WRVS4400N & GRE

Hi guys.
I've got an issue that has me tearing what little hair I have left out.
In my WRVS4400N router I have enabled PPTP passthrough & configured a PPTP server on my Windows server. I then created a couple of ACLs in the router. First off at the very bottom I created one that denies all traffic coming from the WAN to the LAN. Above that I selected the preconfigured PPTP service and allowed that coming from the WAN to the LAN & to the IP of my PPTP server. I've then setup the port forwarding and tested that they are working perfectly fine.
If I try to connect from anywhere it won't connect and in the ACL logs I get a single entry that has allowed the incoming connection on port 1723 followed by approx 10 entries that say 
"Jul 15 16:49:56 - [Access Log ] Deny GRE Packet - SOURCE IP --> MY PPTP SERVER IP"
If I turn around and disable the last ACL (Block All) it works perfectly. For the life of me I can't find in the ACL list, GRE. Am I missing something here? Is it called something else in the list? Is there a way for me to add it? I can only see how to add ports, not protocols. 
Any help would very much be appreciated so thanks in advance.

Nobody got any ideas? This is driving me nuts trying to get this working.

Similar Messages

  • WRVS4400N - Logging and Email Alerts when I use a VPN client - Firmware bug?

    Hi folks -
    I've got a problem with my WRVS4400N that has been dogging me for a long time now, and I'm finally fed up with the email alerts.
    My wife has a VPN client for her work, on her laptop.  It is nothing fancy, normal IPSec VPN, details on it I can get if needed, but it's just VPN.
    My WRVS4400N is running 1.1.03 firmware, latest on the site.  I have all VPN pass-throughs enabled.  VPN connectivity for the wife works great, no problems that I'm aware of for her functionally.
    The problem is, that I have logging turned on with email alerts.  When my wife uses her VPN connection, I get flooded with alerts from the router with all sorts of goobly goo information.  It's almost like there is a bug in the router firmware that is parsing information incorrectly. 
    Log levels are set to 0,1,2,3.  Email alerts enabled.  DoS threshold is 50, Log Queue is 100, Log Time is 60.  SMTP information for my mail server populated of course, and Local Log enabled.
    Below is a sample of the email body that gets sent.  My wife has been using her VPN connection for about 3 hours tonight, and already I've been flooded with over 1000 emails.
    Here's some body content:
    Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LEN05 CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LEN07 CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENH CID=054619136 Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LEN† CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENy CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENX CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENq CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENv8 CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENW9 CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LEN† CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENy CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENX CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENq CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LEN@3 CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENQ1 CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENX CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENq CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENX CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENq CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LEN` CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENu CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENf CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENq CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENf CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENq CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LEN20 CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LEN43 CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LEN† CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENy CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENX CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENq CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENX CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENq CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENb CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENu CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENH CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LEN=CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENI CID=054619136 Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENI CID=054619136Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENE CID777216Jan 5 22:28:21 - CTÃ8314c0, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENE CID777216Jan 5 22:28:24 - CTÃ831e60, MasterÁceab60, DIR=w GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LEN@3 CID=054619136 Jan 5 22:28:24 - CTÃ831e60, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LEN@3 CID=054619136Jan 5 22:28:24 - CTÃ831e60, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENQ1 CID777216Jan 5 22:28:24 - CTÃ831e60, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENX CID=054619136Jan 5 22:28:24 - CTÃ831e60, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENq CID777216Jan 5 22:28:24 - CTÃ831e60, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LENX CID=054619136Jan 5 22:28:24 - CTÃ831e60, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 71.70.237.8 PRˆ0B LENq CID777216Jan 5 22:28:24 - CTÃ831e60, MasterÁceab60, DIR=iginal GRE: 192.168.0.206 -> 216.27.6.31 PRˆ0B LEN` CID=054619136
    Jan 5 22:28:24 - CTÃ831e60, MasterÁceab60, DIR=ply GRE: 216.27.6.31 -> 7
    Does anyone have any ideas?  This seems like a code bug to me, but how do I go about reporting to Linksys?
    Of course, I can turn off email alerts, but then that defeats the purpose of the router being able to tell me when something is awry.
    Any help would be appreciated!
    Thanks,
    Jesse T.

    hay,
    Nobody can test this?
    nobody has a 5520?

  • VPN connection to WRVS4400N using a Samsung Galaxy tablet

    I have a Samsung Galaxy 10.1 tablet and have bee trying to connect to my WRVS4400N router with VPN through the "on board" software as well as with the Any Connect software from Cisco.  I have no issues at the moment using Quick VPN from my laptop.
    When using the Any Connect software I receive the following messages:
    Security warning: untrusted certificate
    AnyConnect cannot verify the identity of <IP address>.  Would you like to continue anyway?
    - Certificate does not match the server name.
    - Certificate is from an untrusted source.
    - Certificate is not identified for this purpose
    [Accept]  [Details]  [Cancel]
    If I select accept, the following error is received:
    "Error:  Connection attempt has failed due to server communication errors.  Please retry the connection".
    I have tried setting up the on board VPN with the Samsug Galaxy but every attempt has resulted in a time-out of the connection.
    Any assistance would be greatly appreciated.  Thanks.

    Hi Blair,
    The WRVS4400N only works with the QVPN software. The only small business router at this current time works with the Cisco any connect vpn is the SA500 series routers.
    I hope this helps.....
    Thanks,
    Tori Woods
    Cisco Support Engineer
    CCNA, CCNA Wireless

  • Dynamin VPN/GRE can't ping other side of tunnel

    I am new at this VPN stuff and tryiong to setup a GRE Dynamic IP VPN between my offfice and home.  Here is what I ahve done thus far:
    OFFICE
    interface Tunnel0
    ip address 172.30.1.1 255.255.255.252
    no ip redirects
    ip mtu 1400
    ip nhrp map multicast dynamic
    ip nhrp network-id 1
    ip tcp adjust-mss 1360
    tunnel source FastEthernet0/0
    tunnel mode gre multipoint
    tunnel key 1
    interface FastEthernet0/0
    ip address 40.197.68.9 255.255.255.248
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    HOME
    interface Tunnel0
    ip address 172.30.1.2 255.255.255.252
    ip mtu 1400
    ip nhrp map multicast 40.197.68.9
    ip nhrp map 172.30.1.1 40.197.68.9
    ip nhrp network-id 1
    ip nhrp nhs 172.30.1.1
    ip tcp adjust-mss 1360
    tunnel source GigabitEthernet0/0
    tunnel destination 40.197.68.9
    tunnel key 1
    interface GigabitEthernet0/0
    description Router
    ip address 192.168.30.1 255.255.255.252
    duplex auto
    speed auto
    When I ping 172.30.1.1 from the HOME router, I get 0/5 success.  Not good!  I have not setup any IPSec yet.
    Results for HOME router
    show ip nhrp nhs detail
    Legend: E=Expecting replies, R=Responding, W=Waiting
    Tunnel0:
    172.30.1.1   E priority = 0 cluster = 0  req-sent 53  req-failed 0  repl-recv 0
    sh int t0
    Tunnel0 is up, line protocol is up
      Hardware is Tunnel
      Internet address is 172.30.1.2/30
      MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation TUNNEL, loopback not set
      Keepalive not set
      Tunnel source 192.168.30.1 (GigabitEthernet0/0), destination 40.197.68.9
       Tunnel Subblocks:
          src-track:
             Tunnel0 source tracking subblock associated with GigabitEthernet0/0
              Set of tunnels with source GigabitEthernet0/0, 1 member (includes iterators), on interface <OK>
      Tunnel protocol/transport GRE/IP
        Key 0x1, sequencing disabled
        Checksumming of packets disabled
      Tunnel TTL 255, Fast tunneling enabled
      Tunnel transport MTU 1472 bytes
      Tunnel transmit bandwidth 8000 (kbps)
      Tunnel receive bandwidth 8000 (kbps)
      Last input 00:40:28, output 00:00:25, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/0 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         0 packets input, 0 bytes, 0 no buffer
         Received 0 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         106 packets output, 12612 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 output buffer failures, 0 output buffers swapped out
    sh ip route
    Gateway of last resort is 192.168.30.2 to network 0.0.0.0
    S*    0.0.0.0/0 [1/0] via 192.168.30.2
          10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
    C        10.110.0.0/24 is directly connected, GigabitEthernet0/1.110
    L        10.110.0.1/32 is directly connected, GigabitEthernet0/1.110
    C        10.115.0.0/24 is directly connected, GigabitEthernet0/1.115
    L        10.115.0.1/32 is directly connected, GigabitEthernet0/1.115
          172.16.0.0/30 is subnetted, 1 subnets
    S        172.16.2.0 [1/0] via 192.168.30.6
          172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
    C        172.30.1.0/30 is directly connected, Tunnel0
    L        172.30.1.2/32 is directly connected, Tunnel0
    S     192.168.2.0/24 is directly connected, GigabitEthernet0/0
    S     192.168.10.0/24 is directly connected, GigabitEthernet0/0
          192.168.30.0/24 is variably subnetted, 4 subnets, 2 masks
    C        192.168.30.0/30 is directly connected, GigabitEthernet0/0
    L        192.168.30.1/32 is directly connected, GigabitEthernet0/0
    C        192.168.30.4/30 is directly connected, GigabitEthernet0/1.30
    L        192.168.30.5/32 is directly connected, GigabitEthernet0/1.30
    S     192.168.50.0/24 [1/0] via 192.168.30.6
          192.168.69.0/24 is variably subnetted, 2 subnets, 2 masks
    C        192.168.69.0/24 is directly connected, GigabitEthernet0/1.69
    L        192.168.69.3/32 is directly connected, GigabitEthernet0/1.69
    S     192.168.100.0/24 [1/0] via 192.168.30.6
    S     192.168.125.0/24 [1/0] via 192.168.30.6
    S     192.168.200.0/24 [1/0] via 192.168.30.6
    sh dmvpn
    Interface: Tunnel0, IPv4 NHRP Details
    Type:Spoke, NHRP Peers:1,
    # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
         1    50.197.68.90      172.30.1.1  NHRP 02:30:17     S
    Results for OFFICE router
    show ip nhrp nhs detail
    sh dmvpn
    sh int t0
    Tunnel0 is up, line protocol is up
      Hardware is Tunnel
      Internet address is 172.30.1.1/30
      MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation TUNNEL, loopback not set
      Keepalive not set
      Tunnel source 40.197.68.9 (FastEthernet0/0)
       Tunnel Subblocks:
          src-track:
             Tunnel0 source tracking subblock associated with FastEthernet0/0
              Set of tunnels with source FastEthernet0/0, 1 member (includes iterators), on interface <OK>
      Tunnel protocol/transport multi-GRE/IP
        Key 0x1, sequencing disabled
        Checksumming of packets disabled
      Tunnel TTL 255, Fast tunneling enabled
      Tunnel transport MTU 1472 bytes
      Tunnel transmit bandwidth 8000 (kbps)
      Tunnel receive bandwidth 8000 (kbps)
      Last input 00:43:56, output never, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/0 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         0 packets input, 0 bytes, 0 no buffer
         Received 0 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         0 packets output, 0 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 output buffer failures, 0 output buffers swapped out
    show ip route
    S*    0.0.0.0/0 [1/0] via 40.197.68.94
          40.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
    C        40.197.68.8/29 is directly connected, FastEthernet0/0
    L        40.197.68.9/32 is directly connected, FastEthernet0/0
          172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
    C        172.30.1.0/30 is directly connected, Tunnel0
    L        172.30.1.1/32 is directly connected, Tunnel0
    S     192.168.2.0/24 [1/0] via 192.168.10.5
          192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
    C        192.168.10.0/24 is directly connected, FastEthernet0/1
    L        192.168.10.1/32 is directly connected, FastEthernet0/1
    S     192.168.69.0/24 is directly connected, FastEthernet0/0
    Why can't Io ping from the HOME router to the OFFICE router?

