D9036 - GUI Login - IP Configuration of the Cisco encoder

Dear all

I try to open D9036 encoder Cisco to get access to the Web Interface of GUI.

In the manual of the encoder, Cisco informed that we have to connect via RS232 to the encoder and configure its IP address, but I did not

but I noticed that the encoder Eth1 has an IP "192.168.1.100" and whenever I am trying to ping ping.

Please advice for the method to connect to the encoder via the Web Interface of GUI.

Follow these steps:
1. access to the serial port on your PC.

2 in the main connection, type root and then press ENTER.

3 at the root prompt, type set_mgmt_port_config.py and press ENTER.
4. When you are prompted, type a pair of IP address/netmask and press ENTER.
5 if necessary, at the prompt of gateway IP address configured, type y to set the IP address of the gateway and press ENTER.
6. at the prompt of gateway IP address, type the IP address of the gateway and press ENTER.
7 at the prompt of the writing MGMT port configuration file, type y and press ENTER to save the configuration file.

8 networking restart for guest MGMT port, type y and press ENTER to apply the changes immediately.

9 type ifconfig to check the ip address.

10. after the above steps, try to encode via GUI. It should work.

Tags: Cisco Support

Similar Questions

Correct configuration of the Cisco Access Point 1242AG

Hi all

Here's the situation:

Recently, we decided to create a small network of WLAN in our company. We choose the Cisco AIR-AP1242AG-E-K9 with 2x2.4GHz 2.2dbi rotating dipole antenna.

For better management, a new VLAN routable (ID:20) added to our router IP 192.168.55.1 and SNET 255.255.255.0

Then, I made the following configurations in the autonomous AP through WEB Console:
- Static IP:192.20.10.35, SNET:255.255.254.0, GWY:192.20.10.200
- Vlan1 (native) and VLAN20 (Radio0 - 802.11 g) added in Services.
- I put the encryption against zero for VLAN1 Mode and cipher AES-CCMP for VLAN20
- In Server Manager, I've defined a new 192.20.10.35 RADIUS server (AP-IP) and a secret shared and left the default ports for authentication and accounting (1645 and 1646). Also, in the default server priorities section I put focused 1 time for authentication EAP and the IP (Radius Server) 192.20.10.35 Access Point MAC.
- During the General local RADIUS server configuration, I add as a server for access to the network current (AAA client) the same IP address and the shared secret as the ones I use during the configuration of the RADIUS server above. In authentication protocols enable I left checked only the JUMP and the Mac. In addition, in the users individual section 2 new users created with passwords.
- In the SSID Manager a new hidden SSID created for interface Radio0 - 802.11 g, associated with VLAN20 and in the Client authentication settings section, I left as accepted authentication open with MAC and EAP authentication method. Also, I left the option to use by default for EAP and MAC authentication servers in Server priorities Section and finally I choose mandatory for key management in the section Client authenticated and active the option enable WPA key management.
I can ping VLAN20 IPs from any PC which is a member of the VLAN native both AP

As wireless clients, I use 2 Motorola MC5574 with Windows Mobile 6.1 professional. Both of them have a WLAN Jedi adapter that is configured with the following:

IPs:192.168.55.10 and 192.168.55.11

SNET:255.255.255.0

GWY:192.168.55.1

In addition, a unique profile has been created on all of them to use for the authentication of the association AP. Each profile has been configured for WPA2-Enterprise with AES and LEAP and identification information predefined user (those defined in the PA for individual users)

The problem:

Association of clients with AP is always successful but, authentication fails, and I can't ping the AP IP, IP VLAN20, nor the other customers.

What I'm missing here? I'm sure it's quite simple somenthing but although I tried several different configurations (even WPA - PSK, WPA2-PSK with TKIP) I always find myself without an appropriate solution to unable to ping.

Thanks in advance for any help

Hello

Can you please paste the show run out of AP?

Kind regards

Madhuri

Configuration of the Cisco ACS Radius

Hello

I'm trying to set up authentication radius on cisco ACS but short question. When I set up my group of network devices in the configuration of the AAA Client as one of ray device groups, my authentications fail with authentication as a failure code"

CS invalid password' but when I change my group of devices to "Unassigned", everything started working.

On my AAA client, when authentication fail, I see

Server RADIUS audit package fails:

Please note that the AAA client is a non-cisco device.

Any suggestions?

