Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- :
- About viplove07
08-07-2019
Stats
Member since
01-02-2018
11
Posts
5
Helpful
0
Solutions
03-15-2019
05:18 AM
Show ver : Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 12.2(55)SE3, RELEASE SOFTWARE (fc1) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2011 by Cisco Systems, Inc. Compiled Thu 05-May-11 16:29 by prod_rel_team Image text-base: 0x01000000, data-base: 0x02F00000 ROM: Bootstrap program is C3750 boot loader BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1) tnp_ctt_ctp34_01_sw_01 uptime is 45 weeks, 3 days, 2 hours, 23 minutes System returned to ROM by power-on System restarted at 11:45:29 SAST Tue May 1 2018 System image file is "flash:c3750-ipservicesk9-mz.122-55.SE3.bin" This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. cisco WS-C3750G-24TS-1U (PowerPC405) processor (revision H0) with 131072K bytes of memory. Processor board ID FOC1446V3Z9 Last reset from power-on 4 Virtual Ethernet interfaces 28 Gigabit Ethernet interfaces The password-recovery mechanism is enabled. 512K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address : 08:17:35:41:E6:00 Motherboard assembly number : 73-10219-09 Power supply part number : 341-0098-02 Motherboard serial number : FOC14464P62 Power supply serial number : AZS143912PF Model revision number : H0 Motherboard revision number : A0 Model number : WS-C3750G-24TS-S1U System serial number : FOC1446V3Z9 Top Assembly Part Number : 800-26859-03 Top Assembly Revision Number : B0 Version ID : V05 CLEI Code Number : COMB600BRA Hardware Board Revision Number : 0x09 Switch Ports Model SW Version SW Image ------ ----- ----- ---------- ---------- * 1 28 WS-C3750G-24TS-1U 12.2(55)SE3 C3750-IPSERVICESK9-M Configuration register is 0xF Show Ip Traffic: IP statistics: Rcvd: 278594504 total, 208859258 local destination 0 format errors, 0 checksum errors, 0 bad hop count 0 unknown protocol, 69735246 not a gateway 0 security failures, 0 bad options, 1123742 with options Opts: 0 end, 0 nop, 0 basic security, 0 loose source route 0 timestamp, 0 extended security, 0 record route 0 stream ID, 0 strict source route, 1123742 alert, 0 cipso, 0 ump 0 other Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble 0 fragmented, 0 couldn't fragment Bcast: 197910334 received, 0 sent Mcast: 0 received, 0 sent Sent: 12600531 generated, 0 forwarded Drop: 364355 encapsulation failed, 0 unresolved, 0 no adjacency 0 no route, 0 unicast RPF, 0 forced drop 0 options denied, 0 source IP address zero ICMP statistics: Rcvd: 0 format errors, 0 checksum errors, 1 redirects, 27980 unreachable 1235104 echo, 117634 echo reply, 33 mask requests, 0 mask replies, 0 quench 0 parameter, 11 timestamp, 0 info request, 11 other 0 irdp solicitations, 0 irdp advertisements Sent: 0 redirects, 5895 unreachable, 117735 echo, 1235104 echo reply 0 mask requests, 0 mask replies, 0 quench, 11 timestamp 0 info reply, 0 time exceeded, 0 parameter problem 0 irdp solicitations, 0 irdp advertisements TCP statistics: Rcvd: 797085 total, 0 checksum errors, 446 no port Sent: 1045663 total UDP statistics: Rcvd: 206681337 total, 10 checksum errors, 185575835 no port Sent: 10196153 total, 0 forwarded broadcasts BGP statistics: Rcvd: 0 total, 0 opens, 0 notifications, 0 updates 0 keepalives, 0 route-refresh, 0 unrecognized Sent: 0 total, 0 opens, 0 notifications, 0 updates 0 keepalives, 0 route-refresh EIGRP-IPv4 statistics: Rcvd: 0 total Sent: 0 total PIMv2 statistics: Sent/Received Total: 0/0, 0 checksum errors, 0 format errors Registers: 0/0 (0 non-rp, 0 non-sm-group), Register Stops: 0/0, Hellos: 