Order of Shutdown VPN Concentrators
We have two 3005 VPN Concentrators. We set them up as Load Balancing. We need to shutdown the VPN Concentrators because the building needs to shutdown the power. What are the orders of shutting down and bringing them back up? Would you bring down the Secondary VPN Concentrator first, then bring down the Primary VPN Concentrator? To bring them up, would you bring the Primary VPN Concentrator first, then the Secondary VPN Concentrator?
Thanks.
you shut down the VPN Concentrator before you turn power off. If you just turn power off without shutting down, you may corrupt flash memory and affect subsequent operation of the system.
This guide has informationon the procedures to shutdown the VPN concentrator
http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/administration/guide/sysrbt.html
Similar Messages
-
How do I change the display order in the VPN menu in the status bar?
Hello,
How do I change the display order in the VPN menu in the status bar?
(in the drop-down menu from this icon) ->
Thanks.Hello. Perhaps this is because you are trying to arrange the order of many VPN services, since only one VPN service can be selected at once in System Preferences. In my original post, I did not mean that; I meant that I wanted to arrange the order of VPN configurations within a VPN service. In this screenshot, I have one VPN service only:
And in the following one, it is shown that there are more than one VPN configurations within that VPN service:
Furthermore, it was the order of VPN configurations that I wanted to change, not the order of VPN services. If you are trying to change the order of VPN services, I do not have a solution. -
What is the correct order to shutdown and startup RAC system
anyone please take a look if my order of shutdown and restart is correct.
This is two node RAC,
1) srvctl stop database -d db_unique_name
2)srvctl stop nodeapps -n node1
3)srvctl stop nodeapps -n node2
4)srvctl stop asm -n rac1
5)srvctl stop asm -n rac2
6)srvctl stop listener -n rac1
7)srvctl stop listener -n rac2
8) crsctl stop cluster all
when I restart RAC, use
1)crsctl start cluster all
2)srvctl start listener -n rac1
3)srvctl start listener -n rac2
4)srvctl start asm -n rac1
5)srvctl start asm -n rac2
6)srvctl start nodeapps -n node1
7)srvctl start nodeapps -n node2
8)srvctl start database -d db_unique_nameHi,
1.) I would specify -o immediate. Otherwise your stop of the database can take quite a while.
2.) Actually nothing else (except the database) needs a clean shutdown. I would simply stop the cluster than with crsctl stop cluster all.
4.) Also note if you have Voting and OCR in ASM this step won't be successfull (since it can't stop ASM as long as the cluster is running).
8.) Note that crsctl stop cluster will leave the OHASD running (and also some other processes, check with crsctl stat res -t -init).
If you need to really stop everything you have to execute crsctl stop crs on each node (they are not clusterwide).
Startup:
CRSCTL start CLUSTER ALL should actually bring a lot of things up... but this depends also on what has been stopped (since this is recorded in the OCR).
But at least ASM and listener should startup automatically (even if they were stopped before).
So normally it is enough to start the database. But I would not start the database, I would startup the services (which the database services). Because this will bring up the database.
Otherwise you might end up with a running database, but with no active services.
Regards
Sebastian -
Load-balancing nat-t connections to VPN concentrators
I'm currently using a CSS to provide redundancy across some nat-t VPN RAS sessions to some VPN concentrators (in different geographical areas) This works fine, but because I have to create content rules for both UDP 500 and UDP 4500 traffic, I'm concenred that if I move to a genuine load-balanced arrangement instead of merely redundancy, the CSS units might decide to direct UDP500 traffic from a remote user to one concentrator, and the subsequent UDP4500 traffic to another. I tried port ranges and a single content rule - no success. Does anyone know how to associate 2 udp content rules to enforce traffic symmetry, or will a default srcip balancing rule see the concentrator balance traffic based on srcip globally across all content rules?
if you do balance srcip, the CSS will use a hash and this hash function should be the same for all the content rules, so giving you the same results.
A single layer3 content rule with advanced-balance sitcky-srcip should work as well.
Regards,
Gilles. -
VPN Concentrators Replaced?
I see EOL messages on the VPN Concentrators homepage. Are these being replaced with ASA 5500 devices?
Second question, then will the ASA 5500 VPN editions support Vista Clients with some type of Mandatory Client Firewall Enabled Detection Policy?
Meaning, you require Vista to have a firewall enabled before it connects to your network via VPN. Otherwise, its a big gaping hole in your network.Yes, VPN3000's are being replaced by the ASAs.
Regarding client firewall, I think you are talking about the Push Policy or Central Protection Policy (CPP).
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpngrp.html#wp1182773
Regards,
Arul
** Please rate all helpful posts ** -
Cisco NAC with VPN Concentrators
Looking at the deployment guidelines for NAC integration with VPN Concentrators:
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cas/s_vpncon.html
Is it possible to define traffic which is exempt from NAC enforcement, for example traffic associated for LAN-to-LAN VPNs?NAC enforcements do not work for traffic types. Following links may help you
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cam/m_addSrv.html
http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/413/cam/m_cca.html -
Hide Shutdown or change order of Shutdown option in Server 2012 R2
Is it possible to either hide Shutdown from the Shut down or sign out menu, or to change the order they appear on screen?The order of the options is really poor, Sign out and Shut down one above the other in the middle of the menu is a recipe for disaster,
as I have encountered recently when 2 servers where shut down accidentally.
I know I can use a GPO to remove the Shut down, restart, sleep and hibernate options, but restart is kind of useful, and not everybody knows about Run > Shutdown -r
Anyone know if this can be done and, if so, how?Hi,
Thanks for posting here.
It might not be able to hide the shutdown on the menu. However, you can use the group policy to remove the shut down, restart, sleep and hibernate options. As you mentioned that the restart is very useful, also you can scheduled a task on the server to reboot
the server automaticlly.
Best Regards,
Elaine
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
I have a new iMac at home and use a PC at work. My work PC has VPN/Remote Desktop software on it. I would like to be able to access my PC from home on my iMac using this VPN. I am not sure how to make that happen.
Office 2011 is not compatbile with Exchange 2003.
I suggest you post further Office related questions on Microsoft's own forums for their Mac software:
http://answers.microsoft.com/en-us/mac -
Oracle db 11.2 shutdown order
I need to run a shutdown script before doing a backup image of the server..
is this the proper order to shutdown the services on windows..
net stop "OracleOraDb11g_home1TNSListener"
net stop "OracleServiceORCL"
net stop "OracleOHService"
net stop "OracleMTSRecoveryService"
net stop "OracleOraCrs11g_home1TNSListener"
net stop "OracleASMService+ASM"Hi ,
check
http://www.filibeto.org/sun/lib/nonsun/oracle/11.1.0.6.0/B28359_01/install.111/b28264/procstop.htm
Thanks -
ReplicatedEnvironment does not startup after an all nodes ordered shutdown.
Hi all,
We are having problems to startup a ReplicatedEnvironment after an ordered successfully shutdown of all nodes.
h4. Scenario:
<li>5 servers: Solaris 10 + JRE 1.6.0_17 64bits + BDBJE 4.0.103</li>
<li>Each server is running one jvm process with 7 replicated environments.</li>
h4. Problem:
After a full ordered shutdown where the JVM process on each server successfully closes all ReplicatedEnvironment instances, some ReplicatedEnvironment instance does not startup.
Master and Replicas are successfully set but it seems that "environment is not really open. In fact je.info.X is nor je.lck file is created.
The only way we found to successfully startup is by copying all "master" files to each "replica".
The follow appears on each environment log:
100623 15:01:43:107 INFO [XXXXXXbe01A] Replica IO exception: Expected bytes: 6 read bytes: 0
java.io.IOException: Expected bytes: 6 read bytes: 0
at com.sleepycat.je.rep.utilint.BinaryProtocol.fillBuffer(BinaryProtocol.java:367)
at com.sleepycat.je.rep.utilint.BinaryProtocol.read(BinaryProtocol.java:388)
at com.sleepycat.je.rep.impl.node.Replica.doRunReplicaLoopInternalWork(Replica.java:415)
at com.sleepycat.je.rep.impl.node.Replica.runReplicaLoopInternal(Replica.java:353)
at com.sleepycat.je.rep.impl.node.Replica.runReplicaLoop(Replica.java:295)
at com.sleepycat.je.rep.impl.node.RepNode.run(RepNode.java:926)
Any help? I would like to attach all logs but it exceeds the post limit.
It would be nice to have a way for attaching log files (compressed with 7-ZIP PPMd if storage space is a problem).
Thanks in advance.
/César.
Edited by: Cesar Alvarez on 25-jun-2010 20:08h4. MBOX01
100623 15:00:47:421 INFO [-------mbox01A] Started ServiceDispatcher. HostPort=-------mbox01-ce1:5200
100623 15:00:47:431 INFO [-------mbox01A] Current group size: 5
100623 15:00:47:436 INFO [-------mbox01A] Existing node -------mbox01A querying for a current master.
100623 15:00:47:450 INFO [-------mbox01A] Master changed to -------be02A
100623 15:00:47:457 INFO [-------mbox01A] Node -------mbox01A started
100623 15:00:47:458 INFO [-------mbox01A] Replica loop started with master: -------be02A(1)
100623 15:00:47:462 INFO [-------mbox01A] Replica-feeder handshake start
100623 15:00:47:471 INFO [-------mbox01A] Replica-feeder -------be02A handshake completed.
100623 15:00:47:475 INFO [-------mbox01A] Replica-feeder -------be02A syncup started. Replica range: first=1 last=3,450 sync=3,450 txnEnd=3,450
100623 15:00:47:482 INFO [-------mbox01A] Rollback to matchpoint 3,450 at 0x0/0x59c01 status=No active txns, nothing to rollback
100623 15:00:47:483 INFO [-------mbox01A] Replica-feeder -------be02A start stream at VLSN: 3,451
100623 15:00:47:483 INFO [-------mbox01A] Replica-feeder -------be02A syncup ended. Elapsed time: 9ms
100623 15:00:47:487 INFO [-------mbox01A] Replica initialization completed. Replica VLSN: 3,450 Heartbeat master commit VLSN: 3,450 VLSN delta: 0
100623 15:00:47:489 INFO [-------mbox01A] Finished joinGroup REPLICAconsistencyPolicy=PointConsistencyPolicy targetVLSN=3,450 first=1 last=3,450 sync=3,450 txnEnd=3,450
100623 15:00:47:490 INFO [-------mbox01A] Refreshed 0 monitors.
