ASA5540 in multiple-context SNMP/icmp doesn´t work

Similar Messages

• Multiple conditions in Query doesn't work

  Hi all,
  I've made a query pointing on a Multiprovider wich 's made of two main dimension ( multiple infoproviders ) :
  contract and pricing and on the other hand  Sales and Revenues.
  In my Query, one condition's concerned by a contract & pricing key figures ( Number of pricing condition > 0 ), and another one is about a Minimum Turnover Sales & Revenues key Figures restriction( by a prompt ).
  This doesn't match, Some rows are missing, and while a condition is active , the other one can't be..
  If any one meet this kind of problem before ?
  Thanks and sorry for my bad english..

  Hi,
  I already try to create another key figure wich made like this :
  Number of condition * Turnover
  and made a condition on this result.
  But the main problem is  if the contract doesn't have Turnover, it will not shown the rows with condition ..( the condition is on the single value 'number of document ) and if I put anotehr condition with number of condition > 0, it still doesn't work..
  thanks for help.

• Multiple rows in infopackage doesn't work

  Hi all,
  I have an infopackage and on the selection screen I want to enter 3 ranges for material:
  for example:
  from 1 -> 3000
  from 3002 -> 4000
  from 4002 -> 9999
  when I execute the infopackage, only the materials from the first range are loaded.
  when i delete my first interval, the materials from 3002 -> 4000 are loaded...
  why doesn't it work?
  Ciao
  Joke

  Hi,
  This may the issue with your datasource.
  you may get this issue if the datasource is generic and the selection definition is not proper.
  Ramesh

• Page naviagation doesn't work after deploy ADF application to Weblogic

  After deploy my ADF application (ear) to Weblogic Server, the page navigation doesn't work. When running the ear on weblogic, I got following warnings:
  <2010-11-5 下午05时06分01秒 CST> <Warning> <J2EE> <BEA-160195> <The application version lifecycle event listener oracle.security.jps.wls.listeners.JpsAppVersionLifecycleListener is ignored because the application HwtOrder is not versioned.>
  <2010-11-5 下午05时06分38秒 CST> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=AppApplicationOverviewPage&AppApplicationOverviewPortlethandle=com.bea.console.handles.AppDeploymentHandle%28%22com.bea%3AName%3DHwtOrder%2CType%3DAppDeployment%22%29.>
  <2010-11-5 下午05时07分33秒 CST> <Warning> <netuix> <BEA-423420> <Redirect is executed in begin or refresh action. Redirect url is /console/console.portal?_nfpb=true&_pageLabel=DiagnosticsViewDomainLogTablePage&DiagnosticsViewDomainLogTablePortlethandle=com.bea.console.handles.LogDispatchHandle%28%22DefaultServer%3BDomainLog%22%29.>
  I can run the application correctly in jdeveloper 11g environment. I think there is something wrong with deployment. Can anyone help me?

  When you target url with .jspx, you are running the page itself, not in the task flow context, so navigation doesn't work.
  In the task flow, your page has 'Activity ID' (which is, for example, 'mainPage' for mainPage.jspx) and the navigation is defined for activity IDs, not pages.
  Pedja

• Botnet Filter with multiple Context Mode

  We used the Botnet Filter in Single Context Mode for a long Time. Now we converted to multiple Context Mode and the Database is no longer updated. In the system Context I can See the update settings but when I try to update the result is always "no DNS server". Since the system context has no interfaces there are no DNS settings etc.
  How should be the Botnet Filter configured in Multiple Context Mode?
  Thanks for any response in advance.

