AAA Rules for PIX515E 6.3(5)

Hello. If I wanted to configure the PIX for authentication from an ACS server (for the purpose of PIX management), what else would I need apart from the following:
aaa-server Admin-FW protocol tacacs+
aaa-server Admin-FW max-failed-attempts 3
aaa-server Admin-FW deadtime 10
aaa-server Admin-FW (inside) host 192.168.2.9 access timeout 10
aaa authentication serial console Admin-FW
aaa authentication telnet console Admin-FW
aaa authentication ssh console Admin-FW
AFAIK, I have not specified what IP addresses that someone can telnet from to log onto the PIX. I have tried the following, but I'm sure I haven't provided the correct statements:
aaa authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW
... and I get a Username / Password prompt on the PIX but it keeps asking for a username and password. I know my TACACS account is fine since I can log onto routers with the same details as what I am using to authenticate to the PIX.
I also ran a debug on the PIX when I was trying to authenticate. The output is attached.
Thanks,
Timothy

Hi,
Config seems to be just fine, though you can still go through following :
Telnet access :
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sysmgmt.html#wp1022109
SSH access :
http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/sysmgmt.html#wp1034079
"aaa authentication include telnet inside 192.168.0.0 255.255.0.0 Admin-FW"
Above command is for pass through traffic, and has no role for Administrative authentication. So you can remove this.
Apart from that, in your debugs I see this,
150: Processing a rejection for user , session id: 1097271073
151: Processing a rejection for user , session id: 1097271073
*152: Marking server 192.168.2.9 down in servertag Admin-FW*
153: Processing a rejection for user , session id: 1097271073
154: Processing a rejection for user , session id: 1097271073
Can you check your ACS server logs pass/fail, to see of you are even touching the ACS server.
I am sure you must have defined a AAA client entry for PIX as a TACACS+ client.
Please look into that. As from these debugs it seems like, PIX is considering it dead.
Debugs that can help you :
debug aaa authentication
debug aaa authorization
Also, as you are using version 6.3(5),
Create a local account on PIX, and use these commands,
aaa authentication serial console Admin-FW LOCAL
aaa authentication telnet console Admin-FW LOCAL
aaa authentication ssh console Admin-FW LOCAL
So that you always have a fallback.
Regards,
Prem

Similar Messages

[SOLVED] how to use diffrent iptables rules for different ppp account?

x86 plantform run arch linux system , have two network interface etn1 eth0 .eth1 connect to internet. eth0 connect to other terminals through switch. want use different iptables rules for different pppoe account .also want to know how to forbidden more than one terminals established pppoe link use same account at the same time .
Last edited by linuxsir (2013-09-26 06:48:01)

(You establish PPPoE sessions over the local network to the Arch machine? Which then routes the traffic?)
first question ,yes that is exactly what i am done. second question i also have a small scripts on windows pc to solve routes traffic problem
route -p delete 0.0.0.0
route -p add 192.168.9.0 mask 255.255.255.0 192.168.9.1
route -p add 0.0.0.0 mask 0.0.0.0 192.168.22.0
but after a while i found scripts is not necessary because windows always attempt to use PPPoE sessions as default internet connection local connection is also ok
and use -i pppX in my iptables rules dose not solve my problem , because same account start PPPoE session could be marked as ppp0 or ppp1. it is hard to identified which account start session.

Data not coming from DOE to Mobile After defining Rule for device attribute

Hi All,
I have created a DO and rule for it.In case of Bulk Rule for all definition when i triggere extract from Portal then all the data comes to outbound queue but when i define rule for Device attribute then no data comes to my Outboun queue.Here is the scenario what i am doing :
1. I have order header in my backend which has a field named "Work_Center" and this will be criteria field.
2. In CDS table i have all the records for all the work center.
3. Now in RMM under customized , i have added an attribute named "Work_center".
4. Now i defined a rule with Device attribute mapping and activated the rule.
5. Now on Portal i assigned this data object and in the device attribute tab i assigned the value(this value exist in CDS table for few orders) of a Work center to the attribute "Work_Center" .
6. Then i triggrere extract but its Outbound queue is empty, what could be the reason.
Is my approach is correct
Regards,
Abhishek

