Configuration of multiple L2L on cisco routers problems

Similar Questions

• Configure several IPSec VPN between Cisco routers

  I would like to create multiple ipsec VPN between 3 routers. Before applying it, I would like to check on the config I wrote to see if it works. It's just on RouterA configuration for virtual private networks to RouterB, and RouterC.

  As you can apply in a cyptomap by interface, I say with the roadmap, that it should be able to manage traffic for both routers. Or is there a better way to do it?

  RouterA - 1.1.1.1

  RouterB - 2.2.2.2

  RouterC - 3.3.3.3

  RouterA

  crypto ISAKMP policy 10

  BA 3des

  preshared authentication

  Group 2

  ISAKMP crypto key RouterB address 2.2.2.2

  ISAKMP crypto keys RouterC address 3.3.3.3

  invalid-spi-recovery crypto ISAKMP

  ISAKMP crypto keepalive 5 10 periodicals

  ISAKMP crypto nat keepalive 30

  !

  life crypto ipsec security association seconds 28800

  !

  Crypto ipsec transform-set AES - SHA esp - aes 256 esp-sha-hmac

  !

  outsidemap 20 ipsec-isakmp crypto map

  defined peer 2.2.2.2

  game of transformation-AES-SHA

  match address 222

  outsidemap 30 ipsec-isakmp crypto map

  defined peer 3.3.3.3

  game of transformation-AES-SHA

  match address 333

  !

  interface GigabitEthernet0/0

  Description * Internet *.

  NAT outside IP

  outsidemap card crypto

  !

  interface GigabitEthernet0/1

  Description * LAN *.

  IP 1.1.1.1 255.255.255.0

  IP nat inside

  !

  IP nat inside source map route RouterA interface GigabitEthernet0/0 overload

  !

  access-list 222 allow ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255

  access-list 223 deny ip 1.1.1.0 0.0.0.255 2.2.2.0 0.0.0.255

  access-list 223 allow ip 1.1.1.0 0.0.0.255 any

  access-list 333 allow ip 1.1.1.0 0.0.0.255 3.3.3.0 0.0.0.255

  access-list 334 deny ip 1.1.1.0 0.0.0.255 3.3.3.0 0.0.0.255

  access-list 334 allow ip 1.1.1.0 0.0.0.255 any

  !

  !

  RouterA route map permit 10

  corresponds to the IP 223 334

  Hi Chris,

  The two will remain active.

  The configuration you have is for several ste VPN site is not for the redundant VPN.

  The config for the redundant VPN is completely different allows so don't confuse is not with it.

  In the redundant VPN configuration both peers are defined in the same card encryption.

  Traffic that should be passed through the tunnel still depend on the access list, we call in the card encryption.

  This access-lsist is firstly cheked and as a result, the traffic is passed through the correct tunnel

  HTH!

  Concerning

  Regnier

  Please note all useful posts

• Problem on the establishment of a GRE/IPsec tunnel between 2 cisco routers

  Hello world

  I am trying to establish a GRE IPsec tunnel between two cisco routers (2620XM and a 836).

  I created a tunnel interfaces on both routers as follows.

  2620XM

  interface Tunnel0

  IP 10.1.5.2 255.255.255.252

  tunnel source x.x.x.x

  tunnel destination y.y.y.y

  end

  836

  interface Tunnel0

  IP 10.1.5.1 255.255.255.252

  tunnel source y.y.y.y

  tunnel destination x.x.x.x

  end

  and configuration of isakmp/ipsec as follows,

  2620XM

  crypto ISAKMP policy 10

  md5 hash

  preshared authentication

  ISAKMP crypto key {keys} address y.y.y.y no.-xauth

  !

  !

  Crypto ipsec transform-set esp - esp-md5-hmac to_melissia

  !

  myvpn 9 ipsec-isakmp crypto map

  defined peer y.y.y.y

  Set transform-set to_melissia

  match address 101

  2620XM-router #sh ip access list 101

  Expand the access IP 101 list

  10 permit host x.x.x.x y.y.y.y host will

  836

  crypto ISAKMP policy 10

  md5 hash

  preshared authentication

  ISAKMP crypto key {keys} address x.x.x.x No.-xauth

  !

  !

  Crypto ipsec transform-set esp - esp-md5-hmac to_metamorfosi

  !

  myvpn 10 ipsec-isakmp crypto map

  defined peer x.x.x.x

  Set transform-set to_metamorfosi

  match address 101

  836-router #sh access list 101

  Expand the access IP 101 list

  10 licences will host host x.x.x.x y.y.y.y

  Unfortunately I had no isakmp security associations at all and when I enter the debugging to this output.

  CRYPTO: IPSEC (crypto_map_check_encrypt_core): CRYPTO: removed package as currently being created cryptomap.

  Any ideas why I get this result? Any help will be a great help

  Thank you!!!

  I think it's possible. It seems to me that you are assuming that the address of the interface where goes the card encryption is peering address. While this is the default action, it is possible to configure it differently.

  As you have discovered the card encryption must be on the physical output interface. If you want the peering address to have a different value of the physical interface address outgoing, then you can add this command to your crypto card:

  card crypto-address

  so if you put loopback0 as the id_interface then he would use loopback0 as peering address even if the card encryption may be affected on serial0/0 or another physical interface.

  HTH

  Rick

• PowerConnect switch and Cisco routers

  I have 4 Cisco routers connected to our Dell Powerconnect 7024. This is a laboratory environment where I'm having every act of router (2 per site) as a WAN gateway for these 2 sites.

  Site 1                                                                                                                           Site 2

  2 3 router

  PC - Dumb_switch PowerConnect Dumb_switch client - PC Client

  Router 1 router 4

  There are a few other Vlans on the switch with connected devices. With the current configuration, these two sites can communicate with any other "site" connected to the switch on each route, with the exception of the other.

  Directly connected to the router interfaces are in trunk mode, as it's the only way I could get the dell to connect with the Cisco. Ive read in other threads that the general mode is usually suggested on the powerconnect switch, but had no luck with this configuration.

  Router 1---> item in gi1/0/15 (vlan 10)

  Router 2---> item in gi1/0/14 (vlan 11)

  Router 3---> item in gi1/0/22 (vlan 16)

  Router 4---> article gi1/0/23 (vlan 14)

  Example: a ping from Site 1 can reach int 22 of the switch without problem, but I can't ping jump according to R3. As all the other devices on this switch can talk to these sites, I'm not clear if the problem is my config switch dell or routers. Any input would be greatly appreciated. Thank you!

