ARP Issue with Multiple Subnets

We have a 4500-X as our core at our head office, connected to a Nexus 5K where our MS NLB Exchange cluster is (Virtualized).
On the 4500-X there is a static MAC and static ARP entry for the NLB VIP.
The servers are in VLAN 100 and the desktops are in VLAN 200
No desktop can ping or access Exchange via the NLB virtual IP from VLAN 200 (or any other non-server VLAN) but can access each server individually.
If I put a desktop in VLAN 100 I can access the VIP without a problem.
All devices at sites across our MPLS-connected WAN can access Exchange without problem using the NLB VIP, as well as clients connecting via VPN.
I can't figure out why remote sites, on different subnets can hit Exchange, but locally it doesn't work.
As a note: We have another network at our head office that sits behind a firewall. Clients were not able to access the VIP until a static ARP entry was put on the firewall.
Config is pretty straight forward.
4500-X Config:
VLAN 100
     name SERVER
VLAN 200
     name DESKTOP
interface VLAN100
     ip address 192.168.100.1 255.255.255.0
     no ip redirects
interface VLAN200
     ip address 192.168.200.1 255.255.255.0
     no ip redirects
mac address-table static 1111.1111.1111 vlan 100 interface Po1
arp 192.168.100.100 1111.1111.1111 ARPA

Hello.
Could you draw a diagram of interconnections between 4500, MPLS and Exchange?
Are you sure about MAC and port? Can you ping VIP address from 4500?