Hi Abhishek,
You can check one ore thing, after you have performed all the steps till step 5, i.e. just before triggering
extract. Check if the AT table for ur DO has entries based on the criteria specified by you...
1. In the workbench click on the Data Object, and then right click and select "View Metadata".
2. Select Distribution Model tab.
3. Now select your DO's Association table.
4. For the input field DEVICE ID specify your corresponing device id,and also for status field specify it
as "I" and execute
If there are any entries now in the AT table, and on triggering extract if they are not coming to the
outbound Q there is some EXTRACT Q blocked. And is there were no entries in the AT then the rule
specified is not the satifying.
Thanks,
Swarna
Now if you have entries w

Leave Quota generation with diifferent rules for different countries

Hi,
I have the following requirement need help in achieving this.
Employers must grant 10 days paid leave to employees that worked for six consecutive months from the time of hiring and who worked on not less than 80 per cent of all schedule work days. This paid leave may be taken consecutively or separately. Where an employee's application to take paid leave will hinder the normal business operations, the employer may require the employee to take such paid leave at a different time.
The number of days of paid leave available to employees increases in proportion to employees' length of service as set forth in the below table.
Years of Service 0.5 1.5 2.5 3.5 4.5 5.5 6.5+
Paid Holidays 10 11 12 14 16 18 20
The right to annual paid leave expires after two years. In other words, annual paid leave left over from one year may be carried over and taken the next year only. For example, if an employee is awarded 10 days paid leave after their first 6 months of employment; those paid holidays will become invalid after 2.5 years of employment. Use them or lose them.
Simply put, holidays from one year can be carried over to the next year, but not to the third year. So, if you don't take your leave from one particular year within 12 months of that year ending, you will lose that first year's allowance.
Employee can take leave encashment of holiday leave only when leaving their employer. It is not legal for companies to buy up the holiday leave of those still working for the firm.
In my organization one PSG grouping has been used for all countries, it wont be possible to change the grouping now. In such a case how can we provide different rule for different country without customizing the Leave module.
Do we have to use any PCR for this, if yes which??
Regards,
Jailakshmi
Edited by: Jailakshmi on Aug 3, 2011 7:16 AM

Hi,
Use QUOMO Feature to give different entitilement to employees.
Leave entitlement as per seniority can be configured in base entitlement.
Keep validity and deduction period for 2 years by using :Relative postion" option in validity and deduction period table.
Rgds,
Lata
Rgds,

Problem with nat / access rule for webserver in inside network asa 5505 7.2

Hello,
i have trouble setting up nat and access rule for webserver located in inside network.
I have asa 5505 version 7.2 and it has to active interfaces, inside 192.168.123.0 and outside x.x.x.213
Webserver has ip 192.168.123.11 and it needs to be accessed from outside, ip x.x.x.213.
I have created an static nat rule with pat (as an appendix) and access rules from outside network to inside interface ip 192.168.123.11 (tcp 80) but no luck.
What am i doing wrong?

Command:
packet-tracer input outside tcp 188.x.x.213 www 192.168.123.11 www detailed
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in   192.168.123.0   255.255.255.0   inside
Phase: 3
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x35418d8, priority=500, domain=permit, deny=true
    hits=1, user_data=0x6, cs_id=0x0, reverse, flags=0x0, protocol=0
    src ip=188.x.x.213, mask=255.255.255.255, port=0
    dst ip=0.0.0.0, mask=0.0.0.0, port=0
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

Report on settlement profile/rule for the Process Orders ?

Is there any report which will display settlement profile for process order or settlement rule for process order.

Hi,
Did you try this one: KOSRLIST_OR - Settlement Rules?
Regards,
Eli

Any report to check vacation rule for users?

any report to check vacation rule for users?

Hello Anand,
there is no report but you may use the production order info system with list "components" and create a layout contaning the issued quantity and/or the final issue indicator. With a correct sorting, the list should show all orders with non-issued components at the top.
Regards, Andreas

Error when activating update rules for R/3 training and event management

hi all,
when iam trying to activate update rules for training and event management cube it is giving fallowing error."IC=0PE_C01 IS=0HR_PE_1 error when checking the update rules
Message no. RSAU461".
please guide me how to solve this issue.
thanks & regards
Vamshi D Krishna

Hi Vamsi,
Have you followed the following document to implement HR ?
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/a0780530-bf03-2b10-d5ad-e9e8a53def23

How can I activate the transfer rules for the ODS updating a data target.

