S2S with Cisco 871

Can I do a BorderManager 3.8 S2S VPN with a BM3.8 server as the master and a
Cisco 871 as the slave at the other end?

Hi,
Mark Moorhead wrote:
>
> Can I do a BorderManager 3.8 S2S VPN with a BM3.8 server as the master and a
> Cisco 871 as the slave at the other end?
I don't see a reason why not. Basically all Ciscos that support VPN I've
tried so far worked just fine.
CU,
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de

Similar Messages

Help with Cisco 871-K9

Hi everyone! I'm having trouble with my 871 router.
My problem is the next one.
It's starts like this:
My ISP give me an address by DHCP, it is connected to a 1841 (Fe 0/1), on Fe0/0 I assign 10.22.1.1 and by DHCP on my 871, I gather the IP the router gives me.
Now, in the 871, as you can see on the attach everything's configured, I can make pings to everything unless to my computer, with the IP 10.22.2.3 and Gateway 10.22.2.1 (Vlan1). Therefore, I ping from my computer to the vlan1 (inside) and the Fe4 port (outside) -works- but I dont have access to the web. Neither I can ping 10.22.1.2 that is 1841 router.
Any ideas of what I'm doing wrong?
1841 is working perfect and it's natting the public ip into private.

Hello.
Have you configured a static route from the 1841 back to the 871?
The route on the 1841 should look at bit like this:
ip route 10.22.2.0 255.255.255.248 10.22.1.1
Simon

Configuration Issue with my Cisco 871 Router

Hi all,
I am a newbie to the Cisco IOS.
I got a Cisco 871 Router that I'd like to use for internet connection. My LAN network is 192.168.1.0/24 and the ISP has assigned us the IP 41.212.79.108/24 and gateway 41.212.79.1.
With my current configuration, I can hit the router - 192.168.1.1 - and it's WAN port - 41.212.79.108 - but not the gateway.
Below is my current config:
Hoggers#show config
Using 4414 out of 131072 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Hoggers
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 5 **********************.
no aaa new-model
crypto pki trustpoint TP-self-signed-568493463
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-568493463
revocation-check none
rsakeypair TP-self-signed-568493463
crypto pki certificate chain TP-self-signed-568493463
certificate self-signed 01 nvram:IOS-Self-Sig#7.cer
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.4
ip dhcp excluded-address 192.168.1.5
ip dhcp excluded-address 192.168.1.6
ip dhcp excluded-address 192.168.1.7
ip dhcp excluded-address 192.168.1.8
ip dhcp excluded-address 192.168.1.9
ip dhcp excluded-address 192.168.1.10
ip dhcp excluded-address 192.168.1.100
ip dhcp excluded-address 192.168.1.90
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
ip dhcp pool LANPOOL
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 41.212.3.2 41.212.3.253
ip domain name yourdomain.com
ip name-server 41.212.3.2
ip name-server 41.212.3.253
archive
log config
hidekeys
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description Wan to Outside World
ip address 41.212.79.108 255.255.255.0
duplex auto
speed auto
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.1 255.255.255.0
ip tcp adjust-mss 1452
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 41.212.79.1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source static tcp 192.168.1.31 80 interface FastEthernet4 80
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
control-plane
scheduler max-task-time 5000
end
I'll appreciate any light you can shed on what am missing.

2 wireless routers can not communicate wirelessly with each other.
You need to connect cable between 2 routers and use the second wireless router as access point.
Follow this link to connect Linksys router to another router.
Some of your devices are getting same IP address. This might be the issue with DHCP server of the router. You can try DHCP reservation on the router so that each device will get unique IP address.

Cisco 871 and throughput with QOS

Considering an 871 to carry out CBWFQ on circa 4Mbits of bandwidth allocated by a provider.
Will the platform handle that sort of throughput? Any experiences?

