Problem Cllient VPN Windows XP and NAT Cisco [7:69595]
Hello people, I have problem with Client VPN Windows XP and NAT Cisco. When I try connect to Server PPTP Windows 2000 Server, the client return an ERROR 721. The mysterious, if I use client vpn in Windows 98,ME,2000, there isn't problem with connection. Too If I use Windows XP and router 3com or Zyxel, the connection is OK. Too I have changed the IOS version for other more old and more new, the problem continue. I hope you can help me, Best Regards, Features of my Cisco 827-4v: Cisco Internetwork Operating System Software IOS (tm) C820 Software (C820-OV6Y6-M), Version 12.2(8)YN, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) Synched to technology version 12.2(11.2u)T TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Tue 29-Oct-02 21:20 by ealyon Image text-base: 0x800131D8, data-base: 0x80C3036C ROM: System Bootstrap, Version 12.2(4r)XM2, RELEASE SOFTWARE (fc1) ROM: C820 Software (C820-OV6Y6-M), Version 12.2(8)YN, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) arinauto uptime is 6 hours, 9 minutes System returned to ROM by reload System image file is flash:c820-ov6y6-mz.122-8.YN.bin CISCO C827-4V (MPC855T) processor (revision 0x801) with 31744K/1024K bytes of memory. Processor board ID JAD07140JGM (3824023002), with hardware revision CPU rev number 5 Bridging software. 4 POTS Ports 1 Ethernet/IEEE 802.3 interface(s) 1 ATM network interface(s) 128K bytes of non-volatile configuration memory. 8192K bytes of processor board System flash (Read/Write) 2048K bytes of processor board Web flash (Read/Write) Configuration register is 0x2102 -- -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=69595t=69595 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
static NAT and Overload [7:66602]
Hello people, I have a question about NAT. Is possible configure IOS for ip nat inside source static and ip nat inside source list overload in the same connection ?. In other routers (Zyxel,Efficient,3com) this technique is designate how monouser or multiuser. I explain this, I need redirect all ports of Public IP to local IP, but I too need that others users can connect to internet for the same router and connection. Configuration monouser (this run OK, but only PC 192.168.10.2 can connect to Internet) interface eth0 192.168.10.1 ip nat inside interface dialer 0 ip address negotiated (ISP give me allways the same IP) ip nat outside ip nat inside source static 192.168.10.2 80.10.10.1(IP ISP) Configuration multiuser (this run OK, but I don't want this) interface eth0 192.168.10.1 ip nat inside interface dialer 0 ip address negotiated (the ISP give me allways the same IP) ip nat outside ip nat inside source list 1 interface dialer 0 overload access-list 1 permit 192.168.10.0 255.255.255.0 Configuration monouser and multiuser (Only run PC in the static NAT, I want others PC too connect) interface eth0 192.168.10.1 ip nat inside interface dialer 0 ip address negotiated (the ISP give me allways the same IP) ip nat outside ip nat inside source list 1 interface dialer 0 overload ip nat inside source static 192.168.10.2 80.10.10.1 access-list 1 permit 192.168.10.0 255.255.255.0 I know for my experience, this is possible in routers Zyxel. With this configuration you can use netmeeting,msn,etc and other softwares that don't run very well before NAT . This is limited to only PC, the PC or IP configurated in static NAT. Best Regards -- -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=66602t=66602 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem 7206 PA-A3-OC3 and Multilink E1 [7:59959]
