VPN issue on Cisco 7206
Hi Experts,
We have a VPN setup between a Cisco 871 router and a Cisco 7206 VXR router.
The 7206 is a HUB location and the 871 is one of the spokes.
The 871 uses a DSL connection to connect to the internet.
Today we've been getting a large amount of logs on the 7206, logs are as below-
Dec 14 17:47:48.326 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed
Dec 14 17:48:57.078 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed
Dec 14 17:50:33.191 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed
Dec 14 17:51:47.383 est: %CRYPTO-4-IKMP_BAD_MESSAGE: IKE message from <IP> failed its sanity check or is malformed.
Can someone advise if there may be a problem with the DSL connection or if this indicates something else.
Hi MJ,
Sorry about earlier, it did turn out to be a Crypto Key issue. But I didnt understand how the tunnels were showing in QM_IDLE state een when the keys didnt match.
Anyway thanks for your help on this.
Regards,
Imran.
Similar Messages
-
Credential windows issue on CISCO VPN 5.0.07.0410
Hi,
i have 2 laptop same HW with windows XP ( last OS update released ) on both laptop installed CISCO VPN 5.0.07.410 with same installation pack and procedure, both laptop work under 3G connection when try to connect with VPN,
On one laptop when put my credential on connection windows ( windows popuped after pressed "connect" on VPN CLIENT ) no receive any errors on screen, but CISCO VPN Client prompt me again a credential windows and reprompt this windows again and again everytime i put my credential on it.
If try on other laptop all work fine, no credential windows loop.
I tried to repair and reinstall CISCO VPN client but receive same issue
Any one have same helps for me?
ThanksInstall Citrix Deterministic Network Enhancer to solve Cisco IPSec VPN issue with Windows 8/8.1. Check below guide,
http://www.vmwareandme.com/2013/12/solved-windows-8-and-windows-81-cisco.html
www.mytricks.in -
Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)
OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.
What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch?
Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?
When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?
Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet
The ASA is connected to a checkpoint sub interface
Any help would be beneficial as im new to cisco ASAs
Thanks
MarkMark
If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?
HTH
Rick -
HI, i am trying to configure site to site VPN on a cisco 2911 router.
I am unable to get the tunnel up, after some research i have narrowed down the cause to NAT or default route.
Can someone help me
I have posted mt config below
Router Config
Router#s
*Jun 3 20:05:05.474: %SYS-5-CONFIG_I: Configured from console by consoleh run
Building configuration...
Current configuration : 5499 bytes
! Last configuration change at 15:05:05 PCTime Tue Jun 3 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no logging buffered
enable password XXXXX
no aaa new-model
clock timezone PCTime -5 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip cef
ip dhcp pool TEST
network 192.168.x.x 255.255.255.0
default-router 192.168.x.x
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 10
network 192.168.xxx.xx 255.255.255.0
default-router 192.168.xxx.xx
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 1
network 10.100.xx.xx 255.255.255.0
default-router 10.100.xx.xx
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 2
network 10.100.xxx.xx 255.255.255.0
default-router 10.100.xxx.xx
dns-server 64.71.255.198 64.71.255.204 8.8.8.8
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-1282495617
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1282495617
revocation-check none
rsakeypair TP-self-signed-1282495617
crypto pki certificate chain TP-self-signed-1282495617
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323832 34393536 3137301E 170D3133 31303031 31393032
32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32383234
39353631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C2E9 568B0B30 1BE35F55 BAF6F8C5 2525E808 23930CD9 81602A70 DAFAE355
35C7D946 DA8CB688 C1844F02 7AE8864D 80EE3355 27A7B1DC FA5329A0 2B44E434
478EFC47 7D92D8E7 46D6DA4B 5D477D90 E81AC837 3F62DE48 0D0937A0 286FE963
6D2F5DC8 0A2B70EC 5A9F5E3F 47D2A08F EC0A10BC 713507AD F24E042E 94CFB70D
47B30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14735FD7 7A1F7322 CE6A9645 7C73633D D8ED8915 77301D06
03551D0E 04160414 735FD77A 1F7322CE 6A96457C 73633DD8 ED891577 300D0609
2A864886 F70D0101 05050003 81810095 433FC9D1 464A9129 6C02E492 19963992
8A9C1549 A71F3E96 F89F4FE9 AAC3A748 1393CED4 8CEC5D99 71C5455F 5DE834D7
CB4B08A2 276C9DA5 012FAEE2 7EB921E9 4B42DCEA FCD1D04E 2C2C6633 D20D1BDB
133F7B0F ADEB7212 95C88B50 EB3D2854 C1BA8DD1 43B6BD3C C96C3E12 CF7025D1
12E1ACE9 D76791A5 96E88A28 CDCF3B
quit
license udi pid CISCO2911/K9 sn FGL173011EB
username admin privilege 15 password 0 XXXXXX
username rahul privilege 15 password 0 XXXXXXX
username xxxx privilege 15 secret 4 VWq946KBE6gESOmM2hYcakgfruaB4GfVtlGBulc8F7k
redundancy
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Voice-1
match dscp ef
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any CCP-Management-1
match dscp cs2
policy-map sdm-qos-test-123
class class-default
policy-map CCP-QoS-Policy-1
class CCP-Voice-1
priority percent 55
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxxx address 198.161.xxx.xxx
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set OES esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec transform-set vpnset esp-aes esp-sha-hmac
mode tunnel
crypto map tunnel 100 ipsec-isakmp
set peer 198.161.xxx.xxx
set transform-set OES
match address 101
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 69.17.xxx.xxx 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex full
speed 100
crypto map tunnel
interface GigabitEthernet0/1
description WEEE.LOCAL
ip address 10.100.xx.xx 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
service-policy output CCP-QoS-Policy-1
interface GigabitEthernet0/2
description voip
ip address 10.100.xxx.xxx 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 2 interface GigabitEthernet0/0 overload
ip nat inside source list 10 interface GigabitEthernet0/0 overload
ip nat inside source list 99 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 69.17.xxx.xxx
access-list 1 permit 10.100.xx.xx 0.0.0.255
access-list 2 permit 10.100.xxx.xxx 0.0.0.255
access-list 10 permit 192.168.xxx.xx 0.0.0.255
access-list 99 permit 192.168.x.x 0.0.0.255
access-list 101 permit ip 10.100.xxx.xxx 0.0.0.255 10.252.xxx.xxx 0.0.0.255
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password XXXX
login
transport input all
scheduler allocate 20000 1000
End
Router#sh crypto isakmp policy
Global IKE policy
Protection suite of priority 1
encryption algorithm: AES - Advanced Encryption Standard (256 bit keys).
hash algorithm: Secure Hash Standard
authentication method: Pre-Shared Key
Diffie-Hellman group: #2 (1024 bit)
lifetime: 86400 seconds, no volume limit
Router#sh crypto map
Crypto Map IPv4 "tunnel" 100 ipsec-isakmp
Peer = 198.161.xxx.xxx
Extended IP access list 101
access-list 101 permit ip 10.100.xxx.xxx 0.0.0.255 10.252.xxx.xxx 0.0.0.255
Current peer: 198.161.xxx.xxx
Security association lifetime: 4608000 kilobytes/86400 seconds
Responder-Only (Y/N): N
PFS (Y/N): N
Transform sets={
OES: { esp-aes 256 esp-sha-hmac } ,
Interfaces using crypto map tunnel:
GigabitEthernet0/0
Router#show crypto ipsec sa
interface: GigabitEthernet0/0
Crypto map tag: tunnel, local addr 69.17.xxx.xxx
protected vrf: (none)
local ident (addr/mask/prot/port): (10.100.xxx.xxx/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.252.xxx.xxx/255.255.255.0/0/0)
current_peer 198.161.xxx.xxx port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 69.17.xxx.xxx, remote crypto endpt.: 198.161.xxx.xxx
path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
current outbound spi: 0x0(0)
PFS (Y/N): N, DH group: none
inbound esp sas:
inbound ah sas:
inbound pcp sas:
outbound esp sas:
outbound ah sas:
outbound pcp sas:Thanks, i will apply those changes today after work and see if i can get the tunnel up.
I did some changes to the config last night, out of frustration. i decided to use Cisco configuration profession which ran performed debugging on the tunnel and added some nat rules and Access-lists. the tunnel is till not up.
I will post the new config below
Router#sh run
Building configuration...
Current configuration : 6615 bytes
! Last configuration change at 11:49:56 PCTime Wed Jun 4 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no logging buffered
enable password XXX
no aaa new-model
clock timezone PCTime -5 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip cef
ip dhcp pool TEST
network 192.168.XX.XX 255.255.255.0
default-router 192.168.AA.AA
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 10
network 192.168.XXX.XXX 255.255.255.0
default-router 192.168.XXX.XXX
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 1
network 10.100.XX.XX 255.255.255.0
default-router 10.100.XX.XX
dns-server 64.71.255.198 64.71.255.204 4.2.2.2
ip dhcp pool 2
network 10.100.XXX.XXX 255.255.255.0
default-router 10.100.XXX.XXX
dns-server 64.71.255.198 64.71.255.204 8.8.8.8
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-1282495617
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1282495617
revocation-check none
rsakeypair TP-self-signed-1282495617
crypto pki certificate chain TP-self-signed-1282495617
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323832 34393536 3137301E 170D3133 31303031 31393032
32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32383234
39353631 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C2E9 568B0B30 1BE35F55 BAF6F8C5 2525E808 23930CD9 81602A70 DAFAE355
35C7D946 DA8CB688 C1844F02 7AE8864D 80EE3355 27A7B1DC FA5329A0 2B44E434
478EFC47 7D92D8E7 46D6DA4B 5D477D90 E81AC837 3F62DE48 0D0937A0 286FE963
6D2F5DC8 0A2B70EC 5A9F5E3F 47D2A08F EC0A10BC 713507AD F24E042E 94CFB70D
47B30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14735FD7 7A1F7322 CE6A9645 7C73633D D8ED8915 77301D06
03551D0E 04160414 735FD77A 1F7322CE 6A96457C 73633DD8 ED891577 300D0609
2A864886 F70D0101 05050003 81810095 433FC9D1 464A9129 6C02E492 19963992
8A9C1549 A71F3E96 F89F4FE9 AAC3A748 1393CED4 8CEC5D99 71C5455F 5DE834D7
CB4B08A2 276C9DA5 012FAEE2 7EB921E9 4B42DCEA FCD1D04E 2C2C6633 D20D1BDB
133F7B0F ADEB7212 95C88B50 EB3D2854 C1BA8DD1 43B6BD3C C96C3E12 CF7025D1
12E1ACE9 D76791A5 96E88A28 CDCF3B
quit
license udi pid CISCO2911/K9 sn FGL173011EB
username admin privilege 15 password 0 XXXXXXXXX
username rahul privilege 15 password 0 XXXXXXXXXXX
username XXXX privilege 15 secret 4 VWq946KBE6gESOmM2hYcakgfruaB4GfVtlGBulc8F7k
redundancy
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Voice-1
match dscp ef
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any CCP-Management-1
match dscp cs2
policy-map sdm-qos-test-123
class class-default
policy-map CCP-QoS-Policy-1
class CCP-Voice-1
priority percent 55
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXXXXXXXXX address 198.161.XXX.XXX 255.255.255.248
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set OES esp-aes 256 esp-sha-hmac
mode tunnel
crypto ipsec transform-set vpnset esp-aes esp-sha-hmac
mode tunnel
crypto map tunnel 100 ipsec-isakmp
set peer 198.161.XXX.XXX
set transform-set OES
match address 101
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 69.17.XXX.XXX 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex full
speed 100
crypto map tunnel
interface GigabitEthernet0/1
description WEEE.LOCAL
ip address 10.100.AA.AA 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
service-policy output CCP-QoS-Policy-1
interface GigabitEthernet0/2
description voip
ip address 10.100.XXX.XXX 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_2 interface GigabitEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_3 interface GigabitEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_4 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 69.17.AAA.AAA
access-list 1 remark CCP_ACL Category=16
access-list 1 permit 10.100.AA.AA 0.0.0.255
access-list 2 remark CCP_ACL Category=16
access-list 2 permit 10.100.XXX.XXX 0.0.0.255
access-list 10 remark CCP_ACL Category=16
access-list 10 permit 192.168.10.0 0.0.0.255
access-list 99 remark CCP_ACL Category=16
access-list 99 permit 192.168.1.0 0.0.0.255
access-list 100 remark CCP_ACL Category=2
access-list 100 deny ip 10.100.XXX.XXX 0.0.0.255 10.252.XX.XX 0.0.0.255
access-list 100 permit ip 10.100.AA.AA 0.0.0.255 any
access-list 101 permit ip 10.100.XXX.XXX 0.0.0.255 10.252.XX.XX 0.0.0.255
access-list 102 remark CCP_ACL Category=2
access-list 102 deny ip 10.100.XXX.XXX 0.0.0.255 10.252.XX.XX 0.0.0.255
access-list 102 permit ip 10.100.XXX.XXX 0.0.0.255 any
access-list 103 remark CCP_ACL Category=2
access-list 103 deny ip 10.100.XXX.XXX 0.0.0.255 10.252.XX.XX 0.0.0.255
access-list 103 permit ip 192.168.XXX.XXX 0.0.0.255 any
access-list 104 remark CCP_ACL Category=2
access-list 104 deny ip 10.100.XXX.XXX 0.0.0.255 10.252.XX.XX 0.0.0.255
access-list 104 permit ip 192.168.XX.XX 0.0.0.255 any
route-map SDM_RMAP_4 permit 1
match ip address 104
route-map SDM_RMAP_1 permit 1
match ip address 100
route-map SDM_RMAP_2 permit 1
match ip address 102
route-map SDM_RMAP_3 permit 1
match ip address 103
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password XXXXXX
login
transport input all
scheduler allocate 20000 1000
end -
Cisco 7206 has with LLQ QOS and cpu 85 %
hi all ,
i want to mention issue about cisco router 7206 npeg2 :
can this router handle traffic 780 Mbps as download and 75 MBps as upload ?? with cpu 85 % and with LLQ qos ??
