Monitoring remote sites

I understand that some companies outsource to BEA to monitor remote sites in case of a failure in the routers or system. I was wondering what are the prices for the monthly management fee, installation fee and adding a router such as T1 or 56K? Our company was considering outsourcing this problem so we could concentrate our resources to improve our business. Is there a person I can contact to get this information?

I think several companies do this.
I am working with a company who will be offering this if you are interested I can foward your name to them.
Matt
Anna Tai wrote:
I understand that some companies outsource to BEA to monitor remote sites in case of a failure in the routers or system. I was wondering what are the prices for the monthly management fee, installation fee and adding a router such as T1 or 56K? Our company was considering outsourcing this problem so we could concentrate our resources to improve our business. Is there a person I can contact to get this information?

Similar Messages

  • Monitoring Remote SITE TO SITE vpn (Bandwidth - utilized)

    Can somebody say how to know the bandwidth utilized
    by the site to site vpn please
    Tks
    THomas

    Hi Thomas,
    You can use "Interface Graphs" in Pix Device Manager. This is a monitoring tool that will serve the purpose that you mentioned.
    You can get more info at :
    http://www.cisco.com/warp/public/cc/pd/fw/sqfw500/prodlit/pixdm_ds.htm

  • Monitor file arrival at remote site

    i hav been using the file arrival package that oracle supplies. it createsa schedule that monitors file arrivals every 5 mins
    if there is a file, it runs a job and also does something with queues
    this soln works fine, except that the folder monitored is on the local system.
    client now wants the folder that is monitored for file arrivals at a remote site.
    can oracle scheduler/file_arrival_package be used to monitor files at the remote site,??
    i also need to ftp it to the local drive and then run a job...is there a simpler workaround?

    There is no direct Scheduler support in 10g for interacting with a remote system. If there is a database running on the remote system, you can setup file arrival there and then send an AQ message back to the local system notifying the arrival of th file. Otherwise you would have to setup your own file notification mechanism on the remote system to notify the database.
    dbms_file_transfer in 10g and up can transfer files between two databases on different machines.
    -Ravi

  • Unity Message Monitoring No Audio For Remote Site IP Phones

    I have Unity Message Monitoring running on a Unity 7.0 server and it works fine with IP Phones located at the same site via G.711. It also works fine with Remote Message Monitoring phones (Cell Phones configured via Message Notification Device Phone 6). But it does not work with IP Phones at remote sites via G.729. The Unity server is configured to support G.711 and G.729 and I'm not sure if my problem has anything to do with Codecs. The reason being is because the Remote Message Monitoring to cell phones is working fine and we send in all external calls from the PSTN to Unity as G.729 via our SIP Trunk and the Remote Message Monitoring media stream going out to the cell phone is G.729 with no Transcoding resource being used.
    Is anyone else having problems with Message Monitoring to IP Phones at remote sites that normally use G.729 for WAN based calls? If not, do you have your Unity setup to run G.711 and G.729 or do you have it set to G.711 only and use a MRGL with a Transcoding resource?
    Thank You,
    Mike Shelley

    Hi.
    This is a normal behaviour, because RTP between endpoints is end to end and IP phone of remote user A should be able to reach ip phone user B directly.
    This means that you should have two options:
    - VPN from user A to HQ should include User B subnet in SA association and vice versa.
    - A direct VPN between user A and user B
    HTH
    Regards
    Carlo
    Please rate all helpful posts
    "The more you help the more you learn"

  • Remote site redundancy IPSEC VPN between 2911 and ASA

    We already have IPSEC VPN connectivity established between sites but would like to introduce some resilience/redundancy at a remote site.
    Site A has an ASA with one internet circuit.
    Site B has a Cisco 2911 with one internet circuit and we have established site-to-site IPSEC VPN connectivity between the 2911 and the ASA.
    Prior to getting the new internet circuit, Site B had a Cisco 877 with an ADSL line which are still available but aren’t currently in use.
    The internet circuit at Site B has dropped a few times recently so we would like to make use of the ADSL circuit (and potentially the 877 router too) as a backup.
    What is the best way of achieving this?
    We thought about running HSRP between the 877 and 2911 routers at Site B and, in the event of a failure of the router or internet circuit, traffic would failover to the 877 and ADSL.
    However, how would Site A detect the failure? Can we simply rely on Dead Peer Detection and list the public IP address of the internet circuit at Site B first with the public IP address used on the ADSL line second in the list on the ASA? What would happen in a failover scenario and, just as important, when service was restored – I’m not sure DPD would handle that aspect correctly?
    I’ve read briefly elsewhere that GRE might be best to use in this scenario – but I can’t use GRE on the ASA. I have an L3 switch behind the ASA which I may be able to make use of? But I don’t want to disrupt the existing IPSEC VPN connectivity already established between the ASA and the 2911.   Can I keep IPSEC between the ASA and 2911 but then run GRE between the L3 switch and the 2911? If so, how would this best be achieved?  And how could I also introduce the 877 and ADSL line into things to achieve the neccessary redundancy?
    Any help/advice would be appreciated!

    Hello,
    I don't think GRE tunnel that you could set up on the switch  behind ASA would be really helpfull. Still site-2-site tunnel you want  to establish between ASA and some routers, but still it is ASA which needs to make decision about which peer to connect to.
    Possible solution would be to do HSRP between both routers on LAN side and with two independent tunnels/crypto maps (one on each of them). On ASA you would need to set up two hosts in set peer. Problem of this solution is that if one router at side B is going to go down and second ADSL line will take over ASA will not do preempt after you main Internet connection is up again. This would happen after ADSL Internet connection will be down.
    Solution to that would be to assign two different public IP addressess on two different interfaces of ASA. Then you attach two crypto maps to both interfaces and by using sla monitor (let's say icmp to main router, if it does not respond then you change routing for remote LAN to second interface) you are selecting which crypto map (with one peer this time) should be used.
    I hope what I wrote makes some sense.

