ASA5510 dynamic VPN from RV042
So far I have a complete phase 1, and an almost complete phase 2, but one thing I can't figure out. I see this in the debug.
peer is not authenticated by xauth - drop connection.
I get it right after the proxy is setup.
Here is my config
group-policy DefaultRAGroup attributes
vpn-idle-timeout none
vpn-tunnel-protocol ikev1 l2tp-ipsec
password-storage enable
nem enable
tunnel-group DefaultRAGroup general-attributes
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
ikev1 user-authentication none
I have tried many different configurations on both sides, but they all fail with the same error of peer not authenticated by xauth.
I have tried it with it on, with it off and always the same thing comes back.
Here is aaa common 50 debug
Initiating tunnel group policy lookup (Svr Grp: GROUP_POLICY_DB)
AAA FSM: In AAA_BindServer
AAA_BindServer: Using server:
AAA FSM: In AAA_SendMsg
User: DefaultRAGroup
Resp:
grp_policy_ioctl(0x0a250e40, 114698, 0xa9372788)
grp_policy_ioctl: Looking up DefaultRAGroup
callback_aaa_task: status = 1, msg =
AAA FSM: In aaa_backend_callback
aaa_backend_callback: Handle = 114, pAcb = 0xadae6da0
AAA task: aaa_process_msg(0xa9373220) received message type 1
AAA FSM: In AAA_ProcSvrResp
Back End response:
Tunnel Group Policy Status: 1 (ACCEPT)
AAA FSM: In AAA_NextFunction
AAA_NextFunction: i_fsm_state = IFSM_TUNN_GRP_POLICY, auth_status = ACCEPT
AAA_NextFunction: New i_fsm_state = IFSM_DONE,
AAA FSM: In AAA_ProcessFinal
AAA FSM: In AAA_Callback
user attributes:
1 User-Name(1) 14 "DefaultRAGroup"
2 User-Password(2) 0 0xae048023 ** Unresolved Attribute **
user policy attributes:
None
tunnel policy attributes:
1 Idle-Timeout(28) 4 0
2 Tunnelling-Protocol(4107) 4 12
3 Store-PW(4112) 4 1
4 Group-Policy(4121) 14 "DefaultRAGroup"
5 Network-Extension-Mode-Allowed(4160) 4 1
AAA API: In aaa_close
AAA API: In aaa_send_acct_start
AAA task: aaa_process_msg(0xa9373220) received message type 3
In aaai_close_session (114)
AAA API: In aaa_open
AAA session opened: handle = 115
AAA API: In aaa_process_async
aaa_process_async: sending AAA_MSG_PROCESS
AAA task: aaa_process_msg(0xa9373220) received message type 0
AAA FSM: In AAA_StartAAATransaction
AAA FSM: In AAA_InitTransaction
aaai_policy_name_to_server_id(DefaultRAGroup)
Got server ID 0 for group policy DB
and isakmp 127 with the relevant information. Up to this point it passes.
Feb 24 14:27:54 [IKEv1 DECODE]Group = DefaultRAGroup, IP = x.x.x.x, ID_IPV4_ADDR_SUBNET ID received--10.253.20.0--255.255.255.0
Feb 24 14:27:54 [IKEv1]Group = DefaultRAGroup, IP = x.x.x.x, Received remote IP Proxy Subnet data in ID Payload: Address 10.253.20.0, Mask 255.255.255.0, Protocol 0, Port 0
Feb 24 14:27:54 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = x.x.x.x, processing ID payload
Feb 24 14:27:54 [IKEv1 DECODE]Group = DefaultRAGroup, IP = x.x.x.x, ID_IPV4_ADDR ID received
66.252.79.16
Feb 24 14:27:54 [IKEv1]Group = DefaultRAGroup, IP = x.x.x.x., Received local Proxy Host data in ID Payload: Address x.x.x.x, Protocol 0, Port 0
Feb 24 14:27:54 [IKEv1]Group = DefaultRAGroup, IP = x.x.x.x, peer is not authenticated by xauth - drop connection.
Feb 24 14:27:54 [IKEv1]Group = DefaultRAGroup, IP = x.x.x.x, QM FSM error (P2 struct &0xace21cd8, mess id 0xb4d2530a)!
