Alternative to PBR on ASA5510
We have an ASA5510 with a backup ISP connection protecting our corporate network. I also have a mail server and I would like to route SMTP traffic over the backup network. I realize that the ASA5510 does not support PBR, but I also know that I can use static NAT rules as a workaround to direct specific types of traffic over a particular interface (e.g. "static (outside,inside) tcp 0.0.0.0 www 0.0.0.0 www netmask 0.0.0.0" and "static (backup,inside) tcp 0.0.0.0 smtp 0.0.0.0 smtp netmask 0.0.0.0").
My question is, is it possible to use something similar to force a particular host to use a specific interface? I have tried to make this work on my own without success. Is it even possible?
Hi Jonathan,
If i understand correctly, you require that a particular host, use the backup ISP instead of the main one, while going out to the internet.
I don't think this would be possible, since the internal flow goes like this:
X: address in local LAN
Y: some address on the internet
Outside: Interface connected to main internet
Backup: Interface connected to backup internet
static (inside,Backup) X OR nat (inside) and global(Backup) has been configured on ASA
Packet with source X and destination Y reaches inside interface of ASA
ASA does a route lookup for Y and sees that the main ISP default route has the least metric
Thus it decides that egress interface should be Outside.
So now, when looking for a NAT entry, it looks for a static(inside,Outside) or a matching global(Outside) and not for the static (inside,backup) or global (Backup) which we configured for it.
Thus its not possible to do a source based routing using static NAT. Destination based yes (as described in the smtp/www example in your post). Unfortunately not source based.
Hope this helps.
-Shrikant
P.S.: Please mark the question as resolved if it has been answered. Do rate helpful posts. Thanks
Similar Messages
-
Multiple Vlans with multiple Internet connections using PBR
Hello all,
I'm trying to wrap my head around this configuration and not having a lot of success. I have several Vlans 3,6,71,72,160, and 180. I have two internet connections, Internet1 is connected to an ASA5510 and Internet2 is connected to a Meraki MX80. I'm using two 4506 switches on my backbone trunked to 3750 switches that my clients connect to. None of these switches have IP Services and my 4506 supervisor does not have an Enterprise license. However I do have one 3750 100Mbit switch with IP Services so I'm using that to do my PBR. All my routing is currently being done on the 4506 switches and all Internet traffic is going to the ASA. What I would like to do is force vlan160 and vlan180 through the Meraki as their Internet connection and the rest of the Vlans go through the ASA. I'm thinking about trunking my vlans from the 4506 to the 3750 (the one with IP Services) and use policy based routing from there to force vlan160 and vlan180 to the Meraki. But in order to do this I think I would have to move my routing onto the 3750 switch but since that is only 100Mbits I'm thinking this is going to choke my network down and defeat the purpose of the 4506 backbones. Any suggestions or alternate ways to achieve my goal?
Appreciate any help you guys can send my way.
MattMatthew
What is the speed of the connection from the 4500 to the ASA and what is the combined speeds of the internet connections ?
You definitely don't want to do all the inter vlan routing on the 3750. You could connect it up as shown in your diagram but leave all the routing between vlans on the 4500s. Then you -
1) connect the 3750 to the 4500 using a L3 point to point link
2) connect the 3750 to the ASA using a L3 point to point link
3) do PBR on the 3750 interface connected to the 4500 for traffic coming from the 4500.
If the 4500 supervisor/IOS version doesn't support routed links on that end just use an access port in a dedicated vlan ie. no other ports in the vlan and create a new SVI for it.
You would need to update your routing to reflect the next hop on the ASA, Meraki, 3750 and the 4500.
Disadvantages are -
1) you only have fast ethernet ports on the 3750 so if the combined internet speed is greater than that then it will be a bottleneck.
2) it is a single point of failure ie. if it is lost all internet via both connections is lost.
The alternative would be to not have the 3750 in the path but connected to the 4500 via a trunk link and then route just vlan 160 and 180 on the 3750 ie. move their SVI(s) onto the 3750. Then the 3750 could have a direct connection to the Meraki device and point the default route that way (no PBR needed). The trunk would only allow those specific vlans on it. This would mean a failure of the 3750 would not mean ASA internet lost but it would mean loss of connectivity for the two vlans routed on the 3750.
You would need to add routes to the Meraki for return traffic plus routes on the 3750 and 4500 for inter vlan routing.
The main disadvantages here are -
1) inter vlan routing between the vlans routed on the 4500s and the vlans on the 3750 will be limited by the 100Mbps connection. However you could use an etherchannel trunk so you could get greater overall throughput and some redundancy
2) more importantly though i suspect you are running HSRP between the 4500s for the client vlans and moving the SVIs onto the 3750 means a single point of failure for those vlans.
Personally i would tend towwards option 1) because of the SVI HSRP issue and perhaps because there may be a lot of inter vlan traffic and even with an etherchannel it would be too much.
But, single point of failure issues aside, a lot does depend on internet bandwidth in option 1) vs inter vlan traffic in option 2).
So it's a tradeoff and personally i don't think either are ideal so i'll have another think on this in the morning to see if there is anything more obvious that i have missed or maybe someone else will add to the post.
Jon -
Hello everyone,
1 of my issues is that for several of my users throughput seems to be reduced with using the WebRoot Proxy Server. We have the cloud based service. We have a central site where most of the remote sites come in over an MPLS to get to the Internet. This site has an ASA5510. A few of the larger remote sites have dedicated Internet local to them and they have ASA5505s in place.
Does Cisco offer an alternative that would fit the bill? I guess one of the advantages of the cloud based system is that even when the users are working away from the office the policies are still in place.
Thanks in advance! All replies rated.Yes.. Cisco Cloud Web Security (used to be Scan Safe) http://www.cisco.com/web/products/security/cloud_web/index.html
If you upgrade your ASA's to 9.x, you can redirect web traffic to their cloud, plus you can use a plugin for the AnyConnect VPN client to point roaming laptops to their cloud as well.
Your other options are on-premise devices, either the Web Security Appliance... or ASA-CX's (probably not an option since you have gear in place). -
ASA5510 Setup Layout - Does this work?
Hello Cisco'ers
I am planing to implement an ASA55100 in our network.
I've never worked with an ASA5510 device, so i am not quiet sure how to place it correctly.
The idea is the following:
Current Situation
Network with wireless access, everybody who's connected to the Wifi can access the resources.
SSID = JUFCorp
Desired Situation
Network with only internet access, separate SSID -> JUFGuest
Is this possible with this layout?
PS: when i configure the ASA, i couldn't find an option where i can enter a default gateway. Is this supposed to be like this?
So right now i can only access the management port when i'm in the same subnet. Is there an other way around that?Hi,
My suggestion would be to terminate the Internet directly on your ASA. That way you would save one of your public IP addresses.
If it is a small network it also means potentially that you could retire the router from your network. The firewall can perform routing functions in it's place.
Move the DMZ switch off to the side of the ASA so it is not directly connected to the Internet.
See below a quick start guide for the ASA that will help you configure it.
http://www.cisco.com/en/US/docs/security/asa/quick_start/5500/5500_quick_start.html
You can configure ACLs on the WLC to restrict guest access to the Internet only. See below an example guide to help you get started.
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00807810d1.shtml
Alternatively you could sit the WLC behind the DMZ switch and control access to the Internet via the firewall.
Don't forget to rate posts that are helpful.
Cheers
Sean -
ASA5510 VPN not working after upgrade from 8.2 to 8.3
Hi,
I have recently upgraded a customer ASA5510 to version 8.3.
After upgrade web access etc is working fine however VPN is down.
The config looks very different after the upgrade plus what looks to be duplicate entries.
I suspect its an access list issue but I'm not sure.