100623 15:01:43:109 INFO [-------mbox01A] Replica IO exception: Expected bytes: 6 read bytes: 0
java.io.IOException: Expected bytes: 6 read bytes: 0
at com.sleepycat.je.rep.utilint.BinaryProtocol.fillBuffer(BinaryProtocol.java:367)
at com.sleepycat.je.rep.utilint.BinaryProtocol.read(BinaryProtocol.java:388)
at com.sleepycat.je.rep.impl.node.Replica.doRunReplicaLoopInternalWork(Replica.java:415)
at com.sleepycat.je.rep.impl.node.Replica.runReplicaLoopInternal(Replica.java:353)
at com.sleepycat.je.rep.impl.node.Replica.runReplicaLoop(Replica.java:295)
at com.sleepycat.je.rep.impl.node.RepNode.run(RepNode.java:926)
100623 15:01:43:110 INFO [-------mbox01A] Exiting inner Replica loop.
100623 15:01:43:111 INFO [-------mbox01A] Replica stats - Lag waits: 0 Lag wait time: 0ms. VLSN waits: 0 Lag wait time: 0ms.
100623 15:01:43:130 INFO [-------mbox01A] Election initiated; election #1
100623 15:01:43:149 INFO [-------mbox01A] Started election thread Wed Jun 23 15:01:43 CEST 2010
100623 15:01:45:188 INFO [-------mbox01A] Winning proposal: Proposal(0000012964e65b45:000000000000000000000000c1948046:00000002) Value: Value:172.17.227.4$$$5200$$$-------be01A$$$5
100623 15:01:45:199 INFO [-------mbox01A] Master changed to -------be01A
100623 15:01:45:200 INFO [-------mbox01A] Election finished. Elapsed time: 2070ms
100623 15:01:45:201 INFO [-------mbox01A] Election thread exited. Group master: -------be01A(5)
100623 15:01:45:215 INFO [-------mbox01A] Replica loop started with master: -------be01A(5)
100623 15:01:45:218 INFO [-------mbox01A] Exiting inner Replica loop.
100623 15:01:45:219 INFO [-------mbox01A] Replica stats - Lag waits: 0 Lag wait time: 0ms. VLSN waits: 0 Lag wait time: 0ms.
100623 15:01:45:219 INFO [-------mbox01A] Retry #: 0/10 Will retry replica loop after 1000ms.
100623 15:01:46:227 INFO [-------mbox01A] Replica loop started with master: -------be01A(5)
100623 15:01:46:230 INFO [-------mbox01A] Replica-feeder handshake start
100623 15:01:46:295 INFO [-------mbox01A] Replica-feeder -------be01A handshake completed.
100623 15:01:46:296 INFO [-------mbox01A] Replica-feeder -------be01A syncup started. Replica range: first=1 last=3,450 sync=3,450 txnEnd=3,450
100623 15:01:46:330 INFO [-------mbox01A] Rollback to matchpoint 3,450 at 0x0/0x59c01 status=No active txns, nothing to rollback
100623 15:01:46:331 INFO [-------mbox01A] Replica-feeder -------be01A start stream at VLSN: 3,451
100623 15:01:46:332 INFO [-------mbox01A] Replica-feeder -------be01A syncup ended. Elapsed time: 36ms
100623 15:01:46:353 INFO [-------mbox01A] Replica initialization completed. Replica VLSN: 3,450 Heartbeat master commit VLSN: 3,450 VLSN delta: 0
100623 15:09:43:728 INFO [-------mbox01A] Started ServiceDispatcher. HostPort=-------mbox01-ce1:5200
100623 15:09:43:747 INFO [-------mbox01A] Current group size: 5
100623 15:09:43:753 INFO [-------mbox01A] Existing node -------mbox01A querying for a current master.
100623 15:09:43:775 INFO [-------mbox01A] Node -------mbox01A started
100623 15:09:43:776 INFO [-------mbox01A] Election initiated; election #1
100623 15:09:43:777 INFO [-------mbox01A] Started election thread Wed Jun 23 15:09:43 CEST 2010
100623 15:09:45:727 INFO [-------mbox01A] Master changed to -------be02A
100623 15:09:45:728 INFO [-------mbox01A] Election finished. Elapsed time: 1952ms
100623 15:09:45:728 INFO [-------mbox01A] Exiting election after 1 retries
100623 15:09:45:729 INFO [-------mbox01A] Replica loop started with master: -------be02A(1)
100623 15:09:45:729 INFO [-------mbox01A] Election thread exited. Group master: -------be02A(1)
100623 15:09:45:734 INFO [-------mbox01A] Exiting inner Replica loop.
100623 15:09:45:735 INFO [-------mbox01A] Replica stats - Lag waits: 0 Lag wait time: 0ms. VLSN waits: 0 Lag wait time: 0ms.
100623 15:09:45:735 INFO [-------mbox01A] Retry #: 0/10 Will retry replica loop after 1000ms.
100623 15:09:46:739 INFO [-------mbox01A] Replica loop started with master: -------be02A(1)
100623 15:09:46:743 INFO [-------mbox01A] Replica-feeder handshake start
100623 15:09:46:799 INFO [-------mbox01A] Replica-feeder -------be02A handshake completed.
100623 15:09:46:800 INFO [-------mbox01A] Replica-feeder -------be02A syncup started. Replica range: first=1 last=3,450 sync=3,450 txnEnd=3,450
100623 15:09:46:830 INFO [-------mbox01A] Rollback to matchpoint 3,450 at 0x0/0x59c01 status=No active txns, nothing to rollback
100623 15:09:46:830 INFO [-------mbox01A] Replica-feeder -------be02A start stream at VLSN: 3,451
100623 15:09:46:831 INFO [-------mbox01A] Replica-feeder -------be02A syncup ended. Elapsed time: 31ms
100623 15:09:46:841 INFO [-------mbox01A] Replica initialization completed. Replica VLSN: 3,450 Heartbeat master commit VLSN: 3,450 VLSN delta: 0
100623 15:09:46:843 INFO [-------mbox01A] Finished joinGroup REPLICAconsistencyPolicy=PointConsistencyPolicy targetVLSN=3,450 first=1 last=3,450 sync=3,450 txnEnd=3,450
100623 15:09:46:844 INFO [-------mbox01A] Refreshed 0 monitors.
100623 21:14:46:560 INFO [-------mbox01A] Started ServiceDispatcher. HostPort=-------mbox01-ce1:5200
100623 21:14:46:579 INFO [-------mbox01A] Current group size: 5
100623 21:14:46:585 INFO [-------mbox01A] Existing node -------mbox01A querying for a current master.
100623 21:14:46:602 INFO [-------mbox01A] Node -------mbox01A started
100623 21:14:46:603 INFO [-------mbox01A] Election initiated; election #1
100623 21:14:46:604 INFO [-------mbox01A] Started election thread Wed Jun 23 21:14:46 CEST 2010
100623 21:14:48:635 INFO [-------mbox01A] Master changed to -------be02A
100623 21:14:48:636 INFO [-------mbox01A] Election finished. Elapsed time: 2033ms
100623 21:14:48:636 INFO [-------mbox01A] Exiting election after 2 retries
100623 21:14:48:636 INFO [-------mbox01A] Replica loop started with master: -------be02A(1)
100623 21:14:48:637 INFO [-------mbox01A] Election thread exited. Group master: -------be02A(1)
100623 21:14:48:640 INFO [-------mbox01A] Exiting inner Replica loop.
100623 21:14:48:640 INFO [-------mbox01A] Replica stats - Lag waits: 0 Lag wait time: 0ms. VLSN waits: 0 Lag wait time: 0ms.
100623 21:14:48:641 INFO [-------mbox01A] Retry #: 0/10 Will retry replica loop after 1000ms.
100623 21:14:49:650 INFO [-------mbox01A] Replica loop started with master: -------be02A(1)
100623 21:14:49:653 INFO [-------mbox01A] Replica-feeder handshake start
100623 21:14:49:706 INFO [-------mbox01A] Replica-feeder -------be02A handshake completed.
100623 21:14:49:707 INFO [-------mbox01A] Replica-feeder -------be02A syncup started. Replica range: first=1 last=4,246 sync=4,246 txnEnd=4,246
100623 21:14:49:736 INFO [-------mbox01A] Rollback to matchpoint 4,246 at 0x0/0x76d09 status=No active txns, nothing to rollback
100623 21:14:49:737 INFO [-------mbox01A] Replica-feeder -------be02A start stream at VLSN: 4,247
100623 21:14:49:737 INFO [-------mbox01A] Replica-feeder -------be02A syncup ended. Elapsed time: 30ms
100623 21:14:49:752 INFO [-------mbox01A] Replica initialization completed. Replica VLSN: 4,246 Heartbeat master commit VLSN: 4,246 VLSN delta: 0
100623 21:14:49:754 INFO [-------mbox01A] Finished joinGroup REPLICAconsistencyPolicy=PointConsistencyPolicy targetVLSN=4,246 first=1 last=4,246 sync=4,246 txnEnd=4,246
100623 21:14:49:755 INFO [-------mbox01A] Refreshed 0 monitors.
100624 19:06:26:933 INFO [-------mbox01A] Started ServiceDispatcher. HostPort=-------mbox01-ce1:5200
100624 19:06:26:951 INFO [-------mbox01A] Current group size: 5
100624 19:06:26:959 INFO [-------mbox01A] Existing node -------mbox01A querying for a current master.
