ASA multiple mode upgrade from 8.2.5 to 8.4.5 to 9.0.3
I'm doing ASA code upgrade with contexts from 8.2.5 to 8.4.5 to 9.0.3 and I'm concerned about the NAT syntax with the new code. Should this automatically changed to the new syntax on all contexts or I have to do it manually. Anyone there with that experience, please advise. Thanks.
Please reply to [email protected]
Thanks.
Hello,
I am actually working on a project right now really similar to yours.
When are you planning to perform the Upgrade???
As per Cisco documentation the Upgrade should be done from the system context!
Migration will happen automatically:
I created a post about it
http://www.laguiadelnetworking.com/asa-8-3-upgrade-new-features-known-issues-best-practicesetc/
Enjoy
Rate all of the helpful posts!!!
Regards,
Jcarvaja
Follow me on http://laguiadelnetworking.com
Similar Messages
-
ASA 5585 IOS upgradation from 8.2(5) to 9.0(2)
Hi,
I am getting below warning messages when i am doing IOS upgradation of ASA5585.The current version of IOS is 8.2(5) and the converted version is 9.0(2). I would like to know whether i can ignore the warnings and move on with new version or need to do any manual changes in configuration.
This is my internet firewall which has DMZ as well.
WARNING: MIGRATION: ACE converted to real IP/port values based on
dynamic/static Policy NAT. The new ACE(s) need to be checked for enforcing policy NAT ACL
Thanks
SoumyaHi ,
Sorry, I forgot to mention that we have upgraded from 8.2->8.4.6>9.02.
We have multiple warning messages like below. A huge number of inbound access rules have been created in new version and we are worried whether this will creat a security loop.
WARNING: MIGRATION: ACE converted to real IP/port values based on
dynamic/static Policy NAT. The new ACE(s) need to be checked for enforcing policy NAT ACL
216.163.252.25
8.2(5)
access-list outside extended permit udp host 216.163.252.25 host 203.99.194.163
access-list outside extended permit esp host 216.163.252.25 host 203.99.194.163
access-list Metlife-VPN extended permit ip 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.237.164.0 255.255.254.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.237.241.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.230.107.128 255.255.255.224 host 216.163.252.25
access-list inside1 extended permit udp 10.237.164.0 255.255.254.0 host 216.163.252.25
access-list inside1 extended permit ip 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list inside1 extended permit ip 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit esp 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit ip 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit esp 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit ip host 10.239.23.177 host 216.163.252.25
access-list outside extended permit ip any host 203.99.194.163
9.0(2)
object network obj-216.163.252.25
host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.237.164.0 255.255.254.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit esp 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.237.241.0 255.255.255.0 host 216.163.252.25
access-list Metlife-VPN extended permit ip 10.230.107.128 255.255.255.224 host 216.163.252.25
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.56
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.72
access-list outside extended permit udp host 216.163.252.25 10.239.24.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.15
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.94
access-list outside extended permit udp host 216.163.252.25 host 10.239.24.138
access-list outside extended permit udp host 216.163.252.25 10.239.23.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.101
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.208
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.20
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.78
access-list outside extended permit udp host 216.163.252.25 10.239.48.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.73
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.204
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.178
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.187
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.28
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.144
access-list outside extended permit udp host 216.163.252.25 host 10.239.48.105
access-list outside extended permit udp host 216.163.252.25 10.237.23.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.237.23.179
access-list outside extended permit udp host 216.163.252.25 10.237.164.0 255.255.254.0
access-list outside extended permit udp host 216.163.252.25 10.239.50.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.46
access-list outside extended permit udp host 216.163.252.25 host 10.237.165.120
access-list outside extended permit udp host 216.163.252.25 10.239.50.0 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.11
access-list outside extended permit udp host 216.163.252.25 host 10.239.48.142
access-list outside extended permit udp host 216.163.252.25 host 10.239.48.12
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.45
access-list outside extended permit udp host 216.163.252.25 host 10.237.173.12
access-list outside extended permit udp host 216.163.252.25 host 10.237.164.72
access-list outside extended permit udp host 216.163.252.25 host 10.237.173.13
access-list outside extended permit udp host 216.163.252.25 host 10.239.20.145
access-list outside extended permit udp host 216.163.252.25 host 10.239.41.23
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.128
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.146
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.137
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.144
access-list outside extended permit udp host 216.163.252.25 10.230.144.64 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.229.32.0 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.242.50.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.153
access-list outside extended permit udp host 216.163.252.25 host 10.242.50.68
access-list outside extended permit udp host 216.163.252.25 host 10.232.8.176
access-list outside extended permit udp host 216.163.252.25 10.242.0.128 255.255.255.128
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.198
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.199
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.201
access-list outside extended permit udp host 216.163.252.25 10.230.107.192 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.202
access-list outside extended permit udp host 216.163.252.25 10.237.226.0 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 10.242.146.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.197
access-list outside extended permit udp host 216.163.252.25 host 10.229.59.109
access-list outside extended permit udp host 216.163.252.25 10.242.97.128 255.255.255.128
access-list outside extended permit udp host 216.163.252.25 10.242.36.64 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.237.241.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 host 10.237.241.14
access-list outside extended permit udp host 216.163.252.25 host 10.237.241.68
access-list outside extended permit udp host 216.163.252.25 host 10.237.241.94
access-list outside extended permit udp host 216.163.252.25 host 10.237.173.15
access-list outside extended permit udp host 216.163.252.25 10.242.212.0 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.242.51.128 255.255.255.128
access-list outside extended permit udp host 216.163.252.25 10.242.210.192 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 host 10.242.146.18
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.168
access-list outside extended permit udp host 216.163.252.25 host 10.239.48.31
access-list outside extended permit udp host 216.163.252.25 host 10.242.195.204
access-list outside extended permit udp host 216.163.252.25 10.242.195.192 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.230.241.0 255.255.255.0
access-list outside extended permit udp host 216.163.252.25 10.230.103.128 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 host 10.230.107.144
access-list outside extended permit udp host 216.163.252.25 10.230.107.128 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 10.211.202.224 255.255.255.240
access-list outside extended permit udp host 216.163.252.25 host 10.211.211.221
access-list outside extended permit udp host 216.163.252.25 host 10.229.34.43
access-list outside extended permit udp host 216.163.252.25 host 10.229.34.49
access-list outside extended permit udp host 216.163.252.25 host 10.232.38.160
access-list outside extended permit udp host 216.163.252.25 host 10.232.130.93
access-list outside extended permit udp host 216.163.252.25 host 10.233.38.151
access-list outside extended permit udp host 216.163.252.25 host 10.236.147.50
access-list outside extended permit udp host 216.163.252.25 host 10.236.147.71
access-list outside extended permit udp host 216.163.252.25 host 10.236.147.83
access-list outside extended permit udp host 216.163.252.25 host 10.236.180.4
access-list outside extended permit udp host 216.163.252.25 host 10.237.9.83
access-list outside extended permit udp host 216.163.252.25 host 10.237.9.93
access-list outside extended permit udp host 216.163.252.25 host 10.237.77.39
access-list outside extended permit udp host 216.163.252.25 host 10.237.77.74
access-list outside extended permit udp host 216.163.252.25 host 10.237.77.76
access-list outside extended permit udp host 216.163.252.25 host 10.237.173.8
access-list outside extended permit udp host 216.163.252.25 host 10.237.241.24
access-list outside extended permit udp host 216.163.252.25 host 10.237.241.183
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.13
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.71
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.108
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.109
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.120
access-list outside extended permit udp host 216.163.252.25 host 10.239.23.170
access-list outside extended permit udp host 216.163.252.25 host 10.239.24.26
access-list outside extended permit udp host 216.163.252.25 host 10.239.24.158
access-list outside extended permit udp host 216.163.252.25 host 10.239.24.222
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.20
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.34
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.41
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.42
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.52
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.60
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.64
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.73
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.81
