Remote span between Extreme and Cisco switches
Hello,
I need to configure remote span between Extreme Networks X460-24p and Cisco Cataylst 2960X switches. 2 IP phones are connected to ports 15 and 17 on Extreme switch, and should be monitored to port 1/0/47 on Cisco switch. Extreme and Cisco switches are interconnected with trunk (port 28 on Extreme with port 1/0/51 on Cisco).
I configured the following:
On Extreme switch:
configure mirror mode enhanced
enable mirroring to port 28 remote-tag 1000
configure mirroring add port 17 ingress-and-egress
configure mirroring add port 15 ingress-and-egress
On Cisco switch:
vlan 1000
name RemoteSPAN
remote-span
monitor session 1 destination interface Gi1/0/47
monitor session 1 source remote vlan 1000
But this is not working :(
Does enyone have experience with this? I really need help to make this work.
Thanks.
OK, this configuration is actually working :)
Similar Messages
-
IPSEC between Fortinet and Cisco SA540
Hi,
We have done the site to site VPN between Fortinet and Cisco SA540. Everything is configured at both ends but the tunnel is not establised. Can you help me out to resolve the issue.
Regards,
Satish.Hello Venkatasatish,
I gonna send you an example of VPN between Cisco ASA 8.2 version and Fortigate mr4.
In my example i gonna use the following environments:
Cisco ASA "Zones"
Inside: 192.168.1.0/24 "Asa inside interface Ip address 192.168.1.1"
Outside: 200.200.200.0/29 "Asa outside interface Ip address 200.200.200.1"
Fortigate "Zones"
inside: 172.16.1.0/24 "Asa inside interface Ip address 172.16.1.1"
outside: 201.201.201.0/29 "Asa outside interface Ip address 201.201.201.1"
=================================> VPN Script of ASA <=================================
access-list inside_access_in remark Firewall rule from ASA to Fortigate
access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0 log notifications
access-group inside_access_in in interface inside
access-list VPN_NONAT remark Nonat to VPN traffic over VPN
access-list VPN_NONAT extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
access-list CryptoMap_ASA_to_Fortigate remark VPN Site-to-Site to Fortigate Site
access-list CryptoMap_ASA_to_Fortigate extended permit ip 192.168.1.0 255.255.255.0 172.16.1.0 255.255.255.0
nat (inside) 0 access-list VPN_NONAT
crypto isakmp enable outside
crypto isakmp policy 1
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map OUTSIDE_map 1 match address CryptoMap_ASA_to_Fortigate
crypto map OUTSIDE_map 1 set peer 201.201.201.1
crypto map OUTSIDE_map 1 set transform-set ESP-3DES-SHA
crypto map OUTSIDE_map 1 set security-association lifetime seconds 3600
crypto map OUTSIDE_map interface outside
group-policy GP_TO_FORTIGATE internal
group-policy GP_TO_FORTIGATE attributes
vpn-idle-timeout none
vpn-tunnel-protocol IPSec
tunnel-group 201.201.201.1 type ipsec-l2l
tunnel-group 201.201.201.1 general-attributes
default-group-policy GP_TO_FORTIGATE
tunnel-group 201.201.201.1 ipsec-attributes
pre-shared-key cisco123
=================================> VPN Script for Fortigate ==============================
Phase 1:
FORTIGATE# config vpn ipsec phase1-interface "enter"
FORTIGATE (phase1-interface) # edit 200.200.200.1 "enter"
set interface "outside"
set keylife 86400
set mode main
set dhgrp 2
set proposal 3des-sha1
set remote-gw 200.200.200.1
set psksecret ENC cisco123
next "to apply the configuration"
Phase 2
FORTIGATE# config vpn ipsec phase2-interface
edit 200.200.200.1
set keepalive enable
set pfs disable
set phase1name "200.200.200.1"
set proposal 3des-sha1
set dst-subnet 192.168.1.0 255.255.255.0
set keylifeseconds 3600
set src-subnet 172.16.1.0 255.255.255.0
next "to apply the configuration"
Config route to VPN: I am using 100 entry, you need to take a look at your firewall.
FORTIGATE# config router static "enter"
FORTIGATE (static) # edit 100 "enter"
FORTIGATE (100) # set device "200.200.200.1"
set distance 1
set dst 192.168.1.0 255.255.255.0
Create a Rule: in my example I´m using any to any over VPN, but you can to filter based on network environments.