100624 19:06:26:976 INFO [-------mbox01A] Node -------mbox01A started
100624 19:06:26:977 INFO [-------mbox01A] Election initiated; election #1
100624 19:06:26:977 INFO [-------mbox01A] Started election thread Thu Jun 24 19:06:26 CEST 2010
100624 19:06:28:452 INFO [-------mbox01A] Master changed to -------mbox02A
100624 19:06:28:456 INFO [-------mbox01A] Exiting election after 1 retries
100624 19:06:28:456 INFO [-------mbox01A] Election finished. Elapsed time: 1479ms
100624 19:06:28:457 INFO [-------mbox01A] Election thread exited. Group master: -------mbox02A(4)
100624 19:06:28:457 INFO [-------mbox01A] Replica loop started with master: -------mbox02A(4)
100624 19:06:28:460 INFO [-------mbox01A] Exiting inner Replica loop.
100624 19:06:28:460 INFO [-------mbox01A] Replica stats - Lag waits: 0 Lag wait time: 0ms. VLSN waits: 0 Lag wait time: 0ms.
100624 19:06:28:460 INFO [-------mbox01A] Retry #: 0/10 Will retry replica loop after 1000ms.
100624 19:06:29:465 INFO [-------mbox01A] Replica loop started with master: -------mbox02A(4)
100624 19:06:29:468 INFO [-------mbox01A] Replica-feeder handshake start
100624 19:06:29:518 INFO [-------mbox01A] Replica-feeder -------mbox02A handshake completed.
100624 19:06:29:520 INFO [-------mbox01A] Replica-feeder -------mbox02A syncup started. Replica range: first=1 last=7,366 sync=7,366 txnEnd=7,366
100624 19:06:29:539 INFO [-------mbox01A] Rollback to matchpoint 7,366 at 0x0/0xc5925 status=End of range equals matchpoint, nothing to rollback
100624 19:06:29:540 INFO [-------mbox01A] Replica-feeder -------mbox02A start stream at VLSN: 7,367
100624 19:06:29:540 INFO [-------mbox01A] Replica-feeder -------mbox02A syncup ended. Elapsed time: 21ms
100624 19:06:29:549 INFO [-------mbox01A] Replica initialization completed. Replica VLSN: 7,366 Heartbeat master commit VLSN: 7,367 VLSN delta: 1
100624 19:06:29:558 INFO [-------mbox01A] Finished joinGroup REPLICAconsistencyPolicy=PointConsistencyPolicy targetVLSN=7,367 first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:06:29:559 INFO [-------mbox01A] Refreshed 0 monitors.
100624 19:16:42:686 INFO [-------mbox01A] Started ServiceDispatcher. HostPort=-------mbox01-ce1:5200
100624 19:16:42:703 INFO [-------mbox01A] Current group size: 5
100624 19:16:42:709 INFO [-------mbox01A] Existing node -------mbox01A querying for a current master.
100624 19:16:42:725 INFO [-------mbox01A] Node -------mbox01A started
100624 19:16:42:725 INFO [-------mbox01A] Election initiated; election #1
100624 19:16:42:726 INFO [-------mbox01A] Started election thread Thu Jun 24 19:16:42 CEST 2010
100624 19:16:43:537 INFO [-------mbox01A] Master changed to -------mbox01A
100624 19:16:43:538 INFO [-------mbox01A] Election finished. Elapsed time: 813ms
100624 19:16:43:539 INFO [-------mbox01A] Exiting election after 1 retries
100624 19:16:43:541 INFO [-------mbox01A] Election thread exited. Group master: -------mbox01A(3)
100624 19:16:43:541 INFO [-------mbox01A] Request for unknown Service: Feeder Registered services: com.tcclient.util.ConcurrentHashMapKeySetWrapper@2d4bdf68
100624 19:16:43:547 INFO [-------mbox01A] Request for unknown Service: Feeder Registered services: com.tcclient.util.ConcurrentHashMapKeySetWrapper@2d4bdf68
100624 19:16:43:564 INFO [-------mbox01A] Feeder manager accepting requests.
100624 19:16:43:568 INFO [-------mbox01A] Finished joinGroup MASTERnull
100624 19:16:43:569 INFO [-------mbox01A] Refreshed 0 monitors.
100624 19:16:44:571 INFO [-------mbox01A] Feeder accepted connection from java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.7:42336]
100624 19:16:44:588 INFO [-------mbox01A] Feeder accepted connection from java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.4:59571]
100624 19:16:44:592 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:16:44:592 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:16:44:592 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:16:44:592 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:16:44:604 INFO [-------mbox01A] Feeder-replica -------be01A handshake completed.
100624 19:16:44:604 INFO [-------mbox01A] Feeder-replica -------be01A handshake completed.
100624 19:16:44:606 INFO [-------mbox01A] Feeder-replica -------be02A handshake completed.
100624 19:16:44:606 INFO [-------mbox01A] Feeder-replica -------be02A handshake completed.
100624 19:16:44:610 INFO [-------mbox01A] Feeder-replica -------be02A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:16:44:610 INFO [-------mbox01A] Feeder-replica -------be01A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:16:44:610 INFO [-------mbox01A] Feeder-replica -------be02A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:16:44:610 INFO [-------mbox01A] Feeder-replica -------be01A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:16:44:635 INFO [-------mbox01A] Feeder-replica -------be01A start stream at VLSN: 5,161
100624 19:16:44:635 INFO [-------mbox01A] Feeder-replica -------be01A start stream at VLSN: 5,161
100624 19:16:44:636 INFO [-------mbox01A] Feeder-replica -------be01A syncup ended. Elapsed time: 28ms
100624 19:16:44:636 INFO [-------mbox01A] Feeder-replica -------be01A syncup ended. Elapsed time: 28ms
100624 19:16:44:641 INFO [-------mbox01A] Feeder-replica -------be02A start stream at VLSN: 5,161
100624 19:16:44:641 INFO [-------mbox01A] Feeder-replica -------be02A start stream at VLSN: 5,161
100624 19:16:44:642 INFO [-------mbox01A] Feeder-replica -------be02A syncup ended. Elapsed time: 34ms
100624 19:16:44:642 INFO [-------mbox01A] Feeder-replica -------be02A syncup ended. Elapsed time: 34ms
100624 19:16:44:642 INFO [-------mbox01A] Feeder output thread for replica -------be01A started at VLSN 5,161 master at 7,367 VLSN delta=2,206 socket=(-------be01A(5))java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.4:59571]
100624 19:16:44:651 INFO [-------mbox01A] Feeder output thread for replica -------be02A started at VLSN 5,161 master at 7,367 VLSN delta=2,206 socket=(-------be02A(1))java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.7:42336]
100624 19:16:51:619 INFO [-------mbox01A] Feeder accepted connection from java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.24:49266]
100624 19:16:51:620 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:16:51:620 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:16:51:627 INFO [-------mbox01A] Feeder-replica -------mbox02A handshake completed.
100624 19:16:51:627 INFO [-------mbox01A] Feeder-replica -------mbox02A handshake completed.
100624 19:16:51:628 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:16:51:628 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:16:51:649 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup ended. Elapsed time: 21ms
100624 19:16:51:649 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup ended. Elapsed time: 21ms
100624 19:16:51:652 INFO [-------mbox01A] Shutting down feeder for replica -------mbox02A Reason: Expected bytes: 6 read bytes: 0 write time: 0ms Avg write time: 40us
100624 19:16:52:745 INFO [-------mbox01A] Feeder accepted connection from java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.24:49274]
100624 19:16:52:746 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:16:52:746 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:16:52:753 INFO [-------mbox01A] Feeder-replica -------mbox02A handshake completed.
100624 19:16:52:753 INFO [-------mbox01A] Feeder-replica -------mbox02A handshake completed.
100624 19:16:52:754 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:16:52:754 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:16:52:790 INFO [-------mbox01A] Feeder-replica -------mbox02A start stream at VLSN: 7,362
100624 19:16:52:790 INFO [-------mbox01A] Feeder-replica -------mbox02A start stream at VLSN: 7,362
100624 19:16:52:790 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup ended. Elapsed time: 36ms
100624 19:16:52:790 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup ended. Elapsed time: 36ms
100624 19:16:52:794 INFO [-------mbox01A] Feeder output thread for replica -------mbox02A started at VLSN 7,362 master at 7,367 VLSN delta=5 socket=(-------mbox02A(4))java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.24:49274]
100624 19:21:47:608 INFO [-------mbox01A] Shutting down feeder for replica -------be02A Reason: Expected bytes: 6 read bytes: 0 write time: 1,142ms Avg write time: 454us
100624 19:21:47:733 INFO [-------mbox01A] Shutting down feeder for replica -------be01A Reason: Expected bytes: 6 read bytes: 0 write time: 928ms Avg write time: 369us
100624 19:21:47:930 INFO [-------mbox01A] Feeder output for replica -------be02A shutdown. feeder VLSN: 7,368 currentCommitVLSN: 7,367
100624 19:21:48:710 INFO [-------mbox01A] Feeder output for replica -------be01A shutdown. feeder VLSN: 7,368 currentCommitVLSN: 7,367
100624 19:21:54:212 INFO [-------mbox01A] Shutting down feeder for replica -------mbox02A Reason: Expected bytes: 6 read bytes: 0 write time: 24ms Avg write time: 78us
100624 19:21:54:750 INFO [-------mbox01A] Feeder output for replica -------mbox02A shutdown. feeder VLSN: 7,368 currentCommitVLSN: 7,367
100624 19:31:16:797 INFO [-------mbox01A] Feeder accepted connection from java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.4:59649]
100624 19:31:16:798 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:31:16:798 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:31:16:804 INFO [-------mbox01A] Feeder-replica -------be01A handshake completed.
100624 19:31:16:804 INFO [-------mbox01A] Feeder-replica -------be01A handshake completed.
100624 19:31:16:805 INFO [-------mbox01A] Feeder-replica -------be01A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:31:16:805 INFO [-------mbox01A] Feeder-replica -------be01A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:31:16:818 INFO [-------mbox01A] Feeder-replica -------be01A start stream at VLSN: 5,161
100624 19:31:16:818 INFO [-------mbox01A] Feeder-replica -------be01A start stream at VLSN: 5,161
100624 19:31:16:818 INFO [-------mbox01A] Feeder-replica -------be01A syncup ended. Elapsed time: 14ms
100624 19:31:16:818 INFO [-------mbox01A] Feeder-replica -------be01A syncup ended. Elapsed time: 14ms
100624 19:31:16:822 INFO [-------mbox01A] Feeder output thread for replica -------be01A started at VLSN 5,161 master at 7,367 VLSN delta=2,206 socket=(-------be01A(5))java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.4:59649]
100624 19:31:21:473 INFO [-------mbox01A] Feeder accepted connection from java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.7:42742]
100624 19:31:21:474 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:31:21:474 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:31:21:484 INFO [-------mbox01A] Feeder-replica -------be02A handshake completed.
