Cisco 861 ezVPN license remote problem
I bought a new Cisco 861 SRI with safety advanced on this subject.
When I look in the Dashboad license in Cisco Configuration professional it tells me I have advsecurity licenses with deployment status 'Deployed' function and the State 'active, in use '.
But when I want to configure any type of VPN I get the following error message:
License of technology (advsecurity) associated with this feature is not deployed on this router. Use the link below to deploy the technology license.
When I click the link I find myself in the dashboard to license again.
I Don t have another file license and advanced security features should be sufficient for VPN. At least that's what
http://www.Cisco.com/en/us/prod/collateral/routers/ps380/data_sheet_c78_461543.html said.
What should I do to be able to configure the VPN?
Thankx a lot for any help
Dirk
What version of CCP do you use? I see a few other customer cases with this error and it looks like there may be a problem with CCP 2.5. Customers who use 2.3 CCP do not see this error when applying the license through the user interface.
Todd
Tags: Cisco Security
Similar Questions
-
Cisco 861 DHCP + public static IPs + NAT/DNAT. Help.
Hello
I used to use a server of self-made CentOS for intranet for my small office, but I have bouth a few days ago a router Cisco 861 to replace the linux machine.
My needs:
1. I have 2 public classes of IP from my ISP. 1 class is limitted 80mbit upload, the other to 30mbit upload. So I need some sort of DNAT to be able to know exactly what intranet computer uses internet great and including a single internet limitted.
2. I need DHCP server with static IP addresses (a computer must always have the same IP address, etc)... I have my needs for this.
3. also I need external access to certain servers on the inside (web, ftp, etc.)
Parameters:
(Dhcp) intranet: 10.11.12.x 255.255.255.0)
1 public Internet: 89.45.204.118 255.255.255.248 (89.45.204.117 as gateway)
Public Internet 2: some other class in the same IP (assume 89.45.204.58/24 for example)
DNS: 89.45.200.1
So far so good, everything seems simple and I can do this in 2 hours on a centos linux box (correct roads, active ip Routing and some rules for NAT/SNAT/DNAT iptables).
But on this new router of Centos... Well, I am not yet able to ping the outside world, nor inside world I'm tired reading the forums, documentation... I want (at the beginning) to a simple scenario: vlan + dhcp, SEA4 with 1 public ip address and ACCESS to the real world. I was not able to reach even not that much.
OK, first of all, here is a copy of the running configuration:
Building configuration...
Current configuration: 5826 bytes
version 15.1
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
hostname cisco861
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 [out-of-context]
activate the password [out-of-context]
!
No aaa new-model
iomem 10 memory size
Crypto pki token removal timeout default 0
!
Crypto pki trustpoint TP-self-signed-2459631067
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 2459631067
revocation checking no
rsakeypair TP-self-signed-2459631067
!
!
TP-self-signed-2459631067 crypto pki certificate chain
certificate self-signed 01
[deleted-of-context]
quit smoking
IP source-route
!
!
DHCP excluded-address IP 10.11.12.1
DHCP excluded-address IP 10.11.12.251 10.11.12.254
!
IP dhcp pool cisco861-iasi
import all
Network 10.11.12.0 255.255.255.0
domain cisco861.iasi
DNS-server 10.11.12.1 89.45.200.1
router by default - 10.11.12.1
-NetBIOS 10.11.12.2 name server 10.11.12.3
!
IP dhcp pool testPC
the host 10.11.12.111 255.255.255.0
0100.c030.1012.09 client identifier
testpc-01 customer name
!
!
IP cef
IP domain name cisco861.iasi
name of the IP-server 89.45.200.1
!
!
license udi pid CISCO861-K9 sn [out-of-context]
!
!
username admin secret of privilege 15 4 [removed-of-context]
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
external description $ ETH - LAN$
IP 89.45.204.118 255.255.255.248
NAT outside IP
IP virtual-reassembly in
full duplex
automatic speed
!
interface Vlan1
Description $ETH - SW - LAUNCH, INTF-INFO-HWIC $$ $4ESW
10.11.12.1 IP address 255.255.255.0
IP nat inside
IP virtual-reassembly in
IP tcp adjust-mss 1452
!
IP forward-Protocol ND
IP http server
23 class IP http access
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
!
overload of IP nat inside source list 23 interface FastEthernet4
IP route 0.0.0.0 0.0.0.0 89.45.204.117
!
access-list 23 permit 10.11.12.0 0.0.0.255
Dialer-list 1 ip protocol allow
SNMP-Server RO community cisco861.Iasi
!
