Help with logs on Cisco router

First of all: if I'm in the wrong place, please let me know.

Question: I'm digging orders Cisco, but the help of Cisco, Googe, Yahoo Sites and other types of resources can not give me the answer I wanted.

Router: Cisco 7206VXR (NPE - G1) processor (revision C) with 983040K / 65536K bytes of memory.

My question is simple and pleasant: I need to learn from the history of the Interface of one of our routers and not being is not in the domain of Cisco for a few years I can't find command. If I can find a command that draws a complete history that would be great.

The commands I used:

history

history of show

car1. Ash #sh interfaces se1/0/23:0 history
^
Invalid entry % detected at ' ^' marker.

car1. Ash #show interface se1/0/23:0 60 minutes story
^
Invalid entry % detected at ' ^' marker.

I need to find the command that gives newspapers the following type:

00:00:46: % LINK-3-UPDOWN: Interface Port-Channel, 1 changed State to
00:00:47: % LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed State to
00:00:47: % LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed State to
00:00:48: % LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, state change downstairs
00:00:48: % LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed
State down 2 * 1 Mar 18:46:11: % SYS-5-CONFIG_I: configured from console by vty2
(10.34.195.36)
18:47:02: % SYS-5-CONFIG_I: configured from console vty2 (10.34.195.36)
* 18:48:50.483 Mar 1 UTC: % SYS-5-CONFIG_I: configured from console vty2 (10.34.195.36)

What you are looking for is not available using interface show orders but would be available using the show log command. You want something that could look like this

view Journal | include 1/0/23:0

Note that this is the search through the buffer of logging on the router. The amount of memory allocated to the record buffer and the volume of messages generated will determine how far back you can go. If the router sends syslog messages to a syslog server (or another feature of management that archive messages) then you can search the logs it and to go further back. Also note that the logging buffer is cleared when the router reloads.

HTH

Rick

Tags: Cisco Network

Similar Questions

Need help with configuration on cisco vpn client settings 1941

Hey all,.

I just bought a new router 1941 SRI and need help with the configuration of the parameters of the VPN client. Orders aspect a little different here, as I'm used to the configuration of ASA and PIX for vpn, routers not...

If anyone can help with orders?

I need the installation:

user names, authentication group etc.

Thank you!

Take a peek inside has the below examples of config - everything you need: -.

http://www.Cisco.com/en/us/products/ps5854/prod_configuration_examples_list.html

HTH >

Andrew.

Need help with RangePlus WRT110 wireless router

Whenever someone on my laptop when my computer is turned on, I get an interference of connection for about 1 minute, then everything returns to normal. How can I fix?

I think maybe it's because your two computers are the same IP address of your router, it's why you get disconnected when your other computer is turned on. So I think you can set a static IP address to your desktop in order to solve this problem. Follow the instructions how to give static IP for your XP computer.

Click the Start button > settings > Panel > Network Connections - right click on the icon for the local area network connection and go to properties - in the "Général" tab select "TCP/IP Internet Protocol" and click on the properties button - select "use IP address following" - provide the IP - 192.168.1.5 - subnet mask 255.255.255.0 default gateway - 192.168.1.1 - favorite DNS 192.168.1.1 DNS - auxiliary 4.2.2.2 > click the Ok button to save and click 'Close' on the main properties window.

After that try to go online from your desktop computer, once you're around online on your other computer and check whether you are experiencing the same problem.

Need help with logging into BI presentation Services
Hi all

I am new to this technology. I wanted to learn OBIEE. Just downloaded and installed in my system. And began to read "Oracle BI answers, book and interactive dashboards User Guide.pdf". In that, I read that to access the standalone version of oracle BI answers, select start > programs > Oracle BI > Presentation Services. But when I did, I did not have the login page. I get the error message saying that, this link seems broken.

Pelase let me know, need to do any installation first to get the login page. ?
And help me how to start to learn OBIEE.

Thanks and greetings
Martine
It seems that you have not started you OC4J, once you start which would solve your problem!

Help with setting on my router.

I went online to check my settings and when I went to status and then wireless, I noticed it says disable the encryption function. First of all what is encryption and

How can I change this to?

Encryption is a feature of wireless security to prevent others from monopolizing your network by asking a key or a passphrase. Here is the procedure.

By default, the user name must be 'empty' and password must be admin.

Cisco ASA Cisco 831 routing static. help with ACL, maybe?

Hi all

What should be a simple task turns out to be difficult and I really need help.

The Cisco ASA obviously isn't a strong point on mine and could do with a point in the right direction. I hope that this will allow me to learn more about the ASA 5505.

OK so I have an ASA 5505. VLAN 1 is 192.168.254.1 and VLAN 2 DHCP of my cable modem.

I have a cisco 831 Ethernet router that will sit between my main LAN and my LAN test I want to implement for multicasting. the Cisco 831 has 1 Ethernet as 192.168.254.254 and Ethernet 0 is 10.1.1.1.

The ASA I have an interior route 10.0.0.0 255.0.0.0 192.168.254.254.

