2 ASA for VPN tunnel hub and Dual tunnel to both from cisco1800

Similar Messages

• Which database driver is required for weblogic 10.3 and Oracle DB 11g both on MS2008 separate server

  Hi,
  i am trying to configure JDBC with weblogic. Can any one tell me which deriver needs to be selected for weblogic 10.3 and Oracle DB 11g both on MS2008 separate server.
  if i use BEA oracle Driver (Type 4) version 9.0.1, 9.2.0,10,11,  i find error (see snap:2)
  Connection test failed.
  [BEA][Oracle JDBC Driver]Error establishing socket. Unknown host: hdyhtc137540d<br/>weblogic.jdbc.base.BaseExceptions.createException(Unknown Source)<br/>weblogic.jdbc.base.BaseExceptions.getException(Unknown Source)<br/>weblogic.jdbc.oracle.OracleImplConnection.makeConnectionHelper(Unknown Source)<br/>weblogic.jdbc.oracle.OracleImplConnection.makeConnection(Unknown Source)<br/>weblogic.jdbc.oracle.OracleImplConnection.connectAndAuthenticate(Unknown Source)<br/>weblogic.jdbc.oracle.OracleImplConnection.open(Unknown Source)<br/>weblogic.jdbc.base.BaseConnection.connect(Unknown Source)<br/>weblogic.jdbc.base.BaseConnection.setupImplConnection(Unknown Source)<br/>weblogic.jdbc.base.BaseConnection.open(Unknown Source)<br/>weblogic.jdbc.base.BaseDriver.connect(Unknown Source)<br/>com.bea.console.utils.jdbc.JDBCUtils.testConnection(JDBCUtils.java:505)<br/>c om.bea.console.actions.jdbc.datasources.createjdbcdatasource.CreateJDBCDataSource.testConn ectionConfiguration(CreateJDBCDataSource.java:369)<br/>sun.reflect.GeneratedMethodAccessor 826.invoke(Unknown Source)<br/>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl. java:25)<br/>java.lang.reflect.Method.invoke(Method.java:597)<br/>org.apache.beehive.netui .pageflow.FlowController.invokeActionMethod(FlowController.java:870)<br/>org.apache.beehiv e.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)<br/>org.ap ache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)<br/>or g.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java :306)<br/>org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336 )<br/>...
  and
  when i use oracle's driver (thin) version 9.0.1, 9.2.0,10,11, i find error
  Connection test failed.
  Io exception: The Network Adapter could not establish the connection<br/>oracle.jdbc.driver.SQLStateMapping.newSQLException(SQLStateMapping.java:10 1)<br/>oracle.jdbc.driver.DatabaseError.newSQLException(DatabaseError.java:112)<br/>oracle .jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:173)<br/>oracle.jdbc.drive r.DatabaseError.throwSqlException(DatabaseError.java:229)<br/>oracle.jdbc.driver.DatabaseE rror.throwSqlException(DatabaseError.java:458)<br/>oracle.jdbc.driver.T4CConnection.logon( T4CConnection.java:411)<br/>oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnectio n.java:490)<br/>oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:202)<br/>oracle .jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:33)<br/>oracle.jdbc. driver.OracleDriver.connect(OracleDriver.java:474)<br/>com.bea.console.utils.jdbc.JDBCUtil s.testConnection(JDBCUtils.java:505)<br/>com.bea.console.actions.jdbc.datasources.createjd bcdatasource.CreateJDBCDataSource.testConnectionConfiguration(CreateJDBCDataSource.java:36 9)<br/>sun.reflect.GeneratedMethodAccessor826.invoke(Unknown Source)<br/>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl. java:25)<br/>java.lang.reflect.Method.invoke(Method.java:597)<br/>org.apache.beehive.netui .pageflow.FlowController.invokeActionMethod(FlowController.java:870)<br/>org.apache.beehiv e.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:809)<br/>org.ap ache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:478)<br/>or g.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java :306)<br/>org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336 )<br/>...

  i am finding this error when i click on Test Configuration button to test the connection wth oracle DB

• [svn:cairngorm3:] 17872: Popup: Exposed set accessor of open for view state usage and fixed bug when closing from model within popup .

