Cisco softphone Expressway is not on the outside
Hi all
Recently, we have deployed Expressway C and E managed to get MRA completely well work
But after that we have to change the IP address from the highway E and now IM & P service and Directory works fine but telephone service does not register. Covered area is active. You have an idea about this problem? I completely blocked on this problem, I have tried everything that I could to resolve this problem. I have even done a factory reset to Expressway C and E and recreated crossing area. But the problem is always the same. Pls let me know any solution to this or how to fix it
Here is some info
CUCM and CIMP ver 10
See worm X8.5 Express (first I've deployed X8.2 but after this issue I upgraded to X8.5)
The highway is in mode single nic
Internal Jabber in network work quite well. External (public internet) IM & P service and Directory works but softphone does not register gives error on Jabber online status below
Softphone - unhealthy
Status: Not connected
Protocol: SIP
Address: 10.3.146.201 (CCMCIP - Expressway)
Error reason: connection. Make sure that the server information in the tab on the Options window telephone Services are correct. Contact your system administrator.
Landline - no
Status: Not connected
Protocol: CTI
Address: 10.3.146.201 (CTI)
Presence - healthy
Status: connected
Address: ExpresswayEdge.mydomain.com
Protocol: XMPP
Port: 5222
Directory - healthy
Status: Last successful login.
Address: 10.3.146.201
Protocol: UDS (HTTPS)
Thank you
I don't see the REGISTER message received in newspapers Expressway-E or C-Expressway. This suggests the following options:
(1) the Jabber client did not send it
(2) newspapers do not capture the time that the REGISTRY has been sent
(3) the firewall blocks tcp 5061.
I don't see the problem report Jabber that tell us what is happening. Can you provide this after you re-create the problem?
Tags: Cisco Support
Similar Questions
-
New Cisco Aironet 1602i is not broadcasting the SSID I place
New Cisco Aironet 1602i is not broadcasting the SSID I place
SSID I set up is not broadcasting, so I don't see the wireless network to choose and connect. On my laptop if I choose specify the name of the SSID then I am able to connect to the wireless network. I have only 1 Configuration SSID on the access point. Anyone know how to update the configuration for the SSID is broadcast?
The green light on the AP flashes and turns off about 3 seconds; is this normal or should it stays on all the time?
Current configuration: 1842 bytes
!
version 15.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
host ap name
!
!
Pulse 9 logging console
enable secret 5 $1$ rrlE$ msWqu8CGY/tpDkgRAAAIe /.
!
No aaa new-model
no ip Routing
no ip cef
!
!
!
dot11 syslog
!
dot11 ssid Mi Casa
open authentication
authentication-key wpa version2 management
WPA - psk ascii 7 142017070F0C787B7579
!
!
Crypto pki token removal timeout default 0
!
!
username Cisco privilege 15 password 7 112A1016141D
!
!
Bridge IRB
!
!
!
interface Dot11Radio0
no ip address
no ip route cache
!
encryption algorithms aes - ccm tkip encryption mode
!
SSID Mi Casa
!
gain of antenna 0
STBC
beamform ofdm
root of station-role
Bridge-Group 1
Bridge-group subscriber-loop-control 1
Bridge-Group 1 covering-disabled people
Bridge-Group 1 block-unknown-source
No source of bridge-Group 1-learning
unicast bridge-Group 1-floods
!
interface Dot11Radio1
no ip address
no ip route cache
!
encryption algorithms aes - ccm tkip encryption mode
!
SSID Mi Casa
!
gain of antenna 0
DFS block 3 Strip
STBC
beamform ofdm
channel SFR
root of station-role
Bridge-Group 1
Bridge-group subscriber-loop-control 1
Bridge-Group 1 covering-disabled people
Bridge-Group 1 block-unknown-source
No source of bridge-Group 1-learning
unicast bridge-Group 1-floods
!
interface GigabitEthernet0
no ip address
no ip route cache
automatic duplex
automatic speed
Bridge-Group 1
Bridge-Group 1 covering-disabled people
No source of bridge-Group 1-learning
!
interface BVI1
IP 192.168.10.200 255.255.255.0
no ip route cache
!
by default-gateway IP 192.168.10.1
IP forward-Protocol ND
IP http server
no ip http secure server
IP http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
1 channel ip bridge
!
!
!
