Hi,
i couldn't see any other problems except vlan 9.
But i think you should summarize these lines.
access-list 141 permit ip any 192.168.103.0 0.0.0.255
access-list 141 permit ip any 192.168.104.0 0.0.0.255
access-list 141 permit ip any 192.200.200.0 0.0.0.255
access-list 141 permit ip any 192.200.201.0 0.0.0.255
access-list 141 permit ip any 192.200.203.0 0.0.0.255
access-list 141 permit ip any 192.200.204.0 0.0.0.255
access-list 141 permit ip any 192.200.205.0 0.0.0.255
access-list 141 permit ip any 192.168.110.0 0.0.0.255
access-list 141 permit ip any 192.168.111.0 0.0.0.255
access-list 141 permit ip any 192.168.112.0 0.0.0.255 wildcard mask more flexible than subnet mask. You can set more custom values. İt seems more complivated and read to hard. Best regards.
... View more
Hi,
eem doesn't support authentication parameters. You should select no authentication on server side.
or
you can write TLC script like this answer.
https://supportforums.cisco.com/discussion/11070866/eem-cisco-877-trouble-mail-server-action-and-smtp-auth
... View more
hi,
when you apply an acl in SVI to in direction, this affects source network its vlan id.
Host at VLAN 1 ------- SVI 1
Host at VLAN 9 ------- SVI 9
inbound acl affects when vlan 9 communication to other vlans.
access-list 119 deny ip 10.104.99.0 0.0.0.255 any log
this line block your communication.
Best regards.
... View more
Hi lotfi,
I think it has only way see ios version of your device by using snmp or http access. And this method must be closed for outside connection. I think all outside connection must be controlled by you. Default configuration ASA denied by all low security-level connection.
Can you check access methods to your device ?
... View more
Hi paterson,
Can you try "reverse-route" command in remote access vpn configuration
That command adds a route enty ,that defined ACL in configuration, in remote clinet routing table.
Best regards.
... View more
hi,
you should open that router in rommon mode ( use "break" button in keyboard). and change confreg number.
Default value is 0x2102 . new value is 0x2142 .
And reboot.
Then router will open with no configuration. (Because 0x2142 ignore nvram and startup-config is stored in nvram).
After you should copy config files in flash to running config and set new username and password.
That link include other confreg values.
http://www.cisco.com/c/en/us/support/docs/routers/10000-series-routers/50421-config-register-use.html
... View more
Hi mukesh,
to create dmvpn hub and spoke routers , it must be exist l3 connectivity.
this topology has many redundant connection. and you can easily set up dmvpn.
-> you must set up l3 connectivity use l3 routng protocols,
-> create gre tunnel interface
-> create static or dynamic route entries for tunnel traffic
-> create nhrp map for hub and spoke routers,
-> create ipsec policy for dmvpn tunnels for encryted traffic.
-> apply ipsec policy in tunnel interface.
it is very good and well explained documentation for dmvpn.
http://blog.ine.com/2008/08/02/dmvpn-explained/
... View more
I think it is only way clear mac address previous port and connect again antoher port.
or you can use port security without sticky parameter.
Sorry, i think there is no dynamic solution.
Sincerely.
... View more
Hi,
i think you are under an attack. Find the attackers and victims and kill them all.
Just joke.
Seriusly, you resist some attackers. You can shun all of them with that command shun A.B.C.D.
You can write ACL deny all traffics from attackers.
Best regards.
... View more
Hi,
aaa works order of method types.
if no response at one method pass to another method and vice versa.
if fail at one method dont pass another method and reject.
you defined for authentication one method as group tacacs. and if tacacs authentication is failed you take a message authentication fail.
You should add to configuration
aaa authentication login default group tacacs local
or you should define an user in tacacs user that name is admin .
Best regards.
... View more
Hi,
Unfourtanetly, you cannot define one mac-address on multiple switchports.
Switches create mac address table to use source mac address and forward traffic to use destination mac address.
it is unproperly method and probably cause mac flap or another security-violation.
Best regards
... View more
Hi my friend, you must specify asdm file path your configuration. asdm image disk://asdm_version.bin I guess you set up your authentication use following command. aaa authentication http console Best regards.
... View more