Cisco softphone Expressway is not on the outside

Hi all

Recently, we have deployed Expressway C and E managed to get MRA completely well work

But after that we have to change the IP address from the highway E and now IM & P service and Directory works fine but telephone service does not register. Covered area is active. You have an idea about this problem? I completely blocked on this problem, I have tried everything that I could to resolve this problem. I have even done a factory reset to Expressway C and E and recreated crossing area. But the problem is always the same. Pls let me know any solution to this or how to fix it

Here is some info

CUCM and CIMP ver 10

See worm X8.5 Express (first I've deployed X8.2 but after this issue I upgraded to X8.5)

The highway is in mode single nic

Internal Jabber in network work quite well. External (public internet) IM & P service and Directory works but softphone does not register gives error on Jabber online status below

Softphone - unhealthy
Status: Not connected
Protocol: SIP
Address: 10.3.146.201 (CCMCIP - Expressway)
Error reason: connection. Make sure that the server information in the tab on the Options window telephone Services are correct. Contact your system administrator.

Landline - no
Status: Not connected
Protocol: CTI
Address: 10.3.146.201 (CTI)

Presence - healthy
Status: connected
Address: ExpresswayEdge.mydomain.com
Protocol: XMPP
Port: 5222

Directory - healthy
Status: Last successful login.
Address: 10.3.146.201
Protocol: UDS (HTTPS)

Thank you

I don't see the REGISTER message received in newspapers Expressway-E or C-Expressway. This suggests the following options:

(1) the Jabber client did not send it

(2) newspapers do not capture the time that the REGISTRY has been sent

(3) the firewall blocks tcp 5061.

I don't see the problem report Jabber that tell us what is happening. Can you provide this after you re-create the problem?

Tags: Cisco Support

Similar Questions

  • New Cisco Aironet 1602i is not broadcasting the SSID I place

    New Cisco Aironet 1602i is not broadcasting the SSID I place

    SSID I set up is not broadcasting, so I don't see the wireless network to choose and connect. On my laptop if I choose specify the name of the SSID then I am able to connect to the wireless network. I have only 1 Configuration SSID on the access point. Anyone know how to update the configuration for the SSID is broadcast?

    The green light on the AP flashes and turns off about 3 seconds; is this normal or should it stays on all the time?

    Current configuration: 1842 bytes

    !

    version 15.2

    no service button

    horodateurs service debug datetime msec

    Log service timestamps datetime msec

    encryption password service

    !

    host ap name

    !

    !

    Pulse 9 logging console

    enable secret 5 $1$ rrlE$ msWqu8CGY/tpDkgRAAAIe /.

    !

    No aaa new-model

    no ip Routing

    no ip cef

    !

    !

    !

    dot11 syslog

    !

    dot11 ssid Mi Casa

    open authentication

    authentication-key wpa version2 management

    WPA - psk ascii 7 142017070F0C787B7579

    !

    !

    Crypto pki token removal timeout default 0

    !

    !

    username Cisco privilege 15 password 7 112A1016141D

    !

    !

    Bridge IRB

    !

    !

    !

    interface Dot11Radio0

    no ip address

    no ip route cache

    !

    encryption algorithms aes - ccm tkip encryption mode

    !

    SSID Mi Casa

    !

    gain of antenna 0

    STBC

    beamform ofdm

    root of station-role

    Bridge-Group 1

    Bridge-group subscriber-loop-control 1

    Bridge-Group 1 covering-disabled people

    Bridge-Group 1 block-unknown-source

    No source of bridge-Group 1-learning

    unicast bridge-Group 1-floods

    !

    interface Dot11Radio1

    no ip address

    no ip route cache

    !

    encryption algorithms aes - ccm tkip encryption mode

    !

    SSID Mi Casa

    !

    gain of antenna 0

    DFS block 3 Strip

    STBC

    beamform ofdm

    channel SFR

    root of station-role

    Bridge-Group 1

    Bridge-group subscriber-loop-control 1

    Bridge-Group 1 covering-disabled people

    Bridge-Group 1 block-unknown-source

    No source of bridge-Group 1-learning

    unicast bridge-Group 1-floods

    !

    interface GigabitEthernet0

    no ip address

    no ip route cache

    automatic duplex

    automatic speed

    Bridge-Group 1

    Bridge-Group 1 covering-disabled people

    No source of bridge-Group 1-learning

    !

    interface BVI1

    IP 192.168.10.200 255.255.255.0

    no ip route cache

    !

    by default-gateway IP 192.168.10.1

    IP forward-Protocol ND

    IP http server

    no ip http secure server

    IP http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

    !

    1 channel ip bridge

    !

    !

    !