Feb 24 14:27:54 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = x.x.x.x, IKE QM Responder FSM error history (struct &0xace21cd8) , : QM_DONE, EV_ERROR-->QM_BLD_MSG2, EV_PROC_MSG-->QM_BLD_MSG2, EV_HASH_OK-->QM_BLD_MSG2, NullEvent-->QM_BLD_MSG2, EV_COMP_HASH-->QM_BLD_MSG2, EV_VALIDATE_MSG-->QM_BLD_MSG2, EV_DECRYPT_OK-->QM_BLD_MSG2, NullEvent
Feb 24 14:27:54 [IKEv1 DEBUG]Group = DefaultRAGroup, IP = x.x.x.x, sending delete/delete with reason message
Similar Messages
-
Dynamic VPN From Juniper SSG5 Uses DefaultRAGroup
I am trying to set up a VPN to an ASA5540 with a static IP address from a Juniper SSG5 with a dynamic IP address. I have tested the configuration from an ASA to ASA and it works fine. When I try to connect with the Juniper SSG5 it does not work. I did a debug crypto ikev1 and it shows the SSG5 defaulting to the DefaultRAGroup. It's supposed to use the DefaultL2LGroup. Does anyone have an idea of what could be the problem. I will post the configuration shortly. I appreciate the help.
Below is the config of the ASA. This works fine from another ASA, but does not from the Juniper SSG5.
interface GigabitEthernet0
nameif outside
security-level 0
ip address 10.1.1.2 255.255.255.252
interface GigabitEthernet1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface GigabitEthernet2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet5
shutdown
no nameif
no security-level
no ip address
ftp mode passive
access-list vpn extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 10.1.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set 3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map EXTERNAL 5 match address vpn
crypto dynamic-map DYNAMIC-MAP 5 set ikev1 transform-set 3DES-SHA
crypto map EXTERNAL 5 ipsec-isakmp dynamic DYNAMIC-MAP
crypto map EXTERNAL interface outside
crypto ikev1 enable outside
crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key ***** -
ASA 5505 site to site VPN from a device 7.2 to a device 8.2
I'm trying to make some test with two ASA 5505; one has software version 7.2(4) the other 8.2.
I would like to make a sit to site VPN from the two device.
I followed the VPN site to site wizard on both machine with the correct parameters, but it does'n work.
Is it possible to make this kind of VPN between devices with different Software version? Or I should upg the older with 7.2 to 8.2 before ?
Thank for your help.
MarcoTks Soeren for your help, these are some info about my test:
Cisco 1 (7.2) Ext 192.168.0.1
Int 192.168.11.50
Cisco 2 (8.2) Ext 192.168.0.2
Int 192.168.10.254
Common gateway 192.168.0.254
Both Ext interface of Cisco 1 & Cisco 2 are on a common switch, like the gateway.
These are SH run:
Cisco 1
ASA Version 7.2(4)
hostname DigiASA
domain-name ************
enable password ************* encrypted
passwd *************** encrypted
names
name 192.168.10.0 REMOTE-LAN
interface Vlan1
nameif inside
security-level 100
ip address 192.168.11.150 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name *************
access-list acl_outbound extended permit tcp any host 192.168.0.1 eq ftp-data
access-list acl_outbound extended permit tcp any host 192.168.0.1 eq ftp
access-list acl_outbound extended permit tcp any host 192.168.0.1 eq https
access-list acl_outbound extended permit tcp any host 192.168.0.1 eq pop3
access-list acl_outbound extended permit tcp any host 192.168.0.1 eq www
access-list acl_inbound extended permit tcp 192.168.11.0 255.255.255.0 any eq www
access-list acl_inbound extended permit tcp 192.168.11.0 255.255.255.0 any eq ftp
access-list acl_inbound extended permit tcp 192.168.11.0 255.255.255.0 any eq ftp-data
access-list acl_inbound extended permit tcp 192.168.11.0 255.255.255.0 any eq smtp
access-list acl_inbound extended deny tcp any any eq www
access-list acl_inbound extended deny tcp any any eq ftp
access-list acl_inbound extended deny tcp any any eq ftp-data
access-list acl_inbound extended deny tcp any any eq smtp
access-list acl_inbound extended deny udp any eq tftp any
access-list acl_inbound extended deny tcp any eq 135 any
access-list acl_inbound extended deny udp any eq 135 any
access-list acl_inbound extended deny tcp any eq 137 any
access-list acl_inbound extended deny udp any eq netbios-ns any
access-list acl_inbound extended deny tcp any eq 138 any
access-list acl_inbound extended deny udp any eq netbios-dgm any
access-list acl_inbound extended deny tcp any eq netbios-ssn any
access-list acl_inbound extended deny udp any eq 139 any
access-list acl_inbound extended deny udp any eq 1080 any
access-list acl_inbound extended deny tcp any eq 445 any
access-list acl_inbound extended deny tcp any eq 593 any
access-list acl_inbound extended deny tcp any eq 3067 any
access-list acl_inbound extended deny tcp any eq 3127 any
access-list acl_inbound extended deny tcp any eq 4444 any
access-list acl_inbound extended deny tcp any eq 5554 any
access-list acl_inbound extended deny tcp any eq 9996 any
access-list acl_inbound extended deny tcp any eq 36794 any
access-list acl_inbound extended permit ip any any
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.230
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.231
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.232
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.233
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.234
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.235
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.236
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.237
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.238
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.239
access-list VPN extended permit ip 192.168.11.0 255.255.255.0 host 192.168.11.240
access-list inside_nat0_outbound extended permit ip 192.168.11.0 255.255.255.0 REMOTE-LAN 255.255.255.0
access-list SplitTunnelNets standard permit 192.168.11.0 255.255.255.0
