lockout on the router (aaa new-model)

Similar Questions

• No aaa new-model in the config

  Hi all.

  First Cisco router and first post so please be gentle.

  I did a search on it and I get the same as in the post that see the deliverance

  Router (config) aaa new-model #no

  IOS 12.4 (24)

  I erased the router and when I got it.

  I had configuration, a little as I wanted as a reference point.

  I saved.

  I then started to work on the wireless part of the walk through is because:

  Router (config) #aaa new-model

  Router (config) #.

  So, I went back and tried to erase this line in the config file.

  Yes, I did:

  Router (config) aaa new-model #no

  Router (config) #exit

  router #wr

  See the router # running

  I continue to see the no aaa new-model line in the config.

  So I erased the whole thing to help:

  router #write clear

  and

  router #reload

  said no to save and then default to the last question.

  All recharged and it seemed to be back as before, but then exits show run this OK not how long I erase and reload:

  Router > en
  Router #show run
  Building configuration...

  Current configuration: 1331 bytes
  !
  version 12.4
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  no password encryption service
  !
  router host name
  !
  boot-start-marker
  boot-end-marker
  !
  forest-meter operation of syslog messages
  !
  No aaa new-model
  !
  !
  dot11 syslog
  IP source-route
  !
  !
  !
  !
  IP cef
  No ipv6 cef
  !
  Authenticated MultiLink bundle-name Panel
  !
  !
  !
  !
  !
  !
  Archives
  The config log
  hidekeys
  !
  !
  !
  !
  !
  interface Dot11Radio0
  no ip address
  Shutdown
  base speed - 1.0 2.0 basic basic-5, 5 6.0 9.0 basic-11, 0 12.0 18.0 24.0 36.0 48.0 54.0
  root of station-role
  !
  interface Dot11Radio1
  no ip address
  Shutdown
  Speed - Basic6.0 9.0 basic - 12.0 18.0 basic-24, 0-36.0 48.0 54.0
  -More-
  * 23:40:09.207 Jan 16: % LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, modified root of station-s role
  !
  interface FastEthernet0
  no ip address
  Shutdown
  automatic duplex
  automatic speed
  !
  interface FastEthernet1
  no ip address
  Shutdown
  automatic duplex
  automatic speed
  !
  interface FastEthernet2
  !
  interface FastEthernet3
  !
  interface FastEthernet4
  !
  interface FastEthernet5
  !
  FastEthernet6 interface
  !
  interface FastEthernet7
  !
  interface FastEthernet8
  !
  interface FastEthernet9
  !
  interface Vlan1
  no ip address
  !
  interface Async1
  no ip address
  encapsulation sheet
  !
  IP forward-Protocol ND
  no ip address of the http server
  no ip http secure server
  !
  !
  !
  !
  !
  !
  !
  !
  !
  control plan
  !
  !
  Line con 0
  line 1
  Modem InOut
  StopBits 1
  Speed 115200
  FlowControl hardware
  line to 0
  line vty 0 4
  opening of session
  !
  end

  Is there a way to remove that line from the config, or it is stuck and if stuck is there any effect of him?

  Thank you very much

  Maurice

  Hello Maurice.

  Just to confirm: you want the 'no aaa new-model' command to be removed from your config? If so, this is the default when AAA is disabled on the device. If you want to enable AAA, then just run the same command without the 'no '.

   aaa new-model

  Then save your config:

   write mem

  For more information about this and other controls, you can reference 'Command search tool' Cisco

  https://Tools.Cisco.com/support/CLILookup/cltSearchAction.do

  I hope this helps!

  Thank you for evaluating useful messages!

• AAA new-model

  How this command works "activate the aaa group by default RADIUS authentication? I served my Radius Cisco Secure ACS 4.2 server but I can not connect... Y does it have someone here can give me a understanding on this command? Need this for my CCNA security exam... Help, please...

  Additional information:

  IETF Radius attributes: NAS calls

  Here is my config on R1:

  !

  !

  version 12.4

  horodateurs service debug datetime msec

  Log service timestamps datetime msec

  encryption password service

  !

  hostname R1

  !

  boot-start-marker

  boot-end-marker

  !

  enable secret 5 $1$e.TZ$EXkOaZ0rkd/GBGLA/8GrD/

  !

  AAA new-model

  !

  !

  the AAA authentication enable default group RADIUS

  !

  !

  AAA - the id of the joint session

  !

  !

  resources policy

  !

  memory iomem size 5

  IP cef

  !

  !

  !

  !

  no ip domain search

  IP domain name aida.com

  property intellectual ssh version 2

  !

  !

  username mark password privilege 15 7 110418171C

  username 050A081B29434010 password 7 anthony

  !

  interface Loopback1

  IP 1.1.1.1 255.255.255.255

  !

  interface FastEthernet0/0

  IP 192.168.5.1 255.255.255.248

  automatic duplex

  automatic speed

  !

  interface FastEthernet0/1

  IP 10.10.10.1 255.255.255.252

  automatic duplex

  automatic speed

  !

  Router eigrp 100

  1.1.1.1 to network 0.0.0.0

  Network 10.10.10.0 0.0.0.3

  network 192.168.5.0 0.0.0.7

  No Auto-resume

  !

  !

  !

  no ip address of the http server

  no ip http secure server

  !

  !

  RADIUS-server host 172.16.178.3 auth-port 1645 acct-port 1646 borders 7 xxxxxxxxxxxxxxxxxxxxxxxxxxx

  !

