Cisco 861 ezVPN license remote problem

Similar Questions

• Cisco 861 DHCP + public static IPs + NAT/DNAT. Help.

  Hello

  I used to use a server of self-made CentOS for intranet for my small office, but I have bouth a few days ago a router Cisco 861 to replace the linux machine.

  My needs:

  1. I have 2 public classes of IP from my ISP. 1 class is limitted 80mbit upload, the other to 30mbit upload. So I need some sort of DNAT to be able to know exactly what intranet computer uses internet great and including a single internet limitted.

  2. I need DHCP server with static IP addresses (a computer must always have the same IP address, etc)... I have my needs for this.

  3. also I need external access to certain servers on the inside (web, ftp, etc.)

  Parameters:

  (Dhcp) intranet: 10.11.12.x 255.255.255.0)

  1 public Internet: 89.45.204.118 255.255.255.248 (89.45.204.117 as gateway)

  Public Internet 2: some other class in the same IP (assume 89.45.204.58/24 for example)

  DNS: 89.45.200.1

  So far so good, everything seems simple and I can do this in 2 hours on a centos linux box (correct roads, active ip Routing and some rules for NAT/SNAT/DNAT iptables).

  But on this new router of Centos... Well, I am not yet able to ping the outside world, nor inside world I'm tired reading the forums, documentation... I want (at the beginning) to a simple scenario: vlan + dhcp, SEA4 with 1 public ip address and ACCESS to the real world. I was not able to reach even not that much.

  OK, first of all, here is a copy of the running configuration:

  Building configuration...

  Current configuration: 5826 bytes

  version 15.1

  no service button

  horodateurs service debug datetime msec

  Log service timestamps datetime msec

  no password encryption service

  !

  hostname cisco861

  !

  boot-start-marker

  boot-end-marker

  !

  !

  enable secret 5 [out-of-context]

  activate the password [out-of-context]

  !

  No aaa new-model

  iomem 10 memory size

  Crypto pki token removal timeout default 0

  !

  Crypto pki trustpoint TP-self-signed-2459631067

  enrollment selfsigned

  name of the object cn = IOS - Self - signed - certificate - 2459631067

  revocation checking no

  rsakeypair TP-self-signed-2459631067

  !

  !

  TP-self-signed-2459631067 crypto pki certificate chain

  certificate self-signed 01

  [deleted-of-context]

  quit smoking

  IP source-route

  !

  !

  DHCP excluded-address IP 10.11.12.1

  DHCP excluded-address IP 10.11.12.251 10.11.12.254

  !

  IP dhcp pool cisco861-iasi

  import all

  Network 10.11.12.0 255.255.255.0

  domain cisco861.iasi

  DNS-server 10.11.12.1 89.45.200.1

  router by default - 10.11.12.1

  -NetBIOS 10.11.12.2 name server 10.11.12.3

  !

  IP dhcp pool testPC

  the host 10.11.12.111 255.255.255.0

  0100.c030.1012.09 client identifier

  testpc-01 customer name

  !

  !

  IP cef

  IP domain name cisco861.iasi

  name of the IP-server 89.45.200.1

  !

  !

  license udi pid CISCO861-K9 sn [out-of-context]

  !

  !

  username admin secret of privilege 15 4 [removed-of-context]

  !

  !

  interface FastEthernet0

  no ip address

  !

  interface FastEthernet1

  no ip address

  !

  interface FastEthernet2

  no ip address

  !

  interface FastEthernet3

  no ip address

  !

  interface FastEthernet4

  external description $ ETH - LAN$

  IP 89.45.204.118 255.255.255.248

  NAT outside IP

  IP virtual-reassembly in

  full duplex

  automatic speed

  !

  interface Vlan1

  Description $ETH - SW - LAUNCH, INTF-INFO-HWIC $$ $4ESW

  10.11.12.1 IP address 255.255.255.0

  IP nat inside

  IP virtual-reassembly in

  IP tcp adjust-mss 1452

  !

  IP forward-Protocol ND

  IP http server

  23 class IP http access

  local IP http authentication

  IP http secure server

  IP http timeout policy slowed down 60 life 86400 request 10000

  !

  overload of IP nat inside source list 23 interface FastEthernet4

  IP route 0.0.0.0 0.0.0.0 89.45.204.117

  !

  access-list 23 permit 10.11.12.0 0.0.0.255

  Dialer-list 1 ip protocol allow

  SNMP-Server RO community cisco861.Iasi

  !

