Complex NAT and ACL issue with multiple VLANS

Similar Messages

• ISE 1.2 and ACL's with multiple ports

  When creating a DACL for my groups I used the Syntax " permit tcp any 192.168.20.0 0.0.0.255 eq 22 443" for one of my acl's inside the DACL and the syntax check validated it. When I pushed it to my groups it also worked but I have heard that this type of multiple port ACL in ISE is not supported. Does anyone know if this is accurate?

  Thanks for the response but it's wrong. Cisco supports stacked ports in 1.2 for wired users. They carried over 1.1documentation to 1.2 and never updated it. We have it in writing from Cisco tac. 

• Since I've installed Mountain Lion, I am having lock up issues with multiple programs. MS Outlook has crashed and I've lost all my folders. HELP?

  Since I've installed Mountain Lion, I am having lock up issues with multiple programs. MS Outlook has crashed and I've lost all my folders. HELP?

  okay I've finally been able to get tor and all the other programs to work according to my plan the only thing that's still making problems is that iptables doesn't work as I want it to, when I start chromium without proxy settings privoxy doesn't seem to forward the information to polipo.. do I need to add another rule to iptables.rules in order for the program to know it has to reroute the information again or how can I get this to work? and is there any way to run rtorrent with proxy support?
  anyway, problem 2 and 3 are still to be solved.
  and does anybody know where i can get a good dansguardian blacklist that was not designed for 6 year old children and for which I don't need to subscribe? I'm still getting these partypoker popups -.-
  //e: with iptables it's the same thing as described in the first post. https works, http doesnt. I get the output "Invalid header received from client." on http sites. still no idea why though.. (and the https-version of torcheck.xenubite says i'm tor unprotected while starting the browser with iptables)
  Last edited by deF291 (2011-04-23 16:16:31)

• We run an iMac 3.4 GHz I7 for our church worship service; we haven't upgraded to Mavericks because we heard about issues with multiple screens crashing.  Has this issue been resolved?  Thank you!

  We run an iMac 3.4 GHz I7 in our church worship service; we have front screens and a stage display monitor ; we haven't upgraded to Mavericks because we heard about issues with multiple screens crashing.  Has this issue been resolved?  Now that we are 2 upgrades behind, I'm getting little concerned.  Thank you!

  Oh, well that was a whole other kettle of fish:
  Oh the G4 I attempted to install iLife '08 before Lepoard was available. About the only thing that installed cleanly was iPhoto. I ended up reinstalling everything back to iLife '06, and then upgrading back to the current stable version of the iLife '06 version. I didn't attempt a reinstall until after I upgraded to Leopard.
  When I did reinstall, I made a iLife '06 folder, copied all iLife apps into it, and upgraded. Seemed to work, except for the part where iMovie gets left behind and iDVD is only mostly functional.
  When I installed on the other 2 machines, it was after installing Leopard and all upgrades. On those 2 machines, I didn't bother with the copy, I just moved everything to the iLife '06 folder I created, and did a fresh install.
  I didn't have to do anything with the iPhoto Libraries, that I can recall.
  I always do an upgrade, never an archive and install. I've never had a problem with this back to 10.1 or 10.2.

• SPEL in Extended VO - Issue with Multiple Rows

  Hi,
  I have extended a seeded VO by adding a new attribute *'Course_Flag'* with attribute type 'Boolean' and Query Column type 'VARCHAR2' and i wa successfully able to personalize and view the data of the new attribute *'Course_Flag'* in the page as ('true' / 'false') aacording to the query where clause.
  Now after adding a new image with SPEL property as *${oa.LearnerCatalogCoursesVO.Course_Flag}* it will have an issue with multiple items.
  I mean the SPEL will take the first row value 'true' / 'false' and will be corrected rendered according to the value of the first row and ignore other rows values.
  Example: if the *'Course_Flag'* value of the first row is 'true' then all the images will be rendered and if the *'Course_Flag'* value of the first row is 'false' then all the images will be NOT rendered.
  Please advise if I've missed any step.
  Thanks in advance to all.
  Regards....Ashraf

  Dear Kali,
  I have added a new function to the seeded VO SQL +('XXARMS_TRG_EVALUATION_PKG.XX_COURSE_GOT_EVAL')+,
  SQL Statment :-
  select av.activity_version_id, avtl.version_name, av.language_id, av.start_date,
  av.end_date, av.version_code, i.category_usage_id, upper(avtl.version_name) AS SORTVERSIONNAME,
  XXARMS_TRG_EVALUATION_PKG.XX_COURSE_GOT_EVAL(i.category_usage_id, av.activity_version_id) Course_Flag from
  ota_act_cat_inclusions i, ota_activity_versions av, ota_activity_versions_tl avtl
  where i.category_usage_id = :1 and i.activity_version_id = av.activity_version_id and
  nvl(av.end_date, sysdate + 1) >= trunc(sysdate) and
  av.business_group_id = ota_general.get_business_group_id and av.activity_version_id = avtl.activity_version_id and
  avtl.language = userenv('LANG') and
  ota_learner_access_util.learner_has_access_to_course(:2,:3,avtl.activity_version_id) = 'Y'
  And it is retriving the correct data for each row and i did not write any code in the RowImpl.
  Thanks for your help in advance.
  Regards...Ashraf

• Onplus with multiple VLAN

  Hi,
  i am trying to set the network agent N100 on a trunk port on a switch (2960) without success regarding dhcp???
  The problem is that the agent is not getting any ip address from a dhcp pool from a Cisco 1841 router acting as DHCP server. The topology is like this:
  Router---------------------------------------------------------------------Switch--------------------------------------------------------------------On100
           fa0/0
           fa0/0.10
           fa0/0.20
  The router is on the stick with subinterfaces. Ports connecting the router and On100 on the switch are 802.1q trunk ports. I also made a simulation of this topology on the GNS3 and with wireshark i can see  that dhcp discover are comming inbound fa0/0 but when i type the command:
  R#show ip dhcp server statistics there are no received dhcp discover packets???It's very strange.
  Did any one have experience with multiple vlan topology?
  Thanks

