SQLNET authentication problem!

Similar Messages

• Webservice authentication problem

  Web Service Authentication problem
  Posted: Jun 17, 2005 3:32 PM        Reply      E-mail this post 
  Hi
  I have created a portal service and exposed this service as a webservice. I am consuming this webservice in webdynpro. Portal service contains 2 simple methods putdata() and getdatat().
  When i access the webservice i am getting the following error.
  "javax.xml.rpc.soap.SOAPFaultException: The User Authentification is not correct to access to the Portal Service com.sap.portal.prt.soap.GlobalData or the service was not found"
  My Enterprise portal server is configured for SSO to back end R/3 system. I have checked for portal service availability and it is fine.
  My Webdynpro and Portal are running on different machines. EP is running on AIX with SP11.
  Any help please.
  Regards
  NagaKishore V

  Hi Shahab,
  Can you reproduce the issue if you create 2 applications. One that exposes a secured web service and the other one the one, consumes the web service? This would help to isolate the issue and move forward in case is a bug.
  Thanks,
  Juan Camilo

• Authentication problem - solved, but maybe a bug in Mac OS X?

  Hi,
  I've a rather small installation with only a handful of users configured on a Mac mini (Mac OS X Server, 10.6.8). All of them use the mail, calendar and addressbook server on the Mac, nothing more. They use it with Mac, iPhone and iPad. Everything worked fine for months but suddenly all of them were faced authentication problems: it was not possible to login on the imap server, the calendar server, the addressbook server. It was possible to login using the admin account on the server directly. Moreover, all users disappeared from the workgroup manager, however they still were available on the servers LDAP server and findable using ldapsearch.
  First, I used to completely restart the server to solve the problem, but it reappeared after only few hours again.
  Second, after understanding more about the authentication process, I found the "killall DirectoryService" was sufficient to solve the problem, but it still reappeared after few hours.
  Then I found the, once the problem occured, there was nearly no more communication to the local LDAP server on port 389 on localhost. When everything was working fine, the was a lot of such communication, including queries for usernames, when a login attempt was made. I started a "tcpdump -n -i lo0 port 389" and waited for the problem again. After the problem occured, I found in the pcap files that there were a few final query attempts, actually attempts the open a port 389 TCP connection to the slapd running on localhost, which were answered with a TCP RST. Then, no more attempts were made until l restarted the DirectoryService. Using the logfile of the slapd I found that this happened exactly at the time the slapd was stopped and restarted. And - surprisingly for me - stopping and restarting the slapd happened exactly once an hour.
  I then found that it happened exactly at the time the time machine backup process was started and indeed it was possible to trigger the event of restarting the slapd by manually starting a time machine backup.
  (Indeed, I switched my backup strategy from SuperDuper to time machine the other day and maybe that was the time the problem occured for the first time. I know that time machine is not considered as the best backup strategy for a server but I wanted to try on my own.)
  Google helped my to find a hint that time machine will actually stop and restart slapd - which is a generally a good idea, since otherwise a backup from some open database files would be made, which could work but may fail. So, I thing, someone of the developers thought about that problem too and has considered time machine for backups of a server.
  However, a not running slapd can not answer queries from a DirectoryService and a stopping or starting process might indeed end up with TCP SYNs answered with TCP RST.
  My solution was to disable time machine again and from that time the problem does not occur again.
  I'm wondering why the DirectoryService process isn't starting to query the slapd again after a failed connection. Isn't this a bug? After this experience I consider time machine as not only the not preferred backup solution for a server but as completely incompatible with Mac OS X server - although, as I said, it seems that someone thought about backing up the LDAP database using time machine.
  (On a Lion server this problem does not occur, the slapd will not be stopped and restarted when time machine is running. Moreover, I saw a com.apple.slapd.start notification in the slapd.log ... maybe this tells DirectoryService to try again.)
  Cheers,
  Wolfgang

  Another problem I found with the MacOS X key bindings: the 6 key doesn't work!
  In the config that ships with SQL Developer, I found this:
  <Item class="oracle.javatools.util.Pair">
  <first class="java.lang.String">DOCUMENT_6_CMD_ID</first>
  <second class="oracle.ide.keyboard.KeyStrokes">
  <data>
  <Item class="javax.swing.KeyStroke">6</Item>
  </data>
  </second>
  </Item>
  which should be:
  <Item class="oracle.javatools.util.Pair">
  <first class="java.lang.String">DOCUMENT_6_CMD_ID</first>
  <second class="oracle.ide.keyboard.KeyStrokes">
  <data>
  <Item class="javax.swing.KeyStroke">meta 6</Item>
  </data>
  </second>
  </Item>

• Wifi Authentication Problem in Lenovo K900

  Hi,
  I am able to connect to wifi at home network. And when I try it at office it is showing Authentication problem and "Not in Range". The password and everything is correct. All my colleagues are able to connect with the same password. I searched online for the solution and there are many other lenovo tab and phone users facing the same problem and I am unable to find the solution. Can anyone resolve this issue and give appropriate answer for this.