Ok, I think that problem was in aaa authentication and encapsulation ppp. If you configure encapsulation ppp in the interface and you enable aaa you need put ppp pap sentusername in the interface, and add users for the authentication. Other problem is the bandwidth in the BUS is exceded, for solve this problem, the best solution is you put the PA-A3-OC3 only o single in the BUS and don't share the BUS with other PA. -- -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Alfredo Pulido escribis en el mensaje [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello people, I have a problem in my 7206 when I insert a Port Adapter ATM OC3 (PA-A3-OC3) in the chassis, then the Multilink of E1's is down. This device has a PA-8T-V35, in this PA is possible run E1 connections, and PA-FE-TX. In this router there are 5 E1 connections, 3 E1 connections are group in a multilink, and the others 2 E1 aren't group. So the router run perfectly, but the problem take place when I insert the PA-A3-OC3, the Multilink E1 is down. Can anybody help me? Regards to all, and Happy new year. -- -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=60101t=59959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Problem 7206 PA-A3-OC3 and Multilink E1 [7:59959]
Hello people, I have a problem in my 7206 when I insert a Port Adapter ATM OC3 (PA-A3-OC3) in the chassis, then the Multilink of E1's is down. This device has a PA-8T-V35, in this PA is possible run E1 connections, and PA-FE-TX. In this router there are 5 E1 connections, 3 E1 connections are group in a multilink, and the others 2 E1 aren't group. So the router run perfectly, but the problem take place when I insert the PA-A3-OC3, the Multilink E1 is down. Can anybody help me? Regards to all, and Happy new year. -- -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=59959t=59959 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Problem Gatekeeper and registratio gateway [7:53420]
Hello People, I don't Know because the e-mail that I sent to news groupstudy is corrupt in the news. Below is the original e-mail I wrote in my PC, and I sent to groupstudy. If you not receive the configuration gatekeeper and gateway, please you contact with me again. Thanks for all, Waiting for you answerr, Regards, -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- ORIGINAL E-MAIL: Hello people, I have a problem when I want support AAA in my Gatekeeper. If Gatekeeper is configured without AAA, all run OK. My Hardware for the Gatekeeper is 3620, IOS 12.2(8)T5. Gateway 827. The configuration with AAA is in LOCAL, in the future they will be with RADIUS. CONFIGURATION: GATEKEEPER: FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Virus Attack and how to tackle it? [7:44936]
You look this page from Cisco. http://www.cisco.com/warp/public/63/nbar_acl_codered.shtml I hope this help. -- -- Alfredo Pulido [EMAIL PROTECTED] CCDA Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- a. ahmad escribis en el mensaje [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Dear Members, 1-We are getting Virus attack message on our proxy(Squid)Machine not only from our own IP Pool but also from outside, Please guide how to tackle it as it is constantly chocking our Bandwidth. i.e. one of the virus attack message we are getting on our proxy(squid) machine is as under:- 106226.976 5 202.192.204.130 TCP_Miss/503 1210 Get http://www/_mem_bin/..%255c../..%255../..%255../winnt/system32/cmd.exe? - DIRECT/www - 106228.156 6 202.192.204.130 TCP_Miss/503 1266 Get http://www/msadc/..%255c../..%255c../..%255c../..%c1%1c../..%c1%1c../..%c1%1 c../winnt/system32/cmd.exe? - DIRECT/www - 106229.324 3 202.192.204.130 TCP_Miss/503 1170 Get http://www/Scripts/..%c1%1c../winnt/system32/cmd.exe? - DIRECT/www - 106230.625 23 202.192.204.130 TCP_Miss/503 1170 Get http://www/Scripts/..%c0%2f../winnt/system32/cmd.exe? - DIRECT/www - 106231.841 8 202.192.204.130 TCP_Miss/503 1170 Get http://www/Scripts/..%c0%af../winnt/system32/cmd.exe? - DIRECT/www - ...etc etc 2- we want to trace that which IP's are utilizing our maximum bandwidtth so that we can limit that trafiic accordingly in order to get Maximum efficiency? Thank you in advance! Ahmad Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44939t=44936 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: VPN ERROR %CRYPTO-6-IKMP_MODE_FAILURE [7:44374]
