VLAN Over Remote Bridges (1240AG)
Hi,
I've an AP connecting to the backbone switch via 2 wireless bridge links as shown below. Currently, it is operating as flat lan.
Would like to know if it can be coverted to vlan mode so that I can support wireless clients of different vlans at the remote end?
Switch ----------- 1240AG--------------------/-----------------1240AG--------------------/------------------------1240AG
Eth Root 802.11b/g Non Root 802.11a Non AP 802.11b/g Clients
Trunk Bridge Root Bridge Root SSID1 -- vlan 10
vlan 1 Bridge Bridge SSID2 -- vlan 20
vlan 10 SSID3 -- vlan 30
vlan 20
vlan 30
Thanks!
Eric,
Yes it can. On the bridges you'll want to define the sub-interfaces for the VLAN that you want to pass. You only need the one SSID on the bridge to accomplish this, as it is the 'connection' between the bridges.
So basiclly you need
int dot11radio 0.10 ( or 1 if you are using the 5GHz to bridge)
encapsulation dot1q 10
bridge-group 10
int dot11radio 0.20
encapsulation dot1q 20
bridge-group 20
int dot11radio 0.30
encapsulation dot1q 30
bridge-group 30
int f0.10
encapsulation dot1q 10
bridge-group 10
int f0.20
encapsulation dot1q 20
bridge-group 20
int f0.30
encapsulation dot1q 30
bridge-group 30 int dot11radio 0.10
encapsulation dot1q 10
bridge-group 10
int dot11radio 0.20
encapsulation dot1q 20
bridge-group 20
int dot11radio 0.30
encapsulation dot1q 30
bridge-group 30
int f0.10
encapsulation dot1q 10
bridge-group 10
int f0.20
encapsulation dot1q 20
bridge-group 20
int f0.30
encapsulation dot1q 30
bridge-group 30
Then just make sure your AP are connected to trunk ports allowing vlan 1,10,20,30
Steve
Similar Messages
-
Does the BVI interface work on the native VLAN or always on VLAN1 on a 1300 bridge? If I set a VLAN other than VLAN1 for native will that move the BVI to that VLAN?
Also, does the native vlan have to match at both ends or does it only have local significance? If I had a point to multipoint bridge link, could one remote bridge be set for a different native vlan than another remote bridge?
I have a bridge link that carries two data vlan's and a voice vlan. At the remote end I only have a phone connected to the bridge directly and have configured the phone to be on the correct voice vlan but I need the computer to access a vlan other than the native. I know I cannot configure the phone to have the PC use the proper vlan as it just uses what the bridge tells it is the native.
All network equipment is managed in the vlan1, the native vlan, and user data is on another vlan.
SethYou cannot configure multiple VLANs on repeater access points. Repeater access points support only the native VLAN.
-
Vlan over wireless bridge with internet sharing?
Hi Community, my first post here, hoping somebody may be able to advise...
I live on a farm which is too far for broadband but fortunately I also have an office in a nearby town and because I have line of sight I have setup a wireless bridge, this gives me 8 MBits which is wonderful. Some of my equipment, for example a NAS is on the farm, and I need to access them from the office via the wireless link and I occasinally use vnc to access my office desktop from the farm. This all works beautifully.
Ok. now I want to share my internet with my neighbor on the farm, who, in a strange twist also rents an office next to mine downtown, so I would like to give him access to the internet and to his equipment he has there too.. but I don't want him to be able to access my equipment and visa versa I don't want to see his stuff...
This sounds like a job for port based VLAN.. and so what I bought is two Linksys/Cisco SLM2005 layer2 switches in the hope that this would allow me to do what I want... but I'm not so sure now. In the office I use a draytek v2910 which has a vlan feature that allows me to separate the ports from each other, only giving them internet access.
So... if I connect these two switches to each other, and I create a VLAN with the same id on each of the switches, will the corresponding vlans be shared, so, if you assume the following hardware setup:
farm: slm2005 switch
port 1 -> wireless bridge to office: member of vlan "2", "3"
port 2 -> access point A for neighbor: member of vlan "2"
port 3 -> my own access point B: member of vlan "3"
office: slm2005 switch
port 1 -> wireless bridge to farm: member of vlan "2", "3"
port 2 -> access point C for neighbor: member of vlan "2"
port 3 -> my access point for office D: member of vlan "3"
port 4 -> router port 1: member of vlan "2"
port 5 -> router port 2: member of vlan "3"
the router (draytek v2910) is configured in such a way to separate port 1 and port 2 (otherwise there would be a loop...)
