Re: Help on Cisco UC 520 Configuration
Dear All,
I am new to UC 520 Call Manager Express and Cisco Unity Express. I would like help in solving the following problems encountered during the config of the latter:
1. Call Transfer
- When I transfer a call, I need to know if the other person to whom the call will be transferred is available or not,
- if possible i should be able to put the current person on hold and call the other person and see if he is available or not before doing the transfer
- if ever a call is being transferred and the other person is busy or unavailable, the call should be reverted back or forwarded to another number instead of going to voicemail.
2. Configuring phones for call conferencing.
Please note the following details:
Unity Express Version being used: 3.0
Thanks in advance
Hi
1. In order to get transfers working the way you like, ensure you create ephone-dns as 'dual-line' - this allows one call to be on hold whilst a 'transfer' call is made outbound. Also ensure transfer-system full-consult is configured under 'telephony-service' mode. Basically transfers then are two-step - whilst on a call, hit transfer then dial the target extension. If they answer, announce the caller and hit 'transfer' again, or hit 'end call' to go back to the original caller.
2. You can enable three-party conferences by setting 'max-conferences' under telephony-service. It works the same way as transfer; hit 'Confrn' to start whilst on a call, dial another phone, and then when they answer Confrn again to set up the conference.
Regards
Aaron
Please rate helpful posts..
Similar Messages
-
Help converting Cisco 871W Wireless configuration to Cisco 881W
I am in the process of trying to convert my Wireless setings over from our existing 871W to the new 881W routers. I have found some documentation http://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/ns855/white_paper_c11-492842.html but after reading it seems a) a bit confusing and b) doesn't cover how to handle multiple SSID's on different VLAN's.
My existing 871 configuration looks like this:
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache cef
no ip route-cache
encryption vlan 1 mode ciphers aes-ccm
encryption vlan 3 mode ciphers aes-ccm
broadcast-key vlan 1 change 3600
ssid <Home SSID>
ssid <Corporate SSID>
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
packet retries 32
station-role root
rts threshold 2312
rts retries 50
dot1x reauth-period 3600
no cdp enable
interface Dot11Radio0.1
description Corporate Data and Voice
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.2
description Untrusted Home
encapsulation dot1Q 3
no ip route-cache
no cdp enable
bridge-group 3
bridge-group 3 subscriber-loop-control
bridge-group 3 spanning-disabled
bridge-group 3 block-unknown-source
no bridge-group 3 source-learning
no bridge-group 3 unicast-flooding
interface BVI1
description Bridge Interface - Corporate Data
ip address x.x.x.x x.x.x.x
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security in-zone
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1260
service-policy input QOS_POL_REMARK_CORPORATE
interface BVI3
description Bridge Interface - Home
ip address 192.168.x.x 255.255.x.x
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
zone-member security home-zone
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1260
service-policy input QOS_POL_REMARK_HOME
Can anyone lend a hand on how my 881W configuration might look like? You can't create multiple bridge groups and route IP (you can only do that over bridge group 1). I need to make sure that I can have two logically separated wireless networks (one for corporate and one for home) and that they get the right IP addresses from their right VLAN's.
Any input would be greatly appreciated.
MattFound a solution:
dot11 ssid BLAH
no vlan 1
interface Dot11Radio0
encryption mode ciphers aes-ccm tkip
Boom!
ap#sh ip int brief dot0
Interface IP-Address OK? Method Status Protocol
Dot11Radio0 unassigned YES NVRAM up up -
Help Setting up a Cisco SA 520
I am trying to setup a Cisco SA 520 for VPN access to my network from outside locations. I am unsure what I need to do to set this up.
I currently have an Adtran 3430 Router with an External IP: 63.232.147.x. I have a 2003 Server which hands out DHCP addresses to workstations of 192.168.1.x. My external IP addresses are 207.109.23.x. There are some 207.109.23.x numbers being natted to some 192 numbers on the Adtran, that is about the only thing the Adtran is doing. We use the Adtran to connect to the internet as well. My ISP controls the Adtran, I cannot get to the config, so any changes need to be done by them.