100624 19:31:21:484 INFO [-------mbox01A] Feeder-replica -------be02A handshake completed.
100624 19:31:21:485 INFO [-------mbox01A] Feeder-replica -------be02A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:31:21:485 INFO [-------mbox01A] Feeder-replica -------be02A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:31:21:514 INFO [-------mbox01A] Feeder-replica -------be02A start stream at VLSN: 5,161
100624 19:31:21:514 INFO [-------mbox01A] Feeder-replica -------be02A start stream at VLSN: 5,161
100624 19:31:21:515 INFO [-------mbox01A] Feeder-replica -------be02A syncup ended. Elapsed time: 31ms
100624 19:31:21:515 INFO [-------mbox01A] Feeder-replica -------be02A syncup ended. Elapsed time: 31ms
100624 19:31:21:519 INFO [-------mbox01A] Feeder output thread for replica -------be02A started at VLSN 5,161 master at 7,367 VLSN delta=2,206 socket=(-------be02A(1))java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.7:42742]
100624 19:31:22:485 INFO [-------mbox01A] Feeder accepted connection from java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.24:50256]
100624 19:31:22:486 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:31:22:486 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:31:22:492 INFO [-------mbox01A] Feeder-replica -------mbox02A handshake completed.
100624 19:31:22:492 INFO [-------mbox01A] Feeder-replica -------mbox02A handshake completed.
100624 19:31:22:494 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:31:22:494 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:31:22:506 INFO [-------mbox01A] Feeder-replica -------mbox02A start stream at VLSN: 7,362
100624 19:31:22:506 INFO [-------mbox01A] Feeder-replica -------mbox02A start stream at VLSN: 7,362
100624 19:31:22:507 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup ended. Elapsed time: 14ms
100624 19:31:22:507 INFO [-------mbox01A] Feeder-replica -------mbox02A syncup ended. Elapsed time: 14ms
100624 19:31:22:510 INFO [-------mbox01A] Feeder output thread for replica -------mbox02A started at VLSN 7,362 master at 7,367 VLSN delta=5 socket=(-------mbox02A(4))java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.24:50256]
100624 19:32:03:422 INFO [-------mbox01A] Feeder accepted connection from java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.40:63346]
100624 19:32:03:423 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:32:03:423 INFO [-------mbox01A] Feeder-replica handshake start
100624 19:32:03:430 INFO [-------mbox01A] Feeder-replica -------fe05A handshake completed.
100624 19:32:03:430 INFO [-------mbox01A] Feeder-replica -------fe05A handshake completed.
100624 19:32:03:432 INFO [-------mbox01A] Feeder-replica -------fe05A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:32:03:432 INFO [-------mbox01A] Feeder-replica -------fe05A syncup started. Feeder range: first=1 last=7,367 sync=7,367 txnEnd=7,367
100624 19:32:03:440 INFO [-------mbox01A] Feeder-replica -------fe05A start stream at VLSN: 7,367
100624 19:32:03:440 INFO [-------mbox01A] Feeder-replica -------fe05A start stream at VLSN: 7,367
100624 19:32:03:441 INFO [-------mbox01A] Feeder-replica -------fe05A syncup ended. Elapsed time: 10ms
100624 19:32:03:441 INFO [-------mbox01A] Feeder-replica -------fe05A syncup ended. Elapsed time: 10ms
100624 19:32:03:443 INFO [-------mbox01A] Feeder output thread for replica -------fe05A started at VLSN 7,367 master at 7,367 VLSN delta=0 socket=(-------fe05A(2))java.nio.channels.SocketChannel[connected local=/172.17.227.21:5200 remote=/172.17.227.40:63346]
100624 19:36:19:977 INFO [-------mbox01A] Shutting down feeder for replica -------be01A Reason: Expected bytes: 6 read bytes: 0 write time: 934ms Avg write time: 372us
100624 19:36:20:778 INFO [-------mbox01A] Feeder output for replica -------be01A shutdown. feeder VLSN: 7,368 currentCommitVLSN: 7,367
100624 19:36:24:090 INFO [-------mbox01A] Shutting down feeder for replica -------mbox02A Reason: Expected bytes: 6 read bytes: 0 write time: 18ms Avg write time: 59us
100624 19:36:24:467 INFO [-------mbox01A] Feeder output for replica -------mbox02A shutdown. feeder VLSN: 7,368 currentCommitVLSN: 7,367
100624 19:36:24:955 INFO [-------mbox01A] Shutting down feeder for replica -------be02A Reason: Expected bytes: 6 read bytes: 0 write time: 1,196ms Avg write time: 476us
100624 19:36:25:757 INFO [-------mbox01A] Feeder output for replica -------be02A shutdown. feeder VLSN: 7,368 currentCommitVLSN: 7,367
100624 19:37:09:693 INFO [-------mbox01A] Shutting down feeder for replica -------fe05A Reason: Expected bytes: 6 read bytes: 0 write time: 19ms Avg write time: 61us
100624 19:37:10:466 INFO [-------mbox01A] Feeder output for replica -------fe05A shutdown. feeder VLSN: 7,368 currentCommitVLSN: 7,367 -
Hi,
I'm trying to use the native VPN L2TP in Leopard to connect to a small, cheap CISCO 837 adsl router, to test IOS as a VPN appliance.
So I'm just trying to connect from the leopard in 192.168.1.10 to the cisco in 192.168.1.70 with this conf:
Current configuration : 9751 bytes
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname door
memory-size iomem 15
security authentication failure rate 10 log
security passwords min-length 6
logging console critical
enable secret 5 $1$kI1f$BuT4.zkAIwccDS93oszF//
enable password 7 0459580A032A435C0C4B51
username dooruser password 7 15140E5D557A3C37203A257040
username dooradmin privilege 15 secret 5 $1$qo91$ZzsCF7Loo6BLqV7.YrGQQ1
username doortest password 7 03005404141B245F5A491416141A0A1C
aaa new-model
aaa authentication login local_auth local
aaa authentication login LOGIN local
aaa authorization network AUTORIZ local
aaa session-id common
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip domain name domain.com
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh authentication-retries 5
no ftp-server write-enable
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group PRUEBA
key 0 cisco123
domain domain.com
pool VPNPOOL
acl 150
crypto ipsec transform-set MISET esp-3des esp-sha-hmac
mode transport
crypto dynamic-map DINAMICO 10
set transform-set MISET
reverse-route
crypto map CLIENTMAP local-address Ethernet0
crypto map CLIENTMAP client authentication list LOGIN
crypto map CLIENTMAP isakmp authorization list AUTORIZ
crypto map CLIENTMAP client configuration address initiate
crypto map CLIENTMAP client configuration address respond
crypto map CLIENTMAP 10 ipsec-isakmp dynamic DINAMICO
interface Ethernet0
ip address 192.168.1.70 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
pppoe enable group PRUEBA
no cdp enable
crypto map CLIENTMAP
hold-queue 100 out
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
interface FastEthernet1
no ip address
speed auto
full-duplex
crypto map CLIENTMAP
interface FastEthernet2
no ip address
speed auto
half-duplex
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
ip local pool VPNPOOL 192.168.1.120 192.168.1.125
ip default-gateway 192.168.1.100
ip classless
ip default-network 198.168.1.0
ip route 0.0.0.0 0.0.0.0 192.168.1.100
ip route 192.168.1.0 255.255.255.0 192.168.1.100
ip http server
ip http authentication local
ip http secure-server
ip access-list extended autoseccompletebogon
deny ip 1.0.0.0 0.255.255.255 any
deny ip 2.0.0.0 0.255.255.255 any
deny ip 5.0.0.0 0.255.255.255 any
deny ip 7.0.0.0 0.255.255.255 any
deny ip 23.0.0.0 0.255.255.255 any
deny ip 27.0.0.0 0.255.255.255 any
deny ip 31.0.0.0 0.255.255.255 any
deny ip 36.0.0.0 0.255.255.255 any
deny ip 37.0.0.0 0.255.255.255 any
deny ip 39.0.0.0 0.255.255.255 any
deny ip 41.0.0.0 0.255.255.255 any
deny ip 42.0.0.0 0.255.255.255 any
deny ip 49.0.0.0 0.255.255.255 any
deny ip 50.0.0.0 0.255.255.255 any
deny ip 58.0.0.0 0.255.255.255 any
deny ip 59.0.0.0 0.255.255.255 any
deny ip 60.0.0.0 0.255.255.255 any
deny ip 70.0.0.0 0.255.255.255 any
deny ip 71.0.0.0 0.255.255.255 any
deny ip 72.0.0.0 0.255.255.255 any
deny ip 73.0.0.0 0.255.255.255 any
deny ip 74.0.0.0 0.255.255.255 any
deny ip 75.0.0.0 0.255.255.255 any
deny ip 76.0.0.0 0.255.255.255 any
deny ip 77.0.0.0 0.255.255.255 any
deny ip 78.0.0.0 0.255.255.255 any
deny ip 79.0.0.0 0.255.255.255 any
deny ip 83.0.0.0 0.255.255.255 any
deny ip 84.0.0.0 0.255.255.255 any
deny ip 85.0.0.0 0.255.255.255 any
deny ip 86.0.0.0 0.255.255.255 any
deny ip 87.0.0.0 0.255.255.255 any
