Configuring inbound NAT for an IP protocol

Hi
How do we configure an inbound NAT for IP protocol 41 from the outside interface to a DMZ host within ASA v9.1? A 1:1 translation is due to the sparse IPs not an option.
ASA v9.1 refuses to configure a service translation when it's not a TCP nor UDP.
Greetings
Roberto

Hello Roberto,
Yeah man, sorry to inform you that it's just not possible...
You cannot do that, all you can do is a one to one mapping or at least the tcp/udp port-forwarding. As your protocol does not have any port, option one is the only option.
The only thing that I have seen like this is the PPTP inspection starting on 8.3 and you will need to enable the inspection for the protocol so you can dynamically allocate the GRE traffic.This without the need for an IP protocol but for what you are looking for there is config,
Sorry!
Regards,

Similar Messages

  • NAT overload is not working when i configure Double NAT for VPN

    I have Cisco 2921 router with OS version 15.1(4)M1.
    the router is configured for NAT overload and working fine, i have site to site VPN tunnel with peer with normal NAT translation. now we need to configure Double NAT on the VPN tunnel as we need to free the subnet on peer network. for double nat i use 3.2.21.x - 3.2.23.x / 24 network and apply following command
    Double NAT translation
    ip nat inside source static network 192.168.10.0 3.2.21.0 /24 no-alias
    ip nat inside source static network 192.168.20.0 3.2.22.0/24 no-alias
    ip nat inside source static network 192.168.30.0 3.2.23.0 /24 no-alias
    Nonat
    access-list 101 deny   ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 101 deny   ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 101 deny   ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
    VPN encrypted traffic over the tunnel
    access-list 115 permit ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 115 permit ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 115 permit ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
    Problem:
    as soon as i apply Double NAT translation command the  NAT overload stop working and client cannot reach to the internet
    the router partial configuration is as below
    REACH-R01(config)#do sh run
    Building configuration...
    Current configuration : 19233 bytes
    ! Last configuration change at 09:56:45 MST Tue Jan 29 2013 by admin
    ! NVRAM config last updated at 13:57:54 MST Wed Jan 30 2013
    ! NVRAM config last updated at 13:57:54 MST Wed Jan 30 2013
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname REACH-R01
    boot-start-marker
    boot-end-marker
    card type t1 0 0
    logging buffered 51200 warnings
    no aaa new-model
    clock timezone MST -7 0
    clock summer-time MST recurring
    network-clock-participate wic 0
    network-clock-select 1 T1 0/0/0
    no ipv6 cef
    ip source-route
    ip cef
    ip dhcp excluded-address 192.168.20.1 192.168.20.99
    ip dhcp excluded-address 192.168.20.250 192.168.20.255
    ip dhcp pool CISCO_PHONES
    network 192.168.20.0 255.255.255.0
    default-router 192.168.20.254
    option 150 ip 192.168.20.254
    no ip domain lookup
    ip domain name reach.local
    ip inspect name ethernetin ftp timeout 3600
    ip inspect name ethernetin h323 timeout 3600
    ip inspect name ethernetin http timeout 3600
    ip inspect name ethernetin rcmd timeout 3600
    ip inspect name ethernetin realaudio timeout 3600
    ip inspect name ethernetin smtp timeout 3600
    ip inspect name ethernetin sqlnet timeout 3600
    ip inspect name ethernetin streamworks timeout 3600
    ip inspect name ethernetin tcp timeout 3600
    ip inspect name ethernetin tftp timeout 30
    ip inspect name ethernetin udp timeout 15
    ip inspect name ethernetin vdolive timeout 3600
    multilink bundle-name authenticated
    isdn switch-type primary-ni
    trunk group PRI
    crypto pki token default removal timeout 0
    crypto pki trustpoint TP-self-signed-3180627716
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3180627716
    revocation-check none
    rsakeypair TP-self-signed-3180627716
    voice-card 0
    dsp services dspfarm
    voice service voip
    allow-connections sip to sip
    fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
    sip
    voice translation-rule 1
    rule 5 /^7804981231/ /401/
    voice translation-rule 2
    rule 5 // /7804981231/
    voice translation-profile DID_INBOUND
    translate called 1
    voice translation-profile DID_OUTBOUND
    translate calling 2
    license udi pid CISCO2911/K9 sn FGL1540114P
    license accept end user agreement
    license boot module c2900 technology-package securityk9
    hw-module ism 0
    hw-module pvdm 0/0
    username test test
    redundancy
    controller T1 0/0/0
    cablelength long 0db
    pri-group timeslots 1-6,24
    no ip ftp passive
