ACE with multiple context
hi,
i've 4 virtual context in my ACE configuration.it's possible to use the same real server in multiple context?2 context are configurated in one-arm mode
and 2 in bridge mode.
tks all
Aghibear
you could use one context as the default path - selecting this contect as the default gateway.
Then the other context uses client nat to guarantee that the response comes back.
I don't know if there is a specific example for what you want to do.
You can check sample configs from :
http://docwiki.cisco.com/wiki/Main_Page
G.
Similar Messages
-
Failure when FWSM in transparent mode with multiple contexts
hi experts,
We have two FWSMs working in active/standby state, configured with multiple contexts in transparent mode. and the "outside" and "inside" interfaces for each context are in same subnet.
Now we have one FWSM broken and the RMA part can't arrived in short time, so we have the risk that the sencond FWSM could be failed as well. In the worst case if the two was broken or powered off simultaneously, i wonder that if the communications between multiple contexts could be ok???
thanks in advance.The software requirements for Cisco Secure ACS are dependent on the type of Extensible Authentication Protocol (EAP) desired. For full support of all the EAP types including EAP-Flexible Authentication via Secure Tunneling (FAST), use release 3.2.3 or higher.
http://www.cisco.com/en/US/netsol/ns340/ns394/ns431/ns434/networking_solutions_implementation_guide09186a008038906c.html -
Problem with Failover FWSM (With Multiple Context)
Dear All,
I have 2 Catalyst 6500 with FWSM module, the catalyst and FWSM is redudant. FWSM with multiple context.
i had done with catalyst 6500, but when i try to add (Admin -> Security and Monitor Devices) module with fwsm context is always error.
i add this context in the active context.
this is the error message when i try to add fwsm on mars.
The first one;
expect: spawn id exp3 not open
while executing
"expect -nobrace {<--- More --->} {
send_user "\n"
send -- " "
exp_continue
} {assword: } {
s..."
invoked from within
"expect {
"<--- More --->" {
send_user "\n"
send -- " "
exp_continue
"assword: " {
(file "./sshpix7x.exp" line 105)
st_key
the second:
invoked from within
"expect {
"<--- More --->" {
send_user "\n"
send -- " "
exp_continue
"assword: " {
(file "./sshpix7x.exp" line 105)
st_key
and sometime:
spawn ssh -c 3des -l siem-mars 10.x.x.x
Connection timed out
For Information :
The FWSM Firewall Version 4.0(6)
and,
CSMAERS-200
Product Version : 6.0.6 ( 3368 )
Data Package Version : 35
IPS Signature Version : 454
IPS Custom Signature Version : 0
Anyone can help me please...
Thanks b4,
Best Regards,
NagaHi Teck Yong Ng,
I am not sure about your problem, but normally what happens when we install two databases on the same host is there will be conflict between the ports connecting to the database.
In your case the second system database might also have the same port number which you have for the first system.that is why i think you are facing this issue.
Try to look at the port numbers.
Regards,
Bharath Kumar.K
Message was edited by:
Bharath Kumar K -
ASA 5520 with multiple contexts becomes unresponsive
Hi all. We have encountered a perculiar problem with a pair of our ASA 5520 firewalls with 2 contexts(each context being active on different ASA). What we are seeing is that sometimes when we have a sudden increase of inbound traffic(mostly HTTP) towards servers behind the firewalls they seem to go bananas for the lack of a better expression.
They become unaccessible via ssh and the traffic drops significantly. The problem is mitigated by disabling one of the monitored interfaces for failover(on one of the switches the firewall is connected to) so that both contexts become active on one firewall. After that the firewalls seem to come to their senses and we can enable the switch interface again but sometimes one of the pair needs to be rebooted to restore full funcionality.
To us it seems like there is a problem with failover and contexts but we haven't been able to pin it down. The failover link isn't stateful and when we tested the failover it works fine both ways with each ASA taking up the full load when the other ASA of the pair is not available.
Did anyone come across a similar situation with their firewalls?We are using ASA version 8.2(5).
