ASA policy PAT and src/dst port considerations!!

Similar Messages

• Src-dst-ip enhanced PFC4 Sup2T - removing enhanced

  6509 VSS with Sup2T PFC4 running in default mode 'src-dst-ip enhanced' for etherchannel load balancing. My understanding is that this includes the VLAN when doing it's calculations.
  We believe this might be causing problems for our 5508 wireless controllers, which are stable when there is a single member in the ether-channel, but as soon as we add another, it becomes unstable.
  It is documented that the controllers require plain 'src-dst-ip', and with the PFC3C there was a command to enable this:
  "With the Cisco IOS Software Release 12.2(33)SXH6, there is an option for PFC3C mode chassis to exclude VLAN in the Load-distribution . Use the port-channel load-balance src-dst-ip exclude vlan command in order to implement this feature. This feature ensures that traffic that belongs to a LAP that enters on the same port."
  This command is not available on the Sup2T with PFC4 running IP services 12.2(50)SY4. I can't see anything similiar either, or anything from Google.
  How can we get src-dst-ip without any enhancements on our platform, to see if this helps resolve our issue?
  Thankyou!

  ever get a reply to this ??

• ASA DMZ zone and Unix proxy server

  Hi.
  i have router which all nat translation done at here. i have a asa and core sw.
  192.168.1930.0/24 subnet my user and some server are located at this subnet. this subnet created at core sw.
  int vlan 393
  ip address 192.168.193.1 255.255.255.0
  core sw connected to asa inside interface.asa inside interface ip 172.30.30.1 and at core sw site this port access vlan 8 which is
  int vlan 8
  ip address 172.30.30.2
  at core sw at i have a default route to asa.
  ip route 0.0.0.0 0.0.0.0 172.30.30.1
  and asa site
  route inside 192.168.193.0 255.255.255.0 172.30.30.2
  all of them are ok.
  i think that is ok.
  at asa i have dmz zone which ip address:
  interface Ethernet0/1
  description connect to CoreSW
  nameif inside
  security-level 100
  ip address 172.30.30.1 255.255.255.0 standby 172.30.30.3
  interface Ethernet0/2
  description DMZ zone connect mail server
  nameif DMZ
  security-level 50
  ip address 172.16.10.1 255.255.255.0 standby 172.16.10.2
  my proxy server inside interface connected to asa dmz zone and ip address 172.16.10.254 and outside interface is connected asa outside site which mean that is same subnet of asa outside interface which is 10.0.0.254 and then 10.0.0.254 i do static nat at router. i have no problem at nat translation.
  i want my 192.168.193.0 subnet pass througth from proxy when this subnet want to connet internet.
  i wrote
  static (inside,DMZ) 192.168.193.0 192.168.193.0 netmask 255.255.255.0
  and access-list
  access-list from_dmz_to_in extended permit ip host 172.16.10.254 any
  access-group from_dmz_to_in in interface DMZ
  at this time what is up?
  the user can not access internet and what i do? i wrote proxy server inside ip and default port 3128 at user internet explorer properties.
  internet explorerr--tools-properties-connection-lan settting and show there 172.16.10.254 and port 3128.
  at this time my user connect internet when i wrote this. when i remove this they can not connect internet
  but i  do not  want write anything at my user. how i solved this?
  after that one problem occur.
  when my server to  do nslookup it can not work.
  i thnik that it is true because we have only one port 3128 is open and my server need udp 53.so it can not work
  how i solve this issue?
  as you see my access-list all of is open and i do
  static (inside,DMZ) 192.168.193.0 192.168.193.0 netmask 255.255.255.0
  it is this wrong proxy connection???
  musti change proxy server inside interface to other device or asa other interface?
  thanks.

