Pix Failover Configuration with 1 Public

Have 1 PIX 515e (6.3(3)) in production that is currently assigned ip 1.1.1.2 w/ a 255.255.255.248 mask. All of my remaining publically assigned ips are being used so I don't have a free ip for the standby ip on the outside interface. Can I just do the standbys on the inside, failover and stateful link and not worry about having the standby for the outside? I'll be using lan-based failover w/ a few ports vlan'd out on my 3560 for the failover and stateful links.

Hello David,
The Pix firewall is getting to end of life this month, on version 6.3 I don't think this is supported or what will be the behavior on this scenario, on version 7.0 and higher you can use the command:
no monitor-interface if_name
http://www.cisco.com/en/US/docs/security/asa/asa70/command/reference/mr.html#wp1582411
And just monitor the other interfaces.
I hope this helps.
Regards,
Felipe.

Similar Messages

Cisco UNITY Failover Configuration with no Computer Browser Service

Hi,
Actually i'm configuring a unity failover server with version 7, at this point i'm triyng to add the failover server thru the failover configuration wizard which should list the failover server, but in this customer as a domain policy the computer browser service is disabled, reason why the failover server does not appear on the list of computers.
Does any one have any idea on how to deal with this issue?
Thanks.

Javier,
You can follow the steps here:
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsy40909
Hope that helps,
Brad

Storedge 3510 failover configuration with 1 host

I people.
I'm new to the storedge configuration.
I have a Sun storedge 3510 - 2 controllers with 2 x host port fc and 1x drive port each.
I want to do a simple configuration - connect 1 host to the storedge with failover.
It's correct to connect the 2 controllers using the drive port - because i want failover?
It's possible to use only 1 pci single FC adapter in the machine?
I will connect the machine with the storedge usinge 1 fibre cable,
I will use the host port FC1. And to do the failover I will connect the 2 controllers
using the drive port fc3 e fc2. - THIS IS CORRECT?
My problem is who to connect the cables and who to configure the storedge. I'm
already connected to the COM Port.
Another thing i have in the first controller amber light - this is a hardware problem?
And wath is the best configuration to use with 3510 storedge, one host, and failover?
Thank you. I need this help for now.. Please.

Isn't it wonderful when people respond?
I, too, am running into the same scenario. We have a single 3510FC that is connected to a single host through two controller cards. The drives are configured as a single logical drive under RAID-5. We want to have this configuration multi-pathed for redundancy, not throughput, even though controller cards NEVER fail. [sarcasm] We will be using Veritas VxVM DMP for redundancy.
Unfortunately, I can only ever see the logical drive/LUN on one controller. The main connection is channel 0 of the primary controller. Whenever I try to configure it to simultaneously be on channel 5 of the secondary controller, the 3510 won't let me do it. I can't figure out how to get the LUN to be assigned to two host channels when one is on the primary controller and one is on the secondary controller.
I find this to be absurd. Controllers fail. That's all that there is to it. Yet the design of the 3510 (and the 3310 as well) seem to fight like hell whenever you want to spread the logical drives across physical controllers.
What's the solution to this one, guys?

Failover Configuration

For failover configuration with Oracle 9i I have used
two database in same m/c. and the listner.ora is as following :-
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC3))
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = tcs052640)(PORT = 1521))
SID_LIST_LISTENER =
(SID_LIST =
(SID_DESC =
(SID_NAME = PLSExtProc)
(ORACLE_HOME = D:\oracle\ora_home)
(PROGRAM = extproc)
(SID_DESC =
(ORACLE_HOME = D:\oracle\ora_home)
(SID_NAME = SPACE)
(SID_DESC =
(ORACLE_HOME = D:\oracle\ora_home)
(SID_NAME = UIIVS2)
And TNS Entry which i have used in a m/c. which has only oracle client is like the following :-
PROD.WORLD =
(DESCRIPTION_LIST =
(FAILOVER = TRUE)
(LOAD_BALANCE = FALSE)
(DESCRIPTION =
(ADDRESS =
(PROTOCOL = TCP)
(HOST = TCS052640)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = SPACE.WORLD)
(SERVER = DEDICATED)
(DESCRIPTION =
(ADDRESS =
(PROTOCOL = TCP)
(HOST = TCS052640)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = UIIVS2.WORLD)
(SERVER = DEDICATED)
Now i am connected to SPACE from that m/c. which has only Oracle 9i client and then shutdown the database SPACE, but
after shutting down client is not dynamically connecting to the database UIIVS2,though I have written "FAILOVER = TRUE" in tnsnames.ora.
It is giving error like :-
ORA-12571: TNS:packet writer failure
ORA-03114: not connected to ORACLE
& when I am attempting test connection it is giving error
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
What more I have to do for connecting dynamically UIIVS2 when SPACE is down.
If the database located in separated m/c. is there anything more need to do.
Thanks in advance.

