Cisco VPN :: ASA 5505 Is Reporting Lots Of 402120 Message?
Jan 1, 2013
We have 2 ASA 5505 located in head office (173.212.xxx.xxx) and remote site (50.34.xxx.xxx) and site-to-site VPN has been established between them.everything is fine but the ASA in head office keeps reporting below 402120 syslog message.
4 Jan 02 2013 12:30:34 402120 50.34.xxx.xxx 173.212.xxx.xxxIPSEC: Received an ESP packet (SPI= 0x384E1C57, sequence number= 0x2AE77) from 50.34.xxx.xxx(user= ) to 173.212.xxx.xxx that failed authentication.
Even though, VPN tunnel is not dropped.
View 2 Replies
ADVERTISEMENT
Sep 10, 2011
How to fix our LMS 4.0 high CPU issues?. It takes lots of resources and also some time stop responding.
View 7 Replies
View Related
Jan 7, 2013
In troubleshooting another issue I set up another SG300 on the same VLAN as my SG300-28P and then setup a Monitor Port on it to see what Broadcasts I was getting.
Low and behold the SG300-28P is sending out quite a few Broadcast Packets. Most of them are the same, ARP Request for its Default Gateway Address. Others are for a few other AD Servers on our network.
Arp Entry Age Out is set to the default of 600000 with "Normal Age Out" selected. Though in a few minutes of logging Packets, there were almost 7,000 broadcasts from it for the its Gateway Address. The Gateway Address that it has is the IP of a Cisco ASA 5510. Is there some TTY on the ARP entry like DNS?
This is the Wireshark Packet. The Frame check sequence is Bad, what can cause that?
No. Time Source Destination Protocol Length Info 1737 67.457763000 Cisco_a9:93:84 Broadcast ARP 64 Who has 10.1.0.3? Tell 10.1.2.3 [ETHERNET FRAME CHECK SEQUENCE INCORRECT]
Frame 1737: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0 Interface id: 0 WTAP_ENCAP: 1 Arrival Time: Jan 8, 2013 14:44:06.952611000 Pacific Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1357685046.952611000 seconds [Time delta from previous captured frame: 0.000106000 seconds] [Time delta from previous displayed frame: 0.000106000 seconds] [Time since reference or first frame: 67.457763000 seconds] Frame Number: 1737 Frame Length: 64 bytes (512 bits) Capture Length: 64 bytes (512 bits) [Frame is marked: True] [Frame is ignored: False] [Protocols in frame: eth:arp] [Coloring Rule Name: ARP] [Coloring Rule String: arp]Ethernet II, Src: Cisco_a9:93:84
[code]....
View 6 Replies
View Related
Apr 20, 2011
I noticed a TON of random devices showing up in my Network within Windows 7. When I say a ton, I mean 739! I am not computer illiterate, but definitely not a pro. My router is WEP password protected, so I'm not sure on earth is going on here. I thought maybe I had a torrent program open that could be affecting this somehow, but I don't..
View 6 Replies
View Related
Nov 20, 2012
My camera uses Lots of data without anyone viewing the camera.I have it connected to a mobile data limited subscription with 2Gb of transfer each month. When traffic goes over it will limit bandwidth to 64 kbit/s.
After I connected the camera my data usage rise very high and just in a day or two the 2Gb limit was reached.The speed was then decreased to 64 kbit/s. And the next 3 weeks until my limit was reset the total data usage was up to 4Gb.That means that in 3 weeks 2Gb data was sent from the camera in only 64 kbit/s.How could this be?I have motion detection on that will email me images, that gives me some false positives some days with sun and shadows. But that should add up to a few Mb as maximum for a month.
I also have remote power on/off on this specific camera. I have now turned it off and the sent data from my modem has stopped.WHERE does the D-link camera stream live to? It's password protected and no one except me has the password.I can't see open sessions in my router (Dovado 4GR) and my mobile broadband supplier (Telenor) can not see where the data is transferred.But the camera is sending data somewhere, WHY? and how can I turn that off?