The idea here is to create a vlan "2" for my neighbor and "3" for myself. but what's the correct way to consider the wireless bridge inbeetween (in fact, I think the same problem would occur if I just connected the two switches with a cable (if i had a 2 mile long one..)...)
Will my neighbor be able to see both access points "A" and "C" and the internet, but not be my access points "B" and "D"? Or does this whole concept of VLAN over bridge not work like this, or not at all?
Thanks in advance for any advice,
AndresHi Andreas,
you're not far from it.
Your whole concept is ok. What you just need is on the gateway of each subnet (I would presume it's the router in the office) to create an access list preventing to route between vlan 2 and 3.
On all other devices, traffic can't jump between vlans. But on a routing device that has the Vlan layer3 interfaces, traffic is routed between vlans so that's where you need to prevent it.
With regards to vlans over wireless, you're also having the good concept. The point is to have only 1 ssid, that will be in a certain vlan, but also bridging the other vlans onto that ssid.
This doc should help you out :
http://www.cisco.com/en/US/partner/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml#vlanbr
HTH,
Nicolas
Thanks to rank the answer if you see it as useful ! -
How can i create Differents VLANs on 1310 Root bridge and pass the VLAN info to the non root bridge wirelessly.
Currently my switch ports are configured as access port for the bridges and if i make the port a trunk port; siwtch connected to the non root bridge stops communicating. Any help will be appreciated.
Thanks,
OsmanCheck out this link:
http://www.cisco.com/en/US/docs/wireless/access_point/1300/12.3_7_JA/configuration/guide/b37vlan.html -
Multiple VLANs over 1300 series bridges
Hi
I am looking to connect a small external building to a main campus building by wireless bridge. The building i want to connect currently has two vlans, can the 1300 series bridges carry multiple vlans over the wireless bridge link? If so can anyone point me towards s document that explains it?
Many thanks
SimonHi Simon,
Yes they can, here is a link, i hope it helps you, look at the "Bridge configuration" title.
http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801d0815.shtml
Regards,
Milton Tizoc. -
Is it possible to run a vlan over a wan link on my router ?
Yes, but don't do it......
There shouldn't be any reason for you to 'Bridge' over the WAN. Use Layer-3 and route your traffic.
Andy -
I want to setup a wireless bridge going from a current network (siteA), to a new small network across the street (siteB). I have 2 Cisco 1131AG Access points. I have no need for any client access, only the bridge. I have the interfaces up and can ping across, however, no dhcp requests seem to come over the bridge. Where am I going wrong??
[SiteA]
dot11 ssid Cisco
authentication open
authentication key-management wpa
guest-mode
infrastructure-ssid
wpa-psk ascii secret
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid Cisco
station-role root access-point
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.175.36.254 255.255.255.0
no ip route-cache
bridge 1 route ip
[SiteB]
dot11 ssid Cisco
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii secret
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm
ssid Cisco
station-role workgroup-bridge
bridge-group 1
bridge-group 1 spanning-disabled
interface Dot11Radio1
no ip address
no ip route-cache
shutdown
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
interface BVI1
ip address 10.175.36.253 255.255.255.0
no ip route-cache
bridge 1 route ip
bridge 1 aging-time 120Have you tried configuring Site A as root bridge and Site B as non-root bridge.
See this example:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml -
Switch over opened Bridge windows
In all past versions off Bridge (in Mac), I can switch over opened Bridge windows by pressing command + ` (or ~). This functionality aparently is gone in CS6. What happened? Is there another shortcut for this now?
Curt Y wrote:
The mac command to switch to open window is command - shift - tilde. Is this what you are looking for?
I can confirm that works, Curt!
Leo,
I can confirm Curt is right. I just tried it in Bridge CS6 on my Mac running under snow Leopard 10.6.8:
Command+Shift+Tilde does work to switch to another open window!
Note that, on the Mac version, both [Control+SHIFT+~ ] and [Command+SHIFT+~ ] in Photoshop work exactly the same to cycle through open windows of the application. -
Missing calendar entries from phone over Blackberry bridge
I have two phones bridged to the playbook. Initially I had issues seeing SMS over the bridge with a 9850. After deleting the tablet from the phone and the phone from the tablet, performing a hard reset and re-adding the devices the issue was fixed. I then got the playbook bridge to a 9930. All apps work with the exception of the calendar. I am not able to see some of my entries on the calendar displayed on the playbook even when they appear on the 9930. After deleting the tablet from the phone and the phone from the tablet, performing a hard reset on both devices and re-adding the devices the issue was not fixed. Ideas? Thank you!!!
Solved!
