getXML('Challenges of Running Small and Medium Businesses152 schrader_johnNov 18, 2009, 7:31am PSTApparently Microsoft has change the way a machine broadcasts the change of a virtual IP address from one machine to another.<br /><br />Assume you have two IP addresses bound to a NIC on NodeA. IP Address 192.168.1.20 and Virtual IP VIP) address 192.168.1.21. Then remove the VIP from NodeA and add it to NodeB.<br /><br />In Windows 2003, the arp cache of a routher would accept the broadcast change of the MAC address for VIP from the MAC address of NodeA to the MAC address of NodeB. <br /><br />Windows 2008 does not update the arp cache in the router from the MAC address of NodeA to the MAC address of NodeB.<br /><br />However, if the VIP is moved from NodeA to NodeB by MS Cluster Server (MSCS) the arp cache is updated on the routers.<br /><br />Obviously, MS has changed the behavior of arp broadcasts between Windows 2003 and 2008, however they have also compensated if the customer is using MSCS.<br /><br />Can anyone suggest what has changed in Windows that causes this behavior? Also, is there any workaround that will cause Windows to revert to the Windows 2003 model?<br /><br />I have done some research on this and some people throrize that Windows 2008 mow uses Multicast packets instead of Unicast packets but I can't confirm the right way to compensate for this change in Windows bahavior.<br /><br />Thanks...JS jmalloy22Nov 12, 2009, 3:36pm PSTI have an ASA 5505 and 5510 connected via IPSec L2L VPN. The 5505 has a single 192.168.15.x subnet on Eth0/1, while the 5505 has 10.101.10.x and 172.30.10.x subnets on Eth0/1 and Eth0/2 respectively. With the current VPN I can access 10.101.10.x from 192.168.15.x and vice versa. What I can not figure out is how to access 172.30.10.x from 192.168.15.x over the existing VPN. Any thoughts...? 30 collin_clarkNov 16, 2009, 1:40pm PSTYou'll need to add the other subnet into NAT0 and the crypto ACLs. Here's a link to a configuration guide.<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml')">http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807f9a89.shtml</A><br /><br />Hope it helps.dwaldowcsOct 5, 2009, 2:29pm PSTI have a Cisco VPN 3000 concentrator that uses AD authentication to my domain controller. Everyone in AD can connect. How do I continue to authenticate through AD but only allow specific accounts to use the vpn? Or deny specific accounts from using the VPN? 30 bbuffinNov 10, 2009, 12:06pm PSTYou'll need to configure IAS on your Windows server to make this happen. There is no way to do this with authentication from the concentrator directly to AD. Take a look at the following link.<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a0080094700.shtml')">http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_configuration_example09186a0080094700.shtml</A><br /><br />Hope this helps.<br /><br />Brandon shridhar_sdlSep 21, 2009, 3:31am PSTI have two 1841 cisco router , but for one router serial interface is totally damaged , pls let me know how i can use two different ISP,s same time , is there any way ... 30 leolaohooSep 22, 2009, 4:43pm PSTIf you plan to use an ADSL card, then the answer is no.<br /><br />If the providers present the lines as Ethernet, then yes.g-lacoursiereSep 17, 2009, 5:05pm PSTHi, I have been configuring access-list on a 2811 router to deny all traffic except TFTP. Right now, only the router who's IP adresse are in the ACL, can copy their running-config to the TFTP server. However, the router that is directly connected to the TFTP server, and on which interface the ACL is placed out, is enable to copy it's own running-config, even thow the ACL is not allowing his IP address (only those from the other routers in the network). Look like the routers is not passing it's own traffic in the ACL ?? Is thi possible ??. 30 leolaohooSep 17, 2009, 5:47pm PSTCan you post a network diagram and the config please?g-lacoursiereSep 17, 2009, 6:46pm PSTHere is the topology and the runing-config of router named R2.<br /><br />Its the R2 router that is able to copy to the TFTP server even though the access-list does not permit him to copy.<br /><br />I hope this is not too confusing !!<br /><br />Thanks for your answer.