Line con 0
line vty 0 4
local connection
transport of entry all
!
end
Hi you must guest mode config on the ssid... Read this bud
https://supportforums.Cisco.com/docs/doc-5442
Sent by Cisco Support technique iPhone App
-
Cisco FlexConnect 7510 does not start in the backup image. Yesterday I downloaded 8.1.102.0 on our master controller and rebooted when evertyhing was complete, the controller has not restarted in 8.1.102.0 it is stuck on the screen that says "cisco bootloader stage2 loading" I have hard reset the box with the power button and tried a couple of times. I looked at the material to break the boot with the 'ESC' key, but is not nothing to me either, even modified keyboards, comes to the white screen cisco F2 for Setup / F12 for the boot etc menu, but I'm not able to use the keyboard to enter this sequence. I have my controller to slave running 8.0.110.0 now that he's turned and took controll when the captain went to restart. For any help or suggestion would be greatly appreciated. Thanks Matt
"cisco bootloader loading stage2"
This happens when you connect a computer monitor directly to the WLC. If you connected in the WLC by using the console port, you should not see this.
-
I me camera of am buy a Canon and I is not found the outside I know not why
I buy a Canon video camera and I managed not to find the peripheral can help m
Hello
See this page to select your language:
http://support.Microsoft.com/common/international.aspx
====================================
Or sorry that it is area English.
On the top of this page click v (English) in the United States and set on your tongue.
I hope this helps.
Rob Brown - Microsoft MVP<- profile="" -="" windows="" expert="" -="" consumer="" :="" bicycle="" -="" mark="" twain="" said="" it="">->
-
Computer running slow, did a disk defrag and clean-up
http://www.elephantboycomputers.com/page2.html#Backing_Up
http://www.elephantboycomputers.com/page2.html#maintenance
http://www.elephantboycomputers.com/page2.html#Viruses_Malware
http://www.elephantboycomputers.com/page2.html#Removing_Malware MS - MVP - Elephant Boy computers - don't panic! -
Virtual machines communicate don't not via cisco 4001i module, can not ping gateway
We have just buit IBM blade with a switch cisco nexus 4001i 10gE module. The service console communicates via a different network module, but VM networks are mapped to network adapters that use the cisco nexus 4001i circulating on 10gE... Unfortunately, the service console connections are working properly, but virtual machines cannot ping the gateway. We move the virtual machines on the service console network and they work. The NIC adapaptors are configured to 10, 000mbps but are appearing at only 1, 000mbps. Currently, we don't have all the switches-dv put in place and run on standard v-switches within ESX, which brings me to this question: VMware does require the nexus 1000v to work with cisco 4001i? Also, another symptom, the cisco discovery Protocol is not collecting the information since the passage of these adapters that are connected to the 4001i but take the switch info at the other network management modules.
Anyone have any ideas what we do wrong?
Had a very similar problem with a very similar hardware. Turned out to be a problem with a configuration between the Nexus 4000 and Catalyst switches they're connected too.
-
Cisco UCS c240 can not have a partition outside the disk
Hello
I try to install ESXi 5.5 on a Cisco UCS of c240 M3.
The local drive is a FlexFlash Raid 1 2 sd cards.
When installing esx sees the local map 30 g.
request the language, root password and when I click on install, it gives an error. (see attached files)
This program has encountered an error: parted util, can't have a partition outside the disk
I have 2 servers configured exactly, out of the box, same error... any idea?
OK, so I tried with an older version of esx:
ESXi-5.5.0-1746018-Custom-Cisco-5.5.1.3.iso
and it seems to work for now (it's 28%)
-
Cisco ASA, connect an IP address on the OUTSIDE of the VPN remote access
Hello
I tried to find resources on the net but could not find a solution, then post it here. Maybe someone can help.
So the problem is that I'm trying to access a server on the cloud for remote VPN access (cisco asa 5510).
The server on the cloud (54.54.54.54) is only accessible from the outside interface (192.168.11.2) NY Firewall (cisco asa 5510)
I added some ACE for this in the ACL of VPN tunnel to divide.
NY-standard host allowed fw # access - list vpn_remote-customer 54.54.54.54
And I see the road added to my cliet machine after the VPN connection, but still it cannot connect to this server.
The network INTERIOR, I can connect to the server.
Thanks in advance.
Hello
This is most likely a problem with NAT hair/U-turn hairpin.
Will need to see the configurations or you would need to check yourself
I don't know what your version of the Software ASA is to be like who determines what is the format of NAT configuration.
So far, you have confirmed that the ASA VPN configuration provides the VPN Client with the route to the remote server. Then in circulation should be tunnel to the ASA.
Then, you will need to check the output of this command
See the race same-security-traffic
You should see the command in the output below
permit same-security-traffic intra-interface
If you do not, you will need to add it. This effect of controls is to allow traffic to enter an interface and exit through the same interface. In your case this applies to Internet VPN Client traffic to the remote server as it between ' outside ' and spell through the 'outside'.
Then, should ensure that dynamic PAT is configured for the VPN Clients.