  Revision: 17872
  Revision: 17872
  Author:   [email protected]
  Date:     2010-09-27 08:04:40 -0700 (Mon, 27 Sep 2010)
  Log Message:
  Popup: Exposed set accessor of open for view state usage and fixed bug when closing from model within popup. http://www.spicefactory.org/forum/viewtopic.php?p=3932. Added new sample to show model and view state interactions.
  Modified Paths:
      cairngorm3/trunk/libraries/Popup/src/com/adobe/cairngorm/popup/PopUpBase.as
      cairngorm3/trunk/libraries/Popup/src/com/adobe/cairngorm/popup/PopUpFactory.as
      cairngorm3/trunk/libraries/Popup/src/com/adobe/cairngorm/popup/PopUpWrapper.as
      cairngorm3/trunk/libraries/PopupTest/.actionScriptProperties
      cairngorm3/trunk/libraries/PopupTest/src/samples/MyPopup.mxml
      cairngorm3/trunk/libraries/PopupTest/src/samples/PopUpPM.as
  Added Paths:
      cairngorm3/trunk/libraries/PopupTest/src/PopUpModelExample.mxml
      cairngorm3/trunk/libraries/PopupTest/src/samples/MyPopupWithModel.mxml

  Lots to be excited about. BUT...Just updated to 8.1 on one of my computers to test it out...
  Sadly, the following issue is NOT fixed for me. Is it with new projects only?  I haven't started a new project on 8.1 I've only opened an old project but the issue that I'm referring to which involves also a delay/freeze of anywhere from a few seconds to a MINUTE while the render bar goes from yellow to red and then back to yellow is still there. Boo.
  On the list above...
  Switching between sequences can turn the render bar red.
  This issue is incredibly easy to replicate. I really do hope it gets fixed. Here are the steps:
  1) Create two sequences with multiple short clips (the more clips the better)
  2) Make sure GPU acceleration is enabled.
  3) Add warp stabilizer to the clips in both sequences. Again, the more clips the longer the delay/freeze will be as the render bar goes from YELLOW to RED and then eventually back to YELLOW again.
  4) Hit SAVE.
  5) Now, toggle between sequences. You'll hit a short delay with a few clips stabilized and a LONG delay with lots stabilized. In my case this delay is around a full minute. The render bar will go from YELLOW to RED and then back to yellow...eventually.
  6) Toggle back to the original sequence and the delay occurs again.
  7) Once you've toggled between sequences and have gone through this delay, that's it, there is no longer a delay...UNTIL...(and here's the big kicker)...until the project is SAVED again. After that the issue returns when you toggle between sequences. Both saving manually and AUTOSAVING cause this issue. No way around it except not editing with GPU acceleration.
  Not sure what the issue is...caching issue when saving maybe? Either way, it stinks and it's still there in 8.1. Big bummer.
  Again, lots to be excited about with this release but I really was hopefully this specific issue was resolved.
  Sigh.

• IPSEC Tunnel Protection and per-tunnel QOS shaping doesnt do any shaping.

