Debugging printer Packet newspapers
I would like to 'Debug' of the traffic of the printer. However, I am not sure of the syntax.
I was using pix # debug package CBC 192.168.11x.xxx netmask 255.255.255.255 255.255.255.255 subnet mask dst 10.100.2.xxx
Because this has not worked for me, I know that the syntax is incorrect. Could someone post the proper syntax?
Thank you..
Syntax:
[No] debug [CBC source_ip [mask netmask]] package if_name [dst dest_ip [mask netmask]] | [proto udp [sport src_port] [dport dest_port]] [rx: tx | time]
Example:
debug in src 192.168.11x.xxx netmask 255.255.255.255 package dst 10.100.2.xxx netmask 255.255.255.255 times
or for tcp port 9100
debug the package inside the CBC 192.168.11x.xxx netmask 255.255.255.255 dst 10.100.2.xxx netmask 255.255.255.255 proto tcp dport 9100 times
sincerely
Patrick
Tags: Cisco Security
Similar Questions
-
HP Officejet Pro 8620: Auto prints Fax newspapers - when no Fax has been sent
Several times now, my printer prints sheet Fax connects during the night. I have not hooked to a phone line, or use the fax machine. It prints 40 to 50 pages of newspapers only fax sheet at a time using usually upward all the paper in the tray. It happens always in the night. Is there some features need me to disable this option? Any help is appreciated.
Hi @antiquesbyadkin,
I see by your post that the printer automatically prints a log of faxes. I would like to help you today. If this helps you to find a solution, please click on the button "" accept as Solution"" down below this message. If you want to say thanks for my effort to help, click on the 'Thumbs Up' to give me a Kudos.
I checked the manual, for this model I don't see anyway to change the fax log. You must manually select the menu to print it. I also checked our laboratory model and could not find the settings to disable this feature.
I want to erase on the log of faxes, which should already be empty because the printer is not used for faxing.
1. in the Control Panel printer displays, touch and drag your finger across the screen, then
Select Configuration.
2. press on the configuration of the fax and then tap Tools Fax.
3. press on the clear fax log.If you are setup for ePrint, it may be a sender who sends faxes over newspaper. To know for sure, I would say to set up the account to only allow that shippers. Go to hpconnected.com, click on devices, next to your name of the printer, select settings, then select admitted only shippers. (you can add senders individually) Test this out for a few days to see if it was the cause of this.
I would say for updating the firmware of the printer, to see if that can help you if the problem persists. OJP8620_R1502A.zip
Please let me know the results. Good day! Thank you.
-
I used the "debug ip packet detail list # ' for years on the routers. Is there a similar command on the SAA?
Thank you
Allyn
Watch the capture on the ASA command. It's pretty neat, and I believe you will find what you are looking for in this command. It captures the packets flowing through the ASA. It allows you to use access lists to control what it will capture.
HTH
Rick
-
debugging/troubleshooting IPSec one-way traffic tunnel
I'll put up a business network IPSec consists of a UC520 at the head end (Headquarters) and several routers Linksys WRV remotes nodes/network. I see that ISAKMP and IPSec SA on both ends and I ping the IP of the remote networks UC520 internal. However, I can not ping any other IP on the network of the company.
I see of "cry ips to show his" packages are décapsulés (remote business) but none are encapsulated (remote business). I can also see (from a traceroute) how remote business packages are sent to the default gateway of the UC520 to the Internet instead of being placed in the tunnel. This jives with what I see with ' sho ips cry her. "
I made sure to create an ACL for the NAT for corporate remote subnets are not translated, but I don't know what else to check. I tried to do a "debug IP packet detail xxx' with a corresponding company in remote traffic but the debug and ACL get no success.
Any other ideas?
Thank you
DiegoWell, looks like that your exemption of Nat does not work. Check 'show ip nat trans' confirm this when sending traffic.
Can you maybe post your config NAT (together)?
-
debugging packages with ASA 7.2 worm (2)
Hello
Previously with the version 6.3 of the PIX you can debug the packets in real time. That is to say with the command of debug package.
Looking through the ASA 7.2 (2) order that the command of debug package no longer exists. If the order of packet - trace exists, is not in real time.
Does anyone know how you debug packages with version 7.2 (2).
Thank you
Brett
Create an ACL identify traffic that you want to debug. Create a capture specifying the ACL and the interface enters the circulation.
Example:
capture from the list of allowed access host ip x.x.x.x y.y.y.y
capture mycapture access interface to capture inside list
See capture mycapture detail dump
-
Problems with NAT? Can't access internet from inside the network?
I was intrigued with this problem for a few days now. I'm stuck on what could be the issue. The problem is that I can ping my router, G0/0 and G0/1, to the internet. However, since the switch and my PC, I can not ping Internet. I'm sure that everything is configured correctly, but here is my setup for the switch and the router:
Router 1:
version 15.1
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
hostname LAN_Router_1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 *.
!
No aaa new-model
!
no location network-clock-participate 3
!
dot11 syslog
no ip source route
!
IP cef
!
!
!
!
domain IP MyTestLab.com
8.8.8.8 IP name-server
IP-server names 8.8.4.4
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
Crypto pki token removal timeout default 0
!
!
!
!
license udi pid CISCO3845-MB sn FOC105013BA
username * secret privilege 15 5 *.
!
redundancy
!
!
property intellectual ssh time 60
property intellectual ssh authentication-2 retries
property intellectual ssh event logging
property intellectual ssh version 2
!
!
!
!
!
!
!
