NAM not seing traffic in one direction
Hi, I got a 6500 VSS with a NAM plugged directly. We are not allowed to manage the SPAM sessions from the NAM appliance 2204 Version 5 , so we configured directly in the 65K CLI. We are trying to do captures but we get traffic only in one direction (ingress).
SWTRMCORE#sh ver
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXH6, RELEASE SOFTWARE (fc1)
The NAM is plugged into port:
interface GigabitEthernet2/1/3
description Conexion Monitoreo NAM2204 Port1
switchport
logging event link-status
Span session is set as follows:
monitor session 1 source interface Po10 , Po11 , Po21 , Po31 , Po32 , Po39 , Po42 , Po43 , Po44 , Po45
monitor session 1 destination interface Gi2/1/3
When we did some testings, we made sure that traffic was in deed through the portchannels in the span session by doing tracerts and generating icmp traffic. Still unable to see traffic in one direction.
Hi,
You should have the L2L VPN ACLs as mirror images of eachtother always. In your above configuration they werent. I am not sure if this is something that should break the L2L VPN connection in the way you mention but certainly configuring the connection like this is not recomended.
Also notice that the "permit ip" statement already includes "icmp" so there is really no need to add an additional line to the ACL.
I would recomend defining the needed networks to the L2L VPN ACL with the "permit ip" statements and using other methods to control the traffic through those L2L VPN connections IF needed.
- Jouni
Similar Messages
-
Infrequently, calls will not have audio in one direction.
We're using OCS 2007 R2 with a Dialogic DMG2000 series gateway and Tanjay phones. Occasionally, I have a user who might complain that an outbound call doesn't have audio in one direction or the other. This happens once every few days. I don't see errors anywhere and the Dialogic reports that there are no call issues. The problem will clear up quickly and appears at random. We still have the old PBX up, which also flows through the same Dialogic and does not experience the issue so I believe it's buried in OCS somewhere.
How can I being troubleshooting an issue like this? Can someone point me in a direction? I want my users to have as much confidence in this solution as possible.One way audio issues have a few common root causes to check for:
1) Communicator users can sometimes mute speakers or mic on their PC without realizing it. Also If they have multiple audio devices attached then check they one they think they are using is really the one selected. Some devices also have local
mute buttons that get selected without the user realizing it.
2) Faulty devices can cause one way audio. Switch the device for one you know that works to test this or try using Sound Recorder to record a raw audio file and then play it back.
3) PSTN gateway configuration issues. This is a tougher one to troubleshoot, but if only OCS-PSTN calls are experiencing one way audio and it happens to many different users this is a likely cause. Check the codec configuration of GW means codec choices
with the Mediation Server match, i.e. G.711 u-law or G.711 a-law are preferred on both sides. Other configuration issues are vendor specific and so you may need their help verifying the Gateway is properly setup.
4) Less commonly network issues can cause one-way audio if there are serious routing or packet loss problems in one direction. You can look for signs of this in the QoE Server report of an affected call. The "PacketUtilization" metric records the packet
count for an audio stream. (You can find details of what indiviudal QoE metrics mean here -
http://technet.microsoft.com/en-us/library/dd819959(office.13).aspx). If further network troubleshooting is necessary you can try pings to see if network path is functioning and/or
collect network sniffs during an affected call.
There is a useful guide available to troubleshooting OCS VoIP issues here:
http://www.microsoft.com/downloads/details.aspx?familyid=7B490758-EF9A-4442-9F0F-A5AEB4935C46&displaylang=en -
Apple just sent Mail for verification, name not mine, address is one of my addresses
Apple just sent me an email. It was not addressed to my name and it was asking the recipient to confirm the email address given was their rescue email address. The email mentioned was one of my mail addresses, one I have had with apple for over 10 years. copy below.
Dear Clement,
You recently added *****@me.com as a new rescue email address for your Apple ID. To verify this email address belongs to you, click the link below and then sign in using your Apple ID and password.
Verify now >
Ted
<Email Edited by Host>Never click on a link in an email that asks you to start entering any of your account information, passwords, etc.
Delete this piece of scam. -
Solaris 11 responds to IPSEC VPN traffic ONLY one direction
I have established a IPSEC VPN tunnel between my remote solaris 11 and office Sonicwall router using Site to Site. Everything works fine if the traffic initiates from the Solaris side. However when I try to ping or any network services like nfs,ssh, samb, etc. on the remote solaris box from our office. The server does NOT respond to the incoming packets but packets are going through the tunnel and appears on the remote end when I do snoop –d tun0 and snoop –I vnic0. What I do notice is that snoop –d vnic0 shows no packets and it doesn’t seem to get any traffic at all (see netstat –rn). Could it be my routing table? Ip zones? Any ideas? I followed the Oracle Documents very carefully and with extra help from other extern Solaris 11 admin sites. I know people would suggest using OpenSwan or OpenVPN but this setup should work.
Here is the network info on my IPSEC VPN setup. Tunnel is configured in Transport Mode and IPSEC/IKE is working fine.
