Ppp chap password
Hello,
I am trying to understand the purpose of the "ppp chap password "command in dialer and ISDN interface configurations, i.e., what is the reason and usage of this. Unfortunately, looking into IOS command guides and references did not help me much.
My understanding is, if a router receive a challange, and that hostname/password is not defined locally, chap will use 'ppp chap password ' to generate a hash. Please correct if i'm wrong.
Therefore in this case, if i tried putting this cmd in both routers without username/password defined, ppp should pass the authentication. But its not.
Anyone can reply.
Hi Friend,
CHAP authentication, on the other hand, periodically verifies the identity of the remote node using a three-way handshake.
After the PPP link is established, the host sends a "challenge" message to the remote node.
Remember the remote node responds with a value calculated using a one-way hash function.
The host checks the response against its own calculation of the expected hash value.
If the values match, the authentication is acknowledged; otherwise, the connection is terminated.
So if you do not have hostname and passwword defined at the remote end it will perform a hash function and that value will not at all match with the sending host generated value so the connection will be terminated.
And that is the reason for CHAP authentication to have a secure authentication for establishing a conenction.
HTH, if yes please rate the post.
Ankur
Similar Messages
-
What is the use of a separate strong CHAP/MS-CHAP password in the ACS user
what is the use of a separate strong CHAP/MS-CHAP password in the ACS user setup ? Document said it need to be supported by the AAA client. Do I need to configure anything in the AP ( AAA client ) to match this password?
It used mailly for MAC authentication. Be sure the two passwords are NOT the same: the first is the MAC, and the second is something else.
-
PPP CHAP re-authentication timer , detectable ?
I think PPP with CHAP has an interval or periodic timer that triggers a re-authentication.
I cannot find a timer setting to set the interval.
Neither can i find a show command that will show me the timer.
If this is a randomized timer, then it is clear that it is not showing these timers, but..
How would i be able to DETECT when a re-authentication has happened ? How long should i monitor a CPE to check if a CHAP re-authentication has happened ?
I am using these debugs:
PPP authentication debugging
PPP protocol negotiation debugging
PPPoE protocol events debugging
but has not seen a CHAP event yet.
The setup is a 1006 as BRAS with SB-radius, 867VAE and other Cisco DSL clients using PPPoE.
So my Q's;
- is CHAP re-authentication detectable ? how ? what average timers ?
- Is the interval settable ? howInclude on the ppp authentication ms-chap, and enable the same on the radius server.
-
After losing my CHAP secret to my iSCSI LUN Volume I tried calling in to WD being that my EX2 is still under warranty and came with a certain length of support. So I call in to tell them that I cant access any of the information on my iSCSI drive because I forgot my password. I explained that I did have access to the dashboard through https and that I wasnt able to disable CHAP through the admin panel on the dashboard, when I tried I was given an error of "please enter positive integer". Long story short, after being escalated to the highest level of support and talking to multiple techs, they explained to me that the data I had was lost and that there was nothing that I could do. Also, many people on forums that I asked at, also told me to give up or call a data recovery firm and pay ridiculous amounts of money to retrieve my data.
[Deleted] If anyone out there has lost their CHAP secret after a long length of time but you still have access to your NAS, dont give up. THERE IS A WAY!! That is all I am going to say on that matter because I understand that there is security issues and reasons this info isnt easily available. If anyone does need help though feel free to PM me.Sorry I had to edit your post. But I do have to enforce our guidelines. That being said, I would really like to know how you did it, since I'm using CHAP on my wife's Win 7 computer. Feel free to pm me what you did. Because I would be lost if I ever forgot the password.
-
Strange issue - unable to establish PPP with Cisco 887 VAG router on one particular ADSL line
I have a strange problem that I’m struggling to get to the bottom of with my ISP and wondered if anyone could help.
We have a site with an older Cisco 877 ADSL router which was working happily until a few weeks ago when the connection dropped suddenly (out-of-hours at 2am if that’s of any significance – made me think most likely something carrier/ISP related?) When connectivity was lost, the router could sync with the BT exchange (we are in the UK) but could not establish PPP.
We logged fault with our ISP – after some to’ing and fro’ing, they passed it onto BT and their engineers visited site, they fixed “a line fault” (we don’t get much detail on what was actually fixed) but we still could not establish connectivity – same thing, solid CD light but no PPP.
So, we replaced the router with another 877 – same again, solid CD but no PPP. We replaced all the cables and microfilter etc but no difference.
We tried a different Cisco router (a newer Cisco 887VAG) which, as I understand, uses a different modem chipset but no matter – PPP could still not be established. We tested this router on another ADSL line with the same ISP and it worked without issue, using the same ADSL account details, it was able to establish connectivity. So we figured this must still be a BT/ISP issue.
Since then we’ve had BT out again twice but they say there is no fault. The ISP say there is no issue with them. But we still cannot establish ADSL connectivity on this line, despite having tried 3 different ADSL routers and despite the fact the routers work with the same account details on another ADSL line.
The 887VAG router we have currently connected has 3G backup so that is keeping us going in the meantime and also means I can login to the router remotely to check on the ADSL status.
But I’m struggling to pinpoint where the problem may lie. Strangely, if I turn on PPP negotiation and authentication debug then I’m not actually seeing any output from it at all?
Yet, the ATM interface is up and shows packets being sent and received:
ATM0 is up, line protocol is up
Hardware is MPC ATMSAR, address is bc16.6596.9b00 (bia bc16.6596.9b00)
MTU 1600 bytes, sub MTU 1600, BW 704 Kbit/sec, DLY 520 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Keepalive not supported
Encapsulation(s): AAL5
4 maximum active VCs, 1024 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input 00:00:28, output 00:00:07, output hang never
Last clearing of "show interface" counters 6d23h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Per VC Queueing
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
23886 packets input, 1676964 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
56469 packets output, 4418592 bytes, 0 underruns
0 output errors, 0 collisions, 6 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
Does anyone have any ideas on where the problem may be and what more I can do to troubleshoot and provide the relevant evidence to our ISP (assuming it is an ISP/BT issue though the fact the same router works ok with the exact same details etc would seem to indicate it must be their issue!)Hi Jody,
thanks for the suggestions. Here's what I see from the ppp debugs (but I'm not sure how to interpret?)
Jan 6 14:50:22.838: pppoe_send_padi:
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 FF FF
FF FF FF FF BC 16 65 96 9B 00 88 63 11 09 00 00
00 10 01 01 00 00 01 03 00 08 0C 00 00 01 00 00
04 A3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:50:22.878: PPPoE 0: I PADO R:0030.8810.000b L:bc16.6596.9b00 0/38 ATM0.1
contiguous pak, size 71
BC 16 65 96 9B 00 00 30 88 10 00 0B 88 63 11 07
00 00 00 33 01 03 00 08 0C 00 00 01 00 00 04 A3
01 02 00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73
2D 62 61 73 2D 42 32 32 36 45 34 37 30 39 45 30
31 34 5A 01 01 00 00
Jan 6 14:50:24.885: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:35.125: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:45.364: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:50:55.603: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:05.843: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:16.114: OUT PADR from PPPoE Session
contiguous pak, size 85
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 30
88 10 00 0B BC 16 65 96 9B 00 88 63 11 19 00 00
00 33 01 03 00 08 0C 00 00 01 00 00 04 A3 01 02
00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73 2D 62
61 73 2D 42 32 32 36 45 ...
Jan 6 14:51:26.353: [0]PPPoE 0: O PADT R:0000.0000.0000 L:0000.0000.0000 0/38 ATM0.1
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 00 00
00 00 00 00 00 00 00 00 00 00 88 63 11 A7 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:51:46.576: pppoe_send_padi:
contiguous pak, size 74
00 01 09 00 AA AA 03 00 80 C2 00 07 00 00 FF FF
FF FF FF FF BC 16 65 96 9B 00 88 63 11 09 00 00
00 10 01 01 00 00 01 03 00 08 0C 00 00 01 00 00
04 A3 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 ...
Jan 6 14:51:46.608: PPPoE 0: I PADO R:0030.8810.000b L:bc16.6596.9b00 0/38 ATM0.1
contiguous pak, size 71
BC 16 65 96 9B 00 00 30 88 10 00 0B 88 63 11 07
00 00 00 33 01 03 00 08 0C 00 00 01 00 00 04 A3
01 02 00 1F 62 72 61 73 2D 72 65 64 37 2E 6C 73
2D 62 61 73 2D 42 32 32 36 45 34 37 30 39 45 30
31 34 5A 01 01 00 00
Provider wouldn't have bumped us from ADSL to VDSL - but here's the output of show controller vdsl 0:
Controller VDSL 0 is UP
Daemon Status: Up
XTU-R (DS) XTU-C (US)
Chip Vendor ID: 'BDCM' 'IFTN'
Chip Vendor Specific: 0x0000 0x71C8
Chip Vendor Country: 0xB500 0xB500
Modem Vendor ID: 'CSCO' ' '
Modem Vendor Specific: 0x4602 0x0000
Modem Vendor Country: 0xB500 0x0000
Serial Number Near: FCZ1111C08V C887VAG 15.2(4)M
Serial Number Far:
Modem Version Near: 15.2(4)M
Modem Version Far: 0x71c8
Modem Status: TC Sync (Showtime!)
DSL Config Mode: AUTO
Trained Mode: G.992.1 (ADSL) Annex A
TC Mode: ATM
Selftest Result: 0x00
DELT configuration: disabled
DELT state: not running
Trellis: ON ON
SRA: disabled disabled
SRA count: 0 0
Bit swap: enabled enabled
Bit swap count: 1 8
Line Attenuation: 54.5 dB 31.5 dB
Signal Attenuation: 54.5 dB 0.0 dB
Noise Margin: 6.7 dB 11.0 dB
Attainable Rate: 2132 kbits/s 888 kbits/s
Actual Power: 16.7 dBm 12.7 dBm
Total FECC: 546 0
Total ES: 6 0
Total SES: 0 0
Total LOSS: 0 0
Total UAS: 486 486
Total LPRS: 0 0
Total LOFS: 0 0
Total LOLS: 0 0
Full inits: 14
Failed full inits: 1
Short inits: 0
Failed short inits: 1
Firmware Source File Name (version)
VDSL user config flash:vdsl.bin-A2pv6C035d_d23j (10)
Modem FW Version: 110802_1752-4.02L.03.A2pv6C035d.d23j
Modem PHY Version: A2pv6C035d.d23j
Vendor Version:
DS Channel1 DS Channel0 US Channel1 US Channel0
Speed (kbps): 0 1664 0 704
SRA Previous Speed: 0 0 0 0
Previous Speed: 0 1600 0 736
Total Cells: 0 2786872 0 0
User Cells: 0 68 0 0
Reed-Solomon EC: 0 546 0 0
CRC Errors: 0 9 0 0
Header Errors: 0 10 0 0
Interleave (ms): 0.00 8.00 0.00 8.00
Actual INP: 0.00 1.12 0.00 1.28
Training Log : Stopped
Training Log Filename : flash:vdsllog.bin
And here's the output from the ATM and dialer interfaces:
interface ATM0
no ip address
ip flow ingress
no atm ilmi-keepalive
end
interface ATM0.1 point-to-point
ip flow ingress
pvc 0/38
pppoe-client dial-pool-number 2
end
interface Dialer2
description OUTSIDE
ip address negotiated
ip access-group firewall in
ip mtu 1492
ip flow ingress
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap callin
ppp chap hostname ###removed###
ppp chap password ###removed###
no cdp enable
crypto map dcvpn
end
As I say though, config-wise, everything should be correct - the same router works fine on another line (which should also confirm the authentication details are correct - at least in as far as it matches what the ISP have on their RADIUS)
Any further thoughts? -
PPP : LCP failed to negotiate
Dears,
I have a cisco 887 router and I have tested on two different DSL line. The first line it worked fine with while the other noe is not. both line on same exchange and establishing the ppp session with same BRAS. The debug seems that there Establishing phase failed, but my question here is how our BRAS will faied the establishing from on line while from other landline is working fine.
=============================================================
CISCO ROUTER Configuration
=======================
interface ATM0/1/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname companyx
ppp chap password abcda123
ppp pap sent-username companyx password abcda123
===========================================
when I did ppp negotiation debug the below messages i got:
============================================
Mar 16 13:19:18.103: Vi2 PPP: Phase is DOWN
Mar 16 13:19:19.103: PPP: Alloc Context [85DEC77C]
Mar 16 13:19:19.103: ppp28 PPP: Phase is ESTABLISHING
Mar 16 13:19:19.103: Vi2 PPP: Using dialer call direction
Mar 16 13:19:19.103: Vi2 PPP: Treating connection as a callout
Mar 16 13:19:19.103: Vi2 PPP: Session handle[700001C] Session id[28]
Mar 16 13:19:19.103: Vi2 LCP: Event[OPEN] State[Initial to Starting]
Mar 16 13:19:19.103: Vi2 PPP: No remote authentication for call-out
Mar 16 13:19:19.103: Vi2 LCP: O CONFREQ [Starting] id 1 len 14
Mar 16 13:19:19.103: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:19.103: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:19.103: Vi2 LCP: Event[UP] State[Starting to REQsent]
Mar 16 13:19:21.111: Vi2 LCP: O CONFREQ [REQsent] id 2 len 14
Mar 16 13:19:21.111: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:21.111: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:21.111: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:23.127: Vi2 LCP: O CONFREQ [REQsent] id 3 len 14
Mar 16 13:19:23.127: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:23.127: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:23.127: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:25.143: Vi2 LCP: O CONFREQ [REQsent] id 4 len 14
Mar 16 13:19:25.143: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:25.143: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:25.143: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:27.159: Vi2 LCP: O CONFREQ [REQsent] id 5 len 14
Mar 16 13:19:27.159: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:27.159: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:27.159: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:29.175: Vi2 LCP: O CONFREQ [REQsent] id 6 len 14
Mar 16 13:19:29.175: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:29.175: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:29.175: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:31.191: Vi2 LCP: O CONFREQ [REQsent] id 7 len 14
Mar 16 13:19:31.191: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:31.191: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:31.191: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:33.207: Vi2 LCP: O CONFREQ [REQsent] id 8 len 14
Mar 16 13:19:33.207: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:33.207: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:33.207: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:35.223: Vi2 LCP: O CONFREQ [REQsent] id 9 len 14
Mar 16 13:19:35.223: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:35.223: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:35.223: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:37.239: Vi2 LCP: O CONFREQ [REQsent] id 10 len 14
Mar 16 13:19:37.239: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:37.239: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:37.239: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:39.255: Vi2 PPP DISC: LCP failed to negotiate
Mar 16 13:19:39.255: PPP: NET STOP send to AAA.
Mar 16 13:19:39.255: Vi2 PPP: No remote authentication for call-out
Mar 16 13:19:39.255: Vi2 LCP: Event[Timeout-] State[REQsent to Stopped]
Mar 16 13:19:39.255: Vi2 LCP: Event[DOWN] State[Stopped to Starting]
Mar 16 13:19:39.255: Vi2 PPP: Phase is DOWN
Mar 16 13:19:40.255: PPP: Alloc Context [85DEC77C]
Mar 16 13:19:40.255: ppp29 PPP: Phase is ESTABLISHING
Mar 16 13:19:40.255: Vi2 PPP: Using dialer call direction
Mar 16 13:19:40.255: Vi2 PPP: Treating connection as a callout
Mar 16 13:19:40.255: Vi2 PPP: Session handle[F400001D] Session id[29]
Mar 16 13:19:40.255: Vi2 LCP: Event[OPEN] State[Initial to Starting]
Mar 16 13:19:40.255: Vi2 PPP: No remote authentication for call-out
Mar 16 13:19:40.255: Vi2 LCP: O CONFREQ [Starting] id 1 len 14
Mar 16 13:19:40.255: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:40.255: Vi2 LCP: MagicNumber 0xF2D10CAB (0x0506F2D10CAB
interface ATM0/1/0
no ip address
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname zara3087
ppp chap password 7 031E5A19150A27
ppp pap sent-username zara3087 password 7 131F1600180902
Mar 16 13:19:18.103: Vi2 PPP: Phase is DOWN
Mar 16 13:19:19.103: PPP: Alloc Context [85DEC77C]
Mar 16 13:19:19.103: ppp28 PPP: Phase is ESTABLISHING
Mar 16 13:19:19.103: Vi2 PPP: Using dialer call direction
Mar 16 13:19:19.103: Vi2 PPP: Treating connection as a callout
Mar 16 13:19:19.103: Vi2 PPP: Session handle[700001C] Session id[28]
Mar 16 13:19:19.103: Vi2 LCP: Event[OPEN] State[Initial to Starting]
Mar 16 13:19:19.103: Vi2 PPP: No remote authentication for call-out
Mar 16 13:19:19.103: Vi2 LCP: O CONFREQ [Starting] id 1 len 14
Mar 16 13:19:19.103: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:19.103: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:19.103: Vi2 LCP: Event[UP] State[Starting to REQsent]
Mar 16 13:19:21.111: Vi2 LCP: O CONFREQ [REQsent] id 2 len 14
Mar 16 13:19:21.111: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:21.111: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:21.111: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:23.127: Vi2 LCP: O CONFREQ [REQsent] id 3 len 14
Mar 16 13:19:23.127: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:23.127: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:23.127: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:25.143: Vi2 LCP: O CONFREQ [REQsent] id 4 len 14
Mar 16 13:19:25.143: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:25.143: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:25.143: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:27.159: Vi2 LCP: O CONFREQ [REQsent] id 5 len 14
Mar 16 13:19:27.159: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:27.159: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:27.159: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:29.175: Vi2 LCP: O CONFREQ [REQsent] id 6 len 14
Mar 16 13:19:29.175: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:29.175: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:29.175: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:31.191: Vi2 LCP: O CONFREQ [REQsent] id 7 len 14
Mar 16 13:19:31.191: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:31.191: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:31.191: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:33.207: Vi2 LCP: O CONFREQ [REQsent] id 8 len 14
Mar 16 13:19:33.207: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:33.207: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:33.207: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:35.223: Vi2 LCP: O CONFREQ [REQsent] id 9 len 14
Mar 16 13:19:35.223: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:35.223: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:35.223: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:37.239: Vi2 LCP: O CONFREQ [REQsent] id 10 len 14
Mar 16 13:19:37.239: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:37.239: Vi2 LCP: MagicNumber 0xF2D0B9FD (0x0506F2D0B9FD)
Mar 16 13:19:37.239: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
Mar 16 13:19:39.255: Vi2 PPP DISC: LCP failed to negotiate
Mar 16 13:19:39.255: PPP: NET STOP send to AAA.