It seems that you run ACS 4.x. You are facing this problem because the key is set on the excessive rides of the level (Group of devices network XYZ in your case) NDG key at the level of the AAA client. Please make sure that you don't have different secret key on the client inside the NDG AAA and on the NDG himself.

Not affected is working because it has no key defined in the NDG.

http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/NetCfg.html#wp342738

"Each device that is assigned to the network device group will use the shared key you enter here. The key that has been attributed to the device when it has been added to the system is ignored. If the Enter key is null, the key of the AAA client is used. »

~ BR
Jatin kone

* Does the rate of useful messages *.

Configuration of the Cisco ACS 5.3 AnyConnect VPN and management of a Cisco ASA 5500.

We have configured a Cisco ASA 5505 as a VPN endpoint for one of our user groups. It works, but it works too well.

We have a group called XXX we need to have access to the Cisco AnyConnect Client. We have selected this group of our Active Directory and added to our ACS configuration. We've also added a group called YYY that will manage the ASA. However, this group has no need to access the VPN.

We added XXX movies for the elements of the policy of access to the network-> authorization profiles. We also have a profile of YYY.

She continues to knock on our default Service rule that says allow all.

We have also created a default network access rule. for this.

I am at a loss. I'm sure I missed a checkbox or something.

Any help would be really appreciated.

Dwane

We use Protocol Management GANYMEDE ASA and Ray for VPN access?

For administration, you must change the device by default admin access strategy and create a permission policy. Even by the way, you can change the network access by default for vpn access and create a respective policy for that too.

On the SAA, you must configure Ganymede and Ray both as a server group.

For the administration, you can set Ganymede as an external authentication under orders aaa Server

AAA-server protocol Ganymede GANYMEDE +.

Console HTTP authentication AAA GANYMEDE

Console Telnet AAA authentication RADIUS LOCAL

authentication AAA ssh console LOCAL GANYMEDE

Console to enable AAA authentication RADIUS LOCAL

For VPN, you must set the authentication radius under the tunnel-group.

I hope this helps.

Kind regards

Jousset

The rate of useful messages-

Configuration of the Cisco etherchannel stack: flag stuck in stand alone

I'm putting in place an etherchannel for my stack of Cisco (switch Catalyst 3750 G x 2), with a port on each switch the etherchannel. The example of battery cross http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_example09186a00806cb982.shtml using as a guide, I created my channel. However when I discovered "show etherchannel summary 6 ' it says that both my ports are stand-alone, when I want them to be in port channel grouped in. Thank you in advance for your help, I added all the information I could think.

Here is how I created the etherchannel

sailing-sw-1 #conf t

sailing-sw-1 (config) #interface gigabiteethernet 0/1/10

active in sail-sw-1(config-if) mode #channel-group 6

sailing-sw-1(config-if) #switchport trunk encapsulation dot1q

sailing-sw-1(config-if) #switchport mode trunk

sailing-sw-1(config-if) #exit

sailing-sw-1 (config) #interface gigabiteethernet 0/1/10

active in sail-sw-1(config-if) mode #channel-group 6

sailing-sw-1(config-if) #switchport trunk encapsulation dot1q

sailing-sw-1(config-if) #switchport mode trunk

sailing-sw-1(config-if) #exit

sailing-sw-1 (config) #exit

The running-config

sailing-sw-1 #show running-config

Building configuration...

Current configuration: 5390 bytes

!

version 12.2

no service button

horodateurs service debug uptime

Log service timestamps uptime

no password encryption service

!

sailing-sw-1 hostname

!

boot-start-marker

boot-end-marker

!

Select the 5 secret...

!

!

!

high-level description of the cisco-global macro

No aaa new-model

1 supply ws-c3750g-24ts switch

2 available ws-c3750g-24ts switch

mtu 1500 routing system

Uni-directional aggressive

!

!

!

MLS qos map cos-dscp 0 8 16 24 32 46 46 56

!

Crypto pki trustpoint TP-self-signed-538118016

enrollment selfsigned

name of the object cn = IOS - Self - signed - certificate - 538118016

revocation checking no

rsakeypair TP-self-signed-538118016

!

!

TP-self-signed-538118016 crypto pki certificate chain

certificate self-signed 01

30...

AF

quit smoking

!

!

!

errdisable recovery cause link-flap

60 errdisable recovery interval

port-channel - the balance of the load src-dst-mac

!

spanning tree mode rapid pvst

spanning tree default loopguard

No spanning tree optimize transmission of bpdus

spanning tree extend id-system

!

internal allocation policy of VLAN ascendant

!

