Cisco VPN :: Strange Syslog Entries After VPN Tunnel Stops Working 892s
Dec 15, 2011
I have a VPN tunnel between two 892s. When either ISAKMP or IPSec SA lifetime expires tunnel stops processing traffic. However nothing is logged in the syslog. But when I enable debug crypto isakmp error and debug crypto ipsec error following entries appear:
ISAKMP:(0):Can't decrement IKE Call Admission Control stat outgoing_active since it's already 0
ISAKMP:(2041):R-U-THERE-ACK sequence number 0x63D809BB does not correspond to expected value 0x63D809BC
%CRYPTO-4-RECVD_PKT_INV_SPI: decaps: rec'd IPSEC packet has invalid spi for destaddr=XX.XX.XX.XX, prot=50, spi=0x3560099E(895486366), srcaddr=YY.YY.YY.YY, input interface=GigabitEthernet0
ISAKMP:(2043): IPSec policy invalidated proposal with error 4
Is this a bug? IOS is Cisco IOS Software, C890 Software (C890-UNIVERSALK9-M), Version 15.1(2)T2, RELEASE SOFTWARE (fc1)
View 2 Replies
ADVERTISEMENT
Dec 14, 2011
I've replaced real networkID to the one mentined below.
Topology: classical IPSec VPN tunnel between two Cisco 892s, with pre-shared key and no GRE. One 892 (branch_892) has access to the Internet via PPPoE and has three networks/vlans behind it. One VLAN is NATed to access internet via the PPPoE. Access to two other VLANs - VL92 (100.100.200.0/24) and VL93 (100.100.100.0/24) need is done thrue the VPN tunnel.
Second 892 (892_DC) has just one interface - WAN on Gigabit enabled/connected and has a static route to the default GW. It does not have any interal network defined. So the router is strictly used to send traffic for VL92/VL93 to the branch 892 via IPSec tunnel.
Here is the problem: access to/from VL93 (100.100.100.0/24) works, however for VL92 (100.100.100.0/24) - does not.
From devices in VL92 I can ping the 892_DC IP address across the VPN tunnel. From the 892_DC router I can also ping devices in VL92. However I can no ping from VL92 any device beyond the 892_DC and at the same time packet arriving on 892_DC for VL92 are not sent out via the VPN tunnel.
I took the packet trace on 892_DC using capture point/buffer to capute packets for VL92 and could see that traffic does arrive at the 892_DC. I run the same capute on Branch_892 and there was not a single packet.More interesting I modified the access list such a way that left on VL92 and still - no packets are sent out thru the tunnel. [code]
View 5 Replies
View Related
Mar 13, 2011
Is it possible for a Cisco ASA 5580 to create Syslog entries when someone connects via HTTPS or SSH to it. I need to obtain information from Syslog when someone does this.
View 5 Replies
View Related
Mar 6, 2012
I am having a very strange issue on LMS 3.2
The problem is that the syslog collection suddently stops receiving logs and writing them into the syslog.log file
I have checked the following:
- Packet sniff to make sure that logs are being received on the server's NIC interface
- Checked the UDP port 514 is bound to the crmlog process.
- Checked the crmlog is running.
When i restart the server, the syslog connections works for a week or two and save the received logs in the syslog.log file, but after that it suddenly stops collecting log again, all the above points stays valid (service running, UDP Port...)
I have attached the LMS's modules versions installed on the server.
View 1 Replies
View Related
Feb 4, 2013
We have 2 Hubs (Cisco 7200 - 2 for redudancy). Every customer have a Spoke (Cisco 881). The Spokes are 24/24 connected to the 2 hubs (2 dmvpn tunnels) to give us the access to our equipments of monitoring and for support. Every Spoke have a NAT table with a specific NAT range for every Spoke. Like this we can reach every devices with a unique IP inside the VPN.For example:
- Spoke_001 have a NAT IP range of 10.80.0.0 255.255.254.0
- Spoke_002 have a NAT IP range of 10.80.2.0 255.255.254.0
...
To connect to the hubs with our laptops, we are using the Cisco VPN client. We have different profiles created in the hubs:
- Admin profile with an ACL that allow the connectivity to every Spoke
- Integrator profiles: that allow the connectivity of one integrator to some defined Spokes.
So the integrator profile looks like this in the hub
crypto isakmp client configuration group [NAME]
key [PASSWORD]
domain [DOMAIN]
pool [NAME]
acl [NAME_VPN_Split]
[code]....