Line con 0
local connection
line to 0
line vty 0 4
access-class 23 in
privilege level 15
password [out-of-context]
local connection
transport input telnet ssh
!
end
(I couldn't find any CODE or a QUOTE as on other forums... so I tried to indent the config for you guys)
In addition, here are a few troubleshooting commands I used, maybe they can help some of know you what is the problem
cisco861 #show ip interface brief
Interface IP-Address OK? Method status Prot
Commissioner of official languages
FastEthernet0 unassigned YES unset upward, upward
FastEthernet1 unassigned YES unset down down
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
FastEthernet4 89.45.204.118 YES manual up up
NVI0 89.45.204.118 YES unset upward, upward
Vlan1 10.11.12.1 YES manual up up
cisco861 #show mac-address-table
Port of destination address Destination address Type VLAN
------------------- ------------ ---- --------------------
dynamic xxxx.xxxx.xxxx 1 FastEthernet0
XXXX.xxxx.xxxx Self 1 Vlan1
ODD: it has no mac address for the connected FastEthernet 4. How comes? I changed 3 cables. All cables are OK.
cisco861 #show ip route
Code: L - local, C - connected, S - static, mobile R - RIP, M-, B - BGP
D - EIGRP, OSPF, IA - external EIGRP, O - EX - OSPF inter zone
N1 - type external OSPF NSSA 1, N2 - type external OSPF NSSA 2
E1 - OSPF external type 1, E2 - external OSPF of type 2
i - IS - Su - summary IS, L1 - IS - IS level 1, L2 - IS level - 2
-IS inter area, * - candidate failure, U - static route by user
o - ODR, P - periodic downloaded route static, H - PNDH, l - LISP
+ - replicated road, % - next hop override
Gateway of last resort is 89.45.204.117 to network 0.0.0.0
S * 0.0.0.0/0 [1/0] via 89.45.204.117
10.0.0.0/8 is variably divided into subnets, 2 subnets, 2 masks
C 10.11.12.0/24 is directly connected, Vlan1
L 10.11.12.1/32 is directly connected, Vlan1
89.0.0.0/8 is variably divided into subnets, 2 subnets, 2 masks
C 89.45.204.117/29 is directly connected, FastEthernet4
L 89.45.204.118/32 is directly connected, FastEthernet4
#show FastEthernet 4 router interfaces
FastEthernet4 is up, line protocol is up
Material is PQII_PRO_UEC, the address is xxxx.xxxx.xxxx (bia xxxx.xxxx.xxxx)
Description: external$ ETH - LAN$
The Internet address is 89.45.204.118/29
MTU 1500 bytes, BW 100000 Kbit/s, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
KeepAlive set (10 sec)
Full-duplex, 100 MB/s, 100BaseTX/FX
Type of the ARP: ARPA, ARP Timeout 04:00
Last entry at 00:02:54, 00:00:00 exit, exit hang never
Final cleaning of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 0
Strategy of queues: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bps, 0 packets/s
5 minute output rate 0 bps, 0 packets/s
28 sachets of entrance, 3909 bytes
Received 14 emissions (0 of IP multicasts)
0 Runts, 0 giants, 0 shifters
entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored
Guard Dog 0
entry packets 0 with condition of dribble detected
output of 110 packages, 25366 bytes, 0 underruns
0 output errors, 0 collisions, 3 interface resets
unknown protocol 0 drops
0 babbles, collision end 0, 0 deferred
1 lost carrier, 0 no carrier
output buffer, the output buffers 0 permuted 0 failures
interfaces of router #show vlan 1
Vlan1 is up, line protocol is up
Material is EtherSVI, the address is xxxx.xxxx.xxxx (bia xxxx.xxxx.xxxx)
Description: $ETH - SW - LAUNCH$ $INTF - INFO - HWIC-$4ESW
The Internet address is 10.11.12.1/24
MTU 1500 bytes, BW 100000 Kbit/s, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
KeepAlive not supported
Type of the ARP: ARPA, ARP Timeout 04:00
Last entry of 00:00:06, output ever, blocking exit ever
Final cleaning of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 0
Strategy of queues: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bps, 0 packets/s
5 minute output rate 0 bps, 0 packets/s
packets of 512, 53381 bytes, 0 no buffer entry
Received 185 broadcasts (0 of IP multicasts)
0 Runts, 0 giants, 0 shifters
entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored
exit 180 packages, 13248 bytes, 0 underruns
output 0 error, 1 interface resets
unknown protocol 0 drops
output buffer, the output buffers 0 permuted 0 failures
Also, I tried other combinations, as follows
- IP route static inter-vfr
- IP default-gateway 89.45.204.117 (ofc combined with no ip Routing). I can ping 8.8.8.8 in this scenario, but not other IP addresses. WTF?