    crypto isakmp policy 10
    encr aes 256
    authentication pre-share
    group 2
    crypto isakmp key P@ssw0rd address 33.33.33.33 no-xauth
    crypto ipsec transform-set ESP-AES256-SHA esp-aes 256 esp-sha-hmac
    crypto map VPN-TUNNEL 1 ipsec-isakmp
    description COMPUGEN
    set peer 33.33.33.33
    set transform-set ESP-AES256-SHA
    match address 115
    interface Embedded-Service-Engine0/0
    no ip address
    shutdown
    interface GigabitEthernet0/0
    description Outside Interface To the Internet
    ip address dhcp
    ip access-group outside_access_in in
    ip nat outside
    ip virtual-reassembly in
    duplex auto
    speed auto
    crypto map VPN-TUNNEL
    interface ISM0/0
    ip unnumbered GigabitEthernet0/1.20
    service-module ip address 192.168.20.2 255.255.255.0
    !Application: CUE Running on ISM
    service-module ip default-gateway 192.168.20.254
    interface GigabitEthernet0/1
    no ip address
    ip nat inside
    ip virtual-reassembly in
    duplex auto
    speed auto
    interface GigabitEthernet0/1.10
    description VLAN 10 DATA VLAN
    encapsulation dot1Q 10
    ip address 192.168.10.254 255.255.255.0
    ip nat inside
    ip inspect ethernetin in
    ip virtual-reassembly in
    interface GigabitEthernet0/1.20
    description VLAN 20 VOICE VLAN
    encapsulation dot1Q 20
    ip address 192.168.20.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    interface GigabitEthernet0/1.30
    description VLAN 30 WIRELESS VLAN
    encapsulation dot1Q 30
    ip address 192.168.30.254 255.255.255.0
    ip nat inside
    ip inspect ethernetin in
    ip virtual-reassembly in
    interface GigabitEthernet0/2
    no ip address
    shutdown
    duplex auto
    speed auto
    interface ISM0/1
    description Internal switch interface connected to Internal Service Module
    no ip address
    interface Serial0/0/0:23
    no ip address
    encapsulation hdlc
    isdn switch-type primary-ni
    isdn incoming-voice voice
    trunk-group PRI
    no cdp enable
    interface Vlan1
    no ip address
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip http path flash:CME8.6/GUI
    ip nat inside source static tcp 192.168.10.10 443 interface GigabitEthernet0/0 443
    ip nat inside source static tcp 192.168.10.10 25 interface GigabitEthernet0/0 25
    ip nat inside source static tcp 192.168.10.10 1723 interface GigabitEthernet0/0 1723
    ip nat inside source static tcp 192.168.10.10 3389 interface GigabitEthernet0/0 3389
    ip nat inside source static tcp 192.168.10.10 123 interface GigabitEthernet0/0 123
    ip nat inside source static tcp 192.168.10.10 987 interface GigabitEthernet0/0 987
    ip nat inside source list 101 interface GigabitEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 75.152.248.1
    ip route 0.0.0.0 0.0.0.0 75.152.248.1 254
    ip route 0.0.0.0 0.0.0.0 205.206.0.1 254
    ip route 192.168.20.2 255.255.255.255 ISM0/0
    ip access-list extended outside_access_in
    permit udp any any eq bootps
    permit udp any any eq bootpc
    permit tcp any host 22.22.22.22 eq 1723
    permit tcp any host 22.22.22.22 eq 3389
    permit tcp any host 22.22.22.22 eq smtp
    permit tcp any host 22.22.22.22 eq 443
    permit tcp any host 22.22.22.22 eq domain
    permit udp any host 22.22.22.22 eq domain
    permit tcp any host 22.22.22.22 eq 123
    permit icmp any host 22.22.22.22 unreachable
    permit icmp any host 22.22.22.22 echo-reply
    permit icmp any host 22.22.22.22 packet-too-big
    permit icmp any host 22.22.22.22 time-exceeded
    permit icmp any host 22.22.22.22 traceroute
    permit icmp any host 22.22.22.22 administratively-prohibited
    permit icmp any host 22.22.22.22 echo
    permit tcp any host 22.22.22.22 eq 987
    permit tcp any host 22.22.22.22 eq 47
    permit gre any host 22.22.22.22
    permit udp any host 22.22.22.22 eq isakmp
    permit esp any host 22.22.22.22
    access-list 23 permit any
    access-list 101 deny   ip 192.168.20.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 101 deny   ip 192.168.30.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 101 deny   ip 192.168.10.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 101 deny   ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 101 deny   ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 101 deny   ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 101 permit ip 192.168.10.0 0.0.0.255 any
    access-list 101 permit ip 192.168.20.0 0.0.0.255 any
    access-list 101 permit ip 192.168.30.0 0.0.0.255 any
    access-list 110 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
    access-list 115 permit ip 3.2.21.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 115 permit ip 3.2.22.0 0.0.0.255 3.2.1.0 0.0.0.255
    access-list 115 permit ip 3.2.23.0 0.0.0.255 3.2.1.0 0.0.0.255
    Solution: Support forums team