Solaris 11 vnic0/10.4.0.1/24, external Internet Nic is nge0/209.xxx.xxx.194/25
# dladm show-link
LINK CLASS MTU STATE OVER
nge0 phys 1500 up --
tun0 iptun 1402 up --
vnic0 vnic 1500 up nge0
# dladm show-iptun
LINK TYPE FLAGS LOCAL REMOTE
tun0 ipv4 s- 209.xxx.xxx.194 64.xxx.xxx.34
# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
nge0 ip ok yes --
vnic0 ip ok yes --
tun0 ip ok yes --
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
nge0/v4 static ok 209.xxx.xxx.194/25
vnic0/inside static ok 10.4.0.1/24
tun0/v4 static ok 10.4.0.1->172.20.0.1
lo0/v6 static ok ::1/128
# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
default 209.xxx.xxx.129 UG 6 16874898 nge0
10.4.0.0 10.4.0.1 U 2 0 vnic0
10.181.0.0 172.20.0.1 UGS 3 16862235 tun0
127.0.0.1 127.0.0.1 UH 2 1786 lo0
172.20.0.1 10.4.0.1 UH 3 16862235 tun0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
::1 ::1 UH 2 42 lo0
# routeadm
Configuration Current Current
Option Configuration System State
IPv4 routing disabled disabled
IPv6 routing disabled disabled
IPv4 forwarding disabled disabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/ripng:default
disabled svc:/network/routing/rdisc:default
disabled svc:/network/routing/route:default
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
online svc:/network/routing/ndp:default
Solaris># ping 10.181.1.218
10.181.1.218 is alive
C:\>ping 10.4.0.1
Pinging 10.4.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
# snoop -d tun0 10.181.1.218
Using device tun0 (promiscuous mode)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 33) (1 encap)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 34) (1 encap)
# snoop -I vnic0 10.181.1.218
Using device ipnet/vnic0 (promiscuous mode)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 36)
10.181.1.218-> 10.4.0.1 -i ICMP Echo request (ID: 1 Sequence number: 37)
# ipadm show-prop
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
ipv4 forwarding rw off off off on,off
ipv4 ttl rw 255 -- 255 1-255
ipv6 forwarding rw off -- off on,off
ipv6 hoplimit rw 255 -- 255 1-255
ipv6 hostmodel rw weak -- weak strong,
src-priority,
weak
ipv4 hostmodel rw strong strong weak strong,
src-priority,
weak
icmp max_buf rw 262144 -- 262144 65536-1073741824
icmp recv_buf rw 8192 -- 8192 4096-262144
icmp send_buf rw 8192 -- 8192 4096-262144
tcp cong_default rw newreno -- newreno newreno,cubic,
highspeed,vegas
tcp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
highspeed, highspeed, highspeed,vegas
vegas vegas
tcp ecn rw passive -- passive never,passive,
active
tcp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
tcp largest_anon_port rw 65535 -- 65535 32768-65535
tcp max_buf rw 1048576 -- 1048576 128000-1073741824
tcp recv_buf rw 128000 -- 128000 2048-1048576
tcp sack rw active -- active never,passive,
active
tcp send_buf rw 49152 -- 49152 4096-1048576
tcp smallest_anon_port rw 32768 -- 32768 1024-65535
tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
udp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
udp largest_anon_port rw 65535 -- 65535 32768-65535
udp max_buf rw 2097152 -- 2097152 65536-1073741824
udp recv_buf rw 57344 -- 57344 128-2097152
udp send_buf rw 57344 -- 57344 1024-2097152
udp smallest_anon_port rw 32768 -- 32768 1024-65535
udp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
sctp cong_default rw newreno -- newreno newreno,cubic,
highspeed,vegas
sctp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
highspeed, highspeed, highspeed,vegas
vegas vegas
sctp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
sctp largest_anon_port rw 65535 -- 65535 32768-65535
sctp max_buf rw 1048576 -- 1048576 102400-1073741824
sctp recv_buf rw 102400 -- 102400 8192-1048576
sctp send_buf rw 102400 -- 102400 8192-1048576
sctp smallest_anon_port rw 32768 -- 32768 1024-65535
sctp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
# ipadm show-addrprop
ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
lo0/v4 broadcast r- -- -- -- --
lo0/v4 deprecated rw off -- off on,off
lo0/v4 prefixlen rw 8 8 8 1-30,32
lo0/v4 private rw off -- off on,off
lo0/v4 reqhost r- -- -- -- --
lo0/v4 transmit rw on -- on on,off
lo0/v4 zone rw global -- global --
nge0/v4 broadcast r- 209.xxx.xxx.255 -- 209.xxx.xxx.255 --
nge0/v4 deprecated rw off -- off on,off
nge0/v4 prefixlen rw 25 25 24 1-30,32
nge0/v4 private rw on on off on,off
nge0/v4 reqhost r- -- -- -- --
nge0/v4 transmit rw on -- on on,off
nge0/v4 zone rw global -- global --
vnic0/inside broadcast r- 10.4.0.255 -- 10.255.255.255 --
vnic0/inside deprecated rw off -- off on,off
vnic0/inside prefixlen rw 24 24 8 1-30,32
vnic0/inside private rw off -- off on,off
