Access-List configuration on ASR9k

hello All,
I have on my network an ASR 9000 and want to configure an access-list. But is there any command to refer an ACL via object network as ASA do.
and which is the command that refer to it?
So is it possible to create objects and then to refer at the acl
Regards,
mery

Hi Mery,
here is an example.           
RP/0/RSP0/CPU0:ASR9K-PE2-R1#show configuration commit changes last 1
Mon Feb 24 00:06:10.681 UTC
Building configuration...
!! IOS XR Configuration 5.1.0
object-group network ipv4 real
host 100.1.1.1
ipv4 access-list real
10 permit icmp any any
20 permit tcp any net-group real eq www
30 permit tcp any net-group real eq www log
40 permit tcp any net-group real eq ftp
50 permit tcp any net-group real eq telnet
60 permit tcp any net-group real eq pop3
70 permit tcp any net-group real eq smtp
80 permit tcp any net-group real eq domain
90 permit tcp any net-group real eq ftp-data
100 permit tcp any net-group real established
110 permit tcp any net-group real eq 389
111 permit udp any net-group real eq 389
120 permit tcp any net-group real eq 636
121 permit udp any net-group real eq 636
200 permit ipv4 any any
end
RP/0/RSP0/CPU0:ASR9K-PE2-R1#

Similar Messages

  • Access-list configuration

    hi
    i have the following configuration:
    interface FastEthernet0/1
    description **** connected to Timsoret Line-code yy-yyyyy 1 Giga ***
    no ip address
    duplex full
    speed 100
    interface FastEthernet0/1.2007
    description ***** Connect To MASTER_SHUKEI_ON *****
    encapsulation dot1Q 2007
    ip address 172.21.2.46 255.255.255.248
    interface FastEthernet0/1.2008
    description ***** Connect To TRAST *****
    encapsulation dot1Q 2008
    ip address 172.21.2.54 255.255.255.248
    interface FastEthernet0/1.2009
    description ***** Connect To TRAST *****
    encapsulation dot1Q 2009
    ip address 172.21.2.62 255.255.255.248
    interface FastEthernet0/1.2010
    description ***** Connect To TRAST *****
    encapsulation dot1Q 2010
    ip address 172.21.2.707 255.255.255.248
    and i want to config a access deny between the vlans, that the user can't come in to anather vlans that don't belong to them
    thanks

    HI
    Configure access-list
    access-list 10 deny u r vlan2007 range
    access-list 10 permit any
    int f0/0.2007
    access-group 10 in
    same for vlan 2008
    Thanks
    Mahmood

  • Please assist me for access-list configuration

    Dear Team,
    Please help me to configure the access-list.
    Requirement:
    I have three different subnets(10.1.1.0/24, 20.1.1.0/24, 30.1.1.0/24). PC1, PC3 are within 10.1.1.0 subnets and PC2 and PC4 are within 30.1.1.0 subnets.
    I want 10.1.1.0 subnet should not access 30.1.1.0 subnets but 30.1.1.0 subnets should access 10.1.1.0 subnets. Please find below configuration.
    At R2:
    ip access-list exstandard 101
    deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255
    permit ip any any
    int f0/0
    ip access-group 101 in
    But this configuration is not working, it's blocking the 30.1.1.0 subnet to access 10.1.1.0 also. Please help me!!!!!
    Regards,
    Sanjib

    Hello
    I assume the rtrs are performing the routing for these subnets and no the switches, anyway your acl doesn't look correct, try this:
    R2
    ip access-list extended 101
    deny ip 30.1.1.0 0.0.0.255 10.1.1.0 0.0.0.255
    permit ip any any
    int f0/0
    ip access-group 101 in
    or
    ip access-list extended 101
    deny ip 10.1.1.0 0.0.0.255 30.1.1.0 0.0.0.255
    permit ip any any
    int f0/0
    ip access-group 101 out
    reverse the acl for R3 if applicable
    res
    Paul

  • ASA5520 access-list configuration?

    I have two asa5520s, version 7.2(2).
    I have use access-list for the firewall as:
    access-list outside extended permit ip object-group mydomain any
    access-list outside extended permit icmp object-group mydomain any
    access-group outside in interface outside.
    I believe that all the ip traffic should be allowed from machine AA in private network behind inside interface to a machine BB in public network (outside of outside interface of asa5520)
    (private) AA->asa5520->BB (public)
    However, it seems works for most of case, but, it do not work for certain port.
    telnet AA 80 -> it seems working fine
    telnet AA 3816 -> it is not work.
    when I do the packet trace on asa5520, it said access-list not allowed.
    Could anyone advice me what does my configuratin miss? How to corrrect this problem? and also, how can I see all the implicy rules which set by default?
    any comments will be appreciated
    Thanks in advance

    please upload/copy your config so we can see

  • Simple SSH Access-List Question

    I am enabling SSH access for all of our Cisco devices and want to restrict access to just the following ip addresses: 192.168.200.1-192.168.200.50.  I forgot the exact access-list configuration to accomplish this.  The subnet is /24 and I don't want the whole subnet - just .1 - .50.
    Thank you,
    Thomas Reiling