FORTIGATE # config firewall policy "enter"
FORTIGATE (policy) # edit 100 "enter"
config firewall policy
edit 100
set srcintf "200.200.200.1"
set dstintf "inside"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set logtraffic enable
set comments "Access from VPN ASA site"
FORTIGATE (policy) # edit 101 "enter"
config firewall policy
edit 101
set srcintf "inside"
set dstintf "200.200.200.1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ANY"
set logtraffic enable
set comments "Access to VPN ASA Site"
After that, please start a traffic between private network, 192.168.1.0 and 172.16.1.0/24.
Please let me know about it!
Good luck.
Fabio Jorge Amorim -
IPSec ikev2 between ASA and Cisco Router
Hi,
i try to do IPSec with ikev2 (SHA2) between ASA and Cisco Router, without success. Any one can help me ?
- Remote site (Router) with dynamic public IP -> Dynamic crypto map on the ASA
- Authentication with Certificats
- integrity sha2
I try a lot of configurations without success.
Thanks for your help.
MicThe more secure ike policy should have the higher priority which is a smaller number. So I would configure there the following way (policy 30 only if really needed):
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 28800
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
crypto ikev1 policy 30
authentication pre-share
encryption aes
hash sha
group 2
lifetime 43200
The Cisco VPN Client is EOL and not supported any longer. And yes, by default DH group 2 is used. But that can be configured by a parameter in the PCF-file.
There are two (three) better options:
Best option with very little needed configuration:
Move to AnyConnect with TLS. AnyConnect is the actual Cisco client that is also supported with Windows 8.x. The legacy IPsec client isn't.
Best option with a little stronger crypto but more configuration:
Move to AnyConnect with IPsec/IKEv2.
Move to a third-party client like shrew.net. I didn't use that client since a couple of years any more, but it's quite flexible and also has a config for a better DH-group.
For option 1) and 2) there is an extra license needed, but thats not very expensive. -
How to create multiple sip trunks between cucm and cisco unified sip proxy
Dear Expert,
Is there a way to create multiple sip trunks between CUCM and Cisco Unified SIP Proxy (CUSP)? How to achieve it without creating multiple IP interfaces on the CUSP module.
CUCM: 8.5.1.10000-9
CUSP: 8.5.2
Thank you,
.wanHello Michael,
This SIP trunk is part of UCCE solution, which used between CVP, CUSP, and CUCM.
The requirements:
1) To have different codecs for different type of calls, as the phones are at few countries
2) To pass different number of digits from CUSP to CUCM for different call treatments
.wan -
ARD and Cisco switches (multicast storm issue)?
We had Cisco bring in an engineer to look into our problem where ARD stalls/fails to push packages or pull reports (etc.). We never have a problem remotely controlling computers.
They told us "Multicast" needs to be on at every switch that has Macs connected. In one environment all Macs are on the 10.100.9.xx subnet, and Macs are at different locations. All the switches these dot-9 subnet Macs are connected to need "Multicast" turned on.
I've read numerous threads regarding how Macs drift in and out and ARD is not able to do what it's advertised to do. Has anyone run into this issue where Cisco switch configuration caused ARD to not perform properly?
I will summarize once Cisco resolves the issue. They're due in for another test or two before we can make the necessary switch adjustments.
Thanks,
DonI have 3COM switches and they appear to be performing as your CISCOs are. I have computers drift in and out all day as well as my task server not responding to input at all. When trying to browse the LAN for computers, I don't receive any information regarding my computers, or I only get 5 out of 2100. I will talk with my Network Administrator and find out if Multicast is turned on. I have sent Apple 300 crash reports over the past 3 months, but have not received any word on a fix for ARD issues.
-
Interconnection between HP and Cisco is not working
Dear all,
I support some old colleagues by connecting a Cisco 2960x with an HP Switch. Both sides are UP/UP, stp is fine, channel also. The Cisco switch is also fine. But not data traffic is working.
I see that we are sending but not receicing any packet. the same on the other side. We checked the cabeling use different fibers, etc. everything is fine. when we connect a copper port, its also fine. Online on the LWL side we have this problem. But interface and line protocol is UP.
Is there any command I may not know to check the LWL. UDLD is not working because we have just on cisco on one end. test tdr works only on copper. I guess there is something wrong with the compatibility between the both Gbics, but i can't exaclty say what it is. We use monomode and LX Gbic.