Guys,
have successfully done the failover, the failover parameter should be ON in the tns entries - thanks a lot for all of ur help.
Regards,
Prasenjit

How to configure an ASA with 2 Public IP address.

Hi, I have to configure a router ASA 5505 with 2 Publics IP, our ISP give us a 3 Public IP, and actually our configuration is like this:
interface Vlan1
nameif inside
security-level 100
ip address 192.168.x.x 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 200.91.x.x 255.255.255.248
The problem is: If I create a new Vlan, the interface overlaps.
How can I solve that problem??
Thanks for your answers!!!

Answered in duplicate post:
https://supportforums.cisco.com/discussion/12150111/how-configure-asa-2-public-ip-address

RA VPN into ASA5505 behind C871 Router with one public IP address

Hello,
I have a network like below for testing remote access VPN to ASA5505 behind C871 router with one public IP address.
PC1 (with VPN client)----Internet-----Modem----C871------ASA5505------PC2
The public IP address is assigned to the outside interface of the C871. The C871 forwards incoming traffic UDP 500, 4500, and esp to the outside interface of the ASA that has a private IP address. The PC1 can establish a secure tunnel to the ASA. However, it is not able to ping or access PC2. PC2 is also not able to ping PC1. The PC1 encrypts packets to PC2 but the ASA does not to PC1. Maybe a NAT problem? I understand removing C871 and just use ASA makes VPN much simpler and easier, but I like to understand why it is not working with the current setup and learn how to troubleshoot and fix it. Here's the running config for the C871 and ASA. Thanks in advance for your help!C871:
version 15.0
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname router
boot-start-marker
boot-end-marker
enable password 7 xxxx
aaa new-model
aaa session-id common
clock timezone UTC -8
clock summer-time PDT recurring
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.2
ip dhcp pool dhcp-vlan2
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
ip cef
ip domain name xxxx.local
no ipv6 cef
multilink bundle-name authenticated
password encryption aes
username xxxx password 7 xxxx
ip ssh version 2
interface FastEthernet0
switchport mode trunk
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description WAN Interface
ip address 1.1.1.2 255.255.255.252
ip access-group wna-in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
interface Vlan1
no ip address
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Vlan10
description router-asa
ip address 10.10.10.1 255.255.255.252
ip nat inside
ip virtual-reassembly
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list nat-pat interface FastEthernet4 overload
ip nat inside source static 10.10.10.1 interface FastEthernet4
ip nat inside source static udp 10.10.10.2 500 interface FastEthernet4 500
ip nat inside source static udp 10.10.10.2 4500 interface FastEthernet4 4500
ip nat inside source static esp 10.10.10.2 interface FastEthernet4
ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 10.10.10.0 255.255.255.252 10.10.10.2
ip route 192.168.2.0 255.255.255.0 10.10.10.2
ip access-list standard ssh
permit 0.0.0.0 255.255.255.0 log
permit any log
ip access-list extended nat-pat
deny   ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 any
ip access-list extended wan-in
deny   ip 192.168.0.0 0.0.255.255 any
deny   ip 172.16.0.0 0.15.255.255 any
deny   ip 10.0.0.0 0.255.255.255 any
deny   ip 127.0.0.0 0.255.255.255 any
deny   ip 169.255.0.0 0.0.255.255 any
deny   ip 255.0.0.0 0.255.255.255 any
deny   ip 224.0.0.0 31.255.255.255 any
deny   ip host 0.0.0.0 any
deny   icmp any any fragments log
permit tcp any any established
permit icmp any any net-unreachable
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit esp any any
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any administratively-prohibited
permit icmp any any source-quench
permit icmp any any ttl-exceeded
permit icmp any any echo-reply
deny   ip any any log
control-plane
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class ssh in
exec-timeout 5 0
logging synchronous
transport input ssh
scheduler max-task-time 5000
end
ASA:
ASA Version 9.1(2)
hostname asa
domain-name xxxx.local
enable password xxxx encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd xxxx encrypted
names
ip local pool vpn-pool 192.168.100.10-192.168.100.35 mask 255.255.255.0
interface Ethernet0/0
switchport trunk allowed vlan 2,10
switchport mode trunk
interface Ethernet0/1
switchport access vlan 2
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Vlan10
nameif outside
security-level 0
ip address 10.10.10.2 255.255.255.252
ftp mode passive
clock timezone UTC -8
clock summer-time PDT recurring
dns server-group DefaultDNS
domain-name xxxx.local
object network vlan2-mapped
subnet 192.168.2.0 255.255.255.0
object network vlan2-real
subnet 192.168.2.0 255.255.255.0
object network vpn-192.168.100.0
subnet 192.168.100.0 255.255.255.224
object network lan-192.168.2.0
subnet 192.168.2.0 255.255.255.0
access-list no-nat-in extended permit ip 192.168.2.0 255.255.255.0 192.168.100.0 255.255.255.0
access-list vpn-split extended permit ip 192.168.2.0 255.255.255.0 any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static lan-192.168.2.0 lan-192.168.2.0 destination static vpn-192.168.100.0 vpn-192.168.100.0 no-proxy-arp route-lookup
object network vlan2-real
nat (inside,outside) static vlan2-mapped
route outside 0.0.0.0 0.0.0.0 10.10.10.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 10.10.10.1 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-256-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set reverse-route
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev1 enable outside
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.2.0 255.255.255.0 inside
ssh 10.10.10.1 255.255.255.255 outside
ssh timeout 20
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
group-policy vpn internal
group-policy vpn attributes
dns-server value 8.8.8.8 8.8.4.4
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn-split
default-domain value xxxx.local
username xxxx password xxxx encrypted privilege 15
tunnel-group vpn type remote-access
tunnel-group vpn general-attributes
address-pool vpn-pool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
ikev1 pre-shared-key xxxx
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:40c05c90210242a42b7dbfe9bda79ce2
: end