    Hi there,
    If using ssh make sure you have a domain name, host name and a generated rsa key.  Assuing you've done that, the the following ACL and line vty command will do the trick.  Note that the 1-50 host list is not on a subnet barrier.
    To get it exactly
    access-list 1 remark ALLOW MANAGEMENT
    access-list 1 permit 192.168.200.0 0.0.0.31
    access-list 1 permit 192.168.200.32 0.0.0.15
    access-list 1 permit 192.168.200.48 0.0.0.1
    access-list 1 host 192.168.200.50
    access-list 1 deny any log
    It would be a good idea to put it on a boundary though, so the following would be much more simpler and easier to read.
    access-list 1 remark ALLOW MANAGEMENT
    access-list 1 permit 192.168.200.0 0.0.0.63
    access-list 1 deny   any log
    Apply the access-class on the vty lines and depending on authentication, i'd put something there too.
    line vty 0 4
    access-class 1 in
    transport input ssh
    password blahblah
    That ought to do it.
    good luck!
    Brad

  • Cleaning up Access Lists

    Here is an access list I want to know if I can "clean up" :
    access-list outside_access_in extended permit tcp any host 192.168.0.81 eq 7500
    access-list outside_access_in extended permit tcp any host 192.168.0.202 eq 3389
    access-list outside_access_in extended permit object RDP any any
    access-list outside_access_in extended permit tcp any interface outside eq 3389
    access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 7500
    access-list outside_access_in_1 extended permit object RDP any object FileServer
    access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53827
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 3389
    access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53828
    access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53829
    access-list outside_access_in_1 extended permit tcp any host 192.168.0.81 eq 53830
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 53850
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 53810
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 53855
    access-list outside_access_in_1 extended permit tcp any object New_Server eq telnet
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 55443
    access-list outside_access_in_1 extended permit tcp any object New_Server eq 7500
    access-list outside_access_in_1 extended permit tcp any object DattoDevice eq ssh
    access-list outside_access_in_1 extended permit udp any object DattoDevice eq ntp
    access-list outside_access_in_1 extended permit icmp any object DattoDevice
    access-list RemoteVPN_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
    access-list outside_cryptomap extended permit ip 192.168.0.0 255.255.255.0 156.30.21.200 255.255.255.248
    access-list outside_cryptomap_1 extended permit ip object host-192.168.0.81 156.30.21.200 255.255.255.248
    What is the significance of the _1 on most of these statements? Should/could I add an _1 to the top 4 lines to make this list symmetrical?  I suspect some of these lines were created when they migrated over from a PIX501 to this ASA......

    Hi,
    To my understanding the numbering in the format "_1" (and similiar) are generated by device when you configure it through the ASDM.
    The "access-list" configurations for "outside_access_in" and "outside_access_in_1" are for 2 totally different ACLs.
    I would imagine that only one of them it attached to your "outside" interface at the moment. You can check what ACLs are attached to the interfaces of the ASA with the command
    show run access-group
    You could add the same lines from the old ACL to the new ACL with the "_1" at the end but you probably wont need all the statements (if any). The first line of the ACL you seem to have in the new one already.
    The second ACL line might be in the new ACL. I am not sure as it contains "object" configurations which hold the IP addresses that I cant see.
    Same goes for the third line of the ACL. It contains an "object" configuration though it seems it allows RDP from "any" host to "any" host. You might already have the RDP rules for the required hosts but with this information I can not say whats the case.
    The last (fourth) line of the ACL seems to be a RDP rule that previously allowed RDP connections towards a host that used the PIX firewalls "outside" interface as its public IP address. This wont be needed anymore as in the new software that you are using you always allow the traffic to the local IP address, even if there is a NAT conigured.
    The ACL named "RemoveVPN_SplitTunnelAcl" is probably currently in the "group-policy" configurations of your VPN. I doubt you will have to touch this at all.
    At the end of the post you have ACLs named "outside_cryptomap" and "outside_cryptomap_1". These seems to be ACLs configured for L2L VPN connections. Considering the destinatin subnet in both of these is identical I imagine that also only one of these is in actual use at the moment.
    You can check what is in use with the command
    show run crypto map
    Hope this helps :)
    - Jouni

  • Configuring Extended Access List with Any statement

    I have several questions where I'm fuzzy on a configuration already on my network.  Whoever setup my network before me just put the same access-lists on all the interfaces at three different locations --
    1.  Are extended access-lists always source then destination?  Like in the following statement:
    permit ip host 172.16.4.20 any - Is the source 172.16.4.20 and destination any?
    2.  Further down though there is:
    permit tcp any host 172.16.4.11 eq 443.
    In that case is the source any host and the destination 172.16.4.11 ?
    This had been placed on an inbound access-list but 4.11 is not internal to that network so I don't think that statement if valid.
    3.  Also, when you do a:
    sho ip access-list -
    Not many of the line items in that access have any counts - does that mean nothing is hitting them or like I think they could be misconfigured?
    Thanks!

    Thank you Alex for your response.
    Yes, this is an example:
    permit tcp 192.168.1.0 0.0.0.255 host 192.168.2.1 eq 135 389 636 445 3268 3269 domain 88
    I have more ACLs and each ACL contains more conditions with multiples Por

