cancel
Showing results for 
Search instead for 
Did you mean: 

Answer Questions

  • WebDialer SSO Token - ( 08-16-2019 )
  • Developer General Discussions
  • We are attempting to integrate webdialer with a customer C# directory service. This service was previously integrated with an Avaya solution, now being migrated to Cisco.Basically, we are looking to connect to CUCM to retrieve the user device information, then place a call using that device.Since getProfileSoap is deprecated, we need to use getProfileDetailSoap.  When we use the user credentials, it works fine, however, due to requirements, we cannot pass this information, and the original application does not support collecting this information.The other option is to use a token, but i am trying to figure out if there is a way to quickly retrieve the token without having to change much in the original directory application.Any idea would be greatly apprecated
    View more
08-16-2019
Cancel Post

  • How To Collect VXC Client Logs Outside Jabber Problem Report - ( 08-16-2019 )
  • Collaboration Applications
  • I have Jabber running on a Citrix virtual workstation and JVDI running on the physical workstation. I am trying to make a utility / script that would effect pulling a Jabber Problem Report without user input from the virtual workstation. I am able to gather all of the information I need, except for the VXC client logs, as those reside on the physical workstation, along with JVDI. Is there a way to pull these logs, programmatically, similar to how the Jabber does with the 'Report a Problem' function? Otherwise, is there a way to initiate a silently create a Jabber Problem Report, so the user doesn't need to enter any information and doesn't see any dialog windows?
    View more
08-16-2019
Cancel Post

08-16-2019
Cancel Post

08-16-2019
Cancel Post

08-16-2019
Cancel Post

  • Stealthwatch SMC cant see data from Endpoint Concentrator - ( 08-16-2019 )
  • Security Analytics
  • Hi, Im running StealthWatch 7.0.2, my collector is getting data from FlowSensor and from ASA, I have also ISE-PIC, everything is working except Endpoint Concentrator, which is also sending data to collector(I have verified via tcpdump), but data are not shown in SMC.When I login to Java GUI I can see new exporter with no errors, but with zero received flows.Any suggestions please ?
    View more
08-16-2019
Cancel Post

  • Using OUID for Authentication - ( 08-16-2019 )
  • Identity Services Engine (ISE)
  • ISE 2.4 Patch 9 Is there a way (conditionally or otherwise) I can get ISE to match on object guid?  We currently use EAP-TLS for wireless authentication, but I want it so not only do users have to have a client certificate provided by us, the guid on that cert must be used as an attribute that ISE will search AD for before allowing the person on the network.  I've searched all the attributes and see plenty of issuer and subject-based attributes, but nothing specific to guid.  The thought process is that usernames and emails can change, but a globally unique id won't ever change.
    View more
08-16-2019
Cancel Post

