CSCut57898 - C897 ACL object-group leak/miss for BGP tcp 179 / causing deny
We appear to be seeing this bug, or something very similar, on a 3845 running 15.1(4)M9 (c3845-adventerprisek9-mz.151-4.M9.bin), and a 3945 running 15.1(1)T (c3900e-universalk9-mz.SPA.151-1.T.bin). On both platforms traffic that should be (and most often is) matching an object-group ACE is sometimes "falling through" that ACE and hitting ACEs below the object-group based ACE that it should have matched. Depending on the ACEs in question, this sometimes results in traffic that should be permitted falling into a later deny, or more troubling, traffic that should be denied falling into a subsequent permit.
I am particularly curious to know if this may be related to http://tools.cisco.com/security/center/viewAlert.x?alertId=37423 and https://tools.cisco.com/bugsearch/bug/CSCun21071 and whether there is a fix.
Anyone who is working on this is welcome to contact me directly. I have crystal clear logging of traffic falling through ACEs on these systems, and I would be happy to assist in any way I can. I would really like to get this problem solved, it is causing me a great deal of grief and frustration.
We appear to be seeing this bug, or something very similar, on a 3845 running 15.1(4)M9 (c3845-adventerprisek9-mz.151-4.M9.bin), and a 3945 running 15.1(1)T (c3900e-universalk9-mz.SPA.151-1.T.bin). On both platforms traffic that should be (and most often is) matching an object-group ACE is sometimes "falling through" that ACE and hitting ACEs below the object-group based ACE that it should have matched. Depending on the ACEs in question, this sometimes results in traffic that should be permitted falling into a later deny, or more troubling, traffic that should be denied falling into a subsequent permit.
I am particularly curious to know if this may be related to http://tools.cisco.com/security/center/viewAlert.x?alertId=37423 and https://tools.cisco.com/bugsearch/bug/CSCun21071 and whether there is a fix.
Anyone who is working on this is welcome to contact me directly. I have crystal clear logging of traffic falling through ACEs on these systems, and I would be happy to assist in any way I can. I would really like to get this problem solved, it is causing me a great deal of grief and frustration.
Similar Messages
-
ASR 1002 ACL object-group for ZBFW
Hey guys,
Quick question. I just want to know if anyone has experience configuring object-groups for ACLs on the ASR 1002. I am trying to so this on ours to consolidate a large ACL we have. It only works if I specifically use the protocols within the configuration. If I add a service object-group to match my protocols it doesn't match. The same configuration works on a 2811 router.
I have a TAC case open and Cisco is telling me that object-groups are not supported on the ASRs but I have a hard time believing them if the commands clearly exist.
If anyone has experience in this please let me know.
Thanks,
Elton
Sent from Cisco Technical Support iPhone AppElton,
"Hi Joe,
Support will start in 3.9S (Q1CY2013). Thanks.
Cheers,
/Mani"
From:
Ask The Expert: Introduction to Cisco ASR 1000 Series Aggregation Services Routers -
I have an ASA 5510 and have just started using object-groups which are super handy in theory, but not working in reality. I have a service object-group with a mix of tcp, icmp, and udp ports. Let's call it Sample_Port_Group. I'm trying to apply it to my dmz_access_in ACL. Here's the line giving me problems:
access-list dmz_access_in extended permit object-group Sample_Port_Group 192.168.1.1 any
The asa throws up an error between 192.168.1.1 and any. When I put up a ? after Sample_Port_Group, it gives me the option of putting in an IP address, any, etc. When I put in a ? after 192.168.1.1, it only gives me the option of putting in an IP address.
Going off these posts:
- http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a00800d641d.shtml
- http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/nwaccess.html
Those posts gave me the impression my line was possible, especially the "access-list outsideacl extended permit object-group myaclog interface inside any" line, which is at the end of the 2nd article linked.
What am I doing wrong?
Thanks in advance for any help.Hi Adam!
You are doing it right, you are just missing on little keyword.
The line should be as this:
access-list dmz_access_in extended permit object-group Sample_Port_Group host 192.168.1.1 any
or you could specify the subnetmask as:
access-list dmz_access_in extended permit object-group Sample_Port_Group 192.168.1.1 255.255.255.255 any
Regards -
Config error, account determ, group missing for paid by company exp.type
Hi All,
When I am adding an Expense type to an Expense report,I am getting the following error message:
"Config error, account determ, group missing for paid by company exp.type"
I have maintained the configuration in Business configuration>Fine tune activity>Expense reporting-US.
I have maintained Expense Reimbursement Group as Z1(Customized) as well asExpense Account:- but not maintained offsetting Account For Paid Expenses.
Please find the screenshot.