im asking this question because my QOS althoug it matched alot of traffic , it some time get slow and seems that QOS not working fine , im sure that my work is fine, because it was fine , but recent days i added more bw ???!!!!!
dont know if need more memory for router for QOS :
===============================================================
7200Gateway#sh memory
Head Total(b) Used(b) Free(b) Lowest(b) Largest(b)
Processor 6B97A80 1883669308 114125456 1769543852 1768174580 1760364316
I/O 78000000 67108864 4482572 62626292 62598896 62617884
Transient 77000000 16777216 22196 16755020 16222412 16728368
Processor memory
Address Bytes Prev Next Ref PrevF NextF Alloc PC what
06B97A80 0000010004 00000000 06B9A1C4 001 -------- -------- 01A493D8 CEF: fib
06B9A1C4 0000000028 06B97A80 06B9A210 000 87F3D04 87FD620 015FC24C AAA Attr Binary/String
06B9A210 0000004700 06B9A1C4 06B9B49C 001 -------- -------- 01AC85B4 ADJ: adjacency
06B9B49C 0000004100 06B9A210 06B9C4D0 001 -------- -------- 0011245C HTTP CORE
06B9C4D0 0000004100 06B9B49C 06B9D504 001 -------- -------- 00112548 HTTP CORE
06B9D504 0000004100 06B9C4D0 06B9E538 001 -------- -------- 00112548 HTTP CORE
06B9E538 0000004100 06B9D504 06B9F56C 001 -------- -------- 00112548 HTTP CORE
06B9F56C 0000004100 06B9E538 06BA05A0 001 -------- -------- 00112548 HTTP CORE
06BA05A0 0000000756 06B9F56C 06BA08C4 001 -------- -------- 0343C38C Process
06BA08C4 0000000204 06BA05A0 06BA09C0 001 -------- -------- 0343FAB4 Process Events
06BA09C0 0000022764 06BA08C4 06BA62DC 001 -------- -------- 04055CB4 IPSM Octet Str
06BA62DC 0000014488 06BA09C0 06BA9BA4 001 -------- -------- 0405C0C4 ipsm IPSEC Fai
06BA9BA4 0000004100 06BA62DC 06BAABD8 001 -------- -------- 00112548 H
===========================================================================
==========================================
7200Gateway#sh version
Cisco IOS Software, 7200 Software (C7200P-ADVENTERPRISEK9-M), Version 12.4(24)T7, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 28-Feb-12 12:53 by prod_rel_team
ROM: System Bootstrap, Version 12.4(12.2r)T, RELEASE SOFTWARE (fc1)
7200Gateway uptime is 2 weeks, 5 days, 19 hours, 43 minutes
System returned to ROM by power-on
System image file is "disk2:/c7200p-adventerprisek9-mz.124-24.T7.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 7206VXR (NPE-G2) processor (revision A) with 1966080K/65536K bytes of memory.
Processor board ID 13252317
MPC7448 CPU at 1666Mhz, Implementation 0, Rev 2.2
6 slot VXR midplane, Version 2.0
Last reset from power-on
PCI bus mb1 (Slots 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb1 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
PCI bus mb2 (Slots 2, 4 and 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 0 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
1 FastEthernet interface
3 Gigabit Ethernet interfaces
2045K bytes of NVRAM.
250880K bytes of ATA PCMCIA card at slot 2 (Sector size 512 bytes).
65536K bytes of Flash internal SIMM (Sector size 512K).
Configuration register is 0x2102
==============================================================
7200Gateway#sh processes cpu
CPU utilization for five seconds: 85%/84%; one minute: 84%; five minutes: 84%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
1 32 416 76 0.00% 0.00% 0.00% 0 Chunk Manager
2 32788 342520 95 0.00% 0.05% 0.05% 0 Load Meter
3 0 1 0 0.00% 0.00% 0.00% 0 chkpt message ha
4 0 1 0 0.00% 0.00% 0.00% 0 EDDRI_MAIN
5 2624584 213262 12306 0.00% 0.03% 0.04% 0 Check heaps
6 56 373 150 0.00% 0.00% 0.00% 0 Pool Manager
7 0 2 0 0.00% 0.00% 0.00% 0 Timers
8 0 2 0 0.00% 0.00% 0.00% 0 ATM AutoVC Perio
9 0 2 0 0.00% 0.00% 0.00% 0 ATM VC Auto Crea
10 16 28543 0 0.00% 0.00% 0.00% 0 IPC Dynamic Cach
11 0 1 0 0.00% 0.00% 0.00% 0 IPC Zone Manager
12 688 1670887 0 0.00% 0.00% 0.00% 0 IPC Periodic Tim
13 520 1670887 0 0.00% 0.00% 0.00% 0 IPC Deferred Por
14 0 1 0 0.00% 0.00% 0.00% 0 IPC Seat Manager
15 0 1 0 0.00% 0.00% 0.00% 0 IPC BackPressure
16 9007072 30711869 293 1.35% 0.15% 0.11% 0 EnvMon
17 0 1 0 0.00% 0.00% 0.00% 0 OIR Handler
18 0 1 0 0.00% 0.00% 0.00% 0 Crash writer
19 1380 3892 354 0.00% 0.00% 0.00% 0 ARP Input
20 1584 1784473 0 0.00% 0.00% 0.00% 0 ARP Background
21 0 2 0 0.00% 0.00% 0.00% 0 ATM Idle Timer
22 0 1 0 0.00% 0.00% 0.00% 0 CEF MIB API
23 4 134 29 0.00% 0.00% 0.00% 0 AAA high-capacit
24 0 1 0 0.00% 0.00% 0.00% 0 AAA_SERVER_DEADT
25 0 1 0 0.00% 0.00% 0.00% 0 Policy Manager
26 0 2 0 0.00% 0.00% 0.00% 0 DDR Timers
27 0 5 0 0.00% 0.00% 0.00% 0 Entity MIB API
28 0 2 0 0.00% 0.00% 0.00% 0 Serial Backgroun
29 0 1 0 0.00% 0.00% 0.00% 0 RO Notify Timers
30 0 1 0 0.00% 0.00% 0.00% 0 RMI RM Notify Wa
31 28 281 99 0.00% 0.00% 0.00% 0 EEM ED Syslog
32 0 2 0 0.00% 0.00% 0.00% 0 SMART
33 724 1712571 0 0.00% 0.00% 0.00% 0 GraphIt
34 0 2 0 0.00% 0.00% 0.00% 0 Dialer event
35 0 1 0 0.00% 0.00% 0.00% 0 SERIAL A'detect
36 0 2 0 0.00% 0.00% 0.00% 0 XML Proxy Client
37 0 2 0 0.00% 0.00% 0.00% 0 VSA background
38 0 1 0 0.00% 0.00% 0.00% 0 VSA Cleanup Proc
39 0 1 0 0.00% 0.00% 0.00% 0 Critical Bkgnd
40 4348 444483 9 0.00% 0.00% 0.00% 0 Net Background
41 0 2 0 0.00% 0.00% 0.00% 0 IDB Work
42 32 501 63 0.00% 0.00% 0.00% 0 Logger
43 1236 1710802 0 0.00% 0.00% 0.00% 0 TTY Background
44 16504 1712627 9 0.07% 0.00% 0.00% 0 Per-Second Jobs
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
45 20 34 588 0.00% 0.00% 0.00% 0 IF-MGR control p
46 8 40 200 0.00% 0.00% 0.00% 0 IF-MGR event pro
47 0 1 0 0.00% 0.00% 0.00% 0 Inode Table Dest
48 0 1 0 0.00% 0.00% 0.00% 0 IKE HA Mgr
49 0 1 0 0.00% 0.00% 0.00% 0 IPSEC HA Mgr
50 4 4 1000 0.00% 0.00% 0.00% 0 rf task
51 12808 179149 71 0.00% 0.00% 0.00% 0 Net Input
52 1304 342532 3 0.00% 0.00% 0.00% 0 Compute load avg
53 610136 28974 21058 0.00% 0.00% 0.00% 0 Per-minute Jobs
54 0 1 0 0.00% 0.00% 0.00% 0 Token Daemon
55 4 10570 0 0.00% 0.00% 0.00% 0 Transport Port A
56 1272 505453 2 0.00% 0.00% 0.00% 0 HC Counter Timer
57 0 1 0 0.00% 0.00% 0.00% 0 Coproc Event Pro
58 0 1 0 0.00% 0.00% 0.00% 0 POS APS Event Pr
59 0 1 0 0.00% 0.00% 0.00% 0 SONET alarm time
60 0 1 0 0.00% 0.00% 0.00% 0 CSP Timer
61 204 4 51000 0.00% 0.00% 0.00% 0 USB Startup
62 0 2 0 0.00% 0.00% 0.00% 0 FPD Management P
63 0 1 0 0.00% 0.00% 0.00% 0 FPD Action Proce
64 0 2 0 0.00% 0.00% 0.00% 0 VNM DSPRM MAIN
65 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_DELA
66 0 1 0 0.00% 0.00% 0.00% 0 RF_INTERDEV_SCTP
67 464 1712577 0 0.00% 0.00% 0.00% 0 ISA Common Helpe
68 0 2 0 0.00% 0.00% 0.00% 0 Flash MIB Update
69 0 58 0 0.00% 0.00% 0.00% 0 Flash Card Oir
70 0 1 0 0.00% 0.00% 0.00% 0 CES Line Conditi
71 0 1 0 0.00% 0.00% 0.00% 0 CF_INTERDEV_SCTP
72 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
73 0 2 0 0.00% 0.00% 0.00% 0 Ethernet CFM
74 736 1670893 0 0.00% 0.00% 0.00% 0 Ethernet Timer C
75 0 1 0 0.00% 0.00% 0.00% 0 delayed evt hand
76 28 112 250 0.00% 0.00% 0.00% 0 AAA Server
77 0 1 0 0.00% 0.00% 0.00% 0 AAA ACCT Proc
78 0 1 0 0.00% 0.00% 0.00% 0 ACCT Periodic Pr
79 0 2 0 0.00% 0.00% 0.00% 0 AAA Dictionary R
80 744 1670882 0 0.00% 0.00% 0.00% 0 BGP Scheduler
81 0 2 0 0.00% 0.00% 0.00% 0 Ethernet OAM Pro
82 0 2 0 0.00% 0.00% 0.00% 0 Ethernet LMI
83 0 2 0 0.00% 0.00% 0.00% 0 CEF switching ba
84 3684 14726 250 0.00% 0.00% 0.00% 0 ADJ resolve proc
85 8 30 266 0.00% 0.00% 0.00% 0 IP ARP Adjacency
86 0 1 0 0.00% 0.00% 0.00% 0 IP ARP Retry Age
87 3481296 6804010 511 0.00% 0.02% 0.01% 0 IP Input
88 0 1 0 0.00% 0.00% 0.00% 0 ICMP event handl
89 0 9 0 0.00% 0.00% 0.00% 0 TurboACL
90 0 2 0 0.00% 0.00% 0.00% 0 TurboACL chunk
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