  Delo,
  Take a look at the document link below.  Beginning on page 3 contains a sample configuration.  I would recommend reading the entire document to get your arms around the VLAN discovery functionality.  I can appreciate that when reading some of the documentation it can be confusing and lead you to believe that it can discover additional networks using Layer 3 routing.  That said, the one thing to keep in consideration is that OnPlus/ON100, other than the Network Scanning functionality, will not traverse Layer 3 boundaries to do additional discovery/monitoring.  You can manually add devices that are only accessible via Layer 3 and select to do some monitoring on those devices however they must be added manually and it will not attempt to access those devices via SSH/Telnet or SNMP.  As such, it won't do functions like backing up configurations.
  OnPlus autodiscovery will only use Layer 2 and that is why you would need the VLAN Trunking with DHCP in each VLAN or to SPAN a switch port.  With VLAN trunking the ON100 will have an IP in the other VLAN and be able to discover devices on that now "local LAN".  With port spanning, the ON100 would discover based on packets it receives.  It can appear a little confusing but as long as  you keep in mind that the ON100 won't discover over a Layer 3, that will help to clarify some of the confusion.
  http://www.cisco.com/en/US/docs/net_mgmt/other_net_mgmt/onplus/application_notes/multivlan/onplus_on100_vlan_discovery_782079601.pdfhttp://www.cisco.com/en/US/docs/net_mgmt/other_net_mgmt/onplus/application_notes/multivlan/onplus_on100_vlan_discovery_782079601.pdf

• I have slow internet speed and having issue with download of photoshop cc is there an alternate I can go somewhere with high speed to download.

  I have slow internet speed and having issue with download of photoshop cc is there an alternate I can go somewhere with high speed to download. without using this creative cloud that downloads first.

  We need to know more about your system, please download EtreCheck and run the report and please post it on your next reply. Then we can see how your system is configured, what apps are on it and look for anything obvious. We will look forward to seeing your report.

• Firefox 3.6.23 having freezing and rebooting issues with Adobe Flash Player 11 Plugin

  Firefox 3.6.23 is experiencing constant freezing and rebooting issues with Adobe Flash Player 11 Plugin, not sure if it is a conflict issue or not.
  Since the update there had been no reported issues till today when the blue screen came up on me, this issue prior to plug in 11 had occurred at least 6 times, this issue only happens on firefox.
  I do not wish to update since recent firefox browsers seem to have a lot of ongoing issues.

  Anyone able to help please?
  Thanks.

• Hi  have the ipod touch and having issue with the reminders app. do not have the reminders page  just the completed page

  hi  have the ipod touch and having issue with the reminders app. do not have the reminders page  just the completed page

  The problem has been fixed with the most recent OS X software update.

• I just bought a iPod nano 7th gen and having issues with clear radio channels. Please help.

  I just bought a iPod nano 7th gen and having issues with clear radio channels. Please help.

  You can send it in to them: https://expresslane.apple.com/GetproductgroupList.action?PRKEYS=PF3

• Playback Issues with multiple framerates and Blackmagic Decklink 4K Extreme

  I recently swapped by AJA Kona Card for a Blackmagic Decklink 4K Extreme in order to get external monitoring in DaVinci Resolve.
  I'm working in a 1080p 23.976 project that includes some 29.97 SD and HD footage. When loading this 29.97fps footage into my source footage, I periodically encounter frozen playback (The play triangle in my toolbar becomes a square symbol and remains that way). From there I am unable to playback any footage in any timeline, and requires a full system shutdown to return to normal! The problem is seemingly intermitent, with successful playback happening sometimes.
  The 29.97 footage was DVCPRO, I attempted to transcode to Prores to troubleshoot. No dice. I believe it to be an issue related to the Decklink's inability to handle multiple framerates on-the-fly but wanted to submit here, too. I've also experienced intermittent sync delays on my broadcast monitor.
  Decklink Driver 10.0
  Premiere CC 7.2.1
  Mac OSX 10.9.2 (same problem pre-mavericks)

  Hi Andy,
  You should not have any issues with Blackmagic handling multiple formats on the fly. However, I believe the frozen playback issues your describing is related to the Desktop Video 10 driver. I suggest rolling back to 9.3.3 for the time being. Blackmagic is looking into this issue now.
  Best,
  Peter Garaway
  Adobe
  Premiere Pro

• Issue with multiple application installation and server share

  Hi,
  SCCM 2007 SP2 R3 ICP2
  All servers W2K8R2
  I am having an issue with software installs.  When using a variable for multiple applciation installs, I get access errors when the applications go to install.  It appears to be a multiple connection issue, but I can't figure out why.
  I am using server shares for my DPs.  The proper permissions are set.  The servers (DP) are W2K8R2.  I think it has to do with the way R2 handles the conenctions.  I want to know if this is a known issue or if anyone has come accross
  it.
  I am going to post in the software distribution forum as well, but thought this would be a config question.