<br /><br /><br /><b>Attachment Keywords : </b> <br />1) Topologie.jpg<br />2) R2.txt<br />Topologie.jpg121213image/pjpegimage4344509/17/2014noR2.txt121214text/plaintext375609/17/2014no leolaohooSep 20, 2009, 8:29pm PSTJust a test, but remove <b>permit ip any any</b>.<br /><br />Have you tried using <b>ip access-group TFTP in</b>? robert.sebie@ena.com.auSep 7, 2009, 8:57pm PSTCan callmanager Backup And Restore System support callmanager version 5.1? How to backup callmanager 5.1? 30 smalkericSep 11, 2009, 12:16pm PSTFor Cisco CallManager 3.3 or later, you need to use the supported Cisco BARS utility. If you use an earlier version of Cisco CallManager, use the Cisco IP Telephony Applications Backup Utility (3.5). On Cisco CallManager 5.0 and later, the BARS utility is replaced by the Disaster Recovery System. <br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/drs/5_0_4/drsag504.html')">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/drs/5_0_4/drsag504.html</A><br /> robert.sebie@ena.com.auSep 7, 2009, 9:00pm PSTHi everybody,<br /><br />I am just wondering whether callmanager BARS support callmanager 5.1. When I try to install BARS in the voice mail server, there is an error message that You must use cisco approved hardware to install BARS. But the voice mail server is an Cisco server. So what is cisco approved server?<br /><br />Thanks<br /> 30 rob.huffmanSep 11, 2009, 5:02am PSTHi Robert,<br /><br />In CCM 5.x and above this is now called "Disaster Recovery System" pretty cool! So you don't need to install the BARS Utility. Here is a look at the related info; <br /><br />The Disaster Recovery System (DRS), which can be invoked from Cisco Unified CallManager 6.0 Administration, provides full data backup and restore capabilities for all servers in a Cisco Unified CallManager cluster. The Disaster Recovery System allows you to perform regularly scheduled automatic or user-invoked data backups. DRS supports only one backup schedule. <br /><br />The Cisco Disaster Recovery System performs a cluster-level backup, which means that it collects backups for all servers in a Cisco Unified CallManager cluster to a central location and archives the backup data to physical storage device. <br /><br />When performing a system data restoration, you can choose which nodes in the cluster you want to restore. <br /><br />The Disaster Recovery System includes the following capabilities: <br /><br />A user interface for performing backup and restore tasks. <br /><br />A distributed system architecture for performing backup and restore functions. <br /><br />Scheduled backups. <br /><br />Archive backups to a physical tape drive or remote sftp server. <br /><br />The Disaster Recovery System contains two key functions, Master Agent (MA) and Local Agent (LA). The Master Agent coordinates backup and restore activity with all the Local Agents. <br /><br />The system automatically activates both the Master Agent and the Local Agent on all nodes in the cluster. <br /><br />From this excellent doc; <br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/drs/6_1_2/DRS_CUCM/drsag612.html')">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/drs/6_1_2/DRS_CUCM/drsag612.html</A> <br /><br /><br />For these new CCM Versions BARS is no longer used :) <br /><br /><br />Hope this helps! <br />Rob <br />tkeulemanSep 4, 2009, 12:49pm PSTHello All.<br />I have searched around a bit and I believe the 877 router will do what I want but I would like to have this confirmed.<br />Here's the situation.<br />Assume there is a static IP address 201.97.237.216 (not the real IP) for a ADSL service.<br />The ISP has mapped a block of other static IP's that are directed to 201.97.237.216 address. Assume the block goes from 201.97.229.128 to 201.97.229.135.<br />I want to hook up a 877 router and configure the wan port to be 201.97.237.216 and then have port one on the lan side connected to a router with the ip address 201.97.229.130. This router will be one subnet or vnet. Port two on the 877 router would be connected to another router with the ip address of 201.97.229.131. This would be a second subnet. <br /><br />Can the 877 router support this? If I read the specs correctly it looks like it supports vlan's. <br />Would a web user be able to connect to 201.97.229.130 and be connected to the subnet 1 through port 1 of the 877 router?