Mar 16 13:19:39.255: Vi2 PPP: No remote authentication for call-out
Mar 16 13:19:39.255: Vi2 LCP: Event[Timeout-] State[REQsent to Stopped]
Mar 16 13:19:39.255: Vi2 LCP: Event[DOWN] State[Stopped to Starting]
Mar 16 13:19:39.255: Vi2 PPP: Phase is DOWN
Mar 16 13:19:40.255: PPP: Alloc Context [85DEC77C]
Mar 16 13:19:40.255: ppp29 PPP: Phase is ESTABLISHING
Mar 16 13:19:40.255: Vi2 PPP: Using dialer call direction
Mar 16 13:19:40.255: Vi2 PPP: Treating connection as a callout
Mar 16 13:19:40.255: Vi2 PPP: Session handle[F400001D] Session id[29]
Mar 16 13:19:40.255: Vi2 LCP: Event[OPEN] State[Initial to Starting]
Mar 16 13:19:40.255: Vi2 PPP: No remote authentication for call-out
Mar 16 13:19:40.255: Vi2 LCP: O CONFREQ [Starting] id 1 len 14
Mar 16 13:19:40.255: Vi2 LCP: MRU 1492 (0x010405D4)
Mar 16 13:19:40.255: Vi2 LCP: MagicNumber 0xF2D10CAB (0x0506F2D10CABThanks peter for you answer.
please see my response and comments.
Has it been verified that the DSL modem has successfully trained to the DSLAM?
It was working fine with other ISP, the circuit provider changed only the VPI/VCI to be pointed to our BRAS.
Is the VPI/VCI combination of 8/35 correct for your provider?
Yes it is correct, and when I tested the circuit over small linksys router the link worked fine.
Your configuration is currently of the PPPoA kind. Is your provider using PPPoA or PPPoE?
This point can be the issue, beacuse I checked the PPPoE over linksys router bu not PPPoA, when I checked PPPoA
it didnt work. How we I can change my configuration on cisco to have PPPoE?
Is the AAL5MUX encapsulation correct? Is it possible that the provider uses AAL5SNAP?
Encapsulation is correct, I have been tesed the same configuraiton on other circuit and it worked fine.
Can you please advice about my comments espacially point 3 -
PPP and virtual-access2 is down, please help
Dear All,
Since yesterday we have problems with our Cisco 878 SDSL router/modem. We make use of a standard script from our ISP (KPN.com). When we have uploaded the script by Windows Terminal, the router is unable to establish a ppp connection with our ISP. Virtual-access2 link is up, but the protocol is down.
Please find underneath the standard script from KPN.com. Please help we have already lost 1 day with "trial and error" and the service and support is not that great from our ISP.
Thanks in advance for your reply.
Cheers.
FYI
version 12.4
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
no service udp-small-servers
no service tcp-small-servers
no service dhcp
hostname IDSL-ADV-Cust-CPE-SDSL
logging rate-limit console 10 except errors
boot-start-marker
boot-end-marker
ip subnet-zero
ip cef
no ip dhcp-client network-discovery
ip dhcp pool IAS
import all
origin ipcp
ip name-server 194.151.228.18
ip name-server 194.151.228.34
controller DSL 0
mode atm
line-term cpe
line-mode auto
dsl-mode shdsl symmetric annex B
interface BRI0
no ip address
encapsulation hdlc
shutdown
interface ATM0
no ip address
no shutdown
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description To IAS over ADSL Access Router
pvc 2/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Vlan1
ip address pool IAS
ip verify unicast reverse-path
no shutdown
no cdp enable
hold-queue 32 in
interface Dialer0
ip address negotiated
ip verify unicast reverse-path
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname KPN
ppp chap password xx
ppp pap sent-username kpn password xxx
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp address accept
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
control-plane
scheduler max-task-time 5000
endHi,
beside that the proposed config has no NAT, it appears fine. Can you send output of "show dsl interface" and "show atm PVC 2/35". -
Hi all,
hoping someone can shed some light on this,
i have an 887va configured to connect to my isp on my test bed. I have configured the router to connect using PPPoA as usual but i am getting LCP TERMREQ packets from my ISP in response to my CHAP responses. no other errors, just a termreq.
Strange thing is , from time to time it does connect but can take hours. I know the username and password are correct as they work straight away when i use a little netgear adsl modem i have here so clearly something else is wrong, i suspect the ISP end but thought i would check here first.
I am not getting any clue as to the reason why im getting termreq back from the ISP , sh ppp stats shows the disconnect reasons as entirely due to '17 received LCP TERMREQ from peer'. Its almost like it doesnt understand my response rather than it being incorrect. i wondered if the secret is being hashed correctly but i cant think of a reason why it wouldnt be I have a crypto map confiured buy not applied as yet..
here is the debug output for the failed session (debug ppp auth, neg and errors)
*Jul 2 06:50:59.837: PPP: Alloc Context [86E2C804]
*Jul 2 06:50:59.837: ppp975 PPP: Phase is ESTABLISHING
*Jul 2 06:50:59.837: Vi2 PPP: Using dialer call direction
*Jul 2 06:50:59.837: Vi2 PPP: Treating connection as a callout
*Jul 2 06:50:59.837: Vi2 PPP: Session handle[F3000030] Session id[975]
*Jul 2 06:50:59.837: Vi2 LCP: Event[OPEN] State[Initial to Starting]
*Jul 2 06:50:59.837: Vi2 PPP: No remote authentication for call-out
*Jul 2 06:50:59.837: Vi2 LCP: O CONFREQ [Starting] id 1 len 10
*Jul 2 06:50:59.837: Vi2 LCP: MagicNumber 0x14194245 (0x050614194245)
*Jul 2 06:50:59.837: Vi2 LCP: Event[UP] State[Starting to REQsent]
*Jul 2 06:51:00.089: Vi2 LCP: I CONFREQ [REQsent] id 103 len 19
*Jul 2 06:51:00.089: Vi2 LCP: MRU 1500 (0x010405DC)
*Jul 2 06:51:00.089: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Jul 2 06:51:00.089: Vi2 LCP: MagicNumber 0x23918A01 (0x050623918A01)
*Jul 2 06:51:00.089: Vi2 LCP: O CONFACK [REQsent] id 103 len 19
*Jul 2 06:51:00.089: Vi2 LCP: MRU 1500 (0x010405DC)
*Jul 2 06:51:00.089: Vi2 LCP: AuthProto CHAP (0x0305C22305)
*Jul 2 06:51:00.089: Vi2 LCP: MagicNumber 0x23918A01 (0x050623918A01)
*Jul 2 06:51:00.089: Vi2 LCP: Event[Receive ConfReq+] State[REQsent to ACKsent]
*Jul 2 06:51:00.093: Vi2 LCP: I CONFACK [ACKsent] id 1 len 10
*Jul 2 06:51:00.093: Vi2 LCP: MagicNumber 0x14194245 (0x050614194245)
*Jul 2 06:51:00.093: Vi2 LCP: Event[Receive ConfAck] State[ACKsent to Open]
*Jul 2 06:51:00.097: Vi2 PPP: Queue CHAP code[1] id[1]
*Jul 2 06:51:00.117: Vi2 PPP: No authorization without authentication
*Jul 2 06:51:00.117: Vi2 PPP: Phase is AUTHENTICATING, by the peer
*Jul 2 06:51:00.117: Vi2 CHAP: Redirect packet to Vi2
*Jul 2 06:51:00.117: Vi2 CHAP: I CHALLENGE id 1 len 35 from "bras-xxxxx"
*Jul 2 06:51:00.117: Vi2 PPP: Sent CHAP SENDAUTH Request
*Jul 2 06:51:00.117: Vi2 LCP: State is Open
*Jul 2 06:51:00.117: Vi2 PPP: Received SENDAUTH Response FAIL
*Jul 2 06:51:00.117: Vi2 CHAP: Using hostname from interface CHAP
*Jul 2 06:51:00.117: Vi2 CHAP: Using password from interface CHAP
*Jul 2 06:51:00.117: Vi2 CHAP: O RESPONSE id 1 len 37 from "[email protected]"
*Jul 2 06:51:00.861: Vi2 LCP: I TERMREQ [Open] id 104 len 4
*Jul 2 06:51:00.861: Vi2 PPP DISC: Received LCP TERMREQ from peer
*Jul 2 06:51:00.861: PPP: NET STOP send to AAA.
*Jul 2 06:51:00.861: Vi2 PPP: Phase is TERMINATING
*Jul 2 06:51:00.861: Vi2 LCP: O TERMACK [Open] id 104 len 4
*Jul 2 06:51:00.861: Vi2 LCP: Event[Receive TermReq] State[Open to Stopping]
*Jul 2 06:51:02.869: Vi2 PPP: No remote authentication for call-out
*Jul 2 06:51:02.869: Vi2 LCP: Event[Timeout-] State[Stopping to Stopped]
*Jul 2 06:51:02.869: Vi2 LCP: Event[DOWN] State[Stopped to Starting]
*Jul 2 06:51:02.869: Vi2 PPP: Phase is DOWN
here are the relevant parts of the config, dialer 1 is bound to virtual-access 2
controller VDSL 0
interface Ethernet0
no ip address
shutdown
interface ATM0
description BT-Circuit-No...
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
description Connection-To-BT-number-ATM0
ip address negotiated
no ip redirects
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin optional
ppp chap hostname [email protected]
ppp chap password 0 mypassword
ppp pap sent-username [email protected] password 0 mypassword
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
dialer-list 1 protocol ip permit
ip nat inside source list PUBLIC-PAT interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
any ideas appreciated.
Cheers
ShaunIs it possible that MS-CHAP has a limit on the size of usernames and/or password!? Can't we get a better error code than "CHAP Failure id=0x6f" which doesn't seem to be documented anywhere on the Internet?
-
Cisco 1841 with PPP Internet link down
Hi brothers, please help.
We have Cisco 1841 with ATM card connect to Internet . Some days one Dialer interface of ISP is down and only restart router to get Dialer interface up again. I check debug PPP negotiation & see that no inbound packets from ISP.
I really need to fix this issue permanently, not need to restart router to recover Internet.
Thanks!
All line protocol from ATM0/0/0 & Dialer interfaces are up, but Dialer interface cannot get allocated IP addresses.
interface ATM0/0/0
description ISP Internet
no ip address
no atm ilmi-keepalive
dsl operating-mode itu-dmt
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 2
interface Dialer2
description ISP Internet 1
mtu 1492
bandwidth 8000
ip address negotiated
ip nat outside
no ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap callin
ppp chap hostname xxx
ppp chap password 7 xxx
no cdp enable
wr1#show ip int br
Interface IP-Address OK? Method Status Protocol
ATM0/0/0 unassigned YES NVRAM up up
ATM0/1/0 unassigned YES NVRAM up up
Dialer2 unassigned YES IPCP up up
wr1#show int atm0/0/0
ATM0/0/0 is up, line protocol is up
Hardware is HWIC-DSLSAR (with Alcatel ADSL Module), address is 001f.9e87.xxx(bia 001f.9e87.xxx)
Description: ISP Internet
MTU 4470 bytes, sub MTU 4470, BW 832 Kbit/sec, DLY 610 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Keepalive not supported
Encapsulation(s): AAL5
23 maximum active VCs, 256 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input never, output 23:48:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1084
Queueing strategy: Per VC Queueing
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
58124 packets input, 30790858 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 348 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
51848 packets output, 16773091 bytes, 0 underruns
6 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
wr1#show int dia2
Dialer2 is up, line protocol is up (spoofing)
Hardware is Unknown
Description: ISP Internet
Internet address will be negotiated using IPCP
MTU 1492 bytes, BW 8000 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of "show interface" counters 1d00h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Class-based queueing
Output queue: 0/1000/0 (size/max total/drops)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
52937 packets input, 30470954 bytes
52931 packets output, 17287959 bytes
Bound to:
Virtual-Access2 is up, line protocol is down
Hardware is Virtual Access interface
MTU 1492 bytes, BW 8000 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP REQsent
PPPoATM vaccess, cloned from Dialer2
Vaccess status 0x44
Bound to ATM0/0/0 VCD: 1, VPI: 0, VCI: 38, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di2 (Encapsulation PPP)
Last input 00:00:09, output never, output hang never
Last clearing of "show interface" counters 1d00h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 40403
Queueing strategy: Class-based queueing
Output queue: 65/1000/0 (size/max total/drops)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
58124 packets input, 30591958 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
93405 packets output, 17935575 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
syslog for debug ppp negotiation:
2014-09-10 08:49:31 Local7.Notice local IP address 801: wr1.lon: .Sep 10 01:51:33.803: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0, changed state to down
2014-09-10 08:49:32 Local7.Notice local IP address 804: wr1.lon: .Sep 10 01:51:35.247: %TRACKING-5-STATE: 3 ip sla 3 state Up->Down
2014-09-10 09:13:40 Local7.Error local IP address 808: wr1.lon: Sep 10 02:15:42.646: %LINK-3-UPDOWN: Interface ATM0/0/0, changed state to up
2014-09-10 09:13:40 Local7.Notice local IP address 809: wr1.lon: Sep 10 02:15:43.646: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0, changed state to up
2014-09-10 09:13:45 Local7.Error local IP address 810: wr1.lon: Sep 10 02:15:48.957: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
2014-09-10 09:13:45 Local7.Debug local IP address 811: wr1.lon: Sep 10 02:15:48.961: Interface Virtual-Access2 max_reserved_bandwidth config will not
2014-09-10 09:13:45 Local7.Debug local IP address 812: wr1.lon: take effect on the queueing features configured via service-policy
2014-09-10 09:13:45 Local7.Info local IP address 813: wr1.lon: Sep 10 02:15:48.965: %DIALER-6-BIND: Interface Vi2 bound to profile Di2
2014-09-10 09:13:45 Local7.Debug local IP address 814: wr1.lon: Sep 10 02:15:48.965: Vi2 PPP: Sending cstate UP notification
2014-09-10 09:13:45 Local7.Debug local IP address 815: wr1.lon: Sep 10 02:15:48.969: Vi2 PPP: Processing CstateUp message
2014-09-10 09:13:45 Local7.Debug local IP address 816: wr1.lon: Sep 10 02:15:48.973: PPP: Alloc Context [662C56A4]
2014-09-10 09:13:45 Local7.Debug local IP address 817: wr1.lon: Sep 10 02:15:48.973: ppp3 PPP: Phase is ESTABLISHING
2014-09-10 09:13:45 Local7.Debug local IP address 818: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Using dialer call direction
2014-09-10 09:13:45 Local7.Debug local IP address 819: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Treating connection as a callout
2014-09-10 09:13:45 Local7.Debug local IP address 820: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Session handle[14000004] Session id[3]
2014-09-10 09:13:45 Local7.Debug local IP address 821: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: Event[OPEN] State[Initial to Starting]
2014-09-10 09:13:45 Local7.Debug local IP address 822: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: No remote authentication for call-out
2014-09-10 09:13:45 Local7.Debug local IP address 823: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: O CONFREQ [Starting] id 1 len 14
2014-09-10 09:13:45 Local7.Debug local IP address 824: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:46 Local7.Debug local IP address 825: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:46 Local7.Debug local IP address 826: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: Event[UP] State[Starting to REQsent]
2014-09-10 09:13:48 Local7.Debug local IP address 827: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: O CONFREQ [REQsent] id 2 len 14
2014-09-10 09:13:48 Local7.Debug local IP address 828: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:48 Local7.Debug local IP address 829: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:48 Local7.Debug local IP address 830: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:50 Local7.Debug local IP address 831: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: O CONFREQ [REQsent] id 3 len 14
2014-09-10 09:13:50 Local7.Debug local IP address 832: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:50 Local7.Debug local IP address 833: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:50 Local7.Debug local IP address 834: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:52 Local7.Debug local IP address 835: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP: O CONFREQ [REQsent] id 4 len 14
2014-09-10 09:13:52 Local7.Debug local IP address 836: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:52 Local7.Debug local IP address 837: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:52 Local7.Debug local IP address 838: wr1.lon: Sep 10 02:15:55.000: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:54 Local7.Debug local IP address 839: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: O CONFREQ [REQsent] id 5 len 14
2014-09-10 09:13:54 Local7.Debug local IP address 840: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:54 Local7.Debug local IP address 841: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:54 Local7.Debug local IP address 842: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:56 Local7.Debug local IP address 843: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: O CONFREQ [REQsent] id 6 len 14
2014-09-10 09:13:56 Local7.Debug local IP address 844: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:56 Local7.Debug local IP address 845: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:56 Local7.Debug local IP address 846: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:58 Local7.Debug local IP address 847: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: O CONFREQ [REQsent] id 7 len 14
2014-09-10 09:13:58 Local7.Debug local IP address 848: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:58 Local7.Debug local IP address 849: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:58 Local7.Debug local IP address 850: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:00 Local7.Debug local IP address 851: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: O CONFREQ [REQsent] id 8 len 14
2014-09-10 09:14:00 Local7.Debug local IP address 852: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:14:00 Local7.Debug local IP address 853: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:14:00 Local7.Debug local IP address 854: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:02 Local7.Debug local IP address 855: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: O CONFREQ [REQsent] id 9 len 14
2014-09-10 09:14:02 Local7.Debug local IP address 856: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:14:02 Local7.Debug local IP address 857: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:14:02 Local7.Debug local IP address 858: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:04 Local7.Debug local IP address 859: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: O CONFREQ [REQsent] id 10 len 14
2014-09-10 09:14:04 Local7.Debug local IP address 860: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:14:04 Local7.Debug local IP address 861: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:14:04 Local7.Debug local IP address 862: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:06 Local7.Debug local IP address 863: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP DISC: LCP failed to negotiate
2014-09-10 09:14:06 Local7.Debug local IP address 864: wr1.lon: Sep 10 02:16:09.107: PPP: NET STOP send to AAA.
