We are sending traffic sourced from the ASA's inside interface over our l2l vpn tunnel. We need to NAT the inside interface's IP address. NAT works when we ping *to* the inside interface over the tunnel; we receive replies and we see hit counts on the NAT statement. When we ping *from* or generate syslog traffic from the inside interface though, the traffic goes out the proper interface (outside) but the NAT isn't hit! Ie. NAT works when the traffic is going outside->inside but not inside->outside. Our NAT statement looks like this: nat (any,any) source static obj-inside obj-inside-NAT destination static obj-vpn obj-vpn But we see the non-NAT'd traffic going out the outside interface! 9: 08:58:03.305007 802.1Q vlan#2 P0 10.1.1.1.514 > 10.23.45.67.514: udp 111 Running 5505 on 9.1(7)16. So the question is, why isn't traffic sourced from our inside interface hitting the NAT statement?   ... View more

When I attempt download a file from our public FTP server to any of our 3850's I get the below error message. %Error opening ftp://*****:*****@11.22.33.44/cat3k_caa-universalk9.SPA.03.06.08.E.152-2.E8.bin (Incorrect Login/Password) I'm using this command syntax to copy the file. copy ftp://$USERNAME:$PASSWORD@11.22.33.44/cat3k_caa-universalk9.SPA.03.06.08.E.152-2.E8.bin flash:/cat3k_caa-universalk9.SPA.03.06.08.E.152-2.E8.bin Troubleshooting steps taken... 1. FTP server is pingable. 2. Able to login to the FTP server from my PC using the same credentials 3. Tested using the "ip ftp username" and "ip ftp password" commands and then not specifying creds in the copy command. I receive the same error message. 4. No ACL's on the switches 5. Debug output below 1383852: .May 3 10:14:03.716 EDT: FTP: 220 Serv-U FTP Server v14.0 ready... 1383853: .May 3 10:14:03.717 EDT: FTP: ---> USER $USERNAME 1383854: .May 3 10:14:03.725 EDT: FTP: 220 Serv-U FTP Server v14.0 ready... 1383855: .May 3 10:14:03.725 EDT: FTP: ---> QUIT 6. We're currently running 3.4.4 on all our switches. There are a few bugs regarding FTP but I don't think any of them would give the symptoms we're experiencing. We do have "ip ftp passive" configured. https://www.cisco.com/c/en/us/td/docs/ios/ios_xe/3/release/notes/asr1k_rn_3s_rel_notes/asr1k_caveats_34s.html   As a last resort we can utilize TFTP but I'd really like to get FTP working. We have multiple switches all at different locations with no one on site, so easiest is probably we TFTP over the internet, which I've not had luck with in the past. I'm also just curious why this isn't working. ... View more

We're performing an upgrade and will need to reboot our ESA (C100v). We were told to suspend the listeners prior to reboot and make sure there's no mail left in the queue. My question is, does our email server still receive emails while the listeners are suspended? This is non-clustered. We have just the single ESA device. ... View more

You can see the bgp topology table that I have two routes for 10.32.0.0/16. The one for EIGRP is put into the routing table even though BGP has the lower administrative distance. Can someone help me understand why this is the case? And how would I change this behavior for just this specific route?   R2#sh ip bgp top * For address family: IPv4 Unicast BGP table version is 13, local router ID is 192.168.2.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path * 10.32.0.0/16 1.1.1.1 28416 0 65001 ? *> 192.168.2.2 28416 32768 ? *> 192.168.1.0 1.1.1.1 0 0 65001 ? *> 192.168.2.0 0.0.0.0 0 32768 ? R2# R2# R2#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfR Gateway of last resort is not set 1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 1.1.1.0/24 is directly connected, GigabitEthernet0/0 L 1.1.1.2/32 is directly connected, GigabitEthernet0/0 10.0.0.0/16 is subnetted, 1 subnets D 10.32.0.0 [90/28416] via 192.168.2.2, 00:01:54, GigabitEthernet0/1 B 192.168.1.0/24 [20/0] via 1.1.1.1, 00:23:27 192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.2.0/24 is directly connected, GigabitEthernet0/1 L 192.168.2.1/32 is directly connected, GigabitEthernet0/1 R2# R2#       ... View more