Similar Messages

  • Issues with multiple subnets - ASA5510 to Vigor 2820 VPN

    Hi there,
    I am hoping someone here can help.  I have been struggling for some time to sort out issues in a VPN we have between our main London office and the Edinburgh branch office.  We have an ASA 5510  in London, talking to a Vigor 2820 in Edinburgh. 
    The London office has a 192.168.0.0/24 subnet, with the default gateway as a Cisco Catalyst at 192.168.0.254, and the Cisco ASA at 192.168.0.254 as the firewall. 
    The Edinburgh office has the subnet 192.168.2.0/24, with the Vigor running on 192.168.2.1, providing routing, DHCP and firewall services there. 
    I have the VPN working fine, correctly routing traffic between those two subnets over the IPsec tunnel.  However, I have had much trouble adding additional subnets for our VLANs in London.
    What I want to happen is traffic from 192.168.2.0/24 to be able to get to and from 192.168.50.0/24 and several similar networks.
    Upon tracing it using the Cisco packet tracer, I can see that the packets for the 192.168.50.0/24 subnet are not making it over the tunnel, having being stopped by the VPN: subtype: encrypt rules.  Looking at these rules though, I can't spot the problem.  Multiple changes of order of the rules, and reloads have not sorted out the problem.  When I run a packet trace on the main subnet it works fine.  I have attached some of the configuration (below) as well as the output from the packet tracer, and the config of the Vigor router.
    I apologise in advance for the length of the post, but I have tried to include all relevant information to see if anyone can help.
    Firstly, here's the ASA config that seemed relevant.  I tried to remove some since we have quite a few site-to-site tunnels set up, and these are probably not relevant (and are all working correctly).
    access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.20.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.20.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.50.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.30.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.40.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip any 192.168.0.192 255.255.255.192 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.0.0 192.168.7.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.7.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.2.0 255.255.255.0 192.168.7.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.0.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0 nat (inside) 0 access-list insideOutboundNonatAclnat (inside) 9 access-list vpnNatAclnat (inside) 10 192.168.30.5 255.255.255.255nat (inside) 10 192.168.0.0 255.255.255.0nat (inside) 10 192.168.20.0 255.255.255.0nat (inside) 10 192.168.30.0 255.255.255.0nat (inside) 10 192.168.50.0 255.255.255.0access-list inside_in extended permit ip 192.168.0.0 255.255.255.0 any access-list inside_in extended permit tcp host 192.168.5.2 host 192.168.0.2 eq domain access-list inside_in extended permit ip 192.168.20.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_in extended permit ip 192.168.20.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.50.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.30.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.30.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_in extended permit ip 192.168.40.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_in extended permit ip 192.168.40.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.10.0 255.255.255.0 any access-list inside_in extended permit ip host 192.168.2.1 192.168.30.0 255.255.255.0 inactive access-list inside_in extended permit ip 192.168.2.0 255.255.255.0 192.168.50.0 255.255.255.0 access-list inside_in extended permit ip 192.168.2.0 255.255.255.0 192.168.0.0 255.255.255.0 access-group inside_in in interface insideaccess-list outside_2_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0 route inside 192.168.20.0 255.255.255.0 192.168.0.254 1route inside 192.168.50.0 255.255.255.0 192.168.0.254 1route inside 192.168.30.0 255.255.255.0 192.168.0.254 1route inside 192.168.40.0 255.255.255.0 192.168.0.254 1crypto ipsec transform-set ESP_DES_MD5 esp-des esp-md5-hmac crypto ipsec transform-set TRANS_VPN_SET esp-3des esp-md5-hmac crypto ipsec transform-set TRANS_VPN_SET mode transportcrypto ipsec transform-set TRANS_VPN_SET_2 esp-3des esp-sha-hmac crypto ipsec transform-set TRANS_VPN_SET_2 mode transportcrypto ipsec transform-set ESP_3DES_SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP_3DES_MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec df-bit clear-df outsidecrypto dynamic-map core_vpn_dyn_map 20 set transform-set ESP_3DES_MD5 ESP_DES_MD5 TRANS_VPN_SET TRANS_VPN_SET_2crypto dynamic-map core_vpn_dyn_map 40 set pfs crypto dynamic-map core_vpn_dyn_map 40 set transform-set ESP_3DES_SHA ESP_DES_MD5crypto map outside_map 2 match address outside_2_cryptomapcrypto map outside_map 2 set pfs crypto map outside_map 2 set peer [branch peer ip]crypto map outside_map 2 set transform-set ESP_3DES_MD5crypto isakmp identity address crypto isakmp identity address crypto isakmp policy 25 authentication pre-share encryption 3des hash md5     group 1      lifetime 28800crypto isakmp nat-traversal  30crypto isakmp disconnect-notifygroup-policy DfltGrpPolicy attributes banner none  wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 100 vpn-idle-timeout none vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec l2tp-ipsec webvpn password-storage disable ip-comp disable re-xauth enable group-lock none pfs disable  ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable  backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable nac disable  nac-sq-period 300 nac-reval-period 36000 nac-default-acl none address-pools none smartcard-removal-disconnect enable client-firewall none client-access-rule nonetunnel-group [branch peer ip] type ipsec-l2ltunnel-group [branch peer ip] ipsec-attributes pre-shared-key *
    Note: [branch peer ip] replaces any instances of the branch office outside IP address
    I appreciate there may be some duplicated/redundant rules here - I have been playing with config to try to fix the problem.  I'd really appreciate any suggestions on how to track this down. 
    Here's the vigor config:
    So it looks to match ok to me at both ends, unless there is something I missed.  The vigor routing table shows:
    Key: C - connected, S - static, R - RIP, * - default, ~ - private*             0.0.0.0/         0.0.0.0 via [ISP gateway server],   WAN1S         [branch peer ip]/ 255.255.255.255 via [branch peer ip],   WAN1S~       192.168.40.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.50.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.10.0/   255.255.255.0 via [London office ip],    VPNS~        192.168.0.0/   255.255.255.0 via [London office ip],    VPNC~        192.168.2.0/   255.255.255.0 is directly connected,    LANS~        192.168.7.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.30.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.20.0/   255.255.255.0 via [London office ip],    VPN*     [ISP dns server]/ 255.255.255.255 via [ISP gateway server],   WAN1
    I have replaced IPs here as is shown.  You can see the vigor seems to want to route the appropriate traffic over the VPN.
    Finally, here is the packet trace output:
    ciscoasa# packet-trace input outside tcp 192.168.2.1 echo 192.168.50.10 echo d$Phase: 1Type: FLOW-LOOKUPSubtype: Result: ALLOWConfig:Additional Information:Found no matching flow, creating a new flowPhase: 2Type: ROUTE-LOOKUPSubtype: inputResult: ALLOWConfig:Additional Information:in   192.168.50.0    255.255.255.0   insidePhase: 3Type: ACCESS-LISTSubtype: logResult: ALLOWConfig:access-group outsideInAcl in interface outsideaccess-list outsideInAcl extended permit ip 192.168.2.0 255.255.255.0 any Additional Information: Forward Flow based lookup yields rule: in  id=0x4529e48, priority=12, domain=permit, deny=false        hits=362922, user_data=0x4529e08, cs_id=0x0, flags=0x0, protocol=0        src ip=192.168.2.0, mask=255.255.255.0, port=0        dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 4      Type: IP-OPTIONSSubtype:      Result: ALLOW Config:       Additional Information: Forward Flow based lookup yields rule: in  id=0x44057f0, priority=0, domain=permit-ip-option, deny=true        hits=2693939, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0        src ip=0.0.0.0, mask=0.0.0.0, port=0        dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 5      Type: NAT-EXEMPTSubtype: rpf-checkResult: ALLOW Config:       Additional Information: Forward Flow based lookup yields rule: in  id=0x44fe9a0, priority=6, domain=nat-exempt-reverse, deny=false        hits=12, user_data=0x44fe800, cs_id=0x0, use_real_addr, flags=0x0, protocol=0        src ip=192.168.2.0, mask=255.255.255.0, port=0        dst ip=192.168.50.0, mask=255.255.255.0, port=0Phase: 6      Type: NAT     Subtype: rpf-checkResult: ALLOW Config:       nat (inside) 10 192.168.50.0 255.255.255.0  match ip inside 192.168.50.0 255.255.255.0 outside any    dynamic translation to pool 10 (external [Interface PAT])    translate_hits = 2250, untranslate_hits = 17Additional Information: Forward Flow based lookup yields rule: out id=0x4b80e80, priority=1, domain=nat-reverse, deny=false hits=32, user_data=0x4b80ce0, cs_id=0x0, flags=0x0, protocol=0 src ip=0.0.0.0, mask=0.0.0.0, port=0 dst ip=192.168.50.0, mask=255.255.255.0, port=0Phase: 7Type: NATSubtype: host-limitsResult: ALLOWConfig:nat (inside) 10 192.168.50.0 255.255.255.0  match ip inside 192.168.50.0 255.255.255.0 outside any    dynamic translation to pool 10 (external [Interface PAT])    translate_hits = 2250, untranslate_hits = 17Additional Information: Reverse Flow based lookup yields rule: in  id=0x4b80fa0, priority=1, domain=host, deny=false hits=2811, user_data=0x4b80ce0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip=192.168.50.0, mask=255.255.255.0, port=0 dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 8Type: IP-OPTIONSSubtype:      Result: ALLOW Config:       Additional Information: Reverse Flow based lookup yields rule: in  id=0x4469ef8, priority=0, domain=permit-ip-option, deny=true        hits=2010804, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0        src ip=0.0.0.0, mask=0.0.0.0, port=0        dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 9      Type: VPN     Subtype: encryptResult: DROP  Config:       Additional Information: Reverse Flow based lookup yields rule: out id=0x4887aa8, priority=70, domain=encrypt, deny=false        hits=10, user_data=0x0, cs_id=0x44b18f8, reverse, flags=0x0, protocol=0        src ip=192.168.50.0, mask=255.255.255.0, port=0        dst ip=192.168.2.0, mask=255.255.255.0, port=0Result:       input-interface: outsideinput-status: upinput-line-status: upoutput-interface: insideoutput-status: upoutput-line-status: upAction: drop  Drop-reason: (acl-drop) Flow is denied by configured rule
    So it seems to find the rule, which it ought to match, but then returns DENY.  What's going on here?  Perhaps this is misleading and the issue is elsewhere, but it isn't clear from the output here.
    For further information, this is output for the WORKING subnet - I have just taken a small part here though:
    Phase: 10     Type: VPN     Subtype: encryptResult: ALLOW Config:       Additional Information: Reverse Flow based lookup yields rule: out id=0x4b86418, priority=70, domain=encrypt, deny=false        hits=332214, user_data=0x7da5c, cs_id=0x44b18f8, reverse, flags=0x0, protocol=0        src ip=192.168.0.0, mask=255.255.255.0, port=0        dst ip=192.168.2.0, mask=255.255.255.0, port=0
    Thanks very much in advance for any help you can provide - I've been really stuck on this one!
    Chris