    I fugured this problem out.  I needed to setup PKI/IKE and once that was done on both routers, my tunned now passes some data.

  • Vpn WRVS4400N problem

    hi, i have at my home a WRVS4400N. before i updated the firmware on my router i was able to establish a vpn with my friend. i did a reset to factory default has included in the firmware note. here is my current vpn config:
    WRVS4400N (client of vpn)
    local group setup
    ---gateway type: IP only
    ---IP: XXX XXX XXX XXX (yeah censored)
    ---local security group: subnet
    ---IP address: 192.168.3.1
    ---subnet mask 255.255.255.0
    remote group setup
    ---gateway type: IP only
    ---IP address: XXX XXX XXX XXX (again censored)
    ---remote security type: subnet
    ---IP address: 192.168.2.0
    ---subnet mask: 255.255.255.0
    IPsec setup
    ---keying mode: IKE with preshared key
    Phase1
    ---Encryption: 3DES
    ---Authentication: SHA1
    ---Group: 768 bit
    ---key lifetime: 3600 Sec.
    Phase2
    ---encryption: 3DES
    ---Authentication: SHA1
    ---Perfect forward secrecy: Disable
    ---Preshared key: (censored)
    ---group: 768-bit
    ---key lifetime: 3600 sec.
    my friend BEFVP41 (host of vpn)
    local security group:
    ---subnet IP: 192.168.2.0
    ---mask: 255.255.255.0
    remote secure group:
    ---subnet IP: 192.168.3.1
    ---mask: 255.255.255.0
    remote security gateway: Any
    ---encryption: 3DES
    ---Authentication: SHA
    ---key management: Auto.(IKE)
    ---PFS: Not selected
    ---pre-shared key (censored)
    ---key lifetime 3600 sec.
    too bad the VPN log isnt verbose enough. i cant figure out why i cant establish a vpn link. thnx.
    Message Edited by sebas on 02-08-2008 09:32 PM
    Message Edited by sebas on 02-08-2008 09:32 PM
    Message Edited by sebas on 02-08-2008 09:33 PM

    any hint plz? also when is the next firmware release planned?

  • WRVS4400N DNS Options for Open VNS Using Static DNS

    How can I get an ip address automatically from my ISP, but set a static DNS ip address for using Open DNS service? This can be done on many other routers including the Linksys home routers. Why doesnt it exist on WRVS4400N?

    I was doing some reaserch on this router, notice the routers RV series are the ones that had this feature, however in the WRVS  series this option does not exist, you can get a RV series router and use the WRVS as a access point in order to get your wireless sinal.

  • Generic GRE not working (ver 4.1.3.55)

    Hi everybody.
    I'm testing in Lab a configuration for one customer.
    It's a basic environment with :
    DATA CENTER (wccp)
    1 WAEs 7341 and 1 Cat6506 routers
    BRANCH (inline)
    1 WAE 574.
    Optimization works with l2-redirect and gre return in DATA CENTER !!
    It does not work with egress-method generic-gre inteception-method wccp.
    This is the problem that i can see with " show wccp gre" on the 7341..
    " Packets received on a disabled service: 667790".
    I read some manuals but...
    I don't understand .. The service 61 and 62 works !!
    So any idea ?
    Thanks a lot to everybody
    Vittorio

    Hy and thanks to be interested.
    That's the output you ask :
    WAE-DC-01#sh egress-methods
    Intercept method : WCCP
    TCP Promiscuous 61 :
    WCCP negotiated return method : WCCP GRE
    Egress Method Egress Method
    Destination Configured Used
    any Generic GRE Generic GRE
    TCP Promiscuous 62 :
    WCCP negotiated return method : WCCP GRE
    Egress Method Egress Method
    Destination Configured Used
    any Generic GRE Generic GRE
    Intercept method : Generic L2
    Egress Method Egress Method
    Destination Configured Used
    any not configurable IP Forwarding
    And here there is another useful :
    WAE-DC-01#sh wccp gre
    Transparent GRE packets received: 52082
    Transparent non-GRE packets received: 0
    Transparent non-GRE non-WCCP packets received: 0
    Total packets accepted: 0
    Invalid packets received: 0
    Packets received with invalid service: 0
    Packets received on a disabled service: 50118
    Packets received too small: 1964
    Packets dropped due to zero TTL: 0
    Packets dropped due to bad buckets: 0
    Packets dropped due to no redirect address: 0
    Packets dropped due to loopback redirect: 0
    Pass-through pkts dropped on assignment update:0
    Connections bypassed due to load: 0
    Packets sent back to router: 50118
    GRE packets sent to router (not bypass): 0
    Packets sent to another WAE: 0
    GRE fragments redirected: 28770
    GRE encapsulated fragments received: 0
    Packets failed encapsulated reassembly: 0
    Packets failed GRE encapsulation: 0
    Packets dropped due to invalid fwd method: 0
    Packets dropped due to insufficient memory: 0
    Packets bypassed, no pending connection: 0
    Packets due to clean wccp shutdown: 0
    Packets bypassed due to bypass-list lookup: 0
    Conditionally Accepted connections: 0
    Conditionally Bypassed connections: 0
    L2 Bypass packets destined for loopback: 0
    Packets w/WCCP GRE received too small: 0
    Packets dropped due to received on loopback: 0
    Packets dropped due to IP access-list deny: 0
    Packets fragmented for bypass: 28770
    Packets fragmented for egress: 0
    Packet pullups needed: 57543
    Packets dropped due to no route found: 0
    Any new idea ?
    Thanks
    Vittorio

  • Confused how to set-up a PC & laptop with Cisco WRVS4400N VPN for home use

    Just bought a new PC and laptop and was recommended by (CDW) to use a Cisco WRVS4400N to set up the VPN.
    For home use, only the PC and laptop, both running Windows 7.  I use Comcast as my ISP.
    The mountains of docs confuses me to no end, can anyone simplify this for me.  I look at all the details and do not know where to start.
    In short,
    (1) configure router to recognize my PC and Comcast, and I guess the laptop.
    (2) configure laptop to go wireless and communicate with PC.
    Any assistance would be much appreciated.
    Thanks,
    Terry

    For a very small office and a minimum of admin and tech know how, one approach i'd suggest is to not worry about user id collisions at all. any time anyone wants to use a mac you just set them up as a user, using consistent names/passwords.
    Have a "Work" volume on each mac that has "ignore ownership on this volume" ticked. that way UID collisions aren't important.
    You can make a Desktop folder on the Work volume and make a SYMBOLIC LINK from every user's home that replaces their desktop with the desktop folder on the Work volume.
    Make it known that the user's home is for personal stuff ONLY, and the Work volume (inc the desktop) is where work in progress lives.
    At a later date with some confidence in your network and your admin skills you could impose consistent UIDs using an OD master

  • Help! Have a Linksys Router WRVS4400N, Ipad and Desktop doesn't get internet at same time. Just one of the other. How do I internet on both? Thx!