!
interface Loopback0
192.168.254.1 IP 255.255.255.255
!
interface GigabitEthernet0/0
DHCP IP address
penetration of the IP stream
stream IP output
NAT outside IP
IP virtual-reassembly in
automatic duplex
automatic speed
media type rj45
!
interface GigabitEthernet0/1
the IP 192.168.0.1 255.255.255.248
penetration of the IP stream
stream IP output
IP nat inside
IP virtual-reassembly in
GLBP 100 ip 192.168.0.4
priority GLBP 100 115
GLBP 100 preempt
automatic duplex
automatic speed
media type rj45
!
ospf Router 5
router ID - 192.168.254.1
network 192.168.0.1 0.0.0.0 area 1
192.168.254.1 network 0.0.0.0 area 0
!
IP forward-Protocol ND
no ip address of the http server
no ip http secure server
!
!
IP nat inside source list 10 interface GigabitEthernet0/0 overload
IP route 0.0.0.0 0.0.0.0 dhcp
!
access-list 10 permit 192.168.94.32 0.0.0.15 connect
access-list 10 permit 192.168.17.0 connect 0.0.0.7
access-list 10 permit 192.168.52.0 connect 0.0.0.7
access-list 10 permit 192.168.0.0 0.0.0.7 connect
access-list 10 deny any newspaper
!
!
!
!
!
!
control plan
!
!
!
!profile MGCP default
!
!
!
!
!
connection of the banner ^ C
W A R N I N GTHIS IS A PRIVATE COMPUTER SYSTEM.
This computer system, including all related equipment, network devices
(specifically including Internet access), are provided only for
authorized used.All computer systems may be monitored for all lawful, including purpose
to ensure that their use is authorized, for management of the system, to
facilitate protection against unauthorized access, and to verify security
survival and operational security procedures.Monitoring includes active attacks by authorized personnel and their
entities to test or verify the security of the system. During the surveillance,.
information may be examined, recorded, copied and used for authorized
purposes.All information, including personal information, placed on or sent over
This system may be monitored. Uses of this system, authorized or
unauthorized, constitutes consent to monitoring of this system.Unauthorized use may subject you to criminal prosecution. Evidence of
any unauthorized use collected during monitoring may be used for
administrative, criminal or other adverse action. Use of this system
constitutes a consent to monitoring for these purposes.
^ C
!
Line con 0
Synchronous recording
local connection
line to 0
line vty 0
local connection
entry ssh transport
output transport ssh
line vty 1 4
opening of session
transport of entry all
!
Scheduler allocate 20000 1000
NTP 198.60.73.8 Server
NTP 13.85.70.43 Server
SaveRunConfig event manager applet
cron cron-event timer entry ' 0 0 * * ".
command action 1.0 cli 'enable '.
cli 2.0 action command "RAM".Router 2:
version 15.1
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
hostname LAN_Router_2
!
boot-start-marker
boot-end-marker
!
!
! card order type necessary for slot 1
Monitor logging warnings
enable secret 5 *.
!
No aaa new-model
!
clock timezone CST - 5 0
!
dot11 syslog
IP source-route
!
IP cef
!
!
!
!
domain IP MyTestLab.com
8.8.8.8 IP name-server
IP-server names 8.8.4.4
No ipv6 cef
!
Authenticated MultiLink bundle-name Panel
!
!
!
!
type of parameter-card inspect global
Select a dropped packet newspapers
!
voice-card 0
!
!
!
!
!
!
!
Crypto pki token removal timeout default 0
!
!
!
!
license udi pid CISCO3845-MB sn FOC1411592J
username * secret 5 *.!
redundancy
!
!
property intellectual ssh time 60
property intellectual ssh authentication-2 retries
property intellectual ssh event logging
property intellectual ssh version 2
!
!
!
!
!
!
!
!
interface Loopback0
192.168.254.2 the IP 255.255.255.255
!
interface GigabitEthernet0/0
DHCP IP address
penetration of the IP stream
stream IP output
NAT outside IP
IP virtual-reassembly in
automatic duplex
automatic speed
media type rj45
!
interface GigabitEthernet0/1
IP 192.168.0.2 255.255.255.248
penetration of the IP stream
stream IP output
IP nat inside
IP virtual-reassembly in
GLBP 100 ip 192.168.0.4
priority GLBP 100 110
automatic duplex
automatic speed
media type rj45
!
ospf Router 5
router ID - 192.168.254.2
network 192.168.0.2 0.0.0.0 area 1
0.0.0.0 network 192.168.254.2 area 0
!
Default IP gateway 192.168.0.1
IP forward-Protocol ND
no ip address of the http server
no ip http secure server
!
!
IP nat inside source list 10 interface GigabitEthernet0/0 overload
IP route 0.0.0.0 0.0.0.0 dhcp
!
SSH extended IP access list
permit tcp host 192.168.52.2 any eq 22 log
permit tcp 192.168.10.0 0.0.0.255 any eq 22 log
permit tcp host 192.168.17.18 any eq 22 log
any eq 22 host tcp 192.168.0.1 newspaper permit
permit tcp host 192.168.0.2 any eq 22 log
permit tcp host 192.168.0.3 any eq 22 log
permit tcp host 192.168.0.5 any eq 22 log
denyip a session
!
access-list 10 permit 192.168.94.32 0.0.0.15 connect
access-list 10 permit 192.168.17.0 connect 0.0.0.7
access-list 10 permit 192.168.52.0 connect 0.0.0.7
access-list 10 permit 192.168.0.0 0.0.0.7 connect
access-list 10 deny any newspaper
!
!
!
!
!
!
control plan
!
!
!
!
profile MGCP default
!
!
!
!
!
connection of the banner ^ C
W A R N I N GTHIS IS A PRIVATE COMPUTER SYSTEM.
