ACE - Client Reset Connections to VIP

When the client initiates a http connection to the VIP address, the connection fails because the client sends a RST back to the real server.
My real servers have the default gateway of the 6513 vlan interface.
Attached I have provided the Admin and test contexts, packet capture, and 6513 partical config.
Can someone please assist me on resolving this issue?

You only need the VLAN 32 configured on the MSFC because the "real server" VLAN 39 is routed through the ACE.
MSFC <---VLAN 32---> ACE <--- VLAN 39 ---> Real Servers. So the default gateway should be the ip of the ACE context.
EDIT: Also noticed you have no access-list on you're ACE interfaces. No access-list means no traffic.
Roble

Similar Messages

WLC 4402 Multiple clients can connect to AP but only one gets an IP

I have a 4402 which is connected to a 4506 Switch int Gig 3/1 via a trunk port. The Managment and AP-manger interfaces are on vlan 6
interface GigabitEthernet3/1
description Trunk Port to WLC
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 2-6
switchport mode trunk
end
I have a 1142N AP also connected to the switch and it pulls a DHCP IP Address and configs etc and registers to the WLC. It too is on Vlan 6 and it is connected to the 4506 on int gig 4/33 which is an access port.
interface GigabitEthernet4/33
description Access port to Cisco LAP 1142
switchport access vlan 6
switchport mode access
end
My router is my dhcp server;
ip dhcp pool wlanmantraffic
   network 10.6.0.0 255.255.255.0
   default-router 10.6.0.1
   dns-server 66.109.38.250 10.7.0.8
   option 43 hex f104.3130.2e36.2e30.2e33
interface FastEthernet0/1.6
description Vlan6
encapsulation dot1Q 6
ip address 10.6.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
I am doing local authentication, so i have added users to the WLC
My problem is that the first client that connected was able to get an IP address and connect to anything internal and external.
I then connected another client on another laptop and that client could connect but not get an IP address, it just self assigned.
When i look at the clients i can see the MAC address of both Clients on the WLC, but doing a show mac address-table dynamic i only see the MAC of the client that works properly. The client that doesnt get an IP has no entry in the 4506 switch.
I am stumped, from what I understand, is that the 2nd clients traffic is being trunked to the WLC , hence it has the MAC address. But I dont know why its not getting a DHCP assigned IP address.
Thanks in advance for your help.