!

!

Interface Port-channel6

!

GigabitEthernet1/0/1 interface

No auto mdix

!

interface GigabitEthernet1/0/2

No auto mdix

!

interface GigabitEthernet1/0/3

No auto mdix

!

interface GigabitEthernet1/0/4

No auto mdix

!

interface GigabitEthernet1/0/5

No auto mdix

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

No auto mdix

!

interface GigabitEthernet1/0/8

No auto mdix

!

interface GigabitEthernet1/0/9

No auto mdix

!

interface GigabitEthernet1/0/10

switchport trunk encapsulation dot1q

switchport mode trunk

No auto mdix

active in mode channel-group 6

!

interface GigabitEthernet1/0/11

No auto mdix

!

interface GigabitEthernet1/0/12

No auto mdix

!

interface GigabitEthernet1/0/13

No auto mdix

!

interface GigabitEthernet1/0/14

No auto mdix

!

interface GigabitEthernet1/0/15

No auto mdix

!

interface GigabitEthernet1/0/16

No auto mdix

!

interface GigabitEthernet1/0/17

No auto mdix

!

interface GigabitEthernet1/0/18

No auto mdix

!

interface GigabitEthernet1/0/19

No auto mdix

!

interface GigabitEthernet1/0/20

No auto mdix

!

interface GigabitEthernet1/0/21

No auto mdix

!

interface GigabitEthernet1/0/22

No auto mdix

!

interface GigabitEthernet1/0/23

No auto mdix

!

interface GigabitEthernet1/0/24

No auto mdix

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

GigabitEthernet2/0/1 interface

No auto mdix

!

interface GigabitEthernet2/0/2

No auto mdix

!

interface GigabitEthernet2/0/3

No auto mdix

!

interface GigabitEthernet2/0/4

No auto mdix

!

interface GigabitEthernet2/0/5

No auto mdix

!

interface GigabitEthernet2/0/6

!

interface GigabitEthernet2/0/7

No auto mdix

!

interface GigabitEthernet2/0/8

No auto mdix

!

interface GigabitEthernet2/0/9

No auto mdix

!

interface GigabitEthernet2/0/10

switchport trunk encapsulation dot1q

switchport mode trunk

No auto mdix

active in mode channel-group 6

!

interface GigabitEthernet2/0/11

No auto mdix

!

interface GigabitEthernet2/0/12

No auto mdix

!

interface GigabitEthernet2/0/13

No auto mdix

!

interface GigabitEthernet2/0/14

No auto mdix

!

interface GigabitEthernet2/0/15

No auto mdix

!

interface GigabitEthernet2/0/16

No auto mdix

!

interface GigabitEthernet2/0/17

No auto mdix

!

interface GigabitEthernet2/0/18

No auto mdix

!

interface GigabitEthernet2/0/19

No auto mdix

!

interface GigabitEthernet2/0/20

No auto mdix

!

interface GigabitEthernet2/0/21

No auto mdix

!

interface GigabitEthernet2/0/22

No auto mdix

!

interface GigabitEthernet2/0/23

No auto mdix

!

interface GigabitEthernet2/0/24

No auto mdix

!

interface GigabitEthernet2/0/25

!

interface GigabitEthernet2/0/26

!

interface GigabitEthernet2/0/27

!

interface GigabitEthernet2/0/28

!

interface Vlan1

the IP 192.168.0.1 255.255.255.0

!

default IP gateway - 192.168.76.102

IP classless

IP http server

IP http secure server

!

activate the IP sla response alerts

!

!

Line con 0

line vty 0 4

password Mil19

opening of session

line vty 5 15

password Mil19

opening of session

!

end

Interface port-channel 6

(in the example, there should be this line "identified in this channel: Gi2/article-gi1/0/10 0 / 10 ')

sailing-sw-1 #show interfaces port-channel 6

Channel6 port is down, line protocol is down (notconnect)

Material is EtherChannel, address is 0000.0000.0000 (bia 0000.0000.0000)

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

KeepAlive set (10 sec)

Link auto-duplex type, automatic speed is automatic, media type is unknown

input stream control is turned off, output flow control is not supported

Type of the ARP: ARPA, ARP Timeout 04:00

Last entry, never, never hang output

Final cleaning of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 0

Strategy of queues: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bps, 0 packets/s

5 minute output rate 0 bps, 0 packets/s

0 packets input, 0 bytes, 0 no buffer

Received 0 emissions (0 multicasts)