  I am having a small brain implosion as to why this will not work.
  I have tried the QOS policy on the tunnel interfaces and on the ATM interface. No shaping occurs. The interfaces transmit at their leisure.
  Please can someone having a better day than me tell me what I am doing wrong?
  Below is the relevant (and standard) config. without the service-policy command applied anywhere. Any help appreciated.
  class-map match-any APPSERVERS
   match access-group name TERMINALSERVERS
  class-map match-any VOICE
   match protocol sip
   match protocol rtp
   match  dscp ef
  policy-map QOSPOLICY
   class VOICE
      priority 100
   class APPSERVERS
      bandwidth percent 33
   class class-default
      fair-queue 16
  policy-map TUNNEL
   class class-default
      shape average 350000
    service-policy QOSPOLICY
  interface Tunnel0
   bandwidth 350
   ip address 172.20.58.2 255.255.255.0
   ip mtu 1420
   load-interval 30
   qos pre-classify
   tunnel source Dialer0
   tunnel destination X.X.X.X
   tunnel mode ipsec ipv4
   tunnel path-mtu-discovery
   tunnel protection ipsec profile IPSECPROFILE
  interface Tunnel1
   bandwidth 350
   ip address 172.21.58.2 255.255.255.0
   ip mtu 1420
   load-interval 30
   delay 58000
   qos pre-classify
   tunnel source Dialer0
   tunnel destination Y.Y.Y.Y
   tunnel mode ipsec ipv4
   tunnel path-mtu-discovery
   tunnel protection ipsec profile IPSECPROFILE
  interface ATM0/0/0
   no ip address
   load-interval 30
   no atm ilmi-keepalive
  interface ATM0/0/0.1 point-to-point
   pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
  interface Dialer0
   bandwidth 400
   ip address negotiated
  Thanks,
  Paul

  Hi mate,
  This is an 1841 with 12.4 (20) but Ive tried it on 15.1 on a 1941 also. I get some measure of traffic reduction but I cannot fathom what it is actually doing.
  In the lab with the 1841 and a flat shaper I get this:
  policy-map SHAPE
   class class-default
      shape average 600000
  interface Tunnel0
   bandwidth 700
   service-policy output SHAPE
  R1#sh policy-map int
   Tunnel0
    Service-policy output: SHAPE
      Class-map: class-default (match-any)
        18664 packets, 26423115 bytes
        30 second offered rate 452000 bps, drop rate 0 bps
        Match: any
        Queueing
        queue limit 64 packets
        (queue depth/total drops/no-buffer drops) 45/0/0
        (pkts output/bytes output) 18659/27808530
        shape (average) cir 600000, bc 2400, be 2400
        target shape rate 600000
  R1#sh policy-map int
   Tunnel0
    Service-policy output: SHAPE
      Class-map: class-default (match-any)
        19044 packets, 26964413 bytes
        30 second offered rate 451000 bps, drop rate 0 bps
        Match: any
        Queueing
        queue limit 64 packets
        (queue depth/total drops/no-buffer drops) 45/0/0
        (pkts output/bytes output) 19039/28378426
        shape (average) cir 600000, bc 2400, be 2400
        target shape rate 600000
  It just holds the data rate around 450 kbps. ??
  Here are the types of results I get when the HQoS is applied to the Tunnel interface in the lab:
  policy-map QOS
   class IP2
      drop
   class IP3
      priority 300
   class class-default
  policy-map TUNNEL
   class class-default
      shape average 600000
    service-policy QOS
  interface Tunnel0
   bandwidth 700
   service-policy output TUNNEL
  R1#sh policy-map int
   Tunnel0
    Service-policy output: TUNNEL
      Class-map: class-default (match-any)
        14843 packets, 20884436 bytes
        30 second offered rate 362000 bps, drop rate 75000 bps
        Match: any
        Queueing
        queue limit 64 packets
        (queue depth/total drops/no-buffer drops) 0/3942/0
        (pkts output/bytes output) 14009/15858326
        shape (average) cir 600000, bc 2400, be 2400
        target shape rate 600000
        Service-policy : QOS
          queue stats for all priority classes:
            Queueing
            queue limit 64 packets
            (queue depth/total drops/no-buffer drops) 0/3942/0
            (pkts output/bytes output) 6464/9540288
          Class-map: IP2 (match-all)
            385 packets, 533940 bytes
            30 second offered rate 28000 bps, drop rate 28000 bps
            Match: access-group 102
            drop
          Class-map: IP3 (match-all)
            10411 packets, 14628188 bytes
            30 second offered rate 191000 bps, drop rate 75000 bps
            Match: access-group 103
            Priority: 300 kbps, burst bytes 7500, b/w exceed drops: 3942
          Class-map: class-default (match-any)
            4047 packets, 5722308 bytes
            30 second offered rate 143000 bps, drop rate 0 bps
            Match: any
            queue limit 64 packets
            (queue depth/total drops/no-buffer drops) 0/0/0
            (pkts output/bytes output) 7545/6318038
  This is after 10 minutes of running transfers to all endpoints to utilise the classes in the policy.
  So why dont we see shaping that moves towards the configured values?
  Thanks.

