New C40 cisco codec
Hi,
I'm working for Industry Canada and we just received a new video conference system. It is connected to a DSL line. The video conferencing work perfect when we dial out. But I have a issue when a external person try to dial me in, it can't connect. I think there is a problem with local IP (modem) and dedicated IP (public IP). I try to config. the modem but still experiencing problem with receiving calls.
Anybody can help?
Thank you
For incoming call to Endpoint behind the FW/Router, you need to configure 1:1 NAT or port forwarding.
If firewall/router is H.323 awareness and support ALG, then you won’t need configure each port but most of home router will require manual port forwarding configuration.
For H.323 connection with C-series Endpoint, following ports will be use
Gatekeeper Discovery (RAS) – Port 1719 – UDP (not necessary for this case as not registering on GK).
Q.931 call Setup – Port 1720 – TCP
H.245 – Port Range 5555-6555– TCP
Video – Port Range 2326-2485 – UDP
Audio – Port Range 2326-2485 – UDP
Data/FECC – Port Range – 2326-2485 – UDP
Please note H.245 ports range is from 5555 to 6555 while port allocation configured as "Static".
If port allocation configured as "Dynamic", then port range is from 11000 to 20999.
If you modify port configuration (Static/Dynamic), codec must restart to affect configuration change.
Default RTP/RTCP port range for media is 2326 to 2485.
However this is configurable by "RTP Ports Range Start" and "RTP Ports Range Stop".
Similar Messages
-
Cisco Codec C90 screen refresh/flicker
Hi guys,
We are currently experiencing issues where we have a Cisco Codec C90 with two outputs to two screens (HDMI1 & 2) Every now and then (randomly) we will see a quick horizontal flick run up the screen similar to a refresh…
This can some times happen on either screen. From the codec outputs they enter into an AMX switcher which then leads on to the displays etc… Now, it seams reseating the HDMI cables between the codec and AMX seems to resolve the issue for the interim until it returns later on.
I am trying to see in the logs of the codec if there is anything that matches the time that this occurs as we are in between if this is the codec or AMX controller that has the issue?
Below are the logs where I have seen the screen connected to HDMI#1 flicker within this minute; I have limited exp with codec fault finding so was wondering if someone can see something that sticks out to them?
Nov 19 05:39:16.565 ppc appl[3033]: 320811.07 CuilApp User (0) successfully executed command '/Standby/Deactivate' from .
Nov 19 05:39:16.570 ppc appl[3033]: 320811.07 MainEvents I: LeavingStandby()
Nov 19 05:39:16.572 ppc appl[3033]: 320811.08 VIDEOLC-0 I: PowerManagement, request power save off
Nov 19 05:39:16.639 ppc appl[3033]: 320811.14 VIDEOLC-0 I: PowerManagement, power save off confirmed, no error
Nov 19 05:39:17.000 arm0 vpe0: irq: local missing 83
Nov 19 05:39:17.000 arm4 vpe2: irq: local missing 82
Nov 19 05:39:17.000 arm2 vpe1: irq: local missing 82
Nov 19 05:39:17.000 arm6 vpe3: irq: local missing 82
Nov 19 05:39:18.642 ppc appl[3033]: 320813.15 MainEvents I: Mic Unmuted
Nov 19 05:39:18.645 ppc appl[3033]: 320813.15 CuilApp User (0) successfully executed command '/Audio/Microphones/Unmute' from .
Nov 19 05:39:18.748 ppc appl[3033]: 320813.25 CuilApp User (0) successfully executed command '/Standby/ResetTimer Delay: 5' from .
Nov 19 05:39:22.837 ppc appl[3033]: 320817.34 VIDEOLC-0 I: VLC_readySignalSourceEvent port:DVI-I 3: have signal
Nov 19 05:39:23.419 ppc appl[3033]: 320817.92 VIDEOLC-0 I: Received SignalDisplayEvent on port:HDMI 3, present:True
Nov 19 05:39:23.439 ppc appl[3033]: 320817.94 VIDEOCTRL-0 I: VIDEOCTRL_doReadyGateConnectReq: redundant signal for (outputrawvideo,23) from (MSCtrl,0)
Nov 19 05:39:23.475 ppc appl[3033]: 320817.98 VIDEOLC-0 I: Edid event received from output HDMI 3
Nov 19 05:39:23.476 ppc appl[3033]: 320817.98 VIDEOLC-0 I: Edid segment 0 for display HDMI 3:
Nov 19 05:39:23.477 ppc appl[3033]: 320817.98 VIDEOLC-0 I: 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
Nov 19 05:39:23.478 ppc appl[3033]: 320817.98 VIDEOLC-0 I: 0x05, 0xb8, 0x53, 0x0c, 0x00, 0x00, 0x00, 0x00,
Nov 19 05:39:23.480 ppc appl[3033]: 320817.98 VIDEOLC-0 I: 0x00, 0x15, 0x01, 0x03, 0x80, 0x3c, 0x22, 0x78,
Nov 19 05:39:23.481 ppc appl[3033]: 320817.98 VIDEOLC-0 I: 0x0a, 0x14, 0xe5, 0xa3, 0x56, 0x4c, 0x9d, 0x25,
Nov 19 05:39:23.482 ppc appl[3033]: 320817.99 VIDEOLC-0 I: 0x0e, 0x50, 0x54, 0xa5, 0x6f, 0x80, 0x81, 0x80,
Nov 19 05:39:23.483 ppc appl[3033]: 320817.99 VIDEOLC-0 I: 0x81, 0x8f, 0x71, 0x40, 0xb3, 0x00, 0x81, 0x4f,
Nov 19 05:39:23.484 ppc appl[3033]: 320817.99 VIDEOLC-0 I: 0x71, 0x4f, 0x01, 0x01, 0x01, 0x01, 0x27, 0x3c,
Nov 19 05:39:23.486 ppc appl[3033]: 320817.99 VIDEOLC-0 I: 0x80, 0xa1, 0x70, 0xb0, 0x23, 0x40, 0x30, 0x20,
Nov 19 05:39:23.487 ppc appl[3033]: 320817.99 VIDEOLC-0 I: 0x36, 0x00, 0x56, 0x50, 0x21, 0x00, 0x00, 0x1a,
Nov 19 05:39:23.488 ppc appl[3033]: 320817.99 VIDEOLC-0 I: 0x21, 0x39, 0x90, 0x30, 0x62, 0x1a, 0x27, 0x40,
Nov 19 05:39:23.489 ppc appl[3033]: 320817.99 VIDEOLC-0 I: 0x68, 0xb0, 0x36, 0x00, 0x56, 0x50, 0x21, 0x00,
Nov 19 05:39:23.490 ppc appl[3033]: 320817.99 VIDEOLC-0 I: 0x00, 0x1c, 0x00, 0x00, 0x00, 0xfd, 0x00, 0x38,
Nov 19 05:39:23.491 ppc appl[3033]: 320817.99 VIDEOLC-0 I: 0x4b, 0x1e, 0x53, 0x11, 0x00, 0x0a, 0x20, 0x20,
Nov 19 05:39:23.492 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x20, 0x20, 0x20, 0x20, 0x00, 0x00, 0x00, 0xfc,
Nov 19 05:39:23.493 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x00, 0x44, 0x56, 0x58, 0x2d, 0x33, 0x31, 0x35,
Nov 19 05:39:23.494 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x35, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x01, 0x46,
Nov 19 05:39:23.495 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x02, 0x03, 0x1f, 0xf1, 0x4e, 0x84, 0x05, 0x03,
Nov 19 05:39:23.496 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x02, 0x20, 0x22, 0x10, 0x11, 0x13, 0x12, 0x14,
Nov 19 05:39:23.497 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x1f, 0x07, 0x16, 0x23, 0x09, 0x7f, 0x07, 0x67,
Nov 19 05:39:23.498 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x03, 0x0c, 0x00, 0x20, 0x00, 0x80, 0x2c, 0x01,
Nov 19 05:39:23.499 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x1d, 0x00, 0x72, 0x51, 0xd0, 0x1e, 0x20, 0x38,
Nov 19 05:39:23.499 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x88, 0x15, 0x00, 0x56, 0x50, 0x21, 0x00, 0x00,
Nov 19 05:39:23.500 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x1e, 0x01, 0x1d, 0x80, 0x18, 0x71, 0x1c, 0x16,
Nov 19 05:39:23.501 ppc appl[3033]: 320818.00 VIDEOLC-0 I: 0x20, 0x58, 0x2c, 0x25, 0x00, 0x56, 0x50, 0x21,