  • File does not exist on remote site, yet it does

    I have been trying to understand how Dreamweaver handles remote files in CS5.
    My server is setup as a remote server and a test server.
    I open the remote file, it offers to get dependencies, so I click yes.
    I click on Live view, then it tries to show me the following url
    http://my_site.com/public_html/path/to/my/file/file.php
    It should not put public_html in the path, and I did not specify this in my site setup. My root setting is /.
    Anyway, If I change the url manually, then it shows correctly. Then it offers to discover dunamically linked files, which I agree to.
    Now it tells me that 'Dynamically-related files could not be resolved because the site definition is not correct for this server'
    If I try to open one of the files that it has discovered, I am told that it is not on the disk, so would I like to 'get it', so I agree.
    Finally, I am told that 'Get operation failed since linked-file.php does not exist on remote site'
    I suspect that this is all to do with my site definition, but I fiddled with the settings and can't resolve this. I think that the whole problem goes back to Dreamweaver's insistance on putting public_html in the path, but I can't stop it doing so.
    Any suggestions?
    Thanks
    ian

    Hi,
    Well, yes I did manage to fix the dynamically linked resources issue. As mentioned above, I did need to mention public_html in my Root Directory setting in server setup (silly of me).
    I had tried this at first, but it didn't work, as I had the server set as a test server and not a remote server, anyway, i now have it set as both and all is well.
    Except that, the first issue that mentioned is still with me: namely, dreamweaver mentions the public_html in the url path when on live view, which is not correct and I don't know where it is inferring this from. I can change it manually, but this doesn't seem right to me. Am I still missing a setting?
    In anwer to the questions:
    1) My setting (now) in the Root Directory setting in DW is: /public_html/
    2) My actual path on the server (that i mention in php scripts) is: /home/login_name/public_html//path/to/my/file/file.php
    [In the advanced settings of DW site setup on the Local Info page I have set Links relative to Document option, although it does not seem to make a difference when I change it to Site Root.]
    Any suggestions appreciated.
    Thanks
    Ian

  • Attendant line status at remote site

    we have a centralized 4.1.3 call manager with remote site using mpls. we set up the attendant application for the receptionist at the remote site and everything worked as expected. The next day, she no longer could see the line status.
    I've tried it from the main site and it works fine. We've tried restarting the services.
    Does anyone know what might have happened?
    thanks
    Rob

    problem turned out to be the windows xp firewall running on the receptionist pc. when it was turned off, line status worked.
    solution is to add the acclient program as an exception in the firewall settings
    Rob

  • How to restore a remote site after a crash?

    I have read the site management FAQ and it mentions to restore your files you can go to your remote site and load back to your local site.
    Could anyone offer some help to my situation?
    I suffered a hard drive failure, I'm running windows xp, dwcs4 and the site is hosted. I have reinstalled windows and dw. The site was created as per all the tutorials and I managed to save a copy of the site folder but not as per the saving instructions in the FAQ. I just have a root folder with all the pages in.
    Could someone point me to a tutorial or how to?
    Thanks in advance
    Jim

    "I managed to save a copy of the site folder but not as per the saving instructions in the FAQ. I just have a root folder with all the pages in."
    You lost me here. Not sure what you mean.
    Create a new site definition for local and remote sites, connect to your remote site then click Get. That's all you need to do.

  • The WSDL data cannot be retrieve from remote site

    I am a new guy learning web services with NetBeans 5.5 and meet some problem in retrieving wsdl data from remote site.
    I create a web service "WSTestServer" at Sun Application Server PE8.2 with real IP, say 111.110.11.10:8888, and there's a class "TestWS" with a method "getWS" to return a String. The server (or machine) name is ultra20. So, by following steps in NetBeans, I can get a wsdl file after generating the web service and it can be viewed at
    http://111.110.11.10:8888/WSTestServer/TestWS?WSDL
    Then, I create a web service client at the same machine, it is available to test this method by clicking Web Service Reference item in NetBeans and select "getWS" method to get that String.
    However, when I create a web service client at remote site, it doesn't work and show exception message like
    cannot find domain http://ultra20:8888/WSTestServer/TestWS....
    I go back to check wsdl file, at the last line, it prints like
    <soap:address location="http://ultra20:8888/WSTestServer/TestWS".....
    If I test this case in LAN, e.g., the server IP becomes 192.168.1.2 and client IP is 192.168.1.3, then it works since machine name can be recognized within the same local area network. I try to revise the wsdl file above to replace machine name as real IP, but it is automatically changed back with machine name while deploying and copy the revised one as xxx.wsdl__orig.
    Should I do additional configuration setup for server site? Such as, registering a domain name like aaa.bbb.edu instead of 111.110.11.10?
    Any comment and help for this subject is appreciated!!
    Thank you so much!

    Works as designed,from documentation:
    The database also retrieves all triggers and constraints defined on the table except for referential integrity constraints that reference other tables.
    The retrieved indexes, triggers, and constraints have recycle bin names. Therefore it is advisable to query the USER_RECYCLEBIN view before issuing a FLASHBACK TABLE ... TO BEFORE DROP statement so that you can rename the retrieved triggers and constraints to more usable names.
    For details see the FLASHBACK TABLE command description for your unknown database version.
    Werner