vnic0/inside reqhost r- -- -- -- --
vnic0/inside transmit rw on -- on on,off
vnic0/inside zone rw global -- global --
tun0/v4 broadcast r- -- -- -- --
tun0/v4 deprecated rw off -- off on,off
tun0/v4 prefixlen rw -- -- -- --
tun0/v4 private rw off -- off on,off
tun0/v4 reqhost r- -- -- -- --
tun0/v4 transmit rw on -- on on,off
tun0/v4 zone rw global -- global --
ipadm show-ifprop
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
nge0 arp ipv4 rw on -- on on,off
nge0 forwarding ipv4 rw off off off on,off
nge0 metric ipv4 rw 0 -- 0 --
nge0 mtu ipv4 rw 1500 -- 1500 68-1500
nge0 exchange_routes ipv4 rw on -- on on,off
nge0 usesrc ipv4 rw none -- none --
nge0 forwarding ipv6 rw off -- off on,off
nge0 metric ipv6 rw 0 -- 0 --
nge0 mtu ipv6 rw 1500 -- 1500 1280-1500
nge0 nud ipv6 rw on -- on on,off
nge0 exchange_routes ipv6 rw on -- on on,off
nge0 usesrc ipv6 rw none -- none --
nge0 group ip rw -- -- -- --
nge0 standby ip rw off -- off on,off
vnic0 arp ipv4 rw on -- on on,off
vnic0 forwarding ipv4 rw on on off on,off
vnic0 metric ipv4 rw 0 -- 0 --
vnic0 mtu ipv4 rw 1500 -- 1500 68-1500
vnic0 exchange_routes ipv4 rw on -- on on,off
vnic0 usesrc ipv4 rw none -- none --
vnic0 group ip rw -- -- -- --
vnic0 standby ip rw off -- off on,off
tun0 arp ipv4 rw off -- on on,off
tun0 forwarding ipv4 rw on on off on,off
tun0 metric ipv4 rw 0 -- 0 --
tun0 mtu ipv4 rw 1402 -- 1402 68-65515
tun0 exchange_routes ipv4 rw on -- on on,off
tun0 usesrc ipv4 rw none -- none --
tun0 group ip rw -- -- -- --
tun0 standby ip rw off -- off on,off
Edited by: user1233039 on Jun 20, 2012 9:18 AMI have established a IPSEC VPN tunnel between my remote solaris 11 and office Sonicwall router using Site to Site. Everything works fine if the traffic initiates from the Solaris side. However when I try to ping or any network services like nfs,ssh, samb, etc. on the remote solaris box from our office. The server does NOT respond to the incoming packets but packets are going through the tunnel and appears on the remote end when I do snoop –d tun0 and snoop –I vnic0. What I do notice is that snoop –d vnic0 shows no packets and it doesn’t seem to get any traffic at all (see netstat –rn). Could it be my routing table? Ip zones? Any ideas? I followed the Oracle Documents very carefully and with extra help from other extern Solaris 11 admin sites. I know people would suggest using OpenSwan or OpenVPN but this setup should work.
Here is the network info on my IPSEC VPN setup. Tunnel is configured in Transport Mode and IPSEC/IKE is working fine.
Solaris 11 vnic0/10.4.0.1/24, external Internet Nic is nge0/209.xxx.xxx.194/25
# dladm show-link
LINK CLASS MTU STATE OVER
nge0 phys 1500 up --
tun0 iptun 1402 up --
vnic0 vnic 1500 up nge0
# dladm show-iptun
LINK TYPE FLAGS LOCAL REMOTE
tun0 ipv4 s- 209.xxx.xxx.194 64.xxx.xxx.34
# ipadm show-if
IFNAME CLASS STATE ACTIVE OVER
lo0 loopback ok yes --
nge0 ip ok yes --
vnic0 ip ok yes --
tun0 ip ok yes --
# ipadm show-addr
ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
nge0/v4 static ok 209.xxx.xxx.194/25
vnic0/inside static ok 10.4.0.1/24
tun0/v4 static ok 10.4.0.1->172.20.0.1
lo0/v6 static ok ::1/128
# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
default 209.xxx.xxx.129 UG 6 16874898 nge0
10.4.0.0 10.4.0.1 U 2 0 vnic0
10.181.0.0 172.20.0.1 UGS 3 16862235 tun0
127.0.0.1 127.0.0.1 UH 2 1786 lo0
172.20.0.1 10.4.0.1 UH 3 16862235 tun0
Routing Table: IPv6
Destination/Mask Gateway Flags Ref Use If
::1 ::1 UH 2 42 lo0
# routeadm
Configuration Current Current
Option Configuration System State
IPv4 routing disabled disabled
IPv6 routing disabled disabled
IPv4 forwarding disabled disabled
IPv6 forwarding disabled disabled
Routing services "route:default ripng:default"
Routing daemons:
STATE FMRI
disabled svc:/network/routing/ripng:default
disabled svc:/network/routing/rdisc:default
disabled svc:/network/routing/route:default
disabled svc:/network/routing/legacy-routing:ipv4
disabled svc:/network/routing/legacy-routing:ipv6
online svc:/network/routing/ndp:default
Solaris># ping 10.181.1.218
10.181.1.218 is alive
C:\>ping 10.4.0.1
Pinging 10.4.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
# snoop -d tun0 10.181.1.218
Using device tun0 (promiscuous mode)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 33) (1 encap)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 34) (1 encap)
# snoop -I vnic0 10.181.1.218
Using device ipnet/vnic0 (promiscuous mode)
10.181.1.218-> 10.4.0.1 ICMP Echo request (ID: 1 Sequence number: 36)
10.181.1.218-> 10.4.0.1 -i ICMP Echo request (ID: 1 Sequence number: 37)
# ipadm show-prop
PROTO PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
