ACE system stability with multi-context

Question... if the ACE module is configured with multiple contexts, and one of the contexts hits its max resource limitations for a given resource thereby resulting in dropping excess resources, will this cost the entire ACE system, or is it limited only to the one context?
For example, if a context configured for a max of 3000 connections/second receives 300000000 connections/second due to a virus outbreak/DoS attack, will this attack affect other contexts, or will the dropping of the excess connections be seamless to other contexts? Also, does the ACE drop the excess traffic in hardware, or must it be examined by a cpu?
Thanks!!
-Lee

Generally, the individual contexts operate independently from one another. So if one context reaches it's upper defined limit, that affects only that context.
The ACE has hardware-based support for many of it's operations, and to the best of my knowledge, connection processing is handled by one of its 16 ME's (MicroEngine). I've never seen a benchmark test that shows how e.g a DoS-attacks affects the entire module, nor have I tried it myself, but maybe someone else here at the forum can provide you with some information on that.
BTW, try and check out theese to links. The first one describes the ACE hardware architecture, including the ME's and how they're used for processing traffic. The other one is a test conducted by Miercom on the ACE module, maybe this can provide you with some information on how the ACE handles a sudden increase in traffic during an attack.
http://www.cisco.com/en/US/customer/prod/collateral/modules/ps2706/ps6906/White_Paper_Connection_Handling_within_the_Cisco_Application_Control_Engine_Module_Hardware.html
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_brochure0900aecd806d1c90.pdf
hth
/Ulrich

Similar Messages

Wwan 3G/4G 4G LTE HWIC VPN (with dynamic ip)Configuration assistance to multi context asa

Hello All
I have a customer that has several sites all over the world and they want to use 3G and possibly 4G (where available) as a backup vpn solution.
I need some assistance/ guidance in configuring the cellular radio and configuring the vpn (dynamic ip)to work over the wwan.
Countries involved are France, Spain, Australia, Thailand and Malaysia.
I understand that I will need the APN credentials from the service provider. Is this normally the same for 3g and 4g?
Do I get chat scripts from them too?
My vpn gateway in the HQ is a Cisco multi-context asa so I can't configure remote access as its not supported yet. Can I possibly use the 1921 router(4lte hwic installed) at the sites as a hardware client?
I have seen the following urls. One has the 3g router as a "remote access" vpn but I guess this won't work in my scenario.
The other is between ios router and asa which I think will work. I don't need nat on the 3g/4g router as all traffic will be using the vpn.
http://www.networking-forum.com/blog/?p=708 . Will I need this for all the sub-interfaces I configure on the router
interface Vlan1
description LAN
ip address 10.0.0.14 255.255.255.240
no ip redirects
no ip proxy-arp
ip tcp adjust-mss 1452
crypto ipsec client ezvpn ASA inside <--is this needed per interface????
Remote access reference in config:
group-policy 3GPolicy attributes
vpn-tunnel-protocol IPSec
password-storage enable
nem enable
tunnel-group 3GRAGroup type remote-access <---Remote access config
tunnel-group 3GRAGroup general-attributes
authorization-server-group LOCAL
default-group-policy 3GPolicy
tunnel-group 3GRAGroup ipsec-attributes
pre-shared-key **Same key as the ASA profile on the 881**
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/112075-dynamic-ipsec-asa-router-ccp.html
Anyone got a helpful configuration and guide?
Thanks
Feisal

Multi-context active-active etherchannel failover

Hi All,
Is there a way to monitor individual interfaces on a box doing multicontext etherchannel failover?
I can understand on an individual box you can add monitor-interface to the physical interface, but in multi context mode, there is only one interface (the logical etherchannel subinterface) pushed through from the system context to each of the other contexts. I've been looking around and can't work out how to get a context failover to fail if only one of the etherchannel fails.
If the other box has more active etherchannels then that's the one I want active, but can't see it at the moment.
Possibly missed something somewhere. Any ideas?
Thanks,
Gaz

monitor-interface will only work on "named" interfaces. So, what you are looking to do is not possible.
The member interfaces on a port-channel will not have "nameif" associated with them.
-Kureli