Nov 19 05:39:23.503 ppc appl[3033]: 320818.01 VIDEOLC-0 I: 0x00, 0x00, 0x9e, 0x8c, 0x0a, 0xd0, 0x8a, 0x20,
Nov 19 05:39:23.503 ppc appl[3033]: 320818.01 VIDEOLC-0 I: 0xe0, 0x2d, 0x10, 0x10, 0x3e, 0x96, 0x00, 0x56,
Nov 19 05:39:23.504 ppc appl[3033]: 320818.01 VIDEOLC-0 I: 0x50, 0x21, 0x00, 0x00, 0x18, 0x02, 0x3a, 0x80,
Nov 19 05:39:23.505 ppc appl[3033]: 320818.01 VIDEOLC-0 I: 0x18, 0x71, 0x38, 0x2d, 0x40, 0x58, 0x2c, 0x45,
Nov 19 05:39:23.506 ppc appl[3033]: 320818.01 VIDEOLC-0 I: 0x00, 0x56, 0x50, 0x21, 0x00, 0x00, 0x1e, 0x00,
Nov 19 05:39:23.507 ppc appl[3033]: 320818.01 VIDEOLC-0 I: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Nov 19 05:39:23.508 ppc appl[3033]: 320818.01 VIDEOLC-0 I: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Nov 19 05:39:23.509 ppc appl[3033]: 320818.01 VIDEOLC-0 I: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b,
Nov 19 05:39:23.511 ppc appl[3033]: 320818.01 VIDEOLC-0 I: Edid event received, new timing list made for output HDMI 3
Nov 19 05:39:23.513 ppc appl[3033]: 320818.02 VIDEOLC-0 I: Edid event received from output HDMI 3, new digital/hdmi status, reconfigure output to 1920x1080@60Hz HDMI timing
Nov 19 05:39:23.518 ppc appl[3033]: 320818.02 VIDEOLC-0 I: Configuration of output HDMI 3 to 1920x1080@60Hz timing confirmed
Nov 19 05:39:23.670 ppc appl[3033]: 320818.17 VIDEOLC-0 I: Received SignalDisplayEvent on port:HDMI 1, present:True
Nov 19 05:39:23.687 ppc appl[3033]: 320818.19 VIDEOCTRL-0 I: VIDEOCTRL_doReadyGateConnectReq: redundant signal for (outputrawvideo,21) from (MSCtrl,0)
Nov 19 05:39:23.725 ppc appl[3033]: 320818.23 VIDEOLC-0 I: Edid event received from output HDMI 1
Nov 19 05:39:23.726 ppc appl[3033]: 320818.23 VIDEOLC-0 I: Edid segment 0 for display HDMI 1:
Nov 19 05:39:23.727 ppc appl[3033]: 320818.23 VIDEOLC-0 I: 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00,
Nov 19 05:39:23.729 ppc appl[3033]: 320818.23 VIDEOLC-0 I: 0x05, 0xb8, 0x53, 0x0c, 0x00, 0x00, 0x00, 0x00,
Nov 19 05:39:23.730 ppc appl[3033]: 320818.23 VIDEOLC-0 I: 0x00, 0x15, 0x01, 0x03, 0x80, 0x3c, 0x22, 0x78,
Nov 19 05:39:23.731 ppc appl[3033]: 320818.23 VIDEOLC-0 I: 0x0a, 0x14, 0xe5, 0xa3, 0x56, 0x4c, 0x9d, 0x25,
Nov 19 05:39:23.732 ppc appl[3033]: 320818.24 VIDEOLC-0 I: 0x0e, 0x50, 0x54, 0xa5, 0x6f, 0x80, 0x81, 0x80,
Nov 19 05:39:23.734 ppc appl[3033]: 320818.24 VIDEOLC-0 I: 0x81, 0x8f, 0x71, 0x40, 0xb3, 0x00, 0x81, 0x4f,
Nov 19 05:39:23.735 ppc appl[3033]: 320818.24 VIDEOLC-0 I: 0x71, 0x4f, 0x01, 0x01, 0x01, 0x01, 0x27, 0x3c,
Nov 19 05:39:23.736 ppc appl[3033]: 320818.24 VIDEOLC-0 I: 0x80, 0xa1, 0x70, 0xb0, 0x23, 0x40, 0x30, 0x20,
Nov 19 05:39:23.737 ppc appl[3033]: 320818.24 VIDEOLC-0 I: 0x36, 0x00, 0x56, 0x50, 0x21, 0x00, 0x00, 0x1a,
Nov 19 05:39:23.738 ppc appl[3033]: 320818.24 VIDEOLC-0 I: 0x21, 0x39, 0x90, 0x30, 0x62, 0x1a, 0x27, 0x40,
Nov 19 05:39:23.739 ppc appl[3033]: 320818.24 VIDEOLC-0 I: 0x68, 0xb0, 0x36, 0x00, 0x56, 0x50, 0x21, 0x00,
Nov 19 05:39:23.740 ppc appl[3033]: 320818.24 VIDEOLC-0 I: 0x00, 0x1c, 0x00, 0x00, 0x00, 0xfd, 0x00, 0x38,
Nov 19 05:39:23.741 ppc appl[3033]: 320818.24 VIDEOLC-0 I: 0x4b, 0x1e, 0x53, 0x11, 0x00, 0x0a, 0x20, 0x20,
Nov 19 05:39:23.743 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x20, 0x20, 0x20, 0x20, 0x00, 0x00, 0x00, 0xfc,
Nov 19 05:39:23.743 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x00, 0x44, 0x56, 0x58, 0x2d, 0x33, 0x31, 0x35,
Nov 19 05:39:23.744 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x35, 0x0a, 0x20, 0x20, 0x20, 0x20, 0x01, 0x46,
Nov 19 05:39:23.745 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x02, 0x03, 0x1f, 0xf1, 0x4e, 0x84, 0x05, 0x03,
Nov 19 05:39:23.746 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x02, 0x20, 0x22, 0x10, 0x11, 0x13, 0x12, 0x14,
Nov 19 05:39:23.747 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x1f, 0x07, 0x16, 0x23, 0x09, 0x7f, 0x07, 0x67,
Nov 19 05:39:23.748 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x03, 0x0c, 0x00, 0x20, 0x00, 0x80, 0x2c, 0x01,
Nov 19 05:39:23.749 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x1d, 0x00, 0x72, 0x51, 0xd0, 0x1e, 0x20, 0x38,
Nov 19 05:39:23.749 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x88, 0x15, 0x00, 0x56, 0x50, 0x21, 0x00, 0x00,
Nov 19 05:39:23.751 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x1e, 0x01, 0x1d, 0x80, 0x18, 0x71, 0x1c, 0x16,
Nov 19 05:39:23.751 ppc appl[3033]: 320818.25 VIDEOLC-0 I: 0x20, 0x58, 0x2c, 0x25, 0x00, 0x56, 0x50, 0x21,
Nov 19 05:39:23.752 ppc appl[3033]: 320818.26 VIDEOLC-0 I: 0x00, 0x00, 0x9e, 0x8c, 0x0a, 0xd0, 0x8a, 0x20,
Nov 19 05:39:23.753 ppc appl[3033]: 320818.26 VIDEOLC-0 I: 0xe0, 0x2d, 0x10, 0x10, 0x3e, 0x96, 0x00, 0x56,
Nov 19 05:39:23.754 ppc appl[3033]: 320818.26 VIDEOLC-0 I: 0x50, 0x21, 0x00, 0x00, 0x18, 0x02, 0x3a, 0x80,
Nov 19 05:39:23.755 ppc appl[3033]: 320818.26 VIDEOLC-0 I: 0x18, 0x71, 0x38, 0x2d, 0x40, 0x58, 0x2c, 0x45,
Nov 19 05:39:23.755 ppc appl[3033]: 320818.26 VIDEOLC-0 I: 0x00, 0x56, 0x50, 0x21, 0x00, 0x00, 0x1e, 0x00,
Nov 19 05:39:23.757 ppc appl[3033]: 320818.26 VIDEOLC-0 I: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Nov 19 05:39:23.757 ppc appl[3033]: 320818.26 VIDEOLC-0 I: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Nov 19 05:39:23.759 ppc appl[3033]: 320818.26 VIDEOLC-0 I: 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8b,
Nov 19 05:39:23.760 ppc appl[3033]: 320818.26 VIDEOLC-0 I: Edid event received, new timing list made for output HDMI 1
Nov 19 05:39:23.762 ppc appl[3033]: 320818.27 VIDEOLC-0 I: Edid event received from output HDMI 1, new digital/hdmi status, reconfigure output to 1920x1080@60Hz HDMI timing
Nov 19 05:39:23.775 ppc appl[3033]: 320818.28 VIDEOLC-0 I: Configuration of output HDMI 1 to 1920x1080@60Hz timing confirmed
Nov 19 05:39:24.000 arm0 vpe0: composer #0-0: menu 1920x1080 == display 1920x1080, menu mux/scaler enabled
Nov 19 05:39:24.000 arm0 vpe0: irq scaler #0-1: data valid when scaler not ready
Nov 19 05:39:24.000 arm4 vpe2: irq scaler #0-1: data valid when scaler not ready
Nov 19 05:39:24.000 arm4 vpe2: irq: local missing 82
Nov 19 05:39:24.000 arm0 vpe0: irq: local missing 83
Nov 19 05:39:25.746 ppc appl[3033]: 320820.25 VIDEOLC-0 I: VLC_readySignalSourceEvent port:DVI-I 3: no signal
Nov 19 05:39:26.038 ppc appl[3033]: 320820.54 VIDEOLC-0 I: VLC_readySignalSourceEvent port:DVI-I 3: have signal
Nov 19 05:39:27.047 ppc appl[3033]: 320821.55 VIDEOLC-0 I: Received SourceFormatEvent from video link 16 (1920x1080@60, digital, ok) in ready state
Nov 19 05:39:47.740 ppc appl[3033]: 320842.24 CuilApp User (0) successfully executed command '/Standby/ResetTimer Delay: 5' from .