  ! Current configuration:
  ! Description of the system "PowerConnect 7024, 5.1.2.3, VxWorks 6.6"
  ! 5.1.2.3 system software version
  ! 'Normal' system operation mode
  !
  Configure
  GVRP enable
  VLAN 2-7, 9-14, 16
  output
  VLAN 2
  name 'BOSTON '.
  output
  VLAN 3
  name "MIAMI".
  output
  VLAN 4
  name of 'THE
  output
  VLAN 5
  name "SEATTLE".
  output
  VLAN 6
  name "DALLAS".
  output
  VLAN 7
  name "London".
  output
  VLAN 9
  name "Frankfurt".
  output
  VLAN 10
  name "Rome".
  output
  VLAN 11
  name "Sczecin.
  output
  VLAN 12
  name "Budapest".
  output
  VLAN 13
  name "Moscow".
  output
  VLAN 14
  name "Quebec".
  output
  -Other - or ITU (q)
  VLAN 16
  name "Winnipeg".
  output
  hostname "Devlin".
  location 1/0 2. PowerConnect 7024
  clock timezone-5 minutes 0
  battery
  1 2 Member! PCT7024
  output
  out-of-band interface
  Shutdown
  output
  no ip domain-lookup
  "local" IP domain name
  IP routing
  IP route 0.0.0.0 0.0.0.0 172.16.37.3
  IP route 172.16.37.160 255.255.255.240 172.16.37.162
  IP route 172.16.37.112 255.255.255.240 172.16.37.162
  IP route 172.16.37.112 255.255.255.240 172.16.37.147
  IP route 172.16.37.144 255.255.255.240 172.16.37.147
  IP route 172.16.37.240 255.255.255.240 172.16.37.244
  IP route 172.16.37.224 255.255.255.240 172.16.37.244
  IP route 172.16.37.224 255.255.255.240 172.16.37.217
  -Other - or ITU (q)
  IP route 172.16.37.208 255.255.255.240 172.16.37.217
  ARP 172.16.37.162 0022.9057.7F51
  interface vlan 1
  IP 172.16.37.4 255.255.255.240
  bandwidth 10000
  IP ospf cost 10
  output
  interface vlan 2
  IP 172.16.37.17 255.255.255.240
  output
  interface vlan 3
  IP 172.16.37.33 255.255.255.240
  output
  interface vlan 4
  IP 172.16.37.49 255.255.255.240
  output
  interface vlan 5
  IP 172.16.37.65 255.255.255.240
  output
  interface vlan 6
  IP 172.16.37.81 255.255.255.240
  output
  interface vlan 7
  -Other - or ITU (q)
  IP 172.16.37.97 255.255.255.240
  output
  interface vlan 9
  IP 172.16.37.129 255.255.255.240
  bandwidth 10000
  output
  interface vlan 10
  IP 172.16.37.145 255.255.255.240
  bandwidth 1000
  IRDP IP
  output
  interface vlan 11
  IP 172.16.37.161 255.255.255.240
  bandwidth 1000
  IRDP IP
  output
  interface vlan 12
  IP 172.16.37.177 255.255.255.240
  bandwidth 100000
  output
  interface vlan 13
  IP 172.16.37.193 255.255.255.240
  bandwidth 1000
  output
  interface vlan 14
  IP 172.16.37.209 255.255.255.240
  bandwidth 1000
  output
  interface vlan 16
  IP 172.16.37.241 255.255.255.240
  bandwidth 1000
  IP ospf cost 100
  output
  No flowcontrol
  !
  interface item in gi1/0/3
  spanning tree portfast
  output
  !
  interface item in gi1/0/4
  spanning tree portfast
  output
  !
  interface item in gi1/0/5
  spanning tree portfast
  switchport access vlan 2
  output
  !
  interface item in gi1/0/6
  spanning tree portfast
  switchport access vlan 3
  output
  !
  interface item in gi1/0/7
  spanning tree portfast
  switchport access vlan 4
  output
  !
  interface item in gi1/0/8
  spanning tree portfast
  switchport access vlan 5
  output
  !
  interface item in gi1/0/9
  switchport access vlan 6
  output
  !
  interface item in gi1/0/10
  switchport access vlan 7
  output
  !
  interface item in gi1/0/11
  spanning tree portfast
  switchport mode trunk
  output
  !
  interface item in gi1/0/12
  spanning tree portfast
  switchport mode trunk
  output
  !
  interface item in gi1/0/13
  switchport access vlan 9
  output
  !
  interface item in gi1/0/14
  Speed 100
  full duplex
  switchport mode trunk
  switchport general allowed vlan add 10 tag
  switchport access vlan 10
  output
  !
  interface item in gi1/0/15
  Speed 100
  full duplex
  switchport mode trunk
  switchport general allowed vlan add 11 tag
  switchport access vlan 11
  output
  !
  interface item in gi1/0/16
  switchport access vlan 12
  output
  !
  interface item in gi1/0/17
  switchport access vlan 12
  output
  !
  interface item in gi1/0/18
  switchport access vlan 13
  output
  !
  interface item in gi1/0/19
  switchport access vlan 13
  output
  !
  interface item in gi1/0/22
  Speed 100
  full duplex
  switchport mode trunk
  switchport general allowed vlan add 16 tag
  switchport access vlan 16
  output
  !
  interface item in gi1/0/23
  Speed 100
  full duplex
  switchport mode trunk
  VLAN allowed switchport General add 14
  switchport access vlan 14
  output
  !
  interface item in gi1/0/24

  You could probably create a static route in Router 1 router 4 with a priority which is better than the other options, so we're going unless the link is down.

• Error: "Windows cannot start because of a configuration of the disk of the computer problem" in computer Dell Dimension 2400 Windows XP startup problem.

  Original title: problem starting on a Dell Dimension 2400 - how to set up the drive with a keyboard.

  I have a Dell Dimension 2400 with Windows XP, start, he can't go to the home screen, so I can't use the suggestions to start right click.

  The error message indicates "Windows did not start because of a configuration of the disk of the computer problem".
  "Cannot read disc startup selected." check material stand of disk and the path.
  How to set up or fix this problem with a keyboard

  Hi MarieButler64,

  You did it of any material changes or software on the computer before this problem?

  You can follow this link & check if the problem persists:

  Error message: "Windows did not start because of a configuration of the disk of the computer problem.

  Hope the helps of information.

• Get the following error on reboot of the computer: Windows did not start because of a configuration of the disk of the computer problem

  Original title: where can I download iso windows xp recovery CD

  I have a file.which damaged boot.ini file later, when I restart it could not start, with the message:
  Windows did not start because of a configuration of the disk of the computer problem.

  Could not read from the selected boot disk. Check the hardware path and startup disk.

  Please check the Windows documentation about the configuration of disk material and your reference manuals of the equipment for more information.
  So I need an iso file XP Recovery.
  I can simply copy the iso files on USB and start with usb?

  Hello

  1. don't you make changes on the computer before this problem?

  First I suggest you try the troubleshooting methods provided in the following article and the check if that resolves this problem.
  Error message: "Windows did not start because of a configuration of the disk of the computer problem.
  http://support.Microsoft.com/kb/314477

• How to "Windows did not start because of a configuration of the disk of the computer problem. Could not read the selected startup disk... "on a netbook without a CD/disk drive?

  I did a lot of research and unfortunately havnt found a road toward the front of the detroit to a fix. Long story short... I installed Jolicloud as a dual boot with windows xp on netbook gateway of my wife. This netbook has no cd/dvd drive. Jolicloud wanted to screw up the startup option to not allow me to boot into windows, going Strait to jolicloud without option of windows. I tried to change it via the "menu.lst" and Grub.cfg file (I think) the only value I changed was I think 'boot... ". ' value between 1 and 2. When I restarted, then finally got a startup list (although I don't think that my modification of the value gave me the list, I had already installed manually "Grub" via the cmd prompt. I should have just restarted from there without changing anything else... because when I chose 'windows xp' in the start menu... He gave me a black screen and kept going back to the start menu. Then, I tried the "Vista loader" option... hoping that it would some how solve my problem... He asked me if I wanted to run a repair any. I agree with him and when he finished he told me that there is no enough space on the hard disk to copy the files (or something like that) then it froze kind of there. I had to do a hard reboot after that that it froze, then I got the code "Windows did not start because of a computer disk configuration problem. Could not read from the selected boot disk.  check the hardware path and startup disk, please check the windows documentation about hardware disk configuration and your hardware for more information reference manuals.

  Again, I have no drive cd/dvd on a netbook... IM assuming that im going to have to return a key USB with windows boot info to load the Manu F2 at startup... But I do not know... Help, please. Thank you

  Hello

  Follow method 1 and 4 in the article below and check if that helps resolve the issue.
  Error message: "Windows did not start because of a configuration of the disk of the computer problem.
  http://support.Microsoft.com/kb/314477/en-us

  I hope this helps.