91 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Echo event
92 16 2854 5 0.00% 0.00% 0.00% 0 MOP Protocols
93 0 1 0 0.00% 0.00% 0.00% 0 LSP Tunnel FRR
94 0 1 0 0.00% 0.00% 0.00% 0 MPLS Auto-Tunnel
95 0 3 0 0.00% 0.00% 0.00% 0 PPP Hooks
96 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
97 0 1 0 0.00% 0.00% 0.00% 0 SSS Manager
98 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Mana
99 0 1 0 0.00% 0.00% 0.00% 0 SSS Feature Time
100 0 2 0 0.00% 0.00% 0.00% 0 Spanning Tree
101 0 1 0 0.00% 0.00% 0.00% 0 X.25 Encaps Mana
102 20 96 208 0.00% 0.00% 0.00% 0 SSM connection m
103 0 1 0 0.00% 0.00% 0.00% 0 AC Switch
104 4 5709 0 0.00% 0.00% 0.00% 0 Authentication P
105 0 1 0 0.00% 0.00% 0.00% 0 Auth-proxy AAA B
106 0 2 0 0.00% 0.00% 0.00% 0 EAPoUDP Process
107 0 2 0 0.00% 0.00% 0.00% 0 IP Host Track Pr
108 0 2 0 0.00% 0.00% 0.00% 0 KRB5 AAA
109 1152 49386 23 0.00% 0.00% 0.00% 0 IP Background
110 2276 28582 79 0.00% 0.00% 0.00% 0 IP RIB Update
111 60 34442 1 0.00% 0.00% 0.00% 0 CEF background p
112 6784 2485297 2 0.00% 0.00% 0.00% 0 CEF: IPv4 proces
113 12 104 115 0.00% 0.00% 0.00% 0 ADJ background
114 0 2 0 0.00% 0.00% 0.00% 0 PPP IP Route
115 0 2 0 0.00% 0.00% 0.00% 0 PPP IPCP
116 0 1 0 0.00% 0.00% 0.00% 0 IP Traceroute
117 7292 7550370 0 0.00% 0.00% 0.00% 0 TCP Timer
118 1300 10511 123 0.00% 0.00% 0.00% 0 TCP Protocols
119 0 1 0 0.00% 0.00% 0.00% 0 Socket Timers
120 18228 11429 1594 0.00% 0.00% 0.00% 0 HTTP CORE
121 0 2 0 0.00% 0.00% 0.00% 0 RLM groups Proce
122 0 1 0 0.00% 0.00% 0.00% 0 L2X Data Daemon
123 0 1 0 0.00% 0.00% 0.00% 0 ac_atm_state_eve
124 0 2 0 0.00% 0.00% 0.00% 0 SNMP Timers
125 1320 1710737 0 0.00% 0.00% 0.00% 0 RUDPV1 Main Proc
126 0 1 0 0.00% 0.00% 0.00% 0 bsm_timers
127 568 1710728 0 0.00% 0.00% 0.00% 0 bsm_xmt_proc
128 0 1 0 0.00% 0.00% 0.00% 0 COPS
129 0 2 0 0.00% 0.00% 0.00% 0 Dialer Forwarder
130 0 3 0 0.00% 0.00% 0.00% 0 Flow Exporter Ti
131 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM Input
132 0 2 0 0.00% 0.00% 0.00% 0 ATM OAM TIMER
133 0 1 0 0.00% 0.00% 0.00% 0 RARP Input
134 0 1 0 0.00% 0.00% 0.00% 0 IPv6 Inspect Tim
135 0 1 0 0.00% 0.00% 0.00% 0 LAPB Process
136 0 2 0 0.00% 0.00% 0.00% 0 LFDp Input Proc
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
137 0 1 0 0.00% 0.00% 0.00% 0 PAD InCall
138 0 2 0 0.00% 0.00% 0.00% 0 X.25 Background
139 0 2 0 0.00% 0.00% 0.00% 0 PPP Bind
140 0 2 0 0.00% 0.00% 0.00% 0 PPP SSS
141 0 1 0 0.00% 0.00% 0.00% 0 MQC Flow Event B
142 35504 424737438 0 0.23% 0.25% 0.23% 0 HQF Shaper Backg
143 4068 17031478 0 0.00% 0.00% 0.00% 0 RBSCP Background
144 0 2 0 0.00% 0.00% 0.00% 0 SCTP Main Proces
145 0 1 0 0.00% 0.00% 0.00% 0 VPDN call manage
146 0 1 0 0.00% 0.00% 0.00% 0 CHKPT EXAMPLE
147 0 1 0 0.00% 0.00% 0.00% 0 CHKPT DevTest
148 0 1 0 0.00% 0.00% 0.00% 0 IPS Process
149 0 2 0 0.00% 0.00% 0.00% 0 IPS Auto Update
150 0 2 0 0.00% 0.00% 0.00% 0 SDEE Management
151 948 3338807 0 0.00% 0.00% 0.00% 0 Inspect process
152 0 1 0 0.00% 0.00% 0.00% 0 xcpa-driver
153 52 136947 0 0.00% 0.00% 0.00% 0 FW DP Inspect pr
154 1112 3338806 0 0.00% 0.00% 0.00% 0 CCE DP URLF cach
155 0 2 0 0.00% 0.00% 0.00% 0 URL filter proc
156 0 1 0 0.00% 0.00% 0.00% 0 XSM_EVENT_ENGINE
157 144 171238 0 0.00% 0.00% 0.00% 0 XSM_ENQUEUER
158 68 171238 0 0.00% 0.00% 0.00% 0 XSM Historian
159 0 1 0 0.00% 0.00% 0.00% 0 Select Timers
160 4 2 2000 0.00% 0.00% 0.00% 0 HTTP Process
161 0 2 0 0.00% 0.00% 0.00% 0 CIFS API Process
162 0 2 0 0.00% 0.00% 0.00% 0 CIFS Proxy Proce
163 0 1 0 0.00% 0.00% 0.00% 0 Crypto HW Proc
164 56 114166 0 0.00% 0.00% 0.00% 0 ACE policy loade
165 156 68505 2 0.00% 0.00% 0.00% 0 CRM_CALL_UPDATE_
166 36688 172862 212 0.00% 0.00% 0.00% 0 BGP I/O
167 0 2 0 0.00% 0.00% 0.00% 0 AAA Cached Serve
168 0 2 0 0.00% 0.00% 0.00% 0 ENABLE AAA
169 0 1 0 0.00% 0.00% 0.00% 0 EM Background Pr
170 0 1 0 0.00% 0.00% 0.00% 0 Key chain liveke
171 0 2 0 0.00% 0.00% 0.00% 0 LINE AAA
172 44 112 392 0.00% 0.00% 0.00% 0 LOCAL AAA
173 0 42 0 0.00% 0.00% 0.00% 0 MPLS Auto Mesh P
174 0 2 0 0.00% 0.00% 0.00% 0 TPLUS
175 0 2 0 0.00% 0.00% 0.00% 0 VSP_MGR
176 0 1 0 0.00% 0.00% 0.00% 0 FW_TEST_TRP
177 0 1 0 0.00% 0.00% 0.00% 0 EPM MAIN PROCESS
178 4 3 1333 0.00% 0.00% 0.00% 0 Crypto WUI
179 0 2 0 0.00% 0.00% 0.00% 0 Crypto Support
180 0 1 0 0.00% 0.00% 0.00% 0 IPSECv6 PS Proc
181 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_HTSP
182 0 1 0 0.00% 0.00% 0.00% 0 CCVPM_R2
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
183 0 1 0 0.00% 0.00% 0.00% 0 EPHONE MWI Refre
184 0 1903 0 0.00% 0.00% 0.00% 0 FB/KS Log HouseK
185 0 2 0 0.00% 0.00% 0.00% 0 EPHONE MWI BG Pr
186 0 1 0 0.00% 0.00% 0.00% 0 Skinny HW confer
187 0 1 0 0.00% 0.00% 0.00% 0 CCSWVOICE
188 206492 114180 1808 0.00% 0.00% 0.00% 0 BGP Scanner
189 0 1 0 0.00% 0.00% 0.00% 0 http client proc
190 0 3 0 0.00% 0.00% 0.00% 0 BGP Event
191 0 1 0 0.00% 0.00% 0.00% 0 QOS_MODULE_MAIN
192 0 1 0 0.00% 0.00% 0.00% 0 RPMS_PROC_MAIN
193 0 1 0 0.00% 0.00% 0.00% 0 VoIP AAA
194 0 2 0 0.00% 0.00% 0.00% 0 Dialog Manager
195 184 104 1769 0.00% 0.00% 0.00% 0 crypto engine pr
196 0 4 0 0.00% 0.00% 0.00% 0 Crypto CA
197 0 1 0 0.00% 0.00% 0.00% 0 Crypto PKI-CRL
198 28008 64288 435 0.00% 0.00% 0.00% 0 encrypt proc
199 384768 28300 13596 0.00% 0.00% 0.00% 0 crypto sw pk pro
200 8 27 296 0.00% 0.00% 0.00% 0 Crypto INT
201 456 2019 225 0.00% 0.00% 0.00% 0 Crypto IKE Dispa
202 2128 2714 784 0.00% 0.00% 0.00% 0 Crypto IKMP
203 0 1 0 0.00% 0.00% 0.00% 0 IPSEC manual key
204 180 85737 2 0.00% 0.00% 0.00% 0 IPSEC key engine
205 0 1 0 0.00% 0.00% 0.00% 0 CRYPTO QoS proce
206 28 142 197 0.00% 0.00% 0.00% 0 Crypto ACL
207 0 1 0 0.00% 0.00% 0.00% 0 Crypto PAS Proc
208 0 1 0 0.00% 0.00% 0.00% 0 GDOI GM Process
209 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY
210 0 1 0 0.00% 0.00% 0.00% 0 UNICAST REKEY AC
211 0 1 0 0.00% 0.00% 0.00% 0 MV64 TDR Process
212 0 1 0 0.00% 0.00% 0.00% 0 IMA Traps
213 0 1 0 0.00% 0.00% 0.00% 0 SYSMGT Events
214 0 2 0 0.00% 0.00% 0.00% 0 Control-plane ho
215 0 1 0 0.00% 0.00% 0.00% 0 DATA Transfer Pr
216 0 1 0 0.00% 0.00% 0.00% 0 DATA Collector
217 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
218 116 292 397 0.00% 0.00% 0.00% 0 AAA SEND STOP EV
219 136 171243 0 0.00% 0.00% 0.00% 0 RMON Recycle Pro
220 0 2 0 0.00% 0.00% 0.00% 0 RMON Deferred Se
221 0 1 0 0.00% 0.00% 0.00% 0 Syslog Traps
222 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Resource
223 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Routing
224 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Track
225 80 53575 1 0.00% 0.00% 0.00% 0 Crypto cTCP proc
226 0 1 0 0.00% 0.00% 0.00% 0 IP SLAs Ethernet
227 4 1 4000 0.00% 0.00% 0.00% 0 RMON Packets
228 820 1709984 0 0.00% 0.00% 0.00% 0 trunk conditioni
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
229 0 1 0 0.00% 0.00% 0.00% 0 trunk conditioni
230 12 120 100 0.00% 0.00% 0.00% 0 EEM Server
231 4 2 2000 0.00% 0.00% 0.00% 0 Call Home proces
232 52 260 200 0.00% 0.00% 0.00% 0 Syslog
233 0 1 0 0.00% 0.00% 0.00% 0 VPDN Test
234 0 2 0 0.00% 0.00% 0.00% 0 EEM Policy Direc
235 0 2 0 0.00% 0.00% 0.00% 0 EEM ED CLI
236 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Counter
237 0 3 0 0.00% 0.00% 0.00% 0 EM ED GOLD
238 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Interface
239 0 3 0 0.00% 0.00% 0.00% 0 EEM ED IOSWD
240 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Ipsla
241 0 3 0 0.00% 0.00% 0.00% 0 EEM ED None
242 0 2 0 0.00% 0.00% 0.00% 0 EEM ED Nf
243 0 3 0 0.00% 0.00% 0.00% 0 EEM ED OIR
244 0 3 0 0.00% 0.00% 0.00% 0 EEM ED RF
245 0 3 0 0.00% 0.00% 0.00% 0 EEM ED SNMP
