WAAS Error
WCCP router 10.10.177.133 unusable for service id: 61 reason: Assignment method mismatch with router
WCCP router 10.10.177.133 unusable for service id: 62 reason: Assignment method mismatch with router
10.10.177.133 is the loopback of the router which is in the wccp router-list. This popped up after our upgrade to 4.4.3
I re-checked the config and all is the same as other WAE's in our environment.
Please help.
Hi Douglas,
ASR platform will only support MASK assignment. You can use the documentation below for your reference:
http://www.cisco.com/en/US/prod/collateral/routers/ps9343/white_paper_c11_502351.html
The redirection/return and assignment method are done in the WAE side. So make sure to explicity include the Mask value there as showed in the example below:
wccp router-list 1 10.10.10.1 10.10.10.2
wccp tcp-promiscuous mask src-ip-mask 0xc00 dst-ip-mask 0x0
wccp tcp-promiscuous router-list-num 1 mask-assign
wccp version 2
Regards
Rubens
Similar Messages
-
WAAS error receiving statistics
Hello,
When I attempt to display statistics from our 2 WAE's from the CM I get the following errors. Do you have any ideas ?
Best regards
Stephen
2012 Jan 23 06:57:45 WADMZJA01 java: %WAAS-CMS-4-700001: cdm(TP-Processor3): ce= 1118GetConnTable request failed, ce=1118, un
icorn.RpcException: Error retrieving peer node id for host[1118]: 203.185.29.77:443. Connection failed.
2012 Jan 23 07:14:10 WADMZJA01 java: %WAAS-CMS-4-700002: cdm(TP-Processor1): unicorn.RpcException: Error retrieving peer node
id for host[2478]: 193.202.17.248. Connection failed.: unicorn.RpcException: Error retrieving peer node id for host[2478]: 1
93.202.17.248. Connection failed. at com.cisco.unicorn.messaging.DistributionAdapterRpcClient.checkPeerNodeId(Distribut
ionAdapterRpcClient.java:242) at com.cisco.unicorn.messaging.DistributionAdapterRpcClient.sendSync(DistributionAdapterRpcCl
ient.java:163) at com.cisco.unicorn.messaging.DistributionAdapter.sendSync(DistributionAdapter.java:423) at com.cisco.
unicorn.messaging.DistributionMessage.sendSync(DistributionMessage.java:645) at com.cisco.unicorn.messaging.DistributionMe
ssage.sendSync(DistributionMessage.java:627) at com.cisco.unicorn.stats.ConnStatsProvider.getConnData(ConnStatsProvider.ja
va:173) at management.Monitoring.ConnMonitorTable_jsp._jspService(ConnMonitorTable_jsp.java:228) at org.apache
.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at ja
2012 Jan 23 07:14:10 WADMZJA01 java: %WAAS-CMS-4-700001: cdm(TP-Processor1): ce= 2478GetConnTable request failed, ce=2478, un
icorn.RpcException: Error retrieving peer node id for host[2478]: 193.202.17.248. Connection failed.Hi Stephen, is any Firewall between the CMs and the WAE's
If yes, is important to permit some ports like TCP 443, TCP 8443, TCP 22, TCP 23, etc
Remember that in this case probably the CM will initiate the HTTPS Session.
Usually the WAE starts the Session, to register and syncronize
My Best Regards
Andre Lomonaco -
Waas error message - WAAS-SYS-4-900000: time.c: can't update CMOS
This was moved from another board,
I this error on our syslog server from our WAE-7371 (running older code, but that is in the works to upgrade shortly,4.1.3b) , and I have checked the clocks on the inline devices and the CM and all are set insync. Any other ideas?
kernel: %WAAS-SYS-4-900000: time.c: can't update CMOSHi Cora,
With the NTP source being the same on on all devices and the clock in sync among them, the battery problem was confirmed in the bmc.log as the last entries indicated the power off/down with timestamp 01/02/1970.
The resolution is to RMA the appliance.
Regards,
Fabio Bergamo
Cisco TAC -
Hi all,
Is this Syslog Error Message affecting statistics in % Compression?
What is the cause of this ? It is tunned, or should be automaticaly resolved?
Best Regards,
Bruno Petrónio
*** Output ***
2009 Jul 30 11:33:13 wae so_dre: %WAAS-RE-3-690464: (74488:2) RE File Manager error: filemgr_state::do_io (segments) call pwrite(90, 0x51e7e008, 65536, 68485120): No space left on device
2009 Jul 30 11:33:13 wae so_dre: %WAAS-RE-3-690432: (74673:2) FileMgr failed in writing data-segment start at id=834779, error=0xfffffc09--Disk is full
2009 Jul 30 11:33:13 wae so_dre: %WAAS-RE-3-690464: (112823:2) RE File Manager error: filemgr_state::do_io (segments) call pwrite(90, 0x5140e008, 65536, 69271552): No space left on device
2009 Jul 30 11:33:13 wae so_dre: %WAAS-RE-3-690432: (112995:2) FileMgr failed in writing data-segment start at id=834791, error=0xfffffc09--Disk is full
wae#show disks details
Physical disk information:
disk00: Present WD-WCANY3489733 (h02 c00 i00 l00 - Int DAS-SATA)
238472MB(232.9GB)
disk01: Present WD-WCANY3489714 (h02 c00 i01 l00 - Int DAS-SATA)
238472MB(232.9GB)
Mounted file systems:
MOUNT POINT TYPE DEVICE SIZE INUSE FREE USE%
/sw internal /dev/md0 991MB 912MB 79MB 92%
/swstore internal /dev/md1 991MB 459MB 532MB 46%
/state internal /dev/md2 5951MB 191MB 5760MB 3%
/local/local1 SYSFS /dev/md4 11903MB 601MB 11302MB 5%
.../local1/spool PRINTSPOOL /dev/data1/spool 991MB 32MB 959MB 3%
/obj1 CONTENT /dev/data1/obj 125975MB 1013MB 124962MB 0%
/dre1 CONTENT /dev/data1/dre 59515MB 59514MB 1MB 99%
/ackq1 internal /dev/data1/ackq 1189MB 32MB 1157MB 2%
/plz1 internal /dev/data1/plz 2379MB 65MB 2314MB 2%
Software RAID devices:
DEVICE NAME TYPE STATUS PHYSICAL DEVICES AND STATUS
/dev/md0 RAID-1 NORMAL OPERATION disk00/00[GOOD] disk01/00[GOOD]
/dev/md1 RAID-1 NORMAL OPERATION disk00/01[GOOD] disk01/01[GOOD]
/dev/md2 RAID-1 NORMAL OPERATION disk00/02[GOOD] disk01/02[GOOD]
/dev/md3 RAID-1 NORMAL OPERATION disk00/03[GOOD] disk01/03[GOOD]
/dev/md4 RAID-1 NORMAL OPERATION disk00/04[GOOD] disk01/04[GOOD]
/dev/md5 RAID-1 NORMAL OPERATION disk00/05[GOOD] disk01/05[GOOD]
Disk encryption feature is disabled.
wae# sho disks failed-disk-id
Disk location Serial Number
wae# sho disks failed-sectors
disk00
=========
(none)
disk01
=========
(none)
wae#Thank You very much Zach,
It seems to be the case.
It was a Demo in a client, which in some time we decide to upgrade the memory, cause a persistent tfo limition alarm.
The final results were not good about % of Optimization and Compression/Traffic Reduction.
But, what the hell, we are always learning !
Thanks a lot.
Bruno Petrónio -
Error message trying to enable WAAS Express
I have one location that is giving me fits trying to enable WAAS express. The three before it went fine but I think this may be related to the fact that this one location is currently configured to support COS. The message I receive when issueing the waas enable command is
% waas enable failed: Unable to create WAAS class-map as class-map BGP already exists in another type.