  Hi! I'm waking up this dead thread but I've got a *very* similar problem!
  I've got a SCCM 2007 SP2 R3 installation on Win2008.  All clients are in the same ConfigMgr-site. Multiple package deploy in the same site-boundary as the CM-server works excellent. (We've got  three DPs in the same site-boundary as the
  CM-server itself.)
  Now, we have a new site-boundary with it's own Protected DP where multiple package deploy fails
  but the same packages, being run from the task-sequnce works! So then the client can download, install and run the packages from the proteced DP just fine. All "single" packages install fine before the "Multiple Appliaction"-step.
  I've tripple checked that we're running the same packages when we're installing Multiple Packages as we do in the Task-Sequence. And
  the same Task-sequence with the Multiple Package installation step
  works fine in our site-boundary where the ConfigMgr-server is installed.
  Here's the log from a client trying to access and install one of three packages through the the Install Multiple Packages task-sequence step.
  <![LOG[Policy SMS10000-CEN000BD-25FE0E9B downloaded successfully]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="dsutils.cpp:597"><br/><![LOG[SMS PackageID = CEN000BD]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="dsutils.cpp:247"><br/><![LOG[Source version = 2]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="dsutils.cpp:296"><br/><![LOG[SMS Program Name = RESTORE]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="dsutils.cpp:317"><br/><![LOG[::CompressBuffer(65536,-1)]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmzlib.cpp:695"><br/><![LOG[Compression (zlib) succeeded: original size 26608, compressed size 3254.]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmzlib.cpp:484"><br/><![LOG[Policy for CEN000BD:"RESTORE" successfully stored in environment]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="dsutils.cpp:331"><br/><![LOG[Downloaded policies successfully]LOG]!><time="16:01:20.905+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="dsutils.cpp:725"><br/><![LOG[Installing pkg 'CEN000BD', program 'BACKUP']LOG]!><time="16:01:20.921+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="dsinstaller.cpp:290"><br/><![LOG[Resolving content for SMS Package CEN000BD]LOG]!><time="16:01:20.921+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="dsutils.cpp:768"><br/><![LOG[Getting local network information.]LOG]!><time="16:01:20.921+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:1846"><br/><![LOG[GetAdaptersAddressess entry point is supported.]LOG]!><time="16:01:20.921+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmiputil.cpp:118"><br/><![LOG[DhcpGetOriginalSubnetMask entry point is supported.]LOG]!><time="16:01:20.937+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmiputil.cpp:181"><br/><![LOG[Adapter {B3FC51BA-75F3-4C93-98D3-72ECE4B7A6A2} is DHCP enabled. Checking quarantine status.]LOG]!><time="16:01:21.124+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmiputil.cpp:509"><br/><![LOG[Adapter {B3FC51BA-75F3-4C93-98D3-72ECE4B7A6A2} has 1 IPv4 address(es).]LOG]!><time="16:01:21.124+-60" date="12-12-2011" component="InstallSoftware" context="" type="2" thread="3040" file="ccmiputil.cpp:540"><br/><![LOG[Executing content location request for CEN000BD:2 as GUID:87F78866-5FCB-43FE-A2F7-07DA7F6863DF]LOG]!><time="16:01:21.124+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:1852"><br/><![LOG[Initializing CLibSMSMessageHeader with authenticator]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:1103"><br/><![LOG[Sending RequestContentLocations]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:3367"><br/><![LOG[Messaging Auth Using V4 Mode]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="libsmsmessaging.cpp:1400"><br/><![LOG[Formatted header:]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:1500"><br/><![LOG[<Msg SchemaVersion="1.1" ReplyCompression="zlib"><ID/><SourceID>GUID:87F78866-5FCB-43FE-A2F7-07DA7F6863DF</SourceID><SourceHost/><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:OSD</ReplyTo><Priority>3</Priority><Timeout>3600</Timeout><SentTime>2011-12-12T15:01:21Z</SentTime><Protocol>http</Protocol><Body Type="ByteRange" Offset="0" Length="618"/><Hooks><Hook2 Name="clientauth"><Property Name="Token"><![CDATA[CCMClientID: BBA60FFE-10D3-42AA-88BF-CBAC68CA4BB4<br/>CCMClientIDSignature: 3F5C9150307B32713AB75C2BD3431AFCB0816854881F6450868D120ABA7FC4424EF3407E6BD2531E32EBF4A89D92440D3BD9E68078A8BB5B899905A765C4AC28B1D837A0D58EB02C55048B1BA97BF0319B02276D87846F4748C2FBAA887C8921989CB07E15BD6685BFC84792B1C9E91EE140DA03BA01FBBF7F6EF824F5FFAF15<br/>CCMClientTimestamp: 2011-12-12T22:02:17Z<br/>CCMClientTimestampSignature: 4E28E6E6EEF71EB4A6FDE54155100F67610556C0E5F81DF82B6AB03608C1745485D65AB09F195D384903AB60DD9993118FCECCC3C9E85F5A9C0CB6E949A5F8DF305B7A5E64E0D98973AF12E034E468B6E7CC03FE23DC3DEB686CBA63FADD895F61D7034504C018F6F20561F40B47BC20509423C2385032A3AA6866F266409F1E]]></Property></Hook2></Hooks><Payload Type="inline"/><TargetHost/><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><CorrelationID/></Msg><br/>]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:1501"><br/><![LOG[CLibSMSMessageWinHttpTransport::Send: URL: STOSCCM02.INTERNT.SVT.SE:443  CCM_POST /ccm_system_AltAuth/request]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:7446"><br/><![LOG[In SSL, but with no client cert]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:7596"><br/><![LOG[In SSL, but with no media cert]LOG]!><time="16:01:21.295+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:7602"><br/><![LOG[The request has succeeded. 200 OK]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="libsmsmessaging.cpp:7734"><br/><![LOG[Decompressing reply body.]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="libsmsmessaging.cpp:2395"><br/><![LOG[::DecompressBuffer(65536)]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmzlib.cpp:735"><br/><![LOG[Filtering Content Locations.]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:1883"><![LOG[Decompression (zlib) succeeded: original size 522, uncompressed size 2128.]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="ccmzlib.cpp:646"><![LOG[ Adding \\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD\ to Local DP list.]LOG]!><time="16:01:21.342+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="resolvesource.cpp:1938">
  <br/><br/><![LOG[Found 0 DPs in subnet, 1 DPs in local site, 0 DPs in remote location and 0 Multicast DPs]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="resolvesource.cpp:1974">
  <![LOG[Shuffling HTTP local DP list.]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:2012">
  <![LOG[Shuffling Local DP list.]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:2087">
  <![LOG[Attempting to connect to \\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD\]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="resolvesource.cpp:2151">
  <![LOG[Deleting any existing network connections to "\\vaxcmdp01.domain.com\*".]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:407">
  <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
  <![LOG[Retrying download...]LOG]!><time="16:01:34.974+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
  <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:01:37.985+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