246 0 2 0 0.00% 0.00% 0.00% 0 EEM ED SNMP Noti
247 36 42890 0 0.00% 0.00% 0.00% 0 EEM ED Timer
248 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Test
249 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Config
250 0 3 0 0.00% 0.00% 0.00% 0 EEM ED Env
251 0 3 0 0.00% 0.00% 0.00% 0 EEM ED RPC
252 0 2 0 0.00% 0.00% 0.00% 0 cpf_process_msg_
253 0 1 0 0.00% 0.00% 0.00% 0 Key Proc
254 36 28543 1 0.00% 0.00% 0.00% 0 Call Home Timer
255 0 1 0 0.00% 0.00% 0.00% 0 tHUB
256 0 1 0 0.00% 0.00% 0.00% 0 Async write proc
257 104 953 109 0.00% 0.00% 0.00% 0 SSH Event handle
258 16 28543 0 0.00% 0.00% 0.00% 0 Secure Login
259 84 54 1555 0.00% 0.00% 0.00% 0 Tunnel Security
260 56 67 835 0.00% 0.00% 0.00% 0 Crypto SS Proces
261 0 1 0 0.00% 0.00% 0.00% 0 cpf_process_tpQ
262 0 1 0 0.00% 0.00% 0.00% 0 TCP Listener
263 0 2 0 0.00% 0.00% 0.00% 0 IP Flow Top Talk
264 1180 3338804 0 0.00% 0.00% 0.00% 0 IP NAT Ager
265 0 1 0 0.00% 0.00% 0.00% 0 IP NAT WLAN
266 24 28563 0 0.00% 0.00% 0.00% 0 IP SLAs Event Pr
267 434504 1489526 291 0.00% 0.00% 0.00% 0 IP SNMP
268 170304 877961 193 0.00% 0.00% 0.00% 0 PDU DISPATCHER
269 495704 877992 564 0.00% 0.00% 0.00% 0 SNMP ENGINE
270 0 2 0 0.00% 0.00% 0.00% 0 IP SNMPV6
271 0 1 0 0.00% 0.00% 0.00% 0 SNMP ConfCopyPro
272 0 1 0 0.00% 0.00% 0.00% 0 SNMP Traps
273 1185420 1715196 691 0.00% 0.00% 0.00% 0 NTP
274 412 29 14206 0.00% 0.00% 0.00% 0 VTEMPLATE Backgr
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
275 18608 174262 106 0.00% 0.00% 0.00% 0 BGP Router
276 36 27171 1 0.00% 0.00% 0.00% 0 DFS flush period
277 8 12 666 0.00% 0.00% 0.00% 0 Collection proce
278 16 651 24 0.00% 0.00% 0.00% 0 CRYPTO IKMP IPC
279 1724 850 2028 0.00% 0.00% 0.00% 2 SSH Process
281 0 1 0 0.00% 0.00% 0.00% 0 Skinny MOH Event
282 64 173856 0 0.00% 0.00% 0.00% 0 Skinny Socket Se
283 0 1451 0 0.00% 0.00% 0.00% 0 Web Write Housek
==============================================================
wish to help ASAPJosephDoherty wrote:DisclaimerThe Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.Liability DisclaimerIn no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.PostingThe fact you are matching with any ACLs, will decrease maximum performance.The fact you are using a policy-may, will decrease maximum performance.The fact is a -G2 only has finite capacity.In other words, what you're seeing might be completely normal for your traffic volume, your traffic composition and your configuration.If you believe your router is overloaded, and generally above 75% CPU might be so considered, either you'll need a faster device (see ASR 1Ks), or you might try changing your configuration to decrease your configuration load on the router.What's your CPU load if your remove the policy-map from the interface?If removing the policy-map from the interface shows a significant CPU loading decrease - QED.If you need/desire such QoS, then you'll want a "faster" router.You might be also able to decrease your CPU a little by some "tuning". I already mention the TurboACL feature statement. With ACLs, fewer are faster, and how they ordered (especially without TurboACL) impacts CPU. How you order you class-maps, within a policy, and how the match statements are ordered will also have some impact on the CPU load. If buffers are being allocated/deallocated, that too will impact CPU loading. I assume CEF is enabled, but for some traffic, flow caching might decrease CPU load.Remember a software based router, like the 7200s, are, more or less, a computer that takes your configuration and determines what's to be done with every packet it "sees". The more your configuration requires for per packet analysis, the more load for each packet.There are whitepapers addressing high CPU load caused by "process switching", but what you posted appears to be mostly all interrupt processing, which is "fast path", or optimal, packet forwarding. There's not much you can normally do to improve against that, other than insuring your configuration is as optimal as possible for your needs (again, things like sequencing/ordering of statements).
hi ,
thanks very very much for this nice information,
let me answer you :
you said that NPE G2 has finite capacity , but how to know this full capacity ???
i mean that my policy map is matching the traffic , but the matched traffic is not being enhancemend ??!!!
last about two weeks , the matched traffic of youtube was excellent and no interrupt durting the my rush hour.
i didnt change any thing, but my bw increased from 730 Mbps to 760Mbps ,
im un able to make sure that i need to chnage my platform to faster one.
agian
my cpu is 60 % without QOS
after QOS it increase to 80-85 %
agian ,
about NBAR
i want to tell you that i cant depend on NBAR , as an example , im matching the ips of videos of facebook , i cant depend on NBAR because it is https videos.
but in summary ,
my qos is matching well , but i have no real enhancement for my traffic.
did you face my issue before ???
i mean have you see like my problem ?
like my router platform with cpu over 80 % and 750Mbps , and matched qos without good result ??
note that i upgraded to iso 15 , but seems same issue !!!
regards -
Mavericks VPN dropouts with native VPN client and Cisco IPSec
Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions?Since update to Maverics I am experiencing VPN dropouts with native VPN client and Cisco IPSec
I am connecting via a WIFI router to a remote VPN server
The conenction is good for a while but eventually it drops out.
I had Zero issues in mountain lion and only have issues since the update to 10.9
I had similar issues in teh past with an unrelaibel wifi router but i am using a Verizon Fios router and it has worked impecably until mavericks
My thoughts are:
1 -issue with mavericks ( maybe the app sleep funciton affecting eithe VPN or WIFI daemons)
2- Issue with cisco router compaitibility or timing with Cisco IPSEC
3- Issue with WIFI itself on mavericks - some sort of WIFI software bug
Any thousuggestions? -
Cisco SSL-VPN / webvpn with Cisco 2901 IOS 15.3.3M
Dear Community,
I have a strange issue that I am hoping some of you will be able to assist with.
I am running an environment with the following specifications
Cisco ISR G2 2901 with IOS 15.3.3M
Security Licence enabled
Data Licence enabled
VPN Licence enabled
Cisco ISR G2 2951 with IOS 15.3.3M
Security Licence enabled
Data Licence enabled
SM with ESX server.
Desktop Environment
Windows XP SP3
Internet Explorer 8
Desktop Environment 2
Windows 8
Internet Explorer 10
I have a ESX server set up with a web page on the 2951. The 2901 unit has a SSL VPN / web vpn service set up on it to allow the Desktop Environments to connect to the 2951 web page. The Desktop Environments are not allowed to directly connect to the 2951 router that is why the SSL-VPN / web vpn is used.
This system was initially working with IOS 15.2.4M2 however an update of the IOS was required and now the VPN does not fully function correctly.
PROBLEM: Now the webvpn interface loads with the welcome screen and login. After logging in it has a screen with a link to the webpage on the 2951. When I try open this webpage on the 2951 and the SSL-VPN starts to build I only get half my web page. There seems to be a problem where I only get half a page loading or just a blank page with just HTML headers. I have tried changing the page to just HTML but it still does not display properly. This is with Internet Explorer ( all versions ). With firefox there are no problems but I cannot run this browser as my environment will not allow it.