On the Cisco 831, there is a route 0.0.0.0 0.0.0.0 192.168.254.1. I can pass traffic via Cisco 831 to the ASA 5505 and internet, for example I can ping 8.8.8.8 and access everything on my main local network, but the other wan of any host inside the ASA 5505 is unable to ping anything on 10.1.1.x.

Where I'm going wrong? I did all my access to my a whole ASA, but it is still unable to do anything.

I will attached my configs with deleted passwords here and would like a good kick in the right direction. Without a doubt, it's something simple I'm missing and I'm sure it's with the ACL on the ASA 5505 like the packet tracer said that the package is abandoned due to the ACL

Thank you. :)

Thus, all traffic between these two LANs will travel on ASA, on the same interface.
Then please add this command in the global configuration of the ASA:
permit same-security-traffic intra-interface

Help with Cisco PIX 506th

I need help setting up a Cisco PIX 506th Version 6.3 (5)

I use the PDM to configure the device, because I don't know enough of CLI. I want to just the simplest of configurations.

Here is what is happening, I set up then I hang the Interface 1 to my laptop and use DHCP to get an ip address, but I can't get out to the internet like that. Thanks PDM tools, I can ping outside the IPS very well.

6.3 (5) PIX version
interface ethernet0 car
Auto interface ethernet1
ethernet0 nameif outside security0
nameif ethernet1 inside the security100
activate the encrypted password of DkreNA9TaOYv27T8
c4EBnG8v5uKhu.PA encrypted passwd
hostname EWMS-PIX-630
domain ciscopix.com
fixup protocol dns-length maximum 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol 2000 skinny
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names of
object-group service udp test
port-object eq isakmp
inside_access_in ip access list allow a whole
access-list inside_access_in allow a tcp
access-list inside_access_in allow icmp a whole
Allow Access-list inside_access_in esp a whole
inside_access_in tcp allowed access list all eq www everything
inside_outbound_nat0_acl list of permitted access interface ip inside 10.10.10.96 255.255.255.240
inside_outbound_nat0_acl ip access list allow any 10.10.10.192 255.255.255.224
pager lines 24
timestamp of the record
recording of debug trap
host of logging inside the 10.10.10.13
Outside 1500 MTU
Within 1500 MTU
IP outdoor 75.146.94.109 255.255.255.248
IP address inside 10.10.10.250 255.255.255.0
alarm action IP verification of information
alarm action attack IP audit
location of PDM 10.10.10.1 255.255.255.255 inside
location of PDM 10.10.10.13 255.255.255.255 inside
location of PDM 10.10.10.253 255.255.255.255 inside
location of PDM 75.146.94.105 255.255.255.255 inside
location of PDM 75.146.94.106 255.255.255.255 inside
location of PDM 10.10.10.96 255.255.255.240 outside
location of PDM 10.10.10.192 255.255.255.224 outside
PDM logging 100 information
history of PDM activate
ARP timeout 14400
NAT (inside) 0-list of access inside_outbound_nat0_acl
NAT (inside) 0 0.0.0.0 0.0.0.0 0 0
inside_access_in access to the interface inside group
Route outside 0.0.0.0 0.0.0.0 75.146.94.110 1
Timeout xlate 0:05:00
Timeout conn 01:00 half-closed 0:10:00 udp 0: CPP 02:00 0:10:00 01:00 h225
H323 timeout 0:05:00 mgcp 0: sip from 05:00 0:30:00 sip_media 0:02:00
Sip timeout - disconnect 0:02:00 prompt Protocol sip-0: 03:00
Timeout, uauth 0:05:00 absolute
GANYMEDE + Protocol Ganymede + AAA-server
AAA-server GANYMEDE + 3 max-failed-attempts
AAA-server GANYMEDE + deadtime 10
RADIUS Protocol RADIUS AAA server
AAA-server RADIUS 3 max-failed-attempts
AAA-RADIUS deadtime 10 Server
AAA-RADIUS (inside) host 10.10.10.1 server timeout 10
AAA-server local LOCAL Protocol
Enable http server
http 10.10.10.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
SNMP-Server Community public
No trap to activate snmp Server
enable floodguard
Permitted connection ipsec sysopt
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
ISAKMP allows outside
ISAKMP peer ip 206.196.18.227 No.-xauth No.-config-mode
ISAKMP nat-traversal 20
ISAKMP policy 20 authentication rsa - sig
encryption of ISAKMP policy 20
ISAKMP policy 20 md5 hash
20 1 ISAKMP policy group
ISAKMP duration strategy of life 20 86400
part of pre authentication ISAKMP policy 40
encryption of ISAKMP policy 40
ISAKMP policy 40 md5 hash
40 2 ISAKMP policy group
ISAKMP duration strategy of life 40 86400
ISAKMP policy 60 authentication rsa - sig
encryption of ISAKMP policy 60
ISAKMP policy 60 md5 hash
60 2 ISAKMP policy group
ISAKMP strategy life 60 86400
Telnet 10.10.10.0 255.255.255.0 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
dhcpd address 10.10.10.2 - 10.10.10.5 inside
dhcpd dns 68.87.72.130
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd allow inside
btork encrypted Ww3clvi.ynWeGweE privilege 15 password username
vpnclient Server 10.10.10.1
vpnclient-mode client mode
vpnclient GroupA vpngroup password *.
vpnclient username btork password *.
Terminal width 80
Cryptochecksum:5ef06e69c17b6128e1778e988d1b9f5d
: end
[OK]

any HEP would be appreciated.

