VLAN Over Remote Bridges (1240AG)

Hi,
I've an AP connecting to the backbone switch via 2 wireless bridge links as shown below. Currently, it is operating as flat lan.
Would like to know if it can be coverted to vlan mode so that I can support wireless clients of different vlans at the remote end?
Switch ----------- 1240AG--------------------/-----------------1240AG--------------------/------------------------1240AG
            Eth              Root         802.11b/g        Non       Root             802.11a                Non      AP        802.11b/g  Clients
            Trunk           Bridge                             Root      Bridge                                      Root                 SSID1 -- vlan 10
            vlan 1                                                 Bridge                                                   Bridge              SSID2 -- vlan 20
            vlan 10                                                                                                                                   SSID3 -- vlan 30    
            vlan 20
            vlan 30
Thanks!

Eric,
     Yes it can.  On the bridges you'll want to define the sub-interfaces for the VLAN that you want to pass.  You only need the one SSID on the bridge to accomplish this, as it is the 'connection' between the bridges.
So basiclly you need
int dot11radio 0.10 ( or 1 if you are using the 5GHz to bridge)
encapsulation dot1q 10
bridge-group 10
int dot11radio 0.20
encapsulation dot1q 20
bridge-group 20
int dot11radio 0.30
encapsulation dot1q 30
bridge-group 30
int f0.10
encapsulation dot1q 10
bridge-group 10
int f0.20
encapsulation dot1q 20
bridge-group 20
int f0.30
encapsulation dot1q 30
bridge-group 30 int dot11radio 0.10
encapsulation dot1q 10
bridge-group 10
int dot11radio 0.20
encapsulation dot1q 20
bridge-group 20
int dot11radio 0.30
encapsulation dot1q 30
bridge-group 30
int f0.10
encapsulation dot1q 10
bridge-group 10
int f0.20
encapsulation dot1q 20
bridge-group 20
int f0.30
encapsulation dot1q 30
bridge-group 30
Then just make sure your AP are connected to trunk ports allowing vlan 1,10,20,30
Steve

Similar Messages

  • Native VLAN over 1300 bridge

    Does the BVI interface work on the native VLAN or always on VLAN1 on a 1300 bridge? If I set a VLAN other than VLAN1 for native will that move the BVI to that VLAN?
    Also, does the native vlan have to match at both ends or does it only have local significance? If I had a point to multipoint bridge link, could one remote bridge be set for a different native vlan than another remote bridge?
    I have a bridge link that carries two data vlan's and a voice vlan. At the remote end I only have a phone connected to the bridge directly and have configured the phone to be on the correct voice vlan but I need the computer to access a vlan other than the native. I know I cannot configure the phone to have the PC use the proper vlan as it just uses what the bridge tells it is the native.
    All network equipment is managed in the vlan1, the native vlan, and user data is on another vlan.
    Seth

    You cannot configure multiple VLANs on repeater access points. Repeater access points support only the native VLAN.

  • Vlan over wireless bridge with internet sharing?

    Hi Community, my first post here, hoping somebody may be able to advise...
    I live on a farm which is too far for broadband but fortunately I also have an office in a nearby town and because I have line of sight I have setup a wireless bridge, this gives me 8 MBits which is wonderful. Some of my equipment, for example a NAS is on the farm, and I need to access them from the office via the wireless link and I occasinally use vnc to access my office desktop from the farm. This all works beautifully.
    Ok. now I want to share my internet with my neighbor on the farm, who, in a strange twist also rents an office next to mine downtown, so I would like to give him access to the internet and to his equipment he has there too.. but I don't want him to be able to access my equipment and visa versa I don't want to see his stuff...
    This sounds like a job for port based VLAN.. and so what I bought is two Linksys/Cisco SLM2005 layer2 switches in the hope that this would allow me to do what I want... but I'm not so sure now. In the office I use a draytek v2910 which has a vlan feature that allows me to separate the ports from each other, only giving them internet access.
    So... if I connect these two switches to each other, and I create a VLAN with the same id on each of the switches, will the corresponding vlans be shared, so, if you assume the following hardware setup:
    farm: slm2005 switch
    port 1 -> wireless bridge to office: member of vlan "2", "3"
    port 2 -> access point A for neighbor: member of vlan "2"
    port 3 -> my own access point B: member of vlan "3"
    office: slm2005 switch
    port 1 -> wireless bridge to farm: member of vlan "2", "3"
    port 2  -> access point C for neighbor: member of vlan "2"
    port 3 -> my access point for office D: member of vlan "3"
    port 4 -> router port 1: member of vlan "2"
    port 5 -> router port 2: member of vlan "3"
    the router (draytek v2910) is configured in such a way to separate port 1 and port 2 (otherwise there would be a loop...)
    The idea here is to create a vlan "2" for my neighbor and "3" for myself. but what's the correct way to consider the wireless bridge inbeetween (in fact, I think the same problem would occur if I just connected the two switches with a cable (if i had a 2 mile long one..)...)
    Will my neighbor be able to see both access points "A" and "C" and the internet, but not be my access points "B" and "D"? Or does this whole concept of VLAN over bridge not work like this, or not at all?
    Thanks in advance for any advice,
    Andres

