Not able to ping to this IP
Hi,
Pls see attached diagram. This is the setup.
From the PC Vlan (vlan 200) able to ping other server on Vlan 300 except this server 172.19.100.101 & 172.19.100.102.
I don't know why can't ping this 2 server. I suspect because of this firewall but i don't about the configuration.
Please help me to verify
Below is the config of PIX
======================
klccPix# sh run
: Saved
PIX Version 6.3(1)
interface ethernet0 auto
interface ethernet1 auto
interface ethernet2 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
nameif ethernet2 intf2 security4
enable password fgDKmzUvSvGTzykR encrypted
passwd fgDKmzUvSvGTzykR encrypted
hostname klccPix
domain-name IST.COM
clock timezone MYT 8
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol ils 389
fixup protocol pptp 1723
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
names
name 172.19.100.23 Linux_File_Srv
name 172.19.0.0 IsetanKLCC_LAN
name 203.127.255.65 NECSAP_Admin
name 172.19.100.11 Database_Srv
name 172.29.0.0 isetanKLCC_LAN2
name 203.127.251.181 NECSAP_DB
name 203.127.251.254 NECSG
name 175.145.155.50 necare
name 202.46.125.251 OU_Mgmt
access-list inside_access_in permit tcp host Linux_File_Srv any
access-list inside_access_in permit tcp host Linux_File_Srv any eq domain
access-list inside_access_in permit udp host Linux_File_Srv any eq domain
access-list inside_access_in permit icmp host Linux_File_Srv any
access-list inside_access_in permit icmp host Database_Srv any echo-reply
access-list inside_access_in permit tcp host Database_Srv any object-group DB_ac
cess
access-list inside_access_in permit tcp any any object-group Email_Services
access-list inside_access_in permit tcp any any eq domain
access-list inside_access_in permit udp any any eq domain
access-list inside_access_in permit icmp any any
access-list inside_access_in permit tcp any any object-group Linux_Services
access-list inside_access_in permit tcp host 172.19.100.64 any
access-list outside_access_in permit tcp host NECSAP_Admin host 203.115.205.28 o
bject-group Linux_Services
access-list outside_access_in permit tcp any host 203.115.205.28 eq https
access-list outside_access_in permit tcp any host 203.115.205.28 object-group ss
h_defined
access-list outside_access_in permit icmp host NECSG host 203.115.205.29 log
access-list outside_access_in permit tcp host NECSG host 203.115.205.29 object-g
roup DB_access log
access-list outside_access_in permit icmp host 60.49.155.154 host 203.115.205.29
log
access-list outside_access_in permit tcp host 60.49.155.154 host 203.115.205.29
object-group DB_access log
access-list outside_access_in permit tcp object-group NEC_ASIA host 203.115.205.
28 object-group ssh_defined
access-list outside_access_in permit ip 172.19.100.96 255.255.255.240 interface
inside
access-list outside_access_in permit tcp any host 203.115.205.30 object-group RD
P
access-list outside_access_in permit tcp any host 203.115.205.26 object-group RD
P
access-list outside_access_in permit tcp any host 172.19.100.20 eq https
access-list inside_outbound_nat0_acl permit ip any 172.19.100.96 255.255.255.240
access-list inside_outbound_nat0_acl permit ip any host 172.59.1.1
access-list outside_cryptomap_dyn_20 permit ip any 172.19.100.96 255.255.255.240
no pager
logging on
logging timestamp
logging trap warnings
logging facility 22
logging device-id string pixfirewall
logging host inside Linux_File_Srv
icmp permit host necare outside
icmp permit host 219.92.227.57 outside
icmp permit IsetanKLCC_LAN 255.255.0.0 inside
mtu outside 1500
mtu inside 1500
mtu intf2 1500
ip address outside 203.115.205.27 255.255.255.248
ip address inside 172.19.100.20 255.0.0.0
no ip address intf2
ip verify reverse-path interface outside
ip verify reverse-path interface inside
ip audit info action alarm
ip audit attack action alarm
ip local pool klccippool 172.19.100.96-172.19.100.99
arp timeout 14400
global (outside) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 203.115.205.28 Linux_File_Srv netmask 255.255.255.255 0
0
static (inside,outside) 203.115.205.29 Database_Srv netmask 255.255.255.255 0 0
static (inside,outside) 203.115.205.30 172.19.100.17 netmask 255.255.255.255 0 0
static (inside,outside) 203.115.205.26 172.19.100.64 netmask 255.255.255.255 0 0
static (inside,outside) 172.19.100.20 172.19.100.20 netmask 255.255.255.255 0 0
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 203.115.205.25 1
route inside 172.19.100.64 255.255.255.255 172.19.100.20 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 0.0.0.0 0.0.0.0 outside
http 172.19.100.64 255.255.255.255 inside
klccPix#
Hi Khairul_nizam,
From your diagram we can understand that the intervlan Routing is done by the router (Router on Stick).
Since you are trying to access the server's from with your network i do not think we need to check with the firewall configuration.
your switch provided in the diagram is L2 switch (access layer switch)
inorder to help you please post the configuration of your router
Configuration of Router
IOS and make and model number
Configuration of Switch
make,model number and IOS used.
Potha
Similar Messages
-
WLC cannot get IP of the Wireless Clients and client not able to ping to the gateway
Dear Cisco Expertise,
I have configured WLC embedded in Cisco C3650 switch and also 1 unit AP3702I. AP now able to join to the controller. My client able to connect to the AP and get the IP address (10.127.117.1) from the DHCP server but unable to ping to the gateway (10.127.117.254 - interface gateway). Both switch and AP able to ping to the interface gateway. I also trying to ping to the client from the switch and also from the AP to the client but not able to ping.
I've check via switch can see the client's IP address and MAC address (using ARP)
#sh arp vlan 77
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.127.117.1 0 843a.4b90.17e0 ARPA Vlan77
Internet 10.127.117.254 - 3c08.f6b7.2173 ARPA Vlan77
Need your expertise on this matter. Thank you.
Configuration as below:
Switch
ip dhcp pool LWAPP_VLAN
network 10.127.117.0 255.255.255.0
default-router 10.127.117.254
dns-server 10.127.113.10
domain-name xxx.com
vlan 77
name LWAP_VLAN
interface Vlan10
ip address 10.127.112.254 255.255.255.128
interface Vlan77
ip address 10.127.117.254 255.255.255.0
ip helper-address 10.127.117.254
interface GigabitEthernet3/0/5
description Connect to AP Test
switchport access vlan 10
switchport mode access
no logging event link-status
wireless mobility controller
wireless management interface Vlan10
wireless security web-auth retries 5
wireless mgmt-via-wireless
wlan APAC-WLAN 2 Wifi-Test
client vlan LWAP_VLAN
ip dhcp opt82
ip dhcp opt82 ascii
ip dhcp opt82 format add-ssid
ip dhcp required
ip dhcp server 10.127.117.254
no security wpa akm dot1x
security wpa akm psk set-key ascii 0 B*MY2014
security wpa wpa2 ciphers tkip
session-timeout 300
no shutdown
ap group APGroup-Test
description "For Testing Purposes"
wlan APAC-WLAN
vlan LWAP_VLAN
AP
interface Dot11Radio0
antenna gain 0
stbc
mbssid
power client local
packet retries 64 drop-packet
station-role root
interface Dot11Radio1
antenna gain 0
stbc
mbssid
power client local
packet retries 64 drop-packet
station-role root
interface GigabitEthernet0
duplex auto
speed auto
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface BVI1
mtu 1792
ip address 10.127.112.202 255.255.255.128
interface Virtual-WLAN0
ip default-gateway 10.127.112.254
ip forward-protocol nd
ip dns serverPls try the below SSID configuration. WPA2 to be configured with AES & not TKIP.
wlan APAC-WLAN 2 Wifi-Test
client vlan LWAP_VLAN
security wpa
no security wpa akm dot1x
security wpa wpa2 ciphers aes
security wpa akm psk set-key ascii 0 B*MY2014
ip dhcp required
no shutdown
This post should give you some help as well
http://mrncciew.com/2013/12/04/wlan-config-in-3850-part-1/
HTH
Rasika
**** Pls rate all useful responses **** -
with my hp office 5010 all in one printer, i'm not able to scan, and this is one of his duties. why isn't it possible?? Bad ssoftware while downloading it from internet because I lost CD rom. No pilot available for scanning with it??? Bad version of soft??? I bauught this printer because of his utility and space occupped: able to print, copy and scan in same machine, gain of room, perfect, but my scanning function is not working!!!! I would like to solve this damned problem which upset me since several weeks.... Waiting for an answer and a solution, best regards
pmonteil31 wrote:
Waiting for an answer and a solution, best regards
Hi,
Sorry you have to wait longer because I can not find your printer model under Google. Must be very old ?
Regards,
BH
**Click the KUDOS thumb up on the left to say 'Thanks'**
Make it easier for other people to find solutions by marking a Reply 'Accept as Solution' if it solves your problem. -
VPN clients not able to ping Remote PCs & Servers : ASA 5520
VPN is connected successfully. But not able to ping any remote ip or fqdn from client pc. But able to ping ASA 5520 firewalls inside interface. Also some clients able to access, some clients not able to access. I new to these firewalls. I tried most of ways from internet, please any one can help asap.