    I have the same problem also.  Restarting isn't helping and the auto lock/unlock button is on.  Plus a couple of time when I turn it on it is asking if I want to power off.  That is when I push the button on the front to wake it up.  Not the power button on top.  I have an IPAd 2. Worked fine before the update. 

  • Configure static NAT for range of ports

    Hi,
    I have a 2911 with a 3CX IP PBX behind it that needs to have a static NAT to the 3CX server for TCP/UDP 5060 and UDP 9000-9049. Do I have to create a static NAT entry for every single port in order for this to work, or can a range be defined in the NAT entries?
    As an example, say my 3CX server has an internal IP of 192.168.1.25 and my external IP is 1.2.3.4. Would I have to create an entry for each port?
    ip nat inside source static tcp 192.168.1.25 5060 1.2.3.4 5060
    ip nat inside source static udp 192.168.1.25 5060 1.2.3.4 5060
    ip nat inside source static udp 192.168.1.25 9000 1.2.3.4 9000
    ip nat inside source static udp 192.168.1.25 9001 1.2.3.4 9001
    and so on...
    Is this the correct way to do it, or is there another better way?
    Also, I only have one public IP to work with, and there are multiple other hosts on this network that need to have access to the internet. Right now I have NAT setup with overload so that the other hosts can get to the Internet. Here's my config for that:
    ip nat pool PATPOOL 1.2.3.4 1.2.3.4 netmask 255.255.255.252
    ip nat inside source list NAT_ACL pool PATPOOL overload     
    ip access-list standard NAT_ACL
     remark PAT to outside
     permit 192.168.1.0 0.0.0.255
     exit
    My question with this is will the static NAT work if I already have NAT overload configured as above?
    Thanks for the help in advance.
    Austin
    PS here is 3CX documentation on this subject http://www.3cx.com/blog/voip-howto/cisco-voip-configuration/

    I ended up creating a static NAT entry for each individual port mapping. This worked just as it was supposed to. 
    I have seen examples of people using route maps and ACLs to accomplish forwarding a range ports. I have yet to see official documentation from Cisco on this, and in some cases those examples did not seem to work correctly.
    ASAs with the latest code have the ability to forward a range of ports, but based on my research IOS lacks this feature.
    In my case, forwarding 50 ports wasn't so bad. However, if you have hundreds or thousands of ports to forward you may want to try the route map/ACL approach.
    Hopefully this information useful to others. 