  • Configuring Access List

    I have the following configuration in the msfc of a catalyst 6509:
    interface Vlan5
    description Vlan Medidores Electricos
    ip address 172.23.60.1 255.255.255.0
    no ip unreachables
    no ip directed-broadcast
    interface Vlan1
    description Vlan Usuarios Pz-Jose
    ip address 172.23.8.1 255.255.252.0
    no ip unreachables
    no ip directed-broadcast
    In the subnet 172.23.8.0/22 I have the server 172.23.11.3 and in the subnet 172.23.60.0/24 I have meters of electricity.
    I have the following request: The hosts active of the subnet 172.23.60.0/24 alone should have access to server 172.23.11.3, and alone the server 172.23.11.3 should have access to the hosts active of the network 172.23.60.0/24.
    I think to carry out the following configuration:
    interface Vlan5
    description Vlan Medidores Electricos
    ip address 172.23.60.1 255.255.255.0
    ip access-group 103 in
    no ip unreachables
    no ip directed-broadcast
    interface Vlan1
    description Vlan Usuarios Pz-Jose
    ip address 172.23.8.1 255.255.252.0
    no ip unreachables
    no ip directed-broadcast
    access-list 103 permit ip host 172.23.60.2 host 172.23.11.3
    access-list 103 permit ip host 172.23.60.3 host 172.23.11.3
    access-list 103 permit ip host 172.23.60.4 host 172.23.11.3
    access-list 103 permit ip host 172.23.60.5 host 172.23.11.3
    access-list 103 permit ip host 172.23.60.6 host 172.23.11.3
    access-list 103 permit ip host 172.23.60.7 host 172.23.11.3
    access-list 103 permit ip host 172.23.60.8 host 172.23.11.3
    access-list 103 permit ip host 172.23.60.9 host 172.23.11.3
    access-list 103 permit ip host 172.23.60.10 host 172.23.11.3
    access-list 103 permit ip host 172.23.60.11 host 172.23.11.3
    access-list 103 permit ip host 172.23.11.3 172.23.60.0 0.0.0.255
    access-list 103 deny any any
    Is correct?
    Some recomendation?

    I don't believe your source/destination address logic matches your access-group 3 in statement. Your configuration states inbound traffic on interface VLAN 5 sourced as 172.23.60.x destined for 172.23.11.3 is allowed. Using Leo's recommendations I suggest you reverse source and destination address.
    access-list 103 permit ip host 172.23.11.3 172.23.60.0 0.0.0.15
    Interface Vlan5
    ip access-group 3 in
    HTH,
    Ryan

  • How to create a Access list on core switch to bloxk all Internet Traffic & allow some specific Internet Traffic

    Hellp Everyone,
    I am trying to create a Access-List on my Core Switch, in which I want to allow few internet website & block the rest of them.
    I want to allow the whole Intranet but few intranet websites also needs access to the internet.
    Can we create such Access-List with the above requirement.
    I tried to create the ACL on the switch but it blocks the whole internet access.
    i want to do it for a subnet not for a specific IP.
    Can someone help me in creating such access list.
    Thanks in Advance

    The exact syntax depends on your subnets and how they connect to the Internet. If you can share a simple diagram that would be much more informative.
    In general just remember that access-lists are parsed from the top down and as soon as a match is found, the processing stops. So you put the most specific rules at the top. also, once you add an access-list, there is an implicit "deny any any" at the end.
    The best approach is to create some network object-groups and then refer to them in your access list. From your description, that would be something like three object-groups - one for the Intranet (Intranet), one for the allowed servers that can use Internet (allowed_servers), and a third for the permitted Internet sites (allowed_sites).
    You would then use them as follows:
    ip access-list extended main_acl
    permit any object-group intranet any
    permit object-group allowed_servers object-group allowed_sites any
    interface vlan
    ip access-group main_acl in
    More details on the syntax and examples can be found here:
    http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_acl/configuration/15-2mt/sec-object-group-acl.html#GUID-BE5C124C-CCE0-423A-B147-96C33FA18C66

  • IOS XR deny ace not supported in access list

    Hi everybody,
    We´ve a 10G interface, this is a MPLS trunk between one ASR 9010 and a 7613, and the first thing that we do is through a policy-map TK-MPLS_TG we make a shape of 2G to the interface to the output:
    interface TenGigE0/3/0/0
     cdp
     mtu 1568
     service-policy output TK-MPLS_TG
     ipv4 address 172.16.19.134 255.255.255.252
     mpls
      mtu 1568
    policy-map TK-MPLS_TG
    class class-default
      service-policy TK-MPLS_EDGE-WAN
      shape average 2000000000 bps
      bandwidth 2000000 kbps
    and we´ve the policy TK-MPLS_EDGE-WAN as a service-policy inside, this new policy  help us to asign bandwidth percent to 5 class-map, wich in turn match with experimental values classified when they got in to the router:
    class-map match-any W_RTP
     match mpls experimental topmost 5
     match dscp ef
     end-class-map
    class-map match-any W_EMAIL
     match mpls experimental topmost 1
     match dscp cs1
     end-class-map
    class-map match-any W_VIDEO
     match mpls experimental topmost 4 3
     match dscp cs3 cs4
     end-class-map
    class-map match-any W_DATOS-CR
     match mpls experimental topmost 2
     match dscp cs2
     end-class-map
    class-map match-any W_AVAIL
     match mpls experimental topmost 0
     match dscp default
     end-class-map
    policy-map TK-MPLS_EDGE-WAN
    class W_RTP
      bandwidth percent 5
    class W_VIDEO
      bandwidth percent 5
    class W_DATOS-CR
      bandwidth percent 30
    class W_EMAIL
      bandwidth percent 15
    class W_AVAIL
      bandwidth percent 2
    class class-default
    end-policy-map
    what we want to do is to assign a especific bandwidth to the proxy to the output using the class W_AVAIL, the proxy is 150.2.1.100. We´ve an additional requirement, wich is not apply this "rate" to some networks we are going to list only 4 in the example, so what we did was a new policy-map with a new class-map and a new ACL :
    ipv4 access-list PROXY-GIT-MEX
    10 deny ipv4 host 150.2.1.100 10.15.142.0 0.0.0.255
    20 deny ipv4 host 150.2.1.100 10.15.244.0 0.0.0.255
    30 deny ipv4 host 150.2.1.100 10.18.52.0 0.0.0.127
    40 deny ipv4 host 150.2.1.100 10.16.4.0 0.0.0.255
    50 permit tcp host 150.2.1.100 any
    60 permit tcp host 10.15.221.100 any
    policy-map EDGE-MEX3-PXY
     class C_PXY-GIT-MEX3
      police rate 300 mbps
     class class-default
     end-policy-map
    class-map match-any C_PXY-GIT-MEX3
     match access-group ipv4 PROXY-GIT-MEX
     end-class-map
    we asign a policy rate of 300 mbps to the class inside the policy EDGE-MEX3-PXY and finally we put this new policy inside the class W_AVAIL of the policy TK-MPLS_EDGE-WAN
    policy-map TK-MPLS_EDGE-WAN
    class W_RTP
      bandwidth percent 5
    class W_VIDEO
      bandwidth percent 5
    class W_DATOS-CR
      bandwidth percent 30
    class W_EMAIL
      bandwidth percent 15
    class W_AVAIL
      service-policy EDGE-MEX3-PXY
    class class-default
    end-policy-map
    and we get this:
    Wed Sep 17 18:35:36.537 UTC
    % Failed to commit one or more configuration items during a pseudo-atomic operation. All changes made have been reverted. Please issue 'show configuration failed' from this session to view the errors
    RP/0/RSP1/CPU0:ED_MEX_1(config-pmap-c)#show configuration failed
    Wed Sep 17 18:35:49.662 UTC
    !! SEMANTIC ERRORS: This configuration was rejected by
    !! the system due to semantic errors. The individual
    !! errors with each failed configuration command can be
    !! found below.
    !!% Deny ace not supported in access-list: InPlace Modify Error: Policy TK-MPLS_TG: 'km' detected the 'warning' condition 'Deny ace not supported in access-list'
    end
    Any  kind of help is very appreciated.