    Hi,
    Can you issue the packet-tracer with the direction beeing your London office -> Remote office?
    Also issue the command twice.
    Personally I've used packet-tracer with some L2L VPNs to test if the remote end has the configurations correct. Also I've noticed that the first packet-tracer test never goes through. So issue that command twice and show how it goes.
    Though I imagine you have tried to connect through the L2L VPN with real host machines and not just the firewalls packet-tracer?
    Also I imagine the original info has a typo. You say your ASAs LAN gateway IP and the local L3 switches IP address is the same, 192.168.0.254.
    Basically the hardest part regarding L2L VPNs should be the initial setup of the VPN connection. Even though it should be simple people still tend to mess up PSKs or Phase1/2 parameters. But as your L2L VPN is already in working order and you are just adding networks to it, it should be pretty simple.
    When you add network and dont require any special NAT configurations, your NAT0 and Encryption domain access-list should look pretty much the same.
    And looking at your configurations, it should be like this
    access-list outside_2_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
    access-list insideOutboundNonatAcl extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
    Btw what is the network 192.168.7.0/24? It seems to have a VPN rule at the remote site but not at the HO site. Though there is a NAT0 rule for that traffic on the HO site.
    EDIT: I imagine the VPN network rules should be an exact mirror image of eachother. Though it seems this doesnt stop devices from negotiating the VPN up but who knows if some other device type is picky about that one. Only thing in your situation that I see is the network 192.168.7.0/24 that is not included in the other ends configurations.
    EDIT2: Also the reason your test for the already existing rule might be going through without a problem might be because the tunnel is up and working for the networks in question.
    EDIT3: Does your Vigor device also have NAT0 rules configured for the new networks?
    - Jouni

  • Since I've installed Mountain Lion, I am having lock up issues with multiple programs. MS Outlook has crashed and I've lost all my folders. HELP?

    Since I've installed Mountain Lion, I am having lock up issues with multiple programs. MS Outlook has crashed and I've lost all my folders. HELP?

    okay I've finally been able to get tor and all the other programs to work according to my plan the only thing that's still making problems is that iptables doesn't work as I want it to, when I start chromium without proxy settings privoxy doesn't seem to forward the information to polipo.. do I need to add another rule to iptables.rules in order for the program to know it has to reroute the information again or how can I get this to work? and is there any way to run rtorrent with proxy support?
    anyway, problem 2 and 3 are still to be solved.
    and does anybody know where i can get a good dansguardian blacklist that was not designed for 6 year old children and for which I don't need to subscribe? I'm still getting these partypoker popups -.-
    //e: with iptables it's the same thing as described in the first post. https works, http doesnt. I get the output "Invalid header received from client." on http sites. still no idea why though.. (and the https-version of torcheck.xenubite says i'm tor unprotected while starting the browser with iptables)
    Last edited by deF291 (2011-04-23 16:16:31)

  • We run an iMac 3.4 GHz I7 for our church worship service; we haven't upgraded to Mavericks because we heard about issues with multiple screens crashing.  Has this issue been resolved?  Thank you!

    We run an iMac 3.4 GHz I7 in our church worship service; we have front screens and a stage display monitor ; we haven't upgraded to Mavericks because we heard about issues with multiple screens crashing.  Has this issue been resolved?  Now that we are 2 upgrades behind, I'm getting little concerned.  Thank you!

    Oh, well that was a whole other kettle of fish:
    Oh the G4 I attempted to install iLife '08 before Lepoard was available. About the only thing that installed cleanly was iPhoto. I ended up reinstalling everything back to iLife '06, and then upgrading back to the current stable version of the iLife '06 version. I didn't attempt a reinstall until after I upgraded to Leopard.
    When I did reinstall, I made a iLife '06 folder, copied all iLife apps into it, and upgraded. Seemed to work, except for the part where iMovie gets left behind and iDVD is only mostly functional.
    When I installed on the other 2 machines, it was after installing Leopard and all upgrades. On those 2 machines, I didn't bother with the copy, I just moved everything to the iLife '06 folder I created, and did a fresh install.
    I didn't have to do anything with the iPhoto Libraries, that I can recall.
    I always do an upgrade, never an archive and install. I've never had a problem with this back to 10.1 or 10.2.

  • SPEL in Extended VO - Issue with Multiple Rows

    Hi,
    I have extended a seeded VO by adding a new attribute *'Course_Flag'* with attribute type 'Boolean' and Query Column type 'VARCHAR2' and i wa successfully able to personalize and view the data of the new attribute *'Course_Flag'* in the page as ('true' / 'false') aacording to the query where clause.
    Now after adding a new image with SPEL property as *${oa.LearnerCatalogCoursesVO.Course_Flag}* it will have an issue with multiple items.
    I mean the SPEL will take the first row value 'true' / 'false' and will be corrected rendered according to the value of the first row and ignore other rows values.
    Example: if the *'Course_Flag'* value of the first row is 'true' then all the images will be rendered and if the *'Course_Flag'* value of the first row is 'false' then all the images will be NOT rendered.
    Please advise if I've missed any step.
    Thanks in advance to all.
    Regards....Ashraf

    Dear Kali,
    I have added a new function to the seeded VO SQL +('XXARMS_TRG_EVALUATION_PKG.XX_COURSE_GOT_EVAL')+,
    SQL Statment :-
    select av.activity_version_id, avtl.version_name, av.language_id, av.start_date,
    av.end_date, av.version_code, i.category_usage_id, upper(avtl.version_name) AS SORTVERSIONNAME,
    XXARMS_TRG_EVALUATION_PKG.XX_COURSE_GOT_EVAL(i.category_usage_id, av.activity_version_id) Course_Flag from
    ota_act_cat_inclusions i, ota_activity_versions av, ota_activity_versions_tl avtl
    where i.category_usage_id = :1 and i.activity_version_id = av.activity_version_id and
    nvl(av.end_date, sysdate + 1) >= trunc(sysdate) and
    av.business_group_id = ota_general.get_business_group_id and av.activity_version_id = avtl.activity_version_id and
    avtl.language = userenv('LANG') and
    ota_learner_access_util.learner_has_access_to_course(:2,:3,avtl.activity_version_id) = 'Y'
    And it is retriving the correct data for each row and i did not write any code in the RowImpl.
    Thanks for your help in advance.
    Regards...Ashraf

  • Issue with multiple application installation and server share

    Hi,
    SCCM 2007 SP2 R3 ICP2
    All servers W2K8R2
    I am having an issue with software installs.  When using a variable for multiple applciation installs, I get access errors when the applications go to install.  It appears to be a multiple connection issue, but I can't figure out why.
    I am using server shares for my DPs.  The proper permissions are set.  The servers (DP) are W2K8R2.  I think it has to do with the way R2 handles the conenctions.  I want to know if this is a known issue or if anyone has come accross
    it.
    I am going to post in the software distribution forum as well, but thought this would be a config question.