  • Internet connexion problem for remote site in Site to site VPN asa 5505

    Hi all
    I'm configuring a site to site Ipsec VPN in 2 sites using ASA 5505 V 8.2, The VPN is working fine i can ping machine in the 2 sides but the problem is the remote site dont' have internet.
    The architecture is, we 2 site Site1 is the main site and Site2 is secondary site there will be Site3, ...
    The internet connection is based in Site1 and site2 and site 3 will have internet connection through Site1. Site1, Site2 and Site 3 is interconnected by Ipsec VPN.
    Here is my ASA 5505 Configuration :
    SITE 1:
    ASA Version 8.2(5)
    hostname test-malabo
    domain-name test.mg
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd ta.qizy4R//ChqQH encrypted
    names
    interface Ethernet0/0
     description "Sortie Internet"
     switchport access vlan 2
    interface Ethernet0/1
     description "Interconnexion"
     switchport access vlan 171
    interface Ethernet0/2
     description "management"
     switchport access vlan 10
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
     nameif inside
     security-level 100
     ip address 192.168.1.1 255.255.255.0
    interface Vlan2
     nameif outside
     security-level 0
     ip address 41.79.49.42 255.255.255.192
    interface Vlan10
     nameif mgmt
     security-level 0
     ip address 10.12.1.100 255.255.0.0
    interface Vlan171
     nameif interco
     security-level 0
     ip address 10.22.19.254 255.255.255.0
    ftp mode passive
    dns server-group DefaultDNS
     domain-name test.mg
    object-group network LAN-MALABO
     description LAN DE MALABO
     network-object 192.168.1.0 255.255.255.0
    object-group network LAN-BATA
     description LAN DE BATA
     network-object 192.168.2.0 255.255.255.0
    object-group network LAN-LUBA
     description LAN DE LUBA
     network-object 192.168.3.0 255.255.255.0
    access-list interco_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
    pager lines 24
    mtu inside 1500
    mtu outside 1500
    mtu mgmt 1500
    mtu interco 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    icmp permit any inside
    icmp permit any outside
    icmp permit any interco
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound
    nat (inside) 1 0.0.0.0 0.0.0.0
    nat (interco) 1 0.0.0.0 0.0.0.0
    route outside 0.0.0.0 0.0.0.0 41.79.49.1 1
    route interco 192.168.3.0 255.255.255.0 10.22.19.5 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map interco_map0 1 match address interco_1_cryptomap
    crypto map interco_map0 1 set pfs group1
    crypto map interco_map0 1 set peer 10.22.19.5
    crypto map interco_map0 1 set transform-set ESP-3DES-SHA
    crypto map interco_map0 interface interco
    crypto ca trustpoint _SmartCallHome_ServerCA
     crl configure
    crypto isakmp enable interco
    crypto isakmp policy 10
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    telnet 192.168.1.0 255.255.255.0 inside
    telnet 10.12.0.0 255.255.0.0 mgmt
    telnet timeout 30
    ssh 192.168.1.0 255.255.255.0 inside
    ssh 10.12.0.0 255.255.0.0 mgmt
    ssh timeout 30
    console timeout 0
    management-access interco
    dhcpd option 3 ip 192.168.1.1
    dhcpd address 192.168.1.100-192.168.1.254 inside
    dhcpd dns 41.79.48.66 8.8.8.8 interface inside
    dhcpd enable inside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
    tunnel-group 10.22.19.5 type ipsec-l2l
    tunnel-group 10.22.19.5 ipsec-attributes
     pre-shared-key *****
     isakmp keepalive threshold 60 retry 5
    class-map inspection_default
     match default-inspection-traffic
    policy-map global_policy
     class inspection_default
      inspect dns
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
      inspect snmp
      inspect icmp
    prompt hostname context
    call-home reporting anonymous
    call-home
     profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:5aa0d27f15e49ea597c8097cfdb755b8
    : end
    SITE2:
    ASA Version 8.2(5)
    hostname test-luba
    domain-name test.eg
    enable password 8Ry2YjIyt7RRXU24 encrypted
    passwd 2KFQnbNIdI.2KYOU encrypted
    names
    interface Ethernet0/0
     description "Sortie Interco-Internet"
     switchport access vlan 2
    interface Ethernet0/1
     description "management"
     switchport access vlan 10
    interface Ethernet0/2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan1
     nameif inside
     security-level 100
     ip address 192.168.3.1 255.255.255.0
    interface Vlan2
     nameif outside
     security-level 0
     ip address 10.22.19.5 255.255.255.0
    interface Vlan10
     nameif mgmt
     security-level 0
     ip address 10.12.1.101 255.255.0.0
    ftp mode passive
    dns server-group DefaultDNS
     domain-name test.eg
    object-group network LAN-MALABO
     description LAN DE MALABO
     network-object 192.168.1.0 255.255.255.0
    object-group network LAN-BATA
     description LAN DE BATA
     network-object 192.168.2.0 255.255.255.0
    object-group network LAN-LUBA
     description LAN DE LUBA
     network-object 192.168.3.0 255.255.255.0
    access-list outside_1_cryptomap extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
    access-list inside_nat0_outbound extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
    pager lines 24
    mtu inside 1500
    mtu outside 1500
    mtu mgmt 1500
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    nat (inside) 0 access-list inside_nat0_outbound
    route outside 0.0.0.0 0.0.0.0 10.22.19.254 1
    route outside 192.168.1.0 255.255.255.0 10.22.19.254 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map outside_map0 1 match address outside_1_cryptomap
    crypto map outside_map0 1 set pfs group1
    crypto map outside_map0 1 set peer 10.22.19.254
    crypto map outside_map0 1 set transform-set ESP-3DES-SHA
    crypto map outside_map0 interface outside
    crypto ca trustpoint _SmartCallHome_ServerCA
     crl configure
    crypto ca certificate chain _SmartCallHome_ServerCA
    crypto isakmp enable outside
    crypto isakmp policy 10
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    telnet 10.12.0.0 255.255.0.0 mgmt
    telnet timeout 30
    ssh 192.168.3.0 255.255.255.0 inside
    ssh 10.12.0.0 255.255.0.0 mgmt
    ssh timeout 30
    console timeout 0
    management-access outside
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
    tunnel-group 10.22.19.254 type ipsec-l2l
    tunnel-group 10.22.19.254 ipsec-attributes
     pre-shared-key *****
     isakmp keepalive threshold 60 retry 5
    class-map inspection_default
     match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
     parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect ip-options
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
    service-policy global_policy global
    prompt hostname context
    call-home reporting anonymous
    call-home
     profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:185bd689118ba24f9a0ef2f7e80494f6
    Can anybody help why my remote site can't connect to Internet.
    REgards,
    Raitsarevo

    Hi Carv,
    Thanks for your reply. i have done finally
    i used no crypto ipsec nat-transparency udp-encapsulation in my end router only.
    and in remote access VPN i have enabled UDP for client configuration. the most imprtant is i have given IP add of same LAN pool to VPN user,
    Regards,
    Satya.M