Remote ip section : 192.168.1.0/24
VPN IP Pool : 192.168.5.0/24
Running Config :
ip address 192.168.1.2 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
passwd z40TgSyhcLKQc3n1 encrypted
boot system disk0:/asa722-k8.bin
ftp mode passive
clock timezone GST 4
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 213.42.20.20
domain-name default.domain.invalid
access-list outtoin extended permit tcp any host 83.111.113.114 eq 3389
access-list outtoin extended permit tcp any host 83.111.113.113 eq https
access-list outtoin extended permit tcp any host 83.111.113.114 eq smtp
access-list outtoin extended permit tcp any host 83.111.113.114 eq https
access-list outtoin extended permit tcp any host 83.111.113.114 eq www
access-list outtoin extended permit tcp any host 83.111.113.115 eq https
access-list outtoin extended permit tcp any host 94.56.148.98 eq 3389
access-list outtoin extended permit tcp any host 83.111.113.117 eq ssh
access-list fualavpn_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
access-list outside_nat0_outbound extended permit ip 192.168.5.0 255.255.255.0
92.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 1
2.168.5.0 255.255.255.0
access-list inet_in extended permit icmp any any time-exceeded
access-list inet_in extended permit icmp any any unreachable
access-list inet_in extended permit icmp any any echo-reply
access-list inet_in extended permit icmp any any echo
pager lines 24
logging enable
logging asdm informational
logging from-address [email protected]
logging recipient-address [email protected] level errors
logging recipient-address [email protected] level emergencies
logging recipient-address [email protected] level errors
mtu outside 1500
mtu inside 1500
ip local pool fualapool 192.168.5.10-192.168.5.50 mask 255.255.255.0
ip local pool VPNPool 192.168.5.51-192.168.5.150 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound outside
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) 94.56.148.98 192.168.1.11 netmask 255.255.255.255
static (inside,outside) 83.111.113.114 192.168.1.111 netmask 255.255.255.255
access-group inet_in in interface outside
route outside 0.0.0.0 0.0.0.0 83.111.113.116 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 10
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have no
been met or due to some specific group policy, you do not have permission to u
e any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy fualavpn internal
group-policy fualavpn attributes
dns-server value 192.168.1.111 192.168.1.100
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value fualavpn_splitTunnelAcl
username test password I7ZgrgChfw4FV2AW encrypted privilege 0
username Mohamed password Vqmmt8cR/.Qu7LhU encrypted privilege 0
username Moghazi password GMr7xgdqmGEQ2SVR encrypted privilege 0
username Moghazi attributes
password-storage enable
username fualauaq password E6CgvoOpTKphiM2U encrypted privilege 0
username fualauaq attributes
password-storage enable
username fuala password IFtijSYb7LAOV/IW encrypted privilege 15
username Basher password Djf15nXIJXmayfjY encrypted privilege 0
username Basher attributes
password-storage enable
username fualafac password VGC/7cKXW1A6eyXS encrypted privilege 0
username fualafac attributes
password-storage enable
username fualaab password ONTH8opuP4RKgRXD encrypted privilege 0
username fualaab attributes
password-storage enable
username fualaadh2 password mNEgLxzPBeF4SyDb encrypted privilege 0
username fualaadh2 attributes
password-storage enable
username fualaain2 password LSKk6slwsVn4pxqr encrypted privilege 0
username fualaain2 attributes
password-storage enable
username fualafj2 password lE4Wu7.5s7VXwCqv encrypted privilege 0
username fualafj2 attributes
password-storage enable
username fualakf2 password 38oMUuwKyShs4Iid encrypted privilege 0
username fualakf2 attributes
password-storage enable
username fualaklb password .3AMGUZ1NWU1zzIp encrypted privilege 0
username fualaklb attributes
password-storage enable
username fualastr password RDXSdBgMaJxNLnaH encrypted privilege 0
username fualastr attributes
password-storage enable
username fualauaq2 password HnjodvZocYhDKrED encrypted privilege 0
username fualauaq2 attributes
password-storage enable
username fualastore password wWDVHfUu9pdM9jGj encrypted privilege 0
username fualastore attributes
password-storage enable
username fualadhd password GK8k1MkMlIDluqF4 encrypted privilege 0
username fualadhd attributes
password-storage enable
username fualaabi password eYL0j16kscNhhci4 encrypted privilege 0
username fualaabi attributes
password-storage enable
username fualaadh password GTs/9BVCAU0TRUQE encrypted privilege 0
username fualaadh attributes
password-storage enable
username fualajuh password b9QGJ1GHhR88reM1 encrypted privilege 0
username fualajuh attributes
password-storage enable
username fualadah password JwVlqQNIellNgxnZ encrypted privilege 0
username fualadah attributes
password-storage enable
username fualarak password UE41e9hpvcMeChqx encrypted privilege 0
username fualarak attributes
password-storage enable
username fualasnk password ZwZ7fVglexrCWFUH encrypted privilege 0
username fualasnk attributes
password-storage enable
username rais password HrvvrIw5tEuam/M8 encrypted privilege 0
username rais attributes
password-storage enable
username fualafuj password yY2jRMPqmNGS.3zb encrypted privilege 0
username fualafuj attributes
password-storage enable
username fualamaz password U1YUfQzFYrsatEzC encrypted privilege 0
username fualamaz attributes
password-storage enable
username fualashj password gN4AXk/oGBTEkelQ encrypted privilege 0
username fualashj attributes
password-storage enable
username fualabdz password tg.pB7RXJx2CWKWi encrypted privilege 0
username fualabdz attributes
password-storage enable
username fualamam password uwLjc0cV7LENI17Y encrypted privilege 0
username fualamam attributes
password-storage enable
username fualaajm password u3yLk0Pz0U1n.Q0c encrypted privilege 0
username fualaajm attributes
password-storage enable
username fualagrm password mUt3A60gLJ8N5HVr encrypted privilege 0
username fualagrm attributes
password-storage enable
username fualakfn password ceTa6jmvnzOFNSgF encrypted privilege 0
username fualakfn attributes
password-storage enable
username Fualaain password Yyhr.dlc6/J7WvF0 encrypted privilege 0
username Fualaain attributes
password-storage enable
username fualaban password RCJKLGTrh7VM2EBW encrypted privilege 0
username John password D9xGV1o/ONPM9YNW encrypted privilege 15
username John attributes
password-storage disable
username wrkshopuaq password cFKpS5e6Whp0A7TZ encrypted privilege 0
username wrkshopuaq attributes
password-storage enable
username Talha password 3VoAABwXxVonLmWi encrypted privilege 0
username Houssam password Cj/uHUqsj36xUv/R encrypted privilege 0
username Faraj password w2qYfE3DkYvS/oPq encrypted privilege 0
username Faraj attributes
password-storage enable
username gowth password HQhALLeiQXuIzptCnTv1rA== nt-encrypted privilege 15
username Hameed password 0Kr0N1VRmLuWdoDE encrypted privilege 0
username Hameed attributes
password-storage enable
username Hassan password Uy4ASuiNyEd70LCw encrypted privilege 0
username cisco password IPVBkPI1GLlHurPD encrypted privilege 15
username Karim password 5iOtm58EKMyvruZA encrypted privilege 0
username Shakir password BESX2bAvlbqbDha/ encrypted privilege 0
username Riad password iB.miiOF7qMESlCL encrypted privilege 0
username Azeem password 0zAqiCG8dmLyRQ8f encrypted privilege 15
username Azeem attributes
password-storage disable
username Osama password xu66er.7duIVaP79 encrypted privilege 0
username Osama attributes
password-storage enable
username Mahmoud password bonjr0B19aOQSpud encrypted privilege 0
username alpha password x8WO0aiHL3pVFy2E encrypted privilege 15
username Wissam password SctmeK/qKVNLh/Vv encrypted privilege 0
username Wissam attributes
password-storage enable
username Nabil password m4fMvkTgVwK/O3Ms encrypted privilege 0
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 outside
http 192.168.1.4 255.255.255.255 inside
http 192.168.1.100 255.255.255.255 inside
http 192.168.1.111 255.255.255.255 inside
http 192.168.1.200 255.255.255.255 inside
http 83.111.113.117 255.255.255.255 outside
http 192.168.1.17 255.255.255.255 inside
http 192.168.1.16 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group fualavpn type ipsec-ra
tunnel-group fualavpn type ipsec-ra
tunnel-group fualavpn general-attributes
address-pool fualapool
address-pool VPNPool
default-group-policy fualavpn
tunnel-group fualavpn ipsec-attributes
pre-shared-key *
tunnel-group fualavpn ppp-attributes
authentication pap
authentication ms-chap-v2
authentication eap-proxy
telnet 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access inside
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
service-policy global_policy global
prompt hostname context
Cryptochecksum:38e41e83465d37f69542355df734db35
: endHi,
What about translating the traffic on the local ASA (Active unit) for traffic received from the VPN tunnel to the internal interface IP address? You can try something like nat (outside,inside) source dynamic obj-VpnRemoteTraffic interface destination static StandbyIP StandbyIP
Regards, -
S2S between Cisco ASA 5505 and Sonicwall TZ-170 but not able to ping across
Hi,
I am helping out a friend of mine with his Site-to-Site VPN between his companies Cisco ASA another company's SonicWall TZ-170. I have checked the screenshots proivded by the other end and tried to match with ours. The Tunnel shows but we are not able to Ping resources on the other end. The other side insists that the problem is on our end but I am not sure where the issue resides. Please take a look at our config and let me know if there is anything that I have missed. I am pretty sure I didn't but extra eyes may be of need here.
