ACE with multiple context

hi,
i've 4 virtual context in my ACE configuration.it's possible to use the same real server in multiple context?2 context are configurated in one-arm mode
and 2 in bridge mode.
tks all
Aghibear

you could use one context as the default path - selecting this contect as the default gateway.
Then the other context uses client nat to guarantee that the response comes back.
I don't know if there is a specific example for what you want to do.
You can check sample configs from :
http://docwiki.cisco.com/wiki/Main_Page
G.

Similar Messages

  • Failure when FWSM in transparent mode with multiple contexts

    hi experts,
                We have two FWSMs working in active/standby state,  configured with multiple contexts in transparent mode. and the "outside" and "inside" interfaces for each context are in same subnet. 
                Now we have one FWSM broken and the RMA part can't arrived in short time, so  we have the risk that the sencond FWSM could be failed as well.   In the worst case if the two was broken or powered off simultaneously,   i wonder that if the communications between multiple contexts could be ok???
    thanks in advance.

    The software requirements for Cisco Secure ACS are dependent on the type of Extensible Authentication Protocol (EAP) desired. For full support of all the EAP types including EAP-Flexible Authentication via Secure Tunneling (FAST), use release 3.2.3 or higher.
    http://www.cisco.com/en/US/netsol/ns340/ns394/ns431/ns434/networking_solutions_implementation_guide09186a008038906c.html

  • Problem with Failover FWSM (With Multiple Context)

    Dear All,
    I have 2 Catalyst 6500 with FWSM module, the catalyst and FWSM is redudant. FWSM with multiple context.
    i had done with catalyst 6500, but when i try to add (Admin -> Security and Monitor Devices) module with fwsm context is always error.
    i add this context in the active context.
    this is the error message when i try to add fwsm on mars.
    The first one;
    expect: spawn id exp3 not open
    while executing
    "expect -nobrace {<--- More --->} {
    send_user "\n"
    send -- " "
    exp_continue
    } {assword: } {
    s..."
    invoked from within
    "expect {
    "<--- More --->" {
    send_user "\n"
    send -- " "
    exp_continue
    "assword: " {
    (file "./sshpix7x.exp" line 105)
    st_key
    the second:
    invoked from within
    "expect {
    "<--- More --->" {
    send_user "\n"
    send -- " "
    exp_continue
    "assword: " {
    (file "./sshpix7x.exp" line 105)
    st_key
    and sometime:
    spawn ssh -c 3des -l siem-mars 10.x.x.x
    Connection timed out
    For Information :
    The FWSM Firewall Version 4.0(6)
    and,
    CSMAERS-200
    Product Version               :    6.0.6 ( 3368 )
    Data Package Version     :     35
    IPS Signature Version     :     454
    IPS Custom Signature Version     :     0
    Anyone can help me please...
    Thanks b4,
    Best Regards,
    Naga

    Hi Teck Yong Ng,
    I am not sure about your problem, but normally what happens when we install two databases on the same host is there will be conflict between the ports connecting to the database.
    In your case the second system database might also have the same port number which you have for the first system.that is why i think you are facing this issue.
    Try to look at the port numbers.
    Regards,
    Bharath Kumar.K
    Message was edited by:
            Bharath Kumar K

  • ASA 5520 with multiple contexts becomes unresponsive

    Hi all. We have encountered a perculiar problem with a pair of our ASA 5520 firewalls with 2 contexts(each context being active on different ASA). What we are seeing is that sometimes when we have a sudden increase of inbound traffic(mostly HTTP) towards servers behind the firewalls they seem to go bananas for the lack of a better expression.
    They become unaccessible via ssh and the traffic drops significantly. The problem is mitigated by disabling one of the monitored interfaces for failover(on one of the switches the firewall is connected to) so that both contexts become active on one firewall. After that the firewalls seem to come to their senses and we can enable the switch interface again but sometimes one of the pair needs to be rebooted to restore full funcionality.
    To us it seems like there is a problem with failover and contexts but we haven't been able to pin it down. The failover link isn't stateful and when we tested the failover it works fine both ways with each ASA taking up the full load when the other ASA of the pair is not available.
    Did anyone come across a similar situation with their firewalls?

