Cisco Socialminer 9 feed state issue
i have SocialMiner 9.0.1.10000-10 installed on ESXI 5 and have the following issue
1-all feeds states have the following issue as shown in the picture "there was a network timeout"
Can any one help me ?
2- is Social miner supports different languages for search inside the social networks pages?
Hi Mohamed,
Did find any solution for the above issue. I am facing a similar issue. Help me in fixing this issue. I have configured RSS feed , Campaigns but i am not getting any Contacts listed in socila miner.
Similar Messages
-
How to monitor SQL statements issued by SIEBEL ?
Hi,
We have developed BI Siebel 10.1.3.3. application.
One of the requirement is to persist/store in the database real SQL statement issued by BI Dashboards/Answers.
The best solution would be having acces on-line to cursor cache.
Could someone please tell me how to achive this ?
Regards,
CezarySounds like you're looking for Usage Tracking.
OBIEE Server Administration Guide – Pages: 220
OBIEE Installation and Configuration Guide – Pages: 229
And this post here;
http://oraclebizint.wordpress.com/2007/08/14/usage-tracking-in-obi-ee/
A. -
Trace SQL statement issued by BC4J
Is there a way to see at runtime (in the console window or in a log file) the SQL statements issued by the BC4Js to the database?
Perhaps there is a switch or a -D option to set to the OC4J startup command. This would be really helpfull during development.
Thanks,
Marco.Yes, you are right. that will be done by specify a Java virtual parameters - -Djbo.debugoutput=console.
-
Stop auditing select statements issued against SYS objects
Hi,
My current client has a requirement to track destructive updates (i.e. insert, update, delete) issued by users who can connect directly to the database. At the moment though, SELECT statements issued against SYS-owned objects are also being captured to the Oracle audit trail. For the time being at least these need to be disabled.
I've issued NOAUDIT SELECT TABLE/SEQUENCE and NOAUDIT SELECT ANY TABLE/SEQUENCE commands, as has a user with the SYSDBA privilege, and they're still being logged. Is there any way to switch these off? I don't know if it's significant (I'm not a DBA by trade) but the audit_sys_operations parameter is set to True.
My client is currently running Oracle Database 10.2.0.5.0 standard edition.
If anyone has any suggestions I'd be grateful.
Thanks in advance,
SteveHi,
Thanks for the input so far ...
@Eduardo and KarK ...
show parameter audit
audit_file_dest string D:\ORACLE\PRODUCT\10.2.0\ADMIN\USSUPM2\ADUMP
audit_sys_operations boolean TRUE
audit_trail string DB, EXTENDED
If we set audit_sys_operations to FALSE, won't that stop auditing of all actions carried out by, for example, someone who connects as SYSDBA? That is something that's still needed to be captured. Unfortunately they go to the WIndows Event Log but at least they're captured somewhere.
@Hemant
This auditing was in place before my client took me on, so I can't say what was used to initiate it unfortunately. What I can say though is that they absolutely don't want to turn off auditing by SYS- type users, just SELECT against SYS-owned objects.
Thinking simplistically, could I just write a script which trawls dba_objects for sys-owned tables, views and sequences and explicitly issues a noaudit select against what's found, and get one of the sysdba-type people we have access to to run it?
Thanks in advance (again)
Steve -
Cisco Movi 4.2 Presence issues.
Hi Experts,
I did a search and saw that similar question was asked various times. However, it did not applied in my scenario. I am having a Cisco Telepresence VCS Expressway starter pack running on X6.1 firmware.
I was login to my Movi account and saw "User 1" is online under my favourite list. When I tried connecting to "User 1", I got the error "Call failed - The user could not be found. The user is offline or does not exist" (User 1 was never online).
I logout my Movi accounrt and login again. This time round, "User 1" is offline.
The other time was "User 2" saw "User 3" was in Busy status but "User 3" was never online. User 2's PC was rebooted and re-login into Movi and saw User 3 offline.
Anything that I should do to overcome this?
ThanksHi,
Is there any reason why use "Treat as Authenticated" instead of "Check
Credentials"?, We notice that when set to "Treat As Authenticated", user
can login with any password? Our default zone is set to "Check
credentials". Please advise, thanks.
Best regards
Yeoh Wee Nam, CTS-D
aljaiswa
05-04-12 11:37 AM
Please respond to
"[email protected]"
To
Tandberg SUPPORT/NETe2Asia@NETe2Asia
cc
Subject
- Re: Cisco Movi 4.2 Presence issues.
Home
Re: Cisco Movi 4.2 Presence issues.
created by Alok Jaiswal in TelePresence - View the full discussion
Hi Wee,
I addition to what Magnus has pointed out i would like you to check the
bug "CSCtt34812".
The condition you were saying could be related to bug mentioned where the
MOVI after deregistering doesn't publish its OFFLINE status and shows
online. I can't say much but it would be more clear with logs.
workaround: Change the Default Zone's authentication policy from "Do Not
Check Credentials" to "Treat As Authenticated"
for more details refer to Cisco BUG tool kit and check the release notes
for Cisco Jabber 4.3
http://www.cisco.com/en/US/docs/telepresence/endpoint/movi/release_note/Jabber_Video_Release_Notes_4-3.pdf
The bug would be fixed in combination of x7.x and jabber 4.3
Thanks
Alok
Reply to this message by going to Home
Start a new discussion in TelePresence at Home -
Finding Delete statement issued in particular object
Dear All,
Please let me know how to find what are all the delete statement issued against a object in oracle. some one is deleted some data from one table i want to find when the delete statement fired in my schema.
With Regards
Rameshyou have audit turn on right? there should be a report for DML in audit vault.