• Dual Boot with windows XP Pro with 2 HARD drive, error on secondary windows install: "Windows did not start because of a configuration of the disk of the computer problem. Could not read the selected boot disk. Check boot path and disk hardware... »

  Hi, I recently bought a new Hitachi 1 TB internal hard drive. I wanted to do a clean install on the new drive (d), be able to dual boot my computer and leave my old 300 GB disk (C :) as the primary windows installation. After physically installing the new HARD drive, I noticed that "new hardware found" and the the brand name flashed in the bottom right corner. I thought I'd see the new hard drive in my computer, but I did not. I initialized the new HARD drive with the computer management window (right click on my computer - manage) and I also formatted in NTFS (I had to change my printer hard drive letter to assign the new HARD drive with the letter D, but I've made other changes after this step). Now, I could see and use in my main windows on the C: installation. I then installed a windows new copy XP pro with the installation CD I got for my C: but on the D: (Note: I have a Dell computer (and the Dell reinstallation CD) and my current version of windows has SP3 while the installation CD is only SP2) (I also reformatted my HARD drive during the installation of windows to NTFS)

  Now when I try to start on installing the new on my D: I get "Windows did not start because of a configuration of the disk of the computer problem. Could not read the selected boot disk. Check startup disk and hardware access path. "and another line saying to refer to manuals HARD drive and windows.

  My Boot.ini file at this time was:

  [boot loader]
  Timeout = 5
  default = multi (0) disk (0) rdisk (0) partition (2) \WINDOWS
  [operating systems]
  "multi (0) disk (0) rdisk (0) partition (2) \WINDOWS="Microsoft Windows XP Professional "/ noexecute = optin/fastdetect
  "signature (ac516a5c) disk (0) rdisk (0) partition (1) \WINDOWS="Microsoft Windows XP Professional own "/ noexecute = optin/fastdetect

  I looked towards the top of this help page, but for now I'm unlucky:

  http://support.Microsoft.com/kb/314477

  (The next steps I took by throwing from the Windows CD and go into the repair console)

  I tried to use the bootcfg /rebuild but the line to boot.ini for my secondary HARD drive still does not work.

  He gave me something like:

  [boot loader]
  Timeout = 5
  default = multi (0) disk (0) rdisk (0) partition (2) \WINDOWS
  [operating systems]
  "multi (0) disk (0) rdisk (0) partition (2) \WINDOWS="Microsoft Windows XP Professional "/ noexecute = optin/fastdetect
  "signature (ac516a5c) disk (0) rdisk (1) partition (1) \WINDOWS="Microsoft Windows XP Professional own "/ noexecute = optin/fastdetect

  I also tried to change the signature() to multi (0), but it did not work. (or try almost all possible permutations of disk() and rdisk() partition() 0 to 2).

  I also tried to use expand F(dvd-drive):\i386\ntkrnlmp(I_have_a_duo-core).ex_ D:\windows\system32\ntoskrnl.exe and a few other combinations, but I when I login as D:\windows simply, it fails to extend with a message like "could not develop" or C:\windows I get "restricted access".

  I have not yet tried CHKDSK/r, but since I did a clean install on a newly formatted drive... I don't think it would work.

  I've also marked the partition on the D: as active (in computer management), but it did not help me.

  I've done a first installation of windows repair, strangely, I couldn't fix this one... Still does not work...

  My default windows installation yet works very well & I see that windows has been installed on the D: but I'm ideas from how to operate the dual-boot, can someone throw me a BONE on what to do?

  Maybe try to do something with the Boot Manager (whatever it is?) Create a new partition and use it as a boot manager? I don't really want to do this, because if I made a mistake I will be unable to use my computer and dual boot should work without going through all this trouble... But I found this page: http://technet.microsoft.com/fr-fr/library/ee829686%28WS.10%29.aspx

  Could a clean install two HDD help? I hope I won't have to do...

  Someone has an idea?

  PS: I'm not such an advanced user so I need a solution step by step, thanks!

  Edit: I also noted that I can't see my new HARD drive in my BIOS... weird... SATA-0 is my old drive HARD 1 and 2 are my dvd 3-5 readers are 'off' and it doesn't seem to be anything that it is plugged in. I also have 4 bays for internal HARD disks. Now, 2 are busy.

  Edit2: I looked inside my case and enabled the good Sata in the Bios after a reboot it detected the drive correctly. Dual boot doesn't always work well... The fact that it was disable in the BIOS while I was installing the new HARD drive could change anything? Hmm...

  In case I wasn't clear enough: I had a windows XP Pro installed on my C:, bought a new hard drive and installed the same copy of windows on it (d). I think that should allow me to double boot between the two installs different. Even if for some reason I can't boot from one on my D:. Andrew, I do not understand why you so far physically disconnect the other drive, the point of the whole operation is to build a boot.ini file so that the BIOS knows that it y facilities 2 windows and you allow to choose (and not have conflicting problems between the 2 systems), someone correct me if I'm wrong? "Expand" the part of my first post made reference to one of the solutions provided by Microsoft in the first link that I have included in my previous post (but I can't seem to work).

  In addition, it is the procedure that I followed: http://www.ehow.com/how_5950826_boot-two-different-hard-drives.html

  (except I've had the first installation already done).

  Andrew "also, once a new hd is plugged on the pc & running, most of the BIOS will place (them) as 1st priority hd, set the BIOS to do this", you mean that by installing separately from windows on each unit when the other is not plugged in, I could choose what disk to start from defining their priority in the BIOS once they are all plugged back? It's too tedious (as I intend to move frequently between the 2 installs) and requires a computer to other users of the lack of computer knowledge. Unfortunately, it is not a viable option.

  EDIT: I DID IT! Hmmm... Well, I double checked in the recovery console, the path of the new HARD drive with the arc command Scan. Tried to start again with the MULTI (0) in my boot.ini and it worked... I also had my windows install CD in. Maybe that is why I could not start, windows needs the CD to complete the installation? Weird, I don't know what I did to the difficulty it... but hey, it works! Thanks for your ideas guys!

• Time-out for ARP cache on Cisco routers

  Hello

  I was reading a book on Cisco routers, in which the author said: "the router resets the age ARP meter to zero whenever he sees valid traffic from the corresponding device.» This ensures that the addresses of active devices are never emptied in the cache, regardless of how long they have been known. »

  I'm really surprised at this topic because I always thought the age counter ARP was an absolute of the meter and not compared to the last time a package was seen coming from the corresponding IP address. After reading this, I did a few tests that tend to confirm the age counter ARP is absolute and that he cares not if we have movement active in the corresponding period of INQUIRY or not.

  : Question 1 can someone confirm this please?

  I am unable to find clear statements in the Cisco documentation.

  QUESTION 2: when the router sends a new ARP request?

  For example, when the time-out of the ARP is 4 hours or 240 minutes (default value of Cisco), the router sends an ARP request reaching 239 minutes (1 minute before the expiration time). This value is a fixed (send us a 1 minute before aging ARP request) or is it a relative value (x % of the value of timeout)?
  

  Thanks for your help.

  Sam

  I have some additional information that might help. I found an ad of a Cisco engineer, which gives some information about the behavior of ARP in Cisco IOS. He said clearly (and is an example) that if Cisco receives an ARP to a host request it will use this request to refresh the ARP entry and reset the timer so that the entrance without making its own application ARP. Maybe that's the behavior they were trying to talk in the IOS Cookbook.

  It also speaks to a unicast ARP request 60 seconds before the expiration of the entry so that the entry can be updated. It does not specifically say, but I think that this interval is fixed.

  Here is the link if you want to see the details:

  http://puck.nether.NET/pipermail/Cisco-NSP/2005-February/017400.html

  Regarding the error in the book, I worked as an examiner on a few pounds and can tell you that the authors and reviewers are working hard to do the right thing. But sometimes mistakes are not captured and appear in the publication. With the amount of detail covered in the book some mistakes are bound to crawl through.