8.2 software (and below)
You most likely have a dynamic configuration PAT like that on the firewall, if levels of above running software version
Global 1 interface (outside)
NAT (inside) 1 0.0.0.0 0.0.0.0
In this situation if we wanted to add dynamic PAT for a pool of VPN, we would add
NAT (outside) 1
This would allow users to use the same public IP address as LAN users, when accessing the remote VPN server
Software 8.3 (and above)
Because the NAT configuration format is completely different in the latest software, you could probably just add a new configuration of NAT completely without adding a
network of the VPN-PAT object
subnet
dynamic NAT interface (outdoors, outdoor)
Of course, its possible that there could be some configuration NAT already on the device which could cause problems for this configuration. If this does not work then that we would have to look at the actual configurations on the ASA.
Hope this helps
Let me know how it goes
-Jouni
-
NetMeeting does not not between the cisco vpn clients
Hello
I had posted the same query a weeks but did not get any reply.just adding more details and hoping som1 help me.
Here's the real problem:
We have a client that users use clients vpn cisco to connect LAN business from the public network and access as expected and also able to run netmeeting from his pc, but when users attempt to run netmeeting between two connected to the public network, vpn clients with same ip pool, it does not work.
Thank you & best regards
Madhu.
Try to delete "nat (outside) 1 192.168.1.0 255.255.255.0" and try again.
Or try adding something like this...
outside_nat0 to access ip 192.168.1.0 scope list allow 255.255.255.0 192.168.1.0 255.255.255.0
NAT (outside) 0-list of access outside_nat0
-
Cisco Aironet 2600 series Configuration of the DHCP server is NOT serving addresses?
Cisco Aironet 2600 series Configuration of the DHCP server is NOT serving addresses?
I have (2) AIR-SAP2602I-A-K9, configured the same way.
on two different remote LANs.
They don't seem to be handing out addresses via DHCP.
{If I connect to a local network with another DHCP server}
wireless devices can obtain addresses
This another DHCP server on the LAN through the access point.}
I followed 12.4.25d. JA.cg.pdf
Configuration of the Access Point to provide the Service DHCP 5-22
---------|---------|---------|
e.g. 3444-RCS1-AN #show running-config
Building configuration...
version 15.2
3444-RCS1-YEAR host name
no ip Routing
USH - DM IP domain name
DHCP excluded-address IP 192.168.29.89
IP dhcp RCS1 pool
network 192.168.29.88 255.255.255.248
router by default - 192.168.28.1
Rental 1 0
interface BVI1
IP 192.168.28.211 255.255.254.0
no ip route cache
default IP gateway - 192.168.28.1
---------|---------|---------|
---------|---------|---------|
e.g. 3444-RCS2-AN #show running-config
Building configuration...
version 15.2
3444-RCS2-YEAR host name
no ip Routing
USH - DM IP domain name
DHCP excluded-address IP 192.168.129.81
IP dhcp RCS2 pool
network 192.168.129.80 255.255.255.248
router by default - 192.168.128.1
Rental 2 0
interface BVI1
IP 192.168.128.171 255.255.254.0
no ip route cache
default IP gateway - 192.168.128.1
---------|---------|---------|
Thats the DHCP Pool range 192.168.29.88 through 192.168.28.95
Well this will confuse your customers.
And this is NOT how to set up your "range". See below:
DHCP excluded-address IP 192.168.29.1 192.168.29.87
DHCP excluded-address IP 192.168.29.96 192.168.29.254
IP dhcp RCS1 pool
network 192.168.28.211 255.255.254.0
router by default - 192.168.28.1
Rental 1 0
-
Cisco WLC 2504 - Access Points do not reach the controller
Hello world
We bougth a Cisco WLC 2504 with two AIR-AP2702I-UXK9 Access Points. The problem is that the AP do not join the WLC.
