Cisco question No. 2851 VIC2-FXO

Hi all

I recently bought a no. 2851 to my lab at home and it is running 15.1 Advanced enterprice.  I bought a VIC2-FXO (which, according to the docs that card is supported), and when I do a show diag it is detected without errors, but when I do a series of show it that do not appear dows and physically map has 2 solid orange lights.  This router doesn't have any DSP modules currently installed.  I was hoping that someone could tell me if this could me and IOS questions, if I got a lot company supported cards voice, or simply something that can be solved by adding DSP modules.

Thank you

-Jeff

Hello

Looks like you don't have much PVDM in the router. Your VWICs comes not without them.

Thank you

Please note all relevant information

Tags: Cisco Support

Similar Questions

  • Configuring PIX Cisco Question - very limited info. Sorry!

    People,

    Have been put to me a quetsion on a Cisco PIX (I don't know what model it is) who I know very very limited. The person asked me the question, is to help someone else! I apologize in advance for the lack of information here, but Im hoping that someone who has expertise in PIX experts will be able to diagnose the problem, or ask the question to the bottom of the chain to address this problem. The question they asked me: -.

    "Can't get NAT works correctly between the demilitarized zone and other ports.

    I know that it is very skectchy, but because I'm not a firewall or security Im not sure what I want or what questions I need to ask. I have however a copy of the config, if someone can help, we'd really appreciate it.

    Config is attached.

    I think that the above is not a problem.

    However, here it is a question;

    static (dmz1, external) 20.20.20.252 switch1 netmask 255.255.255.255 0 0

    static (dmz1, external) 20.20.20.22 switch1 netmask 255.255.255.255 0 0

    I think it should be;

    static (dmz1, external) 20.20.20.252 switch1 netmask 255.255.255.255 0 0

    (dmz1, external) 20.20.20.22 static nlbweb1 netmask 255.255.255.255 0 0

    Let us know if this can help,

    Paul

  • Calculation of rule DSP for voice routers

    Hi all, I know that Cisco has a DSP calculator, however, there are some values that he asks that I'm not sure of when you try to use it.

    Someone at - it a fundamental rule that they use when they decide how much DSP to add a router to voice FMC?

    I have a Cisco 2911 with 1 VIC2-4FXO, 1 port VIC3-2FXS/DID and currently I have a PVDM3 DSP DIMM 1 with 16 channels. I would add a VIC2-2FXO card for additional analog lines. I read that you need at least to have the same number or channels that you have FXS/FXO ports. If this is the case, then I am currently using only 6 of the 16 channels.

    Here is the command of DSP Group:

    DSP groups on slot 0:
    DSP 1:
    State: UP, firmware: 32.1.2
    Signal/voice of max channel: 16/16
    Max credits: 240, voice credits: 240, video credits: 0
    num_of_sig_chnls_allocated: 6
    Transcoding allocated channels: 1
    Group: FLEX_GROUP_VOICE, complexity: FLEX
    Credit splitting: 100, reserved credits: 0
    Signs of the allocated channels: 6
    Voice of the allocated channels: 0
    Appropriations used (rounded): 0
    Group: FLEX_GROUP_XCODE, complexity: MEDIUM
    Credit splitting: 0, reserved credits: 20
    Transcoding allocated channels: 0
    Appropriations used (rounded): 0
    Group: FLEX_GROUP_CONF, complexity: CONFERENCE
    Credit splitting: 0, reserved credits: 120
    Codec: CONF_G729, maximum of participants: 8
    Sessions by dsp: 4
    Slot: 0
    Idx device: 0
    PVDM slots: 0
    Type DSP: SP2600

    Thank you

    Dan

    Yes, the most basic math are need at least the same number of channels on your DSP (s) that you would have TDM0 channels, which means that you will only use G.711, because the number of channels, G.711. This just for the termination of the TDM.

    With what you have, if you decide to use G.729A/G.722, it would come down to 12 channels, with G.729/iLBC drops to 10, and you get only 3 channels, if you use the ICCS.

  • Cisco VUSB - Feature Suggestions (and some Questions)

    Hello

    I use with my EA4500 VUSB Cisco router wireless (N900) for my printer (Samsung ML-1915) USB.  It seems that I have had no problems with the installation and configuration with this on my PC Windows 7 games and my OS 10.8 MacBook Air.  But I noticed a few things that I would like to recommend as features to add.  Some of them are also questions, which I couldn't find the option/feature dethrone if so, please let me know where it is (if available).