FWSM user and administrator multi-contexts authentication under ACS radius

Hi,
Im preparing the setup of an ACS radius server for FWSM-related authentication operations.
FWSMs will be in release 2.2, inserted in Catalyst 6500 (MSFC IOS), in routed mode, in multi-switch active / standby setup, with multiple contexts configured.
User and administrator access management will be performed thanks to a radius ACS server.
I intend to install ACS onto an armored windows 2000 server SP4 , using a local database.
PDM 4.0 is needed in order to manage multiple-contexts on FWSMs.
Are there any points I should be aware about such a configuration, especially regarding the user and administrator authentication access management setup ?
The fact is that administrators will have to be defined and restricted to their own context, without privileges onto other contexts. Do you have feedback about such a setup or relevant information to point to me ?
Many thanks in advance for your attention.
Best regards,
Arnaud

Each of the contexts will behave like individual firewalls for your purposes here. So, they each get a AAA config, and you could put them into their own groups for access control. Protect the Admin context especially well, it controls system resources for the others. Depending on how many FWSMs you have, you may want to look into the Pix MC, which is similar to PDM, but works for multiple FWSMs. It is a part of CiscoWorks VMS.
-Paul

Transparent ACE - 2 VLAN's, 1 context, 2 VIPs

Hi,
We have a 3 tier application that needs to be load balanced from client to middleware and from middleware to backend.
Usually we do this with multiple context's on the ACE.
This time we are doing this with multiple VLAN's within the same context. Is this possible?
setup
client VIP = 10.0.103.3 which is mapped to IRIS_Reporting serverfarm in VLAN47
middleware VIP = 10.0.103.4 which is mapped to IRIS_Web serverfarm in VLAN41
client VIP hits 10.0.103.3 and then middleware box then hits 10.0.103.4. First part is working fine but middleware cannot open connection to 10.0.103.4 VIP over tcp/80. In the ACE log i see the connection timing out...
Oct 5 2010 15:33:40 INTERNAL-LB: %ACE-6-302022: Built TCP connection 0x39181f for vlan347:10.0.4.18/49731 (10.0.4.18/49731) to vl
an47:10.0.103.4/80 (10.0.103.4/80)
Oct 5 2010 15:33:40 INTERNAL-LB: %ACE-6-302022: Built TCP connection 0x229206 for vlan41:10.0.4.18/49731 (10.0.4.18/49731) to vla
n341:10.0.103.4/80 (10.0.2.149/80)
Oct 5 2010 15:33:45 INTERNAL-LB: %ACE-6-302023: Teardown TCP connection 0x39181f for vlan347:10.0.4.18/49731 (10.0.4.18/49731) to
vlan47:10.0.103.4/80 (10.0.103.4/80) duration 0:00:05 bytes 104 SYN Timeout
Oct 5 2010 15:33:45 INTERNAL-LB: %ACE-6-302023: Teardown TCP connection 0x229206 for vlan41:10.0.4.18/49731 (10.0.4.18/49731) to
vlan341:10.0.103.4/80 (10.0.2.149/80) duration 0:00:05 bytes 232 TCP Reset
thanks,
John.