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.82
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.90
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.114
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.141
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.151
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.155
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.205
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.224
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.233
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.238
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.239
access-list outside extended permit udp host 216.163.252.25 host 10.239.30.251
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.26
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.52
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.57
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.72
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.90
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.93
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.107
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.161
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.171
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.184
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.185
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.196
access-list outside extended permit udp host 216.163.252.25 host 10.239.31.208
access-list outside extended permit udp host 216.163.252.25 host 10.239.38.17
access-list outside extended permit udp host 216.163.252.25 host 10.239.41.34
access-list outside extended permit udp host 216.163.252.25 host 10.239.41.68
access-list outside extended permit udp host 216.163.252.25 host 10.239.41.72
access-list outside extended permit udp host 216.163.252.25 host 10.239.41.78
access-list outside extended permit udp host 216.163.252.25 host 10.239.48.143
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.10
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.15
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.31
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.35
access-list outside extended permit udp host 216.163.252.25 host 10.239.50.52
access-list outside extended permit udp host 216.163.252.25 host 10.239.60.100
access-list outside extended permit udp host 216.163.252.25 host 10.239.67.18
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.17
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.23
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.34
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.42
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.53
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.75
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.76
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.77
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.114
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.117
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.118
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.120
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.136
access-list outside extended permit udp host 216.163.252.25 host 10.239.96.143
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.15
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.17
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.35
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.48
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.90
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.116
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.140
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.168
access-list outside extended permit udp host 216.163.252.25 host 10.239.98.183
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.26
access-list outside extended permit udp host 216.163.252.25 host 10.242.8.53
access-list outside extended permit udp host 216.163.252.25 host 10.242.11.29
access-list outside extended permit udp host 216.163.252.25 host 10.242.11.31
access-list outside extended permit udp host 216.163.252.25 host 10.242.11.80
access-list outside extended permit udp host 216.163.252.25 host 10.242.11.81
access-list outside extended permit udp host 216.163.252.25 host 10.242.22.133
access-list outside extended permit udp host 216.163.252.25 host 10.242.22.134
access-list outside extended permit udp host 216.163.252.25 host 10.242.22.154
access-list outside extended permit udp host 216.163.252.25 host 10.242.36.76
access-list outside extended permit udp host 216.163.252.25 host 10.242.36.79
access-list outside extended permit udp host 216.163.252.25 host 10.242.36.118
access-list outside extended permit udp host 216.163.252.25 host 10.242.146.29
access-list outside extended permit udp host 216.163.252.25 host 10.242.158.227
access-list outside extended permit udp host 216.163.252.25 host 10.242.195.197
access-list outside extended permit udp host 216.163.252.25 host 207.41.226.145
access-list outside extended permit udp host 216.163.252.25 10.233.38.144 255.255.255.248
access-list outside extended permit udp host 216.163.252.25 10.230.132.160 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 10.230.134.0 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 10.242.68.160 255.255.255.224
access-list outside extended permit udp host 216.163.252.25 10.233.38.150 255.255.255.222
access-list outside extended permit udp host 216.163.252.25 10.229.144.0 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.236.84.64 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.237.84.128 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.239.47.192 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.242.90.64 255.255.255.192
access-list outside extended permit udp host 216.163.252.25 10.230.137.128 255.255.255.128
access-list outside extended permit udp host 216.163.252.25 10.239.56.0 255.255.255.128
access-list outside extended permit udp host 216.163.252.25 10.237.22.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.56
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.72
access-list outside extended permit esp host 216.163.252.25 10.239.24.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.15
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.94
access-list outside extended permit esp host 216.163.252.25 host 10.239.24.138
access-list outside extended permit esp host 216.163.252.25 10.239.23.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.101
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.208
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.20
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.78
access-list outside extended permit esp host 216.163.252.25 10.239.48.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.73
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.204
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.178
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.187
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.28
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.144
access-list outside extended permit esp host 216.163.252.25 host 10.239.48.105
access-list outside extended permit esp host 216.163.252.25 10.237.23.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.237.23.179
access-list outside extended permit esp host 216.163.252.25 10.237.164.0 255.255.254.0
access-list outside extended permit esp host 216.163.252.25 10.239.50.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.46
access-list outside extended permit esp host 216.163.252.25 host 10.237.165.120
access-list outside extended permit esp host 216.163.252.25 10.239.50.0 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.11
access-list outside extended permit esp host 216.163.252.25 host 10.239.48.142
access-list outside extended permit esp host 216.163.252.25 host 10.239.48.12
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.45
access-list outside extended permit esp host 216.163.252.25 host 10.237.173.12
access-list outside extended permit esp host 216.163.252.25 host 10.237.164.72
access-list outside extended permit esp host 216.163.252.25 host 10.237.173.13
access-list outside extended permit esp host 216.163.252.25 host 10.239.20.145
access-list outside extended permit esp host 216.163.252.25 host 10.239.41.23
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.128
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.146
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.137
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.144
access-list outside extended permit esp host 216.163.252.25 10.230.144.64 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.229.32.0 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.242.50.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.153
access-list outside extended permit esp host 216.163.252.25 host 10.242.50.68
access-list outside extended permit esp host 216.163.252.25 host 10.232.8.176
access-list outside extended permit esp host 216.163.252.25 10.242.0.128 255.255.255.128
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.198
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.199
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.201
access-list outside extended permit esp host 216.163.252.25 10.230.107.192 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.202
access-list outside extended permit esp host 216.163.252.25 10.237.226.0 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 10.242.146.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.197
access-list outside extended permit esp host 216.163.252.25 host 10.229.59.109
access-list outside extended permit esp host 216.163.252.25 10.242.97.128 255.255.255.128
access-list outside extended permit esp host 216.163.252.25 10.242.36.64 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.237.241.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 host 10.237.241.14
access-list outside extended permit esp host 216.163.252.25 host 10.237.241.68
access-list outside extended permit esp host 216.163.252.25 host 10.237.241.94
access-list outside extended permit esp host 216.163.252.25 host 10.237.173.15
access-list outside extended permit esp host 216.163.252.25 10.242.212.0 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.242.51.128 255.255.255.128
access-list outside extended permit esp host 216.163.252.25 10.242.210.192 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 host 10.242.146.18
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.168
access-list outside extended permit esp host 216.163.252.25 host 10.239.48.31
access-list outside extended permit esp host 216.163.252.25 host 10.242.195.204
access-list outside extended permit esp host 216.163.252.25 10.242.195.192 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.230.241.0 255.255.255.0