Sincerely,
RajithaDear All,
SAP development has created a software correction related to the issue.
Software correction is deployed in customer systems on 25th August,2014.
Sincerely,
Manasa Anantapur -
ORA-23454: flavor not defined for object group "PUBLIC"."REPG" - HELP
Hi All,
Encountered the below error when trying to add the materialized views to the Materialized View Group in materialized view site:
1 BEGIN
2 DBMS_REPCAT.CREATE_MVIEW_REPOBJECT (
3 gname => 'REPG',
4 sname => 'FMCHC',
5 oname => 'EMP',
6 type => 'SNAPSHOT',
7 min_communication => TRUE);
8* END;
SQL> /
BEGIN
ERROR at line 1:
ORA-23454: flavor not defined for object group "PUBLIC"."REPG"
ORA-06512: at "SYS.DBMS_SYS_ERROR", line 105
ORA-06512: at "SYS.DBMS_REPCAT_UTL", line 452
ORA-06512: at "SYS.DBMS_REPCAT_UTL", line 468
ORA-06512: at "SYS.DBMS_REPCAT_SNA_UTL", line 5523
ORA-06512: at "SYS.DBMS_REPCAT_SNA", line 82
ORA-06512: at "SYS.DBMS_REPCAT", line 1332
ORA-06512: at line 2
I have verified that the MASTER DEIFINATION SITE already have the group "REPG"
Pleae advise.
THANKSI think you are going to have to provide Oracle version information before anyone will be able to help you with this question.
-
Breaking Subclass/Removing Object Group/Without loss of code for child form
Hi all..
This is regarding Forms 10g (breaking inheritance)
I have a base form as well as client form.
The child form is having some properties as common to the base form. so child form is having sub class(inheritance) from the base class with the help of Object Group. This is the exiting setup
Now, client wants the same information as child form with out link with base form.
i.e., they want to remove the Object Group with out distrubing the child form.
Finally, they want the child form as independant from base form. i.e., child form should not have inheritance from the base form and at the same time they don't want to loss of any code to the child form.
There are 1000's of forms like that are need to re-work.
Is there any tool/script available to do this process of work automatically.
Please provide the necessary deatils and help me regarding this.
Regards
MadhavaYou CAN add new items to the subclassed block or change triggers code or even add new triggers. Form Builder won't let you create items in-between existing subclassed items or triggers. So if you need to create a new item, create at the end of subclassed item or trigger...
You can not DELETE items of subclassed block or the block itself if it is subclassed. But you can remove the subclassed object from your child module --- by removing class info from the object group in child module --- but it will also remove all the subclassed child objects.
If you delete or change anything in master object, it will directly affect the subclassed object and you can see the change immediatly in the child modules.
When you drag the master object to child, it asks you if you need to subclass or copy, selecting copy will create a separate copy which you can play with in the child module.
And below is brief help on the matter:
If you don't want all the objects in the subclassed object group, then you might consider either subclassing the desired objects individually, or creating an object group which contains only the desired objects.
Edited by: Zaafran Ahmed on Oct 13, 2010 12:41 PM -
Last row missing for every page in webreport printing
Hi Friends,
We are facing a challenge while printing web report.
Lets say report output contains 500 lines and lines are divided in to 10 pages.
Each page contains 50 rows. When exexute the Printing in webreport we are getting only first 49 rows for each page. Last 50 row is missing for each page.
What could be the problem.
Please help me how to fix this issue. I am not aware of this webreporting Html code.Please frineds help me how to fix this issue.
It would be great help for me.
Will assign the points.
Thanks
SAPHi Friends,
Finallay i found our custom web template which is copied from Standard web template.
Here iam attachig my code.
Some body look into this one please suggest me if there is any mistake.
It would be great help for me.
will assign the points.