    Line con 0

    line vty 0 4

    local connection

    transport of entry all

    !

    end

    Hi you must guest mode config on the ssid... Read this bud

    https://supportforums.Cisco.com/docs/doc-5442

    Sent by Cisco Support technique iPhone App

  • Cisco FlexConnect 7510 does not start the backup, stuck on "cisco bootloader stage2 loading" image

    Cisco FlexConnect 7510 does not start in the backup image. Yesterday I downloaded 8.1.102.0 on our master controller and rebooted when evertyhing was complete, the controller has not restarted in 8.1.102.0 it is stuck on the screen that says "cisco bootloader stage2 loading" I have hard reset the box with the power button and tried a couple of times. I looked at the material to break the boot with the 'ESC' key, but is not nothing to me either, even modified keyboards, comes to the white screen cisco F2 for Setup / F12 for the boot etc menu, but I'm not able to use the keyboard to enter this sequence. I have my controller to slave running 8.0.110.0 now that he's turned and took controll when the captain went to restart. For any help or suggestion would be greatly appreciated. Thanks Matt

     "cisco bootloader loading stage2"

    This happens when you connect a computer monitor directly to the WLC.  If you connected in the WLC by using the console port, you should not see this.

  • I me camera of am buy a Canon and I is not found the outside I know not why

    I buy a Canon video camera and I managed not to find the peripheral can help m

    Hello

    See this page to select your language:

    http://support.Microsoft.com/common/international.aspx

    ====================================

    Or sorry that it is area English.

    On the top of this page click v (English) in the United States and set on your tongue.

    I hope this helps.

    Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle="" -="" mark="" twain="" said="" it="">

  • I pay someone to "clean" my computer (not to the outside to the inside). How can I do it myself?

    Computer running slow, did a disk defrag and clean-up

    http://www.elephantboycomputers.com/page2.html#Backing_Up
    http://www.elephantboycomputers.com/page2.html#maintenance
    http://www.elephantboycomputers.com/page2.html#Viruses_Malware
    http://www.elephantboycomputers.com/page2.html#Removing_Malware MS - MVP - Elephant Boy computers - don't panic!

  • Virtual machines communicate don't not via cisco 4001i module, can not ping gateway

    We have just buit IBM blade with a switch cisco nexus 4001i 10gE module.  The service console communicates via a different network module, but VM networks are mapped to network adapters that use the cisco nexus 4001i circulating on 10gE... Unfortunately, the service console connections are working properly, but virtual machines cannot ping the gateway.  We move the virtual machines on the service console network and they work.  The NIC adapaptors are configured to 10, 000mbps but are appearing at only 1, 000mbps.  Currently, we don't have all the switches-dv put in place and run on standard v-switches within ESX, which brings me to this question: VMware does require the nexus 1000v to work with cisco 4001i?  Also, another symptom, the cisco discovery Protocol is not collecting the information since the passage of these adapters that are connected to the 4001i but take the switch info at the other network management modules.

    Anyone have any ideas what we do wrong?

    Had a very similar problem with a very similar hardware.  Turned out to be a problem with a configuration between the Nexus 4000 and Catalyst switches they're connected too.

  • Cisco UCS c240 can not have a partition outside the disk

    Hello

    I try to install ESXi 5.5 on a Cisco UCS of c240 M3.

    The local drive is a FlexFlash Raid 1 2 sd cards.

    When installing esx sees the local map 30 g.

    request the language, root password and when I click on install, it gives an error. (see attached files)

    This program has encountered an error: parted util, can't have a partition outside the disk

    I have 2 servers configured exactly, out of the box, same error... any idea?

    OK, so I tried with an older version of esx:

    ESXi-5.5.0-1746018-Custom-Cisco-5.5.1.3.iso

    and it seems to work for now (it's 28%)

  • Cisco ASA, connect an IP address on the OUTSIDE of the VPN remote access

    Hello

    I tried to find resources on the net but could not find a solution, then post it here. Maybe someone can help.

    So the problem is that I'm trying to access a server on the cloud for remote VPN access (cisco asa 5510).

    The server on the cloud (54.54.54.54) is only accessible from the outside interface (192.168.11.2) NY Firewall (cisco asa 5510)

    I added some ACE for this in the ACL of VPN tunnel to divide.

    NY-standard host allowed fw # access - list vpn_remote-customer 54.54.54.54

    And I see the road added to my cliet machine after the VPN connection, but still it cannot connect to this server.

    The network INTERIOR, I can connect to the server.

    Thanks in advance.

    Hello

    This is most likely a problem with NAT hair/U-turn hairpin.

    Will need to see the configurations or you would need to check yourself

    I don't know what your version of the Software ASA is to be like who determines what is the format of NAT configuration.

    So far, you have confirmed that the ASA VPN configuration provides the VPN Client with the route to the remote server. Then in circulation should be tunnel to the ASA.

    Then, you will need to check the output of this command

    See the race same-security-traffic

    You should see the command in the output below

    permit same-security-traffic intra-interface

    If you do not, you will need to add it. This effect of controls is to allow traffic to enter an interface and exit through the same interface. In your case this applies to Internet VPN Client traffic to the remote server as it between ' outside ' and spell through the 'outside'.

    Then, should ensure that dynamic PAT is configured for the VPN Clients.