    -(OS X specific) allow the application to run as one Menu Bar Extra (like DropBox and others).  No need to take place in my Dock when it's always supposed to be running... still have active and easily accessible from the Menu bar would be perfect.

    -If I start a print job in an applicaton, it tries automatically to conenct to the printer via VUSB?  Or should I always open VUSB app and connect manually to the printer before you start the print job?  This could be automated?

    -J' noticed that if a computer is connected via VUSB, that the other computer cannot connect.  Is there a way to run remotely on another computer, if not active?  Or, is it possible to set up a "timeout" If the VUSB connection has been idle for a period (for example, 5 minutes)?

    Otherwise, it seems that it works very well.  Using Hello Windows to print to my old Apple Airport has been a complete pain and never ended up working fully.  Really happy to find a solution that works with my existing printer and is easy to install on Windows and Mac.

    Seems I found the automatic connect/disconnect option.  In the lower left of the main window is two buttons, the left most button is 'Properties' (Alt + P is shortened).  There is a tab for automatic connection, and it seems that it is automatically enabled by default.  It has an option to confirm that the printer Connect Auto can be used... and there is an option on auto-déconnecter the end of the work.

    It is superb.  I don't need a print server, do not have the concerns of several jobs at the same time... just good to know that this feature is available and enabled, so I don't remember opening VUSB whenever I want to print something.

    Now hoping an update for the Mac version to move its icon in the menu bar.

    A recommendation more... I'd like a prompt/WARNING/reminder when I'm clicking 'Close' on the application, as I'm guessing that the VUSB always needs to be active in the status bar to enable this automatic connection to prnter to work.  I keep hitting the X to close (instead of reduce) when I'm checking the settings.

  • First Cisco infrastructure reinstall - license question

    Hello world

    Here's the scenario, the Cisco IP running is v1.1 (w/c at the moment is still called Cisco NCS (Network Control System) and unfortunately, she appeared.

    Re-Setup was planned and they want the latest version, w/c is 2.1 installed.

    Now, here are the questions:
    1. How can I transfer my license? Should I key PAK? If so, it will remain usable for the new Cisco PI?
    1.A. How can I do? I mean transfer the license?

    2. the devices not supported on the upgrade?

    It's quite deep-research question, I would say. I do research in fact the answer right now, but hope someone can help me :)
    I have a version of thread hard time considering that it's an old of it (and he even existed in the old name too!)

    Thank you! : D

    You can move your PI 2.1 license.  Email [email protected] / * /.

  • UC560 IVR and CTF GSM questions about port FXO.

    Nice day

    I have a UC560 facility with the following two questions:

    1. with regard to the SVI, I have a random behavior of no response bounded as follows: the incoming call is received (I see it in the terminal monitor) but the IVR does not. It looks like a bug, but I'm not sure. As a first step of troubleshooting, I placed a call directly to the internal IVR number from a phone from within the office by dialing the 398 and the behavior is the same. No reason repeated about non-response. Could be a both or each ten trials. Is it possible to upgrade the SVI to a new version?

    2. regarding a CTF GSM device that is connected to a port FXO on the UC560, the behavior is as follows: during a call incoming call from a mobile phone to the number of mobile phone of the CTF, and the IVR plays the answer recorded with menu options. OK so far. But if the calling person chooses to end the call, this action is taken by the CPU, recorded response continues to play until the end and then the Secretary phone sounds.

    Thanks in advance for any help provided.

    1 configuration problem.

    2. same as 1 - disconnect supervision unconfigured.

  • Cisco No. 2851 with 2 - FPS?

    Hi all

    First of all you wishing all happy new year!

    I want to know if it is - it possible to connect 2-HWIC-SFP modules (1 GB) router Cisco No. 2851?

    A single.   See below (table 3).

    High-speed Cisco Gigabit Ethernet WAN Interface Card

  • a question about upgrading memory CF for Cisco 3745

    As we know, the cisco 3745 has 2 locations CF. memory One is internal with a 32 MB of memory by default CF card, another one is external.

    My question is:

    1 is the same as the internal memory card CF CF external memory card?