<!-- This Template is the main Template for the Adhoc Web Application
This Templates includes all items, except of the Conditon /Exception Item, which are included in the 0ADHOC_CONDITIONS Template
Items: 7 different Item GRoups
GR1 (Table) - GR1Toolbar, GRAToolbar, GR1Navblock, GR1GR5GR7Table
GR2 (Charts) - GR2Chart
GR3 (TextElem) - GR3TECommon, GR3TEFilter, GR3DFilter, GR3TEVariables, GR3FORQUERYDOC
GR4 (InfoBroad) - GR4Broadcaster
GR5 (Print) - GR5Toolbar, GRBToolbar, GR1GR5GR7Table
GR6 (Conditions) - Condition Template
GR7 (Export) - GR7Toolbar, GR1GR5GR7Table
The following items are internally used:
TITLE: To display the Name ot the Query (as Window-Title)
HEADER: To display a Header-Template
FOOTER: To display a Footer-Template
Query Name: To display the name of the Query
Actuality: To display the validity of the data
GR3FORQUERYDOC: Technical name of the query for launching online Documentation
The JavaScript in this Template will enable the following functions:
- Set the correct style for the actually choosen Tabstrip (function set_tab)
- Call the Query Online Documentation (function callquerydoc)
-->
<!-- Set the data provider --->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="SET_DATA_PROVIDER"/>
<param name="NAME" value="DP"/>
<param name="DATA_PROVIDER_ID" value=""/>
<param name='HELP_SERVICE' value='ZPRINTING'/>
<param name='HELP_SERVICE_CLASS' value='Z_PRINT_HELP_SERVICE'/>
DATA_PROVIDER: DP
</object>
<!-- Output area --->
<html>
<!-- BW data source object tags -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="SET_PROPERTIES"/>
<param name="TEMPLATE_ID" value="ZWT_LAUSD_ADHOC"/>
TEMPLATE PROPERTIES
</object>
<head>
<!-- Javascript Enhancement for DHTML Dropdown Print Preview-->
<script language=javascript>
function callPrintPreview(poption)
var url = SAP_BW_URL_Get();
switch(poption)
case 1:
url = url + "&CMD=PROCESS_HELP_WINDOW&HELP_SERVICE=ZPRINTING&DATA_PROVIDER=DP&P_STYLESHEET=/sap/bw/Mime/BEx/StyleSheets/BWReports_smallfont_print.css&P_PREVIEW_MODE=&P_HEADER_HEIGHT=1.00&P_HEADER_INDENT_LEFT=0.75&P_HEADER_INDENT_RIGHT=0.75&P_FOOTER_HEIGHT=0.75&P_FOOTER_INDENT_LEFT=0.75&P_FOOTER_INDENT_RIGHT=0.75&P_DATA_AREA_PADDING_TOP=0.00&P_DATA_AREA_INDENT_LEFT=0.75&P_DATA_AREA_INDENT_RIGHT=0.75&P_DATA_AREA_COLUMNS=5&P_PAGE_WIDTH=17.78&P_PAGE_HEIGHT=24.13";
window.open(url, "Print", "width=800, height=600, menubar=yes, toolbar=no, scrollbars=yes, resizable=yes");
break;
case 2:
url = url + "&CMD=PROCESS_HELP_WINDOW&HELP_SERVICE=ZPRINTING&DATA_PROVIDER=DP&P_STYLESHEET=/sap/bw/Mime/BEx/StyleSheets/BWReports_smallfont_print.css&P_PREVIEW_MODE=&P_HEADER_HEIGHT=1.00&P_HEADER_INDENT_LEFT=0.50&P_HEADER_INDENT_RIGHT=0.50&P_FOOTER_HEIGHT=0.75&P_FOOTER_INDENT_LEFT=0.50&P_FOOTER_INDENT_RIGHT=0.50&P_DATA_AREA_PADDING_TOP=0.00&P_DATA_AREA_INDENT_LEFT=0.50&P_DATA_AREA_INDENT_RIGHT=0.50&P_DATA_AREA_COLUMNS=5&P_PAGE_WIDTH=19.05&P_PAGE_HEIGHT=25.40";
window.open(url, "Print", "width=800, height=600, menubar=yes, toolbar=no, scrollbars=yes, resizable=yes");
break;
case 3:
url = url + "&CMD=PROCESS_HELP_WINDOW&HELP_SERVICE=ZPRINTING&DATA_PROVIDER=DP&P_STYLESHEET=/sap/bw/Mime/BEx/StyleSheets/BWReports_smallfont_print.css&P_PREVIEW_MODE=&P_HEADER_HEIGHT=1.00&P_HEADER_INDENT_LEFT=0.25&P_HEADER_INDENT_RIGHT=0.25&P_FOOTER_HEIGHT=0.75&P_FOOTER_INDENT_LEFT=0.25&P_FOOTER_INDENT_RIGHT=0.25&P_DATA_AREA_PADDING_TOP=0.00&P_DATA_AREA_INDENT_LEFT=0.25&P_DATA_AREA_INDENT_RIGHT=0.25&P_DATA_AREA_COLUMNS=5&P_PAGE_WIDTH=20.32&P_PAGE_HEIGHT=26.67";
window.open(url, "Print", "width=800, height=600, menubar=yes, toolbar=no, scrollbars=yes, resizable=yes");
break;
case 4:
url = url + "&CMD=PROCESS_HELP_WINDOW&HELP_SERVICE=ZPRINTING&DATA_PROVIDER=DP&P_STYLESHEET=/sap/bw/Mime/BEx/StyleSheets/BWReports_smallfont_print.css&P_PREVIEW_MODE=&P_HEADER_HEIGHT=1.00&P_HEADER_INDENT_LEFT=0.75&P_HEADER_INDENT_RIGHT=0.75&P_FOOTER_HEIGHT=0.75&P_FOOTER_INDENT_LEFT=0.75&P_FOOTER_INDENT_RIGHT=0.75&P_DATA_AREA_PADDING_TOP=0.00&P_DATA_AREA_INDENT_LEFT=0.75&P_DATA_AREA_INDENT_RIGHT=0.75&P_DATA_AREA_COLUMNS=7&P_PAGE_WIDTH=24.13&P_PAGE_HEIGHT=17.78";
window.open(url, "Print", "width=800, height=600, menubar=yes, toolbar=no, scrollbars=yes, resizable=yes");
break;
case 5:
url = url + "&CMD=PROCESS_HELP_WINDOW&HELP_SERVICE=ZPRINTING&DATA_PROVIDER=DP&P_STYLESHEET=/sap/bw/Mime/BEx/StyleSheets/BWReports_smallfont_print.css&P_PREVIEW_MODE=&P_HEADER_HEIGHT=1.00&P_HEADER_INDENT_LEFT=0.50&P_HEADER_INDENT_RIGHT=0.50&P_FOOTER_HEIGHT=0.75&P_FOOTER_INDENT_LEFT=0.50&P_FOOTER_INDENT_RIGHT=0.50&P_DATA_AREA_PADDING_TOP=0.00&P_DATA_AREA_INDENT_LEFT=0.50&P_DATA_AREA_INDENT_RIGHT=0.50&P_DATA_AREA_COLUMNS=4&P_PAGE_WIDTH=25.40&P_PAGE_HEIGHT=19.05";
window.open(url, "Print", "width=800, height=600, menubar=yes, toolbar=no, scrollbars=yes, resizable=yes");
break;
case 6:
url = url + "&CMD=PROCESS_HELP_WINDOW&HELP_SERVICE=ZPRINTING&DATA_PROVIDER=DP&P_STYLESHEET=/sap/bw/Mime/BEx/StyleSheets/BWReports_smallfont_print.css&P_PREVIEW_MODE=&P_HEADER_HEIGHT=1.00&P_HEADER_INDENT_LEFT=0.25&P_HEADER_INDENT_RIGHT=0.25&P_FOOTER_HEIGHT=0.75&P_FOOTER_INDENT_LEFT=0.25&P_FOOTER_INDENT_RIGHT=0.25&P_DATA_AREA_PADDING_TOP=0.00&P_DATA_AREA_INDENT_LEFT=0.25&P_DATA_AREA_INDENT_RIGHT=0.25&P_DATA_AREA_COLUMNS=4&P_PAGE_WIDTH=26.67&P_PAGE_HEIGHT=20.32";
window.open(url, "Print", "width=800, height=600, menubar=yes, toolbar=no, scrollbars=yes, resizable=yes");
break;
case 7:
url = url + "&CMD=PROCESS_HELP_WINDOW&HELP_SERVICE=ZPRINTING&DATA_PROVIDER=DP&P_PREVIEW_MODE=X";
window.open(url, "Print", "width=800, height=600, menubar=yes, toolbar=no, scrollbars=yes, resizable=yes");
break;
</script>
<SCRIPT LANGUAGE="JAVASCRIPT" type="text/javascript">
<!--
// Global variables definitions
var expDays = 1;
var exp = new Date();
exp.setTime(exp.getTime() + (expDays2460601000));
/* Create a Random Number*/
function rand ( n )
return ( Math.floor ( Math.random ( ) * n + 1 ) );
/Used to Open New Window with Status Bar & URL/
function openWindow( URL, NAME, WIDTH1, HEIGHT1){
NAME=NAME+rand(157)
WindowObjectReference = window.open(URL,NAME,"menubar=yes,location=yes,resizable=yes,scrollbars=yes,status=yes,width="WIDTH1"height="+HEIGHT1);
function PrintMyReport(typePaper) {
/* Assumption: Users page margins (top, bottom, left and right) are a default value of 0.75 inches */
var Header2 = '';
var CurrentDataProvider = 'DP' ;
// var mynewTitle = 'SAP BW Report';
var mynewTitle = document.title;
var dateout = exp;
var CurrentReportName = '&?psize=' + escape(typePaper) + '&qtitle=' + escape(mynewTitle) + Header2 + "&ASOFDATE=" + escape(dateout) + "&";
/* var openCMD="<SAP_BW_URL>&DATA_PROVIDER="CurrentDataProvider"&TEMPLATE_ID=ZPD_ADHOC_PAGE&CMD=RELEASE_DATA_PROVIDER"+CurrentReportName;*/
var openCMD="<SAP_BW_URL>&DATA_PROVIDER="CurrentDataProvider"&TEMPLATE_ID=ZPD_LAUSD_ADHOC_PAGE&CMD=RELEASE_DATA_PROVIDER"+CurrentReportName;
openWindow(openCMD,"MainTitleNow",800,600);
-->
</SCRIPT>
<script type="text/javascript">
<!--
/* Calls the online Documentation via technical QueryName */
function callquerydoc() {
var docustart= '/sap/bw/doc/meta/fldmeta/default?tlogo=elem&objnm=' + document.getElementById('querydoc').innerHTML + '&sap-language=' +SAP_BW_Get_Language();
SAPBWOpenWindow(docustart,'Documentation',800,600);
/* Sets the displayed tab */
/* Check, which items of the Array check_items is not hidden.