    HELP! How do I get wireless internet on both my Ipad and Desktop? Have Linksys Router WRVS4400N. Only 1 device will work at 1 time. Something about a Learn MAC address? What should I do? Thanks! Tiggergirl

    Good morning
    Hi Kathy,  my name is Johnnatan and I am part of the Small business Support community.
    If you have an old firmware it would be a good idea to go out to Cisco.com and see if there is any firmware updates. I have looked on the site for you and I see the latest firmware is:2.0.2.1
    http://www.cisco.com/cisco/software/release.html?mdfid=282414016&softwareid=282487380&release=2.0.1.3&rellifecycle=&relind=AVAILABLE&reltype=all
    You can also try to reset your device to its factory settings, to reset your router please take a object that has a point and hold the reset button in on the back for "atleast" 30 seconds until the lights on the front to start flashing.
    About Mac address, you can map a Static IP with a specific mac address, You can folllow these steps in order to configure it.
    http://www6.nohold.net/CiscoSB/Loginr.aspx?login=1&pid=4&app=search&vw=1&articleid=1272
    Thanks,
    I hope you find this answer useful,if it was satisfactory  for you, please mark the question as Answered.
    Greetings,
    Johnnatan Rodriguez Miranda.
    Cisco network support engineer.

  • How to tell if GRE traffic is encrypted or not?

                       Hi Everyone
    Site A 
    Device A  has VPN Tunnel to
    Site B  Device B  over Wan link.
    Note Here Device A and B are end device and connect to ISP and do the encryption
    Site A  Device X which is internal device has simple GRE tunnel to Site Bs  internal device.
    My question is how can i find that this GRE tunnel gets encrypted at Device A or not?
    Currently encryption is only at Device A and B
    Thanks
    Mahesh

    Have you utilized some of the "show" and "debug" commands to verify that the IPSec security associations have been created and are in-place?  Some of the "debug" commands can show traffic hitting the crypto map.
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_tech_note09186a00800949c5.shtml#ipsec_sa
    What model routers are Device A and B?  You may be able to use something like RITE to mirror the traffic exiting the interface to a sniffer for a definitive "Doubting Thomas" proof. 
    http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html
    Ed

  • IPsec over GRE not coming up, cant see why, debug inc...

