Вопрос в следующем: имеется ли возможность написать скрипт для lan lite (имхо, не поддерживает EEM) который бы детектил падение 1 линка свитча и отключал по этому событию 2 линк? Есть предположение что можно отлавливать сообщение syslog для этого. Но остается не понятным - как запустить это не вручную, а по расписанию? (без EEM) Ну или хотя бы чтоб 1 раз запустил вручную и всегда работало.

Добрго дня Появилась не вполне понимаемая проблема - при попытке прошить циску 2950 через хмодем (по консольному кабелю) скопированый образ имеет размер отличный от копируемого: Копирую образ размером 3722814 На флешке образ размером 3722880 Что может быть причиной данного сбоя? (битая флеш, ошибки копирования, вирус?!?) И какие варианты побороть? (формат флешы, замена железа, утиль) Заранее благодарен.

у нас появились проблемы с передачей почты на mail.ru, после долгих колупаний конфигов нашли на ASA в списке ботнет сетей ип mxs.mail.ru(94.100.176.20) это у меня только так? sc-asa1# sh dynamic-filter reports top malware-sites Malware Sites (since last clear) Site Connections Logged Dropped Threat-level Category --------------------------------------------------------------------------------- 192.95.30.104 () 486207 486207 very-high admin-added 93.158.147.8 () 19734 19734 very-high Malware 178.32.81.230 () 16751 16751 very-high admin-added 94.100.176.20 () 8467 8467 very-high Malware 109.3.51.194 () 8232 8232 very-high admin-added 188.165.94.155 () 8175 8175 very-high admin-added 204.13.161.51 () 1242 1242 very-high Malware 193.105.174.3 () 596 596 very-high Malware 50.22.199.0/24 () 577 577 very-high admin-added 5.135.100.90 () 222 222 very-high admin-added Last clearing of the top sites report: Never

Прошу помочь. Есть контроллер WLC 5508 и точки доступа Aironet 1142. На контроллере поднят DHCP. подключаю две точки к контроллеру. Вижу, что они получили адреса. Но статус на точка доступа Not Joined. В инете нашел статью, что проблема скорее всего с сертификатами в SECURITY - AP Policies. Пробовал отключать все сертификаты. Точки доступа переходя в Joined и через несколько секунд в Not Joined. Помогите разобраться как их зарегистрировать на контроллере.

Всем доброго дня. Необходимо обеспечить бесперебойный доступ к почтовому серверу(в будущем и к другим сетевым ресурсам), которые находится у нас в офисе. На данный момент имеем: 2 канала от двух разных провайдеров, каждый провайдер выдает белый ip-адрес. Прописаны A записи c именем домена типа mail.firma.ru на на ip-адреса каждого провайдера. Но при такой организации записей доменов, есть вероятность нарваться на ситуацию, когда днс-сервер отдает ip-адрес, которые сейчас недоступен(проблемы у провайдера например) Как я правильно понимаю, выходом из такой ситуации является Автономная система (AS) У меня возникает вопрос(в сети не нашел ответа на него): можем ли мы зарегистрировать AS с IP-адресами, которые нам выдает провайдер? или в этом нет смысла, и надо кроме регистрации AS приобретать еще и диапазон PI адресов и настраивать BGP? И если приобретать диапазон PI, то необходимо минимум две сети PI /24 (Читал, что сети меньше /24 провайдеры не анонсируют) Заранее благодарю за ответы, Алексей

Помогите скачать прошивку asr1000rp1-advipservices.03.04.05.S.151-3.S5.bin http://software.cisco.com/download/rele ... lowid=2136 или предыдущие asr1000rp1-advipservices.03.04.* Пожалуйста! Очень срочно нужно Отблагодарю!!

Нужна помощь. Существует свитч WS-C3750X-12S-S, с 12 гигабитными портами под SFP. Вопрос: будет ли работать в гигабитном порту SFP на 100 Мбит? Например, модель GLC-FE-100LX-RGD. Дело в том, что на другом конце оптики будет стоять железка с портом на 100 Мбит. Кто нибудь делал такое подключение своими руками?

Добрый день всем! Подскажите пожалуйста как на CUCM 9.1, да и вообще на обычном Call Manager реализовать сопоставление номера звонящего и имени. Допустим поступает звонок от абонента 77731, необходимо чтобы на телефоне целевого абонента отображалось Moscow 77731 На CUCME c SCCP трубками такое реализуюется через directory entry 250 77731 name Moscow А как это можно сделать на CUCM? Спасибо заранее