Hi Ivan,
Here is the config,
access-list BPDU ethertype permit bpdu
access-list everyone line 10 extended permit ip any any
parameter-map type http HTTP_PARAM
server-conn reuse
case-insensitive
persistence-rebalance
parameter-map type generic SSLID_PARAM
set max-parse-length 70
parameter-map type ssl SSL_PARAM
session-cache timeout 300
parameter-map type connection TCP_PARAM
syn-data drop
exceed-mss allow
rserver host BL-VAN-CDMSPBI1
description IRIS Sharepoint Reporting Server
ip address 10.0.4.15
inservice
rserver host BL-VAN-CDMSPBI2
description IRIS Sharepoint Reporting Server
ip address 10.0.4.18
inservice
rserver host BL-VAN-ITSM03
description ITSM Reporting Server
ip address 10.0.4.16
inservice
rserver host BL-VAN-ITSM04
description ITSM Reporting Server
ip address 10.0.4.17
inservice
rserver host VM-VAN-CDMSPNT1
description IRIS Sharepoint Web Server
ip address 10.0.2.148
inservice
rserver host VM-VAN-CDMSPNT2
description IRIS Sharepoint Web Server
ip address 10.0.2.149
inservice
serverfarm host IRIS_Reporting
description IRIS Reporting Servers
failaction reassign
fail-on-all
rserver BL-VAN-CDMSPBI1 80
    inservice
rserver BL-VAN-CDMSPBI2 80
serverfarm host IRIS_Web
description IRIS Front End Web Servers
failaction reassign
fail-on-all
rserver VM-VAN-CDMSPNT1 80
    inservice
rserver VM-VAN-CDMSPNT2 80
    inservice
serverfarm host ITSM_Reporting
description ITSM Reporting Servers
failaction reassign
rserver BL-VAN-ITSM03 80
    inservice
rserver BL-VAN-ITSM04 80
    inservice
class-map match-all IRIS_REPORTING_HTTP
2 match virtual-address 10.0.103.3 tcp eq www
class-map match-all IRIS_WEB_HTTP
2 match virtual-address 10.0.103.4 tcp eq www
class-map match-all ITSM_HTTP
2 match virtual-address 10.0.103.1 tcp eq www
class-map type management match-any PING
10 match protocol icmp any
20 match protocol snmp any
policy-map type management first-match PING-POLICY
class PING
    permit
policy-map type loadbalance first-match IRIS_REPORTING_HTTP-l7slb
class class-default
    serverfarm IRIS_Reporting
policy-map type loadbalance first-match IRIS_WEB_HTTP-l7slb
class class-default
    serverfarm IRIS_Web
policy-map type loadbalance first-match ITSM_HTTP-l7slb
class class-default
    serverfarm ITSM_Reporting
policy-map multi-match int41
class IRIS_WEB_HTTP
    loadbalance vip inservice
    loadbalance policy IRIS_WEB_HTTP-l7slb
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
    appl-parameter http advanced-options HTTP_PARAM
    connection advanced-options TCP_PARAM
policy-map multi-match int47
class ITSM_HTTP
    loadbalance vip inservice
    loadbalance policy ITSM_HTTP-l7slb
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
class IRIS_REPORTING_HTTP
    loadbalance vip inservice
    loadbalance policy IRIS_REPORTING_HTTP-l7slb
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
    appl-parameter http advanced-options HTTP_PARAM
    connection advanced-options TCP_PARAM
interface vlan 41
description Client-Side VIP for Internal WEB LB
bridge-group 2
no icmp-guard
access-group input BPDU
access-group input everyone
service-policy input PING-POLICY
service-policy input int41
no shutdown
ip route inject vlan 41
interface vlan 47
description Client-Side VIP for Gen Applications LB
bridge-group 1
no icmp-guard
access-group input BPDU
access-group input everyone
service-policy input PING-POLICY
service-policy input int47
no shutdown
ip route inject vlan 47
interface vlan 341
description Server-Side for Internal WEB
bridge-group 2
no icmp-guard
access-group input BPDU
access-group input everyone
service-policy input PING-POLICY
no shutdown
interface vlan 347
description Server-Side for Gen Applications
bridge-group 1
no icmp-guard
access-group input BPDU
access-group input everyone
service-policy input PING-POLICY
no shutdown
interface bvi 1
ip address 10.0.4.58 255.255.255.192
alias 10.0.4.59 255.255.255.192
peer ip address 10.0.4.57 255.255.255.192
no shutdown
interface bvi 2
ip address 10.0.2.186 255.255.255.192
alias 10.0.2.187 255.255.255.192
peer ip address 10.0.2.185 255.255.255.192
no shutdown
ip route 0.0.0.0 0.0.0.0 10.0.4.62