This are their current definitions ...
class-map match-any BGP
match protocol bgp
class-map match-any COS3
match access-group name COS3-Traffic
match protocol icmp
class-map match-any COS2
match access-group name COS2-Traffic
match protocol bgp
class-map match-any COS1
match access-group name COS1-Traffic
policy-map MARK-BGP
class BGP
set ip dscp cs6
policy-map COS
class COS1
priority 320
set ip dscp ef
class COS2
bandwidth remaining percent 60
set ip dscp af31
service-policy MARK-BGP
class COS3
bandwidth remaining percent 30
set ip dscp af21
class class-default
bandwidth remaining percent 10
set ip dscp defaultHi,
When you first enable WAAS express on a device, it will define a set of policies for traffic optimization. Among those, there is one called BGP, which is conflicting with the current one and as a result, enabling WAAS fails and the error you saw is displayed
To solve this issue, you will have to change the configuration of your device to ensure that there are no classes or policies with the same names as the ones that WAAS will configure.
For your reference, below you can see a list of the configuration that will be added by WAAS Express by default:
class-map type waas match-any BFTP match tcp destination port 152 class-map type waas match-any MS-Message-Queuing match tcp destination port 1801 match tcp destination port 2101 match tcp destination port 2103 match tcp destination port 2105 class-map type waas match-any WINS match tcp destination port 42 match tcp destination port 137 match tcp destination port 1512 class-map type waas match-any NNTP match tcp destination port 119 class-map type waas match-any PPTP match tcp destination port 1723 class-map type waas match-any Internet-Mail-secure match tcp destination port 995 match tcp destination port 993 match tcp destination port 465 class-map type waas match-any RTSP match tcp destination port 554 match tcp destination port 8554 class-map type waas match-any VocalTec match tcp destination port 1490 match tcp destination port 6670 match tcp destination port 25793 match tcp destination port 22555 class-map type waas match-any PostgreSQL match tcp destination port 5432 class-map type waas match-any Danware-NetOp match tcp destination port 6502 class-map type waas match-any TACACS match tcp destination port 49 class-map type waas match-any XWindows match tcp destination port 6000 6063 class-map type waas match-any Cisco-CallManager match tcp destination port 2748 match tcp destination port 2443 class-map type waas match-any MS-EndPointMapper match tcp destination port 135 class-map type waas match-any PDMWorks match tcp destination port 30000 match tcp destination port 40000 class-map type waas match-any MS-Chat match tcp destination port 6665 match tcp destination port 6667 class-map type waas match-any SASL match tcp destination port 3659 class-map type waas match-any SOAP match tcp destination port 7627 class-map type waas match-any Laplink-ShareDirect match tcp destination port 2705 class-map type waas match-any EMC-SRDFA-IP match tcp destination port 1748 class-map type waas match-any FTPS match tcp destination port 990 class-map type waas match-any Veritas-NetBackup match tcp destination port 13720 match tcp destination port 13721 match tcp destination port 13782 match tcp destination port 13785 class-map type waas match-any Basic-TCP-services match tcp destination port 1 19 class-map type waas match-any Connected-DataProtector match tcp destination port 16384 class-map type waas match-any MS-Terminal-Services match tcp destination port 3389 class-map type waas match-any TFTP match tcp destination port 69 class-map type waas match-any HTTP match tcp destination port 80 match tcp destination port 8080 match tcp destination port 8000 match tcp destination port 8001 match tcp destination port 3128 class-map type waas match-any QMTP match tcp destination port 209 class-map type waas match-any IBM-NetView match tcp destination port 729 731 class-map type waas match-any LDAP match tcp destination port 389 match tcp destination port 8404 class-map type waas match-any BitTorrent match tcp destination port 6881 6889 match tcp destination port 6969 class-map type waas match-any FCIP match tcp destination port 3225 class-map type waas match-any Novell-ZenWorks match tcp destination port 1761 1763 match tcp destination port 517 match tcp destination port 2544 match tcp destination port 8039 match tcp destination port 2037 class-map type waas match-any UniSQL match tcp destination port 1978 match tcp destination port 1979 class-map type waas match-any RAdmin match tcp destination port 4899 class-map type waas match-any SoulSeek match tcp destination port 2234 match tcp destination port 5534 class-map type waas match-any WBEM match tcp destination port 5987 match tcp destination port 5988 class-map type waas match-any CIFS match tcp destination port 139 match tcp destination port 445 class-map type waas match-any Lotus-Sametime-Connect match tcp destination port 1533 class-map type waas match-any IBM-TSM match tcp destination port 1500 1502 class-map type waas match-any Remote-Replication-Agent match tcp destination port 5678 class-map type waas match-any Telnet match tcp destination port 23 match tcp destination port 107 match tcp destination port 513 class-map type waas match-any LDAP-secure match tcp destination port 636 class-map type waas match-any Remote-Anything match tcp destination port 3999 4000 class-map type waas match-any Double-Take match tcp destination port 1105 match tcp destination port 1100 class-map type waas match-any Borland-Interbase match tcp destination port 3050 class-map type waas match-any Sun-RPC match tcp destination port 111 class-map type waas match-any NetApp-SnapMirror match tcp destination port 10565 10569 class-map type waas match-any Amanda match tcp destination port 10080 class-map type waas match-any iSNS match tcp destination port 3205 class-map type waas match-any FTP-Control match tcp destination port 21 class-map type waas match-any HP-OpenMail match tcp destination port 5755 match tcp destination port 5757 match tcp destination port 5766 match tcp destination port 5767 match tcp destination port 5768 match tcp destination port 5729 class-map type waas match-any PCAnywhere match tcp destination port 73 match tcp destination port 5631 5632 match tcp destination port 65301 class-map type waas match-any EMC-Celerra-Replicator match tcp destination port 8888 class-map type waas match-any Gnutella match tcp destination port 6346 6349 match tcp destination port 6355 match tcp destination port 5634 class-map type waas match-any HP-OpenView match tcp destination port 7426 7431 match tcp destination port 7501 match tcp destination port 7510 class-map type waas match-any MSN-Messenger match tcp destination port 1863 match tcp destination port 6891 6900 class-map type waas match-any Yahoo-Messenger match tcp destination port 5000 5001 match tcp destination port 5050 match tcp destination port 5100 class-map type waas match-any Apple-AFP match tcp destination port 548 class-map type waas match-any Apple-iChat match tcp destination port 5297 match tcp destination port 5298 class-map type waas match-any PCMail-Server match tcp destination port 158 class-map type waas match-any Siebel match tcp destination port 8448 match tcp destination port 2320 match tcp destination port 2321 class-map type waas match-any Kerberos match tcp destination port 88 match tcp destination port 2053 match tcp destination port 754 match tcp destination port 888 match tcp destination port 543 match tcp destination port 464 match tcp destination port 544 match tcp destination port 749 class-map type waas match-any MS-NetMeeting match tcp destination port 522 match tcp destination port 1503 match tcp destination port 1731 class-map type waas match-any Oracle match tcp destination port 66 match tcp destination port 1525 match tcp destination port 1521 class-map type waas match-any Unix-Printing match tcp destination port 515 match tcp destination port 170 class-map type waas match-any Documentum match tcp destination port 1489 class-map type waas match-any Pervasive-SQL match tcp destination port 1583 class-map type waas match-any Jabber match tcp destination port 5222 match tcp destination port 5269 class-map type waas match-any iFCP match tcp destination port 3420 class-map type waas match-any NNTP-secure match tcp destination port 563 class-map type waas match-any SQL-Service match tcp destination port 156 class-map type waas match-any Internet-Mail match tcp destination port 25 match tcp destination port 110 match tcp destination port 143 match tcp destination port 220 class-map type waas match-any Lotus-Notes match tcp destination port 1352 class-map type waas match-any SSL-Shell match tcp destination port 614 class-map type waas match-any CU-SeeMe match tcp destination port 7640 match tcp destination port 7642 match tcp destination port 7648 match tcp destination port 7649 class-map type waas match-any Simple-FTP match tcp destination port 115 class-map type waas match-any AOL match tcp destination port 5190 5193 class-map type waas match-any SAP match tcp destination