    Hi! I'm waking up this dead thread but I've got a *very* similar problem!
    I've got a SCCM 2007 SP2 R3 installation on Win2008.  All clients are in the same ConfigMgr-site. Multiple package deploy in the same site-boundary as the CM-server works excellent. (We've got  three DPs in the same site-boundary as the
    CM-server itself.)
    Now, we have a new site-boundary with it's own Protected DP where multiple package deploy fails
    but the same packages, being run from the task-sequnce works! So then the client can download, install and run the packages from the proteced DP just fine. All "single" packages install fine before the "Multiple Appliaction"-step.
    I've tripple checked that we're running the same packages when we're installing Multiple Packages as we do in the Task-Sequence. And
    the same Task-sequence with the Multiple Package installation step
    works fine in our site-boundary where the ConfigMgr-server is installed.
    Here's the log from a client trying to access and install one of three packages through the the Install Multiple Packages task-sequence step.
    <![LOG[Policy SMS10000-CEN000BD-25FE0E9B downloaded successfully]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="dsutils.cpp:597"><br/><![LOG[SMS PackageID = CEN000BD]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="dsutils.cpp:247"><br/><![LOG[Source version = 2]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="dsutils.cpp:296"><br/><![LOG[SMS Program Name = RESTORE]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="dsutils.cpp:317"><br/><![LOG[::CompressBuffer(65536,-1)]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmzlib.cpp:695"><br/><![LOG[Compression (zlib) succeeded: original size 26608, compressed size 3254.]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmzlib.cpp:484"><br/><![LOG[Policy for CEN000BD:"RESTORE" successfully stored in environment]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="dsutils.cpp:331"><br/><![LOG[Downloaded policies successfully]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="dsutils.cpp:725"><br/><![LOG[Installing pkg 'CEN000BD', program 'BACKUP']LOG]!><time="16:01:20.921+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="dsinstaller.cpp:290"><br/><![LOG[Resolving content for SMS Package CEN000BD]LOG]!><time="16:01:20.921+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="dsutils.cpp:768"><br/><![LOG[Getting local network information.]LOG]!><time="16:01:20.921+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:1846"><br/><![LOG[GetAdaptersAddressess entry point is supported.]LOG]!><time="16:01:20.921+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmiputil.cpp:118"><br/><![LOG[DhcpGetOriginalSubnetMask entry point is supported.]LOG]!><time="16:01:20.937+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmiputil.cpp:181"><br/><![LOG[Adapter {B3FC51BA-75F3-4C93-98D3-72ECE4B7A6A2} is DHCP enabled. Checking quarantine status.]LOG]!><time="16:01:21.124+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmiputil.cpp:509"><br/><![LOG[Adapter {B3FC51BA-75F3-4C93-98D3-72ECE4B7A6A2} has 1 IPv4 address(es).]LOG]!><time="16:01:21.124+-60" date="12-12-2011" component="InstallSoftware" context="" type="2" thread="3040" file="ccmiputil.cpp:540"><br/><![LOG[Executing content location request for CEN000BD:2 as GUID:87F78866-5FCB-43FE-A2F7-07DA7F6863DF]LOG]!><time="16:01:21.124+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:1852"><br/><![LOG[Initializing CLibSMSMessageHeader with authenticator]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:1103"><br/><![LOG[Sending RequestContentLocations]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:3367"><br/><![LOG[Messaging Auth Using V4 Mode]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="libsmsmessaging.cpp:1400"><br/><![LOG[Formatted header:]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:1500"><br/><![LOG[<Msg SchemaVersion="1.1" ReplyCompression="zlib"><ID/><SourceID>GUID:87F78866-5FCB-43FE-A2F7-07DA7F6863DF</SourceID><SourceHost/><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:OSD</ReplyTo><Priority>3</Priority><Timeout>3600</Timeout><SentTime>2011-12-12T15:01:21Z</SentTime><Protocol>http</Protocol><Body Type="ByteRange" Offset="0" Length="618"/><Hooks><Hook2 Name="clientauth"><Property Name="Token"><![CDATA[CCMClientID: BBA60FFE-10D3-42AA-88BF-CBAC68CA4BB4<br/>CCMClientIDSignature: 3F5C9150307B32713AB75C2BD3431AFCB0816854881F6450868D120ABA7FC4424EF3407E6BD2531E32EBF4A89D92440D3BD9E68078A8BB5B899905A765C4AC28B1D837A0D58EB02C55048B1BA97BF0319B02276D87846F4748C2FBAA887C8921989CB07E15BD6685BFC84792B1C9E91EE140DA03BA01FBBF7F6EF824F5FFAF15<br/>CCMClientTimestamp: 2011-12-12T22:02:17Z<br/>CCMClientTimestampSignature: 4E28E6E6EEF71EB4A6FDE54155100F67610556C0E5F81DF82B6AB03608C1745485D65AB09F195D384903AB60DD9993118FCECCC3C9E85F5A9C0CB6E949A5F8DF305B7A5E64E0D98973AF12E034E468B6E7CC03FE23DC3DEB686CBA63FADD895F61D7034504C018F6F20561F40B47BC20509423C2385032A3AA6866F266409F1E]]></Property></Hook2></Hooks><Payload Type="inline"/><TargetHost/><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><CorrelationID/></Msg><br/>]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:1501"><br/><![LOG[CLibSMSMessageWinHttpTransport::Send: URL: STOSCCM02.INTERNT.SVT.SE:443  CCM_POST /ccm_system_AltAuth/request]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:7446"><br/><![LOG[In SSL, but with no client cert]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:7596"><br/><![LOG[In SSL, but with no media cert]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:7602"><br/><![LOG[The request has succeeded. 200 OK]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="libsmsmessaging.cpp:7734"><br/><![LOG[Decompressing reply body.]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:2395"><br/><![LOG[::DecompressBuffer(65536)]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmzlib.cpp:735"><br/><![LOG[Filtering Content Locations.]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:1883"><![LOG[Decompression (zlib) succeeded: original size 522, uncompressed size 2128.]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmzlib.cpp:646"><![LOG[ Adding \\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD\ to Local DP list.]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="resolvesource.cpp:1938">
    <br/><br/><![LOG[Found 0 DPs in subnet, 1 DPs in local site, 0 DPs in remote location and 0 Multicast DPs]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="resolvesource.cpp:1974">
    <![LOG[Shuffling HTTP local DP list.]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:2012">
    <![LOG[Shuffling Local DP list.]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:2087">
    <![LOG[Attempting to connect to \\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD\]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="resolvesource.cpp:2151">
    <![LOG[Deleting any existing network connections to "\\vaxcmdp01.domain.com\*".]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:407">
    <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
    <![LOG[Retrying download...]LOG]!><time="16:01:34.974+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
    <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:01:37.985+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
    <![LOG[Retrying download...]LOG]!><time="16:01:42.711+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
    <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:01:45.721+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
    <![LOG[Retrying download...]LOG]!><time="16:01:50.400+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
    <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:01:53.411+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
    <![LOG[Retrying download...]LOG]!><time="16:01:58.090+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
    <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:01.100+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
    <![LOG[Retrying download...]LOG]!><time="16:02:05.780+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
    <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:08.790+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
    <![LOG[Retrying download...]LOG]!><time="16:02:13.469+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
    <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:16.480+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
    <![LOG[Retrying download...]LOG]!><time="16:02:21.174+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
    <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:24.185+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
    <![LOG[Retrying download...]LOG]!><time="16:02:28.911+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
    <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:31.921+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
    <![LOG[Retrying download...]LOG]!><time="16:02:36.600+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
    <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:39.611+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
    <![LOG[Retrying download...]LOG]!><time="16:02:44.290+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
    <![LOG[dwErr, HRESULT=800704c3 (e:\nts_sms_fre\sms\framework\tscore\tsconnection.cpp,517)]LOG]!><time="16:02:47.300+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:517">
    <![LOG[Failed to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD" (1219)]LOG]!><time="16:02:47.300+-60" date="12-12-2011" component="InstallSoftware" context="" type="3" thread="3040" file="tsconnection.cpp:517">
    <![LOG[!slistSMBPaths.empty(), HRESULT=80040103 (e:\nts_sms_fre\sms\framework\tscore\resolvesource.cpp,2163)]LOG]!><time="16:02:47.300+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:2163">
    <![LOG[TS::Utility::GetContentLocations( pszPackageId, L"", lSourceVersion, m_sSiteCode, m_sManagementPoint, &m_oHttpTransport, sClientID, TRUE, sNetworkAccessAccount, sNetworkAccessPassword, TRUE, TRUE, slistSMBPaths, slistHttpPaths ), HRESULT=80040103 (e:\nts_sms_fre\sms\client\osdeployment\installsoftware\dsutils.cpp,843)]LOG]!><time="16:02:47.300+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="dsutils.cpp:843">
    <![LOG[Content location request for CEN000BD:2 failed, hr=0x80040103]LOG]!><time="16:02:47.300+-60" date="12-12-2011" component="InstallSoftware" context="" type="3" thread="3040" file="dsutils.cpp:843">
    While installing a single package from the same DP (VAXCMDP01) looks like this:
    ![LOG[PackageID = 'CEN000D1']LOG]!><time="15:29:13.401+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="main.cpp:332">
    <![LOG[BaseVar = '', ContinueOnError='']LOG]!><time="15:29:13.401+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="main.cpp:333">
    <![LOG[SwdAction = '0002']LOG]!><time="15:29:13.401+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="main.cpp:334">
    <![LOG[GetExecRequestMgrInterface successful]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="installsoftware.cpp:218">
    <![LOG[Retrieving value from TSEnv for '_SMSTSPolicyCEN000D1_Install']LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="installsoftware.cpp:85">
    <![LOG[::DecompressBuffer(65536)]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="ccmzlib.cpp:735">
    <![LOG[Decompression (zlib) succeeded: original size 2844, uncompressed size 22640.]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="ccmzlib.cpp:646">
    <![LOG[ADV_AdvertisementID=CEN20022]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="installsoftware.cpp:1119">
    <![LOG[PKG_PSF_ContainsSourceFiles=TRUE]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="installsoftware.cpp:1138">
    <![LOG[::DecompressBuffer(65536)]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="ccmzlib.cpp:735">
    <![LOG[Decompression (zlib) succeeded: original size 12, uncompressed size 4.]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="ccmzlib.cpp:646">
    <![LOG[SoftDist paused cookie = 16271]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="installsoftware.cpp:181">
    <![LOG[Found the location for the package _SMSTSCEN000D1. The location is on \\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1\]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="resolvesource.cpp:3146">
    <![LOG[nPos != CCM::Utility::String::npos, HRESULT=80004005 (e:\nts_sms_fre\sms\framework\tscore\resolvesource.cpp,253)]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="resolvesource.cpp:253">
    <![LOG[Creating a connection to \\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1\ with default account]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="resolvesource.cpp:2243">
    <![LOG[Connection request for "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1"]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="tsconnection.cpp:208">
    <![LOG[No credentials available for connecting to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1". See whether the share has already been connected.]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="tsconnection.cpp:233">
    <![LOG[Connecting to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1"]LOG]!><time="15:29:13.510+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="tsconnection.cpp:268">
    <![LOG[Successfully connected to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1"]LOG]!><time="15:29:13.588+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="tsconnection.cpp:287">
    <![LOG[SMS PkgID 'CEN000D1' resolved to location '\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1\']LOG]!><time="15:29:13.635+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="installsoftware.cpp:145">
     Notice that it never checks for DPs in the same way as the multiple package install:
    <![LOG[Found 0 DPs in subnet, 1 DPs in local site, 0 DPs in remote location and 0 Multicast DPs]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="resolvesource.cpp:1974">
    I know that the TS checks package dependencies before executing the TS. That's not possible with Multiple packages since they are variable dependant. I think this is somehow related although it doesn't explain why my client can't authenticate properly.
    The Network Access Account is a member of Domain Users and Domain Users have Read Access on the share and on the folder of the VAXCMDP01 DP - which should be identically configured to our other DPs closest to our ConfigMgr Server.
    Any ideas?
    Kind regards,
    Mathias