Nov 19 05:39:48.093 ppc appl[3033]: 320842.60 CuilApp User (0) successfully executed command '/SystemUnit/MenuPassword/Validate Password: Input Hidden' from .
Nov 19 05:39:49.035 ppc appl[3033]: 320843.54 CuilApp User (0) successfully executed command '/Standby/ResetTimer Delay: 5' from .
Nov 19 05:39:49.192 ppc appl[3033]: 320843.70 CuilApp User (0) successfully changed configuration '/Audio/SoundsAndAlerts/RingTone' to 'Polaris' from .
Nov 19 05:39:49.206 ppc appl[3033]: 320843.71 MediaStreamController I: SC::PlayReq(og=22) path='/sounds/polaris.mp4', toneType=file
Nov 19 05:39:49.207 ppc appl[3033]: 320843.71 MediaStreamController I: SC::PlayCnf(og=22) path='/sounds/polaris.mp4', toneType=file
Nov 19 05:39:49.210 ppc appl[3033]: 320843.71 CuilApp User (0) successfully executed command '/Audio/Sound/Play Loop: Off Sound: VideoCall' from .
Nov 19 05:39:49.631 ppc appl[3033]: 320844.13 CuilApp User (0) successfully executed command '/Standby/ResetTimer Delay: 5' from .
Nov 19 05:39:49.728 ppc appl[3033]: 320844.23 CuilApp User (0) successfully changed configuration '/Audio/SoundsAndAlerts/RingTone' to 'Marbles' from .
Nov 19 05:39:49.779 ppc appl[3033]: 320844.28 MediaStreamController I: SC::PlayReq(og=22) path='/sounds/marbles.mp4', toneType=file
Nov 19 05:39:49.783 ppc appl[3033]: 320844.29 CuilApp User (0) successfully executed command '/Audio/Sound/Play Loop: Off Sound: VideoCall' from .
Nov 19 05:39:49.793 ppc appl[3033]: 320844.30 MediaStreamController I: SC::PlayCnf(og=22) path='/sounds/marbles.mp4', toneType=file
Nov 19 05:39:51.184 ppc appl[3033]: 320845.69 CuilApp User (0) successfully executed command '/Standby/ResetTimer Delay: 5' from .
Nov 19 05:39:51.461 ppc appl[3033]: 320845.96 CuilApp User (0) successfully executed command '/Audio/Sound/Stop' from .
Nov 19 05:39:53.282 ppc appl[3033]: 320847.79 CuilApp User (0) successfully executed command '/Standby/ResetTimer Delay: 5' from .
Any help much appreciated!From those messages it looks like the endpoint is seeing the external source disconnect and then reconnect (and then renegotiate the EDID info). So I'd been looking at your AMX switcher - have you got another one you can swap it with to see if the issue stays with this room, or follows the switcher? Or can you bypass it with a different cable or device?
Wayne
Please remember to rate responses and to mark your question as answered if appropriate. -
New to Cisco, ASA5505 Help
Afternoon guys,
I have decided I want to learn Cisco so made the decision to pick up a used ASA 5505 from ebay and use it as my main firewall/router. I have it installed and working but have a few questions about configuration, as some of what i have done seems like a very inefficient way of setting things up.
My Basic config is this
O2 ADSL Modem in bridge only mode 192.168.1.254 > ASA 5505 Public Static IP >ASA Inside 192.168.1.1 > Rest of internal LAN.
I have spotted this blog post that details how to get to the modems WebUI through a Cisco router, But i am not sure how I would implement it in my network setup so would like advice on this.
http://en.tiagomarques.info/2011/05/access-your-modem-webui-behind-a-cisco-router-bridged-configuration/
O2 Modem IP: 192.168.1.254 ASA inside IP: 192.168.1.1Apple Airport: 192.168.1.2 (Wireless Bridge)LAN : 192.168.1.0/24 (VLAN 1)
The other thing I would like to ask is about PAT, I have configured it to allow Ports 3074TCP/UDP and 88TCP inbound to my Xbox to allow Xbox live to work. But I would like to know if there is a better way to do this using object groups.
This is currenlty how I set it up,
object network xbox_udp_3074host 192.168.1.5nat (inside,outside) static interface service udp 3074 3074exitaccess-list acl_outside extended permit udp any object xbox_udp_3074 eq 3074object network xbox_tcp_3074host 192.168.1.5nat (inside,outside) static interface service tcp 3074 3074exitaccess-list acl_outside extended permit udp any object xbox_tcp_3074 eq 3074object network xbox_udp_88host 192.168.1.5nat (inside,outside) static interface service udp 88 88exitaccess-list acl_outside extended permit udp any object xbox_udp_88 eq 88
What I would like to know is there a better more efficient way of setting this up as I have 3 network objects with 3 NAT statements and 1 ACL.
Finally I have attempted to configure a Client VPN on the ASA and it works and connects but the problem is it only appears to let web traffic through. If i connect using the VPN built into my iPhone and try a ping using using Ping Lite app i dont get any responce's. but if you open safari and put in 192.168.1.4 I get the WebUI of my NAS device if i try to RDP to my home server the connection times out. If i drop the VPN and connect to Wifi i can ping and RDP from my phone ok so it must be a config problem.
Below is my full config I have masked the password and cryptochecksum
: Saved: Written by enable_15 at 02:08:45.939 GMT Sat Apr 21 2012!ASA Version 8.4(3) !hostname warrillow-asa1domain-name warrillow.localenable password (Masked) encryptedpasswd (Masked) encryptednames!interface Ethernet0/0 description physical connection to O2 Box IV switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 description to inside VLAN nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 !interface Vlan2 description to outside interface (O2 Modem) nameif outside security-level 0 ip address (Public Static IP) 255.255.254.0 !ftp mode passiveclock timezone gmt 0clock summer-time GMT recurringdns server-group DefaultDNS domain-name warrillow.localobject network obj_any subnet 192.168.1.0 255.255.255.0object service playOn service tcp destination eq 57331 object service service_xbox_udp_88 service tcp destination eq 88 object network HomeServer_tcp_57331 host 192.168.1.250object network xbox_udp_3074 host 192.168.1.5object network xbox_tcp_3074 host 192.168.1.5object network xbox_udp_88 host 192.168.1.5object-group icmp-type DefaultICMP description Default ICMP Types permitted icmp-object echo-reply icmp-object unreachable icmp-object time-exceededobject-group service xbox_live tcp-udp port-object eq 3074 port-object eq 88object-group protocol TCPUDP protocol-object udp protocol-object tcpaccess-list acl_outside extended permit icmp any any object-group DefaultICMP access-list acl_outside extended permit tcp any object HomeServer_tcp_57331 eq 57331 access-list acl_outside extended permit udp any object xbox_udp_3074 eq 3074 access-list acl_outside extended permit tcp any object xbox_tcp_3074 eq 3074 access-list acl_outside extended permit udp any object xbox_udp_88 eq 88 pager lines 24mtu inside 1500mtu outside 1500ip local pool vpnpool 10.0.0.2-10.0.0.200 mask 255.255.255.0icmp unreachable rate-limit 1 burst-size 1icmp permit any echo-reply outsideno asdm history enablearp timeout 14400!object network obj_any nat (inside,outside) dynamic interfaceobject network HomeServer_tcp_57331 nat (inside,outside) static interface service tcp 57331 57331 object network xbox_udp_3074 nat (inside,outside) static interface service udp 3074 3074 object network xbox_tcp_3074 nat (inside,outside) static interface service tcp 3074 3074 object network xbox_udp_88 nat (inside,outside) static interface service udp 88 88 access-group acl_outside in interface outsideroute outside 0.0.0.0 0.0.0.0 (Public Static IP) 1timeout xlate 3:00:00timeout pat-xlate 0:00:30timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyuser-identity default-domain LOCALaaa authentication ssh console LOCAL http server enablehttp 192.168.1.0 255.255.255.0 insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstart warmstartcrypto ipsec ikev1 transform-set strong-des esp-3des esp-md5-hmac crypto dynamic-map dynmap 30 set ikev1 transform-set strong-descrypto map warrillow 65535 ipsec-isakmp dynamic dynmapcrypto map warrillow interface outsidecrypto isakmp identity address crypto ikev1 enable outsidecrypto ikev1 policy 11 authentication pre-share encryption 3des hash md5 group 2 lifetime 86400telnet 192.168.1.0 255.255.255.0 insidetelnet timeout 30ssh 192.168.1.0 255.255.255.0 insidessh timeout 30console timeout 30threat-detection rate syn-attack rate-interval 600 average-rate 30 burst-rate 45threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160threat-detection basic-threatthreat-detection scanning-threat shun duration 3600threat-detection statisticsthreat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200webvpngroup-policy Warrillow internalgroup-policy Warrillow attributes wins-server none dns-server value 192.168.1.250 vpn-idle-timeout 120 vpn-tunnel-protocol ikev1 default-domain value warrillow.localusername mattw password (Masked) encrypted privilege 15tunnel-group Warrillow-VPN type remote-accesstunnel-group Warrillow-VPN general-attributes address-pool vpnpool default-group-policy Warrillowtunnel-group Warrillow-VPN ipsec-attributes ikev1 pre-shared-key *****!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options class class-default user-statistics accounting!service-policy global_policy globalprompt hostname context no call-home reporting anonymoushpm topN enable
EDIT: to remove public IP from config postedHi,
Adding the following configurations should allow ICMP through the ASA (for the echo-reply to come through also without using ACL)
policy-map global_policy class inspection_default
inspect icmp
Unless you had already added this.