2014-09-10 09:14:06 Local7.Debug local IP address 865: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP: No remote authentication for call-out
2014-09-10 09:14:06 Local7.Debug local IP address 866: wr1.lon: Sep 10 02:16:09.107: Vi2 LCP: Event[Timeout-] State[REQsent to Stopped]
2014-09-10 09:14:06 Local7.Debug local IP address 867: wr1.lon: Sep 10 02:16:09.107: Vi2 LCP: Event[DOWN] State[Stopped to Starting]
2014-09-10 09:14:06 Local7.Debug local IP address 868: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP: Phase is DOWNHello ,
As line comes up after reloading the device this does not looks like configuration issue but hardware .
Either connection between ATM card and modem is getting idle or some issue with ATM card .
Did you try replacing ATM card with a spare one to see if issue persists .
HTH
Sunil Bhadauria
! Kindly rate all helpful posts and accordingly mark correct answers to help forum ! -
How to change CUE ip address?
Hi,
We moved to a new location and using comcast as ISP. I was setting up the phone system today and met a few problems.
1. First of all, all the phones are connected and working(total of 4), but I can only see 3 of them showing up in the CCA. Whats happening here?
2. I wanted to change the user name which appears on the phone using the CCA, CCA told me that the settings were successfully sent to UC520, I restarted the phone and uc520, but the names on the phones remain unchanged?
3. I forgot the password of the voicemail for one of the phone, and wanted to changed in the CUE. so I went to 10.1.10.1,but some comcast login page showed up instead of CUE. so I want to know how to change the IP address of CUE? I don`t know the CLI commands so please teach me if it can only be done with CLI. I have only used CCA in the past. Could this be the reason why for problem 1 and 2? I`m feeling wierd because all the phones can be used to call in/out.
my data vlan is 192.168.0.0 and voice vlan is 192.168.2.0 let me know if you need any other info.
need help urgently as I want to resolve this problem asap.
Thanks in advance.
Building configuration...
Current configuration : 31483 bytes
! Last configuration change at 19:39:02 EST Mon Jan 27 2014 by admin
version 15.1
parser config cache interface
no service pad
no service timestamps debug uptime
service timestamps log datetime msec
service password-encryption
service internal
service compress-config
service sequence-numbers
hostname UC_520
boot-start-marker
boot-end-marker
no logging buffered
no logging rate-limit
enable secret 4 X4ZqtPJ///KxuEWxHSsJrv3beQVnz2ise/xj8fF6eFU
aaa new-model
aaa authentication login default local
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-3885458945
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3885458945
revocation-check none
rsakeypair TP-self-signed-3885458945
crypto pki certificate chain TP-self-signed-3885458945
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383835 34353839 3435301E 170D3133 30383136 32303534
32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38383534
35383934 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100E470 89FBE9D2 67ED2223 338A6991 0CF59918 BDEF6020 545DFCAF 93A17C39
BEE49E0E 4EDEE26B CCE65E3E 44443BFC E1CE6B5E FE8906DA 3290C015 450721F3
8FB997D1 74A9EAD1 2FB11EAF 7E346F69 4AF873DE A93DCCC0 0607406E 09C0D5D4
47552B50 34398AF9 A5F9CC57 1A2CBCE8 D8DCE2E9 6702F3DD 77505122 2284BDC8
96730203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14F3FB0C E861F89C 588B7B22 97DCB6B8 95F52EAF 3F301D06
03551D0E 04160414 F3FB0CE8 61F89C58 8B7B2297 DCB6B895 F52EAF3F 300D0609
2A864886 F70D0101 05050003 81810067 7B14BD34 CF6FE9A5 C2B125A9 347023AD
58DAB6CB E64FA260 41DA2B0B 1921A21D BAED2A0F 47172233 A589F64D 74D70BB5
2790DE19 B905BCFF 18DB2EE5 F397C92D 7522DEB0 B4968E27 0F2CCF98 DCCE40C5
4BF1736A 1C945AFA E0EF7A33 E529F94C CC99549A 051CA1BD E33495DB 0B79451C
5666954E 10E691DF 5D5CCC50 CB72D2
quit
dot11 syslog
dot11 ssid cisco-data
vlan 1
authentication open
dot11 ssid cisco-voice
vlan 100
authentication open
ip source-route
ip cef
ip dhcp relay information trust-all
ip dhcp excluded-address 192.168.0.1 192.168.0.99
ip dhcp excluded-address 192.168.0.151 192.168.0.255
ip dhcp excluded-address 192.168.2.1 192.168.2.9
ip dhcp excluded-address 192.168.2.241 192.168.2.255
ip dhcp excluded-address 192.168.2.99
ip dhcp pool phone
network 192.168.2.0 255.255.255.0
default-router 192.168.2.99
option 150 ip 192.168.2.99
ip name-server 205.152.111.23
ip name-server 205.152.144.23
ip inspect WAAS flush-timeout 10
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
no ipv6 cef
multilink bundle-name authenticated
stcapp ccm-group 1
stcapp
trunk group ALL_FXO
max-retry 5
voice-class cause-code 1
hunt-scheme longest-idle
voice call send-alert
voice rtp send-recv
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
sip
no update-callerid
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
voice class cause-code 1
no-circuit
voice register global
mode cme
source-address 192.168.2.99 port 5060
max-dn 88
max-pool 22
load 9971 sip9971.9-2-2
load 9951 sip9951.9-2-2
load 8961 sip8961.9-2-2
timezone 12
create profile sync 0423457390373118
voice hunt-group 1 parallel
final 201
list 201,223,227,239,301
timeout 16
pilot 511
voice translation-rule 1000
rule 1 /.*/ //
voice translation-rule 1112
rule 1 /^9/ //
voice translation-rule 2001
voice translation-rule 2002
rule 1 /^6/ //
voice translation-rule 2222
rule 1 /^91900......./ //
rule 2 /^91976......./ //
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
voice translation-profile CallBlocking
translate called 2222
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
voice translation-profile XFER_TO_VM_PROFILE
translate redirect-called 2002
voice translation-profile nondialable
translate called 1000
voice-card 0
fax interface-type fax-mail
license udi pid UC520W-16U-4FXO-K9 sn FTX1251Y0DC
archive
log config
logging enable
logging size 600
hidekeys
username admin privilege 15 secret 4 X4ZqtPJ///KxuEWxHSsJrv3beQVnz2ise/xj8fF6eFU
ip tftp source-interface Loopback0
class-map match-all _class_Voice0
match ip dscp ef
class-map match-all _class_Voice1
match ip dscp cs3
policy-map Voice
class _class_Voice0
set cos 6
class _class_Voice1
set cos 3
bridge irb
interface Loopback0
description $FW_INSIDE$
ip address 10.1.10.2 255.255.255.252
ip access-group 101 in
ip nat inside
ip virtual-reassembly in
interface FastEthernet0/0
description $ETH-WAN$
no ip address
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Integrated-Service-Engine0/0
description cue is initialized with default IMAP group
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface FastEthernet0/1/0
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/1
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/2
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/3
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/4
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/5
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/6
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/7
switchport voice vlan 100
no ip address
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/8
switchport mode trunk
switchport voice vlan 100
no ip address
macro description cisco-switch
interface Dot11Radio0/5/0
no ip address
ssid cisco-data
ssid cisco-voice
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
antenna receive right
antenna transmit right
service-policy output Voice
interface Dot11Radio0/5/0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0/5/0.100
encapsulation dot1Q 100
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
interface Vlan100
no ip address
bridge-group 100
bridge-group 100 spanning-disabled
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 109 in
ip mtu 1452
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname [email protected]
ppp chap password 7 121D001B1E535E56
ppp pap sent-username [email protected] password 7 121D001B1E535E56
ppp ipcp dns request
interface BVI1
ip address 192.168.0.55 255.255.255.0
ip access-group 104 in
ip access-group 108 out
ip helper-address 192.168.0.99
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
interface BVI100
description $FW_INSIDE$
ip address 192.168.2.99 255.255.255.0
ip access-group 102 in
ip access-group 107 out
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip dns server
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.99
ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 10.1.10.0 0.0.0.3
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_6##
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp 192.168.2.0 0.0.0.255 eq 2000 any
access-list 101 permit udp 192.168.2.0 0.0.0.255 eq 2000 any
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_6##
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp 10.1.10.0 0.0.0.3 any eq 2000
access-list 102 permit udp 10.1.10.0 0.0.0.3 any eq 2000
access-list 102 permit ip 10.1.10.0 0.0.0.3 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark SDM_ACL Category=64
access-list 103 permit ip any any
access-list 104 remark SDM_ACL Category=64
access-list 104 permit ip any any
access-list 105 remark SDM_ACL Category=64
access-list 105 permit ip any any
access-list 106 remark SDM_ACL Category=64
access-list 106 permit ip any any
access-list 107 remark SDM_ACL Category=64
access-list 107 permit ip any any
access-list 108 remark SDM_ACL Category=64
access-list 108 permit ip any any
access-list 109 remark auto generated by SDM firewall configuration##NO_ACES_14##
access-list 109 remark SDM_ACL Category=1
access-list 109 permit ip 10.1.10.0 0.0.0.3 any
access-list 109 permit ip 192.168.2.0 0.0.0.255 any
access-list 109 permit udp host 205.152.111.23 eq domain any
access-list 109 permit udp host 205.152.144.23 eq domain any
access-list 109 permit icmp any any echo-reply
access-list 109 permit icmp any any time-exceeded
access-list 109 permit icmp any any unreachable
access-list 109 permit ip 10.0.0.0 0.255.255.255 any
access-list 109 deny ip 172.16.0.0 0.15.255.255 any
access-list 109 permit ip 192.168.0.0 0.0.255.255 any
access-list 109 deny ip 127.0.0.0 0.255.255.255 any
access-list 109 deny ip host 255.255.255.255 any
access-list 109 permit ip host 0.0.0.0 any
access-list 109 permit ip any any
dialer-list 1 protocol ip permit
snmp-server community public RO
tftp-server flash:/phones/521_524/cp524g-8-1-17.bin alias cp524g-8-1-17.bin
tftp-server flash:/phones/7916/B016-1-0-4.SBN alias B016-1-0-4.SBN
tftp-server flash:/phones/7937/apps37sccp.1-4-4-0.bin alias apps37sccp.1-4-4-0.bin
tftp-server flash:/phones/7940_7960/P00308010200.bin alias P00308010200.bin
tftp-server flash:/phones/7940_7960/P00308010200.loads alias P00308010200.loads
tftp-server flash:/phones/7940_7960/P00308010200.sb2 alias P00308010200.sb2
tftp-server flash:/phones/7940_7960/P00308010200.sbn alias P00308010200.sbn
tftp-server flash:/phones/7941_7961/apps41.9-1-1TH1-16.sbn alias apps41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/cnu41.9-1-1TH1-16.sbn alias cnu41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/cvm41sccp.9-1-1TH1-16.sbn alias cvm41sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/dsp41.9-1-1TH1-16.sbn alias dsp41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/jar41sccp.9-1-1TH1-16.sbn alias jar41sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/SCCP41.9-1-1SR1S.loads alias SCCP41.9-1-1SR1S.loads
tftp-server flash:/phones/7941_7961/term41.default.loads alias term41.default.loads
tftp-server flash:/phones/7941_7961/term61.default.loads alias term61.default.loads
tftp-server flash:/phones/7942_7962/apps42.9-1-1TH1-16.sbn alias apps42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/cnu42.9-1-1TH1-16.sbn alias cnu42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/cvm42sccp.9-1-1TH1-16.sbn alias cvm42sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/dsp42.9-1-1TH1-16.sbn alias dsp42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/jar42sccp.9-1-1TH1-16.sbn alias jar42sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/SCCP42.9-1-1SR1S.loads alias SCCP42.9-1-1SR1S.loads
tftp-server flash:/phones/7942_7962/term42.default.loads alias term42.default.loads
tftp-server flash:/phones/7942_7962/term62.default.loads alias term62.default.loads
tftp-server flash:/phones/7945_7965/apps45.9-1-1TH1-16.sbn alias apps45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/cnu45.9-1-1TH1-16.sbn alias cnu45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/cvm45sccp.9-1-1TH1-16.sbn alias cvm45sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/dsp45.9-1-1TH1-16.sbn alias dsp45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/jar45sccp.9-1-1TH1-16.sbn alias jar45sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/SCCP45.9-1-1SR1S.loads alias SCCP45.9-1-1SR1S.loads
tftp-server flash:/phones/7945_7965/term45.default.loads alias term45.default.loads
tftp-server flash:/phones/7945_7965/term65.default.loads alias term65.default.loads
tftp-server flash:/ringtones/Analog1.raw alias Analog1.raw
tftp-server flash:/ringtones/Analog2.raw alias Analog2.raw
tftp-server flash:/ringtones/AreYouThere.raw alias AreYouThere.raw
tftp-server flash:/ringtones/DistinctiveRingList.xml alias DistinctiveRingList.xml
tftp-server flash:/ringtones/RingList.xml alias RingList.xml
tftp-server flash:/ringtones/AreYouThereF.raw alias AreYouThereF.raw
tftp-server flash:/ringtones/Bass.raw alias Bass.raw
tftp-server flash:/ringtones/CallBack.raw alias CallBack.raw
tftp-server flash:/ringtones/Chime.raw alias Chime.raw
tftp-server flash:/ringtones/Classic1.raw alias Classic1.raw
tftp-server flash:/ringtones/Classic2.raw alias Classic2.raw
tftp-server flash:/ringtones/ClockShop.raw alias ClockShop.raw
tftp-server flash:/ringtones/Drums1.raw alias Drums1.raw
tftp-server flash:/ringtones/Drums2.raw alias Drums2.raw
tftp-server flash:/ringtones/FilmScore.raw alias FilmScore.raw
tftp-server flash:/ringtones/HarpSynth.raw alias HarpSynth.raw
tftp-server flash:/ringtones/Jamaica.raw alias Jamaica.raw
tftp-server flash:/ringtones/KotoEffect.raw alias KotoEffect.raw
tftp-server flash:/ringtones/MusicBox.raw alias MusicBox.raw
tftp-server flash:/ringtones/Piano1.raw alias Piano1.raw
tftp-server flash:/ringtones/Piano2.raw alias Piano2.raw
tftp-server flash:/ringtones/Pop.raw alias Pop.raw
tftp-server flash:/ringtones/Pulse1.raw alias Pulse1.raw
tftp-server flash:/ringtones/Ring1.raw alias Ring1.raw
tftp-server flash:/ringtones/Ring2.raw alias Ring2.raw
tftp-server flash:/ringtones/Ring3.raw alias Ring3.raw
tftp-server flash:/ringtones/Ring4.raw alias Ring4.raw
tftp-server flash:/ringtones/Ring5.raw alias Ring5.raw
tftp-server flash:/ringtones/Ring6.raw alias Ring6.raw
tftp-server flash:/ringtones/Ring7.raw alias Ring7.raw
tftp-server flash:/ringtones/Sax1.raw alias Sax1.raw
tftp-server flash:/ringtones/Sax2.raw alias Sax2.raw
tftp-server flash:/ringtones/Vibe.raw alias Vibe.raw
tftp-server flash:/Desktops/CampusNight.png
tftp-server flash:/Desktops/TN-CampusNight.png
tftp-server flash:/Desktops/CiscoFountain.png
tftp-server flash:/Desktops/TN-CiscoFountain.png
tftp-server flash:/Desktops/CiscoLogo.png
tftp-server flash:/Desktops/TN-CiscoLogo.png
tftp-server flash:/Desktops/Fountain.png
tftp-server flash:/Desktops/TN-Fountain.png
tftp-server flash:/Desktops/MorroRock.png
tftp-server flash:/Desktops/TN-MorroRock.png
tftp-server flash:/Desktops/NantucketFlowers.png
tftp-server flash:/Desktops/TN-NantucketFlowers.png
tftp-server flash:Desktops/320x212x16/List.xml
tftp-server flash:Desktops/320x212x12/List.xml
tftp-server flash:Desktops/320x216x16/List.xml
tftp-server flash:/bacdprompts/en_bacd_allagentsbusy.au alias en_bacd_allagentsbusy.au
tftp-server flash:/bacdprompts/en_bacd_disconnect.au alias en_bacd_disconnect.au
tftp-server flash:/bacdprompts/en_bacd_enter_dest.au alias en_bacd_enter_dest.au
tftp-server flash:/bacdprompts/en_bacd_invalidoption.au alias en_bacd_invalidoption.au
tftp-server flash:/bacdprompts/en_bacd_music_on_hold.au alias en_bacd_music_on_hold.au
tftp-server flash:/bacdprompts/en_bacd_options_menu.au alias en_bacd_options_menu.au
tftp-server flash:/bacdprompts/en_bacd_welcome.au alias en_bacd_welcome.au
tftp-server flash:/bacdprompts/en_bacd_xferto_operator.au alias en_bacd_xferto_operator.au
radius-server attribute 31 send nas-port-detail
control-plane
bridge 1 route ip
bridge 100 route ip
voice-port 0/0/0
shutdown
caller-id enable
voice-port 0/0/1
shutdown
caller-id enable
voice-port 0/0/2
shutdown
caller-id enable
voice-port 0/0/3
shutdown
caller-id enable
voice-port 0/1/0
trunk-group ALL_FXO 64
connection plar 201
shutdown
caller-id enable
voice-port 0/1/1
trunk-group ALL_FXO 64
connection plar opx 511
description Configured by CCA 4 FXO-0/1/1-Custom-BG
caller-id enable
voice-port 0/1/2
trunk-group ALL_FXO 64
connection plar opx 511
description Configured by CCA 4 FXO-0/1/2-Custom-BG
caller-id enable
voice-port 0/1/3
trunk-group ALL_FXO 64
connection plar 204
shutdown
caller-id enable
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control -15
description Music On Hold Port
sccp local Loopback0
sccp ccm 192.168.2.99 identifier 1 version 3.1
sccp
sccp ccm group 1
associate ccm 1 priority 1
dial-peer cor custom
name internal
name local
name local-plus
name international
name national
name national-plus
name emergency
name toll-free
dial-peer cor list call-internal
member internal
dial-peer cor list call-local
member local
dial-peer cor list call-local-plus
member local-plus
dial-peer cor list call-national
member national
dial-peer cor list call-national-plus
member national-plus
dial-peer cor list call-international
member international
dial-peer cor list call-emergency
member emergency
dial-peer cor list call-toll-free
member toll-free
dial-peer cor list user-internal
member internal
member emergency
dial-peer cor list user-local
member internal
member local
member emergency
member toll-free
dial-peer cor list user-local-plus
member internal
member local
member local-plus
member emergency
member toll-free
dial-peer cor list user-national
member internal
member local
member local-plus
member national
member emergency
member toll-free
dial-peer cor list user-national-plus
member internal
member local
member local-plus
member national
member national-plus
member emergency
member toll-free
dial-peer cor list user-international
member internal
member local
member local-plus
member international
member national
member national-plus
member emergency
member toll-free
dial-peer voice 1 pots
port 0/0/0
no sip-register
dial-peer voice 2 pots
port 0/0/1
no sip-register
dial-peer voice 3 pots
port 0/0/2
no sip-register
dial-peer voice 4 pots
port 0/0/3
no sip-register
dial-peer voice 5 pots
description ** MOH Port **
destination-pattern ABC
port 0/4/0
no sip-register
dial-peer voice 6 pots
description 鬰atch all dial peer for BRI/PRI�
translation-profile incoming nondialable
incoming called-number .%
direct-inward-dial
dial-peer voice 50 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/0
dial-peer voice 51 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/1
dial-peer voice 52 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/2
dial-peer voice 53 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/1/3
dial-peer voice 54 pots
description ** FXO pots dial-peer **
destination-pattern A0
port 0/1/0
no sip-register
dial-peer voice 55 pots
description ** FXO pots dial-peer **
destination-pattern A1
port 0/1/1
no sip-register
dial-peer voice 56 pots
description ** FXO pots dial-peer **
destination-pattern A2
port 0/1/2
no sip-register
dial-peer voice 57 pots
description ** FXO pots dial-peer **
destination-pattern A3
port 0/1/3
no sip-register
dial-peer voice 2000 voip
description ** cue voicemail pilot number **
translation-profile outgoing XFER_TO_VM_PROFILE
destination-pattern 396
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay sip-notify
codec g711ulaw
no vad
dial-peer voice 2001 voip
description ** cue auto attendant number **
translation-profile outgoing PSTN_CallForwarding
destination-pattern 398
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay sip-notify
codec g711ulaw
no vad
dial-peer voice 2012 voip
description ** cue prompt manager number **
translation-profile outgoing PSTN_CallForwarding
destination-pattern 240
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay sip-notify
codec g711ulaw
no vad
dial-peer voice 58 pots
trunkgroup ALL_FXO
corlist outgoing call-emergency
description **CCA*North American-7-Digit*Emergency**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 9911
forward-digits all
no sip-register
dial-peer voice 59 pots
trunkgroup ALL_FXO
corlist outgoing call-emergency
description **CCA*North American-7-Digit*Emergency**
preference 5
destination-pattern 911
forward-digits all
no sip-register
dial-peer voice 60 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*North American-7-Digit*10-Digit Local**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 9[2-9].........