The static IP address I'd like to use for this SA 520 is 65.117.45.x 255.255.255.248. I just got a block of IPs from my ISP, so I know I have the 65.117.45.x available to use.
I'm not sure what I should be using for a gateway IP address and DNS address under IPv4 WAN configuration page?
I'm also not sure where the SA 520 phycially goes? Right now, I have a cable coming out of the Adtran ETH 0/2 into the WAN port on SA 520. But when all is said and done, will the outside traffic hit the SA 520 first or the Adtran? I'm assuming I'll need to redo my NAT statements on the SA 520 instead of the Adtran?
If anyone can offer any advice, it would be greatly appreciated.Hi Todd,
Is it possible to disable the NAT on Adtran 3430 and
Let SA500 do the NAT.
thanks
Wei -
Port suspended on Cisco ESW-520-24P
Hi experts,
I appreciate if anyone can help me with this. I just bought 4 units of Cisco ESW-520 24Ports switches. I did some testing and found out for PORTS 1 and 12 is in "Suspended" mode and thus not able to use.
This not happened to 1 but all 4 switches. Why is this so ? Can anyone guide me to disable the ports from going into "suspended" mode automatically ? I wouldn't want the ports to be in "Suspension" mode when it goes live and thus block the desktops from having internet access.
Thanks!Ok, I think I found out what the priblem is. It seems that from factory, the ports come locked. You have to go to Security>Traffic Control>Port Security and unlock each port. Click the EDIT tab on the port you want to edit. Then un-check the ENABLE TRAP> (apply). Un-check LOCK INTERFACE> (apply). Change LEARNING MODE to CLASSIC LOCK> (apply). That should do it, but you'll have to do that for every port you want unlocked. I'm not to sure if there is a way to unlock then all at once.
Daniel -
Help with Cisco ASA 5500 and NAS drives
Hello:
I have 2 My Book World Edition II NAS drives. They both are configured to use a static IP address and both are on the same workgroup.
One of them is supposed to be replaced with a newer one that I just installed yesterday.
What I am trying to do is to transfer all the information from NAS1 to NAS2.
Both are connected to a Cisco VPN router.
I created a batch file that was basically several xcopy commands to copy all the information from NAS1 to NAS2.
As this process was going to take like 8 hours I ran the batch file yesterday at 4:00PM when everyone was logged off the NAS drives.
To my surprise this morning I found out that only a portion of the files were copied from the NAS1 to the NAS2.
After reading the system logs of the NAS1 drive I found a lot of errors.For example:
getpeername failed. Error was Transport endpoint is not connected
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
getpeername failed. Error was Transport endpoint is not connected
Someone suggested that the problem has to do with the network configuration.
The suggestion was to change from "auto-negotiate" to Full Duplex 100 on the Cisco VPN router configuration.
What do you think? Could this be the problem?
Thanks and help is greatly appreciated.Hello:
I have 2 My Book World Edition II NAS drives. They both are configured to use a static IP address and both are on the same workgroup.
One of them is supposed to be replaced with a newer one that I just installed yesterday.
What I am trying to do is to transfer all the information from NAS1 to NAS2.
Both are connected to a Cisco VPN router.
I created a batch file that was basically several xcopy commands to copy all the information from NAS1 to NAS2.
As this process was going to take like 8 hours I ran the batch file yesterday at 4:00PM when everyone was logged off the NAS drives.
To my surprise this morning I found out that only a portion of the files were copied from the NAS1 to the NAS2.
After reading the system logs of the NAS1 drive I found a lot of errors.For example:
getpeername failed. Error was Transport endpoint is not connected
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
Error writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 192.168.10.105. Error Connection reset by peer
writing 4 bytes to client. -1. (Connection reset by peer)
write_data: write failure in writing to client 0.0.0.0. Error Connection reset by peer
getpeername failed. Error was Transport endpoint is not connected
Someone suggested that the problem has to do with the network configuration.