<br /><br />Is the web interface intuitive enough to allow this to be configured easily?<br /><br />If someone knows of a sample config file for this type of connection I would appreciate seeing it.<br /><br />Thanks for considering this post. 30vkapoor5Sep 10, 2009, 6:42pm PSTPAT offers Maps multiple IP addresses to one or a few IP addresses.<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6640/product_data_sheet0900aecd8064c999.html')">http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6640/product_data_sheet0900aecd8064c999.html</A><br /> collin_clarkSep 11, 2009, 4:50am PST<i>Support for 2 VLANs with Base Image. One VLAN dedicated to DMZ.</i><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps6200/product_data_sheet0900aecd8028a976.html')">http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps6200/product_data_sheet0900aecd8028a976.html</A><br /><br />I've never used the web interface, but this is a pretty straight forward setup so it should be pretty intuitive. <br /><br />Assign the WAN interface the IP of 201.97.237.216. Assign the LAN or DMZ interface with 201.97.229.x. Then you can assign other hosts in the 201.97.229.x range. They must be in the same VLAN as your inside/DMZ interface.<br /><br />Hope it helps.dai_nish@yahoo.co.nzAug 27, 2009, 9:56pm PSTHello everyone<br /><br />I have been unable to place a few switches in spanning-tree debug mode using the debug spanning-tree events. The command gets returned as invalid input in priviliged EXEC mode. In other modes it is retured as an unrecognized command. I looked into the configuration of the spanning tree in the show spanning-tree output and it seems all fine. Please advise me how to enable this debugging functionality.<br /><br />Thank you for reading,<br /><br />Dee 30tstanikSep 2, 2009, 7:39am PSTUse the debug spanning-tree privileged EXEC command to debug spanning-tree activities. Use the no form of this command to disable debugging output. <br />debug spanning-tree {all | backbonefast | bpdu | bpdu-opt | config | csuf | etherchannel | events | exceptions | general | mstp | pvst+ | root | snmp | switch | uplinkfast} <br /><br />no debug spanning-tree {all | backbonefast | bpdu | bpdu-opt | config | csuf | etherchannel | events | exceptions | general | mstp | pvst+ | root | snmp | switch | uplinkfast} <br /><br />To view the syntax description click this link.<br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_13_ay/command/reference/debug.html#wp1029961')">http://www.cisco.com/en/US/docs/switches/lan/catalyst2940/software/release/12.1_13_ay/command/reference/debug.html#wp1029961</A><br /><br />chris.noonAug 26, 2009, 6:47pm PSTHi,<br /><br />I have a Cisco ASA 5510 and need to use it to route between VLANs as i don't have a router for the time being. I have been reading online and it is possible as it is a layer 3 device, although I can't seem to get it working.<br /><br />I have an inside, outside and a DMZ. The DMZ is in the IP range 172.99.0.0/24 and in vlan 80 and the inside is in the IP range 10.192.3.0/24 and in vlan 10. These are the 2 vlan/ip ranges I need to communicate.<br /><br />On the switch I am using the config commands:<br /><br />Interface 0/48<br />switchport trunk allowed vlan all<br />switchport mode trunk<br /><br />Then ports 1 to 36 are placed on vlan 10 and ports 37 to 47 are on vlan 80; all set for access mode.<br /><br />On the ASA i am using the config:<br /><br />Interface Ethernet 0/3<br />No ip address<br />No shutdown<br />Nameif VLAN_Routing<br />Security-level 100<br /><br />Interface Etherenet 0/3.1<br />Ip address 172.99.0.1 255.255.255.0<br />Nameif DMZ_VLAN<br />Security-level 100<br />Vlan 80<br />no shutdown<br /><br /> <br /><br />Interface Etherenet 0/3.2<br />Ip address 10.192.3.2 255.255.255.0<br />Nameif Inside_VLAN<br />Security-level 100<br />Vlan 1<br />no shutdown<br /><br />####<br />I thought the problem may be because I don't have any encapsulation on the trunking ports. The ASA command "vlan 10" apparently encapsulates in dot1q automatically, but i can't seem to find where to do this on the switch: the switch is a catalyst 2960.