-
Cisco SocialMiner Facebook 8.5 - authorization problem
Hello,
I installed the socialminer software sucessfuly and i created a fan page on facebook , configured the feed on the CCP and the status of the feed is green.
My problem is that when i try to reply to a post from the home page of the CCP , it gave me this error :
There was an error determining the Facebook like status
Invalid/expired Facebook Auth token: Need to reauthorize
And the feed become un available and i have to repost authorization everytime , and even if i make the reauthorization post , it still doesn't post.
What is supposed to be the problem?Hi,
You need to upgrade to the latest 8.5.4 release, which is 8.5.4.10000-7, or to version 8.5.5 (this have being released today), all this because Facebook changed the API.
From the socialminer wiki:
Bugid: CSCtv23315
Patch version: 8.5.4.10000-7
Valid upgrade paths to this patch:
• from FCS version (8.5.1)
• from release 8.5.3
• from release 8.5.4
The issue:
When a user chooses to reply to a SocialContact, the Facebook reply template is loaded but displays the error: "Invalid access token" and the user is unable to post a reply. Furthermore, the Feed is marked as in a bad state (because of an invalid access token) and needs re-authorization.
When a Facebook reply template is loaded, it checks to see the current Like status of the post. It is during the determination of the Like status that the SocialMiner encounters an issue. The Facebook Graph API needs a UserId to retrieve the Like status of a Post. Previously, the UserId was encoded in the Facebook access token, so SocialMiner was able to directly parse it from the token. Since Facebook moved to OAuth 2.0, the structure of the access token has changed and, as a result, SocialMiner is no longer able to parse the UserId from the access token and the Like status determination fails.
The solution:
This patch changes the way SocialMiner extracts the UserId (it now makes a Facebook API call to get the UserId) to resolve this issue.
Gabriel, rate if this helps -
Sentinel 6.1 will not parse my feed from Ciscoworks. All network syslog
data is collected by ciscoworks and stored in a file syslog.log. This
file can be pulled by the collector manager as a file source or pushed
via Snare to the collector mgr.. the data cannot be parsed using either
method using standard Cisco Collector (Cisco IOS Router xx Cisco Switch
and Router 6.1r2).
Is there a working collector or do I have to build one?
eisensee
eisensee's Profile: http://forums.novell.com/member.php?userid=98444
View this thread: http://forums.novell.com/showthread.php?t=425629OK, hmm...
1) At issue is more likely the Collector version, not so much the
platform version. The old Collectors made an attempt at correcting some
weird syslog formats, but the feature ended up being too confusing and
error prone for us to support. The new Collectors only support proper
RFC-compliant syslog, for a number of reasons which we can get into if
you like.
2) I may be wrong, but I believe a customer told me that latter-day
versions of CiscoWorks introduced a syslog forwarding option. I poked
around on Cisco for a bit, but there are hundreds of specific products
with the 'CiscoWorks' label so I don't know what applies.
3) OK, so here's the deal. RFC-compliant syslog message are constructed
as:
MMM DD HH:MM:SS hostid message
The original message from your switch should look something like:
Nov 11 15:30:17 172.253.248.33
\/\/426174\/801DF193ED75\/CCAPI\/cc_api_call_connected:
It actually looks like (guessing a bit, here:
Nov 11 15:30:17 172.253.248.33 2182635: 418971: Nov 11 15:30:14.739:
\/\/426174\/801DF193ED75\/CCAPI\/cc_api_call_connected:
Which indicates that a couple numbers and another timestamp are being
injected into the "message" portion. May or may not be an issue, if the
Collector handles it that way - review the Collector doc for proper
configuration details.
But then your Epilog gets a hold of the message, and inserts *another*
header:
Nov 11 15:30:54 10.101.251.4 sm-ciscowks.smad2.savemart.com\t\t0\tNov
11 15:30:17 172.253.248.33 2182635: 418971: Nov 11 15:30:14.739:
\/\/426174\/801DF193ED75\/CCAPI\/cc_api_call_connected:
This violates RFC3164 in a number of ways, namely:
- it's not supposed to modify the original message IN ANY WAY if it's
already a proper syslog message (of course, Epilog may assume it's NOT a
syslog message, since it's in a file)
- It's using a fully-qualified hostname in its header, which is NOT
VALID
- There are tab characters after the header, which aren't proper syslog
characters
If I couldn't configure Epilog to not be stupid, what I would do is
create a little 'custom.js' script, and define my customerPreparse()
method to strip off the entire ugly Epilog header, something like:
Record.prototype.customPreparse = function() {
this.s_RXBufferString =
this.s_RXBufferString.substr(this.s_RXBufferString .lastIndexOf("\t"));
(You may need to do the same thing to rec.s_Body as well, and note that
I haven't tested this code at all!).
Then just follow the normal process to inject custom.js into your
Collectors, set the Execution Mode to 'custom', and you'll be up and
running.
NOTE: the major thing that Epilog is breaking here, however, is not the
Collector - the Syslog Connector also does some minimal parsing of the
input and will automatically create Event Source nodes based on the
syslog header. The syslog header is supposed to list the hostid of the
ORIGINAL event source as it's second element (after the timestamp), and
by injecting the ciscoworks device hostid, Epilog breaks that (in our
parlance, that's the Reporter, not the Observer).
If you look directly at the file on the CiscoWorks device, what does it
look like? Everything after the \t\t0\t in the sample you sent?
You might ditch Epilog entirely and use something like tail -F or
'netcat' instead, which won't add silly stuff to the messages.
DCorlette
DCorlette's Profile: http://forums.novell.com/member.php?userid=4437
View this thread: http://forums.novell.com/showthread.php?t=425629 -
Cisco 4500X IOS upgrade through ISSU
Hi,
I am having 2 number of cisco 4500x switch and configured with VSS
so one switch is active and another switch is standby.