  !

  !

  control plan

  !

  !

  Line con 0

  exec-timeout 0 0

  Synchronous recording

  line to 0

  line vty 0 4

  local connection

  entry ssh transport

  !

  !

  end

  Hi Bro

  The command 'aaa activate by default group radius authentication' means your enable password, you want the router to make reference to the ACS server and obtain the credentials.

  Another example, the command 'aaa radius of group by default authentication enable enable' means your enable password, you want the router to make reference to the ACS server and obtain the credentials. In case your ACS is down, you want the router to see the local enable password and get the credentials.

  I saw what you are trying to achieve and you can do this on the SHELF as well, but I personally prefer GANYMEDE + where possible.

  !

  AAA new-model

  !

  AAA authentication login default local radius group

  AAA authentication enable default group enable RADIUS

  AAA authorization exec default local

  !

  RADIUS-server host 10.0.0.100 auth-port 1645 acct-port 1646 cisco123 keys

  Note: $enab15$, this is because you do not have configured aaa authorization orders. You can add a fictitious user name $enab15$ in your ACS or you could paste the following commands below into your router.

  username admin privilege 15 password 0 cisco123

  operator privilege 7 password cisco123 0 username

  P/S: Please rate this comment, if you find this feedback useful :-)

• Cisco 881 can ping internet but computers behind the router cannot

  I have a cisco 881, which can ping internet but not of any computer behind it. Computers receive a static IP address, that is why there is no DHCP assigned to any LAN interface. Here's the running configuration:

  Building configuration...

  Current configuration: 6435 bytes
  !
  ! Last modification of the configuration at 22:15:30 UTC Friday, March 11, 2016
  !
  version 15.5
  no service button
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  no password encryption service
  !
  router host name
  !
  boot-start-marker
  boot-end-marker
  !
  !
  logging buffered 51200 warnings
  !
  No aaa new-model
  BSD-client server url https://cloudsso.cisco.com/as/token.oauth2
  iomem 10 memory size
  !
  Crypto pki trustpoint TP-self-signed-76299383
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 76299383
  revocation checking no
  rsakeypair TP-self-signed-76299383
  !
  !
  TP-self-signed-76299383 crypto pki certificate chain
  certificate self-signed 01
  30820227 30820190 A0030201 02020101 300 D 0609 2A 864886 F70D0101 05050030
  2F312D30 2B 060355 04031324 494F532D 66 2 536967 6E65642D 43657274 53656C
  69666963 37363239 39333833 31333031 33313231 30333034 301E170D 6174652D
  5A170D32 30303130 31303030 3030305A 302F312D 302B 0603 55040313 24494F53
  2D53656C D 662 5369 676E6564 2D 436572 74696669 63617465 2 373632 39393338
  3330819F 300 D 0609 2A 864886 F70D0101 01050003 818 0030 81890281 8100B39C
  1F1F1B5A 620D3DB7 E4B82486 D8A6E928 E880F817 20D8D5D8 744 HAS 6985 B48A0AEF
  072919 6ABF6428 C 9 272B2F4E 28382554 1D1CC5CD 701F9646 38EEE5CE 67F475C4
  DD5B464B ECBD78AF A5B6B36B D2791CFE E6CB886F B030E179 7A209BC4 1CDC6BA1
  711616 C 4FD6BE16 4 489DCC5F A5EE9729 365858FD 1654EA5F 3B7F90B2 19470203
  010001A 3 53305130 1 130101 FF040530 030101FF 301F0603 551 D 2304 0F060355
  18301680 1465D9D2 8C6F18DF 98EF832A 03DE7ADD 97301 06 03551D0E D45A6C59
  04160414 65D9D28C 6F18DF98 EF832A03 DE7ADDD4 5A6C5997 300 D 0609 2A 864886
  818100A 6 05050003 928BFD76 AEE144B3 540415EE 7DC2339D B6142CF6 F70D0101
  60E3A6DF 06DA321C B711183C 80755902 2D1D9407 857F05ED B987C08D 25002B5F
  F3C0F996 8CDA1830 3F85456B 6C6F2A4B 774B93DC 256AB90E 5A46126C C2D044DB
  3B76F1A2 0E98D2F0 A0D656CF 5031C7D7 1D9D2F88 188927 4 EEAA3915 E97C7B83
  ECF7239B 5B7F0FDD E4C9CA
  quit smoking
  !
  !
  !
  !
  !
  !
  !
  !