Brian

Brian

NAT is your problem, IE.

NAT (inside) 0-list of access inside_outbound_nat0_acl
NAT (inside) 0 0.0.0.0 0.0.0.0 0 0

presumanly first NAT is fot your good VPN that acl looks a little funny, what exactly are you doing with that?

The second NAT is the real problem but for outgoing internet access - the NAT statement, you said not NAT one of your addresses 10.10.10.x which is a problem as 10.x.x.x address is not routable on the Internet.

You must change this setting IE. -

(1) remove the second NAT statement IE. "no nat (inside) 0 0.0.0.0 0.0.0.0.

(2) add a new statement of NAT - ' nat (inside) 1 0.0.0.0 0.0.0.0.

(3) add a corresponding statement global - global (outside) 1 interface.

This will be PAT all your 10.10.10.x to external IP addresses.

Apologies, but these are some CLI commands that I don't use PDM.

Jon

Need help with the configuration of the Site with crossed on Cisco ASA5510 8.2 IPSec VPN Client (1)

Need urgent help in the configuration of the Client VPN IPSec Site with crossed on Cisco ASA5510 - 8.2 (1).

Here is the presentation:

There are two leased lines for Internet access - a route 1.1.1.1 and 2.2.2.2, the latter being the default Standard, old East for backup.

I was able to configure the Client VPN IPSec Site

(1) with access to the outside so that the internal network (172.16.0.0/24) behind the asa

(2) with Split tunnel with simultaneous assess internal LAN and Internet on the outside.

But I was not able to make the tradiotional model Hairpinng to work in this scenario.

I followed every possible suggestions made on this subject in many topics of Discussion but still no luck. Can someone help me here please?

Here is the race-Conf with Normal Client to Site IPSec VPN configured with no access boarding:

LIMITATION: Cannot boot into any other image ios for unavoidable reasons, must use 8.2 (1)

race-conf - Site VPN Customer normal work without internet access/split tunnel
: ASA Version 8.2 (1) ! ciscoasa hostname domain cisco.campus.com enable the encrypted password xxxxxxxxxxxxxx XXXXXXXXXXXXXX encrypted passwd names of ! interface GigabitEthernet0/0 nameif outside internet1 security-level 0 IP 1.1.1.1 255.255.255.240 ! interface GigabitEthernet0/1 nameif outside internet2 security-level 0 IP address 2.2.2.2 255.255.255.224 ! interface GigabitEthernet0/2 nameif dmz interface security-level 0 IP 10.0.1.1 255.255.255.0 ! interface GigabitEthernet0/3 nameif campus-lan security-level 0 IP 172.16.0.1 255.255.0.0 ! interface Management0/0 nameif CSC-MGMT security-level 100 the IP 10.0.0.4 address 255.255.255.0 ! boot system Disk0: / asa821 - k8.bin boot system Disk0: / asa843 - k8.bin passive FTP mode DNS server-group DefaultDNS domain cisco.campus.com permit same-security-traffic inter-interface permit same-security-traffic intra-interface object-group network cmps-lan the object-group CSC - ip network object-group network www-Interior object-group network www-outside object-group service tcp-80 object-group service udp-53 object-group service https object-group service pop3 object-group service smtp object-group service tcp80 object-group service http-s object-group service pop3-110 object-group service smtp25 object-group service udp53 object-group service ssh object-group service tcp-port port udp-object-group service object-group service ftp object-group service ftp - data object-group network csc1-ip object-group service all-tcp-udp access list INTERNET1-IN extended permit ip host 1.2.2.2 2.2.2.3 access-list extended SCC-OUT permit ip host 10.0.0.5 everything list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq www list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any https eq list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq ssh list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 no matter what eq ftp list of access CAMPUS-LAN extended permitted udp 172.16.0.0 255.255.0.0 no matter what eq field list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq smtp list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq pop3 access CAMPUS-wide LAN ip allowed list a whole access-list CSC - acl note scan web and mail traffic access-list CSC - acl extended permit tcp any any eq smtp access-list CSC - acl extended permit tcp any any eq pop3 access-list CSC - acl note scan web and mail traffic access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 993 access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq imap4 access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 465

race-conf - Site VPN Customer normal work without internet access/split tunnel

ASA Version 8.2 (1)

