Search results for query: *

Well before I saw this I had already started downloading the code upgrade. So after going from 11.06 to 11.15 and rebooting the switch to dropping has stopped. Thanks for your help!!!!

Hello all, first time posting, so its for a Procurve 2810 something I don't deal with much. We have an 1801 router connected to a 2810 using a vlan trunk. Even though the port and device utilization is very low on both the 2810 and the 1801 the 2810 is dropping some of the routers packets...

yes, I am trying to find rouge unmanaged devices like netgear or whatever. But I am trying to avoid the manual task of looking through all of the switches. I was really hoping 3750's support TCL, IOS routers do and IOS 6k does but it looks like only the 3750-E supports TCL and of course I have...

I have allot of facilities most with large networks. I am trying to find a good way to identify unmanaged switches connected switch ports. I know I can scan through the cam\mac table but we are talking big numbers of multiple member 3750 stacks. anything intrusive is just not an option at...

If I am understanding the question correctly you did not post that part. those tags are names that have been defined for referance through out the config. you can see those enries in the configuration, use this command. show run names hope that helps cheers

Post a sanitized copy of your config, if its not huge it shouldn't be to hard. cheers http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/config.html

Not sure what you mean by re-establish. Those commands clear active connections in the database. They don't modify the running configuration. to re-establish the tunnel you should only have to try to send traffic trough it. By the way this is what you are clearing show crypto ipsec sa...

here is what I see, and for give me I am not so savvy with sonicwall. It looks like the error on your sonicwall says the ASA is using perfect forward security group 2 but your sonicwall is not. Its interesting the Cisco doc says not to set it for this type of setup. However I would try...

It would be helpful if you could post the details of the vpn policy you have on the sonicwall, specifically gateway, destinations, and crypto suite. It might also help to list the settings in the IPSec (Phase 2) Proposal section. I am thinking you probably have the crypto matching, but the...

The router looked like it was routing the ASA inside segment correctly. Try clearing the translationg on the ASA. cheers clear xlate

my bad, they go on the ASA. cheers

I think your just missing the nonat statement and acl to allow that traffic. hope that helps cheers access-list nonat-inside extended permit ip 192.168.3.0 255.255.255.0 192.168.1.0 255.255.255.0 nat (outside2) 0 access-list nonat-inside access-list outside2-in extended permit ip...

actually that complicates things. I was kind of hoping the peer was a pix or router. Sonicwalls are not something I am no so savvy with. I did find an artical on cisco.com with an example on how this is done. I did notice Cisco used aes-256 with sha but you are using 3des with sha, but I...

I think this is the important error 4|Feb 15 2008|09:48:17|113019|||Group = 66.35.x.x, Username = 66.35.x.x, IP = 66.35.x.x, Session disconnected. Session Type: IKE, Duration: 0h:00m:10s, Bytes xmt: 0, Bytes rcv: 0, Reason: Phase 2 Mismatch In order for two peers to successfully negotiate an...

here is an acl that will allow your .192 host to talk to any other host. Than blocking all other hosts. This will be applied to inbound traffic on the inside interface. you can see acl hits by typing 'show access-list'. hope that helps cheers access-list inside-in extended permit ip host...

Here is how I typically check to see if a tunnel is working. ping the other side inside interface sourcing from the asa interface. you will need to enable icmp and managment-acces to the inside interface. check ipsea and isakmp associations. hope that helps cheers icmp permit any inside...

This will get you going fromthe cli if you want to try it that way. Just change <remote peer> to the ip of your remote peer outside ip address and update the lan segments used. hope that helps cheers name <remote peer> remotepeer object-group network remote-net network-object...

You probably need to deal with nat to that segment. but it would be best if you post some sanitized configs and I will take a look. cheers

Looks like you need to add your ip pool to your split tunnel policy. Hope that helps cheers access-list split standard permit 10.10.10.0 255.255.255.0

what is your internal segment and the remote network segment? it looks like your sending all traffic though the tunnel instead of only traffic destine for that remote network like it sounds like you want to do. It would be helpful to post a sanitized copy of your config. but you probably just...