On another Core Switch HP/Cisco is working finde with SX.
I don't have live access, so sorry for any delay in my answer.
regards,
SebastianHi cbafiero,
It seems that the problem lies in your router. I'm not sure exactly what the issue is (I've just now discovered it myself), but after switching from a Linksys WRT54GX2 to a thrift store Netgear, my shared libraries appeared instantly. My gut is telling me that the Linksys routers are blocking the multicast traffic, which is stupid on Linksys's part, to filter traffic internally. I'll look more into the Netgear and see what it has that the Linksys doesn't (or vice versa). -
LACP between SRW2048 and Cisco 3750
Hi,
I have been trying to set up a LACP link between my SRW2048 and Cisco 3750 using two gigabit ethernet links.
Whenever i plug one cable in the interface does not come back up.
I have already sucessfully been able to create a LACP link between the 3750 and a catalyst 2960 for two cables.
Both interfaces at both units are set up as trunks for Vlans 1 (default and untagged), 4, 99, 101, and 102, then the Port-channel / LAG set also as a trunk with the same vlans.
Does anyone have any ideas why the interface is not even initialising?
If i plug a SRW2048 LAG'd interface into a normal access (vlan1) port on the 3750 it works fine, and vice versa with the 3750 to the SRW2048.
Below is a extract of logs from both:
-- Log from SRW2048
1 2147483579 07-Oct-2008 16:12:24 Informational %LINK-I-Up: ch1
2 2147483580 07-Oct-2008 16:12:24 Informational %LINK-I-Up: Vlan 102
3 2147483581 07-Oct-2008 16:12:24 Informational %LINK-I-Up: Vlan 101
4 2147483582 07-Oct-2008 16:12:24 Informational %LINK-I-Up: Vlan 99
5 2147483583 07-Oct-2008 16:12:24 Informational %LINK-I-Up: Vlan 5
6 2147483584 07-Oct-2008 16:12:24 Informational %TRUNK-I-PORTADDED: Port g4 added to ch1
7 2147483585 07-Oct-2008 16:12:19 Informational %LINK-I-Up: g4
## Plugged back into standard vlan1 access port ##
## Plugged into LACP enabled port on 3750 ##
## Unlugged from standard vlan1 access port ##
8 2147483586 07-Oct-2008 16:11:10 Warning %LINK-W-Down: ch1
9 2147483587 07-Oct-2008 16:11:10 Warning %LINK-W-Down: g4
10 2147483588 07-Oct-2008 16:11:10 Warning %LINK-W-Down: Vlan 102
11 2147483589 07-Oct-2008 16:11:10 Warning %LINK-W-Down: Vlan 101
12 2147483590 07-Oct-2008 16:11:10 Warning %LINK-W-Down: Vlan 99
13 2147483591 07-Oct-2008 16:11:10 Warning %LINK-W-Down: Vlan 5
14 2147483592 07-Oct-2008 16:11:10 Warning %TRUNK-W-PORTREMOVED: Port g4 removed from ch1
-- Log from Catalyst 3750
mercury#terminal monitor
mercury#
Oct 7 15:10:44: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet 1/0/17, changed state to down
Oct 7 15:10:45: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/17, changed state to down
Oct 7 15:11:54: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/17, changed state to up
Oct 7 15:11:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet 1/0/17, changed state to up
mercury#The linksys documentation is a little thin on the ground all over.
However, if i have got this correct the Admin key needs to be the same for all interfaces in the same LAG for one switch i.e not the same for both ends of the cable?
As for the priority, i assumed this was to do with how the switch dealt with with interfaces were to be active if there were more in the group than could be allowed - to allow for backup links. Is this correct?
Thanks for your reply. -
Cisco Transparent firewall and cisco switch issues.
Dears,
I have a very plain scenario
LAN cisco switch <2 vlans> ----------> cisco transparent firwall with bvi interface ------------> crypto box ---------> cisco router ------ <remote/other site>
i have vlan 61 configured on bvi interface of firewall, crypto box and also on the switch port and vlan of 61 is up up .
The issue is i can connect remotely to cisco transparent firewall but cannot ping or connect to cisco switch. ???????????