View 10 Replies
View Related
May 15, 2013
I have a Dell Studio PC with a Dell Wireless 1397 WLAN Mini-Card. OS is Windows 7 with SP1. Intel Core 2 Duo T5800 2.00 GHz
In general I have no problems with my WIFI with simple browsing and most of my routine activities online. But any time I stream video (like youtube), music or download a large file, my WIFI spontaneously turns off. I need to either restart the computer or put the computer to sleep/wake it up for the WIFI to work again.
I have the latest drivers for the Wireless card. I scanned the forums and didn't see this problem reported elsewhere. I realize this is an old computer so I may have to install an external wireless adaptor, but I wanted to ask around before doing so.
View 8 Replies
View Related
Jan 31, 2011
Is there any way to get reports on voice utilisation on WAN links so that CAC settings can be proactively managed for each location on our CUCM cluster? Our service provider is advising that this is not possible which means that we rely on customer/staff complaints to recognise where CAC thresholds are being reached. Our preference is to be able to run traffic reports (or the Cisco equivalent) as could be done on our previous (traditional) telephony network and provide additional capacity if and when required BEFORE congestion is reached, thus minimising customer/staff impact.
View 1 Replies
View Related
Sep 27, 2011
Runing the report, "CleanAir > Worst Interferers" and I get this error
The specified criteria did not match any data for the report. Make sure that the following background tasks are running: 1. Interferers
I know there is data that should match up because I can see it on the individual controllers. I checked the background task Interferers and it appears to be working as well but just to make sure I forced the "Execute Now" command but the report still failed.
View 4 Replies
View Related
Jul 31, 2011
WCS is reporting few AP's are not associated with it. While troubleshooting, AP conneceted switch interface shows UP/UP and show power inline output gives IEEE PD instead of AIR-LAP1131AG-E-K, after doing a shut/no shut on AP connected interface. Later after sometime AP comes up.
View 5 Replies
View Related
Mar 6, 2012
I'm currently running Cisco LMS 4.1. I need to see if there is a way in the LMS, either through the menu or via a report, that can give me the V LAN numbers, the description, the IP address, the Interface (SVI) the v LAN is on and the route it takes.
I've searched near and far and haven't come up with anything yet.
View 3 Replies
View Related
Sep 26, 2011
we are running WCS 7.0.164.3 and wonder whether is there any reporting option availabel that can give us daily report on Top 50 or Top 100 APs by client count.
I know that I can look at the client tab under WCS home page and see the top 5 APs by client count on real time.In our environment we have around 700 APs and would like to know by having this kind of report which APs are mostly hit ?
View 5 Replies
View Related
Jan 31, 2011
I have not managed to get the Monitoring to work on the ACS 5.1. This is an eval version. Advanced monitoring and reporting is installed on the ACS. This is my configuration on the Cisco Router
aaa accounting exec default start-stop group tacacs+aaa accounting commands 0 default start-stop group tacacs+aaa accounting commands 1 default start-stop group tacacs+aaa accounting commands 15 default start-stop group tacacs+aaa accounting connection default start-stop group tacacs+
logging origin-id iplogging facility sysloglogging source-interface GigabitEthernet1/1logging host 1.1.1.1 transport udp port 20514
logging monitor informational
epm logging
On the ACS, when I open the dashboard --> ACS health -> I get Status not available.Global Instance under Logging Categories been configured for local logging?
View 4 Replies
View Related
Jan 8, 2011
I just upgraded yesterday to the DIR-655 (ver B1, F/W Ver 2.00NA), and suddenly my sons Xbox 360 complains that the NAT is set to moderate. I'm not really sure what this means, but I've never seen it before and it wasn't an issue with my old router. It pertains to the DIR-655? I did some quick google searches and I've seen lots of different 'solutions' to this issue, but none of them seem to agree with each other and I'd rather not spend and entire afternoon trying one after another given that this router kills my internet connection for a full 20 seconds every single time I make any change.