  sh run | grep dns
  dns domain-lookup T-COM
  dns domain-lookup COLT
  dns server-group DefaultDNS
  policy-map type inspect dns preset_dns_map
  inspect dns preset_dns_map
  ping update-manifests.ironport.com
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 204.15.82.17, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 160/162/170 ms
  ping updates.ironport.com
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 80.239.221.64, timeout is 2 seconds:
  ASA Version 8.4(2)
  hostname DE-VM-TER-FW-02
  enable password 8Ry2Yj8765U24 encrypted
  passwd 2KFQnb6IdI.2KY75 encrypted
  names
  interface GigabitEthernet0/0.3207
  nameif TR_v207
  security-level 50
  ip address 10.28.6.60 255.255.255.248
  interface GigabitEthernet0/0.3208
  nameif TR_v208
  security-level 70
  ip address 10.28.6.68 255.255.255.248
  interface GigabitEthernet0/0.3209
  nameif TR_v209
  security-level 80
  ip address 10.28.6.76 255.255.255.248
  interface GigabitEthernet0/0.3210
  nameif TR_v210
  security-level 90
  ip address 10.28.6.84 255.255.255.248
  interface GigabitEthernet0/1
  nameif COLT
  security-level 0
  ip address 217.111.58.46 255.255.255.240
  interface GigabitEthernet0/3
  nameif T-COM
  security-level 0
  ip address 194.25.250.94 255.255.255.240
  dns domain-lookup T-COM
  dns domain-lookup COLT
  dns server-group DefaultDNS
  name-server 8.8.8.8
  object network COLT_dynamic_NAT
  subnet 0.0.0.0 0.0.0.0
  object network T-COM_dynamiy_NAT
  subnet 0.0.0.0 0.0.0.0
  object-group network DM_INLINE_NETWORK_1
  network-object 10.0.0.0 255.0.0.0
  network-object 172.16.0.0 255.240.0.0
  network-object 192.168.0.0 255.255.0.0
  access-list COLT_access_in extended deny ip any any
  access-list T-COM_access_in extended permit tcp any object DEUAG01-actsync eq https
  access-list T-COM_access_in extended permit tcp any object DEUAG01-portal eq https
  access-list T-COM_access_in extended deny ip any any
  access-list TR_3208_access_in extended deny ip any object-group DM_INLINE_NETWORK_1
  access-list TR_3208_access_in extended permit ip any any
  access-list TR_3208_access_in extended permit icmp any any
  access-list TR_v207_access_in extended deny ip any any
  access-list TR_v210_access_in extended deny ip any any
  access-list TR_v209_access_in extended deny ip any any
  pager lines 24
  logging enable
  logging asdm informational
  mtu TR_v208 1500
  mtu T-COM 1500
  mtu COLT 1500
  mtu TR_v207 1500
  mtu TR_v210 1500
  mtu TR_v209 1500
  ip verify reverse-path interface T-COM
  ip verify reverse-path interface COLT
  ipv6 access-list TR_v207_access_ipv6_in deny ip any any
  ipv6 access-list TR_v208_access_ipv6_in deny ip any any
  ipv6 access-list TR_v209_access_ipv6_in deny ip any any
  ipv6 access-list TR_v210_access_ipv6_in deny ip any any
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  object network COLT_dynamic_NAT
  nat (any,COLT) dynamic interface
  object network T-COM_dynamiy_NAT
  nat (any,T-COM) dynamic interface
  access-group TR_3208_access_in in interface TR_v208
  access-group TR_v208_access_ipv6_in in interface TR_v208
  access-group T-COM_access_in in interface T-COM
  access-group COLT_access_in in interface COLT
  access-group TR_v207_access_in in interface TR_v207
  access-group TR_v207_access_ipv6_in in interface TR_v207
  access-group TR_v210_access_in in interface TR_v210
  access-group TR_v210_access_ipv6_in in interface TR_v210
  access-group TR_v209_access_in in interface TR_v209
  access-group TR_v209_access_ipv6_in in interface TR_v209
  route T-COM 0.0.0.0 0.0.0.0 194.25.250.81 1
  route COLT 0.0.0.0 0.0.0.0 217.111.58.33 20
  route TR_v208 10.28.24.0 255.255.255.0 10.28.6.65 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  user-identity default-domain LOCAL
  no snmp-server location
  no snmp-server contact
  telnet timeout 5
  ssh timeout 5
  no threat-detection statistics tcp-intercept
  dynamic-filter use-database
  dynamic-filter enable interface T-COM
  dynamic-filter enable interface COLT
  dynamic-filter drop blacklist interface T-COM
  dynamic-filter drop blacklist interface COLT
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
  message-length maximum client auto
  message-length maximum 512
  policy-map global_policy
  class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect dns preset_dns_map dynamic-filter-snoop
  service-policy global_policy global
  Cryptochecksum:7bbe975fb39e189e99d8878787a0037
  : end
  System Context
  dynamic-filter updater-client enable
  ​ Can't resolve update-manifests.ironport.com, make sure dns nameserver is configured