You might also find the following documents/video helpfull. It shows off some of the common NAT configurations. This was mostly to help the people that were moving from the old to the new format. But it should be helpfull to you also. I know I sometimes double check there.
Document: https://supportforums.cisco.com/docs/DOC-9129
Video: https://supportforums.cisco.com/docs/DOC-12324 (also has a link to the above document)
Regarding the NAT configurations for modem management, I cant guarantee this will work but the first configuration that came to mind is the following (kind resembles the NONAT configuration)
Though I'm not really sure if this would work as the LAN network and the outside management IP is from the same network. But you can always try.
object network LAN
subnet 192.168.1.0 255.255.255.0
object network MODEM-MANAGEMENT
host 192.168.1.254
nat (inside,outside) source static LAN LAN destination static MODEM-MANAGEMENT MODEM-MANAGEMET
- Jouni -
New Features: Cisco Technical Support Mobile App v3.6
Cisco Technical Support Mobile App v3.6 - New Features:
On Monday, May 12th, a new version of the Cisco Technical Support mobile application was released with the following new features:
Aggregated Content For More Than Six Thousand Products
Select from one of more than six thousand models to access aggregated support documentation, software downloads, and Cisco Support Community content within "Product Information". It is like having your own personal library in the palm of your hand.
Pocket Integration
Send In-App content to your Pocket (Read-It-Later) account for easy, synchronized access across all your devices. As Darren Murph describes on BGR.com, you can further enhance your experience with IFTTT to automate content archival from your Pocket account to several other channels including Evernote, Instapaper, Dropbox, and Box.net.
For more Information
Pocket: http://www.getpocket.com
IFTTT: http://www.ifttt.com
IFTTT Pocket Recipes: https://ifttt.com/recipes?channel=pocket#popular
Support Contract Expiration Reminders
With your permission, event reminders can be added to your calendar 90 and 60 days prior to your support contracts expiring. Keeping your contracts up to date ensures non interrupted access to Cisco TAC.
And there's more…
Users with active support contracts can view, update and create support cases, track and initiate RMA Returns, and research software bug information. Stay up to date with the latest offerings from Cisco through several Video, Podcasts and RSS Feeds.
How to Download the App
The app can be found by searching for "Cisco Technical Support"in either the iTunes or Google Play App Stores. Direct links to the app are provided below:
iOS: https://itunes.apple.com/us/app/cisco-technical-support/id398104252?mt=8
Android: https://play.google.com/store/apps/details?id=com.cisco.swtg_android&hl=enHi Jessica,
On the iOS mobile app, communities with sub-communities are identified by a blue arrow next to the community. If you tap on the community name you will be taken to the community, if you tap on the blue arrow you will be taken to the sub-communities within that parent community. For Android tapping on the arrow next to the community name will expand that community to show any sub-communities underneath it. I hope this helps.
Thanks,
Kent -
What's New in Cisco Active Advisor?
Hello folks,
A new version of CAA is up, with a bunch of new features and bug fixes. Here’s a glimpse of the new features added recently.
1) Delete devices
Devices on your inventory list can now be deleted.
Simply select the devices to delete and click the Trash icon at the top of the list.
You will be asked to confirm your delete request.
2) Enabled Features
Quickly discover your devices’ enabled features using CAA! All IOS devices that enter your inventory list are now scanned for their enabled features.
In the device’s window, you’ll find a new tab named ‘Enabled Features’
Clicking this tab will show all the features that are enabled on your IOS device, ordered by Technology and Features.
Clicking on the various Technology names will open up a new window that shows all available features under that category.
3) Line cards and modules
Good news! Now line cards and modules on your switches and routers will be discovered and displayed in CAA.
In the inventory list, some devices will have the line card and modules icon
This indicates that CAA has discovered line cards or modules on your chassis.
Clicking this icon will lead you to the list of discovered modules. There you will see its status information, as well as relevant lifecycle data.
When you go into the device overview window, click the same icon to see the line cards and modules list.
Please note that there is a color code to the line cards and modules icon.
Red indicates that CAA has found lifecycle alerts on one or more of your modules
Blue indicates that no lifecycle alerts have been found.
Please let us know what you think of these feature additions and of Cisco Active Advisor in general!
We'd love to hear your thoughts and feedback!
Thanks,
The CAA TeamBug fixes.
Type "ios 6.0.2" into the search bar at the top of this page by Support and read for yourself. -
Cisco Codec 20 disconnected every 15minutes
Hi Cisco Expert,
We have an issue on our C20 where the video calls were disconnected exactly every 15 minutes.
Here is the logs that we have encountered:
2015-02-25T08:21:45.238+08:00 ppc eventlog[2731]: Warning (H323MCS-0:Disconnecting): Unexpected message H323MCS_CapSet_Ind from H245LO-0
2015-02-25T08:21:48.331+08:00 ppc eventlog[2731]: functional/videocontroller/router/vrtask.cpp:1163 VideoRouter_Ready_doRTPMediaStreamTXStopInd: No gate id 103
2015-02-25T08:38:02.006+08:00 ppc eventlog[2731]: Warning (H323MCS-0:Disconnecting): Unexpected message H323MCS_CapSet_Ind from H245LO-0
2015-02-25T08:38:05.736+08:00 ppc eventlog[2731]: functional/videocontroller/router/vrtask.cpp:1163 VideoRouter_Ready_doRTPMediaStreamTXStopInd: No gate id 103
2015-02-25T08:54:50.762+08:00 ppc eventlog[2731]: Warning (H245LO-0:Outg_EndSession): Unexpected message H245LO_PresentationTokenIndicateOwner from H245LO-0
2015-02-25T08:54:51.495+08:00 ppc eventlog[2731]: Warning (H245LO-0:Outg_EndSession): Unexpected message H245LO_LogicalChannelInactive from H245LO-0
2015-02-25T08:54:51.498+08:00 ppc eventlog[2731]: Warning (H245LO-0:Outg_EndSession): Unexpected message H245LO_PresentationTokenRelease from H245LO-0
2015-02-25T08:54:53.641+08:00 ppc eventlog[2731]: functional/videocontroller/router/vrtask.cpp:1163 VideoRouter_Ready_doRTPMediaStreamTXStopInd: No gate id 103
2015-02-25T08:55:36.209+08:00 ppc eventlog[2731]: F Unexpected message in OLCSE_ESTABLISHED<15> Feb 25 08:55:36.215576 local eventlog[2731]: 2974908.770158135 !H245LO-0 <- FSM_TIMER-0 H245LO_OLcse_T103 S:Ready
2015-02-25T09:01:47.535+08:00 ppc eventlog[2731]: VideoRouter_Ready_doRTPMediaStreamRXIndList: destination gate 4 not specified
2015-02-25T09:01:47.734+08:00 ppc eventlog[2731]: E - Channel not found, arrived flowControlIndication ignored! [lcn: 2 rate: 4480]<15> Feb 25 09:01:47.820867 local appl[2731]: 2975280.38 scriptbuffer SUCCESS deallocate(fsm: DEC_FSM 1)
2015-02-25T09:09:35.212+08:00 ppc eventlog[2731]: E - Channel not found, arrived flowControlIndication ignored! [lcn: 2 rate: 2240]<14> Feb 25 09:09:36.126163 local appl[2731]: 2975748.68 videocontroller.log I: report 1739 inputvideo majors h264 1280 720 1 1 | ts=2975748679
2015-02-25T09:17:47.708+08:00 ppc eventlog[2731]: E - Channel not found, arrived flowControlIndication ignored! [lcn: 2 rate: 4480]<15> Feb 25 09:17:47.714617 local appl[2731]: 2976240.27 scriptbuffer SUCCESS add_route(fsm: VIDEOROUTER 0, srcid: 5, srcfsm: RtpStack 0, dstfsm: *** 65535, webcam: OFF, port: 0)
2015-02-25T09:19:52.474+08:00 ppc eventlog[2731]: tshelld: EOF from client
2015-02-25T09:25:48.432+08:00 ppc eventlog[2731]: tshelld: EOF from client
Please help on this.
Thank you.
Regards,
RalphHi Ralph,
Do you have any Riverbed or Network Performance Enhancement devices inbetween?
Do you notice video degradation around the 16 minute mark on the codec which looses audio?