Here is some of the WLC config,
(Cisco Controller) >show run-config
Press Enter to continue...
System Inventory
NAME: "Chassis"    , DESCR: "4400 Series WLAN Controller:25 APs"
PID: AIR-WLC4402-25-K9, VID: V02, SN: FOCblankedbyme
Burned-in MAC Address............................ 00:07:0E:55:FA:C0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
System Information
Manufacturer's Name.............................. Cisco Systems Inc.
Product Name..................................... Cisco Controller
Product Version.................................. 7.0.235.3
RTOS Version..................................... 7.0.235.3
Bootloader Version............................... 7.0.235.3
Emergency Image Version.......................... 7.0.235.3
Build Type....................................... DATA + WPS
System Name...................................... CISCO-LWAPP-CONTROLLER
System Location..................................
System Contact...................................
System ObjectID.................................. 1.3.6.1.4.1.14179.1.1.4.3
IP Address....................................... 10.6.0.3
System Up Time................................... 0 days 21 hrs 7 mins 20 secs
System Timezone Location......................... (GMT -5:00) Eastern Time (US a
nd Canada)
Configured Country............................... US - United States
Operating Environment............................ Commercial (0 to 40 C)
Internal Temp Alarm Limits....................... 0 to 65 C
Internal Temperature............................. +36 C
--More or (q)uit current module or to abort
State of 802.11b Network......................... Enabled
State of 802.11a Network......................... Enabled
Number of WLANs.................................. 1
Number of Active Clients......................... 3
Burned-in MAC Address............................ 00:07:0E:55:FA:C0
Crypto Accelerator 1............................. Absent
Crypto Accelerator 2............................. Absent
Power Supply 1................................... Absent
Power Supply 2................................... Present, OK
Maximum number of APs supported.................. 25
Press Enter to continue or to abort
AP Bundle Information
Primary AP Image        Size
ap3g1                   6672
ap801                   5180
ap802                   5220
c1100                   3092
c1130                   4960
c1140                   4980
c1200                   3360
c1240                   4800
c1250                   5500
c1310                   3132
c1520                   6400
c3201                   4312
c602i                   3712
Secondary AP Image      Size
ap801                   4952
c1100                   3040
--More or (q)uit current module or to abort
c1130                   4880
c1140                   4492
c1200                   3312
c1240                   4712
c1250                   5060
c1310                   3080
c1520                   5240
c3201                   4260
Press Enter to continue or to abort
Switch Configuration
802.3x Flow Control Mode......................... Disable
FIPS prerequisite features....................... Disabled
secret obfuscation............................... Enabled
Strong Password Check Features:
         case-check ...........Enabled
         consecutive-check ....Enabled
         default-check .......Enabled
         username-check ......Enabled
Press Enter to continue or to abort
Network Information
RF-Network Name............................. RFMobile
Web Mode.................................... Disable
Secure Web Mode............................. Enable
Secure Web Mode Cipher-Option High.......... Disable
Secure Web Mode Cipher-Option SSLv2......... Enable
OCSP........................................ Disabled
OCSP responder URL..........................
Secure Shell (ssh).......................... Enable
Telnet...................................... Disable
Ethernet Multicast Forwarding............... Disable
Ethernet Broadcast Forwarding............... Disable
AP Multicast/Broadcast Mode................. Unicast
IGMP snooping............................... Disabled
IGMP timeout................................ 60 seconds
IGMP Query Interval......................... 20 seconds
User Idle Timeout........................... 300 seconds
ARP Idle Timeout............................ 300 seconds
Cisco AP Default Master..................... Enabled
AP Join Priority............................ Disable
Mgmt Via Wireless Interface................. Disable
Mgmt Via Dynamic Interface.................. Disable
--More or (q)uit current module or to abort
Bridge MAC filter Config.................... Enable
Bridge Security Mode........................ EAP
Mesh Full Sector DFS........................ Enable
Apple Talk ................................. Disable
AP Fallback ................................ Enable
Web Auth Redirect Ports .................... 80
Web Auth Proxy Redirect ................... Disable
Fast SSID Change ........................... Disabled
802.3 Bridging ............................. Disable
IP/MAC Addr Binding Check .................. Enabled
Press Enter to continue or to abort
Port Summary
           STP   Admin   Physical   Physical   Link   Link    Mcast
Pr Type   Stat   Mode     Mode      Status   Status Trap   Appliance   POE
1 Normal Forw Enable Auto       1000 Full Up     Enable Enable     N/A
2 Normal Forw Enable Auto       1000 Full Up     Enable Enable     N/A
Press Enter to continue or to abort
AP Summary
Number of APs.................................... 1
Global AP User Name.............................. Not Configured
Global AP Dot1x User Name........................ Not Configured
AP Name             Slots AP Model              Ethernet MAC       Location
      Port Country Priority
NOSC-N-B1917-AP01    2     AIR-LAP1142N-A-K9     00:22:bd:1b:34:5a         Route
23B 1        US       1
AP Tcp-Mss-Adjust Info
AP Name              TCP State MSS Size
NOSC-N-B1917-AP01    disabled   -
Press Enter to continue or to abort
AP Location
Total Number of AP Groups........................ 0
Site Name........................................ default-group
Site Description.................................
WLAN ID          Interface          Network Admission Control          Radio Pol
icy
1               management           Disabled                          None
AP Name             Slots AP Model             Ethernet MAC       Location
     Port Country Priority
NOSC-N-B1917-AP01    2     AIR-LAP1142N-A-K9    00:22:bd:1b:34:5a         Route
23B 1     US       1
Press Enter to continue or to abort
AP Config
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... NOSC-N-B1917-AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:22:bd:1b:34:5a
IP Address Configuration......................... DHCP
IP Address....................................... 10.6.0.26
Gateway IP Addr.................................. 10.6.0.1
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Enabled
Cisco AP Location................................ Route 23B
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address.................. Not Configured
Secondary Cisco Switch Name......................
Secondary Cisco Switch IP Address................ Not Configured
--More or (q)uit current module or to abort... Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.3
Boot Version ................................... 12.4.18.0
Mini IOS Version ................................ 3.0.51.0
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 12.4(23c)JA6
--More or (q)uit current module or to abort
Reset Button..................................... Enabled
AP Serial Number................................. FTX1337SA7D
