ASA: set connection embryonic-conn-max

Similar Messages

• ASA 5505 Connection Limit and TIME_WAIT Freezing Device

  My little ASA 5505 is working great and I am quite happy with the purchase now that I've solved a number of the issues we had, thank you all very much for the help.
  The next issue I have is rather annoying.  The device appears to be artificially crippled and limited to 10,000 connections.  This isn't a "CPU limit" it's just some fake limit in the device as far as I can tell.
  The problem we have is that we are only using around 500-600 connections and CPU usage is only like 25%, and yet the connection count is pegged at 10,000 and locks us out of our network.
  I am pretty sure this is because there are a lot of "dead" TIME_WAIT connections hanging around not being used.  In our application we only have the couple hundred connections but they do move around a bit every now and then.
  Is there anyway to get the device to ignore the "dead" connections and not count them towards the artificial limit on the device given that it's pretty clear the CPU / etc., is not utilized sufficiently.  These aren't real connections, we only have a couple 100 established, they do just move around a bit however.
  We are really only using 500-700 connections according to our servers, the others are just sitting in TIME_WAIT doing nothing.
  Anyone had this issue before or can offer solutions or workarounds?

  Hello,
  Have you checked the output of 'show conn' and 'show local-host' at a time when the connection count is maxed out? If the ASA is not removing idle connections, you should open a TAC case to have this investigated. Otherwise, the above commands should show you which hosts are maxing out the connections and you can take steps to remediate those problem hosts.
  -Mike

• Setting Connection and Read time outs for SOAPConnection

  Below is the code I am using to connect to a web service. I need to set connection timeout and read timeout for the SOAP Connection. I have the solution with using system properties. But my project demands the solution without using system properties. I have gone through google and found the below page
  http://forums.sun.com/thread.jspa?threadID=5117465&messageID=9404850
  which is useful but I am confused to implement. So help me out in solving this issue.
  protected SOAPMessage sendSOAPRequest(SOAPMessage message, String recipient) throws Exception {
  URL urlEndpoint = new URL(recipient);
  SOAPConnectionFactory scf = SOAPConnectionFactory.newInstance();
  SOAPConnection con = scf.createConnection();
  SOAPMessage replyMessage = con.call(message, urlEndpoint);
  return replyMessage;
  }

  I have the same problem for a few days now. Most sites open quickly but any new pages take ages to load. I usually give up if refresh wont help ?

• Setting connection character set

  How to set connection character set when sending query from java program to MySQL database.
  I tried this:
                  String query  = "SET NAMES 'cp1250'";            /* character set */
                  stmt = conn.prepareStatement(query);
                  stmt.executeQuery();                   /*  I also tried stmt.execute();  */
                  query = "SELECT * FROM myTable";
                  stmt  = conn.prepareStatement(query);
                  rs    = stmt.executeQuery();but it doesn't work.
  It works from MySQL command line client.

  The easiest thing to do is to choose AL32UTF8 character set at database creation time because this character set allows to store any character from any supported character set: you don't need to change database character set at all. Please read Oracle doc. recommendation for AL32UTF8: http://download.oracle.com/docs/cd/E11882_01/server.112/e10595/create001.htm#ADMIN13343
  National character set in only used by NCHAR, NVARCHAR2 and NCLOB data types and I recommend to use AL16UTF16 which is default value.

• How to dynamically set connection string for report in C# code?

  Hi,
  I have installed CRVS2010. I have created new Crystal Report WPF Application and new report. I would like to set connection string for report in code dynamically.
  Is this possible?
  Thanks
  Ivana

  Lots of posts in this forum on how to set database connections. WPF should not be a consideration as it's just a viewer. The report engine is still the same. Search these forums. Use the search box at the top right corner of this page. Look at samples here:
  https://wiki.sdn.sap.com/wiki/display/BOBJ/CrystalReportsfor.NETSDK+Samples
  Note that none of the samples above are using WPF, but like I said, the WPF is just a different viewer and will not impact how the report engine logs on to a database. (I think of it as a gray car vs. a red car. Same engine, just the color is different)
  Ludek
  Follow us on Twitter http://twitter.com/SAPCRNetSup
  Got Enhancement ideas? Try the [SAP Idea Place|https://ideas.sap.com/community/products_and_solutions/crystalreports]

• Set connection timeout in LightSwitch HTML

  Hi.
  I am creating Lightswitch HTML application and implementing export functionality using ServerApplicationContext.
  I am trying to export a lot of data and i when i call for DB objects I get connection error. I have tried to set ;Connection Timeout=300 in connection string in web.config but it seams like not functioning, and still failing after 30sec. 
  Can you please guide me where can I set a connection timeout in order to change it's default value from 30 sec to something bigger?