  • VPN Clients cannot access remote site

    Hey there,
    I am pretty new in configuring Cisco devices and now I need some help.
    I have 2 site here:
    site A
    Cisco 891
    external IP: 195.xxx.yyy.zzz
    VPN Gateway for Remote users
    local IP: VLAN10 10.133.10.0 /23
    site B
    Cisco 891
    external IP: 62.xxx.yyy.zzz
    local IP VLAN10 10.133.34.0 /23
    Those two sites are linked together with a Site-to-Site VPN. Accessing files or ressources from one site to the other is working fine while connected to the local LAN.
    I configured VPN connection with Radius auth. VPN clients can connect to Site A, get an IP adress from VPN Pool (172.16.100.2-100) and can access files and servers on site A. But for some reason they cannot access ressources on site B. I already added the site B network to the ACL and when connecting with VPN it shows secured routes to 10.133.10.0 and 10.133.34.0 in the statistics. Same thing for other VPN Tunnels to ERP system.
    What is missing here to make it possible to reach remote sites when connected through VPN? I had a look at the logs but could not find anything important.
    Here is the config of site A
    Building configuration...
    Current configuration : 24257 bytes
    version 15.2
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    hostname Englerstrasse
    boot-start-marker
    boot config usbflash0:CVO-BOOT.CFG
    boot-end-marker
    aaa new-model
    aaa group server radius Radius-AD
    server 10.133.10.5 auth-port 1812 acct-port 1813
    aaa authentication login default local
    aaa authentication login ciscocp_vpn_xauth_ml_2 group Radius-AD local
    aaa authorization exec default local
    aaa authorization network ciscocp_vpn_group_ml_2 local
    aaa session-id common
    clock timezone Berlin 1 0
    clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
    crypto pki trustpoint TP-self-signed-27361994
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-27361994
    revocation-check none
    rsakeypair TP-self-signed-27361994
    crypto pki trustpoint test_trustpoint_config_created_for_sdm
    subject-name [email protected]
    revocation-check crl
    crypto pki certificate chain TP-self-signed-27361994
    certificate self-signed 01
      30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
      2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 32373336 31393934 301E170D 31323038 32373038 30343238
      5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
      2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323733 36313939
      3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B709
      64CE1874 BF812A9F 0B761522 892373B9 10F0BB52 6263DCDB F9877AA3 7BD34E53
      BCFDA45C 2A991777 4DDC7E6B 1FCEE36C B6E35679 C4A18771 9C0F871F 38310234
      2D89A4FF 37B616D8 362B3103 A8A319F2 10A72DC7 490A04AC 7955DF68 32EF9615
      9E1A3B31 2A1AB243 B3ED3E35 F4AAD029 CDB1F941 5E794300 5C5EF8AE 5C890203
      010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
      18301680 14D0F5E7 D3A9311D 1675AA8F 38F064FC 4D04465E F5301D06 03551D0E
      04160414 D0F5E7D3 A9311D16 75AA8F38 F064FC4D 04465EF5 300D0609 2A864886
      F70D0101 05050003 818100AB 2CD4363A E5ADBFB0 943A38CB AC820801 117B52CC
      20216093 79D1F777 2B3C0062 4301CF73 094B9CA5 805F585E 04CF3301 9B839DEB
      14A334A2 F5A5316F C65EEF21 0B0DF3B5 F4322440 F28B984B E769876D 6EF94895
      C3D5048A A4E2A180 12DF6652 176942F8 58187D7B D37B1F1A 4DDD7AE9 5189F9AF
      AF3EF676 26AD3F31 D368F5
          quit
    crypto pki certificate chain test_trustpoint_config_created_for_sdm
    no ip source-route
    ip auth-proxy max-login-attempts 5
    ip admission max-login-attempts 5
    no ip bootp server
    no ip domain lookup
    ip domain name yourdomain.com
    ip inspect log drop-pkt
    ip inspect name CCP_MEDIUM appfw CCP_MEDIUM
    ip inspect name CCP_MEDIUM ftp
    ip inspect name CCP_MEDIUM h323
    ip inspect name CCP_MEDIUM sip
    ip inspect name CCP_MEDIUM https
    ip inspect name CCP_MEDIUM icmp
    ip inspect name CCP_MEDIUM netshow
    ip inspect name CCP_MEDIUM rcmd
    ip inspect name CCP_MEDIUM realaudio
    ip inspect name CCP_MEDIUM rtsp
    ip inspect name CCP_MEDIUM sqlnet
    ip inspect name CCP_MEDIUM streamworks
    ip inspect name CCP_MEDIUM tftp
    ip inspect name CCP_MEDIUM udp
    ip inspect name CCP_MEDIUM vdolive
    ip inspect name CCP_MEDIUM imap reset
    ip inspect name CCP_MEDIUM smtp
    ip cef
    no ipv6 cef
    appfw policy-name CCP_MEDIUM
      application im aol
        service default action allow alarm
        service text-chat action allow alarm
        server permit name login.oscar.aol.com
        server permit name toc.oscar.aol.com
        server permit name oam-d09a.blue.aol.com
        audit-trail on
      application im msn
        service default action allow alarm
        service text-chat action allow alarm
        server permit name messenger.hotmail.com
        server permit name gateway.messenger.hotmail.com
        server permit name webmessenger.msn.com
        audit-trail on
      application http
        strict-http action allow alarm
        port-misuse im action reset alarm
        port-misuse p2p action reset alarm
        port-misuse tunneling action allow alarm
      application im yahoo
        service default action allow alarm
        service text-chat action allow alarm
        server permit name scs.msg.yahoo.com
        server permit name scsa.msg.yahoo.com
        server permit name scsb.msg.yahoo.com
        server permit name scsc.msg.yahoo.com
        server permit name scsd.msg.yahoo.com
        server permit name cs16.msg.dcn.yahoo.com
        server permit name cs19.msg.dcn.yahoo.com
        server permit name cs42.msg.dcn.yahoo.com
        server permit name cs53.msg.dcn.yahoo.com
        server permit name cs54.msg.dcn.yahoo.com
        server permit name ads1.vip.scd.yahoo.com
        server permit name radio1.launch.vip.dal.yahoo.com
        server permit name in1.msg.vip.re2.yahoo.com
        server permit name data1.my.vip.sc5.yahoo.com
        server permit name address1.pim.vip.mud.yahoo.com
        server permit name edit.messenger.yahoo.com
        server permit name messenger.yahoo.com
        server permit name http.pager.yahoo.com
        server permit name privacy.yahoo.com
        server permit name csa.yahoo.com
        server permit name csb.yahoo.com
        server permit name csc.yahoo.com
        audit-trail on
    parameter-map type inspect global
    log dropped-packets enable
    multilink bundle-name authenticated
    redundancy
    ip tcp synwait-time 10
    class-map match-any CCP-Transactional-1
    match dscp af21
    match dscp af22
    match dscp af23
    class-map match-any CCP-Voice-1
    match dscp ef
    class-map match-any sdm_p2p_kazaa
    match protocol fasttrack
    match protocol kazaa2
    class-map match-any CCP-Routing-1
    match dscp cs6
    class-map match-any sdm_p2p_edonkey
    match protocol edonkey
    class-map match-any CCP-Signaling-1
    match dscp cs3
    match dscp af31
    class-map match-any sdm_p2p_gnutella
    match protocol gnutella
    class-map match-any CCP-Management-1
    match dscp cs2
    class-map match-any sdm_p2p_bittorrent
    match protocol bittorrent
    policy-map sdm-qos-test-123
    class class-default
    policy-map sdmappfwp2p_CCP_MEDIUM
    class sdm_p2p_edonkey
    class sdm_p2p_gnutella
    class sdm_p2p_kazaa
    class sdm_p2p_bittorrent
    policy-map CCP-QoS-Policy-1
    class sdm_p2p_edonkey
    class sdm_p2p_gnutella
    class sdm_p2p_kazaa
    class sdm_p2p_bittorrent
    class CCP-Voice-1
      priority percent 33
    class CCP-Signaling-1
      bandwidth percent 5
    class CCP-Routing-1
      bandwidth percent 5
    class CCP-Management-1
      bandwidth percent 5
    class CCP-Transactional-1
      bandwidth percent 5
    class class-default
