
    dhcpd dns 192.168.5.4 8.8.4.4 interface inside
    dhcpd update dns both override interface inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ntp server 12.10.191.251 source outside prefer
    ssl trust-point ASDM_TrustPoint0 outside
    ssl trust-point ASDM_TrustPoint0 inside
    webvpn
     enable outside
     enable inside
     anyconnect image disk0:/anyconnect-win-3.1.05152-k9.pkg 1
     anyconnect image disk0:/anyconnect-macosx-i386-3.1.05152-k9.pkg 2
     anyconnect image disk0:/anyconnect-linux-64-3.1.05152-k9.pkg 3
     anyconnect profiles Production_client_profile disk0:/Production_client_profile.xml
     anyconnect enable
     tunnel-group-list enable
    group-policy DefaultRAGroup internal
    group-policy DefaultRAGroup attributes
     dns-server value 8.8.8.8 8.8.4.4
     vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec 
     default-domain value 
    group-policy DfltGrpPolicy attributes
     dns-server value 8.8.8.8
     vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
    group-policy GroupPolicy_Production internal
    group-policy GroupPolicy_Production attributes
     wins-server none
     dns-server value 8.8.8.8
     vpn-tunnel-protocol ikev2 ssl-client 
     default-domain value 
     webvpn
      anyconnect profiles value Production_client_profile type user
    group-policy GroupPolicy_208.103.76.212 internal
    group-policy GroupPolicy_208.103.76.212 attributes
     vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec 
    username zzzzzzzzzzzzzz password pwoiKxeLmKvYDJf5 encrypted
    username root password nSkWYNJFu52Wl56e encrypted
    tunnel-group DefaultL2LGroup ipsec-attributes
     ikev1 pre-shared-key *****
     ikev2 remote-authentication pre-shared-key *****
     ikev2 local-authentication pre-shared-key *****
    tunnel-group DefaultRAGroup general-attributes
     address-pool REMOTE_VPN_POOL
     default-group-policy DefaultRAGroup
    tunnel-group DefaultRAGroup ipsec-attributes
     ikev1 pre-shared-key *****
    tunnel-group DefaultRAGroup ppp-attributes
     authentication ms-chap-v2
    tunnel-group DefaultWEBVPNGroup general-attributes
     address-pool REMOTE_VPN_POOL
     authorization-server-group LOCAL
     dhcp-server 192.168.5.1
     authorization-required
    tunnel-group Production type remote-access
    tunnel-group Production general-attributes
     address-pool REMOTE_VPN_POOL
     default-group-policy GroupPolicy_Production
     strip-realm
     strip-group
    tunnel-group Production webvpn-attributes
     group-alias Production enable
    tunnel-group 208.103.xxx.xxx type ipsec-l2l
    tunnel-group 208.103.xxx.xxx general-attributes
     default-group-policy GroupPolicy_208.103.xxx.xxx
    tunnel-group 208.103.xxx.xxx ipsec-attributes
     ikev1 pre-shared-key *****
     ikev2 remote-authentication pre-shared-key *****
     ikev2 local-authentication pre-shared-key *****
    class-map inspection_default
     match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
     parameters
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map 
      inspect ftp 
      inspect h323 h225 
      inspect h323 ras 
      inspect netbios 
      inspect rsh 
      inspect rtsp 
      inspect skinny  
      inspect esmtp 
      inspect sqlnet 
      inspect sunrpc 
      inspect tftp 
      inspect sip  
      inspect xdmcp 
      inspect ip-options 
      inspect icmp 
    service-policy global_policy global
    prompt hostname context 
    service call-home
    call-home reporting anonymous
    call-home
     contact-email-addr [email protected]
     profile CiscoTAC-1
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:9f04ecc9900e65a838e26d06af93a5be
    : end

    Hello,
    It seems you are establishing ikev1 site to site vpn to linksys router.
    On linksys router you have configured phase 1 policy to use aes-256, g5 and sha-1 where as non of the ikev1 policy on asa match matchs with it. Configure ikev1 policy to match the parameters on ASA.
    crypto ikev1 policy 15
     authentication pre-share
     encryption aes-256
     hash sha
     group 5
    HTH
    "Please rate helpful posts"

  • Getting 413 errors on a 5505 firewall.

         I am very new to Cisco 5505 firewalls and have been trying to troubleshoot a VPN connectivity issue over the past few days. Recently the AT&T router was tested and nothing is being blocked from it. Since I do not know much about the firewall, I am unsure if there is an issue with the config or if the problem lies elsewhere. When I initially log in into the firewall I noticed that the DMZ interface shows Line down, Link down. The other interfaces, inside and outside, both show up, up. I am not sure if the DMZ should show down, down or not. I was not the tech that set this firewall up so checking the config really does not tell me much as I am unfamiliar with what I am looking at. The config has been posted below. Any help would be greatly appreciated!!
    : Saved
    ASA Version 8.2(5)
    hostname xxxfw01
    domain-name xxxxxx.lcl
    enable password zgDyB1JJR5jIt22C encrypted
    passwd 5nswNE6Ndj.ogXD4 encrypted
    names
    name 192.168.1.30 ideacom-adtran-router
    name 12.179.58.67 outside-voip
    name 10.0.4.0 inside-secondary
    name 10.0.0.0 inside-primary
    name 12.179.58.68 outside-secondary1
    name 12.179.58.69 outside-secondary2
    name 12.179.58.70 outside-secondary3
    name 192.9.200.0 inside-old
    name 12.179.58.71 outside-secondary4
    name 12.179.58.72 outside-secondary5
    name 12.179.58.73 outside-secondary6
    name 12.179.58.74 outside-secondary7
    name 12.179.58.75 outside-secondary8
    name 12.179.58.126 outside-web-server
    name 12.179.58.76 ouside-secondary9
    name 12.179.58.77 outside-secondary10
    name 12.179.58.78 outside-secondary11
    name 12.179.58.79 outside-secondary12
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    switchport access vlan 2
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    switchport access vlan 2
    interface Ethernet0/6
    switchport access vlan 2
    interface Ethernet0/7
    switchport access vlan 3
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.0.1.11 255.255.255.0
    ospf cost 10
    interface Vlan2
    nameif outside
    security-level 0
    ip address 12.179.58.66 255.255.255.192
    ospf cost 10
    interface Vlan3
    no forward interface Vlan1
    nameif dmz
    security-level 50
    ip address 192.168.1.10 255.255.255.0
    ospf cost 10
    pim accept-register list PIM_ACCPTREG_ACL
    banner motd ATTENTION:
    banner motd You are about to log into a private network. Unauthorized access is strictly prohibited.
    banner motd Any attempts to do so will result in prosecution to the fullest extent of the law.
    banner asdm ATTENTION:
    banner asdm You are about to log into a private network. Unauthorized access is strictly prohibited.
    banner asdm Any attempts to do so will result in prosecution to the fullest extent of the law.
    boot system disk0:/asa825-k8.bin
    ftp mode passive
    clock timezone CST -6
    clock summer-time CDT recurring
    dns domain-lookup inside
    dns server-group DefaultDNS
    name-server 10.0.2.106
    name-server 10.0.2.57
    domain-name xxxxxxx.lcl
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network outside-ideacom-voip
    network-object host 204.14.39.36
    network-object host 204.16.49.4
    network-object host 204.16.53.4
    network-object host 204.16.57.4
    object-group service ideacom-tcp-voip tcp
    port-object range h323 1728
    port-object range sip 5061
    object-group service ideacom-udp-voip udp
    port-object range 1024 65535
    object-group network outside-secondary-range
    network-object host outside-secondary1
    network-object host outside-secondary2
    network-object host outside-secondary3
    network-object host outside-secondary4
    object-group icmp-type DM_INLINE_ICMP_1
    icmp-object echo
    icmp-object echo-reply
    access-list PIM_ACCPTREG_ACL extended permit ip 12.179.58.64 255.255.255.192 10.0.1.0 255.255.255.0 inactive
    access-list inside_nat_outbound extended permit ip inside-secondary 255.255.255.0 any
    access-list outside_access_in extended permit tcp object-group outside-ideacom-voip host ideacom-adtran-router object-group ideacom-tcp-voip inactive
    access-list outside_access_in extended permit udp object-group outside-ideacom-voip host ideacom-adtran-router object-group ideacom-udp-voip inactive
    access-list outside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1
    access-list xxxxxxx-VPN_splitTunnelAcl standard permit inside-primary 255.255.0.0
    access-list inside_nat0_outbound extended permit ip inside-primary 255.255.0.0 10.1.1.0 255.255.255.0
    access-list DefaultRAGroup_splitTunnelAcl standard permit inside-primary 255.255.0.0
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu dmz 1500
    ip local pool VPN-Pool 10.1.1.1-10.1.1.253 mask 255.255.255.0
    ip verify reverse-path interface outside
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-631.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 2 outside-secondary1-outside-secondary12 netmask 255.0.0.0
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 2 access-list inside_nat_outbound norandomseq
    nat (inside) 1 inside-primary 255.255.0.0
    static (dmz,outside) outside-voip ideacom-adtran-router netmask 255.255.255.255 norandomseq
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 12.179.58.65 1
    route inside inside-primary 255.255.0.0 10.0.1.10 1
    timeout xlate 0:20:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server RADIUS protocol radius
    aaa-server RADIUS (inside) host 10.0.2.106
    key *****
    aaa authentication telnet console LOCAL
    aaa authentication ssh console LOCAL
    http server enable
    http inside-primary 255.255.0.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    snmp-server enable traps entity config-change
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map outside_dyn_map 20 set pfs
    crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-128-SHA ESP-3DES-SHA
    crypto dynamic-map outside_dyn_map 20 set reverse-route
    crypto dynamic-map outside_dyn_map 40 set pfs group1
    crypto dynamic-map outside_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map interface outside
    crypto map dmz_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map dmz_map interface dmz
    crypto ca server
    shutdown
    crypto isakmp enable outside
    crypto isakmp enable dmz
    crypto isakmp policy 10
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 20
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh inside-primary 255.255.0.0 inside
    ssh timeout 5
    ssh version 2
    console timeout 10
    dhcpd auto_config outside
    threat-detection basic-threat
    threat-detection statistics host
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    ntp server 76.169.237.141 source outside
    ntp server 69.31.13.15 source outside
    ntp server 66.187.224.4 source outside
    ntp server 10.0.2.106 source inside prefer
    ntp server 75.13.24.211 source outside
    ntp server 216.70.13.134 source outside
    ntp server 66.102.105.230 source outside
    ntp server 207.5.137.134 source outside
    ntp server 66.93.39.87 source outside
    ntp server 63.111.165.21 source outside
    ntp server 67.52.51.34 source outside
    ntp server 72.25.103.52 source outside
    ntp server 72.3.133.147 source outside
    ntp server 72.1.138.113 source outside
    ntp server 68.227.90.101 source outside
    webvpn
    group-policy DefaultRAGroup internal
    group-policy DefaultRAGroup attributes
    dns-server value 10.0.2.106 10.0.2.56
    vpn-tunnel-protocol l2tp-ipsec
    split-tunnel-policy tunnelall
    split-tunnel-network-list none
    default-domain value xxxxxxx.lcl
    group-policy DfltGrpPolicy attributes
    group-lock value DefaultWEBVPNGroup
    group-policy xxxxxxx-VPN internal
    group-policy xxxxxxx-VPN attributes
    dns-server value 10.0.2.106 10.0.2.56
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value xxxxxxx-VPN_splitTunnelAcl
    default-domain value hlgroup.lcl
    username hlgvpn password GAfBJJMk5EnKUdM+KyBXfQ== nt-encrypted
    username hlgvpn attributes
    vpn-group-policy DefaultRAGroup
    username admin password tU0js1787OyO3ldQ encrypted privilege 15
    tunnel-group DefaultRAGroup general-attributes
    address-pool VPN-Pool
    default-group-policy DefaultRAGroup
    tunnel-group DefaultRAGroup ipsec-attributes
    pre-shared-key *****
    tunnel-group DefaultRAGroup ppp-attributes
    authentication pap
    authentication ms-chap-v2
    tunnel-group xxxxxxx-VPN type remote-access
    tunnel-group xxxxxxx-VPN general-attributes
    address-pool VPN-Pool
    authentication-server-group RADIUS
    default-group-policy xxxxxxx-VPN
    password-management
    tunnel-group xxxxxxx-VPN ipsec-attributes
    pre-shared-key *****
    tunnel-group xxxxxxx-VPN ppp-attributes
    no authentication chap
    no authentication ms-chap-v1
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect netbios
    inspect tftp
    inspect icmp
    inspect icmp error
    inspect ctiqbe
    inspect dcerpc
    inspect dns
    inspect ils
    inspect ipsec-pass-thru
    inspect mgcp
    inspect pptp
    inspect snmp
    inspect waas
    inspect sip
    inspect ip-options
    service-policy global_policy global
    prompt hostname context
    call-home
    profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:ca21fc44d2f9d0485564fb474bceeb51
    : end
    asdm image disk0:/asdm-631.bin
    asdm location ideacom-adtran-router 255.255.255.255 inside
    asdm location outside-voip 255.255.255.255 inside
    asdm location outside-secondary1 255.255.255.255 inside
    asdm location inside-secondary 255.255.255.0 inside
    asdm location inside-primary 255.255.0.0 inside
    asdm location outside-secondary2 255.255.255.255 inside
    asdm location outside-secondary3 255.255.255.255 inside
    asdm location outside-secondary4 255.255.255.255 inside
    asdm location outside-secondary5 255.255.255.255 inside
    asdm location outside-secondary6 255.255.255.255 inside
    asdm location outside-secondary7 255.255.255.255 inside
    asdm location outside-secondary8 255.255.255.255 inside
    asdm location outside-web-server 255.255.255.255 inside
    asdm location ouside-secondary9 255.255.255.255 inside
    asdm location outside-secondary10 255.255.255.255 inside
    asdm location outside-secondary11 255.255.255.255 inside
    asdm location outside-secondary12 255.255.255.255 inside
    no asdm history enable

    Has this VPN setup ever worked prior to you taking over?  If so, do you know of any changes that have been don't to the firewall configuration that could possibly have caused the issue?
    Another thing to check out is why the DMZ interface is enabled for VPN.
    I suggest making the following change and then test to see if the VPN comes up
    no crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    If that solves the problem, next I would check your company's security policy to see if they require a Diffie Hellman group to be used during phase 2 of the VPN setup.
    Please remember to select a correct answer and rate helpful posts