- network default IP 89.45.204.117 (the bridge) - nothing
- 89.45.204.118 default IP network - bothing
- IP route 0.0.0.0 0.0.0.0 FastEthernet 4 (with or without 89.45.204.117, with or without permanent keyword)
Please, have mercy and help me.
P.S. I've also attached the configuration and troubleshooting files if it will be easier for you to follow this path.
A big thank you and God bless you!
Hello
IP nat inside source static 10.11.12.33 89.45.204.120 (host - to - host)
IP nat inside source static tcp 10.11.12.33 80 89.45.204.120 80 (port translation host-to - host)
RES
Paul
Please don't forget to rate this post if it has been helpful.
-
Cisco Anyconnect Essentials License - What is it
Hello community.
I managed to install an ASA with Anyconnect. The Anyconnect client on my laptop works very well.
But why now to buy a Cisco Anyconnect Essentials License, what exactly is this license?
AnyConnect works fine without this license.
But I can not connect with my IPhone with the Cisco Anyconnect for Iphone App. should I buy the Anyconnect for Mobile license and this license just for a single device or all devices. Because this license is really cheap. Cisco licenses normally are expensiv.
Thank you and best regards patrick
If you have not all AnyConnect Premium licenses, then you are limited to two simultaneous connections if you do not have the license of anyConnect Essentials. You are right, for i-devices (and Android...) you need the AnyConnect Mobile license.
AnyConnect Essentials both AnyConnect Mobile are approved by ASA, not user connections. And AnyConnect Mobile needs AnyConnect essential or Preimium AnyConnect license must be activated.
--
Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
http://www.Kiva.org/invitedBy/karsteni -
Cisco has any license demo for VCS?
A way to study, I would test the VCS to my network for a while.
Cisco has any license demo for VCS?
Hello
I think you get very limited (1 x traversal/1 x no traversal) licenses if you have installed the software.
See also this thread; You can get a limited time license team demonstration license if you ask him nicely.
https://supportforums.Cisco.com/discussion/11555961/home-lab-VCs-and-TMS...
Aaron
-
Hello, I have sold my iMac and changed to macbook pro. now I wanted to install lightroom and it says that I have to disable my other license. the problem is my iMac, I sold. any ideas please? Thank you
Recommend contacting customer service
*Remember to stay signed with your Adobe ID ( email id used to purchase the subscription ) before accessing the link above*.
Select the exact options indicated below in the capture to get support of screen options:
-
Conductor Cisco - no more license problems
Hello
We have XC3.0.2 Cisco driver with two vTS with 12 ports license total.
We were able to make conference 8-10 participants previously
But in a few days we started facing the issue of overtaking alert of license on the conductor, even if we do the Conference 3-4... !!
In conductor, we still see 6 + 6 = 12 license screen includes two vTS
Also when we do the Conference 3-4, use of resources on each vTS will more than 85%
Here, I have attached the screen shot of the conductor conference bridge.
Suggest pls.
Rgds
Rajesh Kumar
Per Table of 8 on the data sheet of the telepresence Server, FullHD video + content will consume actually 2 licenses of the screen.
-
ACS Appliance Agent remote problem
Hello
We have depending you on the situation:
-2 x ACS SE
-2 x ACS Agents on member servers remotely
-2 x ASA
We would like to authenticate the VPN users connecting to the ASA via the ACS and active directory.
I have configured the remote agent following this link:
But we are not able to pick up groups active directory to the AEC gui--> user external database > database group mappings > Active Directory > new Configuration.
On the domain controller, we get the error ID 1030 and 1058, someone had these problems too?
Thanks in advance and best regards
Dominic
Most likely, this is a Permission problem. What OS and SP you use.
Have you tried to run the remote agent by using the LOCAL account instead of the service account that you created?
Kind regards
~ JG
Note the useful messages
-
Recently we have heard people talk of "Cisco ASA several flaws let users deny remote Service and bypass the security controls" under the securitytracker. However, as everyone knew, ASA 8.3 need a lot more resources on ASA HW to run. I checked that the bugs associated to above problem "CSCtg69742, CSCth36592, CSCtg61810, CSCte53635, CSCte46460, CSCte20030, CSCtf29867, CSCte14901, CSCsz80777, CSCsz36816" in the Cisco Bug Toolkit. None of them show any information if there is a fix for ASA 8.2 (x).