  • UCS B200 M5 - ESXi/HBA FNIC issue - ( 08-16-2019 )
  • Unified Computing System Discussions
  • Hello, I'm setting up a new UCS chassis with some B200M5 blades VIC1440.Connecting these blades for boot on san on VNX backend worked with no issue and setup of esxi 6.5 worked perfectly. Just facing right now an issue for connecting those blades to VPLEX SAN. I've spend lot of time searching for an answer on my issue with no succes. Might be related to Cisco directly so I'm trying here ..... here is my problem : UCS 4.0.4c bundle installedB200M5 ESXi 6.5 Custom Cisco installed with boot on san. When scannign HBA to connect VPLEX here is what I got :2019-08-16T14:34:30.233Z cpu8:66287)ALERT: LinScsi: SCSILinuxProcessCompletions:855: Error BytesXferred > Requested Length but HOST_OK/DEVICE_GOOD!vmhba = vmhba2, Driver Name = fnic, Requested length = 66, Resid = 5122019-08-16T14:34:30.233Z cpu8:66287)ALERT: LinScsi: SCSILinuxProcessCompletions:855: Error BytesXferred > Requested Length but HOST_OK/DEVICE_GOOD!vmhba = vmhba2, Driver Name = fnic, Requested length = 66, Resid = 5122019-08-16T14:34:30.233Z cpu8:66287)ALERT: LinScsi: SCSILinuxProcessCompletions:855: Error BytesXferred > Requested Length but HOST_OK/DEVICE_GOOD!vmhba = vmhba2, Driver Name = fnic, Requested length = 66, Resid = 5122019-08-16T14:34:30.233Z cpu8:66287)ALERT: LinScsi: SCSILinuxProcessCompletions:855: Error BytesXferred > Requested Length but HOST_OK/DEVICE_GOOD!vmhba = vmhba2, Driver Name = fnic, Requested length = 66, Resid = 5122019-08-16T14:34:30.233Z cpu16:65584)ALERT: LinScsi: SCSILinuxProcessCompletions:855: Error BytesXferred > Requested Length but HOST_OK/DEVICE_GOOD!vmhba = vmhba1, Driver Name = fnic, Requested length = 66, Resid = 5122019-08-16T14:34:30.234Z cpu16:65584)ALERT: LinScsi: SCSILinuxProcessCompletions:855: Error BytesXferred > Requested Length but HOST_OK/DEVICE_GOOD!vmhba = vmhba1, Driver Name = fnic, Requested length = 66, Resid = 5122019-08-16T14:34:30.234Z cpu16:65584)ALERT: LinScsi: SCSILinuxProcessCompletions:855: Error BytesXferred > Requested Length but HOST_OK/DEVICE_GOOD!vmhba = vmhba1, Driver Name = fnic, Requested length = 66, Resid = 5122019-08-16T14:34:30.234Z cpu16:65584)ALERT: LinScsi: SCSILinuxProcessCompletions:855: Error BytesXferred > Requested Length but HOST_OK/DEVICE_GOOD!vmhba = vmhba1, Driver Name = fnic, Requested length = 66, Resid = 512 Talking about the fnic driver, which is currently running to last last version present in the compatibility table :vmkload_mod module informationinput file: /usr/lib/vmware/vmkmod/fnicVersion: Version 1.6.0.50, Build: 2494585, Interface: 9.2 Built on: Mar 14 2019Build Type: releaseLicense: GPLv2 VIC1440 firmware is currently set to 5.0(3c). Does anyone already faced this issue ? Is it FNIC/VIC related ? Many thanks, Best regards
    View more
08-16-2019
Cancel Post

  • FTD failover with 30sec outage - ( 08-16-2019 )
  • FirePOWER
  • Hello,I can't solve issue with failover outage.Setup:2x virtual FTD (ASA 9.9, firepower 2.3) running in failoverin DC1 (ESX-A) is runnig: FTD-1, SERVER-1in DC2 (ESX-B) is runnig: FTD-2, SERVER-2FTD is running transparent (bridge) modeNW design: [ESX-A]-(trunk)-[SW-DC1]-(trunk)-[SW-CORE]-(trunk)-[SW-DC2]-[ESX-B]Issue:test1: manual failover to FTD-2:connectivity to SERVER-2 is without outage during failoverbut connectivity to SERVER-1 (the same DC as previous active FTD) is lost for 30sectest2: manual failover to FTD-1:connectivity to SERVER-1 is without outage during failoverbut connectivity to SERVER-2 (the same DC as previous active FTD) is lost for 30secI have checked MAC address tables on all NW switches:during normal operation have all mac addresses correct directions to GW or SERVERduring outage I can't see MAC address of the SERVER in VLAN connected to SERVER (between SERVER and FTD) (yes, this vlan is connected also to "real" NW world and virtual world on ESX)my question is: how can I check/troubleshoot MAC address table on vSwitch? Is it possible?what kind of timeout is 30sec?martin
    View more
08-16-2019
Cancel Post

  • radius AAA authentication +/- enable password - ( 08-16-2019 )
  • Policy and Access
  • ello everyone, I run 15.5 IOS on various routers and I'm looking for the statements to accomplish this: -authenticate via aaa radius then use local database if radius is down (this works: aaa authentication login default group radius local)-do not require an enable password if radius is up (meaning go straight into the enable mode after authentication succeeds)-however if radius is down users must login using their username password defined in router local database AND an enable password.my username as priv level 15 defined in router local database. Thanks!
    View more
08-16-2019
Cancel Post