  • ASA single outside IP address to an inbound NAT pool that round robins request to 2 web servers

    How do I create a single outside IP address 1.2.3.4 to an inbound NAT pool that round robins request to 2 web servers?
    I have 2 web server 10.0.0.1 and 10.0.0.2. They have the exact same content.
    I think I start with defining the pool as an object group which contains 2 server 10.0.0.1 and 10.0.0.2
    object-group network appservers
    network-object host 10.0.0.1
    network-object host 10.0.0.2
    What to do next?
    object-group network appservers
    nat (inside,outside) static 1.2.3.4
    gives me an error.

    No, unfortunately you can't configure round robin static inbound NAT for 2 internal web servers.

  • How to configure inbound ruleset in dynamic nat.

    Hi ,
    I have a doubt on configure the inbound rules for dynamic nat. I want to allow my web server (172.16.101.115) able connect from outside with tcp/443.
    How do I configure the inbound ruleset for allow public connect to my webserver with tcp/443 in dynamic nat.
    Here I have draw a diagram and some configuration i have configure in my ASA 8.2. Please correct me if I was wrong config it. 
    Public IP: 10.10.10.28
    Private IPs:
    172.16.101.115
    172.16.101.116
    172.16.101.117
    172.16.101.118
    172.16.101.119
    172.16.101.120
    access-list Web_nat permit ip host 172.16.101.115 any
    access-list Web_nat permit ip host 172.16.101.116 any
    access-list Web_nat permit ip host 172.16.101.117 any
    access-list Web_nat permit ip host 172.16.101.118 any
    access-list Web_nat permit ip host 172.16.101.119 any
    access-list Web_nat permit ip host 172.16.101.120 any
    nat (firewall-dmz) 1 access-list Web_nat
    global (firewall-outbound) 1 10.10.10.28
    access-list fw-outbound-access permit tcp any host 10.10.10.28 eq 443 //allow outside connect to my external ip.
    access-list fw-dmz-access permit tcp any host 172.16.101.115 eq 443 //allow my translation ip connect to my webserver with tcp/443.

    Hi,
    I am not sure what you are attempting to configure here.
    But what the NAT configuration above does is do a Dynamic PAT for all the servers on the "firewall-dmz" to a single IP address towards the "firewall-outbound"
    This Dynamic translation doesnt however enable connections to be initiated from behind the "firewall-outbound" interface. When your hosting a server which needs a NAT towards the users then the NAT type has to be Static NAT or Static PAT.
    Static NAT will essentially use up one public IP address for just the single local host/server.
    Static PAT will do a Port Forward from the public IP address and public port to the local IP and local port. And this is most commonly used with environments which only public IP address is the one that the ASA holds in its WAN interface.
    A typical Static NAT configuration is this
    static (inside,outside) 1.1.1.1 10.10.10.10 netmask 255.255.255.255
    Where
    inside = is the interface behind which the host is
    outside = is the interface towards which the host is NATed
    1.1.1.1 = is the public NAT IP address for the host
    10.10.10.10 = is the local IP address of the host
    A typical Static PAT configuration is this
    static (inside,outside) tcp interface 80 10.10.10.10 80 netmask 255.255.255.255
    Where
    tcp = specifies the protocol for which the Static PAT configured
    interface = specifies that we will be using the public IP address of the destination interface "outside" as the public IP address for this single Port Forward.
    80 = first "80" specifies the public port visible to users behind the destination interface
    80 = second "80" specifies the actual local port on which the local host is listening on
    Hope this helps
    - Jouni

  • Incoming message size exceeds the configured maximum size for protocol t3

    Hi All,
    I've encountered an error as follow:
    weblogic.socket.MaxMessageSizeExceededException: Incoming message of size 50004000 bytes exceeds the configured maximum of 50000000 bytes of protocol t3.
    But the request message is only 3MB, why it is enlarged to over 50M?
    There is a For Each loop section in main flow, is it because for one loop, there will be a copy of request message?
    How to enlarge message size for protocol t3?
    Go to server/protocol and change 'Maximum Message Size' for AdminServer, OSB Servers and SOA servers?
    Thanks and Regards,
    Bruce

