Cisco ASA5505 with double tis + IPSEC
Hello guys,.
I have problem with double ISP + IPSEC on my cisco ASA5505 dry more license.
Routing works OK (to connect to the Internet from siteA is work trought
1 also second ISP) but IPSEC works trought just the first
INTERNET SERVICE PROVIDER! There seemt that phase 1 and 2 of the Protocol IPSEC is correct but the packages
Encrypt just but no not decryption. You have an idea what is the problem?
I try to ping from the (PC - 10.4.1.66) siteA siteB (PC - 10.3.128.50)
Thank you
config site A:
##########################################################################
ASA5505 Version 8.2 (1)
interface Vlan1
nameif inside
security-level 100
IP 10.4.1.65 255.255.255.248
!
interface Vlan2
nameif outside
security-level 0
IP 192.168.1.2 255.255.255.0
!
interface Vlan3
internet nameif
security-level 0
IP address 212.89.235.yy 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
switchport access vlan 3
outside_cryptomap list extended access allow icmp 10.4.1.64 255.255.255.248 10.3.128.0 255.255.255.0
10.4.1.64 IP Access-list extended sheep 255.255.255.248 allow 10.3.0.0 255.255.0.0
10.4.1.64 IP Access-list extended sheep 255.255.255.248 allow 10.16.0.0 255.255.0.0
access inside extended ip permit list an entire
extended permitted inside a whole icmp access list
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
Internet MTU 1500
no failover
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 621.bin
don't allow no asdm history
ARP timeout 14400
Global 1 interface (outside)
Global interface (internet) 1
NAT (inside) 0 access-list sheep
NAT (inside) 1 10.4.1.64 255.255.255.248
Access-group internet_in in interface outside
internet_in group to access the Web interface
Route outside 0.0.0.0 0.0.0.0 192.168.1.1 1 track 1
Internet route 0.0.0.0 0.0.0.0 212.89.235.yy 254
Server enable SNMP traps snmp authentication linkup, linkdown cold start
monitor SLA 123
interface type echo protocol ipIcmpEcho 212.89.229.xx outdoor
NUM-package of 3
frequency 10
Annex ALS life monitor 123 to always start-time now
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
3600 seconds, duration of life crypto ipsec security association
Crypto ipsec kilobytes of life - safety 4608000 association
card crypto outside_map0 1 match address outside_cryptomap
card crypto outside_map0 1 set 212.89.229.xx counterpart
outside_map0 card crypto 1jeu transform-set ESP-AES-256-SHA
outside_map0 map 1 lifetime of security association set seconds 28800 crypto
card crypto outside_map0 1 set security-association life kilobytes 4608000
card crypto game 2 outside_map0 address outside_cryptomap_1
outside_map0 interface card crypto outside
outside_map0 card crypto internet interface
ISAKMP crypto identity hostname
crypto ISAKMP allow outside
crypto ISAKMP enable internet
crypto ISAKMP policy 3
preshared authentication
aes-256 encryption
sha hash
Group 2
life 300
!
track 1 rtr 123 accessibility
Telnet 10.4.1.64 255.255.255.248 inside
Telnet timeout 1440
SSH 10.4.1.64 255.255.255.248 inside
SSH 212.89.229.xx 255.255.255.255 outside
SSH timeout 60
SSH version 2
Console timeout 0
management-access inside
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
NTP server 194.160.23.2 source outdoors
WebVPN
attributes of Group Policy DfltGrpPolicy
Protocol-tunnel-VPN IPSec l2tp ipsec
username xx
tunnel-group 212.89.229.xx type ipsec-l2l
212.89.229.XX group of tunnel ipsec-attributes
pre-shared-key *.
siteA # sh crypto isakmp his d
ITS enabled: 1
Generate a new key SA: 0 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
Total SA IKE: 1
1 peer IKE: 212.89.229.xx
Type: L2L role: initiator
Generate a new key: no State: MM_ACTIVE
Encryption: aes - 256 Hash: SHA
AUTH: preshared to life: 300
Remaining life: 91
# sh crypto ipsec siteA his
Interface: internet
Tag crypto map: outside_map0, seq num: 1, local addr: 212.89.235.yy
outside_cryptomap list of access allowed icmp 10.4.1.64 255.255.255.248 10.3.128.0 255.255.255.0
local ident (addr, mask, prot, port): (10.4.1.64/255.255.255.248/1/0)
Remote ident (addr, mask, prot, port): (10.3.128.0/255.255.255.0/1/0)
current_peer: 212.89.229.xx
program #pkts: 7, #pkts encrypt: 7, #pkts digest: 7
#pkts decaps: 0, #pkts decrypt: 0, #pkts check: 0
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 7, comp #pkts failed: 0, #pkts Dang failed: 0
success #frag before: 0, failures before #frag: 0, #fragments created: 0
Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
#send errors: 0, #recv errors: 0
local crypto endpt. : 212.89.235.115, remote Start crypto. : 212.89.229.2
Path mtu 1500, fresh ipsec generals 74, media, mtu 1500
current outbound SPI: 2A9B550B
SAS of the esp on arrival:
SPI: 0xCF456F65 (3477434213)
transform: aes-256-esp esp-sha-hmac no compression
running parameters = {L2L, Tunnel}
slot: 0, id_conn: 32768, crypto-card: outside_map0
calendar of his: service life remaining (KB/s) key: (4374000/28629)
Size IV: 16 bytes
support for replay detection: Y
Anti-replay bitmap:
0x00000000 0x00000001
outgoing esp sas:
SPI: 0x2A9B550B (714822923)
transform: aes-256-esp esp-sha-hmac no compression
running parameters = {L2L, Tunnel}
slot: 0, id_conn: 32768, crypto-card: outside_map0
calendar of his: service life remaining (KB/s) key: (4373999/28629)
Size IV: 16 bytes
support for replay detection: Y