The output from 'show join ap stats' shows the following:(Cisco Controller) > view join ap stats summary all the
Database Mac EthernetMac AP AP name IP address Status
00:35: 1a: B1:A9:60 00:f2:8 b: f4:1 has: 9 c AP00f2.8bf4.1a9c 192.168.10.23 joined not
00:35: 1a: C9:99:B0 00:f2:8 b: 77:b7:fc AP00f2.8b77.b7fc not joined 192.168.10.24(Cisco Controller) > show join ap 00:35:1 detailed stats to: b1:a9:60
Synchronization phase statistics
-For the synchronization request has received... Does not apply
-For the synchronization completed... Does not applyDiscovery phase statistics
-Applications received discovered... 114
-Answers success of discovery... 114
-Discovery failure processing... 0
-Purpose of the last unsuccessful attempt of discovery... Does not apply
-Attempt to finally successful discovery time... 20:15:40.106 16 June
-Discovery attempt ultimately unsuccessful time... Does not applyJoin the live statistics
-Join applications received... 57
-Join sent successful responses... 57
-Processing of the join request without success... 0
-Purpose of the last unsuccessful attempt to join... Does not apply
-Attempt to join finally managed time... 20:15:50.414 16 June
-Join finally failed time... Does not applyConfiguration phase statistics
-Configuration requests... 114
-Answers configuration successful... 0
-Processing configuration failed... 57
-Purpose of the last unsuccessful attempt to Setup... Invalid license in the application configuration
-Attempt to finally successful configuration time... Does not apply
-Time finally failed configuration attempt... 20:15:50.810 16 JuneLast the decryption of the AP details failure messages
-Last message decryption failure reason... Does not applyDetails of recent disconnection AP
-Last AP connection failure reason... Does not apply
-Last reason for disconnection AP... Unknown failure reasonLatest summary join error
-Type of error that occurred in the last... Application of configuration rejected LWAPP
-Reason for the error that took place the last... Invalid license in the application configuration
-Time which occurred the last error to join... 20:15:50.810 16 JuneDetails of sign-out AP
-Last AP connection failure reason... Does not apply
Ethernet Mac: c 00:f2:8 b: f4:1 has: 9 Ip address: 192.168.10.23Would be grateful for the help.
Best regards
MarcHi Marc,
Make sure first that your controller has software code 8.0.x or above, if first better it. Here's the code recommended by TAC
Then, try the UX above deployment guide to begin. Under Advanced tab WLAN, you need to enable "of the first universal ap' in order to use this app provisioning & connect to the AP.
If you have more than 1 AP, then you must start 1AP using this application. Other access points that you can feed them upward, while AP original is also powered, so they'll use protocal called NDP & start them automatically
Let us know how it goes
HTH
Rasika
Pls note all useful responses *.
-
Cisco VCS does not show the user account option
Hi team,
We have 7.2 VCS server control, I'm not able to see the option of user account under maintenance-Login accounts. Please advise.
We don't have find me and TMS provisioing Extension service license, don't you think that's the reason.
I just started my first deployment of VCS, MCU and TMS and I must add customer movie, cisco Jabber video for Ipad and integrtaion with CUCM. CUCM has some end points of polycom and C40 and C60.
You precious advice will give me comfort during this deployment.
Irfan
BR
Hello
It's probably because that VCS runs in TMS PE commissioning mode, in which FindMe is managed by the portal user in TMS, meaning there is no need to set up the maintenance > logins on the VCS.
Edit: You added information that you do not have the keys option Device Provisioning and FindMe. Because user names relate directly to FindMe, the absence of an option key FindMe would explain also unable to see maintenance > login accounts > user accounts.
-Andreas
-
ASA 5505 Split tunneling stopped working when upgraded to 8.3 (1) 8.4 (3).
A user has to connect to the old device of 8.3 (1) that they could access all of our subnets: 10.1.0.0/16, 10.33.0.0/16, 10.89.0.0/16, 10.60.0.0/16
but now, they can't and in the newspapers, I see just
6 October 31, 2012 08:17:59 110003 10.60.30.111 1 10.89.30.41 0 routing cannot locate the next hop for ICMP to outside:10.60.30.111/1 to inside:10.89.30.41/0
any tips? I almost tried everything. the running configuration is:
: Saved
:
ASA Version 8.4 (3)
!
host name asa
names of
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 10.60.70.1 255.255.0.0
!
interface Vlan2
nameif outside
security-level 0
IP 80.90.98.217 255.255.255.248
!