<br /><br />Hopefully someone can help me get these 2 lans communicating. 30 collin_clarkAug 31, 2009, 8:45am PSTOn the 2960 I'm pretty sure that only dot1q is supported. On the switch you can verify if the trunk is working with <b>show interface trunk</b> and it should show fa0/48 as a trunk. I do see an error on the ASA config. The main interface can not have a nameif.<br /><br />interface Eth0/3<br /> no nameif<br /><br />You will also need <b>same-security-traffic permit inter-interface </b><br /><br />Hope that helps. matthubachAug 28, 2009, 7:42am PSTCan someone please help me disable the stackwise config in a 3750 switch. I have removed the switch from a stackwise configuration and need it as a standalone.<br /><br />When I run the command...<br />no switch [#] provision<br />...I get the error...<br />%IDBs can not be removed when switch is active.<br /><br />I see some documentation that mentioned renumbering the switch. However, once I renumber it I get the same error.<br />----------------------------------------<br />version 12.2<br />no service pad<br />service timestamps debug uptime<br />service timestamps log uptime<br />no service password-encryption<br />!<br />hostname Switch<br />!<br />no aaa new-model<br />switch 1 provision ws-c3750-48p<br />----------------------------------------<br />I am starting to wonder if it is even possible to remove the default switch 1 config when you have stackwise ports??? Any ideas? Thanks!!! 30 nsn-amagruderAug 28, 2009, 10:41am PSTI don't have one in front of me to confirm, but I believe this is default config. Do a show switch and if only one switch exist, you can't remove it.<br /><br />If you do a switch 2 provision (model), then do a show run, you will be able to provision the ports that don't exist until the switch is phyically connected.<br /><br />hope this helps,<br /><br />Aaron Magruder<br />NonStop Networks, LLC<br /><A HREF="javascript:newWin('http://www.nonstopnetworks.net')">http://www.nonstopnetworks.net</A>neilmacklandAug 28, 2008, 2:49am PSTHi<br /><br />Finally got my 857 up and working and have NAT working to port forward ports 80, 25 and 443 to my internal servers.<br /><br />I have a block of IP 'S and want to configure the router to use a second IP address so that I can configure citrix web access so that when my users go to <A HREF="javascript:newWin('http://www.domain.com')">www.domain.com</A> in goes to my web server and when they input citrix.domain.com it goes to my citrix web access server.<br /><br />I think I have added the secondary IP address to the dialer but am unsure how to configure NAT with the secondary public IP address 30 collin_clarkAug 28, 2008, 5:23am PSTNo need to add a secondary address to the dialer. Simply create a new NAT statement with a new IP address. <br /><br />Hope that helps.timkaye@empiredAug 27, 2009, 8:24pm PSTHello.<br /><br />Can I ask what software version you're running.<br /><br />I cannot get 443 to forward. Everything else is fine.<br /><br />Appreciate any information.<br /><br />Tim mark.stclaireAug 24, 2009, 8:19am PSTI need urgent or assistance with the above device. If you're welling to assist drop me a line troy336@yahoo.com 30 roman.rodichev@iementor.comAug 24, 2009, 11:11am PSTMark, can you post your question here? mark.stclaireAug 24, 2009, 11:19am PSThey roman thanks for reply.... I send you an e-mail. However I'm have a cisco ASA 5520 Firewall. I need to configure it for routed mode. I'll be using 3 interface. DMZ, OUTSIDE and INSIDE. I want to accomplish communication from my clients to the DMZ in and out. Also my DMZ in and out the OUTSIDE. And later on VPN to my DMZ. I can show you my config and diagram. roman.rodichev@iementor.comAug 26, 2009, 4:45am PSTFeel free to attach your diagram and config file here. Do you already have some existing configuration and need help with specific features or are you looking for the entire ASA config?