    Hi Andreas,
    you're not far from it.
    Your whole concept is ok. What you just need is on the gateway of each subnet (I would presume it's the router in the office) to create an access list preventing to route between vlan 2 and 3.
    On all other devices,  traffic can't jump between vlans. But on a routing device that has the Vlan layer3 interfaces, traffic is routed between vlans so that's where you need to prevent it.
    With regards to vlans over wireless, you're also having the good concept. The point is to have only 1 ssid, that will be in a certain vlan, but also bridging the other vlans onto that ssid.
    This doc should help you out :
    http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr
    HTH,
    Nicolas
    Thanks to rank the answer if you see it as useful !

  • Create VLAN over 1310 Bridges

    How can i create Differents VLANs on 1310 Root bridge and pass the VLAN info to the non root bridge wirelessly.
    Currently my switch ports are configured as access port for the bridges and if i make the port a trunk port; siwtch connected to the non root bridge stops communicating. Any help will be appreciated.
    Thanks,
    Osman

    Check out this link:
    http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_7_JA/configuration/guide/b37vlan.html

  • Multiple VLANs over 1300 series bridges

    Hi
    I am looking to connect a small external building to a main campus building by wireless bridge. The building i want to connect currently has two vlans, can the 1300 series bridges carry multiple vlans over the wireless bridge link? If so can anyone point me towards s document that explains it?
    Many thanks
    Simon

    Hi Simon,
    Yes they can, here is a link, i hope it helps you, look at the "Bridge configuration" title.
    http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml
    Regards,
    Milton Tizoc.

  • Vlans over wan

    Is it possible to run a vlan over a wan link on my router ?

    Yes, but don't do it......
    There shouldn't be any reason for you to 'Bridge' over the WAN. Use Layer-3 and route your traffic.
    Andy

  • DHCP over wireless bridge

    I want to setup a wireless bridge going from a current network (siteA), to a new small network across the street (siteB). I have 2 Cisco 1131AG Access points. I have no need for any client access, only the bridge. I have the interfaces up and can ping across, however, no dhcp requests seem to come over the bridge. Where am I going wrong??
    [SiteA]
    dot11 ssid Cisco
    authentication open
    authentication key-management wpa
    guest-mode
    infrastructure-ssid
    wpa-psk ascii secret
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers aes-ccm
    ssid Cisco
    station-role root access-point
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    bridge-group 1
    no bridge-group 1 source-learning
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address 10.175.36.254 255.255.255.0
    no ip route-cache
    bridge 1 route ip
    [SiteB]
    dot11 ssid Cisco
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii secret
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers aes-ccm
    ssid Cisco
    station-role workgroup-bridge
    bridge-group 1
    bridge-group 1 spanning-disabled
    interface Dot11Radio1
    no ip address
    no ip route-cache
    shutdown
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    bridge-group 1 spanning-disabled
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    bridge-group 1
    bridge-group 1 spanning-disabled
    interface BVI1
    ip address 10.175.36.253 255.255.255.0
    no ip route-cache
    bridge 1 route ip
    bridge 1 aging-time 120

    Have you tried configuring Site A as root bridge and Site B as non-root bridge.
    See this example:
    http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml

  • Switch over opened Bridge windows

    In all past versions off Bridge (in Mac), I can switch over opened Bridge windows by pressing command + ` (or ~). This functionality aparently is gone in CS6. What happened? Is there another shortcut for this now?

    Curt Y wrote:
    The mac command to switch to open window is command - shift - tilde.  Is this what you are looking for?
    I can confirm that works, Curt! 
    Leo,
    I can confirm Curt is right.  I just tried it in Bridge CS6 on my Mac running under snow Leopard 10.6.8:
    Command+Shift+Tilde does work to switch to another open window!
    Note that, on the Mac version, both [Control+SHIFT+~ ] and [Command+SHIFT+~ ] in Photoshop work exactly the same to cycle through open windows of the application.

  • Missing calendar entries from phone over Blackberry bridge

    I have two phones bridged to the playbook. Initially I had issues seeing SMS over the bridge with a 9850. After deleting the tablet from the phone and the phone from the tablet, performing a hard reset and re-adding the devices the issue was fixed. I then got the playbook bridge to a 9930. All apps work with the exception of the calendar. I am not able to see some of my entries on the calendar displayed on the playbook even when they appear on the 9930. After deleting the tablet from the phone and the phone from the tablet, performing a hard reset on both devices and re-adding the devices the issue was not fixed. Ideas? Thank you!!!
    Solved!
    Go to Solution.