  • L2TP remote VPN on cisco 5505 - ( 08-16-2019 )
  • VPN and AnyConnect
  • We have been using an the old cisco vpn client 5.x for remote VPN connections to a ASA5505.  When one of these clients (on a windows 7 laptop) is connected I can see that its connected using ikev1:(1)AES256 IPsec: (1)AES256. As this VPN client is way out of support and we are moving these onto Windows 10 I am looking to use the built in windows VPN.  I setup the new VPN using the VPN wizard on the firewall with the following settings. object network NETWORK_OBJ_10.0.0.0_27       subnet 10.0.0.0 255.255.255.224     group-policy DefaultRAGroup internal     group-policy DefaultRAGroup attributes       vpn-tunnel-protocol l2tp-ipsec       default-domain value h******.com     exit     tunnel-group DefaultRAGroup general-attributes       default-group-policy DefaultRAGroup       authentication-server-group Radius-Hq-Vasco       address-pool N3_DHCP_POOL     tunnel-group DefaultRAGroup ipsec-attributes       ikev1 pre-shared-key **********     tunnel-group DefaultRAGroup ppp-attributes       no authentication chap       no authentication ms-chap-v1       authentication ms-chap-v2     crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac     crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport     crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac     crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport     crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac     crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport     crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac     crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport     crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac     crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport     crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65530 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS     nat (N3-DMZ-INSIDE,CORP-OUTSIDE) 2 source static any any destination static NETWORK_OBJ_10.0.0.0_27 NETWORK_OBJ_10.0.0.0_27 no-proxy-arp route-lookup When my client (windows built in , on windows 10) connects it connects usingIKEv1 IPsec L2TPOverIPsecIKEv1: (1)3DES IPsec: (1)AES256 L2TPOverIPsec: (1)none How can I force the windows clients to connect using IKEv1 to use AES-256 BTW I changed the below in the configfrom-----crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65530 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-192-SHA ESP-AES-256-SHA ESP-3DES-SHA ESP-DES-SHA ESP-AES-128-SHA-TRANS ESP-AES-192-SHA-TRANS ESP-AES-256-SHA-TRANS ESP-3DES-SHA-TRANS ESP-DES-SHA-TRANS to---crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65530 set ikev1 transform-set ESP-AES-256-SHA  ESP-AES-256-SHA-TRANS But this didn't help
    View more
08-16-2019
Cancel Post

  • [Nexus NX-OS] MTU + FCoE - ( 08-16-2019 )
  • Data Center Switches
  • Hello Experts,Do you guys have any experience or had a chance to apply Jumbo MTU commands with FCoE in production?I wonder if this can have any impact. Today this switches is just L2 and FCoE is running , but with MTU default.  policy-map type network-qos jumbo-plus-FCOEclass type network-qos class-fcoepause no-dropmtu 2158class type network-qos class-defaultmtu 9216system qosservice-policy type qos input fcoe-default-in-policyservice-policy type queuing input fcoe-default-in-policyservice-policy type queuing output fcoe-default-out-policyservice-policy type network-qos jumbo-plus-FCOE Thanks! 
    View more
08-16-2019
Cancel Post

  • Error starting SandBox "IOS XE Programmability on the Catalyst 9000" - ( 08-16-2019 )
  • DevNet Sandbox
  • Hello Support, I encounter errors starting this SandBox "IOS XE on Catalyst 9000 16.12 EFT Code".I did not receive any VPN credentials email, and some errors appeared in the activity feed.Reserved this sandbox two times with the same errors.Please find attached those errors. Thank you. Best regards,Baptiste MASSET
    View more
08-16-2019
Cancel Post

  • Ethernet CFM Hello PDUs not propagating correctly (Ping only works when initiated from one direction) - ( 08-16-2019 )
  • Metro
  • Hello I am trying to implement Ethernet CFM and I am experiencing some issues when I connect it over my MPLS setup. Network setup:                      PE1                                                    PE2                       CEInterface A - ASR901 <------> MPLS <------> ASR901 <------> ME3400 Interface-B My PE devices are connected together using xconnects under the service instance sub-configuration. I have configured MEPs in PE1 and CE as Up (CFM interface configuration done on "customer" facing interfaces, Interface-A and Interface-B) I can see in the MAC address table of the CE the MEP MAC address from PE1, but my renote mpdb is empty. However on PE1 I successfully receive the ethernet CFM packets and get entries in my remote mpdb for the configured MEP on the CE.  However I cannot ping the CE from the PE even when I have a remote mpdb entry. Some outputs from my devices show ethernet cfm maintenance-points remote--------------------------------------------------------------------------------MPID Domain Name MacAddress IfSt PtStLvl Domain ID IngressRDI MA Name Type Id SrvcInstEVC Name AgeLocal MEP Info--------------------------------------------------------------------------------20 Testdom CE-MACADDR Up Up4 Testdom Gi0/3:(1.2.3.4, 2446999446- testcfm XCON N/A 24462446 9sMPID: 10 Domain: Testdom MA: testcfm Sending 5 Ethernet CFM loopback messages to CE-MACADDR , timeout is 5 seconds:.....Success rate is 0 percent (0/5)   However when I ping from my CE to my PE I get successful pings (have to list the MAC address in the ping since I haven't learned the MEP ID). Using the same MD and MA.  Anyone have any ideas what can be wrong in my configuration? I have also tried to move my MEP from an UP-MEP to a DOWN-MEP (and moving the interface configuration to the interface directly connected to my PE device). 
    View more
08-16-2019
Cancel Post