access-list outside_1_cryptomap extended permit ip 192.168.11.0 255.255.255.0 REMOTE-LAN 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool Ext-IP 192.168.11.230-192.168.11.240 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface www 192.168.11.11 www netmask 255.255.255.255
static (inside,outside) tcp interface ftp 192.168.11.11 ftp netmask 255.255.255.255
static (inside,outside) tcp interface https 192.168.11.10 https netmask 255.255.255.255
access-group acl_inbound in interface inside
access-group acl_outbound in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.0.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.11.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 192.168.0.2
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
telnet 192.168.11.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
group-policy DIGI internal
group-policy DIGI attributes
dns-server value 192.168.11.1 213.140.2.21
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SplitTunnelNets
default-domain value DIGI
username Marco password ***************** encrypted privilege 15
username Marco attributes
vpn-group-policy DIGI
tunnel-group DIGI type ipsec-ra
tunnel-group DIGI general-attributes
address-pool Ext-IP
default-group-policy DIGI
tunnel-group DIGI ipsec-attributes
pre-shared-key *
tunnel-group DIGIVPN type ipsec-l2l
tunnel-group DIGIVPN ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cisco 2
ASA Version 8.2(1)
hostname XFASA
domain-name ****************
enable password ***************** encrypted
passwd ***************** encrypted
names
name 192.168.11.0 REMOTE-LAN
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 192.168.0.2 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name **************
access-list acl_outbound extended permit tcp any host 192.168.0.2 eq ftp-data
access-list acl_outbound extended permit tcp any host 192.168.0.2 eq ftp
access-list acl_outbound extended permit tcp any host 192.168.0.2 eq https
access-list acl_outbound extended permit tcp any host 192.168.0.2 eq pop3
access-list acl_outbound extended permit tcp any host 192.168.0.2 eq www
access-list acl_inbound extended permit tcp 192.168.10.0 255.255.255.0 any eq www
access-list acl_inbound extended permit tcp 192.168.10.0 255.255.255.0 any eq ftp
access-list acl_inbound extended permit tcp 192.168.10.0 255.255.255.0 any eq ftp-data
access-list acl_inbound extended permit tcp 192.168.10.0 255.255.255.0 any eq smtp
access-list acl_inbound extended deny tcp any any eq www
access-list acl_inbound extended deny tcp any any eq ftp
access-list acl_inbound extended deny tcp any any eq ftp-data
access-list acl_inbound extended deny tcp any any eq smtp
access-list acl_inbound extended deny udp any eq tftp any
access-list acl_inbound extended deny tcp any eq 135 any
access-list acl_inbound extended deny udp any eq 135 any
access-list acl_inbound extended deny tcp any eq 137 any
access-list acl_inbound extended deny udp any eq netbios-ns any
access-list acl_inbound extended deny tcp any eq 138 any
access-list acl_inbound extended deny udp any eq netbios-dgm any
access-list acl_inbound extended deny tcp any eq netbios-ssn any
access-list acl_inbound extended deny udp any eq 139 any
access-list acl_inbound extended deny udp any eq 1080 any
access-list acl_inbound extended deny tcp any eq 445 any
access-list acl_inbound extended deny tcp any eq 593 any
access-list acl_inbound extended deny tcp any eq 3067 any
access-list acl_inbound extended deny tcp any eq 3127 any
access-list acl_inbound extended deny tcp any eq 4444 any
access-list acl_inbound extended deny tcp any eq 5554 any
access-list acl_inbound extended deny tcp any eq 9996 any
access-list acl_inbound extended deny tcp any eq 36794 any
access-list acl_inbound extended permit ip any any
access-list SplitTunnelNets standard permit 192.168.10.0 255.255.255.0
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.230
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.231
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.232
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.233
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.234
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.235
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.236
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.237
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.238
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.239
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 host 192.168.10.240
access-list outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 REMOTE-LAN 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 REMOTE-LAN 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool Ext-IP 192.168.10.230-192.168.10.240 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
access-group acl_inbound in interface inside
access-group acl_outbound in interface outside
route outside 0.0.0.0 0.0.0.0 192.168.0.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.10.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set pfs group1
crypto map outside_map 1 set peer 192.168.0.1
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.10.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.10.50-192.168.10.150 inside
dhcpd dns 85.18.200.200 89.97.140.140 interface inside
dhcpd domain XFACTOR interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy XFA internal
group-policy XFA attributes
dns-server value 85.18.200.200
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SplitTunnelNets
default-domain value XFDMN
username Marco password ************* encrypted privilege 15
username Marco attributes
vpn-group-policy XFA
username xfa password ************* encrypted privilege 0
username xfa attributes
vpn-group-policy XFA
tunnel-group XFA type remote-access
tunnel-group XFA general-attributes
address-pool Ext-IP
default-group-policy XFA
tunnel-group XFA ipsec-attributes
pre-shared-key *
tunnel-group DIGIVPN type ipsec-l2l
tunnel-group DIGIVPN ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
I hope you can find anything wrong, because I ddidn't find.
