WiSM - Managing AP's at remote sites
A quick wireless newbie question - I'm trying to sort out the design details using a WiSM. I have a new site and have budgeted a pair of 6513's with WiSM's. There are 9 branch offices that are going to be connected via 2821 routers over CSME and they need to provide Guest and Private wireless access. Do the remote sites need a WLAN controller module for the 2800? Or, can they still tunnel back to the WiSM for central management? What components are needed to achive "unified" wireless at the branch offices?
Thanks,
Greg
you can centrally contorl your LAP's from the WiSM. You can even use regualer LAP at those sites if you wish. The one problem that you can run into, is if the WAN drops, you will lose wireless at those sites. The way to get around that is to get LAP that support REAP/HREAP, and run them in local switching mode. This will allow the wireless to stay up, if the WAN drops, for local subnets only. Obviously any subnet that is across the WAN is unaccesable.
If you keep them in centralized switching mode, everything tunnels back to the controller, both corporate WLAN's and the guest, will go down if the WAN drops.
Similar Messages
-
File does not exist on remote site, yet it does
I have been trying to understand how Dreamweaver handles remote files in CS5.
My server is setup as a remote server and a test server.
I open the remote file, it offers to get dependencies, so I click yes.
I click on Live view, then it tries to show me the following url
http://my_site.com/public_html/path/to/my/file/file.php
It should not put public_html in the path, and I did not specify this in my site setup. My root setting is /.
Anyway, If I change the url manually, then it shows correctly. Then it offers to discover dunamically linked files, which I agree to.
Now it tells me that 'Dynamically-related files could not be resolved because the site definition is not correct for this server'
If I try to open one of the files that it has discovered, I am told that it is not on the disk, so would I like to 'get it', so I agree.
Finally, I am told that 'Get operation failed since linked-file.php does not exist on remote site'
I suspect that this is all to do with my site definition, but I fiddled with the settings and can't resolve this. I think that the whole problem goes back to Dreamweaver's insistance on putting public_html in the path, but I can't stop it doing so.
Any suggestions?
Thanks
ianHi,
Well, yes I did manage to fix the dynamically linked resources issue. As mentioned above, I did need to mention public_html in my Root Directory setting in server setup (silly of me).
I had tried this at first, but it didn't work, as I had the server set as a test server and not a remote server, anyway, i now have it set as both and all is well.
Except that, the first issue that mentioned is still with me: namely, dreamweaver mentions the public_html in the url path when on live view, which is not correct and I don't know where it is inferring this from. I can change it manually, but this doesn't seem right to me. Am I still missing a setting?
In anwer to the questions:
1) My setting (now) in the Root Directory setting in DW is: /public_html/
2) My actual path on the server (that i mention in php scripts) is: /home/login_name/public_html//path/to/my/file/file.php
[In the advanced settings of DW site setup on the Local Info page I have set Links relative to Document option, although it does not seem to make a difference when I change it to Site Root.]
Any suggestions appreciated.
Thanks
Ian -
Attendant line status at remote site
we have a centralized 4.1.3 call manager with remote site using mpls. we set up the attendant application for the receptionist at the remote site and everything worked as expected. The next day, she no longer could see the line status.
I've tried it from the main site and it works fine. We've tried restarting the services.
Does anyone know what might have happened?
thanks
Robproblem turned out to be the windows xp firewall running on the receptionist pc. when it was turned off, line status worked.
solution is to add the acclient program as an exception in the firewall settings
Rob -
How to restore a remote site after a crash?
I have read the site management FAQ and it mentions to restore your files you can go to your remote site and load back to your local site.
Could anyone offer some help to my situation?
I suffered a hard drive failure, I'm running windows xp, dwcs4 and the site is hosted. I have reinstalled windows and dw. The site was created as per all the tutorials and I managed to save a copy of the site folder but not as per the saving instructions in the FAQ. I just have a root folder with all the pages in.
Could someone point me to a tutorial or how to?
Thanks in advance
Jim"I managed to save a copy of the site folder but not as per the saving instructions in the FAQ. I just have a root folder with all the pages in."
You lost me here. Not sure what you mean.
Create a new site definition for local and remote sites, connect to your remote site then click Get. That's all you need to do. -
Internet connexion problem for remote site in Site to site VPN asa 5505
Hi all
I'm configuring a site to site Ipsec VPN in 2 sites using ASA 5505 V 8.2, The VPN is working fine i can ping machine in the 2 sides but the problem is the remote site dont' have internet.
The architecture is, we 2 site Site1 is the main site and Site2 is secondary site there will be Site3, ...
The internet connection is based in Site1 and site2 and site 3 will have internet connection through Site1. Site1, Site2 and Site 3 is interconnected by Ipsec VPN.
Here is my ASA 5505 Configuration :
SITE 1:
ASA Version 8.2(5)
hostname test-malabo
domain-name test.mg
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd ta.qizy4R//ChqQH encrypted
names
interface Ethernet0/0
description "Sortie Internet"
switchport access vlan 2
interface Ethernet0/1
description "Interconnexion"
switchport access vlan 171
interface Ethernet0/2
description "management"
switchport access vlan 10
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 41.79.49.42 255.255.255.192
interface Vlan10
nameif mgmt
security-level 0
ip address 10.12.1.100 255.255.0.0
interface Vlan171
nameif interco
security-level 0
ip address 10.22.19.254 255.255.255.0
ftp mode passive
dns server-group DefaultDNS
domain-name test.mg
object-group network LAN-MALABO
description LAN DE MALABO
network-object 192.168.1.0 255.255.255.0
object-group network LAN-BATA
description LAN DE BATA
network-object 192.168.2.0 255.255.255.0
object-group network LAN-LUBA
description LAN DE LUBA
network-object 192.168.3.0 255.255.255.0
access-list interco_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu mgmt 1500
mtu interco 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
icmp permit any interco
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (interco) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 41.79.49.1 1
route interco 192.168.3.0 255.255.255.0 10.22.19.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map interco_map0 1 match address interco_1_cryptomap
crypto map interco_map0 1 set pfs group1
crypto map interco_map0 1 set peer 10.22.19.5
crypto map interco_map0 1 set transform-set ESP-3DES-SHA
crypto map interco_map0 interface interco
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto isakmp enable interco
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.1.0 255.255.255.0 inside
telnet 10.12.0.0 255.255.0.0 mgmt
telnet timeout 30
ssh 192.168.1.0 255.255.255.0 inside
ssh 10.12.0.0 255.255.0.0 mgmt
ssh timeout 30
console timeout 0
management-access interco
dhcpd option 3 ip 192.168.1.1
dhcpd address 192.168.1.100-192.168.1.254 inside
dhcpd dns 41.79.48.66 8.8.8.8 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
tunnel-group 10.22.19.5 type ipsec-l2l
tunnel-group 10.22.19.5 ipsec-attributes
pre-shared-key *****
isakmp keepalive threshold 60 retry 5
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect snmp
inspect icmp
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:5aa0d27f15e49ea597c8097cfdb755b8
: end
SITE2:
ASA Version 8.2(5)
hostname test-luba
domain-name test.eg
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
description "Sortie Interco-Internet"
switchport access vlan 2
interface Ethernet0/1
description "management"
switchport access vlan 10
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 10.22.19.5 255.255.255.0
interface Vlan10
nameif mgmt
security-level 0
ip address 10.12.1.101 255.255.0.0
ftp mode passive
dns server-group DefaultDNS
domain-name test.eg
object-group network LAN-MALABO
description LAN DE MALABO
network-object 192.168.1.0 255.255.255.0
object-group network LAN-BATA
description LAN DE BATA
network-object 192.168.2.0 255.255.255.0
object-group network LAN-LUBA
description LAN DE LUBA
network-object 192.168.3.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
mtu mgmt 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside) 0 access-list inside_nat0_outbound
route outside 0.0.0.0 0.0.0.0 10.22.19.254 1
route outside 192.168.1.0 255.255.255.0 10.22.19.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map0 1 match address outside_1_cryptomap
crypto map outside_map0 1 set pfs group1
crypto map outside_map0 1 set peer 10.22.19.254
crypto map outside_map0 1 set transform-set ESP-3DES-SHA
crypto map outside_map0 interface outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.12.0.0 255.255.0.0 mgmt
telnet timeout 30
ssh 192.168.3.0 255.255.255.0 inside
ssh 10.12.0.0 255.255.0.0 mgmt
ssh timeout 30
console timeout 0
management-access outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password eY/fQXw7Ure8Qrz7 encrypted privilege 15
tunnel-group 10.22.19.254 type ipsec-l2l
tunnel-group 10.22.19.254 ipsec-attributes
pre-shared-key *****
isakmp keepalive threshold 60 retry 5
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:185bd689118ba24f9a0ef2f7e80494f6
Can anybody help why my remote site can't connect to Internet.
REgards,
RaitsarevoHi Carv,
Thanks for your reply. i have done finally
i used no crypto ipsec nat-transparency udp-encapsulation in my end router only.
and in remote access VPN i have enabled UDP for client configuration. the most imprtant is i have given IP add of same LAN pool to VPN user,
Regards,
Satya.M -
VPN Clients cannot access remote site
Hey there,
I am pretty new in configuring Cisco devices and now I need some help.
I have 2 site here:
site A
Cisco 891
external IP: 195.xxx.yyy.zzz
VPN Gateway for Remote users
local IP: VLAN10 10.133.10.0 /23
site B
Cisco 891
external IP: 62.xxx.yyy.zzz
local IP VLAN10 10.133.34.0 /23
Those two sites are linked together with a Site-to-Site VPN. Accessing files or ressources from one site to the other is working fine while connected to the local LAN.
I configured VPN connection with Radius auth. VPN clients can connect to Site A, get an IP adress from VPN Pool (172.16.100.2-100) and can access files and servers on site A. But for some reason they cannot access ressources on site B. I already added the site B network to the ACL and when connecting with VPN it shows secured routes to 10.133.10.0 and 10.133.34.0 in the statistics. Same thing for other VPN Tunnels to ERP system.
What is missing here to make it possible to reach remote sites when connected through VPN? I had a look at the logs but could not find anything important.
Here is the config of site A
Building configuration...