  Line con 0

  local connection

  line to 0

  line vty 0 4

  access-class 23 in

  privilege level 15

  password [out-of-context]

  local connection

  transport input telnet ssh

  !

  end

  (I couldn't find any CODE or a QUOTE as on other forums... so I tried to indent the config for you guys)

  In addition, here are a few troubleshooting commands I used, maybe they can help some of know you what is the problem

  cisco861 #show ip interface brief

  Interface IP-Address OK? Method status Prot

  Commissioner of official languages

  FastEthernet0 unassigned YES unset upward, upward

  FastEthernet1 unassigned YES unset down down

  FastEthernet2 unassigned YES unset down down

  FastEthernet3 unassigned YES unset down down

  FastEthernet4 89.45.204.118 YES manual up up

  NVI0 89.45.204.118 YES unset upward, upward

  Vlan1 10.11.12.1 YES manual up up

  cisco861 #show mac-address-table

  Port of destination address Destination address Type VLAN

  -------------------  ------------  ----  --------------------

  dynamic xxxx.xxxx.xxxx 1 FastEthernet0

  XXXX.xxxx.xxxx Self 1 Vlan1

  ODD: it has no mac address for the connected FastEthernet 4. How comes? I changed 3 cables. All cables are OK.

  cisco861 #show ip route

  Code: L - local, C - connected, S - static, mobile R - RIP, M-, B - BGP

  D - EIGRP, OSPF, IA - external EIGRP, O - EX - OSPF inter zone

  N1 - type external OSPF NSSA 1, N2 - type external OSPF NSSA 2

  E1 - OSPF external type 1, E2 - external OSPF of type 2

  i - IS - Su - summary IS, L1 - IS - IS level 1, L2 - IS level - 2

  -IS inter area, * - candidate failure, U - static route by user

  o - ODR, P - periodic downloaded route static, H - PNDH, l - LISP

  + - replicated road, % - next hop override

  Gateway of last resort is 89.45.204.117 to network 0.0.0.0

  S * 0.0.0.0/0 [1/0] via 89.45.204.117

  10.0.0.0/8 is variably divided into subnets, 2 subnets, 2 masks

  C 10.11.12.0/24 is directly connected, Vlan1

  L 10.11.12.1/32 is directly connected, Vlan1

  89.0.0.0/8 is variably divided into subnets, 2 subnets, 2 masks

  C 89.45.204.117/29 is directly connected, FastEthernet4

  L 89.45.204.118/32 is directly connected, FastEthernet4

  #show FastEthernet 4 router interfaces

  FastEthernet4 is up, line protocol is up

  Material is PQII_PRO_UEC, the address is xxxx.xxxx.xxxx (bia xxxx.xxxx.xxxx)

  Description: external$ ETH - LAN$

  The Internet address is 89.45.204.118/29

  MTU 1500 bytes, BW 100000 Kbit/s, DLY 100 usec,

  reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  KeepAlive set (10 sec)

  Full-duplex, 100 MB/s, 100BaseTX/FX

  Type of the ARP: ARPA, ARP Timeout 04:00

  Last entry at 00:02:54, 00:00:00 exit, exit hang never

  Final cleaning of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 0

  Strategy of queues: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bps, 0 packets/s

  5 minute output rate 0 bps, 0 packets/s

  28 sachets of entrance, 3909 bytes

  Received 14 emissions (0 of IP multicasts)

  0 Runts, 0 giants, 0 shifters

  entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored

  Guard Dog 0

  entry packets 0 with condition of dribble detected

  output of 110 packages, 25366 bytes, 0 underruns

  0 output errors, 0 collisions, 3 interface resets

  unknown protocol 0 drops

  0 babbles, collision end 0, 0 deferred

  1 lost carrier, 0 no carrier

  output buffer, the output buffers 0 permuted 0 failures

  interfaces of router #show vlan 1

  Vlan1 is up, line protocol is up

  Material is EtherSVI, the address is xxxx.xxxx.xxxx (bia xxxx.xxxx.xxxx)

  Description: $ETH - SW - LAUNCH$ $INTF - INFO - HWIC-$4ESW

  The Internet address is 10.11.12.1/24

  MTU 1500 bytes, BW 100000 Kbit/s, DLY 100 usec,

  reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  KeepAlive not supported

  Type of the ARP: ARPA, ARP Timeout 04:00

  Last entry of 00:00:06, output ever, blocking exit ever

  Final cleaning of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 0

  Strategy of queues: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bps, 0 packets/s

