Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About alanmsv1234
Stats
Member since
01-19-2010
14
Posts
0
Helpful
0
Solutions
dot11radio error: encryption mode ciphe...
in Wireless and Mobility
11-23-2011
01:29 PM
11-23-2011
01:29 PM
I have same problem, but when I enter command authentication key-management wpa I get error: Encryption mode cipher is not configured But I have (or think I have) configured it. Any ideas what's wrong?
... View more
Created by
alanmsv1234
in VPN and AnyConnect
in VPN and AnyConnect
06-25-2010
07:42 AM
06-25-2010
07:42 AM
Found the answer: Packet capture wizard in the ASA can track all packets between any interface or IP address/range. By capturing from the source subnet, then sending the output to Wireshark, the culprit is revealed.
... View more
Created by
alanmsv1234
in VPN and AnyConnect
in VPN and AnyConnect
06-25-2010
06:20 AM
06-25-2010
06:20 AM
Hi, I don't have a Netflow box, and it looks very complicated!! What I really need is a simple metod of tracing the source IP of traffic going through the VPN.
... View more
06-25-2010
03:58 AM
I have a site-2-site IPSec vpn between an 1801 ISR and an ASA 5510. Monitoring the vpn on the ASA, I see there is constant traffic on it, when I would have expected only intermittent traffic. How can I trace what is actually causing traffic to cross the vpn? I suspect something at the ISR end is sending packets to the ASA network, but how can I find out what? Cheers
... View more
Labels:
06-09-2010
09:45 AM
System image file is "flash:c870-advsecurityk9-mz.124-24.T3.bin" Cheers
... View more
06-08-2010
09:57 AM
I don't understand why it would say virtual interface. I configured it via SDM, I presume it would apply it to the actual interface?
... View more
06-04-2010
01:03 AM
So, if I upgrade from 8.2 to 8.3, I could use the internal names/ip's in my ACLs? As you say, this would be much more flexible, as I do indeed plan to change external IP scheme eventually.
... View more
06-03-2010
10:04 AM
That config does not work, but I think I've spotted the flaw: it works if the destination of the access rule is the external IP of the internal server, but does not work if the destination is specified as the internal server (in this case centos). This seems somewhat counter-intuitive to me, and different from the ISR routers, where you do specify the internal name/ip. I have done all config via the ASDM, not CLI. I am assuming the Public servers config option is a 'user friendly' way of doing the nat and access list in one go?
... View more
06-03-2010
09:50 AM
MSV-ASA# sh run static static (Inside,Outside) tcp xxx.29 pptp Fileserver pptp netmask 255.255.255.255 static (DMZ,Outside) tcp xxx.27 imap4 pop.m.org imap4 netmask 255.255.255.255 static (DMZ,Outside) tcp xxx.27 pop3 pop.m.org pop3 netmask 255.255.255.255 static (DMZ,Outside) tcp xxx.27 smtp CentOs smtp netmask 255.255.255.255 static (Inside,Outside) xxx.28 Commserver netmask 255.255.255.255 MSV-ASA# sh run access-group access-group Outside_access_in in interface Outside MSV-ASA# sh run access-list access-list Outside_access_in extended permit tcp any host CentOs eq smtp access-list Outside_access_in extended permit tcp any host xxx.29 eq pptp access-list Outside_access_in extended permit tcp object-group Webroot host xxx.28 eq smtp access-list Outside_access_in extended permit tcp any host xxx.28 object-group DM_INLINE_TCP_0 access-list Outside_access_in extended permit tcp any host Fileserver eq pptp access-list Outside_access_in extended permit tcp any host pop.m.org object-group DM_INLINE_TCP_1
... View more
06-03-2010
09:19 AM
I have just bought an ASA 5510 and am trying to configure it, but it is not working the way I expect. I have several internal servers which need to be accessed from the web. If I create a NAT entry for each, and a corresponding access rule, the servers cannot be accessed. If, however, I add the servers in the 'Public Servers' section, it automatically adds the appropriate NAT and Access rule, and it works. My first question is why is this so? Surly adding the NAT and Access rule should work? Secondly, although it works by adding the servers via Public folders, it only does so by assigning a different public IP for each internal server. I want to assign different ports from one external IP to different internal servers to conserve IP's, but it will not let me do this: adding a server in Public server assigns an IP to that internal server, even though I specify, for example, only smtp as the service. If I try to add another Public server, say http, to another internal machine, it says the external address overlaps with another in use. This can be done by configuring NAT and Access Rule directly, but this doesn't work. I can only access my servers by doing it via Public Servers. is this by design, or am I doing something wrong??