  Igor,
  I think what you are looking for is "CommandTimeout" and not connection timeout. The connection timeout is how long the SQL Client will wait while establishing a connection. A command timeout is how long the SQL Client will wait for a command to complete.
  So if you are executing a long running command, you will run into command timeout issues.
  In order to set the command timeout for your SQL data source, add a "key" to your web.config's <appSettings> node of the following form:
  <appSettings>
  <add key="DataSourceName_CommandTimeout" value="60" />
  </appSettings>
  Replace DataSourceName with the name of your data source.  So if you are using the ApplicationData data source, the key would be named "ApplicationData_CommandTimeout". Look in your Solution Explorer under "Data Sources" for the name of your
  data source.
  The value is the number in seconds for the timeout.
  Eric
  http://blogs.msdn.com/b/eric_erhardt/

• BPC: SOA and setting connection time outs in BPC

  Hi All,
  can any one explain SOA architecture of BCP and how it improves performance?
  My understanding of SOA arcitecture is it breaks down large application into small modules called services.
  Here what are the services it is refering to?
  And in SOA arcitecture, is the client connected to server only when it requests for a service and connection terminates after the service is provided?
  If that is the case, what is the need for setting connection time outs to improve BPC performance.
  Any Help is Greatly appreciated.
  kranthi kumar

  SOA = services oriented architecture
  is a method for systems development and integration where functionality is grouped around business processes and packaged as interoperable services. SOA also describes IT infrastructure which allows different applications to exchange data with one another as they participate in business processes. The aim is a loose coupling of services with operating systems, programming languages and other technologies which underlie applications.[1] SOA separates functions into distinct units, or services[2], which are made accessible over a network in order that they can be combined and reused in the production of business applications.[3] These services communicate with each other by passing data from one service to another, or by coordinating an activity between two or more services. SOA concepts are often seen as built upon, and evolving from older concepts of distributed computing[3][2] and modular programming.
  So SOA is not implemented for performances reason and it is more for integration.
  Regards
  Sorin Radulescu

• Exception setting connection dictionary: null has anyone seen this error

  I am migrating webobjects off of solaris and onto linux servers. The console starts up fine, but when I try to start any of the app instances, i get the following error
  Exception setting connection dictionary: null

  It seems you have multiple tnsnames.ora files. You can set TNS_ADMIN to point to the oracleDB home and it should be ok.

• GPIB connection fault after checking connection in NI MAX

  Hi,
  I have a problem with a system I am using.
  I am connecting to 3 Keithley 2410 power supplies in labview using the Agilent 82357B USB/GPIB Interface.
  The labview program works... but if I check the GPIB connection in NI MAX or in Agilent connections expert before/ during using labview then Labview can no longer connect to the power supplies. It can originally connect to the first two and then the third connection fails following by them all failing.
  Any help would be much appreciated,
  Thanks
  E

  Sounds like you just forced access to the GPIB resource from your LabVIEW program and then you couldn't get the access back.  In general, it is a really bad idea to have multiple programs access the same bus.
  There are only two ways to tell somebody thanks: Kudos and Marked Solutions

• HELP Audio problem when setting windows volume at max and media player at max

  im using msi eclipse x58
  whenever i set my windows volume at max and media player at max also, after few seconds it suddenly not hearing audio but my media player is still playing
  on other applications like skype wenever i set windows volume at max and after few seconds of voice chat with my friend the error says audio device disconnected.
  On  game applications while playing game same thing happens audio is gone
  it is really stressful can someone pls help me out thanks

  Quote from: NovJoe on 17-February-10, 17:01:40
  Please list out your full system specs and PSU specs amps for verification first.
  My Power Supply is Cooler Master Real Power 550W
  i7 core 920
  Nvidia GTS 250
  hard drive
  320gb
  640gb
  2x 2gb 1333 ddr3 ram