Anti-replay bitmap:
0x00000000 0x00000001
# sh logging asdm siteA | I have 10.3.128.50
6. 19 sep 2011 10:27:37 | 302020: built outgoing ICMP connection for faddr gaddr laddr 10.4.1.66/1024 10.4.1.66/1024 10.3.128.50/0
6. 19 sep 2011 10:27:39 | 302021: connection of disassembly ICMP for faddr gaddr laddr 10.4.1.66/1024 10.4.1.66/1024 10.3.128.50/0
config site B:
##########################################################################
ASA 5510 Version 8.0 (4)
interface Ethernet0/0
nameif outside
security-level 0
IP address 212.89.229.xx 255.255.255.240
OSPF cost 10
interface Ethernet0/1.10
VLAN 10
nameif users
security-level 50
IP 10.3.128.0 255.255.255.0
10.3.128.0 IP Access-list extended siteA 255.255.255.0 allow 10.4.1.64 255.255.255.248
Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
3600 seconds, duration of life crypto ipsec security association
Crypto ipsec kilobytes of life - safety 4608000 association
outside_map crypto card 9 matches the address SiteA
card crypto outside_map 9 peers set 212.89.229.xx
card crypto outside_map 9 game of transformation-ESP-AES-256-SHA
life card crypto outside_map 9 set security-association seconds 28800
card crypto outside_map 9 set security-association life kilobytes 4608000
outside_map crypto 10 card matches the address SiteA
card crypto outside_map 10 peers set 212.89.235.yy
outside_map crypto 10 card value transform-set ESP-AES-256-SHA
life safety association set card crypto outside_map 10 28800 seconds
card crypto outside_map 10 set security-association life kilobytes 4608000
crypto ISAKMP policy 20
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
tunnel-group 212.89.229.xx type ipsec-l2l
212.89.229.XX group of tunnel ipsec-attributes
pre-shared-key *.
tunnel-group 212.89.235.yy type ipsec-l2l
212.89.235.yy group of tunnel ipsec-attributes
pre-shared-key *.
SiteB # sh crypto isakmp his d
HIS active: 7
Generate a new key SA: 1 (a tunnel report Active 1 and 1 to generate a new key during the generate a new key)
Total SA IKE: 8
8 peer IKE: 212.89.235.115
Type: L2L role: initiator
Generate a new key: no State: MM_ACTIVE
Encryption: aes - 256 Hash: SHA
AUTH: preshared to life: 300
Remaining life: 245
# Sh crypto ipsec SiteB his | b 212.89.235.yy
current_peer: 212.89.235.yy
#pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
decaps #pkts: 12, #pkts decrypt: 12, #pkts check: 12
compressed #pkts: 0, unzipped #pkts: 0
#pkts uncompressed: 0, comp #pkts failed: 0, #pkts Dang failed: 0
success #frag before: 0, failures before #frag: 0, #fragments created: 0
Sent #PMTUs: 0, #PMTUs rcvd: 0, reassembly: 20th century / of frgs #decapsulated: 0
#send errors: 0, #recv errors: 0
local crypto endpt. : 212.89.229.xx, remote Start crypto. : 212.89.235.yy
Path mtu 1500, fresh ipsec generals 74, media, mtu 1500
current outbound SPI: CF456F65
SAS of the esp on arrival:
SPI: 0x2A9B550B (714822923)
transform: aes-256-esp esp-sha-hmac no compression
running parameters = {L2L, Tunnel}
slot: 0, id_conn: 4378624, crypto-card: outside_map
calendar of his: service life remaining (KB/s) key: (3914999/27310)
Size IV: 16 bytes
support for replay detection: Y
Anti-replay bitmap:
0 x 00000000 0x00001FFF
outgoing esp sas:
SPI: 0xCF456F65 (3477434213)
transform: aes-256-esp esp-sha-hmac no compression
running parameters = {L2L, Tunnel}
slot: 0, id_conn: 4378624, crypto-card: outside_map
calendar of his: service life remaining (KB/s) key: (3915000/27308)
Size IV: 16 bytes
support for replay detection: Y
# sh logging asdm siteB. I have 10.4.1.66
6. 19 sep 2011 10:29:49 | 302021: connection of disassembly ICMP for faddr gaddr laddr 10.3.128.50/0 10.3.128.50/0 10.4.1.66/1024
6. 19 sep 2011 10:29:50 | 302020: built ICMP incoming connections for faddr gaddr laddr 10.3.128.50/0 10.3.128.50/0 10.4.1.66/1024
I'm glad that this answer to your question, feel free to mark the post as answered and the rate of useful messages
Good day.
Tags: Cisco Security
Similar Questions
-
Redundancy with double tis on cisco ASA VPN Site to Site
Dear supporters,
Could you help me to provide a configuration for the network as an attachment diagram.
I am suitable with your help.
Thank you
Best regards
Hi Sothengse,
You can visit the below link and configure ASA @ head and Canes accordingly to your condition.
You must change the configuration of the similar example with ends... Double TIS @ ends in your scenario...
http://networkology.NET/2013/03/08/site-to-site-VPN-with-dual-ISP-for-BA...
I hope this helps.
Concerning
Knockaert
-
Hello.. It is possible for cisco asa 5510 hitting the load balancing between double tis? and what will the configurations? Thanks... :D
Hello
ACB is used normally for balancing the load on network devices. Another one of my posts on this forum and I quote:
The ASA/PIX does not ACB support to date. I told her on the road map.
As a work around, you can run multiple contexts, if its possible to break your lan into two subnets.
And also allocate the Internet interfaces appropriate to each context (with the default gateway pointing to the respective service providers).
This link will help you get started:
Please NOTE: dynamic routing and virtual private networks are not supported in Multiple context mode.
Another alternative, if WAN links end on a router (and not the firewall), you could use this router to the ACB.