This computer system, including all related equipment, network devices
(specifically including Internet access), are provided only for
authorized used.All computer systems may be monitored for all lawful, including purpose
to ensure that their use is authorized, for management of the system, to
facilitate protection against unauthorized access, and to verify security
survival and operational security procedures.Monitoring includes active attacks by authorized personnel and their
entities to test or verify the security of the system. During the surveillance,.
information may be examined, recorded, copied and used for authorized
purposes.All information, including personal information, placed on or sent over
This system may be monitored. Uses of this system, authorized or
unauthorized, constitutes consent to monitoring of this system.Unauthorized use may subject you to criminal prosecution. Evidence of
any unauthorized use collected during monitoring may be used for
administrative, criminal or other adverse action. Use of this system
constitutes a consent to monitoring for these purposes.
^ C
!
Line con 0
session-timeout 360
exec-timeout 360 0
7 password *.
Synchronous recording
local connection
line to 0
opening of session
line vty 0 4
SSH access class in
Synchronous recording
local connection
entry ssh transport
output transport ssh
!
Scheduler allocate 20000 1000
NTP 198.60.73.8 Server
NTP 13.85.70.43 Server
SaveRunConfig event manager applet
cron cron-event timer entry ' 0 0 * * ".
command action 1.0 cli 'enable '.
cli 2.0 action command "RAM".Switch:
version 12.2
no service button
tcp KeepAlive-component snap-in service
a tcp-KeepAlive-quick service
horodateurs service debug uptime
Log service timestamps uptime
encryption password service
!
hostname LAN_Switch
!
boot-start-marker
boot-end-marker
!
!
username * secret privilege 15 5 *.
!
!
!
No aaa new-model
clock timezone CST - 6
1 supply ws-c3750-24ts switch
mtu 1500 routing system
IP routing
IP - domain name MyTestLab.com
8.8.8.8 IP name-server
IP-server names 8.8.4.4
!
!
!
!
!
!
!
!
!
spanning tree mode rapid pvst
spanning tree logging
spanning tree extend id-system
!
internal allocation policy of VLAN ascendant
!
property intellectual ssh time 60
property intellectual ssh authentication-2 retries
property intellectual ssh event logging
property intellectual ssh version 2
!
!
interface Loopback0
192.168.254.5 the IP 255.255.255.255
!
interface FastEthernet1/0/1
switchport access vlan 17
switchport mode access
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/2
switchport access vlan 10
switchport mode access
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/3
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/4
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/5
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/6
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/7
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/8
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/9
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/10
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/11
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/12
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/13
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/14
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/15
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/16
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/17
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/18
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/19
Description # PC #.
switchport access vlan 10
switchport mode access
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/20
Description # X_BOX #.
switchport access vlan 666
switchport mode access
Shutdown
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/21
switchport access vlan 94
switchport mode access
spanning tree portfast
spanning tree enable bpduguard
!
interface FastEthernet1/0/22
switchport access vlan 5
switchport mode access
!
interface FastEthernet1/0/23
switchport access vlan 5
switchport mode access
!
interface FastEthernet1/0/24
switchport access vlan 5
switchport mode access
!
GigabitEthernet1/0/1 interface
switchport access vlan 666
Shutdown
!
interface GigabitEthernet1/0/2
switchport access vlan 666
Shutdown
!
interface Vlan1
no ip address
Shutdown
!
interface Vlan5
IP 192.168.0.5 255.255.255.248
!
interface Vlan10
address 192.168.10.2 255.255.255.0
!
interface Vlan17
IP 192.168.17.17 255.255.255.248
!
interface Vlan52
IP 192.168.52.1 255.255.255.248
!
interface Vlan94
IP 192.168.94.33 255.255.255.240
!
ospf Router 5
router ID - 192.168.254.5
Log-adjacency-changes
network 192.168.0.5 0.0.0.0 area 1
network 192.168.10.2 0.0.0.0 area 2
network 192.168.17.17 0.0.0.0 area 2
network 192.168.52.1 0.0.0.0 area 2
network 192.168.94.33 0.0.0.0 area 2
0.0.0.0 network 192.168.254.5 area 0
!
IP classless
IP route 0.0.0.0 0.0.0.0 192.168.0.4 permanent
no ip address of the http server
no ip http secure server
!
!
SSH_IN extended IP access list
permit tcp host 192.168.52.2 any eq 22 log
permit tcp 192.168.10.0 0.0.0.255 any eq 22 log
permit tcp host 192.168.17.18 any eq 22 log
any eq 22 host tcp 192.168.0.1 newspaper permit
permit tcp host 192.168.0.2 any eq 22 log
permit tcp host 192.168.0.3 any eq 22 log
permit tcp host 192.168.0.5 any eq 22 log
deny ip any any newspaper
!
!
connection of the banner ^ C
W A R N I N G
THIS IS A PRIVATE COMPUTER SYSTEM.
This computer system, including all related equipment, network devices
(specifically including Internet access), are provided only for
authorized used.
All computer systems may be monitored for all lawful, including purpose
to ensure that their use is authorized, for management of the system, to
facilitate protection against unauthorized access, and to verify security
survival and operational security procedures.
Monitoring includes active attacks by authorized personnel and their
entities to test or verify the security of the system. During the surveillance,.
information may be examined, recorded, copied and used for authorized
purposes.
All information, including personal information, placed on or sent over
This system may be monitored. Uses of this system, authorized or
unauthorized, constitutes consent to monitoring of this system.
Unauthorized use may subject you to criminal prosecution. Evidence of
any unauthorized use collected during monitoring may be used for
administrative, criminal or other adverse action. Use of this system
constitutes a consent to monitoring for these purposes.
^ C
!
Line con 0
session-timeout 60
exec-timeout 60 0
Synchronous recording
local connection
line vty 0
access-class SSH_IN in
local connection
line vty 1 4
access-class SSH_IN in
opening of session
line vty 5 15
access-class SSH_IN in
opening of session
!
NTP 198.60.73.8 Server
Event Manager environment suspend_ports_config flash: / susp_ports.dat
Event Manager environment suspend_ports_days 7
Event Manager user Directorystrategie "flash: / policies /.