    We are using ASA version 8.2(5).
    The configuration of the failover is:
    failover
    failover lan unit primary
    failover lan interface fail_int GigabitEthernet0/3
    failover interface ip fail_int x.x.x.x 255.255.255.252 standby x.x.x.x
    failover group 1
      preempt
    failover group 2
      secondary
      preempt
    Output of the "show failover":
      This host:    Primary
      Group 1       State:          Active
                    Active time:    399409 (sec)
      Group 2       State:          Standby Ready
                    Active time:    111 (sec)
                    slot 0: ASA5520 hw/sw rev (2.0/8.2(5)) status (Up Sys)
                      admin Interface out (x.x.x.x): Normal (Waiting)
                      admin Interface inside (x.x.x.x): Normal (Waiting)
                      admin Interface dmz4 (x.x.x.x): Normal
                      admin Interface dmz1(x.x.x.x): Normal (Not-Monitored)
                      C1 Interface out (x.x.x.x): Normal (Waiting)
                      C1 Interface inside (x.x.x.x): Normal (Waiting)
                      C1 Interface dmz5 (x.x.x.x): Normal
                      C1 Interface dmz1 (x.x.x.x): Normal (Not-Monitored)
                    slot 1: empty
      Other host:   Secondary
      Group 1       State:          Standby Ready
                    Active time:    0 (sec)
      Group 2       State:          Active
                    Active time:    398992 (sec)
                    slot 0: ASA5520 hw/sw rev (2.0/8.2(5)) status (Up Sys)
                      admin Interface out (x.x.x.x): Normal (Waiting)
                      admin Interface inside (x.x.x.x): Normal (Waiting)
                      admin Interface dmz4 (x.x.x.x): Normal
                      admin Interface dmz1(x.x.x.x): Normal (Not-Monitored)
                      C1 Interface out (x.x.x.x): Normal (Waiting)
                      C1 Interface inside (x.x.x.x): Normal (Waiting)
                      C1 Interface dmz5 (x.x.x.x): Normal
                      C1 Interface dmz1 (x.x.x.x): Normal (Not-Monitored)
                    slot 1: empty
    Stateful Failover Logical Update Statistics
            Link : Unconfigured.
    When I disabled the monitored interface it was always the same interface altough I believe the same effect could be achieved with disabling any of the monitored interfaces.
    As for memory and CPU when it happens I cannot access the units to get a reading but I asume it's through the roof. 
    The thing that troubles me more is that the situation persists when the load drops and I have to perform the solution from the first post. One would assume that with the drop of the load that both firewalls would start to behave normally.
    And I see that I haven't mentioned it before but when the load drops both units continue to handle traffic normally but I sometimes see as a side effect that I cannot SSH to one of the units. That unit usually has to be restarted.

  • Botnet Filter with multiple Context Mode

    We used the Botnet Filter in Single Context Mode for a long Time. Now we converted to multiple Context Mode and the Database is no longer updated. In the system Context I can See the update settings but when I try to update the result is always "no DNS server". Since the system context has no interfaces there are no DNS settings etc.
    How should be the Botnet Filter configured in Multiple Context Mode?
    Thanks for any response in advance.