  !
  DHCP excluded-address IP 192.168.136.22 192.168.136.30
  DHCP excluded-address IP 192.168.131.22 192.168.131.254
  !
  IP dhcp Internet pool
  network 192.168.131.0 255.255.255.0
  DNS-server 70.28.245.227 184.151.118.254
  router by default - 192.168.131.157
  !
  !
  !
  name of the IP-server 70.28.245.227
  name of the IP-server 184.151.118.254
  IP cef
  No ipv6 cef
  !
  !
  !
  !
  !
  Authenticated MultiLink bundle-name Panel
  !
  !
  !
  !
  !
  !
  !
  !
  CTS verbose logging
  udi pid C881-K9 sn FGL1927224B standard license
  !
  !
  Archives
  The config log
  hidekeys
  username * 15 secret 5 privilege TOHi $1$ $ xwZvR0n8p6r00xE5nnBE11
  !
  !
  !
  !
  !
  !
  !
  crypto ISAKMP policy 1
  BA 3des
  preshared authentication
  Group 2
  isakmp encryption key * address 96.45.14.xx
  !
  !
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  tunnel mode
  Crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
  tunnel mode
  Crypto ipsec transform-set esp-SHA2-ESP-3DES-3des esp-sha-hmac
  tunnel mode
  Crypto ipsec transform-set esp-3des SHA3-ESP-3DES esp-sha-hmac
  tunnel mode
  !
  !
  !
  map SDM_CMAP_1 1 ipsec-isakmp crypto
  Description Tunnel to96.45.14.xx
  the value of 96.45.14.xx peer
  game of transformation-ESP-3DES-SHA2
  match address 102
  !
  !
  !
  !
  !
  !
  interface FastEthernet0
  no ip address
  !
  interface FastEthernet1
  no ip address
  !
  interface FastEthernet2
  no ip address
  !
  interface FastEthernet3
  switchport access vlan 2
  no ip address
  !
  interface FastEthernet4
  port WAN Description
  DHCP IP address
  response to IP mask
  NAT outside IP
  IP virtual-reassembly in
  automatic duplex
  automatic speed
  map SDM_CMAP_1 crypto
  !
  interface Vlan1
  Description of control network
  IP 192.168.131.157 255.255.255.0
  IP access-group VLAN1_In in
  IP nat inside
  IP virtual-reassembly in
  !
  local pool IP VPN 192.168.131.152 192.168.131.155
  default IP gateway - 174.0.0.1
  IP forward-Protocol ND
  IP http server
  23 class IP http access
  local IP http authentication
  IP http secure server
  IP http timeout policy slowed down 60 life 86400 request 10000
  !
  IP high speed-flyers
  Top 10
  Sorting bytes
  !
  IP route 0.0.0.0 0.0.0.0 174.0.0.1 permanent
  !
  VLAN1_In extended IP access list
  Note the incoming traffic
  Note the category CCP_ACL = 1
  Note the crosstalk
  deny ip 192.168.135.0 0.0.0.255 192.168.130.0 0.0.1.255
  deny ip 192.168.136.0 0.0.0.255 192.168.130.0 0.0.1.255
  Note the crosstalk
  deny ip 192.168.130.0 0.0.1.255 192.168.135.0 0.0.0.255
  deny ip 192.168.130.0 0.0.1.255 192.168.136.0 0.0.0.255
  allow an ip
  VLAN1_Out extended IP access list
  Note for diagnosis
  Note the category CCP_ACL = 1
  Note Diag
  IP enable any any newspaper
  allow_all extended IP access list
  Note the category CCP_ACL = 1
  IP enable any any newspaper
  !
  !
  Note category of access list 1 = 2 CCP_ACL
  access-list 1 permit 192.168.1.0 0.0.0.255
  Note access-list category 2 CCP_ACL = 2
  access-list 2 permit 192.168.130.0 0.0.0.255
  Note access-list 100 category CCP_ACL = 4
  Note access-list 100 IPSec rule
  access-list 100 permit ip 192.168.131.0 0.0.0.255 192.168.125.0 0.0.0.255
  Note access-list 100 IPSec rule
  access-list 100 permit ip 192.168.131.0 0.0.0.255 192.168.120.0 0.0.0.255
  Note access-list 101 category CCP_ACL = 4
  Note access-list 101 IPSec rule
  access-list 101 permit ip 192.168.131.0 0.0.0.255 192.168.125.0 0.0.0.255
  Note access-list 102 CCP_ACL category = 4
  Note access-list 102 IPSec rule
  access-list 102 permit ip 192.168.131.128 0.0.0.31 192.168.125.0 0.0.0.255
  Note access-list 103 CCP_ACL category = 4
  Note access-list 103 IPSec rule
  access-list 103 allow ip 192.168.131.0 0.0.0.255 192.168.125.0 0.0.0.255
  !
  control plan
  !
  !
  !
  MGCP behavior considered range tgcp only
  MGCP comedia-role behavior no
  disable the behavior MGCP comedia-check-media-src
  disable the behavior of MGCP comedia-sdp-force
  !
  profile MGCP default
  !
  !
  !
  !
  !
  !
  !
  Line con 0
  no activation of the modem
  line to 0
  line vty 0 4
  access-class allow_all in
  access-class allow_all out
  privilege level 15
  password *.
  opening of session
  transport telnet entry
  telnet output transport
  !
  max-task-time 5000 Planner
  Scheduler allocate 20000 1000
  !
  !
  WebVPN WAN gateway
  IP address 192.168.126.9 port 44443
  redirect http port 80
  SSL trustpoint TP-self-signed-76299383
  development
  !
  WebVPN context PLC
  WAN gateway
  !
  SSL authentication check all
  development
  !
  default group policy
  functions compatible svc
  SVC-pool of addresses "VPN" netmask 255.255.255.224
  SVC Dungeon-client-installed
  generate a new key SVC new-tunnel method
  SVC split include 192.168.131.0 255.255.255.224
  mask-URL
  by default-default group policy
  !
  end

  Any ideas?

  Thank you.

  I see ip nat inside and ip nat outside interfaces configured on. But I don't see any translation of address configured. This would preclude anything inside the unit to be able to access the Internet.

  HTH

  Rick

• Routing problem between the VPN Client and the router's Ethernet device

  Hello

  I have a Cisco 1721 in a test environment.

  A net 172.16.0.0/19 simulates the Internet and a net 192.168.1.0/24 simulates the net, the VPN tunnel must go to (intranet).