If anyone can assit me here it would really make my day.
Thanks,
WillCan anyone help with this ?
-
Any ideas how to better troubleshoot VPN issue?
Hi,
I've recently upgraded my WLAN router to a brand new AVM FRITZ!Box WLAN 7390, in part for its VPN capabilities.
So far, I've been unable to create a working connection.
AVM's VPN is based on Cisco IPSec, and they provide a step-by-step procedure on how configure a Mac-based VPN connection (http://www.avm.de/de/Service/Service-Portale/Service-Portal/VPN_Interoperabilita et/16206.php - unfortunately only available in German, sorry). Following it, I still can't get it to work. Contacting their support I got first the same procedure and after pointing out I already followed it a "we don't support other vendors".
Funny enough, I got a second VPN connection to my work's VPN server just fine, though admittedly there we have a true Cisco box.
My initial setup was based on a 192.x.x.x net on my AVM, I could establish a VPN connection but coudn't ping/ssh/http/you-name-the-protocol in either direction. Our companies net is a 10.x.x.x net so, and as I have also VMware fusion running on my Mac with DHCP enabled on a different 192.x.x.x net plus a third 192.x.x.x net from my Wifi access I decided to reconfigure my AVM net to a 172.x.x.x net and stop VMware services for the tests (ie simplify as much as I could to help troubleshoot).
Alas, instead of being able to establish a non-working VPN connection, now I ain't able to get the tunnel up. IKE Phase 1 completes but Phase 2 doesn't.
Here's the relevant section from kernel.log:
Dec 30 11:47:57 jupiter configd[16]: IPSec connecting to server <myservernameismybusiness>.dyndns.info
Dec 30 11:47:57 jupiter configd[16]: SCNC: start, triggered by SystemUIServer, type IPSec, status 0
Dec 30 11:47:57 jupiter configd[16]: IPSec Phase1 starting.
Dec 30 11:47:57 jupiter racoon[1910]: IPSec connecting to server 77.x.x.x
Dec 30 11:47:57 jupiter racoon[1910]: Connecting.
Dec 30 11:47:57 jupiter racoon[1910]: IPSec Phase1 started (Initiated by me).
Dec 30 11:47:57 jupiter racoon[1910]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
Dec 30 11:47:58 jupiter racoon[1910]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
Dec 30 11:47:58 jupiter racoon[1910]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
Dec 30 11:47:58 jupiter racoon[1910]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode).
Dec 30 11:47:58 jupiter racoon[1910]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
Dec 30 11:47:58 jupiter racoon[1910]: IKE Packet: transmit success. (Information message).
Dec 30 11:47:58 jupiter racoon[1910]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).
Dec 30 11:47:58 jupiter racoon[1910]: IPSec Phase1 established (Initiated by me).
Dec 30 11:47:58 jupiter racoon[1910]: IPSec Extended Authentication requested.
Dec 30 11:47:58 jupiter configd[16]: IPSec requesting Extended Authentication.
Dec 30 11:48:01 jupiter configd[16]: IPSec sending Extended Authentication.
Dec 30 11:48:01 jupiter racoon[1910]: IKE Packet: transmit success. (Mode-Config message).
Dec 30 11:48:01 jupiter racoon[1910]: IPSec Extended Authentication sent.
Dec 30 11:48:02 jupiter racoon[1910]: IKEv1 XAUTH: success. (XAUTH Status is OK).
Dec 30 11:48:02 jupiter racoon[1910]: IPSec Extended Authentication Passed.
Dec 30 11:48:02 jupiter racoon[1910]: IKE Packet: transmit success. (Mode-Config message).
Dec 30 11:48:02 jupiter racoon[1910]: IKEv1 Config: retransmited. (Mode-Config retransmit).
Dec 30 11:48:02 jupiter racoon[1910]: IPSec Network Configuration requested.
Dec 30 11:48:03 jupiter racoon[1910]: IPSec Network Configuration established.
Dec 30 11:48:03 jupiter racoon[1910]: IKE Packet: receive success. (MODE-Config).
Dec 30 11:48:03 jupiter configd[16]: IPSec Network Configuration started.
Dec 30 11:48:03 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-ADDRESS = 172.77.7.14.
Dec 30 11:48:03 jupiter configd[16]: IPSec Network Configuration: SAVE-PASSWORD = 1.
Dec 30 11:48:03 jupiter configd[16]: IPSec Network Configuration: DEFAULT-ROUTE = local-address 172.77.7.14/32.
Dec 30 11:48:03 jupiter configd[16]: host_gateway: write routing socket failed, command 2, No such process
Dec 30 11:48:03 jupiter configd[16]: IPSec Phase2 starting.
Dec 30 11:48:03 jupiter configd[16]: IPSec Network Configuration established.
Dec 30 11:48:03 jupiter configd[16]: IPSec Phase1 established.
Dec 30 11:48:03 jupiter configd[16]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.43.242), current interface setting (name: utun0, family: 1001, address: 172.77.7.14, subnet: 255.255.255.255, destination: 172.77.7.14).
Dec 30 11:48:03 jupiter racoon[1910]: IPSec Phase2 started (Initiated by me).
Dec 30 11:48:03 jupiter racoon[1910]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
Dec 30 11:48:03 jupiter configd[16]: network configuration changed.
Dec 30 11:48:03 jupiter configd[16]: IPSec port-mapping update for en1 ignored: VPN is the Primary interface. Public Address: ac4d070e, Protocol: None, Private Port: 0, Public Port: 0
Dec 30 11:48:03 jupiter configd[16]:
Dec 30 11:48:03 jupiter configd[16]: setting hostname to "jupiter.local"
Dec 30 11:48:03 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
Dec 30 11:48:06 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
Dec 30 11:48:07 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
Dec 30 11:48:09 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
Dec 30 11:48:09 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
Dec 30 11:48:12 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
Dec 30 11:48:13 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
Dec 30 11:48:15 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
Dec 30 11:48:15 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
Dec 30 11:48:18 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
Dec 30 11:48:18 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
Dec 30 11:48:21 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
Dec 30 11:48:21 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
Dec 30 11:48:24 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
Dec 30 11:48:25 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
Dec 30 11:48:27 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
Dec 30 11:48:27 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
Dec 30 11:48:30 jupiter racoon[1910]: IKE Packet: transmit success. (Phase2 Retransmit).
Dec 30 11:48:30 jupiter racoon[1910]: IKE Packet: receive success. (Information message).
Dec 30 11:48:33 jupiter configd[16]: IPSec disconnecting from server 77.x.x.x
Dec 30 11:48:33 jupiter racoon[1910]: IPSec disconnecting from server 77.x.x.x
Dec 30 11:48:33 jupiter racoon[1910]: IKE Packet: transmit success. (Information message).
Dec 30 11:48:33 jupiter racoon[1910]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
Dec 30 11:48:33 jupiter configd[16]: SCNC Controller: service_ending_verify_primaryservice, waiting for PrimaryService. status = 1
Dec 30 11:48:33 jupiter configd[16]:
Dec 30 11:48:33 jupiter configd[16]: network configuration changed.
Dec 30 11:48:33 jupiter configd[16]: SCNC Controller: ipv4_state_changed, done waiting for ServiceID.
Dec 30 11:48:33 jupiter configd[16]:
Dec 30 11:48:33 jupiter configd[16]: setting hostname to "jupiter"
When connecting to my work-place it looks like:
Dec 30 12:33:14 jupiter configd[16]: IPSec connecting to server <mycompanyismybusiness>.ch
Dec 30 12:33:14 jupiter configd[16]: SCNC: start, triggered by SystemUIServer, type IPSec, status 0
Dec 30 12:33:14 jupiter configd[16]: IPSec Phase1 starting.
Dec 30 12:33:14 jupiter racoon[1976]: IPSec connecting to server 62.x.x.x
Dec 30 12:33:14 jupiter racoon[1976]: Connecting.
Dec 30 12:33:14 jupiter racoon[1976]: IPSec Phase1 started (Initiated by me).
Dec 30 12:33:14 jupiter racoon[1976]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
Dec 30 12:33:14 jupiter racoon[1976]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
Dec 30 12:33:14 jupiter racoon[1976]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
Dec 30 12:33:14 jupiter racoon[1976]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode).
Dec 30 12:33:14 jupiter racoon[1976]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
Dec 30 12:33:14 jupiter racoon[1976]: IPSec Phase1 established (Initiated by me).
Dec 30 12:33:15 jupiter racoon[1976]: IPSec Extended Authentication requested.
Dec 30 12:33:15 jupiter configd[16]: IPSec requesting Extended Authentication.
Dec 30 12:33:21 jupiter configd[16]: IPSec sending Extended Authentication.
Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: transmit success. (Mode-Config message).
Dec 30 12:33:21 jupiter racoon[1976]: IPSec Extended Authentication sent.
Dec 30 12:33:21 jupiter racoon[1976]: IKEv1 XAUTH: success. (XAUTH Status is OK).
Dec 30 12:33:21 jupiter racoon[1976]: IPSec Extended Authentication Passed.
Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: transmit success. (Mode-Config message).
Dec 30 12:33:21 jupiter racoon[1976]: IKEv1 Config: retransmited. (Mode-Config retransmit).
Dec 30 12:33:21 jupiter racoon[1976]: IPSec Network Configuration requested.
Dec 30 12:33:21 jupiter racoon[1976]: IPSec Network Configuration established.
Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: receive success. (MODE-Config).
Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration started.
Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-ADDRESS = 10.100.1.18.
Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-MASK = 255.255.255.0.
Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: SAVE-PASSWORD = 1.
Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-DNS = 10.100.1.129.
Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: SPLIT-INCLUDE.
Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration: DEF-DOMAIN = iw.local.
Dec 30 12:33:21 jupiter configd[16]: host_gateway: write routing socket failed, command 2, No such process
Dec 30 12:33:21 jupiter configd[16]: installed route: (address 10.100.1.0, gateway 10.100.1.18)
Dec 30 12:33:21 jupiter configd[16]: IPSec Phase2 starting.
Dec 30 12:33:21 jupiter racoon[1976]: IPSec Phase2 started (Initiated by me).
Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
Dec 30 12:33:21 jupiter configd[16]: IPSec Network Configuration established.
Dec 30 12:33:21 jupiter configd[16]: IPSec Phase1 established.
Dec 30 12:33:21 jupiter configd[16]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.43.242), current interface setting (name: utun0, family: 1001, address: 10.100.1.18, subnet: 255.255.255.0, destination: 10.100.1.18).
Dec 30 12:33:21 jupiter configd[16]: network configuration changed.
Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
Dec 30 12:33:21 jupiter racoon[1976]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
Dec 30 12:33:21 jupiter racoon[1976]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode).
Dec 30 12:33:21 jupiter racoon[1976]: IPSec Phase2 established (Initiated by me).
Dec 30 12:33:21 jupiter configd[16]: IPSec Phase2 established.
An earlies test in a Starbucks around here had the same result, during looking at the netstat -nr output I found I got onto a 10.x.x.x net on the Wifi and still could connect to the (different) 10.x.x.x net at work.