This means that Cisco starts to stop supporting 8.2 (x) and to push customers to their "so-called" best image 8.3 version (x) as a strategy of "marketing?
Cisco is best to find a solution for this problem on 8.2 (x) rather than push customers to something Cisco "love." It may not be the best interest of the customers AT ALL. Instead of pushing customers to ASA 8.3 (x), Cisco likely to push customers to its big competitor Juniper:)
Sean,
I did a quick search on the Bug Toolkit for CSCtg69742 and found the following result.
Fixed in
8.2 (3)
8.3 (1.5)
8.3 (2)
8.2 (2.15)
8.2 (2.107)
100,7 (0.17) M
100.5 (5.16) M
8.3 (1,100)
100.7 (6.1) M
8.4 (0.99)This was posted in the column on the left side of the search results page.
I recommend you research each ID of Bug Bug Toolkit (http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs) for the version name (number) that contains the fix for this bug.
HTH
Amol
-
Hello!
I have a NI USB DAQ of 6341 who assume to control a horse trough PMT and LED Labview 2010.
But, Labview is not installed in my PC, I use it remotely from the University and I am facing problem to use DAQmx (version 9.3.5) in Labview.
What I want to know is how to make my remote Labview for data acquisition in my computer.
I guess it's a very simple question, but after hours trying to find a solution, I decided to ask the experts...
Thank you!
Hello RadGent,
This solution will not work in your case.
However with NOR-DAQmx 8.0 and later, NOR-DAQmx OPC features can be used to obtain the features of reliable network of remote systems.
GDR (as mentioned in the document you provided) is not supported in NOR-DAQmx.You can try something like this:
http://zone.NI.com/DevZone/CDA/tut/p/ID/3742
The best and the most simple of measures to be taken would be to install the software locally, especially because you are working with a USB device.
Goes on ethernet, at University, then return in the same pc to connect to the DAQ card would seriously increase the latency of the system.
-
Have a Live View remote problem...
I use the remote software a lot and started having a problem in Live Mode when connected to the laptop...
If I am connected there is no problem, but when I go to Live View to see what the camera sees it running a little and then give a "Connection Lost" error and close the software... You can't restart it unless you unplug the USB cable and plug it into the back... Then, you can restart the software and all works fine... but when switching back to see live can run from any where between 1 second and 20 minutes without any problem, then "lost connection" and the software will stop... I tried several cables, Reloaded the software and made sure Batteies are reloaded... I had the camera for a year and a half and it has just started in the last month... Before I could leave in direct mode until the battery pack came out with such a failure...
Hi Quantummist,
I recommend that you contact us for assistance with this.
-
Cisco EA4500 - No associated router problem :-(
I just install my new EA4500 of Cisco and upgraded to the latest firmware and signed for my account.
Local access to the router works fine and I see the admin/config interface Smart Wi - Fi
However, when I try to go to the following website: http://www.linksyssmartwifi.com/
It redirects me to here:
https://www.ciscoconnectcloud.com/UI/1.0.0.146985/dynamic/no-associated-router.html
The text says:
-------------
To access the tools of Wi - Fi Smart Linksys, router requires the http://homesupport.cisco.com/en-us/support/ccc"> EA series Linksys Smart Wi - Fi Firmware and you will need to associate your router to your account Linksys Smart Wi - Fi."
On a computer or a device connected to your router, open www.linksyssmartwifi.com and follow the instructions. This requires you to enter the router password so have that ready.-------------
However, I see no way to perform the step of the association - my account exists and my router is configured.
Note: I do all this behind this wi - fi network router remotely
Any help appreciated - bad first experience
Thanks in advance
-A-
Follow the steps on how to associate the router properly with the account you signed-up for already. Note: you may need to reset your router, if this doesn't always work for you. Creation, activation and associate a Smart WiFi Linksys account.
-
Management E4200v2 remote problem
Hi all
I have a little problem with remote management on my E4200v2.
I have him, select https and all on by default the allowed IP address value remote port (8080)
After all this, I can't connect my router to my office or any other place. I use DDNS and all its ok (updated time). I tried to connect to my direct IP (dynamic), but without result.
Any ideea? This is the only problem that I discovered this device.
P.S. no newspaper entering port 443 using https
Thank you
Try changing the port 8081 instead of 8080. Otherwise, you could use http instead of https for remote management, where it does not work with https. Also to ensure that the anonymous internet application of the filter box should be disabled in the Security tab, on the router configuration page.
-
Remote - problem with full screen desktop
I use Win 7 for a few months now, and the user experience is great!