port 3200 3219 match tcp destination port 3390 3399 match tcp destination port 3284 3305 match tcp destination port 3226 3267 match tcp destination port 3662 3699 match tcp destination port 3221 3224 match tcp destination port 3270 3282 match tcp destination port 3307 3388 match tcp destination port 3600 3659 class-map type waas match-any waas-default match tcp any class-map type waas match-any Laplink-PCSync match tcp destination port 8444 class-map type waas match-any TFTPS match tcp destination port 3713 class-map type waas match-any WinMX match tcp destination port 6699 class-map type waas match-any CVS match tcp destination port 2401 class-map type waas match-any ezMeeting match tcp destination port 10101 10103 match tcp destination port 26260 26261 class-map type waas match-any NetIQ match tcp destination port 2220 match tcp destination port 2735 match tcp destination port 10113 10116 class-map type waas match-any Grouper match tcp destination port 8038 class-map type waas match-any Netopia-Timbuktu match tcp destination port 407 match tcp destination port 1417 1420 class-map type waas match-any Novell-Groupwise match tcp destination port 1677 match tcp destination port 1099 match tcp destination port 9850 match tcp destination port 7205 match tcp destination port 3800 match tcp destination port 7100 match tcp destination port 7180 match tcp destination port 7101 match tcp destination port 7181 match tcp destination port 2800 class-map type waas match-any SSH match tcp destination port 22 class-map type waas match-any IPP match tcp destination port 631 class-map type waas match-any IBM-Tivoli match tcp destination port 94 match tcp destination port 627 match tcp destination port 1965 match tcp destination port 1580 match tcp destination port 1581 class-map type waas match-any NTP match tcp destination port 123 class-map type waas match-any VoIP-Control match tcp destination port 1300 match tcp destination port 2428 match tcp destination port 2000 2002 match tcp destination port 1718 1720 match tcp destination port 5060 match tcp destination port 11000 11999 class-map type waas match-any HTTPS match tcp destination port 443 class-map type waas match-any SUN-Xprint match tcp destination port 8100 class-map type waas match-any Clearcase match tcp destination port 371 class-map type waas match-any Service-Location match tcp destination port 427 class-map type waas match-any MS-NetShow match tcp destination port 1755 class-map type waas match-any Napster match tcp destination port 8875 match tcp destination port 7777 match tcp destination port 6700 match tcp destination port 6666 match tcp destination port 6677 match tcp destination port 6688 class-map type waas match-any Kazaa match tcp destination port 1214 class-map type waas match-any Laplink-Host match tcp destination port 1547 class-map type waas match-any Telnets match tcp destination port 992 class-map type waas match-any AFS match tcp destination port 7000 7009 class-map type waas match-any Scalable-SQL match tcp destination port 3352 class-map type waas match-any WASTE match tcp destination port 1337 class-map type waas match-any BGP match tcp destination port 179 class-map type waas match-any BMC-Patrol match tcp destination port 6161 match tcp destination port 6162 match tcp destination port 8160 match tcp destination port 8161 match tcp destination port 6767 match tcp destination port 6768 match tcp destination port 10128 class-map type waas match-any Rsync match tcp destination port 873 class-map type waas match-any Qnext match tcp destination port 44 match tcp destination port 5555 class-map type waas match-any Intel-Proshare match tcp destination port 5713 5717 class-map type waas match-any Liquid-Audio match tcp destination port 18888 class-map type waas match-any WAAS-FlowMonitor match tcp destination port 7878 class-map type waas match-any eDonkey match tcp destination port 4661 4662 class-map type waas match-any IRC match tcp destination port 531 match tcp destination port 6660 6669 class-map type waas match-any DNS match tcp destination port 53 class-map type waas match-any Filenet match tcp destination port 32768 32774 class-map type waas match-any ControlIT match tcp destination port 799 class-map type waas match-any Citrix-ICA match tcp destination port 1494 match tcp destination port 2598 class-map type waas match-any NFS match tcp destination port 2049 class-map type waas match-any Netopia-netOctopus match tcp destination port 1917 match tcp destination port 1921 class-map type waas match-any VNC match tcp destination port 5801 5809 match tcp destination port 6900 6909 class-map type waas match-any Vmware-VMConsole match tcp destination port 902 class-map type waas match-any Sybase-SQL match tcp destination port 1498 match tcp destination port 2638 match tcp destination port 2439 match tcp destination port 3968 class-map type waas match-any Unix-Remote-Execution match tcp destination port 514 match tcp destination port 512 class-map type waas match-any ProjectWise-FileTransfer match tcp destination port 5800 class-map type waas match-any Other-Secure match tcp destination port 261 match tcp destination port 448 match tcp destination port 684 match tcp destination port 695 match tcp destination port 994 match tcp destination port 2252 match tcp destination port 2478 match tcp destination port 2479 match tcp destination port 2482 match tcp destination port 2484 match tcp destination port 2679 match tcp destination port 2762 match tcp destination port 2998 match tcp destination port 3077 match tcp destination port 3078 match tcp destination port 3183 match tcp destination port 3191 match tcp destination port 3220 match tcp destination port 3410 match tcp destination port 3424 match tcp destination port 3471 match tcp destination port 3496 match tcp destination port 3509 match tcp destination port 3529 match tcp destination port 3539 match tcp destination port 3660 match tcp destination port 3661 match tcp destination port 3747 match tcp destination port 3864 match tcp destination port 3885 match tcp destination port 3896 match tcp destination port 3897 match tcp destination port 3995 match tcp destination port 4031 match tcp destination port 5007 match tcp destination port 5989 match tcp destination port 5990 match tcp destination port 7674 match tcp destination port 9802 match tcp destination port 12109 class-map type waas match-any FTP-Data match tcp source port 20 class-map type waas match-any IBM-DB2 match tcp destination port 523 class-map type waas match-any LDAP-Global-Catalog match tcp destination port 3268 class-map type waas match-any Legato-RepliStor match tcp destination port 7144 match tcp destination port 7145 class-map type waas match-any MDaemon match tcp destination port 3000 match tcp destination port 3001 class-map type waas match-any Novell-NetWare match tcp destination port 524 class-map type waas match-any Altiris-CarbonCopy match tcp destination port 1680 class-map type waas match-any iSCSI match tcp destination port 3260 class-map type waas match-any AppSocket match tcp destination port 9100 class-map type waas match-any HP-Radia match tcp destination port 3460 match tcp destination port 3461 match tcp destination port 3464 match tcp destination port 3466 class-map type waas match-any VDOLive match tcp destination port 7000 class-map type waas match-any X400 match tcp destination port 102 class-map type waas match-any Apple-NetAssistant match tcp destination port 3283 class-map type waas match-any Symantec-AntiVirus match tcp destination port 2847 match tcp destination port 2848 match tcp destination port 2967 match tcp destination port 2968 match tcp destination port 38037 match tcp destination port 38292 class-map type waas match-any Legato-NetWorker match tcp destination port 7937 match tcp destination port 7938 match tcp destination port 7939 class-map type waas match-any SIP-secure match tcp destination port 5061 class-map type waas match-any InterSystems-Cache match tcp destination port 1972 class-map type waas match-any BackupExpress match tcp destination port 6123 class-map type waas match-any CommVault match tcp destination port 8400 8403 class-map type waas match-any Veritas-BackupExec match tcp destination port 6101 match tcp destination port 6102 match tcp destination port 6106 match tcp destination port 3527 match tcp destination port 1125 class-map type waas match-any L2TP match tcp destination port 1701 class-map type waas match-any LANDesk match tcp destination port 9535 match tcp destination port 9593 9595 class-map type waas match-any MySQL match tcp destination port 3306 class-map type waas match-any FTPS-Control match tcp source port 989 class-map type waas match-any LDAP-Global-Catalog-Secure match tcp destination port 3269 class-map type waas match-any MS-Content-Replication-Service match tcp destination port 560 match tcp destination port 507 class-map type waas match-any OpenVPN match tcp destination port 1194 class-map type waas match-any HotLine match tcp destination port 5500 5503 class-map type waas match-any MS-SQL match tcp destination port 1433 class-map type waas match-any Laplink-PCSync-secure