  The net 172.16.0.0 depends on the router 0 FastEthernet, Intranet (VPN) hangs on Ethernet 0.

  The configuration was inspired form the sample Configuration

  "Configuring the Client VPN Cisco 3.x for Windows to IOS using Local extended authentication"

  and the output of the ConfigMaker configuration.

  Authentication and logon works. Client receives an IP address from the pool. But there's a routing problem

  side of routers. Ping client-side - do not work (the VPN client statistics that count encrypt them packets, but not to decrypt).

  Ping the router works too, but decrypt and encrypt customer statistics in VPN packets count progressive

  (customer has a correct route and return ICMP packets to the router).

  The question now is:

  How to route packets between the Tunnel and an Ethernet device (Ethernet 0)?

  conf of the router is attached - hope that's not too...

  Thanks & cordially

  Thomas Schmidt

  -.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.- snipp .-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.

  !

  version 12.2

  horodateurs service debug uptime

  Log service timestamps uptime

  encryption password service

  !

  !

  host name * moderator edit *.

  !

  enable secret 5 * moderator edit *.

  !

  !

  AAA new-model

  AAA authentication login userauthen local

  AAA authorization groupauthor LAN

  !

  ! only for the test...

  !

  username cisco password 0 * moderator edit *.

  !

  IP subnet zero

  !

  audit of IP notify Journal

  Max-events of po verification IP 100

  !

  crypto ISAKMP policy 3

  3des encryption

  preshared authentication

  Group 2

  !

  ISAKMP crypto client configuration group 3000client

  key cisco123

  pool ippool

  !

  ! We do not want to divide the tunnel

  ! ACL 108

  !

  Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT

  !

  Crypto-map dynamic dynmap 10

  Set transform-set RIGHT

  !

  map clientmap client to authenticate crypto list userauthen

  card crypto clientmap isakmp authorization list groupauthor

  client configuration address map clientmap crypto answer

  10 ipsec-isakmp crypto map clientmap Dynamics dynmap

  !

  interface Ethernet0

  no downtime

  Description connected to VPN

  IP 192.168.1.1 255.255.255.0

  full-duplex

  IP access-group 101 in

  IP access-group 101 out

  KeepAlive 10

  No cdp enable

  !

  interface Ethernet1

  no downtime

  address 192.168.3.1 IP 255.255.255.0

  IP access-group 101 in

  IP access-group 101 out

  full-duplex

  KeepAlive 10

  No cdp enable

  !

  interface FastEthernet0

  no downtime

  Description connected to the Internet

  IP 172.16.12.20 255.255.224.0

  automatic speed

  KeepAlive 10

  No cdp enable

  !

  ! This access group is also only for test cases!

  !

  no access list 101

  access list 101 ip allow a whole

  !

  local pool IP 192.168.10.1 ippool 192.168.10.10

  IP classless

  IP route 0.0.0.0 0.0.0.0 172.16.12.20

  enable IP pim Bennett

  !

  Line con 0

  exec-timeout 0 0

  password 7 * edit from moderator *.

  line to 0

  line vty 0 4

  !

  end

  ^-^-^-^-^-^-^-^-^-^-^-^-^- snapp ^-^-^-^-^-^-^-^-^-^-^-^-^-^-

  Thomas,

  Can't wait to show something that might be there, but I don't see here. You do not have the card encryption applied to one of the interfaces, perhaps it was not copied. Assuming your description you do it, or should it be, applied to the fa0 and you are connected. Try how you ping? Since the router or a device located on E0? If you ping the router, you will need to do an extended ping of E0 to the ip address of the client has been assigned. If your just ping the router without the extension, you will get sales and decrypts that you declare on the client. Have you tried to ping from the client to interface E0? Your default route on the router is pointing to fa0? You have a next hop to affect? You have several NIC on the client pc? Turn off your other network cards to check that you don't have a problem with routing on the client if you have more than one.

  Kurtis Durrett

• Customers unable to browse the internet on the router from Cisco 871 K9

  Hello world

  "I just bought my Version of K9 Cisco router 871 running this flash system image: c870-advsecurityk9 - mz.124 - 4.T8.bin".

  I am trying to configure this router for home use, while I can block a part of Web traffic (porn sites, sites of films because of the children), but I realized that I was unable to apply the access list Match-class version url (http host).

  My major problem is still the base of the router config. WAN has a DHCP IP assignment with the 192.168.1.0 network

  The Lan is supposed to have 192.168.3.0 network. IP addresses seem to be properly attributed but not able to ping on the internet router. Local client also cannot resolve DNS. Here is my cofig file.

  Please help.

  Richard #sh run
  Building configuration...