    2. If I choose the upgrade of the plant CF memory from 32 MB to 128 MB, which slot will be used? Cisco remove the memory of 32MB CF card and install a new 128 MB card in the internal slot or simply add an additional CF memory card through the outside slot?

    Thank you!

    Hello

    the reference for the internal and external numbers are different, which suggests that they are not compatible. So you will have to specify what you want to, for example, MEM3725-32U128CF (which is the internal upgrade) or MEM3725-128CF-EXT (which is the external upgrade).

    In all cases, internal and external cards are not cumulative, in order to get e.g. 128 MB flash, you must either internal, or external card with these 128 MB:

    Q. can partition you the internal Cisco 3700 Series Compact Flash card and the card Compact Flash external to combine or separate them?

    A. No, you cannot join two separate Compact Flash cards or you can their partition.

    HTH,

    GP

  • Questions of VLAN and configuration for Cisco AIR-CT2504-25-K9 Controller

    Hello

    It's my first time thanks to the Cisco wireless solutions, so I was hopping someone could help me with the following:

    We just bought the AIR-CT2504-25-K9 controller with some points of access for the AIR-CAP1702I-E-K9.

    The network is as follows:

    Peripheral layer 3 (managed by third parties): it's on the domain network. (VLAN by default, 1 - unidentified)

    ADSL router - it's the network without comment thread. (Default Vlan 4 - tagged).

    VOIP: VLAN 5.

    Both fittings go into a switch Cisco SG500 52 (Layer 2). There is a port to shared resources on the switch SG500 with VLAN 1 (Tagged) and VLAN 4 (with tag). The WLAN controller is plugged into this port trunking.

    The data and management network are in the same subnet and on the same VLAN (1).

    I used the wizard on the controller setup.

    There are three interfaces:

    management VLAN ID 1 IP 192.168.1.2 Port 1 (configured with a gateway domain network, DHCP, etc.).

    VLAN wireless identifier 4 IP 192.168.5.1 Port 1 comments (configured with modem router ADSL, DHCP, etc.).

    Virtual IP 192.0.2.1

    Proxy DHCP active overall.

    There are two wlan networks:

    (1) area - management Interface - SSID abc.

    (2) comments - comments Wireless Interface - SSID xyz (the wizard put to management, but I changed it to the wireless).

    Are the AP connected to another SG500 switch which is shared resources to the switch with the controller.

    Ports of the APs are connected to have only 1 VLAN unidentified. They don't have 4 VLAN Tag or not identified. However, everything seems to work as expected.

    When I join the guest network (SSID xyz), I get an IP address from the router ADSL and all Internet traffic goes through him. When I connect to the domain network (SSID abc), I get an IP address from the DHCP in Windows Server and all traffic goes through the device of layer 3 (I checked the public IP address in my browser). I can't ping anything from one network to the other.

    My questions are the following:

    (1) how the guest network traffic (VLAN 4) headed the APs controller when they are connected to the ports on VLAN1? Is it because the traffic is encapsulated?

    (2) is set up correctly? After you configure the controller, I saw a note in the forums, this State I can simply enter 0 for the management of VLANS to let it not identified. However, in my case, I kept it as 1, which is the same as the switches and then the tag VLAN on the switch. In addition, the set Wizard wlan of comments to use the management interface but I changed it to use the comments interface.

    (3) when I connect to the APs of the controller, I see several options that can be configured manually. Is it necessary for this? For example, there is an option of data encryption.

    Thank you

    A

    Hello

    (1) how the guest network traffic (VLAN 4) headed the APs controller when they are connected to the ports on VLAN1? Is it because the traffic is encapsulated?

    Yes, I'm with CAPWAP:

    More information: http://lets-start-to-learn.blogspot.de/2014/08/cisco-wireless-understand...

    (2) is set up correctly? After you configure the controller, I saw a note in the forums, this State I can simply enter 0 for the management of VLANS to let it not identified. However, in my case, I kept it as 1, which is the same as the switches and then the tag VLAN on the switch. In addition, the set Wizard wlan of comments to use the management interface but I changed it to use the comments interface.

    If you want that mgmt interface must be unmarked and then put 0 otherwise you can use vlan 1.

    I do not have what is configured under mgmt and comments interface, but according to the name I'll say yes, you must set the comments under comments wlan interface.

    (3) when I connect to the APs of the controller, I see several options that can be configured manually. Is it necessary for this? For example, there is an option of data encryption.