  5 minute output rate 0 bps, 0 packets/s

  packets of 512, 53381 bytes, 0 no buffer entry

  Received 185 broadcasts (0 of IP multicasts)

  0 Runts, 0 giants, 0 shifters

  entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored

  exit 180 packages, 13248 bytes, 0 underruns

  output 0 error, 1 interface resets

  unknown protocol 0 drops

  output buffer, the output buffers 0 permuted 0 failures

  Also, I tried other combinations, as follows

  1. IP route static inter-vfr
  2. IP default-gateway 89.45.204.117 (ofc combined with no ip Routing). I can ping 8.8.8.8 in this scenario, but not other IP addresses. WTF?
  3. network default IP 89.45.204.117 (the bridge) - nothing
  4. 89.45.204.118 default IP network - bothing
  5. IP route 0.0.0.0 0.0.0.0 FastEthernet 4 (with or without 89.45.204.117, with or without permanent keyword)

  Please, have mercy and help me.

  P.S. I've also attached the configuration and troubleshooting files if it will be easier for you to follow this path.

  A big thank you and God bless you!

  Hello

  IP nat inside source static 10.11.12.33 89.45.204.120 (host - to - host)

  IP nat inside source static tcp 10.11.12.33 80 89.45.204.120 80 (port translation host-to - host)

  RES

  Paul

  Please don't forget to rate this post if it has been helpful.

• Cisco Anyconnect Essentials License - What is it

  Hello community.

  I managed to install an ASA with Anyconnect. The Anyconnect client on my laptop works very well.

  But why now to buy a Cisco Anyconnect Essentials License, what exactly is this license?

  AnyConnect works fine without this license.

  But I can not connect with my IPhone with the Cisco Anyconnect for Iphone App. should I buy the Anyconnect for Mobile license and this license just for a single device or all devices. Because this license is really cheap. Cisco licenses normally are expensiv.

  Thank you and best regards patrick

  If you have not all AnyConnect Premium licenses, then you are limited to two simultaneous connections if you do not have the license of anyConnect Essentials. You are right, for i-devices (and Android...) you need the AnyConnect Mobile license.

  AnyConnect Essentials both AnyConnect Mobile are approved by ASA, not user connections. And AnyConnect Mobile needs AnyConnect essential or Preimium AnyConnect license must be activated.

  --
  Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
  http://www.Kiva.org/invitedBy/karsteni

• Cisco has any license demo for VCS?

  A way to study, I would test the VCS to my network for a while.

  Cisco has any license demo for VCS?

  Hello

  I think you get very limited (1 x traversal/1 x no traversal) licenses if you have installed the software.

  See also this thread; You can get a limited time license team demonstration license if you ask him nicely.

  https://supportforums.Cisco.com/discussion/11555961/home-lab-VCs-and-TMS...

  Aaron

• Hello, I have sold my iMac and changed to macbook pro. now I wanted to install lightroom and it says that I have to disable my other license. the problem is my iMac, I sold. any ideas please? Thank you

  Hello, I have sold my iMac and changed to macbook pro. now I wanted to install lightroom and it says that I have to disable my other license. the problem is my iMac, I sold. any ideas please? Thank you

  Recommend contacting customer service

  *Remember to stay signed with your Adobe ID ( email id used to purchase the subscription ) before accessing the link above*.

  Select the exact options indicated below in the capture to get support of screen options:

  
  

• Conductor Cisco - no more license problems

  Hello

  We have XC3.0.2 Cisco driver with two vTS with 12 ports license total.

  We were able to make conference 8-10 participants previously

  But in a few days we started facing the issue of overtaking alert of license on the conductor, even if we do the Conference 3-4... !!

  In conductor, we still see 6 + 6 = 12 license screen includes two vTS

  Also when we do the Conference 3-4, use of resources on each vTS will more than 85%

  Here, I have attached the screen shot of the conductor conference bridge.

  Suggest pls.

  Rgds

  Rajesh Kumar

  Per Table of 8 on the data sheet of the telepresence Server, FullHD video + content will consume actually 2 licenses of the screen.

• ACS Appliance Agent remote problem

  Hello

  We have depending you on the situation:

  -2 x ACS SE

  -2 x ACS Agents on member servers remotely

  -2 x ASA

  We would like to authenticate the VPN users connecting to the ASA via the ACS and active directory.

  I have configured the remote agent following this link:

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_solution_engine/3.3/installation/guide/remote_agent/Rawi.html#wp289426

  But we are not able to pick up groups active directory to the AEC gui--> user external database > database group mappings > Active Directory > new Configuration.