  Current configuration: 1727 bytes
  !
  version 12.4
  no service button
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  no password encryption service
  !
  host Richard name
  !
  boot-start-marker
  boot-end-marker
  !
  !
  No aaa new-model
  !
  resources policy
  !
  IP subnet zero
  IP cef
  No dhcp use connected vrf ip
  !
  IP dhcp pool Richard pool
  import all
  network 192.168.3.0 255.255.255.0
  default router 192.168.3.1
  domain richardedet.com
  192.168.1.1 DNS server
  Rental 2 0
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  interface FastEthernet0
  spanning tree portfast
  !
  interface FastEthernet1
  !
  interface FastEthernet2
  !
  interface FastEthernet3
  !
  interface FastEthernet4
  DHCP IP address
  Check IP unicast accessible source - via rx allow by default 100
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  NAT outside IP
  IP virtual-reassembly
  automatic speed
  full-duplex
  !
  interface Vlan1
  Description Local network VLAN
  address 192.168.3.1 IP 255.255.255.0
  !
  IP classless
  IP route 0.0.0.0 0.0.0.0 FastEthernet4
  IP route 192.168.3.0 FastEthernet4 255.255.255.0
  !
  no ip address of the http server
  no ip http secure server
  overload of IP nat inside source list 101 interface FastEthernet4
  IP nat inside source map route RMAP-NAT interface FastEthernet4 overload
  The dns server IP
  !
  recording of debug trap
  recording ease Committee.2
  access-list 100 permit udp any any eq bootpc
  access-list 100 permit tcp any one
  access-list 100 permit icmp any one
  access-list 101 permit ip 192.168.3.0 0.0.0.255 any
  !
  control plan
  !
  !
  Line con 0
  richard password
  opening of session
  no activation of the modem
  telnet output transport
  line to 0
  richard password
  opening of session
  telnet output transport
  line vty 0 3
  richard password
  opening of session
  entry ssh transport
  line vty 4
  richard password
  opening of session
  !
  max-task-time 5000 Planner
  end

  Hello

  problem is that you have changed the IP address of the interface VLAN 1 from 192.168.1.254 to 192.168.1.1
  If you need to change by default-router dhcp pool:
  Select conf t
  Richard-Edet dhcp IP pool
  no default router
  default router 192.168.1.1
  end

  NAT is also missing:
  Enable
  conf t
  IP access-list standard NAT
  permit 192.168.1.0 0.0.0.255
  output
  IP nat inside source list NAT interface SA4 overload
  end

  Also perhaps you cannot ping the router console PC because the computer's firewall blocks the ICMP protocol. In windows, I'm sure he is blocked by the firewall. Then you can try ping 192.168.1.1 from the PC and it should work.

  Try above changes and then write me if it works, or so we can make other changes.
  You can also post the output of the commands (if this will not work):
  router: ip road show
  router: ping 8.8.8.8 (it should work if your internet provider doesn´t blocks the ICMP protocol)
  PC: ipconfig/all

• VPN connection OK but not soumana ping on the ROUTER before the VPN ROUTER

  Hello

  In my test harness, that I am able to connect my CISCO ROUTER with VPN CLIENT and I can ping it also, but when I try to ping something thing on the other router, don't worry, I may be an isue ACL?

  Any help is welcome

  Here below the script and configuration:

  PC (VPN CLIENT)-> C2691 (IPSec VPN)-> C1841(IP 192.168.10.1)

  Router ipsec crypto #sh her

  Interface: FastEthernet0/0
  Tag crypto map: clientmap, local addr 172.18.124.1

  protégé of the vrf: (none)
  local ident (addr, mask, prot, port): (0.0.0.0/0.0.0.0/0/0)
  Remote ident (addr, mask, prot, port): (14.1.1.106/255.255.255.255/0/0)
  current_peer 172.18.124.2 port 500
  LICENCE, flags is {}
  #pkts program: encrypt 0, #pkts: 0, #pkts digest: 0
  #pkts decaps: 59, #pkts decrypt: 59, #pkts check: 59
  compressed #pkts: 0, unzipped #pkts: 0
  #pkts uncompressed: 0, #pkts compr. has failed: 0
  #pkts not unpacked: 0, #pkts decompress failed: 0
  Errors #send 0, #recv 0 errors

  local crypto endpt. : 172.18.124.1, remote Start crypto. : 172.18.124.2
  Path mtu 1500, ip mtu 1500
  current outbound SPI: 0xE9640C2B (3915648043)

  SAS of the esp on arrival:
  SPI: 0xE23C352 (237224786)
  transform: esp-3des esp-sha-hmac.
  running parameters = {Tunnel}
  Conn ID: 2002, flow_id: SW:2, crypto card: clientmap
  calendar of his: service life remaining (k/s) key: (4462659/3582)
  Size IV: 8 bytes
  support for replay detection: Y
  Status: ACTIVE

  the arrival ah sas:

  SAS of the CFP on arrival:

  outgoing esp sas:
  SPI: 0xE9640C2B (3915648043)
  transform: esp-3des esp-sha-hmac.
  running parameters = {Tunnel}
  Conn ID: 2003, flow_id: SW:3, crypto card: clientmap
  calendar of his: service life remaining (k/s) key: (4462669/3579)
  Size IV: 8 bytes
  support for replay detection: Y
  Status: ACTIVE

  outgoing ah sas:

  outgoing CFP sas:
  Router #.

  Router #sh card crypto
  "Clientmap" ipsec-isakmp crypto map 10
  Dynamic map template tag: dynmap

  "Clientmap" 65536 ipsec-isakmp crypto map
  Peer = 172.18.124.2
  Extended IP access list
  ip access list allow any host 14.1.1.106
  dynamic (created from dynamic dynmap/10 map)
  Current counterpart: 172.18.124.2
  Life safety association: 4608000 Kbytes / 3600 seconds
  PFS (Y/N): N
  Transform sets = {}
  RIGHT,
  }
  Interfaces using map clientmap crypto:
  FastEthernet0/0

  Router #.