• I checked the box that says "warn me when closing multiple tabs" but it doesn't warn me at all

  I checked the box under Option > Tabs that says "Warn me when closing multiple tabs" but whenever I would accidentally close firefox with multiple tabs open, it doesn't warn me at all! It would just close everything. I have tried to check and uncheck it a lot of times but it still not working.

  You can reset the warn prefs on the about:config page via the right-click context menu.
  browser.tabs.warnOnClose , see http://kb.mozillazine.org/About%3Aconfig_entries
  browser.warnOnQuit , see http://kb.mozillazine.org/browser.warnOnQuit
  browser.warnOnRestart , see http://kb.mozillazine.org/browser.warnOnRestart
  In Firefox 3 you do not get the 'Save & Quit' pop-up dialog if you choose Tools > Options > General > Startup: "When Firefox Starts": "Show my windows and tabs from last time".<br />
  If that option is selected then your pages will already be reopened the next time.<br />
  To get that pop-up dialog you have to select one of the other choices (Show my home page, Show a blank page).

• Print to pdf often doesn't work with multiple pages?

  When I try to print to pdf, it often doesn't work right.
  I can select, for example, multiple Excel worksheets to print. It looks fine with 4 pages in Preview, but when I select save as .pdf, it only prints 2 of the 4 pages, and it prints those in 2 separate documents rather than a single .pdf document with multiple pages.
  Is there a way to do this? Is this an Apple error or Microsoft error? Since it looks fine in Preview, my guess it is an Apple error?
  Mark

  It sounds like this is the problem with the way Apple handles multiple orientations in a pdf document. You can use Acrobat to print the files - it handles multiple orientations correctly. There was a previous thread on this:
  http://discussions.apple.com/message.jspa?messageID=1983431#1983431

• The privacy option doesn't work in 5.0: There's no notification given when multiple tabs are closed.

  The privacy option in 5.0 doesn't work.
  When exiting Firefox with multiple tabs open, no notification is given...
  How can I go back to Firefox 4?
  I had the google toolbar when I had firefox 4... I upgraded to 5.0 and it still works... My friend tried to load it and it doesn't work.

  ''The privacy option in 5.0 doesn't work.''
  Do you mean that Privacy options can't be accessed in the Options dialog, or Private Browsing doesn't work??
  Could you test with a new profile to see whether the update might have caused a settings problem, or you have an incompatible add-on?
  First, I recommend backing up your Firefox settings in case something goes wrong. See [https://support.mozilla.com/en-US/kb/Backing+up+your+information Backing up your information]. (You can copy your entire Firefox profile folder somewhere outside of the Mozilla folder.)
  Next, close Firefox and fire up the Profile Manager to create a new profile: [https://support.mozilla.com/kb/Managing+profiles Managing profiles].
  If that work, you can migrate your bookmarks, saved passwords, and other key settings to the new profile, see: [https://support.mozilla.com/en-US/kb/Recovering+important+data+from+an+old+profile Recovering important data from an old profile].
  Hope this helps.

