Cisco WAN :: ASR1004 SSH 2 Sessions Terminating
Apr 24, 2013
I've got a problem with an ASR1004 running "asr1000rp2-adventerprisek9.03.02.00.S.151-1.S.bin".
When I'm performing extended ping tests using a tclsh script i'm geting this error message:
ASR_X1A2#ping 172.27.1.250
% Authorization failed.
When i'm pinging 12 diffrent destinations this happens to about 3 of them.
Checking the logs I found this:
Apr 24 19:42:56.071: %SSH-4-SSH2_UNEXPECTED_MSG: Unexpected message type has arrived. Terminating the connection
In my entire backbone this is happening only in this equipment, I've checked the connection between my ASR and the TACACS and it's OK, no packet loss. CPU and MEM are OK too.
View 2 Replies
ADVERTISEMENT
Apr 14, 2013
I have just got a ASR1004 and try to upgrade it, but, I can not find the instruction, I guess it may just same as other production by copy. but, it is good to see in writing.
View 1 Replies
View Related
Apr 8, 2013
The reason I want to do this is to connect a DSL modem. I'm moving all my networking equipment to my utility room where all the cables come in to the house. All of the phone jacks are wired using Cat5. So, I want to take one of those Cat5 cables and terminate it with an RJ-11 so the modem can dial out.
View 15 Replies
View Related
Apr 1, 2011
If I want to use the command match protocol xxxx when configuring traffic classification for QoS, is necessary to have the following licence?
-FLASR1-FPI-RTU
-Flexible Packet Inspection RTU Feature License for Cisco ASR 1000 Series.
View 1 Replies
View Related
Jan 10, 2011
ISP on each circuit cannot provide more than 3MB, so soon will get three circuit each of 3MB. ISP recommends to terminate all the links on Layer2 switch and have a trunk to the Router. I need all experts opinion on this proposed setup. We currently got 2811 with two GigaEthernet ports. We plan to have three GRE over IPSEC Tunnels (One tunnel for each circuit) to load balance/load Share/redundancy.
View 7 Replies
View Related
Dec 14, 2010
As U know cisco feature for frame-relay is creating mfr link and binding them to physical interfaces I did so but my MFR links doesn't get up?
PS. router is ASR1004
frame-relay switching
interface MFR0 description Virtual FR ---> Serial0/0/0 no ip address encapsulation frame-relay IETF frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 908 interface Serial0/0/0 908!interface MFR1 description Virtual FR ---> Serial0/2/4:0 no ip address encapsulation frame-relay IETF frame-relay lmi-type ansi frame-relay intf-type dce frame-relay route 900 interface Serial0/2/4:0 900
interface Serial0/0/0 (Smart serial interface) description Serial ---> E1 no ip address encapsulation frame-relay MFR1
interface Serial0/2/4:0 (E1 serial interface) description Link ---> S no ip address encapsulation frame-relay MFR0
View 1 Replies
View Related
Sep 27, 2011
We have 2 Cisco ASA 5520 configured as Active/Standby with public IPs 68.171.xxx.xx6 and 68.171.xxx.xx7 respectively.We have 3 different vendors who are trying to access our Data Center. Do I have to have 3 different public IPs for these 3 different vendors? Or, just share the public IPs assigned to our 'Outside' interface?
View 3 Replies
View Related
Jun 30, 2012
Ever since we switched to ASR1004 running XE15.1(2)S1, we have seen that the output of "show ip cache flow" stalls and is super slow to complete. We have a few interfaces with "ip flow ingress" defined. What can be causing this slowness? Any recommendations of commands to speed up the output?
View 1 Replies
View Related
Jan 18, 2011
I need to look at options for terminating multple ADSL2+ circuits in the UK.Is it worth investing in a router to terminate multiple connections? Or do you think I could just use multiple 877 routers connecting to a good core multilayer switch?
View 1 Replies
View Related
Nov 9, 2011
We faced with problem after upgrade ASR from 12(2) 33 XNE2. I know that this is an old XE release but our Radius deny authization from ASR with more new XE version. Here is our radius attribute configuretion:
!
radius-server attribute 44 include-in-access-req
radius-server attribute nas-port format d
radius-server host x.x.x.x auth-port 1812 acct-port 1813 non-standard
[Code]....
How can I add in my configuration that ASR send necesserry NAS-Port-Type - VPDN
I couldn't found out any info ((( for radius-server attribute 61 extended
View 1 Replies
View Related
Mar 7, 2011
I have an ASA 5540 cluster that is configured as my remote access VPN point. Users connect using IPSEC Profiles with Cert based authentication, the profile is configured to query two DHCP servers (infoblox appliance servers).