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
        Native ID :..................................... 6
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... danielott
AP Dot1x User Mode............................... CUSTOMIZED
AP Dot1x User Name............................... danielott
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 19 h 22 m 53 s
AP LWAPP Up Time................................. 0 days, 01 h 08 m 46 s
Join Date and Time............................... Mon Nov 5 16:17:51 2012
Join Taken Time.................................. 0 days, 00 h 00 m 12 s
Attributes for Slot 0
    Radio Type................................... RADIO_TYPE_80211n-2.4
--More or (q)uit current module or to abort
    Administrative State ........................ ADMIN_ENABLED
    Operation State ............................. UP
    Radio Role .................................. ACCESS
    CellId ...................................... 0
    Station Configuration
      Configuration ............................. AUTOMATIC
      Number Of WLANs ........................... 1
      Medium Occupancy Limit .................... 100
      CFP Period ................................ 4
      CFP MaxDuration ........................... 60
      BSSID ..................................... 00:27:0d:07:cb:e0
      Operation Rate Set
        1000 Kilo Bits........................... MANDATORY
        2000 Kilo Bits........................... MANDATORY
        5500 Kilo Bits........................... MANDATORY
        11000 Kilo Bits.......................... MANDATORY
        6000 Kilo Bits........................... SUPPORTED
        9000 Kilo Bits........................... SUPPORTED
        12000 Kilo Bits.......................... SUPPORTED
        18000 Kilo Bits.......................... SUPPORTED
        24000 Kilo Bits.......................... SUPPORTED
        36000 Kilo Bits.......................... SUPPORTED
--More or (q)uit current module or to abort
        48000 Kilo Bits.......................... SUPPORTED
        54000 Kilo Bits.......................... SUPPORTED
      MCS Set
        MCS 0.................................... SUPPORTED
        MCS 1.................................... SUPPORTED
        MCS 2.................................... SUPPORTED
        MCS 3.................................... SUPPORTED
        MCS 4.................................... SUPPORTED
        MCS 5.................................... SUPPORTED
        MCS 6.................................... SUPPORTED
        MCS 7.................................... SUPPORTED
        MCS 8.................................... SUPPORTED
        MCS 9.................................... SUPPORTED
        MCS 10................................... SUPPORTED
        MCS 11................................... SUPPORTED
        MCS 12................................... SUPPORTED
        MCS 13................................... SUPPORTED
        MCS 14................................... SUPPORTED
        MCS 15................................... SUPPORTED
      Beacon Period ............................. 100
      Fragmentation Threshold ................... 2346
      Multi Domain Capability Implemented ....... TRUE
      Multi Domain Capability Enabled ........... TRUE
      Country String ............................ US
    Multi Domain Capability
      Configuration ............................. AUTOMATIC
      First Chan Num ............................ 1
      Number Of Channels ........................ 11
    MAC Operation Parameters
      Configuration ............................. AUTOMATIC
      Fragmentation Threshold ................... 2346
      Packet Retry Limit ........................ 64
    Tx Power
      Num Of Supported Power Levels ............. 8
      Tx Power Level 1 .......................... 20 dBm
      Tx Power Level 2 .......................... 17 dBm
      Tx Power Level 3 .......................... 14 dBm
      Tx Power Level 4 .......................... 11 dBm
      Tx Power Level 5 .......................... 8 dBm
      Tx Power Level 6 .......................... 5 dBm
      Tx Power Level 7 .......................... 2 dBm
      Tx Power Level 8 .......................... -1 dBm
      Tx Power Configuration .................... AUTOMATIC
--More or (q)uit current module or to abort
      Current Tx Power Level .................... 1
    Phy OFDM parameters
      Configuration ............................. AUTOMATIC
      Current Channel ........................... 1
      Extension Channel ......................... NONE
      Channel Width.............................. 20 Mhz
      Allowed Channel List....................... 1,2,3,4,5,6,7,8,9,10,11
      TI Threshold .............................. -50
      Legacy Tx Beamforming Configuration ....... AUTOMATIC
      Legacy Tx Beamforming ..................... DISABLED
      Antenna Type............................... INTERNAL_ANTENNA
      Internal Antenna Gain (in .5 dBi units).... 8
      Diversity.................................. DIVERSITY_ENABLED
      802.11n Antennas
         A....................................... ENABLED
         B....................................... ENABLED
         C....................................... ENABLED
    Performance Profile Parameters
      Configuration ............................. AUTOMATIC
      Interference threshold..................... 10 %
      Noise threshold............................ -70 dBm
--More or (q)uit current module or to abort
      RF utilization threshold................... 80 %
      Data-rate threshold........................ 1000000 bps
      Client threshold........................... 12 clients
      Coverage SNR threshold..................... 12 dB
      Coverage exception level................... 25 %
      Client minimum exception level............. 3 clients
    Rogue Containment Information
    Containment Count............................ 0
    CleanAir Management Information
        CleanAir Capable......................... No
Cisco AP Identifier.............................. 6
Cisco AP Name.................................... NOSC-N-B1917-AP01
Country code..................................... US - United States
Regulatory Domain allowed by Country............. 802.11bg:-A     802.11a:-A
AP Country code.................................. US - United States
AP Regulatory Domain............................. -A
Switch Port Number .............................. 1
MAC Address...................................... 00:22:bd:1b:34:5a
IP Address Configuration......................... DHCP
IP Address....................................... 10.6.0.26
Gateway IP Addr.................................. 10.6.0.1
--More or (q)uit current module or to abort
NAT External IP Address.......................... None
CAPWAP Path MTU.................................. 1485
Telnet State..................................... Enabled
Ssh State........................................ Enabled
Cisco AP Location................................ Route 23B
Cisco AP Group Name.............................. default-group
Primary Cisco Switch Name........................
Primary Cisco Switch IP Address...............Secondary Cisco Switch Name.......
Secondary Cisco Switch IP Address................ Not Configured
Tertiary Cisco Switch Name.......................
Tertiary Cisco Switch IP Address................. Not Configured
Administrative State ............................ ADMIN_ENABLED
Operation State ................................. REGISTERED
Mirroring Mode .................................. Disabled
AP Mode ......................................... H-Reap