If anyone has any ideas based on the config below it would be greatly appreciated as I'm at a loss....?!
hostname ciscoasa
domain-name default.domain.invalid
enable password NvZgxFP5WhDo0hQl encrypted
passwd FNeDAwBbhVaOtVAu encrypted
names
dns-guard
interface Ethernet0/0
nameif Outside
security-level 0
ip address 217.75.8.203 255.255.255.248
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.1.254 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 10.1.1.1 255.255.255.0
management-only
boot system disk0:/asa832-k8.bin
ftp mode passive
clock timezone GMT/IST 0
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup Inside
dns server-group DefaultDNS
domain-name default.domain.invalid
object network obj-192.168.1.2-04
host 192.168.1.2
object network obj-192.168.1.7-04
host 192.168.1.7
object network obj-192.168.1.0-02
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.0-02
subnet 192.168.2.0 255.255.255.0
object network obj-10.1.2.0-02
subnet 10.1.2.0 255.255.255.0
object network obj-192.168.1.224-02
subnet 192.168.1.224 255.255.255.240
object network obj-192.168.1.9-02
host 192.168.1.9
object network obj-192.168.1.2-05
host 192.168.1.2
object network obj-192.168.1.103-02
host 192.168.1.103
object network obj-192.168.1.7-05
host 192.168.1.7
object network NETWORK_OBJ_10.1.2.0_24
subnet 10.1.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object-group network obj-192.168.1.2-02
object-group network obj-192.168.1.7-02
object-group network obj-192.168.1.0-01
object-group network obj-192.168.2.0-01
object-group network obj-10.1.2.0-01
object-group network obj-192.168.1.224-01
object-group network obj-192.168.1.9-01
object-group network obj-192.168.1.2-03
object-group network obj-192.168.1.103-01
object-group network obj-192.168.1.7-03
object-group network obj-192.168.1.2
object-group network obj-192.168.1.7
object-group network obj-192.168.1.0
object-group network obj-192.168.2.0
object-group network obj-10.1.2.0
object-group network obj-192.168.1.224
object-group network obj-192.168.1.9
object-group network obj-192.168.1.2-01
object-group network obj-192.168.1.103
object-group network obj-192.168.1.7-01
object-group network obj_any
object-group network obj-0.0.0.0
object-group network obj_any-01
object-group service MonitcomUDP udp
port-object range 3924 3924
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.1.224 255.255.255.240
access-list Outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_cryptomap_60 extended permit icmp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq smtp
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq pop3
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq 2000 inactive
access-list Outside_access_in extended permit icmp any any
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in extended permit tcp any host 217.75.8.204 eq 1200
access-list Outside_access_in remark Monitcom
access-list Outside_access_in extended permit tcp host 87.232.117.66 host 217.75.8.205 eq 5900
access-list Outside_access_in extended permit udp any host 217.75.8.205 eq 3924
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 220
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 230
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 240
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 250
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 260
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 1433
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in extended permit tcp any host 217.75.8.206 eq www
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq https
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq www
access-list Outside_access_in extended permit udp any any eq 4500 inactive
access-list Outside_access_in extended permit udp any any eq isakmp inactive
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Inside_access_in extended permit ip any any
access-list Inside_access_in extended permit icmp any any
access-list RemoteVPN_splitTunnelAcl standard permit any
access-list Outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip any 192.168.1.224 255.255.255.240
pager lines 24
logging enable
logging asdm warnings
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool VPNPool 192.168.1.230-192.168.1.240 mask 255.255.255.0
ip verify reverse-path interface Outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
icmp permit any Inside
asdm location 192.168.1.208 255.255.255.252 Inside
asdm location 192.168.1.103 255.255.255.255 Inside
asdm location 192.168.1.6 255.255.255.255 Inside
asdm location 192.168.1.7 255.255.255.255 Inside
asdm location 192.168.1.9 255.255.255.255 Inside
no asdm history enable
arp timeout 14400
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-192.168.2.0-02 obj-192.168.2.0-02 unidirectional
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-10.1.2.0-02 obj-10.1.2.0-02 unidirectional
nat (Inside,any) source static any any destination static obj-192.168.1.224-02 obj-192.168.1.224-02 unidirectional
nat (Inside,Outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_10.1.2.0_24 NETWORK_OBJ_10.1.2.0_24
object network obj-192.168.1.2-04
nat (Outside,Inside) static 217.75.8.204
object network obj-192.168.1.7-04
nat (Outside,Inside) static 217.75.8.206
object network obj-192.168.1.0-02
nat (Inside,Outside) dynamic interface
object network obj-192.168.1.9-02
nat (Inside,Outside) static 217.75.8.201
object network obj-192.168.1.2-05
nat (Inside,Outside) static 217.75.8.204
object network obj-192.168.1.103-02
nat (Inside,Outside) static 217.75.8.205
object network obj-192.168.1.7-05
nat (Inside,Outside) static 217.75.8.206
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
route Outside 0.0.0.0 0.0.0.0 217.75.8.198 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server DellServerAAA protocol radius
aaa-server DellServerAAA (Inside) host 192.168.1.4
key test
http server enable
http 62.17.29.2 255.255.255.255 Outside
http 82.141.224.155 255.255.255.255 Outside
http 63.218.54.8 255.255.255.252 Outside
http 213.79.44.213 255.255.255.255 Outside
http 192.168.1.0 255.255.255.0 Inside
http 10.1.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df Outside
crypto ipsec df-bit clear-df Inside
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 89.127.172.29
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map 60 match address Outside_cryptomap_60
crypto map Outside_map 60 set peer 89.105.114.98
crypto map Outside_map 60 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp identity key-id nattingreallymatters
crypto isakmp enable Outside
crypto isakmp enable Inside
crypto isakmp policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.1.0 255.255.255.0 Inside
telnet timeout 5
ssh 82.141.224.155 255.255.255.255 Outside
ssh 62.17.29.2 255.255.255.255 Outside
ssh 213.79.44.213 255.255.255.255 Outside
ssh 192.168.1.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
management-access Inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy RemoteVPN internal
group-policy RemoteVPN attributes
wins-server value 192.168.1.31
dns-server value 192.168.1.31
default-domain value freefoam.ie
username freefoam password JLYaVf7FqRM2LH0e encrypted
username cork password qbK2Hqt1H5ttJzPD encrypted
tunnel-group 193.114.70.130 type ipsec-l2l
tunnel-group 193.114.70.130 ipsec-attributes
pre-shared-key ******
tunnel-group 89.127.172.29 type ipsec-l2l
tunnel-group 89.127.172.29 ipsec-attributes
pre-shared-key ******
tunnel-group 89.105.114.98 type ipsec-l2l
tunnel-group 89.105.114.98 ipsec-attributes
pre-shared-key *****
tunnel-group RemoteVPN type remote-access
tunnel-group RemoteVPN general-attributes
address-pool VPNPool
authentication-server-group DellServerAAA
default-group-policy RemoteVPN
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect h323 h225
inspect h323 ras
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:0dc16fe893bd4bba6fdf6b7eed93e553Hi,
Many thanks for your reply.
Finally got access to implement your suggestions.
Initially none of the VPN's were up.
After making the change the two VPN's came up.
However only data via the first VPN is possible.
Accessing resources on the 10.1.2.0 network is still not possible.