ipv4 forwarding rw off off off on,off
ipv4 ttl rw 255 -- 255 1-255
ipv6 forwarding rw off -- off on,off
ipv6 hoplimit rw 255 -- 255 1-255
ipv6 hostmodel rw weak -- weak strong,
src-priority,
weak
ipv4 hostmodel rw strong strong weak strong,
src-priority,
weak
icmp max_buf rw 262144 -- 262144 65536-1073741824
icmp recv_buf rw 8192 -- 8192 4096-262144
icmp send_buf rw 8192 -- 8192 4096-262144
tcp cong_default rw newreno -- newreno newreno,cubic,
highspeed,vegas
tcp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
highspeed, highspeed, highspeed,vegas
vegas vegas
tcp ecn rw passive -- passive never,passive,
active
tcp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
tcp largest_anon_port rw 65535 -- 65535 32768-65535
tcp max_buf rw 1048576 -- 1048576 128000-1073741824
tcp recv_buf rw 128000 -- 128000 2048-1048576
tcp sack rw active -- active never,passive,
active
tcp send_buf rw 49152 -- 49152 4096-1048576
tcp smallest_anon_port rw 32768 -- 32768 1024-65535
tcp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
udp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
udp largest_anon_port rw 65535 -- 65535 32768-65535
udp max_buf rw 2097152 -- 2097152 65536-1073741824
udp recv_buf rw 57344 -- 57344 128-2097152
udp send_buf rw 57344 -- 57344 1024-2097152
udp smallest_anon_port rw 32768 -- 32768 1024-65535
udp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
sctp cong_default rw newreno -- newreno newreno,cubic,
highspeed,vegas
sctp cong_enabled rw newreno,cubic, newreno,cubic, newreno newreno,cubic,
highspeed, highspeed, highspeed,vegas
vegas vegas
sctp extra_priv_ports rw 2049,4045 -- 2049,4045 1-65535
sctp largest_anon_port rw 65535 -- 65535 32768-65535
sctp max_buf rw 1048576 -- 1048576 102400-1073741824
sctp recv_buf rw 102400 -- 102400 8192-1048576
sctp send_buf rw 102400 -- 102400 8192-1048576
sctp smallest_anon_port rw 32768 -- 32768 1024-65535
sctp smallest_nonpriv_port rw 1024 -- 1024 1024-32768
# ipadm show-addrprop
ADDROBJ PROPERTY PERM CURRENT PERSISTENT DEFAULT POSSIBLE
lo0/v4 broadcast r- -- -- -- --
lo0/v4 deprecated rw off -- off on,off
lo0/v4 prefixlen rw 8 8 8 1-30,32
lo0/v4 private rw off -- off on,off
lo0/v4 reqhost r- -- -- -- --
lo0/v4 transmit rw on -- on on,off
lo0/v4 zone rw global -- global --
nge0/v4 broadcast r- 209.xxx.xxx.255 -- 209.xxx.xxx.255 --
nge0/v4 deprecated rw off -- off on,off
nge0/v4 prefixlen rw 25 25 24 1-30,32
nge0/v4 private rw on on off on,off
nge0/v4 reqhost r- -- -- -- --
nge0/v4 transmit rw on -- on on,off
nge0/v4 zone rw global -- global --
vnic0/inside broadcast r- 10.4.0.255 -- 10.255.255.255 --
vnic0/inside deprecated rw off -- off on,off
vnic0/inside prefixlen rw 24 24 8 1-30,32
vnic0/inside private rw off -- off on,off
vnic0/inside reqhost r- -- -- -- --
vnic0/inside transmit rw on -- on on,off
vnic0/inside zone rw global -- global --
tun0/v4 broadcast r- -- -- -- --
tun0/v4 deprecated rw off -- off on,off
tun0/v4 prefixlen rw -- -- -- --
tun0/v4 private rw off -- off on,off
tun0/v4 reqhost r- -- -- -- --
tun0/v4 transmit rw on -- on on,off
tun0/v4 zone rw global -- global --
ipadm show-ifprop
IFNAME PROPERTY PROTO PERM CURRENT PERSISTENT DEFAULT POSSIBLE
nge0 arp ipv4 rw on -- on on,off
nge0 forwarding ipv4 rw off off off on,off
nge0 metric ipv4 rw 0 -- 0 --
nge0 mtu ipv4 rw 1500 -- 1500 68-1500
nge0 exchange_routes ipv4 rw on -- on on,off
nge0 usesrc ipv4 rw none -- none --
nge0 forwarding ipv6 rw off -- off on,off
nge0 metric ipv6 rw 0 -- 0 --
nge0 mtu ipv6 rw 1500 -- 1500 1280-1500
nge0 nud ipv6 rw on -- on on,off
nge0 exchange_routes ipv6 rw on -- on on,off
nge0 usesrc ipv6 rw none -- none --
nge0 group ip rw -- -- -- --
nge0 standby ip rw off -- off on,off
vnic0 arp ipv4 rw on -- on on,off
vnic0 forwarding ipv4 rw on on off on,off
vnic0 metric ipv4 rw 0 -- 0 --
vnic0 mtu ipv4 rw 1500 -- 1500 68-1500
vnic0 exchange_routes ipv4 rw on -- on on,off
vnic0 usesrc ipv4 rw none -- none --
vnic0 group ip rw -- -- -- --
vnic0 standby ip rw off -- off on,off
tun0 arp ipv4 rw off -- on on,off
tun0 forwarding ipv4 rw on on off on,off
tun0 metric ipv4 rw 0 -- 0 --
tun0 mtu ipv4 rw 1402 -- 1402 68-65515
tun0 exchange_routes ipv4 rw on -- on on,off
tun0 usesrc ipv4 rw none -- none --
tun0 group ip rw -- -- -- --
tun0 standby ip rw off -- off on,off
Edited by: user1233039 on Jun 20, 2012 9:18 AM -
L2L issue, the tunnel does not getting up from one direction
Hello,
We have configure a L2L vpn between Asa and 1841 router. We are facing this issue.
The tunnel is not getting up from the 1841 site never. When we are trying to generate traffic from the ASA site the tunnel is up and we can see decryps and encryps packets.