Need to know some trobuleshooting tips and basic settings that i need to verify. I simply want lan switch with 2 vlans to pass through the cisco transparent firewall and go to other site/remote site.Well,
i have put the inspection icmp turned on for the sessions , and the version i am using is 9.1
moreover, i have put u p the ACLs for inbound and outboudn traffic, and while i ping across the firewall from the inside interface towards outside interface PC, i can see packet counts increasing on the acl , during the show access-llist command.
i have requested the client to verify his part. do let me know further tips if you have any.
[ moreover we cannot try to use packet-tracer from cli in transparent mode ] -
Setup and connections for 3 airport extremes and 2 switches?
I'm finally getting ethernet wiring in my house rather having to rely on just wireless, but due to the lath and plaster walls I'll still end up having a separate Airport Extreme 802.11ac unit on each floor, otherwise the signal drops off dramatically with dead spots. I'm assuming that I should no longer do an extended network between the airport extremes, but I'm not sure of the proper wiring between the ethernet switches I'll have, the airport extremes, etc. either. Here's the gear...
2nd floor
cable modem
8 port ethernet switch
main airport extreme, should provide DHCP and NAT
cable modem plugs into the main switch
airport extreme plugs into the main switch
1st floor
airport extreme
there will be an ethernet cable from the basement ethernet switch to the 1st floor unit, which is the only feasible hardwire connection that I can make unless I pull a second long run of ethernet from the second floor, go to the basement and then back over to the first floor connection spot.
Basement
airport extreme
second 8 port ethernet switch
there will be an ethernet cable running from the 2nd floor ethernet switch to the basement switch
There are also additional airport express boxes attached to audio equipment and an AppleTV attached to an AV receiver for TV. Various printers, game consoles, etc. will plug into the ethernet switches.
As described above, all connections are going to the switches, not coming out of the main airport extreme and going to another airport extreme.
First of all, is the wiring described make sense or should it be handled differently?
Secondly, rather than an extended network, since I'll have hardwire ethernet connections between switches to all of the airports, what is the proper network topology to use in the airport utility? Does each of the three airports end up being their own wireless network, but just sharing the same name for 802.11 b/g, n, and ac? Any links to help me figure this out or do I need to make an Apple genius appointment?2nd floor
cable modem
8 port ethernet switch
main airport extreme, should provide DHCP and NAT
cable modem plugs into the main switch
airport extreme plugs into the main switch
What is the make and model number of the modem?
If it is a simple modem....(not a modem/router or gateway device)....you cannot have an Ethernet switch between the simple modem and the AirPort Extreme.
Instead, the modem must connect to the AirPort Extreme, and the Ethernet switch then connects to the AirPort Extreme.
However, if your "modem" is a modem/router or gateway device.....you could connect the Ethernet switch to the modem/router......but you would not configure the AirPort Extreme to provide DHCP and NAT.....since the modem/router or gateway would already be providing those services.
Let's get this clarified before we go any further, since the entire network will depend on this. -
Windows 7 LLDP and Cisco Switches
Does Windows 7 support IEEE LLDP (not to be confused with MS LLTP). We have LLDP enabled on are Cisco Switches and want to be able to see are what ports the Windows 7 devices are connected to. Using the Cisco Show LLDP neighbors.
Hi,
I suggest you refer to the following article in MSDN blog:
Link Layer Topology Discovery Protocol Specification
http://msdn.microsoft.com/en-us/library/windows/hardware/gg463061.aspx
Thanks,
Vincent Wang
TechNet Community Support -
Hello,
in my Office we're working with Macs and PCs and all the data is on a NAS.
Here is our configuration:
NAS <-link1->Switch<-Link2->Macs or PC.
Macs are connected with AFP protocol (because SMB is very slow).
We want to use Link Aggregation between the NAS and the switch (with 802.3ad procotol) but when we do that all the Macs have a very slow access to the NAS. But all is OK with the PCs.
What can we do? Is there a problem with macOS X and link aggregation?
Thank you for your help.
NicolasSorry, not sure what the question is exactly.
You must have an Xserve, or Ethernet cards capable of Jumbo Frames for one, I assume the Switch & NAS are capable?
Possible clues...
http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c3ha3.html
http://discussions.apple.com/thread.jspa?threadID=1715388&tstart=0
http://www.macnn.com/articles/04/06/21/link.aggregation.for.macs/
http://www.smallnetbuilder.com/content/view/30556/53/
http://www.afp548.com/forum/viewtopic.php?showtopic=8309 -
Converged 10gig server adapters and Cisco switches
I have little network with 4 vsphere servers connected to clustered 3750x with 4*1Gig NICs per server.