... View more
Labels:
06-02-2010
06:22 AM
Hi, debug ppp neg is as follows: *Mar 1 03:33:39.090: Vi2 LCP: State is Closed *Mar 1 03:33:39.090: Vi2 PPP: Phase is DOWN *Mar 1 03:33:39.090: Vi2 PPP: Phase is ESTABLISHING, Passive Open *Mar 1 03:33:39.090: Vi2 LCP: State is Listenunde *Mar 1 03:33:40.402: Vi2 PPP: LCP not open, discarding UNKNOWN(0xAAAA) packet *Mar 1 03:33:41.107: Vi2 LCP: Timeout: State Listen *Mar 1 03:33:41.107: Vi2 PPP: No remote authentication for call-out *Mar 1 03:33:41.107: Vi2 LCP: O CONFREQ [Listen] id 225 len 10 *Mar 1 03:33:41.107: Vi2 LCP: MagicNumber 0x23C69477 (0x050623C69477) *Mar 1 03:33:41.579: Vi2 LCP: I CONFREQ [REQsent] id 139 len 19 *Mar 1 03:33:41.579: Vi2 LCP: MRU 1500 (0x010405DC) *Mar 1 03:33:41.579: Vi2 LCP: AuthProto CHAP (0x0305C22305) *Mar 1 03:33:41.579: Vi2 LCP: MagicNumber 0x55E3EF63 (0x050655E3EF63) *Mar 1 03:33:41.583: Vi2 LCP: O CONFACK [REQsent] id 139 len 19 *Mar 1 03:33:41.583: Vi2 LCP: MRU 1500 (0x010405DC) *Mar 1 03:33:41.583: Vi2 LCP: AuthProto CHAP (0x0305C22305) *Mar 1 03:33:41.583: Vi2 LCP: MagicNumber 0x55E3EF63 (0x050655E3EF63) *Mar 1 03:33:41.583: Vi2 LCP: I CONFACK [ACKsent] id 225 len 10 *Mar 1 03:33:41.583: Vi2 LCP: MagicNumber 0x23C69477 (0x050623C69477) *Mar 1 03:33:41.583: Vi2 LCP: State is Open *Mar 1 03:33:41.583: Vi2 PPP: Phase is AUTHENTICATING, by the peer *Mar 1 03:33:41.595: Vi2 CHAP: I CHALLENGE id 1 len 36 from "bras-red7.l-wat" *Mar 1 03:33:41.595: Vi2 CHAP: Using hostname from interface CHAP *Mar 1 03:33:41.595: Vi2 CHAP: Using password from interface CHAP *Mar 1 03:33:41.595: Vi2 CHAP: O RESPONSE id 1 len 34 from "XXXXXXXXX" *Mar 1 03:33:41.635: Vi2 CHAP: I FAILURE id 1 len 42 msg is "CHAP authenticatio n failure, unit 1822" *Mar 1 03:33:41.635: Vi2 LCP: I TERMREQ [Open] id 140 len 4 *Mar 1 03:33:41.635: Vi2 LCP: O TERMACK [Open] id 140 len 4all *Mar 1 03:33:41.635: Vi2 PPP: Sending Acct Event[Down] id[3B1] *Mar 1 03:33:41.635: Vi2 PPP: Phase is TERMINATING *Mar 1 03:33:42.075: Vi2 LCP: I TERMREQ [TERMsent] id 1 len 4 *Mar 1 03:33:42.075: Vi2 LCP: O TERMACK [TERMsent] id 1 len 4 All possible debugging has been turned off MSV-877# *Mar 1 03:33:43.631: Vi2 LCP: Timeout: State TERMsent *Mar 1 03:33:43.631: Vi2 LCP: State is Closed Running config: interface ATM0 no ip address no atm ilmi-keepalive ! interface ATM0.1 point-to-point pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 ip address 10.0.10.252 255.255.255.0 ip nat inside ip virtual-reassembly ! interface Dialer0 ip address xx.xx.xx.3 255.255.255.240 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname *********** ppp chap password 0 ************ ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ip http server ip http secure-server ! ip nat inside source list 1 interface Dialer0 overload ! access-list 1 remark INSIDE_IF=Vlan1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.0.10.0 0.0.0.255 dialer-list 1 protocol ip permit ! ! !