Issues in Table with Multi-Row Insert

I have created a master detail screens using jheadstart on 2 separate pages, Master in the Form layout and detail in the Table Layout with multi-row insert, update and delete flags ON. Have set the New Rows count = 2.
Issue 1
If I try to delete any existing rows, it gives error for new rows saying value is required for the mandatory fields. It should just ignore the new rows if I have not updated any values for any attributes in the those row(As it does for non Master-Detail Table layout). I guess this might be happening because the jheadstart code is setting the foreign key for new rows the detail, but not resetting the status of the rows back to INITIALIZED.
I also noticed that the create() of underlying EO is getting called for those blank rows when I click on 'Save' button, even if I have not changed any data in those rows.
Issue 2
When I try to select the new rows also for deletion, I am getting a '500 Internal Server Error' with following stack trace... This is also happening for normal (non Master-Detail) Table layout.
java.lang.IllegalStateException: AdfFacesContext was already released or had never been attached. at oracle.adf.view.faces.context.AdfFacesContext.release(AdfFacesContext.java:342) at oracle.adfinternal.view.faces.webapp.AdfFacesFilterImpl.doFilter(AdfFacesFilterImpl.java:253) at oracle.adf.view.faces.webapp.AdfFacesFilter.doFilter(AdfFacesFilter.java:87)
Issue 3
I have put some validation code in the validate() method in the MyEntityImpl.java class.
The validate method seems tobe getting called lots of times, in my case 20 times, where the new rows are just 2.
Environment:
Jdeveloper 10.1.3, JHeadStart 10.1.3 build 78, Windows XP
thanks

Thanks for the reply.
Issue 1:
What I have observed that in case of multi-row select enabled tables, the blank rows do not have any data. This is because the EO's create() method is called only when we post the data using 'Save' button. Thus the Foreign Keys are also not setup. This is a correct behavior since create() and FK setups etc should get done only if the user has inputted any value in the new rows and thus intend to insert new data into the table.
I am able to find the exact cause of this issue. It is happening because in the details table, I have a column which needs tobe shown as checkbox. Since we can only bind checkbox to an Boolean attribute in VO, I have created a transient attribute of type Boolean, which basically calls the getter/setter of actual attribute doing the String "Y"/"N" to true/false conversion. Here is code for the transient attribute getter/setter
public Boolean getDisplayOnWebBoolean() {
return "Y".equals(getDisplayOnWeb()) ? Boolean.TRUE : Boolean.FALSE;
public void setDisplayOnWebBoolean(Boolean value) {
if(Boolean.TRUE.equals(value))
setDisplayOnWeb("Y");
else
setDisplayOnWeb("N");
Now when I click on the "Save" button, the setter for the boolean field is getting called with the value = false and this is resulting into the row being maked as dirty and thus the validation for the required attributes is getting executed and failing.
Issue 2:
Confirmed that correct filter-mapping entries are present in the web.xml.
Now when I select the new blank rows for deletion and click save, following exception is thrown:
java.lang.ClassCastException: oracle.jheadstart.controller.jsf.bean.NewTableRowBean at oracle.jheadstart.controller.jsf.bean.JhsCollectionModel.getRowsToRemove(JhsCollectionModel.java:412) at oracle.jheadstart.controller.jsf.bean.JhsCollectionModel.doModelUpdate(JhsCollectionModel.java:604) at oracle.jheadstart.controller.jsf.lifecycle.JhsPageLifecycle.processModelUpdaters(JhsPageLifecycle.java:541) at oracle.jheadstart.controller.jsf.lifecycle.JhsPageLifecycle.validateModelUpdates(JhsPageLifecycle.java:571)
thanks - rutwik