    8.2 software (and below)

    You most likely have a dynamic configuration PAT like that on the firewall, if levels of above running software version

    Global 1 interface (outside)

    NAT (inside) 1 0.0.0.0 0.0.0.0

    In this situation if we wanted to add dynamic PAT for a pool of VPN, we would add

    NAT (outside) 1

    This would allow users to use the same public IP address as LAN users, when accessing the remote VPN server

    Software 8.3 (and above)

    Because the NAT configuration format is completely different in the latest software, you could probably just add a new configuration of NAT completely without adding a

    network of the VPN-PAT object

    subnet

    dynamic NAT interface (outdoors, outdoor)

    Of course, its possible that there could be some configuration NAT already on the device which could cause problems for this configuration. If this does not work then that we would have to look at the actual configurations on the ASA.

    Hope this helps

    Let me know how it goes

    -Jouni

  • NetMeeting does not not between the cisco vpn clients

    Hello

    I had posted the same query a weeks but did not get any reply.just adding more details and hoping som1 help me.

    Here's the real problem:

    We have a client that users use clients vpn cisco to connect LAN business from the public network and access as expected and also able to run netmeeting from his pc, but when users attempt to run netmeeting between two connected to the public network, vpn clients with same ip pool, it does not work.

    Thank you & best regards

    Madhu.

    Try to delete "nat (outside) 1 192.168.1.0 255.255.255.0" and try again.

    Or try adding something like this...

    outside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.1.0 255.255.255.0

    NAT (outside) 0-list of access outside_nat0

  • Cisco Aironet 2600 series Configuration of the DHCP server is NOT serving addresses?

    Cisco Aironet 2600 series Configuration of the DHCP server is NOT serving addresses?

    I have (2) AIR-SAP2602I-A-K9, configured the same way.

    on two different remote LANs.

    They don't seem to be handing out addresses via DHCP.

    {If I connect to a local network with another DHCP server}

    wireless devices can obtain addresses

    This another DHCP server on the LAN through the access point.}

    I followed 12.4.25d. JA.cg.pdf

    Configuration of the Access Point to provide the Service DHCP 5-22

    ---------|---------|---------|

    e.g. 3444-RCS1-AN #show running-config

    Building configuration...

    version 15.2

    3444-RCS1-YEAR host name

    no ip Routing

    USH - DM IP domain name

    DHCP excluded-address IP 192.168.29.89

    IP dhcp RCS1 pool

    network 192.168.29.88 255.255.255.248

    router by default - 192.168.28.1

    Rental 1 0

    interface BVI1

    IP 192.168.28.211 255.255.254.0

    no ip route cache

    default IP gateway - 192.168.28.1

    ---------|---------|---------|

    ---------|---------|---------|

    e.g. 3444-RCS2-AN #show running-config

    Building configuration...

    version 15.2

    3444-RCS2-YEAR host name

    no ip Routing

    USH - DM IP domain name

    DHCP excluded-address IP 192.168.129.81

    IP dhcp RCS2 pool

    network 192.168.129.80 255.255.255.248

    router by default - 192.168.128.1

    Rental 2 0

    interface BVI1

    IP 192.168.128.171 255.255.254.0

    no ip route cache

    default IP gateway - 192.168.128.1

    ---------|---------|---------|

    Thats the DHCP Pool range 192.168.29.88 through 192.168.28.95

    Well this will confuse your customers.

    And this is NOT how to set up your "range".   See below:

    DHCP excluded-address IP 192.168.29.1 192.168.29.87

    DHCP excluded-address IP 192.168.29.96 192.168.29.254

    IP dhcp RCS1 pool

    network 192.168.28.211 255.255.254.0

    router by default - 192.168.28.1

    Rental 1 0

  • Cisco WLC 2504 - Access Points do not reach the controller

    Hello world

    We bougth a Cisco WLC 2504 with two AIR-AP2702I-UXK9 Access Points. The problem is that the AP do not join the WLC.
    The output from 'show join ap stats' shows the following:

    (Cisco Controller) > view join ap stats summary all the

    Database Mac EthernetMac AP AP name IP address Status
    00:35: 1a: B1:A9:60 00:f2:8 b: f4:1 has: 9 c AP00f2.8bf4.1a9c 192.168.10.23 joined not
    00:35: 1a: C9:99:B0 00:f2:8 b: 77:b7:fc AP00f2.8b77.b7fc not joined 192.168.10.24

    (Cisco Controller) > show join ap 00:35:1 detailed stats to: b1:a9:60

    Synchronization phase statistics
    -For the synchronization request has received... Does not apply
    -For the synchronization completed... Does not apply

    Discovery phase statistics
    -Applications received discovered... 114
    -Answers success of discovery... 114
    -Discovery failure processing... 0
    -Purpose of the last unsuccessful attempt of discovery... Does not apply
    -Attempt to finally successful discovery time... 20:15:40.106 16 June
    -Discovery attempt ultimately unsuccessful time... Does not apply

    Join the live statistics
    -Join applications received... 57
    -Join sent successful responses... 57
    -Processing of the join request without success... 0
    -Purpose of the last unsuccessful attempt to join... Does not apply
    -Attempt to join finally managed time... 20:15:50.414 16 June
    -Join finally failed time... Does not apply

    Configuration phase statistics

    -Configuration requests... 114
    -Answers configuration successful... 0
    -Processing configuration failed... 57
    -Purpose of the last unsuccessful attempt to Setup... Invalid license in the application configuration
    -Attempt to finally successful configuration time... Does not apply
    -Time finally failed configuration attempt... 20:15:50.810 16 June

    Last the decryption of the AP details failure messages
    -Last message decryption failure reason... Does not apply

    Details of recent disconnection AP
    -Last AP connection failure reason... Does not apply
    -Last reason for disconnection AP... Unknown failure reason

    Latest summary join error
    -Type of error that occurred in the last... Application of configuration rejected LWAPP
    -Reason for the error that took place the last... Invalid license in the application configuration
    -Time which occurred the last error to join... 20:15:50.810 16 June

    Details of sign-out AP
    -Last AP connection failure reason... Does not apply
    Ethernet Mac: c 00:f2:8 b: f4:1 has: 9 Ip address: 192.168.10.23

    Would be grateful for the help.