Hello people, I have solutioned the problem for connect VPN Fully Meshed. The solution: You have to add all peers in all crypto map Sample: BAD CONFIGURATION crypto map vpn 10 ipsec-isakmp set peer 100.100.100.249 set transform-set rtpset match address 102 crypto map vpn 20 ipsec-isakmp set peer 100.100.100.170 set transform-set rtpset match address 101 GOOD CONFIGURATION crypto map vpn 10 ipsec-isakmp set peer 100.100.100.249 - set peer 100.100.100.170 set transform-set rtpset match address 102 crypto map vpn 20 ipsec-isakmp set peer 100.100.100.170 - set peer 100.100.100.249 set transform-set rtpset match address 101 Now the VPN between A-B,A-C and B-C is OK. With this solutions, seemingly the next error it's solutioned, so that peer address xxx.xxx.xxx.xxx not found now is found. 11:32:20: IPSEC(validate_proposal_request): proposal part #1, (key eng. msg.) dest= 100.100.100.249, src= 100.100.100.169, dest_proxy= 10.0.0.0/255.255.255.0/0/0 (type=4), src_proxy= 192.168.0.0/255.255.255.0/0/0 (type=4), protocol= ESP, transform= esp-des esp-md5-hmac , lifedur= 0s and 0kb, spi= 0x0(0), conn_id= 0, keysize= 0, flags= 0x4 11:32:20: IPSEC(validate_transform_proposal): peer address 100.100.100.169 not found 11:32:20: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 100.100.100.169 Thanks for you help. -- -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Steven A. Ridder escribis en el mensaje [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Looks like the devices aren't configured with same properties. Alfredo Pulido wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Hello, I'm trying make a Fully Meshed VPN connections between 3 (Ra,Rb,Rc) routers 827-4V, The used IOS is: c820-k8osv6y6-mz.122-2.T4.bin - IP/FW/VOICE PLUS IPSEC 56 When I configure the VPN (Ra-Rb), the VPN it's established OK. But I configure VPN (Ra-Rb and Ra-Rc), the system report a error with the peer Rc, and the VPN it's not established between (Ra-Rc),however, the VPN (Ra-Rb) is OK. I had trying conjugations (Rb-Ra ,Rb-Rc) and (Rc-Ra,Rc-Rb) and (Rb-Rc,Rb-Ra) and (Rc-Rb,Rc-Ra), and I had received the same ERROR. The system error is: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at xxx.xxx.xxx.xxx In Cisco I had see only this information: Error Message %CRYPTO-6-IKMP_MODE_FAILURE: Processing of [chars] mode failed with peer at [IP_address] Explanation Negotiation with the remote peer has failed. Recommended Action If this situation persists, contact the remote peer. I had locked many documents in Cisco, but I don't know how to solve this problem. I shearched a document in Cisco for this type VPN http://www.cisco.com/warp/public/707/ios_meshed.html Flash Configuration: Ra: IP VPN: 100.100.100.170 IP LAN: 10.0.1.1 Rb: IP VPN: 100.100.100.169 IP LAN: 192.168.0.2 Rc: IP VPN: 100.100.100.249 IP LAN: 10.0.0.1 Debug Information router (Ra) when I try connect (Rc-Ra) (debug crypto isakmp) 02:35:37: ISAKMP (0:0): received packet from 100.100.100.249 (N) NEW SA 02:35:37: ISAKMP: local port 500, remote port 500 02:35:37: ISAKMP (0:2): processing SA payload. message ID = 0 02:35:37: ISAKMP (0:2): found peer pre-shared key matching 100.100.100.249 02:35:37: ISAKMP (0:2): Checking ISAKMP transform 1 against priority 1 policy 02:35:37: ISAKMP: encryption DES-CBC 02:35:37: ISAKMP: hash MD5 02:35:37: ISAKMP: default group 1 02:35:37: ISAKMP: auth pre-share 02:35:37: ISAKMP (0:2): atts are acceptable. Next payload is 0 02:35:37: ISAKMP (0:2): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR 02:35:37: ISAKMP (0:2): sending packet to 100.100.100.249 (R) MM_SA_SETUP 02:35:38: ISAKMP (0:2): received packet from 100.100.100.249 (R) MM_SA_SETUP 02:35:38: ISAKMP (0:2): processing KE payload. message ID = 0 02:35:38: ISAKMP (0:2): processing NONCE payload. message ID = 0 02:35:38: ISAKMP (0:2): found peer pre-shared key matching 100.100.100.249 02:35:38: ISAKMP (0:2): SKEYID state generated 02:35:38: ISAKMP (0:2): processing vendor id payload 02:35:38: ISAKMP (0:2): speaking to another IOS box! 02:35:38: ISAKMP (0:2): sending packet to 100.100.100.249 (R) MM_KEY_EXCH 02:35:38: ISAKMP (0:2): received packet from 100.100.100.249 (R) MM_KEY_EXCH 02:35:38: ISAKMP (0:2): processing ID payload. message ID = 0 02:35:38: ISAKMP (0:2): processing HASH payload. message ID = 0 02:35:38: ISAKMP (0:2): SA has been authenticated with 100.100.100.249 02:35:38: ISAKMP (2): ID payload