Public Safety ................................... Disabled
AP SubMode ...................................... Not Configured
Remote AP Debug ................................. Disabled
Logging trap severity level ..................... informational
Logging syslog facility ......................... kern
S/W Version .................................... 7.0.235.3
Boot Version ................................... 12.4.18.0
Mini IOS Version ................................ 3.0.51.0
--More or (q)uit current module or to abort
Stats Reporting Period .......................... 180
LED State........................................ Enabled
PoE Pre-Standard Switch.......................... Disabled
PoE Power Injector MAC Addr...................... Disabled
Power Type/Mode.................................. Power injector / Normal mode
Number Of Slots.................................. 2
AP Model......................................... AIR-LAP1142N-A-K9
AP Image......................................... C1140-K9W8-M
IOS Version...................................... 12.4(23c)JA6
Reset Button..................................... Enabled
AP Serial Number................................. FTX1337SA7D
AP Certificate Type.............................. Manufacture Installed
H-REAP Vlan mode :............................... Enabled
        Native ID :..................................... 6
H-REAP Backup Auth Radius Servers :
Static Primary Radius Server.................... Disabled
Static Secondary Radius Server.................. Disabled
Group Primary Radius Server..................... Disabled
Group Secondary Radius Server................... Disabled
AP User Mode..................................... CUSTOMIZED
AP User Name..................................... danielott
AP Dot1x User Mode............................... CUSTOMIZED
AP Dot1x User Name............................... danielott
--More or (q)uit current module or to abort
Cisco AP system logging host..................... 255.255.255.255
AP Up Time....................................... 0 days, 19 h 22 m 53 s
AP LWAPP Up Time................................. 0 days, 01 h 08 m 46 s
Join Date and Time............................... Mon Nov 5 16:17:51 2012
Join Taken Time.................................. 0 days, 00 h 00 m 12 s
Attributes for Slot 1
    Radio Type................................... RADIO_TYPE_80211n-5
    Radio Subband................................ RADIO_SUBBAND_ALL
    Administrative State ........................ ADMIN_ENABLED
    Operation State ............................. UP
    Radio Role .................................. ACCESS
    CellId ...................................... 0
    Station Configuration
      Configuration ............................. AUTOMATIC
      Number Of WLANs ........................... 1
      Medium Occupancy Limit .................... 100
      CFP Period ................................ 4
      CFP MaxDuration ........................... 60
      BSSID ..................................... 00:27:0d:07:cb:e0
      Operation Rate Set
--More or (q)uit current module or to abort
        6000 Kilo Bits........................... MANDATORY
        9000 Kilo Bits........................... SUPPORTED
        12000 Kilo Bits.......................... MANDATORY
        18000 Kilo Bits.......................... SUPPORTED
        24000 Kilo Bits.......................... MANDATORY
        36000 Kilo Bits.......................... SUPPORTED
        48000 Kilo Bits.......................... SUPPORTED
        54000 Kilo Bits.......................... SUPPORTED
      MCS Set
        MCS 0.................................... SUPPORTED
        MCS 1.................................... SUPPORTED
        MCS 2.................................... SUPPORTED
        MCS 3.................................... SUPPORTED
        MCS 4.................................... SUPPORTED
        MCS 5.................................... SUPPORTED
        MCS 6.................................... SUPPORTED
        MCS 7.................................... SUPPORTED
        MCS 8.................................... SUPPORTED
        MCS 9.................................... SUPPORTED
        MCS 10................................... SUPPORTED
        MCS 11................................... SUPPORTED
        MCS 12................................... SUPPORTED
        MCS 13................................... SUPPORTED
--More or (q)uit current module or to abort
        MCS 14................................... SUPPORTED
        MCS 15................................... SUPPORTED
      Beacon Period ............................. 100
      Fragmentation Threshold ................... 2346
      Multi Domain Capability Implemented ....... TRUE
      Multi Domain Capability Enabled ........... TRUE
      Country String ............................ US
    Multi Domain Capability
      Configuration ............................. AUTOMATIC
      First Chan Num ............................ 36
      Number Of Channels ........................ 21
    MAC Operation Parameters
      Configuration ............................. AUTOMATIC
      Fragmentation Threshold ................... 2346
      Packet Retry Limit ........................ 64
    Tx Power
      Num Of Supported Power Levels ............. 7
      Tx Power Level 1 .......................... 17 dBm
      Tx Power Level 2 .......................... 14 dBm
      Tx Power Level 3 .......................... 11 dBm
--More or (q)uit current module or to abort
      Tx Power Level 4 .......................... 8 dBm
      Tx Power Level 5 .......................... 5 dBm
      Tx Power Level 6 .......................... 2 dBm
      Tx Power Level 7 .......................... -1 dBm
      Tx Power Configuration .................... AUTOMATIC
      Current Tx Power Level .................... 1
    Phy OFDM parameters
      Configuration ............................. AUTOMATIC
      Current Channel ........................... 161
      Extension Channel ......................... NONE
      Channel Width.............................. 20 Mhz
      Allowed Channel List....................... 36,40,44,48,52,56,60,64,100,
        ......................................... 104,108,112,116,132,136,140,
        ......................................... 149,153,157,161,165
      TI Threshold .............................. -50
      Legacy Tx Beamforming Configuration ....... AUTOMATIC
      Legacy Tx Beamforming ..................... DISABLED
      Antenna Type............................... INTERNAL_ANTENNA
      Internal Antenna Gain (in .5 dBi units).... 8
      Diversity.................................. DIVERSITY_ENABLED
      802.11n Antennas
         A....................................... ENABLED
--More or (q)uit current module or to abort
         B....................................... ENABLED
         C....................................... ENABLED
    Performance Profile Parameters
      Configuration ............................. AUTOMATIC
      Interference threshold..................... 10 %
      Noise threshold............................ -70 dBm
      RF utilization threshold................... 80 %
      Data-rate threshold........................ 1000000 bps
      Client threshold........................... 12 clients
      Coverage SNR threshold..................... 16 dB
      Coverage exception level................... 25 %
      Client minimum exception level............. 3 clients
    Rogue Containment Information
    Containment Count............................ 0
    CleanAir Management Information
        CleanAir Capable......................... No