Current configuration : 24257 bytes
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname Englerstrasse
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
aaa new-model
aaa group server radius Radius-AD
server 10.133.10.5 auth-port 1812 acct-port 1813
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_2 group Radius-AD local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
clock timezone Berlin 1 0
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
crypto pki trustpoint TP-self-signed-27361994
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-27361994
revocation-check none
rsakeypair TP-self-signed-27361994
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki certificate chain TP-self-signed-27361994
certificate self-signed 01
30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373336 31393934 301E170D 31323038 32373038 30343238
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323733 36313939
3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100B709
64CE1874 BF812A9F 0B761522 892373B9 10F0BB52 6263DCDB F9877AA3 7BD34E53
BCFDA45C 2A991777 4DDC7E6B 1FCEE36C B6E35679 C4A18771 9C0F871F 38310234
2D89A4FF 37B616D8 362B3103 A8A319F2 10A72DC7 490A04AC 7955DF68 32EF9615
9E1A3B31 2A1AB243 B3ED3E35 F4AAD029 CDB1F941 5E794300 5C5EF8AE 5C890203
010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304
18301680 14D0F5E7 D3A9311D 1675AA8F 38F064FC 4D04465E F5301D06 03551D0E
04160414 D0F5E7D3 A9311D16 75AA8F38 F064FC4D 04465EF5 300D0609 2A864886
F70D0101 05050003 818100AB 2CD4363A E5ADBFB0 943A38CB AC820801 117B52CC
20216093 79D1F777 2B3C0062 4301CF73 094B9CA5 805F585E 04CF3301 9B839DEB
14A334A2 F5A5316F C65EEF21 0B0DF3B5 F4322440 F28B984B E769876D 6EF94895
C3D5048A A4E2A180 12DF6652 176942F8 58187D7B D37B1F1A 4DDD7AE9 5189F9AF
AF3EF676 26AD3F31 D368F5
quit
crypto pki certificate chain test_trustpoint_config_created_for_sdm
no ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip inspect log drop-pkt
ip inspect name CCP_MEDIUM appfw CCP_MEDIUM
ip inspect name CCP_MEDIUM ftp
ip inspect name CCP_MEDIUM h323
ip inspect name CCP_MEDIUM sip
ip inspect name CCP_MEDIUM https
ip inspect name CCP_MEDIUM icmp
ip inspect name CCP_MEDIUM netshow
ip inspect name CCP_MEDIUM rcmd
ip inspect name CCP_MEDIUM realaudio
ip inspect name CCP_MEDIUM rtsp
ip inspect name CCP_MEDIUM sqlnet
ip inspect name CCP_MEDIUM streamworks
ip inspect name CCP_MEDIUM tftp
ip inspect name CCP_MEDIUM udp
ip inspect name CCP_MEDIUM vdolive
ip inspect name CCP_MEDIUM imap reset
ip inspect name CCP_MEDIUM smtp
ip cef
no ipv6 cef
appfw policy-name CCP_MEDIUM
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
audit-trail on
application http
strict-http action allow alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
audit-trail on
parameter-map type inspect global
log dropped-packets enable
multilink bundle-name authenticated
redundancy
ip tcp synwait-time 10
class-map match-any CCP-Transactional-1
match dscp af21
match dscp af22
match dscp af23
class-map match-any CCP-Voice-1
match dscp ef
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any CCP-Routing-1
match dscp cs6
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any CCP-Signaling-1
match dscp cs3
match dscp af31
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any CCP-Management-1
match dscp cs2
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
policy-map sdm-qos-test-123
class class-default
policy-map sdmappfwp2p_CCP_MEDIUM
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
policy-map CCP-QoS-Policy-1
class sdm_p2p_edonkey
class sdm_p2p_gnutella
class sdm_p2p_kazaa
class sdm_p2p_bittorrent
class CCP-Voice-1
priority percent 33
class CCP-Signaling-1
bandwidth percent 5
class CCP-Routing-1
bandwidth percent 5
class CCP-Management-1
bandwidth percent 5
class CCP-Transactional-1
bandwidth percent 5
class class-default
fair-queue
random-detect
crypto ctcp port 10000
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key REMOVED address 62.20.xxx.yyy
crypto isakmp key REMOVED address 195.243.xxx.yyy
crypto isakmp key REMOVED address 195.243.xxx.yyy
crypto isakmp key REMOVED address 83.140.xxx.yyy
crypto isakmp client configuration group VPN_local
key REMOVED
dns 10.133.10.5 10.133.10.7
wins 10.133.10.7
domain domain.de
pool SDM_POOL_2
acl 115
crypto isakmp profile ciscocp-ike-profile-1
match identity group VPN_local
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA4 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA11 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA1 esp-des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set transform-set ESP-3DES-SHA11
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to62.20.xxx.xxx
set peer 62.20.xxx.xxx
set transform-set ESP-3DES-SHA
match address 105
crypto map SDM_CMAP_1 2 ipsec-isakmp
description Tunnel to195.243.xxx.xxx
set peer 195.243.xxx.xxx
set transform-set ESP-3DES-SHA4
match address 107
crypto map SDM_CMAP_1 3 ipsec-isakmp
description Tunnel to83.140.xxx.xxx
set peer 83.140.xxx.xxx
set transform-set ESP-DES-SHA1
match address 118
interface Loopback2
ip address 192.168.10.1 255.255.254.0
interface Null0
no ip unreachables
interface FastEthernet0
switchport mode trunk
no ip address
spanning-tree portfast
interface FastEthernet1
no ip address
spanning-tree portfast
interface FastEthernet2
no ip address
spanning-tree portfast
interface FastEthernet3
no ip address
spanning-tree portfast
interface FastEthernet4
description Internal LAN
switchport access vlan 10
switchport trunk native vlan 10
no ip address
spanning-tree portfast
interface FastEthernet5
no ip address
spanning-tree portfast
interface FastEthernet6
no ip address
spanning-tree portfast
interface FastEthernet7
no ip address
spanning-tree portfast
interface FastEthernet8
description $FW_OUTSIDE$$ETH-WAN$
ip address 62.153.xxx.xxx 255.255.255.248
ip access-group 113 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect CCP_MEDIUM out
no ip virtual-reassembly in
ip verify unicast reverse-path
duplex auto
speed auto
crypto map SDM_CMAP_1
service-policy input sdmappfwp2p_CCP_MEDIUM
service-policy output CCP-QoS-Policy-1
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet8
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
interface Vlan1
no ip address
interface Vlan10
description $FW_INSIDE$
ip address 10.133.10.1 255.255.254.0
ip access-group 112 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
ip local pool SDM_POOL_1 192.168.10.101 192.168.10.200
ip local pool VPN_Pool 192.168.20.2 192.168.20.100
ip local pool SDM_POOL_2 172.16.100.2 172.16.100.100
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip forward-protocol nd
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 62.153.xxx.xxx
ip access-list extended VPN1
remark VPN_Haberstrasse
remark CCP_ACL Category=4
permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
ip radius source-interface Vlan10
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 195.243.xxx.xxx
access-list 23 permit 10.133.10.0 0.0.1.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.133.10.0 0.0.1.255 any
access-list 101 remark CCP_ACL Category=16
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
access-list 102 remark auto generated by CCP firewall configuration
access-list 102 remark CCP_ACL Category=1
access-list 102 deny ip 10.10.10.0 0.0.0.7 any
access-list 102 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 102 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 102 permit icmp any host 62.153.xxx.xxx unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 103 remark auto generated by CCP firewall configuration
access-list 103 remark CCP_ACL Category=1
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 103 remark IPSec Rule
access-list 103 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 103 permit udp any host 62.153.xxx.xxx eq non500-isakmp
access-list 103 permit udp any host 62.153.xxx.xxx eq isakmp
access-list 103 permit esp any host 62.153.xxx.xxx
access-list 103 permit ahp any host 62.153.xxx.xxx
access-list 103 permit udp host 194.25.0.60 eq domain any
access-list 103 permit udp host 194.25.0.68 eq domain any
access-list 103 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
access-list 103 deny ip 10.10.10.0 0.0.0.7 any
access-list 103 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 103 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 103 permit icmp any host 62.153.xxx.xxx unreachable
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
access-list 104 remark CCP_ACL Category=4
access-list 104 permit ip 10.133.10.0 0.0.1.255 any
access-list 105 remark CCP_ACL Category=4
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.133.10.0 0.0.1.255 10.133.20.0 0.0.0.255
access-list 106 permit ip 10.10.10.0 0.0.0.7 any
access-list 106 permit ip 10.133.10.0 0.0.1.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.133.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
access-list 108 remark Auto generated by SDM Management Access feature
access-list 108 remark CCP_ACL Category=1
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq telnet
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 22
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq www
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq 443
access-list 108 permit tcp 10.133.10.0 0.0.1.255 host 10.133.10.1 eq cmd
access-list 108 deny tcp any host 10.133.10.1 eq telnet
access-list 108 deny tcp any host 10.133.10.1 eq 22
access-list 108 deny tcp any host 10.133.10.1 eq www
access-list 108 deny tcp any host 10.133.10.1 eq 443
access-list 108 deny tcp any host 10.133.10.1 eq cmd
access-list 108 deny udp any host 10.133.10.1 eq snmp
access-list 108 permit ip any any
access-list 109 remark CCP_ACL Category=1
access-list 109 permit ip 10.133.10.0 0.0.1.255 any
access-list 109 permit ip 10.10.10.0 0.0.0.7 any
access-list 109 permit ip 192.168.10.0 0.0.1.255 any
access-list 110 remark CCP_ACL Category=1
access-list 110 permit ip host 195.243.xxx.xxx any
access-list 110 permit ip host 84.44.xxx.xxx any
access-list 110 permit ip 10.133.10.0 0.0.1.255 any
access-list 110 permit ip 10.10.10.0 0.0.0.7 any
access-list 110 permit ip 192.168.10.0 0.0.1.255 any
access-list 111 remark CCP_ACL Category=4
access-list 111 permit ip 10.133.10.0 0.0.1.255 any
access-list 112 remark CCP_ACL Category=1
access-list 112 permit udp host 10.133.10.5 eq 1812 any
access-list 112 permit udp host 10.133.10.5 eq 1813 any
access-list 112 permit udp any host 10.133.10.1 eq non500-isakmp
access-list 112 permit udp any host 10.133.10.1 eq isakmp
access-list 112 permit esp any host 10.133.10.1
access-list 112 permit ahp any host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1645 host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1646 host 10.133.10.1
access-list 112 remark auto generated by CCP firewall configuration
access-list 112 permit udp host 10.133.10.5 eq 1812 host 10.133.10.1
access-list 112 permit udp host 10.133.10.5 eq 1813 host 10.133.10.1
access-list 112 permit udp host 10.133.10.7 eq domain any
access-list 112 permit udp host 10.133.10.5 eq domain any
access-list 112 deny ip 62.153.xxx.xxx 0.0.0.7 any
access-list 112 deny ip 10.10.10.0 0.0.0.7 any
access-list 112 deny ip host 255.255.255.255 any
access-list 112 deny ip 127.0.0.0 0.255.255.255 any
access-list 112 permit ip any any
access-list 113 remark CCP_ACL Category=1
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.34.0 0.0.1.255 192.168.10.0 0.0.1.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.60.16.0 0.0.0.255 192.168.10.0 0.0.1.255
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.60.16.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq non500-isakmp
access-list 113 permit udp host 83.140.100.4 host 62.153.xxx.xxx eq isakmp
access-list 113 permit esp host 83.140.100.4 host 62.153.xxx.xxx
access-list 113 permit ahp host 83.140.100.4 host 62.153.xxx.xxx
access-list 113 permit ip host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit ip host 84.44.xxx.xxx host 62.153.xxx.xxx
access-list 113 remark auto generated by CCP firewall configuration
access-list 113 permit udp host 194.25.0.60 eq domain any
access-list 113 permit udp host 194.25.0.68 eq domain any
access-list 113 permit udp host 194.25.0.68 eq domain host 62.153.xxx.xxx
access-list 113 permit udp host 194.25.0.60 eq domain host 62.153.xxx.xxx
access-list 113 permit udp any host 62.153.xxx.xxx eq non500-isakmp
access-list 113 permit udp any host 62.153.xxx.xxx eq isakmp
access-list 113 permit esp any host 62.153.xxx.xxx
access-list 113 permit ahp any host 62.153.xxx.xxx
access-list 113 permit ahp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit esp host 195.243.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 113 permit udp host 195.243.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.34.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 113 permit ahp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 113 remark IPSec Rule
access-list 113 permit ip 192.168.10.0 0.0.1.255 10.133.10.0 0.0.1.255
access-list 113 permit esp host 62.20.xxx.xxx host 62.153.xxx.xxx
access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq isakmp
access-list 113 permit udp host 62.20.xxx.xxx host 62.153.xxx.xxx eq non500-isakmp
access-list 113 remark IPSec Rule
access-list 113 permit ip 10.133.20.0 0.0.0.255 10.133.10.0 0.0.1.255
access-list 113 remark Pop3
access-list 113 permit tcp host 82.127.xxx.xxx eq 8080 host 62.153.xxx.xxx
access-list 113 remark Pop3
access-list 113 permit tcp any eq pop3 host 62.153.xxx.xxx
access-list 113 remark SMTP
access-list 113 permit tcp any eq 465 host 62.153.xxx.xxx
access-list 113 remark IMAP
access-list 113 permit tcp any eq 587 host 62.153.xxx.xxx
access-list 113 deny ip 10.133.10.0 0.0.1.255 any
access-list 113 deny ip 10.10.10.0 0.0.0.7 any
access-list 113 permit icmp any host 62.153.xxx.xxx echo-reply
access-list 113 permit icmp any host 62.153.xxx.xxx time-exceeded
access-list 113 permit icmp any host 62.153.xxx.xxx unreachable
access-list 113 deny ip 10.0.0.0 0.255.255.255 any
access-list 113 deny ip 172.16.0.0 0.15.255.255 any
access-list 113 deny ip 192.168.0.0 0.0.255.255 any
access-list 113 deny ip 127.0.0.0 0.255.255.255 any
access-list 113 deny ip host 255.255.255.255 any
access-list 113 deny ip host 0.0.0.0 any
access-list 113 deny ip any any log
access-list 114 remark auto generated by CCP firewall configuration
access-list 114 remark CCP_ACL Category=1
access-list 114 deny ip 10.133.10.0 0.0.1.255 any
access-list 114 deny ip 10.10.10.0 0.0.0.7 any
access-list 114 permit icmp any any echo-reply
access-list 114 permit icmp any any time-exceeded
access-list 114 permit icmp any any unreachable
access-list 114 deny ip 10.0.0.0 0.255.255.255 any
access-list 114 deny ip 172.16.0.0 0.15.255.255 any
access-list 114 deny ip 192.168.0.0 0.0.255.255 any
access-list 114 deny ip 127.0.0.0 0.255.255.255 any
access-list 114 deny ip host 255.255.255.255 any
access-list 114 deny ip host 0.0.0.0 any
access-list 114 deny ip any any log
access-list 115 remark VPN_Sub
access-list 115 remark CCP_ACL Category=5
access-list 115 permit ip 10.133.10.0 0.0.1.255 172.16.0.0 0.0.255.255
access-list 115 permit ip 10.133.34.0 0.0.1.255 172.16.0.0 0.0.255.255
access-list 115 permit ip 10.133.20.0 0.0.0.255 any
access-list 116 remark CCP_ACL Category=4
access-list 116 remark IPSec Rule
access-list 116 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 117 remark CCP_ACL Category=4
access-list 117 remark IPSec Rule
access-list 117 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 118 remark CCP_ACL Category=4
access-list 118 remark IPSec Rule
access-list 118 permit ip 10.133.10.0 0.0.1.255 10.60.16.0 0.0.0.255
access-list 118 remark IPSec Rule
access-list 118 permit ip 192.168.10.0 0.0.1.255 10.60.16.0 0.0.0.255
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 106
control-plane
mgcp profile default
line con 0
transport output telnet
line 1
modem InOut
speed 115200
flowcontrol hardware
line aux 0
transport output telnet
line vty 0 4
session-timeout 45
access-class 110 in
transport input telnet ssh
line vty 5 15
access-class 109 in
transport input telnet ssh
scheduler interval 500
endThe crypto ACL for the site to site vpn should also include the vpn client pool, otherwise, traffic from the vpn client does not match the interesting traffic for the site to site vpn.