match tcp destination port 8443 !!policy-map type waas waas_global class AFS optimize tfo dre lz application File-System class AOL passthrough application Instant-Messaging class Altiris-CarbonCopy passthrough application Remote-Desktop class Amanda optimize tfo application Backup class AppSocket optimize tfo dre lz application Printing class Apple-AFP optimize tfo dre lz application File-System class Apple-NetAssistant passthrough application Remote-Desktop class Apple-iChat passthrough application Instant-Messaging class BFTP optimize tfo dre lz application File-Transfer class BGP optimize tfo dre lz application Other class BMC-Patrol passthrough application Systems-Management class BackupExpress optimize tfo application Backup class Basic-TCP-services passthrough application Other class BitTorrent passthrough application P2P class Borland-Interbase optimize tfo dre lz application SQL class CIFS optimize tfo dre lz application WAFS class CU-SeeMe passthrough application Conferencing class CVS optimize tfo dre lz application Version-Management class Cisco-CallManager passthrough application Call-Management class Citrix-ICA optimize tfo dre lz application Remote-Desktop class Clearcase optimize tfo dre lz application Version-Management class CommVault optimize tfo application Backup class Connected-DataProtector optimize tfo application Backup class ControlIT optimize tfo application Remote-Desktop class DNS passthrough application Name-Services class Danware-NetOp optimize tfo application Remote-Desktop class Documentum optimize tfo dre lz application Content-Management class Double-Take optimize tfo dre lz application Replication class EMC-Celerra-Replicator optimize tfo dre lz application Replication class EMC-SRDFA-IP optimize tfo dre lz application Storage class FCIP optimize tfo dre lz application Storage class FTP-Control passthrough application File-Transfer class FTP-Data optimize tfo dre lz application File-Transfer class FTPS optimize tfo application File-Transfer class FTPS-Control passthrough application File-Transfer class Filenet optimize tfo dre lz application Content-Management class Gnutella passthrough application P2P class Grouper passthrough application P2P class HP-OpenMail optimize tfo dre lz application Email-and-Messaging class HP-OpenView passthrough application Systems-Management class HP-Radia optimize tfo dre lz application Systems-Management class HTTP optimize tfo dre lz application Web class HTTPS optimize tfo application SSL class HotLine passthrough application P2P class IBM-DB2 optimize tfo dre lz application SQL class IBM-NetView passthrough application Systems-Management class IBM-TSM optimize tfo dre lz application Backup class IBM-Tivoli optimize tfo dre lz application Systems-Management class IPP optimize tfo dre lz application Printing class Intel-Proshare passthrough application Conferencing class InterSystems-Cache optimize tfo dre lz application SQL class Internet-Mail optimize tfo dre lz application Email-and-Messaging class Internet-Mail-secure optimize tfo application Email-and-Messaging class Jabber passthrough application Instant-Messaging class Kazaa passthrough application P2P class Kerberos passthrough application Authentication class L2TP optimize tfo application VPN class LANDesk optimize tfo dre lz application Systems-Management class LDAP optimize tfo dre lz application Directory-Services class LDAP-Global-Catalog optimize tfo dre lz application Directory-Services class LDAP-Global-Catalog-Secure passthrough application Directory-Services class LDAP-secure passthrough application Directory-Services class Laplink-Host optimize tfo application Remote-Desktop class Laplink-PCSync optimize tfo application Remote-Desktop class Laplink-PCSync-secure optimize tfo application Remote-Desktop class Laplink-ShareDirect passthrough application P2P class Legato-NetWorker optimize tfo application Backup class Legato-RepliStor optimize tfo application Backup class Liquid-Audio optimize tfo dre lz application Streaming class Lotus-Notes optimize tfo dre lz application Email-and-Messaging class Lotus-Sametime-Connect passthrough application Instant-Messaging class MDaemon optimize tfo dre lz application Email-and-Messaging class MS-Chat passthrough application Instant-Messaging class MS-Content-Replication-Service optimize tfo application Replication class MS-EndPointMapper optimize tfo application Other class MS-Message-Queuing optimize tfo dre lz application Other class MS-NetMeeting passthrough application Conferencing class MS-NetShow optimize tfo dre lz application Streaming class MS-SQL optimize tfo dre lz application SQL class MS-Terminal-Services optimize tfo application Remote-Desktop class MSN-Messenger passthrough application Instant-Messaging class MySQL optimize tfo dre lz application SQL class NFS optimize tfo dre lz application File-System class NNTP optimize tfo dre lz application Email-and-Messaging class NNTP-secure optimize tfo application Email-and-Messaging class NTP passthrough application Other class Napster passthrough application P2P class NetApp-SnapMirror optimize tfo dre lz application Replication class NetIQ passthrough application Systems-Management class Netopia-Timbuktu optimize tfo application Remote-Desktop class Netopia-netOctopus passthrough application Systems-Management class Novell-Groupwise optimize tfo dre lz application Email-and-Messaging class Novell-NetWare optimize tfo dre lz application File-System class Novell-ZenWorks optimize tfo dre lz application Systems-Management class OpenVPN optimize tfo application VPN class Oracle optimize tfo dre lz application SQL class Other-Secure passthrough application Other class PCAnywhere optimize tfo application Remote-Desktop class PCMail-Server optimize tfo dre lz application Email-and-Messaging class PDMWorks optimize tfo dre lz application CAD class PPTP optimize tfo application VPN class Pervasive-SQL optimize tfo dre lz application SQL class PostgreSQL optimize tfo dre lz application SQL class ProjectWise-FileTransfer optimize tfo dre lz application Content-Management class QMTP optimize tfo dre lz application Email-and-Messaging class Qnext passthrough application P2P class RAdmin optimize tfo application Remote-Desktop class RTSP optimize tfo dre lz application Streaming class Remote-Anything optimize tfo application Remote-Desktop class Remote-Replication-Agent optimize tfo application Replication class Rsync optimize tfo dre lz application Replication class SASL passthrough application Authentication class SIP-secure passthrough application Call-Management class SOAP optimize tfo dre lz application Other class SQL-Service optimize tfo dre lz application SQL class SSH optimize tfo application SSH class SSL-Shell passthrough application Console class SUN-Xprint optimize tfo dre lz application Printing class Scalable-SQL optimize tfo dre lz application SQL class Service-Location passthrough application Name-Services class Siebel optimize tfo dre lz application Enterprise-Applications class Simple-FTP optimize tfo dre lz application File-Transfer class SoulSeek passthrough application P2P class Sun-RPC passthrough application File-System class Sybase-SQL optimize tfo dre lz application SQL class Symantec-AntiVirus optimize tfo dre lz application Other class TACACS passthrough application Authentication class TFTP optimize tfo dre lz application File-Transfer class TFTPS optimize tfo application File-Transfer class Telnet passthrough application Console class Telnets passthrough application Console class UniSQL optimize tfo dre lz application SQL class Unix-Printing optimize tfo dre lz application Printing class Unix-Remote-Execution passthrough application Console class VDOLive optimize tfo dre lz application Streaming class Veritas-BackupExec optimize tfo application Backup class Veritas-NetBackup optimize tfo application Backup class Vmware-VMConsole optimize tfo application Remote-Desktop class VoIP-Control passthrough application Call-Management class VocalTec passthrough application Conferencing class WAAS-FlowMonitor optimize tfo lz application Systems-Management class WASTE passthrough application P2P class WBEM passthrough application Systems-Management class WINS passthrough application Name-Services class WinMX passthrough application P2P class X400 optimize tfo dre lz application Email-and-Messaging class XWindows optimize tfo application Remote-Desktop class Yahoo-Messenger passthrough application Instant-Messaging class eDonkey passthrough application P2P class ezMeeting passthrough application Conferencing class iFCP optimize tfo dre lz application Storage class iSCSI optimize tfo dre lz application Storage class iSNS passthrough application Name-Services class IRC passthrough application Instant-Messaging class SAP optimize tfo dre lz application Enterprise-Applications class VNC optimize tfo application Remote-Desktop class waas-default optimize tfo dre lz application waas-default
I hope this helps
Daniel -
WAAS-CIFSAO Error replying to client
I observe these WAAS CIFS errors on wae devices in my network. Can you please throw some light on when these errors occur and their effect.