The problem I am encountering, is that I need to make reservations on the DHCP server for some users for specific business needs. What happens is that the ASA passes the request to the DHCP server with it's own MAC address and not the MAC of the remote host.
Is there any way I can configure the ASA to pass the request using the hosts actual MAC address?
View 1 Replies
View Related
Apr 22, 2012
I have 2 x WS-X4548-GB-RJ45 Catalyst 4500 Enhanced 48-Port 10/100/1000 Base-T (RJ-45) line cards in a 4500 chassis with 2 x WS-C4507R-E E-Series Super visor engines. We would like to create a layer 3 ether channel from a access layer switch terminating on our 4500 chassis. Can we configure the ether channel from the access layer switch such that one port on the ether channel is on one line card and the other one is on the other line card?
View 2 Replies
View Related
Apr 11, 2013
I have an issue with LMS not terminating SSH sessions on the Cisco ACE?
Cisco LMS 3.2
Cisco ACE A2(3.3)
View 1 Replies
View Related
Nov 19, 2012
What is the maximum allowed number of BGP sessions on Cisco platforms sup720 BXL and 7200 G2? Particulaty what are these numbers if BGP sessions are under MPLS vrf (i.e. maximum number of BGP session per vrf?).
View 2 Replies
View Related
Aug 28, 2011
the customer has a problem with LMS 3.2. This software doesn't terminate ssh sessions created by LMS on ACE. All ssh sessions still exist on ACE, so no new ssh session can be created until the administrator manually clear these session on ACE.
View 7 Replies
View Related
Apr 9, 2013
Cisco Works (LMS 3,2) is not closing SSH sessions to a Cisco ACE module, I see the following thread and tried the workaround to no avail.
[URL]
I have also seen the following caveat (CSCtz42393) but this seems to be LMS 4.x, would this be 4.x and below or do I need to find the equivalent LMS 3.2
View 7 Replies
View Related
Dec 15, 2010
Router is running with IOS 12.4(24T) and we are having problems like file download stalls, some emails not being send or received. CBAC is enabled on this router with default values. MTU is also the default value. This problem has started all of a sudden. seeing lot of errors in the logs as below:
Oct 27 16:47:52: %FW-6-DROP_PKT: Dropping smtp session X.X.X.X:4443 Y.Y.Y.Y:25 due to Stray Segment with ip ident 25800 tcpflags 0x5014 seq.no 288975356 ack 3363647737*Oct 27 16:48:31: %FW-6-DROP_PKT: Dropping http session X.X.X.X:2020 Y.Y.Y.Y:80 due to Stray Segment with ip ident 1472 tcpflags 0x5011 seq.no 2686554796 ack 4275837539
View 1 Replies
View Related
Aug 30, 2012
Earlier we had same problem with LMS 3.2
(RME-Admin-Config Management- Fetch Interval) from 180s 420s.
Now after LMS upgrade ( 4.2.2 ) the SSH sessions are stucked on ACE. We had not experienced it with 4.2.1
[code]....
View 4 Replies
View Related
Dec 19, 2012
Someone told me the commands, but I can't remember them. Have a router (2801) at the end of a highly utilized T1 link/router. How do I protect it so my SSH and/or Telnet sessions will get serviced if the router is real busy.
View 9 Replies
View Related
Apr 5, 2011
while traversing through Cicso ASA Firewall 5520,VPN sessions are disconnecting.In Accelissts for VPN-Outbound traffic from LAN to Client VPN ,we have allowed all Ports.Is there any inspection Rules are cause for this issue. In ASA Firewall,presently the inspection rules are [code]
View 1 Replies
View Related
Jul 26, 2011
We are using ACS 5.1 in our network. We have created users and grouped them as per the requirements. We want to restrict the user sessions in the network. A user should authenticate and able to access a network resource. But when he is active with that session, we need to block him from another successful authentication. We want to avoid multiple users using same user credentials for logging into the devices. whether this can be achieved by making configuration changes in ACS.
View 2 Replies
View Related
Sep 11, 2011
I have the default license for a ASA 5505 and this last Friday I received the attached log for SSH sessions through this firewall; we want to be clear about this issue. This limitation has to be with the 10 Inside Host or the Total VPN Peers limitations in this license? This firewall exists only to agree with a PCI requirement between our router and a communication with a Payment Card Industry Brand, all of this in the same site.
ASA5505 <164>Sep 09 2011 10:42:08: %ASA-4-450001: Deny traffic for protocol 6 src DMZ:X.X.X.X/2479 dst DMZ1:X.X.X.X/22, licensed host limit of 10 exceeded.
