DMVPN question "" change btwn CONF_XAUTH & MM_NO_STATE ".

Similar Questions

• I have answered in my correct security question change my password but I don't always have access.

  I'm so TIRED of trying to reset my password cuz I typed in the wrong... and now can not access. IT IS RIDICULOUS... I did and responded to EVERY THING U asked... and you ALWAYS GIVE me THE RUNAROUND. First THING, it IS I answered my security question CORRECTLY... several times... something wrong in your recordings cuz u keep saying its bad. I want to talk to someone who can fix this... have NO MORE TIME to WASTE on THIS! my account is or hotmail. My password was and is I want to get my mail..!

  Hello CherCastle Cherreegirl,

  This is a public forum, you don't talk to anyone who works for Microsoft, quite ordinary people who enjoy helping others with their respective problems. You should not include any e-mail address or the password (they obviously have been removed for security reasons) in any forum. Imagine the headache that you could have caused if your details had not been withdrawn? You included your e-mail address and the password that would allow anyone who has access to these forums to hack your account. Anyone could also change your password, making it impossible for you to access your account.

  You can try the following links to see if they help:

  https://account.live.com/ResetPassword.aspx

  http://windowslivehelp.com/solution.aspx?SolutionID=6ea0c7b3-1473-4176-b03f-145b951dcb41

  http://TechNet.Microsoft.com/en-GB/security/ff852094.aspx

  This forum post is my own opinion and does not necessarily reflect the opinion or the opinion of Microsoft, its employees or other MVPS.

  John Barnett MVP: Windows XP Expert associated with: Windows Expert - consumer: www.winuser.co.uk | vistasupport.mvps.org | xphelpandsupport.mvps.org | www.silversurfer-Guide.com

• DMVPN Question ISAKMP Security Association

  Hi all

  I have implemented a full mesh base DMVPN, similar to the int of config used life package

  http://packetlife.net/blog/2008/Jul/23/dynamic-multipoint-VPN-DMVPN/ tutorial.

  I have a Hub and two rays. Everything seems to be ok functioing. I've included the config below for tunnels.

  My Question is, when I do an isakmp crypto see the its, for example 2A talked, I have three ISAKMP SA with three different addresses of CBC...

  How is that possible when I only have the tunnels to two other devices, the hub and rays 1? and why a foreign source address appears as an association of ISAKMP security on this router?

  status of DST CBC State conn-id slot

  172.16.1.2 172.16.2.2 QM_IDLE 1 0 ACTIVE

  172.16.2.2 172.16.3.2 QM_IDLE 3 0 ACTIVE

  172.16.2.2 172.16.1.2 QM_IDLE 2 0 ACTIVE

  A similar result on the hub

  status of DST CBC State conn-id slot

  172.16.2.2 172.16.1.2 QM_IDLE 2 0 ACTIVE

  172.16.1.2 172.16.2.2 QM_IDLE 1 0 ACTIVE

  172.16.1.2 172.16.3.2 QM_IDLE 3 0 ACTIVE

  Still 1 spoke only a 2

  172.16.1.2 172.16.3.2 QM_IDLE 1 0 ACTIVE

  172.16.2.2 172.16.3.2 QM_IDLE 2 0 ACTIVE

  Crypto config for all:

  crypto isakmp policy 10 authentication pre-share crypto isakmp key P4ssw0rd address 172.16.0.0 255.255.0.0 ! crypto ipsec transform-set MyTransformSet esp-aes esp-sha-hmac ! crypto ipsec profile MyProfile set transform-set MyTransformSet ! interface Tunnel0 tunnel protection ipsec profile MyProfile

  Config of Tunnel hub

  interface Tunnel0

  10.0.100.1 IP address 255.255.255.0

  dynamic multicast of IP PNDH map

  PNDH network IP-1 id

  tunnel source fa0/0

  multipoint gre tunnel mode

  Spoke 1 Tunnel Config

  !

  interface FastEthernet0/0

  address 172.16.3.2 IP 255.255.255.0

  automatic duplex

  automatic speed

  !

  interface Tunnel0

  10.0.100.2 IP address 255.255.255.0

  no ip redirection

  map of PNDH IP 10.0.100.1 172.16.1.2

  map of PNDH IP multicast 172.16.1.2

  PNDH network IP-1 id

  property intellectual PNDH nhs 10.0.100.1

  source of tunnel FastEthernet0/0

  multipoint gre tunnel mode

  Profile of tunnel MyProfile ipsec protection

  Spoke 2 Config of Tunnel

  !

  interface FastEthernet0/0

  IP 172.16.2.2 255.255.255.0

  automatic duplex

  automatic speed

  !

  interface Tunnel0

  IP 10.0.100.3 255.255.255.0

  no ip redirection

  map of PNDH IP 10.0.100.1 172.16.1.2

  map of PNDH IP multicast 172.16.1.2

  PNDH network IP-1 id

  property intellectual PNDH nhs 10.0.100.1

  source of tunnel FastEthernet0/0

  multipoint gre tunnel mode

  Profile of tunnel MyProfile ipsec protection

  SRC and DST IP addresses indicate that was author and answering machine. They do not represent information outlet (in the traditional sense of the term).