  Router #sh arp
  Protocol of age (min) address Addr Type Interface equipment
  Internet 192.168.10.1 37 ARPA FastEthernet0/1 0024.c4eb.6600
  Internet 192.168.10.20 6 0024.2b4d.0c5a ARPA FastEthernet0/1
  Internet 192.168.10.200 36 0025.9c39.57e2 ARPA FastEthernet0/1
  Internet 172.18.124.2 1 0022.4135.3f5e ARPA FastEthernet0/0
  Internet 172.18.124.1 - 0013.191f.ac00 ARPA FastEthernet0/0
  Internet 192.168.10.166 - 0013.191f.ac01 ARPA FastEthernet0/1
  Router #.

  Current configuration: 2320 bytes
  !
  version 12.4
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  no password encryption service
  !
  router host name
  !
  boot-start-marker
  boot system flash: c2691-adventerprisek9 - mz.124 - 5a .bin
  boot-end-marker
  !
  !
  AAA new-model
  !
  !
  AAA authentication login userauthen local
  AAA authorization groupauthor LAN
  !
  AAA - the id of the joint session
  !
  resources policy
  !
  IP cef
  !
  !
  No dhcp use connected vrf ip
  DHCP excluded-address IP 172.18.124.1
  !
  dhcp VPN IP pool
  import all
  network 172.18.124.0 255.255.255.0
  router by default - 172.18.124.1
  lease 5
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  Fax fax-mail interface type
  0 username cisco password Cisco
  !
  !
  !
  crypto ISAKMP policy 3
  BA 3des
  preshared authentication
  Group 2
  !
  ISAKMP crypto client configuration group 3000client
  key cisco123
  DNS 8.8.8.8
  domain cisco.com
  pool ippool
  !
  !
  Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT
  !
  Crypto-map dynamic dynmap 10
  Set transform-set RIGHT
  !
  !
  map clientmap client to authenticate crypto list userauthen
  card crypto clientmap isakmp authorization list groupauthor
  client configuration address map clientmap crypto answer
  10 ipsec-isakmp crypto map clientmap Dynamics dynmap
  !
  !
  !
  !
  interface FastEthernet0/0
  IP 172.18.124.1 255.255.255.0
  automatic speed
  Half duplex
  clientmap card crypto
  !
  interface Serial0/0
  no ip address
  Shutdown
  !
  interface FastEthernet0/1
  IP 192.168.10.166 255.255.255.0
  automatic speed
  Half duplex
  !
  interface Serial1/0
  no ip address
  Shutdown
  series 0 restart delay
  No terminal-dce-enable-calendar
  !
  interface Serial1/1
  no ip address
  Shutdown
  series 0 restart delay
  No terminal-dce-enable-calendar
  !
  interface Serial1/2
  no ip address
  Shutdown
  series 0 restart delay
  No terminal-dce-enable-calendar
  !
  interface Serial1/3
  no ip address
  Shutdown
  series 0 restart delay
  No terminal-dce-enable-calendar
  !
  IP local pool ippool 14.1.1.100 14.1.1.200
  IP route 0.0.0.0 0.0.0.0 192.168.10.1
  !
  !
  IP http server
  no ip http secure server
  !
  TEST extended IP access list
  allow an ip
  TEST2 extended IP access list
  allow an ip
  !
  !
  !
  !
  !
  control plan
  !
  !
  !
  !
  !
  !
  Dial-peer cor custom
  !
  !
  !
  !
  !
  !
  Line con 0
  transportation out all
  Speed 115200
  line to 0
  transportation out all
  line vty 0 4
  transport of entry all
  transportation out all
  !
  !
  end

  Hello

  You have this Setup:

  PC (VPN CLIENT)-> C2691 (IPSec VPN)-> C1841(IP 192.168.10.1)

  When it is connected with the VPN client, can you PING the LAN IP of the C2961?

  This communication should go through the tunnel and you should see encrypted packets on the "sh cry ips its"

  In order to do a PING of the C1841, the C1841 needs a route back to the C2961 when the traffic is for VPN client (assuming that there is not a default gateway in place).

  Federico.

• No remote access after you activate the Radius AAA

  Hello

  I can't access our catalyst 4006 after activating the AAA for RADIUS. I have install IAS on our domain controller configuration / a catalyst as a Radius client and configured a remote access policy that points to an ad group to allow access to the switch. When I try to connect to catalyst by my user information in AD, it seems to crash after I type my password, asks for the password again, then says access denied. This happens both on the console and through a telnet session. I have included below the configuration of my AAA.

  What Miss me?

  Tim

  (Cisco IOS 12.2 v software (25) EWA14)

  AAA new-model

  !

  RADIUS-server host 10.100.x.x auth-port 1812 acct-port 1813 key xxxxxxxxxx

  Server RADIUS ports source-1645-1646

  !

  AAA Radius Server Group server RADIUS

  Server 10.100.x.x auth-port 1812 acct-port 1813

  !

  AAA authentication login default group local line Radius servers

  the AAA authentication enable default group, select Radius servers

  Authentication servers-Radius AAA dot1x default group

  Group AAA authorization exec default for authenticated if Radius servers

  Group AAA authorization network default Radius servers

  AAA dot1x default arrhythmic accounting Radius Servers group

  AAA accounting by default start-stop group Radius servers directly

  !

  line vty 0 4

  by default the authentication of connection

  Tim

  I think that the immediate problem is that the source address of your switch ussed is not address who is pregnant with Ray. The Radius Server is 10.100.182.250 and it is in the subnet of the interface vlan 182. If the address of the interface vlan 182 will be the source address of the Radius request. Difficulty which is to use the command of source ip range address and specify the address at which you want the switch to be used. Of course, in the short term, it would be easier to change the Radius Server to wait 10.100.182.2 as the address of the customer.