    That is correct, due to the way the class-matching is implemented in the TCAM, only permit statements in an ACL can be used for QOS class-matching based on ACL.
    unfortunately, you'll need to redefine the policy class match in such a way that it takes the permit only.
    if you have some traffic that you want to exclude you could do something like this:
    access-list PERMIT-ME
    1 permit
    2 permit
    3 permit
    access-list DENY-me
    !the exclude list
    1 permit
    2 permit
    3 permit
    policy-map X
    class DENY-ME
    <dont do anything> or set something rogue (like qos-group)
    class PERMIT-ME
    do here what you wanted to do as earlier.
    eventhough the permit and deny may be overlapping in terms of match.
    only the first class is matched here, DENY-ME.
    cheers!
    xander

  • Static nat with port redirection 8.3 access-list using un-nat port?

    I am having difficulty following the logic of the port-translation and hoping someone can shed some light on it. Here is the configuration on a 5505 with 8.3
    object network obj-10.1.1.5-06
    nat (inside,outside) static interface service tcp 3389 3398
    object network obj-10.1.1.5-06
    host 10.1.1.5
    access-list outside_access_in line 1 extended permit tcp any any eq 3389 (hitcnt=3)
    access-group outside_access_in in interface outside
    So I would have thought the outside access-list should reference the 'mapped' port but even with 3398 open I cannot remote desktop to the host. If I open 3389 then I can connect successfully. What gives?
    Thanks in advance..

    Hello,
    I would be more than glad to explain you what is going on!
    The thing is since 8.3 NAT is reviewed before the acl so, the ASA receives the packet on the outside interface, checks for a existing connection, if there is none it will un-nat the packet and then check the ACL.
    After the packet in un-natted what we have is the private ip addresses and the real ports. so that is why on this versions you got to point the ACL to the private ip addresses and ports.
    Regards,
    Julio
    Rate helpful posts