Router 1841 Config:
crypto isakmp policy 100
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key * address 213.249.XX.XX
crypto ipsec transform-set XXXXX esp-3des esp-md5-hmac
crypto map EKO_BG 100 ipsec-isakmp
set peer 213.249.x.x
set security-association lifetime seconds 28800
set transform-set XXXXX
set pfs group2
match address 111
interface FastEthernet0/0.2
encapsulation dot1Q 3338
ip address 212.200.30.130 255.255.255.252
ip nat outside
ip virtual-reassembly
crypto map XXXXX
ip nat pool nat_pool 93.87.XX.XX 93.87.XX.XX prefix-length 29
ip nat inside source list 101 pool nat_pool overload
ip nat inside source static 10.70.2.10 93.87.18.161
ip nat inside source static 10.70.25.10 93.87.18.162
ip nat inside source static 10.70.36.5 93.87.18.163
ip nat inside source static 10.70.39.10 93.87.18.164
ip nat inside source static 10.70.5.10 93.87.18.165
access-list 101 deny ip 10.70.200.0 0.0.0.255 any
access-list 101 permit ip 10.70.0.0 0.0.255.255 any
access-list 111 permit ip 10.70.200.0 0.0.0.255 172.40.10.100 0.0.0.3
Asa Config:
access-list inside_nat0_outbound extended permit ip 172.40.10.100 255.255.255.252 10.70.200.0 255.255.255.0
access-list outside_cryptomap_320 remark xxxxxxx
access-list outside_cryptomap_320 extended permit ip 172.40.10.100 255.255.255.252 10.70.200.0 255.255.255.0
access-list inside_pnat_outbound_V5 extended permit ip host 10.8.x.x 10.70.200.0 255.255.255.0
pager lines 24
nat (inside) 9 access-list inside_pnat_outbound_V5
crypto ipsec transform-set xxxxx esp-3des esp-md5-hmac
crypto map mymap 150 match address
crypto map mymap 150 set pfs
crypto map mymap 150 set peer XXXXXX
crypto map mymap 150 set transform-set XXX
crypto map mymap 150 set security-association lifetime seconds 28800
crypto map mymap 150 set security-association lifetime kilobytes 10000
crypto map mymap 320 match address outside_cryptomap_320
crypto map mymap 320 set pfs
crypto map mymap 320 set peer XXXXX
crypto map mymap 320 set transform-set XXXXX
crypto map mymap 320 set security-association lifetime seconds 28800
crypto map mymap 320 set security-association lifetime kilobytes 4608000
crypto map mymap 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map mymap interface outside
isakmp policy 150 authentication pre-share
isakmp policy 150 encryption 3des
isakmp policy 150 hash md5
isakmp policy 150 group 2
tunnel-group 212.200.x.x type ipsec-l2l
tunnel-group 212.200.x.x ipsec-attributes
pre-shared-key *
Please advise.
Thank you.hello Ashley,
thank you for this info. Now from the router site the tunneling is getting up and I can see packets but althought the tunnel is up it can not make telnet to our server (172.40.10.100) on a specific port.
We from ASA site can ping router Site and make telnet.
Any ideas???
Thank you all from your answers! -
Port Disable for traffic flowing only one direction
Hi,
We use some Catalyst Express 500 and ESW-520 in our company.
But with the Catalyst Express 500 we have problem that we can't arrive to explain.
Some Gi port turn disable with this log error message :
Description: Gi1: This port is disabled because the traffic is flowing only in one direction. The cause might be incorrect cabling.
Recommendation: Make sure that cable is properly connected to the ports. For fiber connections, ensure that the transmit and receive fibers are connected correctly. Disable and Enable the port.
For the recommandation the cable is right, we change it and we change the switch by an other and the probleme continue.
If we change with a ESW-520 the problem don't arrive, but we can't change all our old switch for moment.
Any idea about this problem?Hi Guys,
Thank you all for your help. The packet was being dropped on the "implicit rule", that means that the packet was not finding an ACL to match.
I checked the ACLs that the VPN Wizard generates by itself when used to configure an IPSec connection, and the ACLs where correct and "before" the implicit rule . (They are called by default outside_cryptomap_"number")
It seems that since I am not using "sysopt connection permit-vpn" I have to add the same ACLs to the "Local Network" interface (VPN_LAN).
Since there was inbound ACLs related to the VPN_LAN interface, the firewall jumped directly to the "implicit rule".
So the result is that I have two times the same rules first inbound on the VPN_LAN and second on the default outside_cryptomap ACLs.
Greetings,
Daniel -
can not transfer date from one hard drive to another, I keep getting an error because I have two of the same file names and one file name is in caps and I cant change the file name. My original external has an error and needs to be reformatted but I dont want to lose this informations its my entire Itunes library.
Sounds like the source drive is formatted as case sensitive and the destination drive is not. The preferred format for OS X is case insensitive unless there is a compelling reason to go case sensitive.
Why can't you change the filename? Is it because the source drive is having problems? If so is this happening with only one or two or a few files? If so the best thing would be to copy those over individually and then rename them on the destination drive.
If it is more then you can do manually and you can't change the name on the source you will have to reformat the destination as case sensitive.
Btw this group is for discussion of the Support Communities itself, you;d do better posting to Lion group. I'll see if a host will move it. -
View only works in one direction,will not change when I turn the phone
view only works in one direction,will not change when I turn the phone
Is the rotate lock on?
http://appletoolbox.com/2013/03/iphone-ipad-or-ipod-screen-will-not-rotate-fix/ -
Why does iPhoto (9.0/11) not retain the Event name when exporting more than one event? (using File -> Export -> Album name with number).
Exporting a single Event retains the Event name which is what I'd expect. But highlighting more than one event and exporting it renames the images to Events 001.JPG, Event 002.JPG etc.
I was recently on holidays and had all my events nicely split on Dad's computer but when I went to export it I couldn't retain any of this information. Now I have to replicate this all again on my computer.