0 Runts, 0 giants, 0 shifters

entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored

Watchdog 0, multicast 0, break 0 comments

entry packets 0 with condition of dribble detected

exit 0 packets, 0 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 babbles, collision end 0, 0 deferred

carrier, 0 no carrier, lost 0 0 output BREAK

output buffer, the output buffers 0 permuted 0 failures

EtherChannel 6 Summary

sailing-sw-1 #show etherchannel 6 Summary

Flags: - Low P - D bundled in port-channel

I have - autonomous s - suspended

H Eve (LACP only)

R - Layer 3 S - Layer2

U - running f - cannot allocate an aggregator

M - don't use, minimum contacts not satisfied

u - unfit to tied selling

w waiting to be aggregated

d default port

Number of channels: 1

Number of aggregators: 1

Protocol for the Port-Channel port group

------+-------------+-----------+-----------------------------------------------

6 Po6 (SD) LACP Gi1/0/10 (I) Gi2/0/10 (I)

Hello

It seems that the grouping of NIC Linux box does not work properly. Please

Check on the side of Linux.

Kind regards

NT

restore the configuration of the cisco ACS 1121 ver 5.2 to SNS 3425 ver 5.6

Dear all,

We currently have Cisco ACS 1121 ver 5.2 in our production, then we will replace it with the new devices using SNS 3425 ver 5.6.

Please good to want to help someone can tell you how to restore all the old configuration of devices (ACS 1121 ver 5.2) for the new Member States?

Best regards

Yudibagam

Hello! You must upgrade the current device to a min of v5.4 for restoration work and be supported.

http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_control_system/5-6/release/notes/acs_56_rn.html

However, if you're going to go through the upgrade problems then I would say that you upgrade all the way to 5.6 just to be sure :)

I hope this helps!

Thank you for evaluating useful messages!

Cisco Aironet 2600 series Configuration of the DHCP server is NOT serving addresses?

Cisco Aironet 2600 series Configuration of the DHCP server is NOT serving addresses?

I have (2) AIR-SAP2602I-A-K9, configured the same way.

on two different remote LANs.

They don't seem to be handing out addresses via DHCP.

{If I connect to a local network with another DHCP server}

wireless devices can obtain addresses

This another DHCP server on the LAN through the access point.}

I followed 12.4.25d. JA.cg.pdf

Configuration of the Access Point to provide the Service DHCP 5-22

---------|---------|---------|

e.g. 3444-RCS1-AN #show running-config

Building configuration...

version 15.2

3444-RCS1-YEAR host name

no ip Routing

USH - DM IP domain name

DHCP excluded-address IP 192.168.29.89

IP dhcp RCS1 pool

network 192.168.29.88 255.255.255.248

router by default - 192.168.28.1

Rental 1 0

interface BVI1

IP 192.168.28.211 255.255.254.0

no ip route cache

default IP gateway - 192.168.28.1

---------|---------|---------|

---------|---------|---------|

e.g. 3444-RCS2-AN #show running-config

Building configuration...

version 15.2

3444-RCS2-YEAR host name

no ip Routing

USH - DM IP domain name

DHCP excluded-address IP 192.168.129.81

IP dhcp RCS2 pool

network 192.168.129.80 255.255.255.248

router by default - 192.168.128.1

Rental 2 0

interface BVI1

IP 192.168.128.171 255.255.254.0

no ip route cache

default IP gateway - 192.168.128.1

---------|---------|---------|
```
Thats the DHCP Pool range 192.168.29.88 through 192.168.28.95
```
Well this will confuse your customers.

And this is NOT how to set up your "range". See below:

DHCP excluded-address IP 192.168.29.1 192.168.29.87

DHCP excluded-address IP 192.168.29.96 192.168.29.254

IP dhcp RCS1 pool

network 192.168.28.211 255.255.254.0

router by default - 192.168.28.1

Rental 1 0

Reset the Cisco Unity Connection 7.1 Application GUI password?

Hello

As we know about unity based on linux 7.1 there are three passwords:-platfrom-password administrator password of security between the nodes and the user of the Application password that allow us access to the GUI to configure users, the voice messaging ports... etc.

Our problem that we change the password user request and forget about us, so we are not able to do any configuration.

Is any configuration to reset this password...

Any ideas...

Thank you very much.

