Wireless IP clients connecting to 7800 call manager

Can a windows mobile 5 802 PDA with SIP capability be connected to a cisco call manager to use its voip ability like a soft phone? Is there a client program like skype that is needed that cisco provides to allow it to connect as a phone to the 7800 call manager?

I've given up and had to go back to running "Double NAT" which also reports as a "problem" within the AEBS, but I just "ignore" it so the light will always be green.
It still ***** though, as "Double NAT" is also a reason for "Back to my Mac" not working properly, but how the ** am I supposed to avoid Double NAT when the wireless will not work in bridged mode?!

Similar Messages

  • Maximum concurrent call connections for our Call Manager v7.15

    Hi everyone,
    Hope you can help! I was just asked one question I should have known how to answer...
    We are using CM 7.15. Have 1 publisher and 1 subscriber. We have 2 pri T1 (24 slots).  One connects to 1 2821 Voice gateway and another one is connection to another 2821 voice gateway in another location. I do not think we use SIP trunk...but I am not sure if we are using mpcp or H323.... so how do I check which protocol I use?
    The most important question is... I would like to ask how I can find out what the maximum concurrent sessions of the call connections are? How do I find it out?
    Please help...thank you very much for your help.
    Takumi

    Hi Bobson Lam,
     in CUCM Administration > Device > Gateway, you have a list of configured Gateways ... in this list there is a column called 'Device Type', this column shows the 'H.323 Gateway' or the Gateway Model (for ex.: 2821) if it's MGCP.
     For Maximum Concurrent Sessions ... have you try RTMT (CUCM Administration > Administrations > Plugin > RTMT for Windows)? There are some System - Performance, that shows, for example, Call Active for H.323.
    Hope this helps.

  • Cisco ip phone 7960 cannot connect to call manager express

    The 7960 ip phone seems not to connect to the call manager express
    router and i have already put the firmware and configured the tftp
    server,the rest of the phones the 7911`s are all working ok,i have tried
    to reset the phone but it doesnt respond to the # key so as to reset to
    factory defaults.
    I have tried all the options of resetting it but to no avail.
    could someone give me some techie tips on this ? could it be a hardware issue ?? please assist.

    Go to the phone and check if the TFTP server is correct (should be the CME IP address). Also check the DHCP address.
    Resetting 7900 Series IP Phones to Factory Defaults:
    http://www.cisco.com/en/US/products/hw/phones/ps379/products_tech_note09186a00800941bb.shtml
    Check the bug:
    CSCed93627: Not able to reset 7970 back to factory defaults

  • Call manager and type of Voip phones

    Just wanted to thank everyone for the help.
    My background is Telepresence and minimal on Call Manager 8.
    Just wanted to ask if I can somehow pull a list of all type of phones connected to the call manager - we currently have 7942 and 7975. I need the list which phone number is using which type of phone.

    Hi Mark,
    Here are 3 suggestions:
    1) Goto Device > Phone, add the 'Directory Number' and 'Device Type' as search criteria and click 'Find'. This is limited as it can't be exported.
    2) Run the following SQL Query:
    SELECT d.name, n.dnorpattern, dn.numplanindex, m.name as Model FROM numplan AS n JOIN devicenumplanmap AS dn ON n.pkid=dn.fknumplan JOIN device AS d ON d.pkid=dn.fkdevice JOIN typemodel AS m ON d.tkmodel=m.enum JOIN typeclass AS c ON d.tkclass=c.enum WHERE c.name="Phone" ORDER BY m.name, d.name, dn.numplanindex
    3) Use a 3rd Party product to extract and export the required data such as PhoneView from UnifiedFX
    PhoneView is the most advanced endpoint management product available including the ability to gather extensive device/user information and then interact and export that data.
    Thanks
    Stephen Welsh
    CTO
    http://www.unifiedfx.com

  • IPCC Enterprise / Two Call Manager Clusters

    Let's say I have an IPCC Enterprise set up using  a call manager cluster, a progger server (has peripheral gateway, router, and logger), an HDS server, an IP-IVR, and a CAD server. Its up and running. Now let's say I have another call manager cluster and I'd like to have users on that cluster become call center agents connected to ICM in the IPCC Enterprise environment. Is this even possible? Can it done by the use of another peripheral gateway server used to connect the 2nd call manager cluster to the rogger and IP-IVR? Any feedback appreciated.