It wasn't possible to export the entire library as the external drive was fat32 format an I didn't want all of it. It would be nice to export a bunch of events to someone and have it retain the name.
Does anyone have a work around or will this be fixed at some point by Apple?Why does iPhoto (9.0/11) not retain the Event name when exporting more than one event? (using File -> Export -> Album name with number).
Exporting a single Event retains the Event name which is what I'd expect. But highlighting more than one event and exporting it renames the images to Events 001.JPG, Event 002.JPG etc.
I was recently on holidays and had all my events nicely split on Dad's computer but when I went to export it I couldn't retain any of this information. Now I have to replicate this all again on my computer.
It wasn't possible to export the entire library as the external drive was fat32 format an I didn't want all of it. It would be nice to export a bunch of events to someone and have it retain the name.
Does anyone have a work around or will this be fixed at some point by Apple? -
I preordered One Direction's new album Midnight Memories, but did not purchase it. It is not in my downloads or purchases even though it says it's purchased. I can't even buy it because it says purchased and will not let me click the button. Please help!
Try:
HT2519 Pre-ordered album, it says...: Apple Support Communities -
I purchased a One Direction song but it did not well downloaded successfully. It just downloaded halfway. And afterthat i cannot sign in to my itunes account. This happened for about a few days ago until now
What you are experiencing is 100% related to Malware.
Sometimes a problem with Firefox may be a result of malware installed on your computer, that you may not be aware of.
You can try these free programs to scan for malware, which work with your existing antivirus software:
* [http://www.microsoft.com/security/scanner/default.aspx Microsoft Safety Scanner]
* [http://www.malwarebytes.org/products/malwarebytes_free/ MalwareBytes' Anti-Malware]
* [http://support.kaspersky.com/faq/?qid=208283363 TDSSKiller - AntiRootkit Utility]
* [http://www.surfright.nl/en/hitmanpro/ Hitman Pro]
* [http://www.eset.com/us/online-scanner/ ESET Online Scanner]
[http://windows.microsoft.com/MSE Microsoft Security Essentials] is a good permanent antivirus for Windows 7/Vista/XP if you don't already have one.
Further information can be found in the [[Troubleshoot Firefox issues caused by malware]] article.
Did this fix your problems? Please report back to us! -
Site to Site Tunnel - Traffic just flowing in one direction.
Greetings to everyone,
I have configured an IPSec (Site-to-Site) tunnel between an ASA5510 and a Linux Sytem connection a Network A with a Network B in the following way:
* Diagram:
#---------------IPSec-----------------#
private network (A) ---- Linux Router (GW1) -------- WAN -------- (GW2) ASA5510 ---- public network (B)
* Results:
I have checked the IPSec Tunnel on the linux Router and both Phase 1 and Phase 2 are UP. ASDM shows also an IPSec connection with the correct parameters (GW, Local Network, Left Network etc.).
If I have correctly understand it "show crypto iskmp sa", "show crypto ikev1 sa" and "show crypto ipsec sa" show also that the connection is correct and UP.
*Now comes the interesting thing:
If I ping from Network A to Network B, the icmp echo request go thorugh the tunnel and I can see the Rx bytes on the cisco ASA going UP.
If I ping from Network B to Network A, I do not see any Tx Bytes on the Tunnel. The Linux router does not also see any packets going through the tunnel.
When I ping from Network B to Network A, the Firewall Logs ICMP Denies. That means that the traffic from B to A, I do not know why, is not matching the corresponding Tunnel ACL, the icmp packets are being routed to the default gateway instead through the tunnel and they are then matching a less specific droping rule on the main firewall.
*Configurations:
I have specially configured a Crypto Map that matches the Networks in Both directions.
There exists an ACL that permits the traffic in both directions.
There exist a NAT rules that permits traffic between both networks without being NATed, in order for both networks to transmit through the tunnels freely.
* Ideas ?
crypto map?
NAT?
ACL?
interface level security?
Thanks in advance.Hi Guys,
Thank you all for your help. The packet was being dropped on the "implicit rule", that means that the packet was not finding an ACL to match.
I checked the ACLs that the VPN Wizard generates by itself when used to configure an IPSec connection, and the ACLs where correct and "before" the implicit rule . (They are called by default outside_cryptomap_"number")
It seems that since I am not using "sysopt connection permit-vpn" I have to add the same ACLs to the "Local Network" interface (VPN_LAN).
Since there was inbound ACLs related to the VPN_LAN interface, the firewall jumped directly to the "implicit rule".
So the result is that I have two times the same rules first inbound on the VPN_LAN and second on the default outside_cryptomap ACLs.
Greetings,
Daniel -
Drop down menus go to left and right, not just one direction.
My dropdown menus work fine but when I scroll down to use an option one thing will go to the left and another thing ( in the same drop down ) to the right. Anyone know how to make them ALL go in one direction to the right?
What operating system are you using?
What version of photoshop are you using?
If your on a windows operating system it probably has to do with the handedness under the Tablet PC settings:
http://forums.adobe.com/message/5436480#5436480 -
HT204266 My qvc app only opens in one direction and does not have wish list?
Why does my qvc app only open in one direction north south when I open the app but when I open qvc through an email it opens east west and has add to wish list also?
On your iMac
Contacts > iCloud (upper left) > All Contacts?? -
Remote Access VPN connecting but not passing traffic
I have a remote access VPN configured on a device here. I'm able to connect a device and it assigns me an IP address out of the pool, and injects the routes to its local network, but I'm not able to pass any traffic through the VPN and none of the IPSec SA counters increment for the dial-in connection. I've compared the config here to the samples from documentation and I don't know what I'm missing. Config is below.