  • The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error

    We are getting the below error when we see in Crawl logs
    "The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error."
    This is happening in FAST search.
    Here I can see soke of the logs related to this search crawl.
    Could anyone please help on this?
    web application 'http://xvy/' doesn't use search application 'FAST Query SSA', skipping it.
    ABC\sp_search' on web application 'http://xvy/'. 2d7dba01-3d2e-4903-b59f-9a8601627bcd
    07/30/2014 01:30:46.65  OWSTIMER.EXE (0x28DC)                    0x1BC0 SharePoint Server Search       Administration               
     dl2m Verbose  Search application 'Search Service Application 1': Skipping web application '48ed7882-9f70-424e-bf72-e3c9f5340b97' because its outbound url 'http://ebc:30347' was automatically added once.
    Ensure full read access to the indexing account 'ABC\sp_search' on web application 'http://nvcp/'. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dl2m Verbose  Search application 'FAST Query SSA': Skipping web application '57718ea1-8cb5-4adc-abd2-9e55415e5791' because its outbound url 'http://nvcp' was automatically added once. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dl2n Verbose  Search application 'FAST Query SSA': Adding start address 'http://nvcp' for web application '57718ea1-8cb5-4adc-abd2-9e55415e5791' to list of valid start addresses. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dmb6 Verbose  Ensure full read access to the indexing account 'ABc\sp_search' on web application 'http://nvcp'ext/'. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dl2m Verbose  Search application 'FAST Query SSA': Skipping web application '64d562a1-535e-4917-8979-88840e2a67fe' because its outbound url 'http://nvcp'ext' was automatically added once. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dl2n Verbose  Search application 'FAST Query SSA': Adding start address 'http://nvcpext' for web application '64d562a1-535e-4917-8979-88840e2a67fe' to list of valid start addresses. 85041609-d618-4132-ac8e-195a910d99a0
    07/30/2014 01:31:46.53  OWSTIMER.EXE (0x28DC)                    0x05F4 SharePoint Server Search       Administration               
     dmb6 Verbose  Ensure full read access to the indexing account 'ABC\sp_search' on web application 'http://nvcpnew/'. 85041609-d618-4132-ac8e-195a910d99a0
    executing SQL query {? = call dbo.proc_MSS_PropagationIndexerGetReadyQueryComponents}  [propdatabase.cxx:70]  d:\office\source\search\native\ytrip\tripoli\propagation\propdatabase.cxx 
    07/30/2014 01:32:04.31  mssearch.exe (0x0588)                    0x1DE4 SharePoint Server Search       Propagation Manager          
     e3o3 Verbose  executing SQL query {? = call dbo.proc_MSS_PropagationIndexerGetReadyQueryComponents}  [propdatabase.cxx:70]  d:\office\source\search\native\ytrip\tripoli\propagation\propdatabase.cxx 
    07/30/2014 01:32:04.68  mssdmn.exe (0x15CC)                      0x1060 SharePoint Server Search       HTTP Protocol
    Handler          du4i                     0x29E4 SharePoint Server Search       HTTP
    Protocol Handler          du4i Verbose  CHttpAccessorHelper::InitRequestInternal - opening request for '/robots.txt'.   [httpacchelper.cxx:353]  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
    07/30/2014 01:32:04.70  mssdmn.exe (0x15CC)                      0x29E4 SharePoint Server Search       HTTP Protocol
    Handler          du54 High     CHttpAccessorHelper::InitRequestInternal - unexpected status (503) on request for 'http://ppecpnew/robots.txt' Authentication 0.  [httpacchelper.cxx:703] 
    d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
    07/30/2014 01:32:04.70  mssearch.exe (0x0588)                    0x130C SharePoint Server Search       Gatherer                     
     cd11 Warning  The start address http://nvcp'/sites/quipme cannot be crawled.  Context: Application 'FAST_Content_SSA', Catalog 'Portal_Content'  Details: 
    The crawler could not communicate with the server. Check that the server is available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error.   (0x80041200) 
    07/30/2014 01:32:04.70  mssdmn.exe (0x15CC)                      0x104C SharePoint Server Search       HTTP Protocol
    Handler          du4i Verbose  CHttpAccessorHelper::InitRequestInternal - opening request for '/robots.txt'.   [httpacchelper.cxx:353]  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
    07/30/2014 01:32:04.70  mssdmn.exe (0x15CC)                      0x104C SharePoint Server Search       HTTP Protocol
    Handler          du54 High  
    07/30/2014 01:32:04.70  mssearch.exe (0x0588)                    0x2948 SharePoint Server Search       Gatherer                     
     cd11 Warning  The start address
    http://nvcp'/sites/MDPPubng cannot be crawled.  Context: Application 'FAST_Content_SSA', Catalog 'Portal_Content'  Details:  The crawler could not communicate with the server. Check that the server is
    available and that the firewall access is configured correctly. If the repository was temporarily unavailable, an incremental crawl will fix this error.   (0x80041200) 
     CHttpProbeHelper::ProbeServer: InitRequest failed for 'http://ppecpnew/_vti_bin/sitedata.asmx'. Return error to caller, hr=80041200  [stscommon.cxx:490]  d:\office\source\search\native\gather\protocols\common\stscommon.cxx 
    07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
     dvg0 High     STS3::COWSServer::InitializeClaimsCookie: Probing url 'http://pncvr' failed. Return error to caller, hr=80041200  [sts3util.cxx:1332]  d:\office\source\search\native\gather\protocols\sts3\sts3util.cxx 
    07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
     en0e High     CSTS3Accessor::InitURLType: Return error to caller, hr=80041200                 [sts3acc.cxx:2214]  d:\office\source\search\native\gather\protocols\sts3\sts3acc.cxx 
    07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
     dv3p High     CSTS3Accessor::GetServer fails, Url sts4://pnvpr/siteurl=sites/product/siteid={7ebfb072-08a8-4df7-8f74-e06730325d9a}/weburl=/webid={bd7ae724-1256-4b26-9633-416447d6bc5c}, hr=80041200  [sts3acc.cxx:185] 
    d:\office\source\search\native\gather\protocols\sts3\sts3acc.cxx 
    07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
     dvb1 High     CSTS3Accessor::Init fails, Url sts4:/mngbv/siteurl=sites/product/siteid={7ebfb072-08a8-4df7-8f74-e06730325d9a}/weburl=/webid={bd7ae724-1256-4b26-9633-416447d6bc5c}, hr=80041200  [sts3handler.cxx:312] 
    d:\office\source\search\native\gather\protocols\sts3\sts3handler.cxx 
    07/30/2014 01:32:26.06  mssdmn.exe (0x15CC)                      0x16FC SharePoint Server Search       HTTP Protocol
    Handler          du2z Verbose  CHttpProbeHelper::ProbeServer: Probing server with url 'http://pnvpr/_vti_bin/sitedata.asmx'.  [stscommon.cxx:476]  d:\office\source\search\native\gather\protocols\common\stscommon.cxx 
    07/30/2014 01:32:26.08  mssdmn.exe (0x15CC)                      0x193C SharePoint Server Search       PHSts                        
     dvb2 High     CSTS3Handler::CreateAccessorExD: Return error to caller, hr=80041200            [sts3handler.cxx:330]  d:\office\source\search\native\gather\protocols\sts3\sts3handler.cxx 
    07/30/2014 01:32:26.08  mssdmn.exe (0x15CC)                      0x16FC SharePoint Server Search       HTTP Protocol
    Handler          du4i Verbose  CHttpAccessorHelper::InitRequestInternal - opening request for '/_vti_bin/sitedata.asmx'.  [httpacchelper.cxx:353]  d:\office\source\search\native\gather\protocols\http\httpacchelper.cxx 
    earch application 'FAST Query SSA': Adding start address 'http://mnvfgext' for web application '64d562a1-535e-4917-8979-88840e2a67fe' to list of valid start addresses. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
    07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
     dmb6 Verbose  Ensure full read access to the indexing account 'ABC\sp_search' on web application 'http://nvpr/'. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
    07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
     dl2m Verbose  Search application 'FAST Query SSA': Skipping web application 'cea7b67b-fd5f-4c9a-a300-64a7d7ca3093' because its outbound url 'http://pnvpr' was automatically added once. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
    07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
     dl2n Verbose  Search application 'FAST Query SSA': Adding start address 'http://pnvpr' for web application 'cea7b67b-fd5f-4c9a-a300-64a7d7ca3093' to list of valid start addresses. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
    07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
     dl2k Verbose  web application 'http://abcrsp/' doesn't use search application 'FAST Query SSA', skipping it. a6b7948a-dc16-419d-b58a-0ee798a0bb9c
    07/30/2014 01:32:46.53  OWSTIMER.EXE (0x28DC)                    0x1444 SharePoint Server Search       Administration               
     dl2k Verbose  web application 'http://excb/' doesn't use search application 'FAST Query SSA', ski
    Anil Loka