passive FTP mode
clock timezone GMT 0
DNS lookup field inside
DNS domain-lookup outside
permit same-security-traffic intra-interface
network obj_any object
subnet 0.0.0.0 0.0.0.0
network of the NETWORK_OBJ_10.33.0.0_16 object
10.33.0.0 subnet 255.255.0.0
network of the NETWORK_OBJ_10.60.0.0_16 object
10.60.0.0 subnet 255.255.0.0
network of the NETWORK_OBJ_10.89.0.0_16 object
10.89.0.0 subnet 255.255.0.0
network of the NETWORK_OBJ_10.1.0.0_16 object
10.1.0.0 subnet 255.255.0.0
network tetPC object
Home 10.60.10.1
test description
network of the NETWORK_OBJ_10.60.30.0_24 object
10.60.30.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.60.30.64_26 object
255.255.255.192 subnet 10.60.30.64
the SSH server object network
Home 10.60.20.6
network of the SSH_public object
network ftp_public object
Home 80.90.98.218
rdp network object
Home 10.60.10.4
ftp_server network object
Home 10.60.20.2
network ssh_public object
Home 80.90.98.218
Service FTP object
tcp destination eq 12 service
network of the NETWORK_OBJ_10.60.20.3 object
Home 10.60.20.3
network of the NETWORK_OBJ_10.60.40.192_26 object
255.255.255.192 subnet 10.60.40.192
network of the NETWORK_OBJ_10.60.10.10 object
Home 10.60.10.10
network of the NETWORK_OBJ_10.60.20.2 object
Home 10.60.20.2
network of the NETWORK_OBJ_10.60.20.21 object
Home 10.60.20.21
network of the NETWORK_OBJ_10.60.20.4 object
Home 10.60.20.4
network of the NETWORK_OBJ_10.60.20.5 object
Home 10.60.20.5
network of the NETWORK_OBJ_10.60.20.6 object
Home 10.60.20.6
network of the NETWORK_OBJ_10.60.20.7 object
Home 10.60.20.7
network of the NETWORK_OBJ_10.60.20.29 object
Home 10.60.20.29
service port_tomcat object
Beach service tcp 8080 8082 source
network of the TBSF object
172.16.252.0 subnet 255.255.255.0
the e-mail server object network
Home 10.33.10.2
Mail server description
service object HTTPS
tcp source eq https service
test network object
network access_web_mail object
Home 10.60.50.251
network downtown_Interface_host object
Home 10.60.50.1
Downtown host Interface description
service of the Oracle_port object
tcp source eq sqlnet service
network of the NETWORK_OBJ_10.60.50.248_29 object
subnet 10.60.50.248 255.255.255.248
network of the NETWORK_OBJ_10.60.50.1 object
Home 10.60.50.1
network of the NETWORK_OBJ_10.60.50.0_28 object
subnet 10.60.50.0 255.255.255.240
brisel network object
10.191.191.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.191.191.0_24 object
10.191.191.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.60.60.0_24 object
10.60.60.0 subnet 255.255.255.0
object-group service TCS_Service_Group
Description this group of Services offered is for the CLD's Clients
port_tomcat service-object
HTTPS_ACCESS tcp service object-group
EQ object of the https port
the DM_INLINE_NETWORK_1 object-group network
object-network 10.1.0.0 255.255.0.0
network-object 10.33.0.0 255.255.0.0
network-object 10.60.0.0 255.255.0.0
network-object 10.89.0.0 255.255.0.0
allow outside_1_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.33.0.0 255.255.0.0
allow outside_2_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.89.0.0 255.255.0.0
outside_3_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 allow 10.1.0.0 255.255.0.0
OUTSIDE_IN list extended access permit icmp any one time exceed
OUTSIDE_IN list extended access allow all unreachable icmp
OUTSIDE_IN list extended access permit icmp any any echo response
OUTSIDE_IN list extended access permit icmp any any source-quench
OUTSIDE_IN list extended access permitted tcp 194.2.20.0 255.255.255.0 host 80.90.98.220 eq smtp
OUTSIDE_IN list extended access permit tcp host 194.25.12.0 host 80.90.98.220 eq smtp
OUTSIDE_IN list extended access allow icmp 80.90.98.222 host 80.90.98.217
OUTSIDE_IN list extended access permit tcp host 162.162.4.1 host 80.90.98.220 eq smtp
OUTSIDE_IN list extended access permit tcp host 98.85.125.2 host 80.90.98.221 eq ssh
Standard access list OAKDCAcl allow 10.60.0.0 255.255.0.0
Standard access list OAKDCAcl allow 10.33.0.0 255.255.0.0
access-list OAKDCAcl note backoffice
Standard access list OAKDCAcl allow 10.89.0.0 255.255.0.0