    Now let's say I have another call manager cluster and I'd like to have users on that cluster become call center agents connected to ICM in the IPCC Enterprise environment. Is this even possible?
    Of course it is possible. That's what it was designed to do.
    There are some big ICMs out there with many peripheral gateways. The big ones have many TDM switches, but some have multiple Call Managers too. I don't personally know of any with more than mid-30s peripheral gateways, but I have heard that there are much bigger ones than that (I am thinking of the IRS).
    Can it done by the use of another peripheral gateway server used to connect the 2nd call manager cluster to the rogger and IP-IVR? Any feedback appreciated.
    Yes.
    One thing I'd like to check with you ... you say "a progger server" and you say "an HDS, an IP-IVR" etc.
    Are there really just one of each of these? Normally there is a fault tolerant pair of proggers, two HDS for redundancy, two IP-IVR etc for redundancy. To extend the Enterprise system to another CUCM cluster one would add a PAIR of PGs.
    Regards,
    Geoff

  • No CLI Access to Call Manager MCS 7800

    Hello, my client has a Call Manager server MCS 7800.  We have access to the GUI, but the former IT Manager's network docu
    mentation has an incorrect password for telnet access.  How can we go about recovering or resetting this password?
    thanks for any help in advance.

    Bad news:
    http://www.cisco.com/en/US/partner/docs/voice_ip_comm/cucmbe/rel_notes/6_1_2/cucmbe-rel_note-612_2.html#wp339319
    Cisco Unified Communications Manager Does Not Support Recovery of Administration or Security Passwords
    Cisco Unified Communications Manager does not support recovery of administration or security passwords. If you lose these passwords, you must reset the passwords, as described in the Cisco Unified Communications Operating System Administration Guide.
    The Cisco Unified Communications Operating System Administration Guide calls the section, "Recovering the Administrator or Security Passwords," instead of "Resetting the Administrator or Security Passwords." Access the "Recovering the Administrator or Security Passwords" section to reset the passwords.
    Find your version here and follow the docs.
    http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_documentation_roadmaps_list.html
    For 7.1.2, that would be here:
    http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cucos/7_1_2/cucos/iptpch2.html#wp1044244
    Hope this helps....

  • I have a wireless home phone connect device. Can call out on it when dial tone present, but most times cannot receive calls since purchase. Anyone else having a  problem with their home connect device?

    Have had Wireless Home Phone connect device refreshed and updated three times since I purchased it in September 2014. Last tech I worked with on it initialized an NRB to check the network. I checked the location of the tower, which is less than one mile up the hill with clear line of site. The device always has two antennas on it. The device is great when it does work, but most of the time it rings three times and then jumps to an automated message saying the person I am calling is not available. I've actually gone up there several times to try an fix the device, but always end up calling a Verizon tech who has me unplug it, pull the battery, and they do some network stuff and then we turn it back on and it works. After the last time on 10/02/14, I called it and got the message. I drove up there, 100 miles one way, and called it while standing in the room. Got the same message. I picked up the phone, heard a dial tone and dialed my phone and it range through. I hung that phone connected to the device and call it using my cell phone. It rang through. I went home and tried to call it the next day. Again it did not ring through and I got the message after three rings. I call another phone at the facility and had them call me on my mom's phone and it is fixed it again. The fix last for a day or two and then it's broken again, like it is today. If it's a network problem then it must be fairly close to the area because no matter what we do it fails again. So much for the 99.98% reliable. This thing is a piece of junk!
    I purchased this device and put it on my plan so that my mother who we placed in a home at 96 years old would have a phone connection that she could use and wouldn't flip her out. My family and her family has not been able to faithfully connect with her at this critical time in her life. I am giving Verizon 10 more days to figure this out and then I am going to ask for a total refund not to mention how much time and travel I have put into this piece of junk. Either the home connect transceiver is broken or the network is broken. Why should I pay close to $70 for a service that has not worked more than several days out of 35 days? Also I have spent close to three hours on the phone with decent technical people, but it's my time. I should send Verizon a bill for every time I have gone up there to fix this device as well.
    What perplexes me is that a regular cell phone would have sufficed, but because Verizon has to have a data connection that is not available on a regular phone and it was going to cost me $30/month, I decided to go with the home connect. Seemed like a nice solution for an older person who would have a hard time using a cell phone and keeping it charged. Plus after all the fees for getting it connected, it only cost $20/month. That would be a pretty good thing, IF IT WORKED....... The other thing that irks me is, why do I have to pay for a data connection when the cell phone Verizon originally provided can't even access the network. What ever happened to adding a phone line for $10 bucks\ month? All I wanted was a simple phone. She would not be able to use anything more complex and all she needs is a phone line period.
    I have no problem paying for something that works and does what it should, but this is ridiculousness. The MTF on this device is somewhere around 1 to 2 days. Out of 365 days that's about a 96.5% failure rate....... Want my advice? Get ride of this device. It sucks and it's bad marketing.