We are on BW 3.5 and I'm loading data into the 0FIGL_O10 ODS and then uploading the data into the cube 0FIGL_C10. The data loads just fine to the ODS but when I try to 'update the data target' I get a date & time stamp' error on the info-package transfer rules.
I then Replicate the datasource 80FIGL_O01.
I must then 'activate' the transfer rules.
However I cannot get the transfer rules for 80FIGL_O10 in CHANGE MODE to activate them.
How can I activate the transfer rules for the ODS updating a data target.
The error text is as follows:
DataSource 80FIGL_O10 has to be replicated (time stamp, see long text)
Message no. R3016
Diagnosis
DataSource 80FIGL_O10 does not have the same status as the source system in the Business Information Warehouse.
The time stamp in the source system is 02/15/2007 10:42:33.
The time stamp in the BW system is 11/07/2006 13:11:54.
System response
The load process has been terminated.
Procedure
Copy the DataSource again and then activate the transfer rules that belong to it. You have to activate the transfer rules in every case, even if they are still active after the DataSource has been copied.
Thanks for your assistance.
Denny

Hi Dennis,
Try, using Business Content to activate your data source
hope this will help you
How activate business content?
http://help.sap.com/saphelp_nw04/helpdata/en/80/1a66d5e07211d2acb80000e829fbfe/frameset.htm

Apple Mail 8.2: How to make a rule for a domain

I get many unwanted emails from AOL.com and cannot figure out a way to create a rule that applies to the entire domain. <*aol.com> does not work and the 'sender' name changes with each one.
How can I create a rule for the entire aol.com domain?

DenaliDad wrote:
Correct. That doesn't work and neither does *@aol.com
It worked when I tested it on my mac (using another domain). The * is useless. "contains" includes any variation on the string.
Also, there is no need for @, either.

How to set up rules for emails to go to junk on iphone 4

i have an iphone4 that i use for work and a coworker sent out over 40,000 emails which has now overloaded my email to where i cannot send or recieve emails can i set up rules for his emails to go straight to junk? and how my email address is linked to iphone4s and ipad as well.
ps i did set up the rules on my desktop but it didnt seem to work or flow over to the iphone or ipad or maybe i just need to delete the emails? however theres literally 30,000 of them who do i do that quickly? please

The Mail app on the iPhone doesn't support filters. You'd need to do that on the server side (not desktop). There is just no quick way to delete 30,000 emails. At this point, I would remove the email account from your phone, delete the offending emails from your account, then add the account back to the iPhone.
I would also report the co-worker to your IT department (if they haven't already noticed) for sending that many emails. I'm surprised that it didn't cause issues.
Best of luck.

Itu00B4s possible to change the Distribution rules for a order type RM01 ??

Hi Experts:
I need to change the settlement rule which is automatic created at the moment that you create a Cost colector (class order RM01) transaction KKF6N..
but when I go into KKF6N transaction and I select the "change" option and after that I go into settlement rule screen, I can´t change the distribution rule.
I would need to change the settlement type from "PER" value to "TOT" value.. It´is possible in this kind of Cost colectors??
Thanks and regards!
Manuel

Hi,
Please note that you will not be able to change manually the settlement rule for a cost collector.
When you save, the system creates a settlement rule for the product cost collector.
The settlement rule for the product cost collector always specifies the distribution rule "100% to material" and the settlement type is always PER (periodic).
Also refer the note 388457 in which one of the paragraph it says "As of Release 4.5, a special settlement rule is generated when you create a product cost collector (with procedure 5: delivery value for product cost collector). You cannot subsequently change this settlement rule".
regards
Waman