    Hi,
    1) After setting -Dweblogic.MaxMessageSize to 25000000
    <BEA-000403> <IOException occurred on socket: Socket[addr=ac-sync-webserver1/172.24.128.8,port=9040,localport=36285]
    weblogic.socket.MaxMessageSizeExceededException: Incoming message of size: '25002240' bytes exceeds the configured maximum of: '25000000' bytes for protocol: 't3'
    at weblogic.socket.BaseAbstractMuxableSocket.incrementBufferOffset(BaseAbstractMuxableSocket.java:174)
    2) After setting -Dweblogic.MaxMessageSize to 50000000
    <BEA-000403> <IOException occurred on socket: Socket[addr=ac-sync-webserver2/172.24.128.9,port=9040,localport=59925]
    weblogic.socket.MaxMessageSizeExceededException: Incoming message of size: '50000400' bytes exceeds the configured maximum of: '50000000' bytes for protocol:
    't3'.
    And even after setting various values for -Dweblogic.MaxMessageSize , issue weblogic.socket.MaxMessageSizeExceededException was observed.
    To overcome the issue set Manual Service Migration Only as after several experiments and replicating the issue it was found out that in case of no available pinned services, must set the migration policies of the migratable targets on "Manual Service Migration Only".
    And once it is corrected; it was noticed that weblogic.socket.MaxMessageSizeExceededException issue also resolved.
    WebLogic Server can fail over most services transparently, but it's unable to do the same when dealing with pinned services.
    Pinned Services : JMS and JTA are considered as pinned services. They're hosted on individual members of a cluster and not on all server instances.
    You can have high availability only if the cluster can ensure that these pinned services are always running somewhere in the cluster.
    When a WebLogic Server instance hosting these critical pinned services fails, WebLogic Server can't support their continuous availability and uses migration instead of failover to ensure that they are always available.
    Regards,
    Kal

  • Configuring Inbound Profile in BW system for putting IDOCs?

    Hello,
    we send IDOCs to BW system form XI for POS analitics.
    But we confused how to configure Inbound Partner Profile in BW system (t-code WE20).
    The main question is :
    What must be as Inbound Partner in WE20 ? The name of DataSource(InfoSource) or something else? And what the type of Partner should it be?
    Thank You!

    hi,
    In BW, check in tx SXMB_ADM, option Integration Engine configuration, if you have in category RUNTIME, parameter IS_URL something like that "dest://<NameOfYourRfcDestination>".
    and in SM59 (of BW), check that you have the same RFC destination (type H).
    or maybe you use a Java proxy, instead of an abap proxy.
    regards.
    Mickael

  • How to configure 2 PS3 for NAT 2 connected to WRT350N

    Okay so 1 of the PS3 is wireless and another is wired and both are connected to my WRT350N. Is there anyway to configure WRT350N so that the 2 PS3 that I have will have NAT 2? Right now 1 of them is NAT2 and the other is NAT3. I tried to configure them both for NAT2 but it just doesn't work. Am I missing something? PLease help!

    NAT 3 = Restricted voice communication and other features
    NAT 2 = Correct ports fowarded for your PS3 or it's DMZ'd
    NAT 1 = No router, it goes straight through the modem (normally)
    So like I was saying, I want the 2 PS3 that I have to be on NAT 2 and with the WRT350N, I can't seem to configure them to NAT 2 at the same time.