The configuration of the failover is:
failover
failover lan unit primary
failover lan interface fail_int GigabitEthernet0/3
failover interface ip fail_int x.x.x.x 255.255.255.252 standby x.x.x.x
failover group 1
preempt
failover group 2
secondary
preempt
Output of the "show failover":
This host: Primary
Group 1 State: Active
Active time: 399409 (sec)
Group 2 State: Standby Ready
Active time: 111 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.2(5)) status (Up Sys)
admin Interface out (x.x.x.x): Normal (Waiting)
admin Interface inside (x.x.x.x): Normal (Waiting)
admin Interface dmz4 (x.x.x.x): Normal
admin Interface dmz1(x.x.x.x): Normal (Not-Monitored)
C1 Interface out (x.x.x.x): Normal (Waiting)
C1 Interface inside (x.x.x.x): Normal (Waiting)
C1 Interface dmz5 (x.x.x.x): Normal
C1 Interface dmz1 (x.x.x.x): Normal (Not-Monitored)
slot 1: empty
Other host: Secondary
Group 1 State: Standby Ready
Active time: 0 (sec)
Group 2 State: Active
Active time: 398992 (sec)
slot 0: ASA5520 hw/sw rev (2.0/8.2(5)) status (Up Sys)
admin Interface out (x.x.x.x): Normal (Waiting)
admin Interface inside (x.x.x.x): Normal (Waiting)
admin Interface dmz4 (x.x.x.x): Normal
admin Interface dmz1(x.x.x.x): Normal (Not-Monitored)
C1 Interface out (x.x.x.x): Normal (Waiting)
C1 Interface inside (x.x.x.x): Normal (Waiting)
C1 Interface dmz5 (x.x.x.x): Normal
C1 Interface dmz1 (x.x.x.x): Normal (Not-Monitored)
slot 1: empty
Stateful Failover Logical Update Statistics
Link : Unconfigured.
When I disabled the monitored interface it was always the same interface altough I believe the same effect could be achieved with disabling any of the monitored interfaces.
As for memory and CPU when it happens I cannot access the units to get a reading but I asume it's through the roof.
The thing that troubles me more is that the situation persists when the load drops and I have to perform the solution from the first post. One would assume that with the drop of the load that both firewalls would start to behave normally.
And I see that I haven't mentioned it before but when the load drops both units continue to handle traffic normally but I sometimes see as a side effect that I cannot SSH to one of the units. That unit usually has to be restarted. -
Botnet Filter with multiple Context Mode
We used the Botnet Filter in Single Context Mode for a long Time. Now we converted to multiple Context Mode and the Database is no longer updated. In the system Context I can See the update settings but when I try to update the result is always "no DNS server". Since the system context has no interfaces there are no DNS settings etc.
How should be the Botnet Filter configured in Multiple Context Mode?
Thanks for any response in advance.sh run | grep dns
dns domain-lookup T-COM
dns domain-lookup COLT
dns server-group DefaultDNS
policy-map type inspect dns preset_dns_map
inspect dns preset_dns_map
ping update-manifests.ironport.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 204.15.82.17, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 160/162/170 ms
ping updates.ironport.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 80.239.221.64, timeout is 2 seconds:
ASA Version 8.4(2)
hostname DE-VM-TER-FW-02
enable password 8Ry2Yj8765U24 encrypted
passwd 2KFQnb6IdI.2KY75 encrypted
names
interface GigabitEthernet0/0.3207
nameif TR_v207
security-level 50
ip address 10.28.6.60 255.255.255.248
interface GigabitEthernet0/0.3208
nameif TR_v208
security-level 70
ip address 10.28.6.68 255.255.255.248
interface GigabitEthernet0/0.3209
nameif TR_v209
security-level 80
ip address 10.28.6.76 255.255.255.248
interface GigabitEthernet0/0.3210
nameif TR_v210
security-level 90
ip address 10.28.6.84 255.255.255.248
interface GigabitEthernet0/1
nameif COLT
security-level 0
ip address 217.111.58.46 255.255.255.240
interface GigabitEthernet0/3
nameif T-COM