Event manager session cli username "stw".
political event manager sl_suspend_ports.tcl
political event manager tm_suspend_ports.tcl
SaveRunConfig event manager applet
cron cron-event timer entry ' 0 0 * * ".
command action 1.0 cli 'enable '.
cli 2.0 action command "RAM".Well, I totally forgot the keyword "log" and NAT:
Cisco IOS NAT support ACLs with a keyword "log"?
A. When you configure Cisco IOS NAT translation dynamic NAT, an ACL is used to identify the packages that can be translated. The current NAT architecture does not support the ACL with a keyword "log".
http://www.Cisco.com/c/en/us/support/docs/IP/network-address-translation...
If your problem is not the mask with joker, but the command "log"...
-
Hello community,
I have a problem that I just don't understand - although I do not know there is a simple explanation.
R3 can not ping itself on 172.28.38.11/16 and I do not understand why. I appreciate R2 has of an interface on Eth 1/2 with ip address 172.28.38.1/24, but its on a separate router and a different mask.
Can someone please explain what I'm missing here.
Please see newspapers
See you soon
I did lab for you and came up with the same result.
R1 cannot ping interface connected locally because of the longest matching rule:
R1(config-Router) sh ip #do road
Code: C - connected, S - static, mobile R - RIP, M-, B - BGP
D - EIGRP, OSPF, IA - external EIGRP, O - EX - OSPF inter zone
N1 - type external OSPF NSSA 1, N2 - type external OSPF NSSA 2
E1 - OSPF external type 1, E2 - external OSPF of type 2
i - IS - Su - summary IS, L1 - IS - IS level 1, L2 - IS level - 2
-IS inter area, * - candidate failure, U - static route by user
o - ODR, P - periodic downloaded route static
Gateway of last resort is not set
172.13.0.0/24 is divided into subnets, subnets 1
C 172.13.0.0 is directly connected, FastEthernet0/1
10.0.0.0/8 is variably divided into subnets, 3 subnets, 2 masks
10.12.0.0/24 [110/30] by 172.13.0.3, 01:42:38, FastEthernet0/1
C 10.12.0.0/16 is directly connected, FastEthernet0/0
10.23.0.0/24 [110/20] by 172.13.0.3, 01:42:48, FastEthernet0/1
R1(config-Router) #do ping 10.12.0.1
Type to abort escape sequence.
Send 5, echoes ICMP 100 bytes to 10.12.0.1, wait time is 2 seconds:
.....
Success rate is 0% (0/5)
Italic is the locally 10.12.0.0/16 subnet with R1 to 10.12.0.1/16. R2 has 10.12.0.2/24. When you ping 10.12.0.1, the router examines the routing table and the view that 10.12.0.0/24 is the most specific match and tries to send it to R2 Fa0/1.
In addition, you use OSPF, masks of the neighbor must match. You will notice that the interface you are trying to ping is an adjacency with the neighbor on the other side. Thus, the route that must be connected is in fact being learned a different interface because of the mask do not match and no contiguity on this interface.
On the R1 debug ip packet:
* Mar 1 02:53:33.951: IP: tableid = 0, s = 172.13.0.1 (FastEthernet0/0), d = 10.12.0.1 (FastEthernet0/1), routed via RIB
* Mar 1 02:53:33.951: IP: s = 172.13.0.1 (FastEthernet0/0), d = 10.12.0.1 (FastEthernet0/1), g = 172.13.0.3, len 100, forward
* 02:53:33.955 Mar 1: type ICMP = 8, code = 0
I have attached my topology for you to see. Here's my adjacencies:
R1:
Neighbor ID Pri State Dead Time Interface address
172.13.0.3 1 FULL/DR 00:00:34 172.13.0.3 FastEthernet0/1
R2:
Neighbor ID Pri State Dead Time Interface address
172.13.0.3 1 FULL/DR 00:00:32 10.23.0.3 FastEthernet0/1
R3:
Neighbor ID Pri State Dead Time Interface address
10.23.0.2 1 FULL/BDR 10.23.0.2 FastEthernet0/1 00:00:33
172.13.0.1 1 FULL/BDR 172.13.0.1 FastEthernet0/0 00:00:39
So what I did was to create a static route for 10.12.0.1/32 pointing to fa0/1 (172.13.0.1) in R3. Then I created a static route on R2 to R3 10.12.0.1/32. I could do a ping at this time:
R2 #trace 10.12.0.1
Type to abort escape sequence.
The route to 10.12.0.1
1 10.23.0.3 48 ms 36 ms 24 ms
2 172.13.0.1 84 MS * 52 msec
R2 #.
Before doing so, I couldn't do a ping of R2 at 10.12.0.1/32. The reason was once he hit R3, R3 was a road for 10.12.0.0/24 of R2 and referred it back to R2, creating a loop.
Now I can ping R1, but why? R1 sends still to R3 but R3 says now R1 to get back to itself on 172.13.0.1:
R1 #ping 10.12.0.1 rep 2
Type to abort escape sequence.
Send 2, echoes ICMP 100 bytes to 10.12.0.1, wait time is 2 seconds:
!!
Success rate is 100 per cent (2/2), round-trip min/avg/max = 28/48/68 ms
R1 #.
R3 #.
* 03:08:14.523 Mar 1: ICMP: redirect sent to 172.13.0.1 for 10.12.0.1 dest, use gw 172.13.0.1
R3 #.
So, it is definitely the longest matching rule. You can try this to fix yours although I certainly wouldn't do it in production because their no reason really. Put a static route on the host that would be your next hop for the longest subnet (whatever the host is called f0/1). You can put a static on this host for 172.28.38.1/32 pointing to his next jump back to this router. Once you do this, R3 will send a package and it will get returned with a response. It is only a thing of laboratory
HTH,
JohnPlease note all useful messages *.