Jun 14 11:52:53 waas-hou1.hou.shaw.net 2011 Jun 14 11: java: %WAAS-CIFSAO-3-131207: (965197) Error replying to client 149.77.232.204
ThanksHi,
Thanks for sharing the information.
To be frank, it is tough to narrow down and pin point the problem. The best way to nail down this problem would be to open a TAC case. I suspect few defects mentioned below but not sure if you are really hiting any one of this because we need supporting logs to confirm that.
1. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCSz31354
2. http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?caller=pluginredirector&method=fetchBugDetails&bugId=CSCsz78754
Few options if you want to try that might help you.
Option 1: 4.1.5f is getting older now. You may want to upgrade to 4.3.1. The big reason behind upgrade suggestion is - there are lot of CIFS related fixes that have gone after 4.1.5f code.
Option 2: reload WAE. This might help temporarily but issue might come back anytime.
Option 3: Apply "disk delete-data-partitions" and "reload" on WAE from CLI. This will clear all the cache that is built up and may address the issue temporarilty but again, the issue migth come back anytime.
Hope this helps.
PS: Please mark this Answered, if this answers your question. -
I am receiving this error in my syslog, every couple weeks or so. It causes a flap between our two inline WAEs. Have an idea what can be causing this? syslog is below, start from the bottom up.
2011-03-10 10:30:08 Kernel Error 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-3-900000: e1000bp: eth4: e1000bp_watchdog: NIC Link is Up 1000 Mbps Full Duplex
2011-03-10 10:30:06 Kernel Error 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-3-900000: e1000bp: eth5: e1000bp_watchdog: NIC Link is Up 1000 Mbps Full Duplex
2011-03-10 10:30:02 Kernel Warning 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-4-900000: next_to_watch.status <0>
2011-03-10 10:30:02 Kernel Warning 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-4-900000: jiffies <2b900a9e1>
2011-03-10 10:30:02 Kernel Warning 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-4-900000: next_to_watch <91>
2011-03-10 10:30:02 Kernel Warning 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-4-900000: time_stamp <2b9008c71>
2011-03-10 10:30:02 Kernel Warning 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-4-900000: buffer_info[next_to_clean]
2011-03-10 10:30:02 Kernel Warning 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-4-900000: next_to_clean <91>
2011-03-10 10:30:02 Kernel Warning 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-4-900000: next_to_use <7e>
2011-03-10 10:30:02 Kernel Warning 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-4-900000: TDT <7e>
2011-03-10 10:30:02 Kernel Warning 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-4-900000: TDH <91>
2011-03-10 10:30:02 Kernel Warning 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-4-900000: Tx Queue <0>
2011-03-10 10:30:02 Kernel Error 10.0.100.26 2011 Mar 10 15: kernel: %WAAS-SYS-3-900000: e1000bp: eth5: e1000bp_clean_tx_irq: Detected Tx Unit HangHere is the output from the show alarms hist, also there are no visual LED problem with the device.
Op Sev Alarm ID Module/Submodule Instance
1 C Mi servicedead nodemgr cms_ce
Mar 7 15:00:41.435 EST, Processing Error Alarm, #000008, 2000:330004
nodemgr: The cms_ce service died.
2 R Mi servicedead nodemgr cms_ce
Mar 7 15:00:31.233 EST, Processing Error Alarm, #000008, 2000:330004
nodemgr: The cms_ce service died.
3 C Mi servicedead nodemgr device_mgr
Feb 2 11:31:45.484 EST, Processing Error Alarm, #000007, 2000:330004
nodemgr: The device_mgr service died.
4 R Mi servicedead nodemgr device_mgr
Feb 2 11:31:35.282 EST, Processing Error Alarm, #000007, 2000:330004
nodemgr: The device_mgr service died.
5 C Mi servicedead nodemgr device_mgr
Jan 22 20:39:47.480 EST, Processing Error Alarm, #000006, 2000:330004
nodemgr: The device_mgr service died.
6 R Mi servicedead nodemgr device_mgr
Jan 22 20:39:37.276 EST, Processing Error Alarm, #000006, 2000:330004
nodemgr: The device_mgr service died. -
WAAS + Copying Windows files = Error
Hello all,
I am trying to setup an optimized Datacenter/Branch WAAS solution. In my datacenter, I have my CM connected to the user VLAN. I have my core-wae (512) connected to my WAN router (2811) on a dedicated ethernet interface. At my branch, I have my edge-wae (also a 512) connected to a dedicated ethernet interface on the branch WAN router (1841). For both routers, I have WCCPv2 enabled with "IP WCCP 61 redirect in" configured on the LAN facing interface and "IP WCCP 62 redirect in" on the WAN facing interface. From a computer at the branch office, I can browse windows based shares. When I try to copy a file from a server (at the datacenter) to the computer, It hangs and eventually crashes. If I attempt to copy from a command windows, copying the same file, after a bit of time, I get the error "The network service is no longer available" (or something like that) error message and nothing gets copied. If I disable WCCP on the routers, I can copy the files without error.
Any ideas would be greatly appreciated.
EricZach,
Here is a series of traceroutes orginating from the workstation. I don't have access the 216.149.x.x routers as they are located in the MPLS cloud.
C:\>tracert 10.1.3.55
Tracing route to acct-old.lbbslaw.com [10.1.3.55]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.6.1.1
2 <1 ms <1 ms 1 ms 10.6.128.254
3 13 ms 28 ms 25 ms 216.149.52.109.ptr.us.xo.net [216.149.52.109]
4 16 ms 27 ms 32 ms 216.149.96.201.ptr.us.xo.net [216.149.96.201]
5 20 ms 15 ms 32 ms 216.149.33.102.ptr.us.xo.net [216.149.33.102]
6 16 ms 17 ms 24 ms acct-old.lbbslaw.com [10.1.3.55]
Trace complete.
LDBB3825-SF#traceroute ip 10.1.3.55 source 10.6.1.1
Type escape sequence to abort.
Tracing the route to 10.1.3.55
1 10.6.128.254 0 msec 0 msec 0 msec
2 216.149.52.109.ptr.us.xo.net (216.149.52.109) 4 msec 4 msec 4 msec
3 216.149.96.201.ptr.us.xo.net (216.149.96.201) 16 msec 16 msec 16 msec
4 216.149.33.102.ptr.us.xo.net (216.149.33.102) 16 msec 16 msec 20 msec
5 10.1.3.55 32 msec 16 msec 16 msec
LDBB3825-SF#
lbbs_SanFranCa_ipvpn#traceroute ip 10.1.3.55 source 10.6.128.254
Type escape sequence to abort.
