Cisco 7600
Hi all
I got a guy with this command:
See mls cef maximum-routes
When I show this order, need is save the Conference running, to write new values size on FIB - AAGR tables?
concerning
Santiago
Hello
If you adjust the maximum roads, you must save and not reload when you issue the command show
After you adjust the maximum-roads, you must Save the running configuration and restart the switch before changes become active (there are no operational impact before the reboot). After the reboot, you can enter the show mls cef maximum-routes command in order to view the new allocation AAGR
http://www.Cisco.com/c/en/us/support/docs/switches/Catalyst-6500-Series-...
Tags: Cisco Support
Similar Questions
-
Question of vlan Cisco 7600 PFD
Hello!
Please help with a question.
In our network, we have 7600 and I need to create a service of vpls with two different VLAN associated with a PFD:
L2 PFD manual test
VPN id 100
neighbor 1.1.1.1 mpls encapsulationinterface Vlan120
no ip address
Shutdown
PFD xconnect tests
!
interface Vlan121
no ip addressAnd when I try to reach "xconnect PFD testing:
Incompatible with the PFD configured setting.
Check the interface MTU, VLAN ID size
Or try to configure BPDU PW on routed SVI, which is not allowedIs it possible to do or not? No mapping VLANs etc.
Thank you all!
Hi Dimitri, you can do it, but the link is made to port vlan does not level level IVR.
Here is a configuration snippet:
the GigabitEthernet4/1/0 interface
101 ethernet service instance
encapsulation dot1q 101 second 10
rewrite the penetration pop tag 2 symmetrical
interface GigabitEthernet4/1/1
ethernet 100 service instance
encapsulation dot1q 100
rewrite tag pop 1 symmetrical penetration
connect GigabitEthernet4/1/0 eline-101 101 100 GigabitEthernet4/1/1
Xander
-
Using L2TP xconnect on 7600/ss20
Dear friends,
A colleague asked me to help him establish a L2TP pseudowire between two routers in the 7600 series. At first, I thought that it is an easy task, but it has suddenly become a problem we couldn't solve.
The goal was to provide a plain pseudowire L2TP between two different ports (no interoperability, just a simple pseudowire) 7600 routers. This pseudowire has been configured in a simple manner with the help of a simple class pseudowire and respective order xconnect on Ethernet interfaces:
pseudowire-class PW-Class
encapsulation l2tpv3
ip local interface Loopback0
!interface GigabitEthernet3/0/0
no ip address
speed 1000
no mls qos trust
xconnect A.B.C.D 1234 encapsulation l2tpv3 pw-class PW-ClassThe problem is that while the L2TP control connection is established successfully, this tunnel operates all the data either:
7604-First# show l2tp
L2TP Tunnel and Session Information Total tunnels 1 sessions 1
LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/
Count VPDN Group
2978780432 1598333693 7604-Second est A.B.C.D 1 l2tp_default_clLocID RemID TunID Username, Intf/ State Last Chg Uniq ID
Vcid, Circuit
9560 21227 2978780432 1234, Gi3/0/0 est 00:36:55 207604-First# show l2tp session packets
L2TP Session Information Total tunnels 1 sessions 1
LocID RemID TunID Pkts-In Pkts-Out Bytes-In Bytes-Out
9560 21227 2978780432 0 0 0 0We have tried several ways to configure the pseudowire as well using the xconnect directly on the physical interface and creating a "service instance" and using the xconnect inside the service instance configuration. Nothing has had a positive effect. The L2TP control connection gets easily implemented, but frames received by IG3/0/0 seem not yet to be passed in the pseudowire. The problem is the same on both ends of the pseudowire.
The question is - is there a problem in the config or not the 7600 with the absence of ss20 line card appropriate for establishing L2TP pseudowires support?
Information about the versions of hardware and software of the equipment:
IOS version: Cisco IOS software, software c7600rsp72043_rp (c7600rsp72043_rp-ADVIPSERVICESK9-M), Version 12.2 (33) SRD4, VERSION of the SOFTWARE (fc2)
Excerpt from 'Show inventory:
NAME: 'CISCO7604', DESCR: "Cisco Systems Cisco 7600 4 - slot Chassis System.
NAME: 'CLK-7600 1', DESCR: "clock of the OSR - 7600 FRU 1"
NAME: 'CLK-7600 2', DESCR: "clock of the OSR - 7600 FRU 2"
NAME: "module 1", DESCR: "RSP720 - 3 c - 2 ports Route Switch processor 720 Apocalypse 5.9" GE
NAME: "msfc sub-module 1', DESCR: ' 7600-MSFC4 C7600 MSFC4 Rev 1.5 daughter card"»
NAME: "engine switching sub-module 1', DESCR:" policy 7600-PFC3C card 3 Rev 1.2 feature "»
NAME: "module 3', DESCR: ' 7600-ss20-GE3C ESM20G Rev 1.5".»
NAME: "LINK sub-module 3', DESCR: '7600-ss20-20GE link Daugher card rev. 1.1 "
NAME: "subslot transceiver 3/0 0', DESCR:"GE T ".
NAME: "subslot 3/0 Radio 1', DESCR:"GE T ".
NAME: "subslot 3/0 transceiver 2', DESCR:"GE T ".
NAME: "subslot 3/0 transceiver 3', DESCR:"GE T ".
NAME: "subslot 3/0 transceiver 4', DESCR:"GE T ".
NAME: "subslot 3/0 transceiver 5', DESCR:"GE T ".
NAME: "subslot 3/0 transceiver 18', DESCR:"GE T ".
NAME: "subslot 3/0 transceiver 19', DESCR:"GE T ".
NAME: "CPU sub-module 3', DESCR:" type of 7600-ss20-PROC FRU (0 x 6005, 0x6A5 (1701)) Rev. " 1.4 "
NAME: "engine switching sub-module 3', DESCR: ' 7600-ss20-D3C ESM20G / PFC3C Distributed Forwarding Card Rev 1.2".
NAME: 'FAN-MOD-4HS 1', DESCR: "Module ventilation high speed for CISCO7604 1"
NAME: "PS 1 PWR-2700-AC/4 ', DESCR:"2700W power supply for CISCO7604 1 "
NAME: ' PS 2 PWR-2700-AC/4 ', DESCR: "2700W power supply for CISCO7604 2"Any help or advice is much appreciated!
Best regards
Peter
Have you watched the L2TPv3 related restrictions to 7600? You need a SIP-400 line card access or ARE + face. -20 as facing access is not supported. Base coating can be any line card.
-
VS wireless controllers. WISN Modules
We are in the process of upgrading stand-alone mode for Lightweight AP we have about 200 access points in the campus. My question is is it better to get a wireless controllers that can only handle up to tp 100 AP or a module of WISN that can handle 300 APs and has best redundancy directly connected to our Cat 6509 distribution? If we opt for the WISN module, we only 2 this since it can cover all of our AP and safeguard a snack fails. If we opt for the controllers, we get 4-6 of the present. Which do you think is better? We also have 4 6509 which has many sites for the module WISN. Every opinion counts TY in advance.