On Site A:
should include "access-list 107 permit ip 172.16.100.0 0.0.0.255 10.133.34.0 0.0.1.255"
You should also remove the following line as the pool is incorrect:
access-list 107 permit ip 192.168.10.0 0.0.1.255 10.133.34.0 0.0.1.255
On Site B:
should include: permit ip 10.133.34.0 0.0.1.255 172.16.100.0 0.0.0.255"
NAT exemption on site B should also be configured with deny on the above ACL. -
Cisco ASA 5505 IPSec tunnel won't establish until remote site attempts to connect
I have a site to site IPSec tunnel setup and operational but periodically the remote site goes down, because of a somewhat reliable internet connection. The only way to get the tunnel to re-establish is to go to the remote site and simply issue a ping from a workstation on the remote network. We were having this same issue with a Cisco PIX 506E but decided to upgrade the hardware and see if that resolve the issue. It ran for well over a year and our assumtions was that the issue was resolved. I was looking in the direction of the security-association lifetime but if we power cycle the unit, I would expect that it would kill the SA but even after power cycling, the VPN does not come up automatically.
Any assistance would be appreciated.
ASA Version 8.2(1)
hostname KRPS-FW
domain-name lottonline.org
enable password uniQue
passwd uniQue
names
interface Vlan1
nameif inside
security-level 100
ip address 10.20.30.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address xxx.xxx.xxx.xxx 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
description Inside Network on VLAN1
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
description Inside Network on VLAN1
ftp mode passive
dns server-group DefaultDNS
domain-name lottonline.org
access-list NONAT extended permit ip 10.20.30.0 255.255.255.0 10.20.20.0 255.255.255.0
access-list NONAT extended permit ip 10.20.30.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list NONAT extended permit ip 10.20.30.0 255.255.255.0 192.168.15.0 255.255.255.0
access-list KWPS-BITP extended permit ip 10.20.30.0 255.255.255.0 10.20.20.0 255.255.255.0
access-list KWPS-BITP extended permit ip 10.20.30.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list KWPS-BITP extended permit ip 10.20.30.0 255.255.255.0 192.168.15.0 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT
nat (inside) 1 0.0.0.0 0.0.0.0
access-group OUTSIDE_ACCESS_IN in interface outside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.20.30.0 255.255.255.0 inside
http 10.20.20.0 255.255.255.0 inside
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DYNMAP 65535 set transform-set ESP-AES-256-SHA
crypto map VPNMAP 1 match address KWPS-BITP
crypto map VPNMAP 1 set peer xxx.xxx.xxx.001
crypto map VPNMAP 1 set transform-set ESP-AES-256-SHA
crypto map VPNMAP 65535 ipsec-isakmp dynamic DYNMAP
crypto map VPNMAP interface outside
crypto isakmp enable outside
crypto isakmp policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
ssh timeout 5
console timeout 0
management-access inside
tunnel-group xxx.xxx.xxx.001 type ipsec-l2l
tunnel-group xxx.xxx.xxx.001 ipsec-attributes
pre-shared-key somekeyHi there,
I had same issue with PIX 506E and it was not even a circuit issue and I got ride of it and problem got fixed with PIX515E
I don't know, the device is too old to stay alive.
thanks -
I have a problem making a call from Isle of Man that has a 2900 router running CME 8.6 and a remote site Singapore that is on a UCS560, we have created a site to site VPN and can ping from either phone vlan to either phone vlan interfaces. The problem is that when I call from the Isle of Man site the call routes, rings on the remote phone and the user answers, they can hear the Isle of Man but the Isle of man cannot hear them... I hear you all say one way voice must be routing, well I cannot find where the error and like I say we can ping. I have added the singapore config as a starting point and we are calling from 0977 Isle of Man to 3123 Singapore.
version 15.1
parser config cache interface
no service pad
no service timestamps debug uptime
service timestamps log datetime msec localtime
service internal
service compress-config
service sequence-numbers
hostname SG_UC_560
boot-start-marker
boot system flash:/uc500-advipservicesk9-mz.151-4.M6
boot-end-marker
no logging buffered
no logging rate-limit
aaa new-model
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa session-id common
clock timezone WST 8 0
network-clock-participate wic 1
network-clock-select 1 BRI0/1/0
network-clock-select 2 BRI0/1/1
dot11 syslog
ip source-route
ip cef
ip dhcp relay information trust-all
ip dhcp excluded-address 172.16.100.1 172.16.100.99
ip dhcp excluded-address 172.16.100.200 172.16.100.255
ip dhcp excluded-address 192.168.138.1 192.168.138.99
ip dhcp excluded-address 192.168.138.200 192.168.138.255
ip dhcp pool phone
network 172.16.100.0 255.255.255.0
default-router 172.16.100.1
option 150 ip 172.16.100.1
ip dhcp pool data
import all
network 192.168.138.0 255.255.255.0
default-router 192.168.138.1
dns-server 8.8.8.8 8.8.4.4
ip dhcp pool DoorIntercom
host 192.168.138.5 255.255.255.0
hardware-address 7c1e.b3fe.09a8
ip inspect WAAS flush-timeout 10
ip dhcp-client update dns server both
no ipv6 cef
multilink bundle-name authenticated
stcapp ccm-group 1
stcapp
isdn switch-type basic-net3
trunk group ALL_BRI
hunt-scheme longest-idle
translation-profile outgoing PROFILE_ALL_BRI
trunk group ALL_FXO
max-retry 5
voice-class cause-code 1
hunt-scheme longest-idle
voice call send-alert
voice rtp send-recv
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
sip
registrar server expires max 600 min 60
no update-callerid
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
codec preference 4 g729br8
voice class cause-code 1
no-circuit
voice register global
mode cme
source-address 172.16.100.1 port 5060
max-dn 120
max-pool 30
load 9971 sip9971.9-2-2
load 9951 sip9951.9-2-2
load 8961 sip8961.9-2-2
authenticate register
authenticate realm uc500.local
timezone 42
date-format D/M/Y
hold-alert
create profile sync 0002461994550035
voice register dn 1
number 199
name Door Intercom
no-reg
label Door Intercom
voice register pool 1
registration-timer max 720 min 660
id mac 7C1E.B3FE.09A8
type CiscoMobile-iOS
number 1 dn 1
cor incoming user-internal default
dtmf-relay rtp-nte
username 199 password
codec g711ulaw
voice hunt-group 1 parallel
final 399
list 122,123
timeout 16
pilot 501
voice translation-rule 4
rule 15 /^...$/ /62223151/
voice translation-rule 1000
rule 1 /.*/ //
voice translation-rule 1112
rule 10 /^90[0123][1-9]\(.*\)/ /019\1/
rule 15 /^9/ //
voice translation-rule 2002
rule 1 /^6/ //
voice translation-rule 2222
voice translation-rule 3119
rule 1 /^3\(...\)/ /\1/
voice translation-rule 3121
rule 1 /3121/ /121/
voice translation-profile CALLER_ID_TRANSLATION_PROFILE
translate calling 1111
voice translation-profile CallBlocking
translate called 2222
voice translation-profile IOM
translate called 3119
voice translation-profile OUTGOING_TRANSLATION_PROFILE
translate called 1112
voice translation-profile PROFILE_ALL_BRI
translate calling 4
voice translation-profile XFER_TO_VM_PROFILE
translate redirect-called 2002
voice translation-profile nondialable
translate called 1000
voice-card 0
fax interface-type fax-mail
license udi pid UC560-BRI-K9 sn FGL164912CA
archive
log config
logging enable
logging size 600
hidekeys
process-max-time 150
ip tftp source-interface Vlan90
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
lifetime 85400
crypto isakmp key xxxxxxxxx address IP of Isle of Man no-xauth
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto map IOM-VPN 10 ipsec-isakmp
set peer IP of Isle of Man
set transform-set ESP-3DES-MD5
match address 150
interface Loopback0
ip address xxxxxxxxx 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/0
ip ddns update hostname xxxxxxxxx
ip ddns update dyndns
ip address dhcp client-id GigabitEthernet0/0
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
crypto map IOM-VPN
interface Integrated-Service-Engine0/0
description Interface used to manage integrated application modulecue is initialized with default IMAP group
ip unnumbered Vlan90
ip nat inside
ip virtual-reassembly in
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface GigabitEthernet0/1/0
switchport mode trunk
switchport voice vlan 100
no ip address
macro description cisco-switch
interface GigabitEthernet0/1/1
switchport mode trunk
switchport voice vlan 100
no ip address
macro description cisco-switch
interface GigabitEthernet0/1/2
no ip address
macro description cisco-desktop
spanning-tree portfast
interface GigabitEthernet0/1/3
description Interface used to communicate with integrated service module
switchport access vlan 90
no ip address
service-module ip address 10.1.10.1 255.255.255.252
service-module ip default-gateway 10.1.10.2
interface BRI0/1/0
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn sending-complete
trunk-group ALL_BRI 64
interface BRI0/1/1
no ip address
isdn switch-type basic-net3
isdn point-to-point-setup
isdn incoming-voice voice
isdn sending-complete
trunk-group ALL_BRI 64
interface Virtual-Template1
ip unnumbered Loopback0
ip nat inside
ip virtual-reassembly in
interface Virtual-Template200 type serial
no ip address
interface Vlan1
ip address 192.168.138.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan90
ip address 10.1.10.2 255.255.255.252
ip nat inside
ip virtual-reassembly in
interface Vlan100
ip address 172.16.100.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip local pool SDM_WEBVPN_POOL_1 192.168.138.20 192.168.138.29
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/gui
ip dns server
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip route 10.1.10.1 255.255.255.255 Vlan90
access-list 100 deny ip 192.168.138.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 100 deny ip 172.16.100.0 0.0.0.255 172.16.105.0 0.0.0.255
access-list 100 deny ip 172.16.100.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 100 deny ip 192.168.138.0 0.0.0.255 172.16.105.0 0.0.0.255
access-list 100 permit ip 10.1.10.0 0.0.0.3 any
access-list 100 permit ip 192.168.138.0 0.0.0.255 any
access-list 100 permit ip 172.16.100.0 0.0.0.255 any
access-list 150 permit ip 192.168.138.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 150 permit ip 172.16.100.0 0.0.0.255 172.16.105.0 0.0.0.255
access-list 150 permit ip 172.16.100.0 0.0.0.255 192.168.104.0 0.0.0.255
access-list 150 permit ip 192.168.138.0 0.0.0.255 172.16.105.0 0.0.0.255
route-map SDM_RMAP_1 permit 1
match ip address 100
snmp-server community public RO
tftp-server flash:/phones/6901_6911/SCCP6911.9-1-1-0.loads alias SCCP6911.9-1-1-0.loads
tftp-server flash:/phones/6901_6911/SCCP6901.9-1-1-0.loads alias SCCP6901.9-1-1-0.loads