Windows 7 Pro Client loses connectivity to internal Win2k8 web server

1. affected workstation are Optiplex 380 running Win 7 pro sp1 with broadcom NICs.
2. Internal users use a internal webserver for customer invoicing application. Users lose connectivity to this internal web server, all other networking works, network shares, internet, etc. If I try to ping the webserver IP I get no reply. XP
machines are not affected. Not a DHCP issue as there are plenty of IPs.
3. I have tried different internal NICs (3com) but still had issue. I have upgraded BIOS, nic drivers. etc.
4. I rebuilt one of the machines using Windows XP pro sp3 and have had no issue with that workstation.
the problem started a few months or so ago. I have not been able to determine the source. I tried running wireshark but nothing stuck out. I have changed the session settings on the IIS server from 15 minutes to 6 hours but did not make a difference.
5. Today when client lost connectivity to the server I tried pinging from the server back to the client and the connection was restored. This issue really has me confused as I cannot find anything in the logs that sticks out.

Hello,
Thank you for your question.
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.

Softphone Jabber client unable connected

Hi All,
i've configure cisco IM and Presence v10 integrated to CUCM v10 some service running well (UDS, CTI Deskphone, VM, Presence) but Jabber client cannot connect to Softphone (SIP) and i was configure ucsf(Client Service Framework) for jabber client.
please your advice.
thank you

Hi amit Kumar
thanks for your information and i've configure it. i found CTLSEP not found from wireshark capture .
Is there something wrong?
thank you

Remote access VPN client gets connected fails on hosts in LAN

Hi,
VPN client gets connected fine, I have a inter VLAN routing happening on the switch in the LAN so all the LAN hosts have gateway IP on the switch, I have the defult route pointing to ASA inside interface on the switch, the switch I can reach after Remote Access VPN is connected how ever I cannot ping/connect to other hosts in the LAN and if I make the gateway point to the ASA then that host is accessible, any suggestions? I really want to have gateway to be the Switch as I have other networks reachable through the Switch (Intranet routing)

Hi Mashal,
Thanks for your time,
VPN Pool(Client) 192.168.100.0/24
Internal Subnets 192.9.200.0/24(VLAN 4000) and 192.168.2.0/24 (VLAN 1000)
=============
On the Switch
=============
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.2.5 to network 0.0.0.0
     172.32.0.0/24 is subnetted, 1 subnets
C       172.32.0.0 is directly connected, Vlan101
C    192.168.200.0/24 is directly connected, Vlan2000
C    192.9.200.0/24 is directly connected, Vlan4000
S    192.168.250.0/24 [1/0] via 192.9.200.125
S    192.168.1.0/24 [1/0] via 192.9.200.125
C    192.168.2.0/24 is directly connected, Vlan1000
S    192.168.252.0/24 [1/0] via 192.9.200.125
S*   0.0.0.0/0 [1/0] via 192.168.2.5
===============
On ASA
===============
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route
Gateway of last resort is 172.32.0.2 to network 0.0.0.0
C    172.32.0.0 255.255.255.0 is directly connected, outside
C    192.9.200.0 255.255.255.0 is directly connected, inside
C    192.168.168.0 255.255.255.0 is directly connected, failover
C    192.168.2.0 255.255.255.0 is directly connected, MGMT
S    192.168.100.2 255.255.255.255 [1/0] via 172.32.0.2, outside
S    192.168.100.3 255.255.255.255 [1/0] via 172.32.0.2, outside
S*   0.0.0.0 0.0.0.0 [1/0] via 172.32.0.2, outside
We don't need route print on the PC for now as I can explain what is happening I can get complete access to the 192.168.2.0/24 (VLAN 1000) but for 192.9.200.0/24 (VLAN 4000) above from the switch I can only ping IP's on the switches/pair but cannot have any tcp connections, which explains the default route being pointed on the switch is on VLAN 1000, now my issue is How do I get access to VLAN 4000 as you can see these two are on different Interfaces/zones on the ASA and please note with default gateway pointing to ASA I will have access to both the VLAN's it is only when I move the gateway pointing to Switch I loose tcp connections to one VLAN depending on the default route on the being pointing to on the switch.
So we are left to do with how to on the switch with default route.