The suggestion was to change from "auto-negotiate" to Full Duplex 100 on the Cisco VPN router configuration.
What do you think? Could this be the problem?
Thanks and help is greatly appreciated. -
Help on Oracle streams 11g configuration
Hi Streams experts
Can you please validate the following creation process steps ?
What is need to have streams doing is a one way replication of the AR
schema from a database to another database. Both DML and DDL shall do
the replication of the data.
Help on Oracle streams 11g configuration. I would also need your help
on the maintenance steps, controls and procedures
2 databases
1 src as source database
1 dst as destination database
replication type 1 way of the entire schema FaeterBR
Step 1. Set all databases in archivelog mode.
Step 2. Change initialization parameters for Streams. The Streams pool
size and NLS_DATE_FORMAT require a restart of the instance.
SQL> alter system set global_names=true scope=both;
SQL> alter system set undo_retention=3600 scope=both;
SQL> alter system set job_queue_processes=4 scope=both;
SQL> alter system set streams_pool_size= 20m scope=spfile;
SQL> alter system set NLS_DATE_FORMAT=
'YYYY-MM-DD HH24:MI:SS' scope=spfile;
SQL> shutdown immediate;
SQL> startup
Step 3. Create Streams administrators on the src and dst databases,
and grant required roles and privileges. Create default tablespaces so
that they are not using SYSTEM.
---at the src
SQL> create tablespace streamsdm datafile
'/u01/product/oracle/oradata/orcl/strepadm01.dbf' size 100m;
---at the replica:
SQL> create tablespace streamsdm datafile
---at both sites:
'/u02/oracle/oradata/str10/strepadm01.dbf' size 100m;
SQL> create user streams_adm
identified by streams_adm
default tablespace strepadm01
temporary tablespace temp;
SQL> grant connect, resource, dba, aq_administrator_role to
streams_adm;
SQL> BEGIN
DBMS_STREAMS_AUTH.GRANT_ADMIN_PRIVILEGE (
grantee => 'streams_adm',
grant_privileges => true);
END;
Step 4. Configure the tnsnames.ora at each site so that a connection
can be made to the other database.
Step 5. With the tnsnames.ora squared away, create a database link for
the streams_adm user at both SRC and DST. With the init parameter
global_name set to True, the db_link name must be the same as the
global_name of the database you are connecting to. Use a SELECT from
the table global_name at each site to determine the global name.
SQL> select * from global_name;
SQL> connect streams_adm/streams_adm@SRC
SQL> create database link DST
connect to streams_adm identified by streams_adm
using 'DST';
SQL> select sysdate from dual@DST;
SLQ> connect streams_adm/streams_adm@DST
SQL> create database link SRC
connect to stream_admin identified by streams_adm
using 'SRC';
SQL> select sysdate from dual@SRC;
Step 6. Control what schema shall be replicated
FaeterBR is the schema to be replicated
Step 7. Add supplemental logging to the FaeterBR schema on all the
tables?
SQL> Alter table FaeterBR.tb1 add supplemental log data
(ALL) columns;
SQL> alter table FaeterBR.tb2 add supplemental log data
(ALL) columns;
etc...
Step 8. Create Streams queues at the primary and replica database.
---at SRC (primary):
SQL> connect stream_admin/stream_admin@ORCL
SQL> BEGIN
DBMS_STREAMS_ADM.SET_UP_QUEUE(
queue_table => 'streams_adm.FaeterBR_src_queue_table',
queue_name => 'streams_adm.FaeterBR_src__queue');
END;
---At DST (replica):
SQL> connect stream_admin/stream_admin@STR10
SQL> BEGIN
DBMS_STREAMS_ADM.SET_UP_QUEUE(
queue_table => 'stream_admin.FaeterBR_dst_queue_table',
queue_name => 'stream_admin.FaeterBR_dst_queue');
END;
Step 9. Create the capture process on the source database (SRC).