Change the style of the HTML tag with id GroupArea/GroupLink */
function set_tab() {
if (!(navigator.appVersion.substring(0,1) == '4' && navigator.appName == 'Netscape')) {
/var check_items = new Array('GR1Toolbar','GR2Chart','GR3TECommon','GR4Broadcaster','GR5Toolbar','GR7Toolbar');/
var check_items = new Array('GR1Toolbar','GR2Chart','GR3TECommon','GR5Toolbar','GR7Toolbar');
for (i=0;i<check_items.length;i++) {
hidden = true;
prop = SAPBWGetItemProp(check_items<i>);
if (prop != null){
for(j=1;j<prop.length;j++){
if (prop[j][0] == "HIDDEN") hidden = (prop[j][1] == "X");
anchor_item = document.getElementById(check_items<i>.substring(0,3)+'Area').firstChild;
if (hidden) {
document.getElementById(check_items<i>.substring(0,3)+'Area').className='SAPBEXTbsTab';
anchor_item.title = '<SAP_BW_TEXT program="SAPLRRSV" key="737">' + ' ' + anchor_item.title;
else {
document.getElementById(check_items<i>.substring(0,3)+'Area').className='SAPBEXTbsTabSel';
anchor_item.title = '<SAP_BW_TEXT program="SAPLRRSV" key="736">' +' ' + anchor_item.title;
} /* if */
} /* for */
/* Set the BexHeader invisible when running as IView */
if (SAPBWGetProperty('RUNS_AS_IVIEW')) {
document.getElementById('bexheader').style.visibility='hidden';
document.getElementById('bexheader').style.display='none';
anchor = window.location.hash.substring(1,50);
SAPBWSetFocus(anchor);
} /*function */
-->
</script>
<!-- Query description in the window title bar --->
<title>
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="TITLE"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEXT_ELEMENTS"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="ELEMENT_TYPE_1" value="COMMON"/>
<param name="ELEMENT_NAME_1" value="REPTXTLG"/>
<param name="ONLY_VALUES" value="X"/>
<param name="ELEMENT_NAME" value="REPTXTLG"/>
ITEM: TITLE
</object>
</title>
<link href="/sap/bw/Mime/BEx/StyleSheets/BWReports.css" type="text/css" rel="stylesheet"/>
<link href="/sap/bw/Mime/Customer/StyleSheets/BWReports_Excel_print.css" type="text/css" rel="stylesheet" media="print"/>
</head>
<body>
<!-- Possible Header -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="Header"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="TEMPLATE_ID" value="ZLAUSD_HEADER"/>
<param name="SUPPRESS_SYSTEM_MESSAGES" value="X"/>
ITEM: Header
</object>
<table border="0" cellpadding="0" cellspacing="0" width="600">
<tr id="bexheader">
<td class="SAPBExMsgBarStd"><span class="SAPBEXTxtStdBold" tabIndex=0>
<SAP_BW_TEXT program="SAPLRRSV" key="733">
</span></td>
</tr>
<tr>
<td style="FONT-SIZE: 1pt; HEIGHT: 5px">
</td>
</tr>
<tr>
<td>
<!-- Tabs -->
<table cellpadding="1" cellspacing="0" border="0" width="200">
<tr>
<td class="SAPBEXTbsBorder">
<A href="#TabStripEnd">
<IMG title=<SAP_BW_TEXT program='SAPLRRSV' key='739'> alt="<SAP_BW_TEXT program='SAPLRRSV' key='739'>" src="/sap/bw/Mime/BEx/Icons/pixel.gif" border=0 ></A>
<table name="" border="0" cellpadding="0" cellspacing="0">
<tr>
<!-- First Tab: Display table and nav block -->
<td align="middle" nowrap class="SAPBEXTbsTabSel" id="GR1Area">
<A title=<SAP_BW_TEXT program='SAPLRRSV' key='700'> href="<SAP_BW_URL ITEM='*GR*' MULTI='X' HIDDEN='X' CMD_1='ITEM=*GR1*&MULTI=X&HIDDEN=' >&dummy=#TabStripContent" ><SAP_BW_TEXT program="SAPLRRSV" key="700"></A>
</td>
<!-- Second Tab: Display chart -->
<td align="middle" nowrap class="SAPBEXTbsTab" id="GR2Area">
<A title=<SAP_BW_TEXT program='SAPLRRSV' key='701'> href="<SAP_BW_URL ITEM='*GR*' MULTI='X' HIDDEN='X' CMD_1='ITEM=*GR2*&MULTI=X&HIDDEN=' >&dummy=#TabStripContent" ><SAP_BW_TEXT program="SAPLRRSV" key="701"></A>
</td>
<!-- Third Tab: Display infos -->
<td align="middle" nowrap class="SAPBEXTbsTab" id="GR3Area">