[SOLVED]system fails to boot since adding udev rules for automounting

Hello
I have recently been trying to use udev rules to automount, and putting together stuff from the wiki, forums and general googling around have produced the following set of rules:
# automounts usb hdd and pendrives as usbhd-sdx; no messing around with
# volume labels or other confusing stuff
# matches all sdx devices except the internal hdd, sda
KERNEL=="sd[b-z]", NAME="%k", SYMLINK+="usbhd-%k", GROUP="users", OPTIONS="last_rule"
# imports filesystem information
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
# creates mount points and sets up symlinks
ACTION=="add", KERNEL=="sd[b-z][0-9]", SYMLINK+="usbhd-%k", GROUP="users", NAME="%k"
ACTION=="add", KERNEL=="sd[b-z][0-9]", RUN+="/bin/mkdir -p /media/usbhd-%k"
ACTION=="add", KERNEL=="sd[b-z][0-9]", RUN+="/bin/ln -s /media/usbhd-%k /mnt/usbhd-%k"
# global mount options
ACTION=="add", ENV{mount_options}="relatime"
# filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat)
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=100,dmask=000,fmask=111,utf8"
# automount ntfs filesystem with ntfs-3g driver
ACTION=="add", KERNEL=="sd[b-z][0-9]", ENV{ID_FS_TYPE}=="ntfs", RUN+="/bin/mount -t ntfs-3g -o %E{mount_options} /dev/%k /media/usbhd-%k", OPTIONS="last_r$
# automount all other file systems
ACTION=="add", KERNEL=="sd[b-z][0-9]", ENV{ID_FS_TYPE}!="ntfs", RUN+="/bin/mount -t auto -o %E{mount_options} /dev/%k /media/usbhd-%k", OPTIONS="last_rule"
# unmounts and removes the mount points
ACTION=="remove", KERNEL=="sd[b-z][0-9]", RUN+="/bin/rm -f /mnt/usbhd-%k"
ACTION=="remove", KERNEL=="sd[b-z][0-9]", RUN+="/bin/umount -l /media/usbhd-%k"
ACTION=="remove", KERNEL=="sd[b-z][0-9]", RUN+="/bin/rmdir /media/usbhd-%k", OPTIONS="last_rule"
This seemed to be working very well unitl I tried to boot this morning and the boot process stopped at "processing UDev events" with the following message:
iTCO_wdt: Unexpected close, not stopping watchdog!
It pauses at this point for 10-15 seconds and then reboots.
Having searched a bit, I found the following similar post on the forums: http://bbs.archlinux.org/viewtopic.php?pid=459375
Which suggests that the problem might lie with this line:
ACTION=="add", IMPORT{program}="/sbin/blkid -o udev -p %N"
I have renamed the file so that it no longer has the udev .rules extension and now the system boots fine. Does anyone have any suggestions as to why the above rules might be causing this behaviour and how I might go about fixing it?
Thanks
Last edited by useradded (2010-07-02 22:58:14)

Hey falconindy
That was the final kick up the logical a$$ that I needed to get some kind of grip on udev rules. I now have a fully functional rule that applies only to /dev/sdxy and not to everything else as well, so no more boot trauma, THANK YOU.
I will mark this thread as solved and post my new rule for the benefit of anyone who might read this.
New rule (no boot problems):
# automounts usb hdd and pendrives as label or as usbhd-sdxy if no label present
# ensures the following is _only_ run for sdxy devices excluding internal hdd, sda
KERNEL!="sd[b-z][0-9]", GOTO="personal_usb_automount_settings_end"
# imports filesystem information
# provides access to following variables:
# ID_FS_UUID; ID_FS_UUID_ENC; ID_FS_VERSION; ID_FS_TYPE; ID_FS_VERSION; ID_FS_LABEL
# accessible via ENV{variable}; $env{variable}|%E{variable}
IMPORT{program}="/sbin/blkid -o udev -p %N"
# Get a label if present, otherwise name usbhd-%k
ENV{ID_FS_LABEL}!="", ENV{dir_name}="%E{ID_FS_LABEL}"
ENV{ID_FS_LABEL}=="", ENV{dir_name}="usbhd-%k"
# creates mount points and sets up symlinks
ACTION=="add", SYMLINK+="%E{dir_name}", GROUP="users", NAME="%k"
ACTION=="add", RUN+="/bin/mkdir -p /media/%E{dir_name}"
ACTION=="add", RUN+="/bin/ln -s /media/%E{dir_name} /mnt/%E{dir_name}"
# global mount options
ACTION=="add", ENV{mount_options}="relatime"
# filesystem-specific mount options (777/666 dir/file perms for ntfs/vfat)
ACTION=="add", ENV{ID_FS_TYPE}=="vfat|ntfs", ENV{mount_options}="$env{mount_options},gid=100,dmask=000,fmask=111,utf8"
# automount ntfs filesystem with ntfs-3g driver
ACTION=="add", ENV{ID_FS_TYPE}=="ntfs", RUN+="/bin/mount -t ntfs-3g -o %E{mount_options} /dev/%k /media/%E{dir_name}", OPTIONS="last_rule"
# automount all other file systems
ACTION=="add",ENV{ID_FS_TYPE}!="ntfs", RUN+="/bin/mount -t auto -o %E{mount_options} /dev/%k /media/%E{dir_name}", OPTIONS="last_rule"
# unmounts and removes the mount points
ACTION=="remove", RUN+="/bin/rm -f /mnt/%E{dir_name}"
ACTION=="remove", RUN+="/bin/umount -l /media/%E{dir_name}"
ACTION=="remove", RUN+="/bin/rmdir /media/%E{dir_name}", OPTIONS="last_rule"
# exit
LABEL=="personal_usb_automount_settings_end"
Last edited by useradded (2010-07-02 22:59:20)