  HTH

  Rick

• estimate the time installation and configuration of addresses IP of Cisco (Cisco IPS NM at 3800, 2811, 2821 and no. 2851)

  / * Style definitions * / table. MsoNormalTable {mso-style-name : « Tabla normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-margin : 0 ; mso-para-marge-bottom : .0001pt ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;}

  / * Style definitions * / table. MsoNormalTable {mso-style-name : « Tabla normal » ; mso-tstyle-rowband-taille : 0 ; mso-tstyle-colband-taille : 0 ; mso-style-noshow:yes ; mso-style-priorité : 99 ; mso-style-qformat:yes ; mso-style-parent : » « ;" mso-rembourrage-alt : 0 à 5.4pt 0 à 5.4pt ; mso-para-margin : 0 ; mso-para-marge-bottom : .0001pt ; mso-pagination : widow-orphelin ; police-taille : 11.0pt ; famille de police : « Calibri », « sans-serif » ; mso-ascii-font-family : Calibri ; mso-ascii-theme-font : minor-latin ; mso-fareast-font-family : « Times New Roman » ; mso-fareast-theme-font : minor-fareast ; mso-hansi-font-family : Calibri ; mso-hansi-theme-font : minor-latin ; mso-bidi-font-family : « Times New Roman » ; mso-bidi-theme-font : minor-bidi ;} Hi I need to estimate the time of installation and configuration of addresses IP of Cisco (Cisco IPS NM at 3800, 2811, 2821 and no. 2851).

  In your experience, would you give this information?

  Thanks for any help you can give on this subject.

  You are welcome. If things are clear please mark it as answered.

• SSL VPN may be configured on the router from Cisco 881/K9?

  I'm now confused if SSL VPN can be configured on the router from Cisco 881/K9.

  Please someone advise me.

  If Yes, for only 5 users, what I need to buy the license or license is supplied with the router?

  Thank you.

  Yes, and you need a license:

  FL-WEBVPN-10-K9

  License SSL VPN functionality for up to 10 users (incremental), to 12.4 T based only IOS versions

  FL-SSLVPN10-K9

  License SSL VPN functionality for up to 10 users (incremental) for the only based 15.x IOS versions

• Cisco 1921 - how to configure VPN multiple Tunnels to AWS

  I have a router VPN Cisco 1921. I managed to create tunnel VPN Site to Site with AWS VPN Tunnel 1. AWS offers 2 tunnels, so I created another card Crypto and attaches to the existing policy. But the 2nd tunnel won't come. I don't know what I'm missing... is there a special setup that needs to be done to allow multiple IPsec vpn tunnels on the same physical interface? I have attached a picture and included the configuration of my router, if it helps.

  VPN - 1.jpg

  

  C1921 #sh run
  Building configuration...

  Current configuration: 2720 bytes
  !
  ! Last configuration change at 02:12:54 UTC Friday, may 6, 2016, by admin
  !
  version 15.5
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  encryption password service
  !
  hostname C1921
  !
  boot-start-marker
  boot-end-marker
  !
  !
  logging buffered 52000
  enable secret 5 $1$ jc6L$ uHH55qNhplouO/N5793oW.
  !
  No aaa new-model
  Ethernet lmi this
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  Research of IP source-interface GigabitEthernet0/1 domain
  IP cef
  No ipv6 cef
  !
  Authenticated MultiLink bundle-name Panel
  !
  !
  !
  license udi pid CISCO1921/K9 sn FTX1845F03F
  !
  !
  username admin privilege 15 password 7 121A0C041104
  paul privilege 0 7 password username 14141B180F0B
  !
  redundancy
  !
  !
  !
  !
  !
  !
  !
  crypto ISAKMP policy 10
  BA aes
  preshared authentication
  Group 2
  lifetime 28800
  ISAKMP crypto keys secret1 address 52.35.42.787
  ISAKMP crypto keys secret2 address 52.36.15.787
  !
  !
  Crypto ipsec transform-set AWS - VPN aes - esp esp-sha-hmac
  tunnel mode
  !
  !
  !
  map SDM_CMAP_1 1 ipsec-isakmp crypto
  Description Tunnel 1 to 52.35.42.787
  defined by peer 52.35.42.787
  game of transformation-AWS-VPN
  PFS group2 Set
  match address 100
  map SDM_CMAP_1 2 ipsec-isakmp crypto
  Description 2 to 52.36.15.787 Tunnel
  defined by peer 52.36.15.787
  game of transformation-AWS-VPN
  PFS group2 Set
  match address 100
  !
  !
  !
  !
  !
  the Embedded-Service-Engine0/0 interface
  no ip address
  Shutdown
  !
  interface GigabitEthernet0/0
  Description connection Wan WAN - ETH$
  IP address 192.168.1.252 255.255.255.0
  automatic duplex
  automatic speed
  map SDM_CMAP_1 crypto
  !
  interface GigabitEthernet0/1
  Description of the connection to the local network
  IP 192.168.0.252 255.255.255.0
  automatic duplex
  automatic speed
  !
  IP forward-Protocol ND
  !
  IP http server
  local IP http authentication
  no ip http secure server
  IP http timeout policy slowed down 60 life 86400 request 10000
  !
  IP route 0.0.0.0 0.0.0.0 192.168.1.254 permanent

  !
  recording of debug trap
  host 192.168.0.3 record
  host 192.168.0.47 record
  !
  !
  Note access-list 100 permit to AWS Tunnel 1
  Access-list 100 CCP_ACL category = 20 note
  access-list 100 permit ip 192.168.0.0 0.0.0.255 any what newspaper
  Note access-list 101 permit to AWS Tunnel 2
  Note access-list 101 category CCP_ACL = 4
  access-list 101 permit ip 192.168.0.0 0.0.0.255 any logexit
  !
  control plan
  !
  !
  alias con exec conf t
  SIB exec show int short ip alias
  alias exec srb see the race | b
  sri alias exec show run int
  !
  Line con 0
  exec-timeout 0 0
  Synchronous recording
  line to 0
  line 2
  no activation-character
  No exec
  preferred no transport
  transport output pad rlogin lapb - your MOP v120 udptn ssh telnet
  StopBits 1
  line vty 0 4
  privilege level 15
  local connection
  transport of entry all
  transportation out all
  !
  Scheduler allocate 20000 1000
  !
  end

  There should be no second tunnel.

  I use either a peer or the other, but not both at the same time.

  To display both at the same time, you need to use the Tunnel interfaces.  Amazon would have you sent pretty much the exact commands to copy and paste into.

• Go simple configuration of vpn L2L comply with security requirements

  Hello

  I have successfully install a L2L connection (5510, 7.2) and a 3rd party (SonicWall).

  Security requirements are such that (contractors) to our office users to connect to various devices to the 3rd party, BUT nothing to the 3rd party must connect to what be it at our office.

  I tried an outbound ACL (access-group L2L-RESTRICT the interface inside) inside the interface. But the funny thing is that I'm getting hits on the declarations of refusal on the ACL, although tests show no problems for you connect to multiple hosts to our site of the 3rd party. My ACL config looks like the following:

  <..snip..>

  Note to L2L-RESTRICT access-list * ATTENTION * WITH CAUTION - RESTRICTIONS ON the 3rd PARTY VPN L2L

  L2L-RESTRICT access-list scope allow icmp 192.168.16.0 255.255.255.0 10.180.21.0 255.255.255.0 echo-reply

  deny access list L2L-RESTRICT the scope ip 192.168.16.0 255.255.255.0 no matter what newspaper

  Note to L2L-RESTRICT access-list > NOTE< last="" line="" *must*="" be="" permit="" any="">

  L2L-RESTRICT access-list scope ip allow a whole

  !

  L2L-RESTRICT the interface inside access-group

  <..snip..>

  Their network is obviously 192.168.16.x and they won't be able to use a vlan from different source as "interesting traffic" ACL won't allow it. So that sounds good in theory

  I have it configured correctly? Is there a better way?