• I exchanged my battery-challenged Ipad 1 for a refurbished model, and it won't move from the first page. . .what gives?

  I exchanged my battery-challenged Ipad 1 for a refurbished model, and the new model won't move from the first page, which shows the battery charger pointing toward an Itunes logo.  It has a full battery charge. . .what gives?

  It's been so long since I activated an iPad original model, and I am assuming that it needs to be activated. If that's not the problem, then you need to restore the iOS software.
  Eject the iPad, turn the iPad off, quit iTunes, restart you computer - then restart the iPad and connect it to your computer and see if iTunes launches on it's own. If it doesn't, then launch it yourself. If iTunes does not guide you through the activation process, I assume that you have to restore the software.
  Click on the iPad name on the left sidebar of iTunes. If you don't see the sidebar, go to View>Show Sidebar from the menu at the top. Then you should see the iPad under the devices heading. After you click on the iPad name, click on the Summary Tab at the top of the iTunes window on the right. Then Click on Restore.
  I'm hoping that starting the process over again activates the iPad rather than having to restore the device, but see what happens.

• I Do I need an anti-virus for my macbook pro or not and which is the best anti-virus for it if needed and i can download it from which site?

  Hello everyone.I just wanted to know that do i need an anti virus for my macbook pro and if yes then which is the best anti-virus for it and i can download the anti-virus software from which site? Thanks for everyones help for my previous question..it really helped me.

  There's no know virus that can impact a Mac, but if you run Windows via Parallels or Boot Camp then you're just as vulbnerable as any PC user.
  If you want to scan your system to be sure check out the free utilities ClamXav and Sophos Anti Virus

• Include multiple sub-interfaces in Cisco ASA for VPN tunnel

  I am trying to create a VPN tunnel between two Cisco ASAs where one ASA has multiple sub-interfaces.
  Say, In Cisco ASA 5550(in datacentre), I created multiple subinterfaces with VLAN ID as below:
  Inside, int0/1 : 10.1.1.0/24
  DMZ, int0/1.100: 10.1.100.0/24 (VLAN 100)
  Production, int 0/1.101 : 10.1.101.0/24 (VLAN 101)
  Management, int 0/1.102: 10.1.102.0/24 (VLAN 102)
  And another Cisco ASA 5505 is only configured with 1 x inside interface Inside, int 0/1: 192.168.1.0/24
  So far, I have only been able to provide outside access to one of the sub-interfaces as NAT rule on inside interface didn't work for VLANs. Hence had to issue Global NAT rule to be applied on Production subinterface so that production VLAN can have outside access. I have managed to establish VPN tunnel between two ASAs on Production sub-interface only, Source interface = Production subinterface
  Additional settings:
  Have ACL to allow all sub interfaces to access outsite ( lower security level)
  NAT rules is configured on Production subinterface with Source NAT Type as Dynamic PAT; when this was configured with source interface as inside, PCs behind various VLAN coun't access internet. 
  I want to establish a site-to-site VPN tunnel with multiple sub-interfaces of Cisco ASA 5550 to Cisco ASA 5505. Would you please suggest what I am missing in my configuration? I need to be able to access multiple VLANs of datacentre from remote site.