    Best regards
    Marc

    Hi Marc,

    Make sure first that your controller has software code 8.0.x or above, if first better it. Here's the code recommended by TAC

    http://www.Cisco.com/c/en/us/support/docs/wireless/wireless-LAN-Controller-software/200046-TAC-recommended-AireOS.html

    Then, try the UX above deployment guide to begin. Under Advanced tab WLAN, you need to enable "of the first universal ap' in order to use this app provisioning & connect to the AP.

    If you have more than 1 AP, then you must start 1AP using this application. Other access points that you can feed them upward, while AP original is also powered, so they'll use protocal called NDP & start them automatically

    Let us know how it goes

    HTH

    Rasika

    Pls note all useful responses *.

  • Cisco VCS does not show the user account option

    Hi team,

    We have 7.2 VCS server control, I'm not able to see the option of user account under maintenance-Login accounts. Please advise.

    We don't have find me and TMS provisioing Extension service license, don't you think that's the reason.

    I just started my first deployment of VCS, MCU and TMS and I must add customer movie, cisco Jabber video for Ipad and integrtaion with CUCM. CUCM has some end points of polycom and C40 and C60.

    You precious advice will give me comfort during this deployment.

    Irfan

    BR

    Hello

    It's probably because that VCS runs in TMS PE commissioning mode, in which FindMe is managed by the portal user in TMS, meaning there is no need to set up the maintenance > logins on the VCS.

    Edit: You added information that you do not have the keys option Device Provisioning and FindMe. Because user names relate directly to FindMe, the absence of an option key FindMe would explain also unable to see maintenance > login accounts > user accounts.

    -Andreas

  • Could not locate the next hop for ICMP outside:10.60.30.111/1 to inside:10.89.30.41/0 routing

    ASA 5505 Split tunneling stopped working when upgraded to 8.3 (1) 8.4 (3).

    A user has to connect to the old device of 8.3 (1) that they could access all of our subnets: 10.1.0.0/16, 10.33.0.0/16, 10.89.0.0/16, 10.60.0.0/16

    but now, they can't and in the newspapers, I see just

    6 October 31, 2012 08:17:59 110003 10.60.30.111 1 10.89.30.41 0 routing cannot locate the next hop for ICMP to outside:10.60.30.111/1 to inside:10.89.30.41/0

    any tips? I almost tried everything. the running configuration is:

    : Saved

    :

    ASA Version 8.4 (3)

    !

    host name asa

    names of

    !

    interface Ethernet0/0

    switchport access vlan 2

    !

    interface Ethernet0/1

    !

    interface Ethernet0/2

    !

    interface Ethernet0/3

    !

    interface Ethernet0/4

    !

    interface Ethernet0/5

    !

    interface Ethernet0/6

    !

    interface Ethernet0/7

    !

    interface Vlan1

    nameif inside

    security-level 100

    IP 10.60.70.1 255.255.0.0

    !

    interface Vlan2

    nameif outside

    security-level 0

    IP 80.90.98.217 255.255.255.248

    !