  • SCM Inbound Interfaces for 11i

    Is there any SCM Inbound Interface for 11i for external non-Oracle systems to place a requsition or purchase order? if so, what protocol does it use and is this protocol standard for a 11i install?
    This interface would be from PeopleSoft 8.47 not currently setup up to use BPEL.
    Thanks in Advance

    Hi,
    As I understand, you have to map incoming message to same message structure of outbound side and then send it to two different receivers.
    If this is correct, then you need not perform two message mappings. You need to design the scenario like a normal scenario in Integration Repository. However, in Integration Directory, you would need additional configuration to have two receivers for same message. This would be as follows:
    1. Business System for receiver
    2. CC for receiver
    3. One Receiver Determination with two receivers configured. However, no condition specified for them.
    4. Two interface determinations, one for each receiver.
    5. Receiver agreements.
    This configuration should solve your problem.
    Thanks,
    Bhavish

  • How does B2B Adapter for Inbound operation for SOA Composite works

    Hai,
    I am new to B2B. can any one share samples or links or doc's on B2B Adapter for inbound operation (receive)?
    Can any one share B2B inbound channel configuration ?

    1. How does the above can be achieved using JMS protocol?Where would you like to pitch-in JMS? You want to receive inbound message at B2B over JMS or between SOA and B2B, you want to use JMS?
    For receiving inbound message at B2B over JMS, please create a non-internal listening channel at B2B. Make sure to set JMS headers -
    http://docs.oracle.com/cd/E23943_01/user.1111/e10229/app_interface.htm#CACDFEAE
    For using JMS between, SOA and B2B, create a JMS channel in Host TP profile and add it in the inbound agreement (for inbound scenario). For outbound scenario, create an internal listening channel and make sure that from back-end, headers mentioned on above link, are being set.
    2. Will SOA Composite having B2B Adapter receive operation has first operation can get triggered automatically or not as soon as EDI----->XML message is found?Yes, it can be triggered. Provided the steps in your another thread.
    3. will B2B Adapter receive operation in SOA Composite will take EDI--------> xml msg as opaque?No, if while modelling B2B adapter, you selected a doc-def otherwise yes.
    Regards,
    Anuj

  • How to create one inbound delivery for multiple purchase order?

    Hi Experts,
    Please let me know how can I create one inbound delivery for multiple purchasing documents(PO or SA)? 
    Is there a configuration needed for this?  If yes, please let me know the configuration to make this happen.
    Appreciate your help on this.  Right answers will be rewarded.
    Thank you.
    with regards,
    Muthu Ganapathy.

    Hi,
    my situation is:
    - a WM managed warehouse, society A;
    - a HU managed warehouse (without WM), society B;
    - a purchasing process of HU from society A towards society B.
    Society B have a scheduling agreement; when a delivery schedule appears, in society A born a sales order and a delivery. After the registration of the delivery good issue, an idoc transfer information for inbound delivery creation.
    This process is ok without WM, but with a WM managed warehouse the idoc has the following problem:
    "V51VP - item was not found - process cancelled".
    Can you help me to transfer these HU?

  • What is the standard inbound idoc for substation management?

    Hello Experts,
    Can anybody help me to find out the standard inbound idoc for substation management?
    The following field are requied to be  filled in idoc.
    1)Power_Produced(STAGR)
    2) Reduction_Power_Consumed(STAGR)
    3)Ancillary_Power_Consumed (STAGR)
    4)Unit (MEINB)
    5) UOM and Date (BUDAT)
    If possible please tell me the standard BAPI for these fileds.
    Thanks in advance for your help.
    Thanks and Regards,
    Suresh.

    Hi Debo,
    What is your exact requirement?
    Are you trying to find the standard configurations available for a webdynpro application? then, use t-code SE15 and open the application name and use the tree structure to find out the available configurations under WD application.
    sample:
    Regards,
    Rama

  • How to configure inbound EDI invoice

    Hi all,
    Can any one provide me the steps to configure inbound edi invoice.
    Regards,
    Marella.

    Hi Arif, yes I did read that one.
    after reading that I got those doubts.
    In general, please help me to have a clear understanding in the following points.
    We have 4.6c.
    Please see my quries below and help me.
    SAP Tax codes
    Can an inbound MM invoice contain items belonging to different POs?
    Can the tax codes be different for different items in the same invoice?
    How to get tax codes for invoice items? Do we take these from the corresponding item in the PO? or from material master or from vendor master or some where else?
    What will be the tax code at the invoice header level?
    Regards,
    Marella.