  I am trying to create a VPN tunnel between two Cisco ASAs where one ASA has multiple sub-interfaces.
  Say, In Cisco ASA 5550(in datacentre), I created multiple subinterfaces with VLAN ID as below:
  Inside, int0/1 : 10.1.1.0/24
  DMZ, int0/1.100: 10.1.100.0/24 (VLAN 100)
  Production, int 0/1.101 : 10.1.101.0/24 (VLAN 101)
  Management, int 0/1.102: 10.1.102.0/24 (VLAN 102)
  And another Cisco ASA 5505 is only configured with 1 x inside interface Inside, int 0/1: 192.168.1.0/24
  So far, I have only been able to provide outside access to one of the sub-interfaces as NAT rule on inside interface didn't work for VLANs. Hence had to issue Global NAT rule to be applied on Production subinterface so that production VLAN can have outside access. I have managed to establish VPN tunnel between two ASAs on Production sub-interface only, Source interface = Production subinterface
  Additional settings:
  Have ACL to allow all sub interfaces to access outsite ( lower security level)
  NAT rules is configured on Production subinterface with Source NAT Type as Dynamic PAT; when this was configured with source interface as inside, PCs behind various VLAN coun't access internet. 
  I want to establish a site-to-site VPN tunnel with multiple sub-interfaces of Cisco ASA 5550 to Cisco ASA 5505. Would you please suggest what I am missing in my configuration? I need to be able to access multiple VLANs of datacentre from remote site.

• Tcp Connection timeout on ASA for vpn traffic

  Hello All
  I need an answer please.
  I wanted to give tcp conenction timeout as unlimited for some IPs coming through VPN.
  So, I created an access-list defining the traffic for which I want this tcp timeout.
  Then a class map, policy map, entered set timeout to '0'
  Applied it under default service-policy, which is applied as global (by default).
  My doubt is should I apply the service policy on the interface or the global will work.
  Just a silly doubt
  Thanks in advance.

  Hi,
  I think it should work just fine if you attach it to the default "policy-map" configuration that you have attached globally on the ASA.
  You might want to configure the timeout value as something long rather than setting it as unlimited.
  - Jouni

• IPhoto nightmare. Tried to import photos using Nikon software for the first time and all my photos disappeared from iPhoto 8.1.2 (and everything from itunes too). Newly reinstalled iPhoto crashes as soon as I import anything now.

  Macbook OSX 10.5.8, iPhoto 8.1.2. I just tried to import some photos using Nikon software (View NX2) for the first time. When I next looked into iPhoto it was empty (so was iTunes but that's another story). I had backed up photos fairly recently but don't use time machine. Searched in vain everywhere and must have done something wrong because iPhoto wouldn't then open at all, saying it was unreadable. After a lot more attempts to recover I uninstalled iPhoto and the receipts and reinstalled from my original disc. It seemed to be ok and imported some photos from my iphone but as soon as the import is complete iPhoto crashes and when opened again it is empty. Have tried this several times and have shut down and have tried rebuilding with the alt and cmd buttons but nothing seems to help. Any ideas?

  not a reply but not sure how to add something to my own thread! It seems that Desktop was damaged too as when I try to open it a screen says there is no application selected to open Desktop with. No idea what I should choose! Any help appreciated, have really made a mess of my MacBook this time.

• What are 'keychains'??? All of a sudden my computer is asking for passwords to keychains and it is blocking me from my shared iCloud accounts.

  Since I upgraded to the latest iOS7 upgrade, my computer has all of a sudden introduced 'keychains' and is asking for a keychain password. It has totally messed up my icloud and I can no longer see my shared calendars or notes. I can't even log into icloud. How do I delete these keychains and keychain popups from my computer? It's making my Mac act like a PC and I don't like it! LOL

  First try:
  http://support.apple.com/kb/TS5362
  OS X Mavericks v10.9.1: Repeated prompts to unlock "Local Items" keychain
  iOS 7 introduced syncing keychain iTunes (passwords) between devices included Mac computers
  If still problem see the other items of
  :https://discussions.apple.com/message/24739987#24739987

• Just please i forgot my security questions for the apple id and now i cant buy from app store with my visa card ?? I need your support regarding to this

  Pls i need your support regarding to this

  You need to contact Apple. Click here, phone them, and ask for the Account Security team, or fill out and submit this form.
  (92876)

• HT2623 I forgot the password for my .mac account and cannot log into it from Apple Mail.  I have an iCloud mail account but did not convert my .mac account to iCloud.  How can I log into my .mac or .me email?