-
IPSEC VPN tunnel on issue of Zonebased Firewall
Help, please!
I'm trying to configure a router lab ISR1921 to build the VPN tunnel with vmware vshield edge. The configuration of the 1921 is pasted below. There is not a lot of adjustment on the side of vshield really and I'm sure both sides are adapting to phase 1 & 2.
The question I have: the tunnel can be built correctly and I also see from show crypto ipsec release encap and decap counters. However the devices on each side can communicate. That said, I can ping from 1921 to the IP of the internal interface of the vshield with IP source specified. But just no communication part and other...
I did debugs and only "error" messages are:
01:58:03.193 20 February: ISAKMP: (1001): error suppression node 1656104565 FALSE reason 'informational (in) State d1.
...
01:58:03.193 20 February: ISAKMP: (1001): purge the node-1657220080
I hope that I did a stupid thing to configure error, but I spent too much time on it. It is supposed to be a really simple installation... Please help!
!
version 15.4
horodateurs service debug datetime msec
Log service timestamps datetime msec
no password encryption service
!
Lab-1900 host name
!
boot-start-marker
boot system flash: c1900-universalk9-mz. Spa. 154 - 1.T1.bin
boot system flash: c1900-universalk9-mz. Spa. 151 - 4.M7.bin
boot system flash: c1900-universalk9-mz. Spa. 150 - 1.M4.bin
boot-end-marker
!
AAA new-model
!
AAA authentication login default local
authorization AAA console
AAA authorization exec default local
!
AAA - the id of the joint session
clock timezone AST - 4 0
clock to summer time recurring ADT 3 Sun Mar 2 Sun Nov 02:00 02:00
!
DHCP excluded-address IP 192.168.100.1 192.168.100.40
!
dhcp DHCPPOOL IP pool
import all
network 192.168.100.0 255.255.255.0
LAB domain name
DNS 8.8.8.8 Server 4.2.2.2
default router 192.168.100.1
4 rental
!
Laboratory of IP domain name
8.8.8.8 IP name-server
IP-server names 4.2.2.2
inspect the IP log drop-pkt
IP cef
No ipv6 cef
!
type of parameter-card inspect global
Select a dropped packet newspapers
Max-incomplete 18000 low
20000 high Max-incomplete
Authenticated MultiLink bundle-name Panel
!
redundancy
!
property intellectual ssh version 2
!
type of class-card inspect entire game ESP_CMAP
match the name of group-access ESP_ACL
type of class-card inspect the correspondence SDM_GRE_CMAP
match the name of group-access GRE_ACL
type of class-card inspect entire game PAC-cls-icmp-access
match icmp Protocol
tcp protocol match
udp Protocol game
type of class-card inspect correspondence sdm-cls-VPNOutsideToInside-13
game group-access 154
class-card type check ALLOW-VPN-TRAFFIC-OUT match-all
match the ALLOW-VPN-TRAFFIC-OUT access group name
type of class-card inspect entire game PAC-cls-insp-traffic
match Protocol pptp
dns protocol game
ftp protocol game
https protocol game
match icmp Protocol
match the imap Protocol
pop3 Protocol game
netshow Protocol game
Protocol shell game
match Protocol realmedia
match rtsp Protocol
smtp Protocol game
sql-net Protocol game
streamworks Protocol game
tftp Protocol game
vdolive Protocol game
tcp protocol match
udp Protocol game
http protocol game
type of class-card inspect entire game AH_CMAP
match the name of group-access AH_ACL
inspect the class-map match ALLOW VPN TRAFFIC type
match the ALLOW-VPN-TRAFFIC-OUT access group name
type of class-card inspect correspondence ccp-invalid-src
game group-access 126
type of class-card inspect entire game PAC-insp-traffic
corresponds to the class-map PAC-cls-insp-traffic
type of class-card inspect entire game SDM_VPN_TRAFFIC
match Protocol isakmp
match Protocol ipsec-msft
corresponds to the AH_CMAP class-map
corresponds to the ESP_CMAP class-map
type of class-card inspect correspondence ccp-icmp-access
corresponds to the class-ccp-cls-icmp-access card
type of class-card inspect the correspondence SDM_VPN_PT
game group-access 137
corresponds to the SDM_VPN_TRAFFIC class-map
!
type of policy-card inspect self-out-pmap
class type inspect PCB-icmp-access
inspect
class class by default
Pass
policy-card type check out-self-pmap
class type inspect SDM_VPN_PT
Pass
class class by default
Drop newspaper
policy-card type check out-pmap
class type inspect PCB-invalid-src
Drop newspaper
class type inspect ALLOW VPN TRAFFIC OUT
inspect
class type inspect PCB-insp-traffic
inspect
class class by default
Drop newspaper
policy-card type check out in pmap
class type inspect sdm-cls-VPNOutsideToInside-13
inspect
class class by default
Drop newspaper
!
security of the area outside the area
safety zone-to-zone
safety zone-pair zp-self-out source destination outside zone auto
type of service-strategy inspect self-out-pmap
safety zone-pair zp-out-to source out-area destination in the area
type of service-strategy check out in pmap
safety zone-pair zp-in-out source in the area of destination outside the area
type of service-strategy inspect outside-pmap
source of zp-out-auto security area outside zone destination auto pair
type of service-strategy check out-self-pmap
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
ISAKMP crypto key iL9rY483fF address 172.24.92.103
!
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
tunnel mode
!