Servers are connected to central storage with two 8Gbps FC links per server. I don’t have FO switches cause central storage is equipped with 4 FO ports per controller.
I want to upgrade servers and central storage. Servers will have two converged 10gig (HP FlexFabric) and 4*1 Gig interfaces
I need to upgrade 3750x switches with new one with 10 gig interfaces.
I am looking for two new Cisco switches that can handle converged traffic from server 10gig interfaces (iSCSI, FCoE).
Nice feature will be if it is possible to connect existing FC storage to the new switches.
Kind regards,
Vice LacmanovicHello, vlacmanov.
I recommend at least the Nexus 5000 to support iSCSI and FCoE over your 10GE interface. (http://cs.co/9001SoyL) Do you already have any existing Cisco Nexus on your network?
Let me know if you have additional concerns or e-mail ([email protected]) me directly. Kind regards. -
Multicasting (IGMP Snoop) between Nortel and Cisco
We are currently having issues with Zen imaging (multicasting) and our setup is the following.
Please take into account, our knowledge is very limited with IGMP Snooping setup etc.
MDF = 6 Nortel 450-24T's using FirmWare -1.48 / SoftWare - 4.5.2.4
IGMP Settings are such :
VLAN: [ 1 ]
Snooping: [ Enabled ]
Proxy: [ Disabled ] -----> This was on...but once off, runs much smoother.
Robust Value: [ 2 ]
Query Time: [ 125 seconds ]
Set Router Ports: [ Version 1 ]
In the MDF (anythig directly in those switches) images fine now. (once I disabled PROXY)
However I have a few IDF's off the MDF that are using OLD Nortel 350F-HD's (no IGMP Snooping support) and it's horrible (can only do a few computers at a time.
So in one of the IDF's (the biggest one) I pulled out the 350F-HD and replaced it with a CISCO 2950 w/Fiber and it's using 12.1.20EA1 and I left IGMP Snooping on (thinking this will fix it) and couldn't even get ONE machine to connect and image in the multicast session. It's settings were (by default):
Global IGMP Snooping configuration:
IGMP snooping : Disabled
IGMPv3 snooping (minimal) : Enabled
Report suppression : Enabled
TCN solicit query : Disabled
TCN flood query count : 2
Vlan 1:
IGMP snooping : Disabled
Immediate leave : Disabled
Multicast router learning mode : pim-dvmrp
Source only learning age timer : 10
I then completly disabled IGMP Snooping on the CISCO and we're able to Image 5-7 Computers without a crash (more than that and it crashes - disconnects etc)
In the area's that I have All 450's or all CIsco's the imaging seems to go fine. (with minor errors)
Can any one give me some advice (or hopefully ran into this mixed setup before)?
Thank you.Bosalaza,
Thank you for replying (and I read even more on the ip multicast routing). However I've not ran into the same issue at any school that has 100% cisco switches or 100% Nortels (that are setup correctly and not older than dirt). I think we've not needed the multicast routing setup as we only have one router on the network (and it's flat at the moment anyway). As long as IGMP Snooping is enabled correctly (on the switches) it seems to serve us well.
Although from what I've read (where you pointed me too) it seems even in our setup we would benifeit from taking time to setup "ip pim ....." etc.
I was able to scrounge from another network and change out a few very old Nortels (that didn't support IGMP Snoop) and all seems well now.
So long story short (and incase anyone else needs this info. The Nortel 350T and F - HD's were the main issue. It seems (for now) that a mixture of Nortel 350/450-24T's (any model that at least has IGMP Snooping) and Cisco's mixed (also Snoop on) works pretty well.
I'm going to consider this solved as I was able to fix it with changing out some old product. However I really appreciate your efforts and pointing my towards some good info. (Which I'm going to read up on more, as I'm sure we'll need to get it setup in the near future.)
Thanks again. -
3com and cisco switches (802.1q)vlan integration problem - broadcast storm?
Hi forum,
we are using 3com switches, the 3com switches implement open vlans, which mean if an ieee 802.1q packet is received at a port and the port is not a member of that vlan, the switch does not perform vlan filtering. if the address is previously learned, it will be forwarded correctly, but if it is not, it will be flooded to all ports within that VLAN.
my questions:
1) if another cisco switch connected with the 3com switch are placed in the same vlan, and the 3com switch received a 802.1q packet from a rogue device, it will be flooded to all the ports(including the cisco ports) within that VLANs, will it cause a broadcast storm?