Attached is the latest config, any input is greatly appreciated;
hostname ciscoasa
domain-name default.domain.invalid
enable password NvZgxFP5WhDo0hQl encrypted
passwd FNeDAwBbhVaOtVAu encrypted
names
dns-guard
interface Ethernet0/0
nameif Outside
security-level 0
ip address 217.75.8.203 255.255.255.248
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.1.254 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 10.1.1.1 255.255.255.0
management-only
boot system disk0:/asa832-k8.bin
ftp mode passive
clock timezone GMT/IST 0
clock summer-time GMT/IDT recurring last Sun Mar 1:00 last Sun Oct 2:00
dns domain-lookup Inside
dns server-group DefaultDNS
domain-name default.domain.invalid
object network obj-192.168.1.2-04
host 192.168.1.2
object network obj-192.168.1.7-04
host 192.168.1.7
object network obj-192.168.1.0-02
subnet 192.168.1.0 255.255.255.0
object network obj-192.168.2.0-02
subnet 192.168.2.0 255.255.255.0
object network obj-10.1.2.0-02
subnet 10.1.2.0 255.255.255.0
object network obj-192.168.1.224-02
subnet 192.168.1.224 255.255.255.240
object network obj-192.168.1.9-02
host 192.168.1.9
object network obj-192.168.1.2-05
host 192.168.1.2
object network obj-192.168.1.103-02
host 192.168.1.103
object network obj-192.168.1.7-05
host 192.168.1.7
object network NETWORK_OBJ_10.1.2.0_24
subnet 10.1.2.0 255.255.255.0
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object-group network obj-192.168.1.2-02
object-group network obj-192.168.1.7-02
object-group network obj-192.168.1.0-01
object-group network obj-192.168.2.0-01
object-group network obj-10.1.2.0-01
object-group network obj-192.168.1.224-01
object-group network obj-192.168.1.9-01
object-group network obj-192.168.1.2-03
object-group network obj-192.168.1.103-01
object-group network obj-192.168.1.7-03
object-group network obj-192.168.1.2
object-group network obj-192.168.1.7
object-group network obj-192.168.1.0
object-group network obj-192.168.2.0
object-group network obj-10.1.2.0
object-group network obj-192.168.1.224
object-group network obj-192.168.1.9
object-group network obj-192.168.1.2-01
object-group network obj-192.168.1.103
object-group network obj-192.168.1.7-01
object-group network obj_any
object-group network obj-0.0.0.0
object-group network obj_any-01
object-group service MonitcomUDP udp
port-object range 3924 3924
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_inbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip any 192.168.1.224 255.255.255.240
access-list Outside_cryptomap_60 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_cryptomap_60 extended permit icmp 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq smtp
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq pop3
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq 2000 inactive
access-list Outside_access_in extended permit icmp any any
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in extended permit tcp any host 217.75.8.204 eq 1200
access-list Outside_access_in remark Monitcom
access-list Outside_access_in extended permit tcp host 87.232.117.66 host 217.75.8.205 eq 5900
access-list Outside_access_in extended permit udp any host 217.75.8.205 eq 3924
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 220
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 230
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 240
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 250
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 260
access-list Outside_access_in remark ESS Access
access-list Outside_access_in extended permit tcp host 196.36.153.251 any eq 1433
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in extended permit tcp any host 217.75.8.206 eq www
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq https
access-list Outside_access_in extended permit tcp any host 217.75.8.201 eq www
access-list Outside_access_in extended permit udp any any eq 4500 inactive
access-list Outside_access_in extended permit udp any any eq isakmp inactive
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Outside_access_in remark Allow webmail access
access-list Outside_access_in remark Allow Hansa Live access
access-list Outside_access_in remark Monitcom
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark ESS Access
access-list Outside_access_in remark Allow TMS Web Access
access-list Inside_access_in extended permit ip any any
access-list Inside_access_in extended permit icmp any any
access-list RemoteVPN_splitTunnelAcl standard permit any
access-list Outside_1_cryptomap extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Outside_cryptomap_dyn_20 extended permit ip any 192.168.1.224 255.255.255.240
access-list global_access extended permit ip any any
access-list Outside_cryptomap_80_3 extended permit ip 192.168.1.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list Split-tunnel standard permit 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm warnings
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool VPNPool 192.168.1.230-192.168.1.240 mask 255.255.255.0
ip verify reverse-path interface Outside
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Outside
icmp permit any Inside
asdm image disk0:/asdm-647.bin
asdm location 192.168.1.208 255.255.255.252 Inside
asdm location 192.168.1.103 255.255.255.255 Inside
asdm location 192.168.1.6 255.255.255.255 Inside
asdm location 192.168.1.7 255.255.255.255 Inside
asdm location 192.168.1.9 255.255.255.255 Inside
no asdm history enable
arp timeout 14400
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-192.168.2.0-02 obj-192.168.2.0-02
nat (Inside,any) source static obj-192.168.1.0-02 obj-192.168.1.0-02 destination static obj-10.1.2.0-02 obj-10.1.2.0-02
nat (Inside,any) source static any any destination static obj-192.168.1.224-02 obj-192.168.1.224-02 unidirectional
nat (Inside,Outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_10.1.2.0_24 NETWORK_OBJ_10.1.2.0_24
object network obj-192.168.1.2-04
nat (Outside,Inside) static 217.75.8.204
object network obj-192.168.1.7-04
nat (Outside,Inside) static 217.75.8.206
object network obj-192.168.1.0-02
nat (Inside,Outside) dynamic interface
object network obj-192.168.1.9-02
nat (Inside,Outside) static 217.75.8.201
object network obj-192.168.1.2-05
nat (Inside,Outside) static 217.75.8.204
object network obj-192.168.1.103-02
nat (Inside,Outside) static 217.75.8.205
object network obj-192.168.1.7-05
nat (Inside,Outside) static 217.75.8.206
nat (Inside,Outside) after-auto source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
access-group global_access global
route Outside 0.0.0.0 0.0.0.0 217.75.8.198 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server DellServerAAA protocol radius
aaa-server DellServerAAA (Inside) host 192.168.1.4
key test
http server enable
http 62.17.29.2 255.255.255.255 Outside
http 82.141.224.155 255.255.255.255 Outside
http 63.218.54.8 255.255.255.252 Outside
http 213.79.44.213 255.255.255.255 Outside
http 192.168.1.0 255.255.255.0 Inside
http 10.1.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sysopt connection timewait
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df Outside
crypto ipsec df-bit clear-df Inside
crypto dynamic-map Outside_dyn_map 20 match address Outside_cryptomap_dyn_20
crypto dynamic-map Outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 89.127.172.29
crypto map Outside_map 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-DES-SHA ESP-3DES-MD5 ESP-AES-256-MD5 ESP-3DES-SHA ESP-DES-MD5
crypto map Outside_map 60 match address Outside_cryptomap_60
crypto map Outside_map 60 set peer 89.105.114.98
crypto map Outside_map 60 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map 65535 ipsec-isakmp dynamic Outside_dyn_map
crypto map Outside_map interface Outside
crypto isakmp identity key-id nattingreallymatters
crypto isakmp enable Outside
crypto isakmp enable Inside
crypto isakmp policy 10
authentication pre-share
encryption aes-256
hash md5
group 5
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 192.168.1.0 255.255.255.0 Inside
telnet timeout 5
ssh 82.141.224.155 255.255.255.255 Outside
ssh 62.17.29.2 255.255.255.255 Outside
ssh 213.79.44.213 255.255.255.255 Outside
ssh 192.168.1.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
management-access Inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable Outside
anyconnect-essentials
svc image disk0:/anyconnect-dart-win-2.5.3055-k9.pkg 1
svc image disk0:/anyconnect-macosx-powerpc-2.5.3055-k9.pkg 2
svc enable
tunnel-group-list enable
group-policy RemoteVPN internal
group-policy RemoteVPN attributes
wins-server value 192.168.1.31
dns-server value 192.168.1.31
vpn-tunnel-protocol IPSec svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split-tunnel
default-domain value freefoam.ie
username freefoam password JLYaVf7FqRM2LH0e encrypted
username cisco password DfO7NBd5PZ1b0kZ1 encrypted privilege 15
username cork password qbK2Hqt1H5ttJzPD encrypted
tunnel-group 193.114.70.130 type ipsec-l2l
tunnel-group 193.114.70.130 ipsec-attributes
pre-shared-key ************
tunnel-group 89.127.172.29 type ipsec-l2l
tunnel-group 89.127.172.29 ipsec-attributes
pre-shared-key ************
tunnel-group 89.105.114.98 type ipsec-l2l
tunnel-group 89.105.114.98 ipsec-attributes
pre-shared-key ************
tunnel-group RemoteVPN type remote-access
tunnel-group RemoteVPN general-attributes
address-pool VPNPool
authentication-server-group DellServerAAA
default-group-policy RemoteVPN
tunnel-group RemoteVPN webvpn-attributes
group-alias Anyconnect enable
tunnel-group RemoteVPN ipsec-attributes
pre-shared-key c0nnect10nParameter$
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect h323 h225
inspect h323 ras
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:fae6b7bc25fcf39daffbcdc6b91c9d8e -
How can I assign points to the alternatives in a question?
Hi! I am building my first quiz in Captivate and I have this little problem I haven´t been able to solve. I want a make a test that meassures how stress you are att work. It looks like a survey, I´ll have about 20 or more questions with the same type of alternatives, no right or wrong alternatives, but you choose the one you agree the most with. The thing is that i want to give a value point to each alternative and be able to have a score at the end. See the example.
How often do you feel stressed att work?
1. never : 0 points
2. one a week: 2 points
3. three times a week: 3 points
4. Everyday: 4 points
Att the end, the score you get tells you how stressed you are, but instead of showing a result in term of points, you´ll get a text giving you feedback and recomendations for better health. Can I do that in Captivate? I haven´t been able to find a way to do that yet...
Thanks for any help you can give me!Hello,
Tried putting something together that could be possible, concentrated on the workflow. There will be some repetitive tasks to be done however, problem is that a click box cannot stay for a whole project, which means that a click box gets its proper ID on each slide. Will try to explain, it is up to you to judge if this is acceptable, or if you'd go better with a Flash app.
Created (for the moment, perhaps you'll need more if p.e. for Q1-Q10 you need a separate result for A and for B, result for Q11-Q20...) two user variables:
v_AClick to store the number of clicks on A-option
v_BClick to store the number of clicks on B-option
The results can then be used later on for a condition (did not write it yet).