Thanks again
Marco -
Problem in Configuring Dynamic VPN in the pix
Hi All,
I am having a problem in configuring a dynamic VPN in my pix which has the 7.2 version of ios but i am able to work with same configuration in the pix whch has 6.3 version i just want a user from outside my network using the vpn client access the resource inside my network below is my configuration is it ok are should i need to do anything more? please advice me.
ip local pool vpnpool1 192.168.170.1-192.168.170.254
crypto dynamic-map map2 20 set transform-set guatemala1
crypto map map1 20 ipsec-isakmp dynamic map2
crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes-256
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup Guatemalavpn address-pool vpnpool1
vpngroup Guatemalavpn split-tunnel inside_nat0_outbound
vpngroup Guatemalavpn idle-time 36000
vpngroup Guatemalavpn password xxxxxxx
access-list outside_acl permit tcp 192.168.170.0 255.255.255.0 172.19.10.0 255.255.255.0
route outside 192.168.170.0 255.255.255.0 200.30.222.65
access-list inside_nat0_outbound extended permit ip any 192.168.170.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
access-list 102 permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
nat (inside) 0 access-list inside_nat0_outboundTry it and tell me if works:
ip local pool vpnpool1 192.168.170.1-192.168.170.254
access-list inside_nat0_outbound extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
access-list acl-inside extended permit ip 172.19.10.0 255.255.255.0 192.168.170.0 255.255.255.0
access-group acl-inside in interface inside
nat (inside) 0 access-list inside_nat0_outbound
group-policy Guatemalavpn internal
group-policy Guatemalavpn attributes
wins-server value xx.xx.xx.xx
dns-server value xx.xx.xx.xx
default-domain value mydomain.com
crypto ipsec transform-set guatemala1 esp-aes-256 esp-sha-hmac
crypto dynamic-map map2 20 set transform-set guatemala1
crypto map map1 20 ipsec-isakmp dynamic map2
crypto map map1 interface outside
crypto isakmp identity address
crypto isakmp enable outside
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption aes-256
isakmp policy 20 hash sha
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
tunnel-group Guatemalavpn type ipsec-ra
tunnel-group Guatemalavpn general-attributes
address-pool vpnpool1
default-group-policy Guatemalavpn
tunnel-group Guatemalavpn ipsec-attributes
pre-shared-key *
route outside 192.168.170.0 255.255.255.0 200.30.222.65 -
Hi All,
I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
2811 having C2800NM-ADVIPSERVICESK9-M
2811 router connects to the Internet SW then connects to the Internet router.
Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
Below is router config for VPN & NAT
crypto keyring ISR_Keyring
pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
crypto isakmp profile isa-profile
keyring ISR_Keyring
self-identity user-fqdn [email protected]
match identity user vpn-proxy.websense.net
crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
set peer vpn.websense.net dynamic
set transform-set ESP-NULL-SHA
set isakmp-profile isa-profile
match address 101
interface FastEthernet0/1
description connected to Internet
ip address 216.222.208.101 255.255.255.128
ip access-group HVAC_Public in
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
crypto map GUEST_WEB_FILTER
access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
access-list 103 permit ip 192.168.8.0 0.0.3.255 any
ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
ip nat inside source list 103 interface FastEthernet0/1 overload
ip nat inside source route-map nonat pool mypool overloadHow does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
Check
show crypto isakmp sa
show crypto ipsec sa
show crypto session
You'd better remove the preshared key from your post. -
i would like to setup a ipsec to the juniper firewall.My cisco box is 1841 and have 3g gsm card.I try to initiate traffic from cisco,its ok but juniper phase 1 is not ok. Ä°s there any suggesstion for dynamic vpn issue or anyone try this before ?