BVI doesn't show up in multi context ASA

I have an ASA 5585 in transparent mode, multi-context. It seems that the option to configure a BVI in one of the traffic contexts isn't there. In other words, while I see the option to configure a bridge group interface in the admin context, no such option comes up in the traffic context.
ciscoasa/admin(config)# interface ?
configure mode commands/options:
BVI         Bridge-Group Virtual Interface
Management Prefix of interface Management0/0
ciscoasa/admin(config)#
ciscoasa/admin(config)# changeto context dmz
ciscoasa/dmz(config)#
ciscoasa/dmz(config)# interface ?
configure mode commands/options:
Port-channel Prefix of interface Port-channel30.411, 30.412, 30.413, 30.414
ciscoasa/dmz(config)#
I thought that maybe I need to first allocate BVI interface(s) in the system context (in order to seem them in the traffic context) but that doesn't seem to be an option either.
ciscoasa/dmz(config)# ch system
ciscoasa(config)# interface ?
configure mode commands/options:
GigabitEthernet     GigabitEthernet IEEE 802.3z
Management          Management interface
Port-channel        Ethernet Channel of interfaces
Redundant           Redundant Interface
TenGigabitEthernet Ten GigabitEthernet
<cr>
ciscoasa(config)#
Has anyone seen this or know what the issue is? Thanks.

I think I figured it out. It seems that when you create a context, it is created in routed mode by default. So you have to explicitly go in and change it to transparent mode. Then the BVI interface shows up of course.

How to verify the Source systems connectivity with BWQ System.

Hi All,
I have diff source systems. And my requirement is to check the source systems connectivity with BWQ (BW Quality sys). please any body tell me the steps how to check the source system connectivity ?
Thanks & Regards,
Manju

Hi Manjula,
If you encounter problems when establishing a connection to your target server, check the following:
A message box appears while performing one of the following actions:
      Setting connection by choosing Apply to local session.
      Testing connection settings by choosing Test settings.
      Creating SAP TSQL objects
If errors occurred, they are displayed in the respective message box.
   Check developer trace files in ST11.
Test connection:
     For RFC related errors, check the RFC connection via SM59
     For database multi-connect errors, check if you can connect to the target SQL Server with the SQL Server Query Analyzer. Also check if the DBCON entries are correct.
Regards,
RK

Print JTable with multi line header

I need to print a JTable with multi line header, I want to know if I can use the method jTable.print(int, MessajeFormat, MessageFormat) by manipulation of the MessageFormat. How I can manipulate it?
Otherwise, How I can print this?

hi again,
To print pdf in a swing application you don't need servlet.jar.
You'll only need itext.jar and a printer connected to your pc.
Download the iText source code and unzip it. See the following classes:
com.lowagie.tools.LPR and com.lowagie.tools.BuildTutorial. This latter is the main class of a swing tool that you can run.
Silent Print:
You have only to embed this javascript code in your pdf:
writer.addJavaScript("this.print(false);", false);
                    document.add(new Chunk("Silent Auto Print"));Then, you have to send the document to the printer.
Google : java print pdf
http://forum.java.sun.com/thread.jspa?threadID=523898 or
http://www.exampledepot.com/egs/javax.print/pkg.html for printing task.
Under unix system, I used this:
                       String PRINTER = ...;
               try {
                    String cmd = "lp -d " + PRINTER + " " + PDF_PATH;
                    Runtime.getRuntime().exec(new String[] { "sh", "-c", cmd });
               } catch (Exception e) {
                             //handle the exception
                             e.printStackTrace();
               }hth

Multi Context IPSec VPN limitations

Hello,
We are looking to deploy mult-context IPSec lan to lan VPNs on ASA 9.x now that the functionality is available and I'm trying to understand if there are limitations to the number of tunnels that can be deployed per context? The below link may seem to indicate that there is a limit of 5 "IPSec sessions" per context but I can't see any reference to such limitations anywhere else.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/contexts.html#wp1147166
Does anybody know if there is a hard limit of number of IPSec connections per context or is it down to the general capabilities of the hardware (i.e. we're looking initially to deploy on 5520 so we'd get a throughput capability of 225Mb based on the datasheet -obviously depending on crypto parameters)?
Thanks