        jsavage9621,
    It pains me to hear about your experience with the Home Phone Connect.  This device usually works seamlessly and is a great alternative to a landline phone.  It sounds like we've done our fair share of work on your account here.  I'm going to go ahead and send you a Private Message so that we can access your account and review any open tickets for you.  I look forward to speaking with you.
    TrevorC_VZW
    Follow us on Twitter @VZWSupport

  • Instruction book say go to verizon wireless to get free copy of media manager so I can connect phone to computer. Can't find listing

    Instruction book say go to verizon wireless to get free copy of media manager so I can connect phone to computer. Can't find listingfor the soft ware. It has one to send it to the cloud, but I want to save & edit it on my computer.

    Try this:  http://products.verizonwireless.com/index.aspx?id=fnd_backupAssistantPlus

  • JCO_ERROR_COMMUNICATION:JCO. Client not connected in repository call

    Hi all,
    I  am trying to create an JCO connection with my Web Dynpro application to R/3 system. With WAS 6.40 i had no problems but with WAS 7.00 i am getting the following error:
    JCO_ERROR_COMMUNICATION:JCO. Client not connected in repository call.
    I think is has something to do with SLD on the WAS 7.00, but i don't know how to fix this.
    Can anyone help me?
    Regards
    Romeo

    Hi
    See this Document to fix the problem
    https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/526bd490-0201-0010-038e-d3ff7eb1d16e
    See this thread
    Can't get RFC connection to R/3 System
    Kind Regards
    Mukesh

  • DPM console not connecting . Error- Cannot connect to Data Protection Manager. This version of DPM is not supported with Central Console Client (ID : 33345) DPM console not connecting

    I  am having problem connecting the DPM console to ther server. It gives me following error -
    "Cannot connect to Data Protection Manager. This version of DPM is not supported with Central Console Client (ID : 33345)"
    The server is DPM R2 and the same console is working on one other computer.
    Any idea how to solve the problem?
    Thanks   

    Hi
    Please make sure you have both versions of Microsoft Visual C++ 2008 Redistributable installed..
    Also make sure you have .netframework 2 installed. If you look at the dpm logs it should say what is missing.

  • Understanding of wireless client connection to multiple APs

    Hello,
    I would like to know how do wireless clients connect to APs
    For e.g. if in a single floor square office space - wireless network with multiple APs exists on the same SSID, how do clients decide which AP to connect to. For e.g. the client may get similar strength signals from two APs close to each other (such as Excellent). Which AP does client connect to.
    Secondly, how does the load distribution take place. For e.g. if on one AP, 10 clients connect and on the other AP, 20 clients connect, how can equal load distribution be acheived, that is 15 on each AP without the tiring MAC filtering configurations.
    Thirdly, is there something like number of user/connection restrictions on APs. I have gone through some AP manuals and did not find any such specifications like max. # of users = 20 etc. Currently we are using D-Link AP and have noticed that once the # of connections go upto 20, performance reduces heavily such as the latency on gateway pings go upto 1000-2000ms.
    Fourthly, how can I identify from the client to which AP it is connected.
    Thanks.