Our LAN is 10.200.x.x /16 and theirs is 192.168.9.0 /24
ASA Version 8.2(2)
terminal width 300
hostname company-asa
domain-name Company.com
no names
name 10.1.0.0 sacramento-network
name 10.3.0.0 irvine-network
name 10.2.0.0 portland-network
name x.x.x.x MailLive
name 192.168.9.0 revit-vpn-remote-subnet
dns-guard
interface Ethernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.128
interface Ethernet0/1
nameif inside
security-level 100
ip address 10.200.200.1 255.255.0.0
interface Ethernet0/2
nameif dmz
security-level 50
ip address 172.22.22.1 255.255.255.0
interface Ethernet0/3
description Internal Wireless
shutdown
nameif Wireless
security-level 100
ip address 10.201.201.1 255.255.255.0
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
boot system disk0:/asa822-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup outside
dns server-group DefaultDNS
domain-name company.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network local_net_group
network-object 10.1.0.0 255.255.0.0
network-object 10.2.0.0 255.255.0.0
network-object 10.200.0.0 255.255.0.0
network-object 10.3.0.0 255.255.0.0
network-object 10.4.0.0 255.255.0.0
network-object 10.5.0.0 255.255.0.0
network-object 10.6.0.0 255.255.0.0
network-object 10.7.0.0 255.255.0.0
network-object 192.168.200.0 255.255.255.0
object-group network NACIO123
network-object 1.1.1.1 255.255.255.224
object-group service MAIL_HTTPS_BORDERWARE tcp
port-object eq smtp
port-object eq https
port-object eq 10101
object-group service SYSLOG_SNMP_NETFLOW udp
port-object eq syslog
port-object eq snmp
port-object eq 2055
object-group service HTTP_HTTPS tcp
port-object eq www
port-object eq https
object-group network OUTSIDECO_SERVERS
network-object host x.x.x.34
network-object host x.x.x.201
network-object host x.x.x.63
object-group network NO-LOG
network-object host 10.200.200.13
network-object host 10.200.200.25
network-object host 10.200.200.32
object-group service iPhoneSync-Services-TCP tcp
port-object eq 993
port-object eq 990
port-object eq 998
port-object eq 5678
port-object eq 5721
port-object eq 26675
object-group service termserv tcp
description terminal services
port-object eq 3389
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service DTI tcp
description DCS CONTROL PROTOCOL
port-object eq 3333
object-group service H.245 tcp
description h.245 signaling
port-object range 1024 4999
object-group service RAS udp
port-object eq 1719
port-object range 1718 1720
object-group service XML tcp
port-object range 3336 3341
object-group service mpi tcp
port-object eq 2010
object-group service mvp_control tcp
port-object eq 2946
object-group service rpc tcp-udp
port-object eq 1809
object-group service tcp8080 tcp
port-object eq 8080
object-group service tcp8011 tcp
port-object eq 8011
object-group service rtp_rtcp_udp udp
port-object range 1024 65535
object-group service ecs_xml tcp-udp
port-object eq 3271
object-group service rtp20000 udp
description 10000-65535
port-object range 20000 25000
port-object range 10000 65535
object-group service tcp5222 tcp
port-object range 5222 5269
object-group service tcp7070 tcp
port-object eq 7070
object-group network videoco
network-object host x.x.x.144
network-object host x.x.x.145
object-group service video tcp
port-object range 1718 h323
object-group service XML2 tcp-udp
port-object range 3336 3345
object-group service tcp_tls tcp
port-object eq 5061
object-group service Autodesk tcp
port-object eq 2080
port-object range 27000 27009
access-list outside_policy remark ====== Begin Mail From Postini Network ======
access-list outside_policy extended permit tcp x.x.x.x 255.255.240.0 host x.x.x.x eq smtp
access-list outside_policy extended permit tcp x.x.x.x 255.255.255.240 host x.x.x.x eq smtp
access-list outside_policy extended permit tcp x.x.x.0 255.255.240.0 host x.x.x.x eq smtp
access-list outside_policy remark ****** End Mail From Postini Network ******
access-list outside_policy remark ====== Begin Inbound Web Mail Access ======
access-list outside_policy extended permit tcp any host x.x.x.x object-group HTTP_HTTPS
access-list outside_policy remark ****** End Inbound Web Mail Access ******
access-list outside_policy remark ====== Begin iPhone Sync Rules to Mail Server ======
access-list outside_policy extended permit tcp any host x.x.x.x object-group iPhoneSync-Services-TCP
access-list outside_policy remark ****** End iPhone Sync Rules to Mail Server ******
access-list outside_policy remark ====== Begin MARS Monitoring ======
access-list outside_policy extended permit udp x.x.x.x 255.255.255.128 host x.x.x.x object-group SYSLOG_SNMP_NETFLOW
access-list outside_policy extended permit icmp x.x.x.x 255.255.255.128 host x.x.x.x
access-list outside_policy remark ****** End MARS Monitoring ******
access-list outside_policy extended permit tcp object-group NACIO123 host x.x.x.141 eq ssh
access-list outside_policy extended permit tcp any host x.x.x.x eq www
access-list outside_policy extended permit tcp any host x.x.x.x eq https
access-list outside_policy extended permit tcp any host x.x.x.x eq h323
access-list outside_policy extended permit tcp any host x.x.x.x range 60000 60001
access-list outside_policy extended permit udp any host x.x.x.x range 60000 60007
access-list outside_policy remark radvision 5110 port 80 both
access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq www
access-list outside_policy remark radvision
access-list outside_policy extended permit tcp any object-group videoco object-group termserv
access-list outside_policy remark radvision 5110 port21 out
access-list outside_policy extended permit tcp any object-group videoco eq ftp
access-list outside_policy remark rad5110 port22 both
access-list outside_policy extended permit tcp any object-group videoco eq ssh
access-list outside_policy remark rad 5110 port161 udp both
access-list outside_policy extended permit udp any object-group videoco eq snmp
access-list outside_policy remark rad5110 port443 both
access-list outside_policy extended permit tcp any object-group videoco eq https
access-list outside_policy remark rad5110 port 1024-4999 both
access-list outside_policy extended permit tcp any object-group videoco object-group H.245
access-list outside_policy remark rad5110 port 1719 udp both
access-list outside_policy extended permit udp any object-group videoco object-group RAS
access-list outside_policy remark rad5110 port 1720 both
access-list outside_policy extended permit tcp any any eq h323
access-list outside_policy remark RAD 5110 port 3333 tcp both
access-list outside_policy extended permit tcp any object-group videoco object-group DTI
access-list outside_policy remark rad5110 port 3336-3341 both
access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group XML2
access-list outside_policy remark port 5060 tcp/udp
access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq sip
access-list outside_policy remark rad 5110port 1809 rpc both
access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group rpc
access-list outside_policy remark rad 5110 port 2010 both
access-list outside_policy extended permit tcp any object-group videoco object-group mpi
access-list outside_policy remark rad 5110 port 2946 both
access-list outside_policy extended permit tcp any object-group videoco object-group mvp_control
access-list outside_policy extended permit tcp any object-group videoco object-group tcp8080
access-list outside_policy extended permit tcp any object-group videoco object-group tcp8011
access-list outside_policy remark 1024-65535
access-list outside_policy extended permit udp any object-group videoco object-group rtp_rtcp_udp
access-list outside_policy extended permit object-group TCPUDP any object-group videoco object-group ecs_xml
access-list outside_policy extended permit udp any object-group videoco object-group rtp20000
access-list outside_policy extended permit tcp any object-group videoco eq telnet
access-list outside_policy remark port 53 dns
access-list outside_policy extended permit object-group TCPUDP any object-group videoco eq domain
access-list outside_policy remark 7070
access-list outside_policy extended permit tcp any object-group videoco object-group tcp7070
access-list outside_policy remark 5222-5269 tcp
access-list outside_policy extended permit tcp any object-group videoco range 5222 5269
access-list outside_policy extended permit tcp any object-group videoco object-group video
access-list outside_policy extended permit tcp any object-group videoco object-group tcp_tls
access-list outside_policy remark ====== Begin Autodesk Activation access ======
access-list outside_policy extended permit tcp any any object-group Autodesk
access-list outside_policy remark ****** End Autodesk Activation access ******
access-list outside_policy extended permit tcp x.x.x.x 255.255.255.248 host x.x.x.x eq smtp
access-list outside_policy remark ****** End Autodesk Activation access ******
access-list inside_policy extended deny tcp host 10.200.200.25 10.1.0.0 255.255.0.0 eq 2967 log disable
access-list inside_policy extended deny tcp host 10.200.200.25 10.3.0.0 255.255.0.0 eq 2967 log disable
access-list inside_policy extended deny tcp host 10.200.200.25 10.2.0.0 255.255.0.0 eq 2967 log disable
access-list inside_policy extended deny tcp host 10.200.200.25 10.4.0.0 255.255.0.0 eq 2967 log disable
access-list inside_policy extended deny tcp host 10.200.200.25 10.5.0.0 255.255.0.0 eq 2967 log disable
access-list inside_policy extended deny udp object-group NO-LOG any eq 2967 log disable
access-list inside_policy extended deny tcp object-group NO-LOG any eq 2967 log disable
access-list inside_policy remark ====== Begin Outbound Mail Server Rules ======
access-list inside_policy extended permit udp host 10.200.200.222 any eq 5679
access-list inside_policy extended permit tcp host 10.200.200.222 any eq smtp
access-list inside_policy remark ****** End Outbound Mail Server Rules ******
access-list inside_policy extended permit ip object-group local_net_group any
access-list inside_policy extended permit icmp object-group local_net_group any
access-list OUTSIDECO_VPN extended permit ip host x.x.x.x object-group OUTSIDECO_SERVERS
access-list company-split-tunnel standard permit 10.1.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.2.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.3.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.4.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.200.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.5.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.6.0.0 255.255.0.0