<A title=<SAP_BW_TEXT program='SAPLRRSV' key='702'> href="<SAP_BW_URL ITEM='*GR*' MULTI='X' HIDDEN='X' CMD_1='ITEM=*GR3*&MULTI=X&HIDDEN=' >&dummy=#TabStripContent"><SAP_BW_TEXT program="SAPLRRSV" key="702"></A>
</td>
<!-- Fourth Tab: Display Broadcasting -->
<!--
<td align="middle" nowrap class="SAPBEXTbsTab" id="GR4Area">
<A title=<SAP_BW_TEXT program='SAPLRRSV' key='704'> href="<SAP_BW_URL ITEM='GR' MULTI='X' HIDDEN='X' CMD_1='ITEM=GR4&MULTI=X&HIDDEN=' >&dummy=#TabStripContent" ><SAP_BW_TEXT program="SAPLRRSV" key="704"></A>
<a name="TabStripContent" tabIndex="0"><IMG title=<SAP_BW_TEXT program='SAPLRRSV' key='740'> alt="<SAP_BW_TEXT program='SAPLRRSV' key='740'>" src="/sap/bw/Mime/BEx/Icons/pixel.gif" border=0 ></a>
</td>
-->
<!-- Fifth Tab: Display Printing -->
<td align="middle" nowrap class="SAPBEXTbsTab" id="GR5Area">
<A title=Printing href="<SAP_BW_URL ITEM='*GR*' MULTI='X' HIDDEN='X' CMD_1='ITEM=*GR5*&MULTI=X&HIDDEN=' >&dummy=#TabStripContent">Printing</A>
</td>
<!-- Sixth Tab: Display Export -->
<td align="middle" nowrap class="SAPBEXTbsTab" id="GR7Area">
<A title=Export href="<SAP_BW_URL ITEM='*GR*' MULTI='X' HIDDEN='X' CMD_1='ITEM=*GR7*&MULTI=X&HIDDEN=' >&dummy=#TabStripContent">Export</A>
</td>
</tr>
</table>
<table width="600" name="" class="SAPBEXTbsBdyEdg" cellspacing="0" cellpadding="5" border="0">
<tr>
<td align="left" valign="bottom" nowrap>
<table cellspacing="0" cellpadding="0" border="0"><tr><td class="SAPBEXTxtStdBold" nowrap tabIndex="0" width="550">
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="QueryName"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEXT_ELEMENTS"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="ELEMENT_TYPE_1" value="COMMON"/>
<param name="ELEMENT_NAME_1" value="REPTXTLG"/>
<param name="ONLY_VALUES" value="X"/>
<param name="ELEMENT_NAME" value="REPTXTLG"/>
<param name="HELP_SERVICE" value="HW_SAVE_VIEW"/>
<param name="HELP_SERVICE_CLASS" value="CL_RSR_WWW_HWIND_SAVE_VIEW"/>
ITEM: QueryName
</object></td>
<td nowrap
tabIndex="0">
<!--
<SAP_BW_TEXT program="SAPLRRSV" key="705">
-->
<SAP_BW_TEXT program="SAPLRRSV" key="160">
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="Actuality"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEXT_ELEMENTS"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="ELEMENT_TYPE_1" value="COMMON"/>
<param name="ELEMENT_NAME_1" value="ROLLUPTIME"/>
<param name="ONLY_VALUES" value="X"/>
<param name="ELEMENT_NAME" value="ROLLUPTIME"/>
ITEM: Actuality
</object>
</td></tr></table>
</td></tr>
<tr><td>
<table border="0" cellspacing="0" cellpadding="5" class="SAPBEXFlexBoxStdBg" width="100%"><tr>
<td>
<!-- Toolbar for View Table -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR1Toolbar"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="TEMPLATE_ID" value="ZWT_LAUSD_ADHOC_GR1TB"/>
ITEM: GR1Toolbar
</object>
<!-- Toolbar for Table Maintenance -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GRAToolbar"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="HIDDEN" value="X"/>
<param name="TEMPLATE_ID" value="ZWT_LAUSD_ADHOC_GRATB"/>
ITEM: GRAToolbar
</object>
<!-- Toolbar for View Chart -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR2Toolbar"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="HIDDEN" value="X"/>
<param name="TEMPLATE_ID" value="ZLAUSD_CHARTS"/>
ITEM: GR2Toolbar
</object>
<!-- Toolbar for View Info -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR3Toolbar"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="HIDDEN" value="X"/>
<param name="TEMPLATE_ID" value="ZLAUSD_INFOS"/>
ITEM: GR3Toolbar
</object>
<!-- Toolbar for Print Options -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR5Toolbar"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="HIDDEN" value="X"/>