3118-FWL001(config)# sho run
: Saved
ASA Version 7.2(3)
hostname 3118-FWL001
domain-name rr-rentals.com
enable password hEgvNHfNHV8zypPu encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 199.X.X.162 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd 2KFQnbNIdI.2KYOU encrypted
banner exec
banner exec
banner exec
banner exec Any attempted or unauthorized access, use, or modification is prohibited.
banner exec Unauthorized users may face criminal and/or civil penalties.
banner exec The use of this system may be monitored and recorded.
banner exec If the monitoring reveals possible evidence of criminal activity, Adhost can
banner exec provide the records to law enforcement.
banner exec Be safe! Do not share your access information with anyone!
banner exec
banner exec
banner exec
banner asdm
banner asdm
banner asdm
banner asdm Any attempted or unauthorized access, use, or modification is prohibited.
banner asdm Unauthorized users may face criminal and/or civil penalties.
banner asdm The use of this system may be monitored and recorded.
banner asdm If the monitoring reveals possible evidence of criminal activity, Adhost can
banner asdm provide the records to law enforcement.
banner asdm Be safe! Do not share your access information with anyone!
banner asdm
banner asdm
banner asdm
ftp mode passive
dns server-group DefaultDNS
domain-name rr-rentals.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list outside_acl extended permit ip any host 199.X.X.163
access-list outside_acl extended permit icmp any any echo
access-list outside_acl extended permit icmp any any echo-reply
access-list outside_acl extended permit tcp 216.X.X.64 255.255.255.192 any
access-list outside_acl extended permit tcp host 76.X.X.166 any eq 3389
access-list outside_acl extended permit tcp 67.X.X.192 255.255.255.224 any eq 3389
access-list outside_acl extended permit tcp any any eq ftp
access-list outside_acl extended permit tcp any any eq ftp-data
access-list outside_acl extended permit tcp host 72.X.X.71 any eq 3389
access-list outside_acl extended permit tcp host 26.X.X.155 any eq 3389
access-list outside_acl extended permit tcp host 24.X.X.155 any eq 3389
access-list outside_acl extended permit icmp any any unreachable
access-list outside_acl extended permit icmp any any time-exceeded
access-list outside_acl extended permit tcp host 71.X.X.170 any eq 3389
access-list outside_acl extended permit tcp host 24.X.X.200 any eq 3389
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list outside_2_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list outside_4_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list outside_3_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list rr-vpn_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0
access-list rr-vpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging buffer-size 1048576
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool vpnpool 192.168.20.1-192.168.20.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-523.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) 199.X.X.163 192.168.10.2 netmask 255.255.255.255
access-group outside_acl in interface outside
route outside 0.0.0.0 0.0.0.0 199.X.X.161 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
aaa authentication enable console LOCAL
aaa authentication serial console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 216.X.X.64 255.255.255.192 outside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection tcpmss 1200
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer 50.X.X.58
crypto map outside_map 1 set transform-set ESP-AES-128-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 75.X.X.253
crypto map outside_map 2 set transform-set ESP-AES-128-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set pfs
crypto map outside_map 3 set peer 173.X.X.69
crypto map outside_map 3 set transform-set ESP-AES-128-SHA
crypto map outside_map 4 match address outside_4_cryptomap
crypto map outside_map 4 set pfs
crypto map outside_map 4 set peer 70.X.X.194
crypto map outside_map 4 set transform-set ESP-AES-128-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.10.2 255.255.255.255 inside
ssh 192.168.0.0 255.255.0.0 inside
ssh 216.X.X.64 255.255.255.192 outside
ssh 50.X.X.58 255.255.255.255 outside
ssh timeout 60
ssh version 2
console timeout 0
management-access inside
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
service-policy global_policy global
tftp-server outside 216.X.X.116 3118-FWL001.config
group-policy rr-vpn internal
group-policy rr-vpn attributes
dns-server value 216.X.X.12 66.X.X.11
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value rr-vpn_splitTunnelAcl
username rrlee password B6rKS8LmKC50oIXK encrypted privilege 0
username rrlee attributes
vpn-group-policy rr-vpn
username cschirado password QYICGrOFAZ9iPWpp encrypted privilege 0
username cschirado attributes
vpn-group-policy rr-vpn
username daniel password SZsXZCSuVXcFn9NB encrypted privilege 15
username adhostadm password 7P2Y2Ow1o0.VSjvh encrypted privilege 15
username troy password amZKsxVU.8N9kKPb encrypted privilege 0
username troy attributes
vpn-group-policy rr-vpn
username troyr password Hek9zbMrM6wEDSfi encrypted privilege 15
username druiz password 33oau7XOcvhJ3DMv encrypted privilege 0
username druiz attributes
vpn-group-policy rr-vpn
username theresa password qWsPnR.vfjXzlunC encrypted privilege 0
username theresa attributes
vpn-group-policy rr-vpn
username kevin password R5DPfUVhzGCEg6pu encrypted privilege 0
username kevin attributes
vpn-group-policy rr-vpn
username andrea password MyhIPdH6UJQDon77 encrypted privilege 0
username andrea attributes
vpn-group-policy rr-vpn
tunnel-group 50.X.X.58 type ipsec-l2l
tunnel-group 50.X.X.58 ipsec-attributes
pre-shared-key *
tunnel-group 75.X.X.253 type ipsec-l2l
tunnel-group 75.X.X.253 ipsec-attributes
pre-shared-key *
tunnel-group 72.X.X.71 type ipsec-l2l
tunnel-group 72.X.X.71 ipsec-attributes
pre-shared-key *
tunnel-group 173.X.X.69 type ipsec-l2l
tunnel-group 173.X.X.69 ipsec-attributes
pre-shared-key *
tunnel-group rr-vpn type ipsec-ra
tunnel-group rr-vpn general-attributes
address-pool vpnpool
default-group-policy rr-vpn
tunnel-group rr-vpn ipsec-attributes
pre-shared-key *
tunnel-group 70.X.X.194 type ipsec-l2l
tunnel-group 70.X.X.194 ipsec-attributes
pre-shared-key *
prompt hostname contextHere are the results of the commands you requested. I'm not able to ping either direction.