    I would like to know how do wireless clients connect to APs
    For  e.g. if in a single floor square office space - wireless network with  multiple APs exists on the same SSID, how do clients decide which AP to  connect to. For e.g. the client may get similar strength signals from  two APs close to each other (such as Excellent). Which AP does client  connect to.
    ANS - Its first come first serve... however.. sometimes if we have multiple SSIDs one with open auth and no encryption and other fuly protected.. then the client wil connect to the open rather the secured on.
    Secondly, how does  the load distribution take place. For e.g. if on one AP, 10 clients  connect and on the other AP, 20 clients connect, how can equal load  distribution be acheived, that is 15 on each AP without the tiring MAC  filtering configurations.
    ANS - MAC is a good option but apart from that.. i have seen somewhere but not able to remember the command which will limit the number of clients per radio..
    Thirdly, is there  something like number of user/connection restrictions on APs. I have  gone through some AP manuals and did not find any such specifications  like max. # of users = 20 etc. Currently we are using D-Link AP and have  noticed that once the # of connections go upto 20, performance reduces  heavily such as the latency on gateway pings go upto 1000-2000ms.
    ANS - AP can take upto 2048 MAC addresses.. its recommended not to have more than 24 clients per AP..
    Fourthly, hw can I identify from the client to which AP it is connected.
    ANS -If the clients are CCX compatible and aironet extentions enabled on the AP. then the command "show dot11 ass" will tell the clients connecting to which AP.. the AP name will get displsayed in the output..
    Regards
    Surendra

  • JCO.Client not connected in repository call (EP7)

    Hi guys,
    please can someone help me with this error msg?
    I don’t understand why we getting this error msg, for some users they can run reports and others get this msg.
    500 Internal Server Error
    BEx Web Application
    Failed to process request. Please contact your system administrator.
    [Hide]
    Error Summary
    While processing the current request, an exception occured which could not be handled by the application or the framework.
    If the information contained on this page doesn't help you to find and correct the cause of the problem, please contact your system administrator.
    To facilitate analysis of the problem, keep a copy of this error page. Hint: Most browsers allow to select all content, copy it and then paste it into an empty document (e.g. email or simple text file).
    Root Cause
    The initial exception that caused the request to fail, was: 
    JCO.Client not connected in repository call
    com.sap.mw.jco.JCO$Exception: (102) JCO_ERROR_COMMUNICATION: JCO.Client not connected in repository call
    at com.sap.mw.jco.JCO$Repository.getVersion(JCO.java:20290)
    at com.sap.mw.jco.JCO$Repository.queryFunctionInterface(JCO.java:20630)
    at com.sap.mw.jco.JCO$Repository.queryFunctionInterface(JCO.java:20351)
    at com.sap.mw.jco.JCO$Repository.getFunctionInterface(JCO.java:20465)
    at com.sap.mw.jco.JCO$BasicRepository.getFunctionTemplate(JCO.java:19533)
    Details: Full Exception Chain
    System Environment
    Server
    BI Java     Release: 7 - Patch level: 0000000009 - Description: BI Web Applications Java - Additional info:  - Production mode: true
    BI ABAP     unknown
    Java Virtual Machine     Java HotSpot(TM) 64-Bit Server VM - Sun Microsystems Inc. - 1.4.2_12-b03
    Operating System     Linux - ia64 - 2.6.9-22.0.1.EL
    Full Exception Chain
    Log ID     0012799E22D40054000001AF00006B9400042A20B9AF8861
    com.sap.ip.bi.base.exception.BIBaseRuntimeException: JCo exception thrown when connecting to system "SAP_BW"
         at com.sap.ip.bi.base.application.service.rfcproxy.impl.jco640.Jco640Proxy.createFunction(Jco640Proxy.java:87)
         at com.sap.ip.bi.base.application.service.impl.application.ApplicationSettingsService.initializeProperties(ApplicationSettingsService.java:130)
         at com.sap.ip.bi.base.application.service.impl.application.ApplicationSettingsService.initialization(ApplicationSettingsService.java:124)
         at com.sap.ip.bi.base.application.impl.Application.createService(Application.java:477)
         at com.sap.ip.bi.base.application.impl.Application.getProperty(Application.java:624)
         at com.sap.ip.bi.base.application.impl.Application.initialization(Application.java:229)
         at com.sap.ip.bi.base.application.ApplicationFactory.createApplication(ApplicationFactory.java:132)
         at com.sap.ip.bi.base.application.ApplicationFactory.createApplication(ApplicationFactory.java:63)
         at com.sap.ip.bi.webapplications.runtime.impl.Page.constructPage(Page.java:729)
         at com.sap.ip.bi.webapplications.runtime.impl.Page.<init>(Page.java:647)
         at com.sap.ip.bi.webapplications.runtime.controller.impl.Controller.createPage(Controller.java:504)
         at com.sap.ip.bi.webapplications.runtime.controller.impl.Controller.doProcessRequest(Controller.java:911)
         at com.sap.ip.bi.webapplications.runtime.controller.impl.Controller.processRequest(Controller.java:851)
         at com.sap.ip.bi.webapplications.runtime.jsp.portal.services.BIRuntimeService.handleRequest(BIRuntimeService.java:380)
         at com.sap.ip.bi.webapplications.runtime.jsp.portal.components.LauncherComponent.doContent(LauncherComponent.java:21)
         at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209)
         at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)
         at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
         at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
         at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
         at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)
         at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:646)
         at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)
         at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)
         at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)
         at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)
         at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)
         at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
    Many thanks in advance
    Jo-lize