SQL> BEGIN
DBMS_STREAMS_ADM.ADD_SCHEMA_RULES(
schema_name =>'FaeterBR',
streams_type =>'capture',
streams_name =>'FaeterBR_src_capture',
queue_name =>'FaeterBR_src_queue',
include_dml =>true,
include_ddl =>true,
include_tagged_lcr =>false,
source_database => NULL,
inclusion_rule => true);
END;
Step 10. Instantiate the FaeterBR schema at DST. by doing export
import : Can I use now datapump to do that ?
---AT SRC:
exp system/superman file=FaeterBR.dmp log=FaeterBR.log
object_consistent=y owner=FaeterBR
---AT DST:
---Create FaeterBR tablespaces and user:
create tablespace FaeterBR_datafile
'/u02/oracle/oradata/str10/FaeterBR_01.dbf' size 100G;
create tablespace ws_app_idx datafile
'/u02/oracle/oradata/str10/FaeterBR_01.dbf' size 100G;
create user FaeterBR identified by FaeterBR_
default tablespace FaeterBR_
temporary tablespace temp;
grant connect, resource to FaeterBR;
imp system/123db file=FaeterBR_.dmp log=FaeterBR.log fromuser=FaeterBR
touser=FaeterBR streams_instantiation=y
Step 11. Create a propagation job at the source database (SRC).
SQL> BEGIN
DBMS_STREAMS_ADM.ADD_SCHEMA_PROPAGATION_RULES(
schema_name =>'FaeterBR',
streams_name =>'FaeterBR_src_propagation',
source_queue_name =>'stream_admin.FaeterBR_src_queue',
destination_queue_name=>'stream_admin.FaeterBR_dst_queue@dst',
include_dml =>true,
include_ddl =>true,
include_tagged_lcr =>false,
source_database =>'SRC',
inclusion_rule =>true);
END;
Step 12. Create an apply process at the destination database (DST).
SQL> BEGIN
DBMS_STREAMS_ADM.ADD_SCHEMA_RULES(
schema_name =>'FaeterBR',
streams_type =>'apply',
streams_name =>'FaeterBR_Dst_apply',
queue_name =>'FaeterBR_dst_queue',
include_dml =>true,
include_ddl =>true,
include_tagged_lcr =>false,
source_database =>'SRC',
inclusion_rule =>true);
END;
Step 13. Create substitution key columns for äll the tables that
haven't a primary key of the FaeterBR schema on DST
The column combination must provide a unique value for Streams.
SQL> BEGIN
DBMS_APPLY_ADM.SET_KEY_COLUMNS(
object_name =>'FaeterBR.tb2',
column_list =>'id1,names,toys,vendor');
END;
Step 14. Configure conflict resolution at the replication db (DST).
Any easier method applicable the schema?
DECLARE
cols DBMS_UTILITY.NAME_ARRAY;
BEGIN
cols(1) := 'id';
cols(2) := 'names';
cols(3) := 'toys';
cols(4) := 'vendor';
DBMS_APPLY_ADM.SET_UPDATE_CONFLICT_HANDLER(
object_name =>'FaeterBR.tb2',
method_name =>'OVERWRITE',
resolution_column=>'FaeterBR',
column_list =>cols);
END;
Step 15. Enable the capture process on the source database (SRC).
BEGIN
DBMS_CAPTURE_ADM.START_CAPTURE(
capture_name => 'FaeterBR_src_capture');
END;
Step 16. Enable the apply process on the replication database (DST).
BEGIN
DBMS_APPLY_ADM.START_APPLY(
apply_name => 'FaeterBR_DST_apply');
END;
Step 17. Test streams propagation of rows from source (src) to
replication (DST).