• 10.8 Messages.app - set connection status to connecting ERROR

  Hi,
  I want to use AppleScript to connect and disconnect (via AlfredApp / LaunchBar / Quicksilver whatever) instead of navigating to appropriate button or menu with my mouse.
  However, changing the status is working fine (set status to available / away / invisible etc. ). When "set status to offline" Messages.app disconnects, which is expected behaviour. But: I don't find the correct term to re-connect Messages.app again. So far I have tried these terms:
  tell application "Messages"
            set status to available
  end tell
  or
  tell application "Messages"
            set connection status to connecting
  end tell
  or
  tell application "Messages"
            set connection status to connected
  end tell
  Nothing works and I don't find another term from the Messages-Script-Library that seem appropriate to use in order to re-connect Messages.
  Any hint anybody?
  Thank you,
  Sascha

  Change your background colour from Automatic to anything else and then you can change your font:

• I cannot ping two ASA firewalls connected on the same swicth

  Any help please?
  I have two ASA firewalls connected to same layer 2 Switch and with different subnet on Inside interface .
                          ASA-1 ================>[ layer 2 Switch]<====================ASA-2
                                                                               ||
                                                                               ||
                                                                               ||
                                                                       (DHCP-ROUTER)
  ASA- 1 :
  Public IP address;  100.100.1. 2x /32
  LAN ( Inside Interface) IP address; 10.10.41.1
  route outside 0.0.0.0 0.0.0.0 100.100.1.1x.
  route inside 10.10.42.0 255.255.255.0 10.10.10.2 ( DHCP-Router)
  =================================================================
  ASA-2:
  Public IP address; 200.200.1,2x /32
  LAN ( Inside Interface ) IP address ; 10.10.42. 1
  route outside 0.0.0.0  0.0.0.0  200.200.1.1x
  route inside 10.10.41.0 255.255.255.0 10.10.10.2 ( DHCP-Router)
  ================================================================
  DHCP Router ;
  ip dhcp pool ASA1_SUBNET
  network 10.10.41.0 255.255.255.0
  default-router 10.10.41.2
  domain-name me.com
  dns-server 10.10.41.10
  ip dhcp pool ASA2_SUBNET
  network 10.10.42.0 255.255.255.0
  default-router 10.10.42.2
  domain-name me.com
  dns-server 10.10.41.10
  ip route 0.0.0.0 0.0.0.0 10.10.41.1
  ip route 10.10.42.0  255.255.255.0 10.10.42.1
  =================================================
  LAYER 2 SWITCH;
  Int vlan 41
  Ip address 10.10.41.0 255.255.255.0
  no shut
  Int vlan 42
  Ip address 10.10.42.0 255.255.255.0
  no shut
  ip route 0.0.0.0 0.0.0.0 10.10.41.1
  ip route 10.10.42.0  255.255.255.0 10.10.42.1
  Any help please ?
  DaK

  Hi davy,
                                                                Rtr     Rtr
                                                                 |         |
                                                              ASA   ASA   
                                                                 |       /
                                                             Switch ----> DHCP Rtr
                                                                  |
                                                           Vlan 41 & 42
  This would be your design right. As per my understanding you are not able to ping the ASA from one segment to the other from the LAN. Please correct me if my statement is wrong.
  10.10.41.1 (ASA 1 Inside) - 10.10.42.1 (ASA 2 Inside).
  Let me explain how we will make this communication.