    Hi all,
    Rattling my brains here, as far as i can see everything is fine, it should be working, but for some reason its not, and i cant see anything in the debug thats hinting to the reason why, can anyone help me out with this?
    im normally good at this stuff, but this time its got me!
    the hub config works with many 3 other spokes configured in the same way!
    Thanks for any help guys
    SPOKE
    crypto isakmp policy 10
    encr aes 256
    authentication pre-share
    group 5
    crypto isakmp key xxxxxxxxxxxxxxxxx address xxx.xxx.xxx.xx3
    crypto isakmp keepalive 10 4
    crypto isakmp nat keepalive 30
    crypto ipsec transform-set AES-256_SHA esp-aes 256 esp-sha-hmac
    mode transport
    crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
    mode transport
    crypto ipsec profile GRE_TUNNEL
    set transform-set AES-SHA
    archive
    log config
      hidekeys
    ip ssh version 2
    interface Tunnel1
    bandwidth 100000
    ip address 192.168.100.103 255.255.255.0
    no ip redirects
    ip mtu 1440
    ip nhrp authentication xxxxxx
    ip nhrp map 192.168.100.1 xxx.xxx.xxx.xx3
    ip nhrp map multicast xxx.xxx.xxx.xx3
    ip nhrp network-id 100
    ip nhrp holdtime 450
    ip nhrp nhs 192.168.100.1
    ip tcp adjust-mss 1360
    qos pre-classify
    tunnel source Vlan100
    tunnel mode gre multipoint
    tunnel key 100
    tunnel protection ipsec profile GRE_TUNNEL
    interface ATM0
    no ip address
    shutdown
    no atm ilmi-keepalive
    pvc 1/50
      dialer pool-member 1
      protocol ppp dialer
    dsl operating-mode auto
    interface FastEthernet0
    switchport access vlan 100
    interface FastEthernet1
    switchport access vlan 103
    interface FastEthernet2
    switchport access vlan 103
    interface FastEthernet3
    switchport access vlan 103
    interface Vlan1
    no ip address
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    shutdown
    interface Vlan100
    ip address dhcp
    ip nbar protocol-discovery
    ip nat outside
    ip inspect UserTraffic out
    ip virtual-reassembly
    interface Vlan103
    ip address 192.168.103.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    router eigrp 100
    network 192.168.100.0
    network 192.168.103.0
    auto-summary
    no ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 192.168.1.254
    no ip http server
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list OUTBOUND interface Vlan100 overload
    ip access-list extended INBOUND
    deny   tcp any any eq 22
    deny   tcp any any eq telnet
    permit ip any any
    deny   ip any any
    ip access-list extended OUTBOUND
    permit ip any any
    deny   ip any any
    HUB
    crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp policy 15
    encr 3des
    authentication pre-share
    crypto isakmp policy 20
    encr 3des
    authentication pre-share
    group 2
    lifetime 7800
    crypto isakmp policy 50
    encr aes 256
    authentication pre-share
    group 5
    crypto isakmp key xxxxxxxxxx address 0.0.0.0 0.0.0.0
    crypto isakmp fragmentation
    crypto isakmp keepalive 10 4
    crypto isakmp nat keepalive 30
    crypto ipsec security-association idle-time 7800
    crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
    mode transport
    crypto ipsec transform-set AES_MD5_TUNNEL esp-aes 256 esp-md5-hmac
    crypto ipsec profile DataTunnels
    set transform-set AES-SHA
    interface Tunnel1
    bandwidth 1000
    ip address 192.168.100.1 255.255.255.0
    no ip redirects
    ip mtu 1400
    no ip next-hop-self eigrp 100
    ip nhrp authentication xxxxxxxxxxx
    ip nhrp map multicast dynamic
    ip nhrp network-id 100
    ip nhrp holdtime 450
    ip tcp adjust-mss 1360
    no ip split-horizon eigrp 100
    qos pre-classify
    tunnel source Dialer1
    tunnel mode gre multipoint
    tunnel key 100
    tunnel protection ipsec profile DataTunnels
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    pvc 1/50
      dialer pool-member 1
      protocol ppp dialer
    interface FastEthernet0
    description INTERNAL LAN
    switchport access vlan 201
    interface FastEthernet1
    switchport access vlan 201
    interface FastEthernet2
    switchport access vlan 201
    interface Vlan201
    ip address 192.168.201.254 255.255.255.252
    ip nat inside
    ip virtual-reassembly
    interface Dialer1
    ip address negotiated
    ip access-group INBOUND in
    ip nbar protocol-discovery
    ip nat outside
    ip inspect UserTraffic out
    ip virtual-reassembly
    encapsulation ppp
    ip tcp adjust-mss 1300
    load-interval 30
    no cdp enable
    router eigrp 100
    network 192.168.100.0
    network 192.168.201.0
    redistribute static
    router nhrp
    router odr
    ip nat inside source list OUTBOUND interface Dialer1 overload
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip access-list extended INBOUND
    permit ip 192.168.250.0 0.0.0.15 192.168.101.0 0.0.0.255
    deny   tcp any any eq 22
    deny   tcp any any eq telnet
    permit tcp any host xxx.xxx.xxx.xx3 eq www
    permit tcp any host xxx.xxx.xxx.xx3 eq 443
    permit tcp any host xxx.xxx.xxx.xx3 eq smtp
    permit udp any host xxx.xxx.xxx.xx3 eq isakmp
    permit esp any host xxx.xxx.xxx.xx3
    permit ahp any host xxx.xxx.xxx.xx3
    permit udp any host xxx.xxx.xxx.xx3 eq non500-isakmp
    deny   ip any any
    permit ip any any
    ip access-list extended OUTBOUND
    permit tcp any any eq smtp
    permit tcp any any eq 443
    permit ip 192.168.201.0 0.0.0.255 any
    deny   ip any any
    DEBUG
    CWT-DATA#sh ip nhrp detail
    192.168.100.1/32 via 192.168.100.1, Tunnel1 created 1w5d, never expire
      Type: static, Flags: used
      NBMA address: xxx.xxx.xxx.xx3
    CWT-DATA#sh crypto isakmp sa
    IPv4 Crypto ISAKMP SA
    dst             src             state          conn-id slot status
    xxx.xxx.xxx.xx3     192.168.1.7     MM_NO_STATE       2821    0 ACTIVE (deleted)
    Jul  4 12:53:35.551: ISAKMP:(2822):Sending an IKE IPv4 Packet.
    CWT-DATA#
    Jul  4 12:53:45.553: ISAKMP:(2822): retransmitting phase 1 MM_KEY_EXCH...
    Jul  4 12:53:45.553: ISAKMP:(2822):peer does not do paranoid keepalives.
    Jul  4 12:53:45.553: ISAKMP:(2822):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer xxx.xxx.xxx.xx3)
    Jul  4 12:53:45.553: ISAKMP:(2822):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer xxx.xxx.xxx.xx3)
    Jul  4 12:53:45.553: ISAKMP: Unlocking peer struct 0x835CCCE8 for isadb_mark_sa_deleted(), count 0
    Jul  4 12:53:45.553: ISAKMP: Deleting peer node by peer_reap for xxx.xxx.xxx.xx3: 835CCCE8
    Jul  4 12:53:45.553: ISAKMP:(2822):deleting node -32418685 error FALSE reason "IKE deleted"
    Jul  4 12:53:45.553: ISAKMP:(2822):deleting node 2092182627 error FALSE reason "IKE deleted"
    Jul  4 12:53:45.553: ISAKMP:(2822):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
    Jul  4 12:53:45.553: ISAKMP:(2822):Old State = IKE_I_MM5  New State = IKE_DEST_SA
    Jul  4 12:53:45.585: ISAKMP:(0): SA request profile is (NULL)
    Jul  4 12:53:45.585: ISAKMP: Created a peer struct for xxx.xxx.xxx.xx3, peer port 500
    Jul  4 12:53:45.585: ISAKMP: New peer created peer = 0x835CCCE8 peer_handle = 0x800025C0
    Jul  4 12:53:45.585: ISAKMP: Locking peer struct 0x835CCCE8, refcount 1 for isakmp_initiator
    Jul  4 12:53:45.585: ISAKMP: local port 500, remote port 500
    Jul  4 12:53:45.585: ISAKMP: set new node 0 to QM_IDLE
    Jul  4 12:53:45.585: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 8333DA70
    Jul  4 12:53:45.585: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
    Jul  4 12:53:45.585: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xx3
    Jul  4 12:53:45.585: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
    Jul  4 12:53:45.585: ISAKMP:(0): constructed NAT-T vendor-07 ID
    Jul  4 12:53:45.585: ISAKMP:(0): constructed NAT-T vendor-03 ID
    Jul  4 12:53:45.585: ISAKMP:(0): constructed NAT-T vendor-02 ID
    Jul  4 12:53:45.585: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
    Jul  4 12:53:45.585: ISAKMP:(0):Old State = IKE_READY  New State = IKE_I_MM1
    Jul  4 12:53:45.589: ISAKMP:(0): beginning Main Mode exchange
    Jul  4 12:53:45.589: ISAKMP:(0): sending packet to xxx.xxx.xxx.xx3 my_port 500 peer_port 500 (I) MM_NO_STATE
    Jul  4 12:53:45.589: ISAKMP:(0):Sending an IKE IPv4 Packet.
    Jul  4 12:53:45.653: ISAKMP (0:0): received packet from xxx.xxx.xxx.xx3 dport 500 sport 500 Global (I) MM_NO_STATE
    Jul  4 12:53:45.653: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    Jul  4 12:53:45.653: ISAKMP:(0):Old State = IKE_I_MM1  New State = IKE_I_MM2