security-level 0
ip address 194.25.250.94 255.255.255.240
dns domain-lookup T-COM
dns domain-lookup COLT
dns server-group DefaultDNS
name-server 8.8.8.8
object network COLT_dynamic_NAT
subnet 0.0.0.0 0.0.0.0
object network T-COM_dynamiy_NAT
subnet 0.0.0.0 0.0.0.0
object-group network DM_INLINE_NETWORK_1
network-object 10.0.0.0 255.0.0.0
network-object 172.16.0.0 255.240.0.0
network-object 192.168.0.0 255.255.0.0
access-list COLT_access_in extended deny ip any any
access-list T-COM_access_in extended permit tcp any object DEUAG01-actsync eq https
access-list T-COM_access_in extended permit tcp any object DEUAG01-portal eq https
access-list T-COM_access_in extended deny ip any any
access-list TR_3208_access_in extended deny ip any object-group DM_INLINE_NETWORK_1
access-list TR_3208_access_in extended permit ip any any
access-list TR_3208_access_in extended permit icmp any any
access-list TR_v207_access_in extended deny ip any any
access-list TR_v210_access_in extended deny ip any any
access-list TR_v209_access_in extended deny ip any any
pager lines 24
logging enable
logging asdm informational
mtu TR_v208 1500
mtu T-COM 1500
mtu COLT 1500
mtu TR_v207 1500
mtu TR_v210 1500
mtu TR_v209 1500
ip verify reverse-path interface T-COM
ip verify reverse-path interface COLT
ipv6 access-list TR_v207_access_ipv6_in deny ip any any
ipv6 access-list TR_v208_access_ipv6_in deny ip any any
ipv6 access-list TR_v209_access_ipv6_in deny ip any any
ipv6 access-list TR_v210_access_ipv6_in deny ip any any
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
object network COLT_dynamic_NAT
nat (any,COLT) dynamic interface
object network T-COM_dynamiy_NAT
nat (any,T-COM) dynamic interface
access-group TR_3208_access_in in interface TR_v208
access-group TR_v208_access_ipv6_in in interface TR_v208
access-group T-COM_access_in in interface T-COM
access-group COLT_access_in in interface COLT
access-group TR_v207_access_in in interface TR_v207
access-group TR_v207_access_ipv6_in in interface TR_v207
access-group TR_v210_access_in in interface TR_v210
access-group TR_v210_access_ipv6_in in interface TR_v210
access-group TR_v209_access_in in interface TR_v209
access-group TR_v209_access_ipv6_in in interface TR_v209
route T-COM 0.0.0.0 0.0.0.0 194.25.250.81 1
route COLT 0.0.0.0 0.0.0.0 217.111.58.33 20
route TR_v208 10.28.24.0 255.255.255.0 10.28.6.65 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
telnet timeout 5
ssh timeout 5
no threat-detection statistics tcp-intercept
dynamic-filter use-database
dynamic-filter enable interface T-COM
dynamic-filter enable interface COLT
dynamic-filter drop blacklist interface T-COM
dynamic-filter drop blacklist interface COLT
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect dns preset_dns_map dynamic-filter-snoop
service-policy global_policy global
Cryptochecksum:7bbe975fb39e189e99d8878787a0037
: end
System Context
dynamic-filter updater-client enable
Can't resolve update-manifests.ironport.com, make sure dns nameserver is configured -
Problem with Multiple Context Creation
Hi,
We are facing a java.lang.SecurityException Invalid Subject
We need to create multiple Initial Contexts for a single thread.
Following is the Scenario
1) The user will access Servlet/Struts Action class which performs database call and EJB(one, two) calls with different Initial Contexts ( Credentials are different)
2) At the same time the Timer Task runs in back ground which is invoked from servlet load-on-startup and runs for every 1 min.
3) The Timer Task invoke an MDB this MBD will make an external EJB (three) call for business logic.
{color:#ff0000}Please Suggest me the Sequence of step I am expecting are correct or not{color}
1) The Timer Task will run in the same JVM where the Servlet/Action classes are loaded (WEB-CONTAINER)
2) The Thread created for Servlet/Action class will not be shared by Timer Task.