    Hi, you can fix the problem ?
    i have same problem in BI7 and EP7, when launch Template Installer.
    <b>Create Destination in ABAP Import not successful Element 'SAPConfigLib.DES.Unclassified.createRfcDestination':!BrokerImport.import_of_element_failed!!BrokerImport.Fehler!com.sap.tc.lm.ctc.cul.cpi.exceptions.CPIBaseException: <Localization failed: ResourceBundle='com.sap.tc.lm.ctc.cul.cpi.CPIResourceBundle', ID='com.sap.tc.lm.ctc.cul.cpi.BaseException_BASE_EXCEPTION', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key com.sap.tc.lm.ctc.cul.cpi.BaseException_BASE_EXCEPTION:com.sap.tc.lm.ctc.provider.javaServiceProvider.JavaServiceWriter.writeElement!BrokerImport.LINE!157-:com.sap.tc.lm.ctc.cul.broker.BrokerImport.importElement.86
    -:com.sap.tc.lm.ctc.cul.broker.BrokerImport.importElement.128
    -:com.sap.tc.lm.ctc.cul.broker.BrokerImport.importElement.128
    -:com.sap.tc.lm.ctc.cul.serviceimpl.importservice.CULConfigurationImport.importConfiguration.96
    -:com.sap.tc.lm.ctc.ccl.templateinstaller.StepExecuter.run.41
    Element 'SAPConfigLib.DES.Unclassified.createRfcDestination':Error during executing Java Reflection:JCO.Client not connected in repository call
    </b>

  • Wireless Lan Client Manager for WinXP?

    Hello,
    Is there a way to install wireless lan client manager under windows XP? If there is a way can somebody help me please? I dont want install Windows 2k because win 2k is so slow.
    Thanks a lot!
    A.