I am panning to upgrade IOS through ISSU
i read in document that it required auto boot enable in switch.
My switch current Configuration register = 0x2101
do i need to change config register or this will ok. If need to change then what will be auto boot and after IOS upgrade do i need to change it again.
Please help....Hello Tarun,
Please find below the steps to perform the ISSU:
ISSU Prerequisites
Before one can perform an ISSU, there are a few prerequisites one must verify for a successful ISSU. The following list explains what is initially required.
• Must be using a redundant Cisco Catalyst 4500 switch with symmetric hardware (that is, supervisors, memory, rommon, NFL daughter card, and so on).
• Both new and old Cisco IOS Software images must be preloaded to the file system on both supervisors.
• SSO must be configured and working properly.
• Config register must be configured to autoboot (that is, the value should have a "2" in the lowest byte).
45010R-203# sh bootvar | i register
Configuration register is 0x2102
Standby Configuration register is 0x2102
Several commands are available to verify if SSO is enabled:
4510R-203# sh module | b Redundancy
Mod Redundancy role Operating mode Redundancy status
----+-------------------+-------------------+-------------------
1 Standby Supervisor SSO Standby hot
2 Active Supervisor SSO Active
45010R-203# sh redundancy states
my state = 13 -ACTIVE
peer state = 8 -STANDBY HOT
Mode = Duplex
Unit = Secondary
Unit ID = 2
Redundancy Mode (Operational) = Stateful Switchover
Redundancy Mode (Configured) = Stateful Switchover
Redundancy State = Stateful Switchover
<snip>
4507R-ISSU# sh run | b redundancy
redundancy
mode sso
As a step prior to the beginning of the ISSU process, the new version of the Cisco IOS Software image needs to be loaded into both the active and standby supervisors' file systems. Both active and standby supervisor need to contain both the new and old images in the file system. In order to store both new and old images, the supervisors should be upgraded to contain sufficient amounts of flash memory prior to the ISSU process.
The new images can be downloaded into both supervisors using commands such as:
copy tftp: bootflash:
copy tftp: slavebootflash:
The example below illustrates this verification:
4510R-203#dir
Directory of bootflash:/
1 -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
2 -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1
4510R-203#dir slavebootflash:
Directory of slavebootflash:/
1 -rwx 13636500 Sep 6 2006 03:18:58 -08:00 cat4500-entservices-mz.122-31.SGA
2 -rwx 13747611 Sep 9 2006 03:19:58 -08:00 cat4500-entservices-mz.122-31.SGA1
Once this check is verified, one can now proceed with the ISSU process.
The ISSU process is started by typing the "issu loadversion" command on the active supervisor. This command directs the active supervisor to begin the ISSU process. The active supervisor, through intersupervisor communications, checks that the requested image has been downloaded into both the active and standby supervisors' file systems. If the required images are not present, the command is rejected, and an appropriate warning is generated.
If the "issu loadversion" command is successful, the switch transitions into the "Load Version" ISSU state. The standby supervisor will reset and boot with the new version of the Cisco IOS Software image loaded into the file system.
The following actions take place when the command is implemented:
1. The standby supervisor (B) is reset.
2. The standby supervisor (B) is booted with the new Cisco IOS Software image: Release 12.2(31)SGA1.
3. If both Cisco IOS Software images are declared as compatible, the standby supervisor moves into SSO mode and is fully stateful for all compatible clients and applications. Compatibility allows for in-service software upgrade or downgrade between two versions to succeed with minimal service effect.
4. If both Cisco IOS Software images are incompatible, the system moves into RPR mode, and the ISSU process is terminated with an appropriate message to the user. Images are declared incompatible when "required" clients or applications are not interoperable between two Cisco IOS Software releases.
5. Standby "B" reaches the standby HOT state.
6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
7. The "issu loadversion" command also supports a "forced" option that allows the operator to force the system into entering RPR mode when incompatibility is detected.
Note: When performing an ISSU, disable manual switchovers. Performing manual switchovers during the issu process is strongly discouraged. The current implementation does not prevent it, but it does display a warning to the user.
An example of the CLI for implementing the issu loadversion command is displayed below.
On the active supervisor, one would issue the following command:
4510R-203#issu loadversion 1 bootflash:cat4500-entservices-mz.122-31.SGA1 2 slavebootflash: cat4500-entservices-mz.122-31.SGA1
Syntax - issu loadversion active-slot active-image-new standby-slot standby-image-new
The second step of the ISSU process is to perform the issu runversion CLI.
The user can issue the " issu runversion" command when:
1. The ISSU state is "Load Version"; this can be verified with the "show issu state detail" CLI.
2. The standby supervisor is running the new version of the software.
3. The standby supervisor has moved into the "Standby Hot " state.
The following actions take place when the " issu runversion" command is executed:
1. A switchover occurs; that is, the standby (B) becomes the new active, and the old active (A) is rebooted and comes up as a standby.
2. A timer called "Rollback Timer" is started with a previously configured value.
3. Move both supervisors to "Run Version" state.
4. If the command "issu acceptversion" is not issued before the "Rollback timer" fires, then the entire ISSU process is aborted via the automatic rollback.
5. If the active supervisor console connectivity is established and the "issu acceptversion" command is issued, then the rollback timer is stopped.
6. The user has an option to abort the ISSU process by issuing the "issu abortversion" command.
An example of the CLI for implementing the issu runversion command is displayed below:
On the active supervisor, one would issue the following command:
4510R-203#issu runversion 2 slavebootflash:cat4500-entservices-mz.122-31.SGA1
Syntax - issu runversion standby-slot [standby-image-new]
Prior to issuing the `issu acceptversion' command the system will be counting down the rollback timer. If `issu acceptversion' is not completed before rollback timer expires an automatic abort will occur. This command stops the "Rollback Timer." This command serves as a feedback mechanism. This is an optional command and can be skipped in the ISSU process with the "issu commitversion" CLI.