    Jul  4 12:53:45.653: ISAKMP:(0): processing SA payload. message ID = 0
    Jul  4 12:53:45.653: ISAKMP:(0): processing vendor id payload
    Jul  4 12:53:45.653: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
    Jul  4 12:53:45.653: ISAKMP (0:0): vendor ID is NAT-T RFC 3947
    Jul  4 12:53:45.653: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xx3
    Jul  4 12:53:45.653: ISAKMP:(0): local preshared key found
    Jul  4 12:53:45.653: ISAKMP : Scanning profiles for xauth ...
    Jul  4 12:53:45.653: ISAKMP:(0):Checking ISAKMP transform 1 against priority 10 policy
    Jul  4 12:53:45.653: ISAKMP:      encryption AES-CBC
    Jul  4 12:53:45.653: ISAKMP:      keylength of 256
    Jul  4 12:53:45.653: ISAKMP:      hash SHA
    Jul  4 12:53:45.653: ISAKMP:      default group 5
    Jul  4 12:53:45.653: ISAKMP:      auth pre-share
    Jul  4 12:53:45.653: ISAKMP:      life type in seconds
    Jul  4 12:53:45.653: ISAKMP:      life duration (VPI) of  0x0 0x1 0x51 0x80
    Jul  4 12:53:45.657: ISAKMP:(0):atts are acceptable. Next payload is 0
    Jul  4 12:53:45.657: ISAKMP:(0):Acceptable atts:actual life: 0
    Jul  4 12:53:45.657: ISAKMP:(0):Acceptable atts:life: 0
    Jul  4 12:53:45.657: ISAKMP:(0):Fill atts in sa vpi_length:4
    Jul  4 12:53:45.657: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
    Jul  4 12:53:45.657: ISAKMP:(0):Returning Actual lifetime: 86400
    Jul  4 12:53:45.657: ISAKMP:(0)::Started lifetime timer: 86400.
    Jul  4 12:53:45.657: ISAKMP:(0): processing vendor id payload
    Jul  4 12:53:45.657: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
    Jul  4 12:53:45.657: ISAKMP (0:0): vendor ID is NAT-T RFC 3947
    Jul  4 12:53:45.657: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    Jul  4 12:53:45.657: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM2
    Jul  4 12:53:45.657: ISAKMP:(0): sending packet to xxx.xxx.xxx.xx3 my_port 500 peer_port 500 (I) MM_SA_SETUP
    Jul  4 12:53:45.657: ISAKMP:(0):Sending an IKE IPv4 Packet.
    Jul  4 12:53:45.661: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    CWT-DATA#
    Jul  4 12:53:45.661: ISAKMP:(0):Old State = IKE_I_MM2  New State = IKE_I_MM3
    Jul  4 12:53:45.813: ISAKMP (0:0): received packet from xxx.xxx.xxx.xx3 dport 500 sport 500 Global (I) MM_SA_SETUP
    Jul  4 12:53:45.817: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
    Jul  4 12:53:45.817: ISAKMP:(0):Old State = IKE_I_MM3  New State = IKE_I_MM4
    Jul  4 12:53:45.817: ISAKMP:(0): processing KE payload. message ID = 0
    Jul  4 12:53:45.989: ISAKMP:(0): processing NONCE payload. message ID = 0
    Jul  4 12:53:45.989: ISAKMP:(0):found peer pre-shared key matching xxx.xxx.xxx.xx3
    Jul  4 12:53:45.993: ISAKMP:(2823): processing vendor id payload
    Jul  4 12:53:45.993: ISAKMP:(2823): vendor ID is Unity
    Jul  4 12:53:45.993: ISAKMP:(2823): processing vendor id payload
    Jul  4 12:53:45.993: ISAKMP:(2823): vendor ID is DPD
    Jul  4 12:53:45.993: ISAKMP:(2823): processing vendor id payload
    Jul  4 12:53:45.993: ISAKMP:(2823): speaking to another IOS box!
    Jul  4 12:53:45.993: ISAKMP:received payload type 20
    Jul  4 12:53:45.993: ISAKMP (0:2823): NAT found, the node inside NAT
    Jul  4 12:53:45.993: ISAKMP:received payload type 20
    Jul  4 12:53:45.993: ISAKMP:(2823):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
    Jul  4 12:53:45.993: ISAKMP:(2823):Old State = IKE_I_MM4  New State = IKE_I_MM4
    Jul  4 12:53:45.993: ISAKMP:(2823):Send initial contact
    Jul  4 12:53:45.993: ISAKMP:(2823):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
    Jul  4 12:53:45.993: ISAKMP (0:2823): ID payload
            next-payload : 8
            type         : 1
            address      : 192.168.1.7
            protocol     : 17
            port         : 0
            length       : 12
    Jul  4 12:53:45.993: ISAKMP:(2823):Total payload length: 12
    Jul  4 12:53:45.997: ISAKMP:(2823): sending packet to xxx.xxx.xxx.xx3 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
    Jul  4 12:53:45.997: ISAKMP:(2823):Sending an IKE IPv4 Packet.
    Jul  4 12:53:45.997: ISAKMP:(2823):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
    CWT-DATA#
    Jul  4 12:53:45.997: ISAKMP:(2823):Old State = IKE_I_MM4  New State = IKE_I_MM5
    CWT-DATA#
    Jul  4 12:53:55.794: ISAKMP (0:2823): received packet from xxx.xxx.xxx.xx3 dport 500 sport 500 Global (I) MM_KEY_EXCH
    Jul  4 12:53:55.794: ISAKMP:(2823): phase 1 packet is a duplicate of a previous packet.
    Jul  4 12:53:55.794: ISAKMP:(2823): retransmitting due to retransmit phase 1
    Jul  4 12:53:56.294: ISAKMP:(2823): retransmitting phase 1 MM_KEY_EXCH...
    Jul  4 12:53:56.294: ISAKMP (0:2823): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
    Jul  4 12:53:56.294: ISAKMP:(2823): retransmitting phase 1 MM_KEY_EXCH
    Jul  4 12:53:56.294: ISAKMP:(2823): sending packet to xxx.xxx.xxx.xx3 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
    CWT-DATA#
    Jul  4 12:53:56.294: ISAKMP:(2823):Sending an IKE IPv4 Packet.
    CWT-DATA#
    Jul  4 12:54:05.795: ISAKMP (0:2823): received packet from xxx.xxx.xxx.xx3 dport 500 sport 500 Global (I) MM_KEY_EXCH
    Jul  4 12:54:05.795: ISAKMP:(2823): phase 1 packet is a duplicate of a previous packet.
    Jul  4 12:54:05.795: ISAKMP:(2823): retransmitting due to retransmit phase 1
    Jul  4 12:54:06.295: ISAKMP:(2823): retransmitting phase 1 MM_KEY_EXCH...
    Jul  4 12:54:06.295: ISAKMP (0:2823): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
    Jul  4 12:54:06.295: ISAKMP:(2823): retransmitting phase 1 MM_KEY_EXCH
    Jul  4 12:54:06.295: ISAKMP:(2823): sending packet to xxx.xxx.xxx.xx3 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
    CWT-DATA#
    Jul  4 12:54:06.295: ISAKMP:(2823):Sending an IKE IPv4 Packet.
    CWT-DATA#
    Jul  4 12:54:15.797: ISAKMP (0:2823): received packet from xxx.xxx.xxx.xx3 dport 500 sport 500 Global (I) MM_KEY_EXCH
    Jul  4 12:54:15.797: ISAKMP:(2823): phase 1 packet is a duplicate of a previous packet.
    Jul  4 12:54:15.797: ISAKMP:(2823): retransmitting due to retransmit phase 1
    Jul  4 12:54:16.297: ISAKMP:(2823): retransmitting phase 1 MM_KEY_EXCH...
    Jul  4 12:54:16.297: ISAKMP (0:2823): incrementing error counter on sa, attempt 3 of 5: retransmit phase 1
    Jul  4 12:54:16.297: ISAKMP:(2823): retransmitting phase 1 MM_KEY_EXCH
    Jul  4 12:54:16.297: ISAKMP:(2823): sending packet to xxx.xxx.xxx.xx3 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
    CWT-DATA#
    Jul  4 12:54:16.297: ISAKMP:(2823):Sending an IKE IPv4 Packet.
    CWT-DATA#
    Jul  4 12:54:19.537: ISAKMP: set new node 0 to QM_IDLE
    Jul  4 12:54:19.537: ISAKMP:(2823):SA is still budding. Attached new ipsec request to it. (local 192.168.1.7, remote xxx.xxx.xxx.xx3)
    Jul  4 12:54:19.537: ISAKMP: Error while processing SA request: Failed to initialize SA
    Jul  4 12:54:19.537: ISAKMP: Error while processing KMI message 0, error 2.
    CWT-DATA#
    Jul  4 12:54:25.794: ISAKMP (0:2823): received packet from xxx.xxx.xxx.xx3 dport 500 sport 500 Global (I) MM_KEY_EXCH
    Jul  4 12:54:25.798: ISAKMP:(2823): phase 1 packet is a duplicate of a previous packet.
    Jul  4 12:54:25.798: ISAKMP:(2823): retransmitting due to retransmit phase 1
    Jul  4 12:54:26.298: ISAKMP:(2823): retransmitting phase 1 MM_KEY_EXCH...
    Jul  4 12:54:26.298: ISAKMP (0:2823): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
    Jul  4 12:54:26.298: ISAKMP:(2823): retransmitting phase 1 MM_KEY_EXCH
    Jul  4 12:54:26.298: ISAKMP:(2823): sending packet to xxx.xxx.xxx.xx3 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
    CWT-DATA#
    Jul  4 12:54:26.298: ISAKMP:(2823):Sending an IKE IPv4 Packet.
    CWT-DATA#
    Jul  4 12:54:35.555: ISAKMP:(2822):purging node -32418685
    Jul  4 12:54:35.555: ISAKMP:(2822):purging node 2092182627
    Jul  4 12:54:35.795: ISAKMP (0:2823): received packet from xxx.xxx.xxx.xx3 dport 500 sport 500 Global (I) MM_KEY_EXCH
    Jul  4 12:54:35.795: ISAKMP:(2823): phase 1 packet is a duplicate of a previous packet.
    Jul  4 12:54:35.795: ISAKMP:(2823): retransmitting due to retransmit phase 1
    Jul  4 12:54:36.295: ISAKMP:(2823): retransmitting phase 1 MM_KEY_EXCH...
    Jul  4 12:54:36.295: ISAKMP (0:2823): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
    Jul  4 12:54:36.295: ISAKMP:(2823): retransmitting phase 1 MM_KEY_EXCH
    CWT-DATA#
    Jul  4 12:54:36.295: ISAKMP:(2823): sending packet to xxx.xxx.xxx.xx3 my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
    Jul  4 12:54:36.295: ISAKMP:(2823):Sending an IKE IPv4 Packet.
    CWT-DATA#no debug all
    All possible debugging has been turned off