Padma,

Good fishing. CUC has its own set of CLI commands for that task. My orders are for the CUCM, but they would have driven you by recourse to the '?

Hailey

Configuration of the IPS Cisco 2921

Hello

Is there a design guide to see how to configure a router Cisco IPS and how it should be better implemented (2921)?

Kind regards

Laurent

Hello

Here is the guide to Setup IOS IPS for IOS 15.0:

http://tinyurl.com/27b7m6n

I hope this helps.

Configuring the Cisco UCS 5108 ports

Hi all

I'm new in the world of the Cisco UCS server and am setting up Cisco UCS 5108 blade server. The server has two Cisco UCS 6324 interconnections fabric I did the initial Setup on and I try to configure the ports for the blades. Looking through the various articles and tutorials after setting global policies, I see the whole world establishment of uplink and server ports. What I read the uplink ports are plugged directly into the switches (I work with two cisco nexus switches), and server ports are used to connect to the chassis.

I wonder once the configured ports server what exactly are supposed to connect to? I assumed they would also connect to the switch nexus with the uplink ports. However, every time I set up the server ports and plug them in, the switch doesn't seem to have flooded and we lose all connectivity. If I unplug, the connection is restored almost immediately.

The current configuration, that I work with is two ports uplink on each fabric interconnect (4 2 total in each switch of nexus), two server ports on each (4 2 total, in every nexus switch). The only other element connected to the nexus switches is a SAINT who will be configured as a boot and storage of the UCS 5108.

Looks like you have a Mini UCS (6324), with 4-port 10 GB (each FI/IOM) with port QSFP 40 GB that can provide network connectivity linking rising, or if configured as a server port, could be used to connect to a server in a rack compatible Cisco UCS, or connect to a 5108 additional with IOM 2204XP chassis. The blades installed in your initial 5108 chassis 6324 FI/IOM of housing have internal connectivity to the FIs / IOM without the need to configure ports 'server'...

Please take a look at some of the visuals in the datasheet below.

http://www.Cisco.com/c/en/us/products/collateral/servers-unified-computing/UCS-6300-series-fabric-interconnects/datasheet-C78-732207.html

Unified ports can also be configured as a FC ports for connectivity of FC switch upstream or directly related to CF Storage processors.

After having watched the datasheet, let me know if you have any other questions, and I'll try to address them.

You'll not need actually configure ports such as ports 'server' unless you connect servers in a rack.

Please configure any ethernet SFP type connected to your switches nexus upstream as 'network' uplinks. I guess that you don't plan on a disjoint config layer 2 (where each FI has several sets of uplinks will different devices upstream, or the same device with different VLANS allowed on each link). If you are, we can have a separate thread about how you need to configure that.

Thank you

Kirk...

Need help with the configuration of the Site with crossed on Cisco ASA5510 8.2 IPSec VPN Client (1)

Need urgent help in the configuration of the Client VPN IPSec Site with crossed on Cisco ASA5510 - 8.2 (1).

Here is the presentation:

There are two leased lines for Internet access - a route 1.1.1.1 and 2.2.2.2, the latter being the default Standard, old East for backup.

I was able to configure the Client VPN IPSec Site

(1) with access to the outside so that the internal network (172.16.0.0/24) behind the asa

(2) with Split tunnel with simultaneous assess internal LAN and Internet on the outside.

But I was not able to make the tradiotional model Hairpinng to work in this scenario.

I followed every possible suggestions made on this subject in many topics of Discussion but still no luck. Can someone help me here please?

Here is the race-Conf with Normal Client to Site IPSec VPN configured with no access boarding:

LIMITATION: Cannot boot into any other image ios for unavoidable reasons, must use 8.2 (1)