    Hey inieto09,
    The BlackBerry PlayBook may not be configured to display the Calendar Service associated with the missing entries, please try the following:
    1. From the BlackBerry PlayBook, Click the BlackBerry Bridge icon.
    2. Click on the Calendar icon.
    3. Enter the BlackBerry Smartphone password if prompted.
    4. Tap on the Calendar Services icon. (this is the third icon from the bottom left)
    5. Ensure that the desired calendar(s) is checked
    6. Click Done.
    Let me know if this helps.
    Thanks.
    -HB
    Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
    Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)!

  • Catalyst series - Private VLAN over trunk

    Hey every body
    I was planning to implement a Cisco Nexus 5596 in a data center as it supports private VLAN over trunk.
    But now, I av been forced to use a Cisco Catalyst series instead of the Nexus one.
    Based on the feature that is very important for my manager (private VLAN over trunk), which Catalyst switch can be replaced with the Nexus 5596? In other words, what Catalyst series switch works at the same scale and efficiency of Nexus 5596 and supports private VLAN over trunk feature?
    Cheers

    4500x Yes
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
    Nexus 5k Yes
    http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
    3850s
    They dont support pvs at all yet
    http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
    Restrictions for VLANs
    The following are restrictions for VLANs:
    The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
    The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
    Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
    Private VLANs are not supported on the switch.
    You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches.

  • VLANs over bridges to an AP

    I have my wired network (w/DHCP and vlan scopes). Attached to the wired network is a 1400 series bridge1 connecting to another 1400 bridge2 (via 802.11a). Bridge 2 connects to a 1200 Access point via a straight ethernet connection. I want to use VLANs on the access point. I configured the trunk between the wired network and Bridge1. I configured the VLANs and SSIDs on the AP, but I’m unable to get an ip address when connecting to vlan2/ssid (vlan 1 is the native vlan and works fine). Any suggestions?

    check whether DHCP option 43 is enabled

  • Problem with traffic over Remote Access VPN (Cisco ASA5505)