tftp-server flash:/phones/6901_6911/KNL6911SCCP.9-1-1-0.zz.sgn alias KNL6911SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/KNL6901SCCP.9-1-1-0.zz.sgn alias KNL6901SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/BFS6911SCCP.9-1-1-0.zz.sgn alias BFS6911SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/APP6911SCCP.9-1-1-0.zz.sgn alias APP6911SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/6901_6911/APP6901SCCP.9-1-1-0.zz.sgn alias APP6901SCCP.9-1-1-0.zz.sgn
tftp-server flash:/phones/69xx/SCCP69xx.9-1-1-2-sr.loads alias SCCP69xx.9-1-1-2-sr.loads
tftp-server flash:/phones/69xx/BOOT69xx.0-0-0-14.zz.sgn alias BOOT69xx.0-0-0-14.zz.sgn
tftp-server flash:/phones/69xx/DSP69xx.0-0-0-4.zz.sgn alias DSP69xx.0-0-0-4.zz.sgn
tftp-server flash:/phones/69xx/SCCP69xx.9-1-1-2-sr.zz.sgn alias SCCP69xx.9-1-1-2-sr.zz.sgn
tftp-server flash:/phones/521_524/cp524g-8-1-17.bin alias cp524g-8-1-17.bin
tftp-server flash:/phones/525/spa525g-7-4-9c.bin alias spa525g-7-4-9c.bin
tftp-server flash:/phones/50x-30x/spa50x-30x-7-4-9c.bin alias spa50x-30x-7-4-9c.bin
tftp-server flash:/phones/7906_7911/apps11.9-2-1TH1-13.sbn alias apps11.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/cnu11.9-2-1TH1-13.sbn alias cnu11.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/cvm11sccp.9-2-1TH1-13.sbn alias cvm11sccp.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/dsp11.9-2-1TH1-13.sbn alias dsp11.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/jar11sccp.9-2-1TH1-13.sbn alias jar11sccp.9-2-1TH1-13.sbn
tftp-server flash:/phones/7906_7911/SCCP11.9-2-1S.loads alias SCCP11.9-2-1S.loads
tftp-server flash:/phones/7906_7911/term06.default.loads alias term06.default.loads
tftp-server flash:/phones/7906_7911/term11.default.loads alias term11.default.loads
tftp-server flash:/phones/7914/S00105000400.sbn alias S00105000400.sbn
tftp-server flash:/phones/7915/B015-1-0-4.SBN alias B015-1-0-4.SBN
tftp-server flash:/phones/7916/B016-1-0-4.SBN alias B016-1-0-4.SBN
tftp-server flash:/phones/7921/APPS-1.4.1SR1.SBN alias APPS-1.4.1SR1.SBN
tftp-server flash:/phones/7921/CP7921G-1.4.1SR1.LOADS alias CP7921G-1.4.1SR1.LOADS
tftp-server flash:/phones/7921/GUI-1.4.1SR1.SBN alias GUI-1.4.1SR1.SBN
tftp-server flash:/phones/7921/TNUXR-1.4.1SR1.SBN alias TNUXR-1.4.1SR1.SBN
tftp-server flash:/phones/7921/SYS-1.4.1SR1.SBN alias SYS-1.4.1SR1.SBN
tftp-server flash:/phones/7921/TNUX-1.4.1SR1.SBN alias TNUX-1.4.1SR1.SBN
tftp-server flash:/phones/7921/WLAN-1.4.1SR1.SBN alias WLAN-1.4.1SR1.SBN
tftp-server flash:/phones/7925/APPSH-1.4.1SR1.SBN alias APPSH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/CP7925G-1.4.1SR1.LOADS alias CP7925G-1.4.1SR1.LOADS
tftp-server flash:/phones/7925/GUIH-1.4.1SR1.SBN alias GUIH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/JSYSH-1.4.1SR1.SBN alias JSYSH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/JUIH-1.4.1SR1.SBN alias JUIH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/SYSH-1.4.1SR1.SBN alias SYSH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/TNUXH-1.4.1SR1.SBN alias TNUXH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/TNUXRH-1.4.1SR1.SBN alias TNUXRH-1.4.1SR1.SBN
tftp-server flash:/phones/7925/WLANH-1.4.1SR1.SBN alias WLANH-1.4.1SR1.SBN
tftp-server flash:/phones/7931/apps31.9-1-1TH1-16.sbn alias apps31.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/cnu31.9-1-1TH1-16.sbn alias cnu31.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/cvm31sccp.9-1-1TH1-16.sbn alias cvm31sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/dsp31.9-1-1TH1-16.sbn alias dsp31.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/jar31sccp.9-1-1TH1-16.sbn alias jar31sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7931/SCCP31.9-1-1SR1S.loads alias SCCP31.9-1-1SR1S.loads
tftp-server flash:/phones/7931/term31.default.loads alias term31.default.loads
tftp-server flash:/phones/7936/cmterm_7936.3-3-21-0.bin alias cmterm_7936.3-3-21-0.bin
tftp-server flash:/phones/7937/apps37sccp.1-4-4-0.bin alias apps37sccp.1-4-4-0.bin
tftp-server flash:/phones/7940_7960/P00308010200.bin alias P00308010200.bin
tftp-server flash:/phones/7940_7960/P00308010200.loads alias P00308010200.loads
tftp-server flash:/phones/7940_7960/P00308010200.sb2 alias P00308010200.sb2
tftp-server flash:/phones/7940_7960/P00308010200.sbn alias P00308010200.sbn
tftp-server flash:/phones/7941_7961/apps41.9-1-1TH1-16.sbn alias apps41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/cnu41.9-1-1TH1-16.sbn alias cnu41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/cvm41sccp.9-1-1TH1-16.sbn alias cvm41sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/dsp41.9-1-1TH1-16.sbn alias dsp41.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/jar41sccp.9-1-1TH1-16.sbn alias jar41sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7941_7961/SCCP41.9-1-1SR1S.loads alias SCCP41.9-1-1SR1S.loads
tftp-server flash:/phones/7941_7961/term41.default.loads alias term41.default.loads
tftp-server flash:/phones/7941_7961/term61.default.loads alias term61.default.loads
tftp-server flash:/phones/7942_7962/apps42.9-1-1TH1-16.sbn alias apps42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/cnu42.9-1-1TH1-16.sbn alias cnu42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/cvm42sccp.9-1-1TH1-16.sbn alias cvm42sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/dsp42.9-1-1TH1-16.sbn alias dsp42.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/jar42sccp.9-1-1TH1-16.sbn alias jar42sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7942_7962/SCCP42.9-1-1SR1S.loads alias SCCP42.9-1-1SR1S.loads
tftp-server flash:/phones/7942_7962/term42.default.loads alias term42.default.loads
tftp-server flash:/phones/7942_7962/term62.default.loads alias term62.default.loads
tftp-server flash:/phones/7945_7965/apps45.9-1-1TH1-16.sbn alias apps45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/cnu45.9-1-1TH1-16.sbn alias cnu45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/cvm45sccp.9-1-1TH1-16.sbn alias cvm45sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/dsp45.9-1-1TH1-16.sbn alias dsp45.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/jar45sccp.9-1-1TH1-16.sbn alias jar45sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7945_7965/SCCP45.9-1-1SR1S.loads alias SCCP45.9-1-1SR1S.loads
tftp-server flash:/phones/7945_7965/term45.default.loads alias term45.default.loads
tftp-server flash:/phones/7945_7965/term65.default.loads alias term65.default.loads
tftp-server flash:/phones/7970_7971/apps70.9-1-1TH1-16.sbn alias apps70.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/cnu70.9-1-1TH1-16.sbn alias cnu70.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/cvm70sccp.9-1-1TH1-16.sbn alias cvm70sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/dsp70.9-1-1TH1-16.sbn alias dsp70.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/jar70sccp.9-1-1TH1-16.sbn alias jar70sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7970_7971/SCCP70.9-1-1SR1S.loads alias SCCP70.9-1-1SR1S.loads
tftp-server flash:/phones/7970_7971/term70.default.loads alias term70.default.loads
tftp-server flash:/phones/7970_7971/term71.default.loads alias term71.default.loads
tftp-server flash:/phones/7975/apps75.9-1-1TH1-16.sbn alias apps75.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/cnu75.9-1-1TH1-16.sbn alias cnu75.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/cvm75sccp.9-1-1TH1-16.sbn alias cvm75sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/dsp75.9-1-1TH1-16.sbn alias dsp75.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/jar75sccp.9-1-1TH1-16.sbn alias jar75sccp.9-1-1TH1-16.sbn
tftp-server flash:/phones/7975/SCCP75.9-1-1SR1S.loads alias SCCP75.9-1-1SR1S.loads
tftp-server flash:/phones/7975/term75.default.loads alias term75.default.loads
tftp-server flash:/phones/8961/dkern8961.100609R2-9-2-2.sebn alias dkern8961.100609R2-9-2-2.sebn
tftp-server flash:/phones/8961/kern8961.9-2-2.sebn alias kern8961.9-2-2.sebn
tftp-server flash:/phones/8961/rootfs8961.9-2-2.sebn alias rootfs8961.9-2-2.sebn
tftp-server flash:/phones/8961/sboot8961.031610R1-9-2-2.sebn alias sboot8961.031610R1-9-2-2.sebn
tftp-server flash:/phones/8961/sip8961.9-2-2.loads alias sip8961.9-2-2.loads
tftp-server flash:/phones/8961/skern8961.022809R2-9-2-2.sebn alias skern8961.022809R2-9-2-2.sebn
tftp-server flash:/phones/9951/dkern9951.100609R2-9-2-2.sebn alias dkern9951.100609R2-9-2-2.sebn
tftp-server flash:/phones/9951/kern9951.9-2-2.sebn alias kern9951.9-2-2.sebn
tftp-server flash:/phones/9951/rootfs9951.9-2-2.sebn alias rootfs9951.9-2-2.sebn
tftp-server flash:/phones/9951/sboot9951.031610R1-9-2-2.sebn alias sboot9951.031610R1-9-2-2.sebn
tftp-server flash:/phones/9951/sip9951.9-2-2.loads alias sip9951.9-2-2.loads
tftp-server flash:/phones/9951/skern9951.022809R2-9-2-2.sebn alias skern9951.022809R2-9-2-2.sebn
tftp-server flash:/phones/9971/dkern9971.100609R2-9-2-2.sebn alias dkern9971.100609R2-9-2-2.sebn
tftp-server flash:/phones/9971/kern9971.9-2-2.sebn alias kern9971.9-2-2.sebn
tftp-server flash:/phones/9971/rootfs9971.9-2-2.sebn alias rootfs9971.9-2-2.sebn
tftp-server flash:/phones/9971/sboot9971.031610R1-9-2-2.sebn alias sboot9971.031610R1-9-2-2.sebn
tftp-server flash:/phones/9971/sip9971.9-2-2.loads alias sip9971.9-2-2.loads
tftp-server flash:/phones/9971/skern9971.022809R2-9-2-2.sebn alias skern9971.022809R2-9-2-2.sebn
tftp-server flash:/ringtones/Analog1.raw alias Analog1.raw
tftp-server flash:/ringtones/Analog2.raw alias Analog2.raw
tftp-server flash:/ringtones/AreYouThere.raw alias AreYouThere.raw
tftp-server flash:/ringtones/DistinctiveRingList.xml alias DistinctiveRingList.xml
tftp-server flash:/ringtones/RingList.xml alias RingList.xml
tftp-server flash:/ringtones/AreYouThereF.raw alias AreYouThereF.raw
tftp-server flash:/ringtones/Bass.raw alias Bass.raw
tftp-server flash:/ringtones/CallBack.raw alias CallBack.raw
tftp-server flash:/ringtones/Chime.raw alias Chime.raw
tftp-server flash:/ringtones/Classic1.raw alias Classic1.raw
tftp-server flash:/ringtones/Classic2.raw alias Classic2.raw
tftp-server flash:/ringtones/ClockShop.raw alias ClockShop.raw
tftp-server flash:/ringtones/Drums1.raw alias Drums1.raw
tftp-server flash:/ringtones/Drums2.raw alias Drums2.raw
tftp-server flash:/ringtones/FilmScore.raw alias FilmScore.raw
tftp-server flash:/ringtones/HarpSynth.raw alias HarpSynth.raw
tftp-server flash:/ringtones/Jamaica.raw alias Jamaica.raw
tftp-server flash:/ringtones/KotoEffect.raw alias KotoEffect.raw
tftp-server flash:/ringtones/MusicBox.raw alias MusicBox.raw
tftp-server flash:/ringtones/Piano1.raw alias Piano1.raw
tftp-server flash:/ringtones/Piano2.raw alias Piano2.raw
tftp-server flash:/ringtones/Pop.raw alias Pop.raw
tftp-server flash:/ringtones/Pulse1.raw alias Pulse1.raw
tftp-server flash:/ringtones/Ring1.raw alias Ring1.raw
tftp-server flash:/ringtones/Ring2.raw alias Ring2.raw
tftp-server flash:/ringtones/Ring3.raw alias Ring3.raw
tftp-server flash:/ringtones/Ring4.raw alias Ring4.raw
tftp-server flash:/ringtones/Ring5.raw alias Ring5.raw
tftp-server flash:/ringtones/Ring6.raw alias Ring6.raw
tftp-server flash:/ringtones/Ring7.raw alias Ring7.raw
tftp-server flash:/ringtones/Sax1.raw alias Sax1.raw