Created a first slide with these objects:
dummy Text Caption 'Option A' (will be replaced later on with question text)
click box covering up this Text Caption, named it (ID) ClickA1 (this is the tedious part, has to be done for each CB; ClickA2, ClickA3...)
dummy Text Caption 'Option B' (will be replaced later on with question text)
click box covering up this Text Caption, named it (ID) ClickB1 (this is the tedious part, has to be done for each CB; ClickB2, ClickB3...)
imported a 'sign' to be showed after the user clicked into the Library, and put an instance to the right of each Text Caption, those were labeled VinkA and VinkB. Very important: set those instances to 'Show for the entire project', which avoids to have them duplicated to each slide, we will hide and show them as necessary.
button 'Next' which on Succes jumps to next slide.
The blue Text Caption was for me, to check if the actions were functioning, shouldn't be there in the end file.
I created a first Advanced action, labeled it HideVink (sorry for the Dutch, Vink = the green symbol), to be triggered on entering the slide:
Hide VinkA
Hide VinkB
Second/third action, labeled A_Action1/B_Action1 to be triggered by clicking on the ClickA1/ClickB2 with these actions:
increment v_AClick/v_BClick with 1
hide the other clickbox, thus ClickB1/ClickA1 to avoid that the user could click on both options
show AVink/BVink
Here is an example, action A_Action1
Those two actions have to be duplicated for each Question slide (A_Action2, B_Action2,....). What has to be changed in the duplicates is only the number of the Click Box, that is why I labeled them to make the process easier.
Now I duplicated the slide as many times as necessary. The actions for button and entering slide are OK, but the actions for the click boxes have to be adapted (tedious).
Why did I use 'dummy' Text Captions: I should export (File menu) the Text Captions to a Word-document, change the dummy texts (left column) to the real captions (much easier in one doc) and re-import them into the CP-file.
That was my homework, as promised. Hope it helps, even if you choose to go the Flash-way after all.
Lilybiri -
Alternative Periods in Report Painter
I'm trying to create a report painter report for labour efficiency, it compares actual labour confirmations to a statistical key figure for payroll hours.
I have the basic elements, but my problem is this. We currently run our accounts on a calendar month basis, so we have 12 periods in FI. This report is required on a weekly basis for each weeks payroll. Is it possibly to report totals for a given week, when that is not your accounting period?
I can't see any obvious characterisics that will give me a weekly total of each figure, but I'm wondering if it os possible to define alternative periods (e.g. 52/53 week years ending each sunday for a period, and bring that in as a row characteristic).
Has anybody managed to achieve anything like this, and if so how?
Postings can occur anytime in the week, so I don't think posting date is an option, but may be if you can specify ranges that can be logically extrapelated in the report (i.e. Mon-Sun).
Thanks for any advice on this
GrahamHas anybody got any comments or advice on this?
Graham -
A semiautomatic alternative to /etc/fstab
This is probably highly redundant... the chances are, someone will likely say "XYZ does that for you and you can configure it in 5 minutes", but here goes anyways.
I wanted a simple way to mount the disks in my computer to the same location regardless of where they were in the system (thus via UUID) but what I *didn't* want was to have to copy/type the UUID myself. The following possibly shaky bash script is the result.
First, however, a (very real-world) demonstration of its functionality!
/disks/ + ./domount
Using scriptdir "/disks/.mountscripts".
Running mount... [ok]
[Disk ST3250620A_5QE4M336]
group0-root -> /disks/250gb: [ok]
38067a33-0556-4cab-a5c5-c96b313bd174 -> /disks/250gb/boot: [ok]
21D4-2E62 -> /disks/250gb/data: [ok]
group0-home -> /disks/250gb/home:
== mount error ==
mount: wrong fs type, bad option, bad superblock on /dev/mapper/group0-home,
missing codepage or helper program, or other error
In some cases useful info is found in syslog - try
dmesg | tail or so
=================
[R]etry/Skip [P]artition/Skip [D]isk/[Q]uit? q
/disks/ + fsck.jfs /dev/mapper/group0-home
fsck.jfs version 1.1.15, 04-Mar-2011
processing started: 11/10/2011 20:28:10
Using default parameter: -p
The current device is: /dev/mapper/group0-home
Block size in bytes: 4096
Filesystem size in blocks: 52099072
**Phase 0 - Replay Journal Log
Filesystem is clean.
/disks/ + ./domount
Using scriptdir "/disks/.mountscripts".
Running mount... [ok]
[Disk ST3250620A_5QE4M336]
group0-root -> /disks/250gb: (already mounted)
38067a33-0556-4cab-a5c5-c96b313bd174 -> /disks/250gb/boot: (already mounted)
21D4-2E62 -> /disks/250gb/data: (already mounted)
group0-home -> /disks/250gb/home: [ok]
group0-var -> /disks/250gb/var: [ok]
partition1.vfat -> /disks/250gb/home/backup/80gb/mnt/partition1.vfat: [ok]
partition2.vfat -> /disks/250gb/home/backup/80gb/mnt/partition2.vfat: [ok]
partition3.vfat -> /disks/250gb/home/backup/80gb/mnt/partition3.vfat: [ok]
partition4.ext3 -> /disks/250gb/home/backup/80gb/mnt/partition4.ext3: [ok]
data2 -> /disks/250gb/home/backup/32gb-2/mnt/data2: [ok]
[Disk ST340014A_5MQ4HB90]
0854-08DE -> /disks/20gb-1/data-1: [ok]
4846-D7E2 -> /disks/20gb-1/data-2: [ok]
3070DB1E70DAE99C -> /disks/20gb-1/winnt: [ok]
38BB-158D -> /disks/20gb-1/pool: [ok]
[Disk WDC_WD800BB-22J_WD-WCAM9H677098]
e336c404-fca8-4f2b-9c75-81c22f339741 -> /disks/80gb: [ok]
4738-E723 -> /disks/80gb/vfat: [ok]
a827cfa1-08cf-4a24-a989-aae94ea0801b -> /disks/80gb/boot: [ok]
7bb5df89-3a90-4c92-8aa7-a94271806087 -> /disks/80gb/var: [ok]
09b652b7-4f5e-4895-8464-6f972a44fdd6 -> /disks/80gb/home: [ok]
a2534aa6-b70f-442d-805e-365ee626d4be -> /disks/80gb/tmpspace: [ok]
4871-993D -> /disks/80gb/tmpspace2: [ok]
386a2a83-22e2-425c-bd48-cb0a1fad8a87 -> /disks/80gb/pool: [ok]
/disks/ +
Here's the script! (I can pastebin it if neccessary)
#!/bin/bash
# ohai from i336 :P <[email protected]>
# Oct-Nov 2011
# Public domain, no warranty. Be sure to use the "t" flag on the first run!
# This program has two modes: scan mode and run mode.
# Configuration
# =============
# You first need to create/go into the directory you want to mount your disks
# in, such as /mnt (I use /disks), and create the subdirectory ".mountscripts", or
# alternatively "programname-mountscripts" (the second directory bearing the
# name of the program/symlink, a simple mechanism to implement some flexibility).
# You can substitute any created symlinks whereever "./domount" is mentioned.
# The existance of this directory indicate that this is the work directory.
# (For added flexibility, the program will look for the second directory, the
# one bearing its name, first, then fall back on ".mountscripts" if this is not
# found.)
# Scan Mode
# =========
# After creating this directory for the first time you will want to run
# "./domount s" to generate the mountscripts into the mountscript directory
# (which is selected as specified above).
# Run Mode
# ========
# At this point, go into the mountscript directory, open all the files you find
# there in a text editor, and add in the mountpoints you want to use after the
# UUID parameter to 'partop' (an internal function defined in this file for the
# scripts).
# ** The first time you simply MUST run "./domount t" in order to see that the
# 'mount' commands are correct! **
# After this is done, run "./domount" and it will go ahead and mount the disks.
# Run "./domount u" and it will unmount everything. (No options exist for
# individual partitions as yet).
# Limitations
# ===========
# * If you use domount to mount loopback images inside real partitions and the
# real partitions are also mounted by domount, well, domount will try to
# unmount them in the same order as when it mounts... and it will break.
# Simple solution: skip however many real [p]artitions you have, then
# re-run domount again. :)
# * If you change a disk (eg add a partition), well, you'll have to delete the
# file for that disk, re-scan (domount will not touch the other scripts) then
# re-add your partitions back in. This program wasn't really designed to deal
# with that kind of situation :)
# * This program does not support LVM partitions - quite frankly, it doesn't
# even realize such things exist. Thus you will not find any LVM partitions
# listed in the generated scripts, or any "LVM partitions ignored"
# messages - indeed, if you only have LVM partitions on a given disk, the
# resulting syntactically incorrect script will contain an 'if' block with
# no content and the shell will produce an error.
toollist=
needtool=0
for tool in find lsblk blkid cfdisk xargs grep tail mountpoint; do
type -P $tool > /dev/null 2>&1
if [ $? -eq 0 ]; then
toollist="${toollist} ${tool}"
else
toollist="${toollist} [${tool}]"
needtool=1
fi
done
if [ $needtool -eq 1 ]; then
echo "This program requires the following tools in order to run. Those marked with"
echo "brackets cannot be found (using \`type') and their containing packages"
echo "likely need to be installed."