    sh run | grep dns
    dns domain-lookup T-COM
    dns domain-lookup COLT
    dns server-group DefaultDNS
    policy-map type inspect dns preset_dns_map
    inspect dns preset_dns_map
    ping update-manifests.ironport.com
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 204.15.82.17, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 160/162/170 ms
    ping updates.ironport.com
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 80.239.221.64, timeout is 2 seconds:
    ASA Version 8.4(2)
    hostname DE-VM-TER-FW-02
    enable password 8Ry2Yj8765U24 encrypted
    passwd 2KFQnb6IdI.2KY75 encrypted
    names
    interface GigabitEthernet0/0.3207
    nameif TR_v207
    security-level 50
    ip address 10.28.6.60 255.255.255.248
    interface GigabitEthernet0/0.3208
    nameif TR_v208
    security-level 70
    ip address 10.28.6.68 255.255.255.248
    interface GigabitEthernet0/0.3209
    nameif TR_v209
    security-level 80
    ip address 10.28.6.76 255.255.255.248
    interface GigabitEthernet0/0.3210
    nameif TR_v210
    security-level 90
    ip address 10.28.6.84 255.255.255.248
    interface GigabitEthernet0/1
    nameif COLT
    security-level 0
    ip address 217.111.58.46 255.255.255.240
    interface GigabitEthernet0/3
    nameif T-COM
    security-level 0
    ip address 194.25.250.94 255.255.255.240
    dns domain-lookup T-COM
    dns domain-lookup COLT
    dns server-group DefaultDNS
    name-server 8.8.8.8
    object network COLT_dynamic_NAT
    subnet 0.0.0.0 0.0.0.0
    object network T-COM_dynamiy_NAT
    subnet 0.0.0.0 0.0.0.0
    object-group network DM_INLINE_NETWORK_1
    network-object 10.0.0.0 255.0.0.0
    network-object 172.16.0.0 255.240.0.0
    network-object 192.168.0.0 255.255.0.0
    access-list COLT_access_in extended deny ip any any
    access-list T-COM_access_in extended permit tcp any object DEUAG01-actsync eq https
    access-list T-COM_access_in extended permit tcp any object DEUAG01-portal eq https
    access-list T-COM_access_in extended deny ip any any
    access-list TR_3208_access_in extended deny ip any object-group DM_INLINE_NETWORK_1
    access-list TR_3208_access_in extended permit ip any any
    access-list TR_3208_access_in extended permit icmp any any
    access-list TR_v207_access_in extended deny ip any any
    access-list TR_v210_access_in extended deny ip any any
    access-list TR_v209_access_in extended deny ip any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu TR_v208 1500
    mtu T-COM 1500
    mtu COLT 1500
    mtu TR_v207 1500
    mtu TR_v210 1500
    mtu TR_v209 1500
    ip verify reverse-path interface T-COM
    ip verify reverse-path interface COLT
    ipv6 access-list TR_v207_access_ipv6_in deny ip any any
    ipv6 access-list TR_v208_access_ipv6_in deny ip any any
    ipv6 access-list TR_v209_access_ipv6_in deny ip any any
    ipv6 access-list TR_v210_access_ipv6_in deny ip any any
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    object network COLT_dynamic_NAT
    nat (any,COLT) dynamic interface
    object network T-COM_dynamiy_NAT
    nat (any,T-COM) dynamic interface
    access-group TR_3208_access_in in interface TR_v208
    access-group TR_v208_access_ipv6_in in interface TR_v208
    access-group T-COM_access_in in interface T-COM
    access-group COLT_access_in in interface COLT
    access-group TR_v207_access_in in interface TR_v207
    access-group TR_v207_access_ipv6_in in interface TR_v207
    access-group TR_v210_access_in in interface TR_v210
    access-group TR_v210_access_ipv6_in in interface TR_v210
    access-group TR_v209_access_in in interface TR_v209
    access-group TR_v209_access_ipv6_in in interface TR_v209
    route T-COM 0.0.0.0 0.0.0.0 194.25.250.81 1
    route COLT 0.0.0.0 0.0.0.0 217.111.58.33 20
    route TR_v208 10.28.24.0 255.255.255.0 10.28.6.65 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    user-identity default-domain LOCAL
    no snmp-server location
    no snmp-server contact
    telnet timeout 5
    ssh timeout 5
    no threat-detection statistics tcp-intercept
    dynamic-filter use-database
    dynamic-filter enable interface T-COM
    dynamic-filter enable interface COLT
    dynamic-filter drop blacklist interface T-COM
    dynamic-filter drop blacklist interface COLT
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum client auto
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
    inspect dns preset_dns_map dynamic-filter-snoop
    service-policy global_policy global
    Cryptochecksum:7bbe975fb39e189e99d8878787a0037
    : end
    System Context
    dynamic-filter updater-client enable
    ​ Can't resolve update-manifests.ironport.com, make sure dns nameserver is configured