If this command is not issued within 45 minutes (default) from the time the standby supervisor moves into the "Standby Hot" state, it is assumed that the new active supervisor is not reachable and the entire ISSU process is rolled back to the previous version of the software. The acceptversion is not intended for long-term network operation. It is also important to note that none of the features available on the new version will work yet.
The following actions take place when the command is implemented:
1. The "Rollback Timer" is terminated. This means that the rollback timer is not looked at anymore. Therefore, the system can run in this state for an extended period.
2. The user has an option to abort the ISSU process by issuing the command "issu abortversion."
Aborting the ISSU process now causes the newly active supervisor (B) to fail over to the standby supervisor (A) running the old image and will also cause the rebooting supervisor (B) to load the original image. The issu acceptversion halts the rollback timer and helps ensure the ISSU process is not automatically aborted during the process.
An example of the CLI for implementing the issu acceptversion command is displayed below:
On the "New" active supervisor, one would issue the following command:
4510R-203#issu acceptversion 2
% Rollback timer stopped. Please issue the commitversion command.
Syntax - issu acceptversion active-slot-number
This is the last stage of the ISSU procedure. Once the user is satisfied with the new version of software, this must be committed by issuing the "issu commitversion" command. This command resets the standby supervisor and boots it with a new version of the software (same as the active supervisor). This concludes the ISSU process, and the new version of software is permanently committed on both supervisors. Since this is the conclusion of the ISSU process, the system can not be reverted back to the previous version of the software from this point onward as a part of this upgrade cycle. However, if for any reason users wish to go back to the previous version of the software, they can do so by starting a new upgrade/downgrade process.
The following actions take place if the command is implemented:
1. The standby supervisor (A) is reset and booted with the new version of Cisco IOS Software image.
2. The standby supervisor (A) moves into the "Standby Hot" state in SSO mode and is fully stateful for all clients/applications that are compatible.
3. Both supervisors are moved into "Final State," which is the same as "Initial State."
4. Users can initiate switchovers from this point onward.
An example of the CLI for implementing the issu commitversion command is displayed below:
4510R-203#issu commitversion 1
Syntax - issu commitversion standby-slot-number
ISSU Process: issu abortversion
One can abort the ISSU process at any stage manually (prior to issuing the issu commitversion command) by issuing the exec-level issu abortversion command. The ISSU process also aborts on its own if the software detects a failure.
If a user aborts the process after issuing the issu loadversion command, then the standby supervisor engine is reset and reloaded with the original software.
If the process is aborted after a user enters either the issu runversion or issu acceptversion command, then a second switchover is performed to the new standby supervisor engine that is still running the original software version.
The supervisor engine that had been running the new software is reset and reloaded with the original software version. The command is accepted only in "Load Version" or "Run Version" states. In "Load Version" state, the active supervisor is running an old image and the standby supervisor is running new image.
Syntax - issu abortversion active-slot [active-image-new]
Let me know if you have any questions. -
Cisco 880G+7 3G connection issue
Hi all ,
There is a problem with 3G all time on 880G router . It seem that i doing someting wrong or cisco modem is not working well
On few modems i cant get 3g data connection , and when that same SIM card i put in phone internet works , but on 880G router dont want.
How to get this to work stable ?
boot system flash flash:c880data-universalk9-mz.154-2.T1.bin
chat-script hspa-R7 "" "AT!SCACT=1,1" TIMEOUT 60 "OK"
interface Cellular0
description WAN towards MTS
ip address negotiated
ip mtu 1452
ip virtual-reassembly in
encapsulation slip
load-interval 60
dialer in-band
dialer idle-timeout 2147483
dialer string hspa-R7
dialer-group 1
async mode interactive
dialer-list 1 protocol ip permit
line 3
exec-timeout 0 0
script dialer hspa-R7
login
modem InOut
no exec
transport input all
transport output all
cellular 0 gsm band wcdma-all-bands
cellular 0 gsm profile create 1 gprswap chap mts 064
cellular 0 gsm plmn select auto
#sh cellular 0 network
Current Service Status = Normal, Service Error = None
Current Service = Combined
Packet Service = UMTS/WCDMA (Attached)
Packet Session Status = Inactive <-----
Current Roaming Status = Home
Network Selection Mode = Automatic
Country = SRB, Network = MTS
Mobile Country Code (MCC) = 220
Mobile Network Code (MNC) = 3
Location Area Code (LAC) = 40203
Routing Area Code (RAC) = 1
Cell ID = 35420
Primary Scrambling Code = 236
PLMN Selection = Automatic
Registered PLMN = , Abbreviated =
Service Provider = mt:s
#sh cellular 0 connection
Data Transmitted = 0 bytes, Received = 0 bytes
Profile 1, Packet Session Status = INACTIVE
Inactivity Reason = Service option not subscribed
Profile 2, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 3, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 4, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 5, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 6, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 7, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 8, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 9, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 10, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 11, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 12, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 13, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 14, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 15, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
Profile 16, Packet Session Status = INACTIVE
Inactivity Reason = Normal inactivate state
#sh cellular 0 profile
Profile 1 = INACTIVE* **
PDP Type = IPv4
Access Point Name (APN) = gprswap
Authentication = CHAP
Username: mts
Password: 064
#sh cellular 0 hardware
Modem Firmware Version = T1_0_3_2AP R361 CNSZ
Modem Firmware built = 04/15/11
Hardware Version = 1.0
International Mobile Subscriber Identity (IMSI) =
International Mobile Equipment Identity (IMEI) = 357115041460655
Integrated Circuit Card ID (ICCID) = 89381030000075802506
Mobile Subscriber International Subscriber
IDentity Number (MSISDN) =
Factory Serial Number (FSN) = CC3022411121011
Modem Status = Online
Current Modem Temperature = 28 deg C, State = Normal
PRI SKU ID = 9900198, SKU Rev. = 1.2
#sh cellular 0 radio
Radio power mode = ON
Current Band = WCDMA 2100, Channel Number = 10663
Current RSSI(RSCP) = -91 dBm
Band Selected = WCDMA All(800/850/900/1900/IMT 2000)
Number of nearby cells = 1
Cell 1
Primary Scrambling Code = 0xEC
RSCP = -90 dBm, ECIO = -11 dBm
Other issue that i want ot check , after reload of router it seems like ip sla dont want to start
config is :
ip sla 1
icmp-echo 8.8.8.8
frequency 20
ip sla schedule 1 life forever start-time now
track 1 ip route 8.8.8.8 255.255.255.255 reachability
ip route 8.8.8.8 255.255.255.255 Cellular0
I need this because after router reload , i need some packets to get cellular int up and so on ...