    heres the hub debug
    CWCH#
    *Jul  5 11:58:16.208: ISAKMP: set new node 1382820308 to QM_IDLE  
    *Jul  5 11:58:16.208: ISAKMP:(2116): sending packet to xxx.xxx.xxx.10 my_port 4500 peer_port 4500 (R) QM_IDLE
    *Jul  5 11:58:16.208: ISAKMP:(2116):Sending an IKE IPv4 Packet.
    *Jul  5 11:58:16.208: ISAKMP:(2116):purging node 1382820308
    *Jul  5 11:58:16.208: ISAKMP:(2116):Input = IKE_MESG_FROM_IPSEC, IKE_PHASE2_DEL
    *Jul  5 11:58:16.208: ISAKMP:(2116):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    *Jul  5 12:02:47.504: ISAKMP (2120): received packet from xxx.xxx.xxx.10 dport 4500 sport 62560 Global (R) QM_IDLE
    *Jul  5 12:02:47.504: ISAKMP: set new node -146383553 to QM_IDLE  
    *Jul  5 12:02:47.504: ISAKMP:(2120): processing HASH payload. message ID = -146383553
    *Jul  5 12:02:47.504: ISAKMP:(2120): processing NOTIFY DPD/R_U_THERE protocol 1
            spi 0, message ID = -146383553, sa = 0x854A7094
    *Jul  5 12:02:47.504: ISAKMP:(2120):deleting node -146383553 error FALSE reason "Informational (in) state 1"
    *Jul  5 12:02:47.504: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
    *Jul  5 12:02:47.504: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    *Jul  5 12:02:47.504: ISAKMP:(2120):DPD/R_U_THERE received from peer xxx.xxx.xxx.10, sequence 0x63A1AE3C
    *Jul  5 12:02:47.504: ISAKMP: set new node -1398198787 to QM_IDLE 
    *Jul  5 12:02:47.504: ISAKMP:(2120):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
            spi 2242383312, message ID = -1398198787
    *Jul  5 12:02:47.504: ISAKMP:(2120): seq. no 0x63A1AE3C
    *Jul  5 12:02:47.504: ISAKMP:(2120): sending packet to xxx.xxx.xxx.10 my_port 4500 peer_port 62560 (R) QM_IDLE
    *Jul  5 12:02:47.504: ISAKMP:(2120):Sending an IKE IPv4 Packet.
    CWCH#
    *Jul  5 12:02:47.504: ISAKMP:(2120):purging node -1398198787
    *Jul  5 12:02:47.504: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
    *Jul  5 12:02:47.504: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    CWCH#
    *Jul  5 12:02:52.516: ISAKMP (2120): received packet from xxx.xxx.xxx.10 dport 4500 sport 62560 Global (R) QM_IDLE
    *Jul  5 12:02:52.516: ISAKMP: set new node -459292560 to QM_IDLE  
    *Jul  5 12:02:52.516: ISAKMP:(2120): processing HASH payload. message ID = -459292560
    *Jul  5 12:02:52.516: ISAKMP:(2120): processing NOTIFY DPD/R_U_THERE protocol 1
            spi 0, message ID = -459292560, sa = 0x854A7094
    *Jul  5 12:02:52.516: ISAKMP:(2120):deleting node -459292560 error FALSE reason "Informational (in) state 1"
    *Jul  5 12:02:52.516: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
    *Jul  5 12:02:52.516: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    *Jul  5 12:02:52.516: ISAKMP:(2120):DPD/R_U_THERE received from peer xxx.xxx.xxx.10, sequence 0x63A1AE3D
    *Jul  5 12:02:52.516: ISAKMP: set new node -1245354522 to QM_IDLE 
    *Jul  5 12:02:52.516: ISAKMP:(2120):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
            spi 2242383312, message ID = -1245354522
    *Jul  5 12:02:52.516: ISAKMP:(2120): seq. no 0x63A1AE3D
    *Jul  5 12:02:52.516: ISAKMP:(2120): sending packet to xxx.xxx.xxx.10 my_port 4500 peer_port 62560 (R) QM_IDLE
    *Jul  5 12:02:52.516: ISAKMP:(2120):Sending an IKE IPv4 Packet.
    CWCH#
    *Jul  5 12:02:52.516: ISAKMP:(2120):purging node -1245354522
    *Jul  5 12:02:52.520: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
    *Jul  5 12:02:52.520: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    CWCH#
    *Jul  5 12:02:55.636: ISAKMP:(2119):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
    *Jul  5 12:02:55.636: ISAKMP:(2119):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    *Jul  5 12:02:55.656: ISAKMP:(2119):purging node 926310294
    CWCH#
    *Jul  5 12:02:58.000: ISAKMP (2120): received packet from xxx.xxx.xxx.10 dport 4500 sport 62560 Global (R) QM_IDLE
    *Jul  5 12:02:58.000: ISAKMP: set new node -1957053939 to QM_IDLE 
    *Jul  5 12:02:58.000: ISAKMP:(2120): processing HASH payload. message ID = -1957053939
    *Jul  5 12:02:58.000: ISAKMP:(2120): processing NOTIFY DPD/R_U_THERE protocol 1
            spi 0, message ID = -1957053939, sa = 0x854A7094
    *Jul  5 12:02:58.000: ISAKMP:(2120):deleting node -1957053939 error FALSE reason "Informational (in) state 1"
    *Jul  5 12:02:58.000: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
    *Jul  5 12:02:58.000: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    *Jul  5 12:02:58.000: ISAKMP:(2120):DPD/R_U_THERE received from peer xxx.xxx.xxx.10, sequence 0x63A1AE3E
    *Jul  5 12:02:58.000: ISAKMP: set new node -1198504167 to QM_IDLE 
    *Jul  5 12:02:58.004: ISAKMP:(2120):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
            spi 2242383312, message ID = -1198504167
    *Jul  5 12:02:58.004: ISAKMP:(2120): seq. no 0x63A1AE3E
    *Jul  5 12:02:58.004: ISAKMP:(2120): sending packet to xxx.xxx.xxx.10 my_port 4500 peer_port 62560 (R) QM_IDLE
    *Jul  5 12:02:58.004: ISAKMP:(2120):Sending an IKE IPv4 Packet.
    CWCH#
    *Jul  5 12:02:58.004: ISAKMP:(2120):purging node -1198504167
    *Jul  5 12:02:58.004: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
    *Jul  5 12:02:58.004: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    CWCH#
    *Jul  5 12:03:03.000: ISAKMP (2120): received packet from xxx.xxx.xxx.10 dport 4500 sport 62560 Global (R) QM_IDLE
    *Jul  5 12:03:03.000: ISAKMP: set new node 599666073 to QM_IDLE   
    *Jul  5 12:03:03.000: ISAKMP:(2120): processing HASH payload. message ID = 599666073
    *Jul  5 12:03:03.000: ISAKMP:(2120): processing NOTIFY DPD/R_U_THERE protocol 1
            spi 0, message ID = 599666073, sa = 0x854A7094
    *Jul  5 12:03:03.000: ISAKMP:(2120):deleting node 599666073 error FALSE reason "Informational (in) state 1"
    *Jul  5 12:03:03.000: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
    *Jul  5 12:03:03.000: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    *Jul  5 12:03:03.000: ISAKMP:(2120):DPD/R_U_THERE received from peer xxx.xxx.xxx.10, sequence 0x63A1AE3F
    *Jul  5 12:03:03.000: ISAKMP: set new node 1035716483 to QM_IDLE  
    *Jul  5 12:03:03.000: ISAKMP:(2120):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
            spi 2242383312, message ID = 1035716483
    *Jul  5 12:03:03.000: ISAKMP:(2120): seq. no 0x63A1AE3F
    *Jul  5 12:03:03.000: ISAKMP:(2120): sending packet to xxx.xxx.xxx.10 my_port 4500 peer_port 62560 (R) QM_IDLE
    *Jul  5 12:03:03.000: ISAKMP:(2120):Sending an IKE IPv4 Packet.
    CWCH#
    *Jul  5 12:03:03.004: ISAKMP:(2120):purging node 1035716483
    *Jul  5 12:03:03.004: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
    *Jul  5 12:03:03.004: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    CWCH#
    *Jul  5 12:03:08.008: ISAKMP (2120): received packet from xxx.xxx.xxx.10 dport 4500 sport 62560 Global (R) QM_IDLE
    *Jul  5 12:03:08.008: ISAKMP: set new node 230166927 to QM_IDLE   
    *Jul  5 12:03:08.008: ISAKMP:(2120): processing HASH payload. message ID = 230166927
    *Jul  5 12:03:08.008: ISAKMP:(2120): processing NOTIFY DPD/R_U_THERE protocol 1
            spi 0, message ID = 230166927, sa = 0x854A7094
    *Jul  5 12:03:08.008: ISAKMP:(2120):deleting node 230166927 error FALSE reason "Informational (in) state 1"
    *Jul  5 12:03:08.008: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
    *Jul  5 12:03:08.008: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    *Jul  5 12:03:08.008: ISAKMP:(2120):DPD/R_U_THERE received from peer xxx.xxx.xxx.10, sequence 0x63A1AE40
    *Jul  5 12:03:08.008: ISAKMP: set new node -1886395474 to QM_IDLE 
    *Jul  5 12:03:08.008: ISAKMP:(2120):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
            spi 2242383312, message ID = -1886395474
    *Jul  5 12:03:08.008: ISAKMP:(2120): seq. no 0x63A1AE40
    *Jul  5 12:03:08.012: ISAKMP:(2120): sending packet to xxx.xxx.xxx.10 my_port 4500 peer_port 62560 (R) QM_IDLE
    *Jul  5 12:03:08.012: ISAKMP:(2120):Sending an IKE IPv4 Packet.
    CWCH#no
    *Jul  5 12:03:08.012: ISAKMP:(2120):purging node -1886395474
    *Jul  5 12:03:08.012: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
    *Jul  5 12:03:08.012: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    *Jul  5 12:03:13.000: ISAKMP (2120): received packet from xxx.xxx.xxx.10 dport 4500 sport 62560 Global (R) QM_IDLE
    *Jul  5 12:03:13.000: ISAKMP: set new node 841395293 to QM_IDLE   
    *Jul  5 12:03:13.000: ISAKMP:(2120): processing HASH payload. message ID = 841395293
    *Jul  5 12:03:13.000: ISAKMP:(2120): processing NOTIFY DPD/R_U_THERE protocol 1
            spi 0, message ID = 841395293, sa = 0x854A7094
    *Jul  5 12:03:13.000: ISAKMP:(2120):deleting node 841395293 error FALSE reason "Informational (in) state 1"
    *Jul  5 12:03:13.000: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
    *Jul  5 12:03:13.000: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE
    *Jul  5 12:03:13.000: ISAKMP:(2120):DPD/R_U_THERE received from peer xxx.xxx.xxx.10, sequence 0x63A1AE41
    *Jul  5 12:03:13.000: ISAKMP: set new node -820358795 to QM_IDLE  
    *Jul  5 12:03:13.000: ISAKMP:(2120):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1
            spi 2242383312, message ID = -820358795
    *Jul  5 12:03:13.000: ISAKMP:(2120): seq. no 0x63A1AE41
    *Jul  5 12:03:13.000: ISAKMP:(2120): sending packet to xxx.xxx.xxx.10 my_port 4500 peer_port 62560 (R) QM_IDLE
    *Jul  5 12:03:13.000: ISAKMP:(2120):Sending an IKE IPv4 Packet.
    CWCH#no debug all
    All possible debugging has been turned off
    CWCH#
    *Jul  5 12:03:13.004: ISAKMP:(2120):purging node -820358795
    *Jul  5 12:03:13.004: ISAKMP:(2120):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE
    *Jul  5 12:03:13.004: ISAKMP:(2120):Old State = IKE_P1_COMPLETE  New State = IKE_P1_COMPLETE