Go to Solution.Hey inieto09,
The BlackBerry PlayBook may not be configured to display the Calendar Service associated with the missing entries, please try the following:
1. From the BlackBerry PlayBook, Click the BlackBerry Bridge icon.
2. Click on the Calendar icon.
3. Enter the BlackBerry Smartphone password if prompted.
4. Tap on the Calendar Services icon. (this is the third icon from the bottom left)
5. Ensure that the desired calendar(s) is checked
6. Click Done.
Let me know if this helps.
Thanks.
-HB
Come follow your BlackBerry Technical Team on twitter! @BlackBerryHelp
Be sure to click Kudos! for those who have helped you.Click Solution? for posts that have solved your issue(s)! -
Catalyst series - Private VLAN over trunk
Hey every body
I was planning to implement a Cisco Nexus 5596 in a data center as it supports private VLAN over trunk.
But now, I av been forced to use a Cisco Catalyst series instead of the Nexus one.
Based on the feature that is very important for my manager (private VLAN over trunk), which Catalyst switch can be replaced with the Nexus 5596? In other words, what Catalyst series switch works at the same scale and efficiency of Nexus 5596 and supports private VLAN over trunk feature?
Cheers4500x Yes
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/release/note/OL_26674-01.html
Nexus 5k Yes
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/layer2/521_n1_3/b_5k_Layer2_Config_521N13/b_5k_Layer2_Config_521N13_chapter_0100.html
3850s
They dont support pvs at all yet
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/vlan/configuration_guide/b_vlan_3se_3850_cg/b_vlan_3se_3850_cg_chapter_0100.html
Restrictions for VLANs
The following are restrictions for VLANs:
The switch supports per-VLAN spanning-tree plus (PVST+) or rapid PVST+ with a maximum of 128 spanning-tree instances. One spanning-tree instance is allowed per VLAN.
The switch supports IEEE 802.1Q trunking methods for sending VLAN traffic over Ethernet ports.
Configuring an interface VLAN router's MAC address is not supported. The interface VLAN already has an MAC address assigned by default.
Private VLANs are not supported on the switch.
You cannot have a switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches. -
I have my wired network (w/DHCP and vlan scopes). Attached to the wired network is a 1400 series bridge1 connecting to another 1400 bridge2 (via 802.11a). Bridge 2 connects to a 1200 Access point via a straight ethernet connection. I want to use VLANs on the access point. I configured the trunk between the wired network and Bridge1. I configured the VLANs and SSIDs on the AP, but Im unable to get an ip address when connecting to vlan2/ssid (vlan 1 is the native vlan and works fine). Any suggestions?
check whether DHCP option 43 is enabled
-
Problem with traffic over Remote Access VPN (Cisco ASA5505)
Hi
I've changed the VPN IP pool on a previously functioning VPN setup on a Cisco ASA5505, I've updated IP addresses everywhere it seemed appropriate, but now the VPN is no longer working. I am testing with a Cisco IPSec client, but the same happens with the AnyConnect client. Clients connect, but cannot access resources on the LAN. Split tunneling also doesn't work, internet is not accessible once VPN is connected.
I found a NAT exempt rule to not be correctly specified, but after fixing this, the problem still persists.
: Saved:ASA Version 8.2(1) !hostname ciscoasadomain-name our-domain.comenable password xxxxxxxx encryptedpasswd xxxxxxxx encryptednamesname 172.17.1.0 remote-vpn!interface Vlan1 nameif inside security-level 100 ip address 10.1.1.2 255.0.0.0 !interface Vlan2 nameif outside security-level 0 pppoe client vpdn group adslrealm ip address pppoe setroute !interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone SAST 2dns domain-lookup insidedns domain-lookup outsidedns server-group DefaultDNS name-server 10.1.1.138 name-server 10.1.1.54 domain-name our-domain.comsame-security-traffic permit inter-interfacesame-security-traffic permit intra-interfaceobject-group network utobject-group protocol TCPUDP protocol-object udp protocol-object tcpaccess-list no_nat extended permit ip 10.0.0.0 255.0.0.0 remote-vpn 255.255.255.0 access-list split-tunnel standard permit 10.0.0.0 255.0.0.0 access-list outside_access_in extended permit tcp any interface outside eq https access-list outside_access_in extended permit tcp any interface outside eq 5061 access-list outside_access_in extended permit tcp any interface outside eq 51413 access-list outside_access_in extended permit udp any interface outside eq 51413 access-list outside_access_in extended permit tcp any interface outside eq 2121 access-list outside_access_in extended permit udp any interface outside eq 2121 access-list inside_access_out extended deny ip any 64.34.106.0 255.255.255.0 access-list inside_access_out extended deny ip any 69.25.20.0 255.255.255.0 access-list inside_access_out extended deny ip any 69.25.21.0 255.255.255.0 access-list inside_access_out extended deny ip any 72.5.76.0 255.255.255.0 access-list inside_access_out extended deny ip any 72.5.77.0 255.255.255.0 access-list inside_access_out extended deny ip any 216.52.0.0 255.255.0.0 access-list inside_access_out extended deny ip any 74.201.0.0 255.255.0.0 access-list inside_access_out extended deny ip any 64.94.0.0 255.255.0.0 access-list inside_access_out extended deny