  Thanks in advance,

  Mike

  Mike,

  It seems that you might be able to assign a VPN ACL filter via a group assigned to each tunnel L2L policy. I have never done this personally before, but looks like it would work...

  http://www.Cisco.com/en/us/products/HW/vpndevc/ps2030/products_configuration_example09186a00808c9a87.shtml#configs

• Cisco RV042G problems?

  Hello

  Im having a problem with a router cisco RV042G and im hoping that someone could give some advice.

  I have two Cisco 1720 routers and router RV042G. I use the RV042G as a "border" router, which gives access WAN/internet outside of two 1720 routers.

  The two 1720 routers are connected to each other (ports eth0 on both) with crossover. Also, each 1720 router is also connected to one of the 4 ports on the RV042G router switch. The fa0 on each 1720 router port is connected to its own switch with customer (s)

  Logically, it is what is the page layout...

  

  I have configured all interfaces whose IP correct using VLSM. The two LANs are on their own subnet, and each router to router connection is on its own subnet.

  I have configured RIP version 2 on the two routers in 1720 and also on RIP on the RV042G and configure it to send and receive updates V2. RIP version 2 is working great between all three routers.

  View the routing on the two routers in 1720 table is perfect. They RIP routes to each subnet and also received a route RIP of the border for the WAN to the outside router.

  Both routers are also capable of ANYTHING, ping clients on both sides, each router interface, the border and outside addresses WAN router.

  My problem is with the customers. Both Clients can ping EVERYTHING except the border router (RV042G). They can ping each other, they can ping all the interfaces on the routers of 1720, but they cannot ping the RV042G or whatever it is in addition to the WAN (where customers will receive their internet from)

  Im a little confused. If it were another manageable router as the 1720 I could get this race. Throw the NAT on the router to border and move on with life. But because it is a router in the web interface, I can't seem to understand why clients cannot reach the border router when two routers have RIP routes and can ping it very well.

  The firewall on the RV042G is completely right now, as well as client firewalls.

  Here is the config of the two 1720 routers:

   outhfieldRouter#show run Building configuration... Current configuration : 799 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname SouthfieldRouter ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! ! ! ! ! interface Ethernet0 ip address 172.16.7.138 255.255.255.252 full-duplex ! interface Ethernet1 ip address 172.16.7.131 255.255.255.248 full-duplex ! interface FastEthernet0 ip address 172.16.7.65 255.255.255.192 speed 100 ! router rip version 2 passive-interface FastEthernet0 network 172.16.0.0 no auto-summary ! ip classless ! no ip http server ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 login ! end SouthfieldRouter#

   TroyRouter#copy run start Destination filename [startup-config]? Building configuration... [OK] TroyRouter#show run Building configuration... Current configuration : 792 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname TroyRouter ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! ! ! ! ! interface Ethernet0 ip address 172.16.7.137 255.255.255.252 full-duplex ! interface Ethernet1 ip address 172.16.7.130 255.255.255.248 full-duplex ! interface FastEthernet0 ip address 172.16.7.1 255.255.255.192 speed 100 ! router rip version 2 passive-interface FastEthernet0 network 172.16.0.0 no auto-summary ! ip classless ! no ip http server ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 login ! end TroyRouter#

  I had a model of plotter package physical layout that worked very well. Packet trace is not similar to the RV042G router, so I used three of the same routers.

  Anyone have any ideas?

  Thanks in advance

  > Both Clients can ping EVERYTHING except the border router (RV042G).

  based on this, I hope that RV042G did not know where to send the icmp response - i.e. RV042 is missing information on both client subnets. ICMP echo is received successfully by RV042G, but the response is sent to the wrong direction (default route to the internet?).

  > RIP v2 is working great between all three routers.

  How did you get this? can you show us routing table from at least RV042G router? for me, for some reason any RIP routing updates are not accepted/Treaty by RV042 router.

  1720 routers configuration seems perfect, part of RIP configuration as well and routing updates to be sent out of all interfaces except Fa0 interfaces.

• cannot be configured in terminal mode in CISCO AP

  I have a CISCO AIR-ANNUAL-A-k9.

  When I try to run configure terminal command his does not work...

  Please tell me how to solve this problem...

  APfc99.4744.412b #show running-config
  Building configuration...