Remote Desktop software update is large but with a very annoying problem that I am facing.
I use this to access my PC on my home LAN. I left once his mode full screen I need a windowed mode to work, but since I was not able to return to full screen. I tried to restart the sessions remotely, Resart the two PCs, delete the information identification, but in vain.Kindly help to solve the problem, because it is very annoying to use the session remotely in windowed mode, navigate and go down each time to access the taskbar and the address bar!
Thank you.
Hello
Follow these steps and check whether the problem is resolved.
Method 1:
-Start "Remote Desktop connection".
-Click on 'Options '.
-Click the "View" tab
-On "Display Configuration" settings, you can change the display of "Remote Desktop connection" by moving the slider of "small to large.
-By moving the "slider" all the way to large, the display settings will automatically set in 'full screen '.
Method 2:
You can try CTRL-ALT & Break to return to the screen in full-screen.
For more information about the remote desktop connection it see below section of Windows Help.
Remote Desktop connection: frequently asked questions
http://Windows.Microsoft.com/en-us/Windows7/Remote-Desktop-connection-frequently-asked-questionsThank you, and in what concerns:
I. Suuresh Kumar-Microsoft Support.
Visit our Microsoft answers feedback Forumand let us know what you think. -
First Cisco infrastructure reinstall - license question
Hello world
Here's the scenario, the Cisco IP running is v1.1 (w/c at the moment is still called Cisco NCS (Network Control System) and unfortunately, she appeared.
Re-Setup was planned and they want the latest version, w/c is 2.1 installed.
Now, here are the questions:
1. How can I transfer my license? Should I key PAK? If so, it will remain usable for the new Cisco PI?
1.A. How can I do? I mean transfer the license?2. the devices not supported on the upgrade?
It's quite deep-research question, I would say. I do research in fact the answer right now, but hope someone can help me :)
I have a version of thread hard time considering that it's an old of it (and he even existed in the old name too!)Thank you! : D
You can move your PI 2.1 license. Email [email protected] / * /.
-
Cisco ASA 5510 + license + AIP - SSM
Hello.
I have this box.
I have a few questions about it.
(1) I'll be able to update the firmware (from 8.2 to 8.3 or greater for example) without smarnet for ASA 5510? And what can not do without smartnet?
(2) I have only AIP-SSM-10 module this ASA 5510. is there a smartnet, too? And when I buy only one module is it build in a subscription for 1 year for the signatures of the IPS?
(3) if I have the Cisco ASA 5510 base license, my IPS on AIP-SSM-10 will work?
(4) as I foresee in a purchase of the year a 5510 more with the same module and mount ther of failover. I really need license Security more than failover (active / standby)? For active/active, I know I need one, Yes?
Please help me.
(1) you must Smartnet in order to download the software from the download from cisco.com site.
(2) Yes, there is also a smartnet for the AIP module. Module AIP does not come with one year subscription, but you can ask for a demo license.
(3) Yes, the basic license is OK for the AIP module.
(4) Yes, you would need license security more on the two ASA to be able to run any type of failover on ASA5510.
Hope that answers your questions.
Maybe you are looking for
-
HP ENVy 4 1102tx: big problem with computer graphic card hp laptop
MY computer laptop hp envy 1102tx running 64-bit win 8 When I bought my laptop there were some problems with the display, she would get destorted occasionally. But over time, this problem became worse as 1. display and sometimes audio would get very
-
How to set the sequence in Simple TestStand IO file
Hi all Whenever I run the Simple IO - Top Level.vi, it loads the last file in the sequence of race. How default to certain sequence? Great appreciate for your help. -Kenny
-
SYNCHRONIZATION with Microsoft Outlook 2003...
I would also like to sync to Outlook, so I can transfer my data to Date, address and Notepad to my Blackberry Torch 9810. I have the Palm 4.1.4 version and I have Outlook 2003. Do I have to change my settings for Outlook 2003? Can you PLEASE help? I
-
Uninstall program, EnjooyCoUpOn of evil
Accidentally, I installed a program called EnjooyCoUpOn that causes ads to constantly appear in my browser. Normally, I just go to my control panel and uninstall it. I tried this and "EnjooyCoUpOn" has disappeared from my program list, but I always g
-
Windows 7 causing Audio & Microphone to stop working
I have a Sony Vaio VGN-Z21WN, which came with Windows Vista. I later upgraded to Windows 7 Ultimate. In recent weeks, the audio doesn't work with the microphone. I tried to install the drivers more late two Sony & Realtek Web sites, but nothing wor