Hi,
I think, that you want control all outbound traffic from the LAN to the outside by ASA.
I suggest some modifications as shown below.
C871:
interface Vlan2
description LAN-192.168.2
ip address 192.168.2.2 255.255.255.0
no ip nat inside
no ip proxy-arp
ip virtual-reassembly
ip access-list extended nat-pat
no deny ip 192.168.2.0 0.0.0.255 192.168.100.0 0.0.0.255
no permit ip 192.168.2.0 0.0.0.255 any
deny ip 192.168.2.0 0.0.0.255 any
permit ip 10.10.10.0 0.0.0.255 any
ASA 5505:
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
Try them out and response.
Best regards,
MB

Pix Failover

Im trying to build out a new network and im looking for the most redundancy as possible :)
If you look at the attachment everything from my knowledge will work just peachy if I just connect the blue lines...The only problem is if the main top switch failed (not a link failure but a total shut off) I will need to make sure the main pix fails over to the secondary.
What I would much rather like is when the main switch failed I didnt have to have the pixs failover that there would be another link to handle this. Thats where the green lines come in..
Can someone get me on the right path here, ive looked into the tracking features on the pix but it seems to only work with two seperate ISPs etc.
thanks guys and gals

You should have some kind of redundancy. Unfortunately, there's no way that you can configure pix to be able to detect whether the switch behind it is dead or not and be able to route the traffic to another back up switch when the primary switch is dead. But you can configure redundancy for the pix itself by configuring the pix for failover. That way, when the primary pix goes down it will failover to the secondary pix. Please refer to the following URL for more details.
How Failover Works on the Cisco Secure PIX Firewall:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094ea7.shtml
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806e880b.shtml

Cisco 1841 with 2 public WAN IP's and NAT

OK currently the network is setup as follows:
Zyxel SHDSL Router --> Linksys Router --> 10/100 Switch --> PC's
x.x.x.145/28__________x.x.x.146/28____________________192.168.1.0/24
The Linksys router is running inbound one-to-many PAT (eg. x.x.x.146:80 --> 192.168.1.10:8080)
I'm looking to replace the setup with a Cisco 1841 router. Now normally I would configure the DSL interface as unnumbered to the internal LAN interface and use my public IP addys on this segment then passing through a PIX to NAT into private IP addys.
The problem I have is I want the 1841 to be an all in one box performing DSL, Firewall and NAT functions.
Now I thought I would configure the DSL as unnumbered to FastEthernet0/0 adding a secondary IP address of x.x.x.146/28. Interface configured as NAT outside.
Interface FastEthernet0/1 was configured with 192.168.1.1/24 with NAT inside and connected to the switch.
The problem was is that the FastEthernet0/0 interface line protocol was down as there was no need to connect it to anything.
I then tried assigning the dialer interface a static IP of x.x.x.145/28 and x.x.x.146/28 as a secondary IP running NAT outside. I tried again but during boot up the router said you cant assign a secondary IP to the dialer interface.
So my question is, how would you recommend setting up the interfaces to enable the router to have both x.x.x.145 and 146/28 as public IP's and NAT x.x.x.146:80 to 192.168.1.10:8080?
Any help much appreciated.