  <![LOG[Retrying download...]LOG]!><time="16:01:42.711+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
  <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:01:45.721+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
  <![LOG[Retrying download...]LOG]!><time="16:01:50.400+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
  <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:01:53.411+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
  <![LOG[Retrying download...]LOG]!><time="16:01:58.090+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
  <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:01.100+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
  <![LOG[Retrying download...]LOG]!><time="16:02:05.780+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
  <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:08.790+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
  <![LOG[Retrying download...]LOG]!><time="16:02:13.469+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
  <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:16.480+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
  <![LOG[Retrying download...]LOG]!><time="16:02:21.174+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
  <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:24.185+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
  <![LOG[Retrying download...]LOG]!><time="16:02:28.911+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
  <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:31.921+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
  <![LOG[Retrying download...]LOG]!><time="16:02:36.600+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
  <![LOG[Attempting to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD".]LOG]!><time="16:02:39.611+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:501">
  <![LOG[Retrying download...]LOG]!><time="16:02:44.290+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="tsconnection.cpp:508">
  <![LOG[dwErr, HRESULT=800704c3 (e:\nts_sms_fre\sms\framework\tscore\tsconnection.cpp,517)]LOG]!><time="16:02:47.300+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="tsconnection.cpp:517">
  <![LOG[Failed to connect to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000BD" (1219)]LOG]!><time="16:02:47.300+-60" date="12-12-2011" component="InstallSoftware" context="" type="3" thread="3040" file="tsconnection.cpp:517">
  <![LOG[!slistSMBPaths.empty(), HRESULT=80040103 (e:\nts_sms_fre\sms\framework\tscore\resolvesource.cpp,2163)]LOG]!><time="16:02:47.300+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="resolvesource.cpp:2163">
  <![LOG[TS::Utility::GetContentLocations( pszPackageId, L"", lSourceVersion, m_sSiteCode, m_sManagementPoint, &m_oHttpTransport, sClientID, TRUE, sNetworkAccessAccount, sNetworkAccessPassword, TRUE, TRUE, slistSMBPaths, slistHttpPaths ), HRESULT=80040103 (e:\nts_sms_fre\sms\client\osdeployment\installsoftware\dsutils.cpp,843)]LOG]!><time="16:02:47.300+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="3040" file="dsutils.cpp:843">
  <![LOG[Content location request for CEN000BD:2 failed, hr=0x80040103]LOG]!><time="16:02:47.300+-60" date="12-12-2011" component="InstallSoftware" context="" type="3" thread="3040" file="dsutils.cpp:843">
  While installing a single package from the same DP (VAXCMDP01) looks like this:
  ![LOG[PackageID = 'CEN000D1']LOG]!><time="15:29:13.401+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="main.cpp:332">
  <![LOG[BaseVar = '', ContinueOnError='']LOG]!><time="15:29:13.401+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="main.cpp:333">
  <![LOG[SwdAction = '0002']LOG]!><time="15:29:13.401+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="main.cpp:334">
  <![LOG[GetExecRequestMgrInterface successful]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="installsoftware.cpp:218">
  <![LOG[Retrieving value from TSEnv for '_SMSTSPolicyCEN000D1_Install']LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="installsoftware.cpp:85">
  <![LOG[::DecompressBuffer(65536)]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="ccmzlib.cpp:735">
  <![LOG[Decompression (zlib) succeeded: original size 2844, uncompressed size 22640.]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="ccmzlib.cpp:646">
  <![LOG[ADV_AdvertisementID=CEN20022]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="installsoftware.cpp:1119">
  <![LOG[PKG_PSF_ContainsSourceFiles=TRUE]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="installsoftware.cpp:1138">
  <![LOG[::DecompressBuffer(65536)]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="ccmzlib.cpp:735">
  <![LOG[Decompression (zlib) succeeded: original size 12, uncompressed size 4.]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="ccmzlib.cpp:646">
  <![LOG[SoftDist paused cookie = 16271]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="installsoftware.cpp:181">
  <![LOG[Found the location for the package _SMSTSCEN000D1. The location is on \\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1\]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="resolvesource.cpp:3146">
  <![LOG[nPos != CCM::Utility::String::npos, HRESULT=80004005 (e:\nts_sms_fre\sms\framework\tscore\resolvesource.cpp,253)]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="0" thread="2768" file="resolvesource.cpp:253">
  <![LOG[Creating a connection to \\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1\ with default account]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="resolvesource.cpp:2243">
  <![LOG[Connection request for "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1"]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="tsconnection.cpp:208">
  <![LOG[No credentials available for connecting to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1". See whether the share has already been connected.]LOG]!><time="15:29:13.417+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="tsconnection.cpp:233">
  <![LOG[Connecting to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1"]LOG]!><time="15:29:13.510+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="tsconnection.cpp:268">
  <![LOG[Successfully connected to "\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1"]LOG]!><time="15:29:13.588+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="tsconnection.cpp:287">
  <![LOG[SMS PkgID 'CEN000D1' resolved to location '\\vaxcmdp01.domain.com\SMS_DP$\SMSPKG\CEN000D1\']LOG]!><time="15:29:13.635+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="2768" file="installsoftware.cpp:145">
   Notice that it never checks for DPs in the same way as the multiple package install:
  <![LOG[Found 0 DPs in subnet, 1 DPs in local site, 0 DPs in remote location and 0 Multicast DPs]LOG]!><time="16:01:21.389+-60" date="12-12-2011" component="InstallSoftware" context="" type="1" thread="3040" file="resolvesource.cpp:1974">
  I know that the TS checks package dependencies before executing the TS. That's not possible with Multiple packages since they are variable dependant. I think this is somehow related although it doesn't explain why my client can't authenticate properly.
  The Network Access Account is a member of Domain Users and Domain Users have Read Access on the share and on the folder of the VAXCMDP01 DP - which should be identically configured to our other DPs closest to our ConfigMgr Server.
  Any ideas?
  Kind regards,
  Mathias