forward-digits all
no sip-register
dial-peer voice 61 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*North American-7-Digit*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 9[2-9]11
forward-digits all
no sip-register
dial-peer voice 62 pots
trunkgroup ALL_FXO
corlist outgoing call-national
description **CCA*North American-7-Digit*Long Distance**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 91[2-9]..[2-9]......
forward-digits all
no sip-register
dial-peer voice 63 pots
trunkgroup ALL_FXO
corlist outgoing call-international
description **CCA*North American-7-Digit*International**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 9011T
forward-digits all
no sip-register
dial-peer voice 64 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*North American-7-Digit*Toll-Free**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 91800.......
forward-digits all
no sip-register
dial-peer voice 65 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*North American-7-Digit*Toll-Free**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 91888.......
forward-digits all
no sip-register
dial-peer voice 66 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*North American-7-Digit*Toll-Free**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 91877.......
forward-digits all
no sip-register
dial-peer voice 67 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*North American-7-Digit*Toll-Free**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 91866.......
forward-digits all
no sip-register
dial-peer voice 68 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*North American-7-Digit*Toll-Free**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 91855.......
forward-digits all
no sip-register
no dial-peer outbound status-check pots
telephony-service
video
authentication credential admin admin
fxo hook-flash
max-ephones 22
max-dn 88
ip source-address 192.168.2.99 port 2000
max-redirect 20
auto assign 1 to 1 type bri
calling-number initiator
service phone videoCapability 1
service phone ehookenable 1
service phone SPA525-wifi-on yes
service phone SPA525-protocol SPCP
service phone SPA525-auto-detect-sccp yes
service phone SPA525-http-write yes
service phone SPA525-SSID cisco-voice
service phone SPA525-readonly no
service phone SPA525-Encryption-type DISABLE
service dnis overlay
service dnis dir-lookup
service dss
timeouts interdigit 5
system message ZFI Engi & Const
url services http://10.1.10.1/voiceview/common/login.do
url authentication http://10.1.10.2/CCMCIP/authenticate.asp
cnf-file location flash:
cnf-file perphone
load 7916-12 B016-1-0-4
load 7916-24 B016-1-0-4
load 7937 apps37sccp.1-4-4-0
load 7960-7940 P00308010200
load 7941 SCCP41.9-1-1SR1S
load 7941GE SCCP41.9-1-1SR1S
load 7942 SCCP42.9-1-1SR1S
load 7945 SCCP45.9-1-1SR1S
load 7961 SCCP41.9-1-1SR1S
load 7961GE SCCP41.9-1-1SR1S
load 7962 SCCP42.9-1-1SR1S
load 7965 SCCP45.9-1-1SR1S
load 521G-524G cp524g-8-1-17
time-zone 12
keepalive 30 auxiliary 4
voicemail 396
max-conferences 8 gain -6
call-forward pattern .T
call-forward system redirecting-expanded
hunt-group logout HLog
moh flash:/media/music-on-hold.au
multicast moh 239.10.16.16 port 2000
web admin system name cisco secret 5 $1$AJGT$FDYMK5h1/Tiz2VQKQe2fS.
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern 9.T
transfer-pattern .T
transfer-pattern 6... blind
secondary-dialtone 9
night-service day Sun 00:00 23:59
night-service day Mon 17:00 08:00
night-service day Tue 17:00 08:00
night-service day Wed 17:00 08:00
night-service day Thu 17:00 08:00
night-service day Fri 17:00 08:00
night-service day Sat 00:00 23:59
night-service date Jan 1 00:00 23:59
night-service date Nov 25 00:00 23:59
night-service date Dec 25 00:00 23:59
fac standard
create cnf-files version-stamp Jan 01 2002 00:00:00
ephone-template 15
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd HLog Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-template 16
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd HLog Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
ephone-template 17
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd HLog Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
ephone-template 18
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd HLog Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-dn 9
number BCD no-reg primary
description MoH
moh out-call ABC
ephone-dn 81 octo-line
number 301 no-reg primary
pickup-group 1
name wpb wpb
call-forward busy 396
call-forward noan 396 timeout 20
ephone-dn 82 octo-line
number 227 no-reg primary
pickup-group 1
name Robert Stewart
call-forward busy 396
call-forward noan 396 timeout 20
ephone-dn 83 octo-line
number 239 no-reg primary
pickup-group 1
name Conf Room
call-forward busy 396
call-forward noan 396 timeout 20
ephone-dn 84 octo-line
number 223 no-reg primary
pickup-group 1
label 223
description George Guo
name Caroline Wang
call-forward busy 396
call-forward noan 396 timeout 20
ephone-dn 85 octo-line
ring external
number 201 no-reg primary
pickup-group 1
label 201
description Caroline Wang
name Cari Adamonis
call-forward busy 396
call-forward noan 396 timeout 20
ephone-dn 86
number 6... no-reg primary
description ***CCA XFER TO VM EXTENSION***
call-forward all 396
ephone-dn 87
number A801... no-reg primary
mwi off
ephone-dn 88
number A800... no-reg primary
mwi on
ephone 1
device-security-mode none
mac-address 0015.6276.7240
ephone-template 16
username "mdeng" password 123456
type 7940
button 1:82
ephone 2
device-security-mode none
mac-address 0015.6278.9118
ephone-template 16
username "jespinal" password 123456
type 7940
button 1:83
ephone 3
device-security-mode none
mac-address 0015.6269.5B0C
ephone-template 16
username "wpb" password 123456
mtp
type 7940
button 1:81
ephone 5
device-security-mode none
mac-address 0012.4362.0B1E
ephone-template 16
username "GGuo" password 123456
type 7940
button 1:84
ephone 6
device-security-mode none
mac-address 0015.6286.AE4F
ephone-template 16
username "cwang" password 123456
type 7940
missed-calls all
button 1:85
alias exec cca_voice_mode PBX
alias exec cca_vm_notification schedule from_time=00 to_time=24
banner login ^Cbanner login ^Cisco Configuration Assistant. Version: 3.2 (3). Sat Aug 24 11:52:57 EDT 2013^^C
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
transport preferred none
transport input all
line vty 5 100
transport preferred none
transport input all
ntp master
endhow to change local ip address?Via an operating system command.
It's not the sort of thing an application should be doing at all. IP addresses these days are assigned via DHCP. Why would you want to change it from within an application? It would probably disconnect all sockets for all running applications, invalidate the login, all kinds of bad effects.
What is the actual requirement? -
VPN client connect to CISCO 887 VPN Server bat they stop at router!!
Hi
my scenario is as follows
SERVER1 on lan (192.168.5.2/24)
|
|
CISCO-887 (192.168.5.4) with VPN server
|
|
INTERNET
|
|
VPN Cisco client on xp machine
My connection have public ip address assegned by ISP, after ppp login.
I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN.
They can ping only router!!!
They are configured with Cisco VPN client (V5.0.007) with "Enabled Trasparent Tunnelling" and "IPSec over UDP NAT/PAT".
What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
Peraps ACL problem?
Building configuration...
Current configuration : 5019 bytes
! Last configuration change at 05:20:37 UTC Tue Apr 24 2012 by adm
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname gate
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
memory-size iomem 10
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-453216506
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-453216506
revocation-check none
rsakeypair TP-self-signed-453216506
crypto pki certificate chain TP-self-signed-453216506
certificate self-signed 01
quit
ip name-server 212.216.112.222
ip cef
no ipv6 cef
password encryption aes
license udi pid CISCO887VA-K9 sn ********
username adm privilege 15 secret 5 *****************
username user1 secret 5 ******************
controller VDSL 0
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EXTERNALS
key 6 *********\*******
dns 192.168.5.2
wins 192.168.5.2
domain domain.local
pool SDM_POOL_1
save-password
crypto isakmp profile ciscocp-ike-profile-1
match identity group EXTERNALS
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA1
set isakmp-profile ciscocp-ike-profile-1
interface Loopback0
ip address 10.10.10.10 255.255.255.0
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 8/35
encapsulation aal5snap
protocol ppp dialer
dialer pool-member 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
ip address 192.168.5.4 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ******@*******.****
ppp chap password 0 alicenewag
ppp pap sent-username ******@*******.**** password 0 *********
ip local pool SDM_POOL_1 192.168.5.20 192.168.5.50
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
dialer-list 1 protocol ip permit
line con 0
line aux 0
line vty 0 4
transport input all
endHello,
Your pool of VPN addresses is overlapping with the interface vlan1.
Since proxy-arp is disabled on that interface, it will never work
2 solutions
1- Pool uses a different network than 192.168.5
2- Enable ip proxy-arp on interface vlan1
Cheers,
Olivier -
VPN client connect to CISCO 887 VPN Server but I can't ping Local LAN
Hi
my scenario is as follows
SERVER1 on lan (192.168.1.4)
|
|
CISCO-887 (192.168.1.254)
|
|
INTERNET
|
|
VPN Cisco client on windows 7 machine
My connection have public ip address assegned by ISP, after ppp login.
I've just configured (with Cisco Configuration Professional) the ADSL connection and VPN Server (Easy VPN).
All the PC on LAN surf internet and remote PC connect to VPN Cisco server via cisco VPN client.
But all remote PC after connection to Cisco VPN server don't ping SERVER1 in lan and therefore don't see SERVER1 and every other resource in LAN. I can't even ping the gateway 192.168.1.254
I'm using Cisco VPN client (V5.0.07) with "IPSec over UDP NAT/PAT".
What is wrong in my attached configuration? (I've alspo tried to bind Virtual-Template1 both to unnambered Dialer0 and to Loopback0 but without luck)
Perhaps ACL problem?
Building configuration...
Current configuration : 4921 bytes
! Last configuration change at 14:33:06 UTC Sun Jan 26 2014 by NetasTest
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname TestLab
boot-start-marker
boot-end-marker
enable secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
memory-size iomem 10
crypto pki trustpoint TP-self-signed-3013130599
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3013130599
revocation-check none
rsakeypair TP-self-signed-3013130599
crypto pki certificate chain TP-self-signed-3013130599
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33303133 31333035 3939301E 170D3134 30313236 31333333
35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30313331
33303539 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A873 940DE7B9 112D7C1E CEF53553 ED09B479 24721449 DBD6F559 1B9702B7
9087E94B 50CBB29F 6FE9C3EC A244357F 287E932F 4AB30518 08C2EAC1 1DF0C521
8D0931F7 6E7F7511 7A66FBF1 A355BB2A 26DAD318 5A5A7B0D A261EE22 1FB70FD1
C20F1073 BF055A86 D621F905 E96BD966 A4E87C95 8222F1EE C3627B9A B5963DCE
AE7F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14E37481 4AAFF252 197AC35C A6C1E8E1 E9DF5B35 27301D06
03551D0E 04160414 E374814A AFF25219 7AC35CA6 C1E8E1E9 DF5B3527 300D0609
2A864886 F70D0101 05050003 81810082 FEE61317 43C08637 F840D6F8 E8FA11D5
AA5E49D4 BA720ECB 534D1D6B 1A912547 59FED1B1 2B68296C A28F1CD7 FB697048
B7BF52B8 08827BC6 20B7EA59 E029D785 2E9E11DB 8EAF8FB4 D821C7F5 1AB39B0D
B599ECC1 F38B733A 5E46FFA8 F0920CD8 DBD0984F 2A05B7A0 478A1FC5 952B0DCC
CBB28E7A E91A090D 53DAD1A0 3F66A3
quit
no ip domain lookup
ip cef
no ipv6 cef
license udi pid CISCO887VA-K9 sn ***********
username ******* secret 4 5ioUNqNjoCPaFZIVNAyYuHFA2e9v8Ivuc7a7UlyQ3Zw
username ******* secret 4 Qf/16YMe96arcCpYI46YRa.3.7HcUGTBeJB3ZyRxMtE
controller VDSL 0
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EXTERNALS
key NetasTest
dns 8.8.4.4
pool VPN-Pool
acl 120
crypto isakmp profile ciscocp-ike-profile-1
match identity group EXTERNALS
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode tunnel
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
mode tunnel
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA1
set isakmp-profile ciscocp-ike-profile-1
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
hold-queue 224 in
pvc 8/35
pppoe-client dial-pool-number 1
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Virtual-Template1 type tunnel
ip address 192.168.2.1 255.255.255.0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ****
ppp chap password 0 *********
ppp pap sent-username ****** password 0 *******
no cdp enable
ip local pool VPN-Pool 192.168.2.210 192.168.2.215
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 100 remark
access-list 100 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 100 remark
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 120 remark
access-list 120 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
line con 0
exec-timeout 5 30
password ******
no modem enable
line aux 0
line vty 0 4
password ******
transport input all
end
Best Regards,I've updated ios to c870-advipservicesk9-mz.124-24.T8.bin and tried to ping from rv320 to 871 and vice versa. Ping stil not working.
router#sh crypto session detail
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, T - cTCP encapsulation
X - IKE Extended Authentication, F - IKE Fragmentation
Interface: Dialer0
Uptime: 00:40:37
Session status: UP-ACTIVE
Peer: 93.190.178.205 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 192.168.1.100
Desc: (none)
IKE SA: local 93.190.177.103/500 remote 93.190.178.205/500 Active
Capabilities:(none) connid:2001 lifetime:07:19:22
IPSEC FLOW: permit ip 10.1.1.0/255.255.255.0 10.1.2.0/255.255.255.0
Active SAs: 4, origin: dynamic crypto map
Inbound: #pkts dec'ed 0 drop 30 life (KB/Sec) 4500544/1162
Outbound: #pkts enc'ed 5 drop 0 life (KB/Sec) 4500549/1162 -
EZVPN public internet split tunnel with dialer interface
I have a job on where I need to be able to use EZVPN with split tunnel but still have access to an external server from the corporate network as the external server will only accept connections from the corporate public IP address.
