Command to check the tunnel VPN S2S awhile in the cisco router

Similar Questions

• command to check the tablespace is read or write mode State?

  command to check the tablespace is read or write mode State?

  SELECT status FROM dba_tablespaces WHERE nom_tablespace = 'MY_TS ';

  The State values are online, offline, or READ only. ONLINE is READ WRITE.

  HTH,

  Brian

• command to check the level of patch of OIM 11 g R2

  Hello
  
  Could if it you please let me know the command to check the current patch of OIM 11 g R2.
  
  Please also let me know the steps to run this command.
  
  Thank you

  Export ORACLE_HOME = / opt/oracle/middleware/oracle_idm1
  $ORACLE_HOME/OPatch/OPatch lsinventory

  -Kevin

• How to distinguish the physical interface and logic (subinterface) interface to the Cisco router/Switch?

  Hi Expert,

  How to distinguish the physical interface and logic (subinterface) interface to the Cisco router/Switch? Can you please clarify a formal way for this so have?

  A physical interface is numbered with the same name of the interface when printing on the physical port. For example "GigabitEthernet 0/1" corresponds to port 1 of the 0 module (or the base unit).

  A logical interface can be a subinterface on a routed port and will have a point ("". "") preceding the number sous-interface (ex. GigabitEthernet 0/1.1). It can also be a loop or a virtual interface (on a router this could also include interfaces like the tunnel and virtual tunnel or VTI types). A switch may also have a VLAN logical interfaces (e.g. interface vlan 1) which are used as layer 3 virtual interfaces of type.

• ESXi 6.0 - SSH Command to check the status of running tasks

  Hi all

  What I'm trying to do is quite simple, but do not know whether it is complex or not.

  I'm checking the State of a task via SSH. You know, like that of the lower part of the vSphere Client where it shows you the task and the status of it. I need to monitor the % of the deployment of the MV EGGS in various hosts via a script but can't find the command to do, but would be nice to be able to check any task and its status.

  What I found so far:

  http://KB.VMware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 1013003

  But that was not helpful at all. I tried but could not get information about the deployment.

  Thank you all for any help or lead, you may have.

  Hello world

  I found the answer myself, which was indeed in the URL I posted.

  I just had a problem to see a small change in orders.

  In step 7, it says task_info and I wrote get.tasklist with the task identifier.

  Thank you guys and I hope at least that it might help someone trying to do what I'm doing and reading VERY well orders, haha

  Kind regards

  Martin

• Try to add the Cisco router to hyperic - where are the log files?

  I have a hyperic server. I have create a new network platform for the snmp information in my cisco router.

  I put in the snmplp $ip, the snmpCommunity... and I thought that I was...

  Well, I'm not able to collect any settings.

  My question is, where are the logs for this?

  seems that you need a "connection of the agent" I guess it's to say to use any server running the hyperic on that agent?

  Yes, you need to select an Agent to perform the actual analysis of SNMP.  The Hyperic server doesn't have the capacity.

  On the Agent, you should be able to see the errors in the agent.log

• Tunnel VPN S2S when there is no firewall remote site

  We have a situation where one of our sites (site A) has no firewall. All site a goes on MPLS network to access internet to site B. Site B connects to the rest of our MPLS private including the C Site.

  The MPLS network and routers are all managed provider. This site needs to access a website which is another private company accessible only via a tunnel.

  I know that we can create a tunnel from Site C to site D, but would be possible around site to use this tunnel to get to the site D?

  ccess-list outside_20_cryptomap extended permit ip 10.51.22.224 255.255.255.224 10.22.43.0 255.255.255.0
  access-list outside_20_cryptomap extended permit ip 10.92.0.0 255.255.0.0 10.22.43.0 255.255.255.0
  

  For the second line, everything is OK, assuming 10.92.0.0/16 is the subnet of the site has traffic where should go throug the tunel.

  For the first line, you said that 10.51.22.224/27's wan interface. This interface, I guess that will be used as a tunnel endpoint, so you do not have to include in your ACL crypto (but if you really the intent/need to do, you can do it).

  Just decide what which subnets traffic/traffic should pass through the tunnel for you and include it in your proxy ACL.

  What networks will site D need to config as interesting subnets so that 10.92 at site A can actually access 10.22.43 at site D?
  