deny ip 89.0.0.0 0.255.255.255 any
deny ip 90.0.0.0 0.255.255.255 any
deny ip 91.0.0.0 0.255.255.255 any
deny ip 92.0.0.0 0.255.255.255 any
deny ip 93.0.0.0 0.255.255.255 any
deny ip 94.0.0.0 0.255.255.255 any
deny ip 95.0.0.0 0.255.255.255 any
deny ip 96.0.0.0 0.255.255.255 any
deny ip 97.0.0.0 0.255.255.255 any
deny ip 98.0.0.0 0.255.255.255 any
deny ip 99.0.0.0 0.255.255.255 any
deny ip 100.0.0.0 0.255.255.255 any
deny ip 101.0.0.0 0.255.255.255 any
deny ip 102.0.0.0 0.255.255.255 any
deny ip 103.0.0.0 0.255.255.255 any
deny ip 104.0.0.0 0.255.255.255 any
deny ip 105.0.0.0 0.255.255.255 any
deny ip 106.0.0.0 0.255.255.255 any
deny ip 107.0.0.0 0.255.255.255 any
deny ip 108.0.0.0 0.255.255.255 any
deny ip 109.0.0.0 0.255.255.255 any
deny ip 110.0.0.0 0.255.255.255 any
deny ip 111.0.0.0 0.255.255.255 any
deny ip 112.0.0.0 0.255.255.255 any
deny ip 113.0.0.0 0.255.255.255 any
deny ip 114.0.0.0 0.255.255.255 any
deny ip 115.0.0.0 0.255.255.255 any
deny ip 116.0.0.0 0.255.255.255 any
deny ip 117.0.0.0 0.255.255.255 any
deny ip 118.0.0.0 0.255.255.255 any
deny ip 119.0.0.0 0.255.255.255 any
deny ip 120.0.0.0 0.255.255.255 any
deny ip 121.0.0.0 0.255.255.255 any
deny ip 122.0.0.0 0.255.255.255 any
deny ip 123.0.0.0 0.255.255.255 any
deny ip 124.0.0.0 0.255.255.255 any
deny ip 125.0.0.0 0.255.255.255 any
deny ip 126.0.0.0 0.255.255.255 any
deny ip 197.0.0.0 0.255.255.255 any
deny ip 201.0.0.0 0.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 224.0.0.0 15.255.255.255 any
deny ip 240.0.0.0 15.255.255.255 any
deny ip 0.0.0.0 0.255.255.255 any
deny ip 169.254.0.0 0.0.255.255 any
deny ip 192.0.2.0 0.0.0.255 any
deny ip 127.0.0.0 0.255.255.255 any
permit ip any any
remark This acl might not be up to date. Visit www.iana.org/assignments/ipv4-address-space for update list
ip access-list extended autoseciana_reservedblock
deny ip 1.0.0.0 0.255.255.255 any
deny ip 2.0.0.0 0.255.255.255 any
deny ip 5.0.0.0 0.255.255.255 any
deny ip 7.0.0.0 0.255.255.255 any
deny ip 23.0.0.0 0.255.255.255 any
deny ip 27.0.0.0 0.255.255.255 any
deny ip 31.0.0.0 0.255.255.255 any
deny ip 36.0.0.0 0.255.255.255 any
deny ip 37.0.0.0 0.255.255.255 any
deny ip 39.0.0.0 0.255.255.255 any
deny ip 41.0.0.0 0.255.255.255 any
deny ip 42.0.0.0 0.255.255.255 any
deny ip 49.0.0.0 0.255.255.255 any
deny ip 50.0.0.0 0.255.255.255 any
deny ip 58.0.0.0 0.255.255.255 any
deny ip 59.0.0.0 0.255.255.255 any
deny ip 60.0.0.0 0.255.255.255 any
deny ip 70.0.0.0 0.255.255.255 any
deny ip 71.0.0.0 0.255.255.255 any
deny ip 72.0.0.0 0.255.255.255 any
deny ip 73.0.0.0 0.255.255.255 any
deny ip 74.0.0.0 0.255.255.255 any
deny ip 75.0.0.0 0.255.255.255 any
deny ip 76.0.0.0 0.255.255.255 any
deny ip 77.0.0.0 0.255.255.255 any
deny ip 78.0.0.0 0.255.255.255 any
deny ip 79.0.0.0 0.255.255.255 any
deny ip 83.0.0.0 0.255.255.255 any
deny ip 84.0.0.0 0.255.255.255 any
deny ip 85.0.0.0 0.255.255.255 any
deny ip 86.0.0.0 0.255.255.255 any
deny ip 87.0.0.0 0.255.255.255 any
deny ip 88.0.0.0 0.255.255.255 any
deny ip 89.0.0.0 0.255.255.255 any
deny ip 90.0.0.0 0.255.255.255 any
deny ip 91.0.0.0 0.255.255.255 any
deny ip 92.0.0.0 0.255.255.255 any
deny ip 93.0.0.0 0.255.255.255 any
deny ip 94.0.0.0 0.255.255.255 any
deny ip 95.0.0.0 0.255.255.255 any
deny ip 96.0.0.0 0.255.255.255 any
deny ip 97.0.0.0 0.255.255.255 any
deny ip 98.0.0.0 0.255.255.255 any
deny ip 99.0.0.0 0.255.255.255 any
deny ip 100.0.0.0 0.255.255.255 any
deny ip 101.0.0.0 0.255.255.255 any
deny ip 102.0.0.0 0.255.255.255 any
deny ip 103.0.0.0 0.255.255.255 any
deny ip 104.0.0.0 0.255.255.255 any
deny ip 105.0.0.0 0.255.255.255 any
deny ip 106.0.0.0 0.255.255.255 any
deny ip 107.0.0.0 0.255.255.255 any
deny ip 108.0.0.0 0.255.255.255 any
deny ip 109.0.0.0 0.255.255.255 any
deny ip 110.0.0.0 0.255.255.255 any
deny ip 111.0.0.0 0.255.255.255 any
deny ip 112.0.0.0 0.255.255.255 any
deny ip 113.0.0.0 0.255.255.255 any
deny ip 114.0.0.0 0.255.255.255 any
deny ip 115.0.0.0 0.255.255.255 any
deny ip 116.0.0.0 0.255.255.255 any
deny ip 117.0.0.0 0.255.255.255 any
deny ip 118.0.0.0 0.255.255.255 any
deny ip 119.0.0.0 0.255.255.255 any
deny ip 120.0.0.0 0.255.255.255 any
deny ip 121.0.0.0 0.255.255.255 any
deny ip 122.0.0.0 0.255.255.255 any
deny ip 123.0.0.0 0.255.255.255 any
deny ip 124.0.0.0 0.255.255.255 any
deny ip 125.0.0.0 0.255.255.255 any
deny ip 126.0.0.0 0.255.255.255 any
deny ip 197.0.0.0 0.255.255.255 any
deny ip 201.0.0.0 0.255.255.255 any
permit ip any any
remark This acl might not be up to date. Visit www.iana.org/assignments/ipv4-address-space for update list
ip access-list extended autosecprivateblock
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit ip any any
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
access-list 150 permit ip host 0.0.0.0 any
dialer-list 1 protocol ip permit
no cdp run
line con 0
exec-timeout 5 0
login authentication local_auth
no modem enable
transport output telnet
deny ip 121.0.0.0 0.255.255.255 any
deny ip 122.0.0.0 0.255.255.255 any
deny ip 123.0.0.0 0.255.255.255 any
deny ip 124.0.0.0 0.255.255.255 any
deny ip 125.0.0.0 0.255.255.255 any
deny ip 126.0.0.0 0.255.255.255 any
deny ip 197.0.0.0 0.255.255.255 any
deny ip 201.0.0.0 0.255.255.255 any
permit ip any any
remark This acl might not be up to date. Visit www.iana.org/assignments/ipv4-address-space for update list
ip access-list extended autosecprivateblock
deny ip 10.0.0.0 0.255.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
permit ip any any
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
access-list 150 permit ip host 0.0.0.0 any
dialer-list 1 protocol ip permit
no cdp run
line con 0
exec-timeout 5 0
login authentication local_auth
no modem enable
transport output telnet
line aux 0
login authentication local_auth
transport output telnet
line vty 0 4
password 7 15045A081325242F7B626C74
login authentication local_auth
transport input telnet ssh
scheduler max-task-time 5000
end
and the DEBUG in the cisco is:
015933: *Mar 2 05:13:34.748 UTC: %SYS-5-CONFIG_I: Configured from console by dooruser on vty0 (192.168.1.10)
door#
door#
015934: *Mar 2 05:14:18.096 UTC: ISAKMP (0:0): received packet from 192.168.1.10 dport 500 sport 500 Global (N) NEW SA
015935: *Mar 2 05:14:18.096 UTC: ISAKMP: Created a peer struct for 192.168.1.10, peer port 500
015936: *Mar 2 05:14:18.096 UTC: ISAKMP: Locking peer struct 0x816C55CC, IKE refcount 1 for cryptoikmp_config_initializesa
015937: *Mar 2 05:14:18.096 UTC: ISAKMP (0:0): Setting client config settings 813B63E8
015938: *Mar 2 05:14:18.096 UTC: ISAKMP (0:0): (Re)Setting client xauth list and state
015939: *Mar 2 05:14:18.096 UTC: ISAKMP: local port 500, remote port 500
015940: *Mar 2 05:14:18.100 UTC: ISAKMP: insert sa successfully sa = 815825EC
015941: *Mar 2 05:14:18.100 UTC: ISAKMP (0:1): processing SA payload. message ID = 0
015942: *Mar 2 05:14:18.100 UTC: ISAKMP (0:1): processing ID payload. message ID = 0
015943: *Mar 2 05:14:18.100 UTC: ISAKMP (0:1): peer matches none of the profiles
015944: *Mar 2 05:14:18.100 UTC: ISAKMP (0:1): processing vendor id payload
015945: *Mar 2 05:14:18.100 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 69 mismatch
015946: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): processing vendor id payload
015947: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 198 mismatch
015948: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): processing vendor id payload
015949: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 29 mismatch
015950: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): processing vendor id payload
015951: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 245 mismatch
015952: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): processing vendor id payload
015953: *Mar 2 05:14:18.104 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 114 mismatch
015954: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): processing vendor id payload
015955: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 227 mismatch
015956: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): processing vendor id payload
015957: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 250 mismatch
015958: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): processing vendor id payload
015959: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 157 mismatch