  • Sample apps for XR syslog using CRUD/gNMI - ( 08-16-2019 )
  • YANG Development Kit (YDK)
  • Hi there,I am introducing a new set of sample applications which configures syslog and debug timestamps for XR data model using the CRUD service and the gNMI provider.This set of sample applications include eight boilerplate applications and seventeen custom applications:gn-create-xr-infra-syslog-cfg-10-ydk.py - Create boilerplate gn-create-xr-infra-syslog-cfg-11-ydk.py - Create boilerplate gn-create-xr-infra-syslog-cfg-20-ydk.py - Disable log timestamps gn-create-xr-infra-syslog-cfg-22-ydk.py - Uptime log timestamps gn-create-xr-infra-syslog-cfg-24-ydk.py - Local time log timestamps gn-create-xr-infra-syslog-cfg-26-ydk.py - Local time log/debug timest. gn-create-xr-infra-syslog-cfg-28-ydk.py - Detailed log/debug timestamp gn-create-xr-infra-syslog-cfg-30-ydk.py - Logging console disable gn-create-xr-infra-syslog-cfg-32-ydk.py - Logging buffered gn-create-xr-infra-syslog-cfg-40-ydk.py - Logging archive disk1 gn-create-xr-infra-syslog-cfg-42-ydk.py - Logging archive harddisk gn-create-xr-infra-syslog-cfg-50-ydk.py - ipv4 remote logging server gn-create-xr-infra-syslog-cfg-51-ydk.py - ipv6 remote logging server gn-create-xr-infra-syslog-cfg-52-ydk.py - ipv4 remote logging server w/VRF gn-create-xr-infra-syslog-cfg-53-ydk.py - ipv6 remote logging server w/VRF gn-create-xr-infra-syslog-cfg-60-ydk.py - Logging suppression gn-create-xr-infra-syslog-cfg-62-ydk.py - Logging correlation gn-delete-xr-infra-syslog-cfg-10-ydk.py - Delete boilerplate gn-delete-xr-infra-syslog-cfg-11-ydk.py - Delete boilerplate gn-delete-xr-infra-syslog-cfg-20-ydk.py - Delete all timestamp config gn-delete-xr-infra-syslog-cfg-30-ydk.py - Delete all logging config gn-read-xr-infra-syslog-cfg-10-ydk.py - Read boilerplate gn-read-xr-infra-syslog-cfg-11-ydk.py - Read boilerplate gn-update-xr-infra-syslog-cfg-10-ydk.py - Update boilerplate gn-update-xr-infra-syslog-cfg-11-ydk.py - Update boilerplate You can find the python files, JSON files, and CLI files in the following directory: https://github.com/deom119/ydk-py-samples/tree/master/samples/basic/crud/gnmi/models/cisco-ios-xr/Cisco-IOS-XR-infra-syslog-cfg
    View more
08-16-2019
Cancel Post