Коллеги! Понимаю, что лохмачу бабушку, и все кроме меня умеют подключать сиськи к билайну, и щя пошлют меня в гугл или хуже того в яндекс. Но не смог осилить сабж. Т.е. я не нашёл, может оно как и v3 на SVI принципиально не работает? Роутовый порт на 881 занят PPPoE, локально к сиське ехать цепляться западло, поэтому SVI. Делал так. Выяснил адрес сраного tp.internet.beeline.ru - это тоже квест, он у всех разный и меняется со временем: ip vrf beeline rd 200:10 interface FastEthernet2 switchport access vlan 200 ip vrf forwarding beeline no ip address spanning-tree portfast interface Vlan200 ip vrf forwarding beeline ip address dhcp ip nat outside ip virtual-reassembly in Смотрим, чо там нам засранцы напихали: c881-02#sh dhcp server DHCP server: ANY (255.255.255.255) Leases: 2 Offers: 1 Requests: 1 Acks : 1 Naks: 0 Declines: 0 Releases: 0 Query: 0 Bad: 0 Forcerenews: 0 Failures: 0 DNS0: 213.234.192.8, DNS1: 85.21.192.3 Subnet: 255.255.248.0 DNS Domain: beeline Пихаем в VRF NS-ы, без этого не ресолвит: ip name-server vrf beeline 213.234.192.8 ip name-server vrf beeline 85.21.192.3 c881-02#ping vrf beeline tp.internet.beeline.ru Translating ';tp.internet.beeline.ru';...domain server (213.234.192.8) [OK] Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 85.21.140.249, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms c881-02# Ну и конфигурим L2TP: l2tp-class beeline receive-window 128 vpdn enable pseudowire-class PWC encapsulation l2tpv2 protocol l2tpv2 beeline ip local interface Vlan200 ip pmtu ip tos reflect interface Virtual-PPP200 description --- BEELINE.RU --- ip vrf forwarding beeline ip address negotiated ip mtu 1400 ip nat outside ip virtual-reassembly in no peer neighbor-route keepalive 60 ppp authentication chap pap callin callout ppp chap hostname XXX ppp chap password YYY ppp ms-chap refuse callin ppp ms-chap-v2 refuse callin ppp pap sent-username XXX password YYY ppp ipcp route default no cdp enable pseudowire 85.21.140.214 10 encapsulation l2tpv2 pw-class PWC ip route vrf beeline 0.0.0.0 0.0.0.0 Virtual-PPP200 ip route vrf beeline 85.21.140.214 255.255.255.255 dhcp ppp вроде chap, но я пробовал всяко разно. В итоге всё липнет на стадии LCP, в дебагах трэш, в голове каша. c881-02#sh ppp all Interface/ID OPEN+ Nego* Fail- Stage Peer Address Peer Name ------------ --------------------- -------- --------------- -------------------- Vp200 LCP* LCP 0.0.0.0 c881-02#sh vpdn L2TP Tunnel and Session Information Total tunnels 1 sessions 1 LocTunID RemTunID Remote Name State Remote Address Sessn L2TP Class/ Count VPDN Group 55622 12245 bras254.vlg est 85.21.140.214 1 beeline LocID RemID TunID Username, Intf/ State Last Chg Uniq ID Vcid, Circuit 16155 17567 55622 10, Vp200 est 00:00:02 5 c881-02# c881-02#sh ip route vrf beeline Routing Table: beeline ... Gateway of last resort is 10.150.144.1 to network 0.0.0.0 S* 0.0.0.0/0 [254/0] via 10.150.144.1 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.150.144.0/21 is directly connected, Vlan200 L 10.150.144.93/32 is directly connected, Vlan200 78.0.0.0/32 is subnetted, 1 subnets S 78.107.31.152 [254/0] via 10.150.144.1, Vlan200 85.0.0.0/32 is subnetted, 1 subnets S 85.21.140.214 [1/0] via 10.150.144.1 192.168.205.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.205.0/24 is directly connected, Loopback200 L 192.168.205.1/32 is directly connected, Loopback200 c881-02#sh ip int b Interface IP-Address OK? Method Status Protocol Dialer0 x.x.124.64 YES IPCP up up FastEthernet0 unassigned YES unset up up FastEthernet1 unassigned YES unset up up FastEthernet2 unassigned YES unset up up FastEthernet3 unassigned YES unset up up FastEthernet4 unassigned YES NVRAM up up Loopback200 192.168.205.1 YES NVRAM up up NVI0 192.168.205.1 YES unset up up Tunnel100 172.16.190.193 YES NVRAM up up Virtual-Access1 unassigned YES unset up up Virtual-Access2 unassigned YES unset up up Virtual-PPP200 unassigned YES NVRAM up down Vlan1 192.168.131.254 YES NVRAM up up Vlan100 192.168.0.1 YES NVRAM up up Vlan200 10.150.144.93 YES DHCP up up c881-02# Т.е. ppp200 так ничо и не получил. В дебагах про L2TP я не силён, хотя прочитал страшную статью: http://book.itep.ru/4/44/l2pr.htm Дебаги: c881-02#sh deb PPP: PPP authentication debugging is on PPP authorization debugging is on PPP protocol negotiation debugging is on L2TP: L2TP packet events debugging is on L2TP packet errors debugging is on L2TP errors debugging is on L2TP events debugging is on L2TP L2TUN socket API debugging is on L2TP application debugs debugging is on c881-02(config-if)#no shu May 23 2013 09:04:30.909: %LINK-3-UPDOWN: Interface Virtual-PPP200, changed state to up May 23 2013 09:04:58.338: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: I CDN, flg TLS, ver 2, len 121 May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: IETF v2: May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Result Code May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Loss of carrier(1) May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Error code May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: No error(0) May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Optional msg May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: ';No response to PPP Confreq from peer'; May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Assigned Call ID 0x00005C0E (23566) May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: PPP Disconnect Cause Code (IETF) Code LCP bad pak(6) May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Direction at peer May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: CP 0xC021 May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Message May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: ';No response to PPP Confreq from peer'; May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: O ZLB ACK to bras254.vlg 14986/23566 May 23 2013 09:04:58.342: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: FSM-Sn ev Rx-CDN May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: FSM-Sn established->Idle May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: FSM-Sn do Rx-CDN May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: XCONNECT: process AVPs May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Shutting down session May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Result Code May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Loss of carrier (1) May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Error Code May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: No error (0) May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Vendor Error May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: None (0) May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Optional Message May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: ';No response to PPP Confreq from peer'; May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: FSM-Sn ev Shut May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: FSM-Sn Idle->Dead May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: FSM-Sn do Destroy May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: APP<-L2TP: Disconnect May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: May 23 2013 09:04:58.346: L2TP _____:________: L2TUN: app XCONNECT disconnected clbk May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Session down May 23 2013 09:04:58.346: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: 10.150.144.93<->85.21.140.214 May 23 2013 09:04:58.350: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Destroying session May 23 2013 09:04:58.350: L2TP 00005:0944B:0000D46A/uid:5[85.21.140.214/10]: Request teardown data plane May 23 2013 09:04:58.350: L2TP tnl 0944B:00003443: FSM-CC ev Session-Disc May 23 2013 09:04:58.350: L2TP tnl 0944B:00003443: FSM-CC in established May 23 2013 09:04:58.350: L2TP tnl 0944B:00003443: FSM-CC do Session-Disc-Est May 23 2013 09:04:58.350: L2TP tnl 0944B:00003443: Session count now 0 May 23 2013 09:04:58.350: L2TP tnl 0944B:00003443: XCONNECT Session count now 0 May 23 2013 09:04:58.350: L2TP tnl 0944B:00003443: Session PMTU count now 0 May 23 2013 09:04:58.350: L2TP tnl 0944B:00003443: FSM-CC ev No-Users May 23 2013 09:04:58.350: L2TP tnl 0944B:00003443: FSM-CC established->Est-No-User May 23 2013 09:04:58.350: L2TP tnl 0944B:00003443: FSM-CC do No-Users May 23 2013 09:04:58.350: L2TP tnl 0944B:00003443: No more cc users, shutdown (likely) in 15 secsxit c881-02# May 23 2013 09:04:58.350: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Session detached May 23 2013 09:04:59.514: %SYS-5-CONFIG_I: Configured from console by f0340607 on vty0 (79.170.161.122) May 23 2013 09:05:01.398: L2X 00005:_____:________: May 23 2013 09:05:01.398: L2X 00005:_____:________: APP->L2TP: Session reopen [1], May 23 2013 09:05:01.398: L2X 00005:_____:________: sock 0000100D May 23 2013 09:05:01.398: L2X 00005:_____:________: serv 00000000 May 23 2013 09:05:01.398: L2X 00005:_____:________: data 892BC08C[100] May 23 2013 09:05:01.398: L2X 00005:_____:________: May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Create session May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: App type set to XCONNECT May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Need cc version: V2 May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Sequencing default tx disabled May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Sequencing default rx disabled May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Set HA epoch to 0 May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: L2TPoUDP session needed between May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: 10.150.144.93:0<->85.21.140.214:0 May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Using ICRQ FSM May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn ev created May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn Init->Idle May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn do none May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: remote ip set to 85.21.140.214 May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: local ip set to 10.150.144.93 May 23 2013 09:05:01.398: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: no cookies enabled May 23 2013 09:05:01.402: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn ev App-Conn May 23 2013 09:05:01.402: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn Idle->Wt-CC May 23 2013 09:05:01.402: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn do App-Connect May 23 2013 09:05:01.402: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Find or create cc for session May 23 2013 09:05:01.402: L2TP _____:________: Find cc between May 23 2013 09:05:01.402: L2TP _____:________: 10.150.144.93<->85.21.140.214 May 23 2013 09:05:01.402: L2TP _____:________: with class: beeline May 23 2013 09:05:01.402: L2TP _____:________: and IP proto: L2TPoUDP May 23 2013 09:05:01.402: L2TP _____:________: and framing type: none May 23 2013 09:05:01.402: L2TP _____:________: and bearer type: none May 23 2013 09:05:01.402: L2TP _____:________: and version: V2 May 23 2013 09:05:01.402: L2TP _____:________: and local hostname: c881-02 May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: Search for cc: found existing cc May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: for class beeline May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: FSM-CC ev Session-Conn May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: FSM-CC Est-No-User->established May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: FSM-CC do Session-Conn-Rst May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: Session count now 1 May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: XCONNECT Session count now 1 May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: Session PMTU count now 1 May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: FSM-CC ev Restart May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: FSM-CC in established May 23 2013 09:05:01.402: L2TP tnl 0944B:00003443: FSM-CC do Restart May 23 2013 09:05:01.402: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn ev CC-Up May 23 2013 09:05:01.402: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn Wt-CC->Wt-Sock May 23 2013 09:05:01.402: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn do CC-Up May 23 2013 09:05:01.402: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Session needs to have: May 23 2013 09:05:01.402: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: V2 V3 Eth VLAN HDLC PPP FR-DLCI May 23 2013 09:05:01.402: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: ATM-PORT ATM-VP ATM-VC-CELL IP May 23 2013 09:05:01.402: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Tie-Breaker May 23 2013 09:05:01.402: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Peer cc can do: May 23 2013 09:05:01.402: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: V2 Sync Async Tie-Breaker May 23 2013 09:05:01.402: L2X _____:________: l2x_open_socket: is called May 23 2013 09:05:01.402: L2X _____:________: Cannot use source-ip 10.150.144.93 of tableid 0 vrf which is not one of our addresses May 23 2013 09:05:01.402: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Open sock 10.150.144.93:1701->85.21.140.214:1701 May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn ev Sock-Ready May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn Wt-Sock->Wt-Tx-ICRQ May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICRQ-Local-Check May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn ev Local-Cont May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn Wt-Tx-ICRQ->Wt-Rx-ICRP May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICRQ May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: O ICRQ to bras254.vlg 14986/0 May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: IETF v2: May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Assigned Call ID 0x0000C1FF (49663) May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Serial Number 1005203398 May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.406: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Session attached May 23 2013 09:05:01.470: L2TP tnl 0944B:00003443: Drain unsentQ, cur/max resendQ sz 0/8, unsentQ 0 May 23 2013 09:05:01.470: L2TP tnl 0944B:00003443: May 23 2013 09:05:01.470: L2TP tnl 0944B:00003443: I ZLB ACK, flg TLS, ver 2, len 12 May 23 2013 09:05:01.470: L2TP tnl 0944B:00003443: May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: I ICRP, flg TLS, ver 2, len 28 May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: IETF v2: May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Assigned Call ID 0x00005C25 (23589) May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn ev Rx-ICRP May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn Wt-Rx-ICRP->Proc-ICRP May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn do Rx-ICRP May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Remote AC is now UP May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: APP<-L2TP: remote circuit status May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: UP May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.710: L2TP _____:________: L2TUN: app XCONNECT ckt status clbk May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: XCONNECT: process AVPs May 23 2013 09:05:01.710: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: APP<-L2TP: Connecting May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.714: L2TP _____:________: L2TUN: app XCONNECT connecting clbk May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: APP->L2TP: Connect continue [4], May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: replied on same socket May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn ev ICRP-OK May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn Proc-ICRP->Wt-Tx-ICCN May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICCN-Local-Check May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: O ZLB ACK to bras254.vlg 14986/23589 May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM: ICCN->85.21.140.214 May 23 2013 09:05:01.714: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM: wait for DP up, seg 0 May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: APP->L2TP: Setup dataplane [15], May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: replied on same socket May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn ev DP-Setup May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn in Wt-Tx-ICCN May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn do DP-Set May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: MTU is 65535 May 23 2013 09:05:01.718: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Session data plane UP May 23 2013 09:05:01.718: PPP: Alloc Context [86D9B004] May 23 2013 09:05:01.718: ppp4 PPP: Phase is ESTABLISHING May 23 2013 09:05:01.718: ppp4 PPP: Using AAA Unique Id = 12 May 23 2013 09:05:01.718: Vp200 PPP: Authorization required May 23 2013 09:05:01.718: Vp200 PPP: Using default call direction May 23 2013 09:05:01.718: Vp200 PPP: Treating connection as a dedicated line May 23 2013 09:05:01.718: Vp200 PPP: Session handle[4F00000B] Session id[4] May 23 2013 09:05:01.718: Vp200 PPP LCP: negotiation authorized = 1, tacacs