Hey found the updated document
http://www.cisco.com/en/US/docs/security/asa/command-reference/l1.html#wp1697181
Ok, this is the real document:
By default, all security contexts have unlimited access to the resources of the ASA, except where maximum limits per context are enforced; the only exception is VPN resources, which are disabled by default. If you find that one or more contexts use too many resources, and they cause other contexts to be denied connections, for example, then you can configure resource management to limit the use of resources per context. For VPN resources, you must configure resource management to allow any VPN tunnels.
vpn burst other
Concurrent
N/A
The Other VPN session amount for your model minus the sum of the sessions assigned to all contexts for vpn other.
The number of site-to-site VPN sessions allowed beyond the amount assigned to a context withvpn other. For example, if your model supports 5000 sessions, and you assign 4000 sessions across all contexts with vpn other, then the remaining 1000 sessions are available for vpn burst other. Unlike vpn other, which guarantees the sessions to the context, vpn burst othercan be oversubscribed; the burst pool is available to all contexts on a first-come, first-served basis.
vpn other
Concurrent
N/A
See the "Supported Feature Licenses Per Model" section in the CLI configuration guide for the Other VPN sessions available for your model.
Site-to-site VPN sessions. You cannot oversubscribe this resource; all context assignments combined cannot exceed the model limit. The sessions you assign for this resource are guaranteed to the context.
Value our effort and rate the assistance!

Adding FWSM multi context in CSM

Hi friends,
Just wanted to know that when adding FWSM multi-context in CSM 3.1, do i need to add all contexts separately in CSM or just adding the admin context will do the needful?
It seems to me that all security policies (ACL's) appear in CSM only after i import each context individually. But i have 22.
Just wanted to know if it is possible to add it in an easier way.
Thanks and Regards
Gautam

Hi, i have a similar problem: I have two context and system context, the CSM uses ACS to authenticate the devices, when I try to add the CSM tells me that the isn't authorized, but if configure in the ACS as a client, the CSM tells me that the device isn't authorized, I think that i need to add the system context as aaa client also, but this context haven't ip address by definition, how can I solve the problem?
Regards
Sergio

ECS with multi backend ?

Hi,
I would like to have some feedbacks from people that have set-up an ECS scenario with multi backends (R/3 and <u>especially</u> non R/3 backends).
What limitations did you get ?
Kind regards,
Yann

Hi
Actually this all depends on the complexity of your system landscape as well.
Data Consistency Issues frequently happen either due to system failure, memory bottlenecks, Error in transmission after confirmation, etc.
Say for instance, We have allowed the employee to shop from multiple comapany codes maintained at various R/3 back-ends. Usually in the first phase after getting live, we faced data inconsistency issues due to replication, spool errors, system errors.
BAPIs used for R/3 document creation also needs to be throughly verified for all possible scenarios and based on the customer requirements. We faced lots of issues in this case. Delivery Address was not getting passed correctly to the Backend documents in one case. We also faced BAPI - RFCs commit not working properly in few cases. Then we have to handle those issues from SRM side only.
R/3 system in our deals with FI/CO validation, MM- Logistics, etc in our case.
We need to handle most of the SAP inconsistencies by using our custom BADIs, BAPIs, from SRM side only, since some issues are top prioirity and we cannot wait most of the time ideally until SAP comes back with a resolution, OSS note etc.
Similarly, when dealing with multiple currencies, the Custom Approval workflow needs to be configured based on a common currency in order to determine the right Approvers for the shopping cart. The condition types, tolerance groups, GL validation, WBS Element handling etc from SRM is also a challenging experience.
Let me know incase this helps you in any way for your scenario.
Best Regards
- Atul

ASA X-series firewalls difference & multi context features

Does anyone have a quick guide to show the feature differences between the X and regular ASA series firewalls?
And does this still hold true WRT multi-context ASA in the X-series?
No multi-context.....
- If you need to provide VPN services such as remote access or site-to-site VPN tunnels.
- If you need to use dynamic routing protocols. With multiple context mode, you can use only static routes.
- If you need to use QoS.
- If you need to support multicast routing.
- If you need to provide Threat Detection.
tia,
Will

A few changes in the new ASA version 9.0 (supported on both ASA and ASA-X series):
http://www.cisco.com/en/US/docs/security/asa/asa90/release/notes/asarn90.html#wp586890
In multiple context mode, it does support the following:
- Site to site VPN tunnels only.
- Dynamic routing protocols: EIGRP and OSPFv2 only.
- QoS is not supported.
- Multicast routing is not supported.
- Thread Detection is not supported
Here is the unsupported feature on multiple context as off Version 9.0:
http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/ha_contexts.html#wp1382237

System stability?

