I have few queries related to SIP ALG feature. - Is SIP ALG(NAT) and SIP inspection(inspect sip) dependent on each other? Do we need to enable both features on a router? Or are they independent? My understanding is both are separate features and SIP ALG make sure it open up doors on NAT for any incoming connections from outside using the ports negotiated. And SIP inspection(the 'inspect sip' command) can be added for security purposes to make sure the router when acting as a firewall dynamically allows ports for traversal. Please correct if my understanding is correct. - Why do docs/discussions mention SIP ALG feature (enabled by default) breaks communication(one way/disconnects)? Can someone illustrate why would this feature result in a call breaking? - Is there a difference in these two features in the way it is implemented on an ASA vs routers? Would be grateful if someone could help on my queries. Tried searching in internet but didn't find clear info. Thanks, Karthic
... View more
You are not matching the prefix in any of the prefix lists. Please add the command ip prefix-list PFXL-ANY seq 20 permit 84.204.56.212/32 so that we can advertise this prefix
... View more
Hi, Please check if the route for 84.204.x.x is available in the routing table. This is mandatory for the network command to work. Also please post the outputs of the prefix-lists. 'show run | in prefix-list' will help Thanks, Karthic
... View more
leolaohoo wrote: Check the MD5 hash with YOUR file against the Cisco website. Use the command "verify /md disk0:IOS.bin". At the end of the process is long line of alpha-numeric numbers. Compare that value against the Cisco website. If they don't match you may need to download the IOS from the website once again. Good point Leo.
... View more
The number of NAT entries are pretty low and should not cause high memory usage. If you could get the o/ps, I shd be able to check where the memory usage is going to 'show ver | in IOS' and ' show process mem 93' - Karthic
... View more
Check the bootdisk/bootflash for any crashfiles. Might also be a corrupted IOS. Best way to confirm is to take a flash from another working 6500 after testing SXI9 to be working over there and use the same disk in this device. Not the easiest of methods -Karthic
... View more
I am not really a security guy but I think this link might help. http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/DCertPKI.html Thanks, Karthic
... View more
David, Since we have configured 'aaa new-model', one must use the aaa authentication commands to setup logging mechanisms. If you want to use only local authentication and there is no use of a AAA device, turn off AAA using 'no aaa new-model'. Else use the aaa authentication login commands as mentioned in the link below http://www.cisco.com/en/US/docs/ios/12_0/security/command/reference/srathen.html#wp1017794 Thanks, Karthic
... View more
I dont expect to see this option available for a sub-interface considering the fact that input/output rates are never accounted on a sub-interface. BW util info is available only for the main interface - Karthic
... View more
If you are looking for spoke-spoke connectivity DMVPN would be the best option where routing protocols can be employed for dynamic routing. However, DMVPN used when there are a quite a lot of sites requiring inter-site connectivity. If you want dynamic routing to be used across sites your options are GRE tunnels and DMVPN. Else, if you have few sites that have to be connected, static routes can do the job for you. -Karthic
... View more
Aah.. The memory usage is more due to MallocLite function. This masks who the real culprit of the memory usage is. You can review this for more info on malloc-lite - http://www.cisco.com/en/US/docs/ios/12_3t/fun/command/reference/cfrgt_05.html#wp1084941 Plz post the o/ps of 'show ver | in IOS' and ' show process mem 93' Meanwhile, also check how many nat translations are present. A 'show ip nat stat' will give that info -Karthic
... View more
IP input as you know is the process associated with process switching of packets. I dont expect to see many bugs with this process. Is the 'IP Input' memory utilization remaining stable throughout (or) does it decrease during off-hours? How long you have been facing this. To start with can you post - show mem stat - show mem alloc totals (Top 10 functions should be good enough) - show ver | in IOS - Karthic
... View more
Bridging is not supported on ASR1000. ASR can still accept the command but it will not take effect. The feature is not supported on this platform. You can alternatively use BDIs
http://www.cisco.com/en/US/docs/routers/asr1000/configuration/guide/chassis/bdi.html -Karthic
... View more