015960: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): vendor ID is NAT-T v3
015961: *Mar 2 05:14:18.108 UTC: ISAKMP (0:1): processing vendor id payload
015962: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 164 mismatch
015963: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): processing vendor id payload
015964: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 123 mismatch
015965: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): vendor ID is NAT-T v2
015966: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): processing vendor id payload
015967: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): vendor ID is DPD
015968: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1) Authentication by xauth preshared
015969: *Mar 2 05:14:18.112 UTC: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 10 policy
015970: *Mar 2 05:14:18.112 UTC: ISAKMP: life type in seconds
015971: *Mar 2 05:14:18.116 UTC: ISAKMP: life duration (basic) of 3600
015972: *Mar 2 05:14:18.116 UTC: ISAKMP: encryption 3DES-CBC
015973: *Mar 2 05:14:18.116 UTC: ISAKMP: auth pre-share
015974: *Mar 2 05:14:18.116 UTC: ISAKMP: hash SHA
015975: *Mar 2 05:14:18.116 UTC: ISAKMP: default group 2
015976: *Mar 2 05:14:18.116 UTC: ISAKMP (0:1): atts are acceptable. Next payload is 0
015977: *Mar 2 05:14:18.328 UTC: ISAKMP (0:1): processing KE payload. message ID = 0
015978: *Mar 2 05:14:18.596 UTC: ISAKMP (0:1): processing NONCE payload. message ID = 0
015979: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): processing vendor id payload
015980: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 69 mismatch
015981: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): processing vendor id payload
015982: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 198 mismatch
015983: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): processing vendor id payload
015984: *Mar 2 05:14:18.600 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 29 mismatch
015985: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): processing vendor id payload
015986: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 245 mismatch
015987: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): processing vendor id payload
015988: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 114 mismatch
015989: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): processing vendor id payload
015990: *Mar 2 05:14:18.604 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 227 mismatch
015991: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): processing vendor id payload
015992: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 250 mismatch
015993: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): processing vendor id payload
015994: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 157 mismatch
015995: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID is NAT-T v3
015996: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): processing vendor id payload
015997: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 164 mismatch
015998: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): processing vendor id payload
015999: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID seems Unity/DPD but major 123 mismatch
016000: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID is NAT-T v2
016001: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): processing vendor id payload
016002: *Mar 2 05:14:18.608 UTC: ISAKMP (0:1): vendor ID is DPD
016003: *Mar 2 05:14:18.608 UTC: AAA: parse name=ISAKMP500 idb type=-1 tty=-1
016004: *Mar 2 05:14:18.612 UTC: AAA: name=ISAKMP500 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=500 channel=0
016005: *Mar 2 05:14:18.612 UTC: AAA: parse name=<no string> idb type=-1 tty=-1
016006: *Mar 2 05:14:18.612 UTC: AAA/MEMORY: create_user (0x81582C78) user='PRUEBA' ruser='NULL' ds0=0 port='ISAKMP500' rem_addr='192.168.1.10' authen_type=NONE service=LOGIN priv=0 initialtaskid='0', vrf= (id=0)
016007: *Mar 2 05:14:18.612 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKEAMEXCH
016008: *Mar 2 05:14:18.612 UTC: ISAKMP (0:1): Old State = IKE_READY New State = IKER_AM_AAAAWAIT
016009: *Mar 2 05:14:18.612 UTC: ISAKMP500 AAA/AUTHOR/CRYPTO AAA(1432144417): Port='ISAKMP500' list='AUTORIZ' service=NET
016010: *Mar 2 05:14:18.616 UTC: AAA/AUTHOR/CRYPTO AAA: ISAKMP500(1432144417) user='PRUEBA'
016011: *Mar 2 05:14:18.616 UTC: ISAKMP500 AAA/AUTHOR/CRYPTO AAA(1432144417): send AV service=ike
016012: *Mar 2 05:14:18.616 UTC: ISAKMP500 AAA/AUTHOR/CRYPTO AAA(1432144417): send AV protocol=ipsec
016013: *Mar 2 05:14:18.616 UTC: ISAKMP500 AAA/AUTHOR/CRYPTO AAA(1432144417): found list "AUTORIZ"
016014: *Mar 2 05:14:18.616 UTC: ISAKMP500 AAA/AUTHOR/CRYPTO AAA(1432144417): Method=LOCAL
016015: *Mar 2 05:14:18.620 UTC: AAA/AUTHOR (1432144417): Post authorization status = PASS_ADD
016016: *Mar 2 05:14:18.620 UTC: ISAKMP: got callback 1
016017: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV service=ike
016018: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV protocol=ipsec
016019: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV tunnel-password=cisco123
016020: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV default-domain*domain.com
016021: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV addr-pool*VPNPOOL
016022: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV key-exchange=ike
016023: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV firewall*0
016024: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV group-lock*0
016025: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV include-local-lan*0
016026: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV timeout*0
016027: *Mar 2 05:14:18.624 UTC:
AAA/AUTHOR/IKE: Processing AV idletime*0
016028: *Mar 2 05:14:18.628 UTC:
AAA/AUTHOR/IKE: Processing AV inacl*150
016029: *Mar 2 05:14:18.628 UTC:
AAA/AUTHOR/IKE: Processing AV dns-servers*0.0.0.0 0.0.0.0
016030: *Mar 2 05:14:18.628 UTC:
AAA/AUTHOR/IKE: Processing AV wins-servers*0.0.0.0 0.0.0.0
016031: *Mar 2 05:14:18.628 UTC:
AAA/AUTHOR/IKE: Processing AV save-password*0
016032: *Mar 2 05:14:18.632 UTC: ISAKMP (0:1): SKEYID state generated
016033: *Mar 2 05:14:18.636 UTC: ISAKMP (0:1): constructed NAT-T vendor-03 ID
016034: *Mar 2 05:14:18.636 UTC: ISAKMP (0:1): SA is doing pre-shared key authentication using id type IDIPV4ADDR
016035: *Mar 2 05:14:18.636 UTC: ISAKMP (1): ID payload
next-payload : 10
type : 1
addr : 192.168.1.70
protocol : 17
port : 0
length : 8
016036: *Mar 2 05:14:18.636 UTC: ISAKMP (1): Total payload length: 12
016037: *Mar 2 05:14:18.636 UTC: ISAKMP (0:1): constructed HIS NAT-D
016038: *Mar 2 05:14:18.636 UTC: ISAKMP (0:1): constructed MINE NAT-D
016039: *Mar 2 05:14:18.640 UTC: ISAKMP (0:1): sending packet to 192.168.1.10 my_port 500 peer_port 500 (R) AGINITEXCH
016040: *Mar 2 05:14:18.640 UTC: ISAKMP (0:1): Input = IKEMESG_FROMAAA, PRESHAREDKEYREPLY
016041: *Mar 2 05:14:18.640 UTC: ISAKMP (0:1): Old State = IKER_AM_AAAAWAIT New State = IKERAM2
016042: *Mar 2 05:14:18.640 UTC: AAA/MEMORY: free_user (0x81582C78) user='PRUEBA' ruser='NULL' port='ISAKMP500' rem_addr='192.168.1.10' authen_type=NONE service=LOGIN priv=0 vrf= (id=0)
016043: *Mar 2 05:14:18.792 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) AGINITEXCH
016044: *Mar 2 05:14:18.792 UTC: ISAKMP (0:1): processing HASH payload. message ID = 0
016045: *Mar 2 05:14:18.792 UTC: ISAKMP:received payload type 17
016046: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): Detected NAT-D payload
016047: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): recalc my hash for NAT-D
016048: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): NAT match MINE hash
016049: *Mar 2 05:14:18.796 UTC: ISAKMP:received payload type 17
016050: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): Detected NAT-D payload
016051: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): recalc his hash for NAT-D
016052: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): NAT match HIS hash
016053: *Mar 2 05:14:18.796 UTC: ISAKMP (0:1): SA has been authenticated with 192.168.1.10
016054: *Mar 2 05:14:18.796 UTC: ISAKMP: Trying to insert a peer 192.168.1.70/192.168.1.10/500/, and inserted successfully.