2) how do i configure the cisco switch to filter off unknown tagged packet on a port? by using vlan prunning?
3) how do i blocked the broadcast from the 3com switches? using broadcast suppression?
4) is there a way on the design side to effectly counter this problem?
Kind regards,
paulIt sounds like setup of your 3com switch is not quite up to your requirements. If a port is declared as tagged, it's ok to receive tagged frames for VLAN's that were not previously known on this port. However if your policy requires that only specific VLAN's are permitted on given tagged port, then you need to add some extra command on your 3com switch. Check with documentation and possibly with your 3com support partner.
As for cisco routers, tagged ports in Cisco-speach are trunks (this might be confusing for you as 3com calls trunks what in Cisco world is known as either Etherchannel or port aggregation). By default a trunk (tagged) port allows any VLAN. If your policy requires so, you can explicitly specify which VLAN's are allowed on given trunk (tagged) port. If a frame arrives with a tag that is not on the allowed list, the frame will be discarded. So you don't need any fancy broadcast supression to block traffic from disallowed vlans coming from your 3com switch to cisco.
P.S.: Make sure that you don't mistake 'member of VLAN' with 'native VLAN'. Some parts of your message suggest that you do. -
VPN between RV042 and Cisco 2801
HI
Kindly help me out. I'm configuring a p2p vpn between a cisco 2801 with IOS 12.3 and a linksys RV042. I'm getting following error on Linksys and Cisco respectively.
[Tunnel Negotiation Info] >>> Initiator Send Main Mode 1st packet
Dec 19 02:40:42 2011
VPN Log
Received informational payload, type NO_PROPOSAL_CHOSEN
dst src state conn-id slot status
x.x.x.x x.x.x.x MM_NO_STATE 0 0 ACTIVE
Below are my config:
Linksys RV042:
Keying Mode: IKE with Preshared Key
Phase1 DH Group: Group2
Phase1 Encryption: 3DES
Phase1 Authentication: MD5
Phase1 SA Life Time: 28800
Perfect forward secrecy : enabled
Phase2 DH Group: Group2
Phase2 Encryption: 3DES
Phase2 Authentication: MD5
Phase2 SA Life Time: 28800
Preshared Key: xxxxxx
Cisco 2801:
crypto isakmp policy 11
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key xxxxxx address xxxxxx
no crypto isakmp ccm
crypto ipsec transform-set STRONGER esp-3des esp-md5-hmac
crypto map myvpn 10 ipsec-isakmp
set peer xxxxxx
set transform-set STRONGER
set pfs group2
match address 103
interface FastEthernet0/0
ip address 10.0.0.56 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no mop enabled
interface FastEthernet0/1
ip address xxxx xxxx
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
crypto map myvpn
ip nat pool branch xxxxxx xxxxx netmask 255.255.255.240
ip nat inside source route-map nonat pool branch overload
access-list 103 permit ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 deny ip 10.0.0.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 110 permit ip 10.0.0.0 0.0.0.255 any
snmp-server community public RO
route-map nonat permit 10
match ip address 110
Rgards
SAMHi,
It looks like you are using the default hash for the crypto isakmp policy and that your connection is failing on the phase 1 negotiation. The default hash on the crypto isakmp policy is sha. On the 2801 try adding hash md5.
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
Let me know if that helps.
Thank you,
Jason NIckle
Maybe you are looking for
-
Aging - 7 Buckets - By Account Report
Hi All, I need sql script to get the same output of Oracle Standard Report 'Aging - 7 Buckets - By Account Report' as i am gone through the data model but the query is written in Dynamically and using Dual table. Can anyone tell me how to write the s
-
SAP Version to be added in the subject line while posting a question.
Hi, We all have been posting and answering thousands of questions on the SDN. Many times I have seen moderators asking the person who posted a question to use a correct and informative subject line. With respect to that, I would like to suggest the m
-
Is there a thunderbolt dock that also powers the macbook?
Please help me find this device.
-
Table for production order Activity Quantity
Hi Experts, Can anybody please tell me the name of table where Production order planned and Actual activity quantity with reference to production order number gets saved ? Thanks in advance. Regards, Bijay
-
Reg: Third Party Flow Setup
Hi Guru, i need Customizing and flow of Transaction for the Third Party setup Document. please provide the valid information on this. Thanks BR Siva