author = 0 May 23 2013 09:05:01.718: Vp200 LCP: Event[OPEN] State[Initial to Starting] May 23 2013 09:05:01.718: Vp200 PPP LCP: neg is authorized, processing CP UP event May 23 2013 09:05:01.718: Vp200 LCP: O CONFREQ [Starting] id 1 len 15 May 23 2013 09:05:01.718: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:01.718: Vp200 LCP: MagicNumber 0x5736FDA1 (0x05065736FDA1) May 23 2013 09:05:01.718: Vp200 LCP: Event[UP] State[Starting to REQsent] May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn ev DP-Up May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn in Wt-Tx-ICCN May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICCN-Local-Check May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn ev Local-Cont May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn Wt-Tx-ICCN->established May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICCN May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: APP<-L2TP: Connected May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.722: L2TP _____:________: L2TUN: app XCONNECT connected clbk May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: O ICCN to bras254.vlg 14986/23589 May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: IETF v2: May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Framing Type none(0) May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Connect Speed 0 May 23 2013 09:05:01.722: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:01.726: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn ev Established May 23 2013 09:05:01.726: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn in established May 23 2013 09:05:01.726: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn do Established May 23 2013 09:05:01.726: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Session up May 23 2013 09:05:01.726: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: 10.150.144.93<->85.21.140.214 May 23 2013 09:05:01.786: L2TP tnl 0944B:00003443: Drain unsentQ, cur/max resendQ sz 0/8, unsentQ 0 May 23 2013 09:05:01.786: L2TP tnl 0944B:00003443: May 23 2013 09:05:01.786: L2TP tnl 0944B:00003443: I ZLB ACK, flg TLS, ver 2, len 12 May 23 2013 09:05:01.786: L2TP tnl 0944B:00003443: May 23 2013 09:05:01.786: Vp200 LCP: I CONFREQ [REQsent] id 142 len 19 May 23 2013 09:05:01.786: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:01.786: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:01.786: Vp200 LCP: MagicNumber 0x6D14740C (0x05066D14740C) May 23 2013 09:05:01.786: Vp200 PPP LCP: neg is authorized, processing incoming CONFREQ May 23 2013 09:05:01.786: Vp200 LCP: O CONFNAK [REQsent] id 142 len 8 May 23 2013 09:05:01.786: Vp200 LCP: MRU 1500 (0x010405DC) May 23 2013 09:05:01.786: Vp200 LCP: Event[Receive ConfReq-] State[REQsent to REQsent] May 23 2013 09:05:03.734: Vp200 LCP: O CONFREQ [REQsent] id 2 len 15 May 23 2013 09:05:03.734: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:03.734: Vp200 LCP: MagicNumber 0x5736FDA1 (0x05065736FDA1) May 23 2013 09:05:03.734: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:04.858: Vp200 LCP: I CONFREQ [REQsent] id 142 len 19 May 23 2013 09:05:04.858: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:04.858: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:04.858: Vp200 LCP: MagicNumber 0x6D14740C (0x05066D14740C) May 23 2013 09:05:04.858: Vp200 PPP LCP: neg is authorized, processing incoming CONFREQ May 23 2013 09:05:04.858: Vp200 LCP: O CONFNAK [REQsent] id 142 len 8 May 23 2013 09:05:04.858: Vp200 LCP: MRU 1500 (0x010405DC) May 23 2013 09:05:04.858: Vp200 LCP: Event[Receive ConfReq-] State[REQsent to REQsent] May 23 2013 09:05:05.750: Vp200 LCP: O CONFREQ [REQsent] id 3 len 15 May 23 2013 09:05:05.750: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:05.750: Vp200 LCP: MagicNumber 0x5736FDA1 (0x05065736FDA1) May 23 2013 09:05:05.750: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:07.766: Vp200 LCP: O CONFREQ [REQsent] id 4 len 15 May 23 2013 09:05:07.766: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:07.766: Vp200 LCP: MagicNumber 0x5736FDA1 (0x05065736FDA1) May 23 2013 09:05:07.766: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:07.954: Vp200 LCP: I CONFREQ [REQsent] id 142 len 19 May 23 2013 09:05:07.954: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:07.954: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:07.954: Vp200 LCP: MagicNumber 0x6D14740C (0x05066D14740C) May 23 2013 09:05:07.954: Vp200 PPP LCP: neg is authorized, processing incoming CONFREQ May 23 2013 09:05:07.954: Vp200 LCP: O CONFNAK [REQsent] id 142 len 8 May 23 2013 09:05:07.954: Vp200 LCP: MRU 1500 (0x010405DC) May 23 2013 09:05:07.954: Vp200 LCP: Event[Receive ConfReq-] State[REQsent to REQsent] May 23 2013 09:05:09.782: Vp200 LCP: O CONFREQ [REQsent] id 5 len 15 May 23 2013 09:05:09.782: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:09.782: Vp200 LCP: MagicNumber 0x5736FDA1 (0x05065736FDA1) May 23 2013 09:05:09.782: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:11.058: Vp200 LCP: I CONFREQ [REQsent] id 142 len 19 May 23 2013 09:05:11.058: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:11.058: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:11.058: Vp200 LCP: MagicNumber 0x6D14740C (0x05066D14740C) May 23 2013 09:05:11.058: Vp200 PPP LCP: neg is authorized, processing incoming CONFREQ May 23 2013 09:05:11.058: Vp200 LCP: O CONFNAK [REQsent] id 142 len 8 May 23 2013 09:05:11.058: Vp200 LCP: MRU 1500 (0x010405DC) May 23 2013 09:05:11.058: Vp200 LCP: Event[Receive ConfReq-] State[REQsent to REQsent] May 23 2013 09:05:11.798: Vp200 LCP: O CONFREQ [REQsent] id 6 len 15 May 23 2013 09:05:11.798: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:11.798: Vp200 LCP: MagicNumber 0x5736FDA1 (0x05065736FDA1) May 23 2013 09:05:11.798: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:13.258: Vi2 PPP: Outbound cdp packet dropped, NCP not negotiated May 23 2013 09:05:13.814: Vp200 LCP: O CONFREQ [REQsent] id 7 len 15 May 23 2013 09:05:13.814: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:13.814: Vp200 LCP: MagicNumber 0x5736FDA1 (0x05065736FDA1) May 23 2013 09:05:13.814: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:14.154: Vp200 LCP: I CONFREQ [REQsent] id 142 len 19 May 23 2013 09:05:14.154: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:14.154: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:14.154: Vp200 LCP: MagicNumber 0x6D14740C (0x05066D14740C) May 23 2013 09:05:14.154: Vp200 PPP LCP: neg is authorized, processing incoming CONFREQ May 23 2013 09:05:14.154: Vp200 LCP: O CONFNAK [REQsent] id 142 len 8 May 23 2013 09:05:14.154: Vp200 LCP: MRU 1500 (0x010405DC) May 23 2013 09:05:14.154: Vp200 LCP: Event[Receive ConfReq-] State[REQsent to REQsent] May 23 2013 09:05:15.831: Vp200 LCP: O CONFREQ [REQsent] id 8 len 15 May 23 2013 09:05:15.831: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:15.831: Vp200 LCP: MagicNumber 0x5736FDA1 (0x05065736FDA1) May 23 2013 09:05:15.831: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:17.259: Vp200 LCP: I CONFREQ [REQsent] id 142 len 19 May 23 2013 09:05:17.259: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:17.259: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:17.259: Vp200 LCP: MagicNumber 0x6D14740C (0x05066D14740C) May 23 2013 09:05:17.259: Vp200 PPP LCP: neg is authorized, processing incoming CONFREQ May 23 2013 09:05:17.259: Vp200 LCP: Sent too many CONFNAKs. Switch to CONFREJ May 23 2013 09:05:17.259: Vp200 LCP: O CONFREJ [REQsent] id 142 len 8 May 23 2013 09:05:17.259: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:17.259: Vp200 LCP: Event[Receive ConfReq-] State[REQsent to REQsent] May 23 2013 09:05:17.847: Vp200 LCP: O CONFREQ [REQsent] id 9 len 15 May 23 2013 09:05:17.847: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:17.847: Vp200 LCP: MagicNumber 0x5736FDA1 (0x05065736FDA1) May 23 2013 09:05:17.847: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:19.863: Vp200 LCP: O CONFREQ [REQsent] id 10 len 15 May 23 2013 09:05:19.863: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:19.863: Vp200 LCP: MagicNumber 0x5736FDA1 (0x05065736FDA1) May 23 2013 09:05:19.863: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:20.355: Vp200 LCP: I CONFREQ [REQsent] id 142 len 19 May 23 2013 09:05:20.355: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:20.355: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:20.355: Vp200 LCP: MagicNumber 0x6D14740C (0x05066D14740C) May 23 2013 09:05:20.355: Vp200 PPP LCP: neg is authorized, processing incoming CONFREQ May 23 2013 09:05:20.355: Vp200 LCP: Sent too many CONFNAKs. Switch to CONFREJ May 23 2013 09:05:20.355: Vp200 LCP: O CONFREJ [REQsent] id 142 len 8 May 23 2013 09:05:20.355: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:20.355: Vp200 LCP: Event[Receive ConfReq-] State[REQsent to REQsent] May 23 2013 09:05:21.879: Vp200 PPP DISC: LCP failed to negotiate May 23 2013 09:05:21.879: PPP: NET STOP send to AAA. May 23 2013 09:05:21.879: Vp200 LCP: Event[Timeout-] State[REQsent to Stopped] May 23 2013 09:05:21.879: Vp200 LCP: Event[DOWN] State[Stopped to Starting] May 23 2013 09:05:21.879: Vp200 PPP: Clearing AAA Unique Id = 12 May 23 2013 09:05:21.879: Vp200 PPP: Phase is DOWN May 23 2013 09:05:21.879: PPP: Alloc Context [86D9B1D0] May 23 2013 09:05:21.879: ppp4 PPP: Phase is ESTABLISHING May 23 2013 09:05:21.879: ppp4 PPP: Using AAA Unique Id = 12 May 23 2013 09:05:21.879: Vp200 PPP: Authorization required May 23 2013 09:05:21.879: Vp200 PPP: Using default call direction May 23 2013 09:05:21.879: Vp200 PPP: Treating connection as a dedicated line May 23 2013 09:05:21.879: Vp200 PPP: Session handle[2400000C] Session id[4] May 23 2013 09:05:21.879: Vp200 PPP LCP: negotiation authorized = 1, tacacs author = 0 May 23 2013 09:05:21.879: Vp200 LCP: Event[OPEN] State[Initial to Starting] May 23 2013 09:05:21.879: Vp200 PPP LCP: neg is authorized, processing CP UP event May 23 2013 09:05:21.879: Vp200 LCP: O CONFREQ [Starting] id 1 len 15 May 23 2013 09:05:21.879: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:21.879: Vp200 LCP: MagicNumber 0x57374C6F (0x050657374C6F) May 23 2013 09:05:21.879: Vp200 LCP: Event[UP] State[Starting to REQsent] May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: APP->L2TP: Disconnect [10], May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: replied on same socket May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Shutting down session May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Result Code May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Reserved (0) May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Error Code May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: No error (0) May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Vendor Error May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: None (0) May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Optional Message May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: ';local circuit disconnect'; May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn ev App-Disc May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn in established May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: FSM-Sn do App-Disc-Active May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.883: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: O CDN to bras254.vlg 14986/23589 May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: IETF v2: May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Result Code May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Reserved(0) May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Error code May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: No error(0) May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Optional msg May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: ';local circuit disconnect'; May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Assigned Call ID 0x0000C1FF (49663) May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Session down May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: 10.150.144.93<->85.21.140.214 May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Destroying session May 23 2013 09:05:21.887: L2TP 00005:0944B:0000C1FF/uid:5[85.21.140.214/10]: Request teardown data plane May 23 2013 09:05:21.887: L2TP tnl 0944B:00003443: FSM-CC ev Session-Disc May 23 2013 09:05:21.887: L2TP tnl 0944B:00003443: FSM-CC in established May 23 2013 09:05:21.887: L2TP tnl 0944B:00003443: FSM-CC do Session-Disc-Est May 23 2013 09:05:21.887: L2TP tnl 0944B:00003443: Session count now 0 May 23 2013 09:05:21.887: L2TP tnl 0944B:00003443: XCONNECT Session count now 0 May 23 2013 09:05:21.887: L2TP tnl 0944B:00003443: Session PMTU count now 0 May 23 2013 09:05:21.887: L2TP tnl 0944B:00003443: FSM-CC ev No-Users May 23 2013 09:05:21.887: L2TP tnl 0944B:00003443: FSM-CC established->Est-No-User May 23 2013 09:05:21.887: L2TP tnl 0944B:00003443: FSM-CC do No-Users May 23 2013 09:05:21.887: L2TP tnl 0944B:00003443: No more cc users, shutdown (likely) in 15 secs May 23 2013 09:05:21.887: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Session detached May 23 2013 09:05:21.891: L2X 00005:_____:________: May 23 2013 09:05:21.891: L2X 00005:_____:________: APP->L2TP: Session reopen [1], May 23 2013 09:05:21.891: L2X 00005:_____:________: sock 0000100D May 23 2013 09:05:21.891: L2X 00005:_____:________: serv 00000000 May 23 2013 09:05:21.891: L2X 00005:_____:________: data 88D51B4C[100] May 23 2013 09:05:21.891: L2X 00005:_____:________: May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Create session May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: App type set to XCONNECT May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Need cc version: V2 May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Sequencing default tx disabled May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Sequencing default rx disabled May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Set HA epoch to 0 May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: L2TPoUDP session needed between May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: 10.150.144.93:0<->85.21.140.214:0 May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Using ICRQ FSM May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn ev created May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn Init->Idle May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn do none May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: remote ip set to 85.21.140.214 May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: local ip set to 10.150.144.93 May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: no cookies enabled May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn ev App-Conn May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn Idle->Wt-CC May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn do App-Connect May 23 2013 09:05:21.891: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Find or create cc for session May 23 2013 09:05:21.891: L2TP _____:________: Find cc between May 23 2013 09:05:21.891: L2TP _____:________: 10.150.144.93<->85.21.140.214 May 23 2013 09:05:21.891: L2TP _____:________: with class: beeline May 23 2013 09:05:21.891: L2TP _____:________: and IP proto: L2TPoUDP May 23 2013 09:05:21.891: L2TP _____:________: and framing type: none May 23 2013 09:05:21.891: L2TP _____:________: and bearer type: none May 23 2013 09:05:21.891: L2TP _____:________: and version: V2 May 23 2013 09:05:21.891: L2TP _____:________: and local hostname: c881-02 May 23 2013 09:05:21.891: L2TP tnl 0944B:00003443: Search for cc: found existing cc May 23 2013 09:05:21.891: L2TP tnl 0944B:00003443: for class beeline May 23 2013 09:05:21.891: L2TP tnl 0944B:00003443: FSM-CC ev Session-Conn May 23 2013 09:05:21.891: L2TP tnl 0944B:00003443: FSM-CC Est-No-User->established May 23 2013 09:05:21.891: L2TP tnl 0944B:00003443: FSM-CC do Session-Conn-Rst May 23 2013 09:05:21.891: L2TP tnl 0944B:00003443: Session count now 1 May 23 2013 09:05:21.891: L2TP tnl 0944B:00003443: XCONNECT Session count now 1 May 23 2013 09:05:21.891: L2TP tnl 0944B:00003443: Session PMTU count now 1 May 23 2013 09:05:21.891: L2TP tnl 0944B:00003443: FSM-CC ev Restart May 23 2013 09:05:21.895: L2TP tnl 0944B:00003443: FSM-CC in established May 23 2013 09:05:21.895: L2TP tnl 0944B:00003443: FSM-CC do Restart May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn ev CC-Up May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn Wt-CC->Wt-Sock May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn do CC-Up May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Session needs to have: May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: V2 V3 Eth VLAN HDLC PPP FR-DLCI May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: ATM-PORT ATM-VP ATM-VC-CELL IP May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Tie-Breaker May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Peer cc can do: May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: V2 Sync Async Tie-Breaker May 23 2013 09:05:21.895: L2X _____:________: l2x_open_socket: is called May 23 2013 09:05:21.895: L2X _____:________: Cannot use source-ip 10.150.144.93 of tableid 0 vrf which is