access-list outside extended permit esp host 216.163.252.25 10.230.103.128 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 host 10.230.107.144
access-list outside extended permit esp host 216.163.252.25 10.230.107.128 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 10.211.202.224 255.255.255.240
access-list outside extended permit esp host 216.163.252.25 host 10.211.211.221
access-list outside extended permit esp host 216.163.252.25 host 10.229.34.43
access-list outside extended permit esp host 216.163.252.25 host 10.229.34.49
access-list outside extended permit esp host 216.163.252.25 host 10.232.38.160
access-list outside extended permit esp host 216.163.252.25 host 10.232.130.93
access-list outside extended permit esp host 216.163.252.25 host 10.233.38.151
access-list outside extended permit esp host 216.163.252.25 host 10.236.147.50
access-list outside extended permit esp host 216.163.252.25 host 10.236.147.71
access-list outside extended permit esp host 216.163.252.25 host 10.236.147.83
access-list outside extended permit esp host 216.163.252.25 host 10.236.180.4
access-list outside extended permit esp host 216.163.252.25 host 10.237.9.83
access-list outside extended permit esp host 216.163.252.25 host 10.237.9.93
access-list outside extended permit esp host 216.163.252.25 host 10.237.77.39
access-list outside extended permit esp host 216.163.252.25 host 10.237.77.74
access-list outside extended permit esp host 216.163.252.25 host 10.237.77.76
access-list outside extended permit esp host 216.163.252.25 host 10.237.173.8
access-list outside extended permit esp host 216.163.252.25 host 10.237.241.24
access-list outside extended permit esp host 216.163.252.25 host 10.237.241.183
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.13
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.71
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.108
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.109
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.120
access-list outside extended permit esp host 216.163.252.25 host 10.239.23.170
access-list outside extended permit esp host 216.163.252.25 host 10.239.24.26
access-list outside extended permit esp host 216.163.252.25 host 10.239.24.158
access-list outside extended permit esp host 216.163.252.25 host 10.239.24.222
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.20
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.34
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.41
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.42
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.52
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.60
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.64
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.73
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.81
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.82
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.90
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.114
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.141
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.151
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.155
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.205
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.224
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.233
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.238
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.239
access-list outside extended permit esp host 216.163.252.25 host 10.239.30.251
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.26
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.52
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.57
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.72
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.90
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.93
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.107
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.161
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.171
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.184
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.185
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.196
access-list outside extended permit esp host 216.163.252.25 host 10.239.31.208
access-list outside extended permit esp host 216.163.252.25 host 10.239.38.17
access-list outside extended permit esp host 216.163.252.25 host 10.239.41.34
access-list outside extended permit esp host 216.163.252.25 host 10.239.41.68
access-list outside extended permit esp host 216.163.252.25 host 10.239.41.72
access-list outside extended permit esp host 216.163.252.25 host 10.239.41.78
access-list outside extended permit esp host 216.163.252.25 host 10.239.48.143
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.10
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.15
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.31
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.35
access-list outside extended permit esp host 216.163.252.25 host 10.239.50.52
access-list outside extended permit esp host 216.163.252.25 host 10.239.60.100
access-list outside extended permit esp host 216.163.252.25 host 10.239.67.18
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.17
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.23
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.34
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.42
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.53
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.75
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.76
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.77
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.114
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.117
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.118
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.120
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.136
access-list outside extended permit esp host 216.163.252.25 host 10.239.96.143
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.15
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.17
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.35
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.48
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.90
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.116
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.140
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.168
access-list outside extended permit esp host 216.163.252.25 host 10.239.98.183
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.26
access-list outside extended permit esp host 216.163.252.25 host 10.242.8.53
access-list outside extended permit esp host 216.163.252.25 host 10.242.11.29
access-list outside extended permit esp host 216.163.252.25 host 10.242.11.31
access-list outside extended permit esp host 216.163.252.25 host 10.242.11.80
access-list outside extended permit esp host 216.163.252.25 host 10.242.11.81
access-list outside extended permit esp host 216.163.252.25 host 10.242.22.133
access-list outside extended permit esp host 216.163.252.25 host 10.242.22.134
access-list outside extended permit esp host 216.163.252.25 host 10.242.22.154
access-list outside extended permit esp host 216.163.252.25 host 10.242.36.76
access-list outside extended permit esp host 216.163.252.25 host 10.242.36.79
access-list outside extended permit esp host 216.163.252.25 host 10.242.36.118
access-list outside extended permit esp host 216.163.252.25 host 10.242.146.29
access-list outside extended permit esp host 216.163.252.25 host 10.242.158.227
access-list outside extended permit esp host 216.163.252.25 host 10.242.195.197
access-list outside extended permit esp host 216.163.252.25 host 207.41.226.145
access-list outside extended permit esp host 216.163.252.25 10.233.38.144 255.255.255.248
access-list outside extended permit esp host 216.163.252.25 10.230.132.160 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 10.230.134.0 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 10.242.68.160 255.255.255.224
access-list outside extended permit esp host 216.163.252.25 10.233.38.150 255.255.255.222
access-list outside extended permit esp host 216.163.252.25 10.229.144.0 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.236.84.64 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.237.84.128 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.239.47.192 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.242.90.64 255.255.255.192
access-list outside extended permit esp host 216.163.252.25 10.230.137.128 255.255.255.128
access-list outside extended permit esp host 216.163.252.25 10.239.56.0 255.255.255.128
access-list outside extended permit esp host 216.163.252.25 10.237.22.0 255.255.255.0
access-list inside1 extended permit udp 10.237.164.0 255.255.254.0 host 216.163.252.25
access-list inside1 extended permit ip 10.229.32.0 255.255.255.192 host 216.163.252.25
access-list inside1 extended permit ip 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit esp 10.242.146.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit ip 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit esp 10.239.48.0 255.255.255.0 host 216.163.252.25
access-list inside1 extended permit ip host 10.239.23.177 host 216.163.252.25
nat (inside,outside) source dynamic obj-10.239.48.0 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25
nat (inside,outside) source dynamic obj-10.237.164.0-01 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25
nat (inside,outside) source dynamic obj-10.229.32.0 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25
nat (inside,outside) source dynamic obj-10.242.146.0 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25
nat (inside,outside) source dynamic obj-10.237.241.0 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25
nat (inside,outside) source dynamic obj-10.230.107.128 obj-203.99.194.163 destination static obj-216.163.252.25 obj-216.163.252.25 -
Multiple errors upgrading from snow leopard to mountain lion
While attempting to upgrade on an early 2008 Mac Pro, I received the "could not create recovery disk" error on install and had to abort the upgrade. I found online a suggestion of decreasing the size if the main partition (I have no other partitions on the system drive) by a little so that 10.8 can create the recovery drive. When I went I do this it started the process then gave me the error that "I need a newer version of OS X" to complete the task.
I can't create the partition 10.8 needs because I don't have 10.8?
I desperately need a workaround. Any insight would be greatly appreciated, I can offer more details if needed. I do know that the system drive is not a RAID volume, and apples page concerning this error didn't seem to apply to doing an upgrade like this.