016055: *Mar 2 05:14:18.800 UTC: ISAKMP (0:1): peer matches none of the profiles
016056: *Mar 2 05:14:18.800 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKEAMEXCH
016057: *Mar 2 05:14:18.800 UTC: ISAKMP (0:1): Old State = IKERAM2 New State = IKEP1COMPLETE
016058: *Mar 2 05:14:18.800 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) QM_IDLE
016059: *Mar 2 05:14:18.800 UTC: ISAKMP: set new node -499921571 to CONF_XAUTH
016060: *Mar 2 05:14:18.804 UTC: ISAKMP (0:1): processing HASH payload. message ID = -499921571
016061: *Mar 2 05:14:18.804 UTC: ISAKMP (0:1): processing NOTIFY INITIAL_CONTACT protocol 1
spi 0, message ID = -499921571, sa = 815825EC
016062: *Mar 2 05:14:18.804 UTC: ISAKMP (0:1): Process initial contact,
bring down existing phase 1 and 2 SA's with local 192.168.1.70 remote 192.168.1.10 remote port 500
016063: *Mar 2 05:14:18.804 UTC: ISAKMP (0:1): returning IP addr to the address pool
016064: *Mar 2 05:14:18.808 UTC: IPSEC(key_engine): got a queue event with 1 kei messages
016065: *Mar 2 05:14:18.808 UTC: ISAKMP (0:1): deleting node -499921571 error FALSE reason "informational (in) state 1"
016066: *Mar 2 05:14:18.808 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKEINFONOTIFY
016067: *Mar 2 05:14:18.808 UTC: ISAKMP (0:1): Old State = IKEP1COMPLETE New State = IKEP1COMPLETE
016068: *Mar 2 05:14:18.808 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) QM_IDLE
016069: *Mar 2 05:14:18.812 UTC: ISAKMP: set new node -326994436 to CONF_XAUTH
016070: *Mar 2 05:14:18.812 UTC: ISAKMP (0:1): Need XAUTH
016071: *Mar 2 05:14:18.816 UTC: AAA: parse name=ISAKMP500 idb type=-1 tty=-1
016072: *Mar 2 05:14:18.816 UTC: AAA: name=ISAKMP500 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=500 channel=0
016073: *Mar 2 05:14:18.816 UTC: AAA: parse name=<no string> idb type=-1 tty=-1
016074: *Mar 2 05:14:18.816 UTC: AAA/MEMORY: create_user (0x816C2654) user='NULL' ruser='NULL' ds0=0 port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 initialtaskid='0', vrf= (id=0)
016075: *Mar 2 05:14:18.816 UTC: ISAKMP (0:1): Input = IKEMESGINTERNAL, IKEPHASE1COMPLETE
016076: *Mar 2 05:14:18.816 UTC: ISAKMP (0:1): Old State = IKEP1COMPLETE New State = IKEXAUTH_AAA_START_LOGINAWAIT
016077: *Mar 2 05:14:18.820 UTC: AAA/AUTHEN/START (687144130): port='ISAKMP500' list='LOGIN' action=LOGIN service=LOGIN
016078: *Mar 2 05:14:18.820 UTC: AAA/AUTHEN/START (687144130): found list LOGIN
016079: *Mar 2 05:14:18.820 UTC: AAA/AUTHEN/START (687144130): Method=LOCAL
016080: *Mar 2 05:14:18.820 UTC: AAA/AUTHEN(687144130): Status=GETUSER
016081: *Mar 2 05:14:18.820 UTC: ISAKMP (0:1): Unknown Input: state = IKEXAUTH_AAA_START_LOGINAWAIT, major, minor = IKEMESGINTERNAL, IKEPHASE1COMPLETE
016082: *Mar 2 05:14:18.820 UTC: ISAKMP: got callback 1
016083: *Mar 2 05:14:18.820 UTC: ISAKMP: set new node 1267078368 to CONF_XAUTH
016084: *Mar 2 05:14:18.824 UTC: ISAKMP/xauth: request attribute XAUTH_TYPE
016085: *Mar 2 05:14:18.824 UTC: ISAKMP/xauth: request attribute XAUTH_MESSAGE
016086: *Mar 2 05:14:18.824 UTC: ISAKMP/xauth: request attribute XAUTHUSERNAME
016087: *Mar 2 05:14:18.824 UTC: ISAKMP/xauth: request attribute XAUTHUSERPASSWORD
016088: *Mar 2 05:14:18.824 UTC: ISAKMP (0:1): initiating peer config to 192.168.1.10. ID = 1267078368
016089: *Mar 2 05:14:18.828 UTC: ISAKMP (0:1): sending packet to 192.168.1.10 my_port 500 peer_port 500 (R) CONF_XAUTH
016090: *Mar 2 05:14:18.828 UTC: ISAKMP (0:1): Input = IKEMESG_FROMAAA, IKEAAA_STARTLOGIN
016091: *Mar 2 05:14:18.828 UTC: ISAKMP (0:1): Old State = IKEXAUTH_AAA_START_LOGINAWAIT New State = IKEXAUTH_REQSENT
016092: *Mar 2 05:14:18.836 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) CONF_XAUTH
016093: *Mar 2 05:14:18.836 UTC: ISAKMP (0:1): processing transaction payload from 192.168.1.10. message ID = 1267078368
016094: *Mar 2 05:14:18.840 UTC: ISAKMP: Config payload REPLY
016095: *Mar 2 05:14:18.840 UTC: ISAKMP/xauth: Expected attribute XAUTH_TYPE not received
016096: *Mar 2 05:14:18.840 UTC: AAA/MEMORY: free_user (0x816C2654) user='NULL' ruser='NULL' port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 vrf= (id=0)
016097: *Mar 2 05:14:18.840 UTC: AAA: parse name=ISAKMP500 idb type=-1 tty=-1
016098: *Mar 2 05:14:18.840 UTC: AAA: name=ISAKMP500 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=500 channel=0
016099: *Mar 2 05:14:18.840 UTC: AAA: parse name=<no string> idb type=-1 tty=-1
016100: *Mar 2 05:14:18.840 UTC: AAA/MEMORY: create_user (0x816C2654) user='NULL' ruser='NULL' ds0=0 port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 initialtaskid='0', vrf= (id=0)
016101: *Mar 2 05:14:18.844 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKECFGREPLY
016102: *Mar 2 05:14:18.844 UTC: ISAKMP (0:1): Old State = IKEXAUTH_REQSENT New State = IKEXAUTH_AAA_START_LOGINAWAIT
016103: *Mar 2 05:14:18.844 UTC: AAA/AUTHEN/START (741762202): port='ISAKMP500' list='LOGIN' action=LOGIN service=LOGIN
016104: *Mar 2 05:14:18.844 UTC: AAA/AUTHEN/START (741762202): found list LOGIN
016105: *Mar 2 05:14:18.844 UTC: AAA/AUTHEN/START (741762202): Method=LOCAL
016106: *Mar 2 05:14:18.844 UTC: AAA/AUTHEN(741762202): Status=GETUSER
016107: *Mar 2 05:14:18.848 UTC: ISAKMP: got callback 1
016108: *Mar 2 05:14:18.848 UTC: ISAKMP: set new node -623612407 to CONF_XAUTH
016109: *Mar 2 05:14:18.848 UTC: ISAKMP/xauth: request attribute XAUTH_TYPE
016110: *Mar 2 05:14:18.848 UTC: ISAKMP/xauth: request attribute XAUTH_MESSAGE
016111: *Mar 2 05:14:18.848 UTC: ISAKMP/xauth: request attribute XAUTHUSERNAME
016112: *Mar 2 05:14:18.848 UTC: ISAKMP/xauth: request attribute XAUTHUSERPASSWORD
016113: *Mar 2 05:14:18.852 UTC: ISAKMP (0:1): initiating peer config to 192.168.1.10. ID = -623612407
016114: *Mar 2 05:14:18.852 UTC: ISAKMP (0:1): sending packet to 192.168.1.10 my_port 500 peer_port 500 (R) CONF_XAUTH
016115: *Mar 2 05:14:18.852 UTC: ISAKMP (0:1): Input = IKEMESG_FROMAAA, IKEAAA_STARTLOGIN
016116: *Mar 2 05:14:18.852 UTC: ISAKMP (0:1): Old State = IKEXAUTH_AAA_START_LOGINAWAIT New State = IKEXAUTH_REQSENT
016117: *Mar 2 05:14:19.036 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) CONF_XAUTH
016118: *Mar 2 05:14:19.040 UTC: ISAKMP (0:1): processing transaction payload from 192.168.1.10. message ID = -623612407
016119: *Mar 2 05:14:19.040 UTC: ISAKMP: Config payload REPLY
016120: *Mar 2 05:14:19.040 UTC: ISAKMP/xauth: Expected attribute XAUTH_TYPE not received
016121: *Mar 2 05:14:19.040 UTC: AAA/MEMORY: free_user (0x816C2654) user='NULL' ruser='NULL' port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 vrf= (id=0)
016122: *Mar 2 05:14:19.040 UTC: AAA: parse name=ISAKMP500 idb type=-1 tty=-1
016123: *Mar 2 05:14:19.044 UTC: AAA: name=ISAKMP500 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=500 channel=0
016124: *Mar 2 05:14:19.044 UTC: AAA: parse name=<no string> idb type=-1 tty=-1
016125: *Mar 2 05:14:19.044 UTC: AAA/MEMORY: create_user (0x8156DB1C) user='NULL' ruser='NULL' ds0=0 port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 initialtaskid='0', vrf= (id=0)
016126: *Mar 2 05:14:19.044 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKECFGREPLY
016127: *Mar 2 05:14:19.044 UTC: ISAKMP (0:1): Old State = IKEXAUTH_REQSENT New State = IKEXAUTH_AAA_START_LOGINAWAIT
016128: *Mar 2 05:14:19.044 UTC: AAA/AUTHEN/START (3918303509): port='ISAKMP500' list='LOGIN' action=LOGIN service=LOGIN
016129: *Mar 2 05:14:19.044 UTC: AAA/AUTHEN/START (3918303509): found list LOGIN
016130: *Mar 2 05:14:19.048 UTC: AAA/AUTHEN/START (3918303509): Method=LOCAL
016131: *Mar 2 05:14:19.048 UTC: AAA/AUTHEN(3918303509): Status=GETUSER
016132: *Mar 2 05:14:19.048 UTC: ISAKMP: got callback 1
016133: *Mar 2 05:14:19.048 UTC: ISAKMP: set new node 1898470555 to CONF_XAUTH
016134: *Mar 2 05:14:19.048 UTC: ISAKMP/xauth: request attribute XAUTH_TYPE
016135: *Mar 2 05:14:19.048 UTC: ISAKMP/xauth: request attribute XAUTH_MESSAGE
016136: *Mar 2 05:14:19.048 UTC: ISAKMP/xauth: request attribute XAUTHUSERNAME
016137: *Mar 2 05:14:19.052 UTC: ISAKMP/xauth: request attribute XAUTHUSERPASSWORD
016138: *Mar 2 05:14:19.052 UTC: ISAKMP (0:1): initiating peer config to 192.168.1.10. ID = 1898470555
016139: *Mar 2 05:14:19.052 UTC: ISAKMP (0:1): sending packet to 192.168.1.10 my_port 500 peer_port 500 (R) CONF_XAUTH
016140: *Mar 2 05:14:19.056 UTC: ISAKMP (0:1): Input = IKEMESG_FROMAAA, IKEAAA_STARTLOGIN
016141: *Mar 2 05:14:19.056 UTC: ISAKMP (0:1): Old State = IKEXAUTH_AAA_START_LOGINAWAIT New State = IKEXAUTH_REQSENT
016142: *Mar 2 05:14:19.056 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) CONF_XAUTH
016143: *Mar 2 05:14:19.064 UTC: ISAKMP (0:1): processing transaction payload from 192.168.1.10. message ID = 1898470555
016144: *Mar 2 05:14:19.064 UTC: ISAKMP: Config payload REPLY
016145: *Mar 2 05:14:19.064 UTC: ISAKMP/xauth: Expected attribute XAUTH_TYPE not received
016146: *Mar 2 05:14:19.064 UTC: AAA/MEMORY: free_user (0x8156DB1C) user='NULL' ruser='NULL' port='ISAKMP500' rem_addr='192.168.1.10' authen_type=ASCII service=LOGIN priv=0 vrf= (id=0)
016147: *Mar 2 05:14:19.068 UTC: ISAKMP (0:1): peer does not do paranoid keepalives.