    Hi
    I've changed the VPN IP pool on a previously functioning VPN setup on a Cisco ASA5505, I've updated IP addresses everywhere it seemed appropriate, but now the VPN is no longer working. I am testing with a Cisco IPSec client, but the same happens with the AnyConnect client. Clients connect, but cannot access resources on the LAN. Split tunneling also doesn't work, internet is not accessible once VPN is connected.
    I found a NAT exempt rule to not be correctly specified, but after fixing this, the problem still persists.
    : Saved:ASA Version 8.2(1) !hostname ciscoasadomain-name our-domain.comenable password xxxxxxxx encryptedpasswd xxxxxxxx encryptednamesname 172.17.1.0 remote-vpn!interface Vlan1 nameif inside security-level 100 ip address 10.1.1.2 255.0.0.0 !interface Vlan2 nameif outside security-level 0 pppoe client vpdn group adslrealm ip address pppoe setroute !interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone SAST 2dns domain-lookup insidedns domain-lookup outsidedns server-group DefaultDNS name-server 10.1.1.138 name-server 10.1.1.54 domain-name our-domain.comsame-security-traffic permit inter-interfacesame-security-traffic permit intra-interfaceobject-group network utobject-group protocol TCPUDP protocol-object udp protocol-object tcpaccess-list no_nat extended permit ip 10.0.0.0 255.0.0.0 remote-vpn 255.255.255.0 access-list split-tunnel standard permit 10.0.0.0 255.0.0.0 access-list outside_access_in extended permit tcp any interface outside eq https access-list outside_access_in extended permit tcp any interface outside eq 5061 access-list outside_access_in extended permit tcp any interface outside eq 51413 access-list outside_access_in extended permit udp any interface outside eq 51413 access-list outside_access_in extended permit tcp any interface outside eq 2121 access-list outside_access_in extended permit udp any interface outside eq 2121 access-list inside_access_out extended deny ip any 64.34.106.0 255.255.255.0 access-list inside_access_out extended deny ip any 69.25.20.0 255.255.255.0 access-list inside_access_out extended deny ip any 69.25.21.0 255.255.255.0 access-list inside_access_out extended deny ip any 72.5.76.0 255.255.255.0 access-list inside_access_out extended deny ip any 72.5.77.0 255.255.255.0 access-list inside_access_out extended deny ip any 216.52.0.0 255.255.0.0 access-list inside_access_out extended deny ip any 74.201.0.0 255.255.0.0 access-list inside_access_out extended deny ip any 64.94.0.0 255.255.0.0 access-list inside_access_out extended deny ip any 69.25.0.0 255.255.0.0 access-list inside_access_out extended deny tcp any any eq 12975 access-list inside_access_out extended deny tcp any any eq 32976 access-list inside_access_out extended deny tcp any any eq 17771 access-list inside_access_out extended deny udp any any eq 17771 access-list inside_access_out extended permit ip any any pager lines 24logging enablelogging asdm informationalmtu inside 1500mtu outside 1500ip local pool VPNPool 172.17.1.1-172.17.1.254icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 0 access-list no_natnat (inside) 1 10.0.0.0 255.0.0.0static (inside,outside) tcp interface 5061 10.1.1.157 5061 netmask 255.255.255.255 static (inside,outside) tcp interface https 10.1.1.157 4443 netmask 255.255.255.255 static (inside,outside) tcp interface 51413 10.1.1.25 51413 netmask 255.255.255.255 static (inside,outside) udp interface 51413 10.1.1.25 51413 netmask 255.255.255.255 static (inside,outside) tcp interface 2121 10.1.1.25 2121 netmask 255.255.255.255 static (inside,outside) udp interface 2121 10.1.1.25 2121 netmask 255.255.255.255 access-group outside_access_in in interface outsidetimeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00dynamic-access-policy-record DfltAccessPolicyaaa-server AD protocol ldapaaa-server AD (inside) host 10.1.1.138 ldap-base-dn dc=our-domain,dc=com ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password * ldap-login-dn cn=ciscoasa,cn=Users,dc=ourdomain,dc=com server-type auto-detectaaa authentication ssh console AD LOCALaaa authentication telnet console LOCAL http server enable 4343http 0.0.0.0 0.0.0.0 outsidehttp 10.0.0.0 255.0.0.0 