<br /><br /><br /> mark.stclaireAug 26, 2009, 6:25am PSTHey Roman attached is wat I have so far and what I want to accomplish. Long story short I'm lost with my NAT and ACLs<br /><br /><b>Attachment Keywords : </b> <br />1) ASA Version 7.doc<br />2) my network.jpg<br />ASA Version 7.doc120287application/octet-streamexe3993608/26/2014nomy network.jpg120288image/pjpegimage4812008/26/2014no mark.stclaireAug 24, 2009, 11:48am PSThey roman thanks for reply.... I send you an e-mail. However I'm have a cisco ASA 5520 Firewall. I need to configure it for routed mode. I'll be using 3 interface. DMZ, OUTSIDE and INSIDE. I want to accomplish communication from my clients to the DMZ in and out. Also my DMZ in and out the OUTSIDE. And later on VPN to my DMZ. I can show you my config and diagram.marciagirardiAug 22, 2009, 5:05pm PSTGents,<br /><br />Is it possible to lock an ipphone 7940? How could I do it ?<br /><br />Please, answer to cesar_c_santos@hotmail.com<br /><br />Kind regards<br /><br />CÃ©sar Santos<br /><br /> 30 bbuffinAug 24, 2009, 7:54am PSTWhile not specifically designed for this purpose, one option is to use Extension Mobility. Take a look at the following post.<br /><br /><A HREF="javascript:newWin('http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=Video%20over%20IP&topicID=.ee6c82f&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbefc93')">http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=Video%20over%20IP&topicID=.ee6c82f&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cbefc93</A><br /><br />Hope this helps.<br /><br />BrandonmarciagirardiAug 24, 2009, 8:14am PSTHi Brandon, Thanks.<br /><br />For example, I would like to lock the IP telephone device when I will out of my workstation.<br /><br />regards, bbuffinAug 24, 2009, 9:07am PSTI'm not aware of any way to do this. Sorry.<br /><br />Brandon leolaohooAug 24, 2009, 3:04pm PSTHow about logout (Services > Logout)? rob.huffmanAug 25, 2009, 10:06am PSTHi Ceasar,<br /><br />Just to add a note to the great info from Brandon and Leo (+5 points each guys!)<br /><br /><br />There is also this 3rd party product; <br /><br /><br /><A HREF="javascript:newWin('http://www.andtek.com/communications-products-lockout.html')">http://www.andtek.com/communications-products-lockout.html</A> <br /><br /><br />Hope this helps! <br />Rob <br /><br />marciagirardiAug 26, 2009, 5:40am PSTHi Rob, thanks for the help!<br /><br />regards,<br /><br />Cesar leolaohooAug 25, 2009, 2:25pm PSTThanks for the rating Rob.simonmeliAug 19, 2009, 9:38pm PSTin ip phone, there is a softkey call corp directory from which you can search all staff in your company. But now, my company has a lot of store which will have their own id, address and phone number. So how can I create another directory for all store which just like corp directory? Can I reprogram the softkey? 30 smalkericAug 25, 2009, 1:32pm PSTRe-program the softkey is achieved through a 'Template' this template is then applied to the phones you wish to change.<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/4_0_1/ccmcfg/b06skey.html#wp1007555')">http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/4_0_1/ccmcfg/b06skey.html#wp1007555</A><br />henrry.huamanAug 16, 2009, 7:37am PSTHi Guys.<br />Please, we are working in deployment of GetVPN with DC, could be help me with design or recomendations other deployment?<br /><br />thanks in advance 30ebrenizAug 21, 2009, 10:25am PSTPlease follow up on this guide in PDF format in the following link:<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps9370/ps7180/GETVPN_DIG_version_1_0_External.pdf')">http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6525/ps9370/ps7180/GETVPN_DIG_version_1_0_External.pdf</A>bliemsAug 17, 2009, 8:48am PSTI am going to upgrade the IOS on the VPN3005 Concentrator. It has 32MB of Flash. I need to know how to check the amount of memory currently being used by the current image. We are running:<br /><br />vpn3005-4.1.2.Rel-k9.bin<br /><br />I wanted to know also, what would be a good replacement image for this. 30rrjoas45Aug 21, 2009, 10:15am PSTYou can view it from monitoring | system status option. This screen shows the status of several software and hardware variables at the time the screen displays. From this screen you can also display the status and statistics for SEP modules, system power supplies, memory, and network interfaces. <br /><br />One of the screen elements:<br />RAM Size — The total amount of SDRAM memory installed in the VPN Concentrator. Memory Status is a link