Have you Implemented QoS within the TP Environment? It sounds like you are having an issue with QoS Real Time Queues with Audio (EF Tagged maybe?)
I would recommend sitting a wireshark on a SPAN port within the link looking at the RTP media stream and then go from there. see if you can see issues with the RTP Stream look for packet loss at the 16 minute mark etc.
@Chris I assume it a VCS Control that is being used there as it internal MPLS
EDIT:Has it ever worked ok before? and has any changes happened in the environment recently that has effected it?
I would also look if possible having wireshark 2 sessions identical at same time to compare them one of each side of the link etc. These issues can be tricky to nail down. -
Hello,
I recently purchased the entire Creative Cloud suite of applications including Adobe Premiere. Everything works correctly however many of the professional level codecs are missing from the aps, ie. XDcam, RED, etc.. It's not possible to generate the sequences, import files, or open CS6 projects that utilize XDcam. This is a huge problem because our workflow relies on XD footage. It's as if the programs are stuck in a trail mode and will not unlock even if my named license is associated with the products. I've done 4 complete uninstalls, run adobe registry cleaner, repackaged three different CC deployments from the admin console, and still cannot get it to work. Is this familiar with anyone? I've talked to Adobe Tech Support and was passed around from tech to tech for 2 hours with no solution. Thanks for any help in advance.
BobSo for anyone else with a similar issue, I may have found the solution. First, despite being told the new VMS runs MoCA 2.0 (and the Verizon splitters all saying 2.0 on them), in the Actiontec Router settings, it states that the network is running 1.1, even without the ECB2500C plugged in. So take that for what it's worth.
Secondly, changing the "Ethernet / Coax Channel" from 1150Mhz to 1500 in the router settings has so far completely cleared up all of the previous symptoms. I'll post another update if I see any other weirdness running with these settings, but so far so good. -
AIRONET 1260 with new radius cisco ACS 4.x
Hi, I have a new CISCO AIRONET 1260
I have CISCO ACS 5.1 radius for VPN on ASA and tried to configure an NDG on it for AIRONET 1260 too and worked fine with IEEE 802.1x CISCO EAP-FAST authentication
As I had some trouble to let users to authenticate only on VPN if are VPN users and only on CISCO AIRONET if need only WIFI AIRONET
I tried exception policies rules but something not working. VPN was ok but not WIFI access denied for rule policy access
I decided to install CISCO ACS 4.x on Windows 2003 that is on ACS 5 DVD
I created NDG as done on ACS 5 put a shared secret , put on AIRONET too as done for ACS 5 but I receive an error against ACS 4.x
To troubleshout it I tried
http://www.cisco.com/en/US/partner/tech/tk722/tk720/technologies_configuration_example09186a00807bf3c8.shtml
but not work ! I think to have done all fine owever on ACS 5 it worked in 5 minutes
I searched log inside ACS 4 and found "Invalid message authenticator in EAP request" and I found this:
https://supportforums.cisco.com/docs/DOC-3991
Changed shared secret more times but ever not workign with ACS 4
what's wrong?
I need to have user and password prompt on client trying to authentincate on AIRONET WIFI and I need ACS INTERNAL USER no active directory, no LDAP , no external user databaseI have solved
-
Fairly new to cisco ASA 5505 - Can someone look through my config?
Hi.
Can some one tell me if I did the NAT part right? Both dynamic and static.
To be able to reach one vlan from another I created a Nat between them, is this the right way to do it?
I can still limit the access between the vlans based on the access list.
I also getting slow throughput over the VPN tunnel. Is there something wrong with my config. I used the wizard to set it up. There is also a cisco asa5505 on the other end.
If there is some thing else that seems wrong, please let me know.
Any help would be greatfully appreciated!
Config:
: Saved
ASA Version 7.2(2)
hostname ciscoasa
domain-name default.domain.invalid
enable password x encrypted
names
name 192.168.1.250 DomeneServer
name 192.168.1.10 NotesServer
name 192.168.1.90 OvServer
name 192.168.1.97 TerminalServer
name 192.168.1.98 w8-eyeshare
name 192.168.50.10 w8-print
name 192.168.1.94 w8-app
name 192.168.1.89 FonnaFlyMedia
interface Vlan1
nameif Vlan1
security-level 100
ip address 192.168.200.100 255.255.255.0
ospf cost 10
interface Vlan2
nameif outside
security-level 0
ip address 79.x.x.226 255.255.255.224
ospf cost 10
interface Vlan400
nameif vlan400
security-level 100
ip address 192.168.1.1 255.255.255.0
ospf cost 10
interface Vlan450
nameif Vlan450
security-level 100
ip address 192.168.210.1 255.255.255.0
ospf cost 10
interface Vlan460
nameif Vlan460-SuldalHotell
security-level 100
ip address 192.168.2.1 255.255.255.0
ospf cost 10
interface Vlan461
nameif Vlan461-SuldalHotellGjest
security-level 100
ip address 192.168.3.1 255.255.255.0
ospf cost 10
interface Vlan462
nameif Vlan462-Suldalsposten
security-level 100
ip address 192.168.4.1 255.255.255.0
ospf cost 10
interface Vlan470
nameif vlan470-Kyrkjekontoret
security-level 100
ip address 192.168.202.1 255.255.255.0
ospf cost 10
interface Vlan480
nameif vlan480-Telefoni
security-level 100
ip address 192.168.20.1 255.255.255.0
ospf cost 10
interface Vlan490
nameif Vlan490-QNapBackup
security-level 100
ip address 192.168.10.1 255.255.255.0
ospf cost 10
interface Vlan500
nameif Vlan500-HellandBadlands
security-level 100
ip address 192.168.30.1 255.255.255.0
ospf cost 10
interface Vlan510
nameif Vlan510-IsTak
security-level 100
ip address 192.168.40.1 255.255.255.0
ospf cost 10
interface Vlan600
nameif Vlan600-SafeQ
security-level 100
ip address 192.168.50.1 255.255.255.0
ospf cost 10
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 500
switchport trunk allowed vlan 400,450,460-462,470,480,500,510,600,610
switchport mode trunk
interface Ethernet0/3
switchport access vlan 490
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd x encrypted
ftp mode passive
clock timezone WAT 1
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service Lotus_Notes_Utgaaande tcp
description Frim Notes og ut til alle
port-object eq domain
port-object eq ftp
port-object eq www
port-object eq https
port-object eq lotusnotes
port-object eq pop3
port-object eq pptp
port-object eq smtp
object-group service Lotus_Notes_inn tcp
description From alle og inn til Notes
port-object eq www
port-object eq lotusnotes
port-object eq pop3
port-object eq smtp
object-group service Reisebyraa tcp-udp
port-object range 3702 3702
port-object range 5500 5500
port-object range 9876 9876
object-group service Remote_Desktop tcp-udp
description Tilgang til Remote Desktop
port-object range 3389 3389
object-group service Sand_Servicenter_50000 tcp-udp
description Program tilgang til Sand Servicenter AS
port-object range 50000 50000
object-group service VNC_Remote_Admin tcp
description Frå oss til alle
port-object range 5900 5900
object-group service Printer_Accept tcp-udp
port-object range 9100 9100
port-object eq echo
object-group icmp-type Echo_Ping
icmp-object echo
icmp-object echo-reply
object-group service Print tcp
port-object range 9100 9100
object-group service FTP_NADA tcp
description Suldalsposten NADA tilgang
port-object eq ftp
port-object eq ftp-data
object-group service Telefonsentral tcp
description Hoftun
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
port-object eq telnet
object-group service Printer_inn_800 tcp
description Fra 800 nettet og inn til 400 port 7777
port-object range 7777 7777
object-group service Suldalsposten tcp
description Sending av mail vha Mac Mail programmet - åpner smtp
port-object eq pop3
port-object eq smtp
object-group service http2 tcp
port-object range 81 81
object-group service DMZ_FTP_PASSIVE tcp-udp
port-object range 55536 56559
object-group service DMZ_FTP tcp-udp
port-object range 20 21
object-group service DMZ_HTTPS tcp-udp
port-object range 443 443
object-group service DMZ_HTTP tcp-udp
port-object range 8080 8080
object-group service DNS_Query tcp
port-object range domain domain
object-group service DUETT_SQL_PORT tcp-udp
description For kobling mellom andre nett og duett server
port-object range 54659 54659
access-list outside_access_in extended permit ip any any
access-list outside_access_out extended permit ip any any
access-list vlan400_access_in extended deny ip any host 149.20.56.34
access-list vlan400_access_in extended deny ip any host 149.20.56.32
access-list vlan400_access_in extended permit ip any any
access-list Vlan450_access_in extended deny ip any host 149.20.56.34
access-list Vlan450_access_in extended deny ip any host 149.20.56.32
access-list Vlan450_access_in extended permit ip any any
access-list Vlan460_access_in extended deny ip any host 149.20.56.34
access-list Vlan460_access_in extended deny ip any host 149.20.56.32
access-list Vlan460_access_in extended permit ip any any
access-list vlan400_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan400_access_out extended permit tcp any host NotesServer object-group Lotus_Notes_Utgaaande
access-list vlan400_access_out extended permit tcp any host DomeneServer object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host TerminalServer object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host OvServer object-group http2