<param name="TEMPLATE_ID" value="ZWT_LAUSD_ADHOC_GR5TB"/>
ITEM: GR5Toolbar
</object>
<!-- Toolbar for Printing with Internet Explorer -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GRBToolbar"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="HIDDEN" value="X"/>
<param name="TEMPLATE_ID" value="ZWT_ADHOC_GRBTB"/>
ITEM: GRBToolbar
</object>
<!-- Toolbar for Printing with SmartForms -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GRCToolbar"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="HIDDEN" value="X"/>
<param name="TEMPLATE_ID" value="ZWT_ADHOC_GRCTB"/>
ITEM: GRCToolbar
</object>
<!-- Toolbar for Exporting -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR7Toolbar"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="HIDDEN" value="X"/>
<param name="TEMPLATE_ID" value="ZWT_ADHOC_GR7TB"/>
ITEM: GR7Toolbar
</object>
</td></tr><tr><td>
<!-- Exceptions and Conditions -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR6_COND_TEMPLATE"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="HIDDEN" value="X"/>
<param name="TEMPLATE_ID" value="0ADHOC_CONDITIONS"/>
ITEM: GR6_COND_TEMPLATE
</object>
<table width="600" cellspacing="0" cellpadding="5" border="0"><tr><td style="PADDING-RIGHT: 10px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; VERTICAL-ALIGN: top; PADDING-TOP: 0px">
<!-- Navigational block: GR1NavBlock--->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR1NavBlock"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_NAV_BLOCK"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="WIDTH" value="200"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="SHOW_AXES_GROUPING" value="X"/>
ITEM: GR1NavBlock
</object>
</td>
<td class="SAPBEXWhlOffset">
</td>
<td width="100%" style="PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; VERTICAL-ALIGN: top; PADDING-TOP: 0px">
<!-- Data table: GR1GR5GR7Table--->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR1GR5GR7Table"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_GRID"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="WIDTH" value="380"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="BLOCK_SIZE" value="25"/>
<param name="BLOCK_SIZE_COLUMNS" value="10"/>
<param name="HELP_SERVICE" value="PRINT_WITH_EXCEL"/>
<param name="HELP_SERVICE_CLASS" value="ZCL_RSR_XLS_HELP_WINDOW_PRINT"/>
ITEM: GR1GR5GR7Table
</object>
</td></tr></table>
<!-- Chart: GR2Chart, initialy hidden--->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR2Chart"/>
<param name="ITEM_ID" value="0ADHOC_COLUMN_CHART"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="HEIGHT" value="400"/>
<param name="CAPTION" value="0ADHOC_COLUMN_CHART"/>
<param name="HIDDEN" value="X"/>
<param name="WIDHT" value="500"/>
ITEM: GR2Chart
</object>
<!-- Common text symbols: GR3TECommon, initialy hidden--->
<table width="600" cellspacing="0" cellpadding="5" border="0"><tr><td style="VERTICAL-ALIGN: top">
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR3TECommon"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEXT_ELEMENTS"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="WIDTH" value="330"/>
<param name="HIDDEN" value="X"/>
<param name="CAPTION" value="SAP_BW_TEXT?program=SAPLRRSV&key=720"/>
<param name="GENERATE_LINKS" value=""/>
<param name="ELEMENT_TYPE_1" value="COMMON"/>
<param name="ELEMENT_NAME_1" value="SRDATE"/>
<param name="ELEMENT_TYPE_2" value="COMMON"/>
<param name="ELEMENT_NAME_2" value="ROLLUPTIME"/>
<param name="ELEMENT_TYPE_3" value="COMMON"/>
<param name="ELEMENT_NAME_3" value="MODTIME"/>
<param name="ELEMENT_TYPE_4" value="COMMON"/>
<param name="ELEMENT_NAME_4" value="MODUSER"/>
<param name="ELEMENT_TYPE_5" value="COMMON"/>