  • CUOM error when trying to poll performance data from IPCC Express

    Hi Network Professionals,
    Using CUOM 2.1 SP1 I get an error when trying to access the Performance menu for a IPCC Express Server in the Service Level View.
    Error Message:
    Performance polling is not supported for the current capability.
    The server is fully monitored and I get enviroment, system, interface and application information.
    I the Polling Parameters menu (Voice Utilization Settings) the only parameter listed is "Communication Manager and Registred MGCP Gateway Utilization".
    The IPCC Express version is 5.0.(2)SR01_Build045.
    Is anything missing on the IPCC server? I have only configured it with SNMP.
    Kind Regards
    Johnny Olsen

    hi teresa.
    well I bother you because I have a problem similar to that raised earlier, I have a vm INTAL CUOM 2.1 SP1 and the problem is that computers add-in-law his administration IPCC view the service level ... but when I fall into a custom group created the group and add the teams the same ip ipcc already visible, in my group I want to generate displays custom cloud but do not show me the equipment, except that I want to add IVR servers and I do not under any circumstances the samples .. lso probe and reset everything and anything related services, install the SP! and nothing. Can you help me with this or if I recommend CUOM up version of the 2.3 that I could not even see the difference with 2.1 CUOM thanks greetings

  • AnyConnect error " User not authorized for AnyConnect Client access, contact your administrator"

    Hi everyone,
    it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
    Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
    : Saved
    ASA Version 9.1(1)
    hostname ASA
    domain-name ingo.local
    enable password ... encrypted
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    passwd ... encrypted
    names
    name 10.0.1.0 LAN-10-0-1-x
    dns-guard
    ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    nameif Internal
    security-level 100
    ip address 10.0.1.254 255.255.255.0
    interface Vlan2
    nameif External
    security-level 0
    ip address dhcp setroute
    regex BlockFacebook "facebook.com"
    banner login This is a monitored system. Unauthorized access is prohibited.
    boot system disk0:/asa911-k8.bin
    ftp mode passive
    clock timezone PST -8
    clock summer-time PDT recurring
    dns domain-lookup Internal
    dns domain-lookup External
    dns server-group DefaultDNS
    name-server 10.0.1.11
    name-server 75.153.176.1
    name-server 75.153.176.9
    domain-name ingo.local
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network LAN-10-0-1-x
    subnet 10.0.1.0 255.255.255.0
    object network Company-IP1
    host xxx.xxx.xxx.xxx
    object network Company-IP2
    host xxx.xxx.xxx.xxx
    object network HYPER-V-DUAL-IP
    range 10.0.1.1 10.0.1.2
    object network LAN-10-0-1-X
    access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
    access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
    access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389 
    tcp-map Normalizer
      check-retransmission
      checksum-verification
    no pager
    logging enable
    logging timestamp
    logging list Threats message 106023
    logging list Threats message 106100
    logging list Threats message 106015
    logging list Threats message 106021
    logging list Threats message 401004
    logging buffered errors
    logging trap Threats
    logging asdm debugging
    logging device-id hostname
    logging host Internal 10.0.1.11 format emblem
    logging ftp-bufferwrap
    logging ftp-server 10.0.1.11 / asa *****
    logging permit-hostdown
    mtu Internal 1500
    mtu External 1500
    ip verify reverse-path interface Internal
    ip verify reverse-path interface External
    icmp unreachable rate-limit 1 burst-size 1
    icmp deny any echo External
    asdm image disk0:/asdm-711.bin
    no asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    object network obj_any
    nat (Internal,External) dynamic interface
    object network LAN-10-0-1-x
    nat (Internal,External) dynamic interface
    object network HYPER-V-DUAL-IP
    nat (Internal,External) static interface service tcp 3389 3389
    access-group 100 in interface External
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server radius protocol radius
    aaa-server radius (Internal) host 10.0.1.11
    key *****
    radius-common-pw *****
    user-identity default-domain LOCAL
    aaa authentication ssh console radius LOCAL
    http server enable
    http LAN-10-0-1-x 255.255.255.0 Internal
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec ikev2 ipsec-proposal DES
    protocol esp encryption des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal 3DES
    protocol esp encryption 3des
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES
    protocol esp encryption aes
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES192
    protocol esp encryption aes-192
    protocol esp integrity sha-1 md5
    crypto ipsec ikev2 ipsec-proposal AES256
    protocol esp encryption aes-256
    protocol esp integrity sha-1 md5
    crypto ipsec security-association pmtu-aging infinite
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
    crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map External_map interface External
    crypto ca trustpoint srv01_trustpoint
    enrollment terminal
    crl configure
    crypto ca trustpoint asa_cert_trustpoint
    keypair asa_cert_trustpoint
    crl configure
    crypto ca trustpoint LOCAL-CA-SERVER
    keypair LOCAL-CA-SERVER
    crl configure
    crypto ca trustpool policy
    crypto ca server
    cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
    issuer-name CN=...
    database path disk0:/LOCAL_CA_SERVER/
    smtp from-address ...
    publish-crl External 44436
    crypto ca certificate chain srv01_trustpoint
    certificate <output omitted>
      quit
    crypto ca certificate chain asa_cert_trustpoint
    certificate <output omitted>
      quit
    crypto ca certificate chain LOCAL-CA-SERVER
    certificate <output omitted>
      quit
    crypto ikev2 policy 1
    encryption aes-256
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 10
    encryption aes-192
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 20
    encryption aes
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 30
    encryption 3des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 policy 40
    encryption des
    integrity sha
    group 5 2
    prf sha
    lifetime seconds 86400
    crypto ikev2 enable External client-services port 44455
    crypto ikev2 remote-access trustpoint asa_cert_trustpoint
    telnet timeout 5
    ssh LAN-10-0-1-x 255.255.255.0 Internal
    ssh xxx.xxx.xxx.xxx 255.255.255.255 External
    ssh xxx.xxx.xxx.xxx 255.255.255.255 External
    ssh timeout 5
    ssh version 2
    console timeout 0
    no vpn-addr-assign aaa
    no ipv6-vpn-addr-assign aaa
    no ipv6-vpn-addr-assign local
    dhcpd dns 75.153.176.9 75.153.176.1
    dhcpd domain ingo.local
    dhcpd option 3 ip 10.0.1.254
    dhcpd address 10.0.1.50-10.0.1.81 Internal
    dhcpd enable Internal
    threat-detection basic-threat
    threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    dynamic-filter use-database
    dynamic-filter enable interface Internal
    dynamic-filter enable interface External
    dynamic-filter drop blacklist interface Internal
    dynamic-filter drop blacklist interface External
    ntp server 128.233.3.101 source External
    ntp server 128.233.3.100 source External prefer
    ntp server 204.152.184.72 source External
    ntp server 192.6.38.127 source External
    ssl encryption aes256-sha1 aes128-sha1 3des-sha1
    ssl trust-point asa_cert_trustpoint External
    webvpn
    port 44433
    enable External
    dtls port 44433
    anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
    anyconnect profiles profile1 disk0:/profile1.xml
    anyconnect enable
    smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
    smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
    group-policy DfltGrpPolicy attributes
    vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
    webvpn
      anyconnect profiles value profile1 type user
    username write.ingo password ... encrypted
    username ingo password ... encrypted privilege 15
    username tom.tucker password ... encrypted
    class-map TCP
    match port tcp range 1 65535
    class-map type regex match-any BlockFacebook
    match regex BlockFacebook
    class-map type inspect http match-all BlockDomains
    match request header host regex class BlockFacebook
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 1500
      id-randomization
    policy-map TCP
    class TCP
      set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
      set connection timeout dcd
      set connection advanced-options Normalizer
      set connection decrement-ttl
    policy-map type inspect http HTTP
    parameters
      protocol-violation action drop-connection log
    class BlockDomains
    policy-map global_policy
    class inspection_default
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
      inspect dns preset_dns_map dynamic-filter-snoop
      inspect http HTTP
    service-policy global_policy global
    service-policy TCP interface External
    smtp-server 199.185.220.249
    privilege cmd level 3 mode exec command perfmon
    privilege cmd level 3 mode exec command ping
    privilege cmd level 3 mode exec command who
    privilege cmd level 3 mode exec command logging
    privilege cmd level 3 mode exec command failover
    privilege cmd level 3 mode exec command vpn-sessiondb
    privilege cmd level 3 mode exec command packet-tracer
    privilege show level 5 mode exec command import
    privilege show level 5 mode exec command running-config
    privilege show level 3 mode exec command reload
    privilege show level 3 mode exec command mode
    privilege show level 3 mode exec command firewall
    privilege show level 3 mode exec command asp
    privilege show level 3 mode exec command cpu
    privilege show level 3 mode exec command interface
    privilege show level 3 mode exec command clock
    privilege show level 3 mode exec command dns-hosts
    privilege show level 3 mode exec command access-list
    privilege show level 3 mode exec command logging
    privilege show level 3 mode exec command vlan
    privilege show level 3 mode exec command ip
    privilege show level 3 mode exec command failover
    privilege show level 3 mode exec command asdm
    privilege show level 3 mode exec command arp
    privilege show level 3 mode exec command ipv6
    privilege show level 3 mode exec command route
    privilege show level 3 mode exec command ospf
    privilege show level 3 mode exec command aaa-server
    privilege show level 3 mode exec command aaa
    privilege show level 3 mode exec command eigrp
    privilege show level 3 mode exec command crypto
    privilege show level 3 mode exec command ssh
    privilege show level 3 mode exec command vpn-sessiondb
    privilege show level 3 mode exec command vpnclient
    privilege show level 3 mode exec command vpn
    privilege show level 3 mode exec command dhcpd
    privilege show level 3 mode exec command blocks
    privilege show level 3 mode exec command wccp
    privilege show level 3 mode exec command dynamic-filter
    privilege show level 3 mode exec command webvpn
    privilege show level 3 mode exec command service-policy
    privilege show level 3 mode exec command module
    privilege show level 3 mode exec command uauth
    privilege show level 3 mode exec command compression
    privilege show level 3 mode configure command interface
    privilege show level 3 mode configure command clock
    privilege show level 3 mode configure command access-list
    privilege show level 3 mode configure command logging
    privilege show level 3 mode configure command ip
    privilege show level 3 mode configure command failover
    privilege show level 5 mode configure command asdm
    privilege show level 3 mode configure command arp
    privilege show level 3 mode configure command route
    privilege show level 3 mode configure command aaa-server
    privilege show level 3 mode configure command aaa
    privilege show level 3 mode configure command crypto
    privilege show level 3 mode configure command ssh
    privilege show level 3 mode configure command dhcpd
    privilege show level 5 mode configure command privilege
    privilege clear level 3 mode exec command dns-hosts
    privilege clear level 3 mode exec command logging
    privilege clear level 3 mode exec command arp
    privilege clear level 3 mode exec command aaa-server
    privilege clear level 3 mode exec command crypto
    privilege clear level 3 mode exec command dynamic-filter
    privilege cmd level 3 mode configure command failover
    privilege clear level 3 mode configure command logging
    privilege clear level 3 mode configure command arp
    privilege clear level 3 mode configure command crypto
    privilege clear level 3 mode configure command aaa-server
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
    : end
    Many thanks,
    Ingo

    Hi Jose,
    here is what I got now:
    ASA(config)# sh run | begin tunnel-group
    tunnel-group DefaultWEBVPNGroup general-attributes
    address-pool VPNPool
    authorization-required
    and DAP debugging still the same:
    ASA(config)# DAP_TRACE: DAP_open: CDC45080
    DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
    DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
    DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
    DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
    DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
    DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
    DAP_TRACE: Username: tom.tucker, DAP_add_AC:
    endpoint.anyconnect.clientversion="3.1.02026";
    endpoint.anyconnect.platform="win";
    DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
    DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
    DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
    Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
    Thanks,
    Ingo

  • %ASA-7-710005: TCP request discarded error in Client to Site VPN in CISCO ASA 5510