tftp-server flash:/ringtones/Sax2.raw alias Sax2.raw
tftp-server flash:/ringtones/Vibe.raw alias Vibe.raw
tftp-server flash:/Desktops/CampusNight.png
tftp-server flash:/Desktops/TN-CampusNight.png
tftp-server flash:/Desktops/CiscoFountain.png
tftp-server flash:/Desktops/TN-CiscoFountain.png
tftp-server flash:/Desktops/CiscoLogo.png
tftp-server flash:/Desktops/TN-CiscoLogo.png
tftp-server flash:/Desktops/Fountain.png
tftp-server flash:/Desktops/TN-Fountain.png
tftp-server flash:/Desktops/MorroRock.png
tftp-server flash:/Desktops/TN-MorroRock.png
tftp-server flash:/Desktops/NantucketFlowers.png
tftp-server flash:/Desktops/TN-NantucketFlowers.png
tftp-server flash:Desktops/320x212x16/List.xml
tftp-server flash:Desktops/320x212x12/List.xml
tftp-server flash:Desktops/320x216x16/List.xml
tftp-server flash:/bacdprompts/en_bacd_allagentsbusy.au alias en_bacd_allagentsbusy.au
tftp-server flash:/bacdprompts/en_bacd_disconnect.au alias en_bacd_disconnect.au
tftp-server flash:/bacdprompts/en_bacd_enter_dest.au alias en_bacd_enter_dest.au
tftp-server flash:/bacdprompts/en_bacd_invalidoption.au alias en_bacd_invalidoption.au
tftp-server flash:/bacdprompts/en_bacd_music_on_hold.au alias en_bacd_music_on_hold.au
tftp-server flash:/bacdprompts/en_bacd_options_menu.au alias en_bacd_options_menu.au
tftp-server flash:/bacdprompts/en_bacd_welcome.au alias en_bacd_welcome.au
tftp-server flash:/bacdprompts/en_bacd_xferto_operator.au alias en_bacd_xferto_operator.au
radius-server attribute 31 send nas-port-detail
control-plane
voice-port 0/0/0
cptone SG
station-id number 401
caller-id enable
voice-port 0/0/1
cptone SG
station-id number 402
caller-id enable
voice-port 0/0/2
cptone SG
station-id number 403
caller-id enable
voice-port 0/0/3
cptone SG
station-id number 404
caller-id enable
voice-port 0/1/0
compand-type a-law
cptone SG
bearer-cap Speech
voice-port 0/1/1
compand-type a-law
cptone SG
bearer-cap Speech
voice-port 0/3/0
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/0-BG
caller-id enable
voice-port 0/3/1
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/1-BG
caller-id enable
voice-port 0/3/2
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/2-BG
caller-id enable
voice-port 0/3/3
trunk-group ALL_FXO 64
cptone SG
connection plar opx 501
description Configured by CCA 4 FXO-0/3/3-BG
caller-id enable
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control -15
description Music On Hold Port
sccp local Vlan90
sccp ccm 172.16.100.1 identifier 1 version 3.1
sccp
sccp ccm group 1
associate ccm 1 priority 1
dial-peer cor custom
name internal
name local
name local-plus
name international
name national
name national-plus
name emergency
name toll-free
dial-peer cor list call-internal
member internal
dial-peer cor list call-local
member local
dial-peer cor list call-local-plus
member local-plus
dial-peer cor list call-national
member national
dial-peer cor list call-national-plus
member national-plus
dial-peer cor list call-international
member international
dial-peer cor list call-emergency
member emergency
dial-peer cor list call-toll-free
member toll-free
dial-peer cor list user-internal
member internal
member emergency
dial-peer cor list user-local
member internal
member local
member emergency
member toll-free
dial-peer cor list user-local-plus
member internal
member local
member local-plus
member emergency
member toll-free
dial-peer cor list user-national
member internal
member local
member local-plus
member national
member emergency
member toll-free
dial-peer cor list user-national-plus
member internal
member local
member local-plus
member national
member national-plus
member emergency
member toll-free
dial-peer cor list user-international
member internal
member local
member local-plus
member international
member national
member national-plus
member emergency
member toll-free
dial-peer voice 1 pots
destination-pattern 401
port 0/0/0
no sip-register
dial-peer voice 2 pots
destination-pattern 402
port 0/0/1
no sip-register
dial-peer voice 3 pots
destination-pattern 403
port 0/0/2
no sip-register
dial-peer voice 4 pots
destination-pattern 404
port 0/0/3
no sip-register
dial-peer voice 5 pots
description ** MOH Port **
destination-pattern ABC
port 0/4/0
no sip-register
dial-peer voice 6 pots
description ôcatch all dial peer for BRI/PRIö
translation-profile incoming nondialable
incoming called-number .%
direct-inward-dial
dial-peer voice 50 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
direct-inward-dial
port 0/1/0
dial-peer voice 51 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
direct-inward-dial
port 0/1/1
dial-peer voice 150 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/0
dial-peer voice 151 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/1
dial-peer voice 152 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/2
dial-peer voice 153 pots
description ** incoming dial peer **
incoming called-number ^AAAA$
port 0/3/3
dial-peer voice 154 pots
description ** FXO pots dial-peer **
destination-pattern A0
port 0/3/0
no sip-register
dial-peer voice 155 pots
description ** FXO pots dial-peer **
destination-pattern A1
port 0/3/1
no sip-register
dial-peer voice 156 pots
description ** FXO pots dial-peer **
destination-pattern A2
port 0/3/2
no sip-register
dial-peer voice 157 pots
description ** FXO pots dial-peer **
destination-pattern A3
port 0/3/3
no sip-register
dial-peer voice 2000 voip
description ** cue voicemail pilot number **
translation-profile outgoing XFER_TO_VM_PROFILE
destination-pattern 399
b2bua
session protocol sipv2
session target ipv4:10.1.10.1
voice-class sip outbound-proxy ipv4:10.1.10.1
dtmf-relay rtp-nte
codec g711ulaw
no vad
dial-peer voice 52 pots
trunkgroup ALL_BRI
corlist outgoing call-emergency
description **CCA*Singapore*Emergency Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 999[59]
forward-digits all
no sip-register
dial-peer voice 53 pots
trunkgroup ALL_FXO
corlist outgoing call-emergency
description **CCA*Singapore*Emergency Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 999[59]
forward-digits all
no sip-register
dial-peer voice 54 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*VoIP Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 93.......
forward-digits all
no sip-register
dial-peer voice 55 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*VoIP Services**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 93.......
forward-digits all
no sip-register
dial-peer voice 56 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Fixed Line Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 96.......
forward-digits all
no sip-register
dial-peer voice 57 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Fixed Line Service**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 96.......
forward-digits all
no sip-register
dial-peer voice 58 pots
trunkgroup ALL_BRI
corlist outgoing call-local-plus
description **CCA*Singapore*Mobile Phones**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 9[89].......
forward-digits all
no sip-register
dial-peer voice 59 pots
trunkgroup ALL_FXO
corlist outgoing call-local-plus
description **CCA*Singapore*Mobile Phones**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 9[89].......
forward-digits all
no sip-register
dial-peer voice 60 pots
trunkgroup ALL_BRI
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 91800.......
forward-digits all
no sip-register
dial-peer voice 61 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 91800.......
forward-digits all
no sip-register
dial-peer voice 64 pots
trunkgroup ALL_BRI
description **CCA*Singapore*Alternate Carrier Select**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 915T
forward-digits all
no sip-register
dial-peer voice 65 pots
trunkgroup ALL_FXO
description **CCA*Singapore*Alternate Carrier Select**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 915T
forward-digits all
no sip-register
dial-peer voice 66 pots
trunkgroup ALL_BRI
corlist outgoing call-international
description **CCA*Singapore*International Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 90[0123][1-9]T
forward-digits all
no sip-register
dial-peer voice 67 pots
trunkgroup ALL_FXO
corlist outgoing call-international
description **CCA*Singapore*International Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 90[0123][1-9]T
forward-digits all
no sip-register
dial-peer voice 68 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Operator**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 91[01].
forward-digits all
no sip-register
dial-peer voice 69 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Operator**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 91[01].
forward-digits all
no sip-register
dial-peer voice 70 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 913..
forward-digits all
no sip-register
dial-peer voice 71 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 913..
forward-digits all
no sip-register
dial-peer voice 72 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 916..
forward-digits all
no sip-register
dial-peer voice 73 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 916..
forward-digits all
no sip-register
dial-peer voice 74 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 917..
forward-digits all
no sip-register
dial-peer voice 75 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 917..
forward-digits all
no sip-register
dial-peer voice 76 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 918[0-9][1-9].
forward-digits all
no sip-register
dial-peer voice 77 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 918[0-9][1-9].
forward-digits all
no sip-register
dial-peer voice 78 pots
trunkgroup ALL_BRI
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 919[1-9][1-9]
forward-digits all
no sip-register
dial-peer voice 79 pots
trunkgroup ALL_FXO
corlist outgoing call-local
description **CCA*Singapore*Service Numbers**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 919[1-9][1-9]
forward-digits all
no sip-register
dial-peer voice 80 pots
trunkgroup ALL_BRI
description **CCA*Singapore*Special Service Code/International Prefixes**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 91T
forward-digits all
no sip-register
dial-peer voice 81 pots
trunkgroup ALL_FXO
description **CCA*Singapore*Special Service Code/International Prefixes**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 91T
forward-digits all
no sip-register
dial-peer voice 82 pots
trunkgroup ALL_BRI
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 4
destination-pattern 9800T
forward-digits all
no sip-register
dial-peer voice 83 pots
trunkgroup ALL_FXO
corlist outgoing call-toll-free
description **CCA*Singapore*Freephone Calls**
translation-profile outgoing OUTGOING_TRANSLATION_PROFILE
preference 3
destination-pattern 9800T
forward-digits all
no sip-register
dial-peer voice 3150 voip
description INTERSITE CALLS TO IOM
translation-profile incoming IOM
destination-pattern 09..