AT ORCL:
insert into FaeterBR.tb2 values (
31000, 'BAMSE', 'DR', 'DR Lejetoej');
AT STR10:
connect FaeterBR/FaeterBR
select * from FaeterBR.tb2 where vendor= 'DR Lejetoej';
Any other test that can be made?Check the metalink doc 301431.1 and validate
How To Setup One-Way SCHEMA Level Streams Replication [ID 301431.1]
Oracle Server Enterprise Edition - Version: 10.1.0.2 to 11.1.0.6
Cheers. -
Please help me P M Module configuration document.
Hi friends,
I am planing to learn SAP PM Module, I want know process wise flow, please help me P M Module configuration document.
Regards,
Murali.
help.sap.comLynn
Had me stumped for a while too ...
On the screen that presents all your "Blank" documents, simply touch the word "Blank" under the preview (not the actual preview) and you'll get a dialogue to name your document.
Simon -
Hi,
I have a question whether CicoWorks LMS can manage Cisco ESW 520 SWITCHS.
I can import it in RME but it says unknown device.
Thanks
AshleyNo, these switches are not supported by LMS. These switches are designed to be managed by the Cisco Network Assistant.
-
Cisco ASA 5505 Configurations. Help... Beyond Frustrated
Hello All,
I'm fairly new to Cisco products and Network management in general. At my place of employment, I was hired as an IT Tech- Repair and Building computers, most aspects of Physical networking, and software refresh/upgrades as well as solving compatibility issues among a plethora of other things. I've configured APs, a couple Catalyst switches, a router or two, and that is about the breadth of my Cisco knowledge. I was kind of thrown into a project which is to update the current inventory of computers which all run Windows XP Professional. We are making a capital purchase of 20 Laptops and 40 Desktops all of which will run Windows 7. This means the outdated PIX they were using is now useless. I purchased a Cisco ASA 5505 (Version 8.2(1)) because it is compatible with Windows XP and Windows 7. I have spent several days and sleepless nights trying to figure out how to configure this thing. I was hoping to use SSL for the VPN. I did some basic configurations just to get started but like I said, I have no real experience with Adaptive Security Appliances and I am so frustrated right now. I tried using the Wizard to no avail. I did a write erase using CLI and tried to configure that way but I'm doing something wrong as far as I can tell. The configurations were mostly pulled from here, the Cisco Community, and a couple other web sites.
I’m connecting the ASA 5505 to a cable modem (gateway 24.39.245.33) and to our Netvanta for VPN purposes. Here are the commands/what I have configured so far:
hostname AMDASA
domain-name asa.(mydomain).com
enable password (encrypted)
passwd (encrypted)
interface Ethernet0/0
description TWCoutside
switchport access vlan 2
no shutdown
write mem
exit
interface Ethernet0/1
description Port1inside
switchport access vlan 1
no shutdown
write mem
exit
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.250 255.255.255.0
write mem
exit
interface Vlan2
nameif outside
security-level 0
ip address 24.39.245.36 255.255.255.240
write mem
exit
object-group icmp-type DefaultICMP
description Default ICMP Types permitted
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
write mem
exit
ftp mode passive
write mem
clock timezone EST -5
clock summer-time EDT recurring
write mem
exit
dns server-group DefaultDNS
domain-name asa.adcmotors.com
write mem
exit
access-list acl_outside extended permit icmp any any object-group DefaultICMP
access-group acl_outside in interface outside
access-list acl_inside extended permit icmp any any object-group DefaultICMP
access-group acl_inside in interface inside
write mem
exit
write mem
That is the extent of the configurations I made via CLI. I don't know how to set the DNS lookup from a static port and I have no idea what else I'm supposed to do after the above configurations I have done. Is there a place to actually obtain ALL of the configurations needed to VPN in? Is there an easier way to make this thing work? I've seriously grown a patch of gray hair because of this device. Please help me if you can!!!!!!Hi our desperate friend .