    Hi Friends,
    I'm trying to built client to site VPN in CISCO ASA 5510 8.4(4) and getting below error while connecting cisco VPN client software. Also, I'm getting below log in ASA. Please help me to reslove.
    Error in CISCO VPN Client Software:
    Secure VPN Connection Terminated locally by the client.
    Reason : 414 : Failed to establish a TCP connection.
    Error in CISCO ASA 5510
    %ASA-7-710005: TCP request discarded from <Public IP> /49276 to outside:<Outside Interface IP of my ASA> /10000
    ASA Configuration:
    XYZ# sh run
    : Saved
    ASA Version 8.4(4)
    hostname XYZ
    domain-name XYZ
    enable password 3uLkVc9JwRA1/OXb level 3 encrypted
    enable password R/x90UjisGVJVlh2 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
    nameif outside_rim
    security-level 0
    ip address 1.1.1.1 255.255.255.252
    interface Ethernet0/1
    duplex full
    nameif XYZ_DMZ
    security-level 50
    ip address 172.1.1.1 255.255.255.248
    interface Ethernet0/2
    speed 100
    duplex full
    nameif outside
    security-level 0
    ip address 2.2.2.2 255.255.255.252
    interface Ethernet0/3
    speed 100
    duplex full
    nameif inside
    security-level 100
    ip address 3.3.3.3 255.255.255.224
    interface Management0/0
    shutdown
    no nameif
    no security-level
    no ip address
    boot system disk0:/asa844-k8.bin
    ftp mode passive
    dns domain-lookup outside
    dns server-group DefaultDNS
    name-server xx.xx.xx.xx
    name-server xx.xx.xx.xx
    name-server xx.xx.xx.xx
    name-server xx.xx.xx.xx
    domain-name XYZ
    object network obj-172.17.10.3
    host 172.17.10.3
    object network obj-10.1.134.0
    subnet 10.1.134.0 255.255.255.0
    object network obj-208.75.237.0
    subnet 208.75.237.0 255.255.255.0
    object network obj-10.7.0.0
    subnet 10.7.0.0 255.255.0.0
    object network obj-172.17.2.0
    subnet 172.17.2.0 255.255.255.0
    object network obj-172.17.3.0
    subnet 172.17.3.0 255.255.255.0
    object network obj-172.19.2.0
    subnet 172.19.2.0 255.255.255.0
    object network obj-172.19.3.0
    subnet 172.19.3.0 255.255.255.0
    object network obj-172.19.7.0
    subnet 172.19.7.0 255.255.255.0
    object network obj-10.1.0.0
    subnet 10.1.0.0 255.255.0.0
    object network obj-10.2.0.0
    subnet 10.2.0.0 255.255.0.0
    object network obj-10.3.0.0
    subnet 10.3.0.0 255.255.0.0
    object network obj-10.4.0.0
    subnet 10.4.0.0 255.255.0.0
    object network obj-10.6.0.0
    subnet 10.6.0.0 255.255.0.0
    object network obj-10.9.0.0
    subnet 10.9.0.0 255.255.0.0
    object network obj-10.11.0.0
    subnet 10.11.0.0 255.255.0.0
    object network obj-10.12.0.0
    subnet 10.12.0.0 255.255.0.0
    object network obj-172.19.1.0
    subnet 172.19.1.0 255.255.255.0
    object network obj-172.21.2.0
    subnet 172.21.2.0 255.255.255.0
    object network obj-172.16.2.0
    subnet 172.16.2.0 255.255.255.0
    object network obj-10.19.130.201
    host 10.19.130.201
    object network obj-172.30.2.0
    subnet 172.30.2.0 255.255.255.0
    object network obj-172.30.3.0
    subnet 172.30.3.0 255.255.255.0
    object network obj-172.30.7.0
    subnet 172.30.7.0 255.255.255.0
    object network obj-10.10.1.0
    subnet 10.10.1.0 255.255.255.0
    object network obj-10.19.130.0
    subnet 10.19.130.0 255.255.255.0
    object network obj-XXXXXXXX
    host XXXXXXXX
    object network obj-145.248.194.0
    subnet 145.248.194.0 255.255.255.0
    object network obj-10.1.134.100
    host 10.1.134.100
    object network obj-10.9.124.100
    host 10.9.124.100
    object network obj-10.1.134.101
    host 10.1.134.101
    object network obj-10.9.124.101
    host 10.9.124.101
    object network obj-10.1.134.102
    host 10.1.134.102
    object network obj-10.9.124.102
    host 10.9.124.102
    object network obj-115.111.99.133
    host 115.111.99.133
    object network obj-10.8.108.0
    subnet 10.8.108.0 255.255.255.0
    object network obj-115.111.99.129
    host 115.111.99.129
    object network obj-195.254.159.133
    host 195.254.159.133
    object network obj-195.254.158.136
    host 195.254.158.136
    object network obj-209.164.192.0
    subnet 209.164.192.0 255.255.224.0
    object network obj-209.164.208.19
    host 209.164.208.19
    object network obj-209.164.192.126
    host 209.164.192.126
    object network obj-10.8.100.128
    subnet 10.8.100.128 255.255.255.128
    object network obj-115.111.99.130
    host 115.111.99.130
    object network obj-10.10.0.0
    subnet 10.10.0.0 255.255.0.0
    object network obj-115.111.99.132
    host 115.111.99.132
    object network obj-10.10.1.45
    host 10.10.1.45
    object network obj-10.99.132.0
    subnet 10.99.132.0 255.255.255.0
    object-group network Serversubnet
    network-object 10.10.1.0 255.255.255.0
    network-object 10.10.5.0 255.255.255.192
    object-group network XYZ_destinations
    network-object 10.1.0.0 255.255.0.0
    network-object 10.2.0.0 255.255.0.0
    network-object 10.3.0.0 255.255.0.0
    network-object 10.4.0.0 255.255.0.0
    network-object 10.6.0.0 255.255.0.0
    network-object 10.7.0.0 255.255.0.0
    network-object 10.11.0.0 255.255.0.0
    network-object 10.12.0.0 255.255.0.0
    network-object 172.19.1.0 255.255.255.0
    network-object 172.19.2.0 255.255.255.0
    network-object 172.19.3.0 255.255.255.0
    network-object 172.19.7.0 255.255.255.0
    network-object 172.17.2.0 255.255.255.0
    network-object 172.17.3.0 255.255.255.0
    network-object 172.16.2.0 255.255.255.0
    network-object 172.16.3.0 255.255.255.0
    network-object host 10.50.2.206
    object-group network XYZ_us_admin
    network-object 10.3.1.245 255.255.255.255
    network-object 10.5.33.7 255.255.255.255
    network-object 10.211.5.7 255.255.255.255
    network-object 10.3.33.7 255.255.255.255
    network-object 10.211.3.7 255.255.255.255
    object-group network XYZ_blr_networkdevices
    network-object 10.200.10.0 255.255.255.0
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.21
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host 172.16.2.22
    access-list XYZ extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
    access-list XYZ_PAT extended permit ip 10.19.130.0 255.255.255.0 any
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.159.133
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 195.254.158.136
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 any
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 209.164.192.0 255.255.224.0
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.208.19
    access-list XYZ_PAT extended permit ip 10.1.134.0 255.255.255.0 host 209.164.192.126
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
    access-list nonat extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
    access-list nonat extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
    access-list nonat extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
    access-list nonat extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
    access-list nonat extended permit ip object-group Serversubnet object-group XYZ_destinations
    access-list nonat extended permit ip 10.10.1.0 255.255.255.0 10.2.0.0 255.255.0.0
    access-list nonat extended permit ip 10.19.130.0 255.255.255.0 host XXXXXXXX
    access-list nonat extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
    access-list Guest_PAT extended permit ip 10.8.108.0 255.255.255.0 any
    access-list Cacib extended permit ip 10.8.100.128 255.255.255.128 145.248.194.0 255.255.255.0
    access-list Cacib_PAT extended permit ip 10.8.100.128 255.255.255.128 any
    access-list New_Edge extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.7.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.7.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 172.17.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.17.3.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.3.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.7.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.2.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.3.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.4.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.6.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.9.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.11.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.12.0.0 255.255.0.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.19.1.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.21.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.17.3.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.3.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.7.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.1.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.2.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.3.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.4.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.6.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.9.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.11.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 10.12.0.0 255.255.0.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.19.1.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.21.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.16.2.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list XYZ_global extended permit ip 10.1.134.0 255.255.255.0 172.16.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.30.2.0 255.255.255.0 host 10.19.130.201
    access-list XYZ_global extended permit ip host 10.19.130.201 172.30.2.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.30.3.0 255.255.255.0 host 10.19.130.201
    access-list XYZ_global extended permit ip host 10.19.130.201 172.30.3.0 255.255.255.0
    access-list XYZ_global extended permit ip 172.30.7.0 255.255.255.0 host 10.19.130.201
    access-list XYZ_global extended permit ip host 10.19.130.201 172.30.7.0 255.255.255.0
    access-list XYZ_global extended permit ip object-group Serversubnet object-group XYZ_destinations
    access-list XYZ_global extended permit ip object-group XYZ_destinations object-group Serversubnet
    access-list ML_VPN extended permit ip host 115.111.99.129 209.164.192.0 255.255.224.0
    access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.208.19
    access-list ML_VPN extended permit ip host 115.111.99.129 host 209.164.192.126
    access-list Da_VPN extended permit ip host 10.9.124.100 host 10.125.81.88
    access-list Da_VPN extended permit ip host 10.9.124.101 host 10.125.81.88
    access-list Da_VPN extended permit ip host 10.9.124.102 host 10.125.81.88
    access-list Da_VPN extended permit ip host 10.9.124.100 10.125.81.0 255.255.255.0
    access-list Da_VPN extended permit ip host 10.9.124.101 10.125.81.0 255.255.255.0
    access-list Da_VPN extended permit ip host 10.9.124.102 10.125.81.0 255.255.255.0
    access-list Sr_PAT extended permit ip 10.10.0.0 255.255.0.0 any
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.80.64 255.255.255.192
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 10.125.64.0 255.255.240.0
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.85.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.100 host 10.125.86.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.80.64 255.255.255.192
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 10.125.64.0 255.255.240.0
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.85.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.101 host 10.125.86.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.80.64 255.255.255.192
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 10.125.64.0 255.255.240.0
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.85.46
    access-list Da_Pd_VPN extended permit ip host 10.9.124.102 host 10.125.86.46
    access-list XYZ_reliance extended permit ip 10.19.130.0 255.255.255.0 145.248.194.0 255.255.255.0
    access-list coextended permit ip host 2.2.2.2 host XXXXXXXX
    access-list coextended permit ip host XXXXXXXXhost 2.2.2.2
    access-list ci extended permit ip 10.1.134.0 255.255.255.0 208.75.237.0 255.255.255.0
    access-list ci extended permit ip 208.75.237.0 255.255.255.0 10.1.134.0 255.255.255.0
    access-list acl-outside extended permit ip host 57.66.81.159 host 172.17.10.3
    access-list acl-outside extended permit ip host 80.169.223.179 host 172.17.10.3
    access-list acl-outside extended permit ip any host 172.17.10.3
    access-list acl-outside extended permit tcp any host 10.10.1.45 eq https
    access-list acl-outside extended permit tcp any any eq 10000
    access-list acl-outside extended deny ip any any log
    pager lines 10
    logging enable
    logging buffered debugging
    mtu outside_rim 1500
    mtu XYZ_DMZ 1500
    mtu outside 1500
    mtu inside 1500
    ip local pool XYZ_c2s_vpn_pool 172.30.10.51-172.30.10.254
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any outside
    icmp permit any inside
    no asdm history enable
    arp timeout 14400
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-208.75.237.0 obj-208.75.237.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.7.0.0 obj-10.7.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.2.0 obj-172.17.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.17.3.0 obj-172.17.3.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.2.0 obj-172.19.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.3.0 obj-172.19.3.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.7.0 obj-172.19.7.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.1.0.0 obj-10.1.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.3.0.0 obj-10.3.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.4.0.0 obj-10.4.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.6.0.0 obj-10.6.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.9.0.0 obj-10.9.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.11.0.0 obj-10.11.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-10.12.0.0 obj-10.12.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.19.1.0 obj-172.19.1.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.21.2.0 obj-172.21.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.1.134.0 obj-10.1.134.0 destination static obj-172.16.2.0 obj-172.16.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.2.0 obj-172.30.2.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.3.0 obj-172.30.3.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.201 obj-10.19.130.201 destination static obj-172.30.7.0 obj-172.30.7.0 no-proxy-arp route-lookup
    nat (inside,any) source static Serversubnet Serversubnet destination static XYZ_destinations XYZ_destinations no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.10.1.0 obj-10.10.1.0 destination static obj-10.2.0.0 obj-10.2.0.0 no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-XXXXXXXX obj-XXXXXXXX no-proxy-arp route-lookup
    nat (inside,any) source static obj-10.19.130.0 obj-10.19.130.0 destination static obj-145.248.194.0 obj-145.248.194.0 no-proxy-arp route-lookup
    nat (inside,outside) source static obj-10.1.134.100 obj-10.9.124.100
    nat (inside,outside) source static obj-10.1.134.101 obj-10.9.124.101
    nat (inside,outside) source static obj-10.1.134.102 obj-10.9.124.102
    nat (inside,outside) source dynamic obj-10.8.108.0 interface
    nat (inside,outside) source dynamic obj-10.19.130.0 obj-115.111.99.129
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.159.133 obj-195.254.159.133
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-195.254.158.136 obj-195.254.158.136
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.0 obj-209.164.192.0
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.208.19 obj-209.164.208.19
    nat (inside,outside) source dynamic obj-10.1.134.0 obj-115.111.99.129 destination static obj-209.164.192.126 obj-209.164.192.126
    nat (inside,outside) source dynamic obj-10.8.100.128 obj-115.111.99.130
    nat (inside,outside) source dynamic obj-10.10.0.0 obj-115.111.99.132
    nat (inside,outside) source static obj-10.10.1.45 obj-115.111.99.133
    nat (inside,outside) source dynamic obj-10.99.132.0 obj-115.111.99.129
    object network obj-172.17.10.3
    nat (XYZ_DMZ,outside) static 115.111.99.134
    access-group acl-outside in interface outside
    route outside 0.0.0.0 0.0.0.0 115.111.23.129 1
    route outside 0.0.0.0 0.0.0.0 115.254.127.130 10
    route inside 10.10.0.0 255.255.0.0 10.8.100.1 1
    route inside 10.10.1.0 255.255.255.0 10.8.100.1 1
    route inside 10.10.5.0 255.255.255.192 10.8.100.1 1
    route inside 10.8.100.128 255.255.255.128 10.8.100.1 1
    route inside 10.8.108.0 255.255.255.0 10.8.100.1 1
    route inside 10.19.130.0 255.255.255.0 10.8.100.1 1
    route inside 10.99.4.0 255.255.255.0 10.99.130.254 1
    route inside 10.99.132.0 255.255.255.0 10.8.100.1 1
    route inside 10.1.134.0 255.255.255.0 10.8.100.1 1
    route outside 208.75.237.0 255.255.255.0 115.111.23.129 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    aaa authentication telnet console LOCAL
    aaa authorization command LOCAL
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec ikev1 transform-set vpn2 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn6 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set vpn5 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn7 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set vpn4 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn1 esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set vpn_reliance esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set c2s_vpn esp-3des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 86400
    crypto dynamic-map dyn1 1 set ikev1 transform-set c2s_vpn
    crypto dynamic-map dyn1 1 set reverse-route
    crypto map vpn 1 match address XYZ
    crypto map vpn 1 set peer XYZ Peer IP
    crypto map vpn 1 set ikev1 transform-set vpn1
    crypto map vpn 1 set security-association lifetime seconds 3600
    crypto map vpn 1 set security-association lifetime kilobytes 4608000
    crypto map vpn 2 match address NE
    crypto map vpn 2 set peer NE_Peer IP
    crypto map vpn 2 set ikev1 transform-set vpn2
    crypto map vpn 2 set security-association lifetime seconds 3600
    crypto map vpn 2 set security-association lifetime kilobytes 4608000
    crypto map vpn 4 match address ML_VPN
    crypto map vpn 4 set pfs
    crypto map vpn 4 set peer ML_Peer IP
    crypto map vpn 4 set ikev1 transform-set vpn4
    crypto map vpn 4 set security-association lifetime seconds 3600
    crypto map vpn 4 set security-association lifetime kilobytes 4608000
    crypto map vpn 5 match address XYZ_global
    crypto map vpn 5 set peer XYZ_globa_Peer IP
    crypto map vpn 5 set ikev1 transform-set vpn5
    crypto map vpn 5 set security-association lifetime seconds 3600
    crypto map vpn 5 set security-association lifetime kilobytes 4608000
    crypto map vpn 6 match address Da_VPN
    crypto map vpn 6 set peer Da_VPN_Peer IP
    crypto map vpn 6 set ikev1 transform-set vpn6
    crypto map vpn 6 set security-association lifetime seconds 3600
    crypto map vpn 6 set security-association lifetime kilobytes 4608000
    crypto map vpn 7 match address Da_Pd_VPN
    crypto map vpn 7 set peer Da_Pd_VPN_Peer IP
    crypto map vpn 7 set ikev1 transform-set vpn6
    crypto map vpn 7 set security-association lifetime seconds 3600
    crypto map vpn 7 set security-association lifetime kilobytes 4608000
    crypto map vpn interface outside
    crypto map vpn_reliance 1 match address XYZ_rim
    crypto map vpn_reliance 1 set peer XYZ_rim_Peer IP
    crypto map vpn_reliance 1 set ikev1 transform-set vpn_reliance
    crypto map vpn_reliance 1 set security-association lifetime seconds 3600
    crypto map vpn_reliance 1 set security-association lifetime kilobytes 4608000
    crypto map vpn_reliance interface outside_rim
    crypto map mymap 1 ipsec-isakmp dynamic dyn1
    crypto isakmp identity address
    no crypto isakmp nat-traversal
    crypto ikev1 enable outside_rim
    crypto ikev1 enable outside
    crypto ikev1 policy 1
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 28800
    crypto ikev1 policy 2
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 86400
    crypto ikev1 policy 4
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 28000
    crypto ikev1 policy 5
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 100
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 43200
    crypto ikev1 policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet 10.8.100.0 255.255.255.224 inside
    telnet timeout 5
    ssh timeout 5
    ssh key-exchange group dh-group1-sha1
    console timeout 0
    no threat-detection basic-threat
    no threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    group-policy XYZ_c2s_vpn internal
    username testadmin password oFJjANE3QKoA206w encrypted
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXXtype ipsec-l2l
    tunnel-group XXXXXXXXipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XXXXXXXX type ipsec-l2l
    tunnel-group XXXXXXXX ipsec-attributes
    ikev1 pre-shared-key *****
    tunnel-group XYZ_c2s_vpn type remote-access
    tunnel-group XYZ_c2s_vpn general-attributes
    address-pool XYZ_c2s_vpn_pool
    tunnel-group XYZ_c2s_vpn ipsec-attributes
    ikev1 pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip 
      inspect xdmcp
      inspect icmp
      inspect ip-options
    service-policy global_policy global
    privilege show level 3 mode exec command running-config
    privilege show level 3 mode exec command logging
    privilege show level 3 mode exec command crypto
    prompt hostname context
    no call-home reporting anonymous
    call-home
    profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:caa7476cd348ed89b95d37d4e3c9e1d8
    : end
    XYZ#