Error while creating rules for Event generator

Hi,
I followed the PO samples in dev2dev site to create an EventGenerator(both file and JMS) from a jython script. While creating rules for the eventgenerator, am getting the following exception.
"AttributeError: 'None' object has no attribute 'newFileEventGenConfigurationMBean'"
here is the PO sample code,
egCfgMBean = getMBean("FileEventGenerators/FileEventGenerators")
egMBean = egCfgMBean.newFileEventGenConfigurationMBean(egName)
I used getMBean() instead of wlst.getTarget() to retrieve the MBean info.
The server is weblogic 9.2 and domain is Integration domain. Looks like the getMBean() wasnt able to locate the Eventgenerator MBean for some reason and hence the variable 'egCfgMBean ' is always null. Anyone had this issue before.
Thanks.

It looks like getMBean("FileEventGenerators/FileEventGenerators") is not
returning an MBean. "None" is returned if no MBean is found. Check the path
parameter to getMBean() and make sure it is correct. If you know the object
name of the MBean you are interested in, you may be able to use the
getPath() command to get its path.
wls:/mydomain/serverConfig>path=getPath('com.bea:Name=myserver,Type=Server')
wls:/mydomain/serverConfig> print path
<Ramesh R> wrote in message news:[email protected]..
Hi,
I followed the PO samples in dev2dev site to create an EventGenerator(both
file and JMS) from a jython script. While creating rules for the
eventgenerator, am getting the following exception.
"AttributeError: 'None' object has no attribute
'newFileEventGenConfigurationMBean'"
here is the PO sample code,
egCfgMBean = getMBean("FileEventGenerators/FileEventGenerators")
egMBean = egCfgMBean.newFileEventGenConfigurationMBean(egName)
I used getMBean() instead of wlst.getTarget() to retrieve the MBean info.
The server is weblogic 9.2 and domain is Integration domain. Looks like the
getMBean() wasnt able to locate the Eventgenerator MBean for some reason and
hence the variable 'egCfgMBean ' is always null. Anyone had this issue
before.
Thanks.

While running dcdiag /test:dns getting Warning: The AAAA record for this DC was not found