0/0 Join/Prunes: 0/0, Asserts: 0/0, grafts: 0/0 Bootstraps: 0/0, Candidate_RP_Advertisements: 0/0 State-Refresh: 0/0 IGMP statistics: Sent/Received Total: 0/0, Format errors: 0/0, Checksum errors: 0/0 Host Queries: 0/0, Host Reports: 0/0, Host Leaves: 0/0 DVMRP: 0/0, PIM: 0/0 OSPF statistics: Rcvd: 0 total, 0 checksum errors 0 hello, 0 database desc, 0 link state req 0 link state updates, 0 link state acks Sent: 0 total 0 hello, 0 database desc, 0 link state req 0 link state updates, 0 link state acks ARP statistics: Rcvd: 635583950 requests, 3023824 replies, 335149 reverse, 0 other Sent: 1965 requests, 22512202 replies (0 proxy), 0 reverse Drop due to input queue full: 1863016 #show int | i Input queue|line protocol is up Vlan1 is up, line protocol is up Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Vlan2 is up, line protocol is up Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Vlan300 is up, line protocol is up Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 GigabitEthernet1/0/1 is up, line protocol is up (connected) Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 GigabitEthernet1/0/2 is up, line protocol is up (connected) Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 GigabitEthernet1/0/3 is up, line protocol is up (connected) Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 GigabitEthernet1/0/4 is up, line protocol is up (connected) Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 GigabitEthernet1/0/5 is up, line protocol is up (connected) Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 GigabitEthernet1/0/6 is up, line protocol is up (connected) Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 GigabitEthernet1/0/7 is up, line protocol is up (connected) Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 GigabitEthernet1/0/25 is up, line protocol is up (connected) Input queue: 1/75/0/0 (size/max/drops/flushes); Total output drops: 200 GigabitEthernet1/0/26 is up, line protocol is up (connected) Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Loopback0 is up, line protocol is up Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
... View more
03-15-2019
04:01 AM
It is Virtual Route forwarding, we use when we need a different routing table on the same device. With this you can use same bunch of IP address and routing that you are using on default vrf, to segregate the customers using same IP. There are many uses of vrf that you can find on cisco docs. Go through them.
... View more
03-15-2019
03:39 AM
I am observing ARP input Queue full and dropping packets. At the same time Observing CPU high due to PID 9 which belongs to ARP Input. Kindly suggest solution, customer is dropping connections to their servers. 007152: Mar 15 12:03:32.816: %SYS-1-CPURISINGTHRESHOLD: Threshold: Total CPU Utilization(Total/Intr): 91%/26%, Top 3 processes(Pid/Util): 9/46%, 211/7%, 267/2% 9 107058250 495013478 216 0.47% 0.43% 0.44% 0 ARP Input tnp_ctt_ctp34_01_sw_01#show ip traffic | in input Drop due to input queue full: 1860186 Kindly suggest a solution
... View more
Labels:
Created by
viplove07
in VPN and AnyConnect
in VPN and AnyConnect
04-24-2018
05:05 AM
04-24-2018
05:05 AM
No it was working fine for like 6 months after i've applied NAT. Though the instability started 20 days ago and i'm resetting the ikev1 session in every 18 hours to start it again.
... View more
Created by
viplove07
in VPN and AnyConnect
in VPN and AnyConnect
04-24-2018
04:06 AM
04-24-2018
04:06 AM
Yes, The checkpoint administrator has been informed about the same. I have told him to confirm phase 2 lifetime though, will try making them same on both end.