  You could get in double sessions of the two scenarios IKE, are the most common.

  (1) the negotiation started at both ends "simultaneously".

  (2) renegotiation of IKE.

  What is strange to me, is that you seem to have initiated session and responsed by the hub.

  What I would do, is to add:

  -ip server only PNDH (on the hub, it is not a provided ASR)

  -DPD (on all devices).

  Assures us that this hub initiates not anything in the PNDH and useless/deceased sessions are torn down eventually.

• Quick question: change the field names in the contact Muse forms

  I'm sure this is a stupid question, but I can't find how to change the names/labels (those of the email I receive) of my custom fields added. I added a few boxes and in the email that I receive, they are labeled as: "the check box label: I don't know which is which, because I added a couple.

  I use the standard form of the last Muse CC widget. Thank you!

  Thanks for the link.

  Could you please share your with us .muse file to study? Please send it to [email protected]. If your file is more than 30 MB, you can use something like Adobe SendNow or SendThisFile. Don't forget to mention the link to this forum thread in your email (with Air/Muse/operating system version you are using) so that we can identify the file.

• Cp6 - Quiz questions (change the behavior to submit button - quiz numbering)

  Hi all

  This is the first time I built a Uncategorized quiz (I call it an evaluation of knowledge - placed between courses).

  I chose Multiple choice quiz and scored (deselected report answers to the Quiz properties).

  Issues related to the:

  Is there a way to change the Quiz unintuative actions and button controls?

  I want the learner to be able to click on the submit button and move to the next question immediately (like any other rating system I've ever seen)

  The way Captivate: click on submit, display a correct or incorrect and if it is correct, ask to the learner to click on 'Y' or anywhere to continue.

  I have three sets of questions of quiz (for each of the three lessons).

  Is it possible to keep the number of distinct quizzes in each lesson. Currently, there are 4 questions in Lesson 1, 5 in Lesson 2 and 3 in Lesson 3. I want some lesson 1 quiz questions to display 'x 4' NOT 'x 12"'.

  And MOST important...

  Quiz results appears ONLY on the last set of questions. I need a result of quiz for each of the three sets of questions. Is this possible?

  Thank you

  Shawn

  Take a look on:

  http://lilybiri.posterous.com/intermediate-score-slides for your last question

  http://lilybiri.posterous.com/question-question-slides-in-captivate to refine the process in two steps on question slides

  Lilybiri

• VI Analyzer Questions: Change the default test configuration and screw "Pavilion".

  I have two things I continue to come through in VI Analyzer:

  1. are there in any case to set the default VI Analyzer so that it applies to all projects, I'm working on that?

  I tried to create a task in project A, registration of the configuration and any attempt to open this file in project B, but it says that the file could not be loaded. The reason for my question is that there are a few default options that just add errors that we don't care (e.g. Controls dialog on the façade - 99% of the LabVIEW code that we are working on is called from TestStand as code modules, so the front panel doesn't really count)

  2. can I score / report some screws as 'safe' for parser tests?

  Basically, some screws may fail some perfectly safe way VI Analyzer tests (e.g. non-stanard errors on a 'closing' VI, who doesn't have a case error structure so that the device always gets closed). I wish I had a way to mark the VI kind VI Analyzer would ignore this particular test. This would allow me to have a rule that says something like "before any construction, run the file configuration VI analyzer and make sure there is not error", as opposed to "run VI Analyzer and examine errors, decide whether or not they are important for the VI in question..." ». An extension to this question would be how do I perform a task VI Analyzer before building when the VI Analyzer screw do not accept files cfg for project based tasks.

  Any help would be greately appreciated!

  Thank you

  Shaun

  1. a project oriented .cfg file cannot be transferred between projects.  Could you possibly create a .cfg unrelated to the project file (under the option 'Start a new task' on the first page of the VI Analyzer) and use it?  He would have no file in the list, but it would have all of the configured tests as you want.  And you could start with this on your different projects .cfg file... you would just add screws based on file (on page 2 of the VI Analyzer), rather than have all come to you in a .cfg project-based.