    Yes, there are many things that you can configure, but I'll leave most of the default of things unless you really need to change!

    The following best practices: http://www.borderlessccie.net/?p=270

    Concerning

    Remember messages useful rates

  • Cisco RV016 failover & load balance Multi WAN question

    Hello

    I think the RV016 is the camera to buy for our small building, but I'm a bit confused in the manual if my scheduled configuration is possible, so if you could confirm if this is possible I would appreciate it.

    We have a leased line as our main connection (lets call him WAN1). If this connection is not available, I don't want to load balance to any other network WAN.

    We have 2 netgear 4G devices identical (we'll call WAN 2 and 3 WAN). If the leased line is not available, I would like to then load balance these two WAN connections.

    Then I have a final connection, WAN4 as a slow adsl line. I don't know right now if I want to load balance this WAN1 or just have it as a backup to WAN2 and WAN3 failure (WAN2 and WAN3 have a 20 GB data limit each on their monthly allowance of the contract, if the leased line is down for more than a couple of days, what is unfortunately already happened) (then we reached this limit and then there is charged with extremely expensive data or just use the only ADSL)

    In any case, it's normal, I want to balance the load. I want to only load balance WAN3 and WAN2 WAN1 fails.

    Anyone know if this is possible? If not, is there any other similar device which would be appropriate?

    Thank you

    Ben

    Hi Bencarroll01,

    With RV016 you can get what you need.

    RV016 supports up to 7 WAN connection, and there are two mode of operation

    • Swing smart (Auto Mode): This option allows you to balance traffic between all interfaces increase the available bandwidth. The router balance traffic between the weighted alternating interfaces.
    • Group of IP (by users): Select this option for trafficking group on each WAN interface by levels of priority or classes of service (CoS). With this feature, you can ensure the bandwidth and a more high priority for specified services and users. All traffic that is not added to the IP group uses Intelligent balancing mode. To specify the services and users, click modify for the WAN interface and then add the entries of binding protocol for each service, IP address or IP address range.

    For our case, we must have RV016 configured with IP Group(By User), so in this case, we can configure binding protocol that we can specify and force all traffic from any IP address of the local network outside through WAN1. and any other WAN connection they always towards the TOP but not the traffic passing through them

    Now if WAN1 is down, immediately the rule to redirect traffic WAN 1 will be disabled and all traffic will pass through the rest of the WAN connection

    After that if the WAN1 is once again the binding protocol rule will be active again and again all the traffic will be done by WAN 1

    Please let me know if you have any other questions

    Please rate this post or marked as replied to help other customers of Cisco

    Greetings

    Mehdi

  • Notice to Cisco employees who ask questions

    Would it not possible to display a screen to tips for Cisco employees when they appear?

    I understand that they need to find answers for them and their customers, but some of their questions are a bit annoying, for example "How do I configure OSPF?

    In the old interface, there was a banner when you want to create a new discussion, but I tried it and now you get nothing, if you try to create a new thread.

    I agree that old warning on the accounting should be, I mean, we have a lot of internal resources, we can use instead.

    Java

  • Migration to ISE for servers 3395 Cisco Cisco SNS 3495 question

    Hi all. I have a client that runs on a Cisco 3395 ISE 1.2 Server and wants to migrate to Cisco SNS 3495 servers due to the end of life is imminent. My question is - this client should buy Cisco SNS 3495 server with a new software license, or may transfer or reuse the license of the software from their 3395 servers?

    What will be the best course of action for them. Thank you!!

    Ah, sorry, I was referring to the base, and, the apex (or Basic, advanced from previous levels of ISE) - which are licenses only you really need to worry.  If you look at the details to the CCW, you're talking about this topic is the only one where the cost is indicated for the 3495 (except SmartNet if you added).  This is not a point of STOCK you can add/remove.  Basically, you have what you need from a material point of view when you purchase the device.  Can you rehost license software (Basic, plus, apex) once you get the new devices up and running.

    Tim

  • configuration Cisco No. 2851 IPS intrusion prevention system

    Hi, I wonder - could someone guide me to the implementation of IPS intrusion prevention system. I'm new to the world of cisco and still did not have my head around it. for the intrusion prevention system IPS I put 0/1 (lan) entrants and g 0/0 as a wan?