View 4 Replies
View Related
Apr 27, 2012
We have discovered Nortel/HP C-GbE2 switches on our network are sending spanning tree Topology Change Notifications (TCN). The HP switches only have servers connected and no other switches leading to any other network segment so we are not clear why the switches are sending spanning tree TCNs every second. We do not have a support contract. Can anyone on the Cisco side speak to what's referenced on page 5-6 of the attached document? I found the attached document which talks about diabling spanning-tree (page 5-6) in Cisco environment but wanted to consult with an expert before proceding. Document (Configuring Nortel Gigabit Ethernet Switch Modules for IBM BladeCenter in a Cisco Environment Solution Brief.
View 0 Replies
View Related
Dec 23, 2011
I noticed one awkward thing with the latest 1.0.3.5 firmware for the Cisco Small Business RV220W router, with previous firmwares there has always been reported 128mb of system memory (RAM) under the router dashboard. And several "teardowns" of this router has confirmed it to have 128mb of memory on the router board.
Does that mean the latest 1.0.3.5 has an odd visual bug, or has the RV220W gotten it's memory sliced in half with this firmware release?
View 4 Replies
View Related
Jun 12, 2013
Is there any way to determine how much bandwith users on a particular WLAN (Guest) are using on the 5508 or by any other means?
View 9 Replies
View Related
May 16, 2011
I'd like to know if there is a way to exclude passed authentications for a specific username from reporting in the Authentications-TACACS and Authentications-RADIUS reports?
We have a few usernames that are used in scheduled jobs. We only need to know when they fail authentication, so we don't need to fill up the reports with every passed authentication from these accounts. Can this be done?
View 1 Replies
View Related
Apr 23, 2013
I'm using ASA 5510 and I wondered if we can configure reporting to know the traffic on each interface,the attacks,the vpn connection during a period ( 1 week or 1 month). For the moment, we can see these logs only in 'real time' .
View 1 Replies
View Related
Jan 10, 2013
1) How do you manage your inventory of network equipment from the time you receive a product into inventory to the time you decommission it?
2) How do you make aware the people who manage your network monitoring/reporting software that a device has been added/removed from the field?
2a) How do you notify the people who manage your network monitoring/reporting software of what is to be monitored on a new device in the field? Of a new interface that has been added/removed on an existing device?
2b) How quickly do you notify for 2/2a? i.e. minutes, hours, days, etc.
3) What types of interfaces and resources do you monitor on a network device?
View 3 Replies
View Related
Mar 20, 2011
I have just gotten a new touch phone that has wifi. and i wanna use it through my dlink dir-825 router. My phone is the nexus s with 2.3 andriod OS.The problem is that my phone can see the 2.4 ghz connection it just keeps reporting "deactivated" i did acess other wifi and used the internet over a router. So i know the phone works.
So my question is: 1. Can i make my router ONLY be in 2.4ghz mode, if so, can you link or explain it?
View 7 Replies
View Related
Mar 26, 2012
I am configuring new ACS 1121 appliance with version 5.3 and wanted to know how to configure Remote Database settings in ACS5.3 Is that necessary to configure that option ?
Also one more thing I can see that ACS 5.3 generates lots of logs is there any solution to reduce such logs. It seems many unuseful logs which are system related are getting logged into device which might no be good for memory requirements of device.
View 6 Replies
View Related
Nov 27, 2011
We have a pair of 6509 working in a VSS configuration (IOS 12.2(33)SX5). The 6509s connect to a pair of ASAs (7.2 code) running in an Active/Standby setup. These ASAs in turn connect to routers going to remote sites. I have configured Netflow on the following VLANS,
VLAN 10 - Servers Vlan
VLAN 9 - Transit/ASA VLAN (connects ASAs to 6509s). All traffic originating from any VLAN on the 6509 crosses this VLAN in order to reach remote sites and vice versa
I configured the netflow source VLAN 11 although I am not collecing any netflow from it.Although I have been getting lots of Netflow info, I noticed that netflow for traffic originating from any user VLAN on the 6509s going to any remote site via TRANSIT/ASA VLAN(9) does not get reported, I even tested with 4 GB traffic but no result. Only reverse traffic (i.e. from remote site to user VLAN) is reported as it traverses the Transit VLAN (9).