    Hi,
    According to your post, my understanding is that you got error when communicating to the server.
    This happens when crawler is not able to connect to the server. Make sure server name is correct. Couple of steps to troubleshoot it
    You should be able to ping the server from the server having crawl component. Make sure there is an entry for the server in the host file under c:\Windows\System32\drivers\etc folder.
              Ping <servername>
          2.  You should be able to connect to the server using telnet command
    Telnet< servername> <port number>
    More information:
    Troubleshooting of FAST Search Configuration
    If the issue still exists, you can delete the old search application and recreate from the beginning.
    You can also reset the index and do a full crawl after.
    Here is a similar thread for your reference:
    http://social.technet.microsoft.com/Forums/en-US/f3c61b53-304a-4c2a-a370-d0e573219d1d/an-unrecognized-http-response-was-received-when-attempting-to-crawl-this-item?forum=sharepointadminprevious
    Best Regards,
    Linda Li
    Linda Li
    TechNet Community Support

  • Acl-name in access-list requirements

    Hi,
    I would ask about the acl-name in access-list,
    Does it act as a link between the ACL and an interface?
    or it could be written as any-thing, without any constrains?
    such as
    access-list test_ACL extended permit tcp host 10.105.10.22 host 10.140.180.35 eq ssh
    is it OK?
    or test_ACL should be defined somewhere prior using it in ACL?

    just because the ACL is not defined in an access-group doesn't mean it is not in use. There are several other areas that use ACLs.  Class-maps are another common place where ACLs are used to match on traffic that will be used in a policy-map.  Another comon use for ACLs is to define interesting traffic, or traffic that is to be encrypted, over a site to site VPN.
    But for this specific ACL that you mention, the question you need to answer is, does the ACL define IPs that are assigned within your network, and do you have any applications that require the tcp timeout to be adjusted?  If the answer is no to either of thaese then it is safe to assume you can remove the class-map test_ACL and the class test_ACL under the policy-map configuration.
    Whether the ACL itself can be removed, I would assume it is safe to  remove as it is called test_ACL, but then again, I have see people set up test configurations and then leave them as is without changing the name.  So I would suggest investigating further to see if the name test_ACL is referenced any other places in your configuration.
    Please remember to select a correct answer and rate helpful posts

  • A possible bug related to the Cisco ASA "show access-list"?