Thanks Paresh,
Had never encountered that guide before - certainly useful.
I still wonder whether anyone has experience of the throughput that can be achieved with QOS features enabled such as a CBWFQ applied to 4Mbps. I doubt such a figure will exist in the literature, it would probably have to be a field measurement. Has anyone got any such field measurements - especially with the 871 but also with any other SMB platform.
regards

Azure Site to Site VPN with Cisco ASA 5505

I have got Cisco ASA 5505 device (version 9.0(2)). And i cannot connect S2S with azure (azure network alway in "connecting" state). In my cisco log:
IP = 104.40.182.93, Keep-alives configured on but peer does not support keep-alives (type = None)
Group = 104.40.182.93, IP = 104.40.182.93, QM FSM error (P2 struct &0xcaaa2a38, mess id 0x1)!
Group = 104.40.182.93, IP = 104.40.182.93, Removing peer from correlator table failed, no match!
Group = 104.40.182.93, IP = 104.40.182.93,Overriding Initiator's IPSec rekeying duration from 102400000 to 4608000 Kbs
Group = 104.40.182.93, IP = 104.40.182.93, PHASE 1 COMPLETED
I have done all cisco s2s congiguration over standard wizard cos seems your script for 8.x version of asa only?
(Does azure support 9.x version of asa?)
How can i fix it?

Hi,
As of now, we do not have any scripts for Cisco ASA 9x series.
Thank you for your interest in Windows Azure. The Dynamic routing is not supported for the Cisco ASA family of devices.
Unfortunately, a dynamic routing VPN gateway is required for Multi-Site VPN, VNet to VNet, and Point-to-Site.
However, you should be able to setup a site-to-site VPN with Cisco ASA 5505 series security appliance as
demonstrated in this blog:
Step-By-Step: Create a Site-to-Site VPN between your network and Azure
http://blogs.technet.com/b/canitpro/archive/2013/10/09/step-by-step-create-a-site-to-site-vpn-between-your-network-and-azure.aspx
You can refer to this article for Cisco ASA templates for Static routing:
http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx
Did you download the VPN configuration file from the dashboard and copy the content of the configuration
file to the Command Line Interface of the Cisco ASDM application? It seems that there is no specified IP address in the access list part and maybe that is why the states message appeared.
According to the
Cisco ASA template, it should be similar to this:
access-list <RP_AccessList>
extended permit ip object-group
<RP_OnPremiseNetwork> object-group <RP_AzureNetwork>
nat (inside,outside) source static <RP_OnPremiseNetwork>
<RP_OnPremiseNetwork> destination static <RP_AzureNetwork>
<RP_AzureNetwork>
Based on my experience, to establish
IPSEC tunnel, you need to allow the ESP protocol and UDP Port 500. Please make sure that the
VPN device cannot be located behind a NAT. Besides, since Cisco ASA templates are not
compatible for dynamic routing, please make sure that you chose the static routing.
Since you configure the VPN device yourself, it's important that you would be familiar with the device and its configuration settings.
Hope this helps you.
Girish Prajwal

How do you change the MTU size in a Cisco 871?

This 871 is at a remote site and is an ezvpn IPsec client (network extension mode) back to a 3030 headend.
We're having problems with a PC trying to connect through the IPsec tunnel and we think it may be an MTU size problem.
Int F4 is the outside interface.
We are using a virtual-template associated with the crypto ipsec client ezvpn statement.
When I go into any of the 871 interfaces and type 'mtu 1370' it errors out with 'The F4 (or whatever interface) does not allow manual MTU size configuration.
If I type 'ip mtu 1370' on F4 (or vlan1 or virtual-template 1) this is accepted, but when I do a 'show int f 4', it still shows MTU of 1514 - even after a reload.
What is the correct way to set the MTU size in the 871 router - and is it best set on the F4 interface, the vlan, or the virtual-template interface?

Hi
As per the supporting doc Cisco 871 has one want ethernet interface and 2 switch ports.
I feel you are trying to change the mtu under the switch port which may not be possible.
You can refer the below link for more info..
http://www.cisco.com/en/US/products/hw/routers/ps380/products_data_sheet0900aecd8028a976.html
regds

Application Security Tab in Cisco 871 SDM

Hi,
in the manual of SDM v2.5, an "Application Security" is mentioned that should be in the "Firewall / ACL" section. However, my SDM interface only shows "Create Firewall" and the "Edit...." tabs. Does anyone of you know where I can find this tab?

Hi davistan,
thanks for your reply. According to the SDM v2.5 manual it should indeed be located in the place you indicate. However, it isn't shown in my SDM interface. I have a Cisco 871 with Advanced IP Services.