echo $toollist
exit 1
fi
sizes=(bytes KB MB GB TB)
progname=$(basename $0)
if [ -d ".mountscripts" ]; then
scriptdir="$(pwd)/.mountscripts"
elif [ -d ".${progname}-mountscripts" ]; then
scriptdir="$(pwd)/.${progname}-mountscripts"
fi
if ([[ ! -d "${scriptdir}" ]] && [[ "$1" != "s" ]]) || [[ "$1" == "h" ]]; then
cat << EOF
usage: $0 [s] [t]
s = scan
t = test run (USE THIS THE FIRST TIME AFTER YOU HAVE DONE A SCAN)
EOF
exit 1
fi
if [[ "$1" = "s" ]]; then
echo -n "Scanning disk tables... (by name)"
parttable=(); while IFS= read -r line; do parttable+=("$line"); done < \
<(find /dev/disk/by-id/ -name "scsi-SATA*" -name "*-part*" -type l | xargs stat -L -c "%t-%T %n")
echo -n ", (by UUID)"
uuidtable=(); while IFS= read -r line; do uuidtable+=("$line"); done < \
<(find /dev/disk/by-uuid/ -type l | xargs stat -L -c "%t-%T %n")
echo -ne " [ok]\nRunning blkid..."
blkidtable=(); while IFS= read -r line; do blkidtable+=("$line"); done < \
<(blkid)
echo -ne " [ok]\nRunning lsblk (uno momento)..."
lsblktable=(); while IFS= read -r line; do lsblktable+=("$line"); done < \
<(lsblk -bro name,size,fstype,model | grep -v group | tail -n +2)
echo -e " [ok]\n"
if [ ${#parttable[@]} -ne ${#uuidtable[@]} ]; then
echo 'Something is very wrong with either this program'
echo 'or your disk configuration. O.o'
exit 1
fi
echo -e "Using scriptdir \"${scriptdir}\".\n"
echo -ne "\e[1GCompiling mapping table... [ ]\e[?25l"
max=$[${#parttable[@]}*${#parttable[@]}]
runindex=0
for ((i = 0; i < "${#parttable[@]}"; i++)); do
partsplit=(${parttable[$i]})
devok=0
devname="$(readlink -f ${partsplit[1]})"
partsize=
for uuid in "${uuidtable[@]}"; do
uuidsplit=($uuid)
c=$[((runindex*43)/$[max-1])]
echo -ne "\e[29G"
if [ $c -gt 0 ]; then eval \printf "%.s#" {0..$c}; else echo -n '.'; fi
if [ $c -lt 43 ]; then eval \printf "%.s." {$[c+1]..43}; fi
((runindex++))
if [[ "${partsplit[0]}" = "${uuidsplit[0]}" ]]; then
partlabel=
devok=1
for entry in "${blkidtable[@]}"; do
if [[ "${entry:0:$[${#devname}+9]}" != "${devname}: LABEL=\"" ]]; then continue; fi
partlabel="${entry:$[${#devname}+9]}"
partlabel=$(echo -n $(echo $partlabel | cut -d'"' -f1))
done
for entry in "${lsblktable[@]}"; do
entry=($entry)
if [[ "/dev/${entry[0]}" != "$devname" ]]; then continue; fi
partsize=${entry[1]}
parttype=${entry[2]}
done
if [ ! partsize ]; then
echo "$0: error: cannot determine partition size for $devname"
exit 1
fi
devline="${partsplit[1]:26} ${uuidsplit[1]:18} ${partsize} ${parttype}${partlabel:+ $partlabel}"
map[${#map[@]}]="$devline"
fi
done
if [ $devok -eq 0 ]; then
checkparttable[${#checkparttable[@]}]="${parttable[$i]#* }"
fi
done
echo -e "\e[?25h\e[75Gdone.\n"
if [[ ${#checkparttable[@]} -gt 0 ]]; then
cat << EOF
Warning: The following partitions do not have matching UUID entries
in /dev/disk/by-uuid/.
Linux seems to be quite smart, and won't list UUIDs for LVM
members, partitions \`mount' cannot mount without the -t flag,
or extended partition headers, but /dev/disk/by-id/ will still
list them. So these are probably not a problem but may still
warrant a double-check; if these contain valid filesystems you
will need to insert them manually since their UUIDs cannot be
calculated.
EOF
for partition in "${checkparttable[@]}"; do
echo " >> $(readlink -f $partition) (/dev..by-id/${partition:26})";
done
echo
fi
find /dev/disk/by-id/ -name "scsi-SATA*" -not -name "*-part*" -type l | while read disk; do
scriptfile="${scriptdir}/${disk:26}.mount.sh"
rm -f "${scriptfile}"
if [ ! -f "${scriptfile}" ]; then
echo -ne "No mountscript found for disk ID \"${disk:26}\", creating one...\nRunning cfdisk... "
cfdtable=(); while IFS= read -r line; do cfdtable+=("$line"); done < \
<(cfdisk -Ps $disk | grep -v "Free Space" | grep -v "Unusable" | tail -n +6)
echo -ne "[ok]\nRunning smartctl... "
smartctlinfo="$(smartctl -i $disk)"
diskdevname="$(readlink -f ${disk})"
diskdevname=${diskdevname:5}
disk="${disk:26}"
disktable[${#disktable[@]}]="${disk}"
tmp=
diskparttable=
for entry in "${lsblktable[@]}"; do
entry=($entry)
if [[ "${diskdevname}" != "${entry[0]}" ]]; then continue; fi
devicename=$(echo -n $(echo "${entry[@]}" | cut -d' ' -f3-))
done
echo -e "# Script generated by domount at $(date +'%T on %D (MM/DD/YY)') for disk \"${devicename}\"\n" > "${scriptfile}"
echo '# '$(echo "$smartctlinfo" | grep '^Model Family:') >> "${scriptfile}"
echo '# '$(echo "$smartctlinfo" | grep '^Device Model:') >> "${scriptfile}"
echo -e '# '$(echo "$smartctlinfo" | grep '^User Capacity:')"\n" >> "${scriptfile}"
for part in "${map[@]}"; do
if [[ "${part:0:$[${#disk}+1]}" != "${disk}-" ]]; then continue; fi
diskparttable="${diskparttable}${part}\n";
done
mapfile -t diskparttable < <(echo -ne "${diskparttable%%\\n}" | sort -n -k1.$[${#disk}+6]n)
echo -ne "if diskexists ${disk}; then\n\t\n" >> "${scriptfile}"
for part in "${diskparttable[@]}"; do
partsplit=($part)
parttype=
for line in "${cfdtable[@]}"; do
line=($line)
if [[ "X${partsplit[0]:${#disk}+5}X" != "X${line[0]}X" ]]; then continue; fi
parttype="${line[1]}"
done
if [[ "X${parttype}X" = "XX" ]]; then
echo "$0: error: Cannot parse cfdisk output"
rm -f "${scriptfile}"
exit 1
fi
echo -ne "\t# Partition: #${partsplit[0]:${#disk}+5} (${parttype}, ${partsplit[3]}" >> "${scriptfile}"
if [[ "${partsplit[3]}" = "swap" ]]; then
echo -n " - Skipping" >> "${scriptfile}"
fi
echo -n "); Size: " >> "${scriptfile}"
sizeidx=0
size=${partsplit[2]}
while [ $size -gt 0 ]; do
sizetext="${size}${sizes[$sizeidx]} ${sizetext}"
size=$(($size/1024))
((sizeidx++))
done
sizetext=($sizetext)
for ((i = 0; i < 2; i++)); do
if [ $i -eq 1 ]; then echo -n ' (' >> "${scriptfile}"; fi
if [[ "${sizetext[$i]: -1:1}" = "s" ]]; then
echo -n "${sizetext[$i]:0:-5} bytes" >> "${scriptfile}"
else
echo -n "${sizetext[$i]:0:-2} ${sizetext[$i]: -2:2}" >> "${scriptfile}"
fi
if [ $i -eq 1 ]; then echo -n ')' >> "${scriptfile}"; fi
done
if [[ "X${partsplit[4]}X" != "XX" ]]; then
echo -n "; Label: \"" >> "${scriptfile}"
echo $(echo -n "${part}" | cut -d' ' -f5-)"\"" >> "${scriptfile}"
else
echo >> "${scriptfile}"
fi
if [[ "${partsplit[3]}" != "swap" ]]; then
echo -e "\tmountpart /dev/disk/by-uuid/${partsplit[1]} \n\t" >> "${scriptfile}"
else
echo -e "\t" >> "${scriptfile}"
fi
done
echo "fi" >> "${scriptfile}"
echo -e "[ok]\nSuccess!\n"
#echo ---; cat $scriptfile; echo ---
else
echo "Script found for disk ID ${disk}"
fi
done
exit
fi
trap 'echo; exit' SIGINT
echo -ne "Using scriptdir \"${scriptdir}\".\nRunning mount..."