Regardsi would like to setup a ipsec to the juniper firewall.My cisco box is 1841 and have 3g gsm card.I try to initiate traffic from cisco,its ok but juniper phase 1 is not ok. Ä°s there any suggesstion for dynamic vpn issue or anyone try this before ?
Regards -
Problem establishing SSL VPN from only 1 IP address
Hi,
I'm experiencing strange problem.
I can't establish SSL VPN connection from 1 IP address, but I don't have problem establishing SSL VPN from any other IP address.
Remote IP address: 10.0.0.1
ASA's public IP address: 192.168.1.1
Output of packet-tracer:
1. with problematic source IP address:
packet-tracer input wan tcp 10.0.0.1 50601 192.168.1.1 443 detailed
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.1.1 255.255.255.255 identity
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fff37573f00, priority=119, domain=permit, deny=false
hits=861, user_data=0x0, cs_id=0x0, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=443, dscp=0x0
input_ifc=wan, output_ifc=identity
Phase: 3
Type: CONN-SETTINGS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fff38a10a50, priority=8, domain=conn-set, deny=false
hits=4069, user_data=0x7fff38770910, cs_id=0x0, reverse, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=192.168.1.1, mask=255.255.255.255, port=443, dscp=0x0
input_ifc=wan, output_ifc=identity
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fff395c7d70, priority=0, domain=inspect-ip-options, deny=true
hits=4044934, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=wan, output_ifc=any
Phase: 5
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fff37560700, priority=13, domain=ipsec-tunnel-flow, deny=true
hits=2268518, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=wan, output_ifc=any
Phase: 6
Type: TCP-MODULE
Subtype: webvpn
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fff38a10cc0, priority=13, domain=soft-np-tcp-module, deny=false
hits=4627, user_data=0x7fff38c14300, cs_id=0x0, reverse, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=192.168.1.1, mask=255.255.255.255, port=443, dscp=0x0
input_ifc=wan, output_ifc=identity
Phase: 7
Type: VPN
Subtype: encrypt
Result: DROP
Config:
Additional Information:
Reverse Flow based lookup yields rule:
out id=0x7fff375504a0, priority=69, domain=encrypt, deny=false
hits=40747, user_data=0x0, cs_id=0x7fff3754fa40, reverse, flags=0x0, protocol=0
src ip/id=192.168.1.1, mask=255.255.255.255, port=0
dst ip/id=10.0.0.1, mask=255.255.255.255, port=0, dscp=0x0
input_ifc=any, output_ifc=wan
Result:
input-interface: wan
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
If I run packet-tracer with any other source IP address, let's say 10.0.0.2, everything is OK:
packet-tracer input wan tcp 10.0.0.2 50601 192.168.1.1 443 de
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.1.1 255.255.255.255 identity
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fff37573f00, priority=119, domain=permit, deny=false
hits=862, user_data=0x0, cs_id=0x0, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=443, dscp=0x0
input_ifc=wan, output_ifc=identity
Phase: 3
Type: CONN-SETTINGS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fff38a10a50, priority=8, domain=conn-set, deny=false
hits=4090, user_data=0x7fff38770910, cs_id=0x0, reverse, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=192.168.1.1, mask=255.255.255.255, port=443, dscp=0x0
input_ifc=wan, output_ifc=identity
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fff395c7d70, priority=0, domain=inspect-ip-options, deny=true
hits=4047886, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=wan, output_ifc=any
Phase: 5
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fff37560700, priority=13, domain=ipsec-tunnel-flow, deny=true
hits=2270040, user_data=0x0, cs_id=0x0, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=wan, output_ifc=any
Phase: 6
Type: TCP-MODULE
Subtype: webvpn
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0x7fff38a10cc0, priority=13, domain=soft-np-tcp-module, deny=false
hits=4648, user_data=0x7fff38c14300, cs_id=0x0, reverse, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=192.168.1.1, mask=255.255.255.255, port=443, dscp=0x0
input_ifc=wan, output_ifc=identity
Phase: 7
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
out id=0x7fff3a1cc320, priority=0, domain=user-statistics, deny=false
hits=4902651, user_data=0x7fff3a0043c0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=any, output_ifc=wan
Phase: 8
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 4384689, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_tcp_mod
snp_fp_adjacency
snp_fp_fragment
snp_fp_drop
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: wan
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: allow
I run packet capture on WAN interface - and I can only see incoming packets (SYN) with destination to tcp/443 but there isn't any outgoing packet (SYN/ACK).
I even can't open web page from internet browser (url https://192.168.1.1) when source IP is 10.0.0.1, but I can open "SSL VPN Service" web page from any other source IP address.