• Issue with Multiple LTS for a fact table and filters

  Hello,
  I am facing an issue with obiee 10g.
  In my model, I have a huge FACT table F1 (partitioned and indexed). The average response time for the queries, which targeted it, was ~30-60 seconds, which was not really convincing our end user.
  So, we decided to create a materialized view, which removes some dimensions that are not used by default, but might be used if the end user adds some filters. I added the Materialized view in the Physical Layer and in the corresponding Logical Table Source.
  I then tried to see if it works, but I was a bit surprised by the result. Indeed,
  -> If the report does not reference a truncated dimension, it targets the materialized view. -> Perfect
  -> If the report does reference a truncated dimension in the columns, it targets the Fact Table. -> Perfect
  -> If the report does reference a truncated dimension in the Filters, it targets the materialized view. For this reason, the filter is never resolved and no join on the dimension table is applied, whereas it exists in logical SQL generated. -> Ko.
  A suggestion could be to add the filters into the columns, but I am not satisfied by this response because it will never use the materialized view in that case.
  An other suggestion could be to use query rewrite, but I 'd like to have the full control on the generation of the queries.
  Does someone know if the filters are not evaluated to determine which LTS to use? How can I force this evaluation?
  Regards,

  Hi,
  If I understand your description correctly, then your materialized view skips some dimensions (infrequent ones). However, when you reference these skipped dimensions in filters, the queries are hitting the materialized view and failing as these values do not exist. In this case, you could resolve it as follows
  1. Create dimensional hierarchies for all dimensions.
  2. In the fact table's logical sources set the content tabs properly. (Yes, I think this is it).
  When you skipped some dimensions, the grain of the new fact source (the materialized view in this case) is changed. For example:
  Say a fact is available with the keys for Product, Customer, Promotion dimensions. The grain for this is Product * Customer * Promotion
  Say another fact is available with the keys for Product, Customer. The grain for this is Product * Customer (In fact, I would say it is Product * Customer * Promotion Total).
  So in the second case, the grain of the table is changed. So setting appropriate content levels for these sources would automatically switch the sources.
  So, I request you to try these settings and let me know if it works.
  Thank you,
  Dhar