• Vpn-asa 5505 - connects fine, can't use resources

  Using Remote Client VPN to access internal Lan behind an ASA 5505 device.  The connection is working fine. But once I connect, I can't access any computer shared folders etc.   The only thing I can do is access the ASA 5505 through the ASDM 7.1    I can only ping the device 10.0.0.1  but nothing else.    The funny thing is that this was working fine,  then in an attempt to speed up the VPN ACCESS (it is pretty slow),  I went into the ASDM configuration software to look around.   Didn't think I changed anything, but now,  it's not working.   Here is a copy of the backup cpg. 
  Any ideas.   Please respond with  ASDM COMMANDS.. I'm a novice at the command line stuff.
  Thanks.
  -brett
  config:
  : Saved
  : Written by enable_15 at 09:19:26.379 UTC Sat Feb 15 2014
  ASA Version 9.1(4)
  hostname ciscoasa
  domain-name hnedu.com
  enable password mnpTCRVkk1.ZjiWJ encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  ip local pool VPNUsers 10.0.0.80-10.0.0.99 mask 255.255.0.0
  interface Ethernet0/0
  switchport access vlan 2
  speed 100
  duplex full
  interface Ethernet0/1
  speed 100
  duplex full
  interface Ethernet0/2
  speed 100
  duplex full
  interface Ethernet0/3
  speed 100
  duplex full
  interface Ethernet0/4
  speed 100
  duplex full
  interface Ethernet0/5
  speed 100
  duplex full
  interface Ethernet0/6
  speed 100
  duplex full
  interface Ethernet0/7
  speed 100
  duplex full
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.0.0.1 255.255.0.0
  interface Vlan2
  description External Connection
  no forward interface Vlan1
  nameif outside
  security-level 0
  ip address 209.117.123.226 255.255.255.224
  boot system disk0:/asa914-k8.bin
  ftp mode passive
  dns domain-lookup inside
  dns domain-lookup outside
  dns server-group DefaultDNS
  name-server 10.0.0.2
  name-server 10.0.0.4
  domain-name hnedu.com
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network obj-10.0.0.0
  subnet 10.0.0.0 255.255.0.0
  object network obj-10.0.0.64
  subnet 10.0.0.64 255.255.255.192
  object network obj-10.0.0.6
  host 10.0.0.6
  object network obj-10.0.3.48
  host 10.0.3.48
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network NETWORK_OBJ_10.0.0.64_26
  subnet 10.0.0.64 255.255.255.192
  object-group network RDP_static
  object-group service RemoteDesktop tcp-udp
  description Windows Remote Desktop Access
  port-object eq 3389
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  access-list inside_access_in extended permit ip any4 any4
  access-list Napoleons_splitTunnelAcl standard permit 10.0.0.0 255.255.0.0
  access-list inside_nat0_outbound extended permit ip 10.0.0.0 255.255.0.0 10.0.0.64 255.255.255.192
  access-list outside_access_in extended permit tcp any4 host 10.0.0.6 eq www
  access-list outside_access_in remark remote desktop to cproom desktop
  access-list outside_access_in extended permit object-group TCPUDP any4 host 10.0.3.48 eq 3389
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-715-100.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,any) source static obj-10.0.0.0 obj-10.0.0.0 destination static obj-10.0.0.64 obj-10.0.0.64 no-proxy-arp route-lookup
  object network obj-10.0.0.6
  nat (inside,outside) static 209.117.123.227
  object network obj-10.0.3.48
  nat (inside,outside) static 209.117.123.228
  object network obj_any
  nat (inside,outside) dynamic interface
  access-group inside_access_in in interface inside control-plane
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 209.117.123.225 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  http 10.0.0.0 255.255.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association pmtu-aging infinite
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map outside_map interface outside
  crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map inside_map interface inside
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ca trustpool policy
  crypto ca certificate chain _SmartCallHome_ServerCA
  certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
      308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
      0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
      30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
      13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
      0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
      20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
      65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
      65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
      30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
      30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
      496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
      74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
      68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
      3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
      63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
      0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
      a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
      9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
      7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
      15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
      63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
      18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
      4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
      81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
      db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
      7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
      ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
      45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
      2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
      1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
      03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
      69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
      02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
      6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
      c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
      69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
      1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
      551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
      1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
      2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
      4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
      b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
      6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
      481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
      b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
      5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
      6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
      6c2527b9 deb78458 c61f381e a4c4cb66
    quit
  crypto ikev2 policy 1
  encryption aes-256
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 10
  encryption aes-192
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 20
  encryption aes
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 30
  encryption 3des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev2 policy 40
  encryption des
  integrity sha
  group 5 2
  prf sha
  lifetime seconds 86400
  crypto ikev1 enable inside
  crypto ikev1 enable outside
  crypto ikev1 policy 10
  authentication pre-share
  encryption 3des
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  management-access inside
  vpn-addr-assign local reuse-delay 5
  vpn-sessiondb max-other-vpn-limit 10
  vpn-sessiondb max-anyconnect-premium-or-essentials-limit 2
  dhcp-client update dns server none
  dhcpd dns 10.0.0.2 10.0.0.4
  dhcpd wins 10.0.0.2 10.0.0.4
  dhcpd domain hnedu.com
  dhcpd option 5 ip 10.0.0.2 10.0.0.4 interface inside
  dhcpd option 6 ip 10.0.0.2 10.0.0.2 interface inside
  dhcprelay server 10.0.0.2 inside
  dhcprelay server 10.0.0.4 inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  group-policy DfltGrpPolicy attributes
  vpn-tunnel-protocol ikev1 ikev2 ssl-clientless
  group-policy Napoleons internal
  group-policy Napoleons attributes
  wins-server value 10.0.0.2 10.0.0.4
  dns-server value 10.0.0.2 10.0.0.4
  vpn-tunnel-protocol ikev1 l2tp-ipsec
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Napoleons_splitTunnelAcl
  default-domain value hnedu.com
  group-policy Napoleon internal
  group-policy Napoleon attributes
  wins-server value 10.0.0.2 10.0.0.4
  dns-server value 10.0.0.2 10.0.0.4
  vpn-tunnel-protocol ikev1
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value Napoleons_splitTunnelAcl
  default-domain value hnedu.com
  username bpenza password LTg/b/c3kPWfC8KM encrypted privilege 0
  username bpenza attributes
  vpn-group-policy Napoleons
  username baudette password nPZIRfshkE7WcaDQ encrypted
  username baudette attributes
  vpn-group-policy Napoleons
  tunnel-group Napoleons type remote-access
  tunnel-group Napoleons general-attributes
  address-pool VPNUsers
  default-group-policy Napoleons
  tunnel-group Napoleons ipsec-attributes
  ikev1 pre-shared-key Holyname12
  tunnel-group Napoleon type remote-access
  tunnel-group Napoleon general-attributes
  address-pool VPNUsers
  default-group-policy Napoleon
  tunnel-group Napoleon ipsec-attributes
  ikev1 pre-shared-key Holyname12
  policy-map global-policy
  class class-default
    user-statistics accounting
  service-policy global-policy global
  prompt hostname context
  call-home reporting anonymous
  Cryptochecksum:eb9d34735b125eb61d8f7d93247ad9b7
  : end