IPSEC_MAP 1 ipsec-isakmp crypto map
Tunnel Sandbox2 description
defined by peer 172.24.92.103
Set security-association second life 28800
game of transformation-ESP-3DES-SHA
PFS group2 Set
match address 150
!
the Embedded-Service-Engine0/0 interface
no ip address
Shutdown
!
interface GigabitEthernet0/0
WAN description
IP 172.24.92.18 255.255.255.0
NAT outside IP
No virtual-reassembly in ip
outside the area of security of Member's area
automatic duplex
automatic speed
No mop enabled
card crypto IPSEC_MAP
Crypto ipsec df - bit clear
!
interface GigabitEthernet0/1
LAN description
IP 192.168.100.1 address 255.255.255.0
IP nat inside
IP virtual-reassembly in
Security members in the box area
automatic duplex
automatic speed
!
IP forward-Protocol ND
!
IP http server
access-class 2 IP http
local IP http authentication
IP http secure server
!
IP nat inside source map route RMAP_4_PAT interface GigabitEthernet0/0 overload
IP route 0.0.0.0 0.0.0.0 172.24.92.254
!
AH_ACL extended IP access list
allow a whole ahp
ALLOW-VPN-TRAFFIC-OUT extended IP access list
IP 192.168.100.0 allow 0.0.0.255 192.168.1.0 0.0.0.255
ESP_ACL extended IP access list
allow an esp
TELNET_ACL extended IP access list
permit tcp any any eq telnet
!
allowed RMAP_4_PAT 1 route map
corresponds to the IP 108
!
1snmp2use RO SNMP-server community
access-list 108 deny ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 108 allow ip 192.168.100.0 0.0.0.255 any
access-list 126 allow the ip 255.255.255.255 host everything
access-list 126 allow ip 127.0.0.0 0.255.255.255 everything
access-list 137 allow ip 172.24.92.0 0.0.0.255 any
access-list 150 permit ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 154 allow ip 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255
!
control plan
!
Line con 0
exec-timeout 0 0
Synchronous recording
line to 0
line 2
no activation-character
No exec
preferred no transport
transport output pad rlogin lapb - your MOP v120 udptn ssh telnet
StopBits 1
line vty 0 4
access-class TELNET_ACL in
exec-timeout 0 0
Synchronous recording
transport of entry all
line vty 5 15
access-class TELNET_ACL in
exec-timeout 0 0
Synchronous recording
transport of entry all
!
Scheduler allocate 20000 1000
0.ca.pool.ntp.org server NTP prefer
1.ca.pool.ntp.org NTP server
!
end
NAT looks fine.
Please create an ACL with bidirecctional ACEs and add it as a group of access to the interface of penetration:
IP access-list extended 180
IP 192.168.100.0 allow 0.0.0.255 192.168.1.0 0.0.0.255 connect
ip permit 192.168.1.0 0.0.0.255 192.168.100.0 0.0.0.255 connect
allow an ip
interface GigabitEthernet0/1
IP access-group 180 to
IP access-group out 180
Generer generate traffic, then run the command display 180 access lists .
Also, if possible activate debug ip icmp at the same time.
Share the results.
Thank you
-
AO532h e-recovery - backup file not found
AO532h (Win 7) e-recovery successful (better than ever). One works a program to find the backup files "before recovery?
This file was new in... C:/backup/public/.../log/channel.ini:
[PATH OF LOG]
C:\Users\Public\OEM\Acer VCM\Log
[UDP ONLY]
OFF
[LOG LEVEL]
DEBUGGING
[UDP PACKET LOWERBOUND]
1
[NORMAL THREAD WAIT TIMES]
1000
[EVALUATION PRIOR TO VIDEO VERSION]
3
[UDP RECV DISCONNECT DRY]
30
[UDP SENDING DISCONNECT DRY]
20
[KEEP ALIVE INTERVAL]
500
[UDP SYN QUEUE TIME]
20000
[PACKAGE SYN]
50
[TCP RELAY THRESHOLD]
1000
[DYNAMICS OF BANDWIDTH INCOMING INTERVAL]
20
[DYNAMICS OF BANDWIDTH OUTGOING INTERVAL]
50
[2ND INVITATION TIMEOUT]
2Boots fine. Reconstruction still Windows. May have lost the e-recovery of the backup. Thanks for the reply. I'll get back to you.
-
PPPoE works do not on a bridge-CSR1000V
Hello fans of Cisco.
I have a problem with a validation on a CSR1000V config in my lab.
I have implemented a full PPPoE configuration server forward (bba, vpdn, virtual model...) with a bba group named PPP with L2TP.
When I turn the server on my local interface, my customer (an old 1841 with a client pppoe-pool-numbering code) in the same local network to connect without a problem:
interface GigabitEthernet1 no ip address pppoe enable group PPP
But when I pass my PPPoE server to a bridge domain, it seems that the process server to no longer receive the packets 'PADI ':
bridge-domain 12 ! interface GigabitEthernet1 no ip address service instance 1 ethernet encapsulation untagged bridge-domain 12 ! interface BDI12 no ip address pppoe enable group PPP
When the client sends packets PADI, the number of entries in the article IG1 increments but the number of entries in BDI12 don't. And 'debug pppoe packets' does not display any package on the side of the CSR.
I already tried to set an IP address on BDI12, and I can ping it without problem in my test client, so the connectivity seems ok.
For more information, I need to move my PPPoE server to a BDI interface, because the final idea is to receive requests from partners NNI on pseudowires remote, not on-site:
l2 vfi ppp-test manual vpn id 12 bridge-domain 12 neighbor 1.1.1.2 1234 encapsulation mpls
This part is ready (ping works with static IP) but the same problem with PPPoE packets.
Anyone has an idea why the PPPoE does not work on the BDI interface?
Thanks for your help!
Best regards
Guillaume
Guillaume,
I'm sorry to disappoint you, but it seems that the combination of Ethernet and PPPoE service instances is not supported. Documentation for ASR - 1 K that goes the same principially IOS - XE stated explicitly:
Unfortunately, I do not have enough experience with these features to provide a work around - aside, of course, dedicating an additional port on the unit perform the aggregation of bridge-area and have a PPPoE server to access connected to this additional port.