Re: problem with crypto access list !!! [7:44598]
You will solve this problem if you first remove the crypto map xxx in the interface where you attach this crypto map xxx, then you can remove access-list or change configuration in the crypto map,etc. When you finish the reconfiguration, you put again the crypto map in the correct interface. Hope this help. -- -- Alfredo Pulido [EMAIL PROTECTED] CCDA Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Jim Gillen escribis en el mensaje [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Pat Some comments: 1. For IPSec to work the access list at the other end for the crypto map priority that is matched in the SA must be the mirror of yours ie. access-list 120 permit ip 10.54.1.0 0.0.0.255 10.55.1.0 0.0.0.255 2. issue a sh crypto ipsec sa command with the access list still active and the with the access list deleted. The output of this command will tell you if any IPSec connections have been formed. 3. Try a debug crypto isakmp and debug crypto ipsec and apply the crypto map to the interface and watch the debug output. Example outputs are on the CCO... 3. Is this same access list applied to the interface you telnet to the other router in such a way that removing it leaves a deny any any on that interface ( I assume the access list 20 you refer to is actually access list 120)? Hope this helps. Cheers Jim Gillen Snr Communications Engineer AUSTRAC Ph: 9950 0842 Fax: 9950 0074 pat 21/05/02 14:00:38 This message has been scanned by MAILSweeper. I am trying to set up site to site tunnel between cisco routers. I am having problem with crypto access list on remote outers. I am configrung access-list 120 crypto commands as follows crypto isakmp policy 10 authentication pre-share crypto isakmp key ** address XX.XX.XX.XX ! ! crypto ipsec transform-set test esp-3des esp-md5-hmac ! crypto map test 20 ipsec-isakmp set peer XX.XX.XX.XX set transform-set test match address 120 access-list 120 permit ip 10.55.1.0 0.0.0.255 10.54.1.0 0.0.0.255 I have acess to remote routers through telnet over the internet. List 20 is in no way related to my access. But when I try to remove access-list 20 i loose my telnet session can't ping it either. This happened on multiple remote routers. I am using IOS (tm) C2600 Software (C2600-IK9O3S-M), Version 12.2(3), RELEASE SOFTWARE (fc1) In ideas why this is happening ? Thank you all, Pat __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com __ To unsubscribe from the SECURITY list, send a message to [EMAIL PROTECTED] with the body containing: unsubscribe SECURITY ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=44645t=44598 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
VPN ERROR %CRYPTO-6-IKMP_MODE_FAILURE [7:44374]
Hello, I'm trying make a Fully Meshed VPN connections between 3 (Ra,Rb,Rc) routers 827-4V, The used IOS is: c820-k8osv6y6-mz.122-2.T4.bin - IP/FW/VOICE PLUS IPSEC 56 When I configure the VPN (Ra-Rb), the VPN it's established OK. But I configure VPN (Ra-Rb and Ra-Rc), the system report a error with the peer Rc, and the VPN it's not established between (Ra-Rc),however, the VPN (Ra-Rb) is OK. I had trying conjugations (Rb-Ra ,Rb-Rc) and (Rc-Ra,Rc-Rb) and (Rb-Rc,Rb-Ra) and (Rc-Rb,Rc-Ra), and I had received the same ERROR. The system error is: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Informational mode failed with peer at xxx.xxx.xxx.xxx In Cisco I had see only this information: Error Message %CRYPTO-6-IKMP_MODE_FAILURE: Processing of [chars] mode failed with peer at [IP_address] Explanation Negotiation with the remote peer has