  This is the first time I'm hearing this issue, I'm also an K900 user but this never happmed to me or my other friends.
  Are you sure that's the right password, maybe its case sensitive, because this bug is not present in K900.
  Facebook Profile I'm a carefree type of guy but always there to help, so if you have anything to ask don't hesitate.

• Cisco ACS 4.2.1 authentication problem

  We are using cisco ACS 4.2.1 on windows 2003  to authenticate  with windows 2003 Actice Directory. We have update Active directory server windows 2008 version. We have checked the configuration of ACS on windows database and no problem but we can't see in ACS dynamic user. I have authentication problem ACS 4.2.1 to Windows 2008 R2 active directory.

  Hi there,
  There is a section in the ACS 4.x where you can define if the ACS should show the dynamic users or not, make sure that this option is unchecked, for this go to External User Databases/Unknown User Policy/Configure Caching Unknown Users
  Also if you are facing authentication issues with ACS 4.x and Windows 2008 R2, you may want ready my previous answer.
  Let me know if this helps.

• WLC 5508 WPA Authentication Problems

  Hello,
  We have a WLC 5508 with 7.4.100.0 Firmware.
  We are using 1141 and 1142 APs and we are having authentication problems with clients that are connecting to our WLAN with WPA+AES autentication. The clients receive in her laptop a password error, and we receive the following log in wlc:
  Client Excluded: MACAddress:f8:f1:eb:dd:ff:cd Base Radio MAC :08:ad:dd:76:4d:30 Slot: 0 User Name: unknown Ip Address: unknown Reason:802.1x Authentication failed 3 times. ReasonCode: 4
  The strange thing is that the problem is solved restarting the Access-points.
  Anyone had this problem previusly?
  Thanks in advance.

  I made the configuration using the Cisco Recommended settings, the strange thing its that the users connect normally, until they starts with authentication problems. I restart the access points and the problem its solved.
  Cisco Recommended  and not recommended Authentication Settings
  Security encryption settings need to be identical for WPA and WPA2 for TKIP and AES as shown in this image:
  These images provide examples of incompatible settings for TKIP and AES:
  Note: Be aware that security settings permit unsupported features.
  These images provide examples of compatible settings:

• WiFi Authentication problem

  I have an iMac, and iPad, a Blackberry (forgive me) and Airport for my WiFi all of my pieces are working fine with my WiFi.  I had guests over the other day and we could not allow my guests iPads or iPhone to sign onto my network.  I bought my dad a generic tablet to use for solving cross words, etc., and I cannot sign into my own network.  No opportunity exists to put in a password because it just reads "Authentication Problem".
  No opportunity exists, therefore, to enter the password.  Signal strength is excellent, Securty is WPA2 PSK, I touch connect and it says Saved Secured with WPA2 and then goes back to "Authentication Problem."
  I've unplugged (and plugged back in) both the Airport / router and Internet Service provider's modem. I've rebooted my iMac and the new generic pad 3 times each. 
  I had 2 networks one for me and one for guests, can't get into either, identical problem. I can see all of the neighbour's networks and they're all locked and say secured with (various WPA/WPA2, etc., just mine says Authentication Problem.  I plugged the tablet into my iMac and it's functioning well.
  I now deleted the guest network and can't open a new network. 
  I've triple checked my passwords, hand written and in the Key Chain.
  I've checked my Apple ID (I'm able to get into this forum).
  Both my iPad (purchased May 2013) and BlackBerry (received free July 2013) signed in without any problems.
  I cannot see why I can't get into my network ~ any ideas?

  Hello,
  Hmmm..."problem"...pretty hard to understand. Can you provide more details? What exactly do you try? What exactly happens at each step of what you try? What is the exact and complete content of any error messages presented?
  Please remember that we can't see you nor your device. We have only your words to help us understand your situation, and such understanding is the natural prerequisite to providing you with any useful guidance.
  Thanks and let us know.
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Email authentication problem on only some of Verizon's servers