    We encountered a strange problem in our ASA configuration.
    In the "show running-config":
    access-list inside_access_in remark CM000067 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:http_access
    access-list inside_access_in remark CM000458 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:https_access
    access-list inside_access_in remark test 11111111111111111111111111 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
    access-list inside_access_in extended permit tcp host 1.1.1.1 host 192.168.20.86 eq 81 log
    access-list inside_access_in remark CM000260 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-dgm
    access-list inside_access_in remark CM006598 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ns
    access-list inside_access_in remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ssn
    access-list inside_access_in remark CM000223 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:tcp/445
    access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq www log
    access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq https log
    access-list inside_access_in extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-dgm log
    access-list inside_access_in extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-ns log
    access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq netbios-ssn log
    access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 any eq 445 log
    access-list inside_access_in remark CM000280 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:domain
    access-list inside_access_in extended permit tcp object 172.31.254.2 any eq domain log
    access-list inside_access_in extended permit udp object 172.31.254.2 any eq domain log
    access-list inside_access_in remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:catch_all
    access-list inside_access_in extended permit ip object 172.31.254.2 any log
    access-list inside_access_in remark CM0000086 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:SSH_internal
    access-list inside_access_in extended permit tcp 172.31.254.0 255.255.255.0 interface inside eq ssh log
    access-list inside_access_in remark CM0000011 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
    access-list inside_access_in extended permit object TCPPortRange 172.31.254.0 255.255.255.0 host 192.168.20.91 log
    access-list inside_access_in remark CM0000012 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:FTP
    access-list inside_access_in extended permit tcp object inside_range range 1024 45000 host 192.168.20.91 eq ftp log
    access-list inside_access_in remark CM0000088 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
    access-list inside_access_in extended permit ip 192.168.20.0 255.255.255.0 any log
    access-list inside_access_in remark CM0000014 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:DropIP
    access-list inside_access_in extended permit ip object windowsusageVM any log
    access-list inside_access_in extended permit ip any object testCSM-object
    access-list inside_access_in extended permit ip 172.31.254.0 255.255.255.0 any log
    access-list inside_access_in remark CM0000065 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:IP
    access-list inside_access_in extended permit ip host 172.31.254.2 any log
    access-list inside_access_in remark CM0000658 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
    access-list inside_access_in extended permit tcp host 192.168.20.95 any eq www log
    In the "show access-list":
    access-list inside_access_in line 1 remark CM000067 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:http_access
    access-list inside_access_in line 2 remark CM000458 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:https_access
    access-list inside_access_in line 3 remark test 11111111111111111111111111 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
    access-list inside_access_in line 4 extended permit tcp host 1.1.1.1 host 192.168.20.86 eq 81 log informational interval 300 (hitcnt=0) 0x0a                                                           3bacc1
    access-list inside_access_in line 5 remark CM000260 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-dgm
    access-list inside_access_in line 6 remark CM006598 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ns
    access-list inside_access_in line 7 remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:netbios-ssn
    access-list inside_access_in line 8 remark CM000223 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:tcp/445
    access-list inside_access_in line 9 extended permit tcp 172.31.254.0 255.255.255.0 any eq www log informational interval 300 (hitcnt=0) 0x06                                                           85254a
    access-list inside_access_in line 10 extended permit tcp 172.31.254.0 255.255.255.0 any eq https log informational interval 300 (hitcnt=0) 0                                                           x7e7ca5a7
    access-list inside_access_in line 11 extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-dgm log informational interval 300 (hitcn                                                           t=0) 0x02a111af
    access-list inside_access_in line 12 extended permit udp 172.31.254.0 255.255.255.0 any eq netbios-ns log informational interval 300 (hitcnt                                                           =0) 0x19244261
    access-list inside_access_in line 13 extended permit tcp 172.31.254.0 255.255.255.0 any eq netbios-ssn log informational interval 300 (hitcn                                                           t=0) 0x0dbff051
    access-list inside_access_in line 14 extended permit tcp 172.31.254.0 255.255.255.0 any eq 445 log informational interval 300 (hitcnt=0) 0x7                                                           b798b0e
    access-list inside_access_in line 15 remark CM000280 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:domain
    access-list inside_access_in line 16 extended permit tcp object 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0x6c416                                                           81b
      access-list inside_access_in line 16 extended permit tcp host 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0x6c416                                                           81b
    access-list inside_access_in line 17 extended permit udp object 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0xc53bf                                                           227
      access-list inside_access_in line 17 extended permit udp host 172.31.254.2 any eq domain log informational interval 300 (hitcnt=0) 0xc53bf                                                           227
    access-list inside_access_in line 18 remark CM000220 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:catch_all
    access-list inside_access_in line 19 extended permit ip object 172.31.254.2 any log informational interval 300 (hitcnt=0) 0xd063707c
      access-list inside_access_in line 19 extended permit ip host 172.31.254.2 any log informational interval 300 (hitcnt=0) 0xd063707c
    access-list inside_access_in line 20 remark CM0000086 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:SSH_internal
    access-list inside_access_in line 21 extended permit tcp 172.31.254.0 255.255.255.0 interface inside eq ssh log informational interval 300 (hitcnt=0) 0x4951b794
    access-list inside_access_in line 22 remark CM0000011 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
    access-list inside_access_in line 23 extended permit object TCPPortRange 172.31.254.0 255.255.255.0 host 192.168.20.91 log informational interval 300 (hitcnt=0) 0x441e6d68
      access-list inside_access_in line 23 extended permit tcp 172.31.254.0 255.255.255.0 host 192.168.20.91 range ftp smtp log informational interval 300 (hitcnt=0) 0x441e6d68
    access-list inside_access_in line 24 remark CM0000012 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:FTP
    access-list inside_access_in line 25 extended permit tcp object inside_range range 1024 45000 host 192.168.20.91 eq ftp log informational interval 300 0xe848acd5
      access-list inside_access_in line 25 extended permit tcp range 12.89.235.2 12.89.235.5 range 1024 45000 host 192.168.20.91 eq ftp log informational interval 300 (hitcnt=0) 0xe848acd5
    access-list inside_access_in line 26 extended permit ip 192.168.20.0 255.255.255.0 any log informational interval 300 (hitcnt=0) 0xb6c1be37
    access-list inside_access_in line 27 remark CM0000014 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:DropIP
    access-list inside_access_in line 28 extended permit ip object windowsusageVM any log informational interval 300 (hitcnt=0) 0x22170368
      access-list inside_access_in line 28 extended permit ip host 172.31.254.250 any log informational interval 300 (hitcnt=0) 0x22170368
    access-list inside_access_in line 29 extended permit ip any object testCSM-object (hitcnt=0) 0xa3fcb334
      access-list inside_access_in line 29 extended permit ip any host 255.255.255.255 (hitcnt=0) 0xa3fcb334
    access-list inside_access_in line 30 extended permit ip 172.31.254.0 255.255.255.0 any log informational interval 300 (hitcnt=0) 0xe361b6ed
    access-list inside_access_in line 31 remark CM0000065 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:IP
    access-list inside_access_in line 32 extended permit ip host 172.31.254.2 any log informational interval 300 (hitcnt=0) 0xed7670e1
    access-list inside_access_in line 33 remark CM0000658 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security
    access-list inside_access_in line 34 extended permit tcp host 192.168.20.95 any eq www log informational interval 300 (hitcnt=0) 0x8d07d70b
    There is a comment in the running config: (line 26)
    access-list inside_access_in remark CM0000088 EXP:1/16/2014 OWN:IT_Security BZU:Network_Security JST:PortRange
    This comment is missing in "show access-list". So in the access list, for all the lines after this comment, the line number is no longer correct. This causes problem when we try to use line number to insert a new rule.
    Has anybody seen this problem before? Is this a known problem? I am glad to provide more information if needed.
    Thanks in advance.
    show version:
    Cisco Adaptive Security Appliance Software Version 8.4(4)1
    Device Manager Version 7.1(3)
    Compiled on Thu 14-Jun-12 11:20 by builders
    System image file is "disk0:/asa844-1-k8.bin"
    Config file at boot was "startup-config"
    fmciscoasa up 1 hour 56 mins
    Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
    Internal ATA Compact Flash, 128MB
    BIOS Flash M50FW016 @ 0xfff00000, 2048KB
    Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                                 Boot microcode   : CN1000-MC-BOOT-2.00
                                 SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                                 IPSec microcode  : CNlite-MC-IPSECm-MAIN-2.06
                                 Number of accelerators: 1