not one of our addresses May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Open sock 10.150.144.93:1701->85.21.140.214:1701 May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn ev Sock-Ready May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn Wt-Sock->Wt-Tx-ICRQ May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICRQ-Local-Check May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn ev Local-Cont May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn Wt-Tx-ICRQ->Wt-Rx-ICRP May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICRQ May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: O ICRQ to bras254.vlg 14986/0 May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: IETF v2: May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Assigned Call ID 0x000078BD (30909) May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Serial Number 1005203399 May 23 2013 09:05:21.895: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.899: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Session attached May 23 2013 09:05:21.947: L2TP tnl 0944B:00003443: Drain unsentQ, cur/max resendQ sz 1/8, unsentQ 0 May 23 2013 09:05:21.947: L2TP tnl 0944B:00003443: May 23 2013 09:05:21.947: L2TP tnl 0944B:00003443: I ZLB ACK, flg TLS, ver 2, len 12 May 23 2013 09:05:21.947: L2TP tnl 0944B:00003443: May 23 2013 09:05:21.959: L2TP tnl 0944B:00003443: Drain unsentQ, cur/max resendQ sz 0/8, unsentQ 0 May 23 2013 09:05:21.959: L2TP tnl 0944B:00003443: May 23 2013 09:05:21.959: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: I CDN, flg TLS, ver 2, len 145 May 23 2013 09:05:21.959: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: IETF v2: May 23 2013 09:05:21.959: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Result Code May 23 2013 09:05:21.959: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Call disconnected for administrative reasons(3) May 23 2013 09:05:21.959: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Error code May 23 2013 09:05:21.959: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: No error(0) May 23 2013 09:05:21.959: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Optional msg May 23 2013 09:05:21.959: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: ';Reached configured max-sessions per tunnel limit'; May 23 2013 09:05:21.959: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Assigned Call ID 0x00005C2F (23599) May 23 2013 09:05:21.959: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: PPP Disconnect Cause Code (IETF) Code admin disc(1) May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Direction at peer May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: CP 0x0 May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Message May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: ';Reached configured max-sessions per tunnel limit'; May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: O ZLB ACK to bras254.vlg 14986/0 May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn ev Rx-CDN May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn Wt-Rx-ICRP->Idle May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn do Rx-CDN May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: XCONNECT: process AVPs May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Shutting down session May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Result Code May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Call disconnected for administrative reasons (3) May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Error Code May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: No error (0) May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Vendor Error May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: None (0) May 23 2013 09:05:21.963: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Optional Message May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: ';Reached configured max-sessions per tunnel limit'; May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn ev Shut May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn Idle->Dead May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: FSM-Sn do Destroy May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: APP<-L2TP: Disconnect May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: May 23 2013 09:05:21.967: L2TP _____:________: L2TUN: app XCONNECT disconnected clbk May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Session down May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: 10.150.144.93<->85.21.140.214 May 23 2013 09:05:21.967: L2TP 00005:0944B:000078BD/uid:5[85.21.140.214/10]: Destroying session May 23 2013 09:05:21.967: L2TP tnl 0944B:00003443: FSM-CC ev Session-Disc May 23 2013 09:05:21.967: L2TP tnl 0944B:00003443: FSM-CC in established May 23 2013 09:05:21.967: L2TP tnl 0944B:00003443: FSM-CC do Session-Disc-Est May 23 2013 09:05:21.967: L2TP tnl 0944B:00003443: Session count now 0 May 23 2013 09:05:21.967: L2TP tnl 0944B:00003443: XCONNECT Session count now 0 May 23 2013 09:05:21.967: L2TP tnl 0944B:00003443: Session PMTU count now 0 May 23 2013 09:05:21.967: L2TP tnl 0944B:00003443: FSM-CC ev No-Users May 23 2013 09:05:21.967: L2TP tnl 0944B:00003443: FSM-CC established->Est-No-User May 23 2013 09:05:21.967: L2TP tnl 0944B:00003443: FSM-CC do No-Users May 23 2013 09:05:21.967: L2TP tnl 0944B:00003443: No more cc users, shutdown (likely) in 15 secs May 23 2013 09:05:21.967: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Session detached May 23 2013 09:05:23.895: Vp200 LCP: O CONFREQ [REQsent] id 2 len 15 May 23 2013 09:05:23.895: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:23.895: Vp200 LCP: MagicNumber 0x57374C6F (0x050657374C6F) May 23 2013 09:05:23.895: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:24.795: L2X 00005:_____:________: May 23 2013 09:05:24.795: L2X 00005:_____:________: APP->L2TP: Session reopen [1], May 23 2013 09:05:24.795: L2X 00005:_____:________: sock 0000100D May 23 2013 09:05:24.795: L2X 00005:_____:________: serv 00000000 May 23 2013 09:05:24.795: L2X 00005:_____:________: data 88D51B4C[100] May 23 2013 09:05:24.795: L2X 00005:_____:________: May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Create session May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: App type set to XCONNECT May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Need cc version: V2 May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Sequencing default tx disabled May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Sequencing default rx disabled May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Set HA epoch to 0 May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: L2TPoUDP session needed between May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: 10.150.144.93:0<->85.21.140.214:0 May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Using ICRQ FSM May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn ev created May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn Init->Idle May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn do none May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: remote ip set to 85.21.140.214 May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: local ip set to 10.150.144.93 May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: no cookies enabled May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn ev App-Conn May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn Idle->Wt-CC May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: FSM-Sn do App-Connect May 23 2013 09:05:24.795: L2TP 00005:_____:________/uid:5[85.21.140.214/10]: Find or create cc for session May 23 2013 09:05:24.795: L2TP _____:________: Find cc between May 23 2013 09:05:24.795: L2TP _____:________: 10.150.144.93<->85.21.140.214 May 23 2013 09:05:24.795: L2TP _____:________: with class: beeline May 23 2013 09:05:24.795: L2TP _____:________: and IP proto: L2TPoUDP May 23 2013 09:05:24.795: L2TP _____:________: and framing type: none May 23 2013 09:05:24.795: L2TP _____:________: and bearer type: none May 23 2013 09:05:24.795: L2TP _____:________: and version: V2 May 23 2013 09:05:24.795: L2TP _____:________: and local hostname: c881-02 May 23 2013 09:05:24.795: L2TP tnl 0944B:00003443: Search for cc: found existing cc May 23 2013 09:05:24.795: L2TP tnl 0944B:00003443: for class beeline May 23 2013 09:05:24.795: L2TP tnl 0944B:00003443: FSM-CC ev Session-Conn May 23 2013 09:05:24.795: L2TP tnl 0944B:00003443: FSM-CC Est-No-User->established May 23 2013 09:05:24.795: L2TP tnl 0944B:00003443: FSM-CC do Session-Conn-Rst May 23 2013 09:05:24.799: L2TP tnl 0944B:00003443: Session count now 1 May 23 2013 09:05:24.799: L2TP tnl 0944B:00003443: XCONNECT Session count now 1 May 23 2013 09:05:24.799: L2TP tnl 0944B:00003443: Session PMTU count now 1 May 23 2013 09:05:24.799: L2TP tnl 0944B:00003443: FSM-CC ev Restart May 23 2013 09:05:24.799: L2TP tnl 0944B:00003443: FSM-CC in established May 23 2013 09:05:24.799: L2TP tnl 0944B:00003443: FSM-CC do Restart May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn ev CC-Up May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn Wt-CC->Wt-Sock May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn do CC-Up May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Session needs to have: May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: V2 V3 Eth VLAN HDLC PPP FR-DLCI May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: ATM-PORT ATM-VP ATM-VC-CELL IP May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Tie-Breaker May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Peer cc can do: May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: V2 Sync Async Tie-Breaker May 23 2013 09:05:24.799: L2X _____:________: l2x_open_socket: is called May 23 2013 09:05:24.799: L2X _____:________: Cannot use source-ip 10.150.144.93 of tableid 0 vrf which is not one of our addresses May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Open sock 10.150.144.93:1701->85.21.140.214:1701 May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn ev Sock-Ready May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn Wt-Sock->Wt-Tx-ICRQ May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICRQ-Local-Check May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn ev Local-Cont May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn Wt-Tx-ICRQ->Wt-Rx-ICRP May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICRQ May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: O ICRQ to bras254.vlg 14986/0 May 23 2013 09:05:24.799: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: IETF v2: May 23 2013 09:05:24.803: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Assigned Call ID 0x00007FC7 (32711) May 23 2013 09:05:24.803: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Serial Number 1005203400 May 23 2013 09:05:24.803: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:24.803: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Session attached May 23 2013 09:05:24.863: L2TP tnl 0944B:00003443: Drain unsentQ, cur/max resendQ sz 0/8, unsentQ 0 May 23 2013 09:05:24.863: L2TP tnl 0944B:00003443: May 23 2013 09:05:24.863: L2TP tnl 0944B:00003443: I ZLB ACK, flg TLS, ver 2, len 12 May 23 2013 09:05:24.863: L2TP tnl 0944B:00003443: May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: I ICRP, flg TLS, ver 2, len 28 May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: IETF v2: May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Assigned Call ID 0x00005C30 (23600) May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn ev Rx-ICRP May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn Wt-Rx-ICRP->Proc-ICRP May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn do Rx-ICRP May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Remote AC is now UP May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: APP<-L2TP: remote circuit status May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:25.071: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: UP May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.075: L2TP _____:________: L2TUN: app XCONNECT ckt status clbk May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: XCONNECT: process AVPs May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: APP<-L2TP: Connecting May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.075: L2TP _____:________: L2TUN: app XCONNECT connecting clbk May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: APP->L2TP: Connect continue [4], May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: replied on same socket May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn ev ICRP-OK May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn Proc-ICRP->Wt-Tx-ICCN May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICCN-Local-Check May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.075: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: O ZLB ACK to bras254.vlg 14986/23600 May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM: ICCN->85.21.140.214 May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM: wait for DP up, seg 0 May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: APP->L2TP: Setup dataplane [15], May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: replied on same socket May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn ev DP-Setup May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn in Wt-Tx-ICCN May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn do DP-Set May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: MTU is 65535 May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Session data plane UP May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn ev DP-Up May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn in Wt-Tx-ICCN May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICCN-Local-Check May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn ev Local-Cont May 23 2013 09:05:25.079: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn Wt-Tx-ICCN->established May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn do Tx-ICCN May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: APP<-L2TP: Connected May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: sock 0000100D May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: serv 00008010 May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.083: L2TP _____:________: L2TUN: app XCONNECT connected clbk May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: O ICCN to bras254.vlg 14986/23600 May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: IETF v2: May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Framing Type none(0) May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Connect Speed 0 May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn ev Established May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn in established May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: FSM-Sn do Established May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: Session up May 23 2013 09:05:25.083: L2TP 00005:0944B:00007FC7/uid:5[85.21.140.214/10]: 10.150.144.93<->85.21.140.214 May 23 2013 09:05:25.635: L2TP tnl 0944B:00003443: Drain unsentQ, cur/max resendQ sz 0/8, unsentQ 0 May 23 2013 09:05:25.635: L2TP tnl 0944B:00003443: May 23 2013 09:05:25.635: L2TP tnl 0944B:00003443: I ZLB ACK, flg TLS, ver 2, len 12 May 23 2013 09:05:25.635: L2TP tnl 0944B:00003443: May 23 2013 09:05:25.639: Vp200 LCP: I CONFREQ [REQsent] id 150 len 19 May 23 2013 09:05:25.639: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:25.639: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:25.639: Vp200 LCP: MagicNumber 0x495CD599 (0x0506495CD599) May 23 2013 09:05:25.639: Vp200 PPP LCP: neg is authorized, processing incoming CONFREQ May 23 2013 09:05:25.639: Vp200 LCP: O CONFNAK [REQsent] id 150 len 8 May 23 2013 09:05:25.639: Vp200 LCP: MRU 1500 (0x010405DC) May 23 2013 09:05:25.639: Vp200 LCP: Event[Receive ConfReq-] State[REQsent to REQsent] May 23 2013 09:05:25.911: Vp200 LCP: O CONFREQ [REQsent] id 3 len 15 May 23 2013 09:05:25.911: Vp200 LCP: AuthProto CHAP (0x0305C22305)und May 23 2013 09:05:25.911: Vp200 LCP: MagicNumber 0x57374C6F (0x050657374C6F) May 23 2013 09:05:25.911: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent]e May 23 2013 09:05:27.927: Vp200 LCP: O CONFREQ [REQsent] id 4 len 15 May 23 2013 09:05:27.927: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:27.927: Vp200 LCP: MagicNumber 0x57374C6F (0x050657374C6F) May 23 2013 09:05:27.927: Vp200 LCP: Event[Timeout+] State[REQsent to REQsent] May 23 2013 09:05:28.255: Vp200 LCP: I CONFREQ [REQsent] id 150 len 19 May 23 2013 09:05:28.255: Vp200 LCP: MRU 1456 (0x010405B0) May 23 2013 09:05:28.255: Vp200 LCP: AuthProto CHAP (0x0305C22305) May 23 2013 09:05:28.255: Vp200 LCP: MagicNumber 0x495CD599 (0x0506495CD599) May 23 2013 09:05:28.255: Vp200 PPP LCP: neg is authorized, processing incoming CONFREQb all All possible debugging has been turned off c881-02# May 23 2013 09:05:28.255: Vp200 LCP: O CONFNAK [REQsent] id 150 len 8 May 23 2013 09:05:28.255: Vp200 LCP: MRU 1500 (0x010405DC) May 23 2013 09:05:28.255: Vp200 LCP: Event[Receive ConfReq-] State[REQsent to REQsent] c881-02#term no mon Что ещё можно подкрутить? Спасибо.