3) The Thread created for Timer Task and the MDB are different.
4) So the Servlet - Thread, Timer Task Thread and MDB Thread are different.
The Behavior of the Context is as follows according to Bea Document.
[http://e-docs.bea.com/wls/docs81/jndi/jndi.html#476864]
JNDI Contexts and Threads
How to Avoid Potential JNDI Context Problems (Please Refer this Paragraph)
I am closing the entire Context's immediately after lookup
Still we are facing this java.lang.SecurityException Invalid Subject Exception Problem
The Context of EJB which we are calling from MDB is sharing the Servlet/Action Class Context -- Credentials
Example_
{color:#ff0000}Servlet/Action Class Context Credentials -- are user1/pass1{color}
{color:#ff0000}EJB (three) Context Credentials -- are user3/pass3{color}
When EJB (Three) lookup is invoked it’s throwing the following Exception
*java.lang.SecurityException: [Security: 090398] Invalid Subject: user1*
Please advise to solve this problem
Thank You.Solved By myself
There is problem while passing data to internal table for item level -
Table View with Multiple Context Nodes
I want to create a table-view consisting of an object composition, e.g. multiple business objects. The chtml:configCellerator -tag supports just one context node which corresponds to just one business object.
How do you create a table composed by different objects, i.e. BTAdminH and BTAdminI ?
Edited by: romanglass on May 18, 2010 4:07 PMHi,
I would suggest to create a new component and not to disturb the standard ones. Because the super class of the header context node (BTAdminH in your case) must be inherited from CL_BSP_WD_CONTEXT_NODE_DTV - Deep table view.
The dependent nodes must be passed to return parameter rt_result of method GET_SUB_CNODE_DEFINITIONS.
This cant be done via wizard. I just tried to replicate your scenario. Below are the steps,
1. create a view with context node BTADMINH as tableview. Then change the super class of the context node to CL_BSP_WD_CONTEXT_NODE_DTV.
2. Add another context node BTADMINI and mark it as dependent to BTADMINH.
3. Now change the super class of context node BTADMINI to CL_BSP_WD_CONTEXT_NODE_TV (Table View).
4. Redefine method GET_SUB_CNODE_DEFINITIONS in context node BTADMINH.
In the view layout you should use cellerator and pass an iterator with interface IF_THTMLB_CELLERATOR_ITERATOR. The interface has a method RENDER_DEPENDANT_OBJECTS which returns the table of dependant objects.
Regards,
Arun
Edited by: Arun Kumar on May 19, 2010 1:01 PM -
Transparent firewall with failover with multiple contexts
I am running 8.4(2) on ASA5585s. They are in mulitble context mode and set to transparent firewall with active/active failover. When I do a sh failover in a context I see 2 of my interfaces are (waiting). I have a BVI and these are the ip addresses on the interfaces in he "sh failover" below.
Failover On
Last Failover at: 11:54:39 GMT/IST Feb 23 2012
This context: Standby Ready
Active time: 175394 (sec)
Interface ctxb-inside (x.x.x.165): Normal (Waiting)
Interface ctxb-outside (x.x.x.165): Normal (Monitored)
Peer context: Active
Active time: 11390663 (sec)
Interface ctxb-inside (x.x.x.164): Normal (Monitored)
Interface ctxb-outside (x.x.x.164): Normal (Waiting)
Why are the interfaces in (waiting)?Are you able to ping between the interfaces? ie: can you ping x.x.x.165 from x.x.x.164 and visa versa? If you are not able to ping it, that means there is no connectivity between the 2, hence the status is in Normal (Waiting) because it has not received the hello packet on that corresponding interface.
Here is the reference guide FYI:
http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/s3.html#wp1505709 -
ACE system stability with multi-context
Question... if the ACE module is configured with multiple contexts, and one of the contexts hits its max resource limitations for a given resource thereby resulting in dropping excess resources, will this cost the entire ACE system, or is it limited only to the one context?