    Hello

    You must be careful when activating the IP address of your router. Category will activate you more cpu/memory will be used, and your router may crash.

    I'll write all the config as directly here, because it is a good step by step by Cisco:

    http://www.Cisco.com/c/en/us/products/collateral/security/iOS-intrusion-...

    I'll also join a best practice document from Cisco.

    IPS/signature of software should be found on the Cisco's Web site: https://software.cisco.com/download/release.html?mdfid=282941564&reltype...

    To answer your question, you can do inbound and outbound on your WAN interface (attacks should come first to the outside).

    If you have enough power, why not do as well on the LAN but I will recommend doing it on the WAN, organize and when you're comfortable, you can create one for the LAN interface.

    Here is a config I made for a cisco 892 router which works fine:

    IP IP config flash card: ips try again 1
    IP IP address notify CETS
    IPS the ips name iosips IP list
    !
    category-signature IP ips
    all categories
    true retreat
    category ios_ips base
    fake retirement
    category all-ddos ddos
    fake retirement
    enabled true
    products-alert event-action connection tcp reset-deny-package-inline connection inline deny deny-attacker-inserted
    category, any adware/spyware-adware/spyware
    fake retirement
    enabled true
    products-alert event-action connection tcp reset-deny-package-inline connection inline deny deny-attacker-inserted
    category virus/worms/trojans botnet
    fake retirement
    enabled true
    products-alert event-action connection tcp reset-deny-package-inline connection inline deny deny-attacker-inserted
    category virus/worms/trojans all-viruses/worms/trojans
    fake retirement
    enabled true
    products-alert event-action connection tcp reset-deny-package-inline connection inline deny deny-attacker-inserted
    category models internet_edge
    Advanced ios_ips category
    fake retirement
    !

    ips-setting IP to auto update
    occur - 0 0 06 weekly
    Cisco
    username password xxxxxx xxxxx

    !

    !

    IPS extended IP access list
    allow a full tcp
    allow a udp
    allow icmp a whole
    allow an ip

    I don't know if you have a firewall on your local network, but when I do IPS on a cisco router if there is no firewall, I recommend you to activate ZBF on router itself. This allows to add a little more security.

    Just in case, under a ZBF configuration for home router (like the 892 series):

    extended access IP MANAGEMENT list
    permit tcp any any eq 22
    allow icmp a whole
    !
    Underisable extended IP access list
    deny ip host fragments 224.0.0.5


    deny ip host fragments 224.0.0.6
    refuse the host ip 224.0.0.5 no fragment
    refuse the host ip 224.0.0.6 no fragment
    permit icmp any any fragment
    allow udp any any fragment
    permit tcp any any fragment
    permit tcp any RST eq 639
    permit tcp any RST bgp eq
    IP enable any no fragment
    !
    zbf-wan-to-lan extended IP access list
    permit tcp any host 192.168.0.1 eq 3389 ===> internal of the server accessible from the internet (port forwarding)
    !
    type of class-card inspect entire game Internet
    group-access name zbf-wan-to-lan game
    class-map correspondence class-mgmt
    match the name of group-access MANAGEMENT
    unwanted match class-map
    match the name of group-access Underisable
    type of class-card inspect entire game All_Protocols
    tcp protocol match
    udp Protocol game
    match icmp Protocol
    !
    type of policy-card inspect Trusted_to_Internet
    class type inspect All_Protocols
    inspect
    class class by default
    drop
    type of policy-card inspect Trusted
    class class by default
    Pass
    copp-policy policy-map
    unwanted class
    drop
    class class-mgmt
    to comply with-police action 2048000 pass drop action exceeds
    class class by default
    type of policy-card inspect Internet_to_Trusted
    class type inspect Internet
    inspect
    class class by default
    drop
    !
    !
    Trusted zone security
    Security for the Internet zone
    Trusted zone-pair security-> trusted destination trust Trusted source
    traffic LAN to LAN Description
    type of service-strategy inspect Trusted
    Trusted zone-pair security-> Trusted Internet source Internet destination
    Description LAN for Internet traffic
    type of service-strategy inspect Trusted_to_Internet
    security Internet zone - pair-> Trusted Internet source Trusted destination
    Description WAN for Internet traffic
    type of service-strategy inspect Internet_to_Trusted
    !
    the g0/0 interface (WAN)
    the Member's area Internet Security
    !
    G0/1 of the interface (LAN)
    approved members area security
    !