  • Inbound delivery for a STO ??

    Hi
    What are the steps to do a Inbound delivery for a STO so that I can do Goods Receipt using that Inbound delivery in receiving plant.??
    Pls tell me the configuration steps involved and other relevant steps involved.
    Also give me any SAP help link too.
    Thanks
    Maruthi Ram

    Hi,
    You have to do Replenishment delivery (Outbound) at the issuing plant and goods receipt in the receiving plant with respect to the same.
    Process Flow (Stock Transport Order with Delivery and Billing Document/Invoice ):
    Creating a stock transport order in the receiving plant
    Purchasing also determines the price for the materials.
    Posting a delivery in the issuing plant
    The issuing plant enters a replenishment delivery in Sales and Distribution. Unlike a stock transfer without a billing document, no stock in transit is created.
    Creating a billing document in the issuing plant
    The issuing plant creates the billing document for the delivery. SD also determines the price for the delivery
    Posting a goods receipt in the receiving plant
    The receiving plant posts a goods receipt for the delivery. The goods are posted to unrestricted-use stock
    Posting an invoice in the receiving plant
    The invoice referring to the billing document is entered in the receiving plant.
    Please refer to link: http://help.sap.com/saphelp_47x200/helpdata/en/4d/4b9036dfe4b703e10000009b38f889/frameset.htm
    for further details.
    Regards,
    Narayana.

  • Configuring RFC connections for load balancing.

    Hi ,
    We have the following landscape for our systems.
    The database is installed on z/os , db2 (mainframe). The central services( SCS and ASCS) are also on the mainframe. So the message server is on mainframe.
    The CI is on AIX and The DI is on AIX.
    We have Logon groups configured and load balancing Configured and is RFC enabled.
    1) When we connect to SAP using the SAPGUI and  the portal connection is made to either CI or DI depending upon the best response times.  Now recently we are running the mercury load testing, all the users are connecting to DI. Why are the users connecting to DI even though we have load balancing?
    2) I have a system with SID BP0, with one CI and one DI. The logon group is BP0 and the message server name is cyrix. Now I have other another system EP0. I have created a RFC connection from EP0 to BP0. In SM59 I have selected the load balancing option, and provide the message server name, SID and logon group name. The connection does not work. If I connect directly to the CI or DI the connection works. Please tell me how can I configure load balancing for RFC connections.
    Thanks
    Manmath.

    Dear 917996,
    There are two types of load balancing:
    - Client-side load balancing (setting up the tnsnames.ora on client side). More information here (http://ggsig.blogspot.co.uk/2012/04/client-side-
    load-balancing-in-oracle.html). Very good video produced my friend Igor Melnikov is here (http://www.dsvolk.ru/oracle/racdd4d/demos/video/loadbalance/client/clientloadbalance_viewlet_swf.html)
    -Server-side load balancing (remote_listener and setting service parameter clb_goal). Very good Igor Melnikov's video is here (http://www.dsvolk.ru/oracle/racdd4d/demos/video/loadbalance/server/serverloadbalance_viewlet_swf.html).
    I have read about client side and server side load balancing. By editing tnsnames.ora I have enabled client side load balancing which is suppose to select listeners at random. then why does it only go to second node?Could you please show your tnsnames.ora on client?
    Please can anyone help me to configure server side load balancing with SCAN. I have read many many post but couldn't find a clear answer.Based on your output (remote_listener string cmbtrnrac-scan:1521) you have already configured the server side load balancing.
    SQL> show parameter listener
    NAME TYPE VALUE
    listener_networks string
    local_listener string (DESCRIPTION=(ADDRESS_LIST=(AD
    DRESS=(PROTOCOL=TCP)(HOST=10.1
    7.67.214)(PORT=1521))))
    remote_listener string cmbtrnrac-scan:1521How many SCANs do you use? Do you use DNS?
    regards,
    Gennady

Maybe you are looking for