  • Problem with Multiple Context Creation

    Hi,
    We are facing a java.lang.SecurityException Invalid Subject
    We need to create multiple Initial Contexts for a single thread.
    Following is the Scenario
    1) The user will access Servlet/Struts Action class which performs database call and EJB(one, two) calls with different Initial Contexts ( Credentials are different)
    2) At the same time the Timer Task runs in back ground which is invoked from servlet load-on-startup and runs for every 1 min.
    3) The Timer Task invoke an MDB this MBD will make an external EJB (three) call for business logic.
    {color:#ff0000}Please Suggest me the Sequence of step I am expecting are correct or not{color}
    1) The Timer Task will run in the same JVM where the Servlet/Action classes are loaded (WEB-CONTAINER)
    2) The Thread created for Servlet/Action class will not be shared by Timer Task.
    3) The Thread created for Timer Task and the MDB are different.
    4) So the Servlet - Thread, Timer Task Thread and MDB Thread are different.
    The Behavior of the Context is as follows according to Bea Document.
    [http://e-docs.bea.com/wls/docs81/jndi/jndi.html#476864]
    JNDI Contexts and Threads
    How to Avoid Potential JNDI Context Problems (Please Refer this Paragraph)
    I am closing the entire Context's immediately after lookup
    Still we are facing this java.lang.SecurityException Invalid Subject Exception Problem
    The Context of EJB which we are calling from MDB is sharing the Servlet/Action Class Context -- Credentials
    Example_
    {color:#ff0000}Servlet/Action Class Context Credentials -- are user1/pass1{color}
    {color:#ff0000}EJB (three) Context Credentials -- are user3/pass3{color}
    When EJB (Three) lookup is invoked it&rsquo;s throwing the following Exception
    *java.lang.SecurityException: [Security: 090398] Invalid Subject: user1*
    Please advise to solve this problem
    Thank You.

    Solved By myself
    There is problem while passing data to internal table for item level

  • Table View with Multiple Context Nodes

    I want to create a table-view consisting of an object composition, e.g. multiple business objects. The chtml:configCellerator -tag supports just one context node which corresponds to just one business object.
    How do you create a table composed by different objects, i.e. BTAdminH and BTAdminI ?
    Edited by: romanglass on May 18, 2010 4:07 PM

    Hi,
    I would suggest to create a new component and not to disturb the standard ones. Because the super class of the header context node (BTAdminH in your case) must be inherited from CL_BSP_WD_CONTEXT_NODE_DTV - Deep table view.
    The dependent nodes must be passed to return parameter rt_result of method GET_SUB_CNODE_DEFINITIONS.
    This cant be done via wizard. I just tried to replicate your scenario. Below are the steps,
    1. create a view with context node BTADMINH as tableview. Then change the super class of the context node to   CL_BSP_WD_CONTEXT_NODE_DTV.
    2. Add another context node BTADMINI and mark it as dependent to BTADMINH.
    3. Now change the super class of context node BTADMINI to CL_BSP_WD_CONTEXT_NODE_TV  (Table View).
    4. Redefine method GET_SUB_CNODE_DEFINITIONS in context node BTADMINH.
    In the view layout you should use cellerator and pass an iterator with interface IF_THTMLB_CELLERATOR_ITERATOR. The interface has a method RENDER_DEPENDANT_OBJECTS which returns the table of dependant objects.
    Regards,
    Arun
    Edited by: Arun Kumar on May 19, 2010 1:01 PM

  • Transparent firewall with failover with multiple contexts

                       I am running 8.4(2) on ASA5585s. They are in mulitble context mode and set to transparent firewall with active/active failover. When I do a sh failover in a context I see 2 of my interfaces are (waiting). I have a BVI and these are the ip addresses on the interfaces in he "sh failover" below.
    Failover On
    Last Failover at: 11:54:39 GMT/IST Feb 23 2012
            This context: Standby Ready
                    Active time: 175394 (sec)
                      Interface ctxb-inside (x.x.x.165): Normal (Waiting)
                      Interface ctxb-outside (x.x.x.165): Normal (Monitored)
            Peer context: Active
                    Active time: 11390663 (sec)
                      Interface ctxb-inside (x.x.x.164): Normal (Monitored)
                      Interface ctxb-outside (x.x.x.164): Normal (Waiting)
    Why are the interfaces in (waiting)?

    Are you able to ping between the interfaces? ie: can you ping x.x.x.165 from x.x.x.164 and visa versa? If you are not able to ping it, that means there is no connectivity between the 2, hence the status is in Normal (Waiting) because it has not received the hello packet on that corresponding interface.
    Here is the reference guide FYI:
    http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/s3.html#wp1505709

  • ACE system stability with multi-context

    Question... if the ACE module is configured with multiple contexts, and one of the contexts hits its max resource limitations for a given resource thereby resulting in dropping excess resources, will this cost the entire ACE system, or is it limited only to the one context?
    For example, if a context configured for a max of 3000 connections/second receives 300000000 connections/second due to a virus outbreak/DoS attack, will this attack affect other contexts, or will the dropping of the excess connections be seamless to other contexts? Also, does the ACE drop the excess traffic in hardware, or must it be examined by a cpu?
    Thanks!!
    -Lee