Concerning
Farrukh
-
Problem Cisco 2811 with L2TP IPsec VPN
Hello. Sorry for my English. Help me please. I have problem with L2TP over IPsec VPN when I connect with Android phones. Even if I connect with laptop computers. I have Cisco 2811 - Cisco IOS software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4 (2) T2, (fc3) SOFTWARE VERSION. I configured on L2TP over IPsec VPN with Radius Authentication
My config:
!
AAA new-model
!
!
AAA authentication login default local
Ray of AAA for authentication ppp default local group
AAA authorization network default authenticated if
start-stop radius group AAA accounting network L2TP_RADIUS!
dhcp L2tp IP pool
network 192.168.100.0 255.255.255.0
default router 192.168.100.1
domain.local domain name
192.168.101.12 DNS server
18c0.a865.c0a8.6401 hexagonal option 121
18c0.a865.c0a8.6401 hexagonal option 249VPDN enable
!
VPDN-group sec_groupe
! Default L2TP VPDN group
accept-dialin
L2tp Protocol
virtual-model 1
no authentication of l2tp tunnelsession of crypto consignment
!
crypto ISAKMP policy 5
BA 3des
preshared authentication
Group 2
!
crypto ISAKMP policy 55
BA 3des
md5 hash
preshared authentication
Group 2ISAKMP crypto key... address 0.0.0.0 0.0.0.0
invalid-spi-recovery crypto ISAKMP
ISAKMP crypto keepalive 10 periodicals
!
life crypto ipsec security association seconds 28000
!
Crypto ipsec transform-set esp-3des esp-sha-hmac L2TP
transport mode
Crypto ipsec transform-set esp-3des esp-md5-hmac 3DESMD5
need transport mode
!!
!
crypto dynamic-map DYN - map 10
Set nat demux
game of transformation-L2TP
!
!
Crypto map 10 L2TP-VPN ipsec-isakmp dynamic DYN-mapinterface Loopback1
Description * L2TP GateWay *.
IP 192.168.100.1 address 255.255.255.255interface FastEthernet0/0
Description * Internet *.
address IP 95.6... 255.255.255.248
IP access-group allow-in-of-wan in
IP access-group allows-off-of-wan on
no ip redirection
no ip unreachable
no ip proxy-arp
NAT outside IP
IP virtual-reassembly
IP route cache policy
automatic duplex
automatic speed
L2TP-VPN crypto card
!interface virtual-Template1
Description * PPTP *.
IP unnumbered Loopback1
IP access-group L2TP_VPN_IN in
AutoDetect encapsulation ppp
default IP address dhcp-pool L2tp peer
No keepalive
PPP mtu Adaptive
PPP encryption mppe auto
PPP authentication ms-chap-v2 callin
PPP accounting L2TP_RADIUSL2TP_VPN_IN extended IP access list
permit any any icmp echo
IP 192.168.100.0 allow 0.0.0.255 192.168.101.0 0.0.0.255
IP 192.168.100.0 allow 0.0.0.255 192.168.3.0 0.0.0.255
allow udp any any eq bootps
allow udp any any eq bootpc
deny ip any any journal entryRADIUS-server host 192.168.101.15 auth-port 1812 acct-port 1813
RADIUS server retry method reorganize
RADIUS server retransmit 2
Server RADIUS 7 key...Debugging shows me
234195: * 3 Feb 18:53:38: ISAKMP (0:0): received 93.73.161.229 packet dport 500 sport 500 SA NEW Global (N)
234196: * 3 Feb 18:53:38: ISAKMP: created a struct peer 93.73.161.229, peer port 500
234197: * 3 Feb 18:53:38: ISAKMP: new position created post = 0x47D305BC peer_handle = 0x80007C5F
234198: * 3 Feb 18:53:38: ISAKMP: lock struct 0x47D305BC, refcount 1 to peer crypto_isakmp_process_block
234199: * 3 Feb 18:53:38: ISAKMP: 500 local port, remote port 500
234200: * 3 Feb 18:53:38: insert his with his 480CFF64 = success
234201: * 3 Feb 18:53:38: ISAKMP: (0): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
234202: * 3 Feb 18:53:38: ISAKMP: (0): former State = new State IKE_READY = IKE_R_MM1
234203: * 3 Feb 18:53:38: ISAKMP: (0): treatment ITS payload. Message ID = 0
234204: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234205: * 3 Feb 18:53:38: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 69
234206: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234207: * 3 Feb 18:53:38: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 164
234208: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234209: * 3 Feb 18:53:38: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 123
234210: * 3 Feb 18:53:38: ISAKMP: (0): provider ID is NAT - T v2
234211: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234212: * 3 Feb 18:53:38: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 221
234213: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234214: * 3 Feb 18:53:38: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 194
234215: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234216: * 3 Feb 18:53:38: ISAKMP: (0): provider ID is DPD
234217: * 3 Feb 18:53:38: ISAKMP: (0): looking for a key corresponding to 93.73.161.229 in default
234218: * 3 Feb 18:53:38: ISAKMP: (0): success
234219: * 3 Feb 18:53:38: ISAKMP: (0): pair found pre-shared key matching 93.73.161.229
234220: * 3 Feb 18:53:38: ISAKMP: (0): pre-shared key local found
234221: * 3 Feb 18:53:38: ISAKMP: analysis of the profiles for xauth...