mapfile -t mounttable < <(mount)
echo -e " [ok]"
function spin() {
trap 'echo -e "\e[?25h"' SIGINT SIGQUIT SIGKILL
echo -ne "\e[?25l"
if [[ $unicode -eq 1 ]]; then s=$(printf \\u2580\\u259C\\u2590\\u259F\\u2584\\u2599\\u258C\\u259B); m=8; d=0.03; else s='/-\|'; m=4; d=0.07; fi
("$@" & pid=$! ; c=1; while ps -c $pid 2>&1>/dev/null; do echo -ne "\e[s${s:c:1} \e[u"; c=$[c+1]; test $c -eq $m && c=0; sleep $d; done)
echo -ne "\e[?25h"
trap SIGINT SIGQUIT SIGKILL
function diskexists {
disk=/dev/disk/by-id/scsi-SATA_${@}
if [[ ! -L $disk ]]; then
echo "(Disk $0 is not installed)"
else
echo "[Disk ${1}]"
fi
function partop {
if [[ $mode -eq 1 ]]; then
while true; do
echo -n "Unmounting ${1##*/}... "
if ! mountpoint > /dev/null 2>&1 $2; then
echo "(Not mounted, or not a mountpoint)"
break;
fi
if [ ! -d $2 ]; then
echo "error: Not a directory!"
break
fi
cmd="umount $1"
if [[ ! $testmode ]]; then
output="$(${cmd} 2>&1)"
err=$?
else
echo "{would run: ${cmd}} "
fi
if [[ $err = 0 ]]; then
if [[ ! $testmode ]]; then echo "[ok]"; fi
return
else
echo -e "\n== umount error =="
echo -n "${output}"
echo -e "\n=================\n"
c=X;
while [[ ! $c =~ (R|r|P|p|D|d|Q|q) ]]; do read -sn1 -p"[R]etry/Skip [P]artition/Skip [D]isk/[Q]uit? " c; echo $c; done
echo
case $c in
D|d) skipdisk=1; break ;;
P|p) break ;;
Q|q) exit ;;
esac
fi
done
else
if [[ $skipdisk = 1 ]] && [[ $newdisk = 0 ]]; then return; fi
err=0
skipdisk=0
newdisk=0
while true; do
echo -n "${1##*/} -> $2: "
if mountpoint > /dev/null 2>&1 $2; then
echo "(already mounted)"
break;
fi
if [[ $testmode == 0 ]]; then echo echo -n "Mounting"; fi
if [ ! -d $2 ]; then
echo -n " (creating dir $2"
cmd="mkdir -p $2 2>&1"
if [[ ! $testmode ]]; then
output="$(eval $cmd)"
err=$?
else
echo -n " {would run: $cmd}"
fi
echo -n ') '
fi
if [[ $err = 0 ]]; then
if [[ $testmode == 0 ]]; then echo -n '... '; fi
cmd="mount $@"
if [[ ! $testmode ]]; then
output="$(${cmd} 2>&1)"
err=$?
else
echo "{would run: ${cmd}} "
fi
else
echo
fi
if [[ $err = 0 ]]; then
if [[ ! $testmode ]]; then echo "[ok]"; fi
return
else
echo -e "\n== mount error =="
echo -n "${output}"
echo -e "\n=================\n"
c=X;
while [[ ! $c =~ (R|r|P|p|D|d|Q|q) ]]; do read -sn1 -p"[R]etry/Skip [P]artition/Skip [D]isk/[Q]uit? " c; echo $c; done
echo
case $c in
D|d) skipdisk=1; break ;;
P|p) break ;;
Q|q) exit ;;
esac
fi
done
fi
if [[ $1 = "u" ]]; then mode=1; else mode=0; fi
if [[ $1 = "t" ]]; then testmode=1; fi
scripts=(${scriptdir}/*.mount.sh)
for ((i = 0; i < ${#scripts[@]}; i++)); do
newdisk=1
. ${scripts[$i]}
if (($i < ${#scripts[@]} - 1)); then echo; fi
done
echo -ne "\e[?25h"
Hopefully someone else finds this helpful. I am aware of udev/automount; that was overkill, since the disks are always installed, and I don't need a system whose focus is on-the-fly detection of newly inserted media of whatever kind.
-i336
Last edited by i336 (2011-11-10 04:42:08)Thanks. I might use it soon...
Does it automatically make folders named after the volume labels? And does it handle the conversion of spaces and non-alphanumeric characters to octal codes?
I could read the script but it would be faster for everyone reading, if you leave the answer as a reply.
I also think that there should be some major work done on modernizing the fstab, either by replacing it with a better implementation of file system mounting or changing the file structure and adding in better handling of non-alphanumerics. I don't want to have to look up a stupid octal table every time I type in my labels. -
Adobe Creative Cloud can't signin is there alternative to downloading these programs?
I just purchased Adobe Creative Cloud and when went to sign in all it would do is sign me out in which I never got to sign in lol is there alternative way to download this software as I have Photoshop and Lightbloom
Finally, after- how long? - two months? I have uploaded the new Creative Cloud. Only to find that all the programs have been upgraded from CS6 to CC.
This ranks as the worst piece of customer-relations I've ever come across. Even though I asked for instructions the Staff member dealing with me got fed-up and just dumped me.
I kept trying - and today - finally I got it fixed.
It took 20 minutes to download, at 20Mbps! There were no intermediate instructions, I wasn't told what was happening. Suddenly the Install screen disappeared - the new Creative Cloud didn't open, I had to go find it.
Adobe - this is not good. I suggest you find the boss of this team and quietly boot them out of the door. -
Lync Reverse Proxy Alternatives
When migrating from OCS 2007 to Lync 2010, we balked Microsoft’s recommendation to deploy Forefront Threat Management Gateway (or ISA) just to get the reverse proxy services.
TMG is way too expensive and complex for such a limited, simple use case.
I didn't find much information on what people are using as free alternatives to ISA/TMG, so I decided to post this discussion in case there are others out there who are interested.
We decided to use Apache 2.2 on Windows Server 2008 R2.
Here's how we configured it:
Read here to understand what features require a reverse proxy, and follow the steps to configure your FQDNs, Network Adapters and (maybe) obtain an SSL Certificate for the reverse proxy.
http://technet.microsoft.com/en-us/library/gg398069.aspx
Download and install the latest stable release of Apache with OpenSSL on your reverse proxy server.
http://httpd.apache.org/download.cgi
We're using the same certificate on the reverse proxy that we use on our front end server (it has the appropriate SANs), so we need to convert it to PEM format for use with Apache:
Use the Certificates MMC on your front end server to export the certificate and include the private key.
Transfer the resultant .pfx file to your reverse proxy server.
Use OpenSSL to convert your .pfx file to PEM:
openssl pkcs12 -in c:\pathto\yourcert.pfx -out c:\pathto\yourcert.pem –nodes
Separate the private key from the certificate using notepad:
Open the new .pem file and cut the text from the beginning of the file through the end of the “----END RSA PRIVATE KEY----“ tag.
Save that text to a new file named
yourcert.key.
Save
yourcert.pem, which should now only include the certificate.