Tracing the route to 10.1.3.55
1 216.149.52.109 8 msec 4 msec 4 msec
2 216.149.96.201 16 msec 16 msec 16 msec
3 216.149.33.102 16 msec 16 msec 20 msec
4 10.1.3.55 16 msec 16 msec 16 msec
lbbs_SanFranCa_ipvpn# -
WAAS 4.4.7a ERROR LOG
2014 Nov 6 11:40:04 WAE7371 java: %WAAS-CMS-4-700002: Thread(pool-1-thread-3): java.net.SocketException: Connection reset: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(SocketInputStream.java:113) at unicorn.RpcTcpTransport.readBytes(RpcTcpTransport.java:136) at unicorn.RpcTcpTransport.readNext(RpcTcpTransport.java:153) at unicorn.RpcTcpClient.processNext(RpcTcpClient.java:40) at com.actona.management.gateway.snmp.SnmpRpcServer$1.run(SnmpRpcServer.java:113) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662)
Hi,
Where are you seeing this error? Can you send me the output of show alarms?
Regards,
Kanwal
Note: Please mark answers if they are helpful. -
Any one know what "Spoofed packets dropped" and the "Packet pullups needed" are? Is the WAAS dropping packets it thinks it's being spoofed? Also, how can I get rid of the pullups? The WCCP setup is as follows; l2 forward/return to a 3750E stack switch, interfaces are setup as standby and the model is a 7371. I'm not using any WCCP redirect list.
Transparent GRE packets received: 0
Transparent non-GRE packets received: 1940435323
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted: 461319375
Invalid packets received: 731
Packets received with invalid service: 0
Packets received on a disabled service: 0
Packets received too small: 0
Packets dropped due to zero TTL: 0
Packets dropped due to bad buckets: 617
Packets dropped due to no redirect address: 0
Packets dropped due to loopback redirect: 227
Pass-through pkts dropped on assignment update:61
Connections bypassed due to load: 0
Packets sent back to router: 1829
GRE packets sent to router (not bypass): 0
Packets sent to another WAE: 63037
GRE fragments redirected: 1116193
GRE encapsulated fragments received: 0
Packets failed encapsulated reassembly: 0
Packets failed GRE encapsulation: 0
Packets dropped due to invalid fwd method: 0
Packets dropped due to insufficient memory: 0
Packets bypassed, no conn at all: 0
Packets bypassed, no pending connection: 0
Packets due to clean wccp shutdown: 0
Packets bypassed due to bypass-list lookup: 166
Packets received with client IP addresses: 460833489
Spoofed packets dropped: 57416
Conditionally Accepted connections: 0
Conditionally Bypassed connections: 0
L2 Bypass packets destined for loopback: 0
Packets w/WCCP GRE received too small: 0
Packets dropped due to received on loopback: 219
Packets dropped due to IP access-list deny: 0
Packets fragmented for bypass: 0
Packets fragmented for egress: 0
Packet pullups needed: 5484
Packets dropped due to no route found: 0Any one know what "Spoofed packets dropped" and the "Packet pullups needed" are? Is the WAAS dropping packets it thinks it's being spoofed? Also, how can I get rid of the pullups? The WCCP setup is as follows; l2 forward/return to a 3750E stack switch, interfaces are setup as standby and the model is a 7371. I'm not using any WCCP redirect list.
Transparent GRE packets received: 0
Transparent non-GRE packets received: 1940435323
Transparent non-GRE non-WCCP packets received: 0
Total packets accepted: 461319375
Invalid packets received: 731
Packets received with invalid service: 0
Packets received on a disabled service: 0
Packets received too small: 0
Packets dropped due to zero TTL: 0
Packets dropped due to bad buckets: 617
Packets dropped due to no redirect address: 0
Packets dropped due to loopback redirect: 227
Pass-through pkts dropped on assignment update:61
Connections bypassed due to load: 0
Packets sent back to router: 1829
GRE packets sent to router (not bypass): 0
Packets sent to another WAE: 63037
GRE fragments redirected: 1116193
GRE encapsulated fragments received: 0
Packets failed encapsulated reassembly: 0
Packets failed GRE encapsulation: 0
Packets dropped due to invalid fwd method: 0
Packets dropped due to insufficient memory: 0
Packets bypassed, no conn at all: 0
Packets bypassed, no pending connection: 0
Packets due to clean wccp shutdown: 0
Packets bypassed due to bypass-list lookup: 166
Packets received with client IP addresses: 460833489
Spoofed packets dropped: 57416
Conditionally Accepted connections: 0
Conditionally Bypassed connections: 0
L2 Bypass packets destined for loopback: 0
Packets w/WCCP GRE received too small: 0
Packets dropped due to received on loopback: 219
Packets dropped due to IP access-list deny: 0
Packets fragmented for bypass: 0
Packets fragmented for egress: 0
Packet pullups needed: 5484
Packets dropped due to no route found: 0 -
i have a problem, this is the log.
log:
image: Input/output error
Image was NOT written to flash. (err=0)
installer[1]: segfault at b6418004 eip b7f18d10 esp bfb3e0d0 error 4
installer[1]: segfault at b6418004 eip b7f18d10 esp bfb3e0d0 error 4Hi Juan,
It looks like the flash is bad. You may want to open a TAC case to RMA the WAE.
Regards. -
Hi All,
Can anyone tell me what this syslog message relates to? I'm seeing it on a whole lot of WAEs. Is it something I need to worry about or not?
nscd: %WAAS-UNKNOWN-5-899999: 5317: Handled cache clean up for SIGHUP
Thanks
ClaireHi Claire,
Getting this message can be normal.
Since it is generated by the nscd process that takes care of the dns caching (and that is it generated when the cache is flushed), I would maybe verify the DNS config on those devices and if it is properly configured, I wouldn't worry about it.
If you want, the test self-diagnostic basic should test your DNS settings for you.
Regards,
Nicolas -
Getting 413 errors on a 5505 firewall.
I am very new to Cisco 5505 firewalls and have been trying to troubleshoot a VPN connectivity issue over the past few days. Recently the AT&T router was tested and nothing is being blocked from it. Since I do not know much about the firewall, I am unsure if there is an issue with the config or if the problem lies elsewhere. When I initially log in into the firewall I noticed that the DMZ interface shows Line down, Link down. The other interfaces, inside and outside, both show up, up. I am not sure if the DMZ should show down, down or not. I was not the tech that set this firewall up so checking the config really does not tell me much as I am unfamiliar with what I am looking at. The config has been posted below. Any help would be greatly appreciated!!