Thanks all for your help!!I followed these steps. install gave me the same errors. as far as creating a recovery system goes, since im in snow leopard, i could only intall mountain lion on an external drive. im not sure that really fulfilled the requirements of creating the recovery hd i needed, coulndt find instructions on simply creating a recovery HD on an eternal disk. i did also notice that my internal mac HD system drive is HSF+, or so it appears. could that be the trouble all along?
EDIT: Just reconfirmed as Macintosh HD - Mac OS Extended journaled), so scratch that. i guess im just having trouble "creating a recovery HD" i cannot get the recovery assistant app, because im on snow leopard -
Depreciation Run Error while Upgrading from SAP 4.6C TO ECC6.0
Hi
We are upgrading from 4.6c to ECC 6.0. In ECC 6.0 we need to make the Number Range Interval as "Internal" and Batch Session tick to be removed from the Depreciation Document Type.
While executing depreciation run, it got terminated and I have done the above changes. After that I have restarted the Depreciation. I have got the following error Message.
Message(s) during check of document ERROR00001
Message no. AAPO511
S:/SAPDMC/LSMW_AUX_020:006 20
Message no. /SAPDMC/LSMW_AUX_020006
If any body aware solution, kindly reply to this message
Thanks
sivaCheck this useful links
Key differences between SAP 4.6 - ECC 6.0
http://sap.ittoolbox.com/groups/technical-functional/sap-hr/difference-sap-ecc60-with-sap-r3-3161113
LE/WM functionality difference between 4.6c and ECC 6.0
differences between SAP R/3 ECC 6 & SAP R/3 4.6C in Material management mod
Upgrade from SAP R/3 4.6 C to ECC6.0 - To find obselete and new tcodes
Upgrade from SAP R/3 4.6 C to ECC6.0 - To find obselete and new tcodes -
Upgrading from PIX to ASA 5512X
Hi everyone,
We are in the middle of upgrading from two PIX's to some new ASA5512X's. To give you some background on the situation we are upgrading these since the PIXs are fairly old. We had one extra that we had to use since one PIX has failed already. The guy that implemented the PIXs orginally was learning how to do so as he went so there is alot of needless config in the PIX, atleast from what I can tell. Another guy that works with me has done some configuration on the new ASAs and has done the majority of it so far. Today we went to install the new ASAs and switch everything over hoping it would work, but that didn't happen. It seems that there is something wrong with our NAT and ACLs somewhere along the lines. The way our network is laid out is that we have two school campus with a site-to-site VPN one is 172.17.0.0/16 and the other is 172.18.0.0/16. We also have a remote-access VPN on both ASA's. When we connected the new ASAs up and brought up the interfaces, nothing on the inside could ping the internet nor the other side. The VPN showed active on the ASA's and each ASA could ping the others outside interface, but that was it. I have posted the configs below. If anyone could help out I would GREATLY appreciate it! Thank you in advance!
ASA1:
: Saved
: Written by enable_15 at 04:26:18.240 CDT Tue Mar 12 2013
ASA Version 8.6(1)2
hostname dallasroadASA
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 70.x.x.x 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.18.1.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 172.18.2.21
name-server 172.18.2.20
object network WS_VLAN2
subnet 172.17.2.0 255.255.255.0
object network WS_VLAN3
subnet 172.17.3.0 255.255.255.0
object network WS_VLAN4
subnet 172.17.4.0 255.255.255.0
object network WS_VLAN5
subnet 172.17.5.0 255.255.255.0
object network WS_VLAN6
subnet 172.17.6.0 255.255.255.0
object network WS_VLAN7
subnet 172.17.7.0 255.255.255.0
object network WS_VLAN8
subnet 172.17.8.0 255.255.255.0
object network WS_VLAN9
subnet 172.17.9.0 255.255.255.0
object network WS_VLAN10
subnet 172.17.10.0 255.255.255.0
object network WS_VLAN11
subnet 172.17.11.0 255.255.255.0
object network WS_VLAN12
subnet 172.17.12.0 255.255.255.0
object network WS_VLAN13
subnet 172.17.13.0 255.255.255.0
object network WS_VLAN14
subnet 172.17.14.0 255.255.255.0
object network WS_VLAN15
subnet 172.17.15.0 255.255.255.0
object network WS_VLAN16
subnet 172.17.16.0 255.255.255.0
object network DR_VLAN2
subnet 172.18.2.0 255.255.255.0
object network DR_VLAN3
subnet 172.18.3.0 255.255.255.0
object network DR_VLAN4
subnet 172.18.4.0 255.255.255.0
object network DR_VLAN5
subnet 172.18.5.0 255.255.255.0
object network DR_VLAN6
subnet 172.18.6.0 255.255.255.0
object network DR_VLAN7
subnet 172.18.7.0 255.255.255.0
object network DR_VLAN8
subnet 172.18.8.0 255.255.255.0
object network DR_VLAN9
subnet 172.18.9.0 255.255.255.0
object network DR_VLAN10
subnet 172.18.10.0 255.255.255.0
object network DR_CORE_SW
host 172.18.2.1
object network dallasdns02_internal
host 172.18.2.21
object network faithdallas03_internal
host 172.18.2.20
object network dns_external
host 70.x.x.x
object network WorthStreet
subnet 172.17.0.0 255.255.0.0
object network DallasRoad
subnet 172.18.0.0 255.255.0.0
object-group network DALLAS_VLANS
network-object object DR_VLAN10
network-object object DR_VLAN2
network-object object DR_VLAN3
network-object object DR_VLAN4
network-object object DR_VLAN5
network-object object DR_VLAN6
network-object object DR_VLAN7
network-object object DR_VLAN8
network-object object DR_VLAN9
object-group network WORTH_VLANS
network-object object WS_VLAN10
network-object object WS_VLAN11
network-object object WS_VLAN12
network-object object WS_VLAN13
network-object object WS_VLAN14
network-object object WS_VLAN15
network-object object WS_VLAN16
network-object object WS_VLAN2
network-object object WS_VLAN3
network-object object WS_VLAN4
network-object object WS_VLAN5
network-object object WS_VLAN6
network-object object WS_VLAN7
network-object object WS_VLAN8
network-object object WS_VLAN9
object-group network dallasitnetwork
network-object host 172.18.2.20
network-object host 172.18.2.40
object-group protocol tcpudp
protocol-object udp
protocol-object tcp
object-group network dallasroaddns
network-object host 172.18.2.20
network-object host 172.18.2.21
object-group service tcpservices tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq ssh
object-group network remotevpnnetwork
network-object 172.18.50.0 255.255.255.0
access-list L2LAccesslist extended permit ip 172.18.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list NONAT extended permit ip any 172.18.50.0 255.255.255.0
access-list inside_inbound_access extended permit ip 172.18.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list inside_inbound_access extended permit ip object-group dallasitnetwork any
access-list inside_inbound_access extended permit object-group tcpudp object-group dallasroaddns any eq domain
access-list inside_inbound_access extended permit ip host 172.18.4.10 any
access-list inside_inbound_access extended deny object-group tcpudp any any eq domain
access-list inside_inbound_access extended deny tcp any any eq smtp