Here's what the WISN questions (http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6526/prod_qas0900aecd8036434e.html) says:
Q. What is the advantage of the deployment of the WISN Cisco?
A. benefits of the Cisco WISN deployment include:
• Cost reduction for deployments of more than 300 access points
• Continuation of investment protection for existing customers Cisco Catalyst 6500 Series and Cisco 7600 series routers
• Integration tighter with or without wire for deployments across the enterprise in the same chassis
• Less successful of the nodes of the network
• Scalability to 7200 access points
That said, the first chip speaks for itself. If you have 300 APs, then there are economies of scale. But if you don't have this price already, it may be cheaper to get your dismissal of the 4400 series, then buy WISN 2 for only 200 APs.
-
JOINT-2 update in progress...
Hi all
I'm new to this community and in Cisco security. Here's my question for you:
I have a Cisco 7600 router with a JOINT-2 module and I update it to version IPS - K9 - 5.1 - 8 - E3. Now, I would like to upgrade with the IPS 7.0 version (3) E4.
Is this possible? I read that IPS 6.0 denies default high risk event and create an event of action to solve the problem. How can I solve my problem? I'm afraid to do something wrong because the router is an important, if I do something wrong I'm afraid to block all traffic: s
Thank you
G.
G;
You can certainly upgrade your JOINT-2 8,0000 E3 to E4 4,0000 directly.
Regarding your concern about the JOINT-2 refusing events at high risk (risk rating of 90 to 100) by default, this is the case if the JOINT-2 is configured to inspect the traffic using the line operation. If the JOINT-2 is configured for the inspection of the promicuous, this will not happen.
If your JOINT-2 is configured for online operation, the simplest method to avoid the JOINT-2 denying high risk events, is to turn off th default event action override (EAO). Starting in IPS (IDM) Device Manager:
Configuration > policies
Highlight the virtual sensor in question (degfault is vs0) and choose Edit.
Under the event rule Action uncheck "use event Action overrides.
This will disable all replacements actin of event for the virtual sensor in question. You can also disable just the high-risk EAO, following the same procedure as above, but instead of uncheck 'use event Action overrides' by default:
Highlight the EAO 'HIGH risk' and click 'change '.
Next to the "right Packet Inline (online)", uncheck the box under the column "Enable" (not the "Assigned" column).
Scott
-
I have 2 Cat6, with IPsec SPA card, while the other did not.
I tried setting IPsec tunnel between them, but somehow can't bring up the tunnel, can someone help me to watch set it up?
A (with SPA):
crypto ISAKMP policy 1
BA aes 256
preshared authentication
Group 5
ISAKMP crypto cisco123 key address 0.0.0.0 0.0.0.0
ISAKMP crypto keepalive 10
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac testT1
!
Crypto ipsec profile P1
Set transform-set testT1
!
Crypto call admission limit ike his 3000
!
Crypto call admission limit ike in-negotiation-sa 115
!
interface Tunnel962
Loopback962 IP unnumbered
tunnel GigabitEthernet2/37.962 source
tunnel destination 172.16.16.6
ipv4 ipsec tunnel mode
Profile of tunnel P1 ipsec protection
interface GigabitEthernet2/37.962
encapsulation dot1Q 962
IP 172.16.16.5 255.255.255.252
interface Loopback962
1.1.4.200 the IP 255.255.255.255
IP route 2.2.4.200 255.255.255.255 Tunnel962
B (wuthout SPA):
crypto ISAKMP policy 1
BA aes 256
preshared authentication
Group 5
ISAKMP crypto cisco123 key address 0.0.0.0 0.0.0.0
!
!
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac T1
!
Crypto ipsec profile P1
game of transformation-T1
interface Tunnel200
Loopback200 IP unnumbered
tunnel GigabitEthernet2/1.1 source
tunnel destination 172.16.16.5
ipv4 ipsec tunnel mode
Profile of tunnel T1 ipsec protection
interface Loopback200
2.2.4.200 the IP 255.255.255.255
interface GigabitEthernet2/1.1
encapsulation dot1Q 962
IP 172.16.16.6 255.255.255.252
IP route 1.1.4.200 255.255.255.255 Tunnel200
I can ping from 172.16.16.6 to 172.16.16.5, but the tunnel just can not upwards. When I turned on "debugging ipsec cry ' and ' debug cry isa", nothing comes out, when I trun on 'cry of debugging sciences', I got:
"00:25:17: crypto_engine_select_crypto_engine: can't handle more."
Hello
You need a map of IPSEC SPA on chassis B do IPSEC encryption. Please see the below URL for more details.
Without a SPA-IPSEC - 2G or IPsec VPN Services Module of acceleration, the IPsec network security feature (configured with the crypto ipsec command) is supported in the software only for administrative for Catalyst 6500 series switches and routers for the Cisco 7600 Series connections.
Kind regards
Arul
* Rate pls if it helps *.
-
CAN´t get the ip to the FWSM for the MSFC2 connection
Hello
I want to configure my FWSM with PDM module, but I can´t get a connection ip with the FWSM.
I ve followed the instructions in the Catalyst 6500 series and cisco 7600 series firewall module installation and configuration note for service.
I configured vlan´s and groups of firewall. But I have ping can´t starting from the msfc the fwsm and the other way around.
Kind regards
Edwin Gerritsen
DHS Informatisering
Hello
That said the State of the interface? You can share the relevant part of the msfc configs, cat and fwsm? also the version. (You can hide the IPs)
Thank you
Nadeem
-
OK, so not older Toshiba XP drivers are installed on this machine, strictly Microsoft except for one driver HP for a Toshiba SD drive and and a Cisco-Linksys driver for a USB WiFi key.
Other software no MS: apache (apache.org), PHP (php.net), Java (Sun), Eclipse (Eclipse.org) and Postgres (EnterpriseDB.com).
Anyway now to the problem:
I automatically download an update of Windows 7 security and it breaks any network somehow. Local and remote. Something about a proxy is not not available although I never set up a.
Another, funny, buggy behavior is also the IE 8 has gotten me through this intro screen where you choose the search engines and others several times (for example after a reboot when a new Windows Update patch).
But anyway, back to the network / proxy bug. Cannot view the event log, or connect to any network. Of course Wi-Fi manages not to connect and everything you could imagine connected to networks (logical and dumb, as not having does not event viewer available unless the network software is running).
So stuck here at the end of the WindowsUpdate.log file since the last update (after several reboots: I uninstalled I thought, it was the last update before one reboots)
And after that the ntbtlog.txt
And modified a file I don't have any idea what it is, but he has time stamps in there from July 13 (I guess that's the day of the last build of Windows 7 before the RTM version) and November 2.
What makes this same lovier is I bet after finally getting this race I'll have to call Microsoft to get active this and explain to them that, Yes, it is true that I paid for this Windows 7 and it is a true copy. And yes I only have this installed on a computer.
2009-11-03 20:13:22:515 964 7 a 4 Agent *.
2009-11-03 20:13:22:515 964 7 a 4 Agent * START * Agent: finding updates [CallerId = Microsoft Security Essentials]
2009-11-03 20:13:22:515 964 7 a 4 Agent *.