  Access between site D and site A, proxy-ID on the website should be the reflection of the second ACE you provided in the ACL on the site c. i.e.:

  access-list outside_20_cryptomap extended permit ip  10.22.43.0 255.255.255.0 10.92.0.0 255.255.0.0 

• currently the vpn connected clint details on cisco router

  Hello friends, is it possible to check who is currently connected with vpn clinet. I need a detail to users. as well as any options necessary to verify the last 2 months per vpn connection time

  any help will be very grateful

  1. 'show the session encryption' gives all active sessions.
  2. previous sessions are visible on your syslog server. You hopefully... ;-)

• Shoot of disorder for the Cisco router

  Hello

  I want to know how many times router restarted what command I need to use

  I want to know how many times router restarted what command I need to use

  After the complete output of the command 'sh version.

• For the Cisco router memory usage

  Hello

  We have a router SA520 (Firmware 2.1.18)

  We use only this for about 1 month now. Router seems ok it's just

  I am concerned about the use of memory who reach 62% (144/234 MB)

  What's to worry?
  How can I use that by cutting down the use?

  Excuse me, I'm just for new Cisco devices.

  Thank you very much.

  CA

  AC,

  Please go ahead and upgrade to the latest firmware 2.1.51 memory use should not be a problem. After the upgrade, please keep an eye on the back of the memory and the report.

  Thank you

  Jasbryan

  Support Cisco engineer

  .:|:.:|:.

• Access to the DMZ to remote sites via VPN S2S

  We have an ASA 5520 and two remote site ASA 5505 that connect to each other through tunnels VPN S2S. They are doing tunneling split, while local traffic passes over the tunnel. We are local LAN (10.0.0.0/16) and our network to the DMZ (10.3.0.0/24) on the main site. The DMZ hosts our external sharepoint, but we access it internally

  The problem is site A (10.1.0.0/24) and B (10.2.0.0/24) have no idea of it, and when you try to go to the site, it fails. You can access it via the external site address, but that's the only way. Normally the external address is blocked when you're an intern.

  That I'm stuck on is even when we had all sent traffic from Site A to our Senior Center, would find it yet. I do a separate vpn purely tunnel that traffic to DMZ?

  Yes. So if you do this in ASDM under Edit Site profile connection Site, it will look like this.

  Local network: 10.0.0/16, 10.3.0.0/24

  Distance: 10.1.0.0/24

• Controller of domain and DNS behind RRAS without VPN connected directly to the internet with a Cisco router

  I hava a ME Cisco 3400 with physical single port available for a cable connection.

  The ISP give me an IP address interface = 89.120.29.89 to act as a gateway to the IP Address of the host, which is provided for in the order 89.120.29.90.

  The host computer is a dual Xeon computer with two NICs for LAN and WAN.

  Fields of application: to install a windows 2008 R2 between public and private network server.

  Even though I know it's not recomanded, I put the DNS role and directories Active Directory roles installed on the same computer, the computer above, (I do not have enough computer for roles different place on different computers)

  The desired configuration:

  To have installed with his roles behind a WS2008R2 has RRAS. without a VPN.

  b with VPN

  and for WAN access for the client computers of the private LAN Windows 7 OS. (The basin of LAN address 192.168.0.1 - 255).

  First step : to have internet access in the browser (I use Google chrome) (without taking into account the DNS and AD)

  Network configuration:

  Map NETWORK WAN, at the top of the stack of liaison in the Control Panel/network connections and sharing:

  Host IP: 89.120.29.90

  Mask: 255.255.255.252

  Gateway: 89.120.29.89

  DNS: 193.231.100.130 my ISP name server address.

  OK, I can browse the internet.

  Second stage. (Consider DNS and Active Directories)

  DNS instaled role for this computer.

  AD installed as a global catalog.