The problem is that if we can't summarize an ACL in less than 50 lines, we will have to create a second profile and to know wich one to use for wich network...
Version:
ROM: System Bootstrap, Version 12.3(4r)T3, RELEASE SOFTWARE (fc1)
BOOTLDR: 7200 Software (C7200-KBOOT-M), Version 12.3(15), RELEASE SOFTWARE (fc3)
System image file is "disk2:c7200-advsecurityk9-mz.151-4.M2.bin"
View 3 Replies
View Related
Feb 6, 2013
I have a 6509 on my network and also have LMS4.1 for management. My 6509 is listed in my lms as a device. The config is in LMS. But I am not getting any syslog messages in LMS for my 6509. I have logging turned on and I have my LMS server listed in the config using the logging IP address command. What could be missing that would prevent the syslog messages from showing up in LMS. I have other devices that send syslog messages fine.
View 2 Replies
View Related
Aug 4, 2011
I have created an L2L tunnel between my self and a 3rd party. I am using a Cisco ASA 5520 and the other end is using a Cisco 3005 VPN concentrator. The tunnel will get established and pass traffic both ways for a little while, it varies, sometimes 1 hour or last time we built it it was working for 17 hours, but at some point my ASA will stop transmitting but it will still be receiving packets. These errors start to show up when I look at the traffic going through my ASA interfaces:
713042 IKE Initiator unable to find policy: Intf Outside, Src: 192.168.xx.16, Dst: 10.1.xx.30
Then when I try to ping their hosts .30 and .27 I get:
713041 Group = 68.23.xx.xx, IP = 68.23.xx.xx, IKE Initiator: New Phase 2, Intf private, IKE Peer 68.23.xx.xx local Proxy Address 192.168.xx.16, remote Proxy Address 10.1.xx.30, Crypto map (Outside_map)
713041 Group = 68.23.xx.xx, IP = 68.23.xx.xx, IKE Initiator: New Phase 2, Intf private, IKE Peer 68.23.xx.xx local Proxy Address 192.168.xx.16, remote Proxy Address 10.1.xx.27, Crypto map (Outside_map)
713050 Group = 68.23.xx.xx, IP = 68.23.xx.xx, Connection terminated for peer 68.23.xx.xx. Reason: Peer Terminate Remote Proxy 10.1.xx.27, Local Proxy 192.168.xx.16
When I first configured this tunnel it was with 3DES and SHA for phase 1 & 2, but when the tunnel would come up my phase 1 would negotiate to an MD5 hash, even though I specifically entered SHA, so me and the 3rd party decided to bring all the hashes for phase 1 & 2 down to MD5, and that was when it was up for the longest, but the problem still came back eventually. My ASA config posted below:
ASA Version 8.2(3)
name 192.168.xx.16 Server description Server
name 10.1.xx.27 XYZ_01
name 10.1.xx.28 XYZ_02
name 10.1.xx.29 XYZ_03
[code].....
View 1 Replies
View Related
Jul 7, 2012
Add the ability to send syslog events to multiple syslog servers in the SA500 Series routers. I know the functionality is currently in the RV220W because we utilized it. It would be great if you could configure the syslog servers by event type as well. For example, being able to send the kernel events to syslog server A, and all other events to syslog server B.
View 0 Replies
View Related
Jan 15, 2012
Recently i have upgraded the IOS of ASA5550 (in HA mode) to 8.4.2 from 8.0.5, after OS upgrade we found that the syslog from thses firewalls are not getting captured/transfered to centralised syslog server. The server is reachable from the firewalls.
View 3 Replies
View Related
Apr 24, 2013
i have a 876 Router, connected to the Internet and a VPN. From inside i would like to pass all traffic destinied to 192.168.0.0 255.255.255.0 to the VirtualPPP IF and al the other to the Internet (vlan2) I have created this rule, but after applying ist works only for about 30 to 60 seconds. after that only the Internet reachable. Everytime i do a clear ip nat trans * both Interfaces will work für 30 to 60 secs again...
This is the relevant part of the cfg
ip nat inside source route-map Di1 interface Virtual-PPP1 overload
ip nat inside source route-map VLAN1 interface Vlan2 overload
!
access-list 1 remark CCP_ACL Category=2
[Code].....