2009-11-03 20:13:22:515 964 7 a 4 Agent * Online = Yes; Ignore download priority = No
2009-11-03 20:13:22:515 964 7 a 4 Agent * criteria = "(IsInstalled = 0 et IsHidden = 0 et CategoryIDs contient ' 6cf036b9-b546-4694-885a-938b93216b66' et CategoryIDs contient ' 0FA1201D-4330-4FA8-8AE9-B877473B6441') OR (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '6cf036b9-b546-4694-885a-938b93216b66' and CategoryIDs"E6CF1350-C01B-414 D-A61F-263D14D133B4") OR (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '6cf036b9-b546-4694-885a-938b93216b66' and '28BC880E-0592-4CBF-8F95-C79B17911D5F' CategoryIDs) OR (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '6cf036b9-b546-4694-885a-938b93216b66' and CategoryIDs ' B54E7D24-7Ajouter-428F - B 8, 75 - 90A396FA584F") OR (IsInstalled = 0 and IsHidden = 0 and CategoryIDs contains '6cf036b9-b546-4694-885a-938b93216b66' and 'CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83' CategoryIDs) OR IsInstalled = 0 and IsHidden = 0 " (et contient de la CategoryIDs'6cf036b9-b546-4694-885a-938b93216b66' et CategoryIDs contient ' 68C5B0A3-D1A6-4553-AE49-01D3A7827828') ".
2009-11-03 20:13:22:515 964 7 a 4 Agent * ServiceID = {7971F918-A847-4430-9279-4A52D1EFE18D} third service
2009-11-03 20:13:22:515 964 7 a 4 Agent * scope of search = {Machine}
2009-11-03 20:13:22:515 964 7 a 4 Misc validation signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-11-03 20:13:22:525 964 7 a 4 Misc Microsoft signed: Yes
2009-11-03 20:13:22:735 964 7 a 4 Misc validation signature for C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab:
2009-11-03 20:13:22:745 964 7 a 4 Misc Microsoft signed: Yes
2009-11-03 20:13:22:755 964 7 a 4 Agent looking for updates auth cab for 7971f918-a847-4430-9279-4a52d1efe18d to http://download.windowsupdate.com/v9/microsoftupdate/redir/muauth.cab service
2009-11-03 20:13:22:755 964 7 a 4 Misc validation signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2009-11-03 20:13:22:765 964 7 a 4 Misc Microsoft signed: Yes
2009-11-03 20:13:22:835 964 7 a 4 Misc validation signature for C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab:
2009-11-03 20:13:22:845 964 7 a 4 Misc Microsoft signed: Yes
2009-11-03 20:13:22:966 964 7 a 4 Misc validation signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-11-03 20:13:22:976 964 7 a 4 Misc Microsoft signed: Yes
2009-11-03 20:13:23:046 964 7 a 4 Misc validation signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-11-03 20:13:23:056 964 7 a 4 Misc Microsoft signed: Yes
2009-11-03 20:13:23:066 964 7 a 4 PT +++ PT: from category scan +++
2009-11-03 20:13:23:066 964 7-4 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, URL of the server = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2009-11-03 20:13:23:556 964 7 a 4 Misc validation signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-11-03 20:13:23:566 964 7 a 4 Misc Microsoft signed: Yes
2009-11-03 20:13:23:637 964 7 a 4 Misc validation signature for C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muv4muredir.cab:
2009-11-03 20:13:23:647 964 7 a 4 Misc Microsoft signed: Yes
2009-11-03 20:13:23:657 964 7 a 4 PT +++ PT: Synchronizing server updates +++
2009-11-03 20:13:23:657 964 7-4 PT + ServiceId = {7971F918-A847-4430-9279-4A52D1EFE18D}, URL of the server = https://www.update.microsoft.com/v6/ClientWebService/client.asmx
2009-11-03 20:13:24:047 964 7 a 4 Agent * found 0 updates day and 4 categories in the search. rules apply rated 66 out of 73 deployed entities
2009-11-03 20:13:24:047 964 7 a 4 Agent *.
2009-11-03 20:13:24:047 964 7 a 4 Agent * END * Agent: finding updates [CallerId = Microsoft Security Essentials]
2009-11-03 20:13:24:047 964 7 a 4 Agent *.
2009-11-03 20:13:29:064 964 7 a 4 report REPORT EVENT: {A6EB474B-968E-494B-A565-1CC83AEE0366}-2009-11-03 20:13:24:047 - 0500 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 Microsoft Security Essentials successful synchronization Windows Update Client software detected 0 updates successfully.
2009-11-03 20:13:29:064 964 7 a 4 CWERReporter finish event management report. (00000000)
2009-11-03 21:22:17:079 964 ff0 DnldMgr * DnldMgr: regulation update [Svc: {7971F918-A847-4430-9279-4A52D1EFE18D}] *.
2009-11-03 21:22:17:079 964 ff0 DnldMgr * call for full rules. 0x00000000
2009-11-03 22:43:17:398 964 7f8 event handle to THE receipt
2009-11-03 22:43:17:398 964 7f8 setting of to THE pending client directive to 'install approval. "
2009-11-03 22:43:26:231 964 7f8 Shutdwn user refused the update stopped
2009-11-03 22:43:26:231 964 7f8 successfully wrote event to THE health state: 0
2009-11-03 22:43:26:231 964 7f8 to THE to THE initiates stopping service
2009-11-03 22:43:26:231 964 7f8 to THE # to THE: initialization of automatic updates.
2009-11-03 22:43:28:274 964 7f8 Agent sending pre-stop the customer notification
2009-11-03 22:43:28:284 1912 978 COMAPI WARNING: receipt service stop/auto-update notification.
2009-11-03 22:43:28:284 964 7f8 Agent sending pre-stop the customer notification
2009-11-03 22:43:28:484 964 7f8 report CWERReporter finish event management. (00000000)
2009-11-03 22:43:28:634 964 7f8 Service *.
2009-11-03 22:43:28:634 964 7f8 Service * END * Service: out of Service [exit code = 0 x 240001]
2009-11-03 22:43:28:634 964 7f8 Service *.
2009-11-03 22:52:03:992 908 c3c Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 22:52:03:992 908 c3c Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 22:52:03:992 908 c3c Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 22:52:03:992 908 c3c Service *.
2009-11-03 22:52:03:992 908 c3c Service * START * Service: Service startup
2009-11-03 22:52:03:992 908 c3c Service *.
2009-11-03 22:52:04:002 908 c3c Agent * WU client version 7.3.7600.16385
2009-11-03 22:52:04:002 908 c3c Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 22:52:04:002 908 c3c Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 22:52:04:002 908 c3c Service FATALE: failed to initialize the client WU: 0x80072ee4
2009-11-03 22:52:04:022 908 c3c Service *.
2009-11-03 22:52:04:022 908 c3c Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 22:52:04:022 908 c3c Service *.
2009-11-03 22:54:58:593 908 d6c Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 22:54:58:593 908 d6c Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 22:54:58:593 908 d6c Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 22:54:58:593 908 d6c Service *.
2009-11-03 22:54:58:593 908 d6c Service * START * Service: Service startup
2009-11-03 22:54:58:593 908 d6c Service *.
2009-11-03 22:54:58:593 908 d6c Agent * WU client version 7.3.7600.16385
2009-11-03 22:54:58:593 908 d6c Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 22:54:58:593 908 d6c Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 22:54:58:593 908 d6c Service FATALE: failed to initialize the client WU: 0x80072ee4
2009-11-03 22:54:58:593 908 d6c Service *.
2009-11-03 22:54:58:593 908 d6c Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 22:54:58:593 908 d6c Service *.