to a table that displays information about memory use on the VPN Concentrator; it includes information about block size, with data about used and free blocks, bytes, and percentages. <br />Refer the below URL for more info:<br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/administration/guide/sysstat.html')">http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/administration/guide/sysstat.html</A><br /> kepollett1Aug 11, 2009, 8:35am PSTNumbers appearing on phones as monitor, when call is transfered cannot light busy lamp when pickup on 7962 phones and phones with 7915 sidecars. Normal operation fine 30 kepollett1Aug 13, 2009, 6:45am PSTFound my own answer to this. Some of the 7962 phones with the 7915 sidecar and other 7942 phones had an older phone load. Made sure all received new phone load and worked properly with the 7915 sidecars after nocoperatorsAug 6, 2009, 7:54am PSTHow can I get Wifi users to get password notification from Active Directory using VPN connection? 30ebrenizAug 12, 2009, 3:30pm PSTWe can prompt users for change of password ahead of time but it requires to use LDAP not Radius<br /><br />tunnel-group radiustest1 general-attributes<br />password-management password-expire-in-days 14<br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpngrp.html#wp1166214')">http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/vpngrp.html#wp1166214</A><br /><br />So if LDAP is enabled on your AD Server, you can have ASA talk to the AD server directly.<br /> g3r4rd1n4Aug 6, 2009, 7:45am PSTI can configure two protocol on phisical interface cisco 7600 with card es20+: <br />802.1q and 802.1ad<br />thanks 30 k.poplitzAug 12, 2009, 1:03pm PSTCustom Ethertype feature customizes the Ethernet settings in an ES20 line card. This feature enables the user to configure ethertype with outer tag for .1Q and QinQ packets. Custom Ethertype is supported for both EVCs (802.1Q and QinQ) and QinQ routed subinterfaces. By default Cisco 7600 series router supports Ethertype 0x8100 for .1Q and Q-in-Q outer tag. You can use the Custom Ethertype feature to configure the following Ethertypes for each port for ES20 line cards: <br />• 0x8100 - 802.1q <br />• 0x9100 - Q-in-Q <br />• 0x9200 - Q-in-Q <br />• 0x88a8 - 802.1ad <br /><br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_guide/SRD/baldcfg.html')">http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_guide/SRD/baldcfg.html</A>juanignaciofernandesJul 13, 2009, 1:58pm PSTIm having problems to access to the DMM.<br />I´ve already installed the VMWare from the ciscoet but I can´t access to the DMM principal page. I believe is a problem with the VMWare.<br />Did anyone have the same problem?<br /> 30htarraJul 20, 2009, 7:32pm PSTHere is the troubleshooting for the DMM. I hope it helps you.<br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/products/ps6028/products_configuration_guide_chapter09186a0080899a23.html#wp35720')">http://www.cisco.com/en/US/products/ps6028/products_configuration_guide_chapter09186a0080899a23.html#wp35720</A><br /> rguzman.plannetAug 11, 2009, 2:44pm PSTHi,<br /><br />I´m trying to instal DMS on VMWare as well, I´m using VMWare-server-2.0.1-156745. I am instaling DMS from Cisco Digital Media Manager V4.1 CD but the virtual machine displays an error "The system detected is unknown. You cannot continue furthe¨r"<br /><br />Please let me know if this is the same trouble you´re experiencing.<br /><br />Regardscsco11096668Aug 10, 2009, 3:33pm PSTHow can i configure a router with two gateways 30 collin_clarkAug 11, 2009, 7:15am PSTDo you mean the router will provide the two gateways? Use a secondary IP or trunk and use sub-interfaces for each subnet.<br /><br />Do you mean you have two destination gateways?