: Saved
ASA Version 8.2(5)
hostname xxxfw01
domain-name xxxxxx.lcl
enable password zgDyB1JJR5jIt22C encrypted
passwd 5nswNE6Ndj.ogXD4 encrypted
names
name 192.168.1.30 ideacom-adtran-router
name 12.179.58.67 outside-voip
name 10.0.4.0 inside-secondary
name 10.0.0.0 inside-primary
name 12.179.58.68 outside-secondary1
name 12.179.58.69 outside-secondary2
name 12.179.58.70 outside-secondary3
name 192.9.200.0 inside-old
name 12.179.58.71 outside-secondary4
name 12.179.58.72 outside-secondary5
name 12.179.58.73 outside-secondary6
name 12.179.58.74 outside-secondary7
name 12.179.58.75 outside-secondary8
name 12.179.58.126 outside-web-server
name 12.179.58.76 ouside-secondary9
name 12.179.58.77 outside-secondary10
name 12.179.58.78 outside-secondary11
name 12.179.58.79 outside-secondary12
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 2
interface Ethernet0/6
switchport access vlan 2
interface Ethernet0/7
switchport access vlan 3
interface Vlan1
nameif inside
security-level 100
ip address 10.0.1.11 255.255.255.0
ospf cost 10
interface Vlan2
nameif outside
security-level 0
ip address 12.179.58.66 255.255.255.192
ospf cost 10
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
ip address 192.168.1.10 255.255.255.0
ospf cost 10
pim accept-register list PIM_ACCPTREG_ACL
banner motd ATTENTION:
banner motd You are about to log into a private network. Unauthorized access is strictly prohibited.
banner motd Any attempts to do so will result in prosecution to the fullest extent of the law.
banner asdm ATTENTION:
banner asdm You are about to log into a private network. Unauthorized access is strictly prohibited.
banner asdm Any attempts to do so will result in prosecution to the fullest extent of the law.
boot system disk0:/asa825-k8.bin
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.0.2.106
name-server 10.0.2.57
domain-name xxxxxxx.lcl
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network outside-ideacom-voip
network-object host 204.14.39.36
network-object host 204.16.49.4
network-object host 204.16.53.4
network-object host 204.16.57.4
object-group service ideacom-tcp-voip tcp
port-object range h323 1728
port-object range sip 5061
object-group service ideacom-udp-voip udp
port-object range 1024 65535
object-group network outside-secondary-range
network-object host outside-secondary1
network-object host outside-secondary2
network-object host outside-secondary3
network-object host outside-secondary4
object-group icmp-type DM_INLINE_ICMP_1
icmp-object echo
icmp-object echo-reply
access-list PIM_ACCPTREG_ACL extended permit ip 12.179.58.64 255.255.255.192 10.0.1.0 255.255.255.0 inactive
access-list inside_nat_outbound extended permit ip inside-secondary 255.255.255.0 any
access-list outside_access_in extended permit tcp object-group outside-ideacom-voip host ideacom-adtran-router object-group ideacom-tcp-voip inactive
access-list outside_access_in extended permit udp object-group outside-ideacom-voip host ideacom-adtran-router object-group ideacom-udp-voip inactive
access-list outside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_1
access-list xxxxxxx-VPN_splitTunnelAcl standard permit inside-primary 255.255.0.0
access-list inside_nat0_outbound extended permit ip inside-primary 255.255.0.0 10.1.1.0 255.255.255.0
access-list DefaultRAGroup_splitTunnelAcl standard permit inside-primary 255.255.0.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool VPN-Pool 10.1.1.1-10.1.1.253 mask 255.255.255.0
ip verify reverse-path interface outside
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
global (outside) 2 outside-secondary1-outside-secondary12 netmask 255.0.0.0
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 2 access-list inside_nat_outbound norandomseq
nat (inside) 1 inside-primary 255.255.0.0
static (dmz,outside) outside-voip ideacom-adtran-router netmask 255.255.255.255 norandomseq
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 12.179.58.65 1
route inside inside-primary 255.255.0.0 10.0.1.10 1
timeout xlate 0:20:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server RADIUS protocol radius
aaa-server RADIUS (inside) host 10.0.2.106
key *****
aaa authentication telnet console LOCAL
aaa authentication ssh console LOCAL
http server enable
http inside-primary 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
snmp-server enable traps entity config-change
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set pfs
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-AES-128-SHA ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 20 set reverse-route
crypto dynamic-map outside_dyn_map 40 set pfs group1
crypto dynamic-map outside_dyn_map 40 set transform-set TRANS_ESP_3DES_SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto map dmz_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map dmz_map interface dmz
crypto ca server
shutdown
crypto isakmp enable outside
crypto isakmp enable dmz
crypto isakmp policy 10
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh inside-primary 255.255.0.0 inside
ssh timeout 5
ssh version 2
console timeout 10
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 76.169.237.141 source outside
ntp server 69.31.13.15 source outside
ntp server 66.187.224.4 source outside
ntp server 10.0.2.106 source inside prefer
ntp server 75.13.24.211 source outside
ntp server 216.70.13.134 source outside
ntp server 66.102.105.230 source outside
ntp server 207.5.137.134 source outside
ntp server 66.93.39.87 source outside
ntp server 63.111.165.21 source outside
ntp server 67.52.51.34 source outside
ntp server 72.25.103.52 source outside
ntp server 72.3.133.147 source outside
ntp server 72.1.138.113 source outside
ntp server 68.227.90.101 source outside
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.0.2.106 10.0.2.56
vpn-tunnel-protocol l2tp-ipsec
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain value xxxxxxx.lcl
group-policy DfltGrpPolicy attributes
group-lock value DefaultWEBVPNGroup
group-policy xxxxxxx-VPN internal
group-policy xxxxxxx-VPN attributes
dns-server value 10.0.2.106 10.0.2.56
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value xxxxxxx-VPN_splitTunnelAcl
default-domain value hlgroup.lcl
username hlgvpn password GAfBJJMk5EnKUdM+KyBXfQ== nt-encrypted
username hlgvpn attributes
vpn-group-policy DefaultRAGroup
username admin password tU0js1787OyO3ldQ encrypted privilege 15
tunnel-group DefaultRAGroup general-attributes
address-pool VPN-Pool
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *****
tunnel-group DefaultRAGroup ppp-attributes
authentication pap
authentication ms-chap-v2
tunnel-group xxxxxxx-VPN type remote-access
tunnel-group xxxxxxx-VPN general-attributes
address-pool VPN-Pool
authentication-server-group RADIUS
default-group-policy xxxxxxx-VPN
password-management
tunnel-group xxxxxxx-VPN ipsec-attributes
pre-shared-key *****
tunnel-group xxxxxxx-VPN ppp-attributes
no authentication chap
no authentication ms-chap-v1
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect netbios
inspect tftp
inspect icmp
inspect icmp error
inspect ctiqbe
inspect dcerpc
inspect dns
inspect ils
inspect ipsec-pass-thru
inspect mgcp
inspect pptp
inspect snmp
inspect waas
inspect sip
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:ca21fc44d2f9d0485564fb474bceeb51
: end
asdm image disk0:/asdm-631.bin
asdm location ideacom-adtran-router 255.255.255.255 inside
asdm location outside-voip 255.255.255.255 inside
asdm location outside-secondary1 255.255.255.255 inside
asdm location inside-secondary 255.255.255.0 inside
asdm location inside-primary 255.255.0.0 inside
asdm location outside-secondary2 255.255.255.255 inside
asdm location outside-secondary3 255.255.255.255 inside
asdm location outside-secondary4 255.255.255.255 inside
asdm location outside-secondary5 255.255.255.255 inside
asdm location outside-secondary6 255.255.255.255 inside
asdm location outside-secondary7 255.255.255.255 inside
asdm location outside-secondary8 255.255.255.255 inside
asdm location outside-web-server 255.255.255.255 inside
asdm location ouside-secondary9 255.255.255.255 inside
asdm location outside-secondary10 255.255.255.255 inside
asdm location outside-secondary11 255.255.255.255 inside
asdm location outside-secondary12 255.255.255.255 inside
no asdm history enableHas this VPN setup ever worked prior to you taking over? If so, do you know of any changes that have been don't to the firewall configuration that could possibly have caused the issue?
Another thing to check out is why the DMZ interface is enabled for VPN.
I suggest making the following change and then test to see if the VPN comes up
no crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
If that solves the problem, next I would check your company's security policy to see if they require a Diffie Hellman group to be used during phase 2 of the VPN setup.
Please remember to select a correct answer and rate helpful posts -
Error: Selected disk does not exist (21) Module-SRE-700
Already tried everything that the recovery cisco commands, anyone have idea how to solve the problem of the print shown in print?
Initializing memory #2. Please wait...
This may take a minute....