Best regards
Peter -
snmpwalk output END_OF_MIB_VIEW_EXCEPTION
I've got this output strange when I start a snmpwalk on a Catalyst switch. Since the Linux console, I thot, the following output:
[email protected] / * /-1555: ~ $ snmpwalk - v 2 c - c public
ISO.3.6.1.2.1.2.1 = no variables left in this MIB view (it is beyond the end of the MIB tree)
On the switch at the same time with the debug snmp packet on:
44w3d: SNMP: packet received via UDP to 192.168.88.2 on Vlan3022
44w3d: SNMP: Get-next request, reqid 429376307, errstat 0, erridx 0
ifNumber = TYPE/VALUE NULL
44w3d: SNMP: response, reqid 429376307, errstat 0, erridx 0
ifNumber = END_OF_MIB_VIEW_EXCEPTION
44w3d: SNMP: package sent via UDP to 192.168.88.2
I sniffed the snmp packets, I sent to the switch and it turns out that I send a get-next with the 1.3.6.1.2.1 OID query that is... pretty standard I guess, as I use the same command for other devices, and it works. Yet once sniffing snmp traffic reveals the program of snmpwalk uses the original OID even to begin to "walk" the node.
Am I missing something?
The switch in question is Catalyst WS - 2960G - 24TC - L with image c2960-lanbasek9 - mz.122 - 52.SE.
Hi Boyan,
Host Server SNMP command > is used just to report or to break the traps to the host us.
Thank you-
Alya
[Note the useful post]
Ratings encourage contributors *.
-
Outgoing Caller ID question using CUCM 8.6, MGCP gateway &; PRI lines
Hello
We have two ranges DID with our provider: 02825911XX & 02829212XX
02825911XX maps extension 11XX
02829212XX 12XX expansion cards.
We have 2 E1 lines 60 channels.
Current configuration:
CUCM <----MGCP---->Gateway (8.6.2) (2921) <======2 e1="====">carrier / Teleco.
Question:
When calling 11XX we get correct caller id 02825911XX.
But when the 12XX we receive caller ID 02825911XX instead of 02829212XX.
for example: when calling 1206 far end caller id watch 0282591106 instead of 0282921206.
No problem in incoming calls on the two beaches.
The external mask are configured correctly in the domain name.
The debug ISDN q931 shows the correct caller until the gateway ID:
ISDN Se0/0/0:15 Q931: TX-> INSTALLATION pd = callref 8 = 0x016A
Complete package
Carrying capacity I = 0x8090A3
Standard = CCITT
Ability to transfer = speech
Circuit transfer mode
Transfer rate = 64 kbit/s
The channel ID I have = 0xA98396
Exclusive, Channel 22
Display i = 'test '.
Calling party number i = 0 x 0081, '0282921206'
Plan: Unknown Type: unknown
Called number i = 0 x 80, '82353587'
Plan: Unknown Type: unknownFixing ccapi inout & ISDN q931 debug. & Gateway config.
Hello Gyanendra,
I checked the configuration debug and gateway.
These debugging come from gateway. The catwalk shows TX - Setup. Once we have sent installation information to the telephone company, I don't think that we can change the ID calls information. This means that we send correct calling Telco part number information (0282921206).
May be that Telco is changing the number on their own party? Have you checked with Telco yet? If not, ask them what is the number of parties calling they get. You can do a live test and track same call with the telephone company engineer.
The details of trace log:
00:49:25.410 Sep 10: ISDN Se0/0/0:15 Q931: TX-> INSTALLATION pd = callref 8 = 0x016AComplete packageCarrying capacity I = 0x8090A3Standard = CCITTAbility to transfer = speechCircuit transfer modeTransfer rate = 64 kbit/sThe channel ID I have = 0xA98396Exclusive, Channel 22Display = 'Ludvík Aunedi' iCalling party number i = 0 x 0081, '0282921206'Plan: Unknown Type: unknownCalled number i = 0 x 80, '82353587'Plan: Unknown Type: unknown00:49:26.222 Sep 10: ISDN Se0/0/0:15 Q931: RX<- call_proc="" pd="8" callref="0x816A ">->The channel ID I have = 0xA98396Exclusive, Channel 2200:49:26.222 Sep 10: ISDN Se0/0/0:15 Q931: RX<- alerting="" pd="8" callref="0x816A">->Sep 10 00:49:26.258: / / 6444, 9E3008C18C96, CCAPI, ccCallModifyExtended:Numerator = 0x2B305B60, Params = 0x2B304D78, Id = 6444 CallSep 10 00:49:26.258: / / 6445, 9E3008C18C96, CCAPI, ccCallModify:Numerator = 0x18E30, Params = 0x2B304F80, Id = 6445 CallSep 10 00:49:26.258: / / 6444, 9E3008C18C96, CCAPI, cc_api_call_modify_done:Result = 0, = 0x2AF52C6C, Id = 6444 Call InterfaceSep 10 00:49:26.262: / / 6445, 9E3008C18C96, CCAPI, cc_api_call_modify_done:Result = 0, = 0x2AD55F80, Id = 6445 Call InterfaceSep 10 00:49:29.406: / / 6444, 9E3008C18C96, CCAPI, cc_handle_inter_digit_timer:Generate inter-chiffre timeout CC_EV_CALL_DIGIT_END event00:49:35.262 Sep 10: ISDN Se0/0/0:15 Q931: RX<- connect="" pd="8" callref="0x816A">->00:49:35.266 Sep 10: ISDN Se0/0/0:15 Q931: TX-> the CONNECT_ACK pd = callref 8 = 0x016AAlso, can you do another test call and join:Debug mgcp packet with debug ISDN q931 and CCAPI inoutKind regardsAmarjeet -
System 32 WinInet.dll error
It was working fine using the following calls of the LIB in Wininet.dll. The FTPPUT call has worked a dozen times, then stop working and gives me an ERROR - 32 NOW. Not sure why this happened... I did restart the computer... The error is created in line with the FtpPutFile came back FALSE and it's work and in fact gtransferred the file to the ser er before as shown using filezilla to check the transferred file ok. Someone at - it habve ideas?
lHandle = InternetOpen (sAgent, lAccessType, sProxyName, sProxyBypass, lFlags)
Debug.Print "returned InternetOpen ="& lHandle. "
If lHandle = 0 Then
Debug.Print Err.LastDllError
Search.Text = "could not open the local connection =" & Err.LastDllError & ""& Err.Description.