access-list inside_inbound_access extended permit ip any any
access-list outside_inbound_access extended permit tcp any host 70.x.x.x object-group tcpservices
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnaddresspool 172.18.50.0-172.18.50.255
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static dallasdns02_internal dns_external
nat (inside,outside) source static faithdallas03_internal dns_external
nat (inside,outside) source dynamic any interface
nat (any,outside) source static remotevpnnetwork remotevpnnetwork destination static remotevpnnetwork remotevpnnetwork description NONAT for remote vpn users
nat (inside,outside) source static DallasRoad DallasRoad destination static WorthStreet WorthStreet
access-group outside_inbound_access in interface outside
access-group inside_inbound_access in interface inside
route outside 0.0.0.0 0.0.0.0 70.x.x.x 1
route inside 172.18.0.0 255.255.0.0 172.18.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
ldap attribute-map CISCOMAP
map-name VPNALLOW IETF-Radius-Class
map-value VPNALLOW FALSE NOACESS
map-value VPNALLOW TRUE ALLOWACCESS
dynamic-access-policy-record DfltAccessPolicy
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 172.17.2.28
server-port 389
ldap-base-dn DC=campus,DC=fcschool,DC=org
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password ****
ldap-login-dn CN=fcsadmin,CN=Users,DC=campus,DC=fcschool,DC=org
server-type microsoft
ldap-attribute-map CISCOMAP
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.17.11.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
crypto map outside_map 10 match address L2LAccesslist
crypto map outside_map 10 set peer 71.x.x.x
crypto map outside_map 10 set ikev1 transform-set myset
crypto map outside_map 10 set reverse-route
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 172.18.0.0 255.255.0.0 inside
ssh 172.17.0.0 255.255.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1
group-policy DfltGrpPolicy attributes
dns-server value 172.18.2.20
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
password-storage enable
group-policy DallasRoad internal
group-policy DallasRoad attributes
dns-server value 172.18.2.20 172.18.2.21
password-storage enable
default-domain value campus.fcschool.org
group-policy ALLOWACCESS internal
group-policy ALLOWACCESS attributes
banner value Now connected to the FCS Network
vpn-tunnel-protocol ikev1
username iwerkadmin password i6vIlW5ctGaR0l7n encrypted privilege 15
tunnel-group remoteaccessvpn type remote-access
tunnel-group remoteaccessvpn general-attributes
address-pool vpnaddresspool
authentication-server-group LDAP
tunnel-group 71.x.x.x type ipsec-l2l
tunnel-group 71.x.x.x ipsec-attributes
ikev1 pre-shared-key ****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:fd69fbd7a2cb0a6a125308dd85302198
: end
ASA2:
: Saved
: Written by enable_15 at 09:27:47.579 UTC Tue Mar 12 2013
ASA Version 8.6(1)2
hostname worthstreetASA
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 71.x.x.x 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.17.1.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa861-2-smp-k8.bin
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 172.17.2.23
name-server 172.17.2.28
object network mail_external
host 71.x.x.x
object network mail_internal
host 172.17.2.57
object network faweb_external
host 71.x.x.x
object network netclassroom_external
host 71.x.x.x
object network blackbaud_external
host 71.x.x.x
object network netclassroom_internal
host 172.17.2.41
object network nagios
host 208.x.x.x
object network DallasRoad_ASA
host 70.x.x.x
object network WS_VLAN2
subnet 172.17.2.0 255.255.255.0
object network WS_VLAN3
subnet 172.17.3.0 255.255.255.0
object network WS_VLAN4
subnet 172.17.4.0 255.255.255.0
object network WS_VLAN5
subnet 172.17.5.0 255.255.255.0
object network WS_VLAN6
subnet 172.17.6.0 255.255.255.0
object network WS_VLAN7
subnet 172.17.7.0 255.255.255.0
object network WS_VLAN8
subnet 172.17.8.0 255.255.255.0
object network WS_VLAN9
subnet 172.17.9.0 255.255.255.0
object network WS_VLAN10
subnet 172.17.10.0 255.255.255.0
object network WS_VLAN11
subnet 172.17.11.0 255.255.255.0
object network WS_VLAN12
subnet 172.17.12.0 255.255.255.0
object network WS_VLAN13
subnet 172.17.13.0 255.255.255.0
object network WS_VLAN14
subnet 172.17.14.0 255.255.255.0
object network WS_VLAN15
subnet 172.17.15.0 255.255.255.0
object network WS_VLAN16
subnet 172.17.16.0 255.255.255.0
object network DR_VLAN2
subnet 172.18.2.0 255.255.255.0
object network DR_VLAN3
subnet 172.18.3.0 255.255.255.0
object network DR_VLAN4
subnet 172.18.4.0 255.255.255.0
object network DR_VLAN5
subnet 172.18.5.0 255.255.255.0
object network DR_VLAN6
subnet 172.18.6.0 255.255.255.0
object network DR_VLAN7
subnet 172.18.7.0 255.255.255.0
object network DR_VLAN8
subnet 172.18.8.0 255.255.255.0
object network DR_VLAN9
subnet 172.18.9.0 255.255.255.0
object network DR_VLAN10
subnet 172.18.10.0 255.255.255.0
object network WS_CORE_SW
host 172.17.2.1
object network blackbaud_internal
host 172.17.2.26
object network spiceworks_internal
host 172.17.2.15
object network faweb_internal
host 172.17.2.31
object network spiceworks_external
host 71.x.x.x
object network WorthStreet
subnet 172.17.0.0 255.255.0.0
object network DallasRoad
subnet 172.18.0.0 255.255.0.0
object network remotevpnnetwork
subnet 172.17.50.0 255.255.255.0
object-group icmp-type echo_svc_group
icmp-object echo
icmp-object echo-reply
object-group service mail.fcshool.org_svc_group
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group service nagios_svc_group tcp
port-object eq 12489
object-group service http_s_svc_group tcp
port-object eq www
port-object eq https
object-group network DALLAS_VLANS
network-object object DR_VLAN10
network-object object DR_VLAN2
network-object object DR_VLAN3
network-object object DR_VLAN4
network-object object DR_VLAN5
network-object object DR_VLAN6
network-object object DR_VLAN7
network-object object DR_VLAN8
network-object object DR_VLAN9
object-group network WORTH_VLANS
network-object object WS_VLAN10
network-object object WS_VLAN11
network-object object WS_VLAN12
network-object object WS_VLAN13
network-object object WS_VLAN14
network-object object WS_VLAN15
network-object object WS_VLAN16
network-object object WS_VLAN2
network-object object WS_VLAN3
network-object object WS_VLAN4
network-object object WS_VLAN5
network-object object WS_VLAN6
network-object object WS_VLAN7
network-object object WS_VLAN8
network-object object WS_VLAN9
object-group network MailServers
network-object host 172.17.2.57
network-object host 172.17.2.58
network-object host 172.17.2.17
object-group protocol DM_INLINE_PROTOCOL
protocol-object ip
protocol-object udp
protocol-object tcp
object-group network DNS_Servers
network-object host 172.17.2.23
network-object host 172.17.2.28
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_access_in extended permit object-group mail.fcshool.org_svc_group any object mail_internal
access-list outside_access_in extended permit tcp object nagios object mail_internal object-group nagios_svc_group