Any idea?
Please i need urent help
KR
VZThx for document , i solved this .
Still i have another issue with dmvpm because nat over 3g .
9 212.200.65.244 172.29.3.1 UP 00:20:37 DN
0 UNKNOWN 172.29.3.5 NHRP never IX
0 UNKNOWN 172.29.3.8 NHRP never IX
0 UNKNOWN 172.29.3.9 NHRP never IX
0 212.200.65.244 172.29.3.13 UP 00:01:10 DN
172.29.3.21 UP 00:27:48 DN
0 UNKNOWN 172.29.3.25 NHRP never IX
0 UNKNOWN 172.29.3.30 NHRP never IX
0 212.200.65.244 172.29.3.34 UP 00:15:10 DN
1 212.200.65.243 172.29.3.26 UP 00:07:28 DN
As you can see few sites use same (nated ) public ip , so some dmvpn tunnels dont works.
Any solution for this ? -
Cisco Jabber for Windows Voicemail issue
At this I'm in processing of implementation Cisco Jabber UC solution for big Company.
I use CUCM 9.1.2, Cisco IM and Presence 9.1.2, CUC 9.1.2, Cisco Jabber for Windows 9.6.1.
I have issue in Cisco Jabber with VoiceMail Integration - when I leave voice message for any user,
than this message is arrived only him Cisco IP Phone, but not in him Cisco Jabber.
From Cisco Jabber Connectivity status in help menu I see that VoiceMail service is successfully connected
and I see VoiceMail button in Cisco Jabber.
How can I resolve this issue?Have you configured the UC Service profile on CUCM with both Voicemail server and mailbox servers?
-
Cisco Jabber for Windows Certificate Issues
Hi,
I have configured a Cisco Jabber with device security mode "Encrypted". Once I use this mode I am getting a error message in Cisco Jabber as:
"The certificate enrollment for secure computer calling has not been activated. Contact your system administrator."
The softphone feature is not working because of this.
Do you have any fix for this issue?
Thanks,
VJHi Jonathan,
I have one more issue with Cisco Jabber using authentication string. The authentication string works fine with the Jabber and softphone functionality is working.
Now the problem is: if the single user has two Jabber clients, one installed on laptop and second on desktop, the authentication string window is presented to the jabber client which logs in first. For example is I login from my laptop the window pops up to enter the authentication string. But now when I open the Jabber on my desktop it doesn't give me option to enter the authentication string and the softphone doesn't work.
Thanks,
Vaijanath -
Cisco ASA 5505 - IPsec Tunnel issue
Issue with IPsec Child SA
Hi,
I have a site to site VPN tunnel setup with a Cisco ASA5505 and a Checkpoint Firewall. The version of software is 9.22. I am using IKEv2 for Phase 1 encryption. The following is my cisco asa configuration:
hostname GARPR-COM1-WF01
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
interface Ethernet0/0
description Failover Link
switchport access vlan 950
interface Ethernet0/1
description Outside FW Link
switchport access vlan 999
interface Ethernet0/2
description Inside FW Link
switchport access vlan 998
interface Ethernet0/3
description Management Link
switchport access vlan 6
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
shutdown
interface Vlan1
no nameif
no security-level
no ip address
interface Vlan6
nameif management
security-level 100
ip address 10.65.1.20 255.255.255.240
interface Vlan950
description LAN Failover Interface
interface Vlan998
nameif inside
security-level 100
ip address 10.65.1.5 255.255.255.252
interface Vlan999
nameif outside
security-level 0
ip address ************* 255.255.255.248
boot system disk0:/asa922-4-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name ***************
object network North_American_LAN
subnet 10.73.0.0 255.255.0.0
description North American LAN
object network Queretaro_LAN
subnet 10.74.0.0 255.255.0.0
description Queretaro_LAN
object network Tor_LAN
subnet 10.75.0.0 255.255.0.0
description Tor LAN
object network Mor_LAN
subnet 10.76.0.0 255.255.0.0
description Mor LAN
object network Tus_LAN
subnet 10.79.128.0 255.255.128.0
description North American LAN
object network Mtl_LAN
subnet 10.88.0.0 255.255.0.0
description Mtl LAN
object network Wic_LAN
subnet 10.90.0.0 255.254.0.0
description Wic LAN
object network Wic_LAN_172
subnet 172.18.0.0 255.255.0.0
description Wic Servers/Legacy Client LAN
object network Mtl_LAN_172
subnet 172.19.0.0 255.255.0.0
description Mtl Servers/Legacy Client LAN
object network Tor_LAN_172
subnet 172.20.0.0 255.255.0.0
description Tor Servers/Legacy Client LAN
object network Bridge_LAN_172
subnet 172.23.0.0 255.255.0.0
description Bridge Servers/Legacy Client LAN
object network Mtl_WLAN
subnet 10.114.0.0 255.255.0.0
description Mtl Wireless LAN
object network Bel_WLAN
subnet 10.115.0.0 255.255.0.0
description Bel Wireless LAN
object network Wic_WLAN
subnet 10.116.0.0 255.255.0.0
description Wic Wireless LAN
object network Mtl_Infrastructure_10
subnet 10.96.0.0 255.255.0.0
description Mtl Infrastructre LAN
object network BA_Small_Site_Blocks
subnet 10.68.0.0 255.255.0.0
description BA Small Sites Blocks
object network Bel_LAN
subnet 10.92.0.0 255.255.0.0
description Bel LAN 10 Network
object network LAN_172
subnet 172.25.0.0 255.255.0.0
description LAN 172 Network
object network Gar_LAN
subnet 10.65.1.0 255.255.255.0
description Gar LAN