... View more
Created by
viplove07
in VPN and AnyConnect
in VPN and AnyConnect
04-24-2018
03:58 AM
04-24-2018
03:58 AM
Hi Maurius, I have tried debugging the peer but nothing significant has been observed. Though i have seen one common pattern everytime this happens. ASA shows Tx increasing but the Rx remains same, that refers i'm not receiving traffic from my peer. All other S2S VPN are working fine, only this is the one that is giving issues. Meanwhile, there was another issue of local IP clashing at both end so i have applied double NAT on ASA to sort this out. Are this IP's are giving issues ? Regard, Viplove Rane
... View more
Created by
viplove07
in VPN and AnyConnect
in VPN and AnyConnect
04-24-2018
03:24 AM
04-24-2018
03:24 AM
Hi Marius, This is not a new setup. We are using Ikev1, though no changes has been done from ASA perspective. I dont know whether they have done changes on Checkpoint. But whats the reason for this behaviour.
... View more
Created by
viplove07
in VPN and AnyConnect
in VPN and AnyConnect
04-23-2018
05:46 AM
04-23-2018
05:46 AM
A site to site VPN on ASA is getting stuck. I have to reset ikev1 phase all the time to get it back.The S2S is VPN is between ASA and checkpoint. The source is 192.168.11.x/24 and destination are different server IP's on ASA.
NMS sits in Subnet 192.168.11.x/24 and has to monitor every server IP in Remote host list. What can i do to permanently fix this ?
... View more
Labels:
01-03-2018
12:53 PM
The default mpf has been applied globally class-map inspection_default match default-inspection-traffic policy-map global_policy class inspection_default inspect ftp inspect h323 h225 inspect h323 ras inspect ip-options inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect dns preset_dns_map inspect icmp service-policy global_policy global I tried to include the command " set connection embryonic-conn-max 50" in this default mpf. but it did'nt sync in, it just omitted the command and said only inspect commands allowed. Viplove R
... View more
01-03-2018
05:45 AM
access-list synattack extended permit tcp any any class-map synattack match access-list synattack policy-map synattack class synattack set connection embryonic-conn-max 50 service-policy synattack interface inside I've applied this on inside interface as it is not getting applied globally.
... View more
01-02-2018
03:19 AM
Hii
My company recently bought a USM which has been flooding my firewall with syn packets.
Now as a solution i've applied tcp intercept but it is not getting applied globally.
Temporarily i've applied it on inside interface which is pretty much helpful.
I'm using version asa 9.7 and asdm 7.7.
Please suggest what could be the issue.
... View more
Labels:
03-15-2019
Show ver :Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M),
Version 12.2(55)SE3, RELEASE SO...
03-15-2019
It is Virtual Route forwarding, we use when we need a different routing
table on the same device.Wit...
03-15-2019
I am observing ARP input Queue full and dropping packets.At the same
time Observing CPU high due to ...
Created by
viplove07
in VPN and AnyConnect
04-24-2018
04-24-2018
No it was working fine for like 6 months after i've applied NAT.Though
the instability started 20 da...
Created by
viplove07
in VPN and AnyConnect
04-24-2018
04-24-2018
Yes, The checkpoint administrator has been informed about the same.I
have told him to confirm phase ...
Created by
viplove07
in VPN and AnyConnect
04-24-2018
04-24-2018
Hi Maurius,I have tried debugging the peer but nothing significant has
been observed.Though i have s...
Created by
viplove07
in VPN and AnyConnect
04-24-2018
04-24-2018
Hi Marius,This is not a new setup. We are using Ikev1, though no changes
has been done from ASA pers...
Created by
viplove07
in VPN and AnyConnect
04-23-2018
04-23-2018
A site to site VPN on ASA is getting stuck. I have to reset ikev1 phase
all the time to get it back....
01-03-2018
The default mpf has been applied globallyclass-map inspection_default
match default-inspection-traff...
01-03-2018
access-list synattack extended permit tcp any anyclass-map synattack
match access-list synattackpoli...
Public Statistics
| Date Registered | 01-02-2018 03:09 AM |
| Date Last Visited | 08-07-2019 12:17 AM |
| Total Messages Posted | 11 |
| Total Helpful Votes Received | 5 |