• My 80gb doesn't boot up this morning. apple logo keeps coming up for a few seconds then you hear it "wind down" and got blank. Tried reseting multiple time - doesn't work. Ideas?

  my 80gb IPod doesn't boot up this morning. Worked great last nite. The apple logo keeps coming up for a few seconds then you hear it "wind down" and got blank. Tried reseting multiple time - doesn't work. Ideas?

  my 80gb IPod doesn't boot up this morning. Worked great last nite. The apple logo keeps coming up for a few seconds then you hear it "wind down" and got blank. Tried reseting multiple time - doesn't work. Ideas?

• HT5622 The Game Center used to work with my Apple ID before I updated to iOS 7.4, I used to play multiple player with EA Real Racing 3 game but it doesn't work at all and every time I tried to go to the Game Center it's just blank, even to the settings no

  The Game Center used to work with my Apple ID before I updated to iOS 7.4, I used to play multiple player with EA Real Racing 3 game but it doesn't work at all and every time I tried to go to the Game Center it's just blank, even to the settings nothing!

  Try:
  - Reset the iOS device. Nothing will be lost
  Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
  least ten seconds, until the Apple logo appears.
  - Go to Settings>Game Center and sign out and sign back in
  - Reset all settings      
  Go to Settings > General > Reset and tap Reset All Settings.
  All your preferences and settings are reset. Information (such as contacts and calendars) and media (such as songs and videos) aren’t affected.
  - Restore from backup. See:                                                
  iOS: How to back up                                                                                     
  - Restore to factory settings/new iOS device.             

• Remote Access VPN Support in Multiple Context Mode (9.1(2))?

  Hi Guys,
  I am currently running two Cisco ASA5520 (ASA Version: 9.1(2)) firewalls in Active/Standby failover and was contemplating the option of migrating my remote access VPN to these firewalls. However seeing that the new IOS now support mixed multiple context mode and dynamic routing. Is it safe to ask whether or not Remote Access VPN is now support in this IOS upgrade?
  Multiple Context Mode New Features:
  Site-to-Site VPN in multiple context mode | Site-to-site VPN tunnels are now supported in multiple context mode.
  New resource type for site-to-site VPN tunnels | New resource types, vpn other and vpn burst other, were created to set the maximum number of site-to-site VPN tunnels in each context.
  Dynamic routing in Security Contexts | EIGRP and OSPFv2 dynamic routing protocols are now supported in multiple context mode. OSPFv3, RIP, and multicast routing are not supported.
  New resource type for routing table entries | A new resource class, routes, was created to set the maximum number of routing table entries in each context. We modified the following commands: limit-resource, show resource types, show resource usage, show resource allocation. We modified the following screen: Configuration > Context Management > Resource Class > Add Resource Class.
  Mixed firewall mode support in multiple context mode | You can set the firewall mode independently for each security context in multiple context mode, so some can run in transparent mode while others run in routed mode. We modified the following command: firewall transparent. You cannot set the firewall mode in ASDM; you must use the command-line interface. Also available in Version 8.5(1).
  Regards,
  Leon

  Hey Leon,
  According to the ASA 9.1 Configuration Guide, Remote Access VPN is not yet supported with version 9.1(2). Only Site-to-Site VPN support in multiple context was introduced with release ASA 9.0(x). This was mentioned in the 9.0(x) release notes.
  Regards,
  Dennis

• Problem using multiple contexts in same thread

  Hello,
  I am having problem using multiple contexts in the same thread. Here is the scenario:
  front-end is calling a ejb1 with a user1 and password. Ejb1 is then calling ejb2
  using user2 and password. I am getting security exception when calling ejb2 with
  the message user1 is not authorized. Looking at the documentation, context 2 should
  be pushed on stack on top of context 1 and context 2 should then be used until
  context.close() is called. It looks like this is not the case in this scenario?
  Regards,
  Jeba Bhaskaran

  I have the GTX670. So pretty much the same.
  When I go to  Edit>Preferences>Playback I see:
  When I select the monitor I am not currently using for Premiere Pro, the Program Monitor shows up full size at 1920X1080 in that monitor.
  While that may not help you, at least you know a similar card can do the job and you know that it should work.. What happens if you drop down to two monitors? Will it work then?
  Also, have you performed the hack that allows Premiere Pro to use the card since that card is not in the file? I have no idea if that is relevant at all, by the way. It is just an attempt at getting our systems to work the same way.