I hope that the communications through 22 TCP port, are not countable for license propose.
Licensed features for this platform:
Maximum Physical Interfaces : 8
VLANs : 3, DMZ Restricted
Inside Hosts : 10
Failover : Disabled
VPN-DES : Enabled
[code]....
View 1 Replies
View Related
May 9, 2013
I am curious of the max supported SIP sessionf of the SRP500 series.
View 1 Replies
View Related
Jan 1, 2013
I've looked at the forum posts and the document post, and I understand the explanations. My question is, under system administration>max user session global settings, would setting a timeout (say 1 hour) purge these sessions?
Under access policies, I am not enforcing max concurrent sessions per user, due to some of our devices using a generic log in. But if I understand the explanation, and my understanding might be wrong, then setting an expiry timeout should purge the accounting sessions, right?
View 4 Replies
View Related
Aug 8, 2012
I have DSL line that gives 7mb down and 768k up. I have 2 users running win7 RDP session and after a few hours the session is unusable its so slow and then eventually it hangs . don't know where to start.
View 1 Replies
View Related
May 30, 2012
I am having a recurring problem with tcp sessions timing out / getting reset. I'm using the DIR-655 with PPPoE on a Qwest DSL line. Everything appears to be working fine (including my ipv6 tunnel) except for this issue where my long running ssh & database connections are being reset after a period of time.Currently have 2.03NA loaded, tried using 2.07NA but couldn't get ipv6 working correctly with the newer version.
View 7 Replies
View Related
Apr 6, 2011
In our organization ,recently we are facing a issue with VPN connections are disconnecting abruptly in reandom time periods ( 5Min,15Min,1Hr also).We have verified in our SysLog .[code] The same was worked well in Cisco Pix 515E Firewall ,After changed to Cisco ASA 5520,it is giving the issue.- All Ports are allowed for outbound traffic with a Source Network 172.16.40.0/24 to their Client VPN.- This issue is giving for other Subnet Users i.e 172.16.33.0/24 to their Cleint VPN sessions & I allowed all Ports for them for Outbound traffic. Any feature in ASA is casuing for terminating the sessions which was not in Cisco PIX 515E.- ASA version is 8.0.
View 2 Replies
View Related
Dec 10, 2012
I have a issue with 1142n.If I start from 15 sessions per AP then it becomes a very costly affair. Because there are almost 20.000 student.20,000 students * 60% concurrent use divided by 15 = 800 APs.what is a realistic number of sessions on this AP? What is max concurrent connections on this AP?
View 9 Replies
View Related
Jan 14, 2011
We are using ACS 5.1 and from time to time we are getting a warning saying that the active sessions are over the limit (250000). It is just a warning, so my assumption is that its not a big deal, but how do we keep from getting the event, or prevent the event?
View 2 Replies
View Related
Jan 20, 2013
I have upgraded my ASA 5520 til version 9.1 with ASDM version 7.1. After the upgrade ASDM shows a lot of IPSEC VPN-sessions in the GUI that i cannot see from the ASA. Right now the GUI says that I have 28 IPSEC-sessions while the output from "show vpn-sessiondb l2l" shows the expected 4 tunnels and the output from "show vpn-sessiopndb remote" shows 0 as expected. (I do not use IPSEC from remote users).
View 3 Replies
View Related
Jan 20, 2011
how many sessions a BGP Route Reflector can support? is it 10, 100 or 1000 BGP sessions? What degradation of performance may arise in the case of a BGP RR sessions overload? Consider that the RR I'm deal with has both the control plane and teh forwarding plane. Which command I may use for get the output about BGP sessions resurces used level?
The following are the data about the RR:
Cisco 7600
WS-SUP720-3BXL
Version 12.2(33)SRD5
cisco CISCO7609 (R7000) processor (revision 1.2) with 983008K/65536K
View 1 Replies
View Related
Feb 27, 2011
We have a new 2911 that needs to be configured, unfortunately it's at a remote site. I had installed the following config: [code]
Now, I do get a dhcp ip on the G0/0 interface and I can ping it from my remote network and the local router as well as the local lan. The hands and eye guy is able to telnet from the local lan but I am unable to telnet from either my remote lan or the local router.The only error I receive is "connection refused by remote host". All lines are clear so I have no conflicts with multiple telnet sessions.
View 8 Replies
View Related
Jan 17, 2012
There is a page in the DIR-825 that logs your computers IP and the other IPs it is connecting to. I was wondering if there was a way to disable that function on select devices? My handhelds and legitimate computers that should be on the internet are filling it with spam and it is hard to check for unauthorized users on the network. If that is not possible, then would I be able to completely disable the feature?
View 1 Replies
View Related