  I set up .mac, including email, around 2006.  I believe my .mac account became a .me account, but I continued to receive email sent to .mac until about March 2013. 
  I accessed my .mac account using Apple Mail on an iMac running OS X 4.11.  I'm still using that machine.
  In July 2013, I upgraded my MacBook Pro to OS X 8.5, bought an iPod Touch and set up an iCloud account.
  I forgot my .mac password and I want to open an email message sent to my .mac email account. 
  When I attempt to log into my .mac account using Apple Mail, my password attempts are rejected by a .me mail server.
  Is there any way I can restore my access to my .mac or .me email?
  Thanks,
  William Postman

  Welcome to the Apple Community.
  Try...
  iForgot.com

• ASA for beginner

  Hi,
  I recently move into security devices using ASA for VPN & Firewall . Lots of choices book available from CiscoPress. Any suggestion either books or technical training?
  Thanks in advance.       
  MA.          

  I own the one by David Hucaby:
  http://www.ciscopress.com/bookstore/product.asp?isbn=1587054574
  Even though it was published five years ago it does a good job of covering the breadth of the product's capabilities.
  If you are trying for certification, you may want to supplement your reading with one of the CCNP Security certification guides (VPN and Firewall), Those have both been updated in 2011 and 2012 respectively and thus cover the newer syntax in ASA 8.3+ code.
  http://www.ciscopress.com/bookstore/product.asp?isbn=1587204479
  http://www.ciscopress.com/bookstore/product.asp?isbn=0132748355

• Configuring Cisco ASA for site to site VPN ( Issue with setting up local network)

  OK, so our primary firewall is a checkpoint gateway. Behind that we have a cisco ASA for vpn users. I have a project at the moment where we need to connect to another company using site to site VPN through the cisco ASA, as the checkpoint gateway is unable to establish a permanent tunnel with the other companies Cisco ASA.
  What would be the best practise for setting up the local network on my side? Create the network on the ASA and then use a L2 vlan to connect to the Core switch? 
  Setup a L3 interface on the core switch and point it towards the checkpoint gateway which would then point to the ASA?
  When you have to select your local network through the site to site wizard do you have to put the inside network address of the ASA?
  Our network is setup like this: Access layer switch > Core 6500 Switch > Checkpoint-Firewall > Internet
  The ASA is connected to a checkpoint sub interface
  Any help would be beneficial as im new to cisco ASAs 
  Thanks
  Mark

  Mark
  If we understood more about your environment we might be able to give you better answers. My initial reaction was similar to the suggestion from Michael to use a L2 vlan. But as I think a bit more my attention is drawn to something that you mention in the original post. The ASA is there for VPN users. If the VPN users need to access your internal network then you probably already have something configured on the ASA that allows access to the internal network. Perhaps that same thing might provide access for your site to site VPN?
  HTH
  Rick

• ACS/ASA authentication for vpn access vs. console management access

  I have an ACS 4.2 Server and an ASA 5540. I have setup AnyConnect SSL VPN on the ASA and want to authenticate users using AAA tacacs+ authentication with the ACS and an external Windows AD database. I have done this successfully. I also want to use the ACS for authenticating SSH management sessions into the ASA. I have setup a group in AD and on the ACS called VPNUSERS and NETADMINS. The problem is, I want the VPN users to ONLY be able to authenticate for VPN but not have access to logging into the ASA CLI or ASDM. The NETADMINS should be able to do both. The question I have is how do I setup the VPNUSER group in ACS to have access to connect to the ASA for VPN but not for the management console? It seems that if they can authenticate for vpn, they can also ssh the firewall which is what I want to prevent.

  Try using Network Access Restrictions (NAR)where you can restrict the administrative access on per device or on NDG basis.
  By default user accounts from external database such as AD in ACS will get authenticated through telnet on network device or a AAA client which can be restricted by enabling NAR in ACS.
  In your case it should be VPNUSERS group in ACS.
  HTH
  Ahmed