• Issues with multiple subnets - ASA5510 to Vigor 2820 VPN

  Hi there,
  I am hoping someone here can help.  I have been struggling for some time to sort out issues in a VPN we have between our main London office and the Edinburgh branch office.  We have an ASA 5510  in London, talking to a Vigor 2820 in Edinburgh. 
  The London office has a 192.168.0.0/24 subnet, with the default gateway as a Cisco Catalyst at 192.168.0.254, and the Cisco ASA at 192.168.0.254 as the firewall. 
  The Edinburgh office has the subnet 192.168.2.0/24, with the Vigor running on 192.168.2.1, providing routing, DHCP and firewall services there. 
  I have the VPN working fine, correctly routing traffic between those two subnets over the IPsec tunnel.  However, I have had much trouble adding additional subnets for our VLANs in London.
  What I want to happen is traffic from 192.168.2.0/24 to be able to get to and from 192.168.50.0/24 and several similar networks.
  Upon tracing it using the Cisco packet tracer, I can see that the packets for the 192.168.50.0/24 subnet are not making it over the tunnel, having being stopped by the VPN: subtype: encrypt rules.  Looking at these rules though, I can't spot the problem.  Multiple changes of order of the rules, and reloads have not sorted out the problem.  When I run a packet trace on the main subnet it works fine.  I have attached some of the configuration (below) as well as the output from the packet tracer, and the config of the Vigor router.
  I apologise in advance for the length of the post, but I have tried to include all relevant information to see if anyone can help.
  Firstly, here's the ASA config that seemed relevant.  I tried to remove some since we have quite a few site-to-site tunnels set up, and these are probably not relevant (and are all working correctly).
  access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.10.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.20.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.20.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.50.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.30.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.40.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip any 192.168.0.192 255.255.255.192 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.0.0 192.168.7.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.7.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.2.0 255.255.255.0 192.168.7.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.0.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.0.0 192.168.0.0 255.255.0.0 nat (inside) 0 access-list insideOutboundNonatAclnat (inside) 9 access-list vpnNatAclnat (inside) 10 192.168.30.5 255.255.255.255nat (inside) 10 192.168.0.0 255.255.255.0nat (inside) 10 192.168.20.0 255.255.255.0nat (inside) 10 192.168.30.0 255.255.255.0nat (inside) 10 192.168.50.0 255.255.255.0access-list inside_in extended permit ip 192.168.0.0 255.255.255.0 any access-list inside_in extended permit tcp host 192.168.5.2 host 192.168.0.2 eq domain access-list inside_in extended permit ip 192.168.20.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_in extended permit ip 192.168.20.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.50.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.30.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.30.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_in extended permit ip 192.168.40.0 255.255.255.0 192.168.0.0 255.255.255.0 access-list inside_in extended permit ip 192.168.40.0 255.255.255.0 any access-list inside_in extended permit ip 192.168.10.0 255.255.255.0 any access-list inside_in extended permit ip host 192.168.2.1 192.168.30.0 255.255.255.0 inactive access-list inside_in extended permit ip 192.168.2.0 255.255.255.0 192.168.50.0 255.255.255.0 access-list inside_in extended permit ip 192.168.2.0 255.255.255.0 192.168.0.0 255.255.255.0 access-group inside_in in interface insideaccess-list outside_2_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0 route inside 192.168.20.0 255.255.255.0 192.168.0.254 1route inside 192.168.50.0 255.255.255.0 192.168.0.254 1route inside 192.168.30.0 255.255.255.0 192.168.0.254 1route inside 192.168.40.0 255.255.255.0 192.168.0.254 1crypto ipsec transform-set ESP_DES_MD5 esp-des esp-md5-hmac crypto ipsec transform-set TRANS_VPN_SET esp-3des esp-md5-hmac crypto ipsec transform-set TRANS_VPN_SET mode transportcrypto ipsec transform-set TRANS_VPN_SET_2 esp-3des esp-sha-hmac crypto ipsec transform-set TRANS_VPN_SET_2 mode transportcrypto ipsec transform-set ESP_3DES_SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP_3DES_MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec df-bit clear-df outsidecrypto dynamic-map core_vpn_dyn_map 20 set transform-set ESP_3DES_MD5 ESP_DES_MD5 TRANS_VPN_SET TRANS_VPN_SET_2crypto dynamic-map core_vpn_dyn_map 40 set pfs crypto dynamic-map core_vpn_dyn_map 40 set transform-set ESP_3DES_SHA ESP_DES_MD5crypto map outside_map 2 match address outside_2_cryptomapcrypto map outside_map 2 set pfs crypto map outside_map 2 set peer [branch peer ip]crypto map outside_map 2 set transform-set ESP_3DES_MD5crypto isakmp identity address crypto isakmp identity address crypto isakmp policy 25 authentication pre-share encryption 3des hash md5     group 1      lifetime 28800crypto isakmp nat-traversal  30crypto isakmp disconnect-notifygroup-policy DfltGrpPolicy attributes banner none  wins-server none dns-server none dhcp-network-scope none vpn-access-hours none vpn-simultaneous-logins 100 vpn-idle-timeout none vpn-session-timeout none vpn-filter none vpn-tunnel-protocol IPSec l2tp-ipsec webvpn password-storage disable ip-comp disable re-xauth enable group-lock none pfs disable  ipsec-udp disable ipsec-udp-port 10000 split-tunnel-policy tunnelall split-tunnel-network-list none default-domain none split-dns none intercept-dhcp 255.255.255.255 disable secure-unit-authentication disable user-authentication disable user-authentication-idle-timeout 30 ip-phone-bypass disable leap-bypass disable nem disable  backup-servers keep-client-config msie-proxy server none msie-proxy method no-modify msie-proxy except-list none msie-proxy local-bypass disable nac disable  nac-sq-period 300 nac-reval-period 36000 nac-default-acl none address-pools none smartcard-removal-disconnect enable client-firewall none client-access-rule nonetunnel-group [branch peer ip] type ipsec-l2ltunnel-group [branch peer ip] ipsec-attributes pre-shared-key *
  Note: [branch peer ip] replaces any instances of the branch office outside IP address
  I appreciate there may be some duplicated/redundant rules here - I have been playing with config to try to fix the problem.  I'd really appreciate any suggestions on how to track this down. 
  Here's the vigor config:
  So it looks to match ok to me at both ends, unless there is something I missed.  The vigor routing table shows:
  Key: C - connected, S - static, R - RIP, * - default, ~ - private*             0.0.0.0/         0.0.0.0 via [ISP gateway server],   WAN1S         [branch peer ip]/ 255.255.255.255 via [branch peer ip],   WAN1S~       192.168.40.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.50.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.10.0/   255.255.255.0 via [London office ip],    VPNS~        192.168.0.0/   255.255.255.0 via [London office ip],    VPNC~        192.168.2.0/   255.255.255.0 is directly connected,    LANS~        192.168.7.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.30.0/   255.255.255.0 via [London office ip],    VPNS~       192.168.20.0/   255.255.255.0 via [London office ip],    VPN*     [ISP dns server]/ 255.255.255.255 via [ISP gateway server],   WAN1
  I have replaced IPs here as is shown.  You can see the vigor seems to want to route the appropriate traffic over the VPN.
  Finally, here is the packet trace output:
  ciscoasa# packet-trace input outside tcp 192.168.2.1 echo 192.168.50.10 echo d$Phase: 1Type: FLOW-LOOKUPSubtype: Result: ALLOWConfig:Additional Information:Found no matching flow, creating a new flowPhase: 2Type: ROUTE-LOOKUPSubtype: inputResult: ALLOWConfig:Additional Information:in   192.168.50.0    255.255.255.0   insidePhase: 3Type: ACCESS-LISTSubtype: logResult: ALLOWConfig:access-group outsideInAcl in interface outsideaccess-list outsideInAcl extended permit ip 192.168.2.0 255.255.255.0 any Additional Information: Forward Flow based lookup yields rule: in  id=0x4529e48, priority=12, domain=permit, deny=false        hits=362922, user_data=0x4529e08, cs_id=0x0, flags=0x0, protocol=0        src ip=192.168.2.0, mask=255.255.255.0, port=0        dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 4      Type: IP-OPTIONSSubtype:      Result: ALLOW Config:       Additional Information: Forward Flow based lookup yields rule: in  id=0x44057f0, priority=0, domain=permit-ip-option, deny=true        hits=2693939, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0        src ip=0.0.0.0, mask=0.0.0.0, port=0        dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 5      Type: NAT-EXEMPTSubtype: rpf-checkResult: ALLOW Config:       Additional Information: Forward Flow based lookup yields rule: in  id=0x44fe9a0, priority=6, domain=nat-exempt-reverse, deny=false        hits=12, user_data=0x44fe800, cs_id=0x0, use_real_addr, flags=0x0, protocol=0        src ip=192.168.2.0, mask=255.255.255.0, port=0        dst ip=192.168.50.0, mask=255.255.255.0, port=0Phase: 6      Type: NAT     Subtype: rpf-checkResult: ALLOW Config:       nat (inside) 10 192.168.50.0 255.255.255.0  match ip inside 192.168.50.0 255.255.255.0 outside any    dynamic translation to pool 10 (external [Interface PAT])    translate_hits = 2250, untranslate_hits = 17Additional Information: Forward Flow based lookup yields rule: out id=0x4b80e80, priority=1, domain=nat-reverse, deny=false hits=32, user_data=0x4b80ce0, cs_id=0x0, flags=0x0, protocol=0 src ip=0.0.0.0, mask=0.0.0.0, port=0 dst ip=192.168.50.0, mask=255.255.255.0, port=0Phase: 7Type: NATSubtype: host-limitsResult: ALLOWConfig:nat (inside) 10 192.168.50.0 255.255.255.0  match ip inside 192.168.50.0 255.255.255.0 outside any    dynamic translation to pool 10 (external [Interface PAT])    translate_hits = 2250, untranslate_hits = 17Additional Information: Reverse Flow based lookup yields rule: in  id=0x4b80fa0, priority=1, domain=host, deny=false hits=2811, user_data=0x4b80ce0, cs_id=0x0, reverse, flags=0x0, protocol=0 src ip=192.168.50.0, mask=255.255.255.0, port=0 dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 8Type: IP-OPTIONSSubtype:      Result: ALLOW Config:       Additional Information: Reverse Flow based lookup yields rule: in  id=0x4469ef8, priority=0, domain=permit-ip-option, deny=true        hits=2010804, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0        src ip=0.0.0.0, mask=0.0.0.0, port=0        dst ip=0.0.0.0, mask=0.0.0.0, port=0Phase: 9      Type: VPN     Subtype: encryptResult: DROP  Config:       Additional Information: Reverse Flow based lookup yields rule: out id=0x4887aa8, priority=70, domain=encrypt, deny=false        hits=10, user_data=0x0, cs_id=0x44b18f8, reverse, flags=0x0, protocol=0        src ip=192.168.50.0, mask=255.255.255.0, port=0        dst ip=192.168.2.0, mask=255.255.255.0, port=0Result:       input-interface: outsideinput-status: upinput-line-status: upoutput-interface: insideoutput-status: upoutput-line-status: upAction: drop  Drop-reason: (acl-drop) Flow is denied by configured rule
  So it seems to find the rule, which it ought to match, but then returns DENY.  What's going on here?  Perhaps this is misleading and the issue is elsewhere, but it isn't clear from the output here.
  For further information, this is output for the WORKING subnet - I have just taken a small part here though:
  Phase: 10     Type: VPN     Subtype: encryptResult: ALLOW Config:       Additional Information: Reverse Flow based lookup yields rule: out id=0x4b86418, priority=70, domain=encrypt, deny=false        hits=332214, user_data=0x7da5c, cs_id=0x44b18f8, reverse, flags=0x0, protocol=0        src ip=192.168.0.0, mask=255.255.255.0, port=0        dst ip=192.168.2.0, mask=255.255.255.0, port=0
  Thanks very much in advance for any help you can provide - I've been really stuck on this one!
  Chris