race-conf - Site VPN Customer normal work without internet access/split tunnel
: ASA Version 8.2 (1) ! ciscoasa hostname domain cisco.campus.com enable the encrypted password xxxxxxxxxxxxxx XXXXXXXXXXXXXX encrypted passwd names of ! interface GigabitEthernet0/0 nameif outside internet1 security-level 0 IP 1.1.1.1 255.255.255.240 ! interface GigabitEthernet0/1 nameif outside internet2 security-level 0 IP address 2.2.2.2 255.255.255.224 ! interface GigabitEthernet0/2 nameif dmz interface security-level 0 IP 10.0.1.1 255.255.255.0 ! interface GigabitEthernet0/3 nameif campus-lan security-level 0 IP 172.16.0.1 255.255.0.0 ! interface Management0/0 nameif CSC-MGMT security-level 100 the IP 10.0.0.4 address 255.255.255.0 ! boot system Disk0: / asa821 - k8.bin boot system Disk0: / asa843 - k8.bin passive FTP mode DNS server-group DefaultDNS domain cisco.campus.com permit same-security-traffic inter-interface permit same-security-traffic intra-interface object-group network cmps-lan the object-group CSC - ip network object-group network www-Interior object-group network www-outside object-group service tcp-80 object-group service udp-53 object-group service https object-group service pop3 object-group service smtp object-group service tcp80 object-group service http-s object-group service pop3-110 object-group service smtp25 object-group service udp53 object-group service ssh object-group service tcp-port port udp-object-group service object-group service ftp object-group service ftp - data object-group network csc1-ip object-group service all-tcp-udp access list INTERNET1-IN extended permit ip host 1.2.2.2 2.2.2.3 access-list extended SCC-OUT permit ip host 10.0.0.5 everything list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq www list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any https eq list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq ssh list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 no matter what eq ftp list of access CAMPUS-LAN extended permitted udp 172.16.0.0 255.255.0.0 no matter what eq field list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq smtp list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq pop3 access CAMPUS-wide LAN ip allowed list a whole access-list CSC - acl note scan web and mail traffic access-list CSC - acl extended permit tcp any any eq smtp access-list CSC - acl extended permit tcp any any eq pop3 access-list CSC - acl note scan web and mail traffic access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 993 access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq imap4 access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 465

race-conf - Site VPN Customer normal work without internet access/split tunnel

ASA Version 8.2 (1)

ciscoasa hostname

domain cisco.campus.com

enable the encrypted password xxxxxxxxxxxxxx

XXXXXXXXXXXXXX encrypted passwd

names of

interface GigabitEthernet0/0

nameif outside internet1

security-level 0

IP 1.1.1.1 255.255.255.240

interface GigabitEthernet0/1

nameif outside internet2

security-level 0

IP address 2.2.2.2 255.255.255.224

interface GigabitEthernet0/2

nameif dmz interface

security-level 0

IP 10.0.1.1 255.255.255.0

interface GigabitEthernet0/3

nameif campus-lan

security-level 0

IP 172.16.0.1 255.255.0.0

interface Management0/0

nameif CSC-MGMT

security-level 100

the IP 10.0.0.4 address 255.255.255.0

boot system Disk0: / asa821 - k8.bin

boot system Disk0: / asa843 - k8.bin

passive FTP mode

DNS server-group DefaultDNS

domain cisco.campus.com

permit same-security-traffic inter-interface

permit same-security-traffic intra-interface

object-group network cmps-lan

the object-group CSC - ip network

object-group network www-Interior

object-group network www-outside

object-group service tcp-80

object-group service udp-53

object-group service https

object-group service pop3

object-group service smtp

object-group service tcp80

object-group service http-s

object-group service pop3-110

object-group service smtp25

object-group service udp53

object-group service ssh

object-group service tcp-port

port udp-object-group service

object-group service ftp

object-group service ftp - data

object-group network csc1-ip

object-group service all-tcp-udp

access list INTERNET1-IN extended permit ip host 1.2.2.2 2.2.2.3

access-list extended SCC-OUT permit ip host 10.0.0.5 everything

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq www

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any https eq

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq ssh

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 no matter what eq ftp

list of access CAMPUS-LAN extended permitted udp 172.16.0.0 255.255.0.0 no matter what eq field

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq smtp

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq pop3

access CAMPUS-wide LAN ip allowed list a whole

access-list CSC - acl note scan web and mail traffic

access-list CSC - acl extended permit tcp any any eq smtp

access-list CSC - acl extended permit tcp any any eq pop3

access-list CSC - acl note scan web and mail traffic

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 993

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq imap4

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 465

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq www

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq https

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq smtp

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq pop3

access-list extended INTERNET2-IN permit ip any host 1.1.1.2

access-list sheep extended ip 172.16.0.0 allow 255.255.0.0 172.16.0.0 255.255.0.0

access list DNS-inspect extended permit tcp any any eq field

access list DNS-inspect extended permit udp any any eq field

access-list extended capin permit ip host 172.16.1.234 all

access-list extended capin permit ip host 172.16.1.52 all

access-list extended capin permit ip any host 172.16.1.52

Capin list extended access permit ip host 172.16.0.82 172.16.0.61

Capin list extended access permit ip host 172.16.0.61 172.16.0.82

access-list extended capout permit ip host 2.2.2.2 everything

access-list extended capout permit ip any host 2.2.2.2

Access campus-lan_nat0_outbound extended ip 172.16.0.0 list allow 255.255.0.0 192.168.150.0 255.255.255.0