insidehttp remote-vpn 255.255.255.0 insidesnmp-server host inside 10.1.1.190 community oursnmpsnmp-server host inside 10.1.1.44 community oursnmpno snmp-server locationno snmp-server contactsnmp-server community *****snmp-server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5crypto dynamic-map dyn1 1 set transform-set FirstSetcrypto dynamic-map dyn1 1 set reverse-routecrypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAPcrypto map mymap 1 ipsec-isakmp dynamic dyn1crypto map mymap interface outsidecrypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa crl configurecrypto ca trustpoint CA1 revocation-check crl none enrollment retry period 5 enrollment terminal fqdn ciscoasa.our-domain.com subject-name CN=ciscoasa.our-domain.com, OU=Department, O=Company, C=US, St=New York, L=New York keypair ciscoasa.key crl configurecrypto ca certificate chain ASDM_TrustPoint0 certificate xxxxxxx    ...  quitcrypto ca certificate chain CA1 certificate xxxxxxxxxxxxxx    ...  quit certificate ca xxxxxxxxxxxxx    ...  quitcrypto isakmp enable outsidecrypto isakmp policy 1 authentication rsa-sig encryption 3des hash md5 group 2 lifetime 86400crypto isakmp policy 5 authentication pre-share encryption 3des hash sha group 2 lifetime 86400crypto isakmp policy 10 authentication pre-share encryption des hash sha group 2 lifetime 86400ssh 10.0.0.0 255.0.0.0 insidessh timeout 5console timeout 0vpdn group adslrealm request dialout pppoevpdn group adslrealm localname username6@adslrealmvpdn group adslrealm ppp authentication papvpdn username username6@adslrealm password ********* store-localvpdn username username@adsl-u password ********* store-localvpdn username username2@adslrealm password ********* dhcpd auto_config outside!threat-detection basic-threatthreat-detection scanning-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptntp server x.x.x.x source outsidessl trust-point ASDM_TrustPoint0 outsidewebvpn port 4343 enable outside svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1 svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2 svc image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3 svc enablegroup-policy defaultgroup internalgroup-policy defaultgroup attributes dns-server value 10.1.1.138 10.1.1.54 split-tunnel-policy tunnelspecified split-tunnel-network-list value split-tunnel default-domain value our-domain.comgroup-policy DfltGrpPolicy attributes dns-server value 10.1.1.138 10.1.1.54 vpn-tunnel-protocol IPSec l2tp-ipsec svc split-tunnel-policy tunnelspecified split-tunnel-network-list value split-tunnel address-pools value VPNPool webvpn  svc ask none default svcusername person1 password xxxxxxx encryptedusername admin password xxxxxxxx encrypted privilege 15username person2 password xxxxxxxxx encryptedusername person3 password xxxxxxxxxx encryptedtunnel-group DefaultRAGroup general-attributes address-pool VPNPool default-group-policy defaultgrouptunnel-group DefaultRAGroup ipsec-attributes trust-point CA1tunnel-group OurCompany type remote-accesstunnel-group OurCompany general-attributes address-pool VPNPooltunnel-group OurCompany webvpn-attributes group-alias OurCompany enable group-url https://x.x.x.x/OurCompany enabletunnel-group OurIPSEC type remote-accesstunnel-group OurIPSEC general-attributes address-pool VPNPool default-group-policy defaultgrouptunnel-group OurIPSEC ipsec-attributes pre-shared-key * trust-point CA1!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters  message-length maximum 512policy-map type inspect sip sip-map parameters  max-forwards-validation action drop log  state-checking action drop log  rtp-conformance policy-map global_policy class inspection_default  inspect dns preset_dns_map   inspect ftp   inspect h323 h225   inspect h323 ras   inspect rsh   inspect rtsp   inspect esmtp   inspect sqlnet   inspect skinny    inspect sunrpc   inspect xdmcp   inspect netbios   inspect tftp   inspect icmp   inspect pptp   inspect sip sip-map !             service-policy global_policy globalprompt hostname context Cryptochecksum:xxxxxxxxxxxxxxxxx: end
    I've checked all the debug logs I could think of and tried various troubleshooting steps. Any ideas?
    Regards
    Lionel