  Hi,
  Can you issue the packet-tracer with the direction beeing your London office -> Remote office?
  Also issue the command twice.
  Personally I've used packet-tracer with some L2L VPNs to test if the remote end has the configurations correct. Also I've noticed that the first packet-tracer test never goes through. So issue that command twice and show how it goes.
  Though I imagine you have tried to connect through the L2L VPN with real host machines and not just the firewalls packet-tracer?
  Also I imagine the original info has a typo. You say your ASAs LAN gateway IP and the local L3 switches IP address is the same, 192.168.0.254.
  Basically the hardest part regarding L2L VPNs should be the initial setup of the VPN connection. Even though it should be simple people still tend to mess up PSKs or Phase1/2 parameters. But as your L2L VPN is already in working order and you are just adding networks to it, it should be pretty simple.
  When you add network and dont require any special NAT configurations, your NAT0 and Encryption domain access-list should look pretty much the same.
  And looking at your configurations, it should be like this
  access-list outside_2_cryptomap extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list outside_2_cryptomap extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
  access-list insideOutboundNonatAcl extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.30.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.40.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.50.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.10.0 255.255.255.0 192.168.2.0 255.255.255.0 access-list insideOutboundNonatAcl extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
  Btw what is the network 192.168.7.0/24? It seems to have a VPN rule at the remote site but not at the HO site. Though there is a NAT0 rule for that traffic on the HO site.
  EDIT: I imagine the VPN network rules should be an exact mirror image of eachother. Though it seems this doesnt stop devices from negotiating the VPN up but who knows if some other device type is picky about that one. Only thing in your situation that I see is the network 192.168.7.0/24 that is not included in the other ends configurations.
  EDIT2: Also the reason your test for the already existing rule might be going through without a problem might be because the tunnel is up and working for the networks in question.
  EDIT3: Does your Vigor device also have NAT0 rules configured for the new networks?
  - Jouni