For example, if a context configured for a max of 3000 connections/second receives 300000000 connections/second due to a virus outbreak/DoS attack, will this attack affect other contexts, or will the dropping of the excess connections be seamless to other contexts? Also, does the ACE drop the excess traffic in hardware, or must it be examined by a cpu?
Thanks!!
-LeeGenerally, the individual contexts operate independently from one another. So if one context reaches it's upper defined limit, that affects only that context.
The ACE has hardware-based support for many of it's operations, and to the best of my knowledge, connection processing is handled by one of its 16 ME's (MicroEngine). I've never seen a benchmark test that shows how e.g a DoS-attacks affects the entire module, nor have I tried it myself, but maybe someone else here at the forum can provide you with some information on that.
BTW, try and check out theese to links. The first one describes the ACE hardware architecture, including the ME's and how they're used for processing traffic. The other one is a test conducted by Miercom on the ACE module, maybe this can provide you with some information on how the ACE handles a sudden increase in traffic during an attack.
http://www.cisco.com/en/US/customer/prod/collateral/modules/ps2706/ps6906/White_Paper_Connection_Handling_within_the_Cisco_Application_Control_Engine_Module_Hardware.html
http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/prod_brochure0900aecd806d1c90.pdf
hth
/Ulrich -
DFF with Multiple Codes (contexts) and Segments
I have made a DFF with multiple Codes just like the reference field in Oracle Order Management. Each code consists of multiple segments. I want to enter data in all the code and in all segments.
The problem is, i select first code and enter data in its segments and save it. After that i select another code (context) from the lov and enter data in its segments. Now when i re-open the first code (context) in which i have entered the data there is nothing.
What should i do??
Note: I can also provide you guys with screen shots and any other file that you want.Thanks for your reply. Are you sure this is the only possibility as this is a very crucial requirement by our client and we need it to work our way. Can it be made possible through personalization??
Regards,
Mohammad Daniyal Khurshidi -
ACE isssue for rserver with multiple IP on the same NIC
Dear all,
I'm doing to configure an ACE with bridged mode to load balance incoming traffic to 3 TMG servers following this network diagram:
The system design require to have 4 IP address on the same NIC, and 3 VIP for each pool of the IP as presented in the diagram (rserver: 172.22.14.52 & 62 & 72 - VIP: 172.22.14.82). The attached configuration of the ACE was tested successfully, but we discover that some NIC crash after a non-specific period (Server cannot ping their default gateway: Destination unreachable). I need then to restart the server to get things going well.
After troubleshooting many things, I discover that when I remove the service policy on the ACE interface, the problem disappears and server continue to work correctly.
Is it possible that this problem is due to having on the ACE arp table 3 IP address having the same mac? and how I can solve it?
Thanks, AbdelazizThis is for help the show arp result. I see that the four IP address of each server have the same mac address but only the first IP is LEARNED. Is it normal?
================================================================================
IP ADDRESS MAC-ADDRESS Interface Type Encap NextArp(s) Status
================================================================================
172.22.14.51 00.c0.dd.16.90.4c vlan2014 LEARNED 15067 13964 sec up
172.22.14.52 00.c0.dd.16.90.4c vlan2014 RSERVER 15051 173 sec up
172.22.14.53 00.c0.dd.16.90.4c vlan2014 RSERVER 15057 177 sec up
172.22.14.54 00.c0.dd.16.90.4c vlan2014 RSERVER 15059 178 sec up
172.22.14.61 00.c0.dd.16.ae.60 vlan2014 LEARNED 15058 13677 sec up
172.22.14.62 00.c0.dd.16.ae.60 vlan2014 RSERVER 15050 172 sec up
172.22.14.63 00.c0.dd.16.ae.60 vlan2014 RSERVER 15064 181 sec up
172.22.14.64 00.c0.dd.16.ae.60 vlan2014 RSERVER 15061 179 sec up
172.22.14.71 00.c0.dd.16.93.b8 vlan2014 LEARNED 15065 13700 sec up
172.22.14.72 00.c0.dd.16.93.b8 vlan2014 RSERVER 15048 171 sec up
172.22.14.73 00.c0.dd.16.93.b8 vlan2014 RSERVER 15062 179 sec up
172.22.14.74 00.c0.dd.16.93.b8 vlan2014 RSERVER 15068 291 sec up
172.22.14.253 88.43.e1.75.9a.80 vlan2024 LEARNED 15019 9328 sec up
172.22.14.254 88.43.e1.75.96.00 vlan2024 GATEWAY 14463 36 sec up
172.22.14.250 00.23.5e.26.1e.71 bvi3 INTERFACE LOCAL _ up
================================================================================ -
How to create a table with multiple select on???