View 5 Replies
View Related
Mar 5, 2012
I have a cisco asa 5010 where, during the process of configuring, the outside ports become down/down. The /0 port won't even reactivate after cycling power on the unit.Port /1 is the inside interface and it is not affected by the problems.I switched the outside port to port /3 and it worked for awhile then it stopped working. I switched it to Port /2 and the same thing.Port /2 and Port /3 are on after a power recycle but shut down completely (down/down) during the reconfiguration. It seems like a hardware failure, but I'm wondering if it could be anything else.
View 4 Replies
View Related
Jul 19, 2012
I recently setup a site to site vpn between a asa 5510 and router 1921. It was working great all night and this morning. When traffic stopped rolling through for a few hours the tunnel shutdown. I checked the router using cisco configuration and tells me the tunnel is up. When I check the asa it does not show up in the active tunnels. Any know what would cuase it to drop? and if so what can I do to avoid it.
View 6 Replies
View Related
Jun 8, 2011
i've an Cisco ASA 5510 with Security Appliance Software Version 8.0(2), in this ASA i've many L2L tunnels to this ASA, anda sometims new tunnels can't connect, the older tunnels still ok and working, yesterday this situation occured again and i've tried to clear all ipsec tunnels and try to reconnect again no one cames up again. At the time of this situation memory usage was about 78% and CPU is was around 5%. I've made a reload without changes and the situation returns to the normality.
At the time of the fail i've collect the outpu from debug crypto isakmp 255, the outpu was in the annexed file.
View 1 Replies
View Related
Feb 5, 2013
I find are steps to turn on SSH access. I have quite a few customers with ASA5510's installed. SSH is set up and working fine on every one. After a period of time, you are no longer able to SSH into the firewall. Using Putty, it just sits there on a blank screen without giving a "denied access" message or a login prompt. Rebooting the firewall will solve the issue and SSH access works again. Today, I had a customer with and active/standby configuration where I had to reboot both of them to be able to log in. Most of my customers are on 8.2.software as most don't want to reconfigure for the new NAT, etc.
I'm sure others have seen this before since it appears to be occuring on almost every ASA that I have access to. Is there any fix to eliminate this or is there something that can be run from the ASDM that will grant SSH access again without just doing a reboot?
View 4 Replies
View Related
May 17, 2011
I have a problem with configuring brach router 891 (with IOS v15.0(1)M).I want to connect to HQ via EasyVPN connection (split-tunnel) and allow the local traffic to go directly to the Internet via NAT (PAT).When the VPN connection goes up, NAT stops working and NAT translations don't appear in show ip nat translations. When the VPN connection goes down, NAT begins to work again.
View 1 Replies
View Related
Mar 8, 2013
I have a Asus n55s. The wireless acts very funky. It sometimes disconnects and stops working. Sometimes, it will stop detecting any nearby wireless networks altogether. Then I have to enable and disable the wireless functionality until it starts seeing nearby wireless networks.
View 9 Replies
View Related
Feb 5, 2013
I've been having this problem with my laptop's wifi for a while now and it's been getting a little out of hand lately that I can't deal with it anymore. I asked some friends and they seem to have the same problem too but not nearly as often as I do. Every so often, my laptop's wifi just stops working so I turn it off and then turn it back on and it starts working again. My friend says it happens very rarely to him but for me just today it happened 2 times within 10 minutes
View 7 Replies
View Related
Oct 14, 2011
I'm having is that every few hours my TCP/IP protocol stops working. The modem lights remain normal but I can't connect to anything. The only thing that works on the internet is traceroutes at the command prompt which function normally. The solution is that I have to reboot and then everything returns to normal until a few hours later when it happens again. There are no error messages on any of my browsers. The page just goes white immediately. When I try to retrieve my email, I get a message about the TCP/IP isn't working.
View 9 Replies
View Related
May 2, 2012
I've got the same problem on my wife's Acer One 532h. Did it get resolved for you, Adrian and if so, how?
View 5 Replies
View Related
Mar 23, 2011
On Windows XP, my integrated NIC stops working after hosting a server. The server starts fine, ports are forwarded, firewall is down, modem is fine, but when I receive a connection, it shows they have made a connection, but then they drop, as do I. I can't browse or ping anywhere. I have to physically disconnect, then reconnect the ethernet cable to the port, or restart the computer. Upon ipconfig, the adapter is set with the Windows default ip (169.x.x.x) and cannot be /release'd or /renew'd.