Can I determine what clients are connected to my weblogic server?

Hi, is there anyway of determining what clients are connected to my Weblogic 8.1 server - I want this information to be generated for me, not by maintaining a list when clients login initially to the server.
Also is there any thing that gets fired when a client terminates prematurely - for example being killed by the task manager. I need to know this, so the server knows what users are currently logged in, to prevent a user logging in twice (via the same username login).
Cheers,
Ants.

Hi,
Cousld u send me a simple example to check my Weblogic server for EJB with client.
Iam struggling from last todays.
and also tell what software i should use for deployment of EJB of weblogic 8.1.
ur help highly appriciate by me
My mail ID: [email protected]
thanks,
AHOY

How can I know which clients are connected to my network through express and which are connected through extreme?

I have an airport express extending, through wireless, a network provided by an airport extreme. How can I know which clients are connected to my network through express and which are connected through extreme?
Here you can see both routers:
I would expect to some clients connected to the express, other than the extreme. And that's all I see: only the airport extreme appears as client of the airport express.
Below, one can see the summary of the config for both routers.
Would somebody explain it?
Thanks,
Marcelo
Message was edited by: Marcelão

please disregard this answer.
Message was edited by: Marcelão

How to find out what server the outlook client is connected to/change it automatically

Hi,
I am performing a server migration from Exchange 2010 to Exchange 2010 (the previous installation was installed by an outsourced provider and is rubbish so I'm configuring it properly). On the of things the existing server lacks is a CAS array configured,
so I have built the new Exchange 2010 server, configured a new DB and CASArray. I have created a brand new mailbox for a new user and the user's outlook shows it is connected to casarray.domain.local, I have migrated my own mailbox but internally my outlook
shows it is connected to oldserver.domain.local (under the account settings when you go to change the settings for the account), this is on a domain joined internal desktop. But at home on my personal laptop non-domain joined, it has appeared to reflect the
new casarray.domain.local. The outlook client is 2007 in both situations.
When I run the following command, it shows my mailbox is indeed connected to the new exchange server, but this is not true in outlook
Get-LogonStatistics -Server "new-exch2010" | where {$_.clientname -eq "new-exch2010"}| ft username,servername,clientname
If I run the above command against the old server my name shows on that list as well. When I look at the connection status of my outlook it shows that it is connected to casarray for directory, but the old server for mail.
A couple of other things:
Mailflow is now going to the new exchange server from the gateway over port 25, the autodiscover record in the internal DNS is now also pointing to the new exchange server, outlook clients and users computers have been completely restarted but still don’t
seem to pick up the new settings, both the old server and new server functions as a multi-role exchange having the Hub, CAS and MBX roles.
Now that you have all that background info my question is two parts:
What is the correct powershell command I can run on the exchange server to ensure that all my outlook clients are connected to the new exchange server for all connection types (or identify those which are connected against the old server)?
How do I get the outlook clients to automatically pick up the casarray servername once their mailboxes have been migrated?
I am considering removing the CAS from the old server which may force outlook to find it’s new server but am unsure whether this will work or not, and I think I should migrate all the mailboxes into the new DB before I do this.
Other than that, I am out of ideas.
Appreciate, any help. Thanks
Steve

I had already run the command Get-MailboxDatabase | FL Identity,RpcClientAccessServer
and it only identified the old database as being tied to the server name, the new database has the correct casarray and all mailboxes are in this new database. should I also set the old database to point to my casarray as the second command indicates? can't
do any harm right?
also, I have outlook 2007 and 2013 at home and both of them had automatically reconfigured
themselves to point to casarray, my problem is with the internal clients.
today I have also noticed in DNS there is a Zone which points to autodiscover.domain.co.uk
and in there it points to my old server.
a few things to note about the above:
1. the zone is pointing to the .co.uk domain not the .local - is this correct?
2. should that zone even be in our internal DNS, i hadn't noticed on previous implementation
of Exchange I have done
3. if i change the record within that zone to point to my new server, will this likely show
up the popup message shown in this link http://www.rackspace.com/apps/support/portal/1218 I havent yet got a certificate for the new exchange server (few more days) and i dont want users seeing any kind of untrusted unsecure connection box or it
will only lead to panic and flooding the helpdesk
many thanks
Steve

Exchange 2013 - Prevent Outlook Clients From Connecting To A CAS Server In A Different AD Site