Answers:
1) DSL is terminating in the 1841 on a SHDSL WIC
2) No
3) IP is negotiated
4) Below is a config which I believe should work. Any recommended amendments?
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname trackgw
boot-start-marker
boot-end-marker
no aaa new-model
resource policy
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
no ip dhcp use vrf connected
username cisco privilege 15 secret xxx
controller DSL 0/0/0
mode atm
line-term cpe
dsl-mode SHDSL symmetric annex B
line-rate AUTO
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface ATM0/0/0
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
encapsulation ppp
no cdp enable
ppp authentication chap callin
ppp chap hostname username
ppp chap password 0 password
ppp ipcp dns request
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
ip nat inside source list nat-acl interface Dialer1 overload
ip nat inside source static tcp 192.168.1.10 8080 x.x.x.146 80
ip access-list extended nat-acl
permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
control-plane
line con 0
logging synchronous
login local
transport output all
line aux 0
transport output all
line vty 0 4
privilege level 15
login local
transport input telnet
scheduler max-task-time 5000
end

Software for managing SNMP Pix failover traps

Hi, we need to monitor pix failover with snmp. Going through the pix readme shows as example how to do with Cisco Works for WIndows. Is this the only cisco product that can manage this? We are using LMS, is there a way with LMS to monitor failover events?
Kurtis Durrett

Thanks!
The command originally didn't work by itself, but after come changes to the other SNMP configurations the traps were then received.
SNMP configurations below:
Switch#show run | inc snmp
snmp-server community (removed) RW 5
snmp-server trap-source Vlan411
snmp-server chassis-id (Removed)
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps envmon fan temperature
snmp-server host *.*.*.* (Removed) fru-ctrl envmon
Logging:
Switch#show run | inc log
service timestamps log datetime localtime
logging buffered 16384
logging trap notifications

INS-40925 - One or more nodes have interfaces not configured with a subnet that is common across all cluster nodes.

Hi All,
I am facing the below error while installing Oracle RAC in Silent Mode.
SEVERE: There are no common subnets represented by network interfaces across all cluster nodes.
SEVERE: [FATAL] [INS-40925] One or more nodes have interfaces not configured with a subnet that is common across all cluster nodes.
   CAUSE: Not all nodes have network interfaces that are configured on subnets that are common to all nodes in the cluster.
   ACTION: Ensure all cluster nodes have a public interface defined with the same subnet accessible by all nodes in the cluster.
My /etc/hosts is given below.
127.0.0.1        localhost    localhost.localdomain
#Public
192.168.1.101      rac1        rac1.localdomain
192.168.1.102    rac2        rac2.localdomain
#Private
192.168.2.101    rac1-priv    rac1-priv.localdomain
192.168.2.102    rac2-priv    rac2-priv.localdomain
#Virtual
192.168.1.103      rac1-vip    rac1-vip.localdomain
192.168.1.104    rac2-vip    rac2-vip.localdomain
#SCAN
192.168.1.105    rac-scan    rac-scan.localdomain
Could you please help me to get rid of the error INS-40925....Any Idea...???