I read somewhere that egress netflow is not supported in 6500, but isnt traffic originating from a user vlan to a remote site via the transit VLAN (9) considered ingress with respect to the transit VLAN (9)? I would like to know whether bidirectional Netflow is supported on 6500 VLANS. I have mimimum control on routers beyond the ASAs, and since these ASAs run 7.2 code netflow is not supported, and Monitoring this Transit Vlan gives me extremely useful info.
I do get netflow biderectional traffic from the Server Vlan 10, but I think it is correlated by the netflow collector from vlans 9 and 10. [code]
View 9 Replies
View Related
Mar 7, 2012
We are currently trying to installed LMS 4.0 on a VM Ware instance of Windows 2008r2, and getting the error "cannot run name lookup" message when launching the installation. We are launching the Win2008 patch and it asks for the desination of the LMS application then spits out this message.
View 10 Replies
View Related
Sep 4, 2012
why the following message might appear in my router logs where the 192.168.x.x IP address is a PC on the LAN?*Oct 15 02:24:09.313: %CRYPTO-4-IKMP_NO_SA: IKE message from 192.168.x.x has no SA and is not an initialization offer Do PC's send IKE messages? (its a standard user on Win XP, unlikely any additional VPN software on it).
View 2 Replies
View Related
Oct 26, 2011
The message ID I can use to filter VPN clients connecting and disconnecting from the Firewall?
View 1 Replies
View Related
Aug 2, 2011
I’m deploying new images on my switch 2960 24TT L. After installing the new image (c2960-lanbasek9-mz.122-58.SE1.bin) and reboot the switch I have always this error message : “Error loading "c2960-lanbasek9-mz.122-58.SE1.bin"
Interrupt within 5 seconds to abort boot process.
Loading "flash:/c2960-lanbasek9-mz.122-58.SE1.bin"...@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ ”
But the switch still boot well. Why do I have this error message?
View 6 Replies
View Related
Oct 22, 2012
Need to clarify this log message:
*Oct 23 06:20:07 UTC: %FPD_MGMT-3-INCOMP_IMG_VER: Incompatible ROMMON (FPD ID=5) image version detected for 7600-SIP-200 card in slot Detected version = 1.3, minimum required version = 1.4. Current HW version = 2.303.
View 1 Replies
View Related
Oct 17, 2012
In Soft Apliance 4.2.2 I keep up getting diskWatcher Available space message:
It is fresh installation:
[LMS-500/root-ade ~]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/smosvg-usrvol
[Code].....
View 4 Replies
View Related
Nov 12, 2011
I received a syslog message on my cisco 3845 router, what is that message mean. 11 13:36:06.265 UTC: ASSERTION FAILED: file "../les/if_ng_dslsar_tx.c", line 385
View 2 Replies
View Related
Feb 13, 2012
I have installed LMS 4.0, installed the 2008 R2 patch as well. Everything worked with SSL until I did an import from our 3.2 Solaris version. After that, now when I access the application I get a message:
"Forbidden You don't have permission to access / Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request"
I have recreated the certs, reset the casuser, verified the correct prvilieges were set for casuser.
View 8 Replies
View Related
Oct 3, 2012
if the notification that the pw will expire in xx days works in the scenario named in the headline? Anyconnect SSL-VPN (ver 3.1.xxx) terminating on ASA 5510, v 8.4.4, authentication: Radius to ACS 5.3 (over MSChapV2), IdentityStore: MS ActiveDirectory. the Password-Change (if the pw is set to "change at next Logon") is working, even if there is a Bug, too (on the ac-client).
In the tunnel-group password-manegement is enabled and notify is set to the default of 14 days.does the ACS interrupt the notification? I can't see any message in ACS Log or in "debug aaa common 255" or "debug radius" on ASA.
View 3 Replies
View Related
Jul 14, 2011
I'm seeing a lot of these message in my 5520 ASA.
Deny IP spoof from (0.1.0.4) to 0.1.0.4 on interface inside
View 1 Replies
View Related
Jun 24, 2012
LMS installed on Windows 2003. Backup fais with message "Backup failed.ERROR(1297): Fatal error: Database engine 'UPMDbEngine' could not be started on database 'upm' in Bulk mode.."
dbbackup.log attached.
View 9 Replies
View Related