View 10 Replies
View Related
Mar 4, 2012
It's fairly hard to explain what happens but basically, say I'm playing some type of online game, all of a sudden anything server sided such as HP amounts, damage amounts, etc. just disappears but the animation runs fine such as attacking being hit, etc. All of a sudden it'll jump forwards and I'll take any damage and do any damage that had been happening until the issue started. This happens constantly and it's really frustrating but on top of that my internet will slow to a crawl..Say I'm trying to send a message on Skype, it won't send for the longest time and I won't be able to recieve any or even open a new webpage until the problem fixes itself.'ve looked around a bit and thought I fixed the issue, I'm on wifi and multiple devices are connected but not always in use, and the forum I found suggested an ip conflict and said to open up command prompt release the ip with ipconfig /release and then renew it with ipconfig /renew.
View 3 Replies
View Related
Mar 22, 2012
Once every couple of days the wireless service seems to disappear. I've connected to the router from a wired computer and everything looks ok from the d-link panel, however its not showing up as an available wireless network on the wireless units. Pulling the power off for 30 seconds tends to get it working again. I'm configured bg and n. I need a mix... an old B laptop, have one machine that has a G NIC, and the rest are N.
View 14 Replies
View Related
May 2, 2011
After buying a new WNDR370. Sporadically and seemingly without any cause my internet will stop working. Diagnostic will always report it as "DNS Server is not responding." I've also discovered that if I enter my router settings and even just switch the DNS settings from Auto to manual or vice versa the problem corrects itself instantly-then next time it happens I just need to do it again.
I've already tried resetting my entire network and rebuilding the recommended way. Modem, Router, then computers-connecting each only after the prior has finished initializing. Hasn't worked though.
Currently I have my main rig connected directly to the modem to try and find out if I experience the problem at all this way, this is a pain in the ass though, and I don't know when long enough is long enough as the issue is completely random and simply just may not happen.
View 10 Replies
View Related
Mar 5, 2012
I have an EuroDOCSIS 3.0 cable modem from UPC Romania. It's a Cisco EPC3925, wireless modem.
My problem is that most of the time (like 80% of the time) when someone is starting or closing a PC that is connected using a wire, the whole internet crashes (wired PCs get a ! sign and the internet stops working and wireless PCs are getting disconnected completely from the network being unable to reconnect). This is solved by restarting the modem (unplugging/replugging it) or waiting for it to reconnect. I want to mention that during this process the modem lights show that everything is ok and nothing special happens.
First of all I called UPC technical support and the man there said that I should try to disable the firewall from the modem (which I had disabled already), if it won't work then to try to reset the modem to the factory settings (as I was thinking to do - because I configured the settings as I wished) and if this won't work then calling them back to change the modem.
I tried to reset to the factory settings and that didn't work at all after running tests over one week. After that I called UPC and they said that the modem is for sure the problem, they sent a technician (today) who also said that the modem is the problem. Ok ok, the technician replaced it and everything seemed to be good.
30 minutes ago my father started his PC and what should I see? Bam, internet crashing. 5 minutes ago i closed as well my PC and what should I see? The internet crashing again.
View 19 Replies
View Related
Mar 3, 2013
My Cisco 871w still stops working once a week.Today I found it frozen, after the weekend, and I have executed few commands from the HyperTerminal .The commands were given by cisco coleagues in previous post :show logshow ip int briefshow interfaces counters errorsshow interface FastEthernet1show interface FastEthernet1 statshow interface FastEthernet1 summaryshow interface FastEthernet1 switching
View 4 Replies
View Related
May 11, 2012
I have setup a Cisco SR520W and everything appears to be working. After a few hours, it looks like the WAN port stops forwarding traffic to the Internet gateway IP of the device.If I unplug and then plug in the network cable connecting the WAN port of the SR520W to my the modem, traffic startings flowing again. Also, if I restart the SR520W, the traffic will flow again.
View 1 Replies
View Related
Jan 3, 2012
I have a PIX 515e (8.0 (2)) and 1841 router (12.4(25)).I had the following setup working without issue:
[Internet] <-----> PIX <-----> 1841 <-----> [LAN]
I then tried to introduce VLANs and now I can not reach the Internet from the LAN. It seems that no nat translations are taking place.
-I can successfully ping the LAN from the PIX.
-I can successfully ping the Internet from the PIX.