Cisco 871 and 881 routers PCI Compliant?

do you know if the Cisco 871 and 881 routers are PCI complaint for 2015 and if not, are they able to be updated to be PCI Compliant?
thanks,
I am a Franchisee for a pizza chain and they are stating the routers will not be compliant with the new credit card PCI standards.

Any router can be PCI complaint as long you follow the PCI guide to harden the router and apply the correct filters.For example; one of the PCI requirement is to disable telnet access to the router and only use SSH. So, this can easily be accomplished if you have the right IOS with security installed.
HTH

Cisco 871 PPPoE problem

I have a cisco 871 router and I am not able to make a pppoe connection with ISP.
Config:
Building configuration...
Current configuration : 2043 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname home_gateway
boot-start-marker
boot-end-marker
enable secret 5 $1$G3f1$Le8WUWVfpRAUnS0wfIJDA0
no aaa new-model
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1
ip dhcp pool AP
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
no ip domain lookup
ip domain name limelite
multilink bundle-name authenticated
username admin password 0 cisco
archive
log config
hidekeys
interface FastEthernet0
switchport access vlan 100
interface FastEthernet1
switchport access vlan 100
interface FastEthernet2
switchport access vlan 100
interface FastEthernet3
switchport access vlan 200
interface FastEthernet4
description Link to WAN
no ip address
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
interface Vlan1
no ip address
interface Vlan100
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan200
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Dialer1
description ISP DialIn
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname xxx
ppp chap password 0 xxx
ppp pap sent-username xxx password 0 xxx
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255
dialer-list 1 protocol ip permit
control-plane
line con 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
login local
transport input telnet ssh
scheduler max-task-time 5000
webvpn cef
end
home_gateway#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
FastEthernet4 unassigned YES manual up up
Vlan1 unassigned YES NVRAM up down
NVI0 unassigned NO unset up up
Vlan100 192.168.2.1 YES NVRAM up up
Vlan200 10.0.0.1 YES NVRAM up down
Dialer1 188.25.128.187 YES IPCP up up
Virtual-Access1 unassigned YES unset up up
I am able to get an ip address. But cannot ping into internet.
home_gateway#ping 8.8.8.8 source vlan 100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
Success rate is 0 percent (0/5)
home_gateway#traceroute 8.8.8.8 source vlan 100
Type escape sequence to abort.
Tracing the route to 8.8.8.8
1 * * *
2 * *
Nat translations are making.
home_gateway#sh ip nat tra
Pro Inside global Inside local Outside local Outside global
icmp 188.25.128.187:3 192.168.2.1:3 8.8.8.8:3 8.8.8.8:3
udp 188.25.128.187:49166 192.168.2.1:49166 8.8.8.8:33434 8.8.8.8:33434
udp 188.25.128.187:49167 192.168.2.1:49167 8.8.8.8:33435 8.8.8.8:33435
udp 188.25.128.187:49168 192.168.2.1:49168 8.8.8.8:33436 8.8.8.8:33436
udp 188.25.128.187:49169 192.168.2.1:49169 8.8.8.8:33437 8.8.8.8:33437
tcp 188.25.128.187:54211 192.168.2.10:54211 81.161.59.31:80 81.161.59.31:80
tcp 188.25.128.187:54212 192.168.2.10:54212 54.208.162.210:80 54.208.162.210:80
tcp 188.25.128.187:54221 192.168.2.10:54221 81.161.59.31:80 81.161.59.31:80
tcp 188.25.128.187:54222 192.168.2.10:54222 54.236.215.239:80 54.236.215.239:80
udp 188.25.128.187:56128 192.168.2.10:56128 5.14.64.48:40572 5.14.64.48:40572
udp 188.25.128.187:56128 192.168.2.10:56128 79.117.219.236:24111 79.117.219.236:24111
udp 188.25.128.187:56128 192.168.2.10:56128 86.125.250.226:60404 86.125.250.226:60404
udp 188.25.128.187:56128 192.168.2.10:56128 188.24.8.159:17835 188.24.8.159:17835
home_gateway#
home_gateway#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
C 192.168.2.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 is directly connected, Dialer1
Any suggestions for what can be the problem?