session target ipv4:172.16.105.3
incoming called-number .T
dtmf-relay h245-alphanumeric
codec g729br8
dial-peer voice 3151 voip
destination-pattern 0977
session target ipv4:172.16.105.3
max-redirects 10
dtmf-relay h245-alphanumeric
codec g729br8
no dial-peer outbound status-check pots
sip-ua
telephony-service
video
fxo hook-flash
max-ephones 138
max-dn 600
ip source-address 172.16.100.1 port 2000
auto assign 1 to 1 type bri
calling-number initiator
service phone videoCapability 1
service phone ehookenable 1
service dnis overlay
service dnis dir-lookup
service dss
timeouts interdigit 5
system message Seaboard
url services http://10.1.10.1/voiceview/common/login.do
url authentication http://10.1.10.1/voiceview/authentication/authenticate.do
load 7914 S00105000400
load 7915-12 B015-1-0-4
load 7915-24 B015-1-0-4
load 7916-12 B016-1-0-4
load 7916-24 B016-1-0-4
load 7906 SCCP11.9-2-1S
load 7911 SCCP11.9-2-1S
load 7921 CP7921G-1.4.1SR1
load 7925 CP7925G-1.4.1SR1
load 7931 SCCP31.9-1-1SR1S
load 7936 cmterm_7936.3-3-21-0
load 7937 apps37sccp.1-4-4-0
load 7960-7940 P00308010200
load 7941 SCCP41.9-1-1SR1S
load 7941GE SCCP41.9-1-1SR1S
load 7942 SCCP42.9-1-1SR1S
load 7945 SCCP45.9-1-1SR1S
load 7961 SCCP41.9-1-1SR1S
load 7961GE SCCP41.9-1-1SR1S
load 7962 SCCP42.9-1-1SR1S
load 7965 SCCP45.9-1-1SR1S
load 7970 SCCP70.9-1-1SR1S
load 7971 SCCP70.9-1-1SR1S
load 7975 SCCP75.9-1-1SR1S
load 521G-524G cp524g-8-1-17
load 525G spa525g-7-4-9c
load 501G spa50x-30x-7-4-9c
load 502G spa50x-30x-7-4-9c
load 504G spa50x-30x-7-4-9c
load 508G spa50x-30x-7-4-9c
load 509G spa50x-30x-7-4-9c
load 525G2 spa525g-7-4-9c
load 301 spa50x-30x-7-4-9c
load 303 spa50x-30x-7-4-9c
load 6921 SCCP69xx.9-1-1-2-sr
load 6941 SCCP69xx.9-1-1-2-sr
load 6961 SCCP69xx.9-1-1-2-sr
load 6901 SCCP6901.9-1-1-0
load 6911 SCCP6911.9-1-1-0
time-zone 42
date-format dd-mm-yy
keepalive 30 auxiliary 4
voicemail 399
max-conferences 8 gain -6
call-forward pattern .T
call-forward system redirecting-expanded
multicast moh 239.10.16.16 port 2000
web admin system name admin secret 5 $1$.BzE$MaR5EV3sF7La6S4Mpk02w1
dn-webedit
time-webedit
transfer-system full-consult dss
transfer-pattern 9.T
transfer-pattern .T
transfer-pattern 6... blind
secondary-dialtone 9
night-service day Sun 17:00 09:00
night-service day Mon 17:00 09:00
night-service day Tue 17:00 09:00
night-service day Wed 17:00 09:00
night-service day Thu 17:00 09:00
night-service day Fri 17:00 09:00
night-service day Sat 17:00 09:00
fac standard
create cnf-files version-stamp 7960 Sep 27 2013 16:58:13
ephone-template 15
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-template 16
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
ephone-template 17
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
ephone-template 18
url services 1 http://10.1.10.1/voiceview/common/login.do VoiceviewExpress
softkeys remote-in-use CBarge Newcall
softkeys idle Redial Newcall Cfwdall Pickup Gpickup Dnd Login
softkeys seized Cfwdall Endcall Redial Pickup Gpickup Callback
softkeys connected Hold Endcall Trnsfer TrnsfVM Confrn Acct Park
button-layout 7931 2
ephone-dn 9
number BCD no-reg primary
description MoH
moh out-call ABC
ephone-dn 593 dual-line
ring internal
number 123 no-reg primary
pickup-group 1
label 123
description Sandra Lee
name Sandra Lee
huntstop channel
ephone-dn 594 dual-line
ring internal
number 122 no-reg primary
pickup-group 1
label 122
description JuatFong Kien
name JuatFong Kien
huntstop channel
ephone-dn 595 dual-line
ring internal
number 121 no-reg primary
pickup-group 1
label 121
description Brian Wittenborn
name Brian Wittenborn
huntstop channel
ephone-dn 596 dual-line
ring internal
number 120 no-reg primary
pickup-group 1
label 120
description Spare Phone
name Spare Phone
huntstop channel
ephone-dn 597 dual-line
ring internal
number 119 no-reg primary
pickup-group 1
label 119
description Brian Whilock
name Brian Whilock
huntstop channel
ephone-dn 598
number 6... no-reg primary
description ***CCA XFER TO VM EXTENSION***
call-forward all 399
ephone-dn 599
number A801... no-reg primary
mwi off
ephone-dn 600
number A800... no-reg primary
mwi on
ephone 1
device-security-mode none
mac-address 20BB.C092.04C1
ephone-template 16
username "119" password 123456
type 7945
no missed-calls
button 1:597
ephone 2
device-security-mode none
mac-address F029.29E3.1D6E
ephone-template 16
username "120" password 123456
type 7945
no missed-calls
button 1:596
ephone 3
device-security-mode none
mac-address F029.29E3.15E8
ephone-template 16
username "121" password 123456
type 7945
no missed-calls
button 1:595
ephone 4
device-security-mode none
mac-address C8F9.F9D7.1489
ephone-template 16
username "122" password 123456
type 7945
no missed-calls
button 1:594
ephone 5
device-security-mode none
mac-address 20BB.C092.0871
ephone-template 16
username "123" password 123456
type 7945
no missed-calls
button 1:593
alias exec cca_voice_mode PBX
banner login ^Cbanner login ^Cisco Configuration Assistant. Version: 3.2 (2). Thu Jul 25 15:13:05 SGT 2013^^C
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
speed 115200
line vty 0 4
transport preferred none
transport input all
line vty 5 100
transport preferred none
transport input all
ntp master
ntp server sg.pool.ntp.org prefer
webvpn gateway SDM_WEBVPN_GATEWAY_1
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.04063-k9.pkg sequence 1
webvpn context SDM_WEBVPN_CONTEXT_1
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group SDM_WEBVPN_POLICY_1
functions svc-enabled
svc address-pool "SDM_WEBVPN_POOL_1" netmask 255.255.255.0
svc keep-client-installed
svc split include 172.16.100.0 255.255.255.0
svc split include 192.168.138.0 255.255.255.0
svc split include 192.168.104.0 255.255.255.0
svc split include 172.16.105.0 255.255.255.0
virtual-template 1
default-group-policy SDM_WEBVPN_POLICY_1
aaa authentication list sdm_vpn_xauth_ml_1
gateway SDM_WEBVPN_GATEWAY_1
max-users 20
inservice
endMost of the time this type of symptom is related to a routing issue or ACL.
I am thinking more codec.
your dial-peer 3150 with incoming called number .T will negotiate the codec betweeen IOM and Singapore (g729br8),
can you paste a show call active voice so we
this way we can at least ascertain what codec is used from IOM to singapore e2e
and what are the phones in singaport using internally?
=============================
Please remember to rate useful posts, by clicking on the stars below.
============================= -
Remote site to site VPN user cannot access LAN resources
Users in remote site can get ping response but no http service from local web server where the local web server also has NAT rule allowing access from WAN. In the below config, users in remote 10.10.10.160/27 can ping 10.10.10.30 and 10.10.10.95, but http packets are not returned.
What do I need to do to fix this?
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname SFGallery
boot-start-marker
boot-end-marker
no logging buffered
aaa new-model
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authentication login ciscocp_vpn_xauth_ml_3 group radius local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
aaa session-id common
clock timezone PCTime -7 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ipv6 cef
ip source-route
ip cef
ip dhcp excluded-address 172.16.0.1 172.16.3.99
ip dhcp excluded-address 172.16.3.200 172.16.3.254
ip dhcp pool SFGallery172
import all
network 172.16.0.0 255.255.252.0
domain-name xxxxxxxxxxxx
dns-server 10.10.10.10
default-router 10.10.10.94
netbios-name-server 10.10.10.10
ip domain name gpgallery.com
ip name-server 10.10.10.10
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip name-server 10.10.10.80
multilink bundle-name authenticated
crypto pki token default removal timeout 0
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name [email protected]
revocation-check crl
crypto pki trustpoint SFGallery_Certificate
enrollment selfsigned
serial-number none
ip-address none
revocation-check crl
rsakeypair SFGallery_Certificate_RSAKey 512
crypto pki certificate chain test_trustpoint_config_created_for_sdm
crypto pki certificate chain SFGallery_Certificate
certificate self-signed 01
xxxxxx
quit
license udi pid CISCO2911/K9 sn FTX1542AKJ3
license boot module c2900 technology-package securityk9
license boot module c2900 technology-package datak9
hw-module sm 1
object-group network Corp
172.16.4.0 255.255.252.0
10.10.10.128 255.255.255.224
object-group network SFGallery
172.16.0.0 255.255.252.0
10.10.10.0 255.255.255.128
object-group network NY
10.10.10.160 255.255.255.224
172.16.16.0 255.255.252.0
object-group network GPAll
group-object SFGallery
group-object NY
group-object Corp
username xxx
username xxx
username xxx
username xxx
redundancy
no ip ftp passive
ip ssh version 1
class-map type inspect match-all CCP_SSLVPN
match access-group name CCP_IP
policy-map type inspect ccp-sslvpn-pol
class type inspect CCP_SSLVPN
pass
zone security sslvpn-zone
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key TempVPN1# address xx.xx.xx.xx
crypto isakmp client configuration group SFGallery
key Peters2011
dns 10.10.10.10 10.10.10.80
wins 10.10.10.10 10.10.10.80
domain gpgallery.com
pool SDM_POOL_1
acl 111
save-password
split-dns gpgallery.com
max-users 25
max-logins 3
netmask 255.255.252.0
banner ^CYou are now connected to the Santa Fe Gallery and Corp. ^C
crypto isakmp profile ciscocp-ike-profile-1
match identity group SFGallery
client authentication list ciscocp_vpn_xauth_ml_3
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 3
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
crypto ipsec profile CiscoCP_Profile1
set security-association idle-time 43200
set transform-set ESP-3DES-SHA3
set isakmp-profile ciscocp-ike-profile-1
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel toxx.xx.xx.xx
set peer xx.xx.xx.xx
set transform-set ESP-3DES-SHA1
match address 107
reverse-route
interface Loopback1
ip address 192.168.5.1 255.255.255.0
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description T1 Cybermesa$ETH-WAN$
ip address xx.xx.xx.xx 255.255.255.240
ip access-group 105 in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map SDM_CMAP_1
interface GigabitEthernet0/1
description LANOverloadNet$ETH-WAN$
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/2
description LAN$ETH-LAN$
ip address 10.10.10.2 255.255.255.128
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/0/0
ip address 192.168.100.1 255.255.255.0
ip access-group ReplicationIN out
duplex auto
speed auto
interface GigabitEthernet1/0
description $ETH-LAN$
ip address 172.16.0.1 255.255.252.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet1/1
description Internal switch interface connected to EtherSwitch Service Module
no ip address
interface Virtual-Template1 type tunnel
ip unnumbered Loopback1
interface Virtual-Template2
ip unnumbered Loopback1
zone-member security sslvpn-zone
interface Virtual-Template3 type tunnel
ip unnumbered GigabitEthernet0/0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
interface Vlan1
no ip address
ip local pool SDM_POOL_1 172.16.3.200 172.16.3.254
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 10
sort-by bytes
cache-timeout 60000
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/0 overload
ip nat inside source route-map SDM_RMAP_4 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.10.10.95 22 xx.xx.xx.xx extendable
ip nat inside source static udp 10.10.10.95 22 xx.xx.xx.xx extendable
ip nat inside source static tcp 10.10.10.95 25 xx.xx.xx.xx extendable
ip nat inside source static udp 10.10.10.95 25 xx.xx.xx.xx 25 extendable
ip nat inside source static tcp 10.10.10.95 80 xx.xx.xx.xx 80 extendable
ip nat inside source static udp 10.10.10.95 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.95 443 xx.xx.xx.xx 443 extendable
ip nat inside source static udp 10.10.10.95 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.30 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.104 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.37 26 xx.xx.xx.xx 25 extendable
ip nat inside source static udp 10.10.10.37 26 xx.xx.xx.xx 25 extendable
ip nat inside source static tcp 10.10.10.115 80 xx.xx.xx.xx 80 extendable
ip nat inside source static tcp 10.10.10.115 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.80 443 xx.xx.xx.xx 443 extendable
ip nat inside source static tcp 10.10.10.47 26 xx.xx.xx.xx 25 extendable
ip nat inside source static udp 10.10.10.47 26 xx.xx.xx.xx 25 extendable
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx permanent
ip route 10.10.10.0 255.255.255.128 GigabitEthernet0/2 10 permanent
ip route 10.10.10.44 255.255.255.255 10.10.10.1 permanent
ip route 10.10.10.128 255.255.255.224 10.10.10.126 permanent
ip route 10.10.10.172 255.255.255.255 10.10.10.3 permanent
ip route 10.10.10.175 255.255.255.255 10.10.10.3 permanent
ip route 10.10.10.177 255.255.255.255 10.10.10.3 permanent
ip route 172.16.4.0 255.255.252.0 10.10.10.126 permanent
ip route 192.168.100.0 255.255.255.0 FastEthernet0/0/0 permanent
ip route 192.168.101.0 255.255.255.0 10.10.10.126 permanent
ip access-list extended CCP_IP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended ReplicationIN
remark CCP_ACL Category=1
permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
deny ip any any
ip access-list extended ReplicationOUT
remark CCP_ACL Category=1
deny ip any any
no logging trap
logging 10.10.10.107
access-list 1 permit 192.168.1.2
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 72.216.51.56 0.0.0.7