I don't understand when people mention system stability, how and what is that? relevance to functioning?
All this stems from a warning from a program called CheckUp that flagged it with this comment: "System: PlaxoABAddln, Input Managers detected. This technology is no longer supported and can make your system unstable"
I contacted the program's support team and ended up with this comment:
"We have received an update from the Engineering team about your issue with the Plaxo Input Manager. Input Managers like the PlaxoABAddin are basically used for customizing the input process from keyboards or other input devices.
However, since some such applications are known to cause system instability, Apple has stopped supporting them since Mac OS 10.6 Snow Leopard.
However, the Plaxo Input Manager does a minimal amount of work in customizing the AB application into the Plaxo information panel. And Input Managers MAY cause instability, but they do not necessarily do so.
Therefore, please ignore the message as there is no need to apprehensive about it. Please let me know if you have any other questions."
Should i be apprehensive?
Can anyone shed a light?

Choggbabaprecious wrote:
I was hoping for a bit more information on why it could make system unstable. Plaxo insists it should not interfere but then why Apple does not support it with Snow Leopard? How does it actively affect system?
All technologies are constantly under review. Some don't work out as well as hoped or cause other, unforeseen problems and difficulties later down the road. When this happens, Apple deprecates the technology and, in most cases, provides an alternate method to accomplish the same thing. The first people they tell are developers who then have at least a couple of years to remove dependencies on the deprecated code.
At some point, the deprecated code will be removed and no one knows how the 3rd party software will react when code that it depends on is no longer there. It could partially work. It could crash. It could make your system unbootable.
In most cases, developers will only modify the code for new versions, requiring an upgrade for the new OS. In some cases (and yes, Adobe and HP, your ears are burning), they developers will not modify the code until it no longer works.

Problem with Failover FWSM (With Multiple Context)

Dear All,
I have 2 Catalyst 6500 with FWSM module, the catalyst and FWSM is redudant. FWSM with multiple context.
i had done with catalyst 6500, but when i try to add (Admin -> Security and Monitor Devices) module with fwsm context is always error.
i add this context in the active context.
this is the error message when i try to add fwsm on mars.
The first one;
expect: spawn id exp3 not open
while executing
"expect -nobrace {<--- More --->} {
send_user "\n"
send -- " "
exp_continue
} {assword: } {
s..."
invoked from within
"expect {
"<--- More --->" {
send_user "\n"
send -- " "
exp_continue
"assword: " {
(file "./sshpix7x.exp" line 105)
st_key
the second:
invoked from within
"expect {
"<--- More --->" {
send_user "\n"
send -- " "
exp_continue
"assword: " {
(file "./sshpix7x.exp" line 105)
st_key
and sometime:
spawn ssh -c 3des -l siem-mars 10.x.x.x
Connection timed out
For Information :
The FWSM Firewall Version 4.0(6)
and,
CSMAERS-200
Product Version               :    6.0.6 ( 3368 )
Data Package Version     :     35
IPS Signature Version     :     454
IPS Custom Signature Version     :     0
Anyone can help me please...
Thanks b4,
Best Regards,
Naga

Hi Teck Yong Ng,
I am not sure about your problem, but normally what happens when we install two databases on the same host is there will be conflict between the ports connecting to the database.
In your case the second system database might also have the same port number which you have for the first system.that is why i think you are facing this issue.
Try to look at the port numbers.
Regards,
Bharath Kumar.K
Message was edited by:
        Bharath Kumar K

ACE system stability with multi-context

Similar Messages

Maybe you are looking for