Hi all,
I am new to webdynpro and my requirement is to create a table with multiple selection on.I have to add abt 10 rows in the table but only 5 rows should be visible and moreover a verticalscroll should be available to view other rows.Can anybody explain me in detail how to do that.Please reply as if you are explaining to a newcomer.Reply ASAP as i have to do it today.
ThanxsHi,
1. Create a value node in your context name Table and set its cardinality to 0:n
2. Create 2 value attributes within the Table node name value1 and value2
3. Goto Outline view> Right click on TransparentUIContainer>Apply Template> Select Table>mark the node Table and it's attributes.
you have created a table and binded its value to context
Table UI properties
4.Set Selection Mode to Multi
5.Set Visible Row Count to 5
6.ScrollableColCount to 5
In your implemetaion, you can add values to table as follow:
IPrivate<viewname>.ITableElement ele = wdContext.nodeTable().createTableElement();
ele.setValue1(<value>);
ele.setValue2(<value>);
wdContext.nodeTable().addElement(ele);
The above code will allow you to add elements to your table node.
Regards,
Murtuza -
ASA5540 in multiple-context SNMP/icmp doesn´t work
Hi there,
I need some help in order to understante what´s going on with an asa540 configure in multiple-context mode.
I Have a cacti server on my lan and now I´m try to monitoring the interface with snmp. When I try to get this information returns the error message:
CISCOASA/CONTEXTA#
JUN 11 2013 01:52:00: %ASA-1-1-6021: Deny UDP reverse path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
JUN 11 2013 01:52:01: %ASA-1-1-6021: Deny UDP reverve path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
If I try to ping returns the same error:
CISCOASA/CONTEXTA#
JUN 11 2013 01:56:09: %ASA-1-1-6021: Deny icmp reverse path check from 10.6.6.6 to IP_SRV_CACTI on interface inside
Following attached the conf of my asa
My question is Why I can´t ping or even use snmp ???
If anyone could me help with a tip or a document about it ...
My best regards
AdrianoCISCOASA/CONTEXT# packet-tracer input inside icmp 10.132.0.25 8 0 10.6.72.2
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 10.6.72.2 255.255.255.255 identity
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in IP_SRV_HSLCACTIP01 255.255.255.255 inside
Phase: 5
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 453866627, packet dispatched to next module
Phase: 10
Type: ROUTE-LOOKUP
Subtype: output and adjacency
Result: ALLOW
Config:
Additional Information:
found next-hop 0.0.0.0 using egress ifc identity
adjacency Active
next-hop mac address 0000.0000.0000 hits 22196
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow
Route information:
route inside 10.132.0.0 255.255.252.0 10.6.72.1 1
route inside IP_SRV_HSLCACTIP01 255.255.255.255 10.6.72.1 1
CISCOASA/CONTEXT# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 200.206.50.233 to network 0.0.0.0
C 200.206.50.232 255.255.255.248 is directly connected, outside
S 10.132.0.0 255.255.252.0 [1/0] via 10.6.72.1, inside
S IP_SRV_HSLCACTIP01 255.255.255.255 [1/0] via 10.6.72.1, inside
S* 0.0.0.0 0.0.0.0 [1/0] via 200.206.50.233, outside
Regards, -
Remote Access VPN Support in Multiple Context Mode (9.1(2))?