    passive FTP mode

    clock timezone GMT 0

    DNS lookup field inside

    DNS domain-lookup outside

    permit same-security-traffic intra-interface

    network obj_any object

    subnet 0.0.0.0 0.0.0.0

    network of the NETWORK_OBJ_10.33.0.0_16 object

    10.33.0.0 subnet 255.255.0.0

    network of the NETWORK_OBJ_10.60.0.0_16 object

    10.60.0.0 subnet 255.255.0.0

    network of the NETWORK_OBJ_10.89.0.0_16 object

    10.89.0.0 subnet 255.255.0.0

    network of the NETWORK_OBJ_10.1.0.0_16 object

    10.1.0.0 subnet 255.255.0.0

    network tetPC object

    Home 10.60.10.1

    test description

    network of the NETWORK_OBJ_10.60.30.0_24 object

    10.60.30.0 subnet 255.255.255.0

    network of the NETWORK_OBJ_10.60.30.64_26 object

    255.255.255.192 subnet 10.60.30.64

    the SSH server object network

    Home 10.60.20.6

    network of the SSH_public object

    network ftp_public object

    Home 80.90.98.218

    rdp network object

    Home 10.60.10.4

    ftp_server network object

    Home 10.60.20.2

    network ssh_public object

    Home 80.90.98.218

    Service FTP object

    tcp destination eq 12 service

    network of the NETWORK_OBJ_10.60.20.3 object

    Home 10.60.20.3

    network of the NETWORK_OBJ_10.60.40.192_26 object

    255.255.255.192 subnet 10.60.40.192

    network of the NETWORK_OBJ_10.60.10.10 object

    Home 10.60.10.10

    network of the NETWORK_OBJ_10.60.20.2 object

    Home 10.60.20.2

    network of the NETWORK_OBJ_10.60.20.21 object

    Home 10.60.20.21

    network of the NETWORK_OBJ_10.60.20.4 object

    Home 10.60.20.4

    network of the NETWORK_OBJ_10.60.20.5 object

    Home 10.60.20.5

    network of the NETWORK_OBJ_10.60.20.6 object

    Home 10.60.20.6

    network of the NETWORK_OBJ_10.60.20.7 object

    Home 10.60.20.7

    network of the NETWORK_OBJ_10.60.20.29 object

    Home 10.60.20.29

    service port_tomcat object

    Beach service tcp 8080 8082 source

    network of the TBSF object

    172.16.252.0 subnet 255.255.255.0

    the e-mail server object network

    Home 10.33.10.2

    Mail server description

    service object HTTPS

    tcp source eq https service

    test network object

    network access_web_mail object

    Home 10.60.50.251

    network downtown_Interface_host object

    Home 10.60.50.1

    Downtown host Interface description

    service of the Oracle_port object

    tcp source eq sqlnet service

    network of the NETWORK_OBJ_10.60.50.248_29 object

    subnet 10.60.50.248 255.255.255.248

    network of the NETWORK_OBJ_10.60.50.1 object

    Home 10.60.50.1

    network of the NETWORK_OBJ_10.60.50.0_28 object

    subnet 10.60.50.0 255.255.255.240

    brisel network object

    10.191.191.0 subnet 255.255.255.0

    network of the NETWORK_OBJ_10.191.191.0_24 object

    10.191.191.0 subnet 255.255.255.0

    network of the NETWORK_OBJ_10.60.60.0_24 object

    10.60.60.0 subnet 255.255.255.0

    object-group service TCS_Service_Group

    Description this group of Services offered is for the CLD's Clients

    port_tomcat service-object

    HTTPS_ACCESS tcp service object-group

    EQ object of the https port

    the DM_INLINE_NETWORK_1 object-group network

    object-network 10.1.0.0 255.255.0.0

    network-object 10.33.0.0 255.255.0.0

    network-object 10.60.0.0 255.255.0.0

    network-object 10.89.0.0 255.255.0.0

    allow outside_1_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.33.0.0 255.255.0.0

    allow outside_2_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.89.0.0 255.255.0.0

    outside_3_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 allow 10.1.0.0 255.255.0.0

    OUTSIDE_IN list extended access permit icmp any one time exceed

    OUTSIDE_IN list extended access allow all unreachable icmp

    OUTSIDE_IN list extended access permit icmp any any echo response

    OUTSIDE_IN list extended access permit icmp any any source-quench

    OUTSIDE_IN list extended access permitted tcp 194.2.20.0 255.255.255.0 host 80.90.98.220 eq smtp

    OUTSIDE_IN list extended access permit tcp host 194.25.12.0 host 80.90.98.220 eq smtp

    OUTSIDE_IN list extended access allow icmp 80.90.98.222 host 80.90.98.217

    OUTSIDE_IN list extended access permit tcp host 162.162.4.1 host 80.90.98.220 eq smtp

    OUTSIDE_IN list extended access permit tcp host 98.85.125.2 host 80.90.98.221 eq ssh

    Standard access list OAKDCAcl allow 10.60.0.0 255.255.0.0

    Standard access list OAKDCAcl allow 10.33.0.0 255.255.0.0

    access-list OAKDCAcl note backoffice

    Standard access list OAKDCAcl allow 10.89.0.0 255.255.0.0

    access-list OAKDCAcl note maint

    OAKDCAcl list standard access allowed 10.1.0.0 255.255.0.0

    access-list allowed standard osgd host 10.60.20.4

    access-list allowed standard osgd host 10.60.20.5

    access-list allowed standard osgd host 10.60.20.7

    standard access list testOAK_splitTunnelAcl allow 10.60.0.0 255.255.0.0

    list access allowed extended snmp udp any eq snmptrap everything

    list of access allowed extended snmp udp any any eq snmp

    downtown_splitTunnelAcl list standard access allowed host 10.60.20.29

    webMailACL list standard access allowed host 10.33.10.2

    access-list standard HBSC allowed host 10.60.30.107

    access-list standard HBSC deny 10.33.0.0 255.255.0.0

    access-list standard HBSC deny 10.89.0.0 255.255.0.0

    allow outside_4_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.191.191.0 255.255.255.0