2009-11-03 22:55:28:627 3372 d50 Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 22:55:28:627 3372 d50 Misc = process: c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe
2009-11-03 22:55:28:627 3372 d50 Misc = Module: C:\Windows\system32\wuapi.dll
2009-11-03 22:55:28:627 3372 d50 COMAPI FATALE: unable to connect to service (hr = 80080005)
2009-11-03 22:55:28:627 3372 d50 COMAPI WARNING: failed to connect to the service. (hr = 80080005)
2009-11-03 22:55:28:637 3372 d50 COMAPI-
2009-11-03 22:55:28:637 3372 d50 COMAPI - START - COMAPI: search [ClientId = Microsoft Antimalware (BCF43643-A118-4432-AEDE-D861FCBCFCDE)]
2009-11-03 22:55:28:637 3372 d50 COMAPI-
2009-11-03 22:55:28:647 908 da4 Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 22:55:28:647 908 da4 Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 22:55:28:647 908 da4 Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 22:55:28:647 908 da4 Service *.
2009-11-03 22:55:28:647 908 da4 Service * START * Service: Service startup
2009-11-03 22:55:28:647 908 da4 Service *.
2009-11-03 22:55:28:647 908 da4 Agent * WU client version 7.3.7600.16385
2009-11-03 22:55:28:647 908 da4 Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 22:55:28:657 908 da4 Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 22:55:28:657 908 da4 Service FATALE: failed to initialize the client WU: 0x80072ee4
2009-11-03 22:55:28:657 908 da4 Service *.
2009-11-03 22:55:28:657 908 da4 Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 22:55:28:657 908 da4 Service *.
2009-11-03 22:55:58:640 3372 d50 COMAPI FATALE: unable to connect to service (hr = 80080005)
2009-11-03 22:55:58:640 3372 d50 COMAPI WARNING: failed to connect to the service. (hr = 80080005)
2009-11-03 22:55:58:640 3372 COMAPI d50 - WARNING: exit code = 0 x 80080005
2009-11-03 22:55:58:640 3372 d50 COMAPI-
2009-11-03 22:55:58:640 3372 d50 COMAPI - END--COMAPI: search [ClientId =]
2009-11-03 22:55:58:640 3372 d50 COMAPI-
2009-11-03. 3372 d50 COMAPI FATALE 22:55:58:640: could not open the asynchronous search, hr = 80080005
2009-11-03 23:02:29:962 908 e58 Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 23:02:29:962 908 e58 Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 23:02:29:962 908 e58 Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 23:02:29:962 908 e58 Service *.
2009-11-03 23:02:29:962 908 e58 Service * START * Service: Service startup
2009-11-03 23:02:29:962 908 e58 Service *.
2009-11-03 23:02:29:972 908 e58 Agent * WU client version 7.3.7600.16385
2009-11-03 23:02:29:972 908 e58 Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 23:02:29:972 908 e58 Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 23:02:29:972 908 e58 Service FATALE: failed to initialize the client WU: 0x80072ee4
2009-11-03 23:02:29:972 908 e58 Service *.
2009-11-03 23:02:29:972 908 e58 Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 23:02:29:972 908 e58 Service *.
2009-11-03 23:19:25:945 932 c70 Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 23:19:25:945 932 c70 Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 23:19:25:945 932 c70 Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 23:19:25:945 932 c70 Service *.
2009-11-03 23:19:25:945 932 c70 Service * START * Service: Service startup
2009-11-03 23:19:25:945 932 c70 Service *.
2009-11-03 23:19:25:945 932 c70 Agent * WU client version 7.3.7600.16385
2009-11-03 23:19:25:955 932 c70 Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 23:19:25:955 932 c70 Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 23:19:25:955 932 c70 Service FATALE: failed to initialize the client WU: 0x80072ee4
2009-11-03 23:19:25:955 932 c70 Service *.
2009-11-03 23:19:25:965 932 c70 Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 23:19:25:965 932 c70 Service *.
2009-11-03 23:20:30:999 932 5cc Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 23:20:30:999 932 5cc Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 23:20:30:999 932 5cc Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 23:20:30:999 932 5cc Service *.
2009-11-03 23:20:30:999 932 5cc Service * START * Service: Service startup
2009-11-03 23:20:30:999 932 5cc Service *.
2009-11-03 23:20:31:009 932 5cc Agent * WU client version 7.3.7600.16385
2009-11-03 23:20:31:009 932 5cc Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 23:20:31:009 932 5cc Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 23:20:31:009 932 5cc Service FATALE: failed to initialize the client WU: 0x80072ee4
2009-11-03 23:20:31:009 932 5cc Service *.
2009-11-03 23:20:31:009 932 5cc Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 23:20:31:009 932 5cc Service *.
2009-11-03 23:21:01:052 932 Misc 3f0 = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 23:21:01:052 932 3f0 Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 23:21:01:052 932 3f0 Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 23:21:01:052 932 3f0 Service *.
2009-11-03 23:21:01:052 932 3f0 Service * START * Service: Service startup
2009-11-03 23:21:01:052 932 3f0 Service *.
2009-11-03 23:21:01:052 932 3f0 Agent * WU client version 7.3.7600.16385
2009-11-03 23:21:01:052 932 3f0 Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 23:21:01:052 932 3f0 Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 23:21:01:052 932 3f0 Service FATALE: failed to initialize the client WU: 0x80072ee4
2009-11-03 23:21:01:062 932 3f0 Service *.
2009-11-03 23:21:01:062 932 3f0 Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 23:21:01:062 932 3f0 Service *.
2009-11-03 23:21:31:095 932 a14 Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 23:21:31:095 932 a14 Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 23:21:31:095 932 a14 Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 23:21:31:095 932 a14 Service *.
2009-11-03 23:21:31:095 932 Service a14 * START * Service: Service startup
2009-11-03 23:21:31:095 932 a14 Service *.
2009-11-03 23:21:31:095 932 a14 Agent * WU client version 7.3.7600.16385
2009-11-03 23:21:31:095 932 a14 Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 23:21:31:095 932 a14 Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 23:21:31:095 932 Service FATALE a14: failed to initialize the client WU: 0x80072ee4
2009-11-03 23:21:31:105 932 a14 Service *.
2009-11-03 23:21:31:105 932 Service a14 * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 23:21:31:105 932 a14 Service *.
2009-11-03 23:41:59:925 932 a54 Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 23:41:59:935 932 a54 Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 23:41:59:935 932 a54 Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 23:41:59:925 932 a54 Service *.
2009-11-03 23:41:59:935 932 a54 Service * START * Service: Service startup
2009-11-03 23:41:59:935 932 a54 Service *.
2009-11-03 23:41:59:935 932 a54 Agent * WU client version 7.3.7600.16385
2009-11-03 23:41:59:955 932 a54 Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 23:41:59:955 932 a54 Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 23:41:59:955 932 Service FATALE a54: failed to initialize the client WU: 0x80072ee4
2009-11-03 23:41:59:955 932 a54 Service *.
2009-11-03 23:41:59:965 932 a54 Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 23:41:59:965 932 a54 Service *.
2009-11-03 23:45:03:148 932 qa8 Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 23:45:03:148 932 qa8 Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 23:45:03:148 932 qa8 Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 23:45:03:148 932 qa8 Service *.
2009-11-03 23:45:03:148 932 qa8 Service * START * Service: Service startup
2009-11-03 23:45:03:148 932 qa8 Service *.