  There is 2 way the proxy server can work, ie: either transparent or explicit proxy.
  From your explaination, explicit proxy works just fine when you configure the proxy settings on your browser.
  The reason why transparent proxy does not work is because:
  1) When user browser connects to the Internet, the ASA default gateway is via the outside interface, that is why the Internet traffic is not being routed transparently towards your proxy server which is connected to the DMZ interface.
  The static NAT statement configured on the ASA does not perform redirection. If you would like to transparently route the internet traffic towards the proxy server on DMZ, you would need to route the traffic towards the proxy server. With the current topology that you have, it is not achievable on the ASA. ASA does not support Policy Based Routing, nor it supports WCCP when the user and the proxy server is on different interfaces.
  2) Also need to find out if the proxy server itself supports transparent proxy.
  Otherwise, since explicit proxy works, why don't you just push the proxy settings to the browser via Active Directory Group Policy?

• External Firewire box for PATA and/or SATA I - SATA II HDDs

  Hi all,
  I'm looking for a weird thing, and I don't know whether it exists or not.
  I've got a bunch of PATA HDDs now on shelf, and I'm wondering how to use them as external backup.
  I googled to find a Firewire box for 4 or 5 PATA and/or SATA I - SATA II HDDs, I didn't find anything, do you know about something similar ?
  Thanks,
  Peloche,
  MacPro 2.66, 6GB, 1TB; Mini G4, 1.45, 1GB; iPod 60 GB; 30" & 20" ACD; Apple IIC   Mac OS X (10.4.8)   X1900XT

  Briefly,
  This item Stardom SOHOBANK U6-4S-S2 Backplane cost :
  220 euros +
  20 euros transport +
  10 euros eSATA cable +
  100 euros PCIe eSATA card =
  Roughly 350 euros and I have to supply HDDs.
  I investigate about my existing HDDs stock :
  1 x 250 Go +
  2 x 120 Go +
  1 x 80 Go =
  570 Go and the enclosure is full.
  I've had a look at French Apple Store they have a MiniMax 640 Go Iomega + hub FireWire / USB integrated for 399 euros (not available on US Apple Store).
  They have also Iomega 320 Go USB 2.2 for 149 euros.
  But I'm concerned about the next future, that means tomorrow, when Leopard starts to hunt beginning of 2007, a nice feature called "Time Machine" will be available.
  This real time backup (if I understood well this feature) will oblige the backup disk to be "on" permanently, that is to say more permanent noise if backup storage is external.
  I've had a look at my existing Mac Pro configuration, I've got:
  Bay 1 : free
  Bay 2 : 1 x 300 Go SATA II
  Bay 3 : 1 x 250 Go SATA II
  Bay 4 : 1 x 250 Go SATA II
  Port 6 : 1 x 150 Go SATA I (Motherboard)
  I'm considering buying a 500 Go Maxtor pro line for Bay 1 for backup purpose only, what do you think ?
  Thanks,
  Peloche,
  MacPro 2.66, 6GB, 1TB; Mini G4, 1.45, 1GB; iPod 60 GB; 30" & 20" ACD; Apple IIC   Mac OS X (10.4.8)   X1900XT

• How do I connect my iMac to an LG TV which has an HDMI, USB, and RGB IN port ?

  I am trying to screen share between my iMac and an LG television which has USB, HDMI, and RGB IN ports; is there a cable which will enable me to do this ?

  Depending on what you mean by "sharing" you also may be a good candidate for an AppleTV. Connecting content stored on your Mac is pretty easy with one, you can display photo's, movies & music  through it. In addition you can use your LG as a simple external display using Airplay assuming your iMac has Airplay capabilities. If any of that interests you then look at Apple's web site on AppleTV, you can buy them refurbished from Apple's online store for $75.00.
  https://www.apple.com/appletv/
  http://store.apple.com/us/browse/home/specialdeals/appletv

• How do I connect my MacBook Pro to an LCD TV (with HDMI and S-Video ports)?

  How do I connect my MacBook Pro to an LCD TV (with HDMI and S-Video ports)?  I assume I would need to use the DVI to Video adapter that came with my computer to connect to my LCD tv.  I'm just not sure which port I should use on the TV.  The HDMI port is being used for digital cable.
  Also, does anyone know if this can be done wirelessly? 