Thanks,
James
3118-FWL001# sho cry isa sa
Active SA: 5
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 5
1 IKE Peer: 50.34.254.58
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
2 IKE Peer: 173.10.71.69
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
3 IKE Peer: 75.151.109.253
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
4 IKE Peer: 70.99.88.194
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
5 IKE Peer: 216.211.143.85
Type : user Role : responder
Rekey : no State : AM_ACTIVE
3118-FWL001# sho cry ips sa
interface: outside
Crypto map tag: outside_dyn_map, seq num: 20, local addr: 199.21.66.162
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.20.2/255.255.255.255/0/0)
current_peer: 216.211.143.85, username: kevin
dynamic allocated peer ip: 192.168.20.2
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 216.211.143.85
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: CBF94621
inbound esp sas:
spi: 0x8D8279CA (2374138314)
transform: esp-3des esp-sha-hmac none
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 200, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 28715
IV size: 8 bytes
replay detection support: Y
outbound esp sas:
spi: 0xCBF94621 (3422111265)
transform: esp-3des esp-sha-hmac none
in use settings ={RA, Tunnel, }
slot: 0, conn_id: 200, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 28715
IV size: 8 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 1, local addr: 199.21.66.162
access-list outside_1_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.1.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
current_peer: 50.34.254.58
#pkts encaps: 15356573, #pkts encrypt: 15356573, #pkts digest: 15356573
#pkts decaps: 9021115, #pkts decrypt: 9021114, #pkts verify: 9021114
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 15356573, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 50.34.254.58
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: FE16571B
inbound esp sas:
spi: 0x78BD7E4F (2025684559)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 86, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4263158/5788)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0xFE16571B (4262876955)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 86, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4064653/5788)
IV size: 16 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 4, local addr: 199.21.66.162
access-list outside_4_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.4.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.4.0/255.255.255.0/0/0)
current_peer: 70.99.88.194
#pkts encaps: 491814, #pkts encrypt: 491814, #pkts digest: 491814
#pkts decaps: 416810, #pkts decrypt: 416810, #pkts verify: 416810
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 491814, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 70.99.88.194
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 533F55E1
inbound esp sas:
spi: 0xE2F461AD (3807666605)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 194, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4273818/27167)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0x533F55E1 (1396659681)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 194, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4266133/27167)
IV size: 16 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 2, local addr: 199.21.66.162
access-list outside_2_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
current_peer: 75.151.109.253
#pkts encaps: 207718, #pkts encrypt: 207718, #pkts digest: 207718
#pkts decaps: 142739, #pkts decrypt: 142739, #pkts verify: 142739
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 207722, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 75.151.109.253
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 8D74AC18
inbound esp sas:
spi: 0x0CF7F70B (217577227)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 195, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4274490/23242)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0x8D74AC18 (2373233688)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 195, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4270718/23242)
IV size: 16 bytes
replay detection support: Y
Crypto map tag: outside_map, seq num: 3, local addr: 199.21.66.162
access-list outside_3_cryptomap permit ip 192.168.10.0 255.255.255.0 192.168.3.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.10.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.3.0/255.255.255.0/0/0)
current_peer: 173.10.71.69
#pkts encaps: 3427935, #pkts encrypt: 3427935, #pkts digest: 3427935
#pkts decaps: 2006044, #pkts decrypt: 2006044, #pkts verify: 2006044
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 3427935, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 199.21.66.162, remote crypto endpt.: 173.10.71.69
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 2E8A6147
inbound esp sas:
spi: 0x467968AB (1182361771)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 154, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4270213/18597)
IV size: 16 bytes
replay detection support: Y
outbound esp sas:
spi: 0x2E8A6147 (780820807)
transform: esp-aes esp-sha-hmac none
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 154, crypto-map: outside_map
sa timing: remaining key lifetime (kB/sec): (4162093/18597)
IV size: 16 bytes
replay detection support: Y
3118-FWL001# sho run route
route outside 0.0.0.0 0.0.0.0 199.21.66.161 1
Maybe you are looking for
-
How can I create a new label using Pages and Avery Labels products?
How can I create a new label using Avery LAbels and PAges on an imac?
-
Clarify the queries, please...
1. Explain about Mappings (ABAP, Java, XSLT, and Message) merits and demerits? In which situations exactly we will use Java, ABAP and XSLT Mappings? 2. What is Correlation? Where it comes into picture? 3. Is there any Debugging facility available in
-
Hi Experts I have requirement for Proxy to SOAP (Synchronous) and it needs a BPM to get the response from SOAP and post to the Proxy Can any send the Prototype Thanks PR
-
hi! does anybody know what is the special content that SRMMDMCAT01_0.sca have? different iViews? if i'm implementing srm-portal-mdm-r3 it's necessary? because i'm not using all the srm catalog, and only installed the mdm portal content, i'll have
-
My mic is not sensed by my late 2012 mac mini
I do not know why or what started this. i have Turtle Beach x12 headsets that have a mic that play back what you say anytime so you can hear yourself better except recently the mic shut off. It says its on, and its impossible to start it. I plugged e