  I use Eudora 6.2.4 on an iMac Core 2 Duo 2.0 20" (Al) Macintosh running OX 10.5.5.  Like many others (see one thread each under FiOS Internet and High Speed Internet and Dialup), since about mid-November, I have been receiving intermittent (about 10% of the time) authentication errors when Eudora checks for new mail.  I have 3 VZ e-mail accounts and one at my employer; the errors occur only on the VZ accounts.
  I've used the freeware app Eavesdrop (http://code.google.com/p/eavesdrop/) to observe the TCP conversations between Eudora and the server. The VZ server offers SASL CRAM-MD5 PLAIN, and Eudora uses CRAM-MD5.  I see the challenge from the server, Eudora's response, and the server's authentication-failure response.  Since the response is hashed, I have no way of telling if Eudora is sending the correct response, but it works most of the time.  (After it fails, Eudora then assumes its stored password is NG, discards it, and prompts me for it on the next mail-check, which is just a bit annoying.)
  Here is an example of a successful mail-check:
  +OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr  3 2006)) <[email protected]>
  CAPA
  +OK list follows
  TOP
  PIPELINING
  UIDL
  RESP-CODES
  AUTH-RESP-CODE
  USER
  SASL PLAIN CRAM-MD5
  IMPLEMENTATION MMP-6.2p6.01 Apr  3 2006
  auth CRAM-MD5
  + PDQ5MzU1ZWY3LmRlZWZlMEB2bXMxMDkubWFpbHNydmNzLm5ldD4=
  amp3b2xmOSA3MDA0MmE5YWQwYzEzOWRkYjE5NDk0OWZjYjY1NzBmMg==
  +OK Maildrop ready
  STAT
  +OK 0 0
  QUIT
  And here's a failure:
  +OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) <[email protected]>
  CAPA
  +OK list follows
  TOP
  PIPELINING
  UIDL
  RESP-CODES
  AUTH-RESP-CODE
  USER
  SASL CRAM-MD5 PLAIN
  IMPLEMENTATION MMP-6.3p7.04 Sep 26 2008
  auth CRAM-MD5
  + PGZjMDAxY2M0ZjZlNDAyNjM3ZTI1MTVmMGU1MWEyYzVjQHZtczE3MTAxMy5tYWlsc3J2Y3MubmV0Pg==
  amp3b2xmOSA1NWNmNzJhYzRhZDdlMmE1ZGExZmIwZDVkMzA3NTc5OQ==
  -ERR [AUTH] Authentication failed
  You'll notice that the VZ server identifies itself at the onset of each conversation, including a build ID and date, followed by a timestamp and a server ID (e.g., vms109.mailsrvcs.net).  I'm in eastern Massachusetts, and when my client connects to incoming.verizon.net, one of a pool of V servers responds.  I've observed about 15 different servers, of which two (vms171011 and vms171013) show "6.3-7.04 (built Sep 26 2008)" and all the others show "6.2-6.01 (built Apr  3 2006)".  Furthermore, I observe that vms171011 and vms171013 consistently give this authentication failure for CRAM-MD5, but all the others (with the older build) consistently succeed in authenticating my accounts.
  I called FiOS Support, and the CSR took down took down some relevant info, said she'd pass it on the the e-mail folks.  Within 2 hours I got a call from a Verizon tech.  He said they "knew" about it and that it was a Mac problem.  It wasn't specific to VZ, and it occurred only on Macs.   He had no explanation for my observation that mail-check authentication works with 13 of VZ's servers and consistently fails with two which have a later build version/date, but he believed it was consistent with it being an Apple problem.  So naturally he was off the hook.
  He referred me to an Apple Support Forum discussion to back up his position.  I hadn't seen (or thought of looking in) the Apple forums, so I had a look and found a total of 5 threads under "Mail and Address Book".  Of course, these deal with Mail.app, .  Comcast as well as VZ.  This is the lengthiest of them:
    http://discussions.apple.com/message.jspa?messageID=8478765#8478765 
  These Apple discussion threads and the two Verizon Forum threads all mention Macintoshes, which lends credence to the tech's assertion that it's a Mac problem, not Verizon's.  I've found one that seems to depict the same thing on a PC (http://groups.google.com/group/comp.mail.eudora.ms-windows/browse_thread/thread/b426c0ca59841ca9), but it's not conclusive. 
  I don't know what PeeCee users use for a mail client or what method they use for authentication (the POP3 protocol, as amended,has several possibilities).  My Eudora app has settings for "Password", "Kerberos", and "APOP", but VZ doesn't offer Kerberos, and Eudora seems to ignore the APOP setting, so it uses only the CRAM-MD5 method, so I'm stuck.  I can't disprove that this is a Mac-only problem, but I can't understand why the CRAM-MD5 authentication always works with 13 of VZ's servers and always fails with 2 others (which happen to have a different build version/date).
  Solved!
  Go to Solution.