    Thank you

  • Cisco SRP 527W questions

    Hello, I have a few questions on the router from cisco srp 527w

    First of all she has a built-in modem

    second question is, where can I get updates firmware for it.

    Please don't tie me to the manual I read it and could not find the relevant info.

    Thanks for the replies

    William

    Hi William:

    To address your first concern, this router supports the connection ADSL2 + annex a (ADSL over POTS) relay. You can also use some 3G USB modems with this router.

    You can find firmware updates in the Software Download Center. This link , you should get just for downloads of series SRP520, but if not just search in the first link dowloads series SRP500.

    Hope that helps.

    Best,

    David

    Please evaluate the useful messages.

  • Cisco AnyConnect VPN question

    I am ASA 5505 that I am of is running correctly by using the AnyConnect client. The question is, can I connect to the fine external interface, but cannot ping or attach them to any host on the inside. When I connect, it accepts the user name and password, and I can run the ASDM or SSH to the firewall very well, but not further. In the control, after I log in, I get an IP address inside, of the order of 10.7.30.x as expected.

    Following configuration:

    : Saved
    :
    ASA Version 8.2 (5)
    !
    asa5505 hostname
    domain BLA
    activate the password * encrypted
    passwd * encrypted
    no names

    !
    interface Ethernet0/0
    switchport access vlan 2
    !
    interface Ethernet0/1
    !
    interface Ethernet0/2
    !
    interface Ethernet0/3
    switchport access vlan 150
    !
    interface Ethernet0/4
    !
    interface Ethernet0/5
    !
    interface Ethernet0/6
    !
    interface Ethernet0/7
    !
    interface Vlan1
    nameif inside
    security-level 100
    IP 10.7.30.1 255.255.255.0
    !
    interface Vlan2
    nameif outside
    security-level 0
    IP EXTERNAL IP 255.255.255.128
    !
    interface Vlan150
    nameif WLAN_GUESTS
    security-level 50
    IP 10.7.150.1 255.255.255.0
    !
    boot system Disk0: / asa825 - k8.bin
    config to boot Disk0: / running-config
    passive FTP mode
    clock timezone STD - 7
    DNS server-group DefaultDNS
    domain BLA
    permit same-security-traffic intra-interface
    object-group service tcp Webaccess
    port-object eq www
    EQ object of the https port
    object-group network McAfee
    network-object 208.65.144.0 255.255.248.0
    network-object 208.81.64.0 255.255.248.0
    access extensive list ip 10.7.30.0 outside_1_cryptomap allow 255.255.255.0 192.168.24.0 255.255.252.0
    access extensive list ip 10.7.30.0 inside_nat0_outbound allow 255.255.255.0 192.168.24.0 255.255.252.0
    access extensive list ip 10.7.30.0 inside_nat0_outbound allow 255.255.255.0 172.16.10.0 255.255.255.0
    outside_access_in list extended access permit tcp any host 159.87.30.252 eq smtp
    outside_access_in list extended access permit tcp any host 159.87.30.136 Webaccess object-group
    outside_access_in list extended access permit tcp any host 159.87.30.243 Webaccess object-group
    access-list extended outside_access_in permit tcp host 159.87.70.66 host 159.87.30.251 eq lpd
    outside_access_in list extended access permit tcp any host 159.87.30.252 Webaccess object-group
    outside_access_in list extended access permit tcp any host 159.87.30.245 Webaccess object-group
    outside_access_in list extended access permitted tcp object-group McAfee any eq smtp
    permit access list extended ip 172.16.10.0 outside_access_in 255.255.255.0 10.7.30.0 255.255.255.0
    outside_access_in list extended access permit ip host 159.87.64.30 all
    standard access list vpn_users_splitTunnelAcl allow 10.7.30.0 255.255.255.0
    IPS_TRAFFIC of access allowed any ip an extended list
    access extensive list ip 10.7.30.0 outside_nat0_outbound allow 255.255.255.0 any
    inside_access_in list extended access permit udp 10.7.30.0 255.255.255.0 any eq snmp
    access extensive list ip 10.7.30.0 outside_cryptomap allow 255.255.255.0 172.16.10.0 255.255.255.0
    pager lines 24
    Enable logging
    asdm of logging of information
    host of logging inside the 10.7.30.37
    Debugging trace record
    Within 1500 MTU
    Outside 1500 MTU