    Thanks Javier.
    But i have revised the VPN confuration. Below are the latest configs. with this latest configs. I'm getting username & password screen while connecting cisco vpn client software. once we entered the login credential. it shows "security communication channel" then it goes to "not connected" state. Can you help me to fix this.
    access-list ACL-RA-SPLIT standard permit host 10.10.1.3
    access-list ACL-RA-SPLIT standard permit host 10.10.1.13
    access-list ACL-RA-SPLIT standard permit host 10.91.130.201
    access-list nonat line 1 extended permit ip host 10.10.1.3 172.30.10.0 255.255.255.0
    access-list nonat line 2 extended permit ip host 10.10.1.13 172.30.10.0 255.255.255.0
    access-list nonat line 3 extended permit ip host 10.91.130.201 172.30.10.0 255.255.255.0
    ip local pool CO-C2S-VPOOL 172.30.10.51-172.30.10.254 mask 255.255.255.0
    group-policy CO-C2S internal
    group-policy CO-C2S attributes
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list vlauel ACL-RA-SPLIT
    dns-server value 10.10.1.3
    tunnel-group TUN-RA-SPLIT type remote-access
    tunnel-group TUN-RA-SPLIT general-attributes
    default-group-policy CO-C2S
    address-pool CO-C2S-VPOOL
    tunnel-group TUN-RA-SPLIT ipsec-attributes
    pre-shared-key sekretk3y
    username ra-user1 password passw0rd1 priv 1
    group-policy CO-C2S internal
    group-policy CO-C2S attributes
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list vlauel ACL-RA-SPLIT
    dns-server value 10.10.1.3
    tunnel-group TUN-RA-SPLIT type remote-access
    tunnel-group TUN-RA-SPLIT general-attributes
    default-group-policy CO-C2S
    address-pool CO-C2S-VPOOL
    tunnel-group TUN-RA-SPLIT ipsec-attributes
    pre-shared-key *********
    username ******* password ******** priv 1
    crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
    crypto dynamic-map dynmap 10 set transform-set 3DES
    crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
    crypto isakmp identify address
    crypto isakmp enable outside
    crypto isakmp policy 100
    authentication pre-share
    encr 3des
    hash sha
    crypto ipsec transform-set 3DES esp-3des esp-sha-hmac
    crypto dynamic-map dynmap 10 set transform-set 3DES
    crypto map Outside_Map 500 ipsec-isakmp dynamic dynmap
    crypto map vpn interface outside
    crypto isakmp identify address
    crypto isakmp enable outside
    crypto isakmp policy 100
    authentication pre-share
    encr 3des
    hash sha
    group 1
    lifetime 3600

  • CUE 8.5.1 NME-CUE web page setup no setup initialization and error: Login to CUCME failed

    When first login in via the web page.  When going to Configure menu and choosing CUCME to enter it manually, I get:
    Error: Login to CUCME failed with the new values.  Check the new CUCME configuration and enter the correct values.
    hostname: 172.23.0.1
    web user name: admin
    web password: cisco
    Sip gateway hostname: 172.23.0.1
    ccn reporting historical
    database local
    description "se-172-23-0-2"
    end reporting
    ccn subsystem sip
    gateway address "172.23.0.1"
    mwi sip unsolicited
    end subsystem
    BR2-ROUTER#sh run
    Building configuration...
    Current configuration : 5264 bytes
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname BR2-ROUTER
    boot-start-marker
    boot-end-marker
    card type t1 0 3
    logging message-counter syslog
    logging buffered 51200 warnings
    no aaa new-model
    clock timezone MST -7
    clock summer-time MDT recurring
    network-clock-participate wic 3
    dot11 syslog
    ip source-route
    ip cef
    ip dhcp excluded-address 172.21.0.1 172.21.0.49
    ip dhcp excluded-address 172.21.0.59 172.21.0.254
    ip dhcp excluded-address 172.20.0.1 172.20.0.10
    ip dhcp pool CME
       network 172.21.0.0 255.255.255.0
       option 150 ip 172.21.0.1
       default-router 172.21.0.1
    ip dhcp pool LAPTOPS
       network 172.20.0.0 255.255.255.0
       default-router 172.20.0.2
       dns-server 10.10.10.1
    no ip domain lookup
    ip domain name wilson.com
    no ipv6 cef
    multilink bundle-name authenticated
    voice service voip
    allow-connections h323 to h323
    allow-connections h323 to sip
    allow-connections sip to h323
    allow-connections sip to sip
    no supplementary-service h225-notify cid-update
    sip
      bind control source-interface GigabitEthernet0/0.20
      bind media source-interface GigabitEthernet0/0.20
      registrar server expires max 600 min 60
    voice register global
    mode cme
    source-address 172.21.0.1 port 5060
    max-dn 4
    max-pool 4
    authenticate register
    timezone 12
    time-format 24
    date-format YY-M-D
    voicemail 3600
    tftp-path flash:
    create profile sync 0021447056000116
    ntp-server 174.137.67.50 mode directedbroadcast
    voice register dn  1
    number 3006
    call-forward b2bua busy 3600 
    call-forward b2bua mailbox 3006 
    call-forward b2bua noan 3600 timeout 12
    name rp-sip-1-16
    label SIP 511-5016
    mwi
    voice register pool  1
    id mac FCFB.FBCA.30CE
    type 7965
    number 1 dn 1
    dtmf-relay rtp-nte
    username 3006 password cisco
    description 687-3006
    codec g711ulaw
    voice-card 0
    username admin privilege 15 secret 5 $1$..D.$orbTsqgPSvNkMpfjjkg5q.
    archive
    log config
      hidekeys
    controller T1 0/3/0
    cablelength long 0db
    controller T1 0/3/1
    cablelength long 0db
    interface Loopback0
    ip address 172.23.0.1 255.255.255.252
    ip ospf network point-to-point
    interface GigabitEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
    no ip address
    duplex auto
    speed auto
    interface GigabitEthernet0/0.10
    encapsulation dot1Q 10 native
    ip address 172.20.0.2 255.255.255.0
    interface GigabitEthernet0/0.20
    encapsulation dot1Q 20
    ip address 172.21.0.1 255.255.255.0
    interface GigabitEthernet0/0.30
    encapsulation dot1Q 30
    ip address 172.22.0.1 255.255.255.0
    interface GigabitEthernet0/1
    ip address 192.168.1.138 255.255.252.0
    duplex auto
    speed auto
    interface Integrated-Service-Engine1/0
    ip unnumbered Loopback0
    service-module ip address 172.23.0.2 255.255.255.252
    service-module ip default-gateway 172.23.0.1
    no keepalive
    ip forward-protocol nd
    ip route 172.23.0.2 255.255.255.255 Integrated-Service-Engine1/0
    ip http server
    ip http access-class 23
    ip http authentication local
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip http path flash:/gui
    access-list 23 permit 10.10.10.0 0.0.0.7
    nls resp-timeout 1
    cpd cr-id 1
    control-plane
    ccm-manager fax protocol cisco
    mgcp fax t38 ecm
    dial-peer voice 3600 voip
    destination-pattern 36..
    session protocol sipv2
    session target ipv4:192.168.1.144
    dtmf-relay sip-notify
    codec g711ulaw
    no vad
    sip-ua
    retry invite 3
    timers trying 400
    mwi-server ipv4:192.168.1.144 expires 3600 port 5060 transport udp
    gatekeeper
    shutdown
    telephony-service
    no auto-reg-ephone
    em logout 0:0 0:0 0:0
    max-ephones 10
    max-dn 10 no-reg both
    ip source-address 172.23.0.1 port 2000
    voicemail 3600
    max-conferences 8 gain -6
    call-forward pattern .T
    web admin system name admin password cisco
    dn-webedit
    transfer-system full-consult
    transfer-pattern .T
    create cnf-files version-stamp Jan 01 2002 00:00:00
    ephone-dn  1
    number 3007
    description 687-9898-3007
    name Vatos locos
    call-forward busy 3600
    call-forward noan 3600 timeout 12
    ephone-dn  2
    number 3008
    description 687-9898-3008
    name Vatos locos2
    call-forward busy 3600
    call-forward noan 3600 timeout 12
    ephone-dn  3  octo-line
    number 3009
    huntstop channel 6
    ephone-dn  4
    number 7999....
    mwi on
    ephone-dn  5
    number 7998....
    mwi off
    ephone  1
    device-security-mode none
    description TESTTTTT
    mac-address FCFB.FBCA.3406
    max-calls-per-button 5
    busy-trigger-per-button 4
    type 7965
    button  1:1 2:3
    ephone  2
    device-security-mode none
    description TESTTTTT
    mac-address FCFB.FBCA.3030
    max-calls-per-button 4
    busy-trigger-per-button 3
    type 7965
    button  1:2 2:3
    line con 0
    exec-timeout 0 0
    logging synchronous
    login local
    line aux 0
    line 66
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin lapb-ta mop udptn v120
    line vty 0 4
    access-class 23 in
    privilege level 15
    login local
    transport input telnet
    line vty 5 15
    access-class 23 in
    privilege level 15
    login local
    transport input telnet
    scheduler allocate 20000 1000
    ntp server 174.137.67.50
    end
    BR2-ROUTER#
    Apr 12 2011 16:23:12 gui/admin_user.js
    122     585532 Mar 30 2011 05:48:46 phone/7975/cnu75.8-3-2-27.sbn
    123    2453636 Mar 30 2011 05:48:56 phone/7975/cvm75sccp.8-3-2-27.sbn
    124     326315 Mar 30 2011 05:48:58 phone/7975/dsp75.8-3-2-27.sbn
    125     557786 Mar 30 2011 05:49:00 phone/7975/jar75sccp.8-3-2-27.sbn
    126        638 Mar 30 2011 05:49:02 phone/7975/SCCP75.8-3-3S.loads
    127        642 Mar 30 2011 05:49:02 phone/7975/term75.default.loads
    128          0 Mar 30 2011 05:49:02 phone/7941-7961
    129    2494499 Mar 30 2011 05:49:12 phone/7941-7961/apps41.8-3-2-27.sbn
    130     547146 Mar 30 2011 05:49:16 phone/7941-7961/cnu41.8-3-2-27.sbn
    131       2340 Apr 02 2011 03:55:02 April012011.txt
    132       3579 Apr 12 2011 03:52:42 softkeyDefault_kpml.xml
    133         69 Apr 12 2011 03:52:40 syncinfo.xml
    134       2682 Apr 12 2011 03:52:42 SEPFCFBFBCA30CE.cnf.xml
    135       1882 Apr 12 2011 03:52:42 SIPDefault.cnf
    136       3613 Apr 12 2011 03:52:42 softkeyDefault.xml
    137       3987 Apr 12 2011 16:23:10 gui/admin_user.html
    138       1029 Apr 12 2011 16:23:14 gui/CiscoLogo.gif
    139        617 Apr 12 2011 16:23:14 gui/CME_GUI_README.TXT
    140        953 Apr 12 2011 16:23:14 gui/Delete.gif
    141      16344 Apr 12 2011 16:23:14 gui/dom.js
    142        864 Apr 12 2011 16:23:16 gui/downarrow.gif
    143       6146 Apr 12 2011 16:23:16 gui/ephone_admin.html
    144       4558 Apr 12 2011 16:23:16 gui/logohome.gif
    145       3866 Apr 12 2011 16:23:16 gui/normal_user.html
    146      78428 Apr 12 2011 16:23:18 gui/normal_user.js
    147       1347 Apr 12 2011 16:23:18 gui/Plus.gif
    148        843 Apr 12 2011 16:23:18 gui/sxiconad.gif
    149        174 Apr 12 2011 16:23:18 gui/Tab.gif
    150       2431 Apr 12 2011 16:23:20 gui/telephony_service.html
    151        870 Apr 12 2011 16:23:20 gui/uparrow.gif
    152       9968 Apr 12 2011 16:23:20 gui/xml-test.html
    153       3412 Apr 12 2011 16:23:20 gui/xml.template