The only thing different with this IP address is that there's configured site-to-site (IPsec) vpn tunnel from same source to same destination IP address.
Here is the configuration of the tunnel:
group-policy GroupPolicy_10.0.0.1 internal
group-policy GroupPolicy_10.0.0.1 attributes
vpn-filter value VPN-ACL
vpn-tunnel-protocol ikev1 ssl-client
access-list VPN-ACL:
access-list VPN-ACL extended permit ip object-group DM_INLINE_NETWORK_83 object-group DM_INLINE_NETWORK_84
object-group network DM_INLINE_NETWORK_83
network-object 10.11.217.0 255.255.255.0
network-object 192.168.201.0 255.255.255.0
object-group network DM_INLINE_NETWORK_84
network-object 10.11.217.0 255.255.255.0
network-object 192.168.201.0 255.255.255.0
tunnel local & remote networks:
access-list wan_cryptomap_5 extended permit ip 10.11.217.0 255.255.255.0 192.168.201.0 255.255.255.0
crypto map wan_map 5 match address wan_cryptomap_5
crypto map wan_map 5 set connection-type answer-only
crypto map wan_map 5 set peer 10.0.0.1
crypto map wan_map 5 set ikev1 transform-set ESP-3DES-SHA
I've configured the same setup in my lab and I can't reproduce the error.
The SW version running on ASA is asa861-12.
I'm out of ideas.Just collected some other information:
1. traceroute shows that traffic is not leaving ASA at all
1 * * *
2 * * *
3 * * *
I double checked that there is no "strange" entry for remote public IP in routing. Traffic with destination to remote IP should be sent via default gateway like all other traffic.
2. debug crypto ipsec shows this information when I ping public IP address of the remote host (with VPN
IPSEC(crypto_map_check)-3: Looking for crypto map matching 5-tuple: Prot=1, saddr=192.168.1.1, sport=30647, daddr=10.0.0.1, dport=30647
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 1: skipping because 5-tuple does not match ACL wan_cryptomap_1.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 2: skipping because 5-tuple does not match ACL wan_cryptomap_2.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 3: skipping because 5-tuple does not match ACL wan_cryptomap_3.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 4: skipping because 5-tuple does not match ACL wan_cryptomap_4.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 5: skipping dormant map.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 5: skipping dormant map.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 6: skipping because 5-tuple does not match ACL wan_cryptomap_6.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 7: skipping because 5-tuple does not match ACL wan_cryptomap_7.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 8: skipping because 5-tuple does not match ACL wan_cryptomap_8.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 9: skipping because 5-tuple does not match ACL wan_cryptomap_9.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 10: skipping because 5-tuple does not match ACL wan_cryptomap_10.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 11: skipping because 5-tuple does not match ACL wan_cryptomap_11.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 13: skipping because 5-tuple does not match ACL wan_cryptomap_13.
IPSEC(crypto_map_check)-5: Checking crypto map wan_map 65535: skipping dynamic_link.
IPSEC(crypto_map_check)-1: Error: No crypto map matched.
It really seems that the whole problem is that ASA is trying to encrypt traffic sent from public IP address of one VPN endpoint and targeted to public IP address of another VPN endpoint and send it to remote VPN endpoint via IPcec tunel.
There is indeed VPN tunnel established between both VPN endpoints, but there are just local and remote networks defined with private IP address space for this tunnel, VPN endpoint's public IP addresses are not included in the definition of this IPsec VPN tunnel.
And there are at least two more IPsec VPN tunnels configured the same way and I can't reprodure this error on there two VPN tunnels.
Any idea? -
Open a Dynamic URL from a Table column link
Hi,
Jdev Version (11.1.1.6.0)
I have requirement to open a dynamic URL from table column. Any time I click on link, it should generate dynamic URL based on column attribute and open in popup or browser. Can someone pls suggest how to achieve this.
Thanks
Ank1)If you have any parameters that needs to be passed to build that dynamicURL, just set a propertyListener on the column attribute and get the value.
2)Then on the af:commandLink action, build your dynamicURL with the required parameters.
3) If you URL is all together a different application which doesn't share your transaction, you can open it as below
In the below code, urlWithParams will be your dynamicURL.
ExtendedRenderKitService erks =
Service.getRenderKitService(facesContext, ExtendedRenderKitService.class);
StringBuilder sbURL = new StringBuilder();
sbURL.append("window.open(\"" + urlWithParams + "\");");
erks.addScript(facesContext, sbURL.toString());
You can also try the above response by user 948181.