    OAK-remote_splitTunnelAcl-list of allowed access standard 10.1.0.0 255.255.0.0

    OAK-remote_splitTunnelAcl-list of allowed access standard 10.33.0.0 255.255.0.0

    OAK-remote_splitTunnelAcl-list of allowed access standard 10.60.0.0 255.255.0.0

    OAK-remote_splitTunnelAcl-list of allowed access standard 10.89.0.0 255.255.0.0

    pager lines 24

    Enable logging

    asdm of logging of information

    Within 1500 MTU

    Outside 1500 MTU

    mask 10.60.30.110 - 10.60.30.150 255.255.0.0 IP local pool OAKPRD_pool

    IP local pool mail_sddress_pool 10.60.50.251 - 10.60.50.255 mask 255.255.0.0

    test 10.60.50.1 mask 255.255.255.255 IP local pool

    IP local pool ipad 10.60.30.90 - 10.60.30.99 mask 255.255.0.0

    mask 10.60.40.200 - 10.60.40.250 255.255.255.0 IP local pool TCS_pool

    local pool OSGD_POOL 10.60.50.2 - 10.60.50.10 255.255.0.0 IP mask

    mask 10.60.60.0 - 10.60.60.255 255.255.0.0 IP local pool OAK_pool

    IP verify reverse path inside interface

    IP verify reverse path to the outside interface

    IP audit alarm action name ThreatDetection attack

    verification of IP within the ThreatDetection interface

    interface IP outside the ThreatDetection check

    no failover

    ICMP unreachable rate-limit 1 burst-size 1

    ICMP allow any inside

    ICMP allow any echo inside

    ICMP allow any echo outdoors

    enable ASDM history

    ARP timeout 14400

    NAT (inside, outside) static static source NETWORK_OBJ_10.33.0.0_16 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.33.0.0_16

    NAT (inside, outside) static static source NETWORK_OBJ_10.89.0.0_16 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.89.0.0_16

    NAT (inside, outside) static static source NETWORK_OBJ_10.1.0.0_16 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.1.0.0_16

    NAT (inside, outside) static source all all NETWORK_OBJ_10.60.30.0_24 of NETWORK_OBJ_10.60.30.0_24 static destination

    NAT (inside, outside) static source all all NETWORK_OBJ_10.60.30.64_26 of NETWORK_OBJ_10.60.30.64_26 static destination

    NAT (inside, outside) static static source NETWORK_OBJ_10.60.40.192_26 destination NETWORK_OBJ_10.60.20.29 NETWORK_OBJ_10.60.20.29 NETWORK_OBJ_10.60.40.192_26 any port_tomcat service

    NAT (inside, outside) static source any destination of all public static NETWORK_OBJ_10.60.50.1 NETWORK_OBJ_10.60.50.1

    NAT (inside, outside) static static source NETWORK_OBJ_10.60.50.248_29 destination MailServer MailServer NETWORK_OBJ_10.60.50.248_29

    NAT (inside, outside) static source all all NETWORK_OBJ_10.60.50.0_28 of NETWORK_OBJ_10.60.50.0_28 static destination

    NAT (inside, outside) static static source NETWORK_OBJ_10.191.191.0_24 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.191.191.0_24

    NAT (inside, outside) static source DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 NETWORK_OBJ_10.60.60.0_24 NETWORK_OBJ_10.60.60.0_24 non-proxy-arp-search of route static destination

    !

    network obj_any object

    NAT dynamic interface (indoor, outdoor)

    Route outside 0.0.0.0 0.0.0.0 80.90.98.222 1

    Timeout xlate 03:00

    Pat-xlate timeout 0:00:30

    Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

    Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

    Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

    Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

    timeout tcp-proxy-reassembly 0:01:00

    Floating conn timeout 0:00:00

    dynamic-access-policy-registration DfltAccessPolicy

    identity of the user by default-domain LOCAL

    Enable http server

    http 192.168.1.0 255.255.255.0 inside

    http 10.60.10.10 255.255.255.255 inside

    http 10.33.30.33 255.255.255.255 inside

    http 10.60.30.33 255.255.255.255 inside

    SNMP-server host within the 10.33.30.108 community * version 2 c

    SNMP-server host within the 10.89.70.30 community *.