    Fixed.  Routing issue:
    Routing issue:
    ip http access-class 23  !!!!!! Preconfigured from Factory
    ip http authentication local
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip http path flash:/gui
    access-list 23 permit 10.10.10.0 0.0.0.7  !!!!!! Preconfigured from Factory
    To fix
    No ip http access-class 23

  • Sip 500 Internal Server Error Reason: Q.850;cause=16

    Please help in understanding what is wrong in the config .Incoming calls don't work.
    show run:
    voice service voip
    ip address trusted list
      ipv4 87.226.136.164 255.255.255.255
      ipv4 172.16.24.0 255.255.255.0
      ipv4 188.254.68.66 255.255.255.255
      ipv4 188.254.68.67 255.255.255.255
      ipv4 188.254.69.66 255.255.255.255
      ipv4 188.254.69.67 255.255.255.255
      ipv4 46.38.52.68 255.255.255.255
    address-hiding
    allow-connections h323 to h323
    allow-connections h323 to sip
    allow-connections sip to h323
    allow-connections sip to sip
    supplementary-service h450.12
    no supplementary-service sip moved-temporarily
    no supplementary-service sip refer
    redirect ip2ip
    fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback cisco
    sip
    voice class codec 1
    codec preference 1 g729br8
    codec preference 2 g729r8
    codec preference 3 g711alaw
    codec preference 4 g711ulaw
    voice class codec 2
    codec preference 1 g711ulaw
    codec preference 2 g711alaw
    codec preference 3 g729r8
    codec preference 4 g729br8
    voice translation-rule 1
    rule 1 /XXX5397962/ /1999/
    voice translation-rule 2
    rule 1 /XXX55317577/ /1999/
    voice translation-rule 3
    rule 1 /5555317884/ /1999/
    voice translation-profile ROS
    translate called 1
    voice translation-profile ROS2
    translate called 2
    voice translation-profile ROS3
    translate called 3
    interface FastEthernet0/0
    ip address 178.208.X.X 255.255.255.248
    ip access-group INBOUND in
    no ip unreachables
    ip verify unicast reverse-path
    ip nat outside
    ip inspect IPFW in
    ip inspect IPFW out
    ip virtual-reassembly in
    duplex auto
    speed auto
    no cdp enable
    interface FastEthernet0/1
    no ip address
    ip nat inside
    ip virtual-reassembly in
    duplex auto
    speed auto
    interface FastEthernet0/1.1
    encapsulation dot1Q 1 native
    ip address 10.110.0.200 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    interface FastEthernet0/1.2
    encapsulation dot1Q 2
    ip address 172.16.24.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    h323-gateway voip interface
    h323-gateway voip bind srcaddr 172.16.24.254
    ip dns server
    ip nat inside source list NAT interface FastEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 178.208.X.X
    ip route 192.168.0.0 255.255.0.0 Null0 254
    sccp local FastEthernet0/1.2
    sccp ccm 172.16.24.101 identifier 1 version 7.0
    sccp
    sccp ccm group 1
    associate ccm 1 priority 1
    associate profile 1 register XCODE123456
    keepalive retries 1
    keepalive timeout 10
    switchover method immediate
    switchback method immediate
    dspfarm profile 1 transcode
    codec g711ulaw
    codec g711alaw
    codec g729ar8
    codec g729abr8
    codec g729r8
    codec g729br8
    maximum sessions 6
    associate application SCCP
    dial-peer voice 10000 voip
    tone ringback alert-no-PI
    description ROSTELECOM Incoming
    translation-profile incoming ROS
    destination-pattern 74955397962
    session protocol sipv2
    session target ipv4:87.226.136.164
    session transport udp
    incoming called-number XXXX5397962
    dtmf-relay rtp-nte
    codec g711ulaw
    dial-peer voice 10010 voip
    tone ringback alert-no-PI
    description ROSTELECOM Incoming
    translation-profile incoming ROS2
    destination-pattern XXX55317577
    session protocol sipv2
    session target ipv4:87.226.136.164
    session transport udp
    incoming called-number 75555317577
    dtmf-relay rtp-nte
    codec g711ulaw
    dial-peer voice 10020 voip
    tone ringback alert-no-PI
    description ROSTELECOM Incoming
    translation-profile incoming ROS3
    preference 1
    destination-pattern 5555317884
    session protocol sipv2
    session target ipv4:188.254.68.66
    session transport udp
    incoming called-number 5555317884
    dtmf-relay rtp-nte
    codec g711ulaw
    dial-peer voice 10021 voip
    tone ringback alert-no-PI
    description ROSTELECOM Incoming
    translation-profile incoming ROS
    preference 2
    destination-pattern 5555317884
    session protocol sipv2
    session target ipv4:188.254.69.66
    session transport udp
    incoming called-number 5555317884
    dtmf-relay rtp-nte
    codec g711ulaw
    dial-peer voice 2 voip
    tone ringback alert-no-PI
    description to CUCM_PUB
    destination-pattern 1...
    session target ipv4:172.16.24.101
    voice-class codec 2
    dtmf-relay rtp-nte
    debug ccsip all:
    c2801#
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpIPv4SocketReads: Msg enqueued for SPI with IP addr: [188.254.68.66]:9290, local_address:[ - ]
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 2 for event 1
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWNewConnMsg: context=0x0
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
    Received:
    INVITE sip:[email protected];user=phone SIP/2.0
    Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a(STATE_IDLE, SUBSTATE_NONE)
    06:19:26: //-1/xxxxxxxxxxxx/SIP/T3c000c-1
    Call-ID: isbc6994325518770806443-1385214296-16204
    Fransport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Transport 1, SentBy Port 5060
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone MSK to SIP default timezone = GMT
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 929rom:
    <sip:[email protected];user=phone>;tag=sbc09026994325from (STATE_NONE, SUBSTATE_NONE)  to (STATE_IDLE, SUBSTATE_NONE)
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Transport 1, SentBy Port 5060
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Converting TimeZone MSK to SIP default timezone = GMT
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 518770806443
    ddress_to_bind: return addr 178.208.X.Xone>
    06:19:26: //-1/EE5EC9DD8170/SIP/State/sipSPIChangeState: 0x6A874E70 : State change from (STATE_NONE, SUBSTATE_NONE)  to (STATE_IDLE, SUBSTATE_NONE)
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Transport 1, SentBy Port 5060
    0
    CSeq: 1 INVITE
    Min-SE: 90
    Session-Expires: 3600;refresher=u6:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetDateHeader: Convac
    Contact: <sip:[email protected]:9290;user=phone>
    A //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: rellow: INVITE,CANCEL,BYE,ACK,REFER,UPDATE,INFO,PRACK
    Supported:turn addr 178.208.X.X
    06:19:26: //-1/EE5EC9DD8170/SIP/St timer,100rel
    Diversion: <sip:[email protected]>;privacyate/sipSPIChangeState: 0x6A874E70 : State change from (STATE_NONE, SUBSTATE_NONE)  to (STATE_IDLE, SUBSTATE_NONE)
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Transport 1,
    Sen=off;screen=no;reason=unknown,<sip:[email protected]>;priv6:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponsacy=off;screen=no;reason=unknown
    Max-Forwards: 70
    User-AgenteInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Tra: VCS 5.8.2.56-03
    Content-Length: 393
    Content-Type: applicatnsport 1, SentBy Port 9290ion/sdp
    v=0
    o=- 12060 26053 IN IP4 188.254.68.67
    s=SBC call
    c=IN IP4 188.254.68.67
    t=0 0
    m=audio 24402 RTP/AVP 8 0 18 98 96 97 101
    a=rtpmap:98 G.729a/8000
    a=rtpmap:96 G.729ab/8000
    a=rtpmap:97 G.729b/8000
    a=rtpmap:101 telephone-event/8000
    a=fmtp:101 0-15
    a=fmtp:18 annexb=no
    a=ptime:10
    a=X-vrzcap:vbd Ver=1 Mode=FaxPr ModemRtpRed=0
    a=X-vrzcap:identification bin=DSR2866 Prot=mgcp App=MG
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_new_msg_preprocessor: Checking Invite Dialog
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIAddContextToTable: Added context(0x6A874E70) with key=[52] to table
    06:19:26: //-1/000000000000/SIP/Info/sipSPI_ipip_vcc_Initialization:  Entry...
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipSPIUpdateResponseInfo: Dialog Transaction Address 188.254.68.66,Port 9290, Transport 1, SentBy Port 9290
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling reg_invoke_ip_first_hop()
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling ip_best_local_address()
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: return addr 178.208.X.X
    06:19:26: //-1/EE5EC9DD8170/SIP/State/sipSPIChangeState: 0x6A874E70 : State change from (STATE_NONE, SUBSTATE_NONE)  to
    c2801#L
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIUaddCcbToUASReqTable: ****Adding to UAS Request table.
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIUaddCcbToTable: Added to table. ccb=0x6
    c2801#a
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIMatchSrcIp
    c2801#mat: VIA URL:sip:188.254.68.66:9290, Host:188.254.68.66
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetShrlPeer: Try match incoming dialpeer for Calling number: : 9067259847
    06:19:26:ched for incoming call
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Precondition tag absent in Require/Supported h
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetFromCalledPartyId: P-Called-Party-ID header not found
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetPeerByCalledPartyId: P-Called-Party-ID not found or parse error
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: No match found for P-Called-Party-ID
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Peer tag 10020 matched for incoming call
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Precondition tag absent in Require/Supported header
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling reg_invoke_ip_first_hop()
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: calling ip_best_local_address()
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_sig_ip_address_to_bind: return addr 178.208.X.X
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Precondition tag absent in Require/Supported header
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Checking Video Type Rate=-1 video_codec_allowed=1F
    06:19:26: //-1/EE5EC9DD8170/SIP/Media/sipSPICopyStunConfigFromPeerToCCB: Firewall traversal is not enabled
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetModemInfoPerCall: peer_callID=0
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: xcoder high-density disabled
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Flow Mode set to FLOW_THROUGH
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIGetCallConfig: Media forking disabled
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIContinueNewMsgInvite: Calling name , number 9067259847, Calling oct3 0x00, oct_3a 0x80, ext_priv 0x00, Called number
    5555317884, oct3 0x00
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIContinueNewMsgInvite: Carrier id code , prev_cid NONE, next_cid NONE, prev_tgrp NONE, next_tgrp NONE
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIContinueNewMsgInvite: Requires reliable-provisional support
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIValidateRequestUri: Not Enabled
    06:19:26: //-1/EE5EC9DD8170/SIP/Info/sipSPIRscmsmAvail: Value returned by check is = 0
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_IsSDPPassthruEnabled:  - 0
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_GetHdrPassthruCfg: Hdr passthrough config:1 tag:0
    06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SESSION_REFRESH_REQ
    06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: dir:2, method:102, resp_code:0, container:6A01759C
    06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLExtractSessionExpiresHdr:
    Session-Expires value: 3600 refresher: uac
    06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLExtractMinSEHdr: Min-SE Duration: 90
    06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLGetInternalSREvent: E_STSL_INITIAL_SR_REQ
    06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLInitialSRReqPeerEventGen: sending received session expires to the peer leg
    06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLPrintTDContainer: Peer-Event: E_STSL_PASS_ST_PARAMS, SE Value:3600, SE Refresher:uac, Min-SE Value:1800,
    flags:2001
    06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLMain:
            SE: 3600;refresher:uac peer refresher:none, flags:2001, posted event:E_STSL_INVALID_PEER_EVENT, reason:4
            Configured SE:1800, Configured Min-SE:1800
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIProcessHistoryInfoHeader: No HI headers recvd from app container
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIProcessReplacesHeader: No replaces hdr found
    SIP: Warning: Unrecognized attribute (X-vrzcap)
    SIP: Warning: Unrecognized attribute (X-vrzcap)
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoMediaNegotiation: Number of m-lines = 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIValidateConnectionAddress: Dest port = 24402
    SIP: (129) Attribute mid, level 1 instance 1 not found.
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_media_ip_address_to_bind: calling reg_invoke_ip_first_hop()
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_media_ip_address_to_bind: calling ip_best_local_address()
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/resolve_media_ip_address_to_bind: return addr 178.208.X.X
    06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 178.208.X.X
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(98) reserved for codec g729r8
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(98) reserved for codec g729r8
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(96) reserved for codec g729abr8
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(96) could not be reserved
                              as its in use by other codec g729abr8
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPT: Requested payload-Type (96) is  reserved by another application
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPayloadunused: Unreserving dynamic payload type 96
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIAllocateFreeDynamicPT: Allocating free Dynamic Payload : 99 for Codec:
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(97) reserved for codec g729br8
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(97) could not be reserved
                              as its in use by other codec g729br8
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPT: Requested payload-Type (97) is  reserved by another application
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPayloadunused: Unreserving dynamic payload type 97
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIAllocateFreeDynamicPT: Allocating free Dynamic Payload : 102 for Codec:
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(101) reserved for codec No Codec 
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPayloadunused: Unreserving dynamic payload type 99
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(101) could not be reserved
                              as its in use by other codec No Codec 
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPT: Requested payload-Type (101) is  reserved by another application
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPayloadunused: Unreserving dynamic payload type 103
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIUpdateDynamicPayloadunused: Unreserving dynamic payload type 101
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIAllocateFreeDynamicPT: Allocating free Dynamic Payload : 101 for Codec:
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoAudioNegotiation: Codec (g711ulaw) Negotiation Successful on Static Payload for m-line 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoPtimeNegotiation: One ptime attribute found - value:10
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/convert_ptime_to_codec_bytes: Values :Codec: g711ulaw ptime :10, codecbytes: 80
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711ulaw codecbytes :80, ptime: 10
    06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPIDoPtimeNegotiation: Offered ptime:10, Negotiated ptime:10 Negotiated codec bytes: 80 for codec g711ulaw
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPISetFaxFlags: FAX_PASSTHROUGH = 0, END_FAX_PASSTHROUGH = 0
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoDTMFRelayNegotiation: m-line index 1
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICheckDynPayloadUse: Dynamic payload(101) reserved for codec
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIReserveRtpNtePayload: Reserved the payload type 101 for RTP-NTE
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoDTMFRelayNegotiation: RTP-NTE DTMF relay option
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoDTMFRelayNegotiation: Case of partial named event(NE) match in fmtp list of events.
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sip_sdp_get_modem_relay_cap_params: V150 NSE payload = 0, SSE payload = 0, SPRT payload=0
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sip_select_modem_relay_params: X-tmr not present in SDP. Disable modem relay
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIGetSDPDirectionAttribute: No direction attribute present or multiple direction attributes that can't be handled for m-
    line:1 and num-a-lines:0
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoAudioNegotiation: Codec negotiation successful for media line 1
            payload_type=0, codec_bytes=80, codec=g711ulaw, dtmf_relay=rtp-nte
            stream_type=voice+dtmf (1), dest_ip_address=188.254.68.67, dest_port=24402
    06:19:26: //129/EE5EC9DD8170/SIP/State/sipSPIChangeStreamState: Stream (callid =  -1)  State changed from (STREAM_DEAD) to (STREAM_ADDING)
    06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPIUpdCallWithSdpInfo:
            Preferred Codec        : g711ulaw, bytes :160
            Preferred  DTMF relay  : rtp-nte
            Preferred NTE payload  : 101
            Early Media            : No
            Delayed Media          : No
            Bridge Done            : No
            New Media              : No
            DSP DNLD Reqd          : No
    06:19:26: //129/EE5EC9DD8170/SIP/Info/resolve_media_ip_address_to_bind: Media already bound, use existing source_media_ip_addr
    06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 178.208.X.X
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer:
    callId 129 peer 0 flags 0x201 state STATE_IDLE
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_vcc_ProcessXcoderNeeded: xcoder_attached not yet initialised for this call.
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer: Xcoder not yet used for the call
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    CallID 129, Peer CallID 0, sdp 0x69EC3234 channels 0x6A8763C4
    06:19:26: //129/EE5EC9DD8170/SIP/Info/copy_channels:
    callId 129 size 0 ptr 0x6899F6D4)
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    CCB t38 version 0 ipip_caps version 0
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    CCB fax rate 2 ipip_caps rate 14400
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: reset the  switch..