hello,
Still is not working. Ip routing is activated by default and ip classless too in 12.4 ios version.
I have deleted the dialer interface and reconfig it. Then tried first with the ppp ipcp route default, but still not receiving the default route.
I have been putting back the static route with dialer 1 exit interface.
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp pap sent-username bb1011991 password 7 005D45505D03535659761C
ppp ipcp dns request
ppp ipcp route default
interface FastEthernet4
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
All the same, I recieve Ip address.
gateway#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
FastEthernet4 unassigned YES manual up up
Vlan1 unassigned YES NVRAM administratively down down
NVI0 unassigned NO unset up up
Vlan100 192.168.2.1 YES NVRAM up up
Vlan200 10.0.0.1 YES NVRAM up down
Dialer1 188.27.188.38 YES IPCP up up
Virtual-Access1 unassigned YES unset up up
I have debuged ip routing and ppp packet, this is what I got.
Ppp packet
gateway#ping 8.8.8.8 source vlan 100
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
*Mar 15 19:31:37.634: Vi1 LCP: O ECHOREQ [Open] id 11 len 12 magic 0x1F9E0BC9
*Mar 15 19:31:37.634: Vi1 LCP-FS: I ECHOREP [Open] id 11 len 12 magic 0xE49B3E1C
*Mar 15 19:31:37.634: Vi1 LCP-FS: Received id 11, sent id 11, line up
*Mar 15 19:31:38.558: Vi1 PPP: O pkt type 0x0021, datagramsize 102.
*Mar 15 19:31:40.558: Vi1 PPP: O pkt type 0x0021, datagramsize 102.
*Mar 15 19:31:42.558: Vi1 PPP: O pkt type 0x0021, datagramsize 102.
*Mar 15 19:31:44.558: Vi1 PPP: O pkt type 0x0021, datagramsize 102.
*Mar 15 19:31:46.558: Vi1 PPP: O pkt type 0x0021, datagramsize 102.
Success rate is 0 percent (0/5)
Ip routing
*Mar 15 19:32:08.114: IP-Static: 0.0.0.0 0.0.0.0 Dialer1 Path = 1, route table no change, recursive flag clear
*Mar 15 19:33:06.961: IP: s=192.168.2.1 (local), d=8.8.8.8 (Dialer1), len 100, sending.
*Mar 15 19:33:08.113: RT: NET-RED 0.0.0.0/0

Hi Team, I wuold like to know if you have any app to make Firefox OS working with cisco Call Manager 10.5. Something like Cisco Jabber for Android or iOS.

I'm interesting on buying a Firefox Smart Phone, but
I would like to know if are any app to install on Firefox OS smart phone in order to work with cisco call manager 10.5.
Something like Cisco Jabber for Android o iOS.
Thanks,

Hi Itech,
If Cisco Jabber has a webapp, or mobile version of their website available, you should technically be able to access it through Firefox OS.
You may also search Firefox Marketplace for an alternative solution:
* [https://marketplace.firefox.com/]
- Ralph

Issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login

Directory Caching issue with Cisco Jabber client for Windows

Hi ,
I am facing cache issue with Cisco Jabber client for Windows. If I do any change related to modification or deletion of contacts in Active Directory/ Callmanager, it does not reflect in the Jabber. Because jabber takes the contacts from the locally stored cache file in the Windows system.
Every time I have to remove the cache file to overcome this issue, practically it's not possible to do the same with all the Widows users. As, if any employee leaves the company and still I can see his contact appears in the "Cisco Jabber client". I have not seen this issue with Android/Apple iOS.
Is there any automated way to remove the cache file?
Here is the detail of CUCM,Presence and Jabber.
CUCM version: 9.1.x
Presence : 9.1.X
Jabber : 10.5 and 10.6

Hello
On our environment we had to install a dedicated Microsoft Certificate Authority "just for Cisco Jabber usage" to house the
Network Device Enrollment Service.
Our certificate for the CUPS were generated on this Certification Authority too.
I discussed this certificate matter with my colleagues this afternoon and nobody seems to remember how these certificates were deployed into the
Enterprise Trust store for the users.
But I think they asked all 400 users to accept the 3 certificates by answering "yes" to the popup instead of using a script deployed by GPO...
I wish you success with that deployment and really hope you have a technical partner that *Knows* this subject.
Our partner left us alone with that unfortunately.
Florent
EDIT: If the "Certutil script method" works, please let me know. This could be useful in our own deployment.