    Hi
    The bulk of the devices are not even routing through the ASA, internal devices such as IP phones, printers, etc. There is also large wastage of IP addresses which needs to be sorted out at some stage.
    Outside IP address is 196.215.40.160. The DSL modem is configured as an LLC bridge.
    Here are the debug logs when connecting if this helps at all. Nothing is logged when a connection is attempted though.
    Regards
    Lionel
    Oct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 765Oct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing SA payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing ke payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing ISA_KE payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing nonce payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing ID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received Fragmentation VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, IKE Peer included IKE fragmentation capability flags:  Main Mode:        True  Aggressive Mode:  FalseOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received NAT-Traversal RFC VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received NAT-Traversal ver 03 VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received NAT-Traversal ver 02 VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received xauth V6 VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received Cisco Unity client VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received DPD VIDOct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, Connection landed on tunnel_group OurIPSECOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing IKE SA payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, IKE SA Proposal # 1, Transform # 5 acceptable  Matches global IKE entry # 2Oct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing ISAKMP SA payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing ke payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing nonce payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Generating keys for Responder...Oct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing ID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing hash payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Computing hash for ISAKMPOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing Cisco Unity VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing xauth V6 VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing dpd vid payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing NAT-Traversal VID ver 02 payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing Fragmentation VID + extended capabilities payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Send Altiga/Cisco VPN3000/Cisco ASA GW VIDOct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 436Oct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NAT-D (130) + NAT-D (130) + NOTIFY (11) + NONE (0) total length : 128Oct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing hash payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Computing hash for ISAKMPOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing notify payloadOct 15 17:08:51 [IKEv1]: Group = OurIPSEC, IP = 197.79.9.227, Automatic NAT Detection Status:     Remote end   IS   behind a NAT device     This   end   IS   behind a NAT deviceOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=b8b02705) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72Oct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=b8b02705) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 88Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, process_attr(): Enter!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Processing MODE_CFG Reply attributes.Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: primary DNS = 10.1.1.138Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: secondary DNS = 10.1.1.54Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: primary WINS = clearedOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: secondary WINS = clearedOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: split tunneling list = split-tunnelOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: default domain = our-domain.comOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: IP Compression = disabledOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: Split Tunneling Policy = Split NetworkOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: Browser Proxy Setting = no-modifyOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: Browser Proxy Bypass Local = disableOct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, User (person2) authenticated.Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=a2171c19) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64Oct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=a2171c19) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, process_attr(): Enter!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Processing cfg ACK attributesOct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=3257625f) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 164Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, process_attr(): Enter!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Processing cfg Request attributesOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for IPV4 address!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for IPV4 net mask!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for DNS server address!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for WINS server address!Oct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Received unsupported transaction mode attribute: 5Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Application Version!Oct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Client Type: iPhone OS  Client Application Version: 7.0.2Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Banner!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Default Domain Name!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Split DNS!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Split Tunnel List!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Local LAN Include!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for PFS setting!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Save PW setting!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for FWTYPE!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for backup ip-sec peer list!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Client Browser Proxy Setting!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Obtained IP addr (172.17.1.1) prior to initiating Mode Cfg (XAuth enabled)Oct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Assigned private IP address 172.17.1.1 to remote userOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, construct_cfg_set: default domain = our-domain.comOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Send Client Browser Proxy Attributes!