234222: * 3 Feb 18:53:38: ISAKMP: (0): audit ISAKMP transform 1 against policy priority 5
234223: * 3 Feb 18:53:38: ISAKMP: type of life in seconds
234224: * 3 Feb 18:53:38: ISAKMP: life (basic) of 28800
234225: * 3 Feb 18:53:38: ISAKMP: 3DES-CBC encryption
234226: * 3 Feb 18:53:38: ISAKMP: pre-shared key auth
234227: * 3 Feb 18:53:38: ISAKMP: SHA hash
234228: * 3 Feb 18:53:38: ISAKMP: group by default 2
234229: * 3 Feb 18:53:38: ISAKMP: (0): atts are acceptable. Next payload is 3
234230: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234231: * 3 Feb 18:53:38: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 69
234232: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234233: * 3 Feb 18:53:38: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 164
234234: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234235: * 3 Feb 18:53:38: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 123
234236: * 3 Feb 18:53:38: ISAKMP: (0): provider ID is NAT - T v2
234237: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234238: * 3 Feb 18:53:38: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 221
234239: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234240: * 3 Feb 18:53:38: ISAKMP: (0): provider ID seems the unit/DPD but major incompatibility of 194
234241: * 3 Feb 18:53:38: ISAKMP: (0): load useful vendor id of treatment
234242: * 3 Feb 18:53:38: ISAKMP: (0): provider ID is DPD
234243: * 3 Feb 18:53:38: ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
234244: * 3 Feb 18:53:38: ISAKMP: (0): former State = new State IKE_R_MM1 = IKE_R_MM1234245: * 3 Feb 18:53:38: ISAKMP: (0): built the seller-02 ID NAT - t
234246: * 3 Feb 18:53:38: ISAKMP: (0): lot of 93.73.161.229 sending my_port 500 peer_port 500 (R) MM_SA_SETUP
234247: * 3 Feb 18:53:38: ISAKMP: (0): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
234248: * 3 Feb 18:53:38: ISAKMP: (0): former State = new State IKE_R_MM1 = IKE_R_MM2234249: * 3 Feb 18:53:38: ISAKMP (0:0): received 93.73.161.229 packet 500 Global 500 (R) sport dport MM_SA_SETUP
234250: * 3 Feb 18:53:38: ISAKMP: (0): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
234251: * 3 Feb 18:53:38: ISAKMP: (0): former State = new State IKE_R_MM2 = IKE_R_MM3234252: * 3 Feb 18:53:38: ISAKMP: (0): processing KE payload. Message ID = 0
234253: * 3 Feb 18:53:38: crypto_engine: create DH shared secret
234254: * 3 Feb 18:53:38: CryptoEngine0: CRYPTO_ISA_DH_SHARE_SECRET (hw) (ipsec)
234255: * 3 Feb 18:53:38: ISAKMP: (0): processing NONCE payload. Message ID = 0
234256: * 3 Feb 18:53:38: ISAKMP: (0): looking for a key corresponding to 93.73.161.229 in default
234257: * 3 Feb 18:53:38: ISAKMP: (0): success
234258: * 3 Feb 18:53:38: ISAKMP: (0): pair found pre-shared key matching 93.73.161.229
234259: * 3 Feb 18:53:38: crypto_engine: create IKE SA
234260: * 3 Feb 18:53:38: CryptoEngine0: CRYPTO_ISA_SA_CREATE (hw) (ipsec)
234261: * 3 Feb 18:53:38: ISAKMP: receives the payload type 20
234262: * 3 Feb 18:53:38: ISAKMP: receives the payload type 20
234263: * 3 Feb 18:53:38: ISAKMP (0:5912): NAT found, the node outside NAT
234264: * 3 Feb 18:53:38: ISAKMP: (5912): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
234265: * 3 Feb 18:53:38: ISAKMP: (5912): former State = new State IKE_R_MM3 = IKE_R_MM3234266: * 3 Feb 18:53:38: ISAKMP: (5912): lot of 93.73.161.229 sending my_port 500 peer_port 500 (R) MM_KEY_EXCH
234267: * 3 Feb 18:53:38: ISAKMP: (5912): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
234268: * 3 Feb 18:53:38: ISAKMP: (5912): former State = new State IKE_R_MM3 = IKE_R_MM4234269: * 3 Feb 18:53:38: ISAKMP (0:5912): received 93.73.161.229 packet dport 4500 4500 Global (R) MM_KEY_EXCH sport
234270: * 3 Feb 18:53:38: crypto_engine: package to decipher IKE
234271: * 3 Feb 18:53:38: CryptoEngine0: CRYPTO_ISA_IKE_DECRYPT (hw) (ipsec)
234272: * 3 Feb 18:53:38: ISAKMP: (5912): entry = IKE_MESG_FROM_PEER, IKE_MM_EXCH
234273: * 3 Feb 18:53:38: ISAKMP: (5912): former State = new State IKE_R_MM4 = IKE_R_MM5234274: * 3 Feb 18:53:38: ISAKMP: (5912): payload ID for treatment. Message ID = 0
234275: * 3 Feb 18:53:38: ISAKMP (0:5912): payload ID
next payload: 8
type: 1
address: 192.168.1.218
Protocol: 17
Port: 500
Length: 12
234276: * 3 Feb 18:53:38: ISAKMP: (5912): peer games * no * profiles
234277: * 3 Feb 18:53:38: ISAKMP: (5912): HASH payload processing. Message ID = 0
234278: * 3 Feb 18:53:38: crypto_engine: hash generate IKE
234279: * 3 Feb 18:53:38: CryptoEngine0: CRYPTO_ISA_IKE_HMAC (hw) (ipsec)
234280: * 3 Feb 18:53:38: ISAKMP: (5912): SA authentication status:
authenticated
234281: * 3 Feb 18:53:38: ISAKMP: (5912): SA has been authenticated with 93.73.161.229
234282: * 3 Feb 18:53:38: ISAKMP: (5912): port detected floating port = 4500
234283: * 3 Feb 18:53:38: ISAKMP: attempts to insert a peer and inserted 95.6.../93.73.161.229/4500/ 47D305BC successfully.
234284: * 3 Feb 18:53:38: ISAKMP: (5912): IKE_DPD is enabled, the initialization of timers
234285: * 3 Feb 18:53:38: ISAKMP: (5912): entry = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
234286: * 3 Feb 18:53:38: ISAKMP: (5912): former State = new State IKE_R_MM5 = IKE_R_MM5234287: * 3 Feb 18:53:38: ISAKMP: (5912): ITS been pre-shared key, using id ID_IPV4_ADDR type authentication
234288: * 3 Feb 18:53:38: ISAKMP (0:5912): payload ID
next payload: 8
type: 1
address: 95.6...