  • I have issue about multiple subnet on RV series

    now i connect RV with 300 series switch with 20 vlan. How i config RV series for NAT all vlan access to the internet ? because i use multiple subnet i can add only 5 vlan for access to the net it's not enough Please advice Thank you for kindly support.

    Siriphan,
    SG300 switch doesn’t do NAT or DHCP so you would have to have DHCP server on one subnet to issue IP address to multiple devices across Vlans.
    RV042 only support DHCP on Vlan 1
    You have to use the RV042 to NAT the traffic from SG300 switch. .
    So if you want to set the SG300 in layer 3 mode, while having DHCP Server giving out IP address across your network, while the RV042 NAT’s all your traffic. This can be accomplished
    RV042
    Local subnet 192.168.5.1
    Static routes for other subnets,
    192.168.10.0/24 192.168.5.254
    192.168.20.0/24 192.168.5.254
    10.10.10.0/24 192.168.5.254
    10.10.5.0/24 192.168.5.254
    SG300 (layer 3 mode)
    Vlan 1 192.168.5.254
    Vlan 2 192.168.10.1
    Vlan 3 192.168.20.1
    Vlan 4 10.10.10.1
    Vlan 5 10.10.5.1
    (You would need a DHCP server on a subnet, having turned on DHCP relay on SG300 switch)
    You would have a default route 0.0.0.0 0.0.0.0 192.168.5.1
    •n  Example –
    Thanks,
    Jasbryan
    Cisco Support Engineer
    .:|:.:|:.