Serial ATA Port 0 : Hitachi HTE545050B9A300
DDR Memory 4096 MB detected
Intel(R) Core(TM)2 Solo CPU L3400 @ 1.86GHz
BIOS SM 3.52.8, BIOS Build date: 02/08/2011
System now booting...
Please wait...
Please press P to select Primary Boot Loader ...
or S to select Secondary Boot Loader ...
or wait to boot from default configuration ...
Now booting from primary boot loader....
Authenticating boot loader....
Primary Boot Loader Authenticated - booting....
ServicesEngine boot-loader> install_key waas-accelerator-4.4.5c.4-k9.bin
Keyfile Size 202814577 over limit 32768 will not burn into flash
ServicesEngine boot-loader> verify
Loading disk:/bzImage ... Unable to load image
Error: Selected disk does not exist (21)
Unable to boot image
Unrecognized command
ServicesEngine boot-loader>
#service-module sm 1/0 session
Trying 172.20.245.1, 2067 ... Open
Please wait...
Please press P to select Primary Boot Loader ...
or S to select Secondary Boot Loader ...
or wait to boot from default configuration ...
Now booting from primary boot loader....
Authenticating boot loader....
Primary Boot Loader Authenticated - booting....
Please enter '***' to change boot configuration:
Trying to reset Service Module SM1/0.
May 7 11:27:33.055: %SRE_SM-6-STATE_CHANGE: SM1/0 changing state from SERVICE_MODULE_STATE_ERRQ to SERVICE_MODULE_STATE_SHDN
Initializing memory #1. Please wait...
Initializing memory #2. Please wait...
This may take a minute....
Serial ATA Port 0 : Hitachi HTE545050B9A300
DDR Memory 4096 MB detected
Intel(R) Core(TM)2 Solo CPU L3400 @ 1.86GHz
BIOS SM 3.52.8, BIOS Build date: 02/08/2011
System now booting...
Please wait...
Please press P to select Primary Boot Loader ...
or S to select Secondary Boot Loader ...
or wait to boot from default configuration ...
Now booting from primary boot loader....
Authenticating boot loader....
Primary Boot Loader Authenticated - booting....
Please enter '***' to change boot configuration:
Detect and Initialize network device
Backup current platform configurations....
SRE step 1 - SM registration...
Finding (hd1,3)/296e03bc-3236-4a68-a178-688e56400a1e, failed
Local install not supported
Response - no installation needed (len: 422)
SRE Installation Not Needed
Restoring orignial configuration...
Updating flash with bootloader configuration.
Please wait ................... done.
May 7 11:29:03.331: %SM_INSTALL-6-INST_RBIP: SM1/0 received msg: RBIP Registration RequestLoading disk:/bzImage ... Unable to load image
Error: Selected disk does not exist (21)
Unable to boot image
þ
Initializing memory #1. Please wait...
Initializing memory #2. Please wait...
This may take a minute....
Serial ATA Port 0 : Hitachi HTE545050B9A300
DDR Memory 4096 MB detected
Intel(R) Core(TM)2 Solo CPU L3400 @ 1.86GHz
BIOS SM 3.52.8, BIOS Build date: 02/08/2011
System now booting...
Please wait...
Please press P to select Primary Boot Loader ...
or S to select Secondary Boot Loader ...
or wait to boot from default configuration ...
Now booting from primary boot loader....
Authenticating boot loader....
Primary Boot Loader Authenticated - booting....
Please enter '***' to change boot configuration:
Detect and Initialize network device
Backup current platform configurations....
SRE step 1 - SM registration...
Finding (hd1,3)/296e03bc-3236-4a68-a178-688e56400a1e, failed
Local install not supported
Response - no installation needed (len: 422)
SRE Installation Not Needed
Restoring orignial configuration...
Updating flash with bootloader configuration.
Please wait ................... done.
May 7 11:30:31.339: %SM_INSTALL-6-INST_RBIP: SM1/0 received msg: RBIP Registration RequestLoading disk:/bzImage ... Unable to load image
Error: Selected disk does not exist (21)
Unable to boot image
ú
Initializing memory #1. Please wait...
Initializing memory #2. Please wait...
This may take a minute....
Serial ATA Port 0 : Hitachi HTE545050B9A300
DDR Memory 4096 MB detected
Intel(R) Core(TM)2 Solo CPU L3400 @ 1.86GHz
BIOS SM 3.52.8, BIOS Build date: 02/08/2011
System now booting...
Please wait...
Please press P to select Primary Boot Loader ...
or S to select Secondary Boot Loader ...
or wait to boot from default configuration ...Hi,
Opened a tac and managed to get the resolution of the problem. For those with the same problem reported by me above just follow the procedure below:
1. uninstall existing SRE-V software
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/sre_v/1.5/user/guide/software.html#wp1055364
2. run sm-hw-util to set sata mode to IDE
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/sre_v/1.5/user/guide/software.html#wp1091438
3. configure a static, 32bit route to point the service module IP address to the SM slot/0 interface
ip route 255.255.255.255 SM slot/0
4. install WAAS:
http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/v421/module/installation/guide/wssmcfg.html#wp47040
http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/sre_v/1.5/user/guide/software.html#wp1091438 -
Upgrade Failed in WAE's from 4.1.5f to ver 4.2.3c with SSL Error.
Hi all,
I am in the process upgarding the OS from 4.1.5f to 4.2.3c . There was no issue upgarding the central manger.
While upgarding the other WAE's from the CM and also from the CLI there is an Alarm as below.
Alarm ID Module/Submodule Instance
1 mstore_key_retrieval cms ssl_mstore_key
2 mstore_key_failure sslao mstore_key_failure
Also the central manager shows that devices offline.
Thanks for your help
DhanaHi Dhana,
Please apply following commands from CLI on the WAEs that are hsowing up this error:
1. cms disable on WAE. commnd: CM deregister OR CMS deregister force
2. delete the device from CM
4.Apply following commands to WAE:
WAE-674-1(config)#no accelerator ssl enable
Disabled ssl accelerator.
WAE-674-1(config)#end
WAE-674-1#crypto pki managed-store initialize
All certificate/private keys in SSL managed store will be deleted and optimized SSL traffic will be interrupted. Are you sure you want to continue(yes/no)? [no]:yes
SSL managed store token file not present. Continuing with deletion of certificates in SSL managed store
Restarting SSL accelerator. Done.
WAE-674-1#conf t
WAE-674-1(config)# accelerator ssl enable
Enabled ssl accelerator
WAE-674-1(config)#cms enable
Hope this helps.
Regards.
PS: Please mark this Answered, if it resolves the issue.
Maybe you are looking for
-
Where do my files have to be in order to use creative cloud and not have my indesign links break? I'll need to use Indesign on different computers and my images won't be traveling with me... will I need to relink every image every time? this gets way
-
Error installing SAP B1 Client on Windows 7
Hi , after having installed by mistake a PL not supported on Windows 7 , i have uninstalled B1 Client , and reinstall after updating the server ( 2007 / SP01 /PL07 ) . i managed to install , but B1 is unable to connect to SAP Server . when i click "c
-
Change Background on 3d Widget in full screen mode
Hey, I am trying to have a custom background to my 3d widget that will be seamless from the regular size to full screen. So far if I want a photo in my bg I choose none for the Inspector > fill and then place it ontop of my photo in my book, however
-
Automator: Create new folders from .csv file and put images inside.
I have a challenging Automator task to achieve. I need to 1) create a set of folders labeled with the contents in column A of a csv file. (example: column A1 JoeBrown A2 SuzyBrown A3 JimBrown etc..) resulting in 3 folders titled JoeBrown, SuzyBrown,
-
I was downloading the lastest ipad upgrade when the screen went black then appeared an itunes logo with a connecter cable leading to it. I have fully charged and have switched on and off but same still appears. Thanks Mick