      fair-queue
      random-detect
    crypto ctcp port 10000
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp key REMOVED address 62.20.xxx.yyy 
    crypto isakmp key REMOVED address 195.243.xxx.yyy
    crypto isakmp key REMOVED address 195.243.xxx.yyy
    crypto isakmp key REMOVED address 83.140.xxx.yyy  
    crypto isakmp client configuration group VPN_local
    key REMOVED
    dns 10.133.10.5 10.133.10.7
    wins 10.133.10.7
    domain domain.de
    pool SDM_POOL_2
    acl 115
    crypto isakmp profile ciscocp-ike-profile-1
       match identity group VPN_local
       client authentication list ciscocp_vpn_xauth_ml_2
       isakmp authorization list ciscocp_vpn_group_ml_2
       client configuration address respond
       virtual-template 1
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA11 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-SHA1 esp-des esp-sha-hmac
    crypto ipsec profile CiscoCP_Profile1
    set transform-set ESP-3DES-SHA11
    set isakmp-profile ciscocp-ike-profile-1
    crypto map SDM_CMAP_1 1 ipsec-isakmp
    description Tunnel to62.20.xxx.xxx
    set peer 62.20.xxx.xxx
    set transform-set ESP-3DES-SHA
    match address 105
    crypto map SDM_CMAP_1 2 ipsec-isakmp
    description Tunnel to195.243.xxx.xxx
    set peer 195.243.xxx.xxx
    set transform-set ESP-3DES-SHA4
    match address 107
    crypto map SDM_CMAP_1 3 ipsec-isakmp
    description Tunnel to83.140.xxx.xxx
    set peer 83.140.xxx.xxx
    set transform-set ESP-DES-SHA1
    match address 118
    interface Loopback2
    ip address 192.168.10.1 255.255.254.0
    interface Null0
    no ip unreachables
    interface FastEthernet0
    switchport mode trunk
    no ip address
    spanning-tree portfast
    interface FastEthernet1
    no ip address
    spanning-tree portfast
    interface FastEthernet2
    no ip address
    spanning-tree portfast
    interface FastEthernet3
    no ip address
    spanning-tree portfast
    interface FastEthernet4
    description Internal LAN
    switchport access vlan 10
    switchport trunk native vlan 10
    no ip address
    spanning-tree portfast
    interface FastEthernet5
    no ip address
    spanning-tree portfast
    interface FastEthernet6
    no ip address
    spanning-tree portfast
    interface FastEthernet7
    no ip address
    spanning-tree portfast
    interface FastEthernet8
    description $FW_OUTSIDE$$ETH-WAN$
    ip address 62.153.xxx.xxx 255.255.255.248
    ip access-group 113 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip inspect CCP_MEDIUM out
    no ip virtual-reassembly in
    ip verify unicast reverse-path
    duplex auto
    speed auto
    crypto map SDM_CMAP_1
    service-policy input sdmappfwp2p_CCP_MEDIUM
    service-policy output CCP-QoS-Policy-1
    interface Virtual-Template1 type tunnel
    ip unnumbered FastEthernet8
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile CiscoCP_Profile1
    interface GigabitEthernet0
    no ip address
    shutdown
    duplex auto
    speed auto
    interface Vlan1
    no ip address
    interface Vlan10
    description $FW_INSIDE$
    ip address 10.133.10.1 255.255.254.0
    ip access-group 112 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip nat inside
    ip virtual-reassembly in
    interface Async1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation slip
    ip local pool SDM_POOL_1 192.168.10.101 192.168.10.200
    ip local pool VPN_Pool 192.168.20.2 192.168.20.100
    ip local pool SDM_POOL_2 172.16.100.2 172.16.100.100
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip forward-protocol nd
    ip nat inside source route-map SDM_RMAP_1 interface FastEthernet8 overload
    ip route 0.0.0.0 0.0.0.0 62.153.xxx.xxx
    ip access-list extended VPN1
    remark VPN_Haberstrasse
    remark CCP_ACL Category=4
    permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    ip radius source-interface Vlan10
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark CCP_ACL Category=2
    access-list 1 permit 10.10.10.0 0.0.0.7
    access-list 23 remark CCP_ACL Category=17
    access-list 23 permit 195.243.xxx.xxx
    access-list 23 permit 10.133.10.0 0.0.1.255
    access-list 23 permit 10.10.10.0 0.0.0.7
    access-list 100 remark CCP_ACL Category=4
    access-list 100 permit ip 10.133.10.0 0.0.1.255 any
    access-list 101 remark CCP_ACL Category=16
    access-list 101 permit udp any eq bootps any eq bootpc
    access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny   ip host 255.255.255.255 any
    access-list 101 deny   ip any any
    access-list 102 remark auto generated by CCP firewall configuration
    access-list 102 remark CCP_ACL Category=1
    access-list 102 deny   ip 10.10.10.0 0.0.0.7 any
    access-list 102 permit icmp any host 62.153.xxx.xxx echo-reply
    access-list 102 permit icmp any host 62.153.xxx.xxx time-exceeded
    access-list 102 permit icmp any host 62.153.xxx.xxx unreachable
    access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
    access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
    access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
    access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 102 deny   ip host 255.255.255.255 any
    access-list 102 deny   ip host 0.0.0.0 any
    access-list 102 deny   ip any any log
    access-list 103 remark auto generated by CCP firewall configuration
    access-list 103 remark CCP_ACL Category=1
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
    access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
    access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
    access-list 103 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
    access-list 103 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
    access-list 103 remark IPSec Rule
    access-list 103 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
    access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
    access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
    access-list 103 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
    access-list 103 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
    access-list 103 permit udp any host 62.153.xxx.xxx eq non500-isakmp
    access-list 103 permit udp any host 62.153.xxx.xxx eq isakmp
    access-list 103 permit esp any host 62.153.xxx.xxx
    access-list 103 permit ahp any host 62.153.xxx.xxx
    access-list 103 permit udp host 194.25.0.60 eq domain any
    access-list 103 permit udp host 194.25.0.68 eq domain any
    access-list 103 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
    access-list 103 deny   ip 10.10.10.0 0.0.0.7 any
    access-list 103 permit icmp any host 62.153.xxx.xxx echo-reply
    access-list 103 permit icmp any host 62.153.xxx.xxx time-exceeded
    access-list 103 permit icmp any host 62.153.xxx.xxx unreachable
    access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
    access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
    access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
    access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 103 deny   ip host 255.255.255.255 any
    access-list 103 deny   ip host 0.0.0.0 any
    access-list 103 deny   ip any any log
    access-list 104 remark CCP_ACL Category=4
    access-list 104 permit ip 10.133.10.0 0.0.1.255 any
    access-list 105 remark CCP_ACL Category=4
    access-list 105 remark IPSec Rule
    access-list 105 permit ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
    access-list 106 remark CCP_ACL Category=2
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    access-list 106 remark IPSec Rule
    access-list 106 deny   ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
    access-list 106 permit ip 10.10.10.0 0.0.0.7 any
    access-list 106 permit ip 10.133.10.0 0.0.1.255 any
    access-list 107 remark CCP_ACL Category=4
    access-list 107 remark IPSec Rule