Уважаемые коллеги! Прошу помощи? Несколько недель бьюсь головой об стену! Имею вот такую схему. Стоит задача - настроить Site-to-site VPN на ASA, причём с одной стороны стоит ASA 5505 c динамическим IP, а с другой стороны VPN-трафик попадет на статический IP (Cisco 2921) и пробрасывался далее для дешифровки на ASA 5510. Проблема состоит в том, что тоннель не поднимается. Точнее, процесс на двух ASA стопорится на фазе Asa5505# show isakmp sa detail Active SA: 1 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 1 1 IKE Peer: 10.10.10.1 Type : user Role : initiator Rekey : no State : MM_WAIT_MSG2 Encrypt : aes-256 Hash : SHA Auth : preshared Lifetime: 0 Asa5510# show isakmp sa detail Active SA: 1 Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey) Total IKE SA: 1 1 IKE Peer: 192.168.100.2 Type : user Role : responder Rekey : no State : MM_WAIT_MSG3 Encrypt : des Hash : MD5 Auth : preshared Lifetime: 86400 Lifetime Remaining: 2147471022 Конфиг Asa 5505: hostname Asa5505 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 shutdown ! interface Ethernet0/4 shutdown ! interface Ethernet0/5 shutdown ! interface Ethernet0/6 shutdown ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 20.20.20.254 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address dhcp setroute ! ftp mode passive access-list ACL-BLUE-VPN extended permit ip 20.20.20.0 255.255.255.0 10.77.0.0 255.255.192.0 access-list inside_nat0_outbound extended permit ip 20.20.20.0 255.255.255.0 10.77.0.0 255.255.192.0 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 nat (inside) 0 access-list inside_nat0_outbound route outside 0.0.0.0 0.0.0.0 10.10.10.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 192.168.100.0 255.255.255.0 inside http 20.20.20.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set IKE-DES-MD5 esp-des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto ipsec df-bit clear-df outside crypto map MAP-VPN 10 match address ACL-BLUE-VPN crypto map MAP-VPN 10 set peer 10.10.10.1 crypto map MAP-VPN 10 set transform-set IKE-DES-MD5 crypto map MAP-VPN 10 set security-association lifetime kilobytes 4608000 crypto map MAP-VPN interface outside crypto isakmp identity address crypto isakmp enable outside crypto isakmp policy 15 authentication pre-share encryption des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 dhcp-client client-id interface outside threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn tunnel-group DefaultL2LGroup ipsec-attributes pre-shared-key ***** tunnel-group 10.10.10.1 type ipsec-l2l tunnel-group 10.10.10.1 ipsec-attributes pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp inspect icmp error ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:bf6b4fc3ddfe10bb1ed8c9eb72c4bf70 : end no asdm history enable !!!!!!!!!!! Конфиг Asa 5510: ! hostname Asa5510 enable password 8Ry2YjIyt7RRXU24 encrypted passwd 2KFQnbNIdI.2KYOU encrypted names ! interface Ethernet0/0 nameif outside security-level 0 ip address 10.77.100.2 255.255.255.0 ! interface Ethernet0/1 nameif inside security-level 100 ip address 10.77.0.1 255.255.192.0 ! interface Ethernet0/2 shutdown no nameif no security-level no ip address ! interface Ethernet0/3 nameif Man security-level 50 ip address 192.168.200.254 255.255.255.0 ! interface Management0/0 shutdown no nameif no security-level no ip address management-only ! ftp mode passive access-list inside_nat0_outbound extended permit ip 10.77.0.0 255.255.192.0 20.20.20.0 255.255.255.0 pager lines 24 logging enable logging asdm informational mtu outside 1500 mtu inside 1500 mtu Man 1500 icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 nat (inside) 0 access-list inside_nat0_outbound route outside 0.0.0.0 0.0.0.0 10.77.100.1 1 route outside 20.20.20.0 255.255.255.0 10.10.10.1 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy http server enable http 0.0.0.0 0.0.0.0 outside http 10.77.0.0 255.255.192.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set IKE-DES-MD5 esp-des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto ipsec df-bit clear-df outside crypto dynamic-map MAP-DYN 10 set transform-set IKE-DES-MD5 crypto map MAP-VPN 55 ipsec-isakmp dynamic MAP-DYN crypto map MAP-VPN interface outside crypto isakmp enable outside crypto isakmp policy 5 authentication pre-share encryption des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh timeout 5 console timeout 0 threat-detection basic-threat threat-detection statistics access-list threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200 webvpn tunnel-group DefaultL2LGroup ipsec-attributes pre-shared-key ***** ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp inspect icmp error ! service-policy global_policy global prompt hostname context no call-home reporting anonymous Cryptochecksum:ddf2326ff235f6edb30b4e2c4b3b05c4 : end no asdm history enable !!!!!!!!!!!!!!!!!!!!! Конфиг Cisco 2921: version 15.0 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Cisco2921 ! boot-start-marker boot-end-marker ! logging buffered 4096 ! no aaa new-model ! no ipv6 cef ip source-route ip cef ! ! ! ! ip domain name cisco.com multilink bundle-name authenticated ! ! ! crypto pki trustpoint TP-self-signed-2496272631 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2496272631 revocation-check none rsakeypair TP-self-signed-2496272631 ! ! crypto pki certificate chain TP-self-signed-2496272631 certificate self-signed 01 3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32343936 32373236 3331301E 170D3133 30353231 31313332 31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34393632 37323633 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 810096AB 43189C4C DBF19582 C6AD9B95 FB0E729C 86F9F64C D406DAA7 8C0AF41E AB33C606 D0A79143 5B11B97C ADB8723A 1D9BADC7 A63E8B1F 8D5EE248 969BFAAA A4753B84 F819E92A 58119CF3 653ADC46 D99E4C33 C6780944 CFB3E523 5D3FDF42 FA78D1E8 F81AA87A 3348C0E2 2B9F7EC6 0DD6079D 0AAB84F9 7BBF755C 177C2FC0 4DC70203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603 551D1104 19301782 15424552 45473631 2E723631 2E726F73 696E762E 7275301F 0603551D 23041830 1680149D FEEB9866 1DF86BC2 F6814DD5 472E609D 5912B230 1D060355 1D0E0416 04149DFE EB98661D F86BC2F6 814DD547 2E609D59 12B2300D 06092A86 4886F70D 01010405 00038181 007836C0 4CCA8F80 A8926FA8 B9F1FD08 399DCA4C 00FCB1C1 93A8601A EB08DD66 40149296 7F189300 5EDB94E4 ECCE68B4 58200287 16442173 704BCB0B D93F6FC3 75B845DF 53D1DF19 58C8B5D8 423263D7 55910386 5B238C6E 93801A76 C8B8A544 F2CDE77E 2E819F2A 599A0B9E CFFA4EA0 E25E0C6C A3A229BD 23D044F7 D14D5148 13 quit license udi pid CISCO2921/K9 sn FCZ160770ND hw-module sm 1 ! ! ! ! ! ip ssh version 1 ! ! ! ! interface GigabitEthernet0/0 description $ETH-LAN$ ip address 10.77.100.1 255.255.255.0 ip nat inside ip virtual-reassembly duplex auto speed auto ! interface GigabitEthernet0/1 description $ETH-LAN$ ip address 10.10.10.1 255.255.255.0 ip nat outside ip virtual-reassembly duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/2 ip address 192.168.200.254 255.255.255.0 duplex auto speed auto ! interface Special-Services-Engine1/0 ip address 10.77.203.1 255.255.255.0 no keepalive ! ip forward-protocol nd ! ip http server ip http authentication local ip http secure-server ! ip nat log translations syslog ip nat inside source static esp 10.77.100.2 interface GigabitEthernet0/1 ip nat inside source static udp 10.77.100.2 500 interface GigabitEthernet0/1 500 ip nat inside source static udp 10.77.100.2 4500 interface GigabitEthernet0/1 4500 ip nat inside source static tcp 10.77.100.2 51 interface GigabitEthernet0/1 51 ip nat inside source static tcp 10.77.100.2 50 interface GigabitEthernet0/1 50 ip route 0.0.0.0 0.0.0.0 10.10.10.2 ip route 10.77.0.0 255.255.192.0 10.77.100.2 ! logging trap debugging access-list 23 permit 10.77.0.0 0.0.63.255 access-list 23 permit 10.77.100.0 0.0.0.255 ! ! ! control-plane ! ! line con 0 line aux 0 line 67 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin lapb-ta mop udptn v120 ssh line vty 0 4 login ! scheduler allocate 20000 1000 end Что ещё я не досмотрел? Заранее спасибо!