  Current configuration: 17429 bytes
  !
  version 12.4
  no service button
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  encryption password service
  !
  hostname APfc99.4744.412b
  !
  Pulse 9 logging console
  enable secret 5 T/UX $1$ $ g8VteI52q9TAGoKLdOnQq1
  !
  AAA new-model
  !
  !
  AAA authentication login default local
  !
  AAA - the id of the joint session
  lwapp_eap_profile profile EAP
  quick method
  !
  !
  Crypto pki trustpoint Cisco_IOS_MIC_cert
  revocation checking no
  rsakeypair Cisco_IOS_MIC_Keys
  !
  Crypto pki trustpoint cisco-root-cert
  revocation checking no
  rsakeypair Cisco_IOS_MIC_Keys
  !
  Crypto pki trustpoint airespace-device-root-cert
  revocation checking no
  rsakeypair Cisco_IOS_MIC_Keys
  !
  Crypto pki trustpoint airespace-new-root-cert
  revocation checking no
  rsakeypair Cisco_IOS_MIC_Keys
  !
  Crypto pki trustpoint airespace-old-root-cert
  revocation checking no
  rsakeypair Cisco_IOS_MIC_Keys
  !
  !
  string Cisco_IOS_MIC_cert crypto pki certificates
  certificate 4F6C56A80000000A92D7
  30820470 30820358 A0030201 02020A4F 6C56A800 00000 HAS 92 D7300D06 092A 8648
  86F70D01 01050500 30393116 30140603 55040A 13 0D 436973 636F2053 79737465
  301 0603 55040313 16436973 636F204D 616E7566 61637475 6D73311F 72696E67
  1E170D31 20434130 32303930 31313732 3834325A 170 3232 30393031 31373338
  34325A 30 818C310B A 30090603 55040613 02555331 13301106 03550408 130, 4361
  6C69666F 726E6961 06035504 07130853 616E204A 6F736531 16301406 3111300F
  0355040A 130D 4369 53797374 656 7331 1B, 301906 03550403 13124331 D 73636F20
  66633939 34373434 34313262 3134302D 3120301E 06092A 86 4886F70D 01090116
  706F7274 11737570 636F2E63 40636973 6F6D3082 0122300D 06092 HAS 86 4886F70D
  01010105 00038201 0F003082 010 HAS 010100 0282 B 5 581D7B42 A 599227, 9 B4D65283
  698CB21A 8EAAA985 647313C F8C58325 0 A670CC0C 57EFB31B 1FCDB064 EFFFE354
  FDB34E0C AD1CCAC8 5C7345F5 0956EA6C 98B0DC6B D919BAF0 48966FFC 203AE7A3
  57342DD3 F0044903 CF71534F 013699F1 816BE0E3 016EC32D 525B 2676 0BD79150
  48 C 64674 B635DC0E 180BF03E 54FB5E16 E78D64BF 1A341C99 4C1F7391 A05A0374
  25899C4A 796694DF AAC73E41 8AE1DB1F 4CBFF680 B5A08356 B9641FCD B14F5258
  2DDEF4B5 F744881F 5AF16E42 C18C896B 64CF4023 F81979BD 985AB2EA 21590D2B
  FE29DB7E 22C4FA87 45549C2D 3AFFB098 EA2F1ADB 498 4464 34DD7695 CDCFE840 D
  C75EE07E 6BE7F77D 00727712 56F9E8CF F8C09702 03010001 30820120 A3820124
  300E0603 551D0F01 01FF0404 A 030205-0 301D 0603 551D0E04 16041440 FFFDBDB4
  4C4F19BE DE0FD134 EFB5E5E5 79BBE030 1 230418 30168014 D0C52226 1F060355
  AB4F4660 ECAE0591 C7DC5AD1 B047F76C 303F0603 551D1F04 38303630 34A032A0
  30862E68 7474703 HAS 2F2F7777 772E6369 73636F2E 73656375 72697479 636F6D2F
  2F706B69 2F63726C 2F636D63 612E6372 6C304C06 082B 0601 05050701 01044030
  082B 0601 05050730 02863068 7474703 3E303C06'S 2F2F7777 772E6369 73636F2E
  73656375 72697479 2F706B69 2F636572 74732F63 6D63612E 63657230 636F6D2F
  06010401 82371402 00490050 00530045 00430049 006E0074 04321E30 3F06092B
  00650072 0065 00640069 00610074 0065004F 00660066 006 C 0069 006E0065 006D
  300 D 0609 2A 864886 05050003 82010100 4198877F F0A136ED AC781855 F70D0101
  5DCD6F48 56FCFDDD 47292E1B 9E7BC1C6 0415AD8E DC815863 D30A99BE 514F7674
  0DE30212 EFEC2FD1 CDD895AC 7C9BC9C5 BD6A62C2 A1BD68CA 83E8A9E1 4F0D2599
  6794C2F6 94034F89 D22B9334 E77B6D04 83C2F979 3653E3B1 27FA6C7A ED4F8458
  A39FE3ED 9BC932B7 97B8C4A3 28596B9B 3E7B5302 CFEFD492 1B363AF7 60666780
  5724ED8F 0BD14FEB E585BCEF B2FFACBC D18D8C6B 8D65FDE8 7896E479 1B6C12E7
  F6517C37 E4DC4E1A EAC73589 42664557 24A9C82B B5A954BE 63814DB5 B0551E0A
  20DC6263 633CEF0B E1E14733 C9ECB3D3 21EA5DF9 621B9C20 B31EB931 EE765152
  C5403310 7FA886E5 B34E8501 1755044E 6BA12200
  quit smoking
  certificate ca 6A6967B3000000000003
  308204 9 308203 1 A0030201 02020A6A 6967B 300 092 HAS 8648 00000000 03300D 06
  86F70D01 01050500 30353116 30140603 55040A 13 0D 436973 636F2053 79737465
  30190603 55040313 12436973 636F2052 43412032 30343830 6F6F7420 6D73311B
  1E170D30 35303631 30323231 3630315A 170 3239 30353134 32303235 34325 HAS 30
  39311630 14060355 040A130D 43697363 6F205379 7374656D 1 060355 73311F30
  04031316 43697363 6F204D61 6E756661 63747572 696E6720 43413082 0120300D
  06092A 86 01010105 00038201 0D A 003082 01080282 010100-0 C5F7DC96 4886F70D
  943515F1 F4994EBB 9B41E17D DB791691 BBF354F2 414 HAS 9432 6262 C 923 F79AE7BB
  9B79E807 294E30F5 AE1BC521 5646B0F8 F4E68E81 B816CCA8 9B85D242 81DB7CCB
  94A 91161 121C5CEA 33201C9A 16A77DDB 99066AE2 36AFECF8 0AFF9867 07F430EE
  A5F8881A AAE8C73C 1CCEEE48 FDCD5C37 F186939E 3D71757D 34EE4B14 A9C0297B
  0510EF87 9E693130 F548363F D8ABCE15 E2E8589F 3E627104 8726 HAS 415 620125AA
  D5DFC9C9 5BB8C9A1 077BBE68 A86CBD15 92939320 75D3445D 454BECA8 DA60C7D8
  C8D5C8ED 41E1F55F 578E5332 9349D5D9 0FF836AA 07C C5A7AF1D 19FFF673 43241
  99395 HAS 73 67621334 0D1F5E95 70526417 06EC535C 5CDB6AEA 35004102 0103 HAS 382
  01E73082 01E33012 0603551D 130101FF 04083006 0101FF02 0100301 D 0603551 D
  0E041604 14D0C522 26AB4F46 60ECAE05 91C7DC5A D1B047F7 6C300B06 03551D0F
  04040302 01863010 06092B 06 01040182 37150104 03020100 30190609 2 B 060104
  01823714 0A 005300 75006200 AND 43004130 1 230418 30168014 1F060355 02040C1E
  27F3C815 1E6E9A02 0916AD2B A089605F DA7B2FAA 30430603 551D1F04 3C303A30
  38A036A0 34863268 7474703A 2F2F7777 772E6369 73636F2E 636F6D2F 73656375
  72697479 2F706B69 2F63726C 2F637263 382E6372 61323034 6 305006 082B 0601
  05050701 01044430 42304006 082B 0601 05050730 02863468 7474703 A 2F2F7777
  772E6369 73636F2E 73656375 72697479 2F706B69 2F636572 74732F63 636F6D2F
  3034382E 72636132 63657230 5 C 060355 1 200455 30533051 060A2B06 01040109
  15010200 30433041 06082B 06 01050507 02011635 68747470 3A2F2F77 77772E63
  6973636F 2E636F6D 2F736563 75726974 792F706B 6 696369 65732F69 692F706F
  6E646578 2E68746D 6C305E06 03551D 25 04573055 06082B 06 01050507 03010608
  2B 060105 06082 06 05070302 01050507 03050608 2B 060105 06082 B 06 B 05070306