access-list company-split-tunnel standard permit 10.7.0.0 255.255.0.0
access-list company-split-tunnel standard permit 172.22.22.0 255.255.255.0
access-list company-split-tunnel remark Video
access-list company-split-tunnel standard permit 192.168.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.1.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.2.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.3.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.200.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.4.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.5.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.6.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 10.7.0.0 255.255.0.0
access-list SSL_SPLIT standard permit 172.22.22.0 255.255.255.0
access-list SSL_SPLIT remark Video
access-list SSL_SPLIT standard permit 192.168.0.0 255.255.0.0
access-list NONAT_SSL extended permit ip object-group local_net_group 172.20.20.0 255.255.255.0
access-list NONAT_SSL extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
access-list tom extended permit tcp host x.x.x.x any eq smtp
access-list tom extended permit tcp host 10.200.200.222 any eq smtp
access-list tom extended permit tcp any host x.x.x.x
access-list aaron extended permit tcp any any eq 2967
access-list capauth extended permit ip host 10.200.200.1 host 10.200.200.220
access-list capauth extended permit ip host 10.200.200.220 host 10.200.200.1
access-list DMZ extended permit icmp any any
access-list dmz_access_in extended permit tcp any eq 51024 any eq 3336
access-list dmz_access_in extended permit icmp any any
access-list dmz_access_in extended permit tcp any any eq ftp
access-list dmz_access_in extended permit tcp any any eq https
access-list dmz_access_in remark rad5110 port 162 out
access-list dmz_access_in extended permit udp any any eq snmptrap
access-list dmz_access_in remark port 23 out
access-list dmz_access_in extended permit tcp any any eq telnet
access-list dmz_access_in remark port 53 dns out
access-list dmz_access_in extended permit object-group TCPUDP any any eq domain
access-list dmz_access_in extended permit object-group TCPUDP any any eq www
access-list dmz_access_in extended permit tcp any any eq h323
access-list dmz_access_in extended permit tcp any any object-group XML
access-list dmz_access_in extended permit udp any any object-group RAS
access-list dmz_access_in extended permit tcp any any range 1718 h323
access-list dmz_access_in extended permit tcp any any object-group H.245
access-list dmz_access_in extended permit object-group TCPUDP any any eq sip
access-list dmz_access_in extended permit udp any any object-group rtp_rtcp_udp
access-list dmz_access_in extended permit object-group TCPUDP any any object-group XML2
access-list dmz_access_in extended permit ip object-group local_net_group any
access-list dmz_access_in remark port 5061
access-list dmz_access_in extended permit tcp any any object-group tcp_tls
access-list outside_cryptomap extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
pager lines 24
logging enable
logging buffered warnings
logging trap informational
logging history informational
logging asdm warnings
logging host outside x.x.x.x
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu Wireless 1500
mtu management 1500
ip local pool SSL_VPN_POOL 172.20.20.1-172.20.20.75 mask 255.255.255.0
ip verify reverse-path interface outside
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT_SSL
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) x.x.x.12 10.200.200.15 netmask 255.255.255.255
static (inside,outside) x.x.x.15 10.5.0.11 netmask 255.255.255.255
static (inside,outside) x.x.x.13 10.200.200.240 netmask 255.255.255.255
static (inside,outside) x.x.x.16 10.200.200.222 netmask 255.255.255.255
static (inside,outside) x.x.x.14 10.200.200.155 netmask 255.255.255.255
static (inside,dmz) 10.200.200.0 10.200.200.0 netmask 255.255.255.0
static (inside,dmz) 10.4.0.0 10.4.0.0 netmask 255.255.0.0
static (dmz,outside) x.x.x.18 172.22.22.15 netmask 255.255.255.255
static (dmz,outside) x.x.x.19 172.22.22.16 netmask 255.255.255.255
static (inside,dmz) 10.3.0.0 10.3.0.0 netmask 255.255.0.0
static (inside,dmz) 10.2.0.0 10.2.0.0 netmask 255.255.0.0
static (inside,dmz) 10.1.0.0 10.1.0.0 netmask 255.255.0.0
static (inside,dmz) 10.6.0.0 10.6.0.0 netmask 255.255.0.0
static (inside,dmz) 10.7.0.0 10.7.0.0 netmask 255.255.0.0
static (inside,dmz) 10.5.0.0 10.5.0.0 netmask 255.255.0.0
access-group outside_policy in interface outside
access-group inside_policy in interface inside
access-group dmz_access_in in interface dmz
route outside 0.0.0.0 0.0.0.0 x.x.x.12 1
route inside 10.1.0.0 255.255.0.0 10.200.200.254 1
route inside 10.2.0.0 255.255.0.0 10.200.200.254 1
route inside 10.3.0.0 255.255.0.0 10.200.200.254 1
route inside 10.4.0.0 255.255.0.0 10.200.200.254 1
route inside 10.5.0.0 255.255.0.0 10.200.200.254 1
route inside 10.6.0.0 255.255.0.0 10.200.200.254 1
route inside 10.7.0.0 255.255.0.0 10.200.200.150 1
route inside x.x.x.0 255.255.255.0 10.200.200.2 1
route inside x.x.x.0 255.255.255.0 10.200.200.2 1
route inside 192.168.1.0 255.255.255.0 10.200.200.254 1
route inside 192.168.2.0 255.255.255.0 10.200.200.254 1
route inside 192.168.3.0 255.255.255.0 10.200.200.254 1
route inside 192.168.4.0 255.255.255.0 10.200.200.254 1
route inside 192.168.5.0 255.255.255.0 10.200.200.254 1
route inside 192.168.6.0 255.255.255.0 10.200.200.254 1
route inside 192.168.7.0 255.255.255.0 10.200.200.254 1
route inside 192.168.200.0 255.255.255.0 10.200.200.254 1
route inside 192.168.201.0 255.255.255.0 10.200.200.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 2:00:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server COMPANY-NT-AUTH protocol nt
aaa-server COMPANY-NT-AUTH (inside) host 10.200.200.220
nt-auth-domain-controller DC
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 10.200.200.0 255.255.255.0 inside
http 10.200.0.0 255.255.0.0 inside
http 10.3.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set AES256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set asa2transform esp-3des esp-sha-hmac
crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set 3DES-SHA
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto map OUTSIDE_MAP 5 match address outside_cryptomap
crypto map OUTSIDE_MAP 5 set pfs
crypto map OUTSIDE_MAP 5 set peer x.x.x.53
crypto map OUTSIDE_MAP 5 set transform-set 3DES-SHA
crypto map OUTSIDE_MAP 5 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP 10 match address OUTSIDECO_VPN
crypto map OUTSIDE_MAP 10 set peer x.x.x.25
crypto map OUTSIDE_MAP 10 set transform-set AES256-SHA
crypto map OUTSIDE_MAP 10 set security-association lifetime seconds 28800
crypto map OUTSIDE_MAP 10 set security-association lifetime kilobytes 4608000
crypto map OUTSIDE_MAP 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map OUTSIDE_MAP interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 20
console timeout 0
dhcpd dns 10.200.200.220 10.200.200.225
dhcpd wins 10.200.200.220 10.200.200.225
dhcpd lease 18000
dhcpd domain company.com
dhcpd dns 10.200.200.220 10.200.200.225 interface Wireless
dhcpd wins 10.200.200.220 10.200.200.225 interface Wireless
dhcpd lease 18000 interface Wireless
dhcpd domain company.com interface Wireless
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 192.5.41.40 source outside prefer
ssl trust-point vpn.company.com outside
webvpn
enable outside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.0217-k9.pkg 1
svc image disk0:/anyconnect-macosx-i386-2.5.2017-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy SSL_Client_Policy internal
group-policy SSL_Client_Policy attributes
wins-server value 10.200.200.220
dns-server value 10.200.200.220
vpn-tunnel-protocol IPSec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SSL_SPLIT
default-domain value company.com
webvpn
sso-server none
auto-signon allow uri * auth-type all
group-policy no-split-test internal
group-policy no-split-test attributes
banner value Welcome to company and Associates
banner value Welcome to company and Associates
dns-server value 10.200.200.220
vpn-tunnel-protocol IPSec
ipsec-udp enable
split-tunnel-policy tunnelall
default-domain value company.com
group-policy DfltGrpPolicy attributes
dns-server value 10.200.200.220
default-domain value company.com
group-policy company internal
group-policy company attributes
banner value Welcome to company and Associates
banner value Welcome to company and Associates
dns-server value 10.200.200.220
vpn-tunnel-protocol IPSec
ipsec-udp enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SSL_SPLIT
default-domain value company.com
username ciscoadmin password xxxxxxxxxxx encrypted privilege 15
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool SSL_VPN_POOL
authentication-server-group COMPANY-NT-AUTH
default-group-policy SSL_Client_Policy
tunnel-group DefaultWEBVPNGroup webvpn-attributes
group-alias company_SSL_VPN enable
tunnel-group company_group type remote-access
tunnel-group company_group general-attributes
address-pool SSL_VPN_POOL
authentication-server-group COMPANY-NT-AUTH LOCAL
default-group-policy company
tunnel-group company_group ipsec-attributes
pre-shared-key *****
tunnel-group x.x.x.53 type ipsec-l2l
tunnel-group x.x.x.53 ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect tftp
inspect esmtp
inspect ftp
inspect icmp
inspect ip-options
inspect netbios
inspect rsh
inspect skinny
inspect sqlnet
inspect sunrpc
inspect xdmcp
inspect mgcp
inspect h323 h225
inspect h323 ras
inspect sip
service-policy global_policy global
privilege cmd level 5 mode exec command ping
privilege cmd level 6 mode exec command write
privilege show level 5 mode exec command running-config
privilege show level 5 mode exec command version
privilege show level 5 mode exec command conn
privilege show level 5 mode exec command memory
privilege show level 5 mode exec command cpu
privilege show level 5 mode exec command xlate
privilege show level 5 mode exec command traffic
privilege show level 5 mode exec command interface
privilege show level 5 mode exec command clock
privilege show level 5 mode exec command ip
privilege show level 5 mode exec command failover
privilege show level 5 mode exec command arp
privilege show level 5 mode exec command route
privilege show level 5 mode exec command blocks
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:a0689b4c837c79a51e7a0cfed591dec9
: end
COMPANY-asa#Hi Sian,
Yes on their end the PFS is enabled for DH Group 2.