  • Remote to Site VPN not woking - ( 08-16-2019 )
  • VPN and AnyConnect
  • Hello AllI have a task in hand, where by i need to get Site to Site and Remote to site configure in my Branch RouterHQ- Only Site to Site VPN to Branch RouterBranch- Site to Site VPN with HQ router and Client to Branch Site VPN AccessI have following configuration, site to site is working fine but when i connect laptop from out side branch network using Cisco VPN Client ver 5 i, it ask for username and password but after sometime, no connection established. i enabled logging in VPN Client and get following error message which means Phase 2 is not getting negotiated. If i change the transform-set to esp-aes esp-sha-mac then i loose my site to site VPN connectivity to my HQ router.I am stuck now and have tried all the possible solution but nothing seems to be working do not know where i am going wrong  Branch Router Config (Cisco 3825)Interface gigabitethernet 0/0ip address 192.168.4.1 255.255.255.0ip nat insideno shut!Interface gigabitethernet 0/1ip address XX.XX.XX.XX 255.255.255.0ip nat outsideno shut!IP route 0.0.0.0 0.0.0.0 XX.XX.XX.XX!IP nat inside source list 199 interface Gigabitethernet 0/1 overload!IP access-list extended 199deny ip 192.168.4.0 0.0.0.255 10.0.0.0 0.0.0.255deny ip 172.16.0.0 0.0.255.255 10.0.0.0 0.0.0.255permit ip 192.168.4.0 0.0.255.255 anypermit ip 172.16.0.0 0.0.255.255 any!IP access-list extended 100permit ip 192.168.4.0 0.0.0.255 10.0.0.0 0.0.0.255!IP access-list extended 102permit ip 172.16.0.0 0.0.255.255 any!crypto isakmp policy 5encr 3desauthentication pre-sharegroup 2!crypto isakmp key XX address XX.XX.XXcrypto ipsec transform-set MY-SET esp-aes esp-md5-hmaccrypto map IPSEC-SITE-TO-SITE-VPN 10 ipsec-isakmpset peer XX.XX.XX.XXset transform-set MY-SETmatch address 100!Interface gigabitethernet 0/1crypto map IPSEC-SITE-TO-SITE-VPN!aaa new-modelaaa authentication login users localaaa authorization network groups local!ip local pool VPNPOOL 172.16.0.1 172.16.0.50!!Crypto isakmp Client Configuration group internalkey ciscopool vpnpoolacl 102!crypto dynamic-map d-map 1set transform-set MY-SETreverse-route!crypto map IPSEC-SITE-TO-SITE-VPN 11 ipsec-isakmp dynamic d-map!crypto map IPSEC-SITE-TO-SITE-VPN client configuration address respond!crypto map IPSEC-SITE-TO-SITE-VPN isakmp authorization list groupscrypto map IPSEC-SITE-TO-SITE-VPN client authentication list users!username XX password XX!  Cisco VPN Client Log messageCisco Systems VPN Client Version 5.0.07.0410Copyright (C) 1998-2010 Cisco Systems, Inc. All Rights Reserved.Client Type(s): Windows, WinNTRunning on: 6.1.7601 Service Pack 1684 18:05:07.967 08/16/19 Sev=Info/4 CM/0x63100002Begin connection process685 18:05:07.967 08/16/19 Sev=Info/4 CM/0x63100004Establish secure connection686 18:05:07.967 08/16/19 Sev=Info/4 CM/0x63100024Attempt connection with server "xx.xx.xx.xx"687 18:05:07.982 08/16/19 Sev=Info/6 IKE/0x6300003BAttempting to establish a connection with xx.xx.xx.xx.688 18:05:07.982 08/16/19 Sev=Info/4 IKE/0x63000001Starting IKE Phase 1 Negotiation689 18:05:07.998 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK AG (SA, KE, NON, ID, VID(Xauth), VID(dpd), VID(Frag), VID(Nat-T), VID(Unity)) to xx.xx.xx.xx690 18:05:08.123 08/16/19 Sev=Info/5 IKE/0x6300002FReceived ISAKMP packet: peer = xx.xx.xx.xx691 18:05:08.123 08/16/19 Sev=Info/4 IKE/0x63000014RECEIVING <<< ISAKMP OAK AG (SA, VID(Unity), VID(dpd), VID(?), VID(Xauth), VID(Nat-T), KE, ID, NON, HASH, NAT-D, NAT-D) from xx.xx.xx.xx692 18:05:08.123 08/16/19 Sev=Info/5 IKE/0x63000001Peer is a Cisco-Unity compliant peer693 18:05:08.123 08/16/19 Sev=Info/5 IKE/0x63000001Peer supports DPD694 18:05:08.123 08/16/19 Sev=Info/5 IKE/0x63000001Peer supports DWR Code and DWR Text695 18:05:08.232 08/16/19 Sev=Info/6 GUI/0x63B00012Authentication request attributes is 6h.696 18:05:08.123 08/16/19 Sev=Info/5 IKE/0x63000001Peer supports XAUTH697 18:05:08.123 08/16/19 Sev=Info/5 IKE/0x63000001Peer supports NAT-T698 18:05:08.123 08/16/19 Sev=Info/6 IKE/0x63000001IOS Vendor ID Contruction successful699 18:05:08.123 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK AG *(HASH, NOTIFY:STATUS_INITIAL_CONTACT, NAT-D, NAT-D, VID(?), VID(Unity)) to xx.xx.xx.xx700 18:05:08.123 08/16/19 Sev=Info/6 IKE/0x63000055Sent a keepalive on the IPSec SA701 18:05:08.123 08/16/19 Sev=Info/4 IKE/0x63000083IKE Port in use - Local Port = 0xC613, Remote Port = 0x1194702 18:05:08.123 08/16/19 Sev=Info/5 IKE/0x63000072Automatic NAT Detection Status:Remote end is NOT behind a NAT deviceThis end IS behind a NAT