Hi Guys,
I am currently running two Cisco ASA5520 (ASA Version: 9.1(2)) firewalls in Active/Standby failover and was contemplating the option of migrating my remote access VPN to these firewalls. However seeing that the new IOS now support mixed multiple context mode and dynamic routing. Is it safe to ask whether or not Remote Access VPN is now support in this IOS upgrade?
Multiple Context Mode New Features:
Site-to-Site VPN in multiple context mode | Site-to-site VPN tunnels are now supported in multiple context mode.
New resource type for site-to-site VPN tunnels | New resource types, vpn other and vpn burst other, were created to set the maximum number of site-to-site VPN tunnels in each context.
Dynamic routing in Security Contexts | EIGRP and OSPFv2 dynamic routing protocols are now supported in multiple context mode. OSPFv3, RIP, and multicast routing are not supported.
New resource type for routing table entries | A new resource class, routes, was created to set the maximum number of routing table entries in each context. We modified the following commands: limit-resource, show resource types, show resource usage, show resource allocation. We modified the following screen: Configuration > Context Management > Resource Class > Add Resource Class.
Mixed firewall mode support in multiple context mode | You can set the firewall mode independently for each security context in multiple context mode, so some can run in transparent mode while others run in routed mode. We modified the following command: firewall transparent. You cannot set the firewall mode in ASDM; you must use the command-line interface. Also available in Version 8.5(1).
Regards,
LeonHey Leon,
According to the ASA 9.1 Configuration Guide, Remote Access VPN is not yet supported with version 9.1(2). Only Site-to-Site VPN support in multiple context was introduced with release ASA 9.0(x). This was mentioned in the 9.0(x) release notes.
Regards,
Dennis -
Web dynpro screen with multiple rows with columns that can be edited
Web dynpro screen with multiple rows with columns that can be edited individually:
Hi
I am busy creating a screen in web dynpro for ABAP which we would like to make available via Portal ESS (Portal 7).
I need to add 'n type of table (or almost something like Excel) or something in which someone can type a few paycode numbers (there should be lets say 10 blank rows in which info can be typed in and if I click on a button or so, more rows must be added if necessary. Then in the other colums stuff like amounts must be entered which one should also be able to edit then and there.
Can anyone assist in what I can use for this? There does not seem to be some existing element that I can use.
Help will be appreciated.
Regards
DebbieHi Debbie,
Whiel Creating table you need to be care full that use chose INPUT FIELD as the CELL EDITOR. Just guessing that if ur table is not editable u might have choosen TextView as default cell editor type.
check link for details on TABLE UI
[http://help.sap.com/saphelp_erp2005/helpdata/EN/b5/ac884118aa1709e10000000a155106/frameset.htm]
easy way is to first add UI ELEMENT TABLE to your VIEW, then right click over it & select create binding from context. After you have a pop up where you can select what columns you want what should be its cell editor etc.
Greetings
Prashant
Maybe you are looking for
-
How do I access documents in iCloud.
I can't find an iCloud icon & iCloud.com doesn't work? It tells me to set up iCloud but I already did that.
-
10.10.2 will not install - tried Mac App Store and Delta updater
I'm trying to install the 10.10.2 update on a 15" MacBook Pro (Mid 2010) which currently has 10.10.1 on it and its not going well! The Mac App Store shows the 10.10.2 update, I click Update and dropdown says "Some updates need to finish downloading b
-
After installing the beta Vista drivers i have lost my DVD-RW, only disabling all the creative products AT EACH REBOOT am i able to use this. It is very annoying especially when i am trying to restore the programs, documents and back up?after the ins
-
[TEMP-WORKAROUND] 290 NVIdia/3.2 kernel tests I've done
It's not fixed as it is a kernel issue. Link to article in post #5. But there is a workaround in the meantime to at least get you back up and running. I have an up to date Arch x86_64 machine. And an NVidia GTX-560TI. Like others, today's updates bro
-
Why do unanswered questions have available answer headings?
I have asked questions which apparently no one can answer. It's visable when you look at the posting. 0 answers. Yet, when I go to the question, at the top of the page is "This question is not answered. "Helpful" answers available: 2 . "Solved" answe