Hi all,
I could really do with your help!
We have 3 physical sites, A, B & C, with sites A & B having a really fast low latency links between them, so from an AD point of view they are 1 site. Site C has links to both sites A & B, but the link is a lot slower.
We have an exchange design with 3 servers (one located at each physical site) that will form a DAG spread over the 3 physical sites. Ideally we will separate the CAS and mailbox server roles out and have them controlled by a hardware load balancer,
however we can have both roles on the same server if required.
What we want, is to prevent is a situation where an outlook client in site C connects to a CAS server in site A/B with the mail being hosted on a mailbox server in site C therefore traversing the network twice to get its mail.
From doing the Microsoft training course, my understanding is that in Exchange 2013, the CAS server only proxy's the request on to the mailbox server and does not redirect the request to the CAS server in the site where the mailbox server resides.
I have seen information online stating that a single namespace is the way to go as long as your site links/network bandwidth is good, but nothing to help with our scenario.
Has anyone else come across this situation and how did you get round it?
Thanks in advance :)

Hi Johnson,
Based on my knowledge, Outlook Client will connect to the CAS server which in local first.
Please check whether the CAS server that in site C is healthy.
If the CAS server in site C is healthy, please disable the CAS Load Balance for testing.
Also found a useful blog for your reference:
Exchange 2013 Client Access Server Role
http://blogs.technet.com/b/exchange/archive/2013/01/25/exchange-2013-client-access-server-role.aspx
Thanks
Mavis
Mavis Huang
TechNet Community Support

VPN clients can connect via SSTP but not IKEv2 due to error 808

I have a Windows Server 2012 R2 with RRAS configured to allow SSTP / IKEv2 VPN connections. I'm using an external certificate for server authentication and the client authentication is done via domain username/password (Protected EAP). The clients can
connect successfully when using SSTP, but if IKEv2 is selected, then the following error is displayed:
Error 808:
The network connection between your computer and the VPN server could not be established because the remote server refused the connection. This is typically caused by a mismatch between the server's configuration and your connection settings. Please
contact the remote server's Administrator to verify the server configuration and your connection settings.
My external certificate has the Server Authentication EKU but not the IP security IKE intermediate, however it's the only
certificate installed, so I believe the certificate is OK.
Any ideas on what is causing the error?
Thank you.
Ricardo Costa

Hi,
What NAT device you are using? You must configure the IKEv2 related protocol on your NAT device too. For example if you are using the Cisco® NAT device you must
enable the IKEv2 support on the outside interface:
Enabling IKE on the Outside Interface
You must enable IKE on the interface that terminates the VPN tunnel. Typically this is the outside, or public interface. To enable IKEv1 or
IKEv2, use the crypto ikev1 | ikev2 enable command from global configuration mode:
=================================================
crypto ikev1 | ikev2 enable interface-name
For example:
hostname(config)# crypto ikev1 enable outside
=================================================
The related third party information:
Configuring IPSec and ISAKMP
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/vpn_ike.html#wp1042302
You can refer the following KB to enable the RRAS logging.
RRAS: Logging should be enabled on the RRAS server
http://technet.microsoft.com/zh-cn/library/ee922651(v=ws.10).aspx
Hope this helps.
*** This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does
not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers
in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet. ***
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.

Design help related to ACE to Switch connectivity using Port-Channel

Hi,
I have a Cisco ACE 4710 configured in One-Arm mode. This ACE is getting connected with 2 3750 switches. These 2 3750 switches connected in trunk mode.
ACE is connected to these 3750 switches using Port-channel.
ACE Config:
================================
interface gigabitEthernet 1/1
description One-arm mode port to DMZ Switch 1 port 20
channel-group 1
no shutdown
interface gigabitEthernet 1/2
description One-arm mode port to DMZ Switch 2 port 20
channel-group 1
no shutdown
interface port-channel 1
switchport access vlan 51
port-channel load-balance src-dst-ip
no shutdown
interface vlan 51
ip address 10.40.56.131 255.255.255.128
access-group input everyone
access-group output everyone
nat-pool 1 10.40.56.215 10.40.56.215 netmask 255.255.255.255 pat
service-policy input LB
service-policy input remote-access
no shutdown
===========================================================
The problem is that 3750 switches are not stacked.
Application is working fine. But i am getting a lot of MAC flapping messages..
kindly suggest whether this design is OK or something needs to be done to rectify it...
Attached a small diagram..

Hello acharyr123,
I don't think this design is ok, and it would cause mac flapping since the two indepedendent 3750 switches will learn the ace mac addresses off of two different interfaces. The 3750s would have to be stacked so that they would act as one switch then this should work correctly.
Thanks
Joel Lamousnery
TAC CSE

How many clients can connect through cisco AP 1310 in wireless network ?