access-list 1 permit 172.16.0.0 0.0.3.255
access-list 1 permit 172.16.4.0 0.0.3.255
access-list 1 permit 10.10.10.128 0.0.0.31
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 permit xx.xx.xx.xx 0.0.0.15
access-list 1 permit 10.10.10.0 0.0.0.127
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark CCP_ACL Category=1
access-list 100 permit tcp object-group GPAll object-group NY eq www
access-list 100 permit udp host 10.10.10.10 eq 1645 host 10.10.10.2
access-list 100 permit udp host 10.10.10.10 eq 1646 host 10.10.10.2
access-list 100 permit ip any host 10.10.10.2
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq telnet
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq telnet
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq telnet
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq telnet
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq 22
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq 22
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq 22
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq 22
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq www
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq www
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq www
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq www
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq 443
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq 443
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq 443
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq 443
access-list 100 permit tcp object-group GPAll host 10.10.10.2 eq cmd
access-list 100 permit tcp 172.16.4.0 0.0.3.255 host 10.10.10.2 eq cmd
access-list 100 permit tcp 10.10.10.128 0.0.0.31 host 10.10.10.2 eq cmd
access-list 100 permit tcp 10.10.10.0 0.0.0.127 host 10.10.10.2 eq cmd
access-list 100 deny tcp any host 10.10.10.2 eq telnet
access-list 100 deny tcp any host 10.10.10.2 eq 22
access-list 100 deny tcp any host 10.10.10.2 eq www
access-list 100 deny tcp any host 10.10.10.2 eq 443
access-list 100 deny tcp any host 10.10.10.2 eq cmd
access-list 100 deny udp any host 10.10.10.2 eq snmp
access-list 100 permit udp any eq domain host 10.10.10.2
access-list 100 permit udp host 10.10.10.80 eq domain any
access-list 100 permit udp host 10.10.10.10 eq domain any
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark CCP_ACL Category=1
access-list 101 permit ip 72.216.51.56 0.0.0.7 any
access-list 101 permit ip 172.16.0.0 0.0.3.255 any
access-list 101 permit ip 172.16.4.0 0.0.3.255 any
access-list 101 permit ip 10.10.10.128 0.0.0.31 any
access-list 101 permit ip xx.xx.xx.xx 0.0.0.15 any
access-list 101 permit ip host 192.168.1.2 any
access-list 101 permit ip 10.10.10.0 0.0.0.127 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark CCP_ACL Category=1
access-list 102 permit ip 72.216.51.56 0.0.0.7 any
access-list 102 permit ip 172.16.0.0 0.0.3.255 any
access-list 102 permit ip 172.16.4.0 0.0.3.255 any
access-list 102 permit ip 10.10.10.128 0.0.0.31 any
access-list 102 permit ip xx.xx.xx.xx 0.0.0.15 any
access-list 102 permit ip host 192.168.1.2 any
access-list 102 permit ip 10.10.10.0 0.0.0.127 any
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark CCP_ACL Category=1
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq telnet
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq 22
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq www
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq 443
access-list 103 permit tcp host 192.168.1.2 host 172.16.0.1 eq cmd
access-list 103 deny tcp any host 172.16.0.1 eq telnet
access-list 103 deny tcp any host 172.16.0.1 eq 22
access-list 103 deny tcp any host 172.16.0.1 eq www
access-list 103 deny tcp any host 172.16.0.1 eq 443
access-list 103 deny tcp any host 172.16.0.1 eq cmd
access-list 103 deny udp any host 172.16.0.1 eq snmp
access-list 103 permit ip any any
access-list 104 remark CCP_ACL Category=4
access-list 104 remark IPSec Rule
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 104 permit ip 10.10.10.0 0.0.0.255 10.10.10.160 0.0.0.31
access-list 105 remark Auto generated by SDM Management Access feature
access-list 105 remark CCP_ACL Category=1
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.160 0.0.0.31 10.10.10.128 0.0.0.31
access-list 105 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.160 0.0.0.31 172.16.0.0 0.0.255.255
access-list 105 permit ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 105 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 105 permit ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq telnet
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq 22
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq 22
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq 22
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq www
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq www
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq www
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq 443
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq 443
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq 443
access-list 105 permit tcp 72.216.51.56 0.0.0.7 host xx.xx.xx.xx eq cmd
access-list 105 permit tcp 172.16.0.0 0.0.3.255 host xx.xx.xx.xx eq cmd
access-list 105 permit tcp xx.xx.xx.xx 0.0.0.15 host xx.xx.xx.xx eq cmd
access-list 105 deny tcp any host xx.xx.xx.xx eq telnet
access-list 105 deny tcp any host xx.xx.xx.xx eq 22
access-list 105 deny tcp any host xx.xx.xx.xx eq www
access-list 105 deny tcp any host xx.xx.xx.xx eq 443
access-list 105 deny tcp any host xx.xx.xx.xx eq cmd
access-list 105 deny udp any host xx.xx.xx.xx eq snmp
access-list 105 permit tcp any host xx.xx.xx.xx eq 443
access-list 105 permit ip 10.10.10.160 0.0.0.31 10.10.10.0 0.0.0.127
access-list 105 permit udp any eq domain host xx.xx.xx.xx
access-list 105 permit ahp host 209.101.19.226 host xx.xx.xx.xx
access-list 105 permit esp host 209.101.19.226 host xx.xx.xx.xx
access-list 105 permit udp host 209.101.19.226 host xx.xx.xx.xx eq isakmp
access-list 105 permit udp host 209.101.19.226 host xx.xx.xx.xx eq non500-isakmp
access-list 105 remark IPSec Rule
access-list 105 permit ip 10.10.10.0 0.0.0.127 10.10.10.0 0.0.0.127
access-list 105 permit ip any any
access-list 106 remark CCP_ACL Category=2
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 106 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 106 remark IPSec Rule
access-list 106 deny ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 106 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 106 deny ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 106 deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 106 deny ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 106 remark IPSec Rule
access-list 106 deny ip 10.10.10.0 0.0.0.127 10.10.10.0 0.0.0.127
access-list 106 permit ip 10.10.10.0 0.0.0.255 any
access-list 107 remark CCP_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 107 remark IPSec Rule
access-list 107 permit ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 107 remark IPSec Rule
access-list 107 permit ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 107 permit ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 107 permit ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 107 permit ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 107 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 107 remark IPSec Rule
access-list 107 deny ip 172.16.0.0 0.0.255.255 host 10.10.10.177
access-list 108 remark CCP_ACL Category=2
access-list 108 remark IPSec Rule
access-list 108 deny ip 10.10.10.0 0.0.0.255 10.10.10.160 0.0.0.31
access-list 108 permit ip 70.56.215.0 0.0.0.255 any
access-list 109 remark CCP_ACL Category=2
access-list 109 remark IPSec Rule
access-list 109 deny ip 10.10.10.128 0.0.0.31 10.10.10.160 0.0.0.31
access-list 109 remark IPSec Rule
access-list 109 deny ip 10.10.10.0 0.0.0.127 10.10.10.160 0.0.0.31
access-list 109 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 109 remark IPSec Rule
access-list 109 deny ip 172.16.0.0 0.0.255.255 10.10.10.160 0.0.0.31
access-list 109 deny ip 172.16.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 109 deny ip 172.16.0.0 0.0.255.255 10.10.10.0 0.0.0.255
access-list 109 deny ip 10.10.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 109 permit ip 172.16.0.0 0.0.255.255 any
access-list 111 remark CCP_ACL Category=4
access-list 111 permit ip 10.10.10.0 0.0.0.127 any
access-list 111 permit ip 10.10.10.128 0.0.0.31 any
access-list 111 permit ip 172.16.0.0 0.0.3.255 any
access-list 111 permit ip 172.16.4.0 0.0.3.255 any
access-list 111 permit ip 10.10.10.160 0.0.0.31 any
route-map SDM_RMAP_4 permit 1
match ip address 109
route-map SDM_RMAP_1 permit 1
match ip address 106
route-map SDM_RMAP_2 permit 1
match ip address 108
snmp-server community public RO
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps c3g
snmp-server enable traps ds3
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps mac-notification
snmp-server enable traps bgp
snmp-server enable traps isis
snmp-server enable traps rf
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps ipsla
snmp-server enable traps bfd
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
snmp-server host 10.10.10.107 public
radius-server host 10.10.10.10 key HelloSFGal1#
control-plane
banner login ^CCCWelcome to Santa Fe Gallery Cisco 2911 router 10.10.10.1.^C
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
flowcontrol software
line vty 0 4
access-class 102 in
transport input telnet
line vty 5 15
access-class 101 in
transport input telnet
scheduler allocate 20000 1000
endThanks so much, Herbert.
As an alternative to what you suggest, what do you think of this? I got it from Cisco's support document, http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094634.shtml
I would delete these lines:
no ip nat inside source static tcp 10.10.10.95 80 [outside IP) 80 extendable
no ip nat inside source static udp 10.10.10.95 80 [outside IP) 80 extendable
no ip nat inside source static tcp 10.10.10.95 443 [outside IP) 443 extendable
no ip nat inside source static udp 10.10.10.95 443 [outside IP) 443 extendable
no ip nat inside source static tcp 10.10.10.30 80 [outside IP) 80 extendable
and replace with these
ip nat inside source static tcp 10.10.10.95 80 [outside IP) 80 route-map nonat extendable
ip nat inside source static udp 10.10.10.95 80 [outside IP) 80 route-map nonat extendable
ip nat inside source static tcp 10.10.10.95 443 [outside IP) 443 route-map nonat extendable
ip nat inside source static udp 10.10.10.95 443 [outside IP) 443 route-map nonat extendable
ip nat inside source static tcp 10.10.10.30 80 [outside IP) 80 route-map nonat extendable
Then add:
access-list 150 deny ip host 10.10.10.95 10.10.10.160 0.0.0.31
access-list 150 deny ip host 10.10.10.95 172.16.8.0 0.0.3.255
access-list 150 deny ip host 10.10.10.130 10.10.10.160 0.0.0.31
access-list 150 deny ip host 10.10.10.130 172.16.8.0 0.0.3.255
access-list 150 permit ip host 10.10.10.95 any
access-list 150 permit ip host 10.10.10.130 any
route-map nonat permit 10
match ip address 150 -
How to access a remote site in dreamweaver
This might seem like a simple question, but i just downloaded DW as a trial, and want to try it out before buying. Now I've done the remote site set up and tested and it says it can connect to my remote site. But I want to now go to the site, log in, and make some changes to the web site pages which are stored there. None of the stuff is stored on my home PC. It's all at the remote site. So how do I edit it? How do I even log in? DW seems intended to work on files on your home PC, and then publish them to a remote site. My problem is it's all ON the remote site.
Hi Nancy,
No, I'm not getting those selections under the file menu. What I've done is go to server, manage servers, and set up a remote server. When I test it it says "dreamweaver connected to your web server succesfully". So I assume that the remote server, at least, is set up properly. I didn't set up a "local site" however. Perhaps that could be it? But those choices are not on the drop-down box, even grayed out. If I click on "open" the box goes to my PC for choices. On the left side it has" My recent documents, desktop, my documents, my network (which doesn't lead anywhere) -
Best Practice for SRST deployment at a remote site
What is the best practice for a SRST deployment at a remote site? Should a separate router such as a 3800 series be deployed for telephony in addition to another router to be deployed for Data? Is there a need for 2 different devices?
Hi Brian,
This is typically done all on one ISR Router at the remote site :)There are two flavors of SRST. Here is the feature comparison;
SRST Fallback
This feature enables routers to provide call-handling support for Cisco Unified IP phones if they lose connection to remote primary, secondary, or tertiary Cisco Unified Communications Manager installations or if the WAN connection is down. When Cisco Unified SRST functionality is provided by Cisco Unified CME, provisioning of phones is automatic and most Cisco Unified CME features are available to the phones during periods of fallback, including hunt-groups, call park and access to Cisco Unity voice messaging services using SCCP protocol. The benefit is that Cisco Unified Communications Manager users will gain access to more features during fallback ****without any additional licensing costs.