    Generally, the individual contexts operate independently from one another. So if one context reaches it's upper defined limit, that affects only that context.
    The ACE has hardware-based support for many of it's operations, and to the best of my knowledge, connection processing is handled by one of its 16 ME's (MicroEngine). I've never seen a benchmark test that shows how e.g a DoS-attacks affects the entire module, nor have I tried it myself, but maybe someone else here at the forum can provide you with some information on that.
    BTW, try and check out theese to links. The first one describes the ACE hardware architecture, including the ME's and how they're used for processing traffic. The other one is a test conducted by Miercom on the ACE module, maybe this can provide you with some information on how the ACE handles a sudden increase in traffic during an attack.
    http://www.cisco.com/en/US/customer/prod/collateral/modules/ps2706/ps6906/White_Paper_Connection_Handling_within_the_Cisco_Application_Control_Engine_Module_Hardware.html
    http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_brochure0900aecd806d1c90.pdf
    hth
    /Ulrich

  • DFF with Multiple Codes (contexts) and Segments

    I have made a DFF with multiple Codes just like the reference field in Oracle Order Management. Each code consists of multiple segments. I want to enter data in all the code and in all segments.
    The problem is, i select first code and enter data in its segments and save it. After that i select another code (context) from the lov and enter data in its segments. Now when i re-open the first code (context) in which i have entered the data there is nothing.
    What should i do??
    Note: I can also provide you guys with screen shots and any other file that you want.

    Thanks for your reply. Are you sure this is the only possibility as this is a very crucial requirement by our client and we need it to work our way. Can it be made possible through personalization??
    Regards,
    Mohammad Daniyal Khurshidi

  • ACE isssue for rserver with multiple IP on the same NIC

    Dear all,
    I'm doing to configure an ACE with bridged mode to load balance incoming traffic to 3 TMG servers following this network diagram:
    The system design require to have 4 IP address on the same NIC, and 3 VIP for each pool of the IP as presented in the diagram (rserver: 172.22.14.52 & 62 & 72 - VIP: 172.22.14.82). The attached configuration of the ACE was tested successfully, but we discover that some NIC crash after a non-specific period (Server cannot ping their default gateway: Destination unreachable). I need then to restart the server to get things going well.
    After troubleshooting many things, I discover that when I remove the service policy on the ACE interface, the problem disappears and server continue to work correctly.
    Is it possible that this problem is due to having on the ACE arp table 3 IP address having the same mac? and how I can solve it?
    Thanks, Abdelaziz

    This is for help the show arp result. I see that the four IP address of each server have the same mac address but only the first IP is LEARNED. Is it normal?
    ================================================================================
    IP ADDRESS      MAC-ADDRESS        Interface  Type      Encap  NextArp(s) Status
    ================================================================================
    172.22.14.51    00.c0.dd.16.90.4c  vlan2014  LEARNED    15067  13964 sec    up
    172.22.14.52    00.c0.dd.16.90.4c  vlan2014  RSERVER    15051  173 sec      up
    172.22.14.53    00.c0.dd.16.90.4c  vlan2014  RSERVER    15057  177 sec      up
    172.22.14.54    00.c0.dd.16.90.4c  vlan2014  RSERVER    15059  178 sec      up
    172.22.14.61    00.c0.dd.16.ae.60  vlan2014  LEARNED    15058  13677 sec    up
    172.22.14.62    00.c0.dd.16.ae.60  vlan2014  RSERVER    15050  172 sec      up
    172.22.14.63    00.c0.dd.16.ae.60  vlan2014  RSERVER    15064  181 sec      up
    172.22.14.64    00.c0.dd.16.ae.60  vlan2014  RSERVER    15061  179 sec      up
    172.22.14.71    00.c0.dd.16.93.b8  vlan2014  LEARNED    15065  13700 sec    up
    172.22.14.72    00.c0.dd.16.93.b8  vlan2014  RSERVER    15048  171 sec      up
    172.22.14.73    00.c0.dd.16.93.b8  vlan2014  RSERVER    15062  179 sec      up
    172.22.14.74    00.c0.dd.16.93.b8  vlan2014  RSERVER    15068  291 sec      up
    172.22.14.253   88.43.e1.75.9a.80  vlan2024  LEARNED    15019  9328 sec     up
    172.22.14.254   88.43.e1.75.96.00  vlan2024  GATEWAY    14463  36 sec       up
    172.22.14.250   00.23.5e.26.1e.71  bvi3      INTERFACE  LOCAL     _         up
    ================================================================================

  • How to create a table with multiple select on???