    Hello
    If you have Intel WLAN card you can download and use the Intel WLAN client manager. You can find it under http://downloadfinder.intel.com/scripts-df-external/detail_desc.aspx?ProductID=1637&DwnldID=9003&agr=N .
    Bye

  • Connectivity Issue between ASA 5520 firewall and Cisco Call Manager

    Recently i have installed ASA 5520 firewall, Below is the detail for my network
    ASA 5520 inside ip: 10.12.10.2/24
    Cisco Switch 3560 IP: 10.12.10.1/24 for Data and 10.12.110.2/24 for Voice
    Cisco Call Manager 3825 IP: 10.12.110.2/24
    The users and the IP phone are getting IP from the DHCP server which configured on cisco 3560 Switch.
    the Default Gateway for Data user is 10.12.10.2/24 and
    for the voice users is 10.12.110.2/24
    now the problem is that the users is not able to ping 10.12.110.2 call manager. please if somebody can help in this regard. i will appreciate the prompt response against this issues.

    Actually i don't wana to insert new subnet and complicate the nework. i need a simple way to solve the problem. below is the details for the asa 5520 config.
    ASA Version 8.2(1)
    name x.x.x.x Mobily
    interface GigabitEthernet0/0
     nameif inside
     security-level 99
     ip address 10.12.10.2 255.255.255.0
    interface GigabitEthernet0/1
     nameif outside
     security-level 0
     ip address x.x.x.x 255.255.255.252
    object-group service DM_INLINE_SERVICE_1
     service-object tcp-udp
     service-object ip
     service-object icmp
     service-object udp
     service-object tcp eq ftp
     service-object tcp eq www
     service-object tcp eq https
     service-object tcp eq ssh
     service-object tcp eq telnet
    access-list RA_VPN_splitTunnelAcl_1 standard permit Inside-Network 255.255.255.0
    access-list RA_VPN_splitTunnelAcl standard permit Inside-Network 255.255.255.0
    access-list inside_nat0_outbound extended permit ip Inside-Network 255.255.255.0 10.12.10.16 255.255.255.240
    access-list inside_nat0_outbound extended permit object-group DM_INLINE_SERVICE_1 10.12.10.16 255.255.255.240 Inside-Network 255.255.255.0
    access-list inside_nat0_outbound_1 extended permit ip Inside-Network 255.255.255.0 10.12.10.16 255.255.255.240
    pager lines 24
    logging enable
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    mtu mgmt 1500
    ip local pool VPN-Pool 172.16.1.1-172.16.1.30 mask 255.255.255.0
    ip local pool VPN-Users 10.12.10.21-10.12.10.30 mask 255.255.255.0
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-641.bin
    asdm history enable
    arp timeout 14400
    global (inside) 2 interface
    global (outside) 1 interface
    nat (inside) 0 access-list inside_nat0_outbound_1
    nat (inside) 1 Inside-Network 255.255.255.0
    route outside 0.0.0.0 0.0.0.0 Mobily 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http Mgmt-Network 255.255.255.0 mgmt
    http Inside-Network 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto isakmp enable outside
    crypto isakmp policy 10
     authentication pre-share
     encryption 3des
     hash sha
     group 2
     lifetime 86400
    crypto isakmp policy 30
     authentication pre-share
     encryption 3des
     hash md5
     group 2
     lifetime 86400
    telnet Inside-Network 255.255.255.0 inside
    telnet timeout 5
    ssh Inside-Network 255.255.255.255 inside
    <--- More --->              ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy RA_VPN internal
    group-policy RA_VPN attributes
     dns-server value 86.51.34.17 8.8.8.8
     vpn-tunnel-protocol IPSec
     split-tunnel-policy tunnelspecified
     split-tunnel-network-list value RA_VPN_splitTunnelAcl
    username admin password LPtK/u1LnvHTA2vO encrypted privilege 15
    tunnel-group RA_VPN type remote-access
    tunnel-group RA_VPN general-attributes
     address-pool VPN-Users
     default-group-policy RA_VPN
    tunnel-group RA_VPN ipsec-attributes
     pre-shared-key *
    class-map inspection_default
     match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
     parameters
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip 
      inspect xdmcp
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum:e5a64fa92ae465cd7dabd01ce605307d
    : end