Comparison of Cisco Unified SRST and
Cisco Unified CME in SRST Fallback Mode
Cisco Unified CME in SRST Fallback Mode
⢠First supported with Cisco Unified CME 4.0: Cisco IOS Software 12.4(9)T
⢠IP phones re-home to Cisco Unified CME if Cisco Unified Communications Manager fails. CME in SRST allows IP phones to access some advanced Cisco Unified CME telephony features not supported in traditional SRST
⢠Support for up to 240 phones
⢠No support for Cisco VG248 48-Port Analog Phone Gateway registration during fallback
⢠Lack of support for alias command
⢠Support for Cisco Unity® unified messaging at remote sites (Distributed Exchange or Domino)
⢠Support for features such as Pickup Groups, Hunt Groups, Basic Automatic Call Distributor (BACD), Call Park, softkey templates, and paging
⢠Support for Cisco IP Communicator 2.0 with Cisco Unified Video Advantage 2.0 on same computer
⢠No support for secure voice in SRST mode
⢠More complex configuration required
⢠Support for digital signal processor (DSP)-based hardware conferencing
⢠E-911 support with per-phone emergency response location (ERL) assignment for IP phones (Cisco Unified CME 4.1 only)
Cisco Unified SRST
⢠Supported since Cisco Unified SRST 2.0 with Cisco IOS Software 12.2(8)T5
⢠IP phones re-home to SRST router if Cisco Unified Communications Manager fails. SRST allows IP phones to have basic telephony features
⢠Support for up to 720 phones
⢠Support for Cisco VG248 registration during fallback
⢠Support for alias command
⢠Lack of support for features such as Pickup Groups, Hunt Groups, Call Park, and BACD
⢠No support for Cisco IP Communicator 2.0 with Cisco Unified Video Advantage 2.0
⢠Support for secure voice during SRST fallback
⢠Simple, one-time configuration for SRST fallback service
⢠No per-phone emergency response location (ERL) assignment for SCCP Phones (E911 is a new feature supported in SRST 4.1)
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps2169/prod_qas0900aecd8028d113.html
These SRST hardware based restrictions are very similar to the number of supported phones with CME. Here is the actual breakdown;
Cisco 880 SRST Series Integrated Services Router
Up to 4 phones
Cisco 1861 Integrated Services Router
Up to 8 phones
Cisco 2801 Integrated Services Router
Up to 25 phones
Cisco 2811 Integrated Services Router
Up to 35 phones
Cisco 2821 Integrated Services Router
Up to 50 phones
Cisco 2851 Integrated Services Router
Up to 100 phones
Cisco 3825 Integrated Services Router
Up to 350 phones
Cisco Catalyst® 6500 Series Communications Media Module (CMM)
Up to 480 phones
Cisco 3845 Integrated Services Router
Up to 730 phones
*The number of phones supported by SRST have been changed to multiples of 5 starting with Cisco IOS Software Release 12.4(15)T3.
From this excellent doc;
http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/vcallcon/ps2169/data_sheet_c78-485221.html
Hope this helps!
Rob -
"Configuration Manager cannot connect to the site" after site update from SP1 to R2
Our dev SCCM environment only has a single primary site with a remote SQL database. Initially, the dev primary site had SP1 Beta (5.00.7782.1000) installed but as everyone is aware there is no upgrade path available to SP1 or R2 from Beta; so, we uninstalled
the site and removed the database, re-installed SP1 non-Beta (5.00.7804.1000), then proceeded to update all devices with the latest client agent. Afterwards, we attempted to upgrade the site from SP1 non-Beta (5.00.7804.1000) to R2 (5.00.7958.1000).
All seemed well until we attempt to open the Configuration Manager console and we get the following error message:
Configuration Manager cannot connect to the site (Site Name)
The Configuration Manager Administrator console could not connect to the Configuration Manager site database. Verify the version of the console is compatible with the version of the site server you are connecting to and then try to connect again.
So we tried reinstalling the console directly from here...
"C:\Program Files\Microsoft Configuration Manager\tools\ConsoleSetup\AdminConsole.msi"
still the same error message persisted, so we tried installing it from here...
"C:\Program Files\Microsoft Configuration Manager\tools\ConsoleSetup\ConsoleSetup.exe"
still the same error message persisted, so then we tried installing it directly from the R2 (5.00.7958.1000) installation media, and afterwards the same error message persisted....
All along, we were checking the AdminConsole log from here:
"C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\AdminUILog\SmsAdminUI.log"
Here are the contents:
[4, PID:4836][04/22/2014 15:21:10] :Property: 'Features'\r\nSystem.Management.ManagementException\r\nNot found \r\n at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
at System.Management.PropertyData.RefreshPropertyInfo()
at System.Management.PropertyDataCollection.get_Item(String propertyName)
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlResultObjectBase.get_Item(String name)\r\nManagementException details:
[4, PID:4836][04/22/2014 15:21:10] :ReadExtraProperties: Failed to initialize extra properties
[4, PID:4836][04/22/2014 15:21:11] :Transport error; failed to connect, message: 'The Configuration Manager Administrator console could not connect to the Configuration Manager site database. Verify the version of the console is compatible with the version
of the site server you are connecting to and then try to connect again.'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.SmsConnectionWithDetailException\r\nThe Configuration Manager Administrator console could not connect to the Configuration Manager
site database. Verify the version of the console is compatible with the version of the site server you are connecting to and then try to connect again.\r\n at Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.ValidateConnectionParameters(ConnectionManagerBase
connection)
at Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.GetConnectionManagerInstance(String connectionManagerInstance)\r\nNo details are available for this error.\r\n
Once again, we validated we could connect to the SQL database from this box, and that the console was at the same version as the site. Any help or guidance with getting our access to the console restored after the SP1 to R2 upgrade would be greatly
appreciated.From the Primary Site Server, I tried uninstalling the Admin Console and re-installing using:
consolesetup.exe /q TargetDir="%ProgramFiles%\Microsoft Configuration Manager" EnableSQM=0 DefaultSiteServerName=<SiteServerName>
Of course replacing <SiteServerName> with the FQDN of my Primary Site Server. Console installed successfully however the same error message persists.
Also tried installing the console on a clean Windows Server 2008 R2 installation. I tried it from the R2 (5.00.7958.1000) installation media, from the "C:\Program Files\Microsoft Configuration Manager\tools\ConsoleSetup\" both without any luck, the
same error message persists. I verified I could ping the FQDN of the site server also, and that the firewall between the two permits communication over the ports listed here: http://technet.microsoft.com/en-us/library/hh427328.aspx
Any help would be greatly appreciated. -
WLC 5508 and remote site (DMVPN) Access Points
Hi All,
We just purchased a WLC 5508 and would like to know if it will control remote VPN site Access Points. Here are the details:
The 5508 will live at our home office. We have multiple remote sites that are connected via Cisco's DMVPN. Each site has one Cisco 1131 Access Point hanging off of either a Cisco 1841 or a 2811 that is using DMVPN back to the home office 2811. Can the 5508 manage the remote Access Points?
Thanks for your help guys!Are you are talking about OfficeExtend?
Cisco OfficeExtend
https://www.cisco.com/en/US/solutions/collateral/ns340/ns517/ns430/solution_overview_c22-523307_ns348_Networking_Solution_Solution_Overview.html
OfficeExtend supports 1130 & 1140 as long as you have the Wireless PLUS (WPLUS) Software.
OfficeExtend Access Point
http://www.cisco.com/en/US/docs/wireless/wcs/6.0/configuration/guide/6_0apcfg.html#wp1069890 -
Dreamweaver cannot upload files larger than 2gb to remote site
I am uploading a set of large video files to a remote site at the University of Connecticut. I have no problem doing this through Cyberduck. I can also upload (put) files to the through Dreamweaver provided that the files are smaller than 2gb. Dreamweaver gives me the following type of error:
WorkArea\VideosUnclipped\100ASL\sara\signs\XX20140703a0789.MOV - error occurred - An HTTP error occurred - cannot put XX20140703a0789.MOV. Access denied. The file may not exist, or there could be a permission problem.
File activity incomplete. 1 file(s) or folder(s) were not completed.
Files with errors: 1
WorkArea\VideosUnclipped\100ASL\sara\signs\XX20140703a0789.MOV
Finished: 7/16/2014 5:31 PM
Since Cyberduck is successful, but Dreamweaver is not, this looks like a problem with Dreamweaver. I would prefer to use Dreamweaver because i am more comfortable with the interface.
I am using dreamweaver cs6Hello,
first, my knowledge is, the limit depends all on your hosting. FTP client is just the middleman. Please go into contact with your provider.
On the other hand it's well known, that in all these cases you describe I'm not a friend of a detailed troubleshooting. To be able to be independent in all this things It is one of the reasons why I prefer an external FTP program. The difficulties with which you have to fight encourage me in this opinion, not least because we always search for experts, we don't charge a "jack of all trades".
To manage several websites or to upload my files and sometimes for the opposite way, for a necessary download from my server or to use a "a site-wide synch", I'm using FileZilla. It simply looks easier for me to keep track of all operations precisely and generate or reflect easily the desired tree structure.
Above all, FileZilla has a feature (translation from my German FileZilla) called "compare file list". Here it's possible to use file size or modification time as a criterion. There is also the possibility to "hide identical files", so that only these files which you want to redact remain visible.
And even if it means you have to install a new program, I am convinced that there is an advantage. Here is the link to get it and where you can read informations about how it works:
http://filezilla-project.org/ and http://wiki.filezilla-project.org/Tutorial#Using_the_site_manager
Mac: Mac OS X (Use: Show additional download options)
http://filezilla-project.org/download.php
Of course, you also need all the access data to reach your server and for MIME issues, you should contact your web host/provider.
Good luck!
Hans-Günter
P.S.
Since I use two screens, the whole thing became even more comfortable. -
Site views differently on Remote Site
Using DW CS4
Ok, fairly new to DW as you will see... All images/scripts etc... have paths to my local folders with those files but when I publish it to the remote site, I view the source code and the paths still show the local path i.e. C:\Document & Sitings instead of a remote path and of course, the web page looks nothing like how I designed it.
How do I get that to change for all my web pages so my site views like it does on my local computer. I can't seem to find how to change it to a remote path.
Thanks,
DTdeezturner wrote:
I've checked and can not locate how to change the properties to see the
working folder? I know I'm probably over-looking it but again, I don't
use DW much. Sorry!
Top Menu Bar:
SITE > MANAGE SITES > select your site from the list.
If there is nothing there, then you haen't declared a site definition :-) You need to select NEW and create a new one with it pointing to your working files.
All the site content resides under NWSTEST folder on the webserver. The
source code shows the local path as you will see.
Yep, all the links are pointing to your hard drive... you need to fix the site definition.
Defining a site helps Dreamweaver track and organize the files used in this site.
http://kb.adobe.com/selfservice/viewContent.do?externalId=tn_14028
Nadia
Adobe Community Expert : Dreamweaver
Unique CSS Templates | Tutorials | SEO Articles
http://www.DreamweaverResources.com
Web Design & Development
http://www.perrelink.com.au
http://twitter.com/nadiap
Maybe you are looking for
-
Going to a particular part of a song
I looked in the help and forums but cannot figure out to "fast forward" thru a song to get to the part where I want to get without waiting thru it. Once I have waited thru it once I can go back to the point where I actually want to get, but if the so
-
I plug in my iphone to my computer and it doesnt do anything- doesnt charge on the computer or connect to itunes. how can i fix this?
-
GUI_DOWNLOAD in foreign language(Korean Language)
Hi All, This is in regards with FM 'GUI_DOWNLOAD'. We are on 4.7 with logon language as English.We have created a ALV report which has ALV output and has column value in Korean language like customer name, address etc.The ALV shows correct Korean lan
-
Please help, can't run iTunes
I last used my iTunes on Monday with no problem. When i tried to use today the message "iTunes cannot run because it has detected a problem with your audio configuration" came up. The same message appears when i connect my iPod. I have uninstalled iT
-
Maintain Subscreen for Coding Block
Dear Guys I have a requirement to create a subscreen for a FI transaction. I know that this can be done using OXK1. I have already created a subscreen. But I want to know that how can I link that subscreen with a particular Transaction. e.g I have ma