First I would suggest to use the Cisco VPN client instead of SSL VPN (AnyConnect). The configuration is a bit simpler and for the SSL VPN you would need to install the client on the ASA and purchase additional license if you plan to have more than 2 clients. The VPN Client usually comes with the ASA. If you dont have it or dont have access to download it from cisco.com go to the person from which you purchased your ASA and ask him how to get it.
That said, I also think that your ASA lacks of some basic configuration as of now. If you are planning to use this in replacement for your current PIX. You would need to configure a default route and some basic NAT:
route outside 0.0.0.0 0.0.0.0 24.39.245.33
global (outside) 1 interface
nat (inside) 1 192.168.0.0 255.255.255.0
Now regarding the VPN Client configuration you would need to something like this:
Create an isakmp policy:
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
Create a couple of ACLs that we will use later:
access-list nonat permit ip 192.168.0.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list split_tun standard permit 192.168.0.0 255.255.255.0
Create a Pool for the VPN Clients to use:
ip local pool TestPool 192.168.100.1-192.168.100.20 mask 255.255.255.0
Create a Group Policy:
group-policy TEST internal
group-policy TEST attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tun
Create a group:
tunnel-group TEST type ipsec-ra
tunnel-group TEST general-attributes
address-pool TestPool
authentication-server-group ABTVPN
default-group-policy TEST
tunnel-group TEST ipsec-attributes
pre-shared-key cisco123
Create crypto map and do a NAT 0:
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map Outside_dyn_map 10 set transform-set ESP-3DES-SHA
crypto map Outside_map 10 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface outside
nat (inside) 0 access-l nonat
Finally create a user that you will use to connect:
username test password test123
Then you would need to configure your VPN Client to connect with the ASA.
Here is a config Example of VPN clients to the ASA. It uses an external server for the authentication but just skip those parts. For the initial config you might want to keep the authentication local.
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml
I hope this helps. Feel free to ask if you have any questions. Also it would very usefull if you could upload the current config (show run) of the ASA in case you need to ask something else.
Have fun.
Raga -
Help or ideas how to configure two cisco 1230 ap-s acting like bridges
Hello ya´ll
Need help with configuration of two cisco 1230 ap-s, which are acting as bridges today. Idea is to configure an 4506 (EIGRP) with two new VLAN-s, "hide" those in 2 VRF-s and send those thru one of the ap-s via radio link (a). Distance between is about 700 feet. On the other side an 3560 is acting as L3 device so VRF is needed on 3560 to. Post your thoughts and ideas. Thank´s in advance.Hi Bernard,
If you have WCS, you can use templates to synchronize your configurations on the WLCs.
Another possibility is you can upload your current configuration from your production WLC, and then open up the configuration file and edit the IP addresses to give new addresses to the new WLC. You will also want to change the system name to be unique as well. You can then download this config onto the new WLC, as long as the IP addresses and system name are different it should not interfere with your current WLC.
To have the WLCs operate together properly, you will want to make sure they are defined in a mobility group, see the following for instructions:
http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mobil.html
-Patrick Croak
Wireless TAC -
Help with cisco 837 VPN firewall configuration
Hi guys,
I attempted to configure remote access VPN using cisco 837.IPSEC and firewall features were added already.However, the VPN client keeps saying "remote peer no longer responding".
Upon removing firewall and ACLs, VPN client works. Therefore, I believe these two parts went wrong. Could you please take a look on my config below and see what is going on. On the other hand, when i issue the same config to cisco 827, it does not work. My question is whether cisco 827 IOS 12.1(3)support IPSEC.
Any help would be highly appreciated.This document demonstrates how to configure a connection between a router and the Cisco VPN Client 4.x using Remote Authentication Dial-In User Service (RADIUS) for user authentication. Cisco IOS? Software Releases 12.2(8)T and later support connections from Cisco VPN Client 3.x. The VPN Clients 3.x and 4.x use Diffie Hellman (DH) group 2 policy. The isakmp policy # group 2 command enables the VPN Clients to connect.