    Could be related to the following bug:
    CSCtq12090: ACL remark line is missing when range object is configured in ACL
    Fixed in 8.4(6), so update to a newer version and observe it again.
    Don't stop after you've improved your network! Improve the world by lending money to the working poor:
    http://www.kiva.org/invitedby/karsteni

  • Need help for access list problem

    Cisco 2901 ISR
    I need help for my configuration.... although it is working fine but it is not secured cause everybody can access the internet
    I want to deny this IP range and permit only TMG server to have internet connection. My DHCP server is the 4500 switch.
    Anybody can help?
             DENY       10.25.0.1 – 10.25.0.255
                              10.25.1.1 – 10.25.1.255
    Permit only 1 host for Internet
                    10.25.7.136  255.255.255.192 ------ TMG Server
    Using access-list.
    ( Current configuration  )
    object-group network IP
    description Block_IP
    range 10.25.0.2 10.25.0.255
    range 10.25.1.2 10.25.1.255
    interface GigabitEthernet0/0
    ip address 192.168.2.3 255.255.255.0
    ip nat inside
    ip virtual-reassembly in max-fragments 64 max-reassemblies 256
    duplex auto
    speed auto
    interface GigabitEthernet0/1
    description ### ADSL WAN Interface ###
    no ip address
    pppoe enable group global
    pppoe-client dial-pool-number 1
    interface ATM0/0/0
    no ip address
    no atm ilmi-keepalive
    interface Dialer1
    description ### ADSL WAN Dialer ###
    ip address negotiated
    ip mtu 1492
    ip nat outside
    no ip virtual-reassembly in
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication pap callin
    ppp pap sent-username xxxxxxx password 7 xxxxxxxxx
    ip nat inside source list 101 interface Dialer1 overload
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip route 10.25.0.0 255.255.0.0 192.168.2.1
    access-list 101 permit ip 10.25.0.0 0.0.255.255 any
    access-list 105 deny   ip object-group IP any
    From the 4500 Catalyst switch
    ( Current Configuration )
    interface GigabitEthernet0/48
    no switchport
    ip address 192.168.2.1 255.255.255.0 interface GigabitEthernet2/42
    ip route 0.0.0.0 0.0.0.0 192.168.2.3

    Hello,
    Host will can't get internet connection
    I remove this configuration......         access-list 101 permit ip 10.25.0.0 0.0.255.255 any
    and change the configuration ....      ip access-list extended 101
                                                                5 permit ip host 10.25.7.136 any
    In this case I will allow only host 10.25.7.136 but it isn't work.
    No internet connection from the TMG Server.

Maybe you are looking for

  • Windows and mac networking

    First of all let me Introduce my self; I am a 23 year old entrepreneur from Bangladesh. I just moved back to Bangladesh, from the States after completing my undergrad. I am a total a newbie when is comes to computer networking and such. Now let's get

  • Indesign CS6 text drop shadow changes background colour

    I have two layers, one for a background image linked to a photoshop document and another layer for text. When i add drop shadow to the text, the background colour goes sort of dark, and the same happens in overprint view whereas with 5.5 it didn't do

  • Loading Data from Excel to Essbase  through ODI 11G

    Hi All, i am getting below error when i click execute in ODI . In Excel Data store i had click reverse engineer its working fine -3100 : 37000 : java.sql.SQLException: [Microsoft][ODBC Excel Driver] Syntax error (missing operator) in query expression

  • Vendor accumulated balnacess

    Dear experts; We are preparing vendor balancess businessa area  wise for this we are using 0FI_ap_3 data source and 0fiap_o03 ods iam geting debt credit blancess period wise but here we need accumulated balancess for this which field i have  to take

  • 3rd party dropshipment carried out by more than one 3rd party vendor

    Hi I am wondering if the following is possible in standard SAP on a third party drop shipment scenario.. I would like 1200pcs quantity to split up into 3 different shipments (each shipment = 400pcs) and drop ship by three different 3rd party vendors