So I have not only included the corporate C class in the interesting traffic but also the IP address of the external server.
So all good so far, traffic for the corporate network goes down the tunnel as well as the IP address for the external server.
Now comes the problem, I am trying to send the public IP traffic for the external server out of the corporate network into the public internet but it just drops and does not get back out the same interface into the internet.
I checked out this procedure and it did not help as the route map counters do not increase with my attempt to reach the external router.
http://www.cisco.com/c/en/us/support/docs/security/vpn-client/71461-router-vpnclient-pi-stick.html
And to just test the process, I removed the split tunnel and just have everything going down the tunnel so I can test with any web site. I also have a home server on the network that is reached so I can definitly reach into the network at home which is the test for the corporate network I am trying to reach.
Its a cisco 870 router and here is the config
Router#sh run
Building configuration...
Current configuration : 4617 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging message-counter syslog
enable secret 5 *************************
enable password *************************
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.4
ip dhcp excluded-address 192.168.1.5
ip dhcp excluded-address 192.168.1.6
ip dhcp excluded-address 192.168.1.7
ip dhcp excluded-address 192.168.1.8
ip dhcp excluded-address 192.168.1.9
ip dhcp excluded-address 192.168.1.111
ip dhcp pool myDhcp
network 192.168.1.0 255.255.255.0
dns-server 139.130.4.4
default-router 192.168.1.1
ip cef
ip inspect name myfw http
ip inspect name myfw https
ip inspect name myfw pop3
ip inspect name myfw esmtp
ip inspect name myfw imap
ip inspect name myfw ssh
ip inspect name myfw dns
ip inspect name myfw ftp
ip inspect name myfw icmp
ip inspect name myfw h323
ip inspect name myfw udp
ip inspect name myfw realaudio
ip inspect name myfw tftp
ip inspect name myfw vdolive
ip inspect name myfw streamworks
ip inspect name myfw rcmd
ip inspect name myfw isakmp
ip inspect name myfw tcp
ip name-server 139.130.4.4
username ************************* privilege 15 password 0 *************************
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group HomeFull
key *************************
dns 8.8.8.8 8.8.8.4
pool SDM_POOL_1
include-local-lan
netmask 255.255.255.0
crypto isakmp profile ciscocp-ike-profile-1
match identity group HomeFull
client authentication list ciscocp_vpn_xauth_ml_1
isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address respond
virtual-template 3
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set security-association idle-time 1740
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
crypto ctcp port 10000
archive
log config
hidekeys
interface Loopback10
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no atm ilmi-keepalive
interface ATM0.1 point-to-point
description TimsInternet
ip flow ingress
ip policy route-map VPN-Client
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 3
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface Virtual-Template3 type tunnel
ip unnumbered Dialer3
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect myfw in
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1372
no ip mroute-cache
hold-queue 100 out
interface Dialer0
no ip address
interface Dialer3
ip address negotiated
ip access-group blockall in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp header-compression
ip policy route-map VPN-Client
no ip mroute-cache
dialer pool 3
dialer-group 1
no cdp enable
ppp chap hostname *************************@direct.telstra.net
ppp chap password 0 *************************
ip local pool SDM_POOL_1 10.0.0.10 10.0.0.100
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer3
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 101 interface Dialer3 overload
ip access-list extended VPN-OUT
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended blockall
remark CCP_ACL Category=17
permit udp any any eq non500-isakmp
permit udp any any eq isakmp
permit esp any any
permit ahp any any
permit tcp any any eq 10000
deny ip any any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 10.0.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
route-map VPN-Client permit 10
match ip address VPN-OUT
set ip next-hop 10.0.0.2
control-plane
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
scheduler max-task-time 5000
end
Router#exit
Connection closed by foreign host.Thanks for the response.
Not sure how that would help as I can connect into the internal network just fine, but I want to hairpin back out the interface and surf the internet from the VPN client. The policy route map makes the L10 the next hop and it has NAT. -
Hi All,
We have a UC520 and the system is giving us an engaged tone when ever we dial voice mail from both our external and internal numbers. I have been going over and over the config and can not understand why we are getting an engaged signal when ever we ring voice mail. Below is the show run off the UC520, hopefully someone can spot some errors in it to suggest why it does not work as im close to hitting it with a large hammer
version 12.4
parser config cache interface
no service pad
no service timestamps debug uptime
service timestamps log datetime msec
service password-encryption
service internal
service compress-config
service sequence-numbers
hostname UC_520
boot-start-marker
boot system flash uc500-advipservicesk9-mz.124-22.YB4.bin
boot-end-marker
logging message-counter syslog
no logging buffered
no logging rate-limit
enable secret 5 passremoved
aaa new-model
aaa authentication login default local
aaa authentication login Foxtrot_sdm_easyvpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network Foxtrot_sdm_easyvpn_group_ml_1 local
aaa session-id common
clock timezone AEST 10
clock summer-time AEST recurring 1 Sun Oct 2:00 1 Sun Apr 3:00
crypto pki trustpoint TP-self-signed-1974105750
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1974105750
revocation-check none
rsakeypair TP-self-signed-1974105750
dot11 syslog
ip source-route
ip cef
ip dhcp relay information trust-all
ip dhcp excluded-address 10.1.1.1 10.1.1.9
ip dhcp excluded-address 10.1.1.241 10.1.1.255
ip dhcp pool phone
network 10.1.1.0 255.255.255.0
default-router 10.1.1.1
option 150 ip 10.1.1.1
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
no ipv6 cef
stcapp ccm-group 1
stcapp
stcapp feature access-code
multilink bundle-name authenticated
vpdn enable
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 2
trunk group ALL_FXO
max-retry 5
voice-class cause-code 1
hunt-scheme sequential
voice call send-alert
voice rtp send-recv
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
sip
no update-callerid
call service stop
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
voice class dualtone-detect-params 1
cadence-variation 25
voice class custom-cptone OZ
dualtone disconnect
frequency 420
cadence 400 200
voice class custom-cptone test
dualtone disconnect
frequency 425
cadence 375 375
voice class cause-code 1
no-circuit
voice register global
max-dn 128
max-pool 32
voice hunt-group 1 parallel
final 512
list 203,204
timeout 10
pilot 511
voice hunt-group 2 parallel
final 513
list 202,203,204
timeout 10
pilot 512
voice hunt-group 3 parallel
final 203
list 201,202,203,204
timeout 10
pilot 513
voice translation-rule 4
rule 15 // //
voice translation-rule 1111
voice translation-rule 1112
rule 1 /^0/ //
voice translation-rule 2000
rule 1 /0294174218/ /101/
voice translation-rule 2002
rule 1 // //
voice translation-rule 2222
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
voice translation-profile CallBlocking
translate called 2222
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
voice translation-profile PROFILE_ALL_FXO
translate calling 4
voice translation-profile VM_Profile
translate called 2000
voice translation-profile XFER_TO_VM_PROFILE
translate called 2002
voice-card 0
no local-bypass
username admin privilege 15 secret 5 passremoved
username KeyVPN secret 5 passremoved
username cisco privilege 15 secret 5 passremoved
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group EZVPN_GROUP_1
key passremoved
dns 61.8.0.113
pool SDM_POOL_1
save-password
max-users 10
crypto isakmp profile sdm-ike-profile-1
match identity group EZVPN_GROUP_1
client authentication list Foxtrot_sdm_easyvpn_xauth_ml_1
isakmp authorization list Foxtrot_sdm_easyvpn_group_ml_1
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
archive
log config
logging enable
logging size 600
hidekeys
process-max-time 50
ip tftp source-interface Loopback0
class-map match-all L3-to-L2_VoIP-Cntrl
match ip dscp af31
class-map match-all L3-to-L2_VoIP-RTP
match ip dscp ef
class-map match-all SIP
match protocol sip
class-map match-all RTP
match protocol rtp
policy-map EthOut
class RTP
policy-map output-L3-to-L2
class L3-to-L2_VoIP-RTP
set cos 5
class L3-to-L2_VoIP-Cntrl
set cos 3
interface Loopback0
description $FW_INSIDE$
ip address 10.1.10.2 255.255.255.252
ip access-group 101 in
ip nat inside
ip virtual-reassembly
interface FastEthernet0/0
description $ETH-WAN$
no ip address
ip verify unicast reverse-path
ip virtual-reassembly
duplex auto
speed auto
snmp trap ip verify drop-rate
pppoe enable group global
pppoe-client dial-pool-number 1
interface Integrated-Service-Engine0/0
description cue is initialized with default IMAP group
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface FastEthernet0/1/0
switchport mode trunk
macro description cisco-switch
interface FastEthernet0/1/1
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/2
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/3
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/4
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/5
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/6
switchport voice vlan 100
macro description cisco-phone
spanning-tree portfast
interface FastEthernet0/1/7
switchport mode trunk
macro description cisco-switch
interface FastEthernet0/1/8
switchport mode trunk
macro description cisco-switch
interface Virtual-Template1 type tunnel
no ip address
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
interface Virtual-Template2
ip unnumbered Dialer0
peer default ip address pool SDM_POOL_1
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap
interface Vlan1
description $FW_INSIDE$
ip address 10.1.2.1 255.255.255.0
ip access-group 102 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
interface Vlan100
description $FW_INSIDE$
ip address 10.1.1.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group test-ppt in
ip mtu 1452
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname passremoved
ppp chap password 7 passremoved
ppp pap sent-username passremoved password 7 passremoved
ppp ipcp dns request
interface BVI1
description $FW_INSIDE$
mtu 1514
no ip address
ip access-group 102 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
interface BVI100
description $FW_INSIDE$
mtu 1514
no ip address
ip access-group 103 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
ip local pool SDM_POOL_1 10.1.2.230 10.1.2.250
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.1.10.1 255.255.255.255 Integrated-Service-Engine0/0
ip route 172.0.0.0 255.0.0.0 10.1.2.2
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip nat inside source list 1 interface Dialer0 overload
ip access-list extended test-pptp
permit tcp any any eq 1723
permit gre any any
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 10.1.2.0 0.0.0.255
access-list 1 permit 10.1.10.0 0.0.0.3
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 192.168.10.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_7##
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any host 10.1.10.2 eq non500-isakmp
access-list 101 permit udp any host 10.1.10.2 eq isakmp
access-list 101 permit esp any host 10.1.10.2
access-list 101 permit ahp any host 10.1.10.2
access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any
access-list 101 permit udp 10.1.1.0 0.0.0.255 eq 2000 any
access-list 101 deny ip 10.1.2.0 0.0.0.255 any
access-list 101 deny ip 10.1.1.0 0.0.0.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_25##
access-list 104 remark SDM_ACL Category=1
access-list 104 permit udp any any eq non500-isakmp
access-list 104 permit udp any any eq isakmp
access-list 104 permit esp any any
access-list 104 permit ahp any any
access-list 104 permit tcp any any eq pop3 log
access-list 104 permit tcp any any eq 37777 log
access-list 104 permit tcp any any eq 3389 log
access-list 104 permit tcp any any eq 1723 log
access-list 104 permit tcp any any eq 2701 log
access-list 104 permit tcp any any eq 4899 log
access-list 104 permit tcp any any eq 4125 log
access-list 104 permit tcp any any eq 443 log
access-list 104 permit tcp any any eq smtp log
access-list 104 permit tcp any any eq 8080 log
access-list 104 permit tcp any any eq www log
access-list 104 deny ip 10.1.10.0 0.0.0.3 any
access-list 104 deny ip 10.1.2.0 0.0.0.255 any
access-list 104 deny ip 10.1.1.0 0.0.0.255 any
access-list 104 permit udp host 61.8.0.113 eq domain any
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny ip 10.0.0.0 0.255.255.255 any
access-list 104 deny ip 172.16.0.0 0.15.255.255 any
access-list 104 deny ip 192.168.0.0 0.0.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip host 0.0.0.0 any
access-list 104 deny ip any any log
access-list 104 permit gre any any
dialer-list 1 protocol ip permit
snmp-server community public RO
control-plane
voice-port 0/0/0
cptone AU
timeouts ringing infinity
voice-port 0/0/1
cptone AU
timeouts ringing infinity
voice-port 0/0/2
cptone AU
timeouts ringing infinity
voice-port 0/0/3
cptone AU
timeouts ringing infinity
voice-port 0/1/0
supervisory disconnect dualtone mid-call
supervisory custom-cptone OZ
supervisory dualtone-detect-params 1
no battery-reversal
compand-type a-law
timeouts call-disconnect 3
timeouts ringing infinity
timeouts wait-release 3
timing sup-disconnect 50
connection plar opx 501
description Configured by CCA 4 FXO-0/1/0-Custom-HG
caller-id enable
voice-port 0/1/1
supervisory disconnect dualtone mid-call
supervisory custom-cptone OZ
supervisory dualtone-detect-params 1
no battery-reversal
compand-type a-law
timeouts call-disconnect 3
timeouts ringing infinity
timeouts wait-release 3
timing sup-disconnect 50
connection plar opx 501
description Configured by CCA 4 FXO-0/1/1-Custom-HG
caller-id enable
voice-port 0/1/2
trunk-group ALL_FXO 60
supervisory disconnect dualtone mid-call
supervisory custom-cptone OZ
supervisory dualtone-detect-params 1
no battery-reversal
compand-type a-law
timeouts call-disconnect 3
timeouts ringing infinity
timeouts wait-release 3
timing sup-disconnect 50
connection plar opx 501
description Configured by CCA 4 FXO-0/1/2-Custom-HG
caller-id enable
voice-port 0/1/3
trunk-group ALL_FXO 64
supervisory disconnect dualtone mid-call
supervisory custom-cptone OZ
supervisory dualtone-detect-params 1
no battery-reversal
compand-type a-law
timeouts call-disconnect 3
timeouts ringing infinity
timeouts wait-release 3
timing sup-disconnect 50
connection plar opx 501
description Configured by CCA 4 FXO-0/1/3-Custom-HG
caller-id enable
voice-port 0/3/0
trunk-group ALL_FXO 62
supervisory disconnect dualtone mid-call
supervisory custom-cptone OZ
supervisory dualtone-detect-params 1
no battery-reversal
compand-type a-law
timeouts call-disconnect 3
timeouts ringing infinity
timeouts wait-release 3
timing sup-disconnect 50
connection plar opx 501
description Configured by CCA 4 FXO-0/3/0-Custom-HG
caller-id enable
voice-port 0/3/1
trunk-group ALL_FXO 61
supervisory disconnect dualtone mid-call
supervisory custom-cptone OZ
supervisory dualtone-detect-params 1
no battery-reversal
compand-type a-law
timeouts call-disconnect 3
timeouts ringing infinity
timeouts wait-release 3
timing sup-disconnect 50
connection plar opx 501
description Configured by CCA 4 FXO-0/3/1-Custom-HG
caller-id enable
voice-port 0/3/2
trunk-group ALL_FXO 64
supervisory disconnect dualtone mid-call
supervisory custom-cptone OZ
supervisory dualtone-detect-params 1
no battery-reversal
compand-type a-law
timeouts call-disconnect 3
timeouts ringing infinity
timeouts wait-release 3
timing sup-disconnect 50
connection plar opx 101
description Configured by CCA 4FXO-0/3/2-Custom-OP
caller-id enable
voice-port 0/3/3
supervisory disconnect dualtone mid-call
supervisory custom-cptone OZ
supervisory dualtone-detect-params 1
no battery-reversal
compand-type a-law
timeouts call-disconnect 3
timeouts ringing infinity
timeouts wait-release 3
timing sup-disconnect 50
connection plar opx 501
description Configured by CCA 4 FXO-0/3/3-Custom-HG
caller-id enable
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control -15
description Music On Hold Port
sccp local Loopback0
sccp ccm 10.1.1.1 identifier 1 version 3.1
sccp
sccp ccm group 1
associate ccm 1 priority 1
dial-peer cor custom
name internal
name local
name local-plus
name international
name national
name national-plus
name emergency
name toll-free
dial-peer cor list call-internal
member internal
dial-peer cor list call-local
member local
dial-peer cor list call-local-plus
member local-plus
dial-peer cor list call-national
member national
dial-peer cor list call-national-plus
member national-plus
dial-peer cor list call-international
member international
dial-peer cor list call-emergency
member emergency
dial-peer cor list call-toll-free
member toll-free
dial-peer cor list user-internal
member internal
member emergency
dial-peer cor list user-local
member internal
member local
member emergency
member toll-free
dial-peer cor list user-local-plus
member internal
member local
member local-plus
member emergency
member toll-free
dial-peer cor list user-national
member internal
member local
member local-plus
member national
member emergency
member toll-free
dial-peer cor list user-national-plus
member internal
member local
member local-plus
member national
member national-plus
member emergency
member toll-free
dial-peer cor list user-international
member internal
member local
member local-plus
member international
member national
member national-plus
member emergency
member toll-free
dial-peer voice 1 pots
service stcapp
port 0/0/0
dial-peer voice 2 pots
service stcapp
port 0/0/1
dial-peer voice 3 pots
service stcapp
port 0/0/2
dial-peer voice 4 pots
service stcapp
port 0/0/3
dial-peer voice 5 pots
description ** MOH Port **
destination-pattern ABC
port 0/4/0
no sip-register
dial-peer voice 50 pots
description ** incoming dial peer **
incoming called-number .%
port 0/1/0
dial-peer voice 51 pots
description ** incoming dial peer **
incoming called-number .%
port 0/1/1
dial-peer voice 52 pots
description ** incoming dial peer **
incoming called-number .%
port 0/1/2
dial-peer voice 53 pots
description ** incoming dial peer **
incoming called-number .%
port 0/1/3
dial-peer voice 150 pots
description ** incoming dial peer **
incoming called-number .%
port 0/3/0
dial-peer voice 151 pots
description ** incoming dial peer **
incoming called-number .%
port 0/3/1
dial-peer voice 152 pots
description ** incoming dial peer **
incoming called-number .%
port 0/3/2
dial-peer voice 153 pots
description ** incoming dial peer **
incoming called-number .%
port 0/3/3
dial-peer voice 54 pots
description ** FXO pots dial-peer **
destination-pattern A0
port 0/1/0
no sip-register
dial-peer voice 55 pots
description ** FXO pots dial-peer **
destination-pattern A1
port 0/1/1
no sip-register
dial-peer voice 56 pots
description ** FXO pots dial-peer **
destination-pattern A2
port 0/1/2
no sip-register
dial-peer voice 57 pots
description ** FXO pots dial-peer **
destination-pattern A3
port 0/1/3
no sip-register
dial-peer voice 154 pots
description ** FXO pots dial-peer **
destination-pattern A4
port 0/3/0
no sip-register
dial-peer voice 155 pots
description ** FXO pots dial-peer **
destination-pattern A5
port 0/3/1
no sip-register
dial-peer voice 156 pots
description ** FXO pots dial-peer **
destination-pattern A6
port 0/3/2
no sip-register
dial-peer voice 157 pots
description ** FXO pots dial-peer **
destination-pattern A7
port 0/3/3
no sip-register
dial-peer voice 2000 voip
description ** cue voicemail pilot number **
translation-profile outgoing XFER_TO_VM_PROFILE
destination-pattern 101
b2bua
voice-class sip outbound-proxy ipv4:10.1.10.1
session protocol sipv2
session target ipv4:10.1.10.1
dtmf-relay sip-notify
codec g711ulaw
no vad
dial-peer voice 58 pots
trunkgroup ALL_FXO
corlist outgoing call-emergency
description **CCA*Australia*Emergency Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0000
forward-digits all
no sip-register
dial-peer voice 59 pots
trunkgroup ALL_FXO
corlist outgoing call-emergency
description **CCA*Australia*Emergency Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 000
forward-digits all
no sip-register
dial-peer voice 60 pots
trunkgroup ALL_FXO
corlist outgoing call-emergency
description **CCA*Australia*Emergency TTY**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0106
forward-digits all
no sip-register
dial-peer voice 61 pots
trunkgroup ALL_FXO
corlist outgoing call-emergency
description **CCA*Australia*Emergency TTY**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 006
forward-digits all
no sip-register
dial-peer voice 62 pots
trunkgroup ALL_FXO
corlist outgoing call-international
description **CCA*Australia*International Access**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0001[1589]T
forward-digits all
no sip-register
dial-peer voice 63 pots
trunkgroup ALL_FXO
corlist outgoing call-international
description **CCA*Australia*Premium Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 00055T
forward-digits all
no sip-register
dial-peer voice 64 pots
trunkgroup ALL_FXO
corlist outgoing call-local-plus
description **CCA*Australia*Analogue AMPS service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0014[04689].....