Here is the information that you requested:
company-asa# sh crypto isakmp sa
Active SA: 3
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 3
1 IKE Peer: x.x.x.87
Type : user Role : responder
Rekey : no State : AM_ACTIVE
2 IKE Peer: x.x.x.53
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
3 IKE Peer: x.x.x.25
Type : user Role : initiator
Rekey : no State : MM_WAIT_MSG4
company-asa# sh crypto ipsec sa
interface: outside
Crypto map tag: OUTSIDE_MAP, seq num: 5, local addr: x.x.x.13
access-list outside_cryptomap extended permit ip 10.200.0.0 255.255.0.0 192.168.9.0 255.255.255.0
local ident (addr/mask/prot/port): (10.200.0.0/255.255.0.0/0/0)
remote ident (addr/mask/prot/port): (192.168.9.0/255.255.255.0/0/0)
current_peer: x.x.x.53
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 10744, #pkts decrypt: 10744, #pkts verify: 10744
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: x.x.x.13, remote crypto endpt.: x.x.x.53
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: 500EC8BF
current inbound spi : 8DAE3436
inbound esp sas:
spi: 0x8DAE3436 (2377004086)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 32768, crypto-map: OUTSIDE_MAP
sa timing: remaining key lifetime (kB/sec): (3914946/24388)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x500EC8BF (1343146175)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, PFS Group 2, }
slot: 0, conn_id: 32768, crypto-map: OUTSIDE_MAP
sa timing: remaining key lifetime (kB/sec): (3915000/24388)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Crypto map tag: outside_dyn_map, seq num: 20, local addr: x.x.x.13
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.20.20.8/255.255.255.255/0/0)
current_peer: x.x.x.87, username: ewebb
dynamic allocated peer ip: 172.20.20.8
#pkts encaps: 16434, #pkts encrypt: 16464, #pkts digest: 16464
#pkts decaps: 19889, #pkts decrypt: 19889, #pkts verify: 19889
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 16434, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 30, #pre-frag failures: 0, #fragments created: 60
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 60
#send errors: 0, #recv errors: 0
local crypto endpt.: x.x.x.13/4500, remote crypto endpt.: x.x.x.87/2252
path mtu 1500, ipsec overhead 66, media mtu 1500
current outbound spi: 2D712C9F
current inbound spi : 0EDB79C8
inbound esp sas:
spi: 0x0EDB79C8 (249264584)
transform: esp-3des esp-sha-hmac no compression
in use settings ={RA, Tunnel, NAT-T-Encaps, }
slot: 0, conn_id: 65536, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 18262
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x2D712C9F (762391711)
transform: esp-3des esp-sha-hmac no compression
in use settings ={RA, Tunnel, NAT-T-Encaps, }
slot: 0, conn_id: 65536, crypto-map: outside_dyn_map
sa timing: remaining key lifetime (sec): 18261
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001 -
Ipod touch 4th gen needed a new screen and sleep/wake switch. So, I replace them. I was able to get to settings and do "erase all content and settings". I am not able to totally shut this device off as it keeps restarting after a few seconds. I have used itunes to restore and also recover. Device will actually shut off and stay shut off if I leave it connected to the computer. The moment I unplug (3 seconds) the apple logo appears, it boots, unlock screen appears, I can unlock and operate normally, unplugged or not. Just cant get it to completely shut down unplugged. Any thoughts?
Try:
- iOS: Not responding or does not turn on
- Also try DFU mode after try recovery mode
How to put iPod touch / iPhone into DFU mode « Karthik's scribblings
- If not successful and you can't fully turn the iOS device fully off, let the battery fully drain. After charging for an least an hour try the above again.
- Try on another computer
- If still not successful that usually indicates a hardware problem. Maybe you installed a bad component or damaged something during the repair/replacement.
Apple will not help since you worked on the iPod yourself. -
Not able to login to this forum from opera in xfce4 in arch[SOLVED]
I installed xfce4 and opera and they are working well. However, I am not able to login to this forum from there. The login page is loaded, I enter the login and password, login accepted message comes but when the page is reloaded, I am still not logged in and I cannot post to the forum. I am writing this from my previous distro + firefox.
Last edited by rnarch (2012-03-21 17:34:42)rnarch wrote:I am writing this from my previous distro + firefox.
Have you tried Firefox in Arch? If that works, then there's something wrong with the settings in Opera (maybe it's showing a cached page). -
Hii frnds,
here is the configuration in my router C1841..for the cisco ipsec remote access vpn..i was able to establish a vpn session properly...but there after i can only reach up to the inside interfaces of the router..but not to the lan devices...
Below is the out put from the router
r1#sh run
Building configuration...
Current configuration : 3488 bytes
! Last configuration change at 20:07:20 UTC Tue Apr 23 2013 by ramana
! NVRAM config last updated at 11:53:16 UTC Sun Apr 21 2013 by ramana
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname r1
boot-start-marker
boot-end-marker
enable secret 5 $1$6RzF$L6.zOaswedwOESNpkY0Gb.
aaa new-model
aaa authentication login local-console local
aaa authentication login userauth local
aaa authorization network groupauth local
aaa session-id common
dot11 syslog
ip source-route
ip cef
ip domain name r1.com
multilink bundle-name authenticated
license udi pid CISCO1841 sn FHK145171DM
username ramana privilege 15 secret 5 $1$UE7J$u9nuCPGaAasL/k7CxtNMj.
username giet privilege 15 secret 5 $1$esE5$FD9vbBwTgHERdRSRod7oD.
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group ra-vpn
key xxxxxx
domain r1.com
pool vpn-pool
acl 150
save-password
include-local-lan
max-users 10
crypto ipsec transform-set my-vpn esp-3des esp-md5-hmac
crypto dynamic-map RA 1
set transform-set my-vpn
reverse-route
crypto map ra-vpn client authentication list userauth
crypto map ra-vpn isakmp authorization list groupauth
crypto map ra-vpn client configuration address respond
crypto map ra-vpn 1 ipsec-isakmp dynamic RA
interface Loopback0
ip address 10.2.2.2 255.255.255.255
interface FastEthernet0/0
bandwidth 8000000
ip address 117.239.xx.xx 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map ra-vpn
interface FastEthernet0/1
description $ES_LAN$
ip address 192.168.10.252 255.255.255.0 secondary
ip address 10.10.10.1 255.255.252.0 secondary
ip address 172.16.0.1 255.255.252.0 secondary
ip address 10.10.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpn-pool 172.18.1.1 172.18.1.100
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip dns server
ip nat pool INTERNETPOOL 117.239.xx.xx 117.239.xx.xx netmask 255.255.255.240
ip nat inside source list 100 pool INTERNETPOOL overload
ip route 0.0.0.0 0.0.0.0 117.239.xx.xx
access-list 100 permit ip 10.10.7.0 0.0.0.255 any
access-list 100 permit ip 10.10.10.0 0.0.1.255 any
access-list 100 permit ip 172.16.0.0 0.0.3.255 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 150 permit ip 10.10.7.0 0.0.0.255 172.18.0.0 0.0.255.255
access-list 150 permit ip host 10.2.2.2 172.18.1.0 0.0.0.255
access-list 150 permit ip 192.168.10.0 0.0.0.255 172.18.1.0 0.0.0.255
control-plane
line con 0
login authentication local-console
line aux 0
line vty 0 4
login authentication local-console
transport input telnet ssh
scheduler allocate 20000 1000
end
r1>sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 117.239.xx.xx to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 117.239.xx.xx
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.2.2.2/32 is directly connected, Loopback0
C 10.10.7.0/24 is directly connected, FastEthernet0/1
L 10.10.7.1/32 is directly connected, FastEthernet0/1
C 10.10.8.0/22 is directly connected, FastEthernet0/1
L 10.10.10.1/32 is directly connected, FastEthernet0/1
117.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 117.239.xx.xx/28 is directly connected, FastEthernet0/0
L 117.239.xx.xx/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/22 is directly connected, FastEthernet0/1
L 172.16.0.1/32 is directly connected, FastEthernet0/1
172.18.0.0/32 is subnetted, 1 subnets
S 172.18.1.39 [1/0] via 49.206.59.86, FastEthernet0/0
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/1
L 192.168.10.252/32 is directly connected, FastEthernet0/1
r1#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
117.239.xx.xx 49.206.59.86 QM_IDLE 1043 ACTIVE
IPv6 Crypto ISAKMP SA
r1 #sh crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: giet-vpn, local addr 117.239.xx.xx
protected vrf: (none)
local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/0/0)
remote ident (addr/mask/prot/port): (172.18.1.39/255.255.255.255/0/0)
current_peer 49.206.59.86 port 50083
PERMIT, flags={}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 2, #pkts decrypt: 2, #pkts verify: 2
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 117.239.xx.xx, remote crypto endpt.: 49.206.xx.xx
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0x550E70F9(1427009785)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x5668C75(90606709)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2089, flow_id: FPGA:89, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550169/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x550E70F9(1427009785)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel UDP-Encaps, }
conn id: 2090, flow_id: FPGA:90, sibling_flags 80000046, crypto map: ra-vpn
sa timing: remaining key lifetime (k/sec): (4550170/3437)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:hi Maximilian Schojohann..