    No snmp server location

    No snmp Server contact

    Community SNMP-server

    Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start

    Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac

    Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac

    Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA ikev1

    transport mode encryption ipsec transform-set TRANS_ESP_3DES_SHA ikev1

    Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac

    Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac

    Crypto ipsec transform-set lux_trans_set ikev1 aes - esp esp-sha-hmac

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set

    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

    card crypto outside_map 1 match address outside_1_cryptomap

    peer set card crypto outside_map 1 84.51.31.173

    card crypto outside_map 1 set transform-set ESP-3DES-SHA ikev1

    card crypto outside_map 2 match address outside_2_cryptomap

    peer set card crypto outside_map 2 98.85.125.2

    card crypto outside_map 2 set transform-set ESP-3DES-SHA ikev1

    card crypto outside_map 3 match address outside_3_cryptomap

    peer set card crypto outside_map 3 220.79.236.146

    card crypto outside_map 3 set transform-set ESP-3DES-SHA ikev1

    card crypto 4 correspondence address outside_4_cryptomap outside_map

    card crypto outside_map 4 set pfs

    peer set card crypto outside_map 4 159.146.232.122

    card crypto 4 ikev1 transform-set lux_trans_set set outside_map

    outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

    outside_map interface card crypto outside

    Crypto ikev1 allow outside

    IKEv1 crypto policy 5

    preshared authentication

    3des encryption

    sha hash

    Group 2

    life 86400

    IKEv1 crypto policy 20

    preshared authentication

    aes-256 encryption

    sha hash

    Group 5

    life 86400

    IKEv1 crypto policy 30

    preshared authentication

    3des encryption

    sha hash

    Group 2

    lifetime 28800

    IKEv1 crypto policy 50

    preshared authentication

    aes encryption

    sha hash

    Group 1

    life 86400

    IKEv1 crypto policy 70

    preshared authentication

    aes encryption

    sha hash

    Group 5

    life 86400

    Telnet 10.60.10.10 255.255.255.255 inside

    Telnet 10.60.10.1 255.255.255.255 inside

    Telnet 10.60.10.5 255.255.255.255 inside

    Telnet 10.60.30.33 255.255.255.255 inside

    Telnet 10.33.30.33 255.255.255.255 inside

    Telnet timeout 30

    SSH 10.60.10.5 255.255.255.255 inside

    SSH 10.60.10.10 255.255.255.255 inside

    SSH 10.60.10.3 255.255.255.255 inside

    SSH timeout 5

    Console timeout 0

    dhcpd outside auto_config

    !

    dhcpd dns 155.2.10.20 155.2.10.50 interface inside

    dhcpd auto_config outside interface inside

    !

    a basic threat threat detection

    length 3600 scanning-threat shun threat detection

    threat detection statistics

    a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200

    TFTP server inside 10.60.10.10 configs/config1

    WebVPN

    internal testTG group policy

    attributes of the strategy of group testTG

    value of 155.2.10.20 DNS server 155.2.10.50

    Ikev1 VPN-tunnel-Protocol

    internal DefaultRAGroup_1 group strategy

    attributes of Group Policy DefaultRAGroup_1

    value of 155.2.10.20 DNS server 155.2.10.50

    Protocol-tunnel-VPN l2tp ipsec

    internal TcsTG group strategy

    attributes of Group Policy TcsTG

    VPN-idle-timeout 20

    VPN-session-timeout 120

    Ikev1 VPN-tunnel-Protocol

    IPSec-udp disable

    IPSec-udp-port 10000

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list testOAK_splitTunnelAcl

    the address value TCS_pool pools

    internal downtown_interfaceTG group policy

    attributes of the strategy of group downtown_interfaceTG

    value of 155.2.10.20 DNS server 155.2.10.50

    Ikev1 VPN-tunnel-Protocol

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list downtown_splitTunnelAcl

    internal HBSCTG group policy

    HBSCTG group policy attributes

    value of 155.2.10.20 DNS server 155.2.10.50

    Ikev1 VPN-tunnel-Protocol

    Split-tunnel-policy tunnelspecified

    Split-tunnel-network-list value HBSC

    internal OSGD group policy

    OSGD group policy attributes

    value of 155.2.10.20 DNS server 155.2.10.50

    VPN-session-timeout no

    Ikev1 VPN-tunnel-Protocol

    group-lock value OSGD

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list testOAK_splitTunnelAcl

    internal OAKDC group policy

    OAKDC group policy attributes

    Ikev1 VPN-tunnel-Protocol

    value of group-lock OAKDC

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list OAKDCAcl

    Disable dhcp Intercept 255.255.0.0

    the address value OAKPRD_pool pools

    internal mailTG group policy

    attributes of the strategy of group mailTG

    value of 155.2.10.20 DNS server 155.2.10.50

    Ikev1 VPN-tunnel-Protocol

    Split-tunnel-policy tunnelspecified

    value of Split-tunnel-network-list webMailACL

    internal OAK-distance group strategy

    attributes of OAK Group Policy / remote

    value of 155.2.10.20 DNS server 155.2.10.50

    Ikev1 VPN-tunnel-Protocol

    Split-tunnel-policy tunnelspecified

    Split-tunnel-network-list value OAK-remote_splitTunnelAcl

    VPN-group-policy OAKDC

    type of nas-prompt service

    attributes global-tunnel-group DefaultRAGroup

    address pool OAKPRD_pool

    ipad address pool

    Group Policy - by default-DefaultRAGroup_1

    IPSec-attributes tunnel-group DefaultRAGroup

    IKEv1 pre-shared-key *.

    tunnel-group 84.51.31.173 type ipsec-l2l

    IPSec-attributes tunnel-group 84.51.31.173

    IKEv1 pre-shared-key *.

    tunnel-group 98.85.125.2 type ipsec-l2l

    IPSec-attributes tunnel-group 98.85.125.2

    IKEv1 pre-shared-key *.

    tunnel-group 220.79.236.146 type ipsec-l2l

    IPSec-attributes tunnel-group 220.79.236.146

    IKEv1 pre-shared-key *.

    type tunnel-group OAKDC remote access

    attributes global-tunnel-group OAKDC

    address pool OAKPRD_pool

    Group Policy - by default-OAKDC

    IPSec-attributes tunnel-group OAKDC

    IKEv1 pre-shared-key *.

    type tunnel-group TcsTG remote access

    attributes global-tunnel-group TcsTG

    address pool TCS_pool

    Group Policy - by default-TcsTG

    IPSec-attributes tunnel-group TcsTG

    IKEv1 pre-shared-key *.