Привет! Уточню - нужно резервировать именно сам роутер, а не первый хоп. То есть, нужно два рутера включить параллельно так, чтобы при отказе одного рутера автоматом ';просыпался'; резервный и трафик начинал ходить через него. При этом есть ограничение - внешняя сетка - только /30, свободных адресов нет. Внутренняя тоже /30, но тут можно её при необходимости заменить на другую, /29 или /28. В общем. схема подключения должна быть примерно такой: пров. | [SW] / \ сеть /30 (Rосн) (Rрзрв) \ / сеть /30 (/29,/28,...) [SW] | локал.Подскажите, пожалуйста, в каую сторону копать, что за протоколы нужно использовать, учитывая. что всё обьорудование - Cisco?

Description: METRO IP ACCESS TAR Release: 12.2.60-EZ Release Date: 30/Apr/2013 File Name: me340x-metroipaccessk9-tar.122-60.EZ.tar Min Memory: DRAM 128 MB Flash 32 MB Size: 14.94 MB (15667200 bytes) MD5 Checksum: 11cf253ad56ee46381f23741663256e2 Код: Description: METRO IP ACCESS TAR Release: 12.2.58-EX Release Date: 13/Apr/2012 File Name: me340x-metroipaccessk9-tar.122-58.EX.tar Min Memory: DRAM 128 MB Flash 32 MB Size: 14.81 MB (15534080 bytes) MD5 Checksum: 2508674d566a7734672c120db3b279b1