access-list OAKDCAcl note maint
OAKDCAcl list standard access allowed 10.1.0.0 255.255.0.0
access-list allowed standard osgd host 10.60.20.4
access-list allowed standard osgd host 10.60.20.5
access-list allowed standard osgd host 10.60.20.7
standard access list testOAK_splitTunnelAcl allow 10.60.0.0 255.255.0.0
list access allowed extended snmp udp any eq snmptrap everything
list of access allowed extended snmp udp any any eq snmp
downtown_splitTunnelAcl list standard access allowed host 10.60.20.29
webMailACL list standard access allowed host 10.33.10.2
access-list standard HBSC allowed host 10.60.30.107
access-list standard HBSC deny 10.33.0.0 255.255.0.0
access-list standard HBSC deny 10.89.0.0 255.255.0.0
allow outside_4_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.191.191.0 255.255.255.0
OAK-remote_splitTunnelAcl-list of allowed access standard 10.1.0.0 255.255.0.0
OAK-remote_splitTunnelAcl-list of allowed access standard 10.33.0.0 255.255.0.0
OAK-remote_splitTunnelAcl-list of allowed access standard 10.60.0.0 255.255.0.0
OAK-remote_splitTunnelAcl-list of allowed access standard 10.89.0.0 255.255.0.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
mask 10.60.30.110 - 10.60.30.150 255.255.0.0 IP local pool OAKPRD_pool
IP local pool mail_sddress_pool 10.60.50.251 - 10.60.50.255 mask 255.255.0.0
test 10.60.50.1 mask 255.255.255.255 IP local pool
IP local pool ipad 10.60.30.90 - 10.60.30.99 mask 255.255.0.0
mask 10.60.40.200 - 10.60.40.250 255.255.255.0 IP local pool TCS_pool
local pool OSGD_POOL 10.60.50.2 - 10.60.50.10 255.255.0.0 IP mask
mask 10.60.60.0 - 10.60.60.255 255.255.0.0 IP local pool OAK_pool
IP verify reverse path inside interface
IP verify reverse path to the outside interface
IP audit alarm action name ThreatDetection attack
verification of IP within the ThreatDetection interface
interface IP outside the ThreatDetection check
no failover
ICMP unreachable rate-limit 1 burst-size 1
ICMP allow any inside
ICMP allow any echo inside
ICMP allow any echo outdoors
enable ASDM history
ARP timeout 14400
NAT (inside, outside) static static source NETWORK_OBJ_10.33.0.0_16 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.33.0.0_16
NAT (inside, outside) static static source NETWORK_OBJ_10.89.0.0_16 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.89.0.0_16
NAT (inside, outside) static static source NETWORK_OBJ_10.1.0.0_16 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.1.0.0_16
NAT (inside, outside) static source all all NETWORK_OBJ_10.60.30.0_24 of NETWORK_OBJ_10.60.30.0_24 static destination
NAT (inside, outside) static source all all NETWORK_OBJ_10.60.30.64_26 of NETWORK_OBJ_10.60.30.64_26 static destination
NAT (inside, outside) static static source NETWORK_OBJ_10.60.40.192_26 destination NETWORK_OBJ_10.60.20.29 NETWORK_OBJ_10.60.20.29 NETWORK_OBJ_10.60.40.192_26 any port_tomcat service
NAT (inside, outside) static source any destination of all public static NETWORK_OBJ_10.60.50.1 NETWORK_OBJ_10.60.50.1
NAT (inside, outside) static static source NETWORK_OBJ_10.60.50.248_29 destination MailServer MailServer NETWORK_OBJ_10.60.50.248_29
NAT (inside, outside) static source all all NETWORK_OBJ_10.60.50.0_28 of NETWORK_OBJ_10.60.50.0_28 static destination
NAT (inside, outside) static static source NETWORK_OBJ_10.191.191.0_24 destination NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.191.191.0_24
NAT (inside, outside) static source DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 NETWORK_OBJ_10.60.60.0_24 NETWORK_OBJ_10.60.60.0_24 non-proxy-arp-search of route static destination
!
network obj_any object
NAT dynamic interface (indoor, outdoor)
Route outside 0.0.0.0 0.0.0.0 80.90.98.222 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
identity of the user by default-domain LOCAL
Enable http server
http 192.168.1.0 255.255.255.0 inside
http 10.60.10.10 255.255.255.255 inside
http 10.33.30.33 255.255.255.255 inside
http 10.60.30.33 255.255.255.255 inside
SNMP-server host within the 10.33.30.108 community * version 2 c
SNMP-server host within the 10.89.70.30 community *.