    MTU 1500 WLAN_GUESTS
    local pool VPN_POOL 10.7.30.190 - 10.7.30.200 255.255.255.0 IP mask
    no failover
    ICMP unreachable rate-limit 1 burst-size 1
    ASDM image disk0: / asdm-645 - 206.bin
    don't allow no asdm history
    ARP timeout 14400
    Global 1 interface (outside)
    NAT (inside) 0-list of access inside_nat0_outbound
    NAT (inside) 1 0.0.0.0 0.0.0.0
    NAT (outside) 0-list of access outside_nat0_outbound
    NAT (WLAN_GUESTS) 1 0.0.0.0 0.0.0.0
    public static 159.87.30.251 (Interior, exterior) 10.7.30.50 netmask 255.255.255.255
    public static 159.87.30.245 (Interior, exterior) 10.7.30.53 netmask 255.255.255.255
    public static 159.87.30.252 (Interior, exterior) 10.7.30.30 netmask 255.255.255.255
    public static 159.87.30.243 (Interior, exterior) 10.7.30.19 netmask 255.255.255.255
    public static 159.87.30.136 (Interior, exterior) 10.7.30.43 netmask 255.255.255.255
    Access-group inside_access_in in interface inside the control plan
    Access-group outside_access_in in interface outside
    Route outside 0.0.0.0 0.0.0.0 159.87.30.254 1
    Route inside 172.16.1.0 255.255.255.0 10.7.30.1 1
    Timeout xlate 03:00
    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    Floating conn timeout 0:00:00
    dynamic-access-policy-registration DfltAccessPolicy
    AAA-server ADWM-FPS-02 nt Protocol
    AAA-server ADWM-FPS-02 (inside) host 10.7.30.32
    Timeout 5
    auth-domain NT ADWM-FPS-02 controller
    AAA-server ADWM-FPS-02 (inside) host 10.7.30.49
    auth-DC NT ADWM-DC02
    AAA authentication http LOCAL console
    AAA authentication LOCAL telnet console
    the ssh LOCAL console AAA authentication
    Enable http server
    http 206.169.55.66 255.255.255.255 outside
    http 206.169.50.171 255.255.255.255 outside
    http 10.7.30.0 255.255.255.0 inside
    http 206.169.51.32 255.255.255.240 outside
    http 159.87.35.84 255.255.255.255 outside
    SNMP-server host within the 10.7.30.37 community * version 2 c
    location of the SNMP server *.
    contact SNMP Server
    Community SNMP-server
    Server enable SNMP traps snmp authentication linkup, linkdown cold start
    Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
    Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
    Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
    Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
    life crypto ipsec security association seconds 28800
    Crypto ipsec kilobytes of life - safety 4608000 association
    Crypto-map dynamic outside_dyn_map pfs set 20 Group1
    card crypto outside_map 1 match address outside_1_cryptomap
    peer set card crypto outside_map 1 206.169.55.66
    map outside_map 1 set of transformation-ESP-3DES-MD5 crypto
    card crypto outside_map 2 match address outside_cryptomap
    peer set card crypto outside_map 2 159.87.64.30
    card crypto outside_map 2 game of transformation-ESP-AES-192-SHA
    map outside_map 65535-isakmp ipsec crypto dynamic outside_dyn_map
    outside_map interface card crypto outside
    Crypto ca trustpoint *.
    Terminal registration
    full domain name *.
    name of the object *.
    MYKEY keypairs
    Configure CRL
    Crypto ca trustpoint A1
    Terminal registration
    fqdn ***************
    name of the object *.
    MYKEY keypairs
    Configure CRL
    Crypto ca trustpoint INTERMEDIARY
    Terminal registration
    no client-type
    Configure CRL
    Crypto ca trustpoint _SmartCallHome_ServerCA
    Configure CRL
    Crypto ca trustpoint ASDM_TrustPoint0
    Configure CRL
    Crypto ca trustpoint ASDM_TrustPoint1
    Configure CRL
    ca encryption certificate chain *.
    certificate ca 0301
    BUNCH OF STUFF
    quit smoking
    A1 crypto ca certificate chain
    OTHER LOTS of certificate
    quit smoking
    encryption ca INTERMEDIATE certificate chain
    YET ANOTHER certificate
    quit smoking
    Crypto ca certificate chain _SmartCallHome_ServerCA
    certificate ca LAST BOUQUET
    quit smoking
    crypto ISAKMP allow outside
    crypto ISAKMP policy 10
    preshared authentication
    3des encryption
    sha hash
    Group 2
    life 86400
    No encryption isakmp nat-traversal
    Telnet 10.7.30.0 255.255.255.0 inside
    Telnet timeout 30
    SSH 206.169.55.66 255.255.255.255 outside