  01050507 0307060 2B 060104 0182370 A 0301060 HAS 2B 060104 01823714 02010609
  2B 060104 01823715 06300D 01050500 03820101 0030F330 86F70D01 06 092 A 8648
  374A 6499 24290AF2 86AA42D5 23E8A2EA 2B6F6923 7A828E1C 4C09CFA4 2D8CF2CA
  4FAB842F 37E96560 D19AC6D8 F30BF5DE D027005C 6F1D91BD D14E5851 1DC9E3F7
  38E7D30B D168BE8E 22A54B06 E1E6A4AA 337D1A75 BA26F370 C66100A5 C379265B
  A719D193 8DAB9B10 11291FA1 82FDFD3C 4B6E65DC 934505E9 AF336B67 23070686
  22DAEBDC 87CF5921 421AE9CF 707588E0 243D5D7D 4E963880 97D56FF0 9B71D8BA
  6019A5B0 6186ADDD 6566F6B9 27A2EE2F 619BBAA1 3061FDBE AC3514F9 B82D9706
  AFC3EF6D CC3D3CEB 95E981D3 8A5EB6CE FA79A46B D7A25764 C43F4CC9 DBE882EC
  0166 D 410 88A256E5 3C57EDE9 02 HAS 84891 6307AB61 264B1A13 9FE4DCDA 5F
  quit smoking
  cryptographic pki certificate root-cisco-cert chain
  certificate ca 5FF87B282B54DC8D42A315B568C9ADFF
  3082022B 30820343 A0030201 0202105F F87B282B 54DC8D42 A315B568 C9ADFF30
  010105 05003035 31163014 06035504 0A130D43 6973636F 0D 864886F7 0D06092A
  20537973 74656 73 311B 3019 06035504 AND 03131243 6973636F 20526F6F 74204341
  38301E17 20323034 303430 35313432 30313731 32393035 31343230 325A170D 0D
  32353432 5 303531 16301406 0355040 HAS 130D 4369 73636F20 53797374 656D 7331
  1 B 301906 03550403 13124369 73636F20 20434120 32303438 30820120 526F6F74
  300 D 0609 2A 864886 01050003 82010 00 30820108 02820101 00B09AB9 F70D0101
  ABA7AF0A 77A7E271 B6B46662 94788847 C6625584 4032BFC0 AB2EA51C 71D6BC6E
  7BA8AABA 6ED21588 48459DA2 FC83D0CC B98CE026 68704 HAS 78 DF21179E F46105C9
  15C8CF16 DA356189 9443 HAS 884 A8319878 9BB94E6F 2C53126C CD1DAD2B 24BB31C4
  2BFF8344 6FB63D24 7709EABF 2AA81F6A 56F6200F 75A725CE 11549781 596A 8265
  EFB7EAE7 E28D758B 6EF2DD4F A65E629C CF100A64 D04E6DCE 2BCC5BF5 60 HAS 52747
  8D69F47F CE1B70DE 701B20D6 6ECDA601 A83C12D2 A93FA06B 5EBB8E20 8B7A91E3
  B568EEA0 E7C40174 A8530B2B 4A9A0F65 120E824D 8E63FDEF EB9B1ADB 53 HAS 61360
  AFC27DD7 C76C1725 D473FB47 944CE1BF 64508180 AE4B1CDF 92ED2E05 DF020103
  300B 0603 551D0F04 86300F06 04030201 A351304F 03551D 13 0101FF04 05300301
  01FF301D 0603551D 0E041604 1427F3C8 151E6E9A 020916AD 2BA08960 5FDA7B2F
  AA301006 092B 0601 04018237 15010403 02010030 0D06092A 864886F7 0D 010105
  05000382 0101009D 9D8484A3 41A97C77 0CB753CA 4E445062 EF547CD3 75171CE8
  E0C6484B B6FE4C3A B 198156 0 56EE1996 62AA5AA3 64C1F64E 5433 C 677 FEC51CBA
  E55D25CA F5F0939A 83112EE6 CBF87445 FEE705B8 ABE7DFCB 4BE13784 DAB98B97
  701EF0E2 8BD7B0D8 0E9DB169 D62A917B A9494F7E E68E95D8 83273CD 5 68490ED4
  9DF62EEB A7BEEB30 A4AC1F44 FC95AB33 06FB7D60 0ADEB48A 63B09CA9 F2A4B953
  068 A4277FAB FFE9FAC9 B439C684 40388867 0187D 6F57C953 DBBA8EEE C043B2F8
  09836EFF 17B 35818 2509345E E3CBD614 B6ECF292 6F74E42F 812AD592 66CF3EEF
  3 C 854BD1F7 326805 91E0E097 57E2521D 931A549F 0570C04A 71601E43 0B601EFE
  A3CE8119 E10B35
  quit smoking
  Crypto pki certificate chain airespace-device-root-cert
  AC 03 certificate
  3082047F A 308203, 8 A0030201 02020103 300 D 0609 2A 864886 F70D0101 04050030
  81A6310B 30090603 55040613 02555331 13301106 03550408 130A 4361 6C69666F
  726E6961 06035504 07130853 616E204A 6F736531 0355040A 17301506 3111300F
  72657370 61636520 31143012 06035504 0B130B45 6E67696E 496E632E 130E4169
  65657269 30180603 55040313 11416972 65737061 63652052 6F6F7420 6E67311A
  A 43413124 30220609 2 864886 F70D0109 01161573 72744061 69726573 7570706F
  70616365 2E636F6D 30353034 32383232 33373133 5A170D31 35303132 301E170D
  36323233 3731335 HAS A 3081, 831 0B 300906 03550406 13025553 31133011 06035504
  A 08130, 43 616C 6966 6F726E69 0F060355 61311130 53616E20 04071308 4A6F7365
  31173015 06035504 69726573 70616365 20496E63 2E311430 12060355 0A130E41
  040B130B 456E6769 6E656572 696E6731 03550403 13134169 72657370 1C301A06
  61636520 44657669 63652043 41312430 2206092A 864886F7 010901 16157375 0D
  70706F72 74406169 72657370 6163652E 636F6D30 81DF300D 06092 HAS 86 4886F70D
  01010105 000381CD 003081C A93C0158 E7284E75 FF86A57A 886ACA37 C 9 0281, 100
  430BECF0 7582F56B DB6AC514 554FB06E AA327B3E CE3C9391 03C93BA4 0C0AF932
  A6CB5DA3 F1C3C528 53BF4E19 2C1BFC48 467EBD93 06B4974A 1273BF35 8AD8540F
  261E612B A2673B68 D239C87E 1E9E967B 2654 D 285 45BB7F78 5F4E9D4B 7B8001AA
  2F455CFF 4552ECDB 5667E3FC E7093E06 8FAE353D 4228B48D 8B415D9B F496342D
  C1459987 B69BFA4B 51FB67B4 A0C21E7F C6269A39 47EB1D48 5E83B129 8B079E5E
  1EDAB5A0 BE5E1DE0 109FF0BD 4750E32B 02030100 01A 38201 37308201 33300 06
  13 04053003 0101FF30 2E060960 86480186 F842010D 0421161F 41697265 03551D
  73706163 65204465 76696365 20434120 43657274 69666963 61746530 1 060355
  04140A 52 3BB12570 523B9CEA 747FB2AD 3D8F95EA 3FCC3081 D3060355 1D0E0416
  1 230481 8014538 8360478 C20F8066 3232E9E1 7070552B 17EAA181 CB3081C8
  ACA481A9 3081A 631 0B 300906 03550406 13025553 31133011 06035504 08130 HAS 43
  616C 6966 6F726E69 61311130 0F060355 04071308 53616E20 4A6F7365 31173015
  06035504 69726573 70616365 20496E63 2E311430 12060355 0A130E41 040B130B
  456E6769 6E656572 696E6731 1 HAS 301806 03550403 13114169 72657370 61636520
  526F6F74 09011615 73757070 6F727440 86F70D01 20434131 24302206 092A 8648
  61697265 73706163 652E636F 6 D 820100 300 D 0609 2A 864886 F70D0101 04050003
  81C100A0 E8D59D9B DA9EED0C 96045DFE A37084EC 59B5C3D3 71694DB0 70664E0C
  8060D69E E366E81F 9F3CCF68 8AB0498E CCFA6CA7 2854F2D8 9 046690C 8FEC84EF
  2F7F0F08 C90F719D C0F4C125 CED1B525 6DD93E51 777BD5E8 7F1DC79F CC502DC2
  0242C05D 1682DEE3 DF7541B8 C55B433C 10DFE2BF D2E802E7 D923329A 23A2076F
  86BCC048 D569B383 59AC8979 97F02C55 6F8FE318 754F605C 43CDA7C8 B 1847, 085
  1DADF0D6 CD62C8DE A86E6E12 4A7CDCBF A6FCC7E1 852A1DB1 529D63B3 688305F6 7BD25F
  quit smoking
  encryption string airespace-news-root-cert pki certificate
  certificate ca 00
  3082045A 30820383 02020100 300 D 0609 2A 864886 F70D0101 04050030 A0030201
  81A6310B 30090603 55040613 02555331 13301106 03550408 130A 4361 6C69666F
  726E6961 06035504 07130853 616E204A 6F736531 0355040A 17301506 3111300F
  72657370 61636520 31143012 06035504 0B130B45 6E67696E 496E632E 130E4169