2009-11-03 23:45:03:148 932 qa8 Agent * WU client version 7.3.7600.16385
2009-11-03 23:45:03:148 932 qa8 Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 23:45:03:148 932 qa8 Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 23:45:03:148 932 qa8 Service FATALE: failed to initialize the client WU: 0x80072ee4
2009-11-03 23:45:03:148 932 qa8 Service *.
2009-11-03 23:45:03:148 932 qa8 Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 23:45:03:148 932 qa8 Service *.
2009-11-03 23:45:28:144 932 e40 Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 23:45:28:144 932 e40 Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 23:45:28:144 932 e40 Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 23:45:28:144 932 e40 Service *.
2009-11-03 23:45:28:144 932 e40 Service * START * Service: Service startup
2009-11-03 23:45:28:144 932 e40 Service *.
2009-11-03 23:45:28:144 932 e40 Agent * WU client version 7.3.7600.16385
2009-11-03 23:45:28:144 932 e40 Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 23:45:28:154 932 e40 Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 23:45:28:154 932 e40 Service FATALE: failed to initialize the client WU: 0x80072ee4
2009-11-03 23:45:28:154 932 e40 Service *.
2009-11-03 23:45:28:154 932 e40 Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 23:45:28:154 932 e40 Service *.
2009-11-03 23:58:01:370 908 bd0 Misc = logging initialized (build: 7.3.7600.16385, tz:-0500) =.
2009-11-03 23:58:01:370 908 bd0 Misc = process: C:\Windows\system32\svchost.exe
2009-11-03 23:58:01:390 908 bd0 Misc = Module: c:\windows\system32\wuaueng.dll
2009-11-03 23:58:01:370 908 bd0 Service *.
2009-11-03 23:58:01:430 908 bd0 Service * START * Service: Service startup
2009-11-03 23:58:01:430 908 bd0 Service *.
2009-11-03 23:58:01:430 908 bd0 Agent * WU client version 7.3.7600.16385
2009-11-03 23:58:01:430 908 bd0 Agent * Base Directory: C:\Windows\SoftwareDistribution
2009-11-03 23:58:01:430 908 bd0 Agent * FATAL: failed to initialize with error 0x80072ee4 the Proxy Component Manager
2009-11-03 23:58:01:440 908 bd0 Service FATALE: failed to initialize the client WU: 0x80072ee4
2009-11-03 23:58:01:440 908 bd0 Service *.
2009-11-03 23:58:01:440 908 bd0 Service * END * Service: out of Service [exit code = 0x80072ee4]
2009-11-03 23:58:01:440 908 bd0 Service *.+++++
[Sorry for the AVG bit. Don't know where it came out.]
Are you running Win7 RTM, have you upgraded to Win7 Final, or is - a new computer with Win7 preinstalled?
Further examination of the WU log you posted we said you have Windows Update Agent v7.3.7600.16385 installed, not the most recent v7.4.7600.266. If you have not already done so, see if the manual installation of the last fixes the problem:
1. Select the appropriate download (probably x 86 - Windows versions), save the download to your desktop: http://support.microsoft.com/kb/946928
2. close all open applications (that is, anything with an icon on the taskbar).
3. right click on the file that you saved in #1 above, and select run as administrator. Do not touch your keyboard until installation is complete.
4. re-start, even if not invited to do so.
5 test.
~ Robear Dyer (PA Bear) ~ MS MVP (that is to say, mail, security, Windows & Update Services) since 2002 ~ WARNING: MS MVPs represent or work for Microsoft
-
EtherChannel does not support on 400 7600 - SIP
Hello
I'm a very big dilemma. I have 1 Gbps connection to my ISP. I'm under BGP to establish connectivity with the provider PE.
Just to inform you, I have redundant connections on the connection of 2 - Cisco 3750 (main & secondary link) next to service provider and there are 4 routers for 2 services (primary and secondary each for 2 services) now use on services - 1A applications increases and reaches 900 ~ 950 MB/s, is not on the impact of the services-2 I pushed the 2 services via secondary link traffic. I have attached ppt for some knowledge
Until a few weeks back the use was about 750 in the direction of entry and 700 Mbps in the exit direction of the WAN port on the service routers 1, but now the use of entry began to reach 900 ~ 950 MB/s in the direction of entry.
I have 400 7600 - SIP (void crack-5XGE-SPA) on the routers [services for Qos ] are related to the switches. I spoke with the service provider, and they said that they would consider more and while I thought to do the first aggregation of ports-2 between the provider of Service & 3750 switch device and an another 2-port aggregation between 3750 Switch & services-1 (Cisco7606) router.
There is no problem to create aggregation Service Provider betn ports device & switch 3750. It does not go between 3750 & services-1 switch (Cisco7606) router according to Cisco aggregation port document being not supported on 7600-SIP 400.
It takes time for the service provider to provide 10 port of concert. I WS-X 6548-GE-TX module Services-(Cisco7606) 1 router. So, I thought WS-X 6548-GE-TX router connection ports on the router with switch and create port channel between Them.But I wonder how would function QOS can be used.
So I need a Council if WS - X 6548-GE-TX ports support QOS with Etherchannel.
Your advice will be appreciated
R.
Valerie
The 3750 is a layer 3 switch. Could you change the design to allow links to layer 3 through him?
What get a 10Gbe for the 3750 and your 7600 module (s)?
-
I did an update to c7600. However the firmware still on 12.2, on the RER and card online.
Anyone knows, if we need to update the firmware too, and what is the procedure...?
hostname #show module
MOD Ports card Type model serial No.
--- ----- -------------------------------------- ------------------ -----------
1 0 4 - subslot SPA xxxxxx Interface processor-200 7600 - SIP - 200
2 0 4 - subslot SPA xxxxxx Interface processor-200 7600 - SIP - 200
3 48 48 port 1000 mb WS - X 6748-SFP SFP xxxxxx CEF720
5 2 route Switch processor 720 (Hot) RSP720-3CXL-GE xxxxxx
6 2 route Switch processor 720 (active) RSP720-3CXL-GE xxxxxx
8 0 4 - subslot SPA xxxxxx Interface processor-400 7600 - SIP - 400MAC mod discusses Hw Fw Sw Status
--- ---------------------------------- ----- ------------- ------------ -------
1 ccef.486c.4040 to ccef.486c.407f 2,307 15.3 (3) Ok S6 S6 15.3 (3)
2 ccef.486c.2440 to ccef.486c.247f 2,307 15.3 (3) Ok S6 S6 15.3 (3)
3 70ca.9b1d.62f8 70ca.9b1d.6327 2.4 12.2 (18r) S 15.3 (3) S OK
5 c89c.1dfb.c890 to c89c.1dfb.c893 5.12 12.2 SRD (33r) 15.3 (3) S Ok
6 0022.bde6.9060 0022.bde6.9063 5.12 12.2 SRD (33r) 15.3 (3) S OK
8 64f6.9d98.1b00 64f6.9d98.1b7f 3.4 15.3 (3) S6 S6 15.3 (3) OKSubmodule mod model series Hw status
---- --------------------------- ------------------ ----------- ------- -------
1/0 2xOC3 POS SPA SPA-2XOC3-POS xxxxxx1.0 Ok
1/1 4xOC3 POS SPA SPA-4XOC3-POS xxxxxx1.0 Ok
1/2 8xCHT1/E1 SPA SPA - 8XCHT1 / E1 xxxxxx1.5 Ok
2/0 2xT3E3 SPA SPA-2XT3/E3 xxxxxx1.1 Ok
2/1 8xCHT1/E1 SPA SPA - 8XCHT1 / E1 xxxxxx1.5 Ok
2/2 8xFE TX SPA SPA-8X1FE-TX-V2 xxxxxx1.3 Ok
3 distributed Forwarding card WS-F6700-DFC3CXL xxxxxx1.7 Ok
5 care about political characteristics 3 7600-PFC3CXL xxxxxx1.1 Ok
5 C7600 MSFC4 daughterboard 7600-MSFC4 xxxxxx1.6 Ok
6 care political characteristics 3 7600-PFC3CXL xxxxxx1.1 Ok
6 C7600 MSFC4 daughterboard 7600-MSFC4 xxxxxx1.6 Ok
8/0 5xGE SPA SPA-5X1GE-V2 xxxxxx1.5 OkOnline status mod Diag
---- -------------------
1 pass
Pass 1/0
1/1-password
1/2 pass
2 pass
Pass 2/0
Pass 2/1
2/2 pass
3-pass
5 pass
6 pass
8 passUpdates of the firmware (ROMMON) do not appear in the images of the IOS, but are separate files.