  On the domain controller, we get the error ID 1030 and 1058, someone had these problems too?

  Thanks in advance and best regards

  Dominic

  Most likely, this is a Permission problem. What OS and SP you use.

  Have you tried to run the remote agent by using the LOCAL account instead of the service account that you created?

  Kind regards

  ~ JG

  Note the useful messages

• "" Cisco ASA multiple defects remote control let users deny Service and bypass the security controls ".

  Recently we have heard people talk of "Cisco ASA several flaws let users deny remote Service and bypass the security controls" under the securitytracker. However, as everyone knew, ASA 8.3 need a lot more resources on ASA HW to run. I checked that the bugs associated to above problem "CSCtg69742, CSCth36592, CSCtg61810, CSCte53635, CSCte46460, CSCte20030, CSCtf29867, CSCte14901, CSCsz80777, CSCsz36816" in the Cisco Bug Toolkit. None of them show any information if there is a fix for ASA 8.2 (x).

  This means that Cisco starts to stop supporting 8.2 (x) and to push customers to their "so-called" best image 8.3 version (x) as a strategy of "marketing?

  Cisco is best to find a solution for this problem on 8.2 (x) rather than push customers to something Cisco "love." It may not be the best interest of the customers AT ALL. Instead of pushing customers to ASA 8.3 (x), Cisco likely to push customers to its big competitor Juniper:)

  Sean,

  I did a quick search on the Bug Toolkit for CSCtg69742 and found the following result.

  Fixed in
  8.2 (3)
  8.3 (1.5)
  8.3 (2)
  8.2 (2.15)
  8.2 (2.107)
  100,7 (0.17) M
  100.5 (5.16) M
  8.3 (1,100)
  100.7 (6.1) M
  8.4 (0.99)

  This was posted in the column on the left side of the search results page.

  I recommend you research each ID of Bug Bug Toolkit (http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs) for the version name (number) that contains the fix for this bug.

  HTH

  Amol

• Labview Remote problem

  Hello!

  I have a NI USB DAQ of 6341 who assume to control a horse trough PMT and LED Labview 2010.

  But, Labview is not installed in my PC, I use it remotely from the University and I am facing problem to use DAQmx (version 9.3.5) in Labview.

  What I want to know is how to make my remote Labview for data acquisition in my computer.

  I guess it's a very simple question, but after hours trying to find a solution, I decided to ask the experts...

  Thank you!

  Hello RadGent,

  This solution will not work in your case.

  However with NOR-DAQmx 8.0 and later, NOR-DAQmx OPC features can be used to obtain the features of reliable network of remote systems.
  GDR (as mentioned in the document you provided) is not supported in NOR-DAQmx.

  You can try something like this:

  http://zone.NI.com/DevZone/CDA/tut/p/ID/3742

  The best and the most simple of measures to be taken would be to install the software locally, especially because you are working with a USB device.

  Goes on ethernet, at University, then return in the same pc to connect to the DAQ card would seriously increase the latency of the system.

• Have a Live View remote problem...

  I use the remote software a lot and started having a problem in Live Mode when connected to the laptop...

  If I am connected there is no problem, but when I go to Live View to see what the camera sees it running a little and then give a "Connection Lost" error and close the software... You can't restart it unless you unplug the USB cable and plug it into the back...  Then, you can restart the software and all works fine... but when switching back to see live can run from any where between 1 second and 20 minutes without any problem, then "lost connection" and the software will stop...  I tried several cables, Reloaded the software and made sure Batteies are reloaded...  I had the camera for a year and a half and it has just started in the last month...   Before I could leave in direct mode until the battery pack came out with such a failure...

  Hi Quantummist,

  I recommend that you contact us for assistance with this.

• Cisco EA4500 - No associated router problem :-(

  I just install my new EA4500 of Cisco and upgraded to the latest firmware and signed for my account.

  Local access to the router works fine and I see the admin/config interface Smart Wi - Fi

  However, when I try to go to the following website: http://www.linksyssmartwifi.com/

  It redirects me to here:

  https://www.ciscoconnectcloud.com/UI/1.0.0.146985/dynamic/no-associated-router.html

  The text says:

  -------------

  To access the tools of Wi - Fi Smart Linksys, router requires the http://homesupport.cisco.com/en-us/support/ccc"> EA series Linksys Smart Wi - Fi Firmware and you will need to associate your router to your account Linksys Smart Wi - Fi."
  On a computer or a device connected to your router, open www.linksyssmartwifi.com and follow the instructions. This requires you to enter the router password so have that ready.