access-list outside_access_in extended permit tcp any object faweb_external object-group http_s_svc_group
access-list outside_access_in extended permit tcp any object netclassroom_external object-group http_s_svc_group
access-list outside_access_in extended permit tcp any object blackbaud_external eq https
access-list outside_access_in extended permit tcp any object spiceworks_external object-group http_s_svc_group
access-list L2LAccesslist extended permit ip 172.17.0.0 255.255.0.0 172.18.0.0 255.255.0.0
access-list inside_inbound extended permit object-group TCPUDP object-group DNS_Servers any eq domain
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL host 172.17.15.10 any inactive
access-list inside_access_in extended permit tcp object-group MailServers any eq smtp
access-list inside_access_in extended permit tcp host 172.17.14.10 any eq smtp
access-list inside_access_in extended deny object-group TCPUDP any any eq domain
access-list inside_access_in extended deny tcp any any eq smtp
access-list inside_access_in extended permit ip any any
access-list vpn_access extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnaddresspool 172.17.50.1-172.17.50.255
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static mail_internal mail_external
nat (inside,outside) source static netclassroom_internal netclassroom_external
nat (inside,outside) source static faweb_internal faweb_external
nat (inside,outside) source static spiceworks_internal interface
nat (inside,outside) source static blackbaud_internal blackbaud_external
nat (inside,outside) source dynamic any interface
nat (inside,outside) source static WorthStreet WorthStreet destination static DallasRoad DallasRoad
nat (any,outside) source static remotevpnnetwork remotevpnnetwork destination static remotevpnnetwork remotevpnnetwork description NONAT for remote vpn users
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 71.x.x.x 1
route inside 172.17.0.0 255.255.0.0 172.17.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
ldap attribute-map CISCOMAP
map-name VPNALLOW IETF-Radius-Class
map-value VPNALLOW FALSE NOACESS
map-value VPNALLOW TRUE ALLOWACCESS
dynamic-access-policy-record DfltAccessPolicy
network-acl vpn_access
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 172.17.2.28
ldap-base-dn DC=campus,DC=fcschool,DC=org
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password Iw@FCS730w
ldap-login-dn CN=VPN Admin,CN=Users,DC=campus,DC=fcschool,DC=org
server-type microsoft
ldap-attribute-map CISCOMAP
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.17.0.0 255.255.0.0 inside
http 172.18.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
crypto map outside_map 10 match address L2LAccesslist
crypto map outside_map 10 set peer 70.x.x.x
crypto map outside_map 10 set ikev1 transform-set myset
crypto map outside_map 10 set reverse-route
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
telnet 172.17.0.0 255.255.0.0 inside
telnet 172.18.0.0 255.255.0.0 inside
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 172.17.0.0 255.255.0.0 inside
ssh 172.18.0.0 255.255.0.0 inside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access management
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
webvpn
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1
group-policy ALLOWACCESS internal
group-policy ALLOWACCESS attributes
banner value Now connected to the FCS Network
vpn-tunnel-protocol ikev1
username iwerkadmin password i6vIlW5ctGaR0l7n encrypted privilege 15
tunnel-group 70.x.x.x type ipsec-l2l
tunnel-group 70.x.x.x ipsec-attributes
ikev1 pre-shared-key FC$vpnn3tw0rk
tunnel-group remoteaccessvpn type remote-access
tunnel-group remoteaccessvpn general-attributes
address-pool vpnaddresspool
authentication-server-group LDAP
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:b599ba0f719f39b213e7f01fe55588ac
: endHi Derrick,
I just did the same for a customer; replaced 2 PIX515s failover cluster with 5512X. The NAT change is major with ASAs version 8.3 and later...
here's what you need: a manual NAT rule called twice NAT (policy NAT or NONAT is the old terminology) for the VPNs to work. also add the no-proxy-arp keyword:
nat (inside,outside) source static INSIDE_NETWORKS INSIDE_NETWORKS VPN_NETWORKS VPN_NETWORKS no-proxy-arp
nat (inside,outside) source static INSIDE_NETWORKS INSIDE_NETWORKS RA_VPN_NETWORKS RA_VPN_NETWORKS no-proxy-arp
then the dynamic PAT for internet access (after the twice NATs for VPN); could be a manual NAT like you did, or preferred an object NAT.
you did:
nat (inside,outside) source dynamic any interface
would also work with object nat:
object network INSIDE_NETWORKS
subnet ...
nat (inside,outside) dynamic interface
Same on the other side (except the networks are reversed since the inside network is now what the other side refers to as vpn network and vice versa)
If you don't put the no-proxy-arp, your NAT configuration will cause network issues.
also to be able to pass pings through ASA, add the following:
policy-map global_policy
class inspection_default
inspect icmp
The asa will do some basic inspection of the ICMP protocol with that config ex. it will make sure there is 1 echo-reply for each echo-request...
hope that helps,
Patrick -
Support IPSec VPN Client in ASA Multiple Context Mode
I've looked at under "Cisco ASA Series CLI Configuration Guide, 9.0" on "Configuring Multiple Context Mode", it says
"IPsec sessions—5 sessions. (The maximum per context.) ". Does it mean in ASA Multiple Contest Mode support IPSec VPN Client? I just want to confirm it because I can't seem find any doc that clearly spell it out. I'll appreciate anyone who can clarify it.
Thank Jason.
( Please direct me to the right group if I'm not for the first time I post it in the Cisco support forum)This is from the v9.3 config-guide:
Unsupported Features
Multiple context mode does not support the following features:
Remote access VPN. (Site-to-site VPN is supported.) -
After upgrading from ASA 8.2 to 9.1(2) not able to get web site
Dears,
ASA Version has been upgraded from 8.2 to 9.1(2). Since then, website is not accessible from outside.
Diagnosis:
Many web sites are deployed behind the ASA. When anyone accesses website from outside, the following error is reported: The page cannot be displayed. No issues have been reported with any other websites.
In the ASA, two different public subnets are in use in order to allow accessing the website from the public domain. No issues have been reported so far with the first subnet. The website is mapped to a public address in the second subnet. When the website is mapped to an IP address in the working subnet, the website is accessible from outside. As a workaround, this is applied and the website is up and running.
As the website is working fine with the second subnet, NAT and ACL configuration is fine. We have turned on logging in the ASDM, but no traffic was observed on the ASA for the non-working subnet. On the other hand, the traffic was noticed on the ASDM for the working subnet.