device703 18:05:08.123 08/16/19 Sev=Info/4 CM/0x6310000EEstablished Phase 1 SA. 1 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system704 18:05:08.232 08/16/19 Sev=Info/5 IKE/0x6300002FReceived ISAKMP packet: peer = xx.xx.xx.xx705 18:05:08.232 08/16/19 Sev=Info/4 IKE/0x63000014RECEIVING <<< ISAKMP OAK INFO *(HASH, NOTIFY:STATUS_RESP_LIFETIME) from xx.xx.xx.xx706 18:05:08.232 08/16/19 Sev=Info/5 IKE/0x63000045RESPONDER-LIFETIME notify has value of 86400 seconds707 18:05:08.232 08/16/19 Sev=Info/5 IKE/0x63000047This SA has already been alive for 1 seconds, setting expiry to 86399 seconds from now708 18:05:08.232 08/16/19 Sev=Info/5 IKE/0x6300002FReceived ISAKMP packet: peer = xx.xx.xx.xx709 18:05:08.232 08/16/19 Sev=Info/4 IKE/0x63000014RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from xx.xx.xx.xx710 18:05:08.232 08/16/19 Sev=Info/4 CM/0x63100015Launch xAuth application711 18:05:08.294 08/16/19 Sev=Info/4 IPSEC/0x63700008IPSec driver successfully started712 18:05:08.294 08/16/19 Sev=Info/4 IPSEC/0x63700014Deleted all keys713 18:05:12.045 08/16/19 Sev=Info/4 CM/0x63100017xAuth application returned714 18:05:12.045 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xx.xx.xx.xx715 18:05:12.248 08/16/19 Sev=Info/5 IKE/0x6300002FReceived ISAKMP packet: peer = xx.xx.xx.xx716 18:05:12.248 08/16/19 Sev=Info/4 IKE/0x63000014RECEIVING <<< ISAKMP OAK TRANS *(HASH, ATTR) from xx.xx.xx.xx717 18:05:12.248 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xx.xx.xx.xx718 18:05:12.248 08/16/19 Sev=Info/4 CM/0x6310000EEstablished Phase 1 SA. 1 Crypto Active IKE SA, 1 User Authenticated IKE SA in the system719 18:05:12.264 08/16/19 Sev=Info/5 IKE/0x6300005EClient sending a firewall request to concentrator720 18:05:12.264 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK TRANS *(HASH, ATTR) to xx.xx.xx.xx721 18:05:17.529 08/16/19 Sev=Info/4 IKE/0x63000021Retransmitting last packet!722 18:05:17.529 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK TRANS *(Retransmission) to xx.xx.xx.xx723 18:05:18.547 08/16/19 Sev=Info/6 IKE/0x63000055Sent a keepalive on the IPSec SA724 18:05:22.673 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to xx.xx.xx.xx725 18:05:22.673 08/16/19 Sev=Info/6 IKE/0x6300003DSending DPD request to xx.xx.xx.xx, our seq# = 3435816096726 18:05:22.673 08/16/19 Sev=Info/4 IKE/0x63000021Retransmitting last packet!727 18:05:22.673 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK TRANS *(Retransmission) to xx.xx.xx.xx728 18:05:27.770 08/16/19 Sev=Info/4 IKE/0x63000021Retransmitting last packet!729 18:05:27.770 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK TRANS *(Retransmission) to xx.xx.xx.xx730 18:05:27.770 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to xx.xx.xx.xx731 18:05:27.770 08/16/19 Sev=Info/6 IKE/0x6300003DSending DPD request to xx.xx.xx.xx, our seq# = 3435816097732 18:05:28.804 08/16/19 Sev=Info/6 IKE/0x63000055Sent a keepalive on the IPSec SA733 18:05:32.916 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK INFO *(HASH, NOTIFY:DPD_REQUEST) to xx.xx.xx.xx734 18:05:32.916 08/16/19 Sev=Info/6 IKE/0x6300003DSending DPD request to xx.xx.xx.xx, our seq# = 3435816098735 18:05:32.916 08/16/19 Sev=Info/4 IKE/0x6300002DPhase-2 retransmission count exceeded: MsgID=45C6D766736 18:05:32.916 08/16/19 Sev=Info/4 IKE/0x63000017Marking IKE SA for deletion (I_Cookie=FBE3680929414118 R_Cookie=691F595CFB68BADA) reason = DEL_REASON_IKE_NEG_FAILED737 18:05:32.916 08/16/19 Sev=Info/4 IKE/0x63000013SENDING >>> ISAKMP OAK INFO *(HASH, DWR) to xx.xx.xx.xx738 18:05:36.008 08/16/19 Sev=Info/4 IKE/0x6300004BDiscarding IKE SA negotiation (I_Cookie=FBE3680929414118 R_Cookie=691F595CFB68BADA) reason = DEL_REASON_IKE_NEG_FAILED739 18:05:36.008 08/16/19 Sev=Info/4 CM/0x6310000FPhase 1 SA deleted before Mode Config is completed cause by "DEL_REASON_IKE_NEG_FAILED". 0 Crypto Active IKE SA, 0 User Authenticated IKE SA in the system740 18:05:36.008 08/16/19 Sev=Info/5 CM/0x63100025Initializing CVPNDrv741 18:05:36.008 08/16/19 Sev=Info/6 CM/0x63100046Set tunnel established flag in registry to 0.742 18:05:36.008 08/16/19 Sev=Info/4 IKE/0x63000001IKE received signal to terminate VPN connection743 18:05:36.024 08/16/19 Sev=Info/4 IPSEC/0x63700014Deleted all keys744 18:05:36.024 08/16/19 Sev=Info/4 IPSEC/0x63700014Deleted all keys745 18:05:36.024 08/16/19 Sev=Info/4 IPSEC/0x63700014Deleted all keys746 18:05:36.024 08/16/19 Sev=Info/4 IPSEC/0x6370000AIPSec driver successfully stopped Any help would be greatly appreciated ThanksManish Sharma 
    View more
08-16-2019
Cancel Post