ciscoasa hostname

domain cisco.campus.com

enable the encrypted password xxxxxxxxxxxxxx

XXXXXXXXXXXXXX encrypted passwd

names of

interface GigabitEthernet0/0

nameif outside internet1

security-level 0

IP 1.1.1.1 255.255.255.240

interface GigabitEthernet0/1

nameif outside internet2

security-level 0

IP address 2.2.2.2 255.255.255.224

interface GigabitEthernet0/2

nameif dmz interface

security-level 0

IP 10.0.1.1 255.255.255.0

interface GigabitEthernet0/3

nameif campus-lan

security-level 0

IP 172.16.0.1 255.255.0.0

interface Management0/0

nameif CSC-MGMT

security-level 100

the IP 10.0.0.4 address 255.255.255.0

boot system Disk0: / asa821 - k8.bin

boot system Disk0: / asa843 - k8.bin

passive FTP mode

DNS server-group DefaultDNS

domain cisco.campus.com

permit same-security-traffic inter-interface

permit same-security-traffic intra-interface

object-group network cmps-lan

the object-group CSC - ip network

object-group network www-Interior

object-group network www-outside

object-group service tcp-80

object-group service udp-53

object-group service https

object-group service pop3

object-group service smtp

object-group service tcp80

object-group service http-s

object-group service pop3-110

object-group service smtp25

object-group service udp53

object-group service ssh

object-group service tcp-port

port udp-object-group service

object-group service ftp

object-group service ftp - data

object-group network csc1-ip

object-group service all-tcp-udp

access list INTERNET1-IN extended permit ip host 1.2.2.2 2.2.2.3

access-list extended SCC-OUT permit ip host 10.0.0.5 everything

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq www

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any https eq

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq ssh

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 no matter what eq ftp

list of access CAMPUS-LAN extended permitted udp 172.16.0.0 255.255.0.0 no matter what eq field

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq smtp

list of access CAMPUS-LAN extended permitted tcp 172.16.0.0 255.255.0.0 any eq pop3

access CAMPUS-wide LAN ip allowed list a whole

access-list CSC - acl note scan web and mail traffic

access-list CSC - acl extended permit tcp any any eq smtp

access-list CSC - acl extended permit tcp any any eq pop3

access-list CSC - acl note scan web and mail traffic

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 993

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq imap4

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq 465

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq www

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq https

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq smtp

access-list extended INTERNET2-IN permit tcp any host 1.1.1.2 eq pop3

access-list extended INTERNET2-IN permit ip any host 1.1.1.2

access-list sheep extended ip 172.16.0.0 allow 255.255.0.0 172.16.0.0 255.255.0.0

access list DNS-inspect extended permit tcp any any eq field

access list DNS-inspect extended permit udp any any eq field

access-list extended capin permit ip host 172.16.1.234 all

access-list extended capin permit ip host 172.16.1.52 all

access-list extended capin permit ip any host 172.16.1.52

Capin list extended access permit ip host 172.16.0.82 172.16.0.61

Capin list extended access permit ip host 172.16.0.61 172.16.0.82

access-list extended capout permit ip host 2.2.2.2 everything

access-list extended capout permit ip any host 2.2.2.2

Access campus-lan_nat0_outbound extended ip 172.16.0.0 list allow 255.255.0.0 192.168.150.0 255.255.255.0

pager lines 24

Enable logging

debug logging in buffered memory

asdm of logging of information

Internet1-outside of MTU 1500

Internet2-outside of MTU 1500

interface-dmz MTU 1500

Campus-lan of MTU 1500

MTU 1500 CSC-MGMT

IP local pool 192.168.150.2 - 192.168.150.250 mask 255.255.255.0 vpnpool1

IP check path reverse interface internet2-outside

IP check path reverse interface interface-dmz

IP check path opposite campus-lan interface

IP check path reverse interface CSC-MGMT

no failover

ICMP unreachable rate-limit 1 burst-size 1

ASDM image disk0: / asdm - 621.bin

don't allow no asdm history

ARP timeout 14400

interface of global (internet1-outside) 1

interface of global (internet2-outside) 1

NAT (campus-lan) 0-campus-lan_nat0_outbound access list

NAT (campus-lan) 1 0.0.0.0 0.0.0.0

NAT (CSC-MGMT) 1 10.0.0.5 255.255.255.255

static (CSC-MGMT, internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255

Access-group INTERNET2-IN interface internet1-outside

group-access INTERNET1-IN interface internet2-outside

group-access CAMPUS-LAN in campus-lan interface

CSC-OUT access-group in SCC-MGMT interface

Internet2-outside route 0.0.0.0 0.0.0.0 2.2.2.5 1

Route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2

Timeout xlate 03:00

Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00

Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00

Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

timeout tcp-proxy-reassembly 0:01:00

dynamic-access-policy-registration DfltAccessPolicy

the ssh LOCAL console AAA authentication

AAA authentication enable LOCAL console

Enable http server

http 10.0.0.2 255.255.255.255 CSC-MGMT

http 10.0.0.8 255.255.255.255 CSC-MGMT

HTTP 1.2.2.2 255.255.255.255 internet2-outside

HTTP 1.2.2.2 255.255.255.255 internet1-outside

No snmp server location

No snmp Server contact

Server enable SNMP traps snmp authentication linkup, linkdown cold start

Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac

Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac

Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac

Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac

Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac

Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac

Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac

Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac

Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac

life crypto ipsec security association seconds 28800

Crypto ipsec kilobytes of life - safety 4608000 association

crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs set group5

Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5

Crypto map internet2-outside_map 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP

crypto internet2-outside_map outside internet2 network interface card

Crypto ca trustpoint _SmartCallHome_ServerCA

Configure CRL

Crypto ca certificate chain _SmartCallHome_ServerCA

certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy

a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as

a67a897as a67a897as a67a897as a67a897as a67a897as

quit smoking

ISAKMP crypto enable internet2-outside

crypto ISAKMP policy 10

preshared authentication

aes encryption

md5 hash

Group 2

life 86400

Telnet 10.0.0.2 255.255.255.255 CSC-MGMT

Telnet 10.0.0.8 255.255.255.255 CSC-MGMT

Telnet timeout 5

SSH 1.2.3.3 255.255.255.240 internet1-outside

SSH 1.2.2.2 255.255.255.255 internet1-outside

SSH 1.2.2.2 255.255.255.255 internet2-outside

SSH timeout 5

Console timeout 0

a basic threat threat detection

Statistics-list of access threat detection

no statistical threat detection tcp-interception

WebVPN

internal VPN_TG_1 group policy

VPN_TG_1 group policy attributes

Protocol-tunnel-VPN IPSec

username ssochelpdesk encrypted password privilege 15 xxxxxxxxxxxxxx

privilege of encrypted password username administrator 15 xxxxxxxxxxxxxx

username vpnuser1 encrypted password privilege 0 xxxxxxxxxxxxxx

username vpnuser1 attributes

VPN-group-policy VPN_TG_1

type tunnel-group VPN_TG_1 remote access

attributes global-tunnel-group VPN_TG_1

address vpnpool1 pool

Group Policy - by default-VPN_TG_1

IPSec-attributes tunnel-group VPN_TG_1

pre-shared-key *.

class-map cmap-DNS

matches the access list DNS-inspect

CCS-class class-map

corresponds to the CSC - acl access list

type of policy-card inspect dns preset_dns_map

parameters

message-length maximum 512

Policy-map global_policy

CCS category

CSC help

cmap-DNS class

inspect the preset_dns_map dns

global service-policy global_policy

context of prompt hostname

Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y

: end

Adding dynamic NAT for 192.168.150.0/24 on the external interface works, or works the sysopt connection permit VPN

Please tell what to do here, to pin all of the traffic Internet from VPN Clients.

That is, that I need clients connected via VPN tunnel, when connected to the internet, should have their addresses IP NAT'ted against the address of outside internet2 network 2.2.2.2 interface, as it happens for the customers of Campus (172.16.0.0/16)

I am well aware of all involved in here, so please be elaborative in your answers. Please let me know if you need more information about this configuration to respond to my request.

Thank you & best regards

MAXS

Hello

If possible, I'd like to see that a TCP connection attempt (e.g. http://www.google.com) in the ASDM logging of the VPN Client when you set up the dynamic NAT for the VPN Pool also.

I'll try also the command "packet - trace" on the SAA, while the VPN Client is connected to the ASA.

The command format is

packet-tracer intput tcp

That should tell what the SAA for this kind of package entering its "input" interface

Still can not see something wrong with the configuration (other than the statement of "nat" missing Dynamics PAT)

-Jouni

NPS Windows Help for authentication of aaa for Cisco router - is it safe?

I am very confused about how all this works and was hoping someone could help me.

I followed a bunch of tutorials online for authentication RADIUS of installation on a Cisco router and he did to a NPS Windows Server. Now I can ssh into the router my AD account.

Now that I got it to work, I go to the settings to make sure everything is secure.

On my router, the config is pretty simple:

aaa new-modelaaa group server radius WINDOWS_NPSserver-private 123.123.123.123 auth-port 1812 acct-port 1813 key mykeyaaa authentication login default local group WINDOWS_NPS

ip domain-name MyDomcrypto key generate rsa

(under vty and console)# login authentication default

On the NPS Windows:

I created a new RADIUS client for the router.
Created a secret shared and specified Cisco as the name of the seller.
Created a new strategy of network with my desired conditions.
And now the frame of the configuration of the network policy that worries me:



So initially I thought my AD credentials were being sent over the wire in plain text, but I did a capture and saw this:

capture.jpg


How is my password being encrypted and how strong is the encryption?

Another thing is how can I configure aaa authentication with mschapv2? The documentation I saw for mschapv2 uses the "ppp authentication ms-chap-v2" command, but I'm not using ppp I'm using aaa with a radius server.

Hello

RADIUS encrypts the password, but sends the username in clear. GANYMEDE encrypts the user name and password.

You can find the encryption used by RADIUS in the RFC scheme:

https://Tools.ietf.org/html/rfc2865#page-27

MS-Chap-V2 is used for the authentication of users such as the remote access and vpn, not management switch

Thank you

John

I need help with an installation failure to interpret and troubleshoot a Setup log.

Background: A few years ago, many editors of cinema used Final Cut Pro 6 (also contained in Final Cut Studio 2) for their editing projects. Shared Apple Final Cut X uses a different format that is not compatible with FCP6. Sometimes, these editors are called to work on a few historical projects that have been published in FCP6 and need this version to run now.

Starting with OS X Lion, FCP6 would install not in Lion and thereafter.