forward-digits all
no sip-register
dial-peer voice 65 pots
trunkgroup ALL_FXO
corlist outgoing call-local-plus
description **CCA*Australia*Analogue AMPS & Satellite**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0014[12357]......
forward-digits all
no sip-register
dial-peer voice 66 pots
trunkgroup ALL_FXO
corlist outgoing call-local-plus
description **CCA*Australia*Analogue AMPS service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0015......
forward-digits all
no sip-register
dial-peer voice 67 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Paging Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 00160..
forward-digits all
no sip-register
dial-peer voice 68 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Paging Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0016[1236789].....
forward-digits all
no sip-register
dial-peer voice 69 pots
trunkgroup ALL_FXO
corlist outgoing call-local-plus
description **CCA*Australia*Analogue AMPS service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0017[1289].....
forward-digits all
no sip-register
dial-peer voice 70 pots
trunkgroup ALL_FXO
corlist outgoing call-local-plus
description **CCA*Australia*Analogue AMPS service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0018......
forward-digits all
no sip-register
dial-peer voice 71 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Data Network Access Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 00192.
forward-digits all
no sip-register
dial-peer voice 72 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Data Network Access Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 00198[01239].....
forward-digits all
no sip-register
dial-peer voice 73 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Data Network Access Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 00198[45678]
forward-digits all
no sip-register
dial-peer voice 74 pots
trunkgroup ALL_FXO
corlist outgoing call-national
description **CCA*Australia*NSW Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 002........
forward-digits all
no sip-register
dial-peer voice 75 pots
trunkgroup ALL_FXO
corlist outgoing call-national
description **CCA*Australia*VIC, TAS Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 003........
forward-digits all
no sip-register
dial-peer voice 76 pots
trunkgroup ALL_FXO
corlist outgoing call-local-plus
description **CCA*Australia*Digital Mobile Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 004........
forward-digits all
no sip-register
dial-peer voice 77 pots
trunkgroup ALL_FXO
corlist outgoing call-national
description **CCA*Australia*Universal Personal Comms Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 005........
forward-digits all
no sip-register
dial-peer voice 78 pots
trunkgroup ALL_FXO
corlist outgoing call-national
description **CCA*Australia*QLD Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 007........
forward-digits all
no sip-register
dial-peer voice 79 pots
trunkgroup ALL_FXO
corlist outgoing call-national
description **CCA*Australia*SA, WA, NT Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 008........
forward-digits all
no sip-register
dial-peer voice 80 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Community Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 01100
forward-digits all
no sip-register
dial-peer voice 81 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Community Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0110[1-9]..
forward-digits all
no sip-register
dial-peer voice 82 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Public Interest Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0113...
forward-digits all
no sip-register
dial-peer voice 83 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Mass Calling Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0114.....
forward-digits all
no sip-register
dial-peer voice 84 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Community Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0119.
forward-digits all
no sip-register
dial-peer voice 85 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Directory and Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0122[1235]
forward-digits all
no sip-register
dial-peer voice 86 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Directory and Operator Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0123[46]
forward-digits all
no sip-register
dial-peer voice 87 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Operator Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 012[45]T
forward-digits all
no sip-register
dial-peer voice 88 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Local Rate Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0130.......
forward-digits all
no sip-register
dial-peer voice 89 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Local Rate Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 013[1-9]...
forward-digits all
no sip-register
dial-peer voice 90 pots
trunkgroup ALL_FXO
corlist outgoing call-international
description **CCA*Australia*Carrier Preselection Codes**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 014[1-9]T
forward-digits all
no sip-register
dial-peer voice 91 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*Australia*Freephone Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0180[01]......
forward-digits all
no sip-register
dial-peer voice 92 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*Australia*Freephone Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0180[2-9]...
forward-digits all
no sip-register
dial-peer voice 93 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Universal PCS Profile Management**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0185..
forward-digits all
no sip-register
dial-peer voice 94 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Australia*Calling Card Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0189..
forward-digits all
no sip-register
dial-peer voice 95 pots
trunkgroup ALL_FXO
corlist outgoing call-international
description **CCA*Australia*Premium Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0190[0126]......
forward-digits all
no sip-register
dial-peer voice 96 pots
trunkgroup ALL_FXO
corlist outgoing call-international
description **CCA*Australia*Premium Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 019[1345]...
forward-digits all
no sip-register
dial-peer voice 97 pots
trunkgroup ALL_FXO
corlist outgoing call-international
description **CCA*Australia*Premium Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 019[679].....
forward-digits all
no sip-register
dial-peer voice 98 pots
trunkgroup ALL_FXO
corlist outgoing call-national
description **CCA*Australia*8-digit dialing**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 5
destination-pattern 0[2-9].......
forward-digits all
no sip-register
dial-peer voice 2002 voip
description ** cue voicemail PSTN number **
translation-profile outgoing VM_Profile
destination-pattern 0294174218$
b2bua
voice-class sip outbound-proxy ipv4:10.1.10.1
session protocol sipv2
session target ipv4:10.1.10.1
dtmf-relay sip-notify
codec g711ulaw
no vad
no dial-peer outbound status-check pots
sip-ua
no transport udp
no transport tcp tls
no transport tcp
telephony-service
video
em logout 0:0 0:0 0:0
fxo hook-flash
max-ephones 32
max-dn 128
ip source-address 10.1.1.1 port 2000
max-redirect 20
auto assign 10 to 43
auto assign 5 to 8 type anl
calling-number initiator
service phone videoCapability 1
service dnis overlay
service dnis dir-lookup
timeouts interdigit 5
system message
url services http://10.1.10.1/voiceview/common/login.do
url authentication http://10.1.10.1/voiceview/authentication/authenticate.do
cnf-file location flash:
network-locale GB
load 7915-12 B015-1-0-3
load 7915-24 B015-1-0-3
load 7942 SCCP42.8-4-2S
load 7962 SCCP42.8-4-2S
load 521G-524G cp524g-8-1-16b
time-zone 48
date-format dd-mm-yy
voicemail 101
max-conferences 8 gain -6
call-forward pattern .T
call-forward system redirecting-expanded
moh flash:/media/music-on-hold.au
multicast moh 239.10.16.16 port 2000
web admin system name cisco secret 5 passremoved
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern 9.T
transfer-pattern .T
transfer-pattern 0.T
transfer-pattern 6... blind
secondary-dialtone 0
after-hours pstn-prefix 4 3
night-service code *6483
night-service day Sun 19:01 08:15
night-service day Mon 19:01 08:15
night-service day Tue 19:01 08:15
night-service day Wed 19:01 08:15
night-service day Thu 19:01 08:15
night-service day Fri 19:01 19:00
night-service day Sat 19:01 19:00
create cnf-files version-stamp 7960 Feb 19 2010 13:12:05
ephone-template 15
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-template 16
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys idle Redial Gpickup Cfwdall Pickup Newcall Dnd
softkeys seized Cfwdall Gpickup Redial Pickup Endcall Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
ephone-dn 1
number 701 no-reg primary
name IP-Paging1
paging ip 239.1.1.1 port 2000
ephone-dn 2
number 211
name name
call-forward busy 101
call-forward noan 101 timeout 10
hold-alert 30 originator
ephone-dn 5 dual-line
number 301 no-reg primary
label 301
description PhoneA Analog
name PhoneA Analog
ephone-dn 6 dual-line
number 302 no-reg primary
label 302
description PhoneB Analog
name PhoneB Analog
ephone-dn 7 dual-line
number 303 no-reg primary
label 303
description PhoneC Analog
name PhoneC Analog
ephone-dn 8 dual-line
number 304 no-reg primary
label 304
description PhoneD Analog
name PhoneD Analog
ephone-dn 9
number BCD no-reg primary
description MoH
moh out-call ABC
ephone-dn 10 dual-line
number 201 no-reg primary
pickup-group 1
label 201
description Dragan Jancic
name name
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 11 dual-line
number 202 no-reg primary
pickup-group 1
label 202
description Spare 2
name Spare 2
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 12 dual-line
number 203 no-reg primary
pickup-group 1
label 203
description name
name name
call-forward busy 101
call-forward night-service 00458707335
call-forward noan 101 timeout 35
night-service bell
ephone-dn 13 dual-line
number 204 no-reg primary
pickup-group 1
label 204
description name
name name
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 14 dual-line
number 207 no-reg primary
label 207
description name
name name
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 15 dual-line
number 206 no-reg primary
label 206
description name
name name
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 16 dual-line
number 205 no-reg primary
pickup-group 1
label 205
description name
name name
call-forward busy 101
call-forward noan 101 timeout 10
ephone-dn 17 dual-line
number 208 no-reg primary
label 208
description name
name name
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 18 dual-line
number 209 no-reg primary
label 209
description Spare
name Spare
call-forward busy 101
call-forward noan 101 timeout 10
ephone-dn 19 dual-line
number 210 no-reg primary
label 210
description name
name name
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 21 dual-line
number 212 no-reg primary
label 212
description name
name name
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 22 dual-line
number 213 no-reg primary
label 213
description name
name name
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 23 dual-line
number 214 no-reg primary
label 214
description name
name name
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 24 dual-line
number 215 no-reg primary
label 215
description Workshop One
name Workshop One
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 25 dual-line
number 216 no-reg primary
label 216
description Workshop Two
name Workshop Two
call-forward busy 101
call-forward noan 101 timeout 35
ephone-dn 26 dual-line
number 217 no-reg primary
label 217
description Lunch Room
name Lunch Room
call-forward busy 203
call-forward noan 203 timeout 35
ephone-dn 27 dual-line
number 218 no-reg primary
label 218
description Meeting Room
name Meeting Room
call-forward busy 203
call-forward noan 203 timeout 35
ephone-dn 126
number 6... no-reg primary
description ***CCA XFER TO VM EXTENSION***
call-forward all 101
ephone-dn 127
number A801... no-reg primary
mwi off
ephone-dn 128
number A800... no-reg primary
mwi on
ephone 1
device-security-mode none
video
mac-address 0021.1BFC.ACA5
ephone-template 16
max-calls-per-button 2
username "name" password 12345
type 524G
button 1:21
ephone 2
device-security-mode none
mac-address 1A02.A8FE.0000
ephone-template 16
max-calls-per-button 2
username "a1"
type anl
button 1:5
ephone 3
device-security-mode none
mac-address 1A02.A8FE.0001
ephone-template 16
max-calls-per-button 2
username "b1"
type anl
button 1:6
ephone 4
device-security-mode none
mac-address 1A02.A8FE.0002
ephone-template 16
max-calls-per-button 2
username "c1"
type anl
button 1:7
ephone 5
device-security-mode none
mac-address 1A02.A8FE.0003
ephone-template 16
max-calls-per-button 2
username "d1"
type anl
button 1:8
ephone 6
device-security-mode none
video
mac-address 0024.C40C.C2DC
ephone-template 16
username "name" password nqz82887
type 7962 addon 1 7915-12
button 1:13 2m10 3m11 4m12
button 5m16 6m15 7m14 8m17
button 9m18 10m19 12m21 13m22
button 14m23 15m24 16m25 17m26
button 18m27
ephone 7
device-security-mode none
video
mac-address 0021.1BFC.A81C
ephone-template 16
max-calls-per-button 2
username "meetingroom" password 12345
paging-dn 1
type 524G
button 1:27
ephone 8
device-security-mode none
video
mac-address 0021.1BFC.A801
ephone-template 16
max-calls-per-button 2
username "workshopone" password 12345
paging-dn 1
type 524G
button 1:24
ephone 9
device-security-mode none
video
mac-address 0021.1BFC.A81D
ephone-template 16
max-calls-per-button 2
username "name" password 12345
paging-dn 1
type 524G
button 1:22
ephone 10
device-security-mode none
video
mac-address 0021.1BFC.A822
ephone-template 16
max-calls-per-button 2
username "lunchroom" password 12345
paging-dn 1
type 524G
button 1:26
ephone 11
device-security-mode none
video
mac-address 0021.1BFC.ACA6
ephone-template 16
max-calls-per-button 2
username "name" password 12345
type 524G
button 1:15
ephone 12
device-security-mode none
video
mac-address 0021.1BFC.A800
max-calls-per-button 2
username "name" password lpw29837
type 524G
button 1:23
ephone 13
device-security-mode none
video
mac-address 0021.1BFC.A9B6
max-calls-per-button 2
type 524G
button 1:11
ephone 14
device-security-mode none
video
mac-address 0021.1BFC.A820
ephone-template 16
max-calls-per-button 2
username "name" password 12345
paging-dn 1
type 524G
button 1:17
ephone 15
device-security-mode none
video
mac-address 0021.1BFC.A824
ephone-template 16
max-calls-per-button 2
username "name" password 12345
paging-dn 1
type 524G
button 1:19
ephone 16
device-security-mode none
video
mac-address 0021.1BFC.ACA3
ephone-template 16
max-calls-per-button 2
username "workshoptwo" password 12345
paging-dn 1
type 524G
button 1:25
ephone 17
device-security-mode none
video
mac-address 0024.C40D.34A0
ephone-template 16
username "name" password 12345
type 7962 addon 1 7915-12
button 1:12 2m10 3m11 4m13
button 5m16 6m15 7m14 8m17
button 9m18 10m19 12m21 13m22
button 14m23 15m24 16m25 17m26
button 18m27
ephone 18
device-security-mode none
video
mac-address 0026.0B5D.68B7
username "name" password xiz65240
type 7962
button 1:2 2m10 3m12 4m13
button 5m22 6m24
ephone 19
device-security-mode none
video
mac-address 0026.0B5C.F949
ephone-template 16
username "name" password dqq75357
type 7962
button 1:10 2m11 3m12 4m13
button 5m23 6m24
ephone 20
device-security-mode none
mac-address 52CE.B390.0000
max-calls-per-button 2
type anl
ephone 21
device-security-mode none
video
mac-address 0021.1BFC.A803
ephone-template 16
max-calls-per-button 2
username "name"
paging-dn 1
type 524G
button 1:14 2m11 3m12 4m13
ephone 22
device-security-mode none
video
mac-address 0021.1BFC.A806
ephone-template 16
max-calls-per-button 2
username "name" password 12345
type 524G
button 1:18
ephone 23
device-security-mode none
video
mac-address 0021.1BFC.ACA7
ephone-template 16
max-calls-per-button 2
username "name" password mbj62871
type 524G
button 1:16
ephone 24
device-security-mode none
mac-address 52CE.B390.0001
max-calls-per-button 2
type anl
ephone 25
device-security-mode none
mac-address 52CE.B390.0002
max-calls-per-button 2
type anl
ephone 26
device-security-mode none
mac-address 52CE.B390.0003
max-calls-per-button 2
type anl
ephone-hunt 1 sequential
pilot 501
list 203, 204, 205
final 511
timeout 8, 8, 8
no-reg pilot
statistics collect
banner login Cisco Configuration Assistant. Version: 2.1. Wed Oct 28 17:59:52 EST 2009
alias exec cca_voice_mode PBX
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 5 100
enddebug ccsip messages would not give me anything, so i did debug ccsip all instead, when voice
mail is dialed I get the below debug messages.