Protocol: 17
Port: 0
Length: 12
234289: * 3 Feb 18:53:38: ISAKMP: (5912): the total payload length: 12
234290: * 3 Feb 18:53:38: crypto_engine: hash generate IKE
234291: * 3 Feb 18:53:38: CryptoEngine0: CRYPTO_ISA_IKE_HMAC (hw) (ipsec)
234292: * 3 Feb 18:53:38: crypto_engine: package to encrypt IKE
routerindc #.
234293: * 3 Feb 18:53:38: CryptoEngine0: CRYPTO_ISA_IKE_ENCRYPT (hw) (ipsec)
234294: * 3 Feb 18:53:38: ISAKMP: (5912): lot of 93.73.161.229 sending peer_port my_port 4500 4500 (R) MM_KEY_EXCH
234295: * 3 Feb 18:53:38: ISAKMP: (5912): entry = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
234296: * 3 Feb 18:53:38: ISAKMP: (5912): former State = new State IKE_R_MM5 = IKE_P1_COMPLETE234297: * 3 Feb 18:53:38: ISAKMP: (5912): entry = IKE_MESG_INTERNAL, IKE_PHASE1_COMPLETE
234298: * 3 Feb 18:53:38: ISAKMP: (5912): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETE234299: * 3 Feb 18:53:38: ISAKMP (0:5912): received 93.73.161.229 packet dport 4500 4500 Global (R) QM_IDLE sport
234300: * 3 Feb 18:53:38: ISAKMP: node set-893966165 to QM_IDLE
234301: * 3 Feb 18:53:38: crypto_engine: package to decipher IKE
234302: * 3 Feb 18:53:38: CryptoEngine0: CRYPTO_ISA_IKE_DECRYPT (hw) (ipsec)
234303: * 3 Feb 18:53:38: crypto_engine: hash generate IKE
234304: * 3 Feb 18:53:38: CryptoEngine0: CRYPTO_ISA_IKE_HMAC (hw) (ipsec)
234305: * 3 Feb 18:53:38: ISAKMP: (5912): HASH payload processing. Message ID =-893966165
234306: * 3 Feb 18:53:38: ISAKMP: (5912): treatment protocol NOTIFIER INITIAL_CONTACT 1
SPI 0, message ID =-893966165, his 480CFF64 =
234307: * 3 Feb 18:53:38: ISAKMP: (5912): SA authentication status:
authenticated
234308: * 3 Feb 18:53:38: ISAKMP: (5912): process of first contact.
dropping existing phase 1 and 2 with 95.6 local... 93.73.161.229 remote remote port 4500
234309: * 3 Feb 18:53:38: ISAKMP: (5912): node-893966165 error suppression FALSE reason 'informational (en) State 1.
234310: * 3 Feb 18:53:38: ISAKMP: (5912): entry = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
234311: * 3 Feb 18:53:38: ISAKMP: (5912): former State = new State IKE_P1_COMPLETE = IKE_P1_COMPLETE234312: * 3 Feb 18:53:38: IPSEC (key_engine): had an event of the queue with 1 KMI message (s)
234313: * 3 Feb 18:53:39: % s-6-IPACCESSLOGRL: registration of limited or missed rates 150 packages of access list
234314: * 3 Feb 18:53:39: ISAKMP (0:5912): received 93.73.161.229 packet dport 4500 4500 Global (R) QM_IDLE sport
234315: * 3 Feb 18:53:39: ISAKMP: node set-1224389198 to QM_IDLE
234316: * 3 Feb 18:53:39: crypto_engine: package to decipher IKE
234317: * 3 Feb 18:53:39: CryptoEngine0: CRYPTO_ISA_IKE_DECRYPT (hw) (ipsec)
234318: * 3 Feb 18:53:39: crypto_engine: hash generate IKE
234319: * 3 Feb 18:53:39: CryptoEngine0: CRYPTO_ISA_IKE_HMAC (hw) (ipsec)
234320: * 3 Feb 18:53:39: ISAKMP: (5912): HASH payload processing. Message ID =-1224389198
234321: * 3 Feb 18:53:39: ISAKMP: (5912): treatment ITS payload. Message ID =-1224389198
234322: * 3 Feb 18:53:39: ISAKMP: (5912): proposal of IPSec checking 1
234323: * 3 Feb 18:53:39: ISAKMP: turn 1, ESP_3DES
234324: * 3 Feb 18:53:39: ISAKMP: attributes of transformation:
234325: * 3 Feb 18:53:39: ISAKMP: type of life in seconds
234326: * 3 Feb 18:53:39: ISAKMP: life of HIS (basic) of 28800
234327: * 3 Feb 18:53:39: ISAKMP: program is 61444 (Transport-UDP)
234328: * 3 Feb 18:53:39: ISAKMP: authenticator is HMAC-SHA
234329: * 3 Feb 18:53:39: CryptoEngine0: validate the proposal
234330: * 3 Feb 18:53:39: ISAKMP: (5912): atts are acceptable.
234331: * 3 Feb 18:53:39: IPSEC (validate_proposal_request): part #1 of the proposal
(Eng. msg key.) Local INCOMING = 95.6..., distance = 93.73.161.229,.