Here is the download location and release notes (with the upgrade procedure) to the X 6748:
https://software.Cisco.com/download/release.html?mdfid=280829702&SOFTWAR...
http://www.Cisco.com/c/en/us/TD/docs/switches/LAN/catalyst6500/ROMMON/OL...
And similarly for RSP720-GE:
https://software.Cisco.com/download/release.html?mdfid=281997386&SOFTWAR...
http://www.Cisco.com/c/en/us/TD/docs/routers/7600/ROMMON/rsp720_rommon.html
-
Problem with installing new card online 7600-SSC-400
Hi all
I have a problem when you try to install the new card online 7600-SSC-400 on Cisco 6509. Here was the message is displayed on the screen after I finished installing the card online: "% C6KPWR-SP-4-No supported: no power management module into the connector 7, unauthorized: the image of the card is not packaged in image." I tried to install this card online on another site, but it does not work. The substantive position's logfile which I recorded in the installation session. I don't know what I should do now, please help me solve this problem!
Thank you very much
Hieu
Your IOS image should be characteristic of 'Advanced IP Services' configured to run the IPSEC-SPA module. You are running "Services IP".
Here is the URL for your reference:
Hope that helps.
-
Another issue of queues DSCP/QoS/CoS of 6500/7600
OK... a little confused, thinking, that I know what needs to happen, and what is happening now, but it is true UN-certainty with that I hope that people can help. Here are the basic configuration:
A---|6500|--10G--|7604|---10G---|7604|---10G---|6500|---B
You get the point. Traffic crossing A-> B or vica versa.
All the links of the kernel are L3/Routed, not L2/Vlan/.1q/ISL
Traffic is marked on the Board with a political map of penetration.
Traffic is confirmed through DURATION that it contains both CoS and DSCP/ToS, leaving the 6500 s two-way headed the core of 7600
Traffic is ALSO confirmed through extending classes * receipt * on the other side by the 6500, that DSCP is maintained but CoS is gone/0.
Considering that only 6708 - 10G modules allow apparently dscp values mapped to the queues/thresholds, which leaves me with the research of the queue on the penetration (for VoIP traffic priority) with cos-of-queue / beat mapping as well as output with cos to queue mappings. Of course, this is not possible (at least on the penetration) if the 7600 are not preserving the CoS on the output of the port.
This leaves wondering if the 7600 are same queue evacuation traffic based on internal mapping supposed DSCP-to-CoS that is supposed to happen before the queue/Scheduler. Interfaces are all set up as "trust dscp" right now. So the CISCO docs should be rewriting CoS to 0 on the penetration and using reliable dscp values to determine internal DSCP, which in turn should be used with DSCP-CoS map appropriate queue on exit... I am a sceptic, what happens really... and unfortunately, have really no way to verify (that I know) because the show on the 6500/7600 commands are fairly primitive about QoS stats...
Then, we have been re - think about it and thought that maybe the thing to do to solve this problem is to:
-Trust cos instead of dscp
-enable transparency dscp (no rewriting dscp) so it is kept on the side of the switch output
And so by doing this it would be:
-use CoS to tail of penetration
-use CoS to output queues
- And to preserve the original CoS and DSCP/ToS values
Would that be correct?
Two other config options I thought were:
-queue only mode
-mpls cos spread (although I don't think that would do what I want, but rather simply spread non-existent MPLS EXP bits)
Any help would be greatly appreciated... I read so many different docs now, my head is swimming
Couple of caveats-
(1) all the below apply to pre IOS 15, as I have no experience with which it may be different
(2) I have not used a 7600, but I used the 6500 much but both share a large number of the linecards and I suspect you're referring to this kind of linecards.
The main problem is that the CoS value is contained in the 802. 1 q non-native added tag VLANs on a trunk link. But your links are L3 if there is no value CoS to preserve.
This creates two problems for you-
(1) input queues. On penetration, the queues are CoS based which means you need to a CoS value to assign packets into queues. On the 7600 s you're obviously not see a CoS value for the reason explained. Now, you can use a political map and a service policy to classify and mark inbound traffic. But, as far as I know, you can set the IP precedence or DSCP marking in a map policy on traffic of the penetration. Some cards like cards ARE for the 7600 support defining a CoS value but I think they are the exception rather than the norm.
(2) output queues. You are right in what you say, IE. You can trust the DSCP/IPP incoming value and then, assuming that the line card doesn't support based DSCP output queue, the 7600 may derive a value based on the internal DSCP value CoS and then put in the correct output queue.
Yet once, however, without a trunk there no value written in the packet CoS.
I entirely agree that it can be very difficult to tell exactly what the 6500 in terms of marking internal etc. This is one of the great frustrations with the 6500.
Hope some of that helped.
Edit - the only way that you can trust CoS on penetration as far as I can see is to make the trunk links IE. you use a vlan dedicated for each interconnection and allow only that vlan on the link. Then you simply transfer the IP addresses assigned to the physical ports for the SVI to the new VLAN on each switch. You should make sure that the vlan that you authorized through the link was not the vlan native because you need a tag to add.
Jon
-
Hello
Is it possible to do the encryption without buying hardware IPSec VPN shared Port Adapter (SPA) for chassis 6500 and 7600?
Thank you
Unless something has changed recently is (no VPNSM, VPN - SPA or WS-IPSEC-3)
"IPSec tunnel with the help of crypto software"
http://www.Cisco.com/c/en/us/TD/docs/interfaces_modules/shared_port_adap...
-
Error of customer Cisco VPN connection ASA 5505
I am unable to connect to the vpn I created on my ASA 5505 using the Cisco VPN Client on a Windows machine. The log of the vpn client and the config of the ASA 5505 is lower. Any help to solve this is appreciated.
CISCO VPN CLIENT LOG
Cisco Systems VPN Client Version 5.0.06.0160
Copyright (C) 1998-2009 Cisco Systems, Inc.. All rights reserved.