Copy (or move) the certificate and private key to the Apache configuration directory. We like to use: C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl
for storing the certificates.
Edit httpd.conf (typically in
C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf) to enable and configure the proxy and SSL features:
(See http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
for more information on each directive)
Uncomment the following lines, which will enable proxy and SSL:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ssl_module modules/mod_ssl.so
Include conf/extra/httpd-ssl.conf
Add the following lines to configure reverse proxy behavior:
#Be a reverse proxy, not a forward proxy
ProxyRequests Off
#Accept requests from any client to any URL
<Proxy *>
Order Deny,Allow
Allow from all
</Proxy>
#Set the network buffer to improve throughput
ProxyReceiveBufferSize 4096
#Configure the Reverse Proxy to forward all requests to your front end server on 4443
ProxyPass / https://yourfrontend.domain.com:4443/
ProxyPassReverse / https://yourfrontend.domain.com:4443/
#Preserve Host Headers for Lync
ProxyPreserveHost On
Optionally, configure logging directives, bindings and server name.
Save and close httpd.conf
Edit httpd-ssl.conf (typically in conf\extra):
Configure the session cache:
Uncomment:
SSLSessionCache “dbm:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache”
Comment out:
SSLSessionCache “shmcb:C:/Program Files (x86)/Apache Software Foundation/Apache2.2/logs/ssl_scache(512000)”
Locate the <VirtualHost _default_:443> tag and configure the following:
Add the following directive:
SSLProxyEngine On
Configure the path to your SSL Certificate saved in step 3-5 above:
SSLCertificateFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.pem”
Configure the path to your private key saved in step 3-5 above:
SSLCertificateKeyFile “C:\Program Files (x86)\Apache Software Foundation\Apache2.2\conf\extra\ssl\yourcert.key”
Optionally, configure the SSLCACertificateFile (you can download the appropriate bundle from your CA).
Optionally, configure logging directives.
Save and close httpd-ssl.conf
Restart the Apache2.2 service
Configure public DNS records and appropriate firewall rules to allow public http/https traffic to the external interface of your reverse proxy, and to allow the internal interface of
the reverse proxy to talk to the front end Lync server on 8080 and 4443.
From an external connection, test connectivity through the reverse proxy:
Test
https://dialin.company.com (friendly URL for getting dial-in information, if you’re using voice conferencing)
Test the Lync Web App by setting up an online meeting and following the URL to join the meeting.
You can force the use of the web app by appending ?sl= to the end of the meet.company.com link.
See this for more information http://blogs.technet.com/b/jenstr/archive/2010/11/30/launching-lync-web-app.aspx
Hope this information is helpful and saves some of you some money and trouble.
Please contact me if you need further clarification or see any mistakes in my notes.
Best regards,
Kenneth Walden
Enterprise Systems Supervisor
GSD&M
Austin, TXI'd like to thank you for this article. We were setting up Apache RP for Lync .... needless to say they weren't too excited to learn this new (and highly complex with lots of specific undocumented requirements) Microsoft product. Anyways, your
blog saved me a LOT of headache. I owe you big time.
AWESOME JOB.
-Greg
*****EDIT***
Decided to come back in there and post good information. We had issues with EXTERNAL and ANONYMOUS users being able to attend a meeting. The "DIALUP" url was working fine but the "MEETING" url was broken. On our WFE servers we were getting
the event error as below. Turns out that our reverse proxy was not set to "PROXYPRESERVEHOST ON". Once we put that in there ALL was good.
Notice that the MEET portion was the only thing that was really broken. So, if you can get DIALUP to work, but MEET doesn't ... your RP is working to FW the 443 to the 4443 correctly but you're RP is sending the wrong HEADER. Look for
http://10.x.x.x/meet/ or soemthing in the event logs.
Log Name: Application
Source: ASP.NET 2.0.50727.0
Date: 11/16/2011 1:26:35 PM
Event ID: 1309
Task Category: Web Event
Level: Warning
Keywords: Classic
User: N/A
Computer: OneofMyInternalWFEservers.local
Description:
Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 11/16/2011 1:26:35 PM
Event time (UTC): 11/16/2011 6:26:35 PM
Event ID: b2039ecd0a62482284030f62e1e639d8
Event sequence: 129
Event occurrence: 28
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/34578/ROOT/meet-1-129658725547585993
Trust level: Full
Application Virtual Path: /meet
Application Path: C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\
Machine name: MYWFE.local
Process information:
Process ID: 14204
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Exception information:
Exception type: HttpException
Exception message: Server cannot append header after HTTP headers have been sent.
Request information:
Request URL:
https://FQDN:4443/meet/MyName/456456
User host address: gatewayIP
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
Thread information:
Thread ID: 7
Thread account name: NT AUTHORITY\NETWORK SERVICE
Is impersonating: False
Stack trace: at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Custom event details:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="ASP.NET 2.0.50727.0" />
<EventID Qualifiers="32768">1309</EventID>
<Level>3</Level>
<Task>3</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2011-11-16T18:26:35.000000000Z" />
<EventRecordID>4483</EventRecordID>
<Channel>Application</Channel>
<Computer>XXXXXXXXXXXXXXXXXX</Computer>
<Security />
</System>
<EventData>
<Data>3005</Data>
<Data>An unhandled exception has occurred.</Data>
<Data>11/16/2011 1:26:35 PM</Data>
<Data>11/16/2011 6:26:35 PM</Data>
<Data>b2039ecd0a62482284030f62e1e639d8</Data>
<Data>129</Data>
<Data>28</Data>
<Data>0</Data>
<Data>/LM/W3SVC/34578/ROOT/meet-1-129658725547585993</Data>
<Data>Full</Data>
<Data>/meet</Data>
<Data>C:\Program Files\Microsoft Lync Server 2010\Web Components\Join Launcher\Ext\</Data>
<Data>SNKXS300</Data>
<Data>
</Data>
<Data>14204</Data>
<Data>w3wp.exe</Data>
<Data>NT AUTHORITY\NETWORK SERVICE</Data>
<Data>HttpException</Data>
<Data>Server cannot append header after HTTP headers have been sent.</Data>
<Data>XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
<Data>/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX</Data>
<Data>10.71.1.1</Data>
<Data>
</Data>
<Data>False</Data>
<Data>
</Data>
<Data>NT AUTHORITY\NETWORK SERVICE</Data>
<Data>7</Data>
<Data>NT AUTHORITY\NETWORK SERVICE</Data>
<Data>False</Data>
<Data> at System.Web.HttpHeaderCollection.SetHeader(String name, String value, Boolean replace)
at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.EndRequest(Object source, EventArgs e)
at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
</Data>
</EventData>
</Event> -
What is a quick alternative to launching an enterprise DPS app if Apple Store rejects the App? We are under a major deadline and can't wait for Apple to approve. We want to host the app elsewhere. How do we host our DPS app on our client's website? Thanks.
Unless I misunderstand the question, you can't do what you're asking to do. Apple doesn't allow you to bypass their store and host public apps on a website. The exception is an enterprise app, which requires an Enterprise account with both Apple and Adobe. This type of enterprise app can be distributed only within the company. If that's what you want to do, you can learn more here:
Digital Publishing Suite Help | Creating viewer apps for private distribution
Distributing enterprise iOS viewer applications with Digital Publishing Suite | Adobe Developer Connection
Another option is to add the development app to several devices and use those for your demo. -
What is the use of Alternative Calculation Type =2 and 4
Dear Friends
In pricing procedure in gross value, Net value for Item and Net value has Alternative calucation type is 2.
What is the use of it?
Without using it these value line are also fetching net value then what is the work of it. Please give me detail information with its effects in pricing condition tab page in sales document.
Thanking You
ArunArun biswal,
Correct Biswal. We have at varoius stages within Pricing procedure the "net value" which is calculated. Not only the alternative calculation type "2" is used if you notice carefully they are stored as subtotals at various levels.
For Ex Gross Value --> Subtotal =1 --> Calc type = 2
similarly for Net value for Item --> Subtotal =2 --> Calc type = 2
Net value 2 --> Subtotal =3 --> Calc type = 2
See, these are used to calculate the net value at various levels in pricing. The calculation Type has got a set of routines that will facilitate us in pricing. SAP has provided certain clauclated formulas or routines to facilitate us during calculation within pricing . Here the "2" is used for calculation without tax and store it as subtotal and display it or use it for further calculations.
We can use this "netvalue" amount for further calculations. It is used for clarity purpose when you issue a statement to customer. (like Confirmation order) at various levels like discount amt involved, Freight involved, Rebate amount invloved.....