  • WRVS4400N firmware upgrade to 1.01.03, VPN no longer works

    I recently upgraded to firmware version 1.01.03 for my WRVS4400N. I have been having several problems with IPSec tunnels on the previous firmware and was hoping this release would resolve those issues. To my surprise this firmware version seems to be much much worse. Now I cannot even connect my point-to-point ipsec tunnels at all. I'm using the exact same configuration I was using before (yes I restored from factory and recreated). Anybody else have this problem with this new firmware? I've about had it with Linksys and their horrible VPN solutions. Any help would be appreciated.
    Router 1: WRVS4400N
    Router 2: WRV200
    VPN Solution: IPSec
    Thanks

    We experienced the exact same problem with two of our new WRVS4400N's. We foolishly upgrade the firmware before realizing that the documentation for this significant release had not been upgraded.  In the software business if the documentation isn['t done the software should never be released.  Not only does it frustrate the customers but it also stresses the support organzation.  Had we read the release notes we would have realized we should have 1.) backed up the settings (which would allow us to downgrade the firmware if we didn't like it - which is where we are now),  2.) reset the router to factory settings 3.) rebuild the settings from scratch.    Once we finally got help from India to do this we were ok - though the VPN tunnell does go down at least once or twice a day.  More frustrating though is our constant inability throughout the day to access websites (no problem pinging  websites).  Only way to resolve this is to reboot the router - again several times a day.  We are now committed to downgrading back to the original firmware.

  • GRE tunnel could not be used by the hosts connected to the router

    Hi,
    I am using cisco ASR1013 (RP2) and a Mikrotik Router for setting up a GRE tunnel for LAN to LAN routing over a broadband link. The tunnel works fine (able to ping tunnel end points and also all the connected interfaces on both the Mikrotik and Cisco ASR) but the hosts that are connected directly to the Cisco router interface over a layer 2 cisco switch are unable to connect (ping) the hosts or connected interfaces on the mikrotik side. I am sure its not a mikrotik issue as i dont see any traffic coming through the tunnel using the mikrotik torch utility.  There are no ACL's or firewall rules on any of the devices...... 
    Source and destination of the tunnel are public IP's and are pingable via internet (The tunnel is connected and endpoints are pingable)
    Mikrotik connected interface IP = 192.168.253.1/24
    Mikrotik tunnel end point IP = 192.168.254.1/30
    Cisco tunnel end point IP = 192.168.254.2/30
    Connected cisco subnet to reach Mikrotik = M.N.O.32/28
    Cisco interface IP for LAN = M.N.O.33
    Test host IP on the LAN subnet = M.N.O.34
    The below is my Cisco config
    ASR-1#sh run int tun 1
    Building configuration...
    Current configuration : 144 bytes
    interface Tunnel1
     ip address 192.168.254.2 255.255.255.252
     ip mtu 1400
     tunnel source A.B.C.D
     tunnel destination W.X.Y.Z
    end
    ASR-1#sh run int g0/1/7
    Building configuration...
    Current configuration : 280 bytes
    interface GigabitEthernet0/1/7
     description LAN
     ip address M.N.O.33 255.255.255.240
     ip verify unicast source reachable-via rx
     no negotiation auto
     cdp enable
    end
    ASR-1#sh ip ro 192.168.253.1
    Routing entry for 192.168.253.0/24
      Known via "static", distance 1, metric 0 (connected)
      Routing Descriptor Blocks:
      * directly connected, via Tunnel1
          Route metric is 0, traffic share count is 1
    ASR-1#ping 192.168.253.1 so M.N.O.33
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 192.168.253.1, timeout is 2 seconds:
    Packet sent with a source address of M.N.O.33 
    Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms
    ASR-1#pi M.N.O.34
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to M.N.O.34, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
    If i try to ping 192.168.253.1 (network connected to Mikrotik) from the host M.N.O.34 (the gateway of this host is M.N.O.33 - Int g0/1/7 of the Cisco ASR), i cannot reach detination - request timed out.... Below are the results of trace and ping from the host connected to ASR G1/0/7
    PING TO THE GATEWAY *********
    [root@localhost ~]# ping M.N.O.33
    PING M.N.O.33 (M.N.O.33) 56(84) bytes of data.
    64 bytes from M.N.O.33: icmp_seq=1 ttl=255 time=0.161 ms
    64 bytes from M.N.O.33: icmp_seq=2 ttl=255 time=0.143 ms
    ^C
    --- M.N.O.33 ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1357ms
    rtt min/avg/max/mdev = 0.143/0.152/0.161/0.009 ms
    PING TO THE TUNNEL END POINT IN CISCO ASR
    [root@localhost ~]# ping 192.168.254.2
    PING 192.168.254.2 (192.168.254.2) 56(84) bytes of data.
    64 bytes from 192.168.254.2: icmp_seq=1 ttl=255 time=0.141 ms
    64 bytes from 192.168.254.2: icmp_seq=2 ttl=255 time=0.141 ms
    ^C
    --- 192.168.254.2 ping statistics ---
    2 packets transmitted, 2 received, 0% packet loss, time 1739ms
    rtt min/avg/max/mdev = 0.141/0.141/0.141/0.000 ms
    PING TO THE TUNNEL ENDPOINT IN MIKROTIK
    [root@localhost ~]# ping 192.168.254.1
    PING 192.168.254.1 (192.168.254.1) 56(84) bytes of data.
    ^C
    --- 192.168.254.1 ping statistics ---
    11 packets transmitted, 0 received, 100% packet loss, time 10413ms
    PING TO THE CONNECTED INTERFACE ON MIKROTIK
    [root@localhost ~]# ping 192.168.253.1
    PING 192.168.253.1 (192.168.253.1) 56(84) bytes of data.
    ^C
    --- 192.168.253.1 ping statistics ---
    4 packets transmitted, 0 received, 100% packet loss, time 3641ms
    TRACE TO THE CONNECTED INTERFACE ON MIKROTIK
    [root@localhost ~]# traceroute 192.168.253.1
    traceroute to 192.168.253.1 (192.168.253.1), 30 hops max, 60 byte packets
     1  M.N.O.33 (M.N.O.33)  0.180 ms  0.156 ms  0.145 ms
     2  * * *
     3  * * *
     4  * * *
     5  * * *
    Please help

    Hi,
    Sorry for the delayed response ....Both ends static routes are added for the connected test interfaces.....
    Regards,
    Mahesh 

  • WRVS4400N - ssid vlans are not working

    I've been searching high and low and although I've found many results of people having this same exact problem there doesn't seem to be a fix, or at least no one was kind enough to post one.
    Background:
    I have many vlans but the 3 in question are 10, 20, 30.
    10 is for my laptops and desktops with an ip range of 192.168.10.10 - 192.168.10.50.
    20 is my home automation network with an orange of 192.168.20.20 - 192.168.20.150
    30 is my guest network with a orange of 192.168.30.84 - 192.168.30.89
    I have a dell powerconnect configured with vlans as my core switch. I trunked a port on the switch assigning 3 vlans (10,20,30) and connected it to port 1 on the wrvs4400N. On the wrvs4400 I trunked port 1 tagging vlan 10,20,30. For some reason vlan 1 is untagged on port 1 and I don't know why.
    I also have a router connected to the powerconnect. Of the 3 vlans I mentioned vlan 10 and vlan 30 are the only ones with interfaces on the router. Vlan 20 is an internal network with a separate router and until I figure this out that router is physically turned off. Also the router currently turned on has no routes configured to connect my vlans. Currently there is no configured way to jump vlans.
    I created 4 ssid on the wrvs4400N. Private, home, guest, and wrvs.
    private - is assigned to vlan 10
    home - is assigned to vlan 20
    guest - is assigned to vlan 30
    wrvs - is assigned to vlan 1 - this is temporary until I can get this working. I want it so the only way to manage the wireless is to walk over to it and physically plug in.
    There are a couple DHCP servers.
    Vlan 10 has a windows server 2008 r2 dhcp server.
    vlan 20 uses it's powered off router for dhcp
    vlan 30 uses the main router connected to the power connect
    vlan 1 on the powerconnect uses the main router - this dhcp scope is only used until I'm done with my rebuild since I don't plan on actually using vlan 1 - the scope is 192.168.2.0
    dhcp is turned off on the wrvs4400.
    on the wrvs4400 I made sure to turn off inter vlan routing, and I enable ssid isolation.
    The problem:
    No matter what ssid I connect to I get a dhcp response from vlan 10. all my test indicates that I'm actually on vlan 10. I get internet and I can hit all devices on vlan 10. If I connect to ssid guest and change my ip address to match vlan 30 I can not ping the gateway for vlan 30 and I have no internet access. Some times I get something different. Sometimes I get an ip address from vlan 1 on the powerconnect. If I renew my ip address then I'll grab one from vlan 10 but I should be getting one from 30 or none at all for vlan 20. The absolute crazy part is my droid sometimes gets a 192.168.4.x ip address. I don't have a 192.168.4.x network or dhcp scope anywhere on my network! If I physically plug into a port on the power connect I get to the correct network 10 out of 10 times. If I configure vlans on the other 3 ports on the wrvs4400 and physically plug in, I get to the correct network 10 out of 10 times. Over the wireless all hell breaks lose.
    I've reset to factory a few times and I've been all inside and out of the wrvs4400. I have no clue what could be wrong with this thing. Please help!!!
    More info is available upon request.
    Thanks.