ip any 69.25.0.0 255.255.0.0 access-list inside_access_out extended deny tcp any any eq 12975 access-list inside_access_out extended deny tcp any any eq 32976 access-list inside_access_out extended deny tcp any any eq 17771 access-list inside_access_out extended deny udp any any eq 17771 access-list inside_access_out extended permit ip any any pager lines 24logging enablelogging asdm informationalmtu inside 1500mtu outside 1500ip local pool VPNPool 172.17.1.1-172.17.1.254icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 0 access-list no_natnat (inside) 1 10.0.0.0 255.0.0.0static (inside,outside) tcp interface 5061 10.1.1.157 5061 netmask 255.255.255.255 static (inside,outside) tcp interface https 10.1.1.157 4443 netmask 255.255.255.255 static (inside,outside) tcp interface 51413 10.1.1.25 51413 netmask 255.255.255.255 static (inside,outside) udp interface 51413 10.1.1.25 51413 netmask 255.255.255.255 static (inside,outside) tcp interface 2121 10.1.1.25 2121 netmask 255.255.255.255 static (inside,outside) udp interface 2121 10.1.1.25 2121 netmask 255.255.255.255 access-group outside_access_in in interface outsidetimeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00dynamic-access-policy-record DfltAccessPolicyaaa-server AD protocol ldapaaa-server AD (inside) host 10.1.1.138 ldap-base-dn dc=our-domain,dc=com ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password * ldap-login-dn cn=ciscoasa,cn=Users,dc=ourdomain,dc=com server-type auto-detectaaa authentication ssh console AD LOCALaaa authentication telnet console LOCAL http server enable 4343http 0.0.0.0 0.0.0.0 outsidehttp 10.0.0.0 255.0.0.0 insidehttp remote-vpn 255.255.255.0 insidesnmp-server host inside 10.1.1.190 community oursnmpsnmp-server host inside 10.1.1.44 community oursnmpno snmp-server locationno snmp-server contactsnmp-server community *****snmp-server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5crypto dynamic-map dyn1 1 set transform-set FirstSetcrypto dynamic-map dyn1 1 set reverse-routecrypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAPcrypto map mymap 1 ipsec-isakmp dynamic dyn1crypto map mymap interface outsidecrypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa crl configurecrypto ca trustpoint CA1 revocation-check crl none enrollment retry period 5 enrollment terminal fqdn ciscoasa.our-domain.com subject-name CN=ciscoasa.our-domain.com, OU=Department, O=Company, C=US, St=New York, L=New York keypair ciscoasa.key crl configurecrypto ca certificate chain ASDM_TrustPoint0 certificate xxxxxxx ... quitcrypto ca certificate chain CA1 certificate xxxxxxxxxxxxxx ... quit certificate ca xxxxxxxxxxxxx ... quitcrypto isakmp enable outsidecrypto isakmp policy 1 authentication rsa-sig encryption 3des hash md5 group 2 lifetime 86400crypto isakmp policy 5 authentication pre-share encryption 3des hash sha group 2 lifetime 86400crypto isakmp policy 10 authentication pre-share encryption des hash sha group 2 lifetime 86400ssh 10.0.0.0 255.0.0.0 insidessh timeout 5console timeout 0vpdn group adslrealm request dialout pppoevpdn group adslrealm localname username6@adslrealmvpdn group adslrealm ppp authentication papvpdn username username6@adslrealm password ********* store-localvpdn username username@adsl-u password ********* store-localvpdn username username2@adslrealm password ********* dhcpd auto_config outside!threat-detection basic-threatthreat-detection scanning-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptntp server x.x.x.x source outsidessl trust-point ASDM_TrustPoint0 outsidewebvpn port 4343 enable outside svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1 svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2 svc image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3 svc enablegroup-policy defaultgroup internalgroup-policy defaultgroup attributes dns-server value 10.1.1.138 10.1.1.54 split-tunnel-policy tunnelspecified split-tunnel-network-list value split-tunnel default-domain value our-domain.comgroup-policy DfltGrpPolicy attributes dns-server value 10.1.1.138 10.1.1.54 vpn-tunnel-protocol IPSec l2tp-ipsec svc split-tunnel-policy tunnelspecified split-tunnel-network-list value split-tunnel address-pools value VPNPool webvpn svc ask none default svcusername person1 password xxxxxxx encryptedusername admin password xxxxxxxx encrypted privilege 15username person2 password xxxxxxxxx encryptedusername person3 password xxxxxxxxxx encryptedtunnel-group DefaultRAGroup general-attributes address-pool VPNPool default-group-policy defaultgrouptunnel-group DefaultRAGroup ipsec-attributes trust-point CA1tunnel-group OurCompany type remote-accesstunnel-group OurCompany general-attributes address-pool VPNPooltunnel-group OurCompany webvpn-attributes group-alias OurCompany enable group-url https://x.x.x.x/OurCompany enabletunnel-group OurIPSEC type remote-accesstunnel-group OurIPSEC general-attributes address-pool VPNPool default-group-policy defaultgrouptunnel-group OurIPSEC ipsec-attributes pre-shared-key * trust-point CA1!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters message-length maximum 512policy-map type inspect sip sip-map parameters max-forwards-validation action drop log state-checking action drop log rtp-conformance policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect netbios inspect tftp inspect icmp inspect pptp inspect sip sip-map ! service-policy global_policy globalprompt hostname context Cryptochecksum:xxxxxxxxxxxxxxxxx: end