  • ARP issue with Cisco 5505

    Hi there,
    We have an issue with our current ASA 5505 set up and I hope someone can help.  Here is the setup
    ISP Handoff -> L2 Switch -> VLAN 1 of ASA
                                          -> VLAN 2 of ASA
    The ISP handoff is a single ethernet cable but the ISP router is acting as the gateway for 2x seperate public address spaces.  ISP cable plugs into a L2 switch.  The two VLANS of the ASA are then plugged into the same switch, one VLAN configured for public space 1 and the other for public space 2, now the issue is when the firewall ARPs for the gateways VLAN2's gateway shows up on VLAN 1 and VLAN 2 which obviously causes issues.

    From your description of the symptoms I would guess that the layer 2 switch has both ASA ports in the same VLAN (which leads me to wonder if the layer 2 switch is doing any VLANs or are all ports in the native VLAN?). Can you provide details of how the layer 2 switch is configured?
    It also would help to know how the ISP is set up. You tell us that it is an Ethernet handoff. But you do not tell us whether the ISP  is handling that as a trunk with multiple VLANs or whether the ISP is treating it as an access port with a single VLAN. Can you clarify this?
    Knowing how the ISP is set up and how the layer 2 switch is configured will be critical in finding a solution that works for your ASA.
    HTH
    Rick

  • Issues with multiple things since Mavericks update

    I installed the Mavericks update and since, I have been having multiple problems with different things on my MacBook Pro 13"
    1. Printer issues: I have an HP officejet 6500 wireless printer (Officejet 6500 E709n Series), and now it's having major issues with printing, yet was working perfect prior to update. It will either cut out pages when printing PDF documents, or printing so slow that it has to take a break in between printing each document (an issue that all never occurred until update), to print documents back to back, it will stop after one document as though I have no other documents in queue to print, and pauses for an extremely long time (nearly a full minute, no exaggeration here, literally almost a full 60 seconds), something it's never done before this update. My Apps update even did an update to the HP software that is inside the Mac already to use printing (in other words, the mac doesn't need to have the HP software manually installed for it to work, it automatically sees the printer because it is connected to my wireless network just as my Macbook Pro which is also connected wirelessly to my network).
    2. Internet issues: am now unable to click on certain links in safari that I was able to use prior to the update, yet they will open fine inside of firefox with no issues, yet I cannot always switch between two different browsers to perform task online (literally have to start all over inside firefox while in the middle of something in safari). Also lots of websites no longer work correctly and I have to constantly clear history and cookies to attempt to use certain sites, at times it will help, other times it wont work period, yet the same exact site will work perfect in firefox (which I do not use, only on my system for use on certain sites for school because in safari prior to the update, I would have issues with only the class site and some links not working at all, no spinning wheel, no errors, just nothing, no response of any kind, basically worse than what it was before the update). Another issue, hit Ctrl+a to select inside Safari and it highlights, but then when you click out of the highlight, it comes back on it's own several times without you hitting anything, just click inside the screen on a blank space (no links, etc) with touchpad.
    3. System issues:  My system is way slower than what it was prior to the update, click on things and it wont respond at all, then minutes later will eventually respond or pops up the spinning color wheel, which it either never responds or takes an extremely long time to respond. And no matter how much I restart, it doesn't help anything. Even just to sit doing nothing, no clicking or usage on the system, and the color wheel pops up.
    4. Mail issues: Mail is now popping up completely blank messages that I have sent out, the person receives it with no issues, yet I cannot look at the message I sent neither in the inbox or the sent items when I need to look at them again, an issue not present prior to update. Also I an now having issues when receiving mail, sometimes it will check for mail and sometimes I have to manually click to make it check the server for mail, an issue not present prior to update as well.
    As of now, since I have had the chance to used the system since the update, these are the issues I have had, yet haven't had the chance to check other things, so there may be other issues that are occurring that I'm not aware of at the moment. I knew it would be a mistake to do this "free" update and did so anyway and now having one issue after the next with each application I open to use.
    Mac general info:
    Mac is one year old, purchased brand new, no shareware programs of any kind installed.
    Use for school and basic web surfing use.
    Do not install any programs onto system that I'm unsure are safe (basically programs for/from school/school websites only, or from the Mac Apps store only), not even programs like Skype, nor any windows based programs of any kind.
    Lots of free memory avail because I save everything onto external hard drives (purchased brand new as well, only 4months old) in case system crash occurs, only things on the system is Itunes music or pics from photo stream that sync to the system when Iphone connected.
    Mac system info:
    - Processor  2.5 GHz Intel Core i5
    - Memory  4 GB 1600 MHz DDR3
    - Graphics  Intel HD Graphics 4000 1024 MB
    - Software  OS X 10.9
    - Number of Processors:          1
    - Total Number of Cores:          2
    - L2 Cache (per Core):          256 KB
    - L3 Cache:          3 MB

    For those needing help fixing their system and putting it back to Lion or Mountain Lion, this is what I have done to eliminate all my issues in about an hour (depending on your internet connection).
    Amazing thing, I just restored my computer back to Mountain Lion, and she's working perfect again, as I knew she would. E-mail popping into mailbox instantly as it should and did before the update, printer working fast as it was before update, no more freezing or glitches of any kind thankfully and finally. Here is the link that is through the Apple site to direct you on how to put your system back and get rid of Maverick's, that is assuming that is what you would like to do and also includes link for those wanting to try fixing the issue if that is your preference (most of this info is for those with mountain lion and some with the previousverisoin of OS X lion).
    If you want to keep Maverick's here is a good post on the apple discussion board to help you out:
    https://discussions.apple.com/docs/DOC-6161
    If you just want to totally get rid of it and put back what you had before, this is the short version of how to do so:
    https://discussions.apple.com/docs/DOC-3353
    NOTE: This particular link has a lot of info on what to do for different situations, it is a bit lengthy, yet still very helpful.
    OS X Mountain Lion: Reinstall OS X (direct from Apple support site, not someone else):
    http://support.apple.com/kb/PH10763?viewlocale=en_US
    OS X: About OS X Recovery (also from apple support directly and includes some instructions just the same as previous links above):
    http://support.apple.com/kb/HT4718
    Just in case you aren't sure what it will all look like as you are doing things, this is a link to show you a few pics of what you will see  as you as you are going through the process, it can be helpful for those who aren't sure what they are doing or how to do things at all:
    http://www.apple.com/osx/recovery/
    This is a way to download the Mountain Lion disk info from the server
    http://support.apple.com/kb/DL1433
    I hope this helps someone, it was amazing for me and my system is working perfect again like it was, battery life is way better went from like 3 hours to like 5 (not on full charge by the way, after it sat for a while doing the online update which took a while so that's saying something alone, huge improvement). I plan to wait a while before attempting to reinstall Maverick's, long enough for them to fix the bugs.