  You need to discuss this issue with your network administrator. I suspect the network ports that allow VPN access to the system you want to use may be closed.
  You also need to confirm that the VPN software you are using is compatible with the network you are trying to access. Where I work, the VPN software that comes with Mac OS X is not
  compatible with the network so I have to use VPN software that was provided by my employer. You might be in the same situation.

• Can I set the Datasource/Conn-pool credential programmatically ?

  Hi all,
  Within our ADF BC + Faces application, we use Crystal Report for our reporting solution.
  Crystal use different db connection from one used by the ADF BC. so I create a Datasource in OAS, to be used only by Crystal Report.
  Here is my problem :
  We also use VPD. So I have requirement to login as DifferentUser to make the VPD run correctly.
  How can I programmatically set the username and password of the datasource/conn-pool based on who is logging in to the application ?
  Thank you for your help,
  xtanto

  Good question; I don't know the answer. Try a post in the Identity Management section.
  Perhaps something with Enterprise Authentication may help.

• Multiple sites ASA's connected to Cable modems with same DHCP address

  I have several locations with an ASA 5505 installed behind a cable modem. The cable modem is issuing DHCP for the same network address range in these locations. I have the outside interface obtaining DHCP from the cable moden network and the asa's are receiving the same outside address. I have the remotes set to use EZVPN to create the VPN tunnel back to the head end ASA 5540. I am seeing constant rekeying for phase 2 for those remote sites. is there any thing I can do short of assigning each asa a unique outside address?

  Dave
  The Linksys doing NAT is the reason why the ASA sees all the traffic as having source address as 192.168.2.1. The only way for the ASA to see the original 192.168.1.x address is to change the Linksys to not do NAT.
  One thing that I notice is that there is not a route statement in what you posted for the 192.168.1.0 network. It is not clear whether the route does exist and you did not post it or whether the route does not exist. But if it does not exist it would certainly be a reason why you lose Internet connectivity when you change the Linksys to not perform NAT. (the ASA would have no knowledge of how to forward to the network and would drop all the traffic). Try adding the route to the ASA and changing the Linksys to not perform NAT and let us know if it works.
  HTH
  Rick