    Hi all,
            I am  new to webdynpro and my requirement is to create a  table with multiple selection on.I have to add abt 10 rows in the table but only 5 rows should be visible and moreover a verticalscroll should be available to view other rows.Can anybody explain me in detail how to do that.Please reply as if you are explaining  to a newcomer.Reply ASAP as i have to do it today.
                                                                           Thanxs

    Hi,
    1. Create a value node in your context name Table and set its cardinality to 0:n
    2. Create 2 value attributes within the Table node name value1 and value2
    3. Goto Outline view> Right click on TransparentUIContainer>Apply Template> Select Table>mark the node Table and it's attributes.
    you have created a table and binded its value to context
    Table UI properties
    4.Set Selection Mode to Multi
    5.Set Visible Row Count to 5
    6.ScrollableColCount to 5
    In your implemetaion, you can add values to table as follow:
    IPrivate<viewname>.ITableElement ele = wdContext.nodeTable().createTableElement();
    ele.setValue1(<value>);
    ele.setValue2(<value>);
    wdContext.nodeTable().addElement(ele);
    The above code will allow you to add elements to your table node.
    Regards,
    Murtuza

  • ASA5540 in multiple-context SNMP/icmp doesn´t work

    Hi there,
         I need some help in order to understante what´s going on with an asa540 configure in multiple-context mode.
         I Have a cacti server on my lan and now I´m try to monitoring the interface with snmp. When I try to get this information returns the error message:
         CISCOASA/CONTEXTA#
         JUN 11 2013 01:52:00: %ASA-1-1-6021: Deny UDP reverse path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
        JUN 11 2013 01:52:01: %ASA-1-1-6021: Deny UDP reverve path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
         If I try to ping returns the same error:
         CISCOASA/CONTEXTA#
         JUN 11 2013 01:56:09: %ASA-1-1-6021: Deny icmp  reverse path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
        Following attached the conf of my asa
      My question is Why I can´t ping or even use snmp ???  
       If anyone could me help with a tip or a document about it ...
       My best regards
       Adriano    

    CISCOASA/CONTEXT# packet-tracer input inside icmp 10.132.0.25 8 0 10.6.72.2
    Phase: 1
    Type: ACCESS-LIST
    Subtype:
    Result: ALLOW
    Config:
    Implicit Rule
    Additional Information:
    MAC Access list
    Phase: 2
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found no matching flow, creating a new flow
    Phase: 3
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   10.6.72.2       255.255.255.255 identity
    Phase: 4
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   IP_SRV_HSLCACTIP01 255.255.255.255 inside
    Phase: 5
    Type: ACCESS-LIST
    Subtype:
    Result: ALLOW
    Config:
    Implicit Rule
    Additional Information:
    Phase: 6
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 7
    Type: INSPECT
    Subtype: np-inspect
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 8
    Type: INSPECT
    Subtype: np-inspect
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 9
    Type: FLOW-CREATION
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    New flow created with id 453866627, packet dispatched to next module
    Phase: 10
    Type: ROUTE-LOOKUP
    Subtype: output and adjacency
    Result: ALLOW
    Config:
    Additional Information:
    found next-hop 0.0.0.0 using egress ifc identity
    adjacency Active
    next-hop mac address 0000.0000.0000 hits 22196
    Result:
    input-interface: inside
    input-status: up
    input-line-status: up
    output-interface: inside
    output-status: up
    output-line-status: up
    Action: allow
    Route information:
    route inside 10.132.0.0 255.255.252.0 10.6.72.1 1
    route inside IP_SRV_HSLCACTIP01 255.255.255.255 10.6.72.1 1
    CISCOASA/CONTEXT# sh route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           * - candidate default, U - per-user static route, o - ODR
           P - periodic downloaded static route
    Gateway of last resort is 200.206.50.233 to network 0.0.0.0
    C    200.206.50.232 255.255.255.248 is directly connected, outside
    S    10.132.0.0 255.255.252.0 [1/0] via 10.6.72.1, inside
    S    IP_SRV_HSLCACTIP01 255.255.255.255 [1/0] via 10.6.72.1, inside
    S*   0.0.0.0 0.0.0.0 [1/0] via 200.206.50.233, outside
    Regards,

  • Remote Access VPN Support in Multiple Context Mode (9.1(2))?