I had setup wireless network with
wlc4402,cisco AP 1310.1131 and 1242 and Cisco acs 4.1.My problem is only 30 clients connect through Cisco AP 1310 at a time.I can not connect more than 30 clients at a time.What is the issue in wireless network?please reply .
Thanks and regards
By
D.Anbudurai

WIRELESS > 802.11 > RRM
How can do that setting ? Can you reply with
some brief steps? And also I want to know how
many clients can connect in wireless network at
a time exactly through cisco aps?
Thanks and regards
d.anbudurai

Using Windows NT 4.0 client program connecting to oracle 8i linux server

Dear sir/madam,
Recently, I have successfully installed Oracle 8i in my red hat linux database server. I am disappointed because I can find client side Oracle Enterprise Manager in my linux server even I have installed client program in my linux database server.
Next, I install Oracle 8i client side program (windows NT/2000 version) in my Windows NT 4.0 server. I am still disappointed because I find Oracle Enterprise Manager console cannot work.
For Windows NT 4.0 Enterprise Manager, I have key in default administrator sysman, password oem_temp, and connect to mamagement server hangng (my linux database server). An error message display 'VTK-1000 Unable to connect to the management server hangng. Please verify that you have entered the correct host name and the status of the Oracle Management Server.'.
What's wrong with both Oracle 8i Management Server in linux database server and windows nt 4.0 server. Is there any problem for Oracle Management server console to connect to red hat linux database server?

[email protected] wrote:
I need to confirm that I will be able to connect an Oracle 11g R2 client (administrator install) to an Oracle 8i DB before i bother trying to setup such a scenario?Don't waste your time. It won't work. It simply results in an error.
I saw another thread that mentioned a patch level required for 8i to let the 10g client connect. Is there such a patch level needed for 11g clients as well?There is no such patch for 8i which allows 11g client to connect.

Can I find out how many clients are connected to a server process?

Hi, I am hoping I can find out how many clients are connected to a server process. This could be either a programmatic lookout number, a number in a log file etc.
By the way, does lookout have any application (not data) logs? I have noticed that occasionally lookout will crash and I cannot find any logs to determine why, what processes were running, who last accessed it etc.
Thanks

Hello,
There's currently no way to acquire this data. I think that'd be a great suggestion for the product. Please submit your feedback to our developers at the following link: http://digital.ni.com/applications/psc.nsf/default?OpenForm&temp1=&node=
Best regards,
Yusuf C
Application Engineer
National Instruments

Clients not connecting with AP 1600 after configuration

Hi there!!
I'm configuring a new Aironet 1600. I have to configure two SSIDs: Emplyees (vlan 40) and guests (vlan 45). Authentication for Employees is 802.1x against a RADIUS server and Guest is just WAP2. I'm trying to test the AP with the guest SSID (because I dont have the RADIUS server in my network), but the clients wont connect to the guest SSID. This is my first configuration and I used the web interface, not sure what I'm missing. Can you help?
dot11 ssid ECSA
vlan 40
band-select
authentication open eap eap_methods
authentication network-eap eap_methods
mbssid guest-mode
mobility network-id 1
dot11 ssid ECSA_GUEST
vlan 45
band-select
authentication open
authentication key-management wpa version 2
guest-mode
mbssid guest-mode
mobility network-id 2
wpa-psk ascii 7 106B050D1737065B0611393F74
interface Dot11Radio0
no ip address
encryption vlan 45 mode ciphers aes-ccm
encryption vlan 40 mode wep optional
ssid ECSA
ssid ECSA_GUEST
antenna gain 0
stbc
beamform ofdm
mbssid
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio0.40
encapsulation dot1Q 40
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio0.45
encapsulation dot1Q 45
bridge-group 45
bridge-group 45 subscriber-loop-control
bridge-group 45 spanning-disabled
bridge-group 45 block-unknown-source
no bridge-group 45 source-learning
no bridge-group 45 unicast-flooding
interface Dot11Radio1
no ip address
encryption vlan 45 mode ciphers aes-ccm tkip
encryption vlan 40 mode wep optional
ssid ECSA
ssid ECSA_GUEST
antenna gain 0
peakdetect
dfs band 3 block
stbc
beamform ofdm
mbssid
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Dot11Radio1.40
encapsulation dot1Q 40
bridge-group 40
bridge-group 40 subscriber-loop-control
bridge-group 40 spanning-disabled
bridge-group 40 block-unknown-source
no bridge-group 40 source-learning
no bridge-group 40 unicast-flooding
interface Dot11Radio1.45
encapsulation dot1Q 45
bridge-group 45
bridge-group 45 subscriber-loop-control
bridge-group 45 spanning-disabled
bridge-group 45 block-unknown-source
no bridge-group 45 source-learning
no bridge-group 45 unicast-flooding
interface GigabitEthernet0
no ip address
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
interface GigabitEthernet0.40
encapsulation dot1Q 40
bridge-group 40
bridge-group 40 spanning-disabled
no bridge-group 40 source-learning
interface GigabitEthernet0.45
encapsulation dot1Q 45
bridge-group 45
bridge-group 45 spanning-disabled
no bridge-group 45 source-learning
interface BVI1
mac-address f07f.0654.1e8b
ip address dhcp
radius server 172.16.15.10
address ipv4 172.16.15.10 auth-port 1645 acct-port 1646
key 7 032178382658780D1658
THANKS!

sounds like you possibly need another AP in that Conference room
HTH,
Steve
Please remember to rate useful posts, and mark questions as answered

ACE - Client Reset Connections to VIP

Similar Messages

Maybe you are looking for