  With the help of a Windows-using friend, I have additional evidence that the mail-check authentication problem is NOT Mac-specific, but also can be shown to occur with a POP3 client (the final version, Eudora 7.1.0.9) using a secure authentication method (APOP) on Windows (XP Home, SP 3).  He had been observing no authentication problems, but investigation showed that his authentication setting was for "Password", which uses the basic (and very insecure) USER/PASS messages.  His Eudora does not allow CRAM-MD5, but it does have APOP authentication, which is another secure method that also uses the MD5 algorithm to encrypt the password.
  When he changed the setting to use APOP authentication, he observed the same behavior that I've reported above:
     - with most of the VZ servers (e.g., vms095.mailsrvcs.net, vms104.mailsrvcs.net) that show "6.2-6.01 (built Apr  3 2006)", the authentication succeeds
     - with vms171011.mailsrvcs.net and vms171013.mailsrvcs.net, which show "6.3-7.04 (built Sep 26 2008)", the authentication fails.
  See examples below.
  Here's a successful mail-check (these excerpts are from the Eudora log; I've edited his username):
  3244    64:13.20 Rcvd: "+OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.2-6.01 (built Apr  3 2006)) <[email protected]> [ISafe POP3 Proxy] \r\n"
  3244    32:13.20 Sent: "CAPA\r\n"
  3244    64:13.20 Rcvd: "+OK list follows\r\n"
  3244    64:13.20 Rcvd: "TOP\r\n"
  3244    64:13.20 Rcvd: "PIPELINING\r\n"
  3244    64:13.20 Rcvd: "UIDL\r\n"
  3244    64:13.20 Rcvd: "RESP-CODES\r\n"
  3244    64:13.20 Rcvd: "AUTH-RESP-CODE\r\n"
  3244    64:13.20 Rcvd: "USER\r\n"
  3244    64:13.20 Rcvd: "SASL PLAIN CRAM-MD5\r\n"
  3244    64:13.20 Rcvd: "IMPLEMENTATION MMP-6.2p6.01 Apr  3 2006\r\n"
  3244    64:13.20 Rcvd: ".\r\n"
  3244    32:13.20 Sent: "APOP XXXXX 8a45b60f3f4a52a472937e86edbfda70\r\n"
  3244    64:13.21 Rcvd: "+OK Maildrop ready\r\n"
  3244    32:13.21 Sent: "STAT\r\n"
  3244    64:13.21 Rcvd: "+OK 0 0\r\n"
  3244    32:13.21 Sent: "QUIT\r\n"
  3244    64:13.21 Rcvd: "+OK\r\n"
  And here's one that fails; note the different server build-date:
  460     64:13.23 Rcvd: "+OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.3-7.04 (built Sep 26 2008)) <[email protected]> [ISafe POP3 Proxy] \r\n"
  460     32:13.23 Sent: "CAPA\r\n"
  460     64:13.23 Rcvd: "+OK list follows\r\n"
  460     64:13.23 Rcvd: "TOP\r\n"
  460     64:13.23 Rcvd: "PIPELINING\r\n"
  460     64:13.23 Rcvd: "UIDL\r\n"
  460     64:13.23 Rcvd: "RESP-CODES\r\n"
  460     64:13.23 Rcvd: "AUTH-RESP-CODE\r\n"
  460     64:13.23 Rcvd: "USER\r\n"
  460     64:13.23 Rcvd: "SASL CRAM-MD5 PLAIN\r\n"
  460     64:13.23 Rcvd: "IMPLEMENTATION MMP-6.3p7.04 Sep 26 2008\r\n"
  460     64:13.23 Rcvd: ".\r\n"
  460     32:13.23 Sent: "APOP XXXXX ab2dde7d89cbbf0bf9cd409dce02e5a8\r\n"
  460     64:13.27 Rcvd: "-ERR [AUTH] Authentication failed\r\n"
  IMHO all this evidence validates my original hypothesis, that two (or more) of VZ's mail servers, which have server builds "6.3-7.04 (built Sep 26 2008)", advertise secure CRAM-MD5 and APOP authentication capabilities, but consistently fail such authentication attempts.  All the other servers with builds "6.2-6.01 (built Apr  3 2006)" handle these authentications correctly.  This has been shown to be the case on both Mac and Windows POP3 email clients.  Email clients that use the simpler and unsecure USER/PASS and AUTH PLAIN methods apparently see no authentication errors on any of the VZ servers.  This strongly points to this being a Verizon problem specific to two of the servers that we see here in eastern Massachusetts.  Others have also observed the same server-specificity; see for example http://eudorabb.qualcomm.com/showthread.php?t=13802 .  This problem has been reported since about mid-November.
  Verizon, the ball is in your court.  Find the problem and fix it!