local_proxy = 95.6.../255.255.255.255/17/1701 (type = 1),
remote_proxy = 93.73.161.229/255.255.255.255/17/0 (type = 1),
Protocol = ESP, transform = esp-3des esp-sha-hmac (UDP Transport),
lifedur = 0 and 0kb in
SPI = 0 x 0 (0), id_conn = 0, keysize = 0, flags = 0 x 0
234332: * 3 Feb 18:53:39: map_db_find_best found no corresponding card
234333: * 3 Feb 18:53:39: ISAKMP: (5912): processing NONCE payload. Message ID =-1224389198
234334: * 3 Feb 18:53:39: ISAKMP: (5912): payload ID for treatment. Message ID =-1224389198
234335: * 3 Feb 18:53:39: ISAKMP: (5912): payload ID for treatment. Message ID =-1224389198
234336: * 3 Feb 18:53:39: ISAKMP: (5912): ask 1 spis of ipsec
234337: * 3 Feb 18:53:39: ISAKMP: (5912): entrance, node-1224389198 = IKE_MESG_FROM_PEER, IKE_QM_EXCH
234338: * 3 Feb 18:53:39: ISAKMP: (5912): former State = new State IKE_QM_READY = IKE_QM_SPI_STARVE
234339: * 3 Feb 18:53:39: IPSEC (key_engine): had an event of the queue with 1 KMI message (s)
234340: * 3 Feb 18:53:39: IPSEC (spi_response): spi getting 834762579 for SA
of 95.6... to 93.73.161.229 for prot 3
234341: * 3 Feb 18:53:39: crypto_engine: hash generate IKE
234342: * 3 Feb 18:53:39: CryptoEngine0: CRYPTO_ISA_IKE_HMAC (hw) (ipsec)
234343: * 3 Feb 18:53:39: crypto_engine: create Security Association IPSec (by QM)
routerindc #.
234344: * 3 Feb 18:53:39: CryptoEngine0: CRYPTO_ISA_IPSEC_KEY_CREATE (hw) (ipsec)
234345: * 3 Feb 18:53:39: crypto_engine: create Security Association IPSec (by QM)
234346: * 3 Feb 18:53:39: CryptoEngine0: CRYPTO_ISA_IPSEC_KEY_CREATE (hw) (ipsec)
234347: * 3 Feb 18:53:39: ISAKMP: (5912): establishing IPSec security associations
234348: * 3 Feb 18:53:39: from 93.73.161.229 to 95.6 SA... (f / i) 0 / 0
(93.73.161.229 to 95.6 proxy...)
234349: * 3 Feb 18:53:39: spi 0x31C17753 and id_conn a 0
234350: * 3 Feb 18:53:39: life of 28800 seconds
234351: * 3 Feb 18:53:39: ITS 95.6 outgoing... to 93.73.161.229 (f / i) 0/0
(proxy 95.6... to 93.73.161.229)
234352: * 3 Feb 18:53:39: spi 0x495A4BD and id_conn a 0
234353: * 3 Feb 18:53:39: life of 28800 seconds
234354: * 3 Feb 18:53:39: crypto_engine: package to encrypt IKE
234355: * 3 Feb 18:53:39: CryptoEngine0: CRYPTO_ISA_IKE_ENCRYPT (hw) (ipsec)
234356: * 3 Feb 18:53:39: IPSEC (key_engine): had an event of the queue with 1 KMI message (s)
234357: * 3 Feb 18:53:39: map_db_find_best found no corresponding card
234358: * 3 Feb 18:53:39: IPSec: rate allocated for brother 80000273 Flow_switching
234359: * 3 Feb 18:53:39: IPSEC (policy_db_add_ident): 95.6..., src dest 93.73.161.229, dest_port 4500234360: * 3 Feb 18:53:39: IPSEC (create_sa): its created.
(his) sa_dest = 95.6..., sa_proto = 50.
sa_spi = 0x31C17753 (834762579).
sa_trans = sa_conn_id of hmac-sha-esp, esp-3des = 1165
234361: * 3 Feb 18:53:39: IPSEC (create_sa): its created.
(his) sa_dest = 93.73.161.229, sa_proto = 50,.
sa_spi = 0x495A4BD (76915901).
sa_trans = sa_conn_id of hmac-sha-esp, esp-3des = 1166
234362: * 3 Feb 18:53:39: ISAKMP: (5912): lot of 93.73.161.229 sending peer_port my_port 4500 4500 (R) QM_IDLE
234363: * 3 Feb 18:53:39: ISAKMP: (5912): entrance, node-1224389198 = IKE_MESG_FROM_IPSEC, IKE_SPI_REPLY
234364: * 3 Feb 18:53:39: ISAKMP: (5912): former State = new State IKE_QM_SPI_STARVE = IKE_QM_R_QM2
234365: * 3 Feb 18:53:39: ISAKMP (0:5912): received 93.73.161.229 packet dport 4500 4500 Global (R) QM_IDLE sport
234366: * 3 Feb 18:53:39: crypto_engine: package to decipher IKE
234367: * 3 Feb 18:53:39: CryptoEngine0: CRYPTO_ISA_IKE_DECRYPT (hw) (ipsec)
234368: * 3 Feb 18:53:39: crypto_engine: hash generate IKE
234369: * 3 Feb 18:53:39: CryptoEngine0: CRYPTO_ISA_IKE_HMAC (hw) (ipsec)
routerindc #.
234370: * 3 Feb 18:53:39: ISAKMP: (5912): node-1224389198 error suppression FALSE reason 'QM (wait).
234371: * 3 Feb 18:53:39: ISAKMP: (5912): entrance, node-1224389198 = IKE_MESG_FROM_PEER, IKE_QM_EXCH
234372: * 3 Feb 18:53:39: ISAKMP: (5912): former State = new State IKE_QM_R_QM2 = IKE_QM_PHASE2_COMPLETE
234373: * 3 Feb 18:53:39: IPSEC (key_engine): had an event of the queue with 1 KMI message (s)
234374: * 3 Feb 18:53:39: IPSEC (key_engine_enable_outbound): rec would notify of ISAKMP
234375: * 3 Feb 18:53:39: IPSEC (key_engine_enable_outbound): select SA with spinnaker 76915901/50
234376: * 3 Feb 18:53:40: IPSEC (epa_des_crypt): decrypted packet has no control of her identity
routerindc #.
234377: * 3 Feb 18:53:42: IPSEC (epa_des_crypt): decrypted packet has no control of her identity
routerindc #.
234378: * 3 Feb 18:53:44: IPSEC (epa_des_crypt): decrypted packet has no control of her identityAlso when I connect with the phone, I see HIS Active and IPsec tunnel is mounted, but the wire of time tunnel is down and phone connects.