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800946b7.shtml -
Need help with cisco 881 configuration.
Hi, I have cisco 881 wireless router, and I need to configure this as a switch, I have dhcp server in network 192.168.12.254, and I need that cisco wifi and lan clients get IP addresses from existing dhcp server.
I connect wire from network (with dhcp server) to FastEthernet0, create vlan interface (192.168.12.10 255.255.255.0), described vlan on other FastEthernet interfaces, so LAN clients get IP addresses from my dhcp server without problems, but how to do the same with wifi clients?Follow this support doc because you need to trunk the AP to the router and specify the vlan the wireelss clients will be on.
https://supportforums.cisco.com/docs/DOC-16145
Here is a doc that guides you through multiple vlans/subnets on access points:
https://supportforums.cisco.com/docs/DOC-14496
Thanks,
Scott
Help out other by using the rating system and marking answered questions as "Answered" -
Cisco WLC 2125 configuration help
So in a nutshell, from My computer I can ping all VLANS - everything seems to in workding order.
when telnet to the HP 5406zl core routing switch I can ping all VLANs and other parts of the network
But when logged into the Cisco wireless Lan Controller I cant ping VLAN 108 gateway IP (172.24.156.2 ) from the neighbour switch or other services on this VLAN
for example cant ping the DHCP on this vlan from WLC.
The neighbour switch can ping IP of the management interface created on the WLC
WLC cant ping VLAN 108
WLC can ping all other VLAN 102,104,106
Not sure where the problem is ??
Configure Dynamic Interfaces on the WLC for the Guest and Internal Users - DONE
Create WLANs for the Guest and Internal Users - DONE
Configure the 5406zl Layer 2/3 Switch Port that Connects to the WLC as Trunk Port allowing the relevant vlans i.e. management vlan, vlan 102 and Vlan 108 - DONE
Configure the Switch Port that Connects to the AP to VLAN 102 - DONE
configure virtual interface IP 1.1.1.1 - DONE
Configure the Router for the WLANs - DONE
LAP is registered to the WLC - DONE
WLAN and SSID broadcast - OKNot at present it is not, the port on the 5406zl that the WLC is connected was setup as a trunk group and All VLAN tagged. When I tried this I lost all connectivity to the WLC. Is there something on the WLC that need changing also?.
-
Hi all,
we brought a Cisco 881W-GN-E-K9 and we use it as main router.
We have this network architecture:
- the WAN (FastEthernet4 interface) is connected to the 192.168.0.x network
- all the ethernet interfaces (FastEthernet 0-3) and the wlan are in 10.0.0.0 network using a VLan
We have some problems:
- we set static DNS entries in the Router:
ip host Waters 10.0.0.1
ip host Barrett 10.0.0.2
ip host Mason 10.0.0.20
ip host Wright 10.0.0.21
However, the ping Mason it's not working....
- we activate a NAT for the 8080 port on the 10.0.0.21 pc but it does not works:
ip nat inside source static tcp 10.0.0.21 8080 A.B.C.D 8080 extendable
someone can explain were we are falling?
Following the router configuration:
Current configuration : 6948 bytes
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Waters
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1382020822
REMOVED!!!
crypto pki certificate chain TP-self-signed-1382020822
REMOVED!!!
ip source-route
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 10.0.0.1 10.0.0.99
ip dhcp pool DHCP
import all
network 10.0.0.0 255.0.0.0
default-router 10.0.0.1
dns-server 10.0.0.1
lease 0 10
ip cef
ip host CiscoRouter 10.0.0.1
ip host Mason 10.0.0.20
ip host Wright 10.0.0.21
ip host SamsungML3050 10.0.0.91
ip host CiscoAP 10.0.0.2
ip host EpsonSX440W 10.0.0.90
ip host RouterAP 10.0.0.2
ip host Waters 10.0.0.1
ip host Router 10.0.0.1
ip host Barrett 10.0.0.2
ip name-server 192.168.0.1
ip name-server 8.8.8.8
ip name-server 10.0.0.1
no ipv6 cef
vpdn enable
vpdn-group 1
REMOVED!!!
license udi pid CISCO881W-GN-E-K9 sn REMOVED!!!
username routeradmin privilege 15 secret REMOVED!!!