My TCP/IP Networking course was around 2000, but the default route seen in the non-working log section looks like bullsh*t to me anyhow: DEFAULT-ROUTE = local-address 172.77.7.14/32
On the other hand, the Phase 2 message seem to indicate a different mode for Phase 2 between the working and the non-working one.
This is from the exported config of my AVM box:
**** CFGFILE:vpn.cfg
* /var/flash/vpn.cfg
* Wed Dec 28 16:01:09 2011
vpncfg {
connections {
enabled = yes;
conn_type = conntype_user;
name = "[email protected]";
always_renew = no;
reject_not_encrypted = no;
dont_filter_netbios = yes;
localip = 0.0.0.0;
local_virtualip = 0.0.0.0;
remoteip = 0.0.0.0;
remote_virtualip = 172.77.7.14;
remoteid {
key_id = "<mykeyismybusiness>";
mode = phase1_mode_aggressive;
phase1ss = "all/all/all";
keytype = connkeytype_pre_shared;
key = "<mykeyismybusiness>";
cert_do_server_auth = no;
use_nat_t = no;
use_xauth = yes;
xauth {
valid = yes;
username = "<myuserismybusiness>";
passwd = "<mypasswordismybusiness>";
use_cfgmode = no;
phase2localid {
ipnet {
ipaddr = 0.0.0.0;
mask = 0.0.0.0;
phase2remoteid {
ipaddr = 172.22.7.14;
phase2ss = "esp-all-all/ah-none/comp-all/no-pfs";
accesslist =
"permit ip 172.22.7.0 255.255.255.240 172.22.7.14 255.255.255.255";
ike_forward_rules = "udp 0.0.0.0:500 0.0.0.0:500",
"udp 0.0.0.0:4500 0.0.0.0:4500";
// EOF
**** END OF FILE ****
I also noticed an extra "IPSec port-mapping update for en1 ignored" message in the non-working log section, but I'm not sure a) how significant that might be, and b) how to find out what the ignored update might have been to decide whether not ignoring it would help.
A quick test with the AnyConnect Client from Cisco didn't help either, apparently it establishes an https connection first as I got a window which certificate details from my QNAP behind the AVM Box (I got a port forward for https to it)
So I'm looking for any ideas how to better troubleshoot this VPN issue...
Many thanks in advance!
BR,
AlexOk, found a small typo in my config (had at one point a 172.77.7.14 instead of the 172.22.7.14), no I can also connect from the 172.x.x.x net but still no ping etc. The relevant section of the log looks now like this:
Dec 30 16:44:27 jupiter configd[16]: IPSec connecting to server <myservernameismybusiness>.dyndns.info
Dec 30 16:44:27 jupiter configd[16]: SCNC: start, triggered by SystemUIServer, type IPSec, status 0
Dec 30 16:44:28 jupiter configd[16]: IPSec Phase1 starting.
Dec 30 16:44:28 jupiter racoon[2183]: IPSec connecting to server 77.x.x.x
Dec 30 16:44:28 jupiter racoon[2183]: Connecting.
Dec 30 16:44:28 jupiter racoon[2183]: IPSec Phase1 started (Initiated by me).
Dec 30 16:44:28 jupiter racoon[2183]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1).
Dec 30 16:44:28 jupiter racoon[2183]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2).
Dec 30 16:44:28 jupiter racoon[2183]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2).
Dec 30 16:44:28 jupiter racoon[2183]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode).
Dec 30 16:44:28 jupiter racoon[2183]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3).
Dec 30 16:44:28 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
Dec 30 16:44:28 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (ISAKMP-SA).
Dec 30 16:44:28 jupiter racoon[2183]: IPSec Phase1 established (Initiated by me).
Dec 30 16:44:28 jupiter racoon[2183]: IPSec Extended Authentication requested.
Dec 30 16:44:28 jupiter configd[16]: IPSec requesting Extended Authentication.
Dec 30 16:44:31 jupiter configd[16]: IPSec sending Extended Authentication.
Dec 30 16:44:31 jupiter racoon[2183]: IKE Packet: transmit success. (Mode-Config message).
Dec 30 16:44:31 jupiter racoon[2183]: IPSec Extended Authentication sent.
Dec 30 16:44:32 jupiter racoon[2183]: IKEv1 XAUTH: success. (XAUTH Status is OK).
Dec 30 16:44:32 jupiter racoon[2183]: IPSec Extended Authentication Passed.
Dec 30 16:44:32 jupiter racoon[2183]: IKE Packet: transmit success. (Mode-Config message).
Dec 30 16:44:32 jupiter racoon[2183]: IKEv1 Config: retransmited. (Mode-Config retransmit).
Dec 30 16:44:32 jupiter racoon[2183]: IPSec Network Configuration requested.
Dec 30 16:44:33 jupiter racoon[2183]: IPSec Network Configuration established.
Dec 30 16:44:33 jupiter racoon[2183]: IKE Packet: receive success. (MODE-Config).
Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration started.
Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-ADDRESS = 172.22.7.14.
Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration: SAVE-PASSWORD = 1.
Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration: INTERNAL-IP4-DNS = 172.22.7.1.
Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration: DEFAULT-ROUTE = local-address 172.22.7.14/32.
Dec 30 16:44:33 jupiter configd[16]: host_gateway: write routing socket failed, command 2, No such process
Dec 30 16:44:33 jupiter configd[16]: IPSec Phase2 starting.
Dec 30 16:44:33 jupiter racoon[2183]: IPSec Phase2 started (Initiated by me).
Dec 30 16:44:33 jupiter racoon[2183]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1).
Dec 30 16:44:33 jupiter configd[16]: IPSec Network Configuration established.
Dec 30 16:44:33 jupiter configd[16]: IPSec Phase1 established.
Dec 30 16:44:33 jupiter configd[16]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.43.242), current interface setting (name: utun0, family: 1001, address: 172.22.7.14, subnet: 255.255.255.255, destination: 172.22.7.14).
Dec 30 16:44:33 jupiter configd[16]: network configuration changed.
Dec 30 16:44:33 jupiter racoon[2183]: IKE Packet: receive success. (Initiator, Quick-Mode message 2).
Dec 30 16:44:33 jupiter racoon[2183]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3).
Dec 30 16:44:33 jupiter racoon[2183]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode).
Dec 30 16:44:33 jupiter racoon[2183]: IPSec Phase2 established (Initiated by me).
Dec 30 16:44:33 jupiter configd[16]: IPSec Phase2 established.
Dec 30 16:44:43 jupiter racoon[2183]: IKE Packet: receive failed. (MODE-Config).
Dec 30 16:44:48 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
Dec 30 16:44:48 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
Dec 30 16:44:48 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
Dec 30 16:44:48 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
Dec 30 16:44:48 jupiter racoon[2183]: IKE Packet: receive success. (Information message).
Dec 30 16:45:03 jupiter configd[16]: setting hostname to "jupiter.local"
followed by lots of:
Dec 30 16:45:03 jupiter racoon[2183]: IKE Packet: receive failed. (MODE-Config).
Dec 30 16:45:08 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
Dec 30 16:45:08 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
Dec 30 16:45:08 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
Dec 30 16:45:08 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
Dec 30 16:45:08 jupiter racoon[2183]: IKE Packet: receive success. (Information message).
Dec 30 16:45:28 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
Dec 30 16:45:28 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
Dec 30 16:45:28 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
Dec 30 16:45:29 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
Dec 30 16:45:29 jupiter racoon[2183]: IKE Packet: receive success. (Information message).
Dec 30 16:45:49 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
Dec 30 16:45:49 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
Dec 30 16:45:49 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
Dec 30 16:45:50 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
Dec 30 16:45:50 jupiter racoon[2183]: IKE Packet: receive success. (Information message).
Dec 30 16:46:10 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
Dec 30 16:46:10 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
Dec 30 16:46:10 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
Dec 30 16:46:10 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
Dec 30 16:46:10 jupiter racoon[2183]: IKE Packet: receive success. (Information message).
Dec 30 16:46:30 jupiter racoon[2183]: IKE Packet: transmit success. (Information message).
Dec 30 16:46:30 jupiter racoon[2183]: IKEv1 Information-Notice: transmit success. (R-U-THERE?).
Dec 30 16:46:30 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: request transmitted. (Initiator DPD Request).
Dec 30 16:46:30 jupiter racoon[2183]: IKEv1 Dead-Peer-Detection: response received. (Initiator DPD Response).
Dec 30 16:46:30 jupiter racoon[2183]: IKE Packet: receive success. (Information message). -
VPN session in cisco ASA reflect a different source public ip
Hi all,
I tested and manage to establish vpn on my cisco asa 5520 successfully.
On my syslog i can see "anyconnect parent session started" upon my vpn establishment and "webvpn session terminated" upon terminating my vpn session
where the correct public ip used to establish the vpn is reflected. However after the "webvpn session terminated" line, i can see other lines in my syslog, example "Group=vpngroup, username=test, ip = x.x.x.x, session disconnected, session type:anyconnect parent, duration 0h:00m23s, bytes xmt: 0, bytes rcv:0, reason: user requested" where x.x.x.x is not the ip address used to establish my remote access vpn, neither is it the ip related to my vpn infra. I am very sure that the ip x.x.x.x did not establish any vpn to my cisco asa5520. Hence why is it reflected in my cisco asa logs? Pls advise, TIA!Hi,
Think I remember some posting about a similiar issue in the past. Did a couple of google searches and the following BugID was mentioned in the discussion.
syslog 113019 reports invalid address when VPN client disconnects.
CSCub72545
Description
Symptom:
Syslog reports an invalid IP Address.
Conditions:
This condition occurs when a VPN Client is disconnected.
Workaround:
There is no mention of a workaround. Just mention of software versions that should correct the problem
The link to the actual page/document is the following
https://tools.cisco.com/bugsearch/bug/CSCub72545
Perhaps this is the bug you are running into or something similiar.
- Jouni -
Issue with cisco ONS 15310. Slot with Ethernet ports, designed for bridging.
Hi, guys. I’ve got an issue with cisco ONS 15310 sdh optical network. I’ve got a special slot with Ethernet ports, designed for bridging. Assume, we’ve got to multiplexers, named A and B with ports A0 and B0 respectively. The ios console of these slots says, the configuration is as follows:
no ip address set on these ports
Ports are administratively up
Auto mdix
Bridge groups are the same on these ports.
Dot1q tunnel.
I’m trying to monitor a device with an ip-address connected to port B0. It answers ping if I connect the notebook directly to a device. But if I connect the notebook to port A0 and ping the device pluged in port B0 through the optical network, it doesn’t answer. I tried connections with straight and cross cable.
Guys, who set the network said, it should work as a point to point bridge with no extra configuration. But it doesn’t. I used wireshark sniffer to lookup what’s happening on port A0. All I see is cdp-s from port A0 and self-announcements of the notebook.
Any suggestions? Thank you in advance.B
Building configuration...