I hope that you will help me. Thank you.
Hi dvecherkin1,
Who IOS you're running, you could hit the next default.
https://Tools.Cisco.com/bugsearch/bug/CSCsg34166/?reffering_site=dumpcr
It may be useful
-Randy-
Evaluate the ticket to help others find the answer quickly.
-
Question DMVPN with double IPS links at the end of the branch
I have a Setup (see drawing) where I
Double TIS links at the end of the branch, with the wireless and the other with 3 G.
Wireless should always be the main path, when it works (it's a kind ship when it is in the port)
If I use OSPF, then it works fine the failover, but as soon as I enable IPSEC on the tunnel, then there are switched only once and it will not be repeated at the elementary level once again, without having to restart the router, and then it works for a failover once again.
I also use tracking, because there is no interface, it is down
Are there someone there is a working configuration, where ec. in the network head (normal installation) there is double tis links on the same router or ofcause the same as I.
I'm ready to use any kind of protocols so that it can work, so RIPv2 (preferred), EIGRP, OSPF, tracking, IP SLA
Who is 80.198.195.138?
The peer Hub address is 80.1.1.1 then you can ping this address when the main link is down?
It also seems that you have IPSec tunnel 0 UP but no 0 and 1-tunnel at the same time tunnel. Make sure you have the word of shared key on the hub, router that you use the same source for the two IPSec tunnel IP address.
This message means the IKE database between two routers is out of sync, but should recover on its own.
HTH
Laurent.
-
This is probably a very basic question...
I have a new Cisco ASA5505 and I'm seeing newspapers at the level of the console. Currently when I make a record sh I just get the below. I expect, or I saw on messages system other PIX / ASA.
Any ideas on what command I need to run in order to allow these messages?
mipsasa01 # sh logging
Syslog logging: enabled
Installation: 20
Logging timestamp: disabled
Logging shall: disabled
Refuse the Conn which full queue: disabled
Recording console: disabled
Monitor logging: disabled
Logging buffer: disabled
Logging trap: disabled
A history record: disabled
Device ID: disabled
Logging of mail: disabled
Logging ASDM: informational level, 7108 messages saved
The "journal to see the" displays what is called the journal of the buffer. The registration of your buffer is disabled. Use cmd "logging buffered stored" config to activate it. You can adjust the size of the buffer with "logging buffer-size '. I think that buffer memory space is allocated in memory, so don't go overboard.
http://www.Cisco.com/en/us/docs/security/ASA/asa80/command/reference/L2.html#wp1729451
-
ASA5505 with 10 users. Need to connect 25 remote users with AnyConnect Client
Hello to everyone.
I ASA5505 with license 10 users. I need to connect 25 remote users via SSL VPN (in my case cisco Anyconnect client). So I have to buy the license more security (ASA5505-SEC-PL =) for more then 10 simultaneous VPN connections on Cisco ASA 5505. Fix?
And the main question. What I need to order the user getting up-to-date (for example ASA5505-SW-10-50 =, or ASA5505-SW-10-UL =) license for my device Cisco ASA5505 in order to have 25 connections of concurrent remote users without restriction for each remote user?
You need the license SecPlus for increased remote access users. But you don't need an extra user license if you still only up to 10 internal systems.
-
When trying to convert a Keynote slide show (09) in format .mov, I end up with double blades on slides that have sound. What makes the total video almost twice as long as I wish. How do the conversion with only sound slides appearing and eliminating silent rehearsals?
You will need to confirm which version of Mac OS, and Keynote, you use as your profile shows very old software that is obsolete and is no longer supported. I assume his keynote address version 4 If you are using Mac G5.
IV never heard of Keynote, do what you describe in any version, so we need the details of how you have the presentation put in place. If you post a sample file that illustrates this problem on Dropbox I review on my old power Mac.
-
Cisco Jabber with Cisco multi-party Shared more Licenses
Hello
I'm looking for a Solution to video conference for approximately 4000 employees. Currently the customer uses Cisco's Jabber for video calls from point to point. The main requirement is Ad - Hoc videoconferencing by any employee at any time. I looked at both meeting of Cisco and Cisco TelePresence Server server. The two solution requires more or licenses more pluralistic multi-party Personal shared. The customer won't buy a PMP license for each user. Their requirement is multimedia resources shared so that any employee can initiate an ad hoc conference.
Now the question is: can we use Cisco Jabber with multiparty licensing shared?
Thank you
Mockus S
Yes, it is quite possible.
The only singularity is with PMP + which applied slightly differently than the head of the Orchestra/vTS. This does not seem to match your use case since you intend to buy only SMP licenses +. From version 2.0 (1) CMS, PMP + licenses - which are less expensive than SMP + - use only if: a) the space belongs to a LDAP user with a PMP + license for which they are responsible; or (b) If a user LDAP with PMP + assigned to them joins the Cisco meeting App space as an authenticated user. In all other scenarios, including ad-hoc escalation with CUCM licensed SMP + is consumed. This is different from that of head of the Orchestra/vTS, which were also able to understand the right to the user for ad-hoc calls.
-
Hello
I VCSC and TMS in the network, there are of the endpoints configured with SIP and H323. VCSC are not in the field.
Now we have to enter Cisco Jabber with the VCSC. What are prerequisites them?
First it requires license for Cisco Jabber on VCSC?
We need to join the VCSC domain?
Our VCSC is version 6.1 and TMS is 13.
TNX
Bobby
Yes, you will still be able to authenticate users JabberVideo locally, 'right', you won't be able to use NTLM.
Also take a look at the TMS Provisioning Deployment Guide:
/Jens
-
Scroll smoothly with double orientation
Hello
Is it possible to have a scroll smoothly with double orientation? I tried without success, so I want to make sure that if it possible or not.
Thanks in advance.
Yes, scrolling smoothly works in two directions, but to be clear, they only scroll vertically. You can't scroll through an article horizontally.