pager lines 24

Enable logging

debug logging in buffered memory

asdm of logging of information

Internet1-outside of MTU 1500

Internet2-outside of MTU 1500

interface-dmz MTU 1500

Campus-lan of MTU 1500

MTU 1500 CSC-MGMT

IP local pool 192.168.150.2 - 192.168.150.250 mask 255.255.255.0 vpnpool1

IP check path reverse interface internet2-outside

IP check path reverse interface interface-dmz

IP check path opposite campus-lan interface

IP check path reverse interface CSC-MGMT

no failover

ICMP unreachable rate-limit 1 burst-size 1

ASDM image disk0: / asdm - 621.bin

don't allow no asdm history

ARP timeout 14400

interface of global (internet1-outside) 1

interface of global (internet2-outside) 1

NAT (campus-lan) 0-campus-lan_nat0_outbound access list

NAT (campus-lan) 1 0.0.0.0 0.0.0.0

NAT (CSC-MGMT) 1 10.0.0.5 255.255.255.255

static (CSC-MGMT, internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255

Access-group INTERNET2-IN interface internet1-outside

group-access INTERNET1-IN interface internet2-outside

group-access CAMPUS-LAN in campus-lan interface

CSC-OUT access-group in SCC-MGMT interface

Internet2-outside route 0.0.0.0 0.0.0.0 2.2.2.5 1

Route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-registration DfltAccessPolicy

the ssh LOCAL console AAA authentication

AAA authentication enable LOCAL console

Enable http server

http 10.0.0.2 255.255.255.255 CSC-MGMT

http 10.0.0.8 255.255.255.255 CSC-MGMT

HTTP 1.2.2.2 255.255.255.255 internet2-outside

HTTP 1.2.2.2 255.255.255.255 internet1-outside

No snmp server location

No snmp Server contact

Server enable SNMP traps snmp authentication linkup, linkdown cold start

Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

life crypto ipsec security association seconds 28800

Crypto ipsec kilobytes of life - safety 4608000 association

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs set group5

Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

Crypto map internet2-outside_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

crypto internet2-outside_map outside internet2 network interface card

Crypto ca trustpoint _SmartCallHome_ServerCA

Configure CRL

Crypto ca certificate chain _SmartCallHome_ServerCA

certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy

a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

a67a897as a67a897as a67a897as a67a897as a67a897as

quit smoking

ISAKMP crypto enable internet2-outside

crypto ISAKMP policy 10

preshared authentication

aes encryption

md5 hash

Group 2

life 86400

Telnet 10.0.0.2 255.255.255.255 CSC-MGMT

Telnet 10.0.0.8 255.255.255.255 CSC-MGMT

Telnet timeout 5

SSH 1.2.3.3 255.255.255.240 internet1-outside

SSH 1.2.2.2 255.255.255.255 internet1-outside

SSH 1.2.2.2 255.255.255.255 internet2-outside

SSH timeout 5

Console timeout 0

a basic threat threat detection

Statistics-list of access threat detection

no statistical threat detection tcp-interception

WebVPN

internal VPN_TG_1 group policy

VPN_TG_1 group policy attributes

Protocol-tunnel-VPN IPSec

username ssochelpdesk encrypted password privilege 15 xxxxxxxxxxxxxx

privilege of encrypted password username administrator 15 xxxxxxxxxxxxxx

username vpnuser1 encrypted password privilege 0 xxxxxxxxxxxxxx

username vpnuser1 attributes

VPN-group-policy VPN_TG_1

type tunnel-group VPN_TG_1 remote access

attributes global-tunnel-group VPN_TG_1

address vpnpool1 pool

Group Policy - by default-VPN_TG_1

IPSec-attributes tunnel-group VPN_TG_1

pre-shared-key *.

class-map cmap-DNS

matches the access list DNS-inspect

CCS-class class-map

corresponds to the CSC - acl access list

type of policy-card inspect dns preset_dns_map

parameters

message-length maximum 512

Policy-map global_policy

CCS category

CSC help

cmap-DNS class

inspect the preset_dns_map dns

global service-policy global_policy

context of prompt hostname

Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y

: end

Adding dynamic NAT for 192.168.150.0/24 on the external interface works, or works the sysopt connection permit VPN

Please tell what to do here, to pin all of the traffic Internet from VPN Clients.