According research by Jeremy Johnston as noted on his blog, he discovered that Apple has inserted a file in the folder CoreServices in the Library folder of the system folder that causes versions the version Final Cut Pro X (and other older Apple programs in the same situation) do not settle. He suggested changes to this file that would seek to prevent interfering with the installation of FCP6 in Lion, many users of final cut PRO 6 were successful in their efforts to install in Lion and work with it.

Later in a discussion update on installing FCP6 in Mavericks, HawaiianHippie determined that the simplest way to perform the installation of FCP6 was simply copy this file and remove it from the system folder, install FCP6 and then restore the copied file:

https://discussions.Apple.com/message/26309669#26309669

I used this method with success to install FCS2 in Yosemite:

[click on images to enlarge]

However, in my attempts to install FCS2 in El Capitan, it fails in the last 5% to install the first DVD:

First of all, I need advice on how to display an extremely large Setup log in this thread (on MacRumors, it is a method to insert a 'code' in a small box that can be the object of a scrollbar if necessary to read all along). I am unable to find such a method to post here.

Then once approved, I need help to determine which component is causing the installation to fail and perhaps this element can be omitted from the installation:

If this element is not required, then maybe FCP6 can be installed successfully without it. And if that omitted element is necessary, perhaps a manual method to install it can be determined by pacifists.

It is my goal to help those who need to install and use FCP6 on their new Macs running El Capitan.

Here is the post on MacRumors with pre-installed Setup log:

http://forums.MacRumors.com/threads/i-need-help-with-an-installation-failure-to-interpret-and-troubleshoot-an-Installer-log.1954786/#post-22541389

Controller of domain and DNS behind RRAS without VPN connected directly to the internet with a Cisco router

I hava a ME Cisco 3400 with physical single port available for a cable connection.

The ISP give me an IP address interface = 89.120.29.89 to act as a gateway to the IP Address of the host, which is provided for in the order 89.120.29.90.

The host computer is a dual Xeon computer with two NICs for LAN and WAN.

Fields of application: to install a windows 2008 R2 between public and private network server.

Even though I know it's not recomanded, I put the DNS role and directories Active Directory roles installed on the same computer, the computer above, (I do not have enough computer for roles different place on different computers)

The desired configuration:

To have installed with his roles behind a WS2008R2 has RRAS. without a VPN.

b with VPN

and for WAN access for the client computers of the private LAN Windows 7 OS. (The basin of LAN address 192.168.0.1 - 255).

First step : to have internet access in the browser (I use Google chrome) (without taking into account the DNS and AD)

Network configuration:

Map NETWORK WAN, at the top of the stack of liaison in the Control Panel/network connections and sharing:

Host IP: 89.120.29.90

Mask: 255.255.255.252

Gateway: 89.120.29.89

DNS: 193.231.100.130 my ISP name server address.

OK, I can browse the internet.

Second stage. (Consider DNS and Active Directories)

DNS instaled role for this computer.

AD installed as a global catalog.

NETWORK WAN server that is directly connected to the Cisco router:

Conection area 3

Properties:

Client for Microsoft Netwaork: not verified

Network Load Balancing: not verified

File and shared printer: not verified

QoSPacketScheduler: not verified;

Microsoft Network Monitor 3 pilot: not verified

IPv4 ; checked

Pilot a Link Layer Topology Mapper i/o: checked

Link layer Discover responder: checked

IPv4 tab

Host IP: 89.120.29.90

Mask: 255.255.255.252

Gateway: 89.120.29.89

DNS: 193.231.100.130 my ISP name server address.

under the tab advanced

IP settings : even that, tab IPV4 with automatic metric check;

DNS tab :

Add primary and connection suffixes DNS specific: not verified

Add suffixes primary DNS suffixes parents: not verified

Add this DNS suffixes: no

Registry deals with this connection in DNS: not verified;

Use this connection DNS suffix in DNS registration: not verified;

WINS tab : enable search LMHOST: not verified

Enable NetBios over TCP IP: don't check;

Disable NetBios on TCP IP: checked;

Connection to the local network 2

Properties :

Client for Microsoft Netwaork: checked

Network Load Balancing: no

File and shared printer: checked

QoS Packet Scheduler: not verified;

Microsoft Network Monitor 3 pilot: not verified

IPv4 checked

Pilot a Link Layer Topology Mapper i/o: checked

Link layer Discover responder: checked

IPv4 tab

NETWORK LAN CARD: 192.168.0.101

Mask: 255.255.255.0

Gateway: 192.168.0.1

under Advanced tab:

IP settings : even that, tab IPV4 with automatic metric check;

DNS tab :

Add primary and connection suffixes DNS specific: checked

Add suffixes primary DNS suffixes parents: not verified

Add this DNS suffixes: no

Registry deals with this connection in DNS: checked;

Use this connection DNS suffix in DNS registration: checked;

WINS tab : enable search LMHOST: not verified

Enable NetBios over TCP IP: check;

Disable NetBios on TCP IP: not verified;

Install RRAS as NAT (NAT) under any condition imposed by DHCP(not installed) in ideea that RRAS will generate the private IP address of the DHCP allocator.

In any case, for the beginning, I have a fix IP, do not get IP automatically.