  For a 2010+ MBP you can connect with a Displayport to HDMI, which will include Audio.
  With older MBP you will need a displayport to HDMI, if you want audio to the actually TV, then you will need to get a cable with either digital out from MBP to the HDMI, or USB audio mixed into the HDMI
  eg
  http://eshop.macsales.com/item/NewerTech/CBLMDPHDMID/

• I have an Apple MacBook Pro with 2 USB ports and a MiniDisplay Port. I also have an HDTV with a HDMI port. How can I use the TV as a display without any tethering wires between my computer and the TV?

  I have an Apple MacBook Pro with 2 USB ports and a MiniDisplay Port. I also have an HDTV with a HDMI port. How can I use the TV as a display without any tethering wires between my computer and the TV? I have a MiniDisplay Port to VGA adapter, but there are two issues with it: The new display doesn't have a VGA port, and even if it did, I wouldn't want to have my mac constantly attached to the display by a cable. I was looking for a way to use the TV as a display without any wires. Is there some type of bluetooth setup I could use? Please let me know if you have any suggestions.

  As I wrote above, I think you should look into the Apple TV yourself. The best place to find information about what it can and can't do and to ask your own specific questions is probably in the Apple TV forum, here:
  https://discussions.apple.com/community/appletv/appletv

• I've upgraded to OS 10.8.2 and my Bowers and Wilkins MM-1 Speakers were working fine until today, and now they won't play any sound at all, even though iTunes shows the audio is playing. I've tried both the headphone jack and the USB port. Please help!

  I've upgraded to OS 10.8.2 and my Bowers and Wilkins MM-1 Speakers were working fine until today, and now they won't play any sound at all, even though iTunes shows the audio is playing. I've tried both the headphone jack and the USB port. Please help! I don't want to have to be stuck using my internal speakers!
  Thank you,
  Chris

  Michael,
  Thanks. I haven't mixed down the audio or checked the number of tracks in Prefs. Good points.
  As far as a mixdown goes, I'll definitely give it a try, though I wonder whether or not the tracks will be recognized during mix down recording - given that you can't hear either of those segments in playback. Just have to try.
  Re the preferred number of allowed tracks - I'll go check as soon as I send this off, but I'm not sure that applies in this case, since the two Channels containing the segments that are pinked out are not in additional tracks. I should have mentioned that other audio clips and segments on the same Channels in the SAME tracks ARE heard in playback. As are two additional track in the 2nd Sequence. It's only when the two sequences are joined that the pink tinted segments can't be heard. Within the sequence the same audio cuts playback as they should. Thanks again &
  Best regards,
  David

• MDB and Database - Listener port stops working

  Hi,
  I have created an MDB which does the following when a message is received from the queue.
  1. Store message in database
  2. do some processing
  At step 1, if there is any issue with the database connection (e.g. database is not available etc), I rollback transaction. My idea is to leave the message on queue for now and retry it again after some time unless the database is back again. "Maximum retries" of the listener port is set to N but since there is no retry interval available, all N retries are done in a flash and my listener port stops working. I cannot use backout mechanism as I have to wait for the database to be back again. What are my options?

  usmanchaudhry wrote:
  Hi,
  I have created an MDB which does the following when a message is received from the queue.
  1. Store message in database
  2. do some processing
  At step 1, if there is any issue with the database connection (e.g. database is not available etc), I rollback transaction. My idea is to leave the message on queue for now and retry it again after some time unless the database is back again. "Maximum retries" of the listener port is set to N but since there is no retry interval available, all N retries are done in a flash and my listener port stops working. I cannot use backout mechanism as I have to wait for the database to be back again. What are my options?i believe you need an XA driver and a transaction manager, for starters.
  a simple JDBC rollback won't do it.
  which app server are you using?
  which jms provider?
  %

• How can I connect my 2009 Mac Mini to a TV that only has the Component inputs available? My Mac Mini has a Mini DisplayPort and Mini-DVI port. Thanks.

  How can I connect my 2009 Mac Mini to a TV that only has the Component inputs available? My Mac Mini has a Mini DisplayPort and Mini-DVI port. Thanks.