No snmp server location
No snmp Server contact
Community SNMP-server
Server enable SNMP traps snmp authentication linkup, linkdown warmstart of cold start
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set esp-3des esp-sha-hmac TRANS_ESP_3DES_SHA ikev1
transport mode encryption ipsec transform-set TRANS_ESP_3DES_SHA ikev1
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set lux_trans_set ikev1 aes - esp esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
card crypto outside_map 1 match address outside_1_cryptomap
peer set card crypto outside_map 1 84.51.31.173
card crypto outside_map 1 set transform-set ESP-3DES-SHA ikev1
card crypto outside_map 2 match address outside_2_cryptomap
peer set card crypto outside_map 2 98.85.125.2
card crypto outside_map 2 set transform-set ESP-3DES-SHA ikev1
card crypto outside_map 3 match address outside_3_cryptomap
peer set card crypto outside_map 3 220.79.236.146
card crypto outside_map 3 set transform-set ESP-3DES-SHA ikev1
card crypto 4 correspondence address outside_4_cryptomap outside_map
card crypto outside_map 4 set pfs
peer set card crypto outside_map 4 159.146.232.122
card crypto 4 ikev1 transform-set lux_trans_set set outside_map
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
Crypto ikev1 allow outside
IKEv1 crypto policy 5
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 20
preshared authentication
aes-256 encryption
sha hash
Group 5
life 86400
IKEv1 crypto policy 30
preshared authentication
3des encryption
sha hash
Group 2
lifetime 28800
IKEv1 crypto policy 50
preshared authentication
aes encryption
sha hash
Group 1
life 86400
IKEv1 crypto policy 70
preshared authentication
aes encryption
sha hash
Group 5
life 86400
Telnet 10.60.10.10 255.255.255.255 inside
Telnet 10.60.10.1 255.255.255.255 inside
Telnet 10.60.10.5 255.255.255.255 inside
Telnet 10.60.30.33 255.255.255.255 inside
Telnet 10.33.30.33 255.255.255.255 inside
Telnet timeout 30
SSH 10.60.10.5 255.255.255.255 inside
SSH 10.60.10.10 255.255.255.255 inside
SSH 10.60.10.3 255.255.255.255 inside
SSH timeout 5
Console timeout 0
dhcpd outside auto_config
!
dhcpd dns 155.2.10.20 155.2.10.50 interface inside
dhcpd auto_config outside interface inside
!
a basic threat threat detection
length 3600 scanning-threat shun threat detection
threat detection statistics
a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
TFTP server inside 10.60.10.10 configs/config1
WebVPN
internal testTG group policy
attributes of the strategy of group testTG
value of 155.2.10.20 DNS server 155.2.10.50
Ikev1 VPN-tunnel-Protocol
internal DefaultRAGroup_1 group strategy
attributes of Group Policy DefaultRAGroup_1
value of 155.2.10.20 DNS server 155.2.10.50
Protocol-tunnel-VPN l2tp ipsec
internal TcsTG group strategy
attributes of Group Policy TcsTG
VPN-idle-timeout 20
VPN-session-timeout 120
Ikev1 VPN-tunnel-Protocol
IPSec-udp disable
IPSec-udp-port 10000
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list testOAK_splitTunnelAcl
the address value TCS_pool pools
internal downtown_interfaceTG group policy
attributes of the strategy of group downtown_interfaceTG
value of 155.2.10.20 DNS server 155.2.10.50
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list downtown_splitTunnelAcl
internal HBSCTG group policy
HBSCTG group policy attributes
value of 155.2.10.20 DNS server 155.2.10.50
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value HBSC
internal OSGD group policy
OSGD group policy attributes
value of 155.2.10.20 DNS server 155.2.10.50
VPN-session-timeout no
Ikev1 VPN-tunnel-Protocol
group-lock value OSGD
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list testOAK_splitTunnelAcl
internal OAKDC group policy
OAKDC group policy attributes
Ikev1 VPN-tunnel-Protocol
value of group-lock OAKDC
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list OAKDCAcl
Disable dhcp Intercept 255.255.0.0
the address value OAKPRD_pool pools
internal mailTG group policy
attributes of the strategy of group mailTG
value of 155.2.10.20 DNS server 155.2.10.50
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list webMailACL
internal OAK-distance group strategy
attributes of OAK Group Policy / remote
value of 155.2.10.20 DNS server 155.2.10.50
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value OAK-remote_splitTunnelAcl
VPN-group-policy OAKDC
type of nas-prompt service
attributes global-tunnel-group DefaultRAGroup
address pool OAKPRD_pool
ipad address pool
Group Policy - by default-DefaultRAGroup_1
IPSec-attributes tunnel-group DefaultRAGroup
IKEv1 pre-shared-key *.
tunnel-group 84.51.31.173 type ipsec-l2l
IPSec-attributes tunnel-group 84.51.31.173
IKEv1 pre-shared-key *.
tunnel-group 98.85.125.2 type ipsec-l2l
IPSec-attributes tunnel-group 98.85.125.2
IKEv1 pre-shared-key *.
tunnel-group 220.79.236.146 type ipsec-l2l
IPSec-attributes tunnel-group 220.79.236.146
IKEv1 pre-shared-key *.
type tunnel-group OAKDC remote access
attributes global-tunnel-group OAKDC
address pool OAKPRD_pool
Group Policy - by default-OAKDC
IPSec-attributes tunnel-group OAKDC
IKEv1 pre-shared-key *.
type tunnel-group TcsTG remote access
attributes global-tunnel-group TcsTG
address pool TCS_pool
Group Policy - by default-TcsTG
IPSec-attributes tunnel-group TcsTG
IKEv1 pre-shared-key *.