    access-list 107 permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    access-list 107 remark IPSec Rule
    access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    access-list 108 remark Auto generated by SDM Management Access feature
    access-list 108 remark CCP_ACL Category=1
    access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq telnet
    access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 22
    access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq www
    access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 443
    access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq cmd
    access-list 108 deny   tcp any host 10.133.10.1 eq telnet
    access-list 108 deny   tcp any host 10.133.10.1 eq 22
    access-list 108 deny   tcp any host 10.133.10.1 eq www
    access-list 108 deny   tcp any host 10.133.10.1 eq 443
    access-list 108 deny   tcp any host 10.133.10.1 eq cmd
    access-list 108 deny   udp any host 10.133.10.1 eq snmp
    access-list 108 permit ip any any
    access-list 109 remark CCP_ACL Category=1
    access-list 109 permit ip 10.133.10.0 0.0.1.255 any
    access-list 109 permit ip 10.10.10.0 0.0.0.7 any
    access-list 109 permit ip 192.168.10.0 0.0.1.255 any
    access-list 110 remark CCP_ACL Category=1
    access-list 110 permit ip host 195.243.xxx.xxx any
    access-list 110 permit ip host 84.44.xxx.xxx any
    access-list 110 permit ip 10.133.10.0 0.0.1.255 any
    access-list 110 permit ip 10.10.10.0 0.0.0.7 any
    access-list 110 permit ip 192.168.10.0 0.0.1.255 any
    access-list 111 remark CCP_ACL Category=4
    access-list 111 permit ip 10.133.10.0 0.0.1.255 any
    access-list 112 remark CCP_ACL Category=1
    access-list 112 permit udp host 10.133.10.5 eq 1812 any
    access-list 112 permit udp host 10.133.10.5 eq 1813 any
    access-list 112 permit udp any host 10.133.10.1 eq non500-isakmp
    access-list 112 permit udp any host 10.133.10.1 eq isakmp
    access-list 112 permit esp any host 10.133.10.1
    access-list 112 permit ahp any host 10.133.10.1
    access-list 112 permit udp host 10.133.10.5 eq 1645 host 10.133.10.1
    access-list 112 permit udp host 10.133.10.5 eq 1646 host 10.133.10.1
    access-list 112 remark auto generated by CCP firewall configuration
    access-list 112 permit udp host 10.133.10.5 eq 1812 host 10.133.10.1
    access-list 112 permit udp host 10.133.10.5 eq 1813 host 10.133.10.1
    access-list 112 permit udp host 10.133.10.7 eq domain any
    access-list 112 permit udp host 10.133.10.5 eq domain any
    access-list 112 deny   ip 62.153.xxx.xxx 0.0.0.7 any
    access-list 112 deny   ip 10.10.10.0 0.0.0.7 any
    access-list 112 deny   ip host 255.255.255.255 any
    access-list 112 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 112 permit ip any any
    access-list 113 remark CCP_ACL Category=1
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 10.60.16.0 0.0.0.255 192.168.10.0 0.0.1.255
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 10.60.16.0 0.0.0.255 10.133.10.0 0.0.1.255
    access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq non500-isakmp
    access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq isakmp
    access-list 113 permit esp host 83.140.100.4 host 62.153.xxx.xxx
    access-list 113 permit ahp host 83.140.100.4 host 62.153.xxx.xxx
    access-list 113 permit ip host 195.243.xxx.xxx host 62.153.xxx.xxx
    access-list 113 permit ip host 84.44.xxx.xxx host 62.153.xxx.xxx
    access-list 113 remark auto generated by CCP firewall configuration
    access-list 113 permit udp host 194.25.0.60 eq domain any
    access-list 113 permit udp host 194.25.0.68 eq domain any
    access-list 113 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
    access-list 113 permit udp host 194.25.0.60 eq domain host 62.153.xxx.xxx
    access-list 113 permit udp any host 62.153.xxx.xxx eq non500-isakmp
    access-list 113 permit udp any host 62.153.xxx.xxx eq isakmp
    access-list 113 permit esp any host 62.153.xxx.xxx
    access-list 113 permit ahp any host 62.153.xxx.xxx
    access-list 113 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
    access-list 113 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
    access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
    access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
    access-list 113 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
    access-list 113 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
    access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
    access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
    access-list 113 remark IPSec Rule
    access-list 113 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
    access-list 113 remark Pop3
    access-list 113 permit tcp host 82.127.xxx.xxx eq 8080 host 62.153.xxx.xxx
    access-list 113 remark Pop3
    access-list 113 permit tcp any eq pop3 host 62.153.xxx.xxx
    access-list 113 remark SMTP
    access-list 113 permit tcp any eq 465 host 62.153.xxx.xxx
    access-list 113 remark IMAP
    access-list 113 permit tcp any eq 587 host 62.153.xxx.xxx
    access-list 113 deny   ip 10.133.10.0 0.0.1.255 any
    access-list 113 deny   ip 10.10.10.0 0.0.0.7 any
    access-list 113 permit icmp any host 62.153.xxx.xxx echo-reply
    access-list 113 permit icmp any host 62.153.xxx.xxx time-exceeded
    access-list 113 permit icmp any host 62.153.xxx.xxx unreachable
    access-list 113 deny   ip 10.0.0.0 0.255.255.255 any
    access-list 113 deny   ip 172.16.0.0 0.15.255.255 any
    access-list 113 deny   ip 192.168.0.0 0.0.255.255 any
    access-list 113 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 113 deny   ip host 255.255.255.255 any
    access-list 113 deny   ip host 0.0.0.0 any
    access-list 113 deny   ip any any log
    access-list 114 remark auto generated by CCP firewall configuration
    access-list 114 remark CCP_ACL Category=1
    access-list 114 deny   ip 10.133.10.0 0.0.1.255 any
    access-list 114 deny   ip 10.10.10.0 0.0.0.7 any
    access-list 114 permit icmp any any echo-reply
    access-list 114 permit icmp any any time-exceeded
    access-list 114 permit icmp any any unreachable
    access-list 114 deny   ip 10.0.0.0 0.255.255.255 any
    access-list 114 deny   ip 172.16.0.0 0.15.255.255 any
    access-list 114 deny   ip 192.168.0.0 0.0.255.255 any
    access-list 114 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 114 deny   ip host 255.255.255.255 any
    access-list 114 deny   ip host 0.0.0.0 any
    access-list 114 deny   ip any any log
    access-list 115 remark VPN_Sub
    access-list 115 remark CCP_ACL Category=5
    access-list 115 permit ip 10.133.10.0 0.0.1.255 172.16.0.0 0.0.255.255
    access-list 115 permit ip 10.133.34.0 0.0.1.255 172.16.0.0 0.0.255.255
    access-list 115 permit ip 10.133.20.0 0.0.0.255 any
    access-list 116 remark CCP_ACL Category=4
    access-list 116 remark IPSec Rule
    access-list 116 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    access-list 117 remark CCP_ACL Category=4
    access-list 117 remark IPSec Rule
    access-list 117 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    access-list 118 remark CCP_ACL Category=4
    access-list 118 remark IPSec Rule
    access-list 118 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    access-list 118 remark IPSec Rule
    access-list 118 permit ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
    no cdp run
    route-map SDM_RMAP_1 permit 1
    match ip address 106
    control-plane
    mgcp profile default
    line con 0
    transport output telnet
    line 1
    modem InOut
    speed 115200
    flowcontrol hardware
    line aux 0
    transport output telnet
    line vty 0 4
    session-timeout 45
    access-class 110 in
    transport input telnet ssh
    line vty 5 15
    access-class 109 in
    transport input telnet ssh
    scheduler interval 500
    end