• Issues with multiple things since Mavericks update

  I installed the Mavericks update and since, I have been having multiple problems with different things on my MacBook Pro 13"
  1. Printer issues: I have an HP officejet 6500 wireless printer (Officejet 6500 E709n Series), and now it's having major issues with printing, yet was working perfect prior to update. It will either cut out pages when printing PDF documents, or printing so slow that it has to take a break in between printing each document (an issue that all never occurred until update), to print documents back to back, it will stop after one document as though I have no other documents in queue to print, and pauses for an extremely long time (nearly a full minute, no exaggeration here, literally almost a full 60 seconds), something it's never done before this update. My Apps update even did an update to the HP software that is inside the Mac already to use printing (in other words, the mac doesn't need to have the HP software manually installed for it to work, it automatically sees the printer because it is connected to my wireless network just as my Macbook Pro which is also connected wirelessly to my network).
  2. Internet issues: am now unable to click on certain links in safari that I was able to use prior to the update, yet they will open fine inside of firefox with no issues, yet I cannot always switch between two different browsers to perform task online (literally have to start all over inside firefox while in the middle of something in safari). Also lots of websites no longer work correctly and I have to constantly clear history and cookies to attempt to use certain sites, at times it will help, other times it wont work period, yet the same exact site will work perfect in firefox (which I do not use, only on my system for use on certain sites for school because in safari prior to the update, I would have issues with only the class site and some links not working at all, no spinning wheel, no errors, just nothing, no response of any kind, basically worse than what it was before the update). Another issue, hit Ctrl+a to select inside Safari and it highlights, but then when you click out of the highlight, it comes back on it's own several times without you hitting anything, just click inside the screen on a blank space (no links, etc) with touchpad.
  3. System issues:  My system is way slower than what it was prior to the update, click on things and it wont respond at all, then minutes later will eventually respond or pops up the spinning color wheel, which it either never responds or takes an extremely long time to respond. And no matter how much I restart, it doesn't help anything. Even just to sit doing nothing, no clicking or usage on the system, and the color wheel pops up.
  4. Mail issues: Mail is now popping up completely blank messages that I have sent out, the person receives it with no issues, yet I cannot look at the message I sent neither in the inbox or the sent items when I need to look at them again, an issue not present prior to update. Also I an now having issues when receiving mail, sometimes it will check for mail and sometimes I have to manually click to make it check the server for mail, an issue not present prior to update as well.
  As of now, since I have had the chance to used the system since the update, these are the issues I have had, yet haven't had the chance to check other things, so there may be other issues that are occurring that I'm not aware of at the moment. I knew it would be a mistake to do this "free" update and did so anyway and now having one issue after the next with each application I open to use.
  Mac general info:
  Mac is one year old, purchased brand new, no shareware programs of any kind installed.
  Use for school and basic web surfing use.
  Do not install any programs onto system that I'm unsure are safe (basically programs for/from school/school websites only, or from the Mac Apps store only), not even programs like Skype, nor any windows based programs of any kind.
  Lots of free memory avail because I save everything onto external hard drives (purchased brand new as well, only 4months old) in case system crash occurs, only things on the system is Itunes music or pics from photo stream that sync to the system when Iphone connected.
  Mac system info:
  - Processor  2.5 GHz Intel Core i5
  - Memory  4 GB 1600 MHz DDR3
  - Graphics  Intel HD Graphics 4000 1024 MB
  - Software  OS X 10.9
  - Number of Processors:          1
  - Total Number of Cores:          2
  - L2 Cache (per Core):          256 KB
  - L3 Cache:          3 MB

  For those needing help fixing their system and putting it back to Lion or Mountain Lion, this is what I have done to eliminate all my issues in about an hour (depending on your internet connection).
  Amazing thing, I just restored my computer back to Mountain Lion, and she's working perfect again, as I knew she would. E-mail popping into mailbox instantly as it should and did before the update, printer working fast as it was before update, no more freezing or glitches of any kind thankfully and finally. Here is the link that is through the Apple site to direct you on how to put your system back and get rid of Maverick's, that is assuming that is what you would like to do and also includes link for those wanting to try fixing the issue if that is your preference (most of this info is for those with mountain lion and some with the previousverisoin of OS X lion).
  If you want to keep Maverick's here is a good post on the apple discussion board to help you out:
  https://discussions.apple.com/docs/DOC-6161
  If you just want to totally get rid of it and put back what you had before, this is the short version of how to do so:
  https://discussions.apple.com/docs/DOC-3353
  NOTE: This particular link has a lot of info on what to do for different situations, it is a bit lengthy, yet still very helpful.
  OS X Mountain Lion: Reinstall OS X (direct from Apple support site, not someone else):
  http://support.apple.com/kb/PH10763?viewlocale=en_US
  OS X: About OS X Recovery (also from apple support directly and includes some instructions just the same as previous links above):
  http://support.apple.com/kb/HT4718
  Just in case you aren't sure what it will all look like as you are doing things, this is a link to show you a few pics of what you will see  as you as you are going through the process, it can be helpful for those who aren't sure what they are doing or how to do things at all:
  http://www.apple.com/osx/recovery/
  This is a way to download the Mountain Lion disk info from the server
  http://support.apple.com/kb/DL1433
  I hope this helps someone, it was amazing for me and my system is working perfect again like it was, battery life is way better went from like 3 hours to like 5 (not on full charge by the way, after it sat for a while doing the online update which took a while so that's saying something alone, huge improvement). I plan to wait a while before attempting to reinstall Maverick's, long enough for them to fix the bugs.