type tunnel-group downtown_interfaceTG remote access
tunnel-group downtown_interfaceTG General-attributes
test of the address pool
Group Policy - by default-downtown_interfaceTG
downtown_interfaceTG group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
type tunnel-group TunnelGroup1 remote access
type tunnel-group mailTG remote access
tunnel-group mailTG General-attributes
address mail_sddress_pool pool
Group Policy - by default-mailTG
mailTG group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
type tunnel-group testTG remote access
tunnel-group testTG General-attributes
address mail_sddress_pool pool
Group Policy - by default-testTG
testTG group of tunnel ipsec-attributes
IKEv1 pre-shared-key *.
type tunnel-group OSGD remote access
tunnel-group OSGD General-attributes
address OSGD_POOL pool
strategy-group-by default OSGD
tunnel-group OSGD ipsec-attributes
IKEv1 pre-shared-key *.
type tunnel-group HBSCTG remote access
attributes global-tunnel-group HBSCTG
address OSGD_POOL pool
Group Policy - by default-HBSCTG
IPSec-attributes tunnel-group HBSCTG
IKEv1 pre-shared-key *.
tunnel-group 159.146.232.122 type ipsec-l2l
IPSec-attributes tunnel-group 159.146.232.122
IKEv1 pre-shared-key *.
tunnel-group OAK type remote access / remote
attributes global-tunnel-group OAK / remote
address pool OAK_pool
Group Policy - by default-OAK-remote control
IPSec-attributes tunnel-group OAK / remote
IKEv1 pre-shared-key *.
!
!
!
Policy-map global_policy
!
context of prompt hostname
no remote anonymous reporting call
HPM topN enable
: end
enable ASDM history
Hi David,
I see that you have:
allow outside_2_cryptomap to access extended list ip 10.60.0.0 255.255.0.0 10.89.0.0 255.255.0.0
So, please make the following changes:
network object obj - 10.60.30.0
10.60.30.0 subnet 255.255.255.0
!
Route outside 10.60.30.0 255.255.255.0 80.90.98.222
Route outside 10.89.0.0 255.255.0.0 80.90.98.222
NAT (outside, outside) 1 source static obj - 10.60.30.0 obj - 10.60.30.0 static destination NETWORK_OBJ_10.89.0.0_16 NETWORK_OBJ_10.89.0.0_16 non-proxy-arp-search to itinerary
HTH
Portu.
Please note all useful posts
Post edited by: Javier Portuguez
-
I try to enter the serial number to register my software, but the label outside of the box, he's starting with the letters and it does not accept the letters... . Only numbers
Serial numbers contain no letters, so maybe it's your redemption code, for use on adobe.com to get your serial number.
Here are a few links to look for more information
https://helpx.Adobe.com/x-productkb/global/redemption-code-help.html#productboxorprepaidca rd
-
Why can I not see the keyframes outside the edges of the effect control window?
I can't keyframes, I added at each end of an element in the control of effects in Premiere Pro CS6.
Keyframes are 'outside' from the edge of the window. I want to so I can reach them.
When I pull on the edges of the effect control window, he enlarged the keyframe graph only, it does not reveal the current keyframe.
What I am doing wrong?
Use drop down the menu and deselect Pin to Clip.
Maybe you are looking for
-
Hi I have an iPad running iOS 9.3.5. I turned off to iCloud photo sharing, and I am not sync the iPad with a computer. I now have a photo album Photos (I had more before I tried to solve this problem), but when I put a picture in and then delete it,
-
Swap HD from one PC to another
Have two identical Z800, Win7 in both, it is, if I get out D: / HD (not the operating system HD) and plug it into the other Z800, once again, (not like the operating system), work that HD in the second Z800 that has its own operating system... The HD
-
DMA FIFO (target host)
Hello I have the next vi FPGA and RT vi (joint). I'm trying to transfer data from the FPGA to the RT vi (using the target to host DMA FIFO), then to plot the data in the RT vi. The signal that I take analog input also is a 10 Hz, 1 well module 9215 V
-
January 17, 2011 - Best Buy installed XP - Pro SP3 on the computer that previously had XP Home SP2. OE 6.0 has been used in the two operating systems. Using XP-Home Edition, no real problem OE. Within 24 hours using OE XP - Pro, I get the compact mes
-
Establishment of Dual Boot with Vista and XP - Presario V3780UT
I have a laptop Compaq Presario V3780UT which came with Vista installed. I created another partition of c: Shriking and I want to install XP on it because some software will not work correctly under Vista. Can guide you please how to do this, and als