  • Firefox issues with multiple users on a single computer.

    I have an issue with Firefox and multiple users on my computer. There are two users setup and I'm running Win7 Ultimate x64. When the other user logs in, my settings in Firefox get screwed up somehow. Even if that user does not open Firefox.
    Examples of problems this causes:
    Gmail - Cannot load the standard interface, however it will load the HTML only interface.
    Facebook - Cannot post anything.
    vBulletin Forums - Some forums will no longer normally load - a text-only version loads as if I was browsing from a mobile device.
    There may be other issues, but these are the main ones. If I clear my cookies, cache and browsing and download history, then restart Firefox, everything works again.
    This seems to happen most often when the other user logs in, and uses Firefox to log on to their Gmail account.
    How can I fix this?

    Create a new profile as a test to check if your current profile is causing the problems.<br />
    See [[Basic Troubleshooting#Make_a_new_profile|Basic Troubleshooting&#58; Make a new profile]]
    There may be extensions and plugins installed by default in a new profile, so check that in "Tools > Add-ons > Extensions & Plugins"
    If that new profile works then you can transfer some files from the old profile to that new profile (be careful not to copy corrupted files)
    See http://kb.mozillazine.org/Transferring_data_to_a_new_profile_-_Firefox

  • Playback Issues with multiple framerates and Blackmagic Decklink 4K Extreme

    I recently swapped by AJA Kona Card for a Blackmagic Decklink 4K Extreme in order to get external monitoring in DaVinci Resolve.
    I'm working in a 1080p 23.976 project that includes some 29.97 SD and HD footage. When loading this 29.97fps footage into my source footage, I periodically encounter frozen playback (The play triangle in my toolbar becomes a square symbol and remains that way). From there I am unable to playback any footage in any timeline, and requires a full system shutdown to return to normal! The problem is seemingly intermitent, with successful playback happening sometimes.
    The 29.97 footage was DVCPRO, I attempted to transcode to Prores to troubleshoot. No dice. I believe it to be an issue related to the Decklink's inability to handle multiple framerates on-the-fly but wanted to submit here, too. I've also experienced intermittent sync delays on my broadcast monitor.
    Decklink Driver 10.0
    Premiere CC 7.2.1
    Mac OSX 10.9.2 (same problem pre-mavericks)

    Hi Andy,
    You should not have any issues with Blackmagic handling multiple formats on the fly. However, I believe the frozen playback issues your describing is related to the Desktop Video 10 driver. I suggest rolling back to 9.3.3 for the time being. Blackmagic is looking into this issue now.
    Best,
    Peter Garaway
    Adobe
    Premiere Pro

  • Issue with multiple digital signatues in form

    Hello all-
    I'm having an issue with a form that has multiple digital signatures.  The form additionally has a listbox in which the user can select recipients to email the form to. My objective is to be able to send a form to various users by email to sign digitally. After extending the features for Reader, I inserted a standard Livecycle digital signature by clicking on one of the digital signature fields. However, after inserting the digital signature, I can't perform any other actions (email the form by selecting recipients from the listbox, clicking a different digital signature field for signature insertion, etc.) It is as if the digital signature instertion made an uneditable snapshot of the form, which I do not want to do.  What can I do to rectify this process?
    Will upload the form if necessary.
    Thank you and happy holidays.
    masber2000

    Mr. Kumar,
    The desired workflow is for
    1)      Firefighter 1 to complete the top portion of the Agreement
    section, sign in the Firefighter 1 signature field (which locks the top
    portion of the Agreement Section), then select Firefighter 2 from the
    e-mail drop down list and e-mail the PDF form to Firefighter 2;
    2)      Firefighter 2 opens the e-mail and the PDF attachment,
    completes the second portion of the Agreement Section, sign in the
    Firefighter 2 signature field (which locks the bottom portion of the
    Agreement Section), select Lieutenant 1 from the e-mail drop down list
    and e-mail the PDF form to Lieutenant 1;
    3)      Lieutenant 1 opens the e-mail and the PDF attachment, checks
    the approved box, signs the Lieutenant 1 signature field, select
    Lieutenant 2 from the e-mail drop down list and e-mail the PDF form to
    Lieutenant 2;
    4)      Step three continues through Lieutenant 2, Battalion Chief 1
    and Battalion Chief 2
    5)      Battalion Chief 2 sends the fully completed form back to
    Firefighter 1 who copies the completed form to Firefighter 2
    Note: if any of the officers disapprove the agreement the disapproved
    form is immediately sent back to Firefighter 1
    Jim Frazier, Deputy Chief
    Villages Public Safety Department
    3035 Morse Boulevard
    The Villages, FL 32163
    352-205-8280
    Honor in Service

  • Form Size issue with multiple Digital Signatures

    I have created a form (liveCycle 8) with multiple digital signatures required.  When each user signs the form, that section of the form is locked using collections.  The form is workflow through email after each user signs it.  Each time the user signs and forwards the form, the form's size becomes too large.
    How can the form be optimized to compress each time an users signs the form?
    Thank you,
    Lori

    Steve,
       After your request to post the form, I wanted to removal some company items like the Logo.  Once I removed the Logo, I found the biggest issue was a Logo image size that was making the file so large.  Once I reduced the image size, the signatures only added 46kb at each signature level.
    Thank you for your help,
    Lori

  • Script issue with multiple lines printing

    Dear All,
    I'm trying to print multiple lines of my internal table in a script.
    But only the last line is being printed all the time in all the lines.
    Attached is my code.
        CLEAR GS_REGUP.
        LOOP AT GT_REGUP INTO GS_REGUP.
    * Start the Form
          CALL FUNCTION 'START_FORM'
            EXPORTING
              ARCHIVE_INDEX = TOA_DARA
              FORM          =  'ZFORM'                                    "T042E-ZFORN
              LANGUAGE      = SY-LANGU                          "T001-SPRAS
              STARTPAGE     = 'FIRST'
              PROGRAM       = 'ZPROG'.
    * Net Amount
          CLEAR GV_NETWR.
          GV_NETWR = ( GS_REGUP-WRBTR - GS_REGUP-PSSKT ).
    * Print the Content
          CALL FUNCTION 'WRITE_FORM'
            EXPORTING
              ELEMENT  = '525'      "Header
              FUNCTION = 'APPEND'
              TYPE     = 'BODY'
              WINDOW   = 'MAIN'.
    * End the Form
          CALL FUNCTION 'END_FORM'
            IMPORTING
              RESULT = ITCPP.
          IF ITCPP-TDPAGES EQ 0.       "Print via RDI
            ITCPP-TDPAGES = 1.
          ENDIF.
        ENDLOOP.
    Please let me know the flaw in it.
    Regards,
    Deepu.K