Customer type: Windows, Windows NT
Running: 6.1.7600
Config files directory: C:\Program Cisco Systems Client\
1 09:34:23.030 13/04/11 Sev = Info/4 CM / 0 x 63100002
Start the login process
2 09:34:23.061 13/04/11 Sev = Info/4 CM / 0 x 63100004
Establish a secure connection
3 09:34:23.061 13/04/11 Sev = Info/4 CM / 0 x 63100024
Attempt to connect with the server "71.xx.xx.253".
4 09:34:23.061 13/04/11 Sev = Info/6 IKE/0x6300003B
Attempts to establish a connection with 71.xx.xx.253.
5 09:34:23.061 13/04/11 Sev = Info/4 IKE / 0 x 63000001
From IKE Phase 1 negotiation
6 09:34:23.077 13/04/11 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK AG (SA, KE, NO, ID, VID (Xauth), VID (dpd), VID (Frag), VID(Nat-T), VID (Unity)) at 71.xx.xx.253
7 09:34:23.170 13/04/11 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = 71.xx.xx.253
8 09:34:23.170 13/04/11 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" ag="" (sa,="" ke,="" non,="" id,="" hash,="" vid(unity),="" vid(xauth),="" vid(dpd),="" vid(nat-t),="" nat-d,="" nat-d,="" vid(frag),="" vid(?))="" from="">
9 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001
Peer is a compatible peer Cisco-Unity
10 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001
Peer supports XAUTH
11 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001
Peer supports the DPD
12 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001
Peer supports NAT - T
13 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000001
Peer supports fragmentation IKE payloads
14 09:34:23.170 13/04/11 Sev = Info/6 IKE / 0 x 63000001
IOS Vendor ID successful construction
15 09:34:23.170 13/04/11 Sev = Info/4 IKE / 0 x 63000013
SENDING > ISAKMP OAK AG * (HASH, NOTIFY: NAT - D, NAT - D, VID (?), STATUS_INITIAL_CONTACT, VID (Unity)) at 71.xx.xx.253
16 09:34:23.170 13/04/11 Sev = Info/6 IKE / 0 x 63000055
Sent a keepalive on the IPSec Security Association
17 09:34:23.170 13/04/11 Sev = Info/4 IKE / 0 x 63000083
IKE port in use - Local Port = 0xEB07, Remote Port = 0 x 1194
18 09:34:23.170 13/04/11 Sev = Info/5 IKE / 0 x 63000072
Automatic NAT detection status:
Remote endpoint is NOT behind a NAT device
This effect is behind a NAT device
19 09:34:23.170 13/04/11 Sev = Info/4 CM/0x6310000E
ITS established Phase 1. 1 crypto IKE Active SA, 0 IKE SA authenticated user in the system
20 09:34:23.170 13/04/11 Sev = Info/4 CM/0x6310000E
ITS established Phase 1. 1 crypto IKE Active SA, 1 IKE SA authenticated user in the system
21 09:34:23.186 13/04/11 Sev = Info/5 IKE/0x6300005E
Customer address a request from firewall to hub
22 09:34:23.186 13/04/11 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK TRANS *(HASH, ATTR) to 71.xx.xx.253
23 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = 71.xx.xx.253
24 09:34:23.248 13/04/11 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" trans="" *(hash,="" attr)="" from="">
25 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_ADDRESS:, value = 172.26.6.1
26 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_NETMASK:, value = 255.255.0.0
27 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (1):, value = 172.26.0.250
28 09:34:23.248 13/04/11 Sev = Info/5 IKE / 0 x 63000010
MODE_CFG_REPLY: Attribute = INTERNAL_IPV4_DNS (2):, value = 172.26.0.251
29 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SAVEPWD:, value = 0x00000000
30 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_DEFDOMAIN:, value = TLCUSA
31 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_PFS:, value = 0x00000000
32 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000E
MODE_CFG_REPLY: Attribute = APPLICATION_VERSION, value = Cisco Systems, Inc. ASA5505 Version 8.2 (1) built by manufacturers on Wednesday 5 May 09 22:45
33 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = MODECFG_UNITY_SMARTCARD_REMOVAL_DISCONNECT:, value = 0x00000001
34 09:34:23.248 13/04/11 Sev = Info/5 IKE/0x6300000D
MODE_CFG_REPLY: Attribute = received and by using the NAT - T port number, value = 0 x 00001194
35 09:34:23.248 13/04/11 Sev = Info/4 CM / 0 x 63100019
Data in mode Config received
36 09:34:23.264 13/04/11 Sev = Info/4 IKE / 0 x 63000056
Received a request from key driver: local IP = 172.26.6.1, GW IP = 71.xx.xx.253, Remote IP = 0.0.0.0
37 09:34:23.264 13/04/11 Sev = Info/4 IKE / 0 x 63000013
SEND to > QM ISAKMP OAK * (HASH, SA, NO, ID, ID) to 71.xx.xx.253
38 09:34:23.326 13/04/11 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = 71.xx.xx.253
39 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:status_resp_lifetime)="" from="">
40 09:34:23.326 13/04/11 Sev = Info/5 IKE / 0 x 63000045
Answering MACHINE-LIFE notify has value of 86400 seconds
41 09:34:23.326 13/04/11 Sev = Info/5 IKE / 0 x 63000047
This AA is already living from 0 seconds, setting the expiration to 86400 seconds right now
42 09:34:23.326 13/04/11 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = 71.xx.xx.253
43 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(hash,="" notify:no_proposal_chosen)="" from="">
44 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000013
SEND to > ISAKMP OAK INFO *(HASH, DEL) to 71.xx.xx.253
45 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000049
IPsec security association negotiation made scrapped, MsgID = 89EE7032
46 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000017
Marking of IKE SA delete (I_Cookie = 2617522400DC1763 R_Cookie = 029325381036CCD8) reason = DEL_REASON_IKE_NEG_FAILED
47 09:34:23.326 13/04/11 Sev = Info/5 IKE/0x6300002F
Received packet of ISAKMP: peer = 71.xx.xx.253
48 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000058
Received an ISAKMP for a SA message no assets, I_Cookie = 2617522400DC1763 R_Cookie = 029325381036CCD8
49 09:34:23.326 13/04/11 Sev = Info/4 IKE / 0 x 63000014
RECEIVING< isakmp="" oak="" info="" *(dropped)="" from="">
50 09:34:26.696 13/04/11 Sev = Info/4 IKE/0x6300004B
IKE negotiation to throw HIS (I_Cookie = 2617522400DC1763 R_Cookie = 029325381036CCD8) reason = DEL_REASON_IKE_NEG_FAILED
51 09:34:26.696 13/04/11 Sev = Info/4 CM / 0 x 63100012
ITS phase 1 deleted before first Phase 2 SA is caused by "DEL_REASON_IKE_NEG_FAILED". Crypto 0 Active IKE SA, 0 IKE SA authenticated user in the system
52 09:34:26.696 13/04/11 Sev = Info/5 CM / 0 x 63100025
Initializing CVPNDrv
53 09:34:26.696 13/04/11 Sev = Info/6 CM / 0 x 63100046
Set indicator established tunnel to register to 0.