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Browser Proxy set to No-Modify. Browser Proxy data will NOT be included in the mode-cfg replyOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=3257625f) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 210Oct 15 17:09:03 [IKEv1 DECODE]: IP = 197.79.9.227, IKE Responder starting QM: msg id = c9359d2eOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progressOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Resume Quick Mode processing, Cert/Trans Exch/RM DSID completedOct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, PHASE 1 COMPLETEDOct 15 17:09:03 [IKEv1]: IP = 197.79.9.227, Keep-alive type for this connection: DPDOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Starting P1 rekey timer: 3420 seconds.Oct 15 17:09:03 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=c9359d2e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 284Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing hash payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing SA payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing nonce payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing ID payloadOct 15 17:09:03 [IKEv1 DECODE]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, ID_IPV4_ADDR ID received172.17.1.1Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Received remote Proxy Host data in ID Payload:  Address 172.17.1.1, Protocol 0, Port 0Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing ID payloadOct 15 17:09:03 [IKEv1 DECODE]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, ID_IPV4_ADDR_SUBNET ID received--10.0.0.0--255.0.0.0Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Received local IP Proxy Subnet data in ID Payload:   Address 10.0.0.0, Mask 255.0.0.0, Protocol 0, Port 0Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, QM IsRekeyed old sa not found by addrOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Selecting only UDP-Encapsulated-Tunnel and  UDP-Encapsulated-Transport modes defined by NAT-TraversalOct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE Remote Peer configured for crypto map: dyn1Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing IPSec SA payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IPSec SA Proposal # 1, Transform # 6 acceptable  Matches global IPSec SA entry # 1Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE: requesting SPI!IPSEC: New embryonic SA created @ 0xCB809F40,     SCB: 0xC9613DB0,     Direction: inbound    SPI      : 0x96A6C295    Session ID: 0x0001D000    VPIF num  : 0x00000002    Tunnel type: ra    Protocol   : esp    Lifetime   : 240 secondsOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE got SPI from key engine: SPI = 0x96a6c295Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, oakley constucting quick modeOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing IPSec SA payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing IPSec nonce payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing proxy IDOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Transmitting Proxy Id:  Remote host: 172.17.1.1  Protocol 0  Port 0  Local subnet:  10.0.0.0  mask 255.0.0.0 Protocol 0  Port 0Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:09:03 [IKEv1 DECODE]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE Responder sending 2nd QM pkt: msg id = c9359d2eOct 15 17:09:03 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=c9359d2e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 152Oct 15 17:09:06 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=c9359d2e) with payloads : HDR + HASH (8) + NONE (0) total length : 52Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing hash payloadOct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, loading all IPSEC SAsOct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Generating Quick Mode Key!Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, NP encrypt rule look up for crypto map dyn1 1 matching ACL Unknown: returned cs_id=c9f22e78; rule=00000000Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Generating Quick Mode Key!Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, NP encrypt rule look up for crypto map dyn1 1 matching ACL Unknown: returned cs_id=c9f22e78; rule=00000000Oct 15 17:09:06 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Security negotiation complete for User (person2)  Responder, Inbound SPI = 0x96a6c295, Outbound SPI = 0x09e97594IPSEC: New embryonic SA created @ 0xCB8F7418,     SCB: 0xC9F6DD30,     Direction: outbound    SPI      : 0x09E97594    Session ID: 0x0001D000    VPIF num  : 0x00000002    Tunnel type: ra    Protocol   : esp    Lifetime   : 240 secondsIPSEC: Completed host OBSA update, SPI 0x09E97594IPSEC: Creating outbound VPN context, SPI 0x09E97594    Flags: 0x00000025    SA   : 0xCB8F7418    SPI  : 0x09E97594    MTU  : 1492 bytes    VCID : 0x00000000    Peer : 0x00000000    SCB  : 0x99890723    Channel: 0xC6691360IPSEC: Completed outbound VPN context, SPI 0x09E97594    VPN handle: 0x001E7FCCIPSEC: New outbound encrypt rule, SPI 0x09E97594    Src addr: 10.0.0.0    Src mask: 255.0.0.0    Dst addr: 172.17.1.1    Dst mask: 255.255.255.255    Src ports      Upper: 0      Lower: 0      Op   : ignore    Dst ports      Upper: 0      Lower: 0      Op   : ignore    Protocol: 0    Use protocol: false    SPI: 0x00000000    Use SPI: falseIPSEC: Completed outbound encrypt rule, SPI 0x09E97594    Rule ID: 0xCB5483E8IPSEC: New outbound permit rule, SPI 0x09E97594    Src addr: 196.215.40.160    Src mask: 255.255.255.255    Dst addr: 197.79.9.227    Dst mask: 255.255.255.255    Src ports      Upper: 4500      Lower: 4500      Op   : equal    Dst ports      Upper: 41593      Lower: 41593      Op   : equal    Protocol: 17    Use protocol: true    SPI: 0x00000000    Use SPI: falseIPSEC: Completed outbound permit rule, SPI 0x09E97594    Rule ID: 0xC9242228Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE got a KEY_ADD msg for SA: SPI = 0x09e97594IPSEC: Completed host IBSA update, SPI 0x96A6C295IPSEC: Creating inbound VPN context, SPI 0x96A6C295    Flags: 0x00000026    SA   : 0xCB809F40    SPI  : 0x96A6C295    MTU  : 0 bytes    VCID : 0x00000000    Peer : 0x001E7FCC    SCB  : 0x985C5DA5    Channel: 0xC6691360IPSEC: Completed inbound VPN context, SPI 0x96A6C295    VPN handle: 0x0020190CIPSEC: Updating outbound VPN context 0x001E7FCC, SPI 0x09E97594    Flags: 0x00000025    SA   : 0xCB8F7418    SPI  : 0x09E97594    MTU  : 1492 bytes    VCID : 0x00000000    Peer : 0x0020190C    SCB  : 0x99890723    Channel: 0xC6691360IPSEC: Completed outbound VPN context, SPI 0x09E97594    VPN handle: 0x001E7FCCIPSEC: Completed outbound inner rule, SPI 0x09E97594    Rule ID: 0xCB5483E8IPSEC: Completed outbound outer SPD rule, SPI 0x09E97594    Rule ID: 0xC9242228IPSEC: New inbound tunnel flow rule, SPI 0x96A6C295    Src addr: 172.17.1.1    Src mask: 255.255.255.255    Dst addr: 10.0.0.0    Dst mask: 255.0.0.0    Src ports      Upper: 0      Lower: 0      Op   : ignore    Dst ports      Upper: 0      Lower: 0      Op   : ignore    Protocol: 0    Use protocol: false    SPI: 0x00000000    Use SPI: falseIPSEC: Completed inbound tunnel flow rule, SPI 0x96A6C295    Rule ID: 0xCB7CFCC8IPSEC: New inbound decrypt rule, SPI 0x96A6C295    Src addr: 197.79.9.227    Src mask: 255.255.255.255    Dst addr: 196.215.40.160    Dst mask: 255.255.255.255    Src ports      Upper: 41593      Lower: 41593      Op   : equal    Dst ports      Upper: 4500      Lower: 4500      Op   : equal    Protocol: 17    Use protocol: true    SPI: 0x00000000    Use SPI: falseIPSEC: Completed inbound decrypt rule, SPI 0x96A6C295    Rule ID: 0xCB9BF828IPSEC: New inbound permit rule, SPI 0x96A6C295    Src addr: 197.79.9.227    Src mask: 255.255.255.255    Dst addr: 196.215.40.160    Dst mask: 255.255.255.255    Src ports      Upper: 41593      Lower: 41593      Op   : equal    Dst ports      Upper: 4500      Lower: 4500      Op   : equal    Protocol: 17    Use protocol: true    SPI: 0x00000000    Use SPI: falseIPSEC: Completed inbound permit rule, SPI 0x96A6C295    Rule ID: 0xCBA7C740Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Pitcher: received KEY_UPDATE, spi 0x96a6c295Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Starting P2 rekey timer: 3417 seconds.Oct 15 17:09:06 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Adding static route for client address: 172.17.1.1 Oct 15 17:09:06 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, PHASE 2 COMPLETED (msgid=c9359d2e)