object network garpr-com1-wf01.net.aero.bombardier.net
host **************
description Garching Firewall
object-group network BA_Sites
description Internal Networks
network-object object BA_Small_Site_Blocks
network-object object Bel_LAN
network-object object Bel_LAN_172
network-object object Bel_WLAN
network-object object Bridge_LAN_172
network-object object Mtl_Infrastructure_10
network-object object Mtl_LAN
network-object object Mtl_LAN_172
network-object object Mtl_WLAN
network-object object Mor_LAN
network-object object North_American_LAN
network-object object Queretaro_LAN
network-object object Tor_LAN
network-object object Tor_LAN_172
network-object object Tus_LAN
network-object object Wic_LAN
network-object object Wic_LAN_172
network-object object Wic_WLAN
access-list 101 extended permit ip object garpr-com1-wf01.net.aero.bombardier.net object Bel_LAN_172
access-list 101 extended permit ip object Garching_LAN object-group BA_Sites
pager lines 24
logging enable
logging timestamp
logging buffered warnings
logging trap informational
logging asdm informational
logging host outside 172.25.5.102
mtu management 1500
mtu inside 1500
mtu outside 1500
failover
failover lan unit primary
failover lan interface Failover_Link Vlan950
failover polltime interface msec 500 holdtime 5
failover key *****
failover interface ip Failover_Link 192.168.124.1 255.255.255.0 standby 192.168.124.2
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-731-101.bin
asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static Gar_LAN Gar_LAN destination static BA_Sites BA_Sites no-proxy-arp route-lookup
route outside 0.0.0.0 0.0.0.0 ************* 1
route inside 10.65.1.0 255.255.255.255 10.65.1.6 1
route inside 10.65.1.16 255.255.255.240 10.65.1.6 1
route inside 10.65.1.32 255.255.255.240 10.65.1.6 1
route inside 10.65.1.48 255.255.255.240 10.65.1.6 1
route inside 10.65.1.64 255.255.255.240 10.65.1.6 1
route inside 10.65.1.128 255.255.255.128 10.65.1.6 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
http server enable
http 10.65.1.0 255.255.255.0 inside
http 172.25.5.0 255.255.255.0 inside
http 10.65.1.21 255.255.255.255 management
snmp-server host inside 172.25.49.0 community ***** udp-port 161
snmp-server host outside 172.25.49.0 community *****
snmp-server host inside 172.25.5.101 community ***** udp-port 161
snmp-server host outside 172.25.5.101 community *****
snmp-server host inside 172.25.81.88 poll community *****
snmp-server host outside 172.25.81.88 poll community *****
snmp-server location:
snmp-server contact
snmp-server community *****
snmp-server enable traps syslog
crypto ipsec ikev2 ipsec-proposal aes256
protocol esp encryption aes-256
protocol esp integrity sha-1
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association pmtu-aging infinite
crypto map GARCH 10 match address 101
crypto map GARCH 10 set pfs group19
crypto map GARCH 10 set peer *******************
crypto map GARCH 10 set ikev2 ipsec-proposal aes256
crypto map GARCH 10 set security-association lifetime seconds 3600
crypto map GARCH interface outside
crypto ca trustpool policy
no crypto isakmp nat-traversal
crypto ikev2 policy 10
encryption aes-256
integrity sha256
group 19
prf sha256
lifetime seconds 86400
crypto ikev2 enable outside
telnet 10.65.1.6 255.255.255.255 inside
telnet timeout 5
ssh stricthostkeycheck
ssh 172.25.5.0 255.255.255.0 inside
ssh 172.19.9.49 255.255.255.255 inside
ssh 172.25.5.0 255.255.255.0 outside
ssh 172.19.9.49 255.255.255.255 outside
ssh timeout 30
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 30
management-access inside
dhcprelay server 172.25.81.1 outside
dhcprelay server 172.25.49.1 outside
dhcprelay enable inside
dhcprelay timeout 60
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 172.19.109.41
ntp server 172.19.109.42
ntp server 172.19.9.49 source outside
tunnel-group ********* type ipsec-l2l
tunnel-group ********* ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:25ad9bf6db66a31e840ad96f49cd7e37
: end
I believe when a VPN tunnel is setup there should be one Child sa per subnet. The internal network of 10.65.1.0/24 should be setup with a child sa to the networks that were specified above depending on if there is traffic destined for them. What I am seeing is multiple child sa setup for the same subnet like the example below:
GARPR-COM1-WF01# sh crypto ikev2 sa | i 172.19
remote selector 172.19.0.0/0 - 172.19.255.255/65535
remote selector 172.19.0.0/0 - 172.19.255.255/65535
remote selector 172.19.0.0/0 - 172.19.255.255/65535
remote selector 172.19.0.0/0 - 172.19.255.255/65535
remote selector 172.19.0.0/0 - 172.19.255.255/65535
remote selector 172.19.0.0/0 - 172.19.255.255/65535
remote selector 172.19.0.0/0 - 172.19.255.255/65535
remote selector 172.19.0.0/0 - 172.19.255.255/65535
remote selector 172.19.0.0/0 - 172.19.255.255/65535
remote selector 172.19.0.0/0 - 172.19.255.255/65535
where for destination network 10.92.0.0/16 there is only one child sa:
GARPR-COM1-WF01# sh crypto ikev2 sa | i 10.92
remote selector 10.92.0.0/0 - 10.92.255.255/6553
Should this be the case or does anyone have any idea why there is multiple child sa setup for the same subnet?