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface FastEthernet4
ip address 192.168.0.253 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface Virtual-Template1
ip unnumbered Vlan1
ip nat inside
ip virtual-reassembly in
peer default ip address dhcp-pool DHCP
no keepalive
ppp encrypt mppe 128
ppp authentication ms-chap ms-chap-v2
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
ip nat inside
ip virtual-reassembly in
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
interface Vlan1
description BLABLABLA
ip address 10.0.0.1 255.0.0.0
ip nat inside
ip nat enable
ip virtual-reassembly in
ip tcp adjust-mss 1452
ip local pool PPTP-Pool 10.0.1.10 10.0.1.99
ip default-gateway 10.0.0.1
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 10.0.0.21 8080 A.B.C.D 8080 extendable
ip default-network 192.168.0.0
ip route 0.0.0.0 0.0.0.0 192.168.0.1
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 23 permit 10.0.0.0 0.255.255.255
no cdp runHi mfurnival,
thank for your answer...
inline my outlines:
What do you mean when you say the static entry for Mason is not working? Do you mean that when you type "ping Mason" it times out? What happens when you try and ping the actual IP address of Mason ( 10.0.0.20 ) - does that work?
yes, the ping to 10.0.0.20 works ok while ping mason times out....
Regarding the NAT - I assume that the outside address (removed from config above) is in the 192.168.0.x range?
hooo... thanks, this issue was solved: i was mapping the outside ip address (156.x.y.z) and not the 192.168.0.x... thank you.
Leonardo -
Cisco 881w guest configuration help
Hello all,
I am looking to figure out how to configure a cisco881w for a guest account. I dont want to use the local database to do so... we have a software called smart pass that handels the guest requests. the radius server dosent use any authentication protocols, all I found out is the authentication port 1814 and accounting port 1813. Because we want to keep the guest wireless users away from our internal network, we want them to authenticate against Smartpass, so that they get the agreement of guest usage.
Has anyone attempted this type of setup?
ThanksNot at present it is not, the port on the 5406zl that the WLC is connected was setup as a trunk group and All VLAN tagged. When I tried this I lost all connectivity to the WLC. Is there something on the WLC that need changing also?.
Maybe you are looking for
-
'FM HELPSCREEN_CREATE is obsolete in ECC 5.0 version'
Hi all, I am upgrading SAP from 3.1I to ECC 5.0. I am getting the error that 'FM HELPSCREEN_CREATE is now obsolete in ECC 5.0 version'. can anyone suggest the equivalent FM for the above in ECC 5.0. thanks Rakesh
-
Apple Mobile Device Is Not Started
OK so updating Itunes to 10 has caused me a whole slew of problems. First there was the issue of it recognizing it as a camera which I never got that part fixed cause when I tried to update the driver as instructed, it told me it was already up to da
-
Trying to copy Tiger's iCal data to a clean install of Leopard...
I have just clean-installed Leopard onto my MacBook, after having done a complete backup of my entire hard drive. I have not used Apple's own Backup software, but rather a 3rd-party backup application, which effectively has just cloned my Tiger drive
-
I have a column in my database that has values like this Row1 : RA1,RA2 Row2 : XA1,XA2 I have a search form that will pass a value and query the table. If the user enters RA1 I need the search to return row 1, it doesnt now When I run the search quer
-
Filesystem abstraction in package management
Hey all .. just a thought I had the other night, wanted to share and get opinons on it. Probably not anything new, but I was wondering why some kinda filesystem abstraction layer couldnt be implemented in a package management system such as libalpm/p