Azure multiple site-to-site VPNs (dynamic gateway) with Cisco ASA devices

Hello
I've been experimenting with moving certain on-premise servers to Azure however they would need a site-to-site VPN link to our many branch sites e.g. monitoring of nodes.
The documentation says I need to configure a dynamic gateway to have multiple site-to-site VPNs. This is not a problem for our typical Cisco ISR's. However three of our key sites use Cisco ASA devices which are listed as 'Not Compatible' with dynamic routing.
So I am stuck...
What options are available to me? Is there any sort of tweak-configuration to make a Cisco ASA work with Azure and dynamic routing?
I was hoping Azure's VPN solution would be very flexible.
Thanks

Hello RTF_Admin,
1. Which is the Series of CISCO ASA device you are using?
Thank you for your interest in Windows Azure. The Dynamic routing is not supported for the Cisco ASA family of devices.
Unfortunately, a dynamic routing VPN gateway is required for Multi-Site VPN, VNet to VNet, and Point-to-Site.
However, you should be able to setup a site-to-site VPN with Cisco ASA 5505 series security appliance as demonstrated in this blog:
Step-By-Step: Create a Site-to-Site VPN between your network and Azure
http://blogs.technet.com/b/canitpro/archive/2013/10/09/step-by-step-create-a-site-to-site-vpn-between-your-network-and-azure.aspx
You can refer to this article for Cisco ASA templates for Static routing:
http://msdn.microsoft.com/en-us/library/azure/dn133793.aspx
If your requirement is only for Multi-Site VPN then there is no option but to upgrade the device as Multisite VPN requires dyanmic routing and unfortunately there is no tweak or workaround due to hardware compatibility issue.
I hope that this information is helpful
Thanks,
Syed Irfan Hussain

Cisco 871 to Cisco ASA 5545 Site-to-Site VPN Split Tunnel not working.

Tunnel comes up and can see and access protected traffic but cannot access web (Split Tunnel). Don't know if access problem or route issue.
Listed below is configuration for Cisco 871, any help very much appreciated.
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key test address x.x.x.x
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to x.x.x.x
set peer x.x.x.x
set transform-set ESP-3DES-SHA
match address 100
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address 4.34.195.193 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
crypto map SDM_CMAP_1
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 172.200.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ip tcp adjust-mss 1452
ip route 0.0.0.0 0.0.0.0 4.34.195.193 permanent
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
logging trap debugging
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 172.200.1.0 0.0.0.255 172.16.2.0 0.0.0.255

I don't see any NAT configuration above. Check you can PING out to the internet (8.8.8.8 for example) from the router itself as it won't need NAT to PING from the outside interface.
Have a look at this document on setting up NAT for your inside devices:
http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

Adaptiva Software Distribution not working with Cisco APs in Local Mode

A worldwide customer would like to use a new Software distribution system called Adaptiva to replace SCCM within Windows environment. As far as I understand, Adaptiva is designed to work like a snowball system. A single PC at a remote side can be "infected" with new Software and will distribute the package to other PCs within the same IP-subnet, saving WAN bandwidth.
First tests are showing that it is working well with Cisco WLAN solution as long as we are using Flexconnect WLAN APs.
Customer locations with Local WLAN AP design create problems for this new software distribution method.
The WLAN-PCs can be reached from outside, but the establishment of the Client/Server-model between the WLAN Clients is not working. The Port used by this software for communication between clients in each WLAN subnet is UDP Port 34329.
Our WLCs are running at 7.4.130.0. The problem is appearing independently of AP Multicast settings or Broadcast Forwarding. Enabling Broadcast forwarding without Reboot did not improve the situation.
Global Multicast Mode and IGMP Snooping are also of no influence.
P2P Blocking Action is "Disabled" within the WLAN setup.
Who has any idea what might cause this communication problem between WLAN clients in Local Mode of APs ?
Thank You for answers
Wini

I can think of two solutions. You could 1: turn the "auto-lock" to never, so that your phone never sleeps. Or, you could 2: jailbreak your iPhone and install "insomnia". I wish we had the Cisco Mobile app. I usually use wifi/insomnia and turn data off at work since we have wireless pretty much everywhere...
Sent from Cisco Technical Support iPad App

S2S with Cisco 871

Similar Messages

Maybe you are looking for