  • Howto block p2p traffic of clients connected to the same ssid on different wlc

    Hi all,
    I use two wlc 4400 (4.2.x version) with a mobility domain and one ssid, both wlc are connected to a cisco l2 switch infrastructure. On the wlc I use the p2p blocking action 'drop' (http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1209597) to isolate the clients from each other. Does anybody know if only unicast traffic is blocked or also multicast and broadcast traffic like arp requests?
    Concerning blocking p2p traffic of clients connected to the same ssid but different controllers I found the following statement in the LAP FAQs (http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml):
    ===
    Q. In autonomous APs, Public Secure Packet Forwarding (PSPF) is used to avoid client devices associated to this AP from inadvertently sharing files with other client devices on the wireless network. Is there any equivalent feature in Lightweight APs?
    A. The feature or the mode that performs the similar function of PSPF in lightweight architecture is called peer-to-peer blocking mode. Peer-to-peer blocking mode is actually available with the controllers that manage the LAP. If this mode is disabled on the controller (which is the default setting), it allows the wireless clients to communicate with each other through the controller. If the mode is enabled, it blocks the communication between clients through the controller. It only works among the APs that have joined to the same controller. When enabled, this mode does not block wireless clients terminated on one controller from the ability to get to wireless clients terminated on a different controller, even in the same mobility group.
    ===
    Does anybody know what's the best practise to prevent this inter wlc client traffic? I already read about using acls on the wlc dynamic interfaces, or private vlans on the l2 switch vlans where the dynamic interfaces are connected to. Is it allowed to completely isolate the wlc from each other on these dynamic interfaces with acls or private vlans or do the wlc need to see each other on this interfaces (e.g. heart beat)?
    Many thanks in advance,
    Thorsten

    Hi Sasha,Thorsten
    The bug is Junked and I believe which is what you are running into with your tests:
    CSCtr60787    WLC P2P Blocking Set to Forward-UpStream Doesn't Work.
    Bugtoolkit : http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
    To answer your original query :
    ACL is only solution to block client communication on same ssid between 2 wlcs. 5508 works better with ACLs then 44xx platform.
    ARP requests will be forwarded to upstream router just like any other traffic. WLC won't proxy arp for clients on same vlan.
    Gateway arp's I believe should be handled by WLC . ( Don't quote me on this but I am pretty sure it is ) ..If it was not, then how would client know about gw ?
    Multicast traffic is not applicable for p2p.
    Your ACL can be as simple as this for the scenario :
    WLC 1 - clientvlan = 10
    WLC 2 - clientvlan = 10
    and you want to restrict users from wlc1-wlc1, wlc1-wlc2, wlc2-wlc2 for same vlan10.
    Basically in that case the ACL should look like on both WLCs :
    1. Permit statement to talk to gateway.
    2. Deny to subnet.
    3. Permit all.
    4. If DHCP/DNS other services are on same subnet then you would need to add a permit
    statement before the deny.
    5. Attach the ACL to SSID or dymanic interface.
    Thanks..Salil
    CSCtr60787    WLC P2P Blocking Set to Forward-UpStream Doesn't Work.

Maybe you are looking for

  • Add Gmail account with custom domain to mail

    Hi there, I've added my standard Gmail account to the Mail app on my macbook air 2013 but i also have a school email from Google that I would like to add as well. This email uses a custom domain name so instead of [email protected] it would be [email

  • Insert applet in jsp using plugin

    After adding an applet in a jsp,when trying to run the page it is showing the following error message < errorInvalidEscapeChar> As I don't know xml, I am using component palette for adding the Applet. The jsp tag is given below. <body><h:form binding

  • Can I use c:out JSTL tag with int values?

    I am attempting to c:out an int variable in my JSP using a JSTL core tag. First is it possible to do c:out an int? Second, if it is...can anyone see anything wrong with my code? This is the error log I am getting: <Oct 7, 2008 10:20:29 AM MDT> <Error

  • Granularity regarding scoring

    I am trying to find out how granular the scoring result capabilities are within Captivate 4. I do not want simply pass/fail or complete/incomplete. I would like to be able to pass the specific questions answered and the results of each. I would also

  • Faults on BT lines

    Ever since BT was split into several companies there have been issues with phone line fault fixing - the standard reply from the call centre is that it will take three working days to fix.   The call centre will often tell you that they will chase th