First i would like to Thank you for showing interest in solving my issue...After some research i found that desabling the " IP CEF" will solve the issue...when i desable i was able to communicate success fully with the router lan..But when i desable " IP CEF " Router cpu processer goes to 99% and hangs...
In the output of " sh process cpu" it shows 65% of utilization from "IP INPUT"
so plz give me an alternate solution ....thanks in advance.... -
192.1681.1 not able to connect to this page
I am having trouble connecting to connecting to the Routers Web-based setup page 192.168.1.1 How do i connect to that. I have reset my modem and my router but still no success. The model router i have is WRT160N.
To view the router's web pages:
You do not need an Internet connection. The router's "web pages" are built into the router.
Use Internet Explorer, it usually works.
JavaScript must be enabled.
Use a computer that is wired to the router.
In the non-working computer, temporarily turn off your software firewall.
Point your browser to 192.168.1.1 , then login to your router. Your user name should be left blank. Your password is "admin" (with no quotes), unless you changed it.
If you are using Zone Alarm, right click on the ZA icon in the system tray (lower right corner of screen) and then click "Shutdown ZoneAlarm", and see if this fixes your problem. If this does not work, try the following with Zone Alarm: Open the ZAISS control center, go to Privacy, then temporarily turn off Ad Blocking and Cookie Control, and see if that fixes your problem.
Some Zone Alarm users have reported that adding 192.168.1.1 to their list of "trusted" addresses fixed the problem. This trick might also work with other firewalls.
If you are using Noton Internet Security with the Add-on Pack, be sure to turn off the Pop-up Blocker, and the Ad blocker. Some users have reported that they needed to uninstall the entire Norton Add-on Pack.
If you cannot get anything at 192.168.1.1 then perhaps this is not your router's address. Go to "Start" > All Programs > Accessories > Command Prompt.
A black DOS box will appear. Type in "ipconfig" (with no quotes), then hit the Enter key. Look at the "Default Gateway". Is it 192.168.1.1 ? Point your browser to the "Default Gateway", then login to your router.
If the above fails, disconnect your modem from the router, and try again. If this corrects your problem, then most likely you have a "modem-router" rather than an ordinary modem. Report back with this problem, and also state the make and exact model number of your modem (not the router).
If all of the above fails, power down your entire system, unplug it from the wall, wait one minute, then power up and try again.
If all of the above tips fail, then reset the router to factory defaults: Power down the router and disconnect all wires from it. Wait one minute. Power up the router, allow it to fully boot (1-2 minutes), then press and hold the reset button for 30 seconds, then release the button and allow the router to reset and reboot ( 2-3 minutes). Power down router. Wait one minute. Connect one computer, by wire, to a LAN port on the router. Boot up system. It should work.
If you still have trouble, then you need to download and install (or re-install) the latest firmware for your router. After the firmware upgrade, you must reset the router to factory defaults, then setup the router again from scratch. If you saved a router configuration file, DO NOT use it. -
5 Different movies have been deleted from my Itunes account. They have been purchased and downloaded to my Ipad. I cannot watch them on my desktop that I used to download them in the first place. This has just happened over the last week. How can I RE-download them back to my desktop computer. I will need them for my new Ipad3.
Hello gpbondi,
The following article provdies step-by-step instructions for downloading your purchases both in iTunes and on your devices.
Download past purchases
http://support.apple.com/kb/HT2519
Cheers,
Allen -
INCLUDE ZXRSRU01 : Not able to code in this
Hi Experts,
I have created a project and assigned the enhancement RSR00001, within that in the function exit EXIT_SAPLRRS0_001 - > include ZXRSRU01, when i try to open this ZXRSRU01 it's givng me warning
"Program names ZX... are reserved for includes of exit function groups"
How to rectify it ?Hi,
Don't worry, just confiirm message by pressing 'Enter'.
Then include should be created and ready for input.
Hope this helps
Joe -
User not able to connect to the WIreless
We are facing the issue with a client he is getting the Ip but we are not able to ping even it fails to get the lenk test from the WLC.AP is registered to the Centralised WLC and other users are able to get the access with out any problem .Below are the loggs i got for the user .
debug client 1c:65:9d:a4:ea:b6
(Cisco Controller) >*DHCP Socket Task: Dec 05 09:47:07.361: 8c:70:5a:c6:86:28 DHCP received op BOOTREPLY (2) (len 330,vlan 0, port 13, encap 0xec03)
*emWeb: Dec 06 08:20:19.255: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:20:19.256: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:20:19.259: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
(Cisco Controller) >debug client 1c:65:9d:a4:ea:b6
(Cisco Controller) >*apfMsConnTask_6: Dec 06 08:21:19.495: 1c:65:9d:a4:ea:b6 Association received from mobile on BSSID 20:37:06:7c:53:a0
*apfMsConnTask_6: Dec 06 08:21:19.498: 1c:65:9d:a4:ea:b6 Global 200 Clients are allowed to AP radio
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Max Client Trap Threshold: 0 cur: 18
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Re-applying interface policy for client
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 10.15.73.240 RUN (20) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2164)
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 10.15.73.240 RUN (20) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2185)
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 In processSsidIE:4619 setting Central switched to FALSE
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Applying site-specific Local Bridging override for station 1c:65:9d:a4:ea:b6 - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 Applying Local Bridging Interface Policy for station 1c:65:9d:a4:ea:b6 - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_6: Dec 06 08:21:19.499: 1c:65:9d:a4:ea:b6 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 STA - rates (8): 130 132 139 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 STA - rates (12): 130 132 139 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Processing RSN IE type 48, length 20 for mobile 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Received RSN IE with 0 PMKIDs from mobile 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Found an cache entry for BSSID 20:37:06:7c:53:a0 in PMKID cache at index 0 of station 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Removing BSSID 20:37:06:7c:53:a0 from PMKID cache of station 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Resetting MSCB PMK Cache Entry 0 for station 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Setting active key cache index 0 ---> 8
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 unsetting PmkIdValidatedByAp
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 apfMsRunStateDec
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 apfMs1xStateDec
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 RUN (20) Change state to START (0) last state RUN (20)
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 pemApfAddMobileStation2: APF_MS_PEM_WAIT_L2_AUTH_COMPLETE = 0.