    Dear All,
    As i Mentioned in my earlier post, the same coding working fine in Quality server --> Printing multiple lines in script output.
    But now, I have the same reqt. in another window.
    So, I did the same coding.
    But, this time it's printing the last line of the internal table in all the lines.
    This is happening in Quality Server only.
    The only difference between the previous internal table and this int. table is:
    1. The first int. table content is printing in MAIN Window. ---> working fine
    2. The second int. table content is printing in VARIABLE window. ---> NOT WORKING.
    Can any one tell me what's the issue with this ?
    Regards,
    Deepu.K

  • GRE Tunnel/NAT with multiple subnets and interfaces

    So, I am not sure if we are trying to accomplish too many things at once and what we are attempting to do is not possible or if we are missing something in our configurations...
    Here is the situation...
    We are migrating some equipment between datacenters.  The equipment only a has a /27 worth of IP space assigned to it so we cannot simply "move" the IP space to the new datacenter.  Further because we have several VPNs terminated in the old IP space that originate from devices we do not directly control and are essential in continuing to provide service, it was/is difficult to magically update some DNS entries and change IP addresses overnight.  The last twist in this puzzle is that at the new datacenter, we will deploying some new equipment that will be in a separate subnet (with a separate Windows AD structure) but sharing the new public IP space we have in the new datacenter.
    We thought using a GRE tunnel, some trunks, and a bunch of NATs would make the whole process easy and we tested ti in a lab and everything SEEMED to work.  However, when we performed the move we ran into an odd issue that we were unable to figure out and had to go back to a failsafe configuration that has the essentials up and running, but the environment is not running in an ideal way for us to gradually transition as we would like.
    Essentially what we had/have and how it was configured is as follows:
    Site A
    Edge Router - x.x.x.x /24 BGP announcement
    x.x.x.y/27 that is within the /24 that we need at site b
    GRE tunnel configuration
    interface tunnel0
      ip address 10.x.x.1 255.255.255.252
      tunnel source <router edge IP>
      tunnel destination <site b router edge ip>
      keepalive 10 3
    static route for site a public ip to bring it to site b via GRE tunnel
    ip route x.x.x.y 255.255.255.224 10.x.x.2
    Site B
    Edge Router - y.y.y.y /24 BGP announcement
    Similar GRE tunnel configuration (tunnel comes out and works so don't think issue is here)
    2 Vlans (1 for site a ip space, 1 for site b ip space)
    int vlan 50
    ip address x.x.x.1 /27
    int vlan 51
    ip address y.y.y.129 /25
    Trunk port for the VLANs going down to an ASA
    int g1/1
      swi mode trunk
      swi trunk native vlan 51
      swi tru all vlan 50,51
      swi tru en dot1q
    Then on the ASA, I have 2 physical interfaces for 4 logical interfaces (outside, outsideold, inside, insideold)
    int e0/0
     nameif outside
     sec 0
     ip address y.y.y.130 /25
    int e0/0.50
     nameif outsideold
     sec 0
     ip address x.x.x.2 /27
     vlan 51
    int e0/1
      nameif inside
      sec 100
      ip address 192.168.y.1 /24
    int e0/1.60
      nameif insideold
      sec 100
      ip address 192.168.x.1 /24
      vlan 60
    A static route using the new ip space on the native outside interface...
    route 0 0 y.y.y.129
    And then I have some nat rules which is where I think things go a little haywire...
    object network obj-y.y.y.0-24
      subnet y.y.y.0 255.255.255.0
     nat (inside,outside) dynamic interface
    object network obj-x.x.x.0-24
      subnet x.x.x.0 255.255.255.0
     nat (insideold,outside) dynamic interface
    object network obj-y.y.y.135-160
      range y.y.y.135 y.y.y.160
    object network obj-192.168.y.135-160
      range 192.168.y.135 192.168.y.160
      nat (inside,outside) static obj-y.y.y.135-160
    object network obj-x.x.x.10-20
      range x.x.x.10 x.x.x.20
    object network obj-192.168.x.10-20
      range 192.168.x.10 192.168.x.20
      nat (insideold,outsideold) static obj-x.x.x.10-20
    From some debugging and looking at packet-tracer, I found out I left out the below which was needed to properly nat traffic as it leaves the outside interface (when the default sends the traffic)
    object network obj-192.168.x.10-20-2
      range 192.168.x.10 192.168.x.20
      nat (insideold,outside) static obj-x.x.x.10-20
    There are / were a bunch of other nat exemptions for the VPNs and specific external routes to ensure all vpn traffic exited the "outsideold" interface which is where all the existing tunnels were terminated.
    Everything appeared to be working great as all the VPN tunnels came up perfectly as expected and traffic appeared to be flowing, except for some of the most important traffic.  The following was what was observed:
    1.  Any traffic using the dynamic NAT (ie...a machine with IP x.x.x.200 or y.y.y.20) would connect to the internet perfectly and work fine using the "new interface ip".
    2.  Any traffic in the "new range" using a one to one nat worked perfectly (ie y.y.y.140).  Internet would work etc and nat translation would properly occur and everything could connect fine as expected.
    3.  ICMP packets to "old ip range" flowed perfectly fine to one to one nat IP (ie I could ping x.x.x.20 from outside) and likelise I could ping anywhere on the internet from a machine with a static natted ip.
    4.  Heres the butt...no traffic other than ICMP would reach these machines with static ips.  Same range, same subnet as ones using the dynamic port translation that worked perfectly.  Do not understand why this was / is the case and this is what I am seeking a solution to.  I have attempted the following troubleshooting steps without success:
    A. Confirmed MTU size was not an issue with the GRE tunnel.  2 methods, one plugging to edge router and using the "outsideold" ip space works perfectly and 2 if I assign outsideold ip space to "outside" interface, everything nats fine.
    B. Ran packet-tracer, all results show "allow" as if I should be seeing the packets.
    C. Confirmed local windows machine firewall was off and not blocking anything.
    D. Reviewed logs and observed SYN timeouts and TCP teardowns as if the firewall is not getting a response and this is where I am stumped.  There is no path around the firewall so asymmetric routing should not be an issue and if that was the problem it should not work when the "outsideold" ip space is assigned and natted from the "outside" interface, but it does.  Packet-tracer shows proper nat translations occurring and there is definitely proper routing along the path for stuff to return to the network or ICMP would not work (IE I can ping www.google.com but not open the web page).
    So what simple piece of the nat configuration am I overlooking because I cannot possible wrap my head around it being anything else.
    Any suggestions / lessons would be greatly appreciated.

    is this still a problem?

Maybe you are looking for