  65657269 30180603 55040313 11416972 65737061 63652052 6F6F7420 6E67311A
  A 43413124 30220609 2 864886 F70D0109 01161573 72744061 69726573 7570706F
  70616365 2E636F6D 30333037 33313133 34313232 5A170D31 33303432 301E170D
  39313334 3132325 HAS A 3081, 631 0B 300906 03550406 13025553 31133011 06035504
  A 08130, 43 616C 6966 6F726E69 0F060355 61311130 53616E20 04071308 4A6F7365
  31173015 06035504 69726573 70616365 20496E63 2E311430 12060355 0A130E41
  040B130B 456E6769 6E656572 696E6731 1 HAS 301806 03550403 13114169 72657370
  526F6F74 09011615 73757070 86F70D01 61636520 20434131 24302206 092A 8648
  61697265 73706163 652E636F 6D3081DF 2 F70D0101 6F727440 HAS 864886 300 D 0609
  0030-81 C 90281 C100CCA0 F92330BD 49E947A4 3FA2ACF3 A4827F66 01050003 81CD
  77BB66F4 6B1636BA 84EF0966 9CCAE0EA CA6F1D0F BA90FEFA 58B8502C 10FC78DC
  C9D126D8 8F2AD059 A8A69BFE 90324BD6 4553CED9 131B99B0 282A73D9 8655EFAF
  5EA54096 22E54B9F C4258988 78F1A51F F47B16F2 0C0A37A3 52603A5A B0DC4533
  B0C0B7C8 02DF25F0 585DFF5F 43FDAE1F 48A34BDF F80AC27E 30BE931B D3490ADE
  C81FF6F9 974F1408 55C8813F D334F1B8 A1892B0A 10D98A44 7DBF213E 20 64520
  E78E9322 DA11CA7A 010001A 3 82011430 82011030 1 060355 46AB0203 46ACEB41
  1D0E0416 0414538 D 8360478 D C20F8066 3232E9E1 7070552B 17EA3081 D3060355
  1 230481 8014538 8360478 C20F8066 3232E9E1 7070552B 17EAA181 CB3081C8
  ACA481A9 3081A 631 0B 300906 03550406 13025553 31133011 06035504 08130 HAS 43
  616C 6966 6F726E69 61311130 0F060355 04071308 53616E20 4A6F7365 31173015
  06035504 69726573 70616365 20496E63 2E311430 12060355 0A130E41 040B130B
  456E6769 6E656572 696E6731 1 HAS 301806 03550403 13114169 72657370 61636520
  526F6F74 09011615 73757070 6F727440 86F70D01 20434131 24302206 092A 8648
  61697265 73706163 6 820100 0603 551 1304 05300301 01FF300B 300 652E636F
  0603551D 0F040403 02010630 0D06092A 864886F7 010104 05000381 C10006E3 0D
  653D4B19 FAA0C3B9 8EAE23C5 A3305E42 4522 HAS 961 BE1B5B88 56ED2E5A E42F7AC0
  26AA2805 9824080D 1512169B 44E42847 2EBBA573 29F070DB 56011C7B E9F3A240
  399A 3557 A50384EC A0353DCF 49E8EC01 94047469 0BC12079 2764873D 25943DCD
  66A9726F 4A79EB40 1C7C6897 4E925D80 1F604763 A9D9AC1F DF0092F6 2313 C 126
  57DF1AB4 9B904E22 CE5515CD 44F68A00 4E2BC861 FBC1540D C1F3A66B 8CDDC1C2
  7 C E6241198 442027 B0E002DE 9E06D64F 0D 538987 96C1C0DB 12B0F581 6FED
  quit smoking
  Crypto pki certificate chain airespace-old-root-cert
  certificate ca 00
  30820406 3082032F A0030201 02020100 300 D 0609 2A 864886 F70D0101 04050030
  818F310B 30090603 55040613 02555331 13301106 03550408 130A 4361 6C69666F
  726E6961 06035504 07130853 616E204A 6F736531 0355040A 16301406 3111300F
  130 6169 72657370 61636520 496E6331 0D300B06 0355040B 13046E6F 6E65310B
  09011615 73757070 86F70D01 30090603 55040313 02636131 24302206 092A 8648
  61697265 73706163 652E636F 6D301E17 303330 32313232 33333835 0D 6F727440
  31323131 31313233 33383535 310B 3009 06035504 06130255 5A30818F 355A170D
  53311330 11060355 0408130A 43616C 69 666F726E 69613111 300F0603 55040713
  0853616E 65311630 14060355 61697265 73706163 040A130D 204A6F73 6520496E
  63310 D 0B 060355 040 30 B 1304 310B 3009 06035504 03130263 61312430 6E6F6E65
  2206092A 864886F7 010901 16157375 74406169 72657370 70706F72 0D 6163652E
  06092A 86 4886F70D 01010105 81DF300D 636F6D30 000381CD 003081C 9 0281C 100
  DB9D3901 30059DD1 05CB2793 9B9907F8 1FF57FA9 24065BF7 1A5865F8 B9CFCCB3
  679354 D 69BAB847 4 1CA327AE EA006AAC 90479C9D C23B67DE FACC0D28 32C6103F
  A59C41E2 E8B4250B 4D2903EB 52629 HAS 99 D618B747 C4A94151 1AB995BB 14905404
  5F4A0B9F F387F346 D5F3A249 2AED1B6A 3DD639D8 4924366A 1234DD2D B13CD489
  7E2EA101 63BCCC82 2F7A6D0B 33AB5705 3C784A6D A3DD1E5B 96CF54C6 CF4D59BC
  1BFD6CB6 E72FCB29 88DCBE6D 4D76FB83 1FAF5683 E4E20822 00A9EB2E 3BEF0DF9
  02030100 01A381EF 3081EC30 1 D 060355 1D0E0416 DF7D1482 04149457 2D31BB28
  772E8996 1886DA46 84BA3081 1 230481 B43081B1 DF7D1482 80149457 BC060355
  2D31BB28 772E8996 1886DA46 84BAA181 95 HAS 48192 30818F31 0B 300906 03550406
  A 13025553 31133011 06035504 08130, 43 616C 6966 6F726E69 61311130 0F060355
  04071308 53616E20 31163014 06035504 69726573 70616365 0A130D61 4A6F7365
  20496E63 310D300B 06035504 0B13046E 0B, 300906 03550403 13026361 6F6E6531
  31243022 06092 HAS 86 01090116 15737570 40616972 65737061 706F7274 4886F70D
  63652E63 6F6D8201 00300C 06 13 04053003 0101FF30 0D06092A 864886F7 03551D
  010104 05000381 C100AEB0 349DC0F9 2AAA3A57 75B3A79C 5421A9D0 15389261 0D
  95 C 03479 04DA81D4 120F58FA E2299223 BEB54A90 6D70F7F7 2192EFAF A4B0F488
  604E3094 BBCC77A3 60 HAS 88129 0849B87B 5CA1AA17 A 21922, 55 6B68E0D3 1ADC7264
  C4C4D6B2 33345C 86 254E4988 096645CD 40F12761 8BC37E71 DAD91677 25322361
  71D87A16 F92AF7C1 51CB8892 443BC666 59BEA47B 985E8866 68A1EBD4 88BBF6E7
  7711 D 518 A80E203D A12BEBDC 6963EDA7 B76079A3 0CB8D324 22380C 96 A949FDF8
  CADD949D EA39E0EF 033D
  quit smoking
  memory checksum validate 30
  Cisco secret 5 $1$ WIs1 username $ wyjQZW5BvoaWvKmknJrYd.
  !
  !
  property intellectual ssh version 2
  !
  !
  interface Dot11Radio0
  no ip route cache
  gain of antenna 0
  MBSSID
  power-local 1
  customer can local
  attempts to package drop 64-package
  No cdp enable
  !
  interface GigabitEthernet0
  no ip route cache
  automatic duplex
  automatic speed
  No keepalive
  !
  interface BVI1
  IP 10.32.10.29 255.255.255.0
  no ip route cache
  !
  default IP gateway - 10.32.0.1
  no ip address of the http server
  Logging trap errors
  AP:fc99.4744.412 b logging origin-id string
  Kern of logging mechanism
  snmp logging trap notifications
  exploitation forest-trap snmp to information
  registration of debugging of snmp trap
  logging 255.255.255.255
  !
  control plan
  !
  !
  Line con 0
  line vty 0 4
  transport of entry no
  line vty 5 15
  transport of entry no
  !
  end

  # # # Ap ap ap AP #.
  # # Ap ap AP #.

  This looks like a lightweight access point. In my view, there is no t conf option, because everything is done through the controller.