• Phone won't connect to wifi saying authentication problem

  My phone after being connected to sky wifi from sept 2013, has all of a sudden started hardly connecting, and always says 'authentication problem'. I have my iPad connected to the wifi too, but this has also been connecting fine since sept 2013.The connection to my phone drops a lot, and then when it is connected it is very, very slow. It doesn't drop at all on my iPad.  Please can someone help me. And put it in layman terms please, thank you. EM

  Two things to try. Change the wifi channel on the Sky router/Hub itself, instruction on a post at the top of this forum. And try forgetting the network on the iPhone; Settings->WiFi, and select the network ticked. Select Forget This Network and confirm it. Then reconnect to the Sky router/Hub by selecting the wifi network and entering the password again on the iPhone. Try the latter first, then change the wifi channel on the Sky Hub/router after this step. If you don't have an iPhone, then use the steps appropriate for that phone to basically do the same as above, for forgetting and reconnecting the phone to the wifi network.

• Screensharing authentication problem and weird solution

  OK, I've been having the Screensharing authentication problem that crops up regularly on this forum.  Accidentally I found a very weird solution.  I want to know what's going on and to let others know of the solution.
  Let's say my laptop account is called 'london' and I want to connect it to my tower account called 'paris' on the LAN.  I browsed the network for the tower, click 'connect as' and in the dialog box I put in "Name: paris" and "Password: xxx".  I click 'connect' and I am connected as the registered user 'paris' and I can browse all of the disks.  File sharing is thus working normally.
  Now I click the 'share screen...' button and I get another dialog box into which I once more type "Name: paris" and "Password: xxx".  This yields an authentication failure message, which many users will be familiar with.
  By accident instead of typing the name and password for the account on the distant machine, I typed into the dialog box the name and password of the local machine:  ie. "Name: london" and "Password: yyy".  Much to my amazement the screensharing works.  What is going on?

  No, the username on london is london and on the machine paris it is paris.  However, the passwords are different.
  Just to be clear, I first connect to the remote machine's file sharing using the remote machine's username and password (ie. in the normal fashion).  I then connect screensharing but give the local machine's username and password in the dialog box.
  Before I made this discovery I had created a couple of fresh accounts on the remote machine. One was glitched, while the other functioned properly (ie. screensharing required the remote machine's username and password).  The bizarre fix worked for my original account.  I have not tested it on the new accounts for fear of screwing things up again.

• How do I correct LG Lucid wifi authentication problem

  LG Lucid was working fine until few days ago when it stopped connecting to all available wifi networks.  It still ID's them, goes thru authentication process, & then provides error message "authentication problem".  I think there was aa phone update about the same time things stopped working.  Help please.

  I know this is an old thread, and would hope you've gotten connected to your WiFi by now, but you may want to check your router settings. If you have some sort of device filtering set up, your for may not be recognizing your phone since the update.

• Wifi authentication problem yoga 2 1050F

  Hi,I am a new member and have just upgraded to android 5. Seems a big mistake as cannot connect to internet (no trouble with android 4) Says authentication problem. Have tried cancelling and re-entering password, turning router on and off and factory reset. Nothing. If Lenovo come up with a repair how will I be able to get it into the tablet when I have no internet connection.At the moment I have a tablet that is about as usefull as a roof tile. HELP

  You have been looking everywhere, except this forum. This issue was already addressed in this thread: https://forums.lenovo.com/t5/Android-Yoga-Series-Tablets/Wifi-Won-t-Connect-quot-Authentification-Problem-quot-Yoga/td-p/2105009 Are you using a WEP key encryption? If yes, try switching to WPA/WPA2. Though i have been able to connect without problem with these settings: Have you performed a factory reset after switching from 4.4.2 to 5.0? You could try that, sometimes it fixes so e issues.

• Tablet will not connect to router it is saying authentication problem

  Tablets saying authentication problem after password is put in,and i dissconected my  phone now that wont connect

  Hi whittydaz,
  Thanks for posting onto the Forum,
  It's not good to see that you are having trouble connecting to the Sky Router with your wireless devices. Can you please tell me if you are able to connect to a device wired at all? What lights are appearing on your Sky router at the moment?
  Have you reset your Sky Router by pressing and holding the button on the back of the router for longer than 30 seconds?
  Please let me know the answer to these questions and hopefully we can get to the bottom of this
  Cheers,

• Shozu/flickr authentication problems

  I have all my firmware up to date, but somehow with flicker I keep getting an authentication problem except if I do it myself, signing in manually, but the automatic uploading of a pic never worked yet. I used to have it working on an N80.

  10-Aug-200702:44 PM
  vliscony wrote:
  I went and reinstalled Shozu, re-authorized flickr, and it continues with authentication failed when I try to send something there.
  I'll experiment some more and report back, in the meantime bright suggestions are welcome.
  Well, I don't see why this happens to be so difficult. I had a Nokia N80 and N80ie. Now, I posess the N95. Yet, I still can't get online service with flickr/vox. I am frustrated. I reflash my phone because of problems brewing with certain applications. Yet, the same problems always seems to fall perhaps not between the phones or Nokia, but perhaps among the collaboration of Nokia phones and the addition of flickr/vox/shozu. I believe this is so because my phone quickly states that no authenticity as oppose to proper validation. Please keep me in tune.