    The crypto ACL for the site to site vpn should also include the vpn client pool, otherwise, traffic from the vpn client does not match the interesting traffic for the site to site vpn.
    On Site A:
    should include "access-list 107 permit ip 172.16.100.0 0.0.0.255 10.133.34.0 0.0.1.255"
    You should also remove the following line as the pool is incorrect:
    access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
    On Site B:
    should include: permit ip 10.133.34.0 0.0.1.255 172.16.100.0 0.0.0.255"
    NAT exemption on site B should also be configured with deny on the above ACL.

  • Cisco ASA 5505 IPSec tunnel won't establish until remote site attempts to connect

    I have a site to site IPSec tunnel setup and operational but periodically the remote site goes down, because of a somewhat reliable internet connection. The only way to get the tunnel to re-establish is to go to the remote site and simply issue a ping from a workstation on the remote network. We were having this same issue with a Cisco PIX 506E but decided to upgrade the hardware and see if that resolve the issue. It ran for well over a year and our assumtions was that the issue was resolved. I was looking in the direction of the security-association lifetime but if we power cycle the unit, I would expect that it would kill the SA but even after power cycling, the VPN does not come up automatically.
    Any assistance would be appreciated.
    ASA Version 8.2(1)
    hostname KRPS-FW
    domain-name lottonline.org
    enable password uniQue
    passwd uniQue
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 10.20.30.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address xxx.xxx.xxx.xxx 255.255.255.248
    interface Ethernet0/0
    switchport access vlan 2
    interface Ethernet0/1
    description Inside Network on VLAN1
    interface Ethernet0/2
    shutdown
    interface Ethernet0/3
    shutdown
    interface Ethernet0/4
    shutdown
    interface Ethernet0/5
    shutdown
    interface Ethernet0/6
    shutdown
    interface Ethernet0/7
    description Inside Network on VLAN1
    ftp mode passive
    dns server-group DefaultDNS
    domain-name lottonline.org
    access-list NONAT extended permit ip 10.20.30.0 255.255.255.0 10.20.20.0 255.255.255.0
    access-list NONAT extended permit ip 10.20.30.0 255.255.255.0 192.168.0.0 255.255.255.0
    access-list NONAT extended permit ip 10.20.30.0 255.255.255.0 192.168.15.0 255.255.255.0
    access-list KWPS-BITP extended permit ip 10.20.30.0 255.255.255.0 10.20.20.0 255.255.255.0
    access-list KWPS-BITP extended permit ip 10.20.30.0 255.255.255.0 192.168.0.0 255.255.255.0
    access-list KWPS-BITP extended permit ip 10.20.30.0 255.255.255.0 192.168.15.0 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    global (outside) 1 interface
    nat (inside) 0 access-list NONAT
    nat (inside) 1 0.0.0.0 0.0.0.0
    access-group OUTSIDE_ACCESS_IN in interface outside
    route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 10.20.30.0 255.255.255.0 inside
    http 10.20.20.0 255.255.255.0 inside
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map DYNMAP 65535 set transform-set ESP-AES-256-SHA
    crypto map VPNMAP 1 match address KWPS-BITP
    crypto map VPNMAP 1 set peer xxx.xxx.xxx.001
    crypto map VPNMAP 1 set transform-set ESP-AES-256-SHA
    crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNMAP
    crypto map VPNMAP interface outside
    crypto isakmp enable outside
    crypto isakmp policy 5
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto isakmp policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    ssh timeout 5
    console timeout 0
    management-access inside
    tunnel-group xxx.xxx.xxx.001 type ipsec-l2l
    tunnel-group xxx.xxx.xxx.001 ipsec-attributes
    pre-shared-key somekey

    Hi there,
    I had same issue with PIX 506E and it was not even a circuit issue and I got ride of it and problem got fixed with PIX515E
    I don't know, the device is too old to stay alive.
    thanks

  • One WLC for Headquarter and Remote Site

    Hi
    I have a question about the WLC remote deployment.
    We have the following design at the moment:
    Headquarter
    - Network 192.168.49.0 /24
    - WLC 4402 Version 4.2.61.0
    -- 3 x LAP1252
    -- Layer 3 LWAPP
    -- SSID wep
    -- SSID wpa
    - Windows PDC with Active Directory, DHCP Server and local Data Storage
    - ACS Version 3.2 for TACACS and RADIUS authentication --> External DB to Active Directory
    Remote Site
    - Network 192.168.50.0 /24
    - 2 x LAP1252
    -- SSID wep
    -- SSID wpa
    - Windows PDC with Active Directory, DHCP Server and local Data Storage
    - ACS Version 3.2 for TACACS and RADIUS authentication --> External DB to Active Directory
    Connection between Headquarter and Remote Site
    - 2 Mbit ADSL
    The problem is, that the wireless clients on the remote site get an ip address out of the headquarter DHCP Range 192.168.49.0 /24. The users on the remote site
    most of the time only use the local data server in the remote office. With the actual design the hole traffic is switched over the 2 Mbit ADSL connection the the
    WLC in the headquarter and back to the remote site. That works but it is not that performant.
    The problem could be solved with HREAP, but what I think is, that it is not possible to have the same SSID at headquarter and remote site with different VLANs.
    How can I achieve, that the clients on the remote site connect to the same SSID (wep or wpa), get an ip address from the remote site DHCP server (192.168.50.0)
    and the traffic is switched localy.
    I hope you understand what the problem is.
    Thanks in advance for your help!

    Yes, putting the remote AP's in HREAP mode will allow the same WLANs to be available on the AP's but the traffic would be locally switched at the AP instead of being tunneled back to the controller. After you put the AP in HREAP mode you then would configure which VLAN you want traffic for each WLAN to be dumped onto for that AP.