  Composite is analogue with one connector. That is why it is called composite
  Component is analogue with three connections. I think one for each color
  Here is the one for component. I misread composite for component
  http://www.amazon.com/DVI-I-Component-DisplayPort-Female-Adapter/dp/B003OBOJC2

• I have a time capsule and two air port expresses. The time capsule is in the middle of my house, the expresses equidistant in opposite directions. I would like the expresses to both connect directly to the capsule, but they are connected in serial. How?

  I have a time capsule and two air port expresses. The time capsule is in the middle of my house, the expresses equidistant in opposite directions. I would like the expresses to both connect directly to the capsule, but they are connected in serial. How to reconfigure.
  I ask because I have music running out of both expresses, and the one that is most distant from the time capsule (routed through the first express) regularly drops the music signal from itunes. And I am guessing the serial configuration of the routers has something to do with this, but my root problem is music dropout - any thoughts would be appreciated.

  If you have the the most current model of the Express devices, the default setup is to "extend" the wireless signal.  In this type of setup, each Express communicates directly to the Time Capsule.
  How did you setup the AirPort Express devices?
  What version of the Mac operating system are you using on your MacBook?   Or, do you have AirPort Utility installed on your iPad?

• I've got a 7 year old 30gb video ipod and the headphone port no longer works! Please help :)

  I've got a 7 year old 30gb video ipod and the headphone port no longer works.
  I went to the Apple shop and they said it is now vintage and they can't fix my baby they offered me 10% to trade her in for a new model...
  what else can I try to save her?  I've tried cleaning and wiggling and restoring. Everything looks and feels ok.

  I've just found 'iPod Dock Connector Headphone Jack' on ebay it as an adapter that will connect my earphones via the wide ipod port better than 10% of something new

• Audio output and left USB port is not working!

  Hi! I have MacBook Air 13" late 2010, Audio output and left USB port is not working!
  What happened?
  Part No.: Z0JH000TE RS

  If the left USB port doesnt work with an external mouse its seems to be a hardware malfunction of this USB port.
  The newest BIOS is already installed?
  Have you removed all USB ports from device manager and restarted your notebook?
  If you have already tried this, contact an authorized service provider. The guys can try to fix this issue and it should be covered by warranty, if you still have warranty on this notebook. :)

• Photoshop Elements 11 installed on Mac Mini OS X 10.9.5. Application running successfully on bot main user and administrative accounts for considerable time with no warning messages. When established a new user account on same computer and try to call up

  Photoshop Elements 11 installed on Mac Mini OS X 10.9.5. Application running successfully on bot main user and administrative accounts for considerable time with no warning messages. When established a new user account on same computer and try to call up elements receive message “Some ot the application components are missing from the Application directory. Please reinstall the application.” How do I correct this problem without disturbing application in main user account?

  Brooks lansing if you create a new Administrator account does the same issue occur?  If so then it is likely that there is a file permission failure and file permissions have been set for the existing Users instead of the groups they belong to.
  Have you removed and reinstalled Photoshop Elements 11?  This may reset the file permissions to the correct state to allow it to work under new accounts.

• I've bought an USB-to-ethernet-adapter and a minidisplay-port-to-VGA-adapter. But I can't use them at same time. At first, I plugged those two adapters and only the USB-to-ethernet worked. Tried restarting the mac then only VGA adapter worked.

  I've bought an USB-to-ethernet-adapter and a minidisplay-port-to-VGA-adapter. But I can't use them at the same time. At first, I plugged those two adapters and only the USB-to-ethernet worked. I tried restarting the mac then only the VGA-adapter worked. I also tried to reinstall the OS.
  I'm using new 13-inch MacBook Air early 2015. OS X 10.10.3.

  Thanks Malcolm - Do you think it might be worth trying to flash the firmware on these cases - there seem to be updaters available on Prolific's website. Obviously I'd have to do it on a PC. I've emailed Prolific asking them about my problem. No reply as yet, and I'm not holding my breath! Do you know if there are any other posts on these boards relating to Prolific? Stupid question really - I'll just do a search...
  Thanks again for your post. Cheers from Bonnie Scotland.