Current configuration : 3712 bytes
! Last configuration change at
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname B
boot-start-marker
boot-end-marker
enable password -
clock timezone -
ip subnet-zero
no ip domain-lookup
no mpls traffic-eng auto-bw timers frequency 0
bridge 100 protocol ieee
bridge 140 protocol ieee
bridge 141 protocol ieee
bridge 142 protocol ieee
bridge 143 protocol ieee
bridge 144 protocol ieee
interface Loopback0
ip address 192.x.0.x 255.255.255.255
interface FastEthernet0
description -
no ip address
mode dot1q-tunnel
bridge-group 140
bridge-group 140 spanning-disabled
interface FastEthernet1
description --- B0 ---
no ip address
mode dot1q-tunnel
bridge-group 141
bridge-group 141 spanning-disabled
interface FastEthernet2
description -
no ip address
mode dot1q-tunnel
bridge-group 142
bridge-group 142 spanning-disabled
interface FastEthernet3
description -
no ip address
mode dot1q-tunnel
bridge-group 143
bridge-group 143 spanning-disabled
interface FastEthernet4
description -
no ip address
mode dot1q-tunnel
bridge-group 144
bridge-group 144 spanning-disabled
interface FastEthernet5
no ip address
shutdown
interface FastEthernet6
no ip address
shutdown
interface FastEthernet7
description -
no ip address
shutdown
mode dot1q-tunnel
bridge-group 100
bridge-group 100 spanning-disabled
interface POS0
description -
no ip address
crc 32
interface POS0.1
encapsulation dot1Q 141
no snmp trap link-status
bridge-group 141
interface POS0.2
encapsulation dot1Q 142
no snmp trap link-status
bridge-group 142
interface POS0.3
encapsulation dot1Q 143
no snmp trap link-status
bridge-group 143
interface POS0.4
encapsulation dot1Q 144
no snmp trap link-status
bridge-group 144
interface POS0.5
description -
encapsulation dot1Q 140
no snmp trap link-status
bridge-group 140
interface POS1
no ip address
crc 32
interface POS1.1
encapsulation dot1Q 100
no snmp trap link-status
bridge-group 100
router ospf 100
log-adjacency-changes
network 192.x.0.x 0.0.0.0 area 0
ip default-gateway [x.x.x.x]
ip classless
no ip http server
snmp-server community public RO
snmp-server ifindex persist
snmp-server trap link ietf
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps config
snmp-server enable traps cpu threshold
snmp-server enable traps entity
snmp-server enable traps syslog
snmp-server enable traps hsrp
snmp-server enable traps config-copy
snmp-server enable traps bridge
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps bgp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps ipmulticast
snmp-server enable traps rtr
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls ldp
snmp-server enable traps rsvp
snmp-server enable traps l2tun session
snmp-server enable traps mpls vpn
snmp-server host x.x.x.x public
control-plane
line con 0
line vty 0 4
password -
logging synchronous level 4
login
end -
Web based VPN issue wheras anyconnect and VPN client working fine
Experts,
We have Cisco ASA 5540 and im running into issues with accessing the webbased VPN(https://X.X.x.x).there are about 8 VPN profiles configured and im unable to login using any of the profiles whereas VPN client and Cisco Any connect are working fine. on accessing web based VPN after providing the login credentials and hit enter the page is getting refreshed and it throws me back to the same login page again. This is the Production ASA and i cannot run debug.
Kindly, provide me your valuable inputs.
Thank you!Your problem is the NAT-config. First, the following line is not needed as RDP doesn't work ober UDP:
ip nat inside source static udp 192.168.10.136 3389 interface Dialer0 3389
Then, the following command causes the problems:
ip nat inside source static tcp 192.168.10.136 3389 interface Dialer0 3389
With that the router assumes that the server 192.168.10.136 should always be reached through the IP of dialer0 and does a translation.
There are a couple of ways to resolve the problem, but they all have some drawbacks ...
1) Only access the server through VPN. For that you just delete the NAT-statement above (the one with tcp) and you should be able to reach the server through the VPN.
2) Restrict the NAT to don't do a translation if a VPN-peer is accessing the server.
For that you need to attach a route-map to the NAT-statement. But that won't work with the "interface"-keyword in the NAT-Statement. But you can use this if you get a fixed IP from your provider.
3) Assign a second IP to the RDP-server. The original IP which is used in the NAT-statement is used for accessing the server without the VPN, the second IP is used for accessing the server through VPN.
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni -
issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login
issue with cisco acs 4.2.Users unable to login aaa client but after restarting group policy able to login
-
Calling issue with Cisco 7937 conference station
Hi Friends,
I am facing issue wiht Cisco 7937 conference station, our customer have various branch offices accross the world. All branches are connected over MPLS through service provider( SIP service provider) . there is a centralized CUCM and remote office have SIP Voice gateways .
When making calls from once remote site to another using Cisco 6921 phones calls working fine
When making calls from once remote site to another using Cisco 7937 conference station to make call any phone at remote office, calls are getting disconneted, remote phone rings when calls, but its gets fast busy tone when other party picks up the phone and not able to talk.
I suspect the issue with Codec but we have configured transcoders in VG and registered with CUCM
Please help me if any one experience such issue earlier.
Regards
Sivahi Basant,
1. Actually tow phones A and B are registerd with centralized CUCM, A and B are located in two different locations, RTP traffic between And B pass through service provider.
Call Flow --> Phone A ---->CUCMRouterpattern--> SIP trunk ----> Voice gateway--->Service provider cloud---> Respective Voice Gateway---> CUCM -- Phone B
Show Run
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.02.27 15:14:52 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...
Current configuration : 12139 bytes
! Last configuration change at 06:35:59 UTC Tue Feb 25 2014
! NVRAM config last updated at 11:16:38 UTC Mon Feb 24 2014 by administrator
! NVRAM config last updated at 11:16:38 UTC Mon Feb 24 2014 by administrator
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname eucamvgw01
boot-start-marker
boot system flash:c2900-universalk9-mz.SPA.151-4.M5.bin
boot-end-marker
card type e1 0 0
logging buffered 51200 warnings
no logging console
no aaa new-model
no network-clock-participate wic 0
no ipv6 cef
ip source-route
ip traffic-export profile cuecapture mode capture
bidirectional
ip cef
ip multicast-routing
ip domain name drreddys.eu
ip name-server 10.197.20.1
ip name-server 10.197.20.2
multilink bundle-name authenticated
stcapp ccm-group 2
stcapp
stcapp feature access-code
stcapp feature speed-dial
stcapp supplementary-services
port 0/1/0
fallback-dn 5428025
port 0/1/1
fallback-dn 5428008
port 0/1/2
fallback-dn 5421462
port 0/1/3
fallback-dn 5421463
isdn switch-type primary-net5
crypto pki token default removal timeout 0
voice-card 0
dsp services dspfarm
voice call send-alert
voice call disc-pi-off
voice call convert-discpi-to-prog
voice rtp send-recv
voice service voip
ip address trusted list
ipv4 10.198.0.0 255.255.255.0
ipv4 152.63.1.0 255.255.255.0
address-hiding
allow-connections sip to sip
no supplementary-service h225-notify cid-update
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
fax-relay ans-disable
sip
rel1xx supported "track"
privacy pstn
no update-callerid
early-offer forced
call-route p-called-party-id
voice class uri 100 sip
host 41.206.187.71
voice class codec 10
codec preference 1 g711alaw
codec preference 2 g711ulaw
codec preference 3 ilbc
codec preference 4 g729r8
codec preference 5 g729br8
voice class codec 20
codec preference 1 g729br8
codec preference 2 g729r8
voice moh-group 1
moh flash:moh/Panjo.alaw.wav
description MOH G711 alaw
multicast moh 239.1.1.2 port 16384 route 10.198.2.9
voice translation-rule 1
rule 1 /^012237280\(..\)/ /54280\1/
rule 2 /^012236514\(..\)/ /54214\1/
rule 3 /^01223651081/ /5428010/
rule 4 /^01223506701/ /5428010/
voice translation-rule 2
rule 1 /^00\(.+\)/ /+\1/
rule 2 /^0\(.+\)/ /+44\1/
rule 3 /^\([0-9].+\)/ /+\1/
voice translation-rule 3
rule 1 /^9\(.+\)/ /\1/
rule 2 /^\+44\(.+\)/ /0\1/
rule 3 /^\+\(.+\)/ /00\1/
voice translation-rule 4
rule 1 /^54280\(..\)/ /12237280\1/
rule 2 /^54214\(..\)/ /12236514\1/
rule 3 /^\+44\(.+\)/ /\1/
rule 4 /^.54280\(..\)/ /12237280\1/
rule 5 /^.54214\(..\)/ /12236514\1/
voice translation-rule 9
rule 1 /^\(....\)/ /542\1/
voice translation-rule 10
voice translation-rule 11
rule 1 /^\+44122372\(....\)/ /542\1/
rule 2 /^\+44122365\(....\)/ /542\1/
voice translation-rule 12
voice translation-rule 13
rule 1 /^\([18]...\)/ /542\1/
voice translation-rule 14
voice translation-profile MPLS-incoming
translate calling 10
translate called 9
voice translation-profile MPLS-outgoing
translate calling 11
translate called 12
voice translation-profile PSTN-incoming
translate calling 2
translate called 1
voice translation-profile PSTN-outgoing
translate calling 4
translate called 3
voice translation-profile SRST-incoming
translate calling 14
translate called 13
license udi pid CISCO2921/K9 sn FGL145110RE
hw-module ism 0
hw-module pvdm 0/0
username administrator privilege 15 secret 5 $1$syu5$DsxdOgfS7Wltx78o4PV.60
redundancy
controller E1 0/0/0
ip tcp path-mtu-discovery
ip scp server enable
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description internal LAN
ip address 10.198.2.9 255.255.255.0
duplex auto
speed auto
interface ISM0/0
ip unnumbered GigabitEthernet0/0
service-module ip address 10.198.2.8 255.255.255.0
!Application: CUE Running on ISM
service-module ip default-gateway 10.198.2.9
interface GigabitEthernet0/1
description to TATA NGN
ip address 115.114.225.122 255.255.255.252
duplex auto
speed auto
interface GigabitEthernet0/2
description SIP Trunks external
ip address 79.121.254.83 255.255.255.248
ip access-group SIP-InBound in
ip traffic-export apply cuecapture size 8000000
duplex auto
speed auto
interface ISM0/1
description Internal switch interface connected to Internal Service Module
no ip address
shutdown
interface Vlan1
no ip address
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.198.2.1
ip route 10.198.2.8 255.255.255.255 ISM0/0
ip route 41.206.187.0 255.255.255.0 115.114.225.121
ip route 77.37.25.46 255.255.255.255 79.121.254.81
ip route 83.245.6.81 255.255.255.255 79.121.254.81
ip route 83.245.6.82 255.255.255.255 79.121.254.81
ip route 95.223.1.107 255.255.255.255 79.121.254.81
ip route 192.54.47.0 255.255.255.0 79.121.254.81
ip access-list extended SIP-InBound
permit ip host 77.37.25.46 any
permit ip host 83.245.6.81 any
permit ip host 83.245.6.82 any
permit ip 192.54.47.0 0.0.0.255 any
permit icmp any any
permit ip host 95.223.1.107 any
deny ip any any log
control-plane
voice-port 0/1/0
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
voice-port 0/1/1
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
voice-port 0/1/2
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
voice-port 0/1/3
compand-type a-law
timeouts initial 60
timeouts interdigit 60
timeouts ringing infinity
caller-id enable
no ccm-manager fax protocol cisco
ccm-manager music-on-hold bind GigabitEthernet0/0
ccm-manager config server 152.63.1.19 152.63.1.100 172.27.210.5
ccm-manager sccp local GigabitEthernet0/0
ccm-manager sccp
mgcp profile default
sccp local GigabitEthernet0/0
sccp ccm 10.198.2.9 identifier 3 priority 3 version 7.0
sccp ccm 152.63.1.19 identifier 4 version 7.0
sccp ccm 152.63.1.100 identifier 5 version 7.0
sccp ccm 172.27.210.5 identifier 6 version 7.0
sccp
sccp ccm group 2
bind interface GigabitEthernet0/0
associate ccm 4 priority 1
associate ccm 5 priority 2
associate ccm 6 priority 3
associate ccm 3 priority 4
associate profile 1002 register CFB_UK_CAM_02
associate profile 1001 register XCODE_UK_CAM_02
associate profile 1000 register MTP_UK_CAM_02
dspfarm profile 1001 transcode
codec ilbc
codec g722-64
codec g729br8
codec g729r8
codec gsmamr-nb
codec pass-through
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 18
associate application SCCP
dspfarm profile 1002 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 2
associate application SCCP
dspfarm profile 1000 mtp
codec g711alaw
maximum sessions software 200
associate application SCCP
dial-peer cor custom
name SRSTMode
dial-peer cor list SRST
member SRSTMode
dial-peer voice 100 voip
description *** Inbound CUCM ***
translation-profile incoming PSTN-incoming
incoming called-number .