The working subnet is XX.YY.XX.X
Non working subnet is XX.YY.YY.X
The outside interface ip is XX.YY.XX.X (Working Subnet)
Tried to assign one ip address to the PC from non working subnet and connected to the Switch , its pinging from outsideHi
Have you tried using packet tracer? -
ASA Firewall Upgrade from 8.2,8.4, to 9.0
Dear All ,
we have five firewalls with the following details:
First Firewall
Hardware: ASA5550, 4096 MB RAM, CPU Pentium 4 3000 MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.4(3) ,Device Manager Version 6.4(7)
my question can i upgrade ASA IOS 8.4(3) to 9.0 directly without any issues also can i upgrade Device manager 6.4(7) to 7.0 without upgrading the ASA IOS itself
Second Firewall
Hardware: ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.2(3) ,Device Manager Version
6.2(3)
my question can i upgrade ASA IOS 8.2(3) to 9.0 directly without any issues also can i upgrade Device manager 6.2(3) to 7.0 without upgrading the ASA IOS itself
Third Firewall
Hardware: ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.4(3) ,Device Manager Version 6.4(7)
my question can i upgrade ASA IOS 8.4(3) to 9.0 directly without any issues also can i upgrade Device manager 6.4(7) to 7.0 without upgrading the ASA IOS itself
Fourth Firewall
Hardware: ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.4(3) ,Device Manager Version 6.4(7)
my question can i upgrade ASA IOS 8.4(3) to 9.0 directly without any issues also can i upgrade Device manager 6.4(7) to 7.0 without upgrading the ASA IOS itself
fifth Firewall:
Hardware: ASA5520,2048 MB RAM, CPU Pentium 4 2000MHz, Flash 256MB , BIOS Flash1024KB , ASA IOS 8.2(3) ,Device Manager Version 6.2(3)
my question can i upgrade ASA IOS 8.2(3) to 9.0 directly without any issues also can i upgrade Device manager 6.2(3) to 7.0 without upgrading the ASA IOS itself
please help i am doing the upgrading remotely using the ASDM and i don't want to do any upgrade could result disconnectivity.
Best regardsHi Basel,
Honestly, I wouldn't suggest a direct upgrade from 8.2 to 9.0. This is a *major* upgrade. The recommended path to reach 9.0 would be from 8.2-->8.4-->9.0
Here are the release notes for 9.0:
http://www.cisco.com/en/US/docs/security/asa/asa90/release/notes/asarn90.html#wp690047
Per above document:
If you are upgrading from a pre-8.3 release, see also the Cisco ASA 5500 Migration Guide to Version 8.3 and Later
for important information about migrating your configuration.
Once you are on 8.3/8.4 (I would suggest 8.4 as a lot of issues were fixed post 8.3 as that was a huge transition from 8.2) upgrade to 9.0 is fairly simple.
Major part is upgrade from 8.2 to 8.4 as configuration changes and few things can be broken as a result. I would highly recommend you to check these docs before attempting an upgrade and also do it with some maintenence window so as to correct things in case they broke:
Following doc talks about 8.3 but it is applicable to direct upgrade to 8.4 as well:
https://supportforums.cisco.com/docs/DOC-12690
Release notes for 8.4:
http://www.cisco.com/en/US/docs/security/asa/asa84/release/notes/asarn84.html
Sourav -
ASA 5520 upgrade from 8.4.6 to 9.1.2
Dear All,
I am having ASA 5520 in Active Standby failover configuration . I want to know if I can upgrade it from 8.4.6 to 9.1.2 using the zero downtime upgrade process mentioned on cisco site .
Below is the process :
Upgrade an Active/Standby Failover Configuration
Complete these steps in order to upgrade two units in an Active/Standby failover configuration:
Download the new software to both units, and specify the new image to load with the boot system command.
Refer to Upgrade a Software Image and ASDM Image using CLI for more information.
Reload the standby unit to boot the new image by entering the failover reload-standby command on the active unit as shown below:
active#failover reload-standby
When the standby unit has finished reloading and is in the Standby Ready state, force the active unit to fail over to the standby unit by entering the no failover active command on the active unit.
active#no failover active
Note: Use the show failover command in order to verify that the standby unit is in the Standby Ready state.
Reload the former active unit (now the new standby unit) by entering the reload command:
newstandby#reload
When the new standby unit has finished reloading and is in the Standby Ready state, return the original active unit to active status by entering the failover active command:
newstandby#failover active
This completes the process of upgrading an Active/Standby Failover pair.
Also after upgrade are there any changes required after IOS migration ( i.e are there any changes in the command line of 8.4.6 and 9.1.2 )
It is mentioned on cisco site that
Major Release
—You can upgrade from the last minor release of the previous version to the next major release. For example, you can upgrade from 7.9 to 8.0, assuming that 7.9 is the last minor version in the 7.x release.Hi Tushar,
The steps you mentioned are perfectly fine. There is no major difference in the commands of the 2 versions, it's just that in access-rule from 9.1 you have to any4 instead of any for ipv4 and any6 for ipv6. During conversion it will get convert automatically.
Also, please refer to the following document (release notes of 9.1.2) for viewing the new features added in that version:
http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.html#wp685480
- Prateek Verma -
Multiple problems installing upgrade from CS5 Design Prem. to CS6 Design Prem.
I had started a thread a few days ago regarding problems that I was having while installing my upgrade from CS5 Design Premium to CS6 Design Premium. Everything seemed to install fine with the exception of Acrobat X Pro. http://forums.adobe.com/message/4716847#4716847
I thought that I had resolved the issue through tech support, but apparently not. First of all, they had me install the trial version of Acrobat X which actually let me install with no errors. A couple of days passed and Acrobat asked if I would like to continue my trial or enter a serial number. I tried to use my serial that came with my upgrade but it rejected it, so I opted to continue the trial. Then earlier today as I was working in InDesign, upon launching I got a script error message.
Error in C:\Program Files (x86)\Common Files\Adobe\Startup Scripts CS6\Flash\Flash-12.0.jsx
Line 153: if( app.name = = flashAppname && (module.name = = 'DefaultScript' II module.name = = 'Flash'))
Cannot open resource file.
After clicking OK it seemed to open InDesign fine and I was able to open files and go about working. While working I noticed that I had no effects in the dropdown menu under 'Object'. Tried the shortcut for them and nothing happened. I have yet to try to open any files containing effects (drop shadow or something) but am guessing that they will not work. My next course of action was to try to Uninstall and Re-Install. I removed CS6 and Acrobat X Pro from my computer and ran the Creative Suite Cleaner program. Then instead of installing the upgrade from the DVD, I decided to download the program from the Adobe LWS and give that a go thinking that maybe the download files are more up-to-date than the DVD that I recieved. Now it seems I am back to square one with the same problems (InDesign missing 'Effects' and who knows what else, and Acrobat X Pro failed to install), but this time I have diffent errors on the "error summary file" that shows up as a link in the "Installation Complete" dialog box. Sorry for being windy, but I really need to get this resolved. Thanks for any and all input. PC is Dell Precision T3500 running Windows 7 and is current on it's updates.
Here is a copy of the errors from that page:
Exit Code: 6
Please see specific errors and warnings below for troubleshooting. For example, ERROR: DW050 ... WARNING: DF012, DS013 ...
-------------------------------------- Summary --------------------------------------
- 0 fatal error(s), 3 error(s), 5 warning(s)
WARNING: DS013: Payload {3BF96AC2-0CA1-11DF-B07B-459956D89593} AdobeHelp 1.0.0.0 is already installed and the session payload {D38116C8-C472-4BB0-AD6F-0C1DD1320D1D} AdobeHelp 4.0.0.0 has no upgrade/conflict relationship with it.