I've checked all the debug logs I could think of and tried various troubleshooting steps. Any ideas?
Regards
LionelHi
The bulk of the devices are not even routing through the ASA, internal devices such as IP phones, printers, etc. There is also large wastage of IP addresses which needs to be sorted out at some stage.
Outside IP address is 196.215.40.160. The DSL modem is configured as an LLC bridge.
Here are the debug logs when connecting if this helps at all. Nothing is logged when a connection is attempted though.
Regards
Lionel
Oct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 765Oct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing SA payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing ke payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing ISA_KE payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing nonce payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing ID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received Fragmentation VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: FalseOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received NAT-Traversal RFC VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received NAT-Traversal ver 03 VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received NAT-Traversal ver 02 VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received xauth V6 VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received Cisco Unity client VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received DPD VIDOct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, Connection landed on tunnel_group OurIPSECOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing IKE SA payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, IKE SA Proposal # 1, Transform # 5 acceptable Matches global IKE entry # 2Oct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing ISAKMP SA payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing ke payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing nonce payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Generating keys for Responder...Oct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing ID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing hash payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Computing hash for ISAKMPOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing Cisco Unity VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing xauth V6 VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing dpd vid payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing NAT-Traversal VID ver 02 payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing Fragmentation VID + extended capabilities payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Send Altiga/Cisco VPN3000/Cisco ASA GW VIDOct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 436Oct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NAT-D (130) + NAT-D (130) + NOTIFY (11) + NONE (0) total length : 128Oct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing hash payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Computing hash for ISAKMPOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing notify payloadOct 15 17:08:51 [IKEv1]: Group = OurIPSEC, IP = 197.79.9.227, Automatic NAT Detection Status: Remote end IS behind a NAT device This end IS behind a NAT deviceOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=b8b02705) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72Oct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=b8b02705) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 88Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, process_attr(): Enter!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Processing MODE_CFG Reply attributes.Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: primary DNS = 10.1.1.138Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: secondary DNS = 10.1.1.54Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: primary WINS = clearedOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: secondary WINS = clearedOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: split tunneling list = split-tunnelOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: default domain = our-domain.comOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: IP Compression = disabledOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: Split Tunneling Policy = Split NetworkOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: Browser Proxy Setting = no-modifyOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: Browser Proxy Bypass Local = disableOct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, User (person2) authenticated.Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=a2171c19) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64Oct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=a2171c19) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, process_attr(): Enter!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Processing cfg ACK attributesOct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=3257625f) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 164Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, process_attr(): Enter!