016148: *Mar 2 05:14:19.068 UTC: ISAKMP (0:1): deleting SA reason "XAuthenticate fail" state (R) CONF_XAUTH (peer 192.168.1.10) input queue 0
016149: *Mar 2 05:14:19.068 UTC: ISAKMP: Unlocking IKE struct 0x816C55CC for isadbmark_sadeleted(), count 0
016150: *Mar 2 05:14:19.068 UTC: ISAKMP: Deleting peer node by peer_reap for 192.168.1.10: 816C55CC
016151: *Mar 2 05:14:19.068 UTC: ISAKMP: set new node -1893737389 to QM_IDLE
016152: *Mar 2 05:14:19.072 UTC: ISAKMP (0:1): sending packet to 192.168.1.10 my_port 500 peer_port 500 (R) MMNOSTATE
016153: *Mar 2 05:14:19.072 UTC: ISAKMP (0:1): purging node -1893737389
016154: *Mar 2 05:14:19.072 UTC: ISAKMP (0:1): deleting node -326994436 error FALSE reason "XAuthenticate fail"
016155: *Mar 2 05:14:19.072 UTC: ISAKMP (0:1): deleting node 1267078368 error FALSE reason "XAuthenticate fail"
016156: *Mar 2 05:14:19.076 UTC: ISAKMP (0:1): deleting node -623612407 error FALSE reason "XAuthenticate fail"
016157: *Mar 2 05:14:19.076 UTC: ISAKMP (0:1): deleting node 1898470555 error FALSE reason "XAuthenticate fail"
016158: *Mar 2 05:14:19.076 UTC: ISAKMP (0:1): Input = IKEMESG_FROMPEER, IKECFGREPLY
016159: *Mar 2 05:14:19.076 UTC: ISAKMP (0:1): Old State = IKEXAUTH_REQSENT New State = IKEDESTSA
016160: *Mar 2 05:14:19.076 UTC: IPSEC(key_engine): got a queue event with 1 kei messages
016161: *Mar 2 05:14:19.076 UTC: IPSEC(keyengine_deletesas): rec'd delete notify from ISAKMP
016162: *Mar 2 05:14:19.076 UTC: IPSEC(keyengine_deletesas): delete all SAs shared with peer 192.168.1.10
016163: *Mar 2 05:14:28.368 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) MMNOSTATE
016164: *Mar 2 05:14:38.368 UTC: ISAKMP (0:1): received packet from 192.168.1.10 dport 500 sport 500 Global (R) MMNOSTATE
016165: *Mar 2 05:15:08.808 UTC: ISAKMP (0:1): purging node -499921571
016166: *Mar 2 05:15:09.072 UTC: ISAKMP (0:1): purging node -326994436
016167: *Mar 2 05:15:09.076 UTC: ISAKMP (0:1): purging node 1267078368
016168: *Mar 2 05:15:09.076 UTC: ISAKMP (0:1): purging node -623612407
016169: *Mar 2 05:15:09.076 UTC: ISAKMP (0:1): purging node 1898470555
016170: *Mar 2 05:15:19.076 UTC: ISAKMP (0:1): purging SA., sa=815825EC, delme=815825EC
In leopard I used the doortest user (created with mschap), shared sectret cisco123, group PRUEBA.
Any CISCO CCNA out there, please?
It should work following this: http://www.macosxhints.com/article.php?story=20070827135109248
Thanks, guys.
PD: the cisco...
Cisco Internetwork Operating System Software
IOS (tm) C837 Software (C837-K9O3Y6-M), Version 12.3(2)XC2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Synched to technology version 12.3(1.6)T
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2004 by cisco Systems, Inc.
Compiled Thu 04-Mar-04 01:13 by ealyon
Image text-base: 0x800131E8, data-base: 0x80B93040
ROM: System Bootstrap, Version 12.2(11r)YV1, RELEASE SOFTWARE (fc1)
ROM: C837 Software (C837-K9O3Y6-M), Version 12.3(2)XC2, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
door uptime is 1 day, 5 hours, 27 minutes
System returned to ROM by power-on
System image file is "flash:c837-k9o3y6-mz.123-2.XC2.bin"Nobody using VPNs out there?
Are CISCO VPN concentrators old fashioned?
C'mon! -
Hi;
I am not using the iPhone as a business tool, the only exception is that I would like to be able to send e-mails using my work e-mail server. In order to do so, I need to setup VPN.
Do I need a Business Data plan from ATT to do this, or can I use the consumer data plan? I will call ATT right now to find out, but I'm wondering if others here will be doing the same.
Thanks in advance.All you need is a data plan from your carrier. The iPhone Cisco VPN client works with the Cisco VPN Concentrators. The configuration is the same as for a regular computer. We've tested this on our own equipment and it works like a charm using either WiFi/Internet or Cellular to connect into the company.
If you want to send email from your company, you can either VPN and access Exchange, or if you have an Exchange Outlook Mobile Access (OMA) visible to the Internet you can avoid the VPN. -
Questions regarding Outlook Web App, Remote Desktop, Remote Web Access and VPN Access
Hi there,
I want to ask a series of questions regarding Outlook Web App, Remote Desktop, Remote Web Access and VPN access and was hoping whether you could help me. Below are my questions to ask you.
Outlook Web App - What do I need to configure in order to get my Exchange account to work with the OWA app on my iPhone? Is Office 360 required on the server that hosts Outlook Web App in our organisation? When I configure the settings and
connect I get the following message "couldn't connect - We couldn't connect to the server. Check your information and make sure it's correct." I can connect with other devices using Outlook Web App.
Remote Desktop - What do I need to configure in order to connect to my computer at work using Remote Desktop on my Windows Phone? When I configure the settings and connect I get the following message "Connection error - We couldn't connect
to the remote PC. Make sure the PC is turned on and connected to the network, and that remote access is enabled. Inquiring minds may find this error code helpful: 0x204" I can connect with other devices using Remote Desktop. There are currently no
RD Server settings in the Remote Desktop app on the Windows Phone and the only way I'm to connect to my PC at work is via Remote Desktop and not to be confused with the one by Microsoft, however the app is on a trial basis and times out every 5 minutes and
can only be used once every hour unless I purchased the app for £2.99 off the App Store but would ideally like to use the Microsoft Remote Desktop app though.
Remote Web Access - What do I need to configure in order to get Remote Web Access on my Windows Phone using a URL? When I log in using a URL I get the following message "There is a problem with this Web page. Please contact the person who manages
the server" I can connect with other devices using Remote Web Access. Also how do you enable the background option for Remote Web Access? I know how to do this in Remote Desktop but not in Remote Web Access. Remote Web Access works on PCs regardless
being onsite and offsite and on my iPhone, the same issue also occurs with my Nokia 5230s regardless of whether I'm using Opera Mobile or Mini or the latest Nokia Browser.
VPN access - How do you configure VPN access on a Windows Phone using VPN? I cannot find the protocols PPTP, L2TP, SSTP and IPsec in order to configure VPN access on the Windows Phone apart from IKEv2.
Many thanks,
RocknRollTimAny help would be much appreciated.
Kind regards,
RocknRollTim -
Mavericks 10.9.1 won't shutdown or restart
Just upgraded to 10.9.1 Mavericks. Since upgrading, my MacBook Pro won't shutdown or restart; nothing happens after instigating, then after a few minutes a dialogue box appears saying an open application prevented the action.
I have tried to upgrade to 10.9.2 via the App Store but it requires a restart to complete... Same with using the direct downoad link from the Apple site. No external drives or peripherals attached via USB or Firewire. In order to shutdown I have to force it by holding down the power button. Otherwise the system is functioning fine.
Any ideas? If you need system logs just point me in the right direction...
Cheers guysIt appears there was some element of Chrome or Mail which was preventing the shutdown/restart sequence. Looks like I've fixed it by searching for Mail processes in Activity Monitor and force quitting those, and trashing Chrome (also using AppTrap to delete the prefs too) and reinstalling Chrome.
Just in case anyone else has this problem when upgrading to Mavericks. -
VPN auto startup after power cut
Good evening
I have set my server to auto start after a power outage. What I would like is have the vpn startup. So the server is auto logging in as a certain user, and then the user has a auto startup item. The server Admin.
The issue is that the server admin needs to you to bring the window to the foreground in order for the vpn to startup.
Is there another way to do this?Does it power back on after a power outage? auto-boot only covers the boot after the server powers on or is reset. I don't see an option in OpenBoot for auto power on after a power interruption.
Maybe you are looking for
-
Hi how to improve performence of this program
Hi all, How to improve the performence of this program..................... REPORT z03_gil010 NO STANDARD PAGE HEADING LINE-SIZE 130. INCLUDE * INCLUDE: z00_bci010. " Gest
-
How do i move the video that plays on my air to display on the tv?
i have connected my macbook air to a samsung tv via hdmi cables. the tv shows the apple desktop galaxy picture and then a grey flannel looking page but i don't know how to get the video to show up on the tv instead of the air. what else do i need t
-
Using HS.Exp function to write data to a Consolidated Account
Hi, Just wanted to know whether i can use the HS.Exp function to write data to a consolidated account? Thanks
-
Frame Rate & Resolution change with synchronized clip
Does anyone know why a Canon 7d file recorded at 1920x1080 29.97fps changes to a 1280x720 23.97fps file when a synchronized clip with a separate audio file is created? After selecting the synchronized clip in the event browser I can edit the compound
-
If I open Google chrome the message displayed is "The site ahead contains harmful programs Attackers on api.sourceapp.info might attempt to trick you into installing programs that harm your browsing experience (for example, by changing your homepage