<br /><br />ip route 0.0.0.0 0.0.0.0 1.1.1.1<br />ip route 0.0.0.0 0.0.0.0 2.2.2.2<br /><br /><br /> ihateloginJul 27, 2009, 6:15pm PSTJust upgraded the dram to 192mb install 32(48)mb flash and installed the bootrom 12.2(8r) to support the memory. when i type show c2600 i can see the 2 memory modules in the slots 1x 128mb and 1x64m but when i type show ver or show hard it only lists 128mb of memory. Has this upgrade worked? how can i confirm that all the memory is available to be used? 30gmarogiAug 5, 2009, 3:00pm PSTShow Version-Always shows memory in chassis based on running image (for example, with 128-MB DIMM shows 128, 160-MB shows 160)<br /><br />• Show C2600-Always shows specific physical memory in each slot (for example, DIMM slot 0-128 MB, DIMM slot 1-32 MB)<br /><br /><A HREF="javascript:newWin('https://www.cisco.com/en/US/prod/collateral/routers/ps259/prod_qas0900aecd800f71dd.html')">https://www.cisco.com/en/US/prod/collateral/routers/ps259/prod_qas0900aecd800f71dd.html</A> andreypetrovJul 29, 2009, 12:29am PSTDoes anybody exactly know what's the DC input operating range for PWR-C49M-1000DC?<br />Is a 69 VDC acceptable?<br />Thanks in advance. 30 leolaohooJul 29, 2009, 7:00pm PSTNo. DC input operating range: -48 to -60 VDC. <br /><br />Cisco Catalyst 4900M Switch DC Power Supply<br /><A HREF="javascript:newWin('http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/product_bulletin_c25-508039.html')">http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9402/product_bulletin_c25-508039.html</A>MKCHAURASIAJul 22, 2009, 7:46am PSTI have 3640, 1700 and 2600 series router <br />I want to implement site to site VPN using SDM the problem is when I log in to SDM I see all the green dots saying IP enable with a check mark, VPN green dot and says feature avilable but not enabled firewall featured avilable but not enabled, <br />I tried using crypto isakamp enable still I dont see in SDM as green dot and and a check mark on it. <br /><br />so over all how do I use SDM to set up Site to Site VPN or suggest me some Image name for 3640, 1700, 2600 router that uses SDM.<br /><br />I know the steps of configuring it I just need help in to see VPN green dot and check mark on it <br />Thanks 30 beth-martinJul 28, 2009, 5:43am PSTYou can enable the Firewall, config-> firewall and ACL -> create firewall on SDM.jason108247Jul 22, 2009, 4:52pm PSTWhat are the pros and cons of over clocking your router? 30 leolaohooJul 24, 2009, 1:24am PSTCONS: You immediately burn your warranty and support. collin_clarkJul 24, 2009, 7:53am PSTI guess I'm hacking ignorant. How do overclock a CPU on a router?jason108247Jul 27, 2009, 8:55am PSTCollin,<br /><br />when you hook two routers through serial ports you are given the chance to set the clock rate. For instance 64000. The clock rate can be altered by the engineer. I know the standard is usually about 64000 but I know that it can go much higher than that. collin_clarkJul 27, 2009, 10:30am PSTThat's the clockrate of the serial link. You can go above 64000 and not hurt anything, you'll just be emulating a faster circuit. I thought you were talking about overclocking the CPU. leolaohooJul 24, 2009, 6:36pm PSTHi Collin, <br /><br />Give it some weed. He he he ... arnie.allenJul 21, 2009, 6:46am PSTCan you recomend a book for me as I would like to take an exam for the 642-436 cvoice 6.0<br />mukesh.ved@bt.com tommyjreigeJul 19, 2009, 4:38pm PSTHi Everyone,<br />I have a small issue here which someone may be able to shed some light on.<br /><br />I have a Cisco IOS router which is terminating a site-to-site VPN connection on the dialer interface. The PIX on the other end is behind a NAT router. The tunnel is being established and one subnet is able to see another when the tunnel is up. The thing we are having an issue is both networks on each side of the VPN contain multiple subnets and i cannot connect to all the subnets over the same tunnel.<br /><br />Any ideas. 30 collin_clarkJul 20, 2009, 12:19pm PSTDo you have all the networks in the NAT exemption and in the interesting traffic ACL? Also check to make sure your routing is in place for all the subnets.<br /><br />Hope that helps. tommyjreigeJul 20, 2009, 3:27pm PSTYes all this is setup.<br />I have just found out that Cisco IOS can only make connections from 1 network per crypt map unless multiple connections are made from server to host. This is quite disturbing because i have not seen this in any documentation.