Hi Ramesh,
Please find the result of ifconfig -a from both nodes RAC1 & RAC2.
ifconfig -a in RAC1
[oracle@rac1 Desktop]$ ifconfig -a
eth0      Link encap:Ethernet HWaddr 08:00:27:17:7A:D5
          inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe17:7ad5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:102 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:25472 (24.8 KiB) TX bytes:3322 (3.2 KiB)
          Interrupt:19 Base address:0xd020
eth1      Link encap:Ethernet HWaddr 08:00:27:C0:AC:DB
          inet addr:192.168.2.101 Bcast:192.168.2.255 Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fec0:acdb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:240 (240.0 b) TX bytes:816 (816.0 b)
          Interrupt:16 Base address:0xd240
lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:56 errors:0 dropped:0 overruns:0 frame:0
          TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6394 (6.2 KiB) TX bytes:6394 (6.2 KiB)
virbr0    Link encap:Ethernet HWaddr 52:54:00:CC:BD:FB
          inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
          UP BROADCAST MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
virbr0-nic Link encap:Ethernet HWaddr 52:54:00:CC:BD:FB
          BROADCAST MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ifconfig -a in RAC2
[oracle@rac2 Desktop]$ ifconfig -a
eth0      Link encap:Ethernet HWaddr 08:00:27:C9:38:82
          inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fec9:3882/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:122 errors:0 dropped:0 overruns:0 frame:0
          TX packets:59 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:32617 (31.8 KiB) TX bytes:5157 (5.0 KiB)
          Interrupt:19 Base address:0xd020
eth1      Link encap:Ethernet HWaddr 08:00:27:90:B5:A0
          inet addr:192.168.2.102 Bcast:192.168.2.255 Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe90:b5a0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:240 (240.0 b) TX bytes:746 (746.0 b)
          Interrupt:16 Base address:0xd240
lo        Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING MTU:16436 Metric:1
          RX packets:56 errors:0 dropped:0 overruns:0 frame:0
          TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:6390 (6.2 KiB) TX bytes:6390 (6.2 KiB)
virbr0    Link encap:Ethernet HWaddr 52:54:00:CC:BD:FB
          inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
          UP BROADCAST MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
virbr0-nic Link encap:Ethernet HWaddr 52:54:00:CC:BD:FB
          BROADCAST MULTICAST MTU:1500 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

Problem in Hibernate 3.0. while configuring with Oracle 9i

Hi,
I have a problem in Hibernate 3.0. while configuring with Oracle 9i.
I make all necessary settings as per the requirement.
My code successfully running with MYSQL,
But if tried use Oracle 9i. then System generate the Following Exceptions.
Please let me know the solution
DEBUG - initializing class SessionFactoryObjectFactory
DEBUG - registered: 2c9834f115ccc9360115ccc937600000 (unnamed)
INFO - Not binding factory to JNDI, no JNDI name configured
DEBUG - instantiated session factory
INFO - Running hbm2ddl schema update
INFO - fetching database metadata
DEBUG - total checked-out connections: 0
DEBUG - using pooled JDBC connection, pool size: 0
ERROR - could not get database metadata
java.sql.SQLException: ORA-00600: internal error code, arguments: [ttcgcshnd-1],
[0], [], [], [], [], [], []

Hi
I alreay make all necessary chagens in cfg.file but still i have problem
see the contenet fo .cgf file
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE hibernate-configuration PUBLIC
"-//Hibernate/Hibernate Configuration DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd">
<hibernate-configuration>
<session-factory>
<property name="hibernate.cglib.use_reflection_optimizer">true</property>
<property name="hibernate.connection.driver_class">oracle.jdbc.driver.OracleDriver</property>
<property name="hibernate.connection.url">jdbc:oracle:thin:@sinpunap049:1521:esgdb</property>
<property name="hibernate.connection.username">scott</property>
<property name="hibernate.connection.password">tiger</property>
<property name="connection.pool_size">1</property>
<property name="hibernate.dialect">org.hibernate.dialect.Oracle9Dialect</property>
<property name="show_sql">true</property>
<property name="hbm2ddl.auto">update</property>
<mapping resource="Student1.hbm.xml" />
</session-factory>
</hibernate-configuration>

PIX 525 UR With 1 4-Port FE, 1 VPN Accel Card

Good day;
I have a PIX 525 Unrestricted with failover.
802.bin IOS
There is 1 4-port FE and a VPN Accelerator card installed in each unit.
I tried to install a second 4-port FE in both prime and secondary units and the following is the result.
Once I power up both units the second 4-port FE mimics the first one. Although there are no physical connections to the second 4-port FE's, the port lights on the second FE's light up as the ones on the first 4-port FE.
Example:
1st 4-port FE
Fa0/2 - physical connection - Light on
Fa0/3 - no physical connection - Light off
Fa0/4 - physical connection - Light on
Fa0/5 - no physical connection - Light off
2nd 4-port FE
Fa0/6 - no physical connection - Light on
Fa0/7 - no physical connection - Light off
Fa0/8 - no physical connection - Light on
Fa0/9 - no physical connection - Light off
Also, when the second card is installed the first card will not function and this sets both PIX's as active.
I'm somewhat baffled.