End If
lTest1 = InternetConnect (lHandle, report, iPort, sNomUtilisateur, sPassword, INTERNET_SERVICE_FTP, INTERNET_FLAG_PASSIVE, 0 &)
Debug.Print "returned InternetConnect ="& lTest1. "
If lTest1 <> 0 Then
sDocumentServer = "/ Database/MarineWeb.mdb '.
lReturn = FtpPutFile (lTest1, sDocument, sDocumentServer, FTP_TRANSFER_TYPE_UNKNOWN, 0)
If lReturn = 0 Then
Accessories.Text = "Unable to transfer database DLL error" - & Err.LastDllError & "" & Err.Source
Desc.Text = "Unable to tranfer local database error" - & Err.Number & "" & Err.Source
Debug.Print "Unable to Transfer Database" - & Err.LastDllError & "" & Err.Source
On the other
Search.Text = 'database successfully transferred'
End If
On the other
Search.Text = "Unable to connect to the FTP server" & Err.LastDllError & "" & Err.Source
End If
InternetCloseHandle lTest1
InternetCloseHandle hOpenHi Jeff,
He appears as a corruption of the dll. Run the System File Checker tool and check if this solves the problem.
To do this, please visit this link:
How to use the System File Checker tool to fix the system files missing or corrupted on Windows Vista or Windows 7
http://support.Microsoft.com/kb/929833
I hope this helps!
-
traceroute pix 7.0 problems
Hiya,
I've updated to v7.0 (1) pix and after that, I had this problem can't traceroute out of my WAN connection. The pix connects to the internet and when I do a ping from inside outside external ip addresses, it works, but traceroute will be inaccessible after the jump of pix. Traceroute to the border immediately after the pix router. Check the logs indicated that time ICMP exceeded packet newspapers:
% 4 PIX-400015: time ID: 2005 exceeded ICMP from xxx to yyy off
I have already explicitly allow access-list out_in line 12 extended permit icmp any xxx 255.255.255.224 exceeded time
to allow packets time exceeded icmp to come in, but nothing helped. Any suggestions? Inspect the icmp is on as well
Directly from Cisco TAC:
To allow traceroute
through PIX code 7.0, we must add "inspect icmp error" in PIX configuration. Please
to implement following commands in configuration - PIX mode
--> Policy-map global_policy
--> class inspection_default
--> inspect icmp error
--> write mem
I hope this works for you too!
-
Can't swith to a specific open application
I have a problem of long duration with Windows 7 (64-bit). I have run many applications and keep open for a long time. I have a dock/undock my laptop frequently to work. Sometimes, some of my open applications refuse to maximize. I can't go to them with the Alt + Tab, make right click + expand, Task Manager switch to, or similar methods.
Since I dock/undock and use the external monitor, I ensured that the window does not open out of the screen. There was a post describing the use of Alt + space + M to move windows by arrows. Has not worked for me. I switch back to a single screen (main screen), but the problem persists.
The window of the application and its contents appear in 'preview' mode in the mini-fenetres when I'm at the top of the taskbar. But when I click it to maximize, Windows moves the focus to a different application window.
I am sure that the application I want to spend to is not dead. It shows 'How to' in the Task Manager and also I can see in the preview of the widget it is powered (in this case, I want to move to an instance of Matlab, where a script is running, and printing of newspapers on the window of the application).
If anyone can suggest something to solve this problem without killing the application of concern or rebooting the system or by using the restoration of the system, or reinstallation of Windows, it would help me keep my faith in Microsoft Windows 7.
Thank you very much
MehdiHi mdanesh,
Given that the problem is related to this specific program and we offer are listed in the steps you are trying to avoid the troubleshooting steps, you can check the Answers MATLAB communities.
Maybe you are looking for
-
Audio playback and ATV4 of the ALAC 24 bit/96 kHz
Question: Can the Apple TV 4 play ALAC files 24/96 or should we downsample hi-res audio to 48 kHz? Playing an ALAC 24-bit / 96 kHz (m4a) file via Plex Media Server running on a Synology Diskstation to the Apple TV4 presents itself as 48 kHz on the pr
-
HP Pavilion 15-ak002nl: product key Windows 10
Hello world! I'm looking for my 10 product key windows? I know that it is stored somewhere in the bios because my pc came with Windows 10 preistalled. There are programs that will help me to recover it? ^-^
-
Why my computer warn me "windows can not find the new updates. Error code 80070490 occurred. In addition, I can not connect my ipod: window reads "Windws failed to install your Apple Mobile Device USB Driver. Windows could not find driver software f
-
Separated from this thread. My ACER Aspire 3100 died. I restored this Dell Optiplex 745 and want to run my old Windows7 Home Premium to my ACER on my current machine. Is it possible to transfer the license to new hardware? Here's the diagnosis: Pr
-
Hello! I got a Dell Inspiron MXC061 Windows Vista Home Premium laptop and recently, I figured out that the micro does not work... If I plug headphones the headphone is ok, but the MIC does not work... I already tried to use the headset in the other p