At this point, it gets the configuration simple posible for RRAS follows:

3, LAN connection that corespond to the WAN interface IP:

"NAT configured for the following Internet interface: Local Area Connection 3.
The clients on the local network will assign the IP addresses of the following range:

network address: 192.168.0.0. netmask 255.255.0.0.

After Windows RRAS are open:

The Network Interfaces tab:

NICs are enabled and connected;

UAL remotely & policies:

Launch NPS,

on the NPS server tab:

Allow access to successful Active Directory directories:

Properties: authentication: port 1812,1645

kept port 1813,1646;

on the accounting tab: nothing;

under NPS policies:

Grant permission for the RRAS server under builin\Administrator of the accounts;

On strategy and the type of server unspecified (NAT do not exist as an entry in the drop-down list server dwn)

under the static road: nothing;

under the IPv4 tab or both are there(there IP) and are up

under NAT

Connection to the local network 3: public interface connected to the internet

enable NAT on this interface:

under the address pool: ISP addresses public;(two addresses)

under the terms of service and the ports: Web server: http 80.

(I have I have a static IP address for the client computer in mind, I set up a single customer).

At the client computer :

configured as domain customer and added to the users AD and computer AD

logon to the domain:

Local Area Connection

Properties:

Client for Microsoft Netwaork: checked

Network Load Balancing: not verified

File sharing and printer: checked

QoS Packet Scheduler: checked;

Microsoft Network Monitor 3 pilot: not verified

IPv4 ; checked

Pilot a Link Layer Topology Mapper i/o: checked

Link layer Discover responder: checked

IPv4 tab

Host IP: 192.168.0.101

Mask: 255.255.0.0

Gateway: 192.168.0.1

DNS: (auto-add the same to the local machine).

under the tab advanced

IP settings : even that, tab IPV4 with automatic metric check;

DNS tab :

Add primary and connection suffixes DNS specific: checked

Add suffixes primary DNS suffixes parents: not verified

Add this DNS suffixes: no

Registry deals with this connection in DNS: checked;

Use this connection DNS suffix in DNS registration: checked;

WINS tab : enable search LMHOST: not verified

Enable NetBios over TCP IP: checked;

Disable NetBios on TCP IP: not verified;

right now the 192.168.0.101 client cannot connect to internet through RRAS.

;

This issue is beyond the scope of this site and must be placed on Technet or MSDN

http://social.technet.Microsoft.com/forums/en-us/home

http://social.msdn.Microsoft.com/forums/en-us/home

Help with the Powershell script to collect logs from all domain controllers

I am writing a script to retrieve the last 5 days of application, security and log files from all domain controllers. The script runs, but fire the logs from the local server only. The variable $Computer has all of my DC so it's the fine mark. I guess it's a problem with my line ForEach-Object, but is not error. See the below script.

$log = 'application '.
$date = get-date-format MM-DD-YYYY
$now = get-date
$subtractDays = new-object System.TimeSpan 5,0,0,0,0
$then = $Now.Subtract ($subtractDays)
$Computers = get-ADDomainController-filter *.
ForEach-Object - InputObject $Computers - process {Get-EventLog - LogName $log - after $then - before $now - EntryType error | select EventID, MachineName, Message, Source, TimeGenerated |} ConvertTo-html | {Out-file $env:TEMP\Applicationlog.htm}
Invoke-Expression $env:TEMP\Applicationlog.htm

Thank you

Rich

Hello

To help with the repost the question script to the script Center Forum

http://social.technet.Microsoft.com/forums/scriptcenter/en-us/home

Need help with following error Message: ERROR of OPENING WET7CABLE. LOG FILE on my Windows XP laptop

Please need help with an Error Message on my cell phone. The message is as follows: ERROR of OPENING WET7CABLE. LOG FILE

This message came after running a disk that was provided by Belkin cable easy transfer (FU279) on my old laptop with Windows XP Home Edition you are trying to transfer my files from my old computer laptop w/Win XP on a new computer laptop w/Win 7. This record is for the Windows XP upgrade to Windows 7 and transfer the files.

I want to thank all in advance for your answers.

Nelson Santiago

Hi NELSONSANTIAGO,

1. when exactly you receive the error message?

2. is the Belkin easy transfer cable recognized by the Windows XP computer?

This file may be located on the Belkin Easy Transfer Cable installation disc.

For more information on how to use or configure the Belkin Easy Transfer cable in Windows XP, see the link below the manual on the Belkin site and check if that helps.

http://en-UK-support.Belkin.com/app/product/detail/p/4825

Support stand not provided my replacement WRT-ngn350 - need help with Cisco contact

Hello!

I'm starting to feel like Michael Douglas in the movie Falling Down and need help.

History:
Finally, I sent to my bad WRT-ngn350 router and when I got the replacement of all but the plastic leg support has been included. I want to have my router stand up to save desktop space, but now I have no foot.

"OK, should not be difficult to get Linksys to send me the missing foot stand" was my thought. Now, I called the online RMA and also emailed them and I get a similar response as Michael Douglas took with a smile

I hear that I can't get the part because it is not on the list the content of the product. As this is * my * problem. I want the part and do not care if it's on a list or not. It is the part on the router in the image. I even asked the representative of Linksys to Google a little bit WRT-ngn350 and there are foot stands on almost all of the images and it is certainly included in the box. I was told that I could go nowhere elsewhere to help with that. I really some doubt but fail to find a channel of Linksys, which may be able to help.