DCDIAG /test:dns result is pested here.
C:\Users\administrator.SUD>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
 Trying to find home server...
 Home Server = MUM-ADS-01
 * Identified AD Forest.
 Done gathering initial info.
Doing initial required tests
 Testing server: Default-First-Site-Name\MUM-ADS-01
 Starting test: Connectivity
 ......................... MUM-ADS-01 passed test Connectivity
Doing primary tests
 Testing server: Default-First-Site-Name\MUM-ADS-01
 Starting test: DNS
 DNS Tests are running and not hung. Please wait a few minutes...
 ......................... MUM-ADS-01 passed test DNS
 Running partition tests on : ForestDnsZones
 Running partition tests on : DomainDnsZones
 Running partition tests on : Schema
 Running partition tests on : Configuration
 Running partition tests on : sud
 Running enterprise tests on : sud.in
 Starting test: DNS
 Test results for domain controllers:
 DC: MUM-ADS-01.sud.in
 Domain: sud.in
 TEST: Basic (Basc)
 Warning: The AAAA record for this DC was not found
 TEST: Forwarders/Root hints (Forw)
 Error: Root hints list has invalid root hint server:
 a.root-servers.net. (198.41.0.4)
 Error: Root hints list has invalid root hint server:
 b.root-servers.net. (128.9.0.107)
 Error: Root hints list has invalid root hint server:
 c.root-servers.net. (192.33.4.12)
 Error: Root hints list has invalid root hint server:
 d.root-servers.net. (128.8.10.90)
 Error: Root hints list has invalid root hint server:
 e.root-servers.net. (192.203.230.10)
 Error: Root hints list has invalid root hint server:
 f.root-servers.net. (192.5.5.241)
 Error: Root hints list has invalid root hint server:
 g.root-servers.net. (192.112.36.4)
 Error: Root hints list has invalid root hint server:
 h.root-servers.net. (128.63.2.53)
 Error: Root hints list has invalid root hint server:
 i.root-servers.net. (192.36.148.17)
 Error: Root hints list has invalid root hint server:
 j.root-servers.net. (192.58.128.30)
 Error: Root hints list has invalid root hint server:
 k.root-servers.net. (193.0.14.129)
 Error: Root hints list has invalid root hint server:
 l.root-servers.net. (198.32.64.12)
 Error: Root hints list has invalid root hint server:
 m.root-servers.net. (202.12.27.33)
 TEST: Delegations (Del)
 Error: DNS server: sud-ad.sud.in. IP:<Unavailable>
 [Missing glue A record]
 TEST: Records registration (RReg)
 Network Adapter
 [00000006] Intel(R) PRO/1000 MT Network Connection:
 Warning:
 Missing AAAA record at DNS server 10.1.6.132:
 MUM-ADS-01.sud.in
 Warning:
 Missing AAAA record at DNS server 10.1.6.132:
 gc._msdcs.sud.in
 Warning:
 Missing AAAA record at DNS server 10.1.6.133:
 MUM-ADS-01.sud.in
 Warning:
 Missing AAAA record at DNS server 10.1.6.133:
 gc._msdcs.sud.in
 Warning: Record Registrations not found in some network adapters
 Summary of test results for DNS servers used by the above domain
 controllers:
 DNS server: 128.63.2.53 (h.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.63.2.53
 DNS server: 128.8.10.90 (d.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.8.10.90
 DNS server: 128.9.0.107 (b.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.9.0.107
 DNS server: 192.112.36.4 (g.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.112.36.4
 DNS server: 192.203.230.10 (e.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.203.230.10
 DNS server: 192.33.4.12 (c.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.33.4.12
 DNS server: 192.36.148.17 (i.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.36.148.17
 DNS server: 192.5.5.241 (f.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.5.5.241
 DNS server: 192.58.128.30 (j.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 192.58.128.30
 DNS server: 193.0.14.129 (k.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 193.0.14.129
 DNS server: 198.32.64.12 (l.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
 DNS server: 198.41.0.4 (a.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.41.0.4
 DNS server: 202.12.27.33 (m.root-servers.net.)
 1 test failure on this DNS server
 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 202.12.27.33
 Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
 Domain: sud.in
 MUM-ADS-01 PASS WARN FAIL FAIL PASS WARN n/a
 ......................... sud.in failed test DNS