    Hi Guys,
    I am currently running two Cisco ASA5520 (ASA Version: 9.1(2)) firewalls in Active/Standby failover and was contemplating the option of migrating my remote access VPN to these firewalls. However seeing that the new IOS now support mixed multiple context mode and dynamic routing. Is it safe to ask whether or not Remote Access VPN is now support in this IOS upgrade?
    Multiple Context Mode New Features:
    Site-to-Site VPN in multiple context mode | Site-to-site VPN tunnels are now supported in multiple context mode.
    New resource type for site-to-site VPN tunnels | New resource types, vpn other and vpn burst other, were created to set the maximum number of site-to-site VPN tunnels in each context.
    Dynamic routing in Security Contexts | EIGRP and OSPFv2 dynamic routing protocols are now supported in multiple context mode. OSPFv3, RIP, and multicast routing are not supported.
    New resource type for routing table entries | A new resource class, routes, was created to set the maximum number of routing table entries in each context. We modified the following commands: limit-resource, show resource types, show resource usage, show resource allocation. We modified the following screen: Configuration > Context Management > Resource Class > Add Resource Class.
    Mixed firewall mode support in multiple context mode | You can set the firewall mode independently for each security context in multiple context mode, so some can run in transparent mode while others run in routed mode. We modified the following command: firewall transparent. You cannot set the firewall mode in ASDM; you must use the command-line interface. Also available in Version 8.5(1).
    Regards,
    Leon

    Hey Leon,
    According to the ASA 9.1 Configuration Guide, Remote Access VPN is not yet supported with version 9.1(2). Only Site-to-Site VPN support in multiple context was introduced with release ASA 9.0(x). This was mentioned in the 9.0(x) release notes.
    Regards,
    Dennis

  • Web dynpro screen with multiple rows with columns that can be edited

    Web dynpro screen with multiple rows with columns that can be edited individually:
    Hi
    I am busy creating a screen in web dynpro for ABAP which we would like to make available via Portal ESS (Portal 7).
    I need to add 'n type of table (or almost something like Excel) or something in which someone can type a few paycode numbers (there should be lets say 10 blank rows in which info can be typed in and if I click on a button or so, more rows must be added if necessary.  Then in the other colums stuff like amounts must be entered which one should also be able to edit then and there.
    Can anyone assist in what I can use for this?  There does not seem to be some existing element that I can use.
    Help will be appreciated.
    Regards
    Debbie

    Hi Debbie,
    Whiel Creating table you need to be care full that use chose INPUT FIELD as the CELL EDITOR. Just guessing that if ur table is not editable u might have choosen TextView as default cell editor type.
    check link for details on TABLE UI
    [http://help.sap.com/saphelp_erp2005/helpdata/EN/b5/ac884118aa1709e10000000a155106/frameset.htm]
    easy way is to first add UI ELEMENT TABLE to your VIEW, then right click over it & select create binding from context. After you have a pop up where you can select what columns you want what should be its cell editor etc.
    Greetings
    Prashant

Maybe you are looking for

  • How do I access documents in iCloud.

    I can't find an iCloud icon & iCloud.com doesn't work? It tells me to set up iCloud but I already did that.

  • 10.10.2 will not install - tried Mac App Store and Delta updater

    I'm trying to install the 10.10.2 update on a 15" MacBook Pro (Mid 2010) which currently has 10.10.1 on it and its not going well! The Mac App Store shows the 10.10.2 update, I click Update and dropdown says "Some updates need to finish downloading b

  • DVD RW - lack of

    After installing the beta Vista drivers i have lost my DVD-RW, only disabling all the creative products AT EACH REBOOT am i able to use this. It is very annoying especially when i am trying to restore the programs, documents and back up?after the ins

  • [TEMP-WORKAROUND] 290 NVIdia/3.2 kernel tests I've done

    It's not fixed as it is a kernel issue. Link to article in post #5. But there is a workaround in the meantime to at least get you back up and running. I have an up to date Arch x86_64 machine. And an NVidia GTX-560TI. Like others, today's updates bro

  • Why do unanswered questions have available answer headings?

    I have asked questions which apparently no one can answer. It's visable when you look at the posting. 0 answers. Yet, when I go to the question, at the top of the page is "This question is not answered. "Helpful" answers available: 2 . "Solved" answe