  NETWORK WAN server that is directly connected to the Cisco router:

  Conection area 3

  Properties:

  Client for Microsoft Netwaork: not verified

  Network Load Balancing: not verified

  File and shared printer: not verified

  QoSPacketScheduler: not verified;

  Microsoft Network Monitor 3 pilot: not verified

  IPv4                                                     ;  checked

  Pilot a Link Layer Topology Mapper i/o: checked

  Link layer Discover responder: checked

  IPv4 tab

  Host IP: 89.120.29.90

  Mask: 255.255.255.252

  Gateway: 89.120.29.89

  DNS: 193.231.100.130 my ISP name server address.

  under the tab advanced

  IP settings : even that, tab IPV4 with automatic metric check;

  DNS tab :

  Add primary and connection suffixes DNS specific: not verified

  Add suffixes primary DNS suffixes parents: not verified

  Add this DNS suffixes: no

  Registry deals with this connection in DNS: not verified;

  Use this connection DNS suffix in DNS registration: not verified;

  WINS tab : enable search LMHOST: not verified

  Enable NetBios over TCP IP: don't check;

  Disable NetBios on TCP IP: checked;

  Connection to the local network 2

  Properties :

  Client for Microsoft Netwaork: checked

  Network Load Balancing: no

  File and shared printer: checked

  QoS Packet Scheduler: not verified;

  Microsoft Network Monitor 3 pilot: not verified

  IPv4 checked

  Pilot a Link Layer Topology Mapper i/o: checked

  Link layer Discover responder: checked

  IPv4 tab

  NETWORK LAN CARD: 192.168.0.101

  Mask: 255.255.255.0

  Gateway: 192.168.0.1

  under Advanced tab:

  IP settings : even that, tab IPV4 with automatic metric check;

  DNS tab :

  Add primary and connection suffixes DNS specific: checked

  Add suffixes primary DNS suffixes parents: not verified

  Add this DNS suffixes: no

  Registry deals with this connection in DNS: checked;

  Use this connection DNS suffix in DNS registration: checked;

  WINS tab : enable search LMHOST: not verified

  Enable NetBios over TCP IP: check;

  Disable NetBios on TCP IP: not verified;

  Install RRAS as NAT (NAT) under any condition imposed by DHCP(not installed) in ideea that RRAS will generate the private IP address of the DHCP allocator.

  In any case, for the beginning, I have a fix IP, do not get IP automatically.

  At this point, it gets the configuration simple posible for RRAS follows:

  3, LAN connection that corespond to the WAN interface IP:

  "NAT configured for the following Internet interface: Local Area Connection 3.
  The clients on the local network will assign the IP addresses of the following range:

  network address: 192.168.0.0. netmask 255.255.0.0.

  After Windows RRAS are open:

  The Network Interfaces tab:

  NICs are enabled and connected;

  UAL remotely & policies:

  Launch NPS,

  on the NPS server tab:

  Allow access to successful Active Directory directories:

  Properties: authentication: port 1812,1645

  kept port 1813,1646;

  on the accounting tab: nothing;

  under NPS policies:

  Grant permission for the RRAS server under builin\Administrator of the accounts;

  On strategy and the type of server unspecified (NAT do not exist as an entry in the drop-down list server dwn)

  under the static road: nothing;

  under the IPv4 tab or both are there(there IP) and are up

  under NAT

  Connection to the local network 3: public interface connected to the internet

  enable NAT on this interface:

  under the address pool: ISP addresses public;(two addresses)

  under the terms of service and the ports: Web server: http 80.

  (I have I have a static IP address for the client computer in mind, I set up a single customer).

  At the client computer :

  configured as domain customer and added to the users AD and computer AD

  logon to the domain:

  Local Area Connection

  Properties:

  Client for Microsoft Netwaork: checked

  Network Load Balancing: not verified

  File sharing and printer: checked

  QoS Packet Scheduler: checked;

  Microsoft Network Monitor 3 pilot: not verified

  IPv4                                                     ;  checked

  Pilot a Link Layer Topology Mapper i/o: checked

  Link layer Discover responder: checked

  IPv4 tab

  Host IP: 192.168.0.101

  Mask: 255.255.0.0

  Gateway: 192.168.0.1

  DNS: (auto-add the same to the local machine).

  under the tab advanced

  IP settings : even that, tab IPV4 with automatic metric check;

  DNS tab :

  Add primary and connection suffixes DNS specific: checked

  Add suffixes primary DNS suffixes parents: not verified

  Add this DNS suffixes: no

  Registry deals with this connection in DNS: checked;

  Use this connection DNS suffix in DNS registration: checked;

  WINS tab : enable search LMHOST: not verified

  Enable NetBios over TCP IP: checked;

  Disable NetBios on TCP IP: not verified;

  right now the 192.168.0.101 client cannot connect to internet through RRAS.

