cisco >> What does it mean?

by rafael_romano299 » Mon, 12 Jan 2004 20:24:43 GMT

Hello all,

I have recently upgraded a Cisco 1710 Security router to IOS 12.3(4)T1
and the following 2 lines now appear in the config: boot-start-marker
& boot-end-marker. I don't know what these lines are. Can anyone


cisco >> What does it mean?

by micke414 » Thu, 15 Jan 2004 07:51:23 GMT

read manual :-) its about booting ie boot system commands will be
in between. used by software during boot to know where to find
commands, previously it has been a guessing where to start and stop
reading config file. boot code does not understand all of ios command
and previously there has been errors like unknown command during boot.


cisco >> What does it mean?

by AM » Sat, 26 Feb 2005 04:31:32 GMT

In a 837 router

*Mar 6 14:05:59: %CRYPTO-4-IKMP_NO_SA: IKE message from <remote VPN endpoint> has no SA and is not an initialization

What does it mean?
On PIX side (the initiator) logs tell me the Phase 2 is completed


Similar Threads

1. I've finally done it (10Base-2)

2. lengthening CAT5 cable- its done!

3. don't know what i'm doing

4. making cables - what am I doing wrong?

I'm making ethernet cables which don't quite work and it's drivign me
I can't quite explain under what conditions they work and don't work.
It seems that they do work with almost all (or juts all) 10 mbit boards
but don't work with the newer 100mbit boards.  I've used two different
sources of cat 5e cable, in one case it's not clerly labeled for speed,
in the other it says that it was tested for Gigabit networks.  Results
are the same.  So it must be the heads I'm using?  Is this even
possible?  Or could it be the crimper?  Because I've tried heads from
two different sources -- doesn't seem to make a difference.
When I plug such cable between a 100mbit Linksys router and a 100mbit
PCMCIA card the light on the switch goes on for couple of seconds,
blinking very-very fast and then disappears.  If I replace the PCMCIA
card with an old one 10mbit card it works fine.
Please help, I'm getting scared.

5. What kind of frame is LLC communication done ?

6. beeing a vpn gateway and doing VPN passthrough

Dear All,

I have a new fancy problem :)

I want to do a vpn client connection from VpnClient-A to Router B.
Router-A is a VPN gateway too.

VPNClA--[RouterA eth1=]--[eth1=

I can Connect from client-A to router B and build up the tunnel. But
all the esp (or UDP 4500 when using NAT-T) packets are caught by
router-A when eth1 has a crypto map assigned. When I remove the crypto
map from router-A the connection from client-A to router-B works fine.

How can I tell router A which UDP-4500/ESP packet to take and encrypt
and which packet not? Why are the IKE packets nor caught by router-a?

Thanks you.

version 12.2
no service slave-log
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname ABC
username usernamex password usernamex
aaa new-model
aaa authentication login ALIST local
aaa authorization network ALIST local
aaa session-id common
no ip subnet-zero
crypto isakmp policy 10
 encr 3des
 authentication pre-share
 group 2
crypto isakmp keepalive 30
crypto isakmp client configuration group WASSER
 key geheim
 domain wasserturm.pk2
 pool vpnpool
 acl 160
crypto ipsec transform-set SICHER esp-3des esp-sha-hmac
crypto dynamic-map vpnclient 10
 set transform-set SICHER
crypto map vpn client authentication list ALIST
crypto map vpn isakmp authorization list ALIST
crypto map vpn client configuration address respond
crypto map vpn 10 ipsec-isakmp dynamic vpnclient
interface Ethernet0
 ip address
 ip accounting output-packets
 ip nat inside
 no cdp enable
 hold-queue 100 out
interface Ethernet1
 no ip address
 pppoe enable
 pppoe-client dial-pool-number 1
 no cdp enable
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip inspect FIREWALL out
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp ipcp dns request
 crypto map vpn
ip local pool vpnpool
ip nat inside source list 130 interface Dialer1 overload
ip classless
ip route Dialer1
no ip http server
access-list 5 permit any
access-list 10 permit
access-list 130 deny   ip
access-list 130 permit ip any
access-list 160 permit ip
dialer-list 1 protocol ip permit
line con 0
 exec-timeout 120 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0
 access-class 5 in
 exec-timeout 120 0
 length 0
 transport preferred ssh
line vty 1 4
scheduler max-task-time 5000

7. vlan sub-interfaces on router doing nat

8. RIP question (Im doing my ccna)

Say that i have 3 routers all connected via direct serial links, running 
RIP (version 1). Each of the serial interfaces can be pinged remotely 
and locally. None of the ethernet interfaces can be pinged remotely, but 
can be locally. Does this mean that rip is not advertising the networks 

I will probably have some questions about ospf and eigrp soon.

Thanks in advance