access-list vlan400_access_out extended permit tcp any host NotesServer object-group Lotus_Notes_inn
access-list vlan400_access_out extended permit tcp any host NotesServer object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host w8-eyeshare object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host w8-app object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host FonnaFlyMedia range 8400 8600
access-list vlan400_access_out extended permit udp any host FonnaFlyMedia range 9000 9001
access-list vlan400_access_out extended permit tcp 192.168.4.0 255.255.255.0 host DomeneServer
access-list vlan400_access_out extended permit tcp 192.168.4.0 255.255.255.0 host w8-app object-group DUETT_SQL_PORT
access-list Vlan500_access_in extended deny ip any host 149.20.56.34
access-list Vlan500_access_in extended deny ip any host 149.20.56.32
access-list Vlan500_access_in extended permit ip any any
access-list vlan470_access_in extended deny ip any host 149.20.56.34
access-list vlan470_access_in extended deny ip any host 149.20.56.32
access-list vlan470_access_in extended permit ip any any
access-list Vlan490_access_in extended deny ip any host 149.20.56.34
access-list Vlan490_access_in extended deny ip any host 149.20.56.32
access-list Vlan490_access_in extended permit ip any any
access-list Vlan450_access_out extended permit icmp any any object-group Echo_Ping
access-list Vlan1_access_out extended permit ip any any
access-list Vlan1_access_out extended permit tcp any host w8-print object-group Remote_Desktop
access-list Vlan1_access_out extended deny ip any any
access-list Vlan1_access_out extended permit icmp any any echo-reply
access-list Vlan460_access_out extended permit icmp any any object-group Echo_Ping
access-list Vlan490_access_out extended permit icmp any any object-group Echo_Ping
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_FTP
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_FTP_PASSIVE
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_HTTPS
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_HTTP
access-list Vlan500_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan470_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan470_access_out extended permit tcp any host 192.168.202.10 object-group Remote_Desktop
access-list Vlan510_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan480_access_out extended permit ip any any
access-list Vlan510_access_in extended permit ip any any
access-list Vlan600_access_in extended permit ip any any
access-list Vlan600_access_out extended permit icmp any any
access-list Vlan600_access_out extended permit tcp any host w8-print object-group Remote_Desktop
access-list Vlan600_access_out extended permit tcp 192.168.1.0 255.255.255.0 host w8-print eq www
access-list Vlan600_access_out extended permit tcp 192.168.202.0 255.255.255.0 host w8-print eq www
access-list Vlan600_access_out extended permit tcp 192.168.210.0 255.255.255.0 host w8-print eq www
access-list Vlan600_access_in_1 extended permit ip any any
access-list Vlan461_access_in extended permit ip any any
access-list Vlan461_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan400_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.77.0 255.255.255.0
access-list outside_20_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 192.168.77.0 255.255.255.0
access-list outside_20_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.77.0 255.255.255.0
access-list Vlan462-Suldalsposten_access_in extended permit ip any any
access-list Vlan462-Suldalsposten_access_out extended permit icmp any any echo-reply
access-list Vlan462-Suldalsposten_access_out_1 extended permit icmp any any echo-reply
access-list Vlan462-Suldalsposten_access_in_1 extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu Vlan1 1500
mtu outside 1500
mtu vlan400 1500
mtu Vlan450 1500
mtu Vlan460-SuldalHotell 1500
mtu Vlan461-SuldalHotellGjest 1500
mtu vlan470-Kyrkjekontoret 1500
mtu vlan480-Telefoni 1500
mtu Vlan490-QNapBackup 1500
mtu Vlan500-HellandBadlands 1500
mtu Vlan510-IsTak 1500
mtu Vlan600-SafeQ 1500
mtu Vlan462-Suldalsposten 1500
no failover
monitor-interface Vlan1
monitor-interface outside
monitor-interface vlan400
monitor-interface Vlan450
monitor-interface Vlan460-SuldalHotell
monitor-interface Vlan461-SuldalHotellGjest
monitor-interface vlan470-Kyrkjekontoret
monitor-interface vlan480-Telefoni
monitor-interface Vlan490-QNapBackup
monitor-interface Vlan500-HellandBadlands
monitor-interface Vlan510-IsTak
monitor-interface Vlan600-SafeQ
monitor-interface Vlan462-Suldalsposten
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (vlan400) 0 access-list vlan400_nat0_outbound
nat (vlan400) 1 0.0.0.0 0.0.0.0 dns
nat (Vlan450) 1 0.0.0.0 0.0.0.0 dns
nat (Vlan460-SuldalHotell) 1 0.0.0.0 0.0.0.0
nat (Vlan461-SuldalHotellGjest) 1 0.0.0.0 0.0.0.0
nat (vlan470-Kyrkjekontoret) 1 0.0.0.0 0.0.0.0
nat (Vlan490-QNapBackup) 1 0.0.0.0 0.0.0.0 dns
nat (Vlan500-HellandBadlands) 1 0.0.0.0 0.0.0.0
nat (Vlan510-IsTak) 1 0.0.0.0 0.0.0.0
nat (Vlan600-SafeQ) 1 0.0.0.0 0.0.0.0
nat (Vlan462-Suldalsposten) 1 0.0.0.0 0.0.0.0
static (vlan400,outside) 79.x.x.x DomeneServer netmask 255.255.255.255
static (vlan470-Kyrkjekontoret,outside) 79.x.x.x 192.168.202.10 netmask 255.255.255.255
static (vlan400,outside) 79.x.x.x NotesServer netmask 255.255.255.255 dns
static (vlan400,outside) 79.x.x.231 TerminalServer netmask 255.255.255.255
static (vlan400,outside) 79.x.x.234 OvServer netmask 255.255.255.255
static (vlan400,outside) 79.x.x.232 w8-eyeshare netmask 255.255.255.255
static (Vlan490-QNapBackup,outside) 79.x.x.233 192.168.10.10 netmask 255.255.255.255 dns
static (Vlan600-SafeQ,outside) 79.x.x.235 w8-print netmask 255.255.255.255
static (vlan400,outside) 79.x.x.236 w8-app netmask 255.255.255.255
static (Vlan450,vlan400) 192.168.210.0 192.168.210.0 netmask 255.255.255.0
static (Vlan500-HellandBadlands,vlan400) 192.168.30.0 192.168.30.0 netmask 255.255.255.0
static (vlan400,Vlan500-HellandBadlands) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400,Vlan450) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400,outside) 79.x.x.252 FonnaFlyMedia netmask 255.255.255.255
static (Vlan462-Suldalsposten,vlan400) 192.168.4.0 192.168.4.0 netmask 255.255.255.0
static (vlan400,Vlan462-Suldalsposten) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400,Vlan600-SafeQ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (Vlan600-SafeQ,vlan400) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan600-SafeQ,Vlan450) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan600-SafeQ,vlan470-Kyrkjekontoret) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan450,Vlan600-SafeQ) 192.168.210.0 192.168.210.0 netmask 255.255.255.0
static (vlan470-Kyrkjekontoret,Vlan600-SafeQ) 192.168.202.0 192.168.202.0 netmask 255.255.255.0
access-group Vlan1_access_out out interface Vlan1
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
access-group vlan400_access_in in interface vlan400
access-group vlan400_access_out out interface vlan400
access-group Vlan450_access_in in interface Vlan450
access-group Vlan450_access_out out interface Vlan450
access-group Vlan460_access_in in interface Vlan460-SuldalHotell
access-group Vlan460_access_out out interface Vlan460-SuldalHotell
access-group Vlan461_access_in in interface Vlan461-SuldalHotellGjest
access-group Vlan461_access_out out interface Vlan461-SuldalHotellGjest
access-group vlan470_access_in in interface vlan470-Kyrkjekontoret
access-group vlan470_access_out out interface vlan470-Kyrkjekontoret
access-group vlan480_access_out out interface vlan480-Telefoni
access-group Vlan490_access_in in interface Vlan490-QNapBackup
access-group Vlan490_access_out out interface Vlan490-QNapBackup
access-group Vlan500_access_in in interface Vlan500-HellandBadlands
access-group Vlan500_access_out out interface Vlan500-HellandBadlands
access-group Vlan510_access_in in interface Vlan510-IsTak
access-group Vlan510_access_out out interface Vlan510-IsTak
access-group Vlan600_access_in_1 in interface Vlan600-SafeQ
access-group Vlan600_access_out out interface Vlan600-SafeQ
access-group Vlan462-Suldalsposten_access_in_1 in interface Vlan462-Suldalsposten
access-group Vlan462-Suldalsposten_access_out_1 out interface Vlan462-Suldalsposten
route outside 0.0.0.0 0.0.0.0 79.x.x.225 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username x password x encrypted privilege 15
aaa authentication ssh console LOCAL
http server enable
http 192.168.210.0 255.255.255.0 Vlan450
http 192.168.200.0 255.255.255.0 Vlan1
http 192.168.1.0 255.255.255.0 vlan400
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 20 match address outside_20_cryptomap_1
crypto map outside_map 20 set pfs
crypto map outside_map 20 set peer 62.92.159.137
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp enable vlan400
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 62.92.159.137 type ipsec-l2l
tunnel-group 62.92.159.137 ipsec-attributes
pre-shared-key *
telnet 192.168.200.0 255.255.255.0 Vlan1
telnet 192.168.1.0 255.255.255.0 vlan400
telnet timeout 5
ssh 171.68.225.216 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd update dns both
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan1
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface outside
dhcpd address 192.168.1.100-192.168.1.225 vlan400
dhcpd option 6 ip DomeneServer 81.167.36.11 interface vlan400
dhcpd option 3 ip 192.168.1.1 interface vlan400
dhcpd enable vlan400
dhcpd address 192.168.210.100-192.168.210.200 Vlan450
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan450