• Explain about transparent mode, single mode, multiple context mode

  You can explain about the differents of transparent mode, single mode, multiple context mode in ASA 5500? Thank you very much.

  Great question. Hope the below helps:
  Transparent Mode: In this mode, the ASA will filter traffic without requiring L3 on the ASA. This means that in your config you will not put IPs on the interfaces to be used for traffic filtering. Thus, filtering is transparent to the traffic as the traffic isn't directly routed to the firewall. Think of it like you have a server plugged into a switch. In transparent mode, you place the ASA between the server and the switch and no configuration change is required to the server. In routed mode, you place the ASA in the same physical location between the server and switch, but have to change the server to use the ASA as a default gateway.
  Single Mode: Default mode of an ASA. The ASA acts as a single firewall and all interfaces are provisioned to be managed through a single firewall configuration.
  Multiple Context Mode: The ASA is split into multiple virtual configurations. With the ASA now virtualized, you provision the physical interfaces on the ASA to the virtual firewall configured. Each context has it's own configuration seperate from the rest of the firewall. Multi-context is meant for enterprises to invest in a single piece of hardware and scale it for use as multiple security devices.
  Hope this helps. Let me know if you have anymore questions!
  -Mike
  http://cs-mars.blogspot.com

• Support IPSec VPN Client in ASA Multiple Context Mode

  I've looked at under "Cisco ASA Series CLI Configuration Guide, 9.0" on "Configuring Multiple Context Mode", it says
  "IPsec sessions—5 sessions. (The maximum per context.) ".  Does it mean in ASA Multiple Contest Mode support IPSec VPN Client? I just want to confirm it because I can't seem find any doc that clearly spell it out.  I'll appreciate anyone who can clarify it.
  Thank Jason.
  ( Please direct me to the right group if I'm not for the first time I post it in the Cisco support forum)

  This is from the v9.3 config-guide:
  Unsupported Features
  Multiple context mode does not support the following features:
  Remote access VPN. (Site-to-site VPN is supported.)

• SSLVPN/webvpn in multiple context mode?

  We already know that ASA 9.0 supports site-to-site VPN in multiple context mode. But remote access VPN isn't supported. Obviously, SSL-VPN is a very important feature for most multi-tenant deployment scenarios where each context acts as a border firewall towards the Internet for each tenant. The alternative to terminate all tenant remote-access VPNs in one context means that each tenant would have to be routable from the ASA, which of course isn't a reasonable requirement in most cases.
  So, what I'd like to do is to deploy an ASA cluster, and provide remote access VPNs for each tenant, where the connectivity for each remote access group can be addressed with whatever IP address space, and that goes into it's own VRF in the back-end.
  As far as I can tell, this isn't doable with the ASA, since multiple context mode prohibits the use of remote access VPN, and I can't think of any other work-around than either having individual firewalls running in single context mode for each tenant, or demand that all tenants are interoperable routing-wise and configure a separate ip address pool in a single context mode for each tenant.
  Essentially, there's no good way to implement this with multiple virtual firewalls, using cisco firewalls? Or am I missing something?

  If you set up a pair of single-context ASAs for VPN termination, configure a group policy per customer and use the 'Restrict access to VLAN' feature, you could separate customers' traffic and still just use one FW pair for all customers. This pair would connect to the same switch infrastructure as your multi-context edge firewall and thus allow a consolidated solution.
  Sent from Cisco Technical Support iPad App