Even without this Calc type or using sub total u can proceed....
Finally we have TOTAL --> Subtotal =A --> Calc type = 4
In the above line we have Calc type as 4, which means when you use TAX this calc type is used .
Routines are used to facilitate your process....
Regards
Sathya -
Like we have If Not Exists in T-SQL, Is there any alternative in MDX
Hi All,
I am a newbie in MDX. I am trying to execute MDX query through SSIS Execute SQL Task. I have set Single Row as a result set. Every thing is fine, But the problem arise when the query does not return any result.
Because , this is the property of Execute SQL Task that it fails , If result set is SET and query does not return any value.
This occurance is handle in T-SQL by used of If Not Exits/If Exists , Do we have something over here i.e. MDX ?
If not then what might be the alternative for this.Hi Shadab,
Try writing iif() (if and only if) to handle this situation.
Check this for syntax and examples:
http://msdn.microsoft.com/en-IN/library/ms145994(v=sql.105).aspx
If you have any issues please let me know.
Please vote as helpful or mark as answer, if it helps Regards, Anand -
Kubuntu Linux alternative to Win7 on NB505-N508BN
Hi, here's a quick summary on installing Linux on my NB505-N508BN netbook (Win7 Starter, Atom Processor, 2GB RAM), If you're looking to have some fun with the netbook and are bored with Windows, try it out. Linux is free, open source sw and there are various linux packages. I chose Kubuntu (Ubuntu linux packaged by KDE).
Pros: nice alternative to Win 7 (starter or otherwise)
Cons: Battery gets drained faster than in Windows, and if you're looking for long hours of use, linux may not be for you.
From Windows, open a browser, and find/download Kubuntu 11.04, nicknamed "Natty Narwhal". Unzip it and find and run an installer called 'wubi'. It'll install Kubuntu alongside Win 7. You'll have to 'restart' to finish the installation at the end of which you restart once again. This time, hit F12 and you'll have the option to boot from Windows or Kubuntu. Choose Kubuntu. If you really want, you can also download and install an image file onto a USB drive (get the Universal-usb-installer-1.8.6.0.exe; look up Pendrivelinux.com) and run Kubuntu from the usb drive itself.
Raw Kubuntu 11.04 needs tweaks. Open its Rekonq browser, and download Firefox 4 (for Kubuntu/ubuntu)) and install. Then install Flash and Java. You'll need to open a terminal window and type commands to download. Here's the site for Java: http://www.multimediaboom.com/how-to-install-java-in-ubuntu-11-04-natty-narwhal-ppa/ Also, you can improve the Firefox setup by downloading the Oxygen theme: http://kde-look.org/content/show.php/Oxygen+KDE+%28Firefox+Theme%29?content=117962
Install Skype (the webcam video turns out a bit darker than in the windows version) and Dropbox to share files in the Cloud. For audio and video play, fire up and configure the Amarok and Dragon Player that come with Kubuntu. You'll lose the Fn-#3 and Fn-#4 key volume control but use a volume control app called KMix instead.
Connect to Wifi by finding your home or hotspot wifi (note: it saves your wifi passwd in sleep/hibernate, but not if you reboot; you have to reenter it).
The file organizer "Dolphin" is the equivalent of Windows Explorer. Find all your Windows files by clicking on Local Disk and drilling down. Kubuntu comes wih free LibreOffice that is like MS Office. I've opened and used Excel and Word files and saved them in MSOffice ('97 - 2000) formats.
Download Avast! anti virus for linux (it's a 1 yr free subscription for a home workstation). Don't get the free AVG anti virus for linux -it doesn't install right. Note: you don't really need antivirus for linux, because linux is open source sw which is no safe haven for viruses. But I transfer files between my linux and windows folders, and so want to prevent ransferring a virus inadvertently). Download the Avast! DEB package: http://www.avast.com/linux-home-edition#tab4 and use right-click to open and install with GDebi package installer. Also setup a firewall (UFW or 'uncomplicated firewall'): https://wiki.ubuntu.com/UncomplicatedFirewall.
The look and feel of Kubuntu linux is quite inuitive, it boots fast, runs fast, even on my netbook with just 2GB RAM and an Atom processor. Right now, I'm posting this from my Firefox browser in Kubuntu. I haven't gone back to Windows except to backup my files onto a portable drive using EaseUS Todo software (since I can't find that sw for linux).
Hope this gives you an idea of what you need to do to setup a linux alternative to Windows. Note: there are other flavors of linux like plain Ubuntu or others like Xubuntu and Edubuntu, openSUSE etc. Check out what they're about. Overall, if you are willing and able, you can have linux up and running and customized in a day or two. It's pretty cool. See some of the screenshots I have posted below as png graphics files.
The only downside I see: the battery doesn't last as long as it did running Win 7 starter, for the same kind of tasks. I think I get about 2/3 rd the number of hours that I would get with Win 7 starter. Someone did a detailed study (http://www.carstenboysenjensen.com/en/articles/linux-distro-battery-test.html) and discovered that other flavors of linux - even supposedly 'lighter' ones, fare no better wrt battery life and that the culprit might be excessive hard drive access (and, consequently, I suspect, the fan, which works harder to keep the drive and other components cool). But otherwise, my Kubuntu 11.04 install on my netbook is fast, stable and great to work with.
Cheers!
Nat
Attachments:
nb505-n509bn-KubuntuLinuxInterface1.png 472 KB
nb505-n509bn-Kubuntu-DragonPlayer.png 204 KB
nb505-n510bn-Kubuntu-WindowsCdrivefiles.png 88 KB
nb505-n508bn-Kubuntu-PostingthisnoteinFirefox.png 103 KBHi, just a quick update. The 11.04 (K)ubuntu linux distro drains the battery significantly faster than Win 7. I recently learned that the kernel in 11.04 is far more power consuming than kernels used in previous distros such as 10.10 and that it is not clear why or how to overcome this. In this regard, the kernel in 11.04 is a step back from the earlier kernels, which is not a good thing for linux if it is to continue competing with Windows or the Mac's OS, particularly for very mobile devices such as laptops and netbooks that one wants to use unplugged and on battery alone for many hours -that's the whole point of being mobile. This is unfortunate, because Linux is otherwise a very viable and capable OS.
My advice to folks on this forum who still would like to play with linux is to try the older versions such as (K)ubuntu 10.10 or just hang on to Windows 7 for now.
Nat -
SP Foundation 2010 - ViewFormPagesLockdown alternative
We have an internet facing site on SharePoint 2010 Foundation. We have anonymous access enabled (mandatory), but we need to lock down access to the _layouts, _catalogs, etc directories. By lock down, I mean we don't want the user to be able to 'View All
Site Content' and see the lists. We need their user to have 'access' to them so the content is rendered/ran appropriately.
Is the only alternative to lock these directories down in the web.config?Hi TBeam,
Yes, I have one !
I had released a version of the lockdown feature for SharePoint Foundation that you can download on Codeplex.
http://customlockdown.codeplex.com/
Hope that helps...
Marc Charmois - http://mosshowto.blogspot.com
Maybe you are looking for
-
Downgrade Windows 8.1 Pro to Windows 7 Pro
I have Windows 8.1 Pro and with incompatible hardware must downgrade to Windows 7 Pro, where my work station hardware is supported. PROBLEMS: Windows 8 cannot read my Windows 7 original retail Installation media - Media is useless on DVD. Installatio
-
IPod won't boot up, please advise... anyone??
My iPod went through a period of not booting up from being off. It didn't seem to matter whether I turned it off or left it to go to sleep. When a button is pressed then the apple symbol comes up and you can hear the drive head clicking as if it is t
-
Can't install Robohelp 9. Stops at 37%.
Hi, I'm trying to install RoboHelp 9 on a desktop PC with Windows XP sp3. The installation starts running but stops at 37%. The only item what's updated is the remaining time. When the time is at 120 min. I have to kill the process. I've tried to ins
-
Inbuilt Data Counter Correct Or Wrong?
I hope people read this and understand correctly, I am with Vodafone Ireland and I have signed up for Free Calls, Texts & 250mb Of Internet. I have never gone over this but yesterday I rang them as I had no credit and their was a 220mb of a download
-
Identifying hierarchy node in authorization log
Hi, I created a error log (RSECADMIN) for an authorization problem. The log displays - among other things - : Main Check: Following Set Is Checked Characteristic Contents 0COMPANY Node 0 1 0 824 1 What do these 5 numbers after the word Node mean