Thanks
JonathanHi there,
I had same issue with PIX 506E and it was not even a circuit issue and I got ride of it and problem got fixed with PIX515E
I don't know, the device is too old to stay alive.
thanks -
Cisco ASA 5505 VPN connection issue ("Unable to add route")
I'm trying to get IPSec VPN working onto a new Cisco ASA5505. Pretty standard configuration.
Setup:
* Cisco VPN client on Windows 7 (v5.0.07.0290 x64 on Laptop1 and v5.0.07.0440 x64 on Laptop2)
* PPPoE/NAT and internal DHCP on the ASA were configured with the Startup Wizard in ASDM
NATting is working fine - internal PCs get an IP address in the 192.168.2.0/24 range and can all access the Internet.
I wanted to be able to connect from anywhere to the ASA in order to reach one of the internal servers. Should be pretty basic.
First I tried with the built-in ASDM IPSec Wizard, instructions found here.
VPN clients can connect to the ASA, are connected (until they're manually disconnected), but cannot reach the internal network nor the Internet. Note VPN client can connect fine to a different VPN site (not administered by myself).
Client logs show following error messages:
1 15:53:09.363 02/11/12 Sev=Warning/3 IKE/0xA300005F
Firewall, Cisco Intrusion Prevention Security Agent, is not running, the client will not send firewall information to concentrator.
2 15:53:13.593 02/11/12 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160
Destination 192.168.1.255
Netmask 255.255.255.255
Gateway 172.16.1.1
Interface 172.16.1.101
3 15:53:13.593 02/11/12 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100165, Gateway: ac100101.
4 15:54:30.425 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=172.16.1.101, error 0
5 15:54:31.433 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CheckUpVASettings: Found IPADDR entry addr=172.16.1.101, error 0
6 15:54:32.445 02/11/12 Sev=Warning/2 CVPND/0xA3400015
Error with call to IpHlpApi.DLL: CleanUpVASettings: Was able to delete all VA settings after all, error 0
7 20:50:45.355 02/11/12 Sev=Warning/3 IKE/0xA300005F
Firewall, Cisco Intrusion Prevention Security Agent, is not running, the client will not send firewall information to concentrator.
8 20:50:50.262 02/11/12 Sev=Warning/2 CVPND/0xE3400013
AddRoute failed to add a route with metric of 0: code 160
Destination 192.168.1.255
Netmask 255.255.255.255
Gateway 172.16.1.1
Interface 172.16.1.100
9 20:50:50.262 02/11/12 Sev=Warning/2 CM/0xA3100024
Unable to add route. Network: c0a801ff, Netmask: ffffffff, Interface: ac100164, Gateway: ac100101.
I've already tried the suggestions from this link, although the problem is different there (as the user can still access the internet, even without split tunneling, which I cannot).
A show run shows the following output (note in the below I have tried a different VPN network: 192.168.3.0/24 instead of 172.16.1.0/24 seen in the Client log)
Result of the command: "sh run"
: Saved
ASA Version 8.2(5)
hostname AsaDWD
enable password kLu0SYBETXUJHVHX encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.254 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group DW-VPDN
ip address pppoe setroute
ftp mode passive
access-list inside_nat0_outbound extended permit ip any 192.168.3.0 255.255.255.240
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
ip local pool DWD-VPN-Pool 192.168.3.5-192.168.3.15 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group DW-VPDN request dialout pppoe
vpdn group DW-VPDN localname fa******@SKYNET
vpdn group DW-VPDN ppp authentication pap
vpdn username fa******@SKYNET password *****
dhcpd auto_config outside
dhcpd address 192.168.2.5-192.168.2.36 inside
dhcpd domain DOMAIN interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy DWD internal
group-policy DWD attributes
vpn-tunnel-protocol IPSec
username test password ******* encrypted privilege 0
username test attributes
vpn-group-policy DWD
tunnel-group DWD type remote-access
tunnel-group DWD general-attributes
address-pool DWD-VPN-Pool
default-group-policy DWD
tunnel-group DWD ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:3e6c9478a1ee04ab2e1e1cabbeddc7f4
: end
I've installed everything using the CLI as well (after a factory reset). This however yielded exactl the same issue.
Following commands have been entered:
ip local pool vpnpool 172.16.1.100-172.16.1.199 mask 255.255.255.0
username *** password ****
isakmp policy 1 authentication pre-share
isakmp policy 1 encryption 3des
isakmp policy 1 hash sha
isakmp policy 1 group 2
isakmp policy 1 lifetime 43200
isakmp enable outside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 10 set transform-set ESP-3DES-SHA
crypto dynamic-map outside_dyn_map 10 set reverse-route
crypto dynamic-map outside_dyn_map 10 set security-association lifetime seconds 288000
crypto map outside_map 10 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp nat-traversal
sysopt connection permit-ipsec
sysopt connection permit-vpn
group-policy dwdvpn internal
group-policy dwdvpn attributes
vpn-tunnel-protocol IPSec
default-domain value DWD
tunnel-group dwdvpn type ipsec-ra
tunnel-group dwdvpn ipsec-attributes
pre-shared-key ****
tunnel-group dwdvpn general-attributes
authentication-server-group LOCAL
default-group-policy dwdvpn
Unfortunately I'm getting the same "AddRoute failed to add a route with metric of 0: code 160" error message.