<br />Does anyone know of IOS to PIX IPsec with multiple subnets on each side of the network. collin_clarkJul 21, 2009, 5:22am PSTI'm not sure where you you got your information, but it is incorrect. I have configured multiple subnets for VPN with a single connection. vidaluzaristaJul 13, 2009, 7:12am PSTHi All<br /><br />I have a ASA 5510, I have configure 2 VPN, router 850-ASA is OK, but I can't establish the other VPN ASA-Astaro, the error is:<br />Jul 09 15:35:57 [IKEv1]: Group = 200.50.2.114, IP = 200.50.2.114, QM FSM error (P2 struct &0x3bcd8c0, mess id 0x4f4f1e75)!<br />Jul 09 15:35:57 [IKEv1]: Group = 200.50.2.114, IP = 200.50.2.114, construct_ipsec_delete(): No SPI to identify Phase 2 SA!<br />Jul 09 15:35:57 [IKEv1]: Group = 200.50.2.114, IP = 200.50.2.114, Removing peer from correlator table failed, no match!<br />Jul 09 15:36:03 [IKEv1]: Group = 200.50.2.114, IP = 200.50.2.114, construct_ipsec_delete(): No SPI to identify Phase 2 SA!<br />Jul 09 15:36:03 [IKEv1]: Group = 200.50.2.114, IP = 200.50.2.114, Removing peer from correlator table failed, no match!<br /><br />My configuration for VPN is:<br /><br />ACL:<br />access-list Internet_cryptomap_40 extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0<br />access-list Internet_cryptomap_60 extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0<br /><br />VPN:<br /><br />crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac<br />crypto ipsec security-association lifetime seconds 86400<br />crypto ipsec security-association lifetime kilobytes 4608000<br />crypto map Internet_map 20 match address Internet_cryptomap_20_1<br />crypto map Internet_map 20 set peer 186.1.10.74<br />crypto map Internet_map 20 set transform-set ESP-3DES-MD5<br />crypto map Internet_map 20 set security-association lifetime seconds 86400<br />crypto map Internet_map 20 set security-association lifetime kilobytes 4608000<br />crypto map Internet_map 20 set nat-t-disable<br />crypto map Internet_map 40 match address Internet_cryptomap_40<br />crypto map Internet_map 40 set peer 165.98.233.180<br />crypto map Internet_map 40 set transform-set ESP-3DES-MD5<br />crypto map Internet_map 40 set security-association lifetime seconds 86400<br />crypto map Internet_map 40 set security-association lifetime kilobytes 4608000<br />crypto map Internet_map 60 match address Internet_cryptomap_60<br />crypto map Internet_map 60 set peer 200.50.2.114<br />crypto map Internet_map 60 set transform-set ESP-3DES-MD5<br />crypto map Internet_map 60 set security-association lifetime seconds 28800<br />crypto map Internet_map 60 set security-association lifetime kilobytes 4608000<br />crypto map Internet_map interface Internet<br />isakmp identity address<br />isakmp enable Internet<br />isakmp enable management<br />isakmp policy 10 authentication pre-share<br />isakmp policy 10 encryption aes<br />isakmp policy 10 hash md5<br />isakmp policy 10 group 2<br />isakmp policy 10 lifetime 86400<br />tunnel-group DefaultRAGroup ipsec-attributes<br />isakmp keepalive threshold 10 retry 2<br />tunnel-group 186.1.10.74 type ipsec-l2l<br />tunnel-group 186.1.10.74 ipsec-attributes<br />pre-shared-key *<br />tunnel-group 165.98.233.180 type ipsec-l2l<br />tunnel-group 165.98.233.180 ipsec-attributes<br />pre-shared-key *<br />tunnel-group 200.50.2.114 type ipsec-l2l<br />tunnel-group 200.50.2.114 ipsec-attributes<br />pre-shared-key *<br /><br />Thanks in Advanced<br /><br />Regards 30vmoopeungJul 17, 2009, 1:47pm PSTRemoving peer from correlator table failed, no match!<br /><br />This typically means one of a few things including, incorrect peer address configured in the L2L setup page, mis-matched local and remote newtork definitions, Agressive Mode vs. Main Mode misconfig, and IKE Proposal parameters not matching up on both ends. <br />DKoettingWWTJul 13, 2009, 11:54am PSTWe recently implemented Call Manager 6 with CUPC. We are seeing issues with users working off of our network and are unable to get presence status when logging in. We have seen a few issues that could cause this. These include the following:<br /><br />Windows Firewall is not allowing exceptions<br />VPN Adapter Statful Firewall is on<br /><br />We are using CUPC 7.0.2 and VPN Client 5.0.02. <br /><br />This issue is not across the board. I would say appx 100 users report this issue. We are using Windows XP Pro on our image. Any suggestions?<br /><br /> 30benbollinger@home.comJul 17, 2009, 9:28am PSTI fixed this on our asa by disabling "inspect sip". Hope that helps.')