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Processing cfg Request attributesOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for IPV4 address!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for IPV4 net mask!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for DNS server address!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for WINS server address!Oct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Received unsupported transaction mode attribute: 5Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Application Version!Oct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Client Type: iPhone OS Client Application Version: 7.0.2Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Banner!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Default Domain Name!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Split DNS!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Split Tunnel List!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Local LAN Include!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for PFS setting!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Save PW setting!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for FWTYPE!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for backup ip-sec peer list!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Client Browser Proxy Setting!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Obtained IP addr (172.17.1.1) prior to initiating Mode Cfg (XAuth enabled)Oct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Assigned private IP address 172.17.1.1 to remote userOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, construct_cfg_set: default domain = our-domain.comOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Send Client Browser Proxy Attributes!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Browser Proxy set to No-Modify. Browser Proxy data will NOT be included in the mode-cfg replyOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=3257625f) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 210Oct 15 17:09:03 [IKEv1 DECODE]: IP = 197.79.9.227, IKE Responder starting QM: msg id = c9359d2eOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progressOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Resume Quick Mode processing, Cert/Trans Exch/RM DSID completedOct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, PHASE 1 COMPLETEDOct 15 17:09:03 [IKEv1]: IP = 197.79.9.227, Keep-alive type for this connection: DPDOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Starting P1 rekey timer: 3420 seconds.Oct 15 17:09:03 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=c9359d2e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 284Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing hash payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing SA payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing nonce payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing ID payloadOct 15 17:09:03 [IKEv1 DECODE]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, ID_IPV4_ADDR ID received172.17.1.1Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Received remote Proxy Host data in ID Payload: Address 172.17.1.1, Protocol 0, Port 0Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing ID payloadOct 15 17:09:03 [IKEv1 DECODE]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, ID_IPV4_ADDR_SUBNET ID received--10.0.0.0--255.0.0.0Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Received local IP Proxy Subnet data in ID Payload: Address 10.0.0.0, Mask 255.0.0.0, Protocol 0, Port 0Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, QM IsRekeyed old sa not found by addrOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-TraversalOct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE Remote Peer configured for crypto map: dyn1Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing IPSec SA payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IPSec SA Proposal # 1, Transform # 6 acceptable Matches global IPSec SA entry # 1Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE: requesting SPI!IPSEC: New embryonic SA created @ 0xCB809F40, SCB: 0xC9613DB0, Direction: inbound SPI : 0x96A6C295 Session ID: 0x0001D000 VPIF num : 0x00000002 Tunnel type: ra Protocol : esp Lifetime : 240 secondsOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE got SPI from key engine: SPI = 0x96a6c295Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, oakley constucting quick modeOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing IPSec SA payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing IPSec nonce payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing proxy IDOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Transmitting Proxy Id: Remote host: 172.17.1.1 Protocol 0 Port 0 Local subnet: 10.0.0.0 mask 255.0.0.0 Protocol 0 Port 0Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:09:03 [IKEv1 DECODE]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE Responder sending 2nd QM pkt: msg id = c9359d2eOct 15 17:09:03 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=c9359d2e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 152Oct 15 17:09:06 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=c9359d2e) with payloads : HDR + HASH (8) + NONE (0) total length : 52Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing hash payloadOct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, loading all IPSEC SAsOct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Generating Quick Mode Key!Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, NP encrypt rule look up for crypto map dyn1 1 matching ACL Unknown: returned cs_id=c9f22e78; rule=00000000Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Generating Quick Mode Key!Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, NP encrypt rule look up for crypto map dyn1 1 matching ACL Unknown: returned cs_id=c9f22e78; rule=00000000Oct 15 17:09:06 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Security negotiation complete for User (person2) Responder, Inbound SPI = 0x96a6c295, Outbound SPI = 0x09e97594IPSEC: New embryonic SA created @ 0xCB8F7418, SCB: 0xC9F6DD30, Direction: outbound SPI : 0x09E97594 Session ID: 0x0001D000 VPIF num : 0x00000002 Tunnel type: ra Protocol : esp Lifetime : 240 secondsIPSEC: Completed host OBSA update, SPI 0x09E97594IPSEC: Creating outbound VPN context, SPI 0x09E97594 Flags: 0x00000025 SA : 0xCB8F7418 SPI : 0x09E97594 MTU : 1492 bytes VCID : 0x00000000 Peer : 0x00000000 SCB : 0x99890723 Channel: 0xC6691360IPSEC: Completed outbound VPN context, SPI 0x09E97594 VPN handle: 0x001E7FCCIPSEC: New outbound encrypt rule, SPI 0x09E97594 Src addr: 10.0.0.0 Src mask: 255.0.0.0 Dst addr: 172.17.1.1 Dst mask: 255.255.255.255 Src ports Upper: 0 Lower: 0 Op : ignore Dst ports Upper: 0 Lower: 0 Op : ignore Protocol: 0 Use protocol: false SPI: 0x00000000 Use SPI: falseIPSEC: Completed outbound encrypt rule, SPI 0x09E97594 Rule ID: 0xCB5483E8IPSEC: New outbound permit rule, SPI 0x09E97594 Src addr: 196.215.40.160 Src mask: 255.255.255.255 Dst addr: 197.79.9.227 Dst mask: 255.255.255.255 Src ports Upper: 4500 Lower: 4500 Op : equal Dst ports Upper: 41593 Lower: 41593 Op : equal Protocol: 17 Use protocol: true SPI: 0x00000000 Use SPI: falseIPSEC: Completed outbound permit rule, SPI 0x09E97594 Rule ID: 0xC9242228Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE got a KEY_ADD msg for SA: SPI = 0x09e97594IPSEC: Completed host IBSA update, SPI 0x96A6C295IPSEC: Creating inbound VPN context, SPI 0x96A6C295 Flags: 0x00000026 SA : 0xCB809F40 SPI : 0x96A6C295 MTU : 0 bytes VCID : 0x00000000 Peer : 0x001E7FCC SCB : 0x985C5DA5 Channel: 0xC6691360IPSEC: Completed inbound VPN context, SPI 0x96A6C295 VPN handle: 0x0020190CIPSEC: Updating outbound VPN context 0x001E7FCC, SPI 0x09E97594 Flags: 0x00000025 SA : 0xCB8F7418 SPI : 0x09E97594 MTU : 1492 bytes VCID : 0x00000000 Peer : 0x0020190C SCB : 0x99890723 Channel: 0xC6691360IPSEC: Completed outbound VPN context, SPI 0x09E97594 VPN handle: 0x001E7FCCIPSEC: Completed outbound inner rule, SPI 0x09E97594 Rule ID: 0xCB5483E8IPSEC: Completed outbound outer SPD rule, SPI 0x09E97594 Rule ID: 0xC9242228IPSEC: New inbound tunnel flow rule, SPI 0x96A6C295 Src addr: 172.17.1.1 Src mask: 255.255.255.255 Dst addr: 10.0.0.0 Dst mask: 255.0.0.0 Src ports Upper: 0 Lower: 0 Op : ignore Dst ports Upper: 0 Lower: 0 Op : ignore Protocol: 0 Use protocol: false SPI: 0x00000000 Use SPI: falseIPSEC: Completed inbound tunnel flow rule, SPI 0x96A6C295 Rule ID: 0xCB7CFCC8IPSEC: New inbound decrypt rule, SPI 0x96A6C295 Src addr: 197.79.9.227 Src mask: 255.255.255.255 Dst addr: 196.215.40.160 Dst mask: 255.255.255.255 Src ports Upper: 41593 Lower: 41593 Op : equal Dst ports Upper: 4500 Lower: 4500 Op : equal Protocol: 17 Use protocol: true SPI: 0x00000000 Use SPI: falseIPSEC: Completed inbound decrypt rule, SPI 0x96A6C295 Rule ID: 0xCB9BF828IPSEC: New inbound permit rule, SPI 0x96A6C295 Src addr: 197.79.9.227 Src mask: 255.255.255.255 Dst addr: 196.215.40.160 Dst mask: 255.255.255.255 Src ports Upper: 41593 Lower: 41593 Op : equal Dst ports Upper: 4500 Lower: 4500 Op : equal Protocol: 17 Use protocol: true SPI: 0x00000000 Use SPI: falseIPSEC: Completed inbound permit rule, SPI 0x96A6C295 Rule ID: 0xCBA7C740Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Pitcher: received KEY_UPDATE, spi 0x96a6c295Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Starting P2 rekey timer: 3417 seconds.Oct 15 17:09:06 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Adding static route for client address: 172.17.1.1 Oct 15 17:09:06 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, PHASE 2 COMPLETED (msgid=c9359d2e) -
Is it possible to configure a VTP from one switch to another over an 1300 Bridge?
The only sample i've seen at cisco.com is the one with only the vlan 1 being transmitted.
The sample with multiple Vlans is for Access Point and wireless clients not for a bridge.
The way I'm doing it is configuring multiple SSIDs each with one vlan and putting each subinterface of radio 0 in the same "Bridge-group" of the subinterfaces of fastethernet0.
Is this the only way to do that?Some wireless routers do not support Bonjour (uses for the iTunes sharing) properly.
You didn't mention what WAP you are using. If it has a "Multicast" setting, try toggling it to a different value (if it is on, turn it off; if it is off, turn it on) and see if that helps.
You may wish to refer to this thread:
http://discussions.apple.com/thread.jspa?threadID=314269&tstart=0
http://home.comcast.net/~teridon73/itunesscripts/ -
Hi,
I have 2 1240 in bridge. I need to transport on that bridge 3 vlan. I create 3 SSID , I see the dot11 association on both the AP but if I try to ping the remote it doesn't work.
Any suggestion?