    SSH timeout 5
    Console timeout 0
    management-access inside
    dhcpd 4.2.2.2 dns 8.8.8.8
    !
    dhcpd address 10.7.150.10 - 10.7.150.30 WLAN_GUESTS
    enable WLAN_GUESTS dhcpd
    !

    a basic threat threat detection
    Statistics-list of access threat detection
    no statistical threat detection tcp-interception
    SSL encryption rc4 - md5 of sha1
    SSL-trust A1 out point
    WebVPN
    allow outside
    AnyConnect essentials
    SVC disk0:/anyconnect-dart-win-2.5.2019-k9.pkg 1 image
    enable SVC
    attributes of Group Policy DfltGrpPolicy
    Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
    internal VPNUsers group strategy
    Group Policy VPNUsers attributes
    value of server DNS 10.7.30.20
    Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
    Split-tunnel-policy tunnelspecified
    value of Split-tunnel-network-list vpn_users_splitTunnelAcl
    dwm2000.WM.State.AZ.us value by default-field
    Split-dns value dwm2000.wm.state.az.us
    username HCadmin password * encrypted privilege 15
    attributes global-tunnel-group DefaultWEBVPNGroup
    address VPN_POOL pool
    authentication-server-group ADWM-FPS-02
    strategy - by default-VPNUsers group
    tunnel-group 206.169.55.66 type ipsec-l2l
    IPSec-attributes tunnel-group 206.169.55.66
    pre-shared key *.
    tunnel-group 159.87.64.30 type ipsec-l2l
    IPSec-attributes tunnel-group 159.87.64.30
    pre-shared key *.
    !
    class-map IPS_TRAFFIC
    corresponds to the IPS_TRAFFIC access list
    class-map inspection_default
    match default-inspection-traffic
    !
    !
    type of policy-card inspect dns preset_dns_map
    parameters
    message-length maximum 512
    Policy-map global_policy
    class inspection_default
    inspect the preset_dns_map dns
    inspect the ftp
    inspect h323 h225
    inspect the h323 ras
    inspect the rsh
    inspect the rtsp
    inspect esmtp
    inspect sqlnet
    inspect the skinny
    inspect sunrpc
    inspect xdmcp
    inspect the sip
    inspect the netbios
    inspect the tftp
    inspect the icmp
    Review the ip options
    class IPS_TRAFFIC
    IPS inline help
    !
    global service-policy global_policy
    field of context fast hostname
    anonymous reporting remote call
    call-home
    Profile of CiscoTAC-1
    no active account
    http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
    email address of destination [email protected] / * /
    destination-mode http transport
    Subscribe to alert-group diagnosis
    Subscribe to alert-group environment
    Subscribe to alert-group monthly periodic inventory
    monthly periodicals to subscribe to alert-group configuration
    daily periodic subscribe to alert-group telemetry
    Cryptochecksum:e70de424cf976e0a62b5668dc2284587
    : end
    ASDM image disk0: / asdm-645 - 206.bin
    ASDM location 159.87.70.66 255.255.255.255 inside
    ASDM location 208.65.144.0 255.255.248.0 inside
    ASDM location 208.81.64.0 255.255.248.0 inside
    ASDM location 172.16.10.0 255.255.255.0 inside
    ASDM location 159.87.64.30 255.255.255.255 inside
    don't allow no asdm history

    Anyone have any ideas?

    Hello

    Please, add this line in your configuration and let me know if it works:

    access extensive list ip 10.7.30.0 inside_nat0_outbound allow 255.255.255.0 10.7.30.0 255.255.255.0

    I ask you to add that it is because you have not specified any exceptions for the return shipping. Once you add to it, will allow you to go through the tunnel VPN, packets back. When this command is not there, you will be able to access everything on the SAA but nothing behind it.

    Let me know if it helps.

    Thank you

    Vishnu

Maybe you are looking for