Hope it helps. -
Swap task flow in dynamic region from menuitem in menubar
Hello,
I have a dynamic region and two task flows. I have action listeners that swap the task flows into the dynamic regions. When these action listeners are tied to buttons, everything works as expected, but if i attach them to menuitems on a menubar, despite the fact the the listener is executed (based on log file debugging), the task flow in the region does not change.
Can anyone please give me an idea why, and exactly how someone can swap a task flow in a dynamic region from a menuitem.
I'm using Jdeveloper 11.1.1.0.1
Thanks
Edited by: fakintoy on Apr 22, 2009 3:45 PM
Edited by: fakintoy on Apr 22, 2009 3:46 PM
Edited by: fakintoy on Apr 22, 2009 4:06 PMHi,
My guess is that the region is not added to the list of partial targets. Add a partialTrigger on the region pointing on the menu item.
p.s. Code snippet would really help to get a more precise answer here
Regards,
~ Simon -
Portal dynamic iView from Web Dynpro ABAP?
I wish to use a "Dynamic iView" from a Web Dynpro ABAP application, but it appears the API is only available in Web Dynpro Java. Can this feature be used from Web Dynpro ABAP, or can this be accomplished in another way?
Scenario: I have two iViews on a page, one Web Dynpro ABAP and another iView whose source I want to change dynamically based on something a user clicks in the Web Dynpro ABAP.
Dynamic iView:
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/44/a72c155df77038e10000000a422035/frameset.htmSo you are suggesting the WDA fires an event to a new WDJ that we would need to create that would in turn use the Dynamic iView service mentioned in that help document?
-
Possible to set Dynamic Config from ABAP Proxy
Hi,
I know how to get and set Dynamic Config from Java/XSLT mappings and adapter modules. But I want to do this from an outbound ABAP Proxy Call (in the same way I can set the serialization context for EOIO), is that possible?
The scenario is: I have an interface; Proxy -> Xi -> ftp, with no mapping. It seems unnecessary to introduce a mapping just to set some dynamic config values for the receiving adapter which are already known at the outbound proxy call...
rgds JohanHi Bhavesh,
In the thread you mention it is shown that you can set Dynamic Config properties during an ABAP mapping. My question was if I can set these properties already in the proxy call? Or did I miss something?
Of-course I can introduce a dummy mapping in Java/XSLT/ABAP which copies the source message to the result message and sets the dynamic config properties, but I would rather not introduce a mapping if not neccessary...
rgds Johan -
Dynamic link from Premiere to Speed grade is incredible slow.
Dynamic link from Premiere to Speed grade is incredible slow. About 10 minutes or so. I usually measure the time by hands of Solitaire, min 3 wins. I've trashed prefs, OS and apps all updated, run system maintenance. I'm at a loss. This workflow isn't working for me. Please give me some troubleshooting ideas.
Thanks Bill
Mac OS 10.10.2 64gb ram
Premiere CC 2014 8.2.0
Speedgrade Cc 2014bill lauer wrote:
Or is the workflow save/Quit my project in Premiere. then open in Speedgrade. Then save/Quit my project in Speedgrade and re-open in Premiere?
yeah thats basically it, you could leave premiere open but save and close the project before opening it up in speedgrade. if you are going to be in speedgrade a while, its best to just close premiere so it doesn't tie up any system resources sitting in the background. the dynamic link buttons/commands in premiere and speedgrade just save, close, and open in other program. so once you do your work in speedgrade save the project, close, then open it back in premiere and it should all be there. -
Error implementing dynamic callback from BPEL process
Hi,
I am trying to use dynamic callback from a BPEL process..
Created a variable of type EndpointReference by importing the ws-addressing.xsd. in the partnerlink wsdl..
I assigned the URL to the variable's address field ...
<copy>
<from expression="'http://172.31.171.123:8888/PubSubWLPOC-CallbackSvc2-context-root/EIPWFServiceCallbackPort'"/>
<to variable="ep_var" query="/ns3:EndpointReference/ns3:Address"/>
</copy>
Gives no error till now...
But when I try to assign the same variable to the partnerlink, I get an error..