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 START (0) Initializing policy
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 START (0) Change state to AUTHCHECK (2) last state START (0)
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) DHCP required on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1for this client
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_6: Dec 06 08:21:19.500: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 1c:65:9d:a4:ea:b6 on AP 20:37:06:7c:53:a0 from Associated to Associated
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 apfPemAddUser2:session timeout forstation 1c:65:9d:a4:ea:b6 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 Sending Assoc Response to station on BSSID 20:37:06:7c:53:a0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_6: Dec 06 08:21:19.501: 1c:65:9d:a4:ea:b6 apfProcessAssocReq (apf_80211.c:7957) Changing state for mobile 1c:65:9d:a4:ea:b6 on AP 20:37:06:7c:53:a0 from Associated to Associated
*apfMsConnTask_6: Dec 06 08:21:19.510: 1c:65:9d:a4:ea:b6 Updating AID for REAP AP Client 20:37:06:7c:53:a0 - AID ===> 7
*dot1xMsgTask: Dec 06 08:21:19.511: 1c:65:9d:a4:ea:b6 Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Dec 06 08:21:19.511: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Connecting state
*dot1xMsgTask: Dec 06 08:21:19.511: 1c:65:9d:a4:ea:b6 Sending EAP-Request/Identity to mobile 1c:65:9d:a4:ea:b6 (EAP Id 1)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.010: 1c:65:9d:a4:ea:b6 Received EAPOL START from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.010: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Connecting state
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.010: 1c:65:9d:a4:ea:b6 Sending EAP-Request/Identity to mobile 1c:65:9d:a4:ea:b6 (EAP Id 2)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.018: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.018: 1c:65:9d:a4:ea:b6 Received Identity Response (count=2) from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.018: 1c:65:9d:a4:ea:b6 EAP State update from Connecting to Authenticating for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.018: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Authenticating state
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.018: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.023: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.023: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=160) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.023: 1c:65:9d:a4:ea:b6 WARNING: updated EAP-Identifier 2 ===> 160 for STA 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.023: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 160)
*apfMsConnTask_6: Dec 06 08:21:20.031: 1c:65:9d:a4:ea:b6 Association received from mobile on BSSID 20:37:06:7c:53:a0
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Global 200 Clients are allowed to AP radio
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Max Client Trap Threshold: 0 cur: 19
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Rf profile 600 Clients are allowed to AP wlan
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Applying Interface policy on Mobile, role Local. Ms NAC State 2 Quarantine Vlan 0 Access Vlan 0
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Re-applying interface policy for client
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Changing IPv4 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2164)
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Changing IPv6 ACL 'none' (ACL ID 255) ===> 'none' (ACL ID 255) --- (caller apf_policy.c:2185)
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 apfApplyWlanPolicy: Apply WLAN Policy over PMIPv6 Client Mobility Type
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 In processSsidIE:4619 setting Central switched to FALSE
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Applying site-specific Local Bridging override for station 1c:65:9d:a4:ea:b6 - vapId 1, site 'default-group', interface 'management'
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 Applying Local Bridging Interface Policy for station 1c:65:9d:a4:ea:b6 - vlan 0, interface id 0, interface 'management'
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 processSsidIE statusCode is 0 and status is 0
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 processSsidIE ssid_done_flag is 0 finish_flag is 0
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 STA - rates (8): 130 132 139 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 suppRates statusCode is 0 and gotSuppRatesElement is 1
*apfMsConnTask_6: Dec 06 08:21:20.032: 1c:65:9d:a4:ea:b6 STA - rates (12): 130 132 139 150 36 48 72 108 12 18 24 96 0 0 0 0
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 extSuppRates statusCode is 0 and gotExtSuppRatesElement is 1
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Processing RSN IE type 48, length 20 for mobile 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Received RSN IE with 0 PMKIDs from mobile 1c:65:9d:a4:ea:b6
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Setting active key cache index 8 ---> 8
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 unsetting PmkIdValidatedByAp
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Initializing policy
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Change state to AUTHCHECK (2) last state 8021X_REQD (3)
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 10.15.73.240 AUTHCHECK (2) Change state to 8021X_REQD (3) last state AUTHCHECK (2)
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) DHCP required on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1for this client
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Not Using WMM Compliance code qosCap 00
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Plumbed mobile LWAPP rule on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1 flex-acl-name:
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 apfPemAddUser2 (apf_policy.c:333) Changing state for mobile 1c:65:9d:a4:ea:b6 on AP 20:37:06:7c:53:a0 from Associated to Associated
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 apfPemAddUser2:session timeout forstation 1c:65:9d:a4:ea:b6 - Session Tout 0, apfMsTimeOut '0' and sessionTimerRunning flag is 0
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Stopping deletion of Mobile Station: (callerId: 48)
*apfMsConnTask_6: Dec 06 08:21:20.033: 1c:65:9d:a4:ea:b6 Func: apfPemAddUser2, Ms Timeout = 0, Session Timeout = 0
*apfMsConnTask_6: Dec 06 08:21:20.034: 1c:65:9d:a4:ea:b6 Sending Assoc Response to station on BSSID 20:37:06:7c:53:a0 (status 0) ApVapId 1 Slot 0
*apfMsConnTask_6: Dec 06 08:21:20.034: 1c:65:9d:a4:ea:b6 apfProcessAssocReq (apf_80211.c:7957) Changing state for mobile 1c:65:9d:a4:ea:b6 on AP 20:37:06:7c:53:a0 from Associated to Associated
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.034: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.034: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 160, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.034: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*dot1xMsgTask: Dec 06 08:21:20.038: 1c:65:9d:a4:ea:b6 Disable re-auth, use PMK lifetime.
*dot1xMsgTask: Dec 06 08:21:20.038: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Connecting state
*dot1xMsgTask: Dec 06 08:21:20.038: 1c:65:9d:a4:ea:b6 Sending EAP-Request/Identity to mobile 1c:65:9d:a4:ea:b6 (EAP Id 1)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.050: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.050: 1c:65:9d:a4:ea:b6 Received Identity Response (count=1) from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.050: 1c:65:9d:a4:ea:b6 EAP State update from Connecting to Authenticating for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.050: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Authenticating state
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.050: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.055: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.055: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=161) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.055: 1c:65:9d:a4:ea:b6 WARNING: updated EAP-Identifier 1 ===> 161 for STA 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.055: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 161)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.063: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.063: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 161, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.064: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.068: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.068: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=162) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.068: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 162)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.083: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.083: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 162, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.083: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.087: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.087: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=163) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.087: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 163)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.111: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.111: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 163, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.111: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.166: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.167: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=164) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.167: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 164)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.173: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.173: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 164, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.173: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.179: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.179: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=165) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.179: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 165)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.184: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.184: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 165, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.184: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.189: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.189: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=166) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.189: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 166)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.200: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.200: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 166, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.200: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.204: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.204: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=167) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.204: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 167)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.216: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.216: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 167, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.216: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.718: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.718: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=168) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.718: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 168)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.725: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.725: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 168, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.725: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.731: 1c:65:9d:a4:ea:b6 Processing Access-Challenge for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.731: 1c:65:9d:a4:ea:b6 Entering Backend Auth Req state (id=169) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.731: 1c:65:9d:a4:ea:b6 Sending EAP Request from AAA to mobile 1c:65:9d:a4:ea:b6 (EAP Id 169)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.738: 1c:65:9d:a4:ea:b6 Received EAPOL EAPPKT from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.738: 1c:65:9d:a4:ea:b6 Received EAP Response from mobile 1c:65:9d:a4:ea:b6 (EAP Id 169, EAP Type 25)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.738: 1c:65:9d:a4:ea:b6 Entering Backend Auth Response state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.746: 1c:65:9d:a4:ea:b6 Processing Access-Accept for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.746: 1c:65:9d:a4:ea:b6 Resetting web IPv4 acl from 255 to 255
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.746: 1c:65:9d:a4:ea:b6 Resetting web IPv4 Flex acl from 65535 to 65535
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Setting re-auth timeout to 0 seconds, got from WLAN config.
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Station 1c:65:9d:a4:ea:b6 setting dot1x reauth timeout = 0
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Stopping reauth timeout for 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Creating a PKC PMKID Cache entry for station 1c:65:9d:a4:ea:b6 (RSN 2)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Resetting MSCB PMK Cache Entry 0 for station 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Setting active key cache index 8 ---> 8
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Setting active key cache index 8 ---> 0
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Adding BSSID 20:37:06:7c:53:a0 to PMKID cache at index 0 for station 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: New PMKID: (16)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: [0000] 8a 3e dc 82 7b 6b ce 00 72 ac 5d be 2a 12 ab a6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 Disabling re-auth since PMK lifetime can take care of same.