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    Hndl ptype 8 mline 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g711alaw
    06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found:
    Codec to be matched: 6
    06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found: No match for the codecs found..
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    Hndl ptype 0 mline 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g711ulaw
    06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found:
    Codec to be matched: 5
    06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found:  codecs[i] = 5 & codec = 5 are same..
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: ADD AUDIO CODEC 5
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711ulaw codecbytes :80, ptime: 10
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Media negotiation done: stream->negotiated_ptime=10,stream->negotiated_codec_bytes=80,
    coverted ptime=10 stream->mline_index=1, media_ndx=1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    failed to update call entry
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    Adding codec 5 ptype 0 time 10, bytes 80  as channel 0 mline 1 ss 1 188.254.68.67:24402
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    Hndl ptype 18 mline 1
    06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPISelectCodecVersion: Codec (g729r8) is not in preferred list
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: An exact codec match not configured, using interoperable codec g729r8
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Selecting codec g729r8
    06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found:
    Codec to be matched: 16
    06:19:26: //129/EE5EC9DD8170/SIP/Info/codec_found: No match for the codecs found..
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    Hndl ptype 98 mline 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    Hndl ptype 96 mline 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    Hndl ptype 97 mline 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo:
    Hndl ptype 101 mline 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: setting ipip_caps DTMF to RFC2833: callid = 129, dtmf = 6
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Copy sdp to channel- AFTER CODEC FILTERING: ccb->pld.ipip_caps.codecInfo[channel_ndx].codec
    = 5
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_copy_sdp_to_channelInfo: Copy sdp to channel- AFTER CODEC FILTERING: ccb->pld.ipip_caps.codecInfo[channel_ndx].codec
    = -1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer:
    callId 129 flags 0x100 state STATE_IDLE
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer:
    Report initial call media
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer: ccb->flags 0x804000C, ccb->pld.flags_ipip 0x201
    06:19:26: //129/EE5EC9DD8170/SIP/Info/copy_channels:
    callId 129 size 240 ptr 0x69E20A34)
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer:
    CCSIP: Unable to report channel ind
    06:19:26: //129/EE5EC9DD8170/SIP/Info/ccsip_update_srtp_caps:  5798: Posting Remote SRTP caps to other callleg.
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_report_media_to_peer: do cc_api_caps_ind()
    06:19:26: //129/EE5EC9DD8170/SIP/Media/sipSPIUpdCallWithSdpInfo:
              Stream type            : voice+dtmf
              Media line             : 1
              State                  : STREAM_ADDING (2)
              Stream address type    : 1
              Callid                 : -1
              Negotiated Codec       : g711ulaw, bytes :80
              Nego. Codec payload    : 0 (tx), 0 (rx)
              Negotiated DTMF relay  : rtp-nte
              Negotiated NTE payload : 101 (tx), 101 (rx)
              Negotiated CN payload  : 0
              Media Srce Addr/Port   : [178.208.X.X]:0
              Media Dest Addr/Port   : [188.254.68.67]:24402
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIHandleInviteMedia:
    Negotiated Codec       : g711ulaw, bytes :80
    Preferred Codec        : g711ulaw, bytes :160
    Preferred  DTMF relay 1 : 6
    Preferred  DTMF relay 2 : 0
    Negotiated DTMF relay   : 6
    Preferred and Negotiated NTE payloads: 101 101
    Preferred and Negotiated NSE payloads: 100 0
    Preferred and Negotiated Modem Relay: 0 0
    Preferred and Negotiated V150.1 Modem Passthrough: 0 0
    Preferred and Negotiated V150.1 Modem Relay: 0 0
    Preferred and Negotiated Modem Relay GwXid: 1 0
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoQoSNegotiationWithMediaLine: QOS negotiation for mline_index 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIDoStreamQoSNegotiation: Best effort
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPICanSetFallbackFlag: Local Fallback is not active
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Media/sipSPIReserveRtpPort: reserved port 17550 for stream 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUpdateSrcSdpFixedPart: Reserving rtp port for stream 1, src_port=17550
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetMediaDirectionForStream: Setting Media direction SENDRECV for stream 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUpdateSrcSdpVariablePart: Setting stream 1 portnum to 17550
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUpdateSrcSdpVariablePart:
    SIP update src sdp, negoitated codec 5, payload type 0
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUpdateSrcSdpVariablePart: Negotiated method of dtmf relayand pyld: 6 101
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIAddBillingInfoToCcb: sipCallId for billing records = isbc6994325518770806443-1385214296-16204
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetContentCPA: No CPA found in inbound container
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIProcessCPA: No x-cisco-cpa content found
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_GetHdrPassthruCfg: Hdr passthrough config:1 tag:0
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_IsContentPassthruEnabled:  - 0
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_ExtractPassthruContentFromSipContainer: Passthru Content Not Enabled
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_store_channel_info: Store channelInfo in CallInfo
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_store_channel_info: dtmf negotiation done, storing negotiated dtmf = 6,
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIShrlCall: Check peer: 10020 for Shared-Line call, callid: 129
    06:19:26: //129/EE5EC9DD8170/SIP/Info/ccsip_set_bearer_capability:
       Bearer Capability: Speech (0x00)
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetContentQSIG: No QSIG Body found in inbound container
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetContentQ931: No RawMsg Body found in inbound container
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPICreateNewRawMsg: No Data to form The Raw Message
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIContinueNewMsgInvite: ccsip_api_call_setup_ind returned: SIP_SUCCESS
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUaddccCallIdToTable: Adding call id 81 to table
    06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SESSION_REFRESH_RESP
    06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: dir:1, method:102, resp_code:100, container:6A0173E4
    06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLValidateSessRefreshMsg: Ignoring 1xx response for session timer processing
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPISendInviteResponse: Associated container=0x6A0173E4 to Invite Response 100
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPITransportSendMessage: msg=0x6A5A1A34, addr=188.254.68.66, port=9290, sentBy_port=9290, local_addr=, is_req=0,
    transport=1, switch=0, callBack=0x0
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: Trying to send resp=0x6A5A1A34 to default port=9290
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostRequestConnection: Posting UDP conn create request for addr=188.254.68.66, port=9290, context=0x68ABB118
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportSetConnWaitTimer: Wait timer set for connection=0x68ABCB0C,addr=188.254.68.66, port=9290
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportSetConnWaitTimer:
    Wait Conn Timer started for 5000 msec
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipCreateConnInstance: Created new initiated conn=0x68ABCB0C, connid=-1, addr=188.254.68.66, port=9290, local_addr=,
    transport=UDP
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:188.254.68.66, rport:9290 with laddr:
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipInstanceGetConnectionId: Registering gcb=0x6A874E70 with connection=0x68ABCB0C
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: Waiting for Connection for sending msg=0x6A5A1A34
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPITransportSendMessage: Deferred sending msg=0x6A5A1A34
    06:19:26: //129/EE5EC9DD8170/SIP/State/sipSPIChangeState: 0x6A874E70 : State change from (STATE_IDLE, SUBSTATE_NONE)  to (STATE_RECD_INVITE, SUBSTATE_NONE)
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIProcessContactInfo: Previous Hop 188.254.68.66:9290
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_PROCEEDING
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_event_handler: switch(ev.ev_id: 165)
    06:19:26: //129/EE5EC9DD8170/SIP/Info/ccsip_event_handler:
    ccsip_event_handler: peer ID 130 chans 0x6780D478 event 165 flags 0x844001C 0x100 0x601 data 0x6780D478
    06:19:26: //129/EE5EC9DD8170/SIP/Info/ccsip_event_handler:
    ccsip_event_handler: CC_EV_H245_SET_MODE: peer ID 130 chans 0x6780D478 event 165 flags 0x844001C 0x100 0x601 data 0x6780D478, type = 1
    06:19:26: //129/EE5EC9DD8170/SIP/Info/ccsip_gw_set_sipspi_mode: Setting SPI mode to SIP-H323
    06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SET_MODE
    06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLMain:
            SE: 3600;refresher:uac peer refresher:none, flags:2001, posted event:E_STSL_INVALID_PEER_EVENT, reason:4
            Configured SE:1800, Configured Min-SE:1800
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_event_handler: CC_R_SUCCESS_WITH_CONFIRMED
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 3 for event 3
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 2 for event 58
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWConnectionCreated: context=0x68ABB118
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerProcessConnCreated: gConnTab=0x68ABB118, addr=188.254.68.66, port=9290, local_addr=, connid=3,
    transport=UDP
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerProcessConnCreated: connection instance created for addr:188.254.68.66, port:9290 local_addr=
    local_port=57282
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportStopConnWaitTimer: Wait timer stopped for connection=0x68ABCB0C,addr=188.254.68.66, port=9290
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipInstanceHandleConnectionCreated: Moving connection=0x68ABCB0C, connid=3 state to established. local_addr=,
    local_port=57282
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportPostInternalMsg: Posting Internal Msg type=0
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 2 for event 63
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x6A5A1A34, addr=188.254.68.66, port=9290, local_addr=, connId=3 for UDP
    06:19:26: //129/EE5EC9DD8170/SIP/Msg/ccsipDisplayMsg:
    Sent:
    SIP/2.0 100 Trying
    Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a3c000c-1
    From: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
    To: <sip:[email protected];user=phone>
    Date: Sat, 23 Nov 2013 13:42:29 GMT
    Call-ID: isbc6994325518770806443-1385214296-16204
    CSeq: 1 INVITE
    Allow-Events: telephone-event
    Server: Cisco-SIPGateway/IOS-12.x
    Content-Length: 0
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_ALERTING
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Error/ccsip_call_service_msg: ccb NULL, unable to update the callinfo ui parameters
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_MEDIA_EVENT
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 3 for event 5
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIAddCiscoGcid: Fatal Error in parsing CCB/Msg
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIStoreTunnelData: Container /RawMessage Absent
    06:19:26: //129/EE5EC9DD8170/SIP/Error/sipSPI_ipip_set_history_info_header: Not SIP2SIP mode
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUaddCcbToUASRespTable: ****Adding to UAS Response table.
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPIUaddCcbToTable: Added to table. ccb=0x6A874E70 key=isbc6994325518770806443-1385214296-1620415B6280-0
    06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: Event: E_STSL_SESSION_REFRESH_RESP
    06:19:26: //129/EE5EC9DD8170/SIP/Event/Session-Timer/sipSTSLMain: dir:1, method:102, resp_code:180, container:6A017B1C
    06:19:26: //129/EE5EC9DD8170/SIP/Info/Session-Timer/sipSTSLValidateSessRefreshMsg: Ignoring 1xx response for session timer processing
    06:19:26: //129/EE5EC9DD8170/SIP/Event/sipSPICreateRpid: Received Octet3A=0x00 -> Setting ;screen=no ;privacy=off
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sipSPISendInviteResponse: Associated container=0x6A017B1C to Invite Response 180
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPISendInviteResponse: Sending 180 Response to the Transport Layer
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPITransportSendMessage: msg=0x6A5A1A34, addr=188.254.68.66, port=9290, sentBy_port=9290, local_addr=, is_req=0,
    transport=1, switch=0, callBack=0x618A57B8
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: switch transport is 0
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: Trying to send resp=0x6A5A1A34 to default port=9290
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:188.254.68.66, rport:9290 with laddr:
    06:19:26: //129/EE5EC9DD8170/SIP/Transport/sipTransportLogicSendMsg: Connection obtained...sending msg=0x6A5A1A34
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x6A5A1A34, addr=188.254.68.66, port=9290, local_addr=, connId=3 for UDP
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sentInviteResponse18x: Sent a 18x Response
    06:19:26: //129/EE5EC9DD8170/SIP/Info/sentInviteResponse18x: Transaction active. Facilities will be queued.
    06:19:26: //129/EE5EC9DD8170/SIP/State/sipSPIChangeState: 0x6A874E70 : State change from (STATE_RECD_INVITE, SUBSTATE_NONE)  to (STATE_SENT_ALERTING, SUBSTATE_NONE)
    06:19:26: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 3 for event 30ty-ID:
    <sip:[email protected]>;party=called;screen=no;privacy=off
    Contact: <sip:[email protected]:5060>
    Server: Cisco-SIPGateway/IOS-12.x
    Content-Length: 0
    06:19:27: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpIPv4SocketReads: Msg enqueued for SPI with IP addr: [188.254.68.66]:9290, local_address:[ - ]
    06:19:27: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpIPv4SocketReads: Msg enqueued for SPI with IP addr: [188.254.68.66]:9290, local_address:[ - ]
    06:19:27: //129/EE5EC9DD8170/SIP/Msg/ccsipDisplayMsg:
    Sent:
    SIP/2.0 200 OK
    Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a3c000c-2
    From: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
    To: <sip:[email protected];user=phone>;tag=15B6280-0
    Date: Sat, 23 Nov 2013 13:42:30 GMT
    Call-ID: isbc6994325518770806443-1385214296-16204
    Server: Cisco-SIPGateway/IOS-12.x
    CSeq: 2 PRACK
    Content-Length: 0
    06:19:27: //129/EE5EC9DD8170/SIP/Msg/ccsipDisplayMsg:
    Sent:
    UPDATE sip:[email protected]:9290;user=phone SIP/2.0
    Via: SIP/2.0/UDP 178.208.X.X:5060;branch=z9hG4bK120
    From: <sip:[email protected];user=phone>;tag=15B6280-0
    To: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
    Date: Sat, 23 Nov 2013 13:42:30 GMT
    Call-ID: isbc6994325518770806443-1385214296-16204
    User-Agent: Cisco-SIPGateway/IOS-12.x
    Max-Forwards: 70
    Supported: 100rel,timer,resource-priority,replaces,sdp-anat
    Timestamp: 1385214150
    Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
    CSeq: 101 UPDATE
    Contact: <sip:[email protected]:5060>
    Min-SE:  1800
    Remote-Party-ID: <sip:[email protected]>;party=called;screen=yes;privacy=off
    Content-Length: 0
    06:19:27: //129/EE5EC9DD8170/SIP/Msg/ccsipDisplayMsg:
    Sent:
    SIP/2.0 200 OK
    Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a3c000c-2
    From: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
    To: <sip:[email protected];user=phone>;tag=15B6280-0
    Date: Sat, 23 Nov 2013 13:42:30 GMT
    Call-ID: isbc6994325518770806443-1385214296-16204
    Server: Cisco-SIPGateway/IOS-12.x
    CSeq: 2 PRACK
    Content-Length: 0
    06:19:31: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpIPv4SocketReads: Msg enqueued for SPI with IP addr: [188.254.68.66]:9290, local_address:[ - ]
    06:19:31: //129/EE5EC9DD8170/SIP/Msg/ccsipDisplayMsg:
    Sent:
    SIP/2.0 500 Internal Server Error
    Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a3c000c-1
    From: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
    To: <sip:[email protected];user=phone>;tag=15B6280-0
    Date: Sat, 23 Nov 2013 13:42:30 GMT
    Call-ID: isbc6994325518770806443-1385214296-16204
    CSeq: 1 INVITE
    Allow-Events: telephone-event
    Server: Cisco-SIPGateway/IOS-12.x
    Reason: Q.850;cause=16
    Content-Length: 0
    06:19:31: //-1/xxxxxxxxxxxx/SIP/Info/HandleUdpIPv4SocketReads: Msg enqueued for SPI with IP addr: [188.254.68.66]:9290, local_address:[ - ]
    06:19:31: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 2 for event 1
    06:19:31: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportProcessNWNewConnMsg: context=0x0
    06:19:31: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
    Received:
    ACK sip:[email protected];user=phone SIP/2.0
    Via: SIP/2.0/UDP 188.254.68.66:9290;branch=z9hG4bK-6110d60075c89eab-a3c000c-1
    Call-ID: isbc6994325518770806443-1385214296-16204
    From: <sip:[email protected];user=phone>;tag=sbc09026994325518770806443
    To: <sip:[email protected];user=phone>;tag=15B6280-0
    CSeq: 1 ACK
    Max-Forwards: 70
    Content-Length: 0
    06:19:31: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_new_msg_preprocessor: Checking Invite Dialog
    06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPIFindCcbUASRespTable: *****CCB found in UAS Response table. ccb=0x6A874E70
    06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPIUdeleteCcbFromTable: Deleting from table. ccb=0x6A874E70 key=isbc6994325518770806443-1385214296-1620415B6280-0
    06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPIFlushEventBufferQueue: There are 0 events on the internal queue that are going to be free'd
    06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPIStopRequestPendingTimer: Stopping Request Pending Timer
    06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPI_ipip_free_codec_profile: Codec Profiles Freed
    06:19:31: //129/EE5EC9DD8170/SIP/Info/sipSPIUfreeOneCCB: Freeing ccb 6A874E70
    06:19:31: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetContextFromTable: NO context for key[52]
    c2801#
    c2801#