  • EEM Script to add default route once track comes up and remains stable for some time. - ( 08-16-2019 )
  • Network Management
  • I have below EEM script INTERNET-LINK-DOWN where event detector is a TRACK 10. When track goes down, script removes the default route. I am using another event INTERNET-LINK-UP to re-add that default route once track comes up. Here i need a help for event INTERNET-LINK-UP so that it will add default route only when track will be up and stable for some time say 30 min. event manager applet INTERNET-LINK-DOWNevent track 10 state down  action 1.0 cli command "enable"  action 1.1 cli command "conf t"  action 1.2 cli command "no ip route 0.0.0.0 0.0.0.0 186.201.76.233 name DEFAULT_EXIT track 10"  action 1.9 cli command "exit" event manager applet INTERNET-LINK-UPevent track 10 state up  action 1.0 cli command "enable"  action 1.1 cli command "conf t"  action 1.2 cli command "ip route 0.0.0.0 0.0.0.0 186.201.76.233 name DEFAULT_EXIT track 10"  action 1.9 cli command "exit" 
    View more
08-16-2019
Cancel Post

  • DCNM 11.2.1 Authorization with Cisco ISE 2.2 - ( 08-16-2019 )
  • Other Data Center Subjects
  • Hi, we have recently installed Cisco DCNM 11.2.1 and enabled AAA with Cisco ISE as TACACS+ server. At the Cisco ISE server I have configured the TACACS profile with the custom attribute set to Mandatory name shell:roles  and value network-admin. Authentication works fine, so I can login, only not as an admin. In the tacacs log there are messages that the right tacacs profile is selected and the attribute is send in the response:Authorization AttributesAll Request Attribuescisco-av-pair* ,shell:roles*All Response Attribuesshell:roles=network-adminand the response is also send, it does mention AVPair not cisco-av-pair, so maybe that is the problem:Response{Author-Reply-Status=PassRepl; AVPair=shell:roles=network-admin; }  
    View more
08-16-2019
Cancel Post