  HTH

  Rick

• EA6500 unable to connect to the router after Time Machine

  Just got an EA6500 - updated to the latest firmware available.

  I have attached 2 x WD NAS and 1 x WD through the USB port of the device.

  Each time after I finished running Time Machine on the MacBookPro (written to one of the WD NAS), I can no more connection to the router as neither the local IP, or the cisco connect cloud. The error message I get (loosely formulated) is: unable to connect to the router. Please ensure that the router is connected to the internet.

  At this point, all the devices connected to the router (wired and wireless) still can access Internet perfectly. Only the console of the router is therefore more accessible.

  Anyone else have the issue?

  Any ideas on how to solve it?

  Contact support for Cisco and the person advised me to do a factory reset (even if the router is new with no customization!). Regardless, it now works correctly. Cisco Cloud Connect works always before, during, and after a Time Machine.

  "When in doubt, try to turn the grid and the.

• Printers HP B110a cannot communicate with the laptop, but both will be connected to the router?

  OK, here's an interesting problem that has been banging my brain for hours, one of my friends has a HP Photosmart all in one printer B110a. Now I can get the printer to connect to the wireless router, no problem. Can I also have the phone to connect to the router, the problem is that the printer cannot communicate with the laptop. The router brand and model is the Linksys wrt54g

  Now, I took my friends laptop home and tried to see if she could detect my wireless printer model different on my router which is a TP WR340GD I went in devices and printers, and went to Add a printer and Add Printer wireless, it instantly detected my printer via the wireless network. There is no problem on the side of the laptop. I am sure that any firewall on the laptop was turned off when I tried the connected printer.

  So now I have my friends printer here with me and decided to try and see if I could detect the HP Photosmart printer All In One Printer on my laptop on my TP WR340GDwireless router. Yet once, it worked perfectly and it has detected the printer and works wireless without fault.

  I'm down now to the conclusion that the problem is with my friends router Linksys wrt54g I'm gone in the settings of the router, change the wireless channels, changed security between WEP and WPA/WPA2 and AES AND TKIP wireless and this does not solve the problem.

  I can access to the Photosmart B110a: the Web server integrated in a browser ONLY if I have the laptop to the router physically connected by Ethernet cable when trying to access my router from a friend, but I can access through wireless on my router. The problem is probably something very simple that I forgot, but I was more all I can think that I tried to reset harder than the printer cleaned the network settings on the printer as well from the display of the printer menu.

  I'm really lost now, someone at - it suggestions?

  Hey pcwizard, ok, I checked the router settings and Mac filtering turned on, so I decided to reset the router, it restored to factory settings. Re-Setup wireless and once again I tried, still had no luck with the laptop to communicate with the printer.

  in any case, I decided to connect the cable from the printer to the laptop and took the USB to wireless Assistant. As I reinstalled it the printer using the wired method.

  He told me that the rules of traffic incoming and outgoing firewall stopped communication between devices and assign port numbers 427-9000 etc.. However, I had turned off all firewall, Windows and Norton 360, which since then, I've replaced with a better anti-virus software.

  I went into the settings of the router, port forwarded the application numbers, tried again and is again no luck. I'm usually pretty good with computers, but it was really annoying me. So I went and had a coffee and a brainwave came and I decided to see if my laptop could detect and connect the printer to the router. As soon as I tried it, he finds and the printer has detected immediately.

  Then I thought there must be something on my laptop to friends who may be at the origin of the problem, when I looked, I noticed that my friend had the old software Vodafone Mobile Broadband running in the background which was connected to the router.

  So I closed and turn it off and tried again adding printer. SUCCESS now detects it and the printer is now communicate and respond with the laptop. I'm guessing that the Vodafone Mobile Broadband have a built-in firewall blocking the communication. However it is strange because it worked without problem on my printer at home, so I wonder if some how blacklisted broadband Vodafone IP address of the printer at a time on their router.

  I'm so happy, it's finally done, a lot of hours and work, and after all this time it was * beep * Vodafone.

  in any case Pcwizard I thank very much for trying to help, no doubt has given me a few ideas.

  Thanks again!

• I have a HP officejet K-550dtn. New wireless n router. I can't get the router to see the printer.

  This printer used to work properly as a network using Actiontec or Linksys printer b/g router.  I upgraded my network for a 802.11n system and I cannot get the new router to see the printer.  After several hours of fighting, I find that the printer configuration page shows its IP address as 192.168.1.103.  Unfortunately, the DHCP server on the new router uses address 192.168.0.100 - 192.168.0.200 only.

  The disc that came with the printer does not work in one of my computers, because the BONE is newer than Win XP.

  Any ideas on how I can change the internal IP address of the printer to something the router will recognize?

  I wouldn't get rid of this printer, since it is always does a great job.

  (I can still print to the printer with a computer server network address to which it is connected by a USB cable, but requiring everyone goes up to this computer before making the print command in order to ensure that it is not hibernation.)  If I can't print directly via the router, I think I will return the router and go slowly until I can't take it anymore.

  Thank you

  Dweezel

  I finally understood that.  Here's how, in case someone else meets this.

  I don't mention that there is a Verizon FIOS router behind the wireless-n router, and it uses the model of 192.168.1.XXX.