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.747: 1c:65:9d:a4:ea:b6 unsetting PmkIdValidatedByAp
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 PMK sent to mobility group
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Sending EAP-Success to mobile 1c:65:9d:a4:ea:b6 (EAP Id 169)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Freeing AAACB from Dot1xCB as AAA auth is done for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Found an cache entry for BSSID 20:37:06:7c:53:a0 in PMKID cache at index 0 of station 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Found an cache entry for BSSID 20:37:06:7c:53:a0 in PMKID cache at index 0 of station 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: Including PMKID in M1 (16)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: [0000] 8a 3e dc 82 7b 6b ce 00 72 ac 5d be 2a 12 ab a6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Starting key exchange to mobile 1c:65:9d:a4:ea:b6, data packets will be dropped
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.748: 1c:65:9d:a4:ea:b6 Sending EAPOL-Key Message to mobile 1c:65:9d:a4:ea:b6
state INITPMK (message 1), replay counter 00.00.00.00.00.00.00.00
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.749: 1c:65:9d:a4:ea:b6 Entering Backend Auth Success state (id=169) for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.749: 1c:65:9d:a4:ea:b6 Received Auth Success while in Authenticating state for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.749: 1c:65:9d:a4:ea:b6 dot1x - moving mobile 1c:65:9d:a4:ea:b6 into Authenticated state
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.766: 1c:65:9d:a4:ea:b6 Received EAPOL-Key from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.766: 1c:65:9d:a4:ea:b6 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.766: 1c:65:9d:a4:ea:b6 Received EAPOL-key in PTK_START state (message 2) from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.766: 1c:65:9d:a4:ea:b6 PMK: Sending cache add
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.766: 1c:65:9d:a4:ea:b6 Stopping retransmission timer for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.767: 1c:65:9d:a4:ea:b6 Sending EAPOL-Key Message to mobile 1c:65:9d:a4:ea:b6
state PTKINITNEGOTIATING (message 3), replay counter 00.00.00.00.00.00.00.01
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.773: 1c:65:9d:a4:ea:b6 Received EAPOL-Key from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.773: 1c:65:9d:a4:ea:b6 Ignoring invalid EAPOL version (1) in EAPOL-key message from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.773: 1c:65:9d:a4:ea:b6 Received EAPOL-key in PTKINITNEGOTIATING state (message 4) from mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 Stopping retransmission timer for mobile 1c:65:9d:a4:ea:b6
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 apfMs1xStateInc
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 10.15.73.240 8021X_REQD (3) Change state to L2AUTHCOMPLETE (4) last state 8021X_REQD (3)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 10.15.73.240 L2AUTHCOMPLETE (4) DHCP required on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1for this client
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 Not Using WMM Compliance code qosCap 00
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 10.15.73.240 L2AUTHCOMPLETE (4) Plumbed mobile LWAPP rule on AP 20:37:06:7c:53:a0 vapId 1 apVapId 1 flex-acl-name:
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 apfMsRunStateInc
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 10.15.73.240 L2AUTHCOMPLETE (4) Change state to RUN (20) last state L2AUTHCOMPLETE (4)
*Dot1x_NW_MsgTask_6: Dec 06 08:21:20.774: 1c:65:9d:a4:ea:b6 10.15.73.240 RUN (20) Reached PLUMBFASTPATH: from line 6233
*DHCP Socket Task: Dec 06 08:21:20.796: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:20.800: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:20.800: 1c:65:9d:a4:ea:b6 DHCP dropping ACK from 10.14.90.71 (yiaddr: 10.15.73.240)
*DHCP Socket Task: Dec 06 08:21:20.816: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:20.817: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:20.817: 1c:65:9d:a4:ea:b6 DHCP dropping ACK from 10.14.90.71 (yiaddr: 10.15.73.240)
*DHCP Socket Task: Dec 06 08:21:24.515: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:24.517: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:24.517: 1c:65:9d:a4:ea:b6 DHCP dropping ACK from 10.14.90.71 (yiaddr: 10.15.73.240)
*DHCP Socket Task: Dec 06 08:21:24.520: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:24.520: 1c:65:9d:a4:ea:b6 DHCP received op BOOTREPLY (2) (len 364,vlan 0, port 13, encap 0xec03)
*DHCP Socket Task: Dec 06 08:21:24.520: 1c:65:9d:a4:ea:b6 DHCP dropping ACK from 10.14.90.71 (yiaddr: 10.15.73.240)
*emWeb: Dec 06 08:21:52.267: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:21:52.270: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
(Cisco Controller) >undebug
Incorrect usage. Use the '?' or <TAB> key to list commands.
(Cisco Controller) >*emWeb: Dec 06 08:21:52.272: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:23:25.462: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:23:25.463: 1c:65:9d:a4:ea:b6 Central Switch = FALSE
*emWeb: Dec 06 08:23:25.464: 1c:65:9d:a4:ea:b6 Central Switch = FALSEPlease upgrade the WLC
-
Not able to connect linux database instance in another machine
Hi,
I have installed oracle 10g database server in Linux, and i created one database instance. and i have added tns entry and listener entry.
I am to connect the database on that machine. but not in different machine. i am able to access/ping linux machine in another machine also.
while creating tns entry for linux database instance in another machine using "netca" i am getting this error.
Connecting...ORA-12560: TNS:protocol adapter error
The test did not succeed.
Some of the information you provided may be incorrect.
Click Back to review the information provided for net service name, or Change Login to change username.
I verified listener and tns entry ( i think for this listener configuration is enough) also. and database is up.
If anybody knows why i am not able to connect linux database in another machine. is there any network configurations other than listener configuration.
Thanks in advance.yes i tried to connect with ORACLE_SID, its successful. and using tnsname like you said.
Instead of using netca to create the tnsnames.ora entry on the second server, copy the tnsnames.ora entry from the DB server. Then use tnsping to test connection :-i done above but not able to ping the tns name, i am getting this error.
TNS-12560: TNS:protocol adapter error
------------------------------------------------ -
Not able to used internet via intravlan
I HAVE ONE LAYER-3 SWITCH.(SGE2000-CISCO SMALL BUSINESS).
I HAVE THREE WEB MANAGED SWITCH.(SRRW224G4-CISCO SMALL BUSINESS)
NOW, ALL WEB MANAGED SWITCHES ARE FIXED IN THREE DIFFERENT DEPARTMENT. & LAYER-3 SWITCH IS FIXED IN CENTRAL SERVER LOCATION.
IN L-3 SWITCH, I HAVE CREATED THREE DIFFERENT VLANS & GIVEN DIFFERENT SUBNET TO EACH VLAN.
NAMELY,
(DEFAULT VALAN ID -100 & SUBNET IP:192.168.100.1/24)
(FIRST VALAN ID -10 & SUBNET IP:192.168.10.1/24)
(SECOND VALAN ID -20 & SUBNET IP:192.168.20.1/24)
(THIRD VALAN ID -30 & SUBNET IP:192.168.30.1/24)
NOW,
EACH DEPARTMENT SWITCH ARE ATTACHED TO L-3 AS PER THE PARTICULAR VLAN SEGMENT.
ON L-3 SWITCH,
TWO SERVERS ARE ATTACHED ON DEFAULT VALAN WITH THE SAME CLASS IP & GATEWAY OF DEFAULT VLAN IP(i.e. 192.168.100.1)
IN THIS CASE ALL THE PC FROM DIFFERENT VLANS ARE ABLE TO PING THE SERVER DUE TO INTRAVLAN COMMUNICATION.
PROBLEM:
I HAVE ALSO ATTACHE ONE LINKSYS BROAD BAND ROUTER(WRT54GL) IN DEFAULT VLAN OF THE L-3 SWITCH, WITH THE IP ADDRESS OF 192.168.100.20/24.
I AM NOT ABLE TO GIVE THE GATEWAY ADDRESS ON THE LAN SEGMENT OF THE ROUTER & HENCE INTRA-VLAN PCS ARE NOT ABLE TO PING THEM & NOT ABLE TO USE THE INTERNET.
********* HOW INTRA-VLAN PCS ARE ABLE TO USE INTERNET?***********There are plenty of packet data services that your phone can use & some provider does not offer or configured automatically in your phone. When you browse the internet without using the modem, you might be connected by WCDMA (packet data) & when you use the modem, it's using another services such as GPRS in which your phone is not configured or your service provider not activated. Go to connection & check all access point if all are in order.
Knowledge not shared is knowledge wasted!
If you find it helpfull, it's not hard to click the STAR.. -
Flexconnect AP(Local Switching) Wireless clients are not able communicate eachother
Hi,
Scenario : We are deployed the WLC in Corparate Office and Access Points are placed in Branch Office with FlexConnect Local Switching mode.
In this case, I am not able to Ping the Wireless clients eachother . Peer to Peer Block Option also Disabled.
Some time Wireless clients Ping eachother & some times not. Both Wireless clients are associated with Same AP & Same WLAN SSID.
Please help me urgent ..
Devices :
1)WLC 2500 series , Software 7.2
2)Cisco 1400 series APs
3)CISCO ACS server for AAA authentication
Regards,
Shanmugam NachimuthuHi Shanmugam,
Please apply following steps to configure P2P setting for WLAN:
Step 1 Choose WLANs to open the WLANs page.
Step 2 Click the ID number of the WLAN for which you want to configure peer-to-peer blocking.
Step 3 Choose the Advanced tab to open the WLANs > Edit (Advanced) page.
Step 4 Choose one of the following options from the P2P Blocking drop-down list:
• Disabled — Disables peer-to-peer blocking and bridges traffic locally within the controller whenever possible. This is the default value.
NOTE: Traffic is never bridged across VLANs in the controller.
• Drop—Causes the controller to discard the packets.
• Forward - Upstream — causes the packets to be forwarded on the upstream VLAN. The device above the controller decides what action to take regarding the packets.
NOTE: To enable peer-to-peer blocking on a WLAN configured for FlexConnect local switching, select Drop from the P2P Blocking drop-down list and select the FlexConnect Local Switching check box.
Step 5 Click Apply to commit your changes.
Step 6 Click Save Configuration to save your changes.
Thanks,
Prashant Gondaliya
Maybe you are looking for
-
How to calculate totals in Blocked ALV Report
Hi All, Can any body tell how to calculate totals & sub totals in Blocked ALV Report[Blocked List]. Thanks in advance Thanks & Regards, Rayeezuddin.
-
View related services for Dictionaries
View related services for Dictionaries It would be handy to see what services are using a dictionary when you're considering changing the dictionary - to prevent loss of services. Occassionally changes are required and if you have a lot of services,
-
Unable to completely download the firefox upgrade. For whatever reason it is not automatically updating it. I forced it this time and at the very end the progress wheel just spins and spins. (Happens on other web pages as well, specifically yahoo mai
-
How can I open a PDF file without first saving the file?
How can I open a PDF file without first having to save the file?
-
Changing AppleID in iCloud on phone
My AppleID in the settings>iCloud tab of my iphone4 is incorrect. A box pops up to tell me that it is incorrect, and I can either edit or ignore. When I select 'edit' the account information pops up: AppleID, password, and description. the problem