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 500 voip
description *** Inbound TATA MPLS ***
translation-profile incoming MPLS-incoming
session protocol sipv2
session target sip-server
incoming called-number ....
incoming uri from 100
voice-class codec 20
dtmf-relay rtp-nte
no vad
dial-peer voice 510 voip
description *** Outbound TATA MPLS ***
translation-profile outgoing MPLS-outgoing
destination-pattern 54[013-9]....
session protocol sipv2
session target ipv4:41.206.187.71
session transport udp
voice-class codec 20
dtmf-relay rtp-nte
no vad
dial-peer voice 520 voip
description *** Outbound TATA MPLS ***
translation-profile outgoing MPLS-outgoing
destination-pattern 5[0-35-9].....
session protocol sipv2
session target ipv4:41.206.187.71
session transport udp
voice-class codec 20
dtmf-relay rtp-nte
no vad
dial-peer voice 200 voip
description *** Inbound M12 *** 01223651081, 01223651440 - 01223651489
translation-profile incoming PSTN-incoming
session protocol sipv2
session target sip-server
session transport udp
incoming called-number 0122365....
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 201 voip
description *** Inbound M12 *** 012237280XX
translation-profile incoming PSTN-incoming
session protocol sipv2
session target sip-server
session transport udp
incoming called-number 012237280..
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 202 voip
description *** Inbound M12 *** 01223506701
translation-profile incoming PSTN-incoming
session protocol sipv2
session target sip-server
session transport udp
incoming called-number 01223506701
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 210 voip
description *** Outbound M12 ***
translation-profile outgoing PSTN-outgoing
destination-pattern +...T
session protocol sipv2
session target ipv4:83.245.6.81
session transport udp
dtmf-relay rtp-nte
codec g711alaw
no vad
dial-peer voice 211 voip
description *** Outbound ISDN for SRST and emergency ***
translation-profile outgoing PSTN-outgoing
destination-pattern 9.T
session protocol sipv2
session target ipv4:83.245.6.81
session transport udp
dtmf-relay rtp-nte
codec g711alaw
no vad
dial-peer voice 212 voip
description *** Outbound ISDN for emergency ***
translation-profile outgoing PSTN-outgoing
destination-pattern 11[02]
session protocol sipv2
session target ipv4:83.245.6.81
session transport udp
dtmf-relay rtp-nte
codec g711alaw
no vad
dial-peer voice 2000 voip
description *** Outbound to CUCM Primary ***
preference 1
destination-pattern 542....
session protocol sipv2
session target ipv4:152.63.1.19
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 2001 voip
description *** Outbound to CUCM Secondary ***
preference 2
destination-pattern 542....
session protocol sipv2
session target ipv4:152.63.1.100
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 2002 voip
description *** Outbound to CUCM Teritiary ***
preference 3
destination-pattern 542....
session protocol sipv2
session target ipv4:172.27.210.5
voice-class codec 10
voice-class sip call-route p-called-party-id
dtmf-relay rtp-nte
no vad
dial-peer voice 999010 pots
service stcapp
port 0/1/0
dial-peer voice 999011 pots
service stcapp
port 0/1/1
dial-peer voice 999012 pots
service stcapp
port 0/1/2
dial-peer voice 999013 pots
service stcapp
port 0/1/3
sip-ua
no remote-party-id
gatekeeper
shutdown
call-manager-fallback
secondary-dialtone 9
max-conferences 4 gain -6
transfer-system full-consult
ip source-address 10.198.2.9 port 2000
max-ephones 110
max-dn 400 dual-line no-reg
translation-profile incoming SRST-incoming
moh flash:/moh/Panjo.ulaw.wav
multicast moh 239.1.1.1 port 16384 route 10.198.2.9
time-zone 22
time-format 24
date-format dd-mm-yy
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 131
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
session-timeout 60
exec-timeout 60 0
privilege level 15
login local
transport input all
line vty 5 15
session-timeout 60
exec-timeout 60 0
privilege level 15
login local
transport input all
scheduler allocate 20000 1000
ntp server 10.1.30.1
end
eucamvgw01#
Sh SCCP
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2014.03.03 17:57:44 =~=~=~=~=~=~=~=~=~=~=~=
SCCP Admin State: UP
Gateway Local Interface: GigabitEthernet0/0
IPv4 Address: 10.198.2.9
Port Number: 2000
IP Precedence: 5
User Masked Codec list: None
Call Manager: 10.198.2.9, Port Number: 2000
Priority: 3, Version: 7.0, Identifier: 3
Call Manager: 152.63.1.19, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 4
Trustpoint: N/A
Call Manager: 152.63.1.100, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 5
Trustpoint: N/A
Call Manager: 172.27.210.5, Port Number: 2000
Priority: N/A, Version: 7.0, Identifier: 6
Trustpoint: N/A
MTP Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Profile Identifier: 1000
Reported Max Streams: 400, Reported Max OOS Streams: 0
Supported Codec: g711alaw, Maximum Packetization Period: 30
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: rfc2833 pass-thru, Maximum Packetization Period: 30
Supported Codec: inband-dtmf to rfc2833 conversion, Maximum Packetization Period: 30
TLS : ENABLED
Transcoding Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Profile Identifier: 1001
Reported Max Streams: 36, Reported Max OOS Streams: 0
Supported Codec: ilbc, Maximum Packetization Period: 120
Supported Codec: g722r64, Maximum Packetization Period: 30
Supported Codec: g729br8, Maximum Packetization Period: 60
Supported Codec: g729r8, Maximum Packetization Period: 60
Supported Codec: gsmamr-nb, Maximum Packetization Period: 60
Supported Codec: pass-thru, Maximum Packetization Period: N/A
Supported Codec: g711ulaw, Maximum Packetization Period: 30
Supported Codec: g711alaw, Maximum Packetization Period: 30
Supported Codec: g729ar8, Maximum Packetization Period: 60
Supported Codec: g729abr8, Maximum Packetization Period: 60
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: rfc2833 pass-thru, Maximum Packetization Period: 30
Supported Codec: inband-dtmf to rfc2833 conversion, Maximum Packetization Period: 30
Conferencing Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Profile Identifier: 1002
Reported Max Streams: 16, Reported Max OOS Streams: 0
Supported Codec: g711ulaw, Maximum Packetization Period: 30
Supported Codec: g711alaw, Maximum Packetization Period: 30
Supported Codec: g729ar8, Maximum Packetization Period: 60
Supported Codec: g729abr8, Maximum Packetization Period: 60
Supported Codec: g729r8, Maximum Packetization Period: 60
Supported Codec: g729br8, Maximum Packetization Period: 60
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: rfc2833 pass-thru, Maximum Packetization Period: 30
Supported Codec: inband-dtmf to rfc2833 conversion, Maximum Packetization Period: 30
TLS : ENABLED
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070080
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20
Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070081
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20
Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070082
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
Alg_Phone Oper State: ACTIVE - Cause Code: NONE
Active Call Manager: 152.63.1.19, Port Number: 2000
TCP Link Status: CONNECTED, Device Name: AN71FEF7F070083
Reported Max Streams: 1, Reported Max OOS Streams: 0
Supported Codec: rfc2833 dtmf, Maximum Packetization Period: 30
Supported Codec: g711ulaw, Maximum Packetization Period: 20
Supported Codec: g711alaw, Maximum Packetization Period: 20
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: g729ar8, Maximum Packetization Period: 220
Supported Codec: g729br8, Maximum Packetization Period: 220
Supported Codec: g729r8, Maximum Packetization Period: 220
Supported Codec: ilbc, Maximum Packetization Period: 120
eucamvgw01# -
Directory Caching issue with Cisco Jabber client for Windows
Hi ,
I am facing cache issue with Cisco Jabber client for Windows. If I do any change related to modification or deletion of contacts in Active Directory/ Callmanager, it does not reflect in the Jabber. Because jabber takes the contacts from the locally stored cache file in the Windows system.
Every time I have to remove the cache file to overcome this issue, practically it's not possible to do the same with all the Widows users. As, if any employee leaves the company and still I can see his contact appears in the "Cisco Jabber client". I have not seen this issue with Android/Apple iOS.
Is there any automated way to remove the cache file?
Here is the detail of CUCM,Presence and Jabber.
CUCM version: 9.1.x
Presence : 9.1.X
Jabber : 10.5 and 10.6Hello
On our environment we had to install a dedicated Microsoft Certificate Authority "just for Cisco Jabber usage" to house the
Network Device Enrollment Service.
Our certificate for the CUPS were generated on this Certification Authority too.
I discussed this certificate matter with my colleagues this afternoon and nobody seems to remember how these certificates were deployed into the
Enterprise Trust store for the users.
But I think they asked all 400 users to accept the 3 certificates by answering "yes" to the popup instead of using a script deployed by GPO...
I wish you success with that deployment and really hope you have a technical partner that *Knows* this subject.
Our partner left us alone with that unfortunately.
Florent
EDIT: If the "Certutil script method" works, please let me know. This could be useful in our own deployment. -
Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis
We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.Hi,
So you have N7k acting as L3 with servers connected to 4510?.
Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
This will help narrow down if issue is between server to 4510 or 4510 to N7k.
Thanks,
Nagendra
Maybe you are looking for
-
My mousecursor is flickering when i go over a canvas3D. Can i solve this problem? thanx
-
Installed v8 and now itunes won't open
I upgraded to V 8 and now itunes won't open. Saying my audio configuration not right. Anyone know how to fix this?
-
P910a discontinued - what's left?
Hi, Having followed plenty of discussion here and other places I decided p910a is the best isyncing, qwerty smartphone for our 10 sales guys. I came to purchase... but I can't seem to get a p910a anywhere except eBay. They're not at http://shopwirele
-
When I open a PNG photoshop crashes
HI community, recently when I try to open any kind of PNG, photoshop crashes. I open it as manager, compatibility solution but nothing happens. Please help me thank u PHotoshop CC WIn7 32 bits
-
Please help