Thank you in advance
GiovanniHi Jeff,
finally I can do some test with your suggestion but I don't able to obtain that the bridge carry all Vlan. Only Vlan 1 works.
I attach the config of both the AP.
hostname BridgeRoot
dot11 ssid Bridge1PR
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii pippo
power inline negotiation prestandard source
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid Bridge1PR
antenna transmit right
antenna receive right
channel 2412
station-role root bridge
world-mode dot11d country IT outdoor
bridge-group 1
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
interface FastEthernet0.130
encapsulation dot1Q 130
no ip route-cache
bridge-group 130
no bridge-group 130 source-learning
interface FastEthernet0.344
encapsulation dot1Q 344
no ip route-cache
bridge-group 244
no bridge-group 244 source-learning
bridge 1 protocol ieee
bridge 1 route ip
================================================================================================================
hostname BridgenoRoot
dot11 ssid Bridge1PR
authentication open
authentication key-management wpa
infrastructure-ssid
wpa-psk ascii pippo
bridge irb
interface Dot11Radio0
no ip address
no ip route-cache
encryption mode ciphers aes-ccm tkip
ssid Bridge1PR
antenna transmit right
antenna receive right
station-role non-root bridge
world-mode dot11d country IT outdoor
bridge-group 1
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
hold-queue 160 in
interface FastEthernet0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
no bridge-group 1 source-learning
interface FastEthernet0.130
encapsulation dot1Q 130
no ip route-cache
bridge-group 130
no bridge-group 130 source-learning
interface FastEthernet0.344
encapsulation dot1Q 344
no ip route-cache
bridge-group 244
no bridge-group 244 source-learning
bridge 1 protocol ieee
bridge 1 route ip
I done some test with different configuration but always only the Vlan 1 was OK.
Regards
Giovanni -
Premiere Pro CS4 over remote desktop does not play sequence
Hi all,
I have been researching this issue over the internet but I have found absolutely no references to it:
I am running Premiere Pro CS4 on my high-resource PC but would like to work from a different room so I am remoting form my laptop to my "good" PC.
The system lets me do everything I could normally do when working directly on the main PC with the exception of playing back my edited files (before rendering). This is an obvious handicap since I can not watch my edited sequence and am, therefore, working in the blind. I am able to step through it frame by frame, but when I click the play button, it changes to a pause symbol (as usual) but nothing is shown in the video window. This does not just happen when previewing my edited sequence but also when previewing any imported resource.
Essentially, Premiere Pro CS4 is not playing any video content over a Remote Desktop.
Other normal playback software (such as VLC, Windows Media Player etc...) works though, so it is not an issue of no video playback at all. This just happens when I'm using Premiere Pro.
Any suggestions as to what this may be? Any help will be greatly appreciated!I was able to edit a full 1080p HD video in Premiere Pro CS5 remotely using HPs RGS (Remote Graphics Software). I had a Workstation at work with Premiere Pro installed on it and all the source footage on it. I was then able to log on remotely from home with my old weak-sauce desktop and successfully edit and play back the HD footage remotely. You just do a google search for HP RGS or go to this link. http://h20331.www2.hp.com/hpsub/cache/286504-0-0-225-121.html
There is a free trial available too. I don't know why there is not more information about RGS on the web, but it seems to me to be the only solution to work on Premiere or After Effects remotely.
I hope this helps
Maybe you are looking for
-
How do I remove Chrome from my macbook Pro
How do I remove Chrome from my Macbook Pro.
-
Hi All, I have upgraded a report from 6i to 10g, its a customer statement report that shows the customer transaction their running total, Carried forward total at end of page, Brought forward total, and then finally the end total. But in my report th
-
ASSIGNMENT 처리시 ERROR OFA-48394
제품 : FIN_FA 작성날짜 : 2005-11-28 ASSIGNMENT 처리시 ERROR OFA-48394 ============================== PURPOSE 자산 이관시 CCID 문제로 이관이 안됨 Problem Description Asset Distribution의 Transfer시 특정 CCID로 이관시 OFA-48394 Error발생 Workaround Solution Description 자산의 등록 시점보다 특정
-
Well i upgraded from 2 to 3 today, then installed 3.0.1 before firing Aperture up. The upgrade went okay with my meger 5k of images in a 45GB library so ive finally got time to have a play. Anyway, ive just been playing with the brushes, in particula
-
Siebel Update using OPA not working
Hi, I have setup OPA and Smoke testing is working fine. But when i try to update the record in siebel using the rule (Followed same steps as whats given in Policy Automation - Siebel--> Tuitorial-->Use an Integration Object to Update a Siebel Busines