Доброго всем! Не получается поднять второй туннель. Один туннель работает, второй не поднимается даже - подозреваю, что проблема в acl, но правильно траблшутить еще не умею Вот выдержки из конфига: crypto keyring RING2 local-address 222.138.142.138 pre-shared-key address 74.38.249.126 key XXXxxxXXX crypto keyring RING1 local-address 129.92.207.194 pre-shared-key address 74.38.249.126 key XXXxxxXXX ! crypto isakmp policy 2 encr 3des authentication pre-share group 2 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto map map1 10 ipsec-isakmp set peer 74.38.249.126 set security-association lifetime seconds 28800 set transform-set ESP-3DES-SHA match address ADDR1 ! crypto map map2 10 ipsec-isakmp set peer 74.38.249.126 set security-association lifetime seconds 28800 set transform-set ESP-3DES-SHA match address ADDR2 ! interface GigabitEthernet0/0 description C3750 Link ip address 10.10.10.1 255.255.255.252 no ip proxy-arp ip nat inside ip virtual-reassembly in ip virtual-reassembly out ip tcp adjust-mss 1360 ip policy route-map PBR duplex auto speed auto no mop enabled ! interface GigabitEthernet0/1 description PLDT I-Gate Fiber Link$ES_LAN$ ip address 129.92.207.194 255.255.255.252 no ip proxy-arp ip nat outside ip virtual-reassembly in ip virtual-reassembly out duplex full speed 100 no mop enabled crypto map map1 ! interface FastEthernet0/0/0 description Digitel E1 Link ip address 222.138.142.138 255.255.255.248 no ip proxy-arp ip nat outside ip virtual-reassembly in ip virtual-reassembly out duplex auto speed auto crypto map map2 ! ip nat inside source route-map PLDT interface GigabitEthernet0/1 overload ip nat inside source route-map SERVER interface FastEthernet0/0/0 overload ip route 0.0.0.0 0.0.0.0 129.92.207.193 ip route 0.0.0.0 0.0.0.0 222.138.142.137 200 ip route 10.2.1.0 255.255.255.0 10.10.10.2 ip route 10.2.2.0 255.255.255.0 10.10.10.2 ip route 119.92.205.0 255.255.255.240 Null0 ! ip access-list extended ADDR2 permit ip 10.2.1.0 0.0.0.255 192.168.2.0 0.0.0.255 ip access-list extended ADDR1 permit ip 10.2.2.0 0.0.0.255 192.168.2.0 0.0.0.255 ! access-list 101 deny ip 10.2.2.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 101 permit ip 10.2.2.0 0.0.0.255 any access-list 106 deny ip 10.2.1.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 106 permit ip 10.2.1.0 0.0.0.255 any ! route-map SERVER permit 10 match ip address 104 match interface FastEthernet0/0/0 ! route-map PLDT permit 10 match ip address 101 match interface GigabitEthernet0/1 ! route-map PBR permit 10 match ip address 106 set ip default next-hop 222.138.142.137 119.92.207.193 ! При всем при этом (пинг из подсетей 10.2.2.0/24 и 10.2.1.0/24 хоста в 192.168.2.0/24): #sh cry isa sa IPv4 Crypto ISAKMP SA dst src state conn-id status 74.38.249.126 129.92.207.194 QM_IDLE 1002 ACTIVE IPv6 Crypto ISAKMP SA #sh access-lists ADDR1 Extended IP access list ADDR1 10 permit ip 10.2.2.0 0.0.0.255 192.168.2.0 0.0.0.255 (9 matches) #sh access-lists 101 Extended IP access list 101 170 deny ip 10.2.2.0 0.0.0.255 192.168.2.0 0.0.0.255 (10 matches) 180 permit ip 10.2.2.0 0.0.0.255 any #sh access-lists ADDR2 Extended IP access list GOAL 10 permit ip 10.2.1.0 0.0.0.255 192.168.2.0 0.0.0.255 #sh access-lists 106 Extended IP access list 106 20 deny ip 10.2.1.0 0.0.0.255 192.168.2.0 0.0.0.255 (1997 matches) 30 permit ip 10.2.1.0 0.0.0.255 any (22 matches) Насколько я могу судить, после прохождения access-lists 106 с трафиком что-то происходит, и он не подпадает под правила access-lists ADDR2. В этом, собственно, и вопрос: как отловить изменения и/или правильно поднять туннель? Может ли PBR ставить палки в колеса? Спасибо.