WARNING: DS013: Payload {A8798E04-96FF-4564-9157-0D4C89CB794C} DynamiclinkSupport 5.0.0.0 is already installed and the session payload {DE88AA40-6766-43D3-A755-8FC374B3D2C3} DynamiclinkSupport 6.0.0.0 has no upgrade/conflict relationship with it.
WARNING: DS013: Checking payloads upgrade/conflict relationships : Failed with code 1
----------- Payload: {AC76BA86-1033-F400-7760-000000000005} Acrobat Professional 10.0.0.0 -----------
ERROR: Error 1310.Error writing to file: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\AcroIEFavClient.FRA. Verify that you have access to that directory.
ERROR: Install MSI payload failed with error: 1603 - Fatal error during installation.
MSI Error message: Error 1310.Error writing to file: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\AcroIEFavClient.FRA. Verify that you have access to that directory.
----------- Payload: {CA7C485C-7A89-11E1-B2C8-CD54B377BC52} Adobe Fireworks CS6 12.0.0.0 -----------
WARNING: DF012: File/Folder does not exist at C:\Users\Jon\Desktop\Adobe CS6 Design and Web Premium\Adobe CS6\payloads\AdobeFireworks12-mul\OEM(Seq 2141)
----------- Payload: {05E1E278-7A8D-11E1-A0B9-FC0245DB7244} Adobe Fireworks CS6_AdobeFireworks12en_USLanguagePack 12.0.0.0 -----------
WARNING: DF012: File/Folder does not exist at C:\Users\Jon\Desktop\Adobe CS6 Design and Web Premium\Adobe CS6\payloads\AdobeFireworks12en_USLanguagePack\OEM(Seq 76)
ERROR: DW050: The following payload errors were found during install:
ERROR: DW050: - Acrobat Professional: Install failedErrors "Exit Code: 6," "Exit Code: 7"
Acrobat Cleaner Tool
Sign in or activation errors
CS6 applications in Creative Cloud unexpectedly revert to trial mode
Flash Player Help | Installation problems | Flash Player | Windows
Mylenium -
Cisco ASA Upgrade from 7.0(8) to 8.2(1)
Hi, i need to upgrade my 5510 ASA from 7.0(8) to 8.2(1) ( Please note its different query from my last thread)
what i found online is i will have to do this upgrade in sequence, that is
7.0.x -> 7.2.x --> 8.0.x --> 8.2.1
is that correct?
or i will go to 7.1.x first? like this
7.0.x--> 7.1.x -> 7.2.x --> 8.0.x --> 8.1.x--> 8.2.1
Please guide, Also i am assuming, reboot required after every upgrade right?ok, i found something on another Cisco document. that is what i thought
To ensure that your configuration updates correctly, you must upgrade to each major release in turn. Therefore, to upgrade from Version 7.0 to Version 8.2, first upgrade from 7.0 to 7.1, then from 7.1 to 7.2, and finally from Version 7.2 to Version 8.2 (8.1 was only available on the ASA 5580). " -
Upgrading from SSM-10 to ASA 5525x
We are upgrading from an ASA 5510 with a SSM-10 module to the 5525x ips. Can we simply copy the config from the SSM-10 to the 5525x?
Please refer the below document for the details regarding the catalog conversions.
http://helpx.adobe.com/photoshop-elements/kb/common-catalog-issues-upgrade-elements.html -
I am upgrading from iPhone 3 to 5. I have backed up my 3 on iTunes. I keep getting an error when I try to download all info to the 5. The error says I have disconnect my phone but I haven't. Happened multiple times. Any help would be appreciated.
Are you running iTunes 11.0.1 (current version)? If not, get it at http://www.apple.com/itunes
-
Testing a Firewall upgrade from PIX 7.0.2 to ASA 8.4.5
I have upgraded from PIX 7.0.2, to ASA 8.4.5, and had some issues regarding the NAMES list, setup NETWORK-OBJECTS to get the HOSTS in the access-list added to the ASA.
The PIX script contained no NAT, only access-list, and when the script was copied onto the ASA, it was taken successfully.
I was wondering what methods are available to test the script I have compiled on the ASA, prior to switching from the PIX onto the ASA? what processes are normal to confirm the Firewall is operational, and the rulesets working ? any ideas / tools / commands would be welcome.There are changes in the NAT syntax & Object Grouping. Also on VPN configurations.....
You need to make sure that certain things are taken care in new ASA which runs in 8.4 Version.
I have attached reference for NAT changes pre and post 8.3, which might be helpful for you.
Using the packet tracer command you can check the NAT rules are working and ACL is working fine.
packet tracer input [src_int] protocol src_addr src_port dest_addr dest_port [detailed] [xml]
http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/command/reference/cmd_ref/p.html#wp1878788
Hope this helps....
Regards
Karthik -
Fields in read-only mode for BP transaction in upgrade from 4.72 to ECC6.0
Hello,
This is regarding the query for BP transaction in upgrade from 4.72 to ECC 6.0.
While creating BP / Changing BP system is disabling the fields in compnay code & sales area option. There is a SAP not provided 907860; and specified that the proplem is because of the delta customizing.
All the customization settings are as per the note. And the Synchronization Control is also activated. But still the fields are disabled only.
I have checked the field settings also in Cross-Application-Components & Logistic-Genral.
But these are not working for compnay code & sales area data.
please let me know if anyone has faced this type of problem / found any solution on this.
Best Regards,
ShubhadaSAP IMG -> Cross Application Components -> Master Data Synchronization  Synchronization Control -> Synchronization Control -> Activate Synchronization options
This setting allows you to activate synchronization of BP with R/3. Not maintaining the values may result in certain fields being read-only in BP.
Suggested Values:
Source Object: BP | Target Object: CUSTOMER | Active Indicator : X
Source Object: BP | Target Object: VENDOR | Active Indicator : X
Source Object: CUSTOMER | Target Object: BP | Active Indicator : X
Source Object: VENDOR | Target Object: BP | Active Indicator : X
Have you set all of the above settings??
BHARATH
Maybe you are looking for
-
Hi In the sender JMS content conversion, I do not want Recordset name hence I specified, Parameter Name: xml.ignoreRecordsetName Parameter Value: true But am still getting the Recordset name in the payload... Is this working for someone or a bug?
-
Can I opt to only sync iPhone 4 via iTunes and NOT iCloud?
I only use the iCal, Contacts, and Mail parts of MobileMe. I sync all three via iTunes. I don't need to worry about any web storage or gallery or other stuff. Because my MacBookPro is early 2008, I'm leery of upgrading to Lion, even though it's nee
-
Network users in mixed desktop and portable environment: Best Practices
Hello, When using Server 4.0 in a network that includes both Mac desktops and Macbook devices, what is the recommended setup for network users and their Home directories? The environment I'm building would best be suited for a "Local Only" Home folde
-
Now when I tell iMac to sleep the disc never stops. Also when I connected my iPhone it does not start iTunes even though it is ticked.
-
Removing the rendered forms from the preiview form of the xml template
Hi All, I want to remove the Rendereforms ,show forms after clicking the preview button in the xml form. Can any one help me in this regard. Points will be awarded for helpfull answers. Many thanks. Regards, Raghu