dhcpd option 3 ip 192.168.210.1 interface Vlan450
dhcpd enable Vlan450
dhcpd address 192.168.2.100-192.168.2.150 Vlan460-SuldalHotell
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan460-SuldalHotell
dhcpd option 3 ip 192.168.2.1 interface Vlan460-SuldalHotell
dhcpd enable Vlan460-SuldalHotell
dhcpd address 192.168.3.100-192.168.3.200 Vlan461-SuldalHotellGjest
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan461-SuldalHotellGjest
dhcpd option 3 ip 192.168.3.1 interface Vlan461-SuldalHotellGjest
dhcpd enable Vlan461-SuldalHotellGjest
dhcpd address 192.168.202.100-192.168.202.199 vlan470-Kyrkjekontoret
dhcpd option 3 ip 192.168.202.1 interface vlan470-Kyrkjekontoret
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan470-Kyrkjekontoret
dhcpd enable vlan470-Kyrkjekontoret
dhcpd option 3 ip 192.168.20.1 interface vlan480-Telefoni
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan480-Telefoni
dhcpd address 192.168.10.80-192.168.10.90 Vlan490-QNapBackup
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan490-QNapBackup
dhcpd option 3 ip 192.168.10.1 interface Vlan490-QNapBackup
dhcpd address 192.168.30.100-192.168.30.199 Vlan500-HellandBadlands
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan500-HellandBadlands
dhcpd option 3 ip 192.168.30.1 interface Vlan500-HellandBadlands
dhcpd enable Vlan500-HellandBadlands
dhcpd address 192.168.40.100-192.168.40.150 Vlan510-IsTak
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan510-IsTak
dhcpd option 3 ip 192.168.40.1 interface Vlan510-IsTak
dhcpd enable Vlan510-IsTak
dhcpd address 192.168.50.150-192.168.50.199 Vlan600-SafeQ
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan600-SafeQ
dhcpd enable Vlan600-SafeQ
dhcpd address 192.168.4.100-192.168.4.150 Vlan462-Suldalsposten
dhcpd option 6 ip DomeneServer 81.167.36.11 interface Vlan462-Suldalsposten
dhcpd option 3 ip 192.168.4.1 interface Vlan462-Suldalsposten
dhcpd enable Vlan462-Suldalsposten
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
prompt hostname context
Cryptochecksum:x
: endI was just wondering if this is the way to do the "connection" between vlans.. or should it be routed?
The traffic between the vlan is working as intended. There are not much traffice only some RDP connection and some printing jobs.
But i'm getting some of these errors: (not alle like this, but portmap translation creation failed)
305006 192.168.10.200 portmap translation creation failed for udp src Vlan460-SuldalHotell:192.168.2.112/59133 dst Vlan490-QNapBackup:192.168.10.200/161
I did the sh interface commends:
Result of the command: "sh interface"
Interface Vlan1 "Vlan1", is down, line protocol is down
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.200.100, subnet mask 255.255.255.0
Traffic Statistics for "Vlan1":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 79.x.x.226, subnet mask 255.255.255.224
Traffic Statistics for "outside":
1780706730 packets input, 1221625431570 bytes
1878320718 packets output, 1743030863134 bytes
5742216 packets dropped
1 minute input rate 558 pkts/sec, 217568 bytes/sec
1 minute output rate 803 pkts/sec, 879715 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 621 pkts/sec, 482284 bytes/sec
5 minute output rate 599 pkts/sec, 428957 bytes/sec
5 minute drop rate, 1 pkts/sec
Interface Vlan400 "vlan400", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
Traffic Statistics for "vlan400":
1093422654 packets input, 1191121436317 bytes
784209789 packets output, 374041914789 bytes
11465163 packets dropped
1 minute input rate 751 pkts/sec, 870445 bytes/sec
1 minute output rate 462 pkts/sec, 116541 bytes/sec
1 minute drop rate, 11 pkts/sec
5 minute input rate 474 pkts/sec, 415304 bytes/sec
5 minute output rate 379 pkts/sec, 197861 bytes/sec
5 minute drop rate, 7 pkts/sec
Interface Vlan450 "Vlan450", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.210.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan450":
139711812 packets input, 27519985266 bytes
202793062 packets output, 233679075458 bytes
12523100 packets dropped
1 minute input rate 68 pkts/sec, 9050 bytes/sec
1 minute output rate 83 pkts/sec, 88025 bytes/sec
1 minute drop rate, 6 pkts/sec
5 minute input rate 145 pkts/sec, 15068 bytes/sec
5 minute output rate 241 pkts/sec, 287093 bytes/sec
5 minute drop rate, 6 pkts/sec
Interface Vlan460 "Vlan460-SuldalHotell", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.2.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan460-SuldalHotell":
177971988 packets input, 161663208458 bytes
193137004 packets output, 137418896469 bytes
4003957 packets dropped
1 minute input rate 13 pkts/sec, 2295 bytes/sec
1 minute output rate 14 pkts/sec, 15317 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 4 pkts/sec, 794 bytes/sec
5 minute output rate 1 pkts/sec, 477 bytes/sec
5 minute drop rate, 2 pkts/sec
Interface Vlan461 "Vlan461-SuldalHotellGjest", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.3.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan461-SuldalHotellGjest":
332909692 packets input, 351853184942 bytes
312038518 packets output, 156669956740 bytes
583171 packets dropped
1 minute input rate 0 pkts/sec, 6 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan462 "Vlan462-Suldalsposten", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.4.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan462-Suldalsposten":
33905 packets input, 14303320 bytes
28285 packets output, 27536357 bytes
10199 packets dropped
1 minute input rate 0 pkts/sec, 6 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan470 "vlan470-Kyrkjekontoret", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.202.1, subnet mask 255.255.255.0
Traffic Statistics for "vlan470-Kyrkjekontoret":
12176257 packets input, 4305665570 bytes
10618750 packets output, 5982598969 bytes
974796 packets dropped
1 minute input rate 2 pkts/sec, 770 bytes/sec
1 minute output rate 1 pkts/sec, 861 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2 pkts/sec, 708 bytes/sec
5 minute output rate 1 pkts/sec, 980 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan480 "vlan480-Telefoni", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.20.1, subnet mask 255.255.255.0
Traffic Statistics for "vlan480-Telefoni":
246638 packets input, 43543149 bytes
10 packets output, 536 bytes
226674 packets dropped
1 minute input rate 0 pkts/sec, 126 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 56 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan490 "Vlan490-QNapBackup", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.10.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan490-QNapBackup":
137317833 packets input, 6066713912 bytes
223933623 packets output, 263191563744 bytes
531738 packets dropped
1 minute input rate 0 pkts/sec, 135 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 68 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan500 "Vlan500-HellandBadlands", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.30.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan500-HellandBadlands":
30816778 packets input, 4887486069 bytes
42403099 packets output, 47831750415 bytes
948717 packets dropped
1 minute input rate 3 pkts/sec, 707 bytes/sec
1 minute output rate 3 pkts/sec, 3459 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 23 bytes/sec
5 minute output rate 0 pkts/sec, 31 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan510 "Vlan510-IsTak", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.40.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan510-IsTak":
1253148 packets input, 245364736 bytes
1225385 packets output, 525528101 bytes
161567 packets dropped
1 minute input rate 0 pkts/sec, 6 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan600 "Vlan600-SafeQ", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.50.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan600-SafeQ":
1875377 packets input, 1267279709 bytes
1056139 packets output, 290728055 bytes
521943 packets dropped
1 minute input rate 0 pkts/sec, 165 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 178 bytes/sec
5 minute output rate 0 pkts/sec, 9 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.453a.ea06, MTU not set
IP address unassigned
1782670655 packets input, 1256666911856 bytes, 0 no buffer
Received 95709 broadcasts, 0 runts, 0 giants
1978 input errors, 1978 CRC, 0 frame, 0 overrun, 1978 ignored, 0 abort
0 L2 decode drops
17179928790 switch ingress policy drops
1878320261 packets output, 1778955488577 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/2 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.453a.ea08, MTU not set
IP address unassigned
1790819459 packets input, 1783854920873 bytes, 0 no buffer
Received 27571913 broadcasts, 0 runts, 0 giants
614 input errors, 614 CRC, 0 frame, 0 overrun, 614 ignored, 0 abort
0 L2 decode drops
19768 switch ingress policy drops
1547507675 packets output, 991527977853 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/3 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.453a.ea09, MTU not set
IP address unassigned
137318166 packets input, 9176625008 bytes, 0 no buffer
Received 290030 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
335 switch ingress policy drops
223933623 packets output, 267222625073 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops -
SQL Questions (New to Cisco)
Hello. I work for Clarian Health in Indianapolis and am trying to learn as much as possible about the SQL databases, both AWDB and HDS so that I can handle the reporting for our Revenue Cycle Customer Service.