failed. Recommended Action If this situation persists, contact the remote peer. I had locked many documents in Cisco, but I don't know how to solve this problem. I shearched a document in Cisco for this type VPN http://www.cisco.com/warp/public/707/ios_meshed.html Flash Configuration: Ra: IP VPN: 100.100.100.170 IP LAN: 10.0.1.1 Rb: IP VPN: 100.100.100.169 IP LAN: 192.168.0.2 Rc: IP VPN: 100.100.100.249 IP LAN: 10.0.0.1 Debug Information router (Ra) when I try connect (Rc-Ra) (debug crypto isakmp) 02:35:37: ISAKMP (0:0): received packet from 100.100.100.249 (N) NEW SA 02:35:37: ISAKMP: local port 500, remote port 500 02:35:37: ISAKMP (0:2): processing SA payload. message ID = 0 02:35:37: ISAKMP (0:2): found peer pre-shared key matching 100.100.100.249 02:35:37: ISAKMP (0:2): Checking ISAKMP transform 1 against priority 1 policy 02:35:37: ISAKMP: encryption DES-CBC 02:35:37: ISAKMP: hash MD5 02:35:37: ISAKMP: default group 1 02:35:37: ISAKMP: auth pre-share 02:35:37: ISAKMP (0:2): atts are acceptable. Next payload is 0 02:35:37: ISAKMP (0:2): SA is doing pre-shared key authentication using id type ID_IPV4_ADDR 02:35:37: ISAKMP (0:2): sending packet to 100.100.100.249 (R) MM_SA_SETUP 02:35:38: ISAKMP (0:2): received packet from 100.100.100.249 (R) MM_SA_SETUP 02:35:38: ISAKMP (0:2): processing KE payload. message ID = 0 02:35:38: ISAKMP (0:2): processing NONCE payload. message ID = 0 02:35:38: ISAKMP (0:2): found peer pre-shared key matching 100.100.100.249 02:35:38: ISAKMP (0:2): SKEYID state generated 02:35:38: ISAKMP (0:2): processing vendor id payload 02:35:38: ISAKMP (0:2): speaking to another IOS box! 02:35:38: ISAKMP (0:2): sending packet to 100.100.100.249 (R) MM_KEY_EXCH 02:35:38: ISAKMP (0:2): received packet from 100.100.100.249 (R) MM_KEY_EXCH 02:35:38: ISAKMP (0:2): processing ID payload. message ID = 0 02:35:38: ISAKMP (0:2): processing HASH payload. message ID = 0 02:35:38: ISAKMP (0:2): SA has been authenticated with 100.100.100.249 02:35:38: ISAKMP (2): ID payload next-payload : 8 type : 1 protocol : 17 port : 500 length : 8 02:35:38: ISAKMP (2): Total payload length: 12 02:35:38: ISAKMP (0:2): sending packet to 100.100.100.249 (R) QM_IDLE 02:35:39: ISAKMP (0:2): received packet from 100.100.100.249 (R) QM_IDLE 02:35:39: ISAKMP (0:2): processing HASH payload. message ID = 1758794445 02:35:39: ISAKMP (0:2): processing SA payload. message ID = 1758794445 02:35:39: ISAKMP (0:2): Checking IPSec proposal 1 02:35:39: ISAKMP: transform 1, ESP_DES 02:35:39: ISAKMP: attributes in transform: 02:35:39: ISAKMP: encaps is 1 02:35:39: ISAKMP: SA life type in seconds 02:35:39: ISAKMP: SA life duration (basic) of 3600 02:35:39: ISAKMP: SA life type in kilobytes 02:35:39: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 02:35:39: ISAKMP: authenticator is HMAC-MD5 02:35:39: ISAKMP (0:2): atts are acceptable. 02:35:39: ISAKMP (0:2): IPSec policy invalidated proposal 02:35:39: ISAKMP (0:2): phase 2 SA not acceptable! 02:35:39: ISAKMP (0:2): sending packet to 100.100.100.249 (R) QM_IDLE 02:35:39: ISAKMP (0:2): purging node -1391497798 02:35:39: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 100.100.100.249 02:35:39: ISAKMP (0:2): deleting node 1758794445 error FALSE reason IKMP_NO_ERR_NO_TRANS DEBUG INFORMATION IN (Rc) 02:28:20: ISAKMP: received ke message (1/1) 02:28:20: ISAKMP: local port 500, remote port 500 02:28:20: ISAKMP (0:1): beginning Main Mode exchange 02:28:20: ISAKMP (0:1): sending packet to 100.100.100.170 (I) MM_NO_STATE 02:28:20: ISAKMP (0:1): received packet from 100.100.100.170 (I) MM_NO_STATE 02:28:20: ISAKMP (0:1): processing SA payload. message ID = 0 02:28:20: ISAKMP (0:1): found peer pre-shared key matching 212.64.161.170 02:28:20: ISAKMP (0:1): Checking ISAKMP transform 1 against priority 1 policy 02:28:20: ISAKMP: encryption DES-CBC 02:28:20: ISAKMP: hash MD5 02:28:20: ISAKMP: default group 1 02:28:20: ISAKMP: auth pre-share. 02:28:20: ISAKMP (0:1):
BGP and Select path for a AS [7:36947]