54 09:34:26.696 13/04/11 Sev = Info/4 IKE / 0 x 63000001
Signal received IKE to complete the VPN connection
----------------------------------------------------------------------------------------
ASA 5505 CONFIG
: Saved
:
ASA Version 8.2 (1)
!
ciscoasa hostname
domain masociete.com
activate tdkuTUSh53d2MT6B encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Vlan1
nameif inside
security-level 100
IP 172.26.0.252 255.255.0.0
!
interface Vlan2
nameif outside
security-level 0
IP address 71.xx.xx.253 255.255.255.240
!
interface Ethernet0/0
switchport access vlan 2
Speed 100
full duplex
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
clock timezone IS - 5
clock to summer time EDT recurring
DNS server-group DefaultDNS
domain masociete.com
access-list LIMU_Split_Tunnel_List note the network of the company behind the ASA
Standard access list LIMU_Split_Tunnel_List allow 172.26.0.0 255.255.0.0
outside_access_in list extended access permit icmp any one
outside_access_in list extended access udp allowed any any eq 4500
outside_access_in list extended access udp allowed any any eq isakmp
outside_access_in list extended access permit tcp any host 71.xx.xxx.251 eq ftp
outside_access_in list extended access permit tcp any host 71.xx.xxx.244 eq 3389
inside_outbound_nat0_acl list of allowed ip extended access all 172.26.5.192 255.255.255.240
inside_outbound_nat0_acl list of allowed ip extended access all 172.26.6.0 255.255.255.128
pager lines 24
Enable logging
asdm of logging of information
Outside 1500 MTU
Within 1500 MTU
local pool VPN_POOL 172.26.6.1 - 172.26.6.100 255.255.0.0 IP mask
ICMP unreachable rate-limit 1 burst-size 1
enable ASDM history
ARP timeout 14400
Global 1 interface (outside)
NAT (inside) 0-list of access inside_outbound_nat0_acl
NAT (inside) 1 0.0.0.0 0.0.0.0
static (inside, outside) 71.xx.xxx.251 172.26.5.9 netmask 255.255.255.255
static (inside, outside) 71.xx.xxx.244 172.26.0.136 netmask 255.255.255.255
Access-group outside_access_in in interface outside
Route outside 0.0.0.0 0.0.0.0 71.xx.xxx.241 1
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
GANYMEDE + Protocol Ganymede + AAA-server
RADIUS Protocol RADIUS AAA server
Enable http server
http 172.26.0.0 255.255.0.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set esp-3des esp-md5-hmac TRANS_ESP_3DES_MD5
Crypto ipsec transform-set transit mode TRANS_ESP_3DES_MD5
Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA
Crypto ipsec transform-set transit mode TRANS_ESP_3DES_SHA
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto-map dynamic outside_dyn_map 20 game of transformation-TRANS_ESP_3DES_MD5
map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
outside_map interface card crypto outside
crypto ISAKMP allow outside
crypto ISAKMP policy 10
preshared authentication
3des encryption
md5 hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
3des encryption
sha hash
Group 2
life 86400
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd outside auto_config
!
no basic threat threat detection
no statistical access list - a threat detection
no statistical threat detection tcp-interception
WebVPN
internal DefaultRAGroup group strategy
attributes of Group Policy DefaultRAGroup
value of server WINS 172.26.0.250 172.26.0.251
value of 172.26.0.250 DNS server 172.26.0.251
Protocol-tunnel-VPN IPSec l2tp ipsec svc
value by default-field TLCUSA
internal LIMUVPNPOL1 group policy
LIMUVPNPOL1 group policy attributes
value of 172.26.0.250 DNS server 172.26.0.251
VPN-idle-timeout 30
Protocol-tunnel-VPN IPSec l2tp ipsec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list LIMU_Split_Tunnel_List
the address value VPN_POOL pools
internal TLCVPNGROUP group policy
TLCVPNGROUP group policy attributes
value of 172.26.0.250 DNS server 172.26.0.251
Protocol-tunnel-VPN IPSec l2tp ipsec svc
Re-xauth disable
enable IPSec-udp
value by default-field TLCUSA
barry.julien YCkQv7rLwCSNRqra06 + QXg password user name is nt encrypted privilege 0
username barry.julien attributes
VPN-group-policy TLCVPNGROUP
Protocol-tunnel-VPN IPSec l2tp ipsec
bjulien bhKBinDUWhYqGbP4 encrypted password username
username bjulien attributes
VPN-group-policy TLCVPNGROUP
attributes global-tunnel-group DefaultRAGroup
address VPN_POOL pool
Group Policy - by default-DefaultRAGroup
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared-key *.
tunnel-group DefaultRAGroup ppp-attributes
no authentication ms-chap-v1
ms-chap-v2 authentication
type tunnel-group TLCVPNGROUP remote access
attributes global-tunnel-group TLCVPNGROUP
address VPN_POOL pool
Group Policy - by default-TLCVPNGROUP
IPSec-attributes tunnel-group TLCVPNGROUP
pre-shared-key *.
ISAKMP ikev1-user authentication no
tunnel-group TLCVPNGROUP ppp-attributes
PAP Authentication
ms-chap-v2 authentication
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
!
global service-policy global_policy
context of prompt hostname
Cryptochecksum:b94898c163c59cee6c143943ba87e8a4
: end
enable ASDM history
can you try to change the transformation of dynamic value ESP-3DES-SHA map.
for example
remove the encryption scheme dynamic-map outside_dyn_map 20 transform-set TRANS_ESP_3DES_MD5
and replace with
Crypto-map dynamic outside_dyn_map 20 the value transform-set ESP-3DES-SHA
-
Hello
I just upgraded to macOS Sierra and built-in Cisco IPsec VPN no longer works. When you try to connect, I get a "cannot validate the certificate of the server. "Check your settings and try to reconnect" error message. I use Cisco ASA with self-signed certificates and everything worked fine with previous versions of OS X.
Please help me, I need my VPN Thx a lot
I am having the same problem with StrongSwan and help cert signed with the channel to complete certificates included in the pkcs12 file imported to the keychain. It was working properly in El Capitan, but now broken in the Sierra.
Maybe you are looking for
-
Is this ok to change the settings for sharing for drive C?
I searched in the properties of the disc to my C drive and discovered that the sharing option was available? Is there a reason you need to turn on sharing your C drive or any other drive. He would be allowed to change this setting?
-
My dvd rom is not displayed in the Panel of the computer and my burner does not show in my music software. I went to control panel > system > device to reinstall Manager, difficulty pilots and seen the MATCH (ITA) DVD/CDRW UJDA 780 pilot has exclamat
-
Why did TMP_00 attached to my name of the printer, Photosmart Plus B209a-m
I had to reinstall my network from my HP Pavilion DV6 laptop, an HP Photosmart Plus B209a-m and a router D-links. Since I did it, the laptop is fine, but I was unable to get the printer works wirelessly. I spent hours chatting with HP printer locati
-
Help! Windows used to run... Well it takes an hour to load, use about 4 colors and crashes when I ask him to do anything! Found that DSI short status test and got an error code 1000-0142 with a message... Unit4 test: Drive has failed. Status byte = 8
-
I have a variable binding in a ViewCriteria, who worked at jdev12c (12.1.3.0.0).This variable has an expression like this: adf.object.applicationModule.parametros.get("NOMBRE_INFORME") When I upgrade to the new version 12.2.1.0.0. I get this error: g