    type tunnel-group downtown_interfaceTG remote access

    tunnel-group downtown_interfaceTG General-attributes

    test of the address pool

    Group Policy - by default-downtown_interfaceTG

    downtown_interfaceTG group of tunnel ipsec-attributes

    IKEv1 pre-shared-key *.

    type tunnel-group TunnelGroup1 remote access

    type tunnel-group mailTG remote access

    tunnel-group mailTG General-attributes

    address mail_sddress_pool pool

    Group Policy - by default-mailTG

    mailTG group of tunnel ipsec-attributes

    IKEv1 pre-shared-key *.

    type tunnel-group testTG remote access

    tunnel-group testTG General-attributes

    address mail_sddress_pool pool

    Group Policy - by default-testTG

    testTG group of tunnel ipsec-attributes

    IKEv1 pre-shared-key *.

    type tunnel-group OSGD remote access

    tunnel-group OSGD General-attributes

    address OSGD_POOL pool

    strategy-group-by default OSGD

    tunnel-group OSGD ipsec-attributes

    IKEv1 pre-shared-key *.

    type tunnel-group HBSCTG remote access

    attributes global-tunnel-group HBSCTG

    address OSGD_POOL pool

    Group Policy - by default-HBSCTG

    IPSec-attributes tunnel-group HBSCTG

    IKEv1 pre-shared-key *.

    tunnel-group 159.146.232.122 type ipsec-l2l

    IPSec-attributes tunnel-group 159.146.232.122

    IKEv1 pre-shared-key *.

    tunnel-group OAK type remote access / remote

    attributes global-tunnel-group OAK / remote

    address pool OAK_pool

    Group Policy - by default-OAK-remote control

    IPSec-attributes tunnel-group OAK / remote

    IKEv1 pre-shared-key *.

    !

    !

    !

    Policy-map global_policy

    !

    context of prompt hostname

    no remote anonymous reporting call

    HPM topN enable

    : end

    enable ASDM history

    Hi David,

    I see that you have:

    allow outside_2_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.89.0.0 255.255.0.0

    So, please make the following changes:

    network object obj - 10.60.30.0

    10.60.30.0 subnet 255.255.255.0

    !

    Route outside 10.60.30.0 255.255.255.0 80.90.98.222

    Route outside 10.89.0.0 255.255.0.0 80.90.98.222

    NAT (outside, outside) 1 source static obj - 10.60.30.0 obj - 10.60.30.0 static destination NETWORK_OBJ_10.89.0.0_16 NETWORK_OBJ_10.89.0.0_16 non-proxy-arp-search to itinerary

    HTH

    Portu.

    Please note all useful posts

    Post edited by: Javier Portuguez

  • I try to enter the serial number to register my software, but the label outside of the box, he's starting with the letters and it does not accept the letters... . Only numbers

    I try to enter the serial number to register my software, but the label outside of the box, he's starting with the letters and it does not accept the letters... . Only numbers

    Serial numbers contain no letters, so maybe it's your redemption code, for use on adobe.com to get your serial number.

    Here are a few links to look for more information

    https://helpx.Adobe.com/x-productkb/global/redemption-code-help.html#productboxorprepaidca rd

    Quickly find your serial number

  • Why can I not see the keyframes outside the edges of the effect control window?

    I can't keyframes, I added at each end of an element in the control of effects in Premiere Pro CS6.

    Keyframes are 'outside' from the edge of the window. I want to so I can reach them.

    When I pull on the edges of the effect control window, he enlarged the keyframe graph only, it does not reveal the current keyframe.

    What I am doing wrong?

    Use drop down the menu and deselect Pin to Clip.

Maybe you are looking for

  • Invisible photo albums

    Hi I have an iPad running iOS 9.3.5. I turned off to iCloud photo sharing, and I am not sync the iPad with a computer. I now have a photo album Photos (I had more before I tried to solve this problem), but when I put a picture in and then delete it,

  • Swap HD from one PC to another

    Have two identical Z800, Win7 in both, it is, if I get out D: / HD (not the operating system HD) and plug it into the other Z800, once again, (not like the operating system), work that HD in the second Z800 that has its own operating system... The HD

  • DMA FIFO (target host)

    Hello I have the next vi FPGA and RT vi (joint). I'm trying to transfer data from the FPGA to the RT vi (using the target to host DMA FIFO), then to plot the data in the RT vi. The signal that I take analog input also is a 10 Hz, 1 well module 9215 V

  • 'Compress msg pop up '... Outlook Express 6.0 (2004) - installed with XP - Pro SP3.

    January 17, 2011 - Best Buy installed XP - Pro SP3 on the computer that previously had XP Home SP2. OE 6.0 has been used in the two operating systems. Using XP-Home Edition, no real problem OE. Within 24 hours using OE XP - Pro, I get the compact mes

  • Establishment of Dual Boot with Vista and XP - Presario V3780UT

    I have a laptop Compaq Presario V3780UT which came with Vista installed. I created another partition of c: Shriking and I want to install XP on it because some software will not work correctly under Vista. Can guide you please how to do this, and als