  On a hunch, I ping the FIOS router, and there was a response.  The K-550 ethernet cable was plugged into the wireless n router and I tried it ping 192.168.1.103.  No response.  I then connected the ethernet printer cable in one of the connectors of the FIOS router replacement.  He ping again and got 4 beautiful quick returns.

  I moved to one of the computers on the wireless network and checked to see if the printer was there.  Joy!  There were two cases.  One was the connection recently configured via the USB port on the server computer.  The second was through the previously used x.x.x.103 port.  I can print using this forum, and I made it the default printer.

  It had not occurred to me to use a port across the wireless n router.

  Dweezel

• Question about the replacement of router and new network location. Is this normal?

  Yesterday, I replaced my router with a another router of the exact same brand, model, and firmware version. The only thing that has changed as far as the router will have the MAC address.

  In any case, after that I swapped the router and plugged the network cable, I could use Internet all day very well. This morning when I turned on the computer, introduced me to all of a sudden with the Wizard "Set network location", and Windows has created a new situation "network 2". Everything always seem to work well.

  I want to just make sure that it is the expected, normal Windows 7 behavior after changing a router. I'm just a little paranoid because the network location Wizard pops up only the next day, I replaced the router, and not immediately after I plugged in the cable.

  Thank you!

  Yes. It's normal.  The delay in the command prompt is a little unusual, but I've seen this before.

• What happens if I buy a macbook, then they release the new model?

  I went into my local Apple store and they asked me where I needed my computer by because they have an event 7. Now I need to buy my computer before then (I also want to free beats since I was a student). However, what happens if they release a new macbook right after that I have to buy mine? I think that the person in the store says that if you buy within 60 days of a new version they'll move your model to the newest one. Is this true? Also if this is how it works with online shopping, is 60 days since you ordered online or 60 days because you have actually received your macbook? (I assume that since you place your order)

  Thanks for your help!

  What happens if you buy a car or a TV, or other technology and then a few days later a new model comes out?

  You always bought what you paid for.  There may be exchange for privileges, or you may be able to sell your privately purchased item and then buy a new one.  Or you can be very happy with your purchase and keep and enjoy.

  In the case of the MacBook, if you buy a new computer running El Capitan, you will certainly be able to upgrade to MacOS Sierra once that came out later in the fall.

  If you can wait and explore the unknown, with unknown characteristics and an unknown release date, or you can buy a known quantity as soon as possible.

• When the new models Qosmio from Toshiba, which will be released?

  Hello everyone!
  recently, I have myself a model of s885 - 01 l toshiba satellite. I got in 2013 and was very pleased with her on the work plan and game practices. However, due to the exponential of the hardware upgrades, I need a new laptop computer with solid game capabilities. I heard from a friend that the qosmio models have these specs I'm looking for, but the problem is that none of the new models have a processor intel of the 6th generation of skylake. If im right here wanting to ask anybody on hints of a new model, since the last version was revealed at the end of 2015, but only with the 4th gen of intel which is not enough for my application. I also tried to reach the clientele but without success.

  I'm looking for is a solid portable technique of the series qosmio with 32 GB of ram, 6 to 8 GB of vram with nvidia or amd graphics (amd, I prefer), 1-2 TB of hard disk, of course a processor intel 6th generation, and both with windows 10 including directx12. I hope to be able to upgrade the hardware in regards to the graphics card, hard drive and ram.

  I hope you could help me with my recent favor, I hope that there is always a model released before the end of 2016.
  Thank you very much in advance,
  Kind regards
  Martin

  471 views and not one answer? Come on guys, I know you can do better than that! does really that much? It seems that nobody has an idea, even Admins!

• Is it possible to transfer music from an ipod 4G for the new model?

  I got my ipod touch 4g since 2010 and I was too cheap to upgrade. Now that the battery life has been emptying faster than ever and high sleep button no longer works, I think its time to finally switch to this new model.

  The bad part is that for the last 6 years, I have collected 12.6 GB worth of music on my ipod touch with nearly 85 per cent of it related to the device itself and not on my pc. I usually have the removed from the computer as Itunes would always keep always on my ipod touch as long as the songs were always listed in the library.

  I was wondering is there a way to transfer my music from my old ipod touch to the new model?

  Your i-device was not designed for unique storage of your media. It is not that a transfer backup device and media has been planned with you keep a master copy of your media on a computer that is in itself independently supported against loss.  To use a device with a different configuration, you pass the old library from a computer or a backup directly in the new configuration, not the device to the library. Synchronization of media isn't a way, computer to the device, update the contents of the device to the content on the computer, update or restore the content on a computer. The exception is iTunes Store purchases that can be transferred to a computer.

  Redownload or transfer your iTunes Store purchases an iPhone, iPad or iPod to computer - https://support.apple.com/en-us/HT201267 - 'this feature only works for content purchased from the iTunes Store. From iOS9 is more apps that now need to be re-downloaded directly from the store.

  To transfer other items from an i-device to a computer, you will need to use third-party commercial software.  See this document in turingtest2: recover your iTunes library from your iPod or device iOS - https://discussions.apple.com/docs/DOC-3991 even this method can fully recover what you originally had in the library. For example, in order to save space during synchronization if you had converted music files at a lower rate, or photos at a lower resolution, it is these lower quality files that will pick you up.

  If you subscribe to the Apple music, titles that are not part of the content that you have purchased or downloaded may not be transferred and must be downloaded directly from iCloud.