000235: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIAddContextToTable: Added context(0x8687FF80) with key=[2] to table
000236: //6/000000000000/SIP/State/sipSPIChangeState: 0x8687FF80 : State change from (STATE_NONE, SUBSTATE_NONE) to (STATE_IDLE, SUBSTATE_NONE)
000237: //6/000000000000/SIP/Info/ccsip_call_setup_request: Before processing SETUP REQccb->pld.flags_ipip = 200
000238: //6/000000000000/SIP/Info/ccsip_call_setup_request: This is a TDM-IP call: callID= 6, peer_callID = 5
000239: //6/000000000000/SIP/Info/ccsip_call_setup_request: This is a TDM-IP call: callID= 6, peer_callID = 5
000240: //6/000000000000/SIP/Info/ccsip_call_setup_request: After processing SETUP REQccb->pld.flags_ipip = 200
000241: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetOutboundHostAndDestHostPrivate: CCSIP: target_host : 10.1.10.1 target_port : 5060
000242: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIGetOutboundHostAndDestHostPrivate: CCSIP: outbound_host : 10.1.10.1 outbound_port : 5060
000243: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_SETUP
000244: //6/2022F86C800C/SIP/Info/ccsip_call_setup_request: Incrementing call counter in dial-peer [2000]
000245: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 3 for event 2
000246: //6/2022F86C800C/SIP/Info/sipSPIUaddccCallIdToTable: Adding call id 6 to table
000247: //6/2022F86C800C/SIP/Info/sipSPIGetCallConfig: preferred_codec set[0] type :No Codec bytes: 0
000248: //6/2022F86C800C/SIP/Info/sipSPIGetCallConfig: Media forking disabled
000249: //6/2022F86C800C/SIP/Info/sipSPICanSetFallbackFlag: Local Fallback is not active
000250: //6/2022F86C800C/SIP/Info/sipSPIGetCallConfig: Not using Voice Class Codec
000251: //6/2022F86C800C/SIP/Info/sipSPIGetCallConfig: Checking Video Type Rate=-1 video_codec_allowed=1F
000252: //6/2022F86C800C/SIP/Media/sipSPICopyPeerDataToCCB: Firewall traversal is not enabled
000253: //6/2022F86C800C/SIP/Info/sipSPIGetCallConfig: xcoder high-density disabled
000254: //6/2022F86C800C/SIP/Info/sipSPIGetCallConfig: Flow Mode set to FLOW_THROUGH
000255: //6/2022F86C800C/SIP/Info/sipSPIGetCallConfig: Media forking disabled
000256: //6/2022F86C800C/SIP/Info/preprocessSetup:
This is a not a SIGO Call -, could be DM call
000257: //6/2022F86C800C/SIP/Media/sipSPISetMediaSrcAddr: Media src addr for stream 1 = 10.1.10.2
000258: //-1/xxxxxxxxxxxx/SIP/Media/sipSPIReserveRtpPort: reserved port 17510 for stream 1
000259: //-1/xxxxxxxxxxxx/SIP/Info/convert_codec_bytes_to_ptime: Values :Codec: g711ulaw codecbytes :160, ptime: 20
000260: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISetMediaDirectionForStream: Setting Media direction SENDRECV for stream 1
000261: //6/2022F86C800C/SIP/Info/sip_generate_sdp_xcaps_list: Modem Relay and T38 disabled. X-cap not needed
000262: //6/2022F86C800C/SIP/Info/sipSPIOutgoingCallSDP: Creating recv-only stream for outbound call
000263: //6/2022F86C800C/SIP/Media/sipSPIProcessRtpSessions: sipSPIProcessRtpSessions
000264: //6/2022F86C800C/SIP/Media/sipSPIProcessRtpSessions: No active streams.
000265: //6/2022F86C800C/SIP/Info/sip_gw_pre_setup_add_sdp_container: SDP container added
000266: //6/2022F86C800C/SIP/Info/sipSPIValidateGtd: Signal Forward disabled
000267: //6/2022F86C800C/SIP/Info/sipSPIValidateTunnelData: RawMsg/QSIG Tunneling Not Enabled
000268: //6/2022F86C800C/SIP/Info/sipSPIAddMLPPServicesInfo: No MLP Info available on incoming leg
000269: //6/2022F86C800C/SIP/Info/sipSPIPreprocessUriFormat: Url cfg for 1: 2,phone-ctxt=FALSE
000270: //6/2022F86C800C/SIP/Info/sipSPIShrlGetInstanceInfo: Obtained the call instance 0 for non-shared-line '101' with callid: 6
000271: //6/2022F86C800C/SIP/Info/sipSPIAddCiscoGcid: Gcid value not set - not adding header.
000272: //6/2022F86C800C/SIP/Info/sipSPIAddPrivacyandIdentityInfo: Removing "id" value from Privacy
000273: //6/2022F86C800C/SIP/Error/sipSPI_ipip_set_history_info_header: Not SIP2SIP mode
000274: //6/2022F86C800C/SIP/Info/act_idle_call_setup: Cannot process Outgoing SIP calls
SIP Service has been shutdown
000275: //6/2022F86C800C/SIP/Info/ccsip_set_cc_cause_for_spi_err: Categorized cause:38, category:187
000276: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_set_release_source_for_peer: ownCallId[6], src[6]
000277: //6/2022F86C800C/SIP/Info/sipSPIInitiateDisconnect: Gateway shutdown:Initiate call disconnect(38)
000278: //6/2022F86C800C/SIP/Info/sipSPIInitiateDisconnect: Initiate call disconnect(38) for outgoing call
000279: //-1/xxxxxxxxxxxx/SIP/Error/sipSPIGetContentQSIG: No Inbound Container Created !!!
000280: //-1/xxxxxxxxxxxx/SIP/Error/sipSPIGetContentQ931: No Inbound Container Created !!!
000281: //6/2022F86C800C/SIP/State/sipSPIChangeState: 0x8687FF80 : State change from (STATE_IDLE, SUBSTATE_NONE) to (STATE_DISCONNECTING, SUBSTATE_NONE)
000282: //6/2022F86C800C/SIP/Info/ccsip_call_statistics: Stats are not supported for IPIP call.
000283: //-1/xxxxxxxxxxxx/SIP/Event/sipSPIEventInfo: Queued event from SIP SPI : SIPSPI_EV_CC_CALL_DISCONNECT
000284: //-1/xxxxxxxxxxxx/SIP/Info/ccsip_process_sipspi_queue_event: ccsip_spi_get_msg_type returned: 3 for event 7
000285: //6/2022F86C800C/SIP/Info/sipSPIIcpifUpdate: CallState: 2 Playout: 0 DiscTime:25967 ConnTime 0
000286: //6/2022F86C800C/SIP/State/sipSPIChangeState: 0x8687FF80 : State change from (STATE_DISCONNECTING, SUBSTATE_NONE) to (STATE_DEAD, SUBSTATE_NONE)
000287: //6/2022F86C800C/SIP/Call/sipSPICallInfo:
The Call Setup Information is:
Call Control Block (CCB) : 0x8687FF80
State of The Call : STATE_DEAD
TCP Sockets Used : YES
Calling Number : 203
Called Number : 101
Source IP Address (Sig ): 10.1.10.2
Destn SIP Req Addr:Port :
Destn SIP Resp Addr:Port :
Destination Name :
000288: //6/2022F86C800C/SIP/Call/sipSPIMediaCallInfo:
Number of Media Streams: 1
Media Stream : 1
Negotiated Codec : No Codec
Negotiated Codec Bytes : 0
Nego. Codec payload : 255 (tx), 255 (rx)
Negotiated Dtmf-relay : 0
Dtmf-relay Payload : 0 (tx), 0 (rx)
Source IP Address (Media): 10.1.10.2
Source IP Port (Media): 17510
Destn IP Address (Media): -
Destn IP Port (Media): 0
Orig Destn IP Address:Port (Media): [ - ]:0
000289: //6/2022F86C800C/SIP/Call/sipSPICallInfo:
Disconnect Cause (CC) : 38
Disconnect Cause (SIP) : 200
000290: //6/2022F86C800C/SIP/Info/sipSPIUdeleteccCallIdFromTable: Removing call id 6
000291: //-1/xxxxxxxxxxxx/SIP/Info/sipSPIDeleteContextFromTable: Context for key=[2] removed.
000292: //6/2022F86C800C/SIP/Info/sipSPIFlushEventBufferQueue: There are 0 events on the internal queue that are going to be free'd
000293: //6/2022F86C800C/SIP/Info/ccsip_qos_cleanup: Entry
000294: //-1/xxxxxxxxxxxx/SIP/Info/sipSPISipSdpFree:
000295: //6/2022F86C800C/SIP/Info/sipSPI_ipip_free_codec_profile: Codec Profiles Freed
000296: //6/2022F86C800C/SIP/Info/sipSPIUfreeOneCCB: Freeing ccb 8687FF80
000297: //-1/xxxxxxxxxxxx/SIP/Info/ -
Site-to-site VPN failover via 3G HWIC
Small problem. Branch utilizes a 2811 router connected via MPLS to core via serial interface. If serial ip sla reachability fails, fire up the cell interface, dial out and connect to the internet. Establish ipsec tunnel to a peer ASA and pass local LAN traffic over the tunnel. Problem is the tunnel does come up and I am 'briefly' able to communicate across the tunnel but then *poof*. No more communication. Tried multiple ideas and thoughts (different encypt, authentication etc). I am thinking that per my config, the IPSEC session is trying to establish before the dialer session is fully up, thus potentially causing problems with the authentication to the peer. Any help would be appreciated. Here is the debug of isakmp, ipsec, dialer and ppp when I manually kill the serial interface:
14th_Street(config)#int s0/1/0:0
14th_Street(config-if)#shut
14th_Street(config-if)#
*Nov 25 17:44:55.011 UTC: %BGP-5-ADJCHANGE: neighbor xxx.xxx.xxx.xxx Down Interface flap
*Nov 25 17:44:55.911 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:55.911 UTC: Ce0/0/0 DDR: place call
*Nov 25 17:44:55.911 UTC: Ce0/0/0 DDR: Dialing cause ip (s=xxx.xxx.xxx.xxx, d=xxx.xxx.xxx.xxx)
*Nov 25 17:44:55.911 UTC: Ce0/0/0 DDR: Attempting to dial cdma
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Attempting async line dialer script
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Dialing using Modem script: cdma & System script: none
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: process started
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Asserting DTR
*Nov 25 17:44:55.911 UTC: CHAT0/0/0: Chat script cdma started
*Nov 25 17:44:55.915 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:56.999 UTC: %LINK-5-CHANGED: Interface Serial0/1/0:0, changed state to administratively down
*Nov 25 17:44:56.999 UTC: Se0/1/0:0 PPP: Sending Acct Event[Down] id[1]
*Nov 25 17:44:56.999 UTC: Se0/1/0:0 CDPCP: State is Closed
*Nov 25 17:44:56.999 UTC: Se0/1/0:0 IPCP: State is Closed
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 PPP: Phase is TERMINATING
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 LCP: State is Closed
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 PPP: Phase is DOWN
*Nov 25 17:44:57.003 UTC: Se0/1/0:0 IPCP: Remove route to xxx.xxx.xxx.xxx
*Nov 25 17:44:57.007 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:57.099 UTC: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down
*Nov 25 17:44:57.811 UTC: CHAT0/0/0: Chat script cdma finished, status = Success
*Nov 25 17:44:58.031 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1/0:0, changed state to down
*Nov 25 17:44:58.031 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:58.035 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:44:58.911 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:45:00.027 UTC: %LINK-3-UPDOWN: Interface Cellular0/0/0, changed state to up
*Nov 25 17:45:00.027 UTC: Ce0/0/0 DDR: Dialer statechange to up
*Nov 25 17:45:00.027 UTC: Ce0/0/0 DDR: Dialer call has been placed
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Using dialer call direction
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Treating connection as a callout
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Session handle[FD000001] Session id[2]
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Phase is ESTABLISHING, Active Open
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: Authorization NOT required
*Nov 25 17:45:00.031 UTC: Ce0/0/0 PPP: No remote authentication for call-out
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: O CONFREQ [Closed] id 1 len 20
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: MagicNumber 0x13255539 (0x050613255539)
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.031 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.031 UTC: IPSEC(sa_initiate): Kicking the dialer interface
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: I CONFREQ [REQsent] id 0 len 24
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MRU 1500 (0x010405DC)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACCM 0x00000000 (0x020600000000)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MagicNumber 0xCD87E220 (0x0506CD87E220)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: O CONFACK [REQsent] id 0 len 24
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MRU 1500 (0x010405DC)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACCM 0x00000000 (0x020600000000)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MagicNumber 0xCD87E220 (0x0506CD87E220)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: I CONFACK [ACKsent] id 1 len 20
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACCM 0x000A0000 (0x0206000A0000)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: MagicNumber 0x13255539 (0x050613255539)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: PFC (0x0702)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: ACFC (0x0802)
*Nov 25 17:45:00.035 UTC: Ce0/0/0 LCP: State is Open
*Nov 25 17:45:00.035 UTC: Ce0/0/0 PPP: Phase is FORWARDING, Attempting Forward
*Nov 25 17:45:00.035 UTC: Ce0/0/0 PPP: Phase is ESTABLISHING, Finish LCP
*Nov 25 17:45:00.039 UTC: Ce0/0/0 PPP: Phase is UP
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: O CONFREQ [Closed] id 1 len 22
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: Address 0.0.0.0 (0x030600000000)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: PrimaryDNS 0.0.0.0 (0x810600000000)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: SecondaryDNS 0.0.0.0 (0x830600000000)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 PPP: Process pending ncp packets
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: I CONFREQ [REQsent] id 0 len 10
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x030642AEA8C0)
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: O CONFACK [REQsent] id 0 len 10
*Nov 25 17:45:00.039 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x030642AEA8C0)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 1 len 22
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 2 len 22
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 2 len 4
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 3 len 22
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.043 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: I CONFNAK [ACKsent] id 3 len 4
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: O CONFREQ [ACKsent] id 4 len 22
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.047 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: I CONFACK [ACKsent] id 4 len 22
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: Address xxx.xxx.xxx.xxx (0x0306A69F5EA9)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: PrimaryDNS xxx.xxx.xxx.xxx (0x810642AE4721)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: SecondaryDNS xxx.xxx.xxx.xxx (0x8306454E600E)
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: State is Open
*Nov 25 17:45:00.051 UTC: Ce0/0/0 IPCP: Install negotiated IP interface address xxx.xxx.xxx.xxx
*Nov 25 17:45:00.059 UTC: IPSEC(recalculate_mtu): reset sadb_root 4975A1A8 mtu to 1500
*Nov 25 17:45:00.063 UTC: Ce0/0/0 IPCP: Install route to xxx.xxx.xxx.xxx
*Nov 25 17:45:00.063 UTC: Ce0/0/0 DDR: dialer protocol up
*Nov 25 17:45:00.067 UTC: Ce0/0/0 IPCP: Add link info for cef entry xxx.xxx.xxx.xxx
*Nov 25 17:45:01.027 UTC: %LINEPROTO-5-UPDOWN: Line protocol on Interface Cellular0/0/0, changed state to up
*Nov 25 17:45:29.763 UTC: DDR: IP Address is (xxx.xxx.xxx.xxx) for (Ce0/0/0)
*Nov 25 17:45:29.763 UTC: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= xxx.xxx.xxx.xxx, remote= xxx.xxx.xxx.xxx,
local_proxy= 192.168.221.0/255.255.255.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= esp-3des esp-sha-hmac (Tunnel),
lifedur= 86400s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Nov 25 17:45:29.767 UTC: ISAKMP:(0): SA request profile is (NULL)
*Nov 25 17:45:29.767 UTC: ISAKMP: Created a peer struct for xxx.xxx.xxx.xxx, peer port 500
*Nov 25 17:45:29.767 UTC: ISAKMP: New peer created peer = 0x47AC3A08 peer_handle = 0x80000002
*Nov 25 17:45:29.767 UTC: ISAKMP: Locking peer struct 0x47AC3A08, refcount 1 for isakmp_initiator
*Nov 25 17:45:29.767 UTC: ISAKMP: local port 500, remote port 500
*Nov 25 17:45:29.767 UTC: ISAKMP: set new node 0 to QM_IDLE
*Nov 25 17:45:29.771 UTC: insert sa successfully sa = 4B6322B8
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xxx
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-07 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-03 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): constructed NAT-T vendor-02 ID
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): beginning Main Mode exchange
*Nov 25 17:45:29.771 UTC: ISAKMP:(0): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_NO_STATE
*Nov 25 17:45:29.771 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Nov 25 17:45:29.927 UTC: ISAKMP (0:0): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_NO_STATE
*Nov 25 17:45:29.927 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): processing SA payload. message ID = 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): processing vendor id payload
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): processing IKE frag vendor id payload
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Support for IKE Fragmentation not enabled
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xxx
*Nov 25 17:45:29.931 UTC: ISAKMP:(0): local preshared key found
*Nov 25 17:45:29.931 UTC: ISAKMP : Scanning profiles for xauth ...
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
*Nov 25 17:45:29.931 UTC: ISAKMP: encryption 3DES-CBC
*Nov 25 17:45:29.931 UTC: ISAKMP: hash SHA
*Nov 25 17:45:29.931 UTC: ISAKMP: default group 2
*Nov 25 17:45:29.931 UTC: ISAKMP: auth pre-share
*Nov 25 17:45:29.931 UTC: ISAKMP: life type in seconds
*Nov 25 17:45:29.931 UTC: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):atts are acceptable. Next payload is 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Acceptable atts:actual life: 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Acceptable atts:life: 0
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Fill atts in sa vpi_length:4
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
*Nov 25 17:45:29.931 UTC: ISAKMP:(0):Returning Actual lifetime: 86400
*Nov 25 17:45:29.931 UTC: ISAKMP:(0)::Started lifetime timer: 86400.