Hello, (English) I have two connections for two diferents Carriers (Carrier A and Carrier B), at present for access to the ASx the BGP protocol route this path for Carrier A and I would like route this ASx ALWAYS for Carrier B. Is it possible ? How to configure ? (Espaqol) Yo tengo 2 conecciones a internet por 2 carriers diferentes (carrier A y carrier B), actualmente para acceder al ASx el BGP me enrouta por el carrier A pero me gustarma que me enrutara ese ASx SIEMPRE por el carrier B, es posible configurar eso? y como se hace ? Sincerely -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=36947t=36947 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Trunk Port and multi-VLAN port [7:35859]
Ok, I will be more specific Let's see, I have 3 Catalyst 3524 XL configuration Catalyst 1: int f0/1 - trunk port with Catalyst 2 int f0/2 - trunk port with Catalyst 2 int f0/3 - trunk port with Catalyst 3 int f0/4 - trunk port with Catalyst 3 int f0/5 - vlan 1 int f0/6 - vlan 2 int f0/7 - I need vlan 1 and vlan 2 FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Trunk Port and multi-VLAN port [7:35859]
Ok, but if my device is a router cisco with only 1 interface ethernet example (Cisco 827). What is the solutions? I Install GigaStack module for interconnect Switch and so to eliminate trunk port and I can hability mode multi. -- -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Christopher Supino escribis en el mensaje [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... Alfredo, There is one important difference. A multi vlan port strips the tags from the frames it passess for each vlan and a trunk port leaves the VLAN tags intact. So it really depends on what you are attempting to accomplish here. Can you be more specific? Christopher Supino CCNP, CCDP, MCSE, CNA5, ASE Senior Network Design Engineer -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of MADMAN Sent: Tuesday, February 19, 2002 11:49 AM To: [EMAIL PROTECTED] Subject: Re: Trunk Port and multi-VLAN port [7:35859] To what are you conecting the multivlan port? Since a trunk is by definition multiple VLANs can you set up all the ports as trunks? Dave Alfredo Pulido wrote: Hello , I have a problem, I have 3 Catalyst 3524XL EN, but I need enable Trunk Port and Multi-Vlan in various Interfaces. I had read in Cisco Documentation that is not possible You cannot configure a multi-VLAN port when a trunk is configured on the switch. referents Chapter 5 Creating and Maintaining VLANs. My questions is, How could I to solve this problem? I will need install a GigaStack module or something 1000Base-X GBIC module for eliminate trunk port. Sincerely -- -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- -- David Madland Sr. Network Engineer CCIE# 2016 Qwest Communications Int. Inc. [EMAIL PROTECTED] 612-664-3367 Emotion should reflect reason not guide it [GroupStudy.com removed an attachment of type text/x-vcard which had a name of Christopher Supino ([EMAIL PROTECTED]).vcf] Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35939t=35859 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Trunk Port and multi-VLAN port [7:35859]
Hello , I have a problem, I have 3 Catalyst 3524XL EN, but I need enable Trunk Port and Multi-Vlan in various Interfaces. I had read in Cisco Documentation that is not possible You cannot configure a multi-VLAN port when a trunk is configured on the switch. referents Chapter 5 Creating and Maintaining VLANs. My questions is, How could I to solve this problem? I will need install a GigaStack module or something 1000Base-X GBIC module for eliminate trunk port. Sincerely -- -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35859t=35859 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Trunk Port and multi-VLAN port [7:35860]