  • Cisco 3905 problem / remote site

    Hi all!
    Information:
    I have CUCM 8.6.2.20000-2 and many Cisco IP Phone 3905 (SIP). Some of them deployed in central office and some in remote sites.
    Phone information:
    Boot Version: 3905.0-0-0-01-01
    DSP Version: 12.0.0.8
    Application: 3905.9-2-2-0
    Symptoms:
    In remote sites only!
    The phone is registered and working fine. However, after few hours idle state I lift the handset, dial any number and nothing happens. Drop the call and try again 2-3 times. After that either call passed or get permanent busy tone (need to reboot the phone to work again).
    The phone is marked as registered on CUCM and I hear dial tone when lifted the handset.
    I cannot collect debug messages from phones, because as soon as I login via telnet it going work fine.
    There is no such problem in central office.
    Phones print following messages in terminal all the time:
    17:07:10:302 x [CENTRAL] CDP/LLDP-MED CB function is called
    17:07:26:491   [sip]  03:58:24.490    pjsua_acc.c  SIP outbound status for acc 0 is not active
    17:07:26:495   [sip]  03:58:24.494    pjsua_acc.c  "п°п╦я┘п╟п╦п╩ п я┐пЇя▄п╪п╦пҐ"<sip:[email protected]:5060>: registration success, status=200 (OK              ), will re-register in 120 seconds
    17:07:26:502   [sip]  03:58:24.500         pjcu.c  pjcu_on_reg_state2(), Account["п°п╦я┘п╟п╦п╩ п я┐пЇя▄п╪п╦пҐ"<sip:[email protected]:5060>] : OK,               status=200
    17:07:26:506 x [pcu] pcuRcvHandler(CALL), SRV_EV, eid=0, cid=65535,
    17:07:26:510 x [pcu] [pcux_insrv_cb():7071] CUCM_DateTime:Mon, 27 May 2013 11:07:26 GMT
    17:07:26:511 x [pcu] Sync time from server: Mon, 27 May 2013 11:07:26 GMT
    17:07:26:515 x [pcu] [set_svr_type][1599] Bfe active_server_idx=0, serverType=0
    17:07:26:515 x [pcu] [set_svr_type][1602] Aft  serverType=0, Server Number=2
    17:07:26:531   [ipps] ----- PCU: CC_SRV, pid=0, eid=0, cid=65535 -----
    17:07:26:532   [ipps] In func: remoteNtyEvtProcess(), lib = 0, cid = 65535, ntyEv = 0
    17:07:26:533 f [ipps] In func: remoteNtyEvtProcess(), recv inservice nty, svrType = 0, cause = 0
    17:07:26:534 f [MMI] <RCV>: In func: ui_nty(), lid = 0, cid = 65535, ntyEv = 0
    17:07:26:535 x [CENTRAL] IPPS CB function(RegStatus) is called (1) with Line (0)
    17:07:26:536 f [ipps] In func: mlcu_isKpmlEnabled(), KPML value = 3, blRet = 1
    17:07:26:537 x [CENTRAL] Enter FSM: State(STANDBY) | Event(REGISTER_OK) | Cause(0)
    17:07:26:540 x [CENTRAL] Unexpected event REGISTER_OK (cause=0) at STANDBY state
    17:07:26:541 x [CENTRAL] Waiting event in STANDBY
    17:07:58:990 x [CENTRAL] CDP/LLDP-MED CB function is called
    17:08:39:022   [sip]  03:59:37.021         pjcu.c  pjcuRcvHandler(KA), KA_REQUEST, eid=-1, p1=192.168.70.1:5060
    17:08:39:040   [sip]  03:59:37.036         pjcu.c  pjcu_rpt_ka_status(), target(192.168.70.1:5060): status=1, id=27
    17:08:39:044 x [pcu] pcuRcvHandler(KA), KA_RESPONSE, eid=0, addr=192.168.70.1:5060, status=1
    17:08:39:050 x [pcu] [pcu_polling_sipserver_thread():1478] mark!
    17:08:54:130 x [CENTRAL] CDP/LLDP-MED CB function is called
    Thanks for your help.

    There are 2 versions of firmware on cisco.com. cmterm-3905.9-2-1-0 is the default firmware going with CUCM 8.6.2.20000-2 for 3905 phones and cmterm-3905.9-2-2-0 I've installed recently. Both versions of firmware with same problems.
           Some new information. I get traffic dump with wireshark.
    INVITE sip:[email protected]:5060;transport=tcp SIP/2.0
    Via: SIP/2.0/TCP 192.168.70.86:3457;rport;branch=z9hG4bKPjdp3HjFLs7Dy03RL9ce.16qung.tOq5O3
    Max-Forwards: 70
    From: "............ .............." ;tag=5a25b465-747b-4c31-a020-1a9636827427
    To: sip:[email protected]
    Contact: ;+sip.instance="";+u.sip!devicename.ccm.cisco.com="SEP10BD18DD3F59";+u.sip!model.ccm.cisco.com="592"
    Call-ID: e9edcc43-6a9b-42b8-8efc-99f702b313d1
    CSeq: 28324 INVITE
    Allow: PRACK, INVITE, ACK, BYE, CANCEL, UPDATE, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
    User-Agent: Cisco-CP3905/9.2.1
    Supported: replaces,join,sdp-anat,norefersub,extended-refer,X-cisco-callinfo,X-cisco-serviceuri,X-cisco-escapecodes,X-cisco-service-control,X-cisco-monrec,X-cisco-config,X-cisco-sis-4.0.0,X-cisco-xsi-7.0.1
    Expires: 900
    Accept: application/sdp
    Allow-Events: kpml,dialog
    Remote-Party-ID: "............ ..............";privacy=off
    Content-Type: application/sdp
    Content-Length:   294
    As you can see phone trying to invite [email protected]:5060, BUT I dial 7103 DN from 7102. So where are other numbers? Bug?

  • Load Data from Remote site

    Hello every one,
    I tried to load the data from remote site to stagging area with DB link, i used append hint and it gave this error, I was just wondering?
    ERROR at line 1:
    ORA-12840: cannot access a remote table after parallel/insert direct load txnORA-06512: at "JAMES.PKGCONVERSION", line 464
    any help please thank you
    i am not using all the columns, i am using selec in the insert. Thank you in advance
    Message was edited by:
    user553284

    I had commit after three inserts, I changed commit after each insert, it is working now,
    Does that really matter?
    Any idea please.
    Thank you

Maybe you are looking for

  • Issue with display of decimal places

    Hi, In our custom built components we are facing a strange issue with the display decimals  where the data type of an element is "QUAN - Quantity field, points to a unit field with format UNIT". If the element has a value of 3000.000 KG the value is

  • Connecting Altec Lansing FX5051 USB speakers to DV-1235dx

    Hi All, I have HP DV-1235dx laptop with windows vista Home Premium 64-bit Operating System with Service pack 1 and Altec Lansing FX5051 5.1 USB speakers . When I connect my FX5051 speakers(does not require any drivers) to the laptop using USB connect

  • Pixma 8120B prints everything too small

    My Pixma 8120B prints everything too small. How do I adjust the print size please?

  • Automatic Pmt Program how realeted to customers

    Hi, In Automatic pmt program...helps to settle automatically transaction and creates advise note and check... But pls let me know how is it related to CUSTOMERS.....in OBVU [Customer] Sp. G/L transactions to be paid    [ ] Sp. G/L trans. for exceptio

  • File too large error message

    I have an iBook G4 and I am running Numbers '08. I tried to open my budget document today and got an 'The document can't be opened because it is too large' error message. I just opened it a few days ago and it was fine, and my other Numbers documents