*Nov 25 17:45:29.971 UTC: ISAKMP:(0): processing vendor id payload
*Nov 25 17:45:29.971 UTC: ISAKMP:(0): processing IKE frag vendor id payload
*Nov 25 17:45:29.971 UTC: ISAKMP:(0):Support for IKE Fragmentation not enabled
*Nov 25 17:45:29.971 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Nov 25 17:45:29.971 UTC: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
*Nov 25 17:45:29.971 UTC: ISAKMP:(0): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_SA_SETUP
*Nov 25 17:45:29.975 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Nov 25 17:45:29.975 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Nov 25 17:45:29.975 UTC: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
*Nov 25 17:45:30.171 UTC: ISAKMP (0:0): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_SA_SETUP
*Nov 25 17:45:30.171 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Nov 25 17:45:30.171 UTC: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
*Nov 25 17:45:30.171 UTC: ISAKMP:(0): processing KE payload. message ID = 0
*Nov 25 17:45:30.219 UTC: ISAKMP:(0): processing NONCE payload. message ID = 0
*Nov 25 17:45:30.219 UTC: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xxx
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): vendor ID is Unity
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): vendor ID seems Unity/DPD but major 71 mismatch
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): vendor ID is XAUTH
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): speaking to another IOS box!
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):vendor ID seems Unity/DPD but hash mismatch
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Old State = IKE_I_MM4 New State = IKE_I_MM4
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Send initial contact
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Nov 25 17:45:30.223 UTC: ISAKMP (0:1001): ID payload
next-payload : 8
type : 1
address : xxx.xxx.xxx.xxx
protocol : 17
port : 500
length : 12
*Nov 25 17:45:30.223 UTC: ISAKMP:(1001):Total payload length: 12
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) MM_KEY_EXCH
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Nov 25 17:45:30.227 UTC: ISAKMP:(1001):Old State = IKE_I_MM4 New State = IKE_I_MM5
*Nov 25 17:45:30.495 UTC: ISAKMP (0:1001): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) MM_KEY_EXCH
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): processing ID payload. message ID = 0
*Nov 25 17:45:30.495 UTC: ISAKMP (0:1001): ID payload
next-payload : 8
type : 1
address : xxx.xxx.xxx.xxx
protocol : 17
port : 500
length : 12
*Nov 25 17:45:30.495 UTC: ISAKMP:(0):: peer matches *none* of the profiles
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): processing HASH payload. message ID = 0
*Nov 25 17:45:30.495 UTC: ISAKMP:received payload type 17
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): processing vendor id payload
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001): vendor ID is DPD
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001):SA authentication status:
authenticated
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001):SA has been authenticated with xxx.xxx.xxx.xxx
*Nov 25 17:45:30.495 UTC: ISAKMP: Trying to insert a peer xxx.xxx.xxx.xxx/xxx.xxx.xxx.xxx/500/, and inserted successfully 47AC3A08.
*Nov 25 17:45:30.495 UTC: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Old State = IKE_I_MM5 New State = IKE_I_MM6
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Old State = IKE_I_MM6 New State = IKE_I_MM6
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):Old State = IKE_I_MM6 New State = IKE_P1_COMPLETE
*Nov 25 17:45:30.499 UTC: ISAKMP:(1001):beginning Quick Mode exchange, M-ID of 458622291
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):QM Initiator gets spi
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Node 458622291, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Input = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
*Nov 25 17:45:30.503 UTC: ISAKMP:(1001):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Nov 25 17:45:30.715 UTC: ISAKMP (0:1001): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing HASH payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing SA payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001):Checking IPSec proposal 1
*Nov 25 17:45:30.715 UTC: ISAKMP: transform 1, ESP_3DES
*Nov 25 17:45:30.715 UTC: ISAKMP: attributes in transform:
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life type in seconds
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life duration (VPI) of 0x0 0x1 0x51 0x80
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life type in kilobytes
*Nov 25 17:45:30.715 UTC: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
*Nov 25 17:45:30.715 UTC: ISAKMP: encaps is 1 (Tunnel)
*Nov 25 17:45:30.715 UTC: ISAKMP: authenticator is HMAC-SHA
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001):atts are acceptable.
*Nov 25 17:45:30.715 UTC: IPSEC(validate_proposal_request): proposal part #1
*Nov 25 17:45:30.715 UTC: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= xxx.xxx.xxx.xxx, remote= xxx.xxx.xxx.xxx,
local_proxy= 192.168.221.0/255.255.255.0/0/0 (type=4),
remote_proxy= 0.0.0.0/0.0.0.0/0/0 (type=4),
protocol= ESP, transform= NONE (Tunnel),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x0
*Nov 25 17:45:30.715 UTC: Crypto mapdb : proxy_match
src addr : 192.168.221.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing NONCE payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing ID payload. message ID = 458622291
*Nov 25 17:45:30.715 UTC: ISAKMP:(1001): processing ID payload. message ID = 458622291
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): processing NOTIFY RESPONDER_LIFETIME protocol 3
spi 399189113, message ID = 458622291, sa = 4B6322B8
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001):SA authentication status:
authenticated
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): processing responder lifetime
*Nov 25 17:45:30.719 UTC: ISAKMP (1001): responder lifetime of 28800s
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): Creating IPSec SAs
*Nov 25 17:45:30.719 UTC: inbound SA from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (f/i) 0/ 0
(proxy 0.0.0.0 to 192.168.221.0)
*Nov 25 17:45:30.719 UTC: has spi 0x498026E2 and conn_id 0
*Nov 25 17:45:30.719 UTC: lifetime of 28790 seconds
*Nov 25 17:45:30.719 UTC: lifetime of 4608000 kilobytes
*Nov 25 17:45:30.719 UTC: outbound SA from xxx.xxx.xxx.xxx to xxx.xxx.xxx.xxx (f/i) 0/0
(proxy 192.168.221.0 to 0.0.0.0)
*Nov 25 17:45:30.719 UTC: has spi 0x17CB2479 and conn_id 0
*Nov 25 17:45:30.719 UTC: lifetime of 28790 seconds
*Nov 25 17:45:30.719 UTC: lifetime of 4608000 kilobytes
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Nov 25 17:45:30.719 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:30.723 UTC: ISAKMP:(1001):deleting node 458622291 error FALSE reason "No Error"
*Nov 25 17:45:30.723 UTC: ISAKMP:(1001):Node 458622291, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Nov 25 17:45:30.723 UTC: ISAKMP:(1001):Old State = IKE_QM_I_QM1 New State = IKE_QM_PHASE2_COMPLETE
*Nov 25 17:45:30.723 UTC: IPSEC(key_engine): got a queue event with 1 KMI message(s)
*Nov 25 17:45:30.723 UTC: Crypto mapdb : proxy_match
src addr : 192.168.221.0
dst addr : 0.0.0.0
protocol : 0
src port : 0
dst port : 0
*Nov 25 17:45:30.723 UTC: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer xxx.xxx.xxx.xxx
*Nov 25 17:45:30.723 UTC: IPSEC(policy_db_add_ident): src 192.168.221.0, dest 0.0.0.0, dest_port 0
*Nov 25 17:45:30.723 UTC: IPSEC(create_sa): sa created,
(sa) sa_dest= xxx.xxx.xxx.xxx, sa_proto= 50,
sa_spi= 0x498026E2(1233135330),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2001
*Nov 25 17:45:30.723 UTC: IPSEC(create_sa): sa created,
(sa) sa_dest= xxx.xxx.xxx.xxx, sa_proto= 50,
sa_spi= 0x17CB2479(399189113),
sa_trans= esp-3des esp-sha-hmac , sa_conn_id= 2002
*Nov 25 17:45:30.723 UTC: IPSEC(update_current_outbound_sa): updated peer xxx.xxx.xxx.xxx current outbound sa to SPI 17CB2479
*Nov 25 17:45:46.935 UTC: ISAKMP (0:1001): received packet from xxx.xxx.xxx.xxx dport 500 sport 500 Global (I) QM_IDLE
*Nov 25 17:45:46.935 UTC: ISAKMP: set new node -1909459720 to QM_IDLE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): processing HASH payload. message ID = -1909459720
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): processing NOTIFY DPD/R_U_THERE protocol 1
spi 0, message ID = -1909459720, sa = 4B6322B8
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):deleting node -1909459720 error FALSE reason "Informational (in) state 1"
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):DPD/R_U_THERE received from peer xxx.xxx.xxx.xxx, sequence 0x7BDFE4C6
*Nov 25 17:45:46.939 UTC: ISAKMP: set new node -777989143 to QM_IDLE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
spi 1224841120, message ID = -777989143
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): seq. no 0x7BDFE4C6
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001): sending packet to xxx.xxx.xxx.xxx my_port 500 peer_port 500 (I) QM_IDLE
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):Sending an IKE IPv4 Packet.
*Nov 25 17:45:46.939 UTC: ISAKMP:(1001):purging node -777989143
*Nov 25 17:45:46.943 UTC: ISAKMP:(1001):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
*Nov 25 17:45:46.943 UTC: ISAKMP:(1001):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
And here is the config:
Building configuration...
Current configuration : 10137 bytes
version 12.4
service pad to-xot
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec show-timezone
service timestamps log datetime msec show-timezone
service password-encryption
hostname Test
boot-start-marker
boot-end-marker
card type t1 0 1
logging message-counter syslog
logging buffered 4096
aaa new-model
aaa authentication login default local
aaa authentication ppp network local-case
aaa authorization console
aaa authorization exec default local
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
network-clock-participate wic 1
network-clock-select 1 T1 0/1/0
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.121.1 192.168.121.99
ip dhcp excluded-address 192.168.121.200 192.168.121.254
ip dhcp excluded-address 192.168.221.1 192.168.221.99
ip dhcp excluded-address 192.168.221.200 192.168.221.254
ip dhcp pool Voice
network 192.168.121.0 255.255.255.0
option 150 ip 10.101.90.6
default-router 192.168.121.254
ip dhcp pool Data
network 192.168.221.0 255.255.255.0
default-router 192.168.221.254
dns-server 10.1.90.189 10.5.100.30
no ip bootp server
no ip domain lookup
ip domain name xxxxxx
ip multicast-routing
no ipv6 cef
multilink bundle-name authenticated
chat-script cdma "" "ATDT#777" TIMEOUT 60 "CONNECT"
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip moved-temporarily
fax protocol pass-through g711ulaw
no fax-relay sg3-to-g3
h323
modem passthrough nse codec g711ulaw
sip
header-passing error-passthru
outbound-proxy ipv4:xxx.xxx.xxx.xxx
early-offer forced
midcall-signaling passthru
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g729r8
voice class h323 1
h225 timeout tcp establish 3
voice translation-rule 1
rule 1 // // type any international
voice translation-rule 3
rule 1 /^8/ //
voice translation-profile International
translate called 1
voice translation-profile OutboundRedirecting
translate called 3
voice-card 0
no dspfarm
dsp services dspfarm
username xx
archive
log config
hidekeys
crypto isakmp policy 1
encr 3des
authentication pre-share
crypto isakmp key xxxxxxxxx address xxx.xxx.xxx.xxx
crypto ipsec transform-set CellFOSet esp-3des esp-sha-hmac
crypto map CellFOMap 1 ipsec-isakmp
set peer xxx.xxx.xxx.xxx
set security-association lifetime seconds 190
set transform-set CellFOSet
match address 100
controller T1 0/1/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
ip tftp source-interface FastEthernet0/0.1
track 1 ip sla 1 reachability
class-map match-all VOICE
match ip dscp ef
class-map match-any VOICE-CTRL
match ip dscp af31
match ip dscp cs3
policy-map WAN-EDGE
class VOICE
priority 384
set ip dscp ef
class VOICE-CTRL
set ip dscp af21
bandwidth 32
class class-default
fair-queue
set ip dscp default
interface Loopback0
ip address 192.168.222.21 255.255.255.255
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.222.21
interface FastEthernet0/0
description Physical Interface for Data VLAN 10 and Voice VLAN 20
no ip address
ip flow ingress
ip pim sparse-dense-mode
no ip route-cache cef
duplex auto
speed auto
interface FastEthernet0/0.1
description Interface to Data VLAN 10
encapsulation dot1Q 10
ip address 192.168.221.254 255.255.255.0
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip pim sparse-dense-mode
ip virtual-reassembly
no cdp enable
interface FastEthernet0/0.2
description Interface to Voice VLAN 20
encapsulation dot1Q 20
ip address 192.168.121.254 255.255.255.0
no ip redirects
no ip unreachables
ip flow ingress
ip flow egress
ip pim sparse-dense-mode
no cdp enable
interface FastEthernet0/1
description Unused port
no ip address
shutdown
duplex auto
speed auto
no cdp enable
interface Cellular0/0/0
ip address negotiated
ip virtual-reassembly
encapsulation ppp
dialer in-band
dialer string cdma
dialer-group 1
async mode interactive
ppp chap hostname [email protected]
ppp chap password 7 xxxxxxxxxxxxxxxx
ppp ipcp dns request
crypto map CellFOMap
interface Serial0/1/0:0
ip address xxx.xxx.xxx.xxx 255.255.255.252
ip flow ingress
ip flow egress
encapsulation ppp
service-policy output WAN-EDGE
router bgp 65000
no synchronization
bgp log-neighbor-changes
bgp suppress-inactive
network xxx.xxx.xxx.xxx mask 255.255.255.252
network 192.168.121.0
network 192.168.221.0
network 192.168.222.21 mask 255.255.255.255
neighbor xxx.xxx.xxx.xxx remote-as 15270
default-information originate
no auto-summary
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/1/0:0 track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 20
no ip http server
no ip http secure-server
ip flow-export source FastEthernet0/0.1
ip flow-export version 5
ip flow-export destination 10.1.90.25 2055
ip nat inside source list 100 interface Cellular0/0/0 overload
ip access-list standard MON_SNMP_RO
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
permit xxx.xxx.xxx.xxx
ip radius source-interface FastEthernet0/0.1
ip sla 1
icmp-echo xxx.xxx.xxx.xxx
timeout 1000
threshold 2
frequency 3
ip sla schedule 1 life forever start-time now
logging trap notifications
logging 10.1.90.167
access-list 100 remark = FO to C0/0/0 for Branch =
access-list 100 permit ip 192.168.221.0 0.0.0.255 any
access-list 100 permit ip any any
access-list 100 deny eigrp any any
access-list 100 deny igmp any any
dialer-list 1 protocol ip list 100
snmp-server community xxx RO
snmp-server enable traps tty
<---------- Truncated to remove VoIP Rules -------------->
banner motd ^C
This is a proprietary system.
^C
line con 0
line aux 0
line 0/0/0
script dialer cdma
modem InOut
no exec
rxspeed 3100000
txspeed 1800000
line vty 0 4
transport input telnet
line vty 5 15
transport input telnet
scheduler allocate 20000 1000
ntp server 10.1.99.5
endHi,
Here is configurations from my Lab ASA5520 with Dual ISP
interface GigabitEthernet0/0
description Primary ISP
nameif WAN-1
security-level 0
ip address 192.168.101.2 255.255.255.0
interface GigabitEthernet0/1
description Secondary ISP
nameif WAN-2
security-level 0
ip address 192.168.102.2 255.255.255.0
interface GigabitEthernet0/2
description LAN
nameif LAN
security-level 100
ip address 10.0.20.2 255.255.255.0
route WAN-1 0.0.0.0 0.0.0.0 192.168.101.1 1 track 200
route WAN-2 0.0.0.0 0.0.0.0 192.168.102.1 254
route LAN 10.0.0.0 255.255.255.0 10.0.20.1 1
access-list L2L-VPN-CRYPTOMAP remark Encryption Domain
access-list L2L-VPN-CRYPTOMAP extended permit ip 10.0.0.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list LAN-NAT0 extended permit ip 10.0.0.0 255.255.255.0 10.10.10.0 255.255.255.0
nat (LAN) 0 access-list LAN-NAT0
sla monitor 200
type echo protocol ipIcmpEcho 192.168.101.1 interface WAN-1
num-packets 3
timeout 1000
frequency 5
sla monitor schedule 200 life forever start-time now
track 200 rtr 200 reachability
crypto ipsec transform-set AES-256 esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map CRYPTOMAP 10 match address L2L-VPN-CRYPTOMAP
crypto map CRYPTOMAP 10 set peer 192.168.103.2
crypto map CRYPTOMAP 10 set transform-set AES-256
crypto map CRYPTOMAP interface WAN-1
crypto map CRYPTOMAP interface WAN-2
crypto isakmp enable WAN-1
crypto isakmp enable WAN-2
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
tunnel-group 192.168.103.2 type ipsec-l2l
tunnel-group 192.168.103.2 ipsec-attributes
pre-shared-key *****
Hope this helps
- Jouni
Maybe you are looking for
-
Interactive report conditional display of link column - apex 4
I create an interactive report select object_id, object_name, case when mod(rownum, 2) = 0 then 'block' else 'none' end display_link from user_objects where rownum <= 10in the Link Column for the report I
-
ME_PROCESSPO_CUST-GET_HEADER get items? get accounting?
I am using BADI IF_EX_ME_PROCESS_PO_CUST to perform custom processing for P.O.s. In one scenario the only method that gets broken into is "GET_HEADER". I have the code below activated so far. My lack of OO knowledge is handicapping me. Ihaven't seemd
-
Is there a way to access my gmail distribution group when sending an email? For example, my Family Group in Gmail contacts, has all the family email addresses and I would like to just type in "family" when sending an email and having all the email ad
-
How to implement Change pointers for Purchase order - ME22N - Custom Fields
Hi Experts, Can you please tell me how to implement - Change Pointer for Custom fields in IDOC. I am working on IDOC - For purchase order - acknowledgements - in custom screen/tab in ME22N. Everything is working fine according to my requirement. All
-
Is it possible to have the Server side be a GUI application? All of the examples I have seen are just command line applications. I tried creating a GUI in my Server class but it seems to never create the gui. Does anybody know what I am doing wrong?