    Kerwin,
    There is a bug with these units- you will need a different unit for your current configuration to work properly. Since you're utilizing other DHCP server in your topology; this isn't the best unit for you. Please call into support center @ 1-866-606-1866 for further requests.
    Thanks,
    Jasbryan

  • IP routing utilizing Verizon private network (GRE tunnel) with remote cellular gateways

    Okay, I give up, and think I have done my due diligence (I have been engrossed and fascinated spending many more hours than allotted to try and learn some of the finer details).  Time for some advice.  My usual trade is controls engineering which generally require only basic knowledge of networking principals.  However I recently took a job to integrate 100 or so lift stations scattered around a county into a central SCADA system.  I decided to use cellular technology to connect these remote sites back to the main SCADA system.  Well the infrastructure is now in and it’s time to get these things talking.  Basic topology description is as follows:  Each remote site has an Airlink LS300 gateway.  Attached to the gateway via Ethernet is a system controller that I will be polling via Modbus TCP from the main SCADA system.  The Airlinks are provisioned by Verizon utilizing a private network with static IP's.  This private networks address is 192.168.1.0/24.  Back at the central office the SCADA computer is sitting behind a Cisco 2911.  The LAN address of the central office is 192.168.11.0/24.  The 2911 is utilizing GRE tunnels that terminate with Verizon.  The original turn up was done with another contractor that did a basic config of the router which you will find below.  As it stands now I am pretty confident the tunnels are up and working (if I change a local computers subnet to 255.255.0.0 I can surprisingly reach the airlinks in the field), but this is obviously not the right way to solve the problem, not to mention I was unable to successfully poll the end devices on the other side of the Airlinks.  I think I understand just about every part of the config below and think it is just missing a few items to be complete.  I would greatly appreciate anyone’s help in getting this set up correctly.  I also have a few questions about the set up that still don’t make sense to me, you will find them below the config.  Thanks in advance.
    no aaa new-model
    ip cef
    ip dhcp excluded-address 10.10.10.1
    ip dhcp pool ccp-pool
     import all
     network 10.10.10.0 255.255.255.248
     default-router 10.10.10.1 
     lease 0 2
    ip domain name yourdomain.com
    no ipv6 cef
    multilink bundle-name authenticated
    username cisco privilege 15 one-time secret 
    redundancy
    crypto isakmp policy 1
    encr 3des
    hash md5
     authentication pre-share
     group 2
    crypto isakmp key AbCdEf01294 address 99.101.15.99  
    crypto isakmp key AbCdEf01294 address 99.100.14.88 
    crypto ipsec transform-set VZW_TSET esp-3des esp-md5-hmac 
    mode transport
    crypto map VZW_VPNTUNNEL 1 ipsec-isakmp 
     description Verizon Wireless Tunnel
     set peer 99.101.15.99
     set peer 99.100.14.88
     set transform-set VZW_TSET 
     match address VZW_VPN
    interface Tunnel1
     description GRE Tunnel to Verizon Wireless
     ip address 172.16.200.2 255.255.255.252
     tunnel source 22.20.19.18
     tunnel destination 99.101.15.99
    interface Tunnel2
    description GRE Tunnel 2 to Verizon Wireless
     ip address 172.16.200.6 255.255.255.252
     tunnel source 22.20.19.18
     tunnel destination 99.100.14.88
    interface Embedded-Service-Engine0/0
     no ip address
     shutdown
    interface GigabitEthernet0/0
     description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
     ip address 10.10.10.1 255.255.255.248
     shutdown
     duplex auto
     speed auto
    interface GigabitEthernet0/1
     ip address 192.168.11.1 255.255.255.0
     duplex auto
     speed auto
    interface GigabitEthernet0/2
     ip address 22.20.19.18 255.255.255.0
    duplex full
     speed 100
     crypto map VZW_VPNTUNNEL
    router bgp 65505
     bgp log-neighbor-changes
     network 0.0.0.0
     network 192.168.11.0
     neighbor 172.16.200.1 remote-as 6167
     neighbor 172.16.200.5 remote-as 6167
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip route 0.0.0.0 0.0.0.0 22.20.19.19
    ip access-list extended VZW_VPN
     permit gre host 99.101.15.99 host 22.20.19.18
     permit icmp host 99.101.15.99 host 22.20.19.18
     permit esp host 99.101.15.99 host 22.20.19.18
     permit udp host 99.101.15.99 host 22.20.19.18 eq isakmp
     permit gre host 22.20.19.18 host 99.101.15.99
     permit gre host 22.20.19.18 host 99.100.14.88
    access-list 23 permit 10.10.10.0 0.0.0.7
    control-plane
    end
    So after spending countless hours analyzing every portion of this,  I think that adding one line to this will get it going (or at least closer).
    ip route 192.168.1.0 255.255.0.0 22.20.19.19
    That should allow my internal LAN to reach the Airlink gateways on the other side of the tunnel (I think)
    Now for a couple of questions for those that are still actually hanging around.
    #1 what is the purpose of the Ethernet address assigned to each tunnel?  I only see them being used in the BGP section where they are receiving routing tables from the Verizon side (is that correct?).  Why wouldn't or couldn't you just use the physical Ethernet address interface in its place (in the BGP section)?
    #2 is the config above correct in pointing the default route to the physical Ethernet address?  Does that force the packets into the tunnel, or shouldn’t you be pointing it towards the tunnel IP's (172.16.200.2)?  If the config above is correct then I should not need to add the route I described above as if I ping out to 192.168.1.X that should catch it and force it into the tunnel where Verizon would pick it up and know how to get it to its destination??
    #3 Will I need to add another permit to the VZW_VPN for TCP as in the end I need to be able to poll via Modbus which uses port 502 TCP.  Or is TCP implicit in some way with the GRE permit?
     I actually have alot more questions, but I will keep reading for now.
    I really appreciate the time you all took to trudge through this.  Also please feel free to point anything else out that I may have missed or that can be improved.  Have a great day!

    This post is a duplicate of this thread
    https://supportforums.cisco.com/discussion/12275476/proper-routing-lan-through-verizon-private-network-gre-airlink-gateways
    which has a response. I suggest that all discussion of this question be done through the other thread.
    HTH
    Rick

Maybe you are looking for

  • Help needed in printing pc to pc (printer) using bluetooth

    I require to create a application in final year in which i have to print from my pc to another persons pc who has a printer attached (both pcs are bluetooth enabled using bluetooth dongles using Microsoft stack) Do i have to use java rmi ?? How do i

  • Pictures in Facebook are too large and content is cut off, is there a way to adjust.

    While using my I pad 2 for Facebook the pictures of postings are huge and some of the content gets cut off. This doesn't happen on a laptop is there a way to adjust size of content so entire post can be seen.

  • Cs11, cs12 and cs13

    Hi, obsered that in cs13, certain raw materials are not appearing where as in cs11 all bom comonents were appeared. pls advise what is the difference between cs11, 12 and 13?

  • DW CS5 Search & Replace within a Found Set

    Can't get this to work in CS5. The actions below used to work in previous DW: Action → Search and Replace See 100 found results using Find All Objective: to replace 50 of those results and leave the other 50 as is Action that used to work ↓ With the

  • Update my os x 10.8 version

    i  whant to update the i photo and my computer write something like this- "Photo can't be installed on "Macintosh HD" because OS X version 10.8.2 or later is required. You can update OS X from the Updates page of the App Store".and in the update page