  -------------

  However, I see no way to perform the step of the association - my account exists and my router is configured.

  Note: I do all this behind this wi - fi network router remotely

  Any help appreciated - bad first experience

  Thanks in advance

  -A-

  Follow the steps on how to associate the router properly with the account you signed-up for already. Note: you may need to reset your router, if this doesn't always work for you. Creation, activation and associate a Smart WiFi Linksys account.

• Management E4200v2 remote problem

  Hi all

  I have a little problem with remote management on my E4200v2.

  I have him, select https and all on by default the allowed IP address value remote port (8080)

  After all this, I can't connect my router to my office or any other place. I use DDNS and all its ok (updated time). I tried to connect to my direct IP (dynamic), but without result.

  Any ideea? This is the only problem that I discovered this device.

  P.S. no newspaper entering port 443 using https

  Thank you

  Try changing the port 8081 instead of 8080. Otherwise, you could use http instead of https for remote management, where it does not work with https. Also to ensure that the anonymous internet application of the filter box should be disabled in the Security tab, on the router configuration page.

• Remote - problem with full screen desktop

  I use Win 7 for a few months now, and the user experience is great!

  Remote Desktop software update is large but with a very annoying problem that I am facing.
  I use this to access my PC on my home LAN. I left once his mode full screen I need a windowed mode to work, but since I was not able to return to full screen. I tried to restart the sessions remotely, Resart the two PCs, delete the information identification, but in vain.

  Kindly help to solve the problem, because it is very annoying to use the session remotely in windowed mode, navigate and go down each time to access the taskbar and the address bar!

  Thank you.

  Hello
   
  Follow these steps and check whether the problem is resolved.
   
  Method 1:
   
  -Start "Remote Desktop connection".
  -Click on 'Options '.
  -Click the "View" tab
  -On "Display Configuration" settings, you can change the display of "Remote Desktop connection" by moving the slider of "small to large.
  -By moving the "slider" all the way to large, the display settings will automatically set in 'full screen '.
   
  Method 2:
   
  You can try CTRL-ALT & Break to return to the screen in full-screen.
  For more information about the remote desktop connection it see below section of Windows Help.
   
  Remote Desktop connection: frequently asked questions
  http://Windows.Microsoft.com/en-us/Windows7/Remote-Desktop-connection-frequently-asked-questions

  Thank you, and in what concerns:
  I. Suuresh Kumar-Microsoft Support.
  Visit our Microsoft answers feedback Forumand let us know what you think.

• First Cisco infrastructure reinstall - license question

  Hello world

  Here's the scenario, the Cisco IP running is v1.1 (w/c at the moment is still called Cisco NCS (Network Control System) and unfortunately, she appeared.

  Re-Setup was planned and they want the latest version, w/c is 2.1 installed.

  Now, here are the questions:
  1. How can I transfer my license? Should I key PAK? If so, it will remain usable for the new Cisco PI?
  1.A. How can I do? I mean transfer the license?

  2. the devices not supported on the upgrade?

  It's quite deep-research question, I would say. I do research in fact the answer right now, but hope someone can help me :)
  I have a version of thread hard time considering that it's an old of it (and he even existed in the old name too!)

  Thank you! : D

  You can move your PI 2.1 license.  Email [email protected] / * /.

• Cisco ASA 5510 + license + AIP - SSM

  Hello.

  I have this box.

  I have a few questions about it.

  (1) I'll be able to update the firmware (from 8.2 to 8.3 or greater for example) without smarnet for ASA 5510? And what can not do without smartnet?

  (2) I have only AIP-SSM-10 module this ASA 5510. is there a smartnet, too? And when I buy only one module is it build in a subscription for 1 year for the signatures of the IPS?

  (3) if I have the Cisco ASA 5510 base license, my IPS on AIP-SSM-10 will work?

  (4) as I foresee in a purchase of the year a 5510 more with the same module and mount ther of failover. I really need license Security more than failover (active / standby)? For active/active, I know I need one, Yes?

  Please help me.

  (1) you must Smartnet in order to download the software from the download from cisco.com site.

  (2) Yes, there is also a smartnet for the AIP module. Module AIP does not come with one year subscription, but you can ask for a demo license.

  (3) Yes, the basic license is OK for the AIP module.

  (4) Yes, you would need license security more on the two ASA to be able to run any type of failover on ASA5510.

  Hope that answers your questions.