-
Cisco Anyconnect with auth double factor
Is it possible to configure an ASA with Anyconnect to require both a user name and a certificate in order to connect?
Yes. Cisco is a configuration example posted here.
-
Configuration VPN Cisco ASA5505 new 800
I have 2 office buildings using routers Cisco 800 series with a L2L VPN between the two. I'm upgrading from the router to an ASA5505 at one of the offices but cannot understand the L2L VPN on the SAA. Specifically, may not know how to set the pre-shared key. On the Cisco 800 there:
ISAKMP crypto key
address This doesn't seem to work on the SAA. Can anyone help this? Here is my current config on the Cisco 800...
crypto ISAKMP policy 10
BA 3des
md5 hash
preshared authentication
Group 2
ISAKMP crypto key
address !
!
Crypto ipsec transform-set esp-3des esp-md5-hmac DUMAC3
Crypto ipsec df - bit clear
!
MYmap 10 ipsec-isakmp crypto map
defined by peer 75.148.153.217
Set security-association second life 36000
game of transformation-DUMAC3
match address 101
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.7.0 0.0.0.255
in your crypto-maps, the '10' and '65535' are the sequence numbers. A CM handset might look like this:
address for correspondence primaryisp_map 10 101 crypto card
peer set card crypto primaryisp_map 10 99.119.80.165
primaryisp_map 10 set transform-set DUMAC3 ikev1 crypto card
primaryisp_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
card crypto primaryisp_map interface primaryisp
-
Double TIS, a VPN works, and the other routes not
I have an ASA5505 and having everything-Connect configuration so that I can use my iPhone or iPad and get my internal IP of Cisco VC240 cameras as well as other devices on my network, but they are the main reason that I have configure the VPN. It works like a champ and I don't have to change the settings of the iPhone/iPad app when I'm in the office or outside the office.
I've added since an additional service provider because of certain other services on my network. I use the ASA track feature to follow the road to an access provider and if it fails, the other ISP resumes the connection. I copied the orders for the 1st access provider, changed the names to the second ISP and placed orders in the SAA. I can now connect through any connection or another ISP on the iPhone/iPad. If I connect to my ISP later, I am connected but the ASA does not traffic to me. My stats on the iPhone shows data sent, but no receipt. I can not ping any device, to access my camera, etc. But when I connect to another ISP, it works fine.
I didn't know if that's even possible with the ASA but assumed that it would be like most everything works, so it seems miss me probably a small order and it would work on either.
Anyone know if this is possible? And if so, any idea what could cause one to work and the other does not work?
Hello Todd,
What about this entry:
NAT (inside, evertek) static local-network local-network destination source static Anyconnect client Anyconnect client
Running from sh I see that he is not exempt from nat.
Best regards
Eugene
-
Hi all
Checked the POST on an ASA5505 (9.1 (3)) one it shows 2 Gigabit NIC:
Total network cards found: 10
88E6095 rev 2 Gigabit Ethernet @ index 09 MAC: 0000.0003.0002
88E6095 rev 2 Ethernet @ index 08 MAC: 885a.92d9.f938
88E6095 rev 2 Ethernet @ index 07 MAC: 885a.92d9.f937
88E6095 rev 2 Ethernet @ index 06 MAC: 885a.92d9.f936
88E6095 rev 2 Ethernet @ index 05 MAC: 885a.92d9.f935
88E6095 rev 2 Ethernet @ index 04 MAC: 885a.92d9.f934
88E6095 rev 2 Ethernet @ index 03 MAC: 885a.92d9.f933
88E6095 rev 2 Ethernet @ index 02 MAC: 885a.92d9.f932
88E6095 rev 2 Ethernet @ index 01 MAC: 885a.92d9.f931
y88acs06 Gigabit Ethernet rev16 @ index MAC 00: 885a.92d9.f939
Is there a Gigabit licenses on the roadmap?
Kind regards
Norbert
Hello
I doubt that it has nothing to do with subsequent changes, as the device is specced for only 150Mbps throughput.
I saw Cisco release any model replacement, even if I asked a few times.
I think that 2 GigabitEthernet interfaces refer to the internal-Data0 and Data1 internal interfaces
It is the output of my own ASA
The internal-Data0/0 interface ' ' is in place, line protocol is up
The material is y88acs06, BW 1000 Mbit/s, 10 DLY usec
(Full-duplex), (1000 Mbps)
Internal-Data0/1 interface ' ' is in place, line protocol is up
The material is 88E6095, BW 1000 Mbit/s, 10 DLY usec
(Full-duplex), (1000 Mbps)
Also, here is a picture of a Cisco Live! presentation on the architecture of the ASA5505 model (click to enlarge)
Hope this helps
-Jouni
Maybe you are looking for
-
Re: Where can I get preinstalled software?
After replacing the drive HARD defective (service) allowed, I have no software - emty HDD. Where can I get software (including Windows 7 and TOSHIBA utilities) preinstaled? THX
-
Re: Disk Satellite L500 - 19 X drive
HelloI don't know if I write in the right place, but here goes. I have a satellite L500 19 x tends towards the age of 8 months. The problem im having is that the hard disk has really slowed down. It takes about 1 hour to rip or burn a standard music
-
Toshiba Satellite U500 overheating on Linux
Hello. I just installed Fedora 15 on a Toshiba U500 and I noticed that it is very hot - the cpu temperature gets quickly to 80 C + and past often more than 90 c (then just pulled the fan in a few seconds).I installed lm-sensors and sensors - detect r
-
How to get rid of the blue screen... Yes I pressed the power button and the volume upward and down key but I still have a blue screen that says TPM (trusted platform module module) WARNING: Compensation erase the information stored on the TPM module.
-
PC - TV sound help... URGENT
Hi guys, set up my PC on my new Sony TV today, via the blue cable (the one that you connect the PC to a monitor), and when I tried to watch community earlier, there is no sound EDIT: I think that the cable is RGB or something So, how can I get my TV