IPCC supports only unicast Music on Hold (MOH) streams. Set up a transcoder to enable outside callers to receive MOH, if the MOH server is not set up to stream G.729 codec. Make sure that the ringback.wav file is in the CallManager server and configured appropriately. Otherwise this can cause CPU spiking in Cisco CallManager. ... View more

The error message you see implies that the user's entry is set to authenticate to the ACS itself and the MS-CHAP password defined within ACS is not defined correctly. Check under the user setup what the "password authentication" dropdown is set to. Is it set to "ACS Internal database"? This is likely why you are seeing this error - it should instead list "Windows Database". make sure ACS presently supports MS-CHAP version 1. ACS versions 3.0 and later support MS-CHAP versions 1 and 2. ... View more

I think there is no IOS in Flash. Copy the new software image either with the CCA or the CLI command from the console to flash. ... View more

It seems to be a configuration issue with the external grammar (either the URL or the actual grammar source). The most common reasons why the error.noresource is thrown by GW are: - URL for the external grammar is not reachable by GW. Note that VXML Server does not fetch the grammar at all - The URL is a partial one preventing GW from fetching ... View more

It sounds like there may either be a problem with the RAID controller [configuration] or, though unlikely a hardware failure. You'd need to check the RAID controller BIOS to see if there's a hard disk drive problem or RAID configuration problem. Also check RAID controller is damaged as disks are not recognized at all. Rebuild the Raid and reimage the appliances. ... View more

The problem might be with the IP pool assignment either through ASA/PIX or Radius server. Use the debug crypto command in order to verify that the netmask and IP addresses are correct. Also, verify that the pool does not include the network address and the broadcast address. Radius servers must be able to assign the proper IP addresses to the clients. http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807e0aca.shtml#vpnconn ... View more

In order to configure Policy NAT for VPN traffic, for example, to change the source address, refer to this configuration example. In this example, the internel network is 10.10.1.0/24. Create an access-list for Policy NAT with real source and a destination IP address. access-list POLICYNAT extended permit ip 10.10.1.0 255.255.255.0 host 172.16.1.1 access-list POLICYNAT extended permit ip 10.10.1.0 255.255.255.0 1.1.1.0 255.255.255.0 Create a static command that states that when source is 10.10.1.0 and destination is 172.16.1.1 or 1.1.1.0, change it to 172.16.5.0 static (inside,outside) 172.16.5.0 access-list POLICYNAT Create a crypto access-list with the source as the new IP address defined in Policy NAT, for example, 172.16.5.0. access-list VPN extended permit ip 172.16.5.0 255.255.255.0 host 172.16.1.1 access-list VPN extended permit ip 172.16.5.0 255.255.255.0 1.1.1.0 255.255.255.0 Apply the crypto access-list to crypto map. crypto map VPN 10 match address VPN ... View more

Perform this procedure to configure group-level TACACS+ enabling parameters. The three possible TACACS+ enable options are: • No Enable Privilege-(default) Disallows enable privileges for this user group. • Max Privilege for Any AAA Client-Selects the maximum privilege level for this user group for any AAA client on which this group is authorized. • Define max Privilege on a per-network device group basis-Defines maximum privilege levels for an NDG. To use this option, you create a list of device groups and corresponding maximum privilege levels. See your AAA client documentation for information about privilege levels. http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/g.html#wp540570 ... View more

I think this is a bug. Try to perform restore factory-default of the WAEs. ... View more

All the router/switch will not supports the TACACS. The Cisco Catalyst family of switches (Catalyst 4000, Catalyst 5000, and Catalyst 6000 that run CatOS) has supported TACACS. You must have access to and must configure a TACACS server before configuring the TACACS features on your Cisco router. http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/sctcacs.html ... View more

You can use CUCM to utilise and perform this funtion. In order to work on IP phones it needs a firmware and that firmware will get loaded either from a call manager or a call manager express so this ctl certificate and all has to be loaded based on the phone firmware. Like 7960 firmware will not suite for 7925. ... View more

It is a known issue that ACS does look ups based on the outer id instead of the inner id when the outer identity is a username. For whatever reason, when the outer identity is anonymous, ACS correctly does its lookups based on the inner identity. It is entirely possible this is why fast-reconnect also fails. I saw the following entries in the RDS.log that correspond to the reported fast-reconnect error in the Failed Attempts log. ... View more

The Cisco 3800, 2800, 1800, 870, 3700, 2600, and 1700 Series provide Multi-VRF customer edge support. No tagging or label distribution is involved, but the physical router supports multiple VRFs. Recommended positioning limits for throughput and the number of VRFs scale from 2 Mbps and 2 VRFs on the Cisco 870 Series, and up to 45 Mbps and 25 VRFs on the Cisco 3845 Integrated Services Router. Please see this link on what's supported on the 1812 and all ISRs. http://www.cisco.com/en/US/partner/prod/collateral/iosswrel/ps6537/ps6557/prod_white_paper0900aecd8051fbdc.html ... View more

You can designate a fixed source IP address for all outgoing TACACS packets. The feature enables TACACS to use the IP address of a specified interface for all outgoing TACACS packets. This is especially useful if the router has many interfaces, and you want to make sure that all TACACS packets from a particular router have the same IP address. http://www.cisco.com/en/US/docs/ios/11_3/security/configuration/guide/sctcacs.html ... View more