  2. on page 4 VI Analyzer, you can exclude certain tests to run on some screws and save these settings in a .cfg.  This option is also exposed in the VI Analyzer API with VIAn exclude the VI.vi Tests.

• DMVPN QUESTION

  Hello

  I have deploy a dmvpn with two of the hub topology and several rays, after the spokes and the hub, I did a reboot in the hub to see if this drug works after rebbot in the hub, but I noticed that after the rebbot the tunnel in the hub is not come, the only way to raise the tunnel had to erase dmvpn static session in rays , during this time the hub to continue giving a message:

  ISAKMP: ignoring the request to send delete notify (no ISAKMP security association) src 213.10.10.10 dst 213.58.10.10.14 for SPI 0xC15C587F

  IOS:12.4.11 T 1

  2821

  2811

  Someone can help me.

  Thank you

  Hello

  Please make sure you have ISAKMP KeepAlive on the hubs and spokes, and once configured, please test again and see if it improves. What is happeneing is probably when the hub is restarted, speak it does not clear the tunnel is based on the SAs to timeout. When delete us the SAs on the RADIUS, the problem goes away. Configure ISAKMP KeepAlive should we work around this problem.

  HTH,

  Please rate if this can help.

  Kind regards

  Kamal

• DMVPN questions - IPsec packets

  Hi all

  Currently, I am configuring DMVPN for the first time. I followed the guide to configuring cisco and Googling a bit other strands however seems to have hit a brick wall.

  The Setup is in a lab environment, so I can post as much information as required, but here's the important bits:

  I have 3 routers Cisco 2821 running IOS 12.4 (15) with a layer 3 switch in the Middle connecting ports 'wan' together. the routing works fine, I can ping to each of the other router router.

  Excerpts from the hub router config:

  crypto ipsec transform-set DMVPN_SET esp-3des esp-md5-hmac
  !
  crypto ipsec profile DMVPN_PRJ
  set transform-set DMVPN_SET
  !
  interface Tunnel0
  bandwidth 10000
  ip address 172.17.100.1 255.255.255.0
  no ip redirects
  ip mtu 1500
  ip nhrp authentication secretid
  ip nhrp map multicast dynamic
  ip nhrp network-id 101
  ip nhrp holdtime 450
  ip tcp adjust-mss 1460
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 10101
  tunnel protection ipsec profile DMVPN_PRJ
  !
  interface GigabitEthernet0/0
  description HQ WAN
  ip address 1.1.1.1 255.255.255.248
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  !
  

  and here's the config on the first router spoke:

  crypto ipsec transform-set DMVPN_SET esp-3des esp-md5-hmac
  !
  crypto ipsec profile DMVPN_PRJ
  set transform-set DMVPN_SET
  !
  interface Tunnel0
  bandwidth 3000
  ip address 172.17.100.10 255.255.255.0
  no ip redirects
  ip mtu 1500
  ip nhrp authentication secretid
  ip nhrp map 172.17.100.1 1.1.1.1
  ip nhrp map multicast 1.1.1.1
  ip nhrp network-id 101
  ip nhrp holdtime 450
  ip nhrp nhs 172.17.100.1
  ip tcp adjust-mss 1460
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 10101
  tunnel protection ipsec profile DMVPN_PRJ
  !
  interface GigabitEthernet0/0
  description Site 1 WAN
  ip address 11.11.11.1 255.255.255.248
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  !
  

  If I closed/no farm tunnel0 on RADIUS 1 interface, I get the following error on the hub router:

  Mar 30 13:41:17.075: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.
  (ip) vrf/dest_addr= /1.1.1.1, src_addr= 11.11.11.1, prot= 47
  

  so I feel im lack some config on the side talking to encrypt the traffic, but I'm not sure what.

  Here's the output router spoke:

  RTR_SITE1#sh dmvpn detail
  Legend: Attrb --> S - Static, D - Dynamic, I - Incompletea
  N - NATed, L - Local, X - No Socket
  # Ent --> Number of NHRP entries with same NBMA peer
  -------------- Interface Tunnel0 info: --------------
  Intf. is up, Line Protocol is up, Addr. is 172.17.100.10
  Source addr: 11.11.11.1, Dest addr: MGRE
  Protocol/Transport: "multi-GRE/IP", Protect "DMVPN_PRJ",
  Tunnel VRF "", ip vrf forwarding ""
  NHRP Details: NHS:       172.17.100.1  E
  Type:Spoke, NBMA Peers:1
  # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
  ----- --------------- --------------- ----- -------- ----- -----------------
  1         1.1.1.1    172.17.100.1   IKE    never S       172.17.100.1/32
  Interface: Tunnel0
  Session: [0x48E31B98]
  Crypto Session Status: DOWN
  fvrf: (none),   IPSEC FLOW: permit 47 host 11.11.11.1 host 1.1.1.1
  Active SAs: 0, origin: crypto map
  Outbound SPI : 0x       0, transform :
  Socket State: Closed
  Pending DMVPN Sessions:
  