    Hi Ahmed,
    Looking at the logs, it seems some important messages are missing..
    can you please again collect the following debugs ?
    - debug voip ccapi inout
    - debug ccsip all
    - debug voice translation
    Thanks,
    Piyush

  • An error message "B channel out of service".

    Much thanks for you spent time to answer my question.
    I set the "E1 Enhanced Card" on VG200 for MGCP and work with CCM3.3.2.
    Also the IOS of VG200 has been upgraded to version 12.3<3a>.
    But this error also will generated of each B channel.Could you help me to solve the problem ?
    Thanks !

    When I checked , it looks like
    DTMF Events Through SIP Signaling
    DTMF Relay for SIP Calls Using Named Telephone Events (NTE)
    H.323 Dual Tone Multifrequency (DTMF) Relay Using Named Telephone Events
    MGCP Based Fax (T.38) and DTMF Relay
    VG200 doesnt support the above. But in other platforms it is supported in - 12.3(3)

  • Sip 503 service unavailable and sip 500 internal server error

    Hi guys,could any one help me in the following.
    ITSP-->Voice gateway configured as CUBE-->CUCM-->UCCX
    I am moving a system from cme and aa enviroment to cucm and uccx
    The VGW is configured as CUBE and also is added as h323 gateway on cucm.
    When i tested the debug ccsip messages shows
    Sip 503 service unavailable or
    sip 500 internal server error.
    I can't now provide any debugs cause i am not on site,only on Saturday.
    As i read in previous discussion that could be the bind source address problem but i had this configured.
    Also i tried to configure the gateway instead of h232 to use sip trunk from cucm,but after this the incoming calls didn't even reach the router,the debug ccsip messages showed nothing.
    For now can any one advice me to what these 2 errors related to.
    What could be missing?
    Thanks in advance.

    Hi there : can some one explain the reason that i am getting this sip error with itsp:
    here is the debug of ccsip messages:
    Received:
    INVITE sip:[email protected];user=phone SIP/2.0
    Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
    Call-ID: isbc6994325518768294927-1385194135-11717
    From: [email protected];user=phone>;tag=sbc09106994325518768294927
    To:
    CSeq: 1 INVITE
    Min-SE: 90
    Session-Expires: 3600;refresher=uac
    Contact:
    Allow: INVITE,CANCEL,BYE,ACK,REFER,UPDATE,INFO,PRACK
    Supported: timer,100rel
    Diversion: [email protected]>;privacy=off;screen=no;reason=unknown,[email protected]>;privacy=off;screen=no;reason=unknown
    Max-Forwards: 70
    User-Agent: VCS 5.8.2.56-03
    Content-Length: 394
    Content-Type: application/sdp
    v=0
    o=- 87852 198805 IN IP4 188.254.68.67
    s=SBC call
    c=IN IP4 188.254.68.67
    t=0 0
    m=audio 23682 RTP/AVP 8 0 18 98 96 97 101
    a=rtpmap:98 G.729a/8000
    a=rtpmap:96 G.729ab/8000
    a=rtpmap:97 G.729b/8000
    a=rtpmap:101 telephone-event/8000
    a=fmtp:101 0-15
    a=fmtp:18 annexb=no
    a=ptime:10
    a=X-vrzcap:vbd Ver=1 Mode=FaxPr ModemRtpRed=0
    a=X-vrzcap:identification bin=DSR2866 Prot=mgcp App=MG
    00:43:23: //11/FDB448CE8020/SIP/Msg/ccsipDisplayMsg:
    Sent:
    SIP/2.0 100 Trying
    Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
    From: [email protected];user=phone>;tag=sbc09106994325518768294927
    To:
    Date: Sat, 23 Nov 2013 08:06:29 GMT
    Call-ID: isbc6994325518768294927-1385194135-11717
    CSeq: 1 INVITE
    Allow-Events: telephone-event
    Server: Cisco-SIPGateway/IOS-12.x
    Content-Length: 0
    00:43:23: //11/FDB448CE8020/SIP/Msg/ccsipDisplayMsg:
    Sent:
    SIP/2.0 503 Service Unavailable
    Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
    From: [email protected];user=phone>;tag=sbc09106994325518768294927
    To:
    c2801#er=phone>;tag=27BA64-1DAE
    Date: Sat, 23 Nov 2013 08:06:29 GMT
    Call-ID: isbc6994325518768294927-1385194135-11717
    CSeq: 1 INVITE
    Allow-Events: telephone-event
    Server: Cisco-SIPGateway/IOS-12.x
    Reason: Q.850;cause=38
    Content-Length: 0
    00:43:23: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
    Received:
    ACK sip:[email protected];user=phone SIP/2.0
    Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
    Call-ID: isbc6994325518768294927-1385194135-11717
    From: [email protected];user=phone>;tag=sbc09106994325518768294927
    To: ;tag=27BA64-1DAE
    CSeq: 1 ACK
    Max-Forwards: 70
    Content-Length: 0
    show run:
    voice service voip
    ip address trusted list
      ipv4 87.226.136.164 255.255.255.255
      ipv4 172.16.24.0 255.255.255.0
      ipv4 188.254.68.66 255.255.255.255
      ipv4 188.254.68.67 255.255.255.255
      ipv4 188.254.69.66 255.255.255.255
      ipv4 188.254.69.67 255.255.255.255
      ipv4 46.38.52.68 255.255.255.255
    address-hiding
    allow-connections h323 to h323
    allow-connections h323 to sip
    allow-connections sip to h323
    allow-connections sip to sip
    supplementary-service h450.12
    no supplementary-service sip moved-temporarily
    no supplementary-service sip refer
    redirect ip2ip
    fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback cisco
    sip
    voice class codec 1
    codec preference 1 g729br8
    codec preference 2 g729r8
    codec preference 3 g711alaw
    codec preference 4 g711ulaw
    voice class codec 2
    codec preference 1 g711ulaw
    codec preference 2 g711alaw
    codec preference 3 g729r8
    codec preference 4 g729br8
    voice translation-rule 1
    rule 1 /XXX5397962/ /1999/
    voice translation-rule 2
    rule 1 /XXX55317577/ /1999/
    voice translation-rule 3
    rule 1 /5555317884/ /1999/
    voice translation-profile ROS
    translate called 1
    voice translation-profile ROS2
    translate called 2
    voice translation-profile ROS3
    translate called 3
    interface FastEthernet0/0
    ip address 178.208.129.221 255.255.255.248
    ip access-group INBOUND in
    no ip unreachables
    ip verify unicast reverse-path
    ip nat outside
    ip inspect IPFW in
    ip inspect IPFW out
    ip virtual-reassembly in
    duplex auto
    speed auto
    no cdp enable
    interface FastEthernet0/1
    no ip address
    ip nat inside
    ip virtual-reassembly in
    duplex auto
    speed auto
    interface FastEthernet0/1.1
    encapsulation dot1Q 1 native
    ip address 10.110.0.200 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    interface FastEthernet0/1.2
    encapsulation dot1Q 2
    ip address 172.16.24.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    h323-gateway voip interface
    h323-gateway voip bind srcaddr 172.16.24.254
    ip dns server
    ip nat inside source list NAT interface FastEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 178.208.X.X
    ip route 192.168.0.0 255.255.0.0 Null0 254
    sccp local FastEthernet0/1.2
    sccp ccm 172.16.24.101 identifier 1 version 7.0
    sccp
    sccp ccm group 1
    associate ccm 1 priority 1
    associate profile 1 register XCODE123456
    keepalive retries 1
    keepalive timeout 10
    switchover method immediate
    switchback method immediate
    dspfarm profile 1 transcode 
    codec g711ulaw
    codec g711alaw
    codec g729ar8
    codec g729abr8
    codec g729r8
    codec g729br8
    maximum sessions 6
    associate application SCCP
    dial-peer voice 10000 voip
    tone ringback alert-no-PI
    description ROSTELECOM Incoming
    translation-profile incoming ROS
    destination-pattern 74955397962
    session protocol sipv2
    session target ipv4:87.226.136.164
    session transport udp
    incoming called-number XXXX5397962
    dtmf-relay rtp-nte
    codec g711ulaw
    dial-peer voice 10010 voip
    tone ringback alert-no-PI
    description ROSTELECOM Incoming
    translation-profile incoming ROS2
    destination-pattern XXX55317577
    session protocol sipv2
    session target ipv4:87.226.136.164
    session transport udp
    incoming called-number 75555317577
    dtmf-relay rtp-nte
    codec g711ulaw
    dial-peer voice 10020 voip
    tone ringback alert-no-PI
    description ROSTELECOM Incoming
    translation-profile incoming ROS3
    preference 1
    destination-pattern 5555317884
    session protocol sipv2
    session target ipv4:188.254.68.66
    session transport udp
    incoming called-number 5555317884
    dtmf-relay rtp-nte
    codec g711ulaw
    dial-peer voice 10021 voip
    tone ringback alert-no-PI
    description ROSTELECOM Incoming
    translation-profile incoming ROS
    preference 2
    destination-pattern 5555317884
    session protocol sipv2
    session target ipv4:188.254.69.66
    session transport udp
    incoming called-number 5555317884
    dtmf-relay rtp-nte
    codec g711ulaw
    dial-peer voice 2 voip
    tone ringback alert-no-PI
    description to CUCM_PUB
    destination-pattern 1...
    session target ipv4:172.16.24.101
    voice-class codec 2 
    dtmf-relay rtp-nte
    I see in the debug that the itsp over g729 family codecs but not g711 at all
    This system was working with this dialpeers before with same provider ,just i have added the dial-peer 2 .
    I have changed the codec to match what is offered by itsp but no difference,still getting the same message.
    PLZ help ASAP.