  • WebEx productivity tools password safe and automatic login in Citrix - ( 08-16-2019 )
  • Collaboration Applications
  • Hi @All, We've updated our WebEx onprem infrastructure a few weeks ago to 3.0.1.2155.C-AE. After we've update the productivity tools in our citrix environment the password safe and remember function is not working.Is there any change where these informations were stored? Maybe you know where these informations are stored. Or do you have another small hint for us. Thanks & best regardsSven
    View more
08-16-2019
Cancel Post

  • List endpoints with an assigned SGT through API - ( 08-16-2019 )
  • Identity Services Engine (ISE)
  • Hi,In our rapid threat containment setup with Firepower and ISE, we assign a specific SGT when endpoints gets quarantined. We are trying to find a way to list all endpoints that are quarantined. Since the clients are assigned a specific tag, I am looking for a way to list all clients with this tag through the rest api. The quarantined client also gets an unique authorization profile assigned to them, so another possible way would be to list which clients are using this specific authorization profile. Anyone know if this is possible? Thanks/Jorgen
    View more
08-16-2019
Cancel Post

08-16-2019
Cancel Post

  • Jabber softphone 11.8 integration with web app - ( 08-16-2019 )
  • Unified Communications Infrastructure
  • Hello - we have a use case for which we intend to do a demo.within the group we work for,  we have multiple web apps(built using Pega Platform BPM). Now with the Jabber softphones being installed on the colleague's desktop, we are trying to explore the option of integrating the Pega web app with Jabber so that colleagues dont need to use hardphone to make calls, rather by just click of button on web app, the Jabber softphone must get the input of phone number and make the outbound call. The voice call number is available within web app, so if the collegue who works on the Pega case wants to call someone, he/she should just click on a button and the Jabber softphone should have some API which needs to be called by web app to make the call. the APi should be able to accept the voice call number as input...is this doable? 
    View more
08-16-2019
Cancel Post

  • Nexus 3524-X on demand ports versus 3548-X - ( 08-16-2019 )
  • Data Center Switches
  • Hi there,When i look table 6 at https://www.cisco.com/c/en/us/products/collateral/switches/nexus-3548-switch/data_sheet_c78-707001.html , I see that the switching capacity is at 480Gbps. If i enable all 48 ports, will the switching capacity be the same, or will it automagically be adjusted to 960-Gbps ? I guess what i'm asking is, are the 3524-X and 3548-X the same switch inside? with only difference being 3524-X has 24 enabled ports? RegardsAra
    View more
08-16-2019
Cancel Post

  • netflow on nexus 5600 - ( 08-16-2019 )
  • Data Center Switches
  • Hi All, To make a go-no-go decision to use netflow in our customer's Nexus 5600 based DC core we try to find relevant information on how the netflow export information is created - namely which pieces of hardware are used at each step of the process and how their performance may be affected depending on the amount of traffic or connections/sessions or sampling configuration.Unfortunately the official configuration guide available at link:https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5600/sw/system_management/7x/b_5600_System_Mgmt_Config_7x/b_6k_System_Mgmt_Config_7x_chapter_010011.html#reference_B1B13A010DDA497DBAA0AA4563F9CB0Ais very concise and gives only general understanding that netflow configuration will affect overall cpu utilization and allows to only make assumptions on why and how.There are also a couple of slides (namely 102 through 105) in BRKDCT-1890.pdf CiscoLive presentation available at link:https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2016/pdf/BRKDCT-1890.pdfand it shed some light on M3 and F3 modules of Nexus 7000 platform but again provides little details related to Nexus 5600 platform.All in all - I will appreciate if any experienced colleague will be able to provide useful links or relevant pieces of information and give us a ground to make the right decision for a specific environment. Thank you in advance. Best regards
    View more
08-16-2019
Cancel Post

  • How to add intractive variable in Cisco prime CLI template. - ( 08-16-2019 )
  • Wireless Security and Network Management
  • Hi All, I want to create Prime template for adding Regulatory Domain in WLC's.  ( i know this is one time activity but want to create this one for documentation and team training ). but would like to know how to add interactive static response in Cisco Prime CLI template. Config 802.11b enable network Are you sure you want to continue? (y/n)> How to add confirmation as "Yes" in template as this is not a defined command.Config 802.11a enable networkAre you sure you want to continue? (y/n)> How to add confirmation as "Yes" in template as this is not a defined command.config countries-list add CH,IN,CN ( for example )Are you sure you want to continue? (y/n)> How to add confirmation as "Yes" in template as this is not a defined command. RegardsSharath
    View more
08-16-2019
Cancel Post