• Sqlnet Communication problem

  Hi Community,
  I have a challenge getting 2 Oracle servers with each located in "internal" and "DMZ" network segments.
  The oracle server on the internal network can communicate with the one on the DMZ but the one on the DMZ can NOT talk to the one on the internal network.
  The customer wants the architecture to enable realtime data updates on the Oracle in DMZ.
  My config is as follows: I need help.
  ciscoasa# wr t
  : Saved
  ASA Version 8.4(3)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  name 10.1.184.131 Proxy_Server
  name 192.168.10.1 Internet_Router
  name 10.1.184.122 Mail_Server
  name 10.1.184.116 Mail_Server_2
  name 10.1.184.121 Mail_Server_3
  dns-guard
  interface GigabitEthernet0/0
  nameif Inside
  security-level 100
  ip address 10.1.184.1 255.255.248.0 standby 10.1.184.254
  interface GigabitEthernet0/1
  description LAN/STATE Failover Interface
  interface GigabitEthernet0/2
  nameif DMZ
  security-level 50
  ip address 192.168.30.1 255.255.255.0 standby 192.168.30.2
  interface GigabitEthernet0/3
  nameif Outside
  security-level 0
  ip address 192.168.10.2 255.255.255.0 standby 192.168.10.20
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  boot system disk0:/asa843-k8.bin
  ftp mode passive
  clock timezone GMT 1
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object network Proxy_Server
  host 10.1.184.131
  object network Mail_Server
  host 10.1.184.122
  object network Internet_Router
  host 192.168.10.1
  description Created during name migration
  object network Mail_Server_2
  host 10.1.184.116
  description Created during name migration
  object network Mail_Server_3
  host 10.1.184.121
  description Created during name migration
  object network WebServer1
  host 192.168.30.3
  object network InternalNetwork
  subnet 10.1.184.0 255.55.248.0
  object network DMZ-IdentityPool
  range 192.168.30.30 192.168.30.254
  object network WebServer2
  host 192.168.30.4
  object network obj-remote
  subnet 192.168.0.0 255.255.255.0
  object network obj-DMZ
  subnet 192.16.30.0 255.255.255.0
  object network DatabaseServer
  host 10.1.184.134
  object network AppServer
  host 10.1.184.126
  object network MailServer
  host 10.1.184.116
  access-list Inside_access_in extended permit ip object Proxy_Server any
  access-list Inside_access_in extended permit ip host 10.1.184.190 any
  access-list Inside_access_in extended permit ip host 10.1.184.83 any
  access-list Inside_access_in extended permit icmp host 10.1.184.190 any
  access-list Inside_access_in extended permit ip host 10.1.184.67 any inactive
  access-list Inside_access_in extended permit ip host 10.1.184.83 object Internet_Router
  access-list Inside_access_in extended permit ip host 10.1.184.190 object Internet_Router
  access-list Inside_access_in extended permit udp any any
  access-list Inside_access_in extended permit icmp any any
  access-list Inside_access_in extended permit ip object Mail_Server any
  access-list Inside_access_in extended permit tcp object Mail_Server any eq smtp
  access-list Inside_access_in extended permit ip object Mail_Server_2 any
  access-list Inside_access_in extended permit tcp object Mail_Server_2 any eq smtp
  access-list Inside_access_in extended deny tcp any any eq smtp
  access-list Inside_access_in extended permit icmp host 10.1.184.43 any
  access-list Inside_access_in extended permit ip object Mail_Server_3 any
  access-list Inside_access_in extended permit tcp object Mail_Server_3 any eq smtp
  access-list Inside_access_in extended permit ip host 10.1.184.190 host 192.168.30.3
  access-list Inside_access_in extended permit tcp object InternalNetwork host 192.168.30.3 eq www
  access-list Inside_access_in extended permit ip host 10.1.184.137 host 10.1.184.133
  access-list Inside_access_in extended permit ip host 10.1.184.62 host 10.1.184.133
  access-list Inside_access_in extended permit ip host 10.1.184.117 any
  access-list Inside_access_in extended permit ip host 10.1.184.117 object Internet_Router
  access-list Inside_access_in extended permit ip host 10.1.184.129 any
  access-list Inside_access_in extended permit ip host 10.1.184.129 object Internet_Router
  access-list Inside_access_in extended permit ip host 10.1.184.150 host 10.1.184.133
  access-list Inside_access_in extended permit ip host 10.1.184.150 any
  access-list Inside_access_in extended permit ip host 10.1.184.190 host 192.168.30.4
  access-list Inside_access_in extended permit tcp object InternalNetwork host 192.168.30.4 eq www
  access-list Inside_access_in extended permit tcp host 10.1.184.134 host 192.168.30.4 eq sqlnet
  access-list Outside_access_in extended permit udp any eq domain object Proxy_Server
  access-list Outside_access_in extended permit icmp object Internet_Router any
  access-list Outside_access_in extended permit icmp any host 10.1.184.190
  access-list Outside_access_in extended permit icmp any host 10.1.184.83 inactive
  access-list Outside_access_in extended permit tcp any object Proxy_Server eq https
  access-list Outside_access_in extended permit tcp any object Proxy_Server eq www
  access-list Outside_access_in extended permit tcp any object Mail_Server eq smtp inactive
  access-list Outside_access_in extended permit tcp any object Mail_Server_2 eq pop3
  access-list Outside_access_in extended permit udp any eq domain object Mail_Server_2
  access-list Outside_access_in extended permit tcp any object Mail_Server eq imap4 inactive
  access-list Outside_access_in extended permit icmp any object Mail_Server inactive
  access-list Outside_access_in extended permit tcp any object Mail_Server_2 eq smtp
  access-list Outside_access_in extended permit tcp any object Mail_Server_2 eq imap4
  access-list Outside_access_in extended permit icmp any object Mail_Server_2
  access-list Outside_access_in extended permit icmp any host 10.1.184.43
  access-list Outside_access_in extended permit tcp any host 192.168.30.3 eq www