I am currently working my way through the Database Schema Handbook for Cisco Unified ICM /Contact Center Enterprise & Hosted. I’m also reviewing the explanation pages that are available for the reports on WebView. During my reviews, I have noticed a few things that confuse me.
My questions are:
1. Why do a majority of the tables on our SQL Server start with “t_”?
2. Why do some of the tables have data on the AWDB server but not on the HDS server, and vice versa? (Examples: t_Agent and t_Agent_Team and t_Agent_Team_Member and t_Person are blank on the HDS database but not blank on the AWDB database; but the t_Agent_Logout is blank on the AWDB database and not blank on the HDS database)
3. When data is moved to the HDS server every 30 minutes, is it also removed from the corresponding AWDB table?
4. In review of the agent26: Agent Consolidated Daily Report syntax info located on the WebView, 1 of the calculations uses the LoggedOnTimeToHalf from the Agent_Half_Hour table while the remaining calculations uses the same field from the Agent_Skill_Group_Half_Hour table. Can you please tell me why this is? Why would all of the percent calculations not use the data from the same table? (The % of time Agent paused and/or put a task on hold uses the Agent_Half_Hour Table. All other % calculations uses the same field from the Agent_Skill_Group_Half_Hour Table.)
5. Also in reviewing the agent26: Agent Consolidated Daily Report syntax info, I noticed that it contains the Skill_Group table, the Agent_Half_Hour table and the Media_Routing_Domain table. Both the Skill Group table and the Agen_Half_Hour table contain links to the Media_Routing_Domain table. Which relationship/join is actually utilized for this report?
6. Why doesn't the LoggedOnTimeToHalf field on both the Agent_Half_Hour table and the Agent_Skill_Group_Half_Hour table have the same value in them?
7. On the agent_26: Agent Consolidated Daily Report syntax explanation page, the Agent State Times: Log on Duration says that it is derived using the Agent_Half_Hour.LoggedOnTimeToHalf field, but when i convert this field to HH:MM:SS, it does not match the actual WebView report. But, when I use the Agent_Skill_Group_Half_Hour.LoggedOnTimeToHalfHour, it does match. Which one is correct?
8. On the agent_26: Agent Consolidated Daily Report, why does the Completed Tasks: Transfer Out contain both the TransferredOutCallsToHalf and the NetTransferredOutCallsToHalf fields? What's the difference between the two? What Transfer out data writes to each field?
Thank you.
Angie Combest
Clarian Health
[email protected]You need to be careful when looking at the three databases - Logger, AW, HDS - which use the same schema. But many of what appear to be tables in the AW are really views into the t_ tables in the HDS - the data is not there in the AW DB. You are right to look at the schema - but check with SQL Enterprise to understand a bit more.
In essence, the AW DB is for configuration data and real-time data. The HDS is for historical data. You can query the AW DB for (say) Call_Type_Half_Hour data and join with the Call_Type table to resolve the call type ID into its name - but the data is really in the HDS through the view.
The DB design is quite complex and sophisticated - many things are not obvious.
Keep up your research.
Regards,
Geoff -
I want to be able to tie the registering users into the visitor registration section of a segregated guest network. I want to have a link that would appear in the front end after you register a visitor which would direct you to this program which is the lobby ambassador. Any non guest user could be able to register a guest and be provided a temp logon for the guest for a period of time.
Anyone has an idea of how I can achieve this using a Cisco lobby ambassadorYou should be able to expand it to something bigger. On the controller go to Security, AAA, General. Increase this number, it will require a reboot. I'm not sure the maximum you can increase it to (could be controller dependent).
-
New installation - Cisco Prime from OVA on VMWare
Hi,
I have just imported Cisco Prime OVA and followed the setup and entered the IP Address, hostname, DNS, Gateway etc etc... When I attempt to enter via the URL https://CicsoPrime01 it doesn't accept the connection. I'm able to ping to the CiscoPrime machine, but can't get in.
I searched and saw some troubleshooting steps such as ncs status, ncs start....
Result:
/opt/CSO01umos/bin/wcsadmin.sh no such file or directory....
Any help?
Thanks,if an ncs status returns :::: /opt/CSO01umos/bin/wcsadmin.sh no such file or directory...::::
I would bet your installation is no good.
Please redeploy the OVA -
Management VLAN -- New to Cisco
I've been working on configuring VLANs for my network and I came across something that confuses me. Under practical tips in this docuemnt http://www.cisco.com/warp/public/473/189.html#tips it states:
Separate the management VLAN from the user or server VLAN, as in this diagram. The management VLAN is different from the user or server VLAN. With this separation, any broadcast/packet storm that occurs in the user or server VLAN does not affect the management of switches.
Do not use VLAN 1 for management. All ports in Catalyst switches default to VLAN 1, and any devices that connect to nonconfigured ports are in VLAN 1. The use of VLAN 1 for management can cause potential issues for the management of switches, as the first tip explains.
I understand the concept, and i've made my managment VLAN 10. However, when I connect a computer to the switch it doesn't default to VLAN1 it defaults to VLAN10 which puts the computer by default in the management VLAN.
What's the point of creating a different VLAN ID for management if the workstations are going to default to it anyhow? I understand once I configure the ports it will take them out of the management VLAN, I'm just wondering why I couldn't use VLAN1 as the management domain.
Regards,
DavidTo support an inband management VLAN, you'll have to configure trunking (802.1Q) between switch uplinks allowing your management vlan (VLAN 10) traffic to traverse the trunk in addition to the user vlan (lets say vlan 20). To trunk, you must utilize a unique VLANs per subnet. I like to force trunking (switchport encap dot1q, switchport mode trunk, switchport nonnegotiate) so as not to utilize DTP (dynamic trunking protocol).
For user access, you need to configure the vlan on the switch and enable switchport mode access along with switchport access vlan 20 (user vlan).
Keep in mind, inband management works well for user access; however, for data center server access trunking is not recommended.
With all that said, you still may have to use VLAN 1 in certain scenarios. For instance, an IBM Blade center management module required the use of vlan 1 to manage the blade center. -
New Nikon RAW Codec For Vista Posted
According to the Microsoft Photo Blog Nikon has posted an updated RAW codec that fixes its Vista compatibility issues. Details are
http://blogs.msdn.com/pix/default.aspxJust some notes on this.
The raw Codec does not support .CRW files...the ones from the canon 10d and some other camera. A disappointment. This would be a great reason to switch to .dng format, if Adobe had published a RAW codec for DNG, which they haven't.
Another note. This codec doesn't work on x64 bit versions of Vista. -
Background-
I am making the move from managing a DEV SAN system to a true production system, which includes moving from workgroup switches to a director class switch. We are going to go with the 9500 family as I am not sure what is going to happen to McData/Brocade, like everyone else.
Question -
I have not been a Cisco user so I need to start learning the SAN-OS and other aspects of the Cisco tools. Can you all please recommend a few good books to get me started, as well as which is the first Cisco certification that I should look at.
Thank you in advanceI would of course recomend Long's book on Storage Networking Protocols.
I also have found the CCO documentation and configuration cookbook extremely helpfull.
here is the link to the 3.0 docs http://www.cisco.com/univercd/cc/td/doc/product/sn5000/mds9000/3_0/index.htm
I would also recomend the following classes, either in person, or video on demand.
MDS 9000 Configuration and Troubleshooting (MDSCT)
Cisco MDS Storage Networking Fundaments (CMSNF)
Cisco Advanced Storage Implementation and Troubleshooting (CASI)
Cisco Storage Network Design Essentials (CSDE)
Cisco Multiprotocol Storage Essentials (CMSE)
--Colin
Maybe you are looking for
-
Have double bar and can not refresh the page.
I've been trying to get the double line out but no such luck. Can not see enough of the line to find anything of the other/ refresh / etc. lines of the task bar.
-
I'm trying to find instructions on replacing the memory module in an older MacBook (1,1). This is the model that has the removeable battery on the back. Anybody know where I can get this info? (It's not listed in the Apple Support info)
-
Large iCloud Photo Library on iOS
I started to use iCloud Photo Library without any problem on my iMac. Now my library is approx 100GB in size and i was able to sync everything into iCloud. And it synced perfect to my MacBook Air where it now has only 26GB in size. Perfect! Now my qu
-
Heat and sleep problem with my new Macbook Pro
Basically I noticed with my new MBP the computer can become very hot and the fan gets very loud after about ~2 hours of working in Maya.. which I guess might be reasonable. However, my main concern is, even when I close the lid of the MBP, the heat s
-
Using mail & safari at same time
dumb question.....how can I keep my safari window up while using mail?