<assign name="Assign_7">
<copy>
<from variable="ep_var"/>
<to partnerLink="MyWebService1"/>
</copy>
</assign>
The error is like this(from the $SOA_HOME\bpel\domains\default\logs) :-
java.lang.NullPointerException
at com.collaxa.cube.engine.types.bpel.CXPartnerLink.copy(CXPartnerLink.java:246)
at com.collaxa.cube.engine.ext.wmp.BPELAssignWMP.performCopyTo(BPELAssignWMP.java:1151)
at com.collaxa.cube.engine.ext.wmp.BPELAssignWMP.__executeStatements(BPELAssignWMP.java:215)
at com.collaxa.cube.engine.ext.wmp.BPELActivityWMP.perform(BPELActivityWMP.java:199)
at com.collaxa.cube.engine.CubeEngine.performActivity(CubeEngine.java:3698)
at com.collaxa.cube.engine.CubeEngine.handleWorkItem(CubeEngine.java:1655)
at com.collaxa.cube.engine.dispatch.message.instance.PerformMessageHandler.handleLocal(PerformMessageHandler.java:75)
at com.collaxa.cube.engine.dispatch.DispatchHelper.handleLocalMessage(DispatchHelper.java:217)
at com.collaxa.cube.engine.dispatch.DispatchHelper.sendMemory(DispatchHelper.java:314)
at com.collaxa.cube.engine.CubeEngine.endRequest(CubeEngine.java:5765)
at com.collaxa.cube.engine.CubeEngine.callbackPerformer(CubeEngine.java:1885)
at com.collaxa.cube.engine.delivery.DeliveryHelper.callbackPerformer(DeliveryHelper.java:845)
at com.collaxa.cube.engine.delivery.DeliveryService.handleCallback(DeliveryService.java:794)
at com.collaxa.cube.engine.ejb.impl.CubeDeliveryBean.handleCallback(CubeDeliveryBean.java:378)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
The confusing part is when I use xml fragment instead of the variable ep_var, it works fine ...
But I cannot use the same as the callback can be made to any url(which is decided on runtime)
Can someone pls help me with this ?
saptarishiHi,
I have done following for dynamic call back and it works..
<copy>
<from>
<_EndpointReference xmlns="http://schemas.xmlsoap.org/ws/2003/03/addressing">
<Address/>
</EndpointReference>
</from>
<to variable="EndpointUrl"/>
</copy>
<copy>
In the above assignment from part is an xml fragment assigned to Endpoint Url
<copy>
<from expression="'http://172.31.171.123:8888/PubSubWLPOC-CallbackSvc2-context-root/EIPWFServiceCallbackPort'"/>
<to variable="ep_var" query="/ns3:EndpointReference/ns3:Address"/>
</copy>
</copy>
<copy>
<from variable="EndpointUrl"/>
<to partnerLink="SFDC_plt"/>
</copy> -
Encore CS6 Dynamic Link from Pr CS6 Problem/Issue
I switched from Production Premium CS5 to CS6. I first deactivated and uninstalled my CS5 then installed CS6 on my Windows 7 machine.
The problem:
When I edit together a video in Premiere CS6 and have finished, I use Dynamic Link from within Encore CS6 to bring in that timeline. After that, I use AME to transcode that Dynamic Link asset to the DVD MPEG standard, Encore CS6 keeps poping up a notification window that says: "The transcoded DynamicLink asset _______ has changed on the server. Would you like to reimport it? Yes/No" It prompts me each time I enter Encore and any time I move from another open program back to Encore.
And I have to click No for each timeline that I have used Dynamic Link for (which is usually 5 or so).
Any ideas or help? This is incredibly annoying.
Thank you.
JaredAs an update. I am using the newest version of PluralEyes (v 2.0.5 7358) to sync the audio of the multiple camera event films I have shot. I have since created a new project in Premiere and only manually lined up clips and then Dynamically Linked that to a new Encore project and so far Encore has not promtpted me with the error/message: "The transcoded DynamicLink asset _______ has changed on the server. Would you like to reimport it? Yes/No"
Any ideas? This is very frustrating. Thank you! -
HT3702 purchased Hotspot VPN from apple store but didnot download
Dear Support, I purchased Hotspot VPN from apple store and they debet my account but never download it into my phone. please contact for info that you need, my email address: [email protected]
ThanksOr return it and download one if the free version of Office available on the web such as OpenOffice.
Allan
Maybe you are looking for
-
What is happening with PSE 10? Cannot "log In" to download premium features
Do I have to upgrade to PSE 11 to have support and access to the premium files?
-
Make button invisble when movie starts to play
I have a FLV file in a FLVplayback component. Once it has played and reaches the end I have a button become visible. But my delimma is if I want to watch the movie again and click play, the button remains. How can I make it go back to being invisible
-
ITunes plays songs at intermittant speed
When I play a song, it slows down every quarter to half second in a very regular manner. It seems like my Mac is overworked and can't keep up, but I haven't had other performance issues - that I noticed. The only thing I can think of is to uninstall
-
I have already searched for and could not find the basic steps of Creating a Virtual KeyFigure, Can someone provide these? Thanks
-
After installing Lion I tried to run Adobe Photoshop but A message informed me I must "...install Java runtime, but you are not connected to the internet." I am connected to the internet and after running a network diagnostic I was told that there do