Hello , I have a problem, I have 3 Catalyst 3524XL EN, but I need enable Trunk Port and Multi-Vlan in various Interfaces. I had read in Cisco Documentation that is not possible You cannot configure a multi-VLAN port when a trunk is configured on the switch. referents Chapter 5 Creating and Maintaining VLANs. My questions is, How could I to solve this problem? I will need install a GigaStack module or something 1000Base-X GBIC module for eliminate trunk port. Sincerely -- -- Alfredo Pulido [EMAIL PROTECTED] Dept. Sistemas, IdecNet S.A. Juan XXIII 44 // E-35004 Las Palmas de Gran Canaria, Las Palmas // SPAIN Tel: +34 828 111 000 Fax: +34 828 111 112 http://www.idecnet.com/ -- Message Posted at: http://www.groupstudy.com/form/read.php?f=7i=35860t=35860 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Free t-shirt
Hi to all, I'm sorry but my english is not very well. In this URL you can to win 1 free t-shirt www.cisco.com/es/DSLeDM (the page language is spanish.OK) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Free t-shirt (STEPS)
Hi Jim Dixon and people [EMAIL PROTECTED] STEP for to win free t-shirt 1.- You need Real Player o Windows Media Player 2.- You choice connection type (28.8K, 56K , 100K or faster) 3.- Now you need register user. Put If you have user and password for Seminars Online in Cisco, you put this else you put an user NOT REGISTERED, Example: User: 1234 Passwor: 1234 and click in "Continúe" The user "1234" is not registered. OK 5.- In the new windows you click in link "pulse aquí para registrarse.". 6.- Now you put the user and password to register. 7.- If you don't have the Real Player or Windows Media Player, you can download now. If you have this test the software. 8.- Put in "Continua" 9.- Now you complet the form and click in "Continua" 10.- We are now in the page step 2 and repeat choice step 3. 11.- In the new window you click link "Evaluacion". 12.- You complet the form and click in "Entregue el formulario de evaluación", and FINISH. I Waiting you understand me. Best Regards. Alfredo Pulido Jim Dixon wrote: Hola Alfredo, Could you tell the groupstudy.com group where it might register for the seminar, por favor? The link you posted, takes you to a page that lets you click on another link which asks you for a registration and a username for the seminar. Que es el nombre de usuario y contraseña? Gracias Amigo. Jim Mi español es solamente tan bueno como su inglés? Well you can see it's in need of improvment. :) -Original Message- From: Alfredo Pulido [mailto:[EMAIL PROTECTED]] Sent: Monday, January 22, 2001 3:28 AM To: [EMAIL PROTECTED] Subject: Free t-shirt Hi to all, I'm sorry but my english is not very well. In this URL you can to win 1 free t-shirt www.cisco.com/es/DSLeDM (the page language is spanish.OK) _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Disconnecting ISDN
Too, isdn disconnect interface To disconnect an ISDN data call without bringing down the interface, use the isdn disconnect interface command in privileged EXEC mode. isdn disconnect interface interface {b1 | b2 | all} Syntax Description interface Interface type and number, such as bri 0. b1 B channel 1. b2 B channel 2. all B channels 1 and 2. http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/dial_r/drdrisla.htm#xtocid47610 SAMPLE -- isdn disconnect interface bri 0 b1 Alfredo Pulido CCDA, preparing CCNA ¡¡¡MERRY CHRISTMAS !!! FOR ALL FROM CANARY ISLAND (SPAIN) Herold Heiko wrote: Clear the whole bri or the subinterface concerned, clear int bri 0 or clear int bri 0:2 Heiko -- -- PREVINET S.p.A.[EMAIL PROTECTED] -- Via Marocchesa, 14 ph x39-041-5907073 -- I-31021 Mogliano V.to (TV) fax x39-041-5907087 -- ITALY -Original Message- From: Hans Stout [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 21, 2000 9:45 AM To: [EMAIL PROTECTED] Subject: Disconnecting ISDN Hello colleagues, do you know if there is an IOS command that allows to disconnect an ISDN call ? So far, I usually shutdown the BRI to disconect the call, but I have a feeling there might be an easier way. Thanks for your help in advance. Georg Pauwen ___ __ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] _ FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]