  
  RTR_SITE1#sh ip nhrp detail
  172.17.100.1/32 via 172.17.100.1, Tunnel0 created 00:33:44, never expire
  Type: static, Flags: used
  NBMA address: 1.1.1.1
  

  
  RTR_SITE1#sh crypto ipsec sa
  interface: Tunnel0
  Crypto map tag: Tunnel0-head-0, local addr 11.11.11.1
  protected vrf: (none)
  local  ident (addr/mask/prot/port): (11.11.11.1/255.255.255.255/47/0)
  remote ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/47/0)
  current_peer 1.1.1.1 port 500
  PERMIT, flags={origin_is_acl,}
  #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
  #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
  #pkts compressed: 0, #pkts decompressed: 0
  #pkts not compressed: 0, #pkts compr. failed: 0
  #pkts not decompressed: 0, #pkts decompress failed: 0
  #send errors 46, #recv errors 0
  local crypto endpt.: 11.11.11.1, remote crypto endpt.: 1.1.1.1
  path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
  current outbound spi: 0x0(0)
  inbound esp sas:
  inbound ah sas:
  inbound pcp sas:
  outbound esp sas:
  outbound ah sas:
  outbound pcp sas:
  

  All these commands appear as empty when I throw them on the hub router.

  Any help appreciated.

  Thank you

  No negotiate is because you do not have an Ike key implemented. You need

  Crypto ISAKMP policy 1

  BA (whatever)

  AUTH pre-shared

  Group (whatever)

  ISAKMP crypto key 0 some secret address 0.0.0.0 0.0.0.0

  Hun and talks must match.

  Your IPSec transform-set should also have "transport mode".

  Sent by Cisco Support technique iPad App

• Question - change the stupid root passwords

  
  I use the same passwords for root for too long to my vm hosts and need to change to improve safety.    The hosts are all added in Vcenter and clustered.    If I change the root password of the individial hosts, is what it's going to break the bond of vcenter?    I know that you type in passwords for root when connecting host to vcenter, but then it installs vpxuser, then I guess it should not occupy root changes after that.   I just wanted to confirm with someone who did this recently.

  (5.0 and 5.1 with Vcenter 5.1 ESXi)

  Hello

  No, the root passwords change does not affect the vCenter.  No link will be broken. It authenticates just the first time that you add the vCenter Server inventory.

  You even change passwords on multiple hosts in a row only to avoid the hassle of Power-Cli scripts.

  Thank you

  Avinash

• easy question change text color question

  How do I change the text color?  Neither of these two seem to work...

  messageDisplay_txt.text.color (0xff0000);

  or

  messageDisplay_txt.color (0xff0000);

  ??

  What is the best way to make simple property changes like this?  someone point this noob in the right direction...

  use:

  messageDisplay_txt.textColor = 0xff0000;

• Thread question: change competitor Exception

  I have a table and two threads are using it, or at least using the reference variable. We ("Reader") just reads the values of him very frequently. The other ("Reassigner") much less frequently reassign reference variable in the array to a new version of the table.
  
  What happens if a collision occurs? I think that nothing bad. Am I wrong? I don't know how model a collision and know empirical, but I don't want to deploy and found out the hard way.
  
  Consider: Reader starts to read the table, lifting the single value, that he needs. At the same time, Reassigner points the reference variable in the array to another array object. Bad? I think that the drive can read just the anonymous orphan table now and soon-to-be with no problems. Or some kind of concurrent modification exception will be thrown. Or is there a bad collision if two threads try to obtain and to reset the address of the array at the same time?
  
  Thanks for any idea.

  Jim Ryan says:

  Thus, the reader sees is not the new value for who knows how long, if ever, is not catastrophic?

  Yes. If I can't avoid this possibility otherwise, I'll have to synchronize.

  Another option that may work for you is to declare this volatile reference variable. If your only problem here is that the reader must see each write, for example, that you don't have to worry about atomicity of the actions of several steps that go with writing or reading, then declare this variable of volatile reference will ensure that each reading and writing goes against the master copy. It should be no more overload as well as in the clock (since synchronization is forced against the master copy read/write), and I expect that there is a little less (since the synchronization must obtain and release the lock, while the birds only means that we use the master copy).