Hi;
Here's the show version.
As you will see, it allows for 10 physical interfaces.
I'm scratching my head over this one.
Cisco PIX Security Appliance Software Version 8.0(2)
Device Manager Version 6.0(2)
Compiled on Fri 15-Jun-07 18:25 by builders
System image file is "flash:/pix802.bin"
Config file at boot was "startup-config"
MHCPPIX1 up 27 days 22 hours
failover cluster up 93 days 1 hour
Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz
Flash E28F128J3 @ 0xfff00000, 16MB
BIOS Flash AM29F400B @ 0xfffd8000, 32KB
Encryption hardware device : VAC+ (Crypto5823 revision 0x1)
0: Ext: Ethernet0 : address is 0011.924b.dd31, irq 10
1: Ext: Ethernet1 : address is 0011.924b.dd32, irq 11
2: Ext: Ethernet2 : address is 000d.88ee.5d70, irq 11
3: Ext: Ethernet3 : address is 000d.88ee.5d71, irq 10
4: Ext: Ethernet4 : address is 000d.88ee.5d72, irq 9
5: Ext: Ethernet5 : address is 000d.88ee.5d73, irq 5
Licensed features for this platform:
Maximum Physical Interfaces : 10
Maximum VLANs : 100
Inside Hosts : Unlimited
Failover : Active/Active
VPN-DES : Enabled
VPN-3DES-AES : Enabled
Cut-through Proxy : Enabled
Guards : Enabled
URL Filtering : Enabled
Security Contexts : 2
GTP/GPRS : Disabled
VPN Peers : Unlimited
This platform has an Unrestricted (UR) license.

2 Server with 1 Public IP (Port Forwading) Details Inside thanks

Hi,
I would like to ask how to setup 2 servers with 1 public IP??
Server 1 is Citrix
Server 2 is FTP server
1 public IP
Tried this command on Cisco ASA 5510 but it doesn't work with 2 servers, But 1 server - 1 public IP is working.
1 server - 1 public IP
object-group service test1 tcp
port-object eq www
access-list outside_access_in extended permit tcp any host 111.44.77.121 object-
group test1
static (inside,outside) 111.44.77.121 192.168.1.1 netmask 255.255.255.255
2 server - 1 public ip
object-group service test1 tcp
port-object eq www
object-group service test2 tcp
port-object eq http
access-list SMTP-Services extended permit ip host 111.44.77.121 host 192.168.1.1
access-list SMTP-Services2 extended permit ip host 111.44.77.121 host 192.168.1.2
static (inside,outside) 111.44.77.121 192.168.1.1 netmask 255.255.255.255
static (inside,outside) 111.44.77.121 192.168.1.2 netmask 255.255.255.255
Thank you

"then use a different port number on the inside real IP." - does it mean I will depend on my port number(inside) or what server port number will be ?
So now I'm just Curious... Currently If I type this 111.44.77.121 (public IP) to my browser it will direct me to private (inside add).
Now my Question is If I Configure 2servers to 1 public IP how can I access It??
Example:
Browser - 111.44.77.121:80 ? and the other one will be 111.44.77.121:8881
thank you

Any failover abilities with ASA VPNCLIENT?

We continue to fight battles with ISPs on UDP issues when a local ASA configured with VPNCLIENT stops working with UDP.
The ISP will throttle UDP or else filter or it may even be getting dropped in the path, thus the VPN tunnel drops and won't rebuild.
But if we use TCP in the VPNCLIENT then we can get the same tunnel back up.
My question is this -
Can there be any failover statements built into an ASA VPNCLIENT configuration which could failover to TCP when UDP begins to have this ISP issues?

I do not think if this can be automated need to select manually.

Failing to execute Check: systems configured with DHCP

Recommendation: Oracle supports installations on systems with DHCP-assigned public IP addresses. However, the primary network interface on the system should be configured with a static IP address in order for the Oracle Software to function properly. See the Installation Guide for more details on installing the software on systems configured with DHCP.
Status: Not Executed
Why is Oracle failing to execute the check? What sort of check does Oracle run for DHCP IPs?
Any help will be appreciated.
Thanks

A server is not supposed to work with DHCP but with a fixed IP address. Enterprise Manager DB Control Console will only work with a fixed IP address, if ever either the IP or the hostname change then EM won't work any more unless it is reconfigured.
The purpose of the loopback adapter is to provide a fixed IP address on a dynamic assigned environment. You should make sure once you fix the IP address by means of DHCP to name this IP address in the host file at c:\windows\system32\drivers\etc\host.
~ Madrid
http://hrivera99.blogspot.com/

Pix Failover Configuration with 1 Public

Similar Messages

Maybe you are looking for