  ;

  This issue is beyond the scope of this site and must be placed on Technet or MSDN

  http://social.technet.Microsoft.com/forums/en-us/home

  http://social.msdn.Microsoft.com/forums/en-us/home

• Need some advice about the VPN between local Cisco router and remote Watchguard

  Hi all

  I am configuring a Cisco 887 to VPN router to a device of watchguard at the remote site.

  From what I understand, the VPN tunnel is in PLACE. I can ping to the remote server on the 192.168.110.0 of the network, but whenever I try to navigate to it on the local server, it wouldn't work.

  I ping the remote server via the IP address on the local server, but not on the Cisco router. Is - will this work as expected?

  --------------------------------------------------------------------------------------

  R5Router #sh crypto isakmp his

  IPv4 Crypto ISAKMP Security Association

  DST CBC conn-State id

  110.142.127.237 122.3.112.10 QM_IDLE 2045 ACTIVE

  IPv6 Crypto ISAKMP Security Association

  --------------------------------------------------------------------------------------

  R5Router #sh encryption session

  Current state of the session crypto

  Interface: Virtual-Access2

  The session state: down

  Peer: 122.3.112.10 port 500

  FLOW IPSEC: allowed ip 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

  Active sAs: 0, origin: card crypto

  FLOW IPSEC: allowed 1 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

  Active sAs: 0, origin: card crypto

  FLOW IPSEC: allowed 6 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

  Active sAs: 0, origin: card crypto

  FLOW IPSEC: allowed ip host 122.3.112.10 192.168.0.0/255.255.255.0

  Active sAs: 0, origin: card crypto

  Interface: Dialer0

  The session state: UP-ACTIVE

  Peer: 122.3.112.10 port 500

  IKEv1 SA: local 110.142.127.237/500 remote 122.3.112.10/500 Active

  FLOW IPSEC: allowed ip 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

  Active sAs: 2, origin: card crypto

  FLOW IPSEC: allowed 1 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

  Active sAs: 0, origin: card crypto

  FLOW IPSEC: allowed 6 192.168.0.0/255.255.255.0 192.168.110.0/255.255.255.0

  Active sAs: 0, origin: card crypto

  FLOW IPSEC: allowed ip host 122.3.112.10 192.168.0.0/255.255.255.0

  Active sAs: 0, origin: card crypto

  Crypto ACL 102, should really include only 1 line, that is to say:

  10 permit ip 192.168.0.0 0.0.0.255 192.168.110.0 0.0.0.255

  and you should have the image mirror on the remote end ACL line too.

  PLS, remove the remaining lines on 102 ACL ACL.

  I guess that the ACL 101 is NAT exemption, if it is pls include "deny ip 192.168.0.0 0.0.0.255 192.168.110.0 0.0.0.255" on top of your current line "license".

  Clear the tunnels as well as the NAT translation table after the changes described above.

• check the depth of the HBA q

  Following the instructions of 1267 KB: VMware KB: change the depth of the queue for Brocade HBA QLogic and Emulex chains of command to change the queue depth queue unit logic of the HBA number listed, as well as the string to verify your changes.

  When you try to check for recent changes to the queue depth using the command, I'll have nothing else to empty values in the output upward.

  Here's him copy / paste of KB:

  Run this command to verify that your changes have been applied:

  # esxcli system module parameters list -m driver

  Where driver is your module driver adapter Emulex, QLogic and Brocade, such as lpfc820 , qla2xxx , or bfa .

  The output looks like:

  Name                        Type  Value  Description
--------------------------  ----  -----  --------------------------------------------------
.....
ql2xmaxqdepth               int   64     Maximum queue depth to report for target devices.

  HOWEVER - I get no return values, the example in the watch 64 KB, but when I run the command on my hosts, it is empty.

  Is this a new bug?  does anyone know another way to retrieve the values?

  Most likely you see not all outuput, could be due to the drivers PROVIDED with Windows.

  Run the command and check the device queue depth value = 0x40, which will be the HEXADECIMAL value

  / usr/lib/VMware/vmkmgmt_keyval/vmkmgmt_keyval - a

• Check the HBA on ESXi firmware/driver

  Hi guys,.

  Did a search on the net and here and couldn't find a direct line of a command (ESXi) check the level of driver/firmware of my hba info.  If anyone can help?

  cat/proc/scsi //.