  access-list Outside_access_in extended permit tcp any host 192.168.30.3 eq https
  access-list Outside_access_in extended permit icmp any host 192.168.30.3
  access-list Outside_access_in extended permit icmp any any echo-reply
  access-list Outside_access_in extended permit icmp any host 192.168.30.3 echo
  access-list Outside_access_in extended permit tcp any host 192.168.30.4 eq www
  access-list Outside_access_in extended permit tcp any host 192.168.30.4 eq https
  access-list Outside_access_in extended permit icmp any host 192.168.30.4 echo
  access-list Outside_access_in extended permit icmp any host 192.168.30.4
  access-list branchgroup-SplitACL standard permit 10.0.0.0 255.0.0.0
  access-list branchgroup-SplitACL standard permit 192.168.30.0 255.255.255.0
  access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 192.168.30.116 eq smtp
  access-list DMZ_access_in extended permit icmp host 192.168.30.4 any
  access-list DMZ_access_in extended permit ip host 192.168.30.4 host 192.168.30.134
  access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 192.168.30.134 eq sqlnet
  pager lines 24
  logging enable
  logging timestamp
  logging standby
  logging emblem
  logging list InformationalLog level informational
  logging list InformationalLog message 101001
  logging buffer-size 16384
  logging console notifications
  logging monitor errors
  logging buffered critical
  logging trap errors
  logging asdm critical
  logging mail informational
  logging host Inside 10.1.184.132
  logging host Inside 10.1.184.190 6/1470
  logging debug-trace
  logging ftp-server 10.1.184.190 \\marinasec\akanoa akanoa *****
  logging permit-hostdown
  logging class auth buffered emergencies trap emergencies
  logging class bridge buffered emergencies trap emergencies
  logging class config buffered alerts trap emergencies
  logging class ip buffered emergencies trap alerts
  logging class sys trap alerts
  logging class ca trap emergencies
  logging class email buffered emergencies trap errors
  mtu Inside 1500
  mtu DMZ 1500
  mtu Outside 1500
  mtu management 1500
  ip local pool remoteusers 192.168.0.1-192.168.0.254
  failover
  failover lan unit secondary
  failover lan interface stateful_failover GigabitEthernet0/1
  failover replication http
  failover link stateful_failover GigabitEthernet0/1
  failover interface ip stateful_failover 192.168.20.1 255.255.255.252 standby 192.168.20.2
  no monitor-interface management
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any Inside
  asdm image disk0:/asdm-647.bin
  no asdm history enable
  arp timeout 14400
  nat (DMZ,Outside) source static obj-DMZ obj-DMZ destination static obj-remote obj-remote
  nat (Inside,Outside) source static InternalNetwork InternalNetwork destination static obj-remote obj-remote
  object network Mail_Server
  nat (Inside,Outside) static Mail_Server no-proxy-arp route-lookup
  object network WebServer1
  nat (DMZ,Outside) static 192.168.30.3 dns
  object network WebServer2
  nat (DMZ,Outside) static 192.168.30.4 dns
  object network DatabaseServer
  nat (Inside,DMZ) static 192.168.30.134
  object network AppServer
  nat (Inside,DMZ) static 192.168.30.126
  object network MailServer
  nat (Inside,DMZ) static 192.168.30.116
  access-group Inside_access_in in interface Inside
  access-group DMZ_access_in in interface DMZ
  access-group Outside_access_in in interface Outside
  route Outside 0.0.0.0 0.0.0.0 Internet_Router 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server vpn protocol radius
  aaa-server vpn (Inside) host 10.1.184.119
  key *****
  aaa-server vpn (Inside) host 10.1.184.120
  key *****
  user-identity default-domain LOCAL
  http server enable
  http 10.1.184.190 255.255.255.255 Inside
  http 10.1.184.2 255.255.255.255 Inside
  http 10.1.184.83 255.255.255.255 Inside
  http 192.168.1.0 255.255.255.0 management
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec ikev1 transform-set rmtset esp-3des esp-md5-hmac
  crypto dynamic-map dyn1 1 set ikev1 transform-set rmtset
  crypto dynamic-map dyn1 1 set reverse-route
  crypto map mymap 1 ipsec-isakmp dynamic dyn1
  crypto map mymap interface Outside
  crypto ikev1 enable Outside
  crypto ikev1 policy 1
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 43200
  telnet 10.1.184.83 255.255.255.255 Inside
  telnet 10.1.184.190 255.255.255.255 Inside
  telnet 10.1.184.167 255.255.255.255 Inside
  telnet timeout 5
  ssh 10.1.184.83 255.255.255.255 Inside
  ssh 10.1.184.190 255.255.255.255 Inside
  ssh 10.1.184.43 255.255.255.255 Inside
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  webvpn
  group-policy branchgroup internal
  group-policy branchgroup attributes
  dns-server value 10.1.184.120
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value branchgroup-SplitACL
  default-domain value marinasecuritieslimited.com
  username sannib password 3gB/xWLMBVp/AjjW encrypted
  username adebimpel password O./lZ/3rlYD/87u2 encrypted
  username ojoawob password w1h9Aq2Welzv1fuW encrypted
  username agbajer password NuDaZPLHC0BcF7iI encrypted
  username oyenihib password eoxptVEUfczen6VR encrypted
  username odewolef password yB12L9t1gcr.Wgx/ encrypted
  username mainuser password 8KBTvbq5FOuoFce2 encrypted privilege 15
  username maakano password c1Cb3uSluyfsyWUb encrypted
  tunnel-group branchgroup type remote-access
  tunnel-group branchgroup general-attributes
  address-pool remoteusers
  default-group-policy branchgroup
  tunnel-group branchgroup ipsec-attributes
  ikev1 pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns migrated_dns_map_1
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns migrated_dns_map_1
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
  class class-default
    user-statistics accounting
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  hpm topN enable
  Cryptochecksum:bbe838eb9af33fc84083989823bc0c22
  : end
  [OK]
  ciscoasa#