That is, that I need clients connected via VPN tunnel, when connected to the internet, should have their addresses IP NAT'ted against the address of outside internet2 network 2.2.2.2 interface, as it happens for the customers of Campus (172.16.0.0/16)

I am well aware of all involved in here, so please be elaborative in your answers. Please let me know if you need more information about this configuration to respond to my request.

Thank you & best regards

MAXS

Hello

If possible, I'd like to see that a TCP connection attempt (e.g. http://www.google.com) in the ASDM logging of the VPN Client when you set up the dynamic NAT for the VPN Pool also.

I'll try also the command "packet - trace" on the SAA, while the VPN Client is connected to the ASA.

The command format is

packet-tracer intput tcp

That should tell what the SAA for this kind of package entering its "input" interface

Still can not see something wrong with the configuration (other than the statement of "nat" missing Dynamics PAT)

-Jouni

Default configuration of the PFS on the Cisco ISR

Hello

I want to learn more about the default configuration of PFS on the Cisco ISR router.

-Introduction to IP Security (IPSec) encryption - create a Crypto map
http://www.Cisco.com/en/us/Tech/tk583/TK372/technologies_tech_note09186a0080094203.shtml#cryptomap

You can also change the configuration of your PFS here. PFS Group1 is the default value in this example. You can change the PFS to group2, or turn off all together, you should not do.

DT3-45 a (config) #crypto card armadillo 10 ipsec-isakmp
DT3 - 45's (config-crypto-map) #set counterpart 192.168.10.38
DT3 - 45 session key has seconds (config-crypto-map) #set 4000
DT3 - 45's (config-crypto-map) #set transform-set HAAT PapaBear BabyBear
DT3 - 45's (config-crypto-map) #match address 101
--------

This example has no configuration PFS PFS is set to group1.
However, the following command reference indicates that PFS is not requested.
Which is the correct description for the PFS setting?

-the pfs value
http://www.Cisco.com/en/us/docs/iOS/Security/command/reference/sec_s2.html#wp1063163

Default values
By default, it is not required of PFS. If no group is specified with this command, the Group1 keyword is used by default.
-------

Thank you for your cooperation in advance.

Order is correct.

If pfs set is not configured in the crypto map configuration, pfs will be negotiated not.

If set pfs is configured without any group, then it uses default group1

And if you do not want to use the other group, you set the group # in the command set pfs.

I hope it is clear now.

SSL VPN may be configured on the router from Cisco 881/K9?

I'm now confused if SSL VPN can be configured on the router from Cisco 881/K9.

Please someone advise me.

If Yes, for only 5 users, what I need to buy the license or license is supplied with the router?

Thank you.

Yes, and you need a license:

FL-WEBVPN-10-K9

License SSL VPN functionality for up to 10 users (incremental), to 12.4 T based only IOS versions

FL-SSLVPN10-K9

License SSL VPN functionality for up to 10 users (incremental) for the only based 15.x IOS versions

[Cisco FAQ] - how to back UP and RESTORE the configuration of the RFGW1?

I want Backup and restore my RFGW1

Go to the SYSTEM tab, and then choose the CONFIGURATION of the BACKUP or RESTORE the CONFIGURATION

The chassis settings backup is also written to the FTP server préfixons. The backup file is generated and consists of the IP address of the chassis and the date. Below is an example of the name of the backup file.

cfg_10_90_140_15_07_06_2012.gz

Settings for the FTP server are located at the bottom of the page. Click on 'display the FTP settings '.

Feature request: make the list "Ignored method" configurable from the GUI

When the current generation, please edit Onyx.settings file for Add/Remove methods that should be ignored.
This function can be made available in the GUI?
BTW, when the Onyx does not read the file Onyx.settings? Only at startup? Or every time you start a capture?
____________
Blog: LucD notes
Twitter: lucd22

Hi LucD,

Thanks for the suggestion! I agree with you that it will be much more convenient if these settings can be changed in the GUI. I put your suggestion as a feature request in our database, and it will run in a future release.

And to answer your question - the settings are loaded only at startup. However some of the changes made in the settings dialog box take effect immediately after save you them.

Kind regards

Ignat

D9036 - GUI Login - IP Configuration of the Cisco encoder

Similar Questions

Maybe you are looking for