I'm very confused as this should be a pretty standard setup. I tried to follow the instructions on the Cisco site to the letter...
The only "differences" in my setup are an internal network of 192.168.2.0 (with ASA IP address 192.168.2.254) and PPPoE with DHCP instead of no PPPoE at all.
Does anyone know what's going on?Yes, I have tried from a different laptop - same results. Using that laptop I can connect to a different IPSec site without issues.
Please find my renewed config below:
DWD-ASA(config)# sh run: Saved:ASA Version 8.2(5) !hostname DWD-ASAenable password ******* encryptedpasswd ****** encryptednames!interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 nameif inside security-level 100 ip address 192.168.2.254 255.255.255.0 !interface Vlan2 nameif outside security-level 0 pppoe client vpdn group DWD ip address pppoe setroute !ftp mode passiveaccess-list inside_nat0_outbound extended permit ip any 192.168.50.0 255.255.255.224 pager lines 24logging asdm informationalmtu inside 1500mtu outside 1500ip local pool vpnpool 192.168.50.10-192.168.50.20 mask 255.255.255.0icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 0 access-list inside_nat0_outboundnat (inside) 1 0.0.0.0 0.0.0.0timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyhttp server enablehttp 192.168.2.0 255.255.255.0 insidehttp 0.0.0.0 0.0.0.0 outsideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAPcrypto map outside_map interface outsidecrypto isakmp enable outsidecrypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400telnet timeout 5ssh 0.0.0.0 0.0.0.0 outsidessh timeout 5console timeout 0vpdn group DWD request dialout pppoevpdn group DWD localname *****@SKYNETvpdn group DWD ppp authentication papvpdn username *****@SKYNET password ***** dhcpd auto_config outside!dhcpd address 192.168.2.10-192.168.2.40 insidedhcpd enable inside!threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptwebvpn enable outside svc enablegroup-policy DfltGrpPolicy attributes vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpngroup-policy dwdipsec internalgroup-policy dwdipsec attributes vpn-tunnel-protocol IPSec default-domain value DWDDOMusername user1 password ***** encrypted privilege 0username user1 attributes vpn-group-policy dwdipsectunnel-group dwdipsec type remote-accesstunnel-group dwdipsec general-attributes address-pool vpnpool default-group-policy dwdipsectunnel-group dwdipsec ipsec-attributes pre-shared-key *****tunnel-group dwdssl type remote-accesstunnel-group dwdssl general-attributes address-pool vpnpool!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options !service-policy global_policy globalprompt hostname context no call-home reporting anonymousCryptochecksum:f5c8dd644aa2a27374a923671da1c834: endDWD-ASA(config)# -
SUBMIT REPORT statement issue in abap
Hi Experts,
I am facing issue while doing SUBMIT REPORT statement.
Below are the details for the Issue:
1. We want to execute another report ZTEST2 from one report , so we have written code in report ZTEST1 as below:
SUBMIT ZTEST2 AND RETURN.
2. It goes to ZTEST2 successfully but when we execute ZTEST2 and click on BACK buttton , it directly goes to ZTEST1 selection screen.
Instead we want to go ZTEST2 program's selection screen. As this back button is standard ALV button is there any way we can handle this without creating new PF-STATUS.
Regards,
SanjanaThat's very limiting.
It depends, there are some things you can do if you ztest2 does something that is traceable.
Without any more info I suggest to check time-lapse between submit calls. If it's inferior to 2 seconds I'd suppose user want's to leave.
mind you the syntax is wrong:
do.
g_initial = get time.
SUBMIT ZTEST2 AND RETURN.
g_final = get time.
if g_final - g_initial <= 2.
exit.
endif.
enddo.
For the user is in most cases transparent, only if he remains a lot of time in selection screen he'll remain there.
regards,
Edgar
Maybe you are looking for
-
Removing xmlns in child element
Hi, I am getting xmlns="" in child , i want to remove the xmlns="" from the child element. Ex: Generated XML File- <GENERATEFILES xmlns="http://getit.com/generatedFile" > <GENERATE xmlns=""> </GENERATE > </GENERATEFILES > in the code i have added Nam
-
Why is there no error when checkpointing after db log files are removed?
I would like to test a scenario when an application's embedded database is corrupted somehow. The simplest test I could think of was removing the database log files while the application is running. However, I can't seem to get any failure. To demons
-
Entry in field KPOSN (item) in table KONV
Hi All I observed that sometimes for the field KPOSN in the table KONV against a PO :- 1. There is blank entry, 2. Sometimes line item no is updated (i.e. 10, 20 etc) 3. Sometime both blank entry and line item is updated. I want to know under what co
-
Customize Personal Data to be read only (EP6 SP15)
Hi, Are there an easy way to make the 'Personal Data (Employee Self Service) read-only without changing the Webdynpros? I was not able to find any customisation options on the IMG to do this and would like to stay away from editing the Webdynpros if
-
Max mutexes problem where it shouldn't happen
Hi - I am getting this error: java.lang.OutOfMemoryError: Cannot allocate memory: unable to allocate memory for mutex; resize mutex region at com.sleepycat.db.internal.db_javaJNI.DbEnv_open(Native Method) bdb java 5.1.19 using DPL on Ubuntu. Her