Hi Meinolf,
Please find the IP Details as well as DNS test results.
C:\Users\Administrator.SCI>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
 Trying to find home server...
 Home Server = MDCDCDNS
 * Identified AD Forest.
 Done gathering initial info.
Doing initial required tests
 Testing server: MDC-Powai\MDCDCDNS
 Starting test: Connectivity
 ......................... MDCDCDNS passed test Connectivity
Doing primary tests
 Testing server: MDC-Powai\MDCDCDNS
 Starting test: DNS
 DNS Tests are running and not hung. Please wait a few minutes...
ERROR: NO DNS servers for IPV6 stack was found
 ......................... MDCDCDNS passed test DNS
 Running partition tests on : ForestDnsZones
 Running partition tests on : DomainDnsZones
 Running partition tests on : Schema
 Running partition tests on : Configuration
 Running partition tests on : sci
 Running enterprise tests on : sci.com
 Starting test: DNS
 Test results for domain controllers:
 DC: MDCDCDNS.sci.com
 Domain: sci.com
 TEST: Basic (Basc)
 Warning: The AAAA record for this DC was not found
 TEST: Records registration (RReg)
 Network Adapter
 [00000009] Microsoft Virtual Network Switch Adapter:
 Warning:
 Missing AAAA record at DNS server 10.64.7.32:
 MDCDCDNS.sci.com
 Warning:
 Missing AAAA record at DNS server 10.64.7.32:
 gc._msdcs.sci.com
 Warning:
 Missing AAAA record at DNS server 10.64.7.35:
 MDCDCDNS.sci.com
 Warning:
 Missing AAAA record at DNS server 10.64.7.35:
 gc._msdcs.sci.com
 Warning:
 Missing AAAA record at DNS server 10.20.33.72:
 MDCDCDNS.sci.com
 Warning:
 Missing AAAA record at DNS server 10.20.33.72:
 gc._msdcs.sci.com
 Warning:
 Missing AAAA record at DNS server 10.20.33.71:
 MDCDCDNS.sci.com
 Warning:
 Missing AAAA record at DNS server 10.20.33.71:
 gc._msdcs.sci.com
 Warning: Record Registrations not found in some network adapters
 MDCDCDNS PASS WARN PASS PASS PASS WARN n/a
 ......................... sci.com passed test DNS
C:\Users\Administrator.SCI>ipconfig /all
Windows IP Configuration
 Host Name . . . . . . . . . . . . : MDCDCDNS
 Primary Dns Suffix . . . . . . . : sci.com
 Node Type . . . . . . . . . . . . : Hybrid
 IP Routing Enabled. . . . . . . . : No
 WINS Proxy Enabled. . . . . . . . : No
 DNS Suffix Search List. . . . . . : sci.com
Ethernet adapter Local Area Connection 7:
 Connection-specific DNS Suffix . :
 Description . . . . . . . . . . . : External Internal Virtual Network
 Physical Address. . . . . . . . . : 00-14-4F-CA-83-AC
 DHCP Enabled. . . . . . . . . . . : No
 Autoconfiguration Enabled . . . . : Yes
 IPv4 Address. . . . . . . . . . . : 10.64.7.32(Preferred)
 Subnet Mask . . . . . . . . . . . : 255.255.255.0
 Default Gateway . . . . . . . . . : 10.64.7.1
 DNS Servers . . . . . . . . . . . : 10.64.7.32
 10.64.7.35
 10.20.33.72
 10.20.33.71
 NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter Local Area Connection 6:
 Connection-specific DNS Suffix . :
 Description . . . . . . . . . . . : TEAM : Team #1
 Physical Address. . . . . . . . . : 00-14-4F-CA-83-AC
 DHCP Enabled. . . . . . . . . . . : Yes
 Autoconfiguration Enabled . . . . : Yes
 Autoconfiguration IPv4 Address. . : 169.254.105.163(Preferred)
 Subnet Mask . . . . . . . . . . . : 255.255.0.0
 Default Gateway . . . . . . . . . :
 NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 8:
 Media State . . . . . . . . . . . : Media disconnected
 Connection-specific DNS Suffix . :
 Description . . . . . . . . . . . : isatap.{2D5A4A27-298F-48E5-A376-EA886EF1E
42A}
 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
 DHCP Enabled. . . . . . . . . . . : No
 Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 9:
 Media State . . . . . . . . . . . : Media disconnected
 Connection-specific DNS Suffix . :
 Description . . . . . . . . . . . : isatap.{14FA7CD4-8B69-4C86-A58B-056793B7D
901}
 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
 DHCP Enabled. . . . . . . . . . . : No
 Autoconfiguration Enabled . . . . : Yes
Please check and revert back for any queries..
Thanks...
Deva Self-trust is the first secret of success.

AAA Rules for PIX515E 6.3(5)

Similar Messages

Maybe you are looking for