If some representative of Linksys sees this please help me!

Thanks, Niklas

RMA XXXXX - lack of router support/foot

(Mod Note: under the guidance of the compliance of the directive.) E-mail deleted conversation.)

SOLVED!

The representative of Linksys has managed to dig a booth for me to a warehouse. It is mentioned that it is a unique thing because some parts should be sent. Don't forget to remove the stand and send only: router, power and eventually cable NW.

Thanks to Linksys representative.

Cisco router restarts randomly with Bus error

Cisco router restarts randomly with the following error:

System has been restarted by error of bus to PC 0x4183614C, speech 0 x 95848 at 09:30:28 UTC Tuesday, April 23, 2013

I've pasted below see the chimneys and release the version.

view the stacks

Minimum factory chimneys:

Format name / free

5396/6000 inspect Init Msg

Subsystem SPAN 5368/6000

58920/60000 EEM Auto record Proc

Automatic start of 4772/6000 upgrade process

DIB 5164/6000 error message

HAND OF SASL 5396/6000

4968/6000 LICENSE DEFAULT AGENT

5368/12000 Init

4216/6000 update prst

4384/6000 VPN_HW_MIB_CREATION

5188/6000 RADIUS INITCONFIG

Update process random rom 2128/3000

8356/12000 SSH process

Stats URPF 5316/6000

Interruption of battery level:

Level named format / unused

Network interfaces 1 1484828 6284/9000

2 3264990 8548/9000 DMA/Timer Interrupt

3 1 8388/9000 PA Int management Manager

Console 4 115 8612/9000 Uart

External interrupt 5 0 9000/9000

NMI 7 223352 8564/9000 interrupt handler

Spurious interrupts: 11

System has been restarted by error of bus to PC 0x4183614C, speech 0 x 95848 at 09:30:28 UTC Tuesday, April 23, 2013

Software of 2800 (C2800NM-ADVSECURITYK9-M), Version 12.4 (24) T, RELEASE SOFTWARE (fc1)

Technical support: http://www.cisco.com/techsupport

Updated Thursday 25 February 09 17:55 by prod_rel_team

Image text-base: 0 x 40011240, database: 0x42B41940

The failure of the system stack trace:

FP: 0X472252B8, RA: 0X4183614C

FP: 0 X 47225310, RA: 0X418312F8

FP: 0 X 47225348, RA: 0X41647DC0

FP: 0X472253A8, RA: 0X4164A8F4

FP: 0 X 47225428, RA: 0X4164B248

See the version

Cisco IOS software, 2800 Software (C2800NM-ADVSECURITYK9-M), Version 12.4 (24) T, RELEASE SOFTWARE (fc1)

Technical support: http://www.cisco.com/techsupport

Copyright (c) 1986-2009 by Cisco Systems, Inc.

Updated Thursday 25 February 09 17:55 by prod_rel_team

ROM: System Bootstrap, Version 12.4 (1r) [hqluong 1r], RELEASE SOFTWARE (fc1)

availability of Cisco is 28 minutes

System returned to ROM by bus to the 0x4183614C PC error, address 0 x 95848 at 09:30:28 UTC Tuesday, April 23, 2013

System image file is "flash: c2800nm-advsecurityk9 - mz.124 - 24.T.bin".

This product contains cryptographic features and is under the United States

States and local laws governing the import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third party approval to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. laws and local countries. By using this product you

agree to comply with the regulations and laws in force. If you are unable

to satisfy the United States and local laws, return the product.

A summary of U.S. laws governing Cisco cryptographic products to:

http://www.Cisco.com/WWL/export/crypto/tool/stqrg.html

If you need assistance please contact us by mail at

[email protected] / * /.

Cisco 2821 (revision 53.51) with 1036288K / 12288K bytes of memory.

Card processor ID FCZ1017732F

2 gigabit Ethernet interfaces

2 modules of virtual private network (VPN)

Configuration of DRAM is wide with parity 64-bit capable.

239K bytes of non-volatile configuration memory.

250880K bytes of ATA CompactFlash (read/write)

Configuration register is 0 x 2102

You want to use the tool interpreter of output for this work:

http://www.Cisco.com/pcgi-bin/support/OutputInterpreter/home.p

For more information about the resolution of crashes, see this article:

http://www.Cisco.com/en/us/products/HW/IAD/ps397/products_tech_note09186a00800b4447.shtml

In this case, it looks like CSCsy09250, described here:

http://www.Cisco.com/en/us/products/CSA/Cisco-SA-20100324-SCCP.html

You should contact Cisco for the software updated by following the instructions of this bulletin.

That crash possibly caused by part of sone intentionally sends out packets malformed to your device, so if you have reason to believe that someone in your community could run metasploit or similar "Penetration Testing" tools, you can look into that as well.

Help with logs on Cisco router

Similar Questions

capture.jpg

Maybe you are looking for