... View more
06-01-2010
07:36 AM
I have an 877 router that will not connect to my ISP. I've tried the troubleshooting docs, when I run a PPP debug, I get Vi2 CHAP: O RESPONSE id 1 len 34 from <my isp username>" Vi2 CHAP: I FAILURE id 1 len 42 msg is "CHAP authentication failure, unit 2965" the username and password are for certain correct, and the line is ok, as when I use another (much cheaper) router, it works fine. I've wiped my router and re-done the config from scratch, with same result. I'm running the latest IOS. Any ideas what other troubleshooting can be done?
... View more
Labels:
Created by
alanmsv1234
in VPN and AnyConnect
in VPN and AnyConnect
01-20-2010
06:14 AM
01-20-2010
06:14 AM
I have an ACL on the 877 that prevents traffic to the remote network being nat-d in the first place, so return traffic will also not require natting: it should be straight network to network. I have looked at the IP net translations after trying to ping the remote network, and there are no entries, so I conclude the vpn traffic is not being natted, as expected. So I do not think Nat is the cause of the problem. But I cannot think what else could be causing the problem.
... View more
Created by
alanmsv1234
in VPN and AnyConnect
in VPN and AnyConnect
01-19-2010
03:54 PM
01-19-2010
03:54 PM
I have a Easy VPN remote configured on an 877 router, connecting to an 1801 running Easy VPN server. The vpn connects, and the 877 can ping clients on the remote network, but no clients on the LAN connected to the 877 can ping the remote LAN. Both sites use internal IP schemes and Nat to the Internet, but I believe I have filtered it correctly to prevent the vpn traffic being nat-d, and no packets are dropped by firewall. The IP schemes do not overlap. Any ideas where I'd go to troubleshoot this? I've gone through all the scenarios on the IPSec VPN troubleshooting page, but none of them seem to cover my issue.
... View more
Labels:
Created by
alanmsv1234
in Wireless and Mobility
11-23-2011
11-23-2011
I have same problem, but when I enter command authentication
key-management wpaI get error: Encrypti...
06-25-2010
Found the answer: Packet capture wizard in the ASA can track all packets
between any interface or IP...
06-25-2010
Hi,I don't have a Netflow box, and it looks very complicated!!What I
really need is a simple metod o...
06-25-2010
I have a site-2-site IPSec vpn between an 1801 ISR and an ASA 5510.
Monitoring the vpn on the ASA, I...
06-08-2010
I don't understand why it would say virtual interface. I configured it
via SDM, I presume it would a...
06-04-2010
So, if I upgrade from 8.2 to 8.3, I could use the internal names/ip's in
my ACLs? As you say, this w...
06-03-2010
That config does not work, but I think I've spotted the flaw:it works if
the destination of the acce...
06-03-2010
MSV-ASA# sh run staticstatic (Inside,Outside) tcp xxx.29 pptp Fileserver
pptp netmask 255.255.255.25...
06-03-2010
I have just bought an ASA 5510 and am trying to configure it, but it is
not working the way I expect...
06-02-2010
Hi,debug ppp neg is as follows:*Mar 1 03:33:39.090: Vi2 LCP: State is
Closed*Mar 1 03:33:39.090: Vi2...
06-01-2010
I have an 877 router that will not connect to my ISP. I've tried the
troubleshooting docs, when I ru...
Created by
alanmsv1234
in VPN and AnyConnect
01-20-2010
01-20-2010
I have an ACL on the 877 that prevents traffic to the remote network
being nat-d in the first place,...
Created by
alanmsv1234
in VPN and AnyConnect
01-19-2010
01-19-2010
I have a Easy VPN remote configured on an 877 router, connecting to an
1801 running Easy VPN server....
Public Statistics
| Date Registered | 01-19-2010 03:43 PM |
| Date Last Visited | 08-18-2017 03:53 AM |
| Total Messages Posted | 14 |