  • VTP over Wireless Bridge

    Is it possible to configure a VTP from one switch to another over an 1300 Bridge?
    The only sample i've seen at cisco.com is the one with only the vlan 1 being transmitted.
    The sample with multiple Vlans is for Access Point and wireless clients not for a bridge.
    The way I'm doing it is configuring multiple SSIDs each with one vlan and putting each subinterface of radio 0 in the same "Bridge-group" of the subinterfaces of fastethernet0.
    Is this the only way to do that?

    Some wireless routers do not support Bonjour (uses for the iTunes sharing) properly.
    You didn't mention what WAP you are using. If it has a "Multicast" setting, try toggling it to a different value (if it is on, turn it off; if it is off, turn it on) and see if that helps.
    You may wish to refer to this thread:
    http://discussions.apple.com/thread.jspa?threadID=314269&tstart=0
    http://home.comcast.net/~teridon73/itunesscripts/    

  • More VLAN on one Bridge

    Hi,
    I have 2 1240 in bridge. I need to transport on that bridge 3 vlan. I create 3 SSID , I see the dot11 association on both the AP but if I try to ping the remote it doesn't work.
    Any suggestion?
    Thank you in advance
    Giovanni

    Hi Jeff,
    finally I can do some test with your suggestion but I don't able to obtain that the bridge carry all Vlan. Only Vlan 1 works.
    I attach the config of both the AP.
    hostname BridgeRoot
    dot11 ssid Bridge1PR
    authentication open
    authentication key-management wpa
    infrastructure-ssid
    wpa-psk ascii pippo
    power inline negotiation prestandard source
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers aes-ccm tkip
    ssid Bridge1PR
    antenna transmit right
    antenna receive right
    channel 2412
    station-role root bridge
    world-mode dot11d country IT outdoor
    bridge-group 1
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    hold-queue 160 in
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    interface FastEthernet0.130
    encapsulation dot1Q 130
    no ip route-cache
    bridge-group 130
    no bridge-group 130 source-learning
    interface FastEthernet0.344
    encapsulation dot1Q 344
    no ip route-cache
    bridge-group 244
    no bridge-group 244 source-learning
    bridge 1 protocol ieee
    bridge 1 route ip
    ================================================================================================================
    hostname BridgenoRoot
    dot11 ssid Bridge1PR
    authentication open
    authentication key-management wpa
    infrastructure-ssid
    wpa-psk ascii pippo
    bridge irb
    interface Dot11Radio0
    no ip address
    no ip route-cache
    encryption mode ciphers aes-ccm tkip
    ssid Bridge1PR
    antenna transmit right
    antenna receive right
    station-role non-root bridge
    world-mode dot11d country IT outdoor
    bridge-group 1
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    interface FastEthernet0
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    hold-queue 160 in
    interface FastEthernet0.1
    encapsulation dot1Q 1 native
    no ip route-cache
    bridge-group 1
    no bridge-group 1 source-learning
    interface FastEthernet0.130
    encapsulation dot1Q 130
    no ip route-cache
    bridge-group 130
    no bridge-group 130 source-learning
    interface FastEthernet0.344
    encapsulation dot1Q 344
    no ip route-cache
    bridge-group 244
    no bridge-group 244 source-learning
    bridge 1 protocol ieee
    bridge 1 route ip
    I done some test with different configuration but always only the Vlan 1 was OK.
    Regards
    Giovanni

  • Premiere Pro CS4 over remote desktop does not play sequence

    Hi all,
    I have been researching this issue over the internet but I have found absolutely no references to it:
    I am running Premiere Pro CS4 on my high-resource PC but would like to work from a different room so I am remoting form my laptop to my "good" PC.
    The system lets me do everything I could normally do when working directly on the main PC with the exception of playing back my edited files (before rendering). This is an obvious handicap since I can not watch my edited sequence and am, therefore, working in the blind. I am able to step through it frame by frame, but when I click the play button, it changes to a pause symbol (as usual) but nothing is shown in the video window. This does not just happen when previewing my edited sequence but also when previewing any imported resource.
    Essentially, Premiere Pro CS4 is not playing any video content over a Remote Desktop.
    Other normal playback software (such as VLC, Windows Media Player etc...) works though, so it is not an issue of no video playback at all. This just happens when I'm using Premiere Pro.
    Any suggestions as to what this may be? Any help will be greatly appreciated!

    I was able to edit a full 1080p HD video in Premiere Pro CS5 remotely using HPs RGS (Remote Graphics Software).  I had a Workstation at work with Premiere Pro installed on it and all the source footage on it.  I was then able to log on remotely from home with my old weak-sauce desktop and successfully edit and play back the HD footage remotely.  You just do a google search for HP RGS or go to this link. http://h20331.www2.hp.com/hpsub/cache/286504-0-0-225-121.html
    There is a free trial available too. I don't know why there is not more information about RGS on the web, but it seems to me to be the only solution to work on Premiere or After Effects remotely.
    I hope this helps

Maybe you are looking for

  • How do I remove Chrome from my macbook Pro

    How do I remove Chrome from my Macbook Pro.

  • Total Problem

    Hi All, I have upgraded a report from 6i to 10g, its a customer statement report that shows the customer transaction their running total, Carried forward total at end of page, Brought forward total, and then finally the end total. But in my report th

  • ASSIGNMENT 처리시 ERROR OFA-48394

    제품 : FIN_FA 작성날짜 : 2005-11-28 ASSIGNMENT 처리시 ERROR OFA-48394 ============================== PURPOSE 자산 이관시 CCID 문제로 이관이 안됨 Problem Description Asset Distribution의 Transfer시 특정 CCID로 이관시 OFA-48394 Error발생 Workaround Solution Description 자산의 등록 시점보다 특정

  • Brushes just so slow!

    Well i upgraded from 2 to 3 today, then installed 3.0.1 before firing Aperture up. The upgrade went okay with my meger 5k of images in a 45GB library so ive finally got time to have a play. Anyway, ive just been playing with the brushes, in particula

  • Siebel Update using OPA not working

    Hi, I have setup OPA and Smoke testing is working fine. But when i try to update the record in siebel using the rule (Followed same steps as whats given in Policy Automation - Siebel--> Tuitorial-->Use an Integration Object to Update a Siebel Busines