  However, if your drive is iterate through the table using the shared reference variable and the writer wrote in the reference in the middle of this variable, then the drive will suddenly be reading a different table and could end up with ArrayIndexOutOfBounderException, or at the very least, data for the last part of the table that has no relation to the old part. It is a form of atomicity, that I mentioned, and it can also happen with synchronization if you don't do it right.

  A way around this would be for the reader to do something like this:

  void someMethod() {
    int[] localReference = sharedReference;
  
    for (int x : localReference) {
      do stuff
    }
  }
  

  In this way, even if the writer becomes the shared reference while the player is an iteration, the iterator won't see it during its current iteration. His localReference will see either the old value or a new, and this value will persist during the entire iteration.

• try changing the settings of iTunes store password does not work: System does not recognize the apple id account password

  Hello.

  When I try to change the settings of iTunes store password does not work: System doent recognize the apple ID account password

  Sign out and then sign in again the apple between the device and what not ID recognize the password very well, but when Im going to change all password parameters, system ask me the password again, I write and ask again... n times.

  I tested in different devices, iphone and ipad, with two different accounts and beta of ios 9.2 and 9.2.1. Still the same error.

  The problem is that when I try to download a free app from app store ask me the password and does not work so I can't download any new script.

  Thanks for your help.

  Best regards.

  Hello bdepaco,

  Thank you for using communities of Apple Support.

  I see that you have any questions, change your password ID Apple via iTunes. Have you tried to change your Apple ID account page? Take a look at the following article for the steps:

  Change your Apple ID password

  Once you have changed your Apple ID password, it presents a few additional measures to be taken.

  What to do when you have changed your Apple ID email address or password

  Best regards.

• Why make changes to the EDP do not work?

  I change the DEP settings to allow a program runs and Windows still blocked. Why?

  Hello

  1. which program is getting blocked?
  2. do you get an error message?

  See the bottom of the articles that might help you.

  Data Execution Prevention: Frequently asked questions
  http://Windows.Microsoft.com/en-us/Windows-Vista/data-execution-prevention-frequently-asked-questions
  Change Data Execution Prevention settings
  http://Windows.Microsoft.com/en-us/Windows-Vista/change-data-execution-prevention-settings

• Changing Internet Explorer 64 bit to 32 bit running Windows9

  I have to remove Office Starter, if I buy a new home & students that require 32-bit Internet Explorer?

  I've had problems with Windows 8 so I moved to execution of Windows9 instead. But my questionis change Explorer 64 bit to 32 bit which is necessary

  a new office home & student running.

  The IE9 32-bit is the default, unless you manually choose the 64-bit version to run.

  Go to the contents of the C drive. There are two folders "program files" but we 'x 86' appended to the name. Go to the Internet Explorer folder, and you will find the icon of the 32-bit browser. Right click on it and send it to the desktop as a shortcut. You can then delete the icon for the 64-bit version...

  Re MS Office... If all you need is Word and Excel, the Starter edition will also be up-to-date as any one and you will receive updates periodically just as do other versions of Office...

• Change of domain in the CTS Manager invalidate the license?

  I need to change the field used in the existing CTS-Manager, but I'm afraid that if I do so, the license will be becomes invalid and CTS - Man will be unusable until I can get a new permit. Will be invalid license if I changed the domain?  I know that I need to import the LDAP server certificates and exchange news, but I want to assure you that I do not lose the license. I couldn't find the answer in the documentation. Help, please.

  Thank you

  Tony

  Tony:

  CTM is installed on a physical server or VM Ware?

  On your question - change the domain name on the CTS Manager will change the MAC license, which would be non - I just tried to change only the domain name on my MC in the laboratory, and after it restarted, the MAC license remained unchanged.

  If you change the DNS servers, however, the MAC license will change - seen elsewhere on the field and in my lab.

  As a general rule:

  On a CTM installed on a physical server license MAC will not change if you change the name of domain/DNS.  It must always be the same.

  On CTM as VM, MAC license will only change if you change some settings.  The MAC license is generated according to certain parameters, so if you change those, MAC license will change accordingly.

  I still need to find a specific list to the Community trade mark as to what will change the license MAC, but it should be similar to the list of items found on the side CUCM:

  http://www.Cisco.com/en/us/partner/docs/voice_ip_comm/CUCM/rel_notes/8_0_1/Delta/VMware.html#wp1054450

  HTH-

  Tina