-I can successfully ping the PIX inside_lan interface from the router
-I can not ping the outside interface from the router
-I can not ping the Internet from the router
I introduced the LAN side VLAN first and everything still worked. However, once i introduced the VLAN between the router and PIX, things have broken down. [code]
View 2 Replies
View Related
Jun 14, 2011
I have two Cisco ASA 5520's running software version 8.2(2) set up in a HA pair. The L2L vpn is set up and works as expected between this site and another. The issue is that every few months, one subnet of the VPN, the same one all the time, stops forwarding/receiving traffic. The device in the remote location is not a Cisco device but I am certain the issue lies with the ASA as when I fail over to the slave device the VPN works again, failing back again however stays with the subnet still not passing traffic. I need to reboot the device before it starts forwarding traffic on the subnet again.
View 3 Replies
View Related
Feb 10, 2013
My computer runs bit torrent almost all the time, sometimes when I start Firefox the home page google never loads and neither do any other web pages yet bit torrent is still working as if nothing has changed. If I start a download in Firefox come back to the pc a few hours later Google doesn't load but the Firefox download still continues.What causes this is it DNS ?
View 2 Replies
View Related
Mar 11, 2011
My internet (wired and wireless) usually works fine, but occasionally (read: every few days to weeks) the connection will suddenly black out for a period of time, anywhere from an hour to a day. I have tried resetting both my router and modem, and going through all the settings on my laptop, but I'm pretty sure it's not my computer, as no other devices can connect either. During the blackouts, when I look at the modem, the internet light will turn on for a second, then go off and then the red "alarm" light (aka "something is wrong" light) starts blinking like crazy, and this keeps repeating. This resolves itself after anywhere from a few hours to a whole day and everything is normal again. The light show, and the fact that I can't find any other problems, leads me to believe that it could be a problem with my provider (or the network itself) and not a hardware or software problem, but I can't be sure of this.Also, during the blackouts, I can connect to the network, but it shows that limited connectivity symbol (exclamation mark thing) and says no internet.
View 5 Replies
View Related
Jul 17, 2011
I have a problem with a wireless adaptor on a Toshiba Tecra (A11-1EE - PTSE0E-065052EN) running Windows 7.The wireless adaptor works fine but every now and again it will just stop working. The operating system says that the adaptor is turned off but it isn't. I've checked the driver but it is up to date.I have to disable the driver and then enable it again and then the adaptor begins to work correctly again.
View 4 Replies
View Related
Jun 17, 2012
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft� Windows Vista� Home Premium, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) Processor LE-1660, x64 Family 15 Model 127 Stepping 2
Processor Count: 1
RAM: 2045 Mb
Graphics Card: NVIDIA GeForce G210, 512 Mb
Hard Drives: C: Total - 292284 MB, Free - 43340 MB; D: Total - 12958 MB, Free - 1819 MB;
Motherboard: PEGATRON CORPORATION, NARRA5
Antivirus: AVG Internet Security 2012, Updated and Enabled
So here's my setup:Computer A is connected directly to a cable modem box via USB. Computer B (which is sometimes a laptop and sometimes a desktop) is connected to Computer A and shares its internet connection via Ethernet because I am too cheap to buy a router.A few days ago we borrowed a Belkin wireless router so we could have both desktops, the laptop, and my fiance's iPod Touch access the internet at the same time. That worked fine but once we returned the router and tried to put everything back to normal, it didn't work. The only computer able to access the internet is Computer A (or whichever one is directly connected).I tried resetting the modem and restarting both machines. I tried disabling all of the connections that showed up from using the router.Windows states that the IP isn't properly configured or something of that nature. I tried setting it to automatically set the IP but to no avail.Here is the part that really confuses me - I can access Computer B from Computer A via LAN using the ethernet cable, so the connection between the two computers is fine.
View 4 Replies
View Related
Feb 22, 2012
I have a Comcast Motorola Surfboard rental modem. It works fine, great speeds etc etc. It has no router or bridge support.
I use this modem to connect to the web on my ps3 and PC. What I have been doing is simply unplugging the ethernet cord from one device, and putting it in the other device to switch. But of course things can't be simple...
Every time I switch devices, the modem tries to reconnect and does a cycle where every time it only reaches the "Send" light. So I have to power cycle my modem and wait about a half hour before my connection resumes...
I read something about PPPoE, but Comcast doesn't even use it so that won't work.
View 2 Replies
View Related