  • Error Cisco 892f-w Wireless driver lwapp and capwap controller

    Hello, greetings to cisco support community, I write to ask for help for my router, I have trouble lifting the wireless network, I hope you can help me thanks.
           Upon entering cli ap: I have this error:
    *Jul  3 22:33:04.951: %CAPWAP-3-STATIC_TO_DHCP_IP: Could not discover WLC using
    static IP. Forcing AP to use DHCP.
    *Jul  3 22:33:14.959: %CAPWAP-3-ERRORLOG: Invalid event 38 & state 2 combination
    *Jul  3 22:33:15.083: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet0 assigne
    d DHCP address 10.10.10.4, mask 255.255.255.248, hostname AP6400.f1cf.6738
    Translating "CISCO-CAPWAP-CONTROLLER"...domain server (8.8.8.8)
    Translating "CISCO-LWAPP-CONTROLLER"...domain server (8.8.8.8)
    *Jul  3 22:33:18.959: %CAPWAP-3-ERRORLOG: Did not get log server settings from D
    HCP.
    *Jul  3 22:33:19.083: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-CAPWAP-CONTROL
    LER
    *Jul  3 22:33:19.207: %CAPWAP-3-ERRORLOG: Could Not resolve CISCO-LWAPP-CONTROLL
    ER
    Here is my configuration
    Natural#SHOW RUNNing-config
    Building configuration...
    Current configuration : 5681 bytes
    ! Last configuration change at 19:56:22 UTC Wed Oct 16 2013 by juanrifle
    version 15.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname Natural
    boot-start-marker
    boot-end-marker
    logging buffered 51200 warnings
    no aaa new-model
    memory-size iomem 10
    service-module wlan-ap 0 bootimage autonomous
    crypto pki trustpoint TP-self-signed-634714217
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-634714217
    revocation-check none
    rsakeypair TP-self-signed-634714217
    crypto pki certificate chain TP-self-signed-634714217
    certificate self-signed 01
      30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
      30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 36333437 31343231 37301E17 0D313331 30313131 38343833
      395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
      532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3633 34373134
      32313730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
      E814BC99 A2374C6C C52A0828 7D8D2215 5220B891 63F3CB16 C03D6F00 F3ECF2E9
      BE71FB32 9D1388FA 608C3267 3105F7E9 4A0FADDB C3031255 2054BF5D 971D4B0F
      AD5914F8 8D7E9CF3 FBDDD586 63C8D981 3C32F53F E43CE93F 20930CFA 9F6055E7
      810AF11D D8CBF7EA D6D5B680 B9AA465C EA9D533B A8E39059 6401101F D81939C9
      02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
      23041830 168014A1 4A274F69 1972E173 6F458E3E 67212F22 A21F3F30 1D060355
      1D0E0416 0414A14A 274F6919 72E1736F 458E3E67 212F22A2 1F3F300D 06092A86
      4886F70D 01010505 00038181 006B165B E1CABC78 F125A399 A8DB860B 7A134E69
      A342D73A A5215D08 E675406C 318E1877 EFCBB5E8 747291F3 6D39D0CD DD38FE96
      E4829127 A2BB4F47 CF1BA9A1 43631C0B BE5932A7 BDE1EAEB 98F832AC 83EAB223
      141BB6A0 3ECD607B 8E126FDC 5AC8AD12 28F8DB6A 9742994B 063610C6 D5144944
      8A129632 AC689172 1B108332 44
            quit
    ip cef
    ip dhcp excluded-address 10.10.10.1
    ip dhcp excluded-address 10.10.10.145
    ip dhcp excluded-address 10.10.10.153
    ip dhcp excluded-address 10.10.10.1 10.10.10.2
    ip dhcp pool ccp-pool
    import all
    network 10.10.10.0 255.255.255.248
    default-router 10.10.10.1
    dns-server 8.8.8.8 200.87.100.10
    lease 0 2
    ip dhcp pool ccp
    dns-server 8.8.8.8 200.87.100.10
    ip dhcp pool Oficina wireless pool
    import all
    network 10.10.10.144 255.255.255.248
    default-router 10.10.10.145
    dns-server 8.8.8.8 200.87.100.10
    ip dhcp pool guest pool
    import all
    network 10.10.10.152 255.255.255.248
    default-router 10.10.10.153
    dns-server 8.8.8.8 200.87.100.10
    no ip domain lookup
    ip domain name yourdomain.com
    no ipv6 cef
    multilink bundle-name authenticated
    license udi pid CISCO892FW-A-K9 sn FTX172783RH
    username ******** privilege 15 password 0 ******
    username ******** privilege 15 secret 4 df2cx1EOReyOFTzHQGHyju0MCCMPPDggzToRobK46
    vI
    redundancy
    interface BRI0
    no ip address
    encapsulation hdlc
    shutdown
    isdn termination multidrop
    interface FastEthernet0
    no ip address
    spanning-tree portfast
    interface FastEthernet1
    no ip address
    interface FastEthernet2
    no ip address
    interface FastEthernet3
    no ip address
    interface FastEthernet4
    no ip address
    interface FastEthernet5
    no ip address
    interface FastEthernet6
    no ip address
    interface FastEthernet7
    no ip address
    interface FastEthernet8
    description modem adsl
    ip address dhcp
    ip flow ingress
    ip flow egress
    ip nat outside
    ip virtual-reassembly in
    duplex auto
    speed auto
    interface GigabitEthernet0
    no ip address
    shutdown
    duplex auto
    speed auto
    interface wlan-ap0
    description Service module interface to manage the embedded AP
    ip unnumbered Vlan1
    arp timeout 0
    interface Wlan-GigabitEthernet0
    description Internal switch interface connecting to the embedded AP
    switchport trunk allowed vlan 1-3,1002-1005
    switchport mode trunk
    no ip address
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
    ip address 10.10.10.1 255.255.255.248
    ip nat inside
    ip virtual-reassembly in
    ip tcp adjust-mss 1452
    interface Vlan2
    description wireless oficina
    ip address 10.10.10.145 255.255.255.248
    ip nat inside
    ip virtual-reassembly in
    interface Vlan3
    description wireless guest
    ip address 10.10.10.153 255.255.255.248
    ip nat inside
    ip virtual-reassembly in
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip flow-export destination 10.10.10.5 2055
    ip nat inside source list 110 interface FastEthernet8 overload
    ip sla auto discovery
    access-list 10 permit 10.10.10.0 0.0.0.7
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 110 permit ip 10.10.10.0 0.0.0.255 any
    access-list 120 remark wireless guest Restriction
    access-list 120 permit udp host 0.0.0.0 eq bootpc host 255.255.255.255 eq bootps
    access-list 120 permit ip 10.10.10.152 0.0.0.7 any
    access-list 120 deny   ip 10.10.10.152 0.0.0.7 0.0.0.0 255.255.255.0
    access-list 120 deny   ip 10.10.10.152 0.0.0.7 172.16.0.0 0.15.255.255
    access-list 120 deny   ip 10.10.10.152 0.0.0.7 192.168.0.0 0.0.255.255
    no cdp run
    control-plane
    mgcp profile default
    line con 0
    login local
    line 2
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin udptn ssh
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    login local
    transport input telnet ssh
    line vty 5 15
    access-class 23 in
    privilege level 15
    login local
    transport input telnet ssh
    end
    Natural#

    Hi Andrew,
    LAP always download the image run on a WLC (in this case 3850). So no point upgrade LAP independantly as it will always sync with image run on the controller it joins.
    In this case you can upgrade 3850 to 3.3.2 (which is the latest image as of today) if you are not already running that code
    HTH
    Rasika
    **** Pls rate all useful resposnes ****

  • IPSec Spoof Detected error on VPN route

    I'm trying to set up a new VPN user/group/policy to replace a flawed old version that used IP addresses from the same pool as the inside VLAN. As of right now I have most things configured but am unable to establish a connection to a service host on the inside VLAN with the new configuration. The old configuration works fine. Other services like RDP are working fine on the new configuration.
    I *thought* that I had everything configured to use the new IP addresses in ACL lists, NAT Excemptions and the like but must have a conflict or missing rule somewhere I can't spot. Using the packet tracer everything works except when I test 192.168.16.x -> 192.168.15.x on interface outside, it says "IPSEC Spoof Detected" as the reason for dropping packets. When attempting to establish the connection there is no errors, just "Built inbound TCP..." followed by "Teardown TCP... SYN Timeout 00:30"
    For the record the 192.168.16.100-150 pool is the correct VPN address pool.
    Once I have it working 100% I'd like to remove the 192.168.15.200-250 pool from the ASDM configuration.
    My configurations:
    : Saved
    ASA Version 8.2(5)
    hostname SEMC-TEST
    enable password D37rIydCZ/bnf1uj encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    name 192.168.15.0 192.168.15.0 description Internal Network devices
    ddns update method DDNS_Update
    ddns both
    interval maximum 0 4 0 0
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
    description VLAN to inside hosts
    nameif inside
    security-level 100
    ddns update hostname 0.0.0.0
    ddns update DDNS_Update
    dhcp client update dns server both
    ip address 192.168.15.1 255.255.255.0
    interface Vlan2
    description External VLAN to internet
    nameif outside
    security-level 0
    ip address xx.xx.xx.xx 255.255.255.248
    ftp mode passive
    clock timezone CST -6
    clock summer-time CDT recurring
    dns domain-lookup inside
    dns server-group DefaultDNS
    name-server 216.221.96.37
    name-server 8.8.8.8
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group service DM_INLINE_TCP_1 tcp
    port-object eq www
    port-object eq https
    access-list outside_access_in extended permit icmp any any
    access-list outside_access_in extended permit ip 192.168.16.0 255.255.255.0 any
    access-list outside_access_in extended permit ip 192.168.15.192 255.255.255.192 any
    access-list outside_access_in extended permit ip 192.168.15.0 255.255.255.0 192.168.16.0 255.255.255.0
    access-list Remote_test_splitTunnelAcl standard permit 192.168.15.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip 192.168.15.0 255.255.255.0 192.168.15.192 255.255.255.192
    access-list inside_nat0_outbound extended permit ip 192.168.15.0 255.255.255.0 192.168.16.0 255.255.255.0
    access-list inside_access_in extended permit ip 192.168.15.192 255.255.255.192 any
    access-list inside_access_in extended permit ip interface inside interface inside
    access-list inside_access_in extended permit ip any 192.168.15.192 255.255.255.192
    access-list inside_access_in extended permit icmp any any
    access-list inside_access_in extended permit ip any 192.168.16.0 255.255.255.0
    access-list inside_access_in extended permit ip 192.168.16.0 255.255.255.0 any
    access-list inside_access_in remark Block Internet Traffic
    access-list inside_access_out extended permit icmp 192.168.15.0 255.255.255.0 any
    access-list inside_access_out extended permit ip 192.168.15.192 255.255.255.192 any
    access-list inside_access_out extended permit ip 192.168.15.0 255.255.255.0 192.168.15.192 255.255.255.192
    access-list inside_access_out extended permit ip 192.168.16.0 255.255.255.0 any
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    ip local pool VPN_IP_Alt 192.168.16.100-192.168.16.150 mask 255.255.255.0
    ip local pool VPN_IP_Pool 192.168.15.200-192.168.15.250 mask 255.255.255.0
    ipv6 access-list inside_access_ipv6_in permit ip interface inside interface inside
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    icmp permit any echo-reply inside
    icmp permit any echo-reply outside
    icmp permit any outside
    no asdm history enable
    arp timeout 14400
    nat-control
    global (inside) 2 interface
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound_2
    access-group inside_access_in in interface inside
    access-group inside_access_ipv6_in in interface inside
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 xx.xx.xx.xx 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 192.168.15.0 255.255.255.0 inside
    http 192.168.16.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    management-access inside
    dhcpd auto_config outside
    dhcpd address 192.168.15.200-192.168.15.250 inside
    dhcpd enable inside
    no threat-detection basic-threat
    threat-detection statistics access-list
    threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
    ntp server 192.168.15.101 source inside
    ntp server 192.168.15.100 source inside prefer
    webvpn
    group-policy Remote_test_Alt internal
    group-policy Remote_test_Alt attributes
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Remote_test_splitTunnelAcl
    group-policy Remote_test internal
    group-policy Remote_test attributes
    vpn-tunnel-protocol IPSec
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value Remote_test_splitTunnelAcl
    username StockUser password t6a0Nv8HUfWtUdKz encrypted privilege 0
    username StockUser attributes
    vpn-group-policy Remote_test
    username StockUser2 password t6a0Nv8HUfWtUdKz encrypted privilege 0
    username StockUser2 attributes
    vpn-group-policy Remote_test_Alt
    tunnel-group Remote_test type remote-access
    tunnel-group Remote_test general-attributes
    address-pool VPN_IP_Pool
    default-group-policy Remote_test
    tunnel-group Remote_test ipsec-attributes
    pre-shared-key *****
    tunnel-group Remote_test2 type remote-access
    tunnel-group Remote_test2 general-attributes
    address-pool VPN_IP_Alt
    default-group-policy Remote_test_Alt
    tunnel-group Remote_test2 ipsec-attributes
    pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect ip-options
      inspect icmp
      inspect icmp error
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:834543b67beaaa65578d8032d7d272c3
    : end

    Harry,
    I appreciate the reply and apologise for taking so long to respond myself. When trying to connect to the service it still fails, I was using the Packet Tracer as a quicker means of testing.
    However, after further investigation Friday I believe the issue I am having may be with the service itself. It is a specialized device which, after reviewing its routing table has no route for 192.168.16.x addresses. I cannot update this configuration without scheduling a critical downtime hopefully within the next week.
    Again I appreciate the response but unfortunately my issue might not have to do with the VPN configuration at all!

Maybe you are looking for

  • Playback head lag in LPX 10.0.4

    I'm working on sessions I began with Logic Pro 9. They seem to have imported cleanly into Logic Pro X. However, in Logic Pro X the playback head is lagging behind the visual representation of the audio by at least half a bar. A serious bug -- unless

  • Need help regarding Sapscripts

    Hi! I would like to ask if there's anyone here who knows where I can find exercises or technical designs for practice regarding Sapscripts?  It would be better if the Sapscript exercise or technical design would be "start from scratch" so as to ensur

  • How do we know that some of the jobs have been held up in the BW system.And

    How do we know that some of the jobs have been held up in the BW system.And after we know that some of the jobs have been held up, how do we restart it?Please provide me an answer.It is very important.I will assign points Regards, Poonam

  • When do I need to use a cell editor in a JTree?

    I'm currently trying to add checkboxes to nodes in a JTree. I use a panel containing the check box and a label for rendering. I did this because I want only the checkbox to respond to a mouse click and not the text associated with it. I've read sever

  • Adobe Reader 9.1 Won't Open Some Files

    Updated to Adobe Reader 9.1 and some web-based files will not open.  I receive a blank page with the message "The system cannot find the file specified."  Is there a solution or setting for this?