  Hi,
  Seems to me that you have configured Static NAT from "inside" to "dmz" so that the "inside" servers are visible to the "dmz" with the IP address belonging to the "dmz"
  Is this something that you absolutely need? Is there something preventing you from using the IP address ranges on both "inside" and "dmz" and not doing NAT for them at all between those interfaces?
  IF you want to keep the current setup intact regarding NAT, change the DMZ ACL to use the actual 10.1.184.x IP addresses as the destination IP address in the ACL.
  In other words, always use the Real IP address of the host in the ACL configuration, NOT the NAT IP address. After doing that change I suppose it should also work for "dmz" to "inside". (NAT IP was used in the ACL in the ASA versions 8.2 and below, the Real IP address is used in software 8.3 and above)
  Change
  access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 192.168.30.116 eq smtp
  access-list DMZ_access_in extended permit icmp host 192.168.30.4 any
  access-list DMZ_access_in extended permit ip host 192.168.30.4 host 192.168.30.134
  access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 192.168.30.134 eq sqlnet
  To
  access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 10.1.184.116 eq smtp
  access-list DMZ_access_in extended permit icmp host 192.168.30.4 any
  access-list DMZ_access_in extended permit ip host 192.168.30.4 host 10.1.184.134
  access-list DMZ_access_in extended permit tcp host 192.168.30.4 host 10.1.184.134 eq sqlnet
  You can also use the "object" names in the ACL.
  Which would be
  access-list DMZ_access_in extended permit tcp host 192.168.30.4 object MailServer eq smtp
  access-list DMZ_access_in extended permit icmp host 192.168.30.4 any
  access-list DMZ_access_in extended permit ip host 192.168.30.4 object DatabaseServer
  access-list DMZ_access_in extended permit tcp host 192.168.30.4 object DatabaseServer eq sqlnet
  Hope the above helps Please ask more if needed.
  - Jouni