Задумался сделать себе аналог web ssl vpn как у циски, открыл урл, вошел, и лазиешь через вебку по другим сайтам, ничего себе не устанавливая. Кто в курсе какие есть именно web ssl аналоги? openvpn и прочие не умеют такого(

Здравствуйте коллеги. Помоги те кто нибудь получить Cisco Context Directory Agent - http://software.cisco.com/download/rele ... ype=latest У меня нет доступа к сайту Cisco, а для стенда эта софтина пипец как нужна. Буду вечно благодарен за любую помощь

Салют! Внутренняя сеть за натом, поднятом на 3800. От провайдера dot1q-тегированый ethernet. pppoe-клиенты на сабинтерфейсах. http-доступ работает нестабильно: некоторые сайты открываются неприлично долго или не открываются совсем. Тот же yahoo.com вообще не открывается. Замылил глаза в конфиге роутера. Ничего файрвольного не прикручено. Только PBR и NAT. Загрузка CPU - 2-6% ICMP до плохо отрывающихся сайтов исправно приходит, как и трассировка. Файл hosts проверил - ничего лишнего. Версия IOS - c3825-adventerprisek9_ivs-mz.151-4.M6.bin Пенял на MTU на интерфейсе, смотрящем наружу, однако веб-серфинг работает выборочно. То есть если бы он абсолютно не работал - другое дело. Провайдер ничего не режет, т.к. при поднятии pppoe-клиента на винде все работает исправно. Маршрутизатор не ассемблирует входящий пакет? Опять-таки, почему не для каждого сайта. Кручу-верчу-понять хочу, не знаю где затык.

Есть ли возможность сконфигурить vyatta как l2tp клиента? Нужно для подключения к Билайну. как pptp я нашел поиском, а вот l2tp возможно ли?

Всем доброго дня! У меня есть 6 wi-fi сеток, одна из которых ';гостевая';. Хочу ограничить пропускную способность до 1 мб. Насколько понимаю rate-limit с этим должен хорошо справляться. interface Vlan260 ip address 172.16.160.1 255.255.255.0 ip access-group Guest_List in ip helper-address 192.168.0.3 rate-limit input 1000000 187500 375000 conform-action continue exceed-action dr op rate-limit output 1000000 187500 375000 conform-action continue exceed-action d Соединяюсь на телефоне с этой гостевой сеткой, выхожу в инет, проверяю скорость соединения - 20 мб/с. Почему же скорость не режется ?

Имею: ASA 5520, ASDM 6.2(1) Нужно: Было давно настроено ssh, и сгенерирован сертификат, при это не было лицензии на 3des. Путти естественно ругался на то что это всего лишь des. Недавно поставил лицензию на 3des, при этом после этого получил со своего AD CA новый Identity Certificate. Но путти все равно говорит что сертификат des. Как его обновить? я чет туплю...Спасибо

Добрый день! Уже который день пытаюсь настроить Identity Firewall на ASA 8.4.2 в GNS3, но AD Agent никак не хочет взаимодействовать по RADIUS с ASA. Схема: ASA (INSIDE, 192.168.10.2) ---- Serv1 (VMware Windows Server 2008 R2, 192.168.10.25) AD Agent=AD_Agent-v1.0.0.32.1-build-598.Installer.exe GNS3=0.8.4-RC2 Настраивал по статье https://supportforums.cisco.com/docs/DOC-20366 (аналог http://www.anticisco.ru/blogs/?p=1667) Домен=myhome.ru DNS Windows Server=serv1.myhome.ru Имя NETBIOS Windows Server=MYHOME http://i48.fastpic.ru/big/2013/0527/bc/5d6ba67f5d8bdd01f6fa3f7d5870f1bc.png На Active Directory заведён пользователь asa с паролем Qwert123456 для доступа ASA по LDAP к AD. На Active Directory заведён пользователь admin123 с паролем Qwert123456 для доступа DC к Active Directory ASA взаимодействует с AD Agent с ключом ';cisco'; На ASA ip Gi 0/1: 192.168.10.2/24, NAME=INSIDE Конфигурация ASA: aaa-server AD1 protocol ldap aaa-server AD1 (INSIDE) host 192.168.10.25 ldap-base-dn DC=myhome,DC=ru ldap-scope subtree ldap-login-password Qwert123456 ldap-login-dn CN=asa,CN=Users,DC=myhome,DC=ru server-type microsoft aaa-server adagent protocol radius ad-agent-mode aaa-server adagent (INSIDE) host 192.168.10.25 key cisco user-identity enable user-identity domain MYHOME aaa-server AD1 user-identity default-domain MYHOME user-identity inactive-user-timer minutes 120 user-identity logout-probe netbios local-system probe-time minutes 10 retry-interval seconds 10 retry-count 2 user-not-needed user-identity poll-import-user-group-timer hours 1 user-identity ad-agent active-user-database full-download user-identity ad-agent aaa-server adagent Конфигурация Windows Server: adacfg.exe client create -name ASA -ip 192.168.10.2/32 -secret cisco adacfg.exe dc create -name SERV1 -host serv1 -domain myhome.ru -user admin123 -password Qwert123456 Проверяем на Windows Server: C:\IBF\CLI>adactrl.exe show running running C:\\IBF\\watchdog\\radiusServer.bat since 2013- 5-27 T20:56:20 running C:\\IBF\\watchdog\\adObserver.bat since 2013- 5-27 T20:56:20 C:\IBF\CLI>adacfg.exe dc list Name Host/IP Username Domain-Name Latest Status ----- ------- --------- ----------- ------------- SERV1 serv1 admin123 MYHOME up C:\IBF\CLI>adacfg.exe client list Name IP/Range ---- --------------- ASA 192.168.10.2/32 C:\IBF\CLI>adacfg.exe client status Subscribed-IP Sync-Status ------------- ----------- C:\IBF\CLI>netstat -aon | findstr ';:1645 :1646 :1812 :1813'; UDP 0.0.0.0:1645 *:* 372 UDP 0.0.0.0:1646 *:* 372 UDP 0.0.0.0:1812 *:* 372 UDP 0.0.0.0:1813 *:* 372 C:\IBF\CLI>ipconfig /all Windows IP Configuration Host Name ............: serv1 Primary Dns Suffix .......: myhome.ru Node Type ............: Hybrid IP Routing Enabled........: No WINS Proxy Enabled........: No DNS Suffix Search List......: myhome.ru Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix .: Description ...........: vmxnet3 Ethernet Adapter #2 Physical Address.........: 00-0C-29-AC-A8-A3 DHCP Enabled...........: No Autoconfiguration Enabled ....: Yes IPv4 Address...........: 192.168.10.25(Preferred) Subnet Mask ...........: 255.255.255.0 Default Gateway .........: 192.168.10.2 DNS Servers ...........: 192.168.10.25 NetBIOS over Tcpip........: Enabled Firewall на Windows Server выключен. Проверяем на ASA: ciscoasa# ping serv1.myhome.ru Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.10.25, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms ciscoasa# test aaa-server authentication AD1 host 192.168.10.25 username asa password Qwert123456 INFO: Attempting Authentication test to IP address <192.168.10.25> (timeout: 12 seconds) INFO: Authentication Successful ciscoasa# test aaa-server ad-agent adagent host 192.168.10.25 INFO: Attempting Ad-agent test to IP address <192.168.10.25> (timeout: 12 seconds) ERROR: Ad-agent Server not responding: No error Тест с AD Agent не проходит, ибо нет ответа. Судя по дампу (http://rghost.ru/46308141) действительно AD Agent совсем не отвечает на запросы. В C:\IBF\radiusServer\runtime\logs\radiusServer_debug.log ничего нет, несмотря на то, что включил логирование в C:\IBF\radiusServer\runtime\win32\config\RuntimeDebugLog.config Ведь всё сделал верно, но почему-то AD Agent никак не реагирует на RADIUS запросы. В чём может быть причина?