<param name="ELEMENT_NAME_5" value="SYUZEIT"/>
<param name="ELEMENT_TYPE_6" value="COMMON"/>
<param name="ELEMENT_NAME_6" value="REPTXTLG"/>
<param name="ELEMENT_TYPE_7" value="COMMON"/>
<param name="ELEMENT_NAME_7" value="REPTNAME"/>
ITEM: GR3TECommon
</object>
<!-- Static filter: GR3TEFilter, initialy hidden--->
</td><td style="VERTICAL-ALIGN: top">
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR3TEFilter"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEXT_ELEMENTS"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="WIDTH" value="330"/>
<param name="HIDDEN" value="X"/>
<param name="CAPTION" value="SAP_BW_TEXT?program=SAPLRRSV&key=721"/>
<param name="GENERATE_LINKS" value=""/>
<param name="SHOW_COMMON_ELEMENTS" value=""/>
<param name="SHOW_VARIABLES" value=""/>
ITEM: GR3TEFilter
</object>
<!-- Dynamic filter: GR3DFilter, initialy hidden--->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR3DFilter"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_FILTER"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="WIDTH" value="330"/>
<param name="CAPTION" value="SAP_BW_TEXT?program=SAPLRRSV&key=722"/>
<param name="HIDDEN" value="X"/>
<param name="GENERATE_LINKS" value=""/>
ITEM: GR3DFilter
</object>
<!-- Variables: GR3TEVariables, initialy hidden--->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR3TEVariables"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEXT_ELEMENTS"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="WIDTH" value="330"/>
<param name="HIDDEN" value="X"/>
<param name="CAPTION" value="SAP_BW_TEXT?program=SAPLRRSV&key=723"/>
<param name="GENERATE_LINKS" value=""/>
<param name="SHOW_COMMON_ELEMENTS" value=""/>
<param name="SHOW_FILTERS" value=""/>
ITEM: GR3TEVariables
</object>
</td></tr></table>
<div id="querydoc" style="DISPLAY: none; VISIBILITY: hidden">
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR3FORQUERYDOC"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEXT_ELEMENTS"/>
<param name="DATA_PROVIDER" value="DP"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="ELEMENT_TYPE_1" value="COMMON"/>
<param name="ELEMENT_NAME_1" value="REPTNAME"/>
<param name="ONLY_VALUES" value="X"/>
<param name="ELEMENT_NAME" value="REPTNAME"/>
ITEM: GR3FORQUERYDOC
</object>
</div>
<!-- Broadcaster: GR4Broadcaster, initially hidden-->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="GR4Broadcaster"/>
<param name="ITEM_CLASS" value="CL_RSRD_WWW_ITEM_BROADCASTER"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="HIDDEN" value="X"/>
<param name="SOURCE_OBJECT_TYPE" value="DP"/>
<param name="SOURCE_DATA_PROVIDER" value="DP"/>
ITEM: GR4Broadcaster
</object>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<a name="TabStripEnd" tabIndex="0"><IMG title=<SAP_BW_TEXT program='SAPLRRSV' key='741'> alt="<SAP_BW_TEXT program='SAPLRRSV' key='741'>" src="/sap/bw/Mime/BEx/Icons/pixel.gif" border=0 ></a>
</td>
</tr>
</table>
<!-- Possible Footer -->
<object>
<param name="OWNER" value="SAP_BW"/>
<param name="CMD" value="GET_ITEM"/>
<param name="NAME" value="Footer"/>
<param name="ITEM_CLASS" value="CL_RSR_WWW_ITEM_TEMPLATE"/>
<param name="GENERATE_CAPTION" value=""/>
<param name="TEMPLATE_ID" value="0ADHOC_FOOTER"/>
ITEM: Footer
</object>
<script type="text/javascript">
<!--
set_tab();
-->
</script></td></tr></table>
<!-- Settings for Web Printing with Excel
// header with logo, footer, page orientation, margin, ...
@page
{mso-header-data:"&L&\0022Arial\,Fett\0022&12&G&C&\0022Arial\,Fett\0022&14<&[REPTXTLG]> und <&[DATAPROVIDER_1/REPTXTLG]>";
mso-footer-data:"&R&A";
margin:1.0in .75in 1.0in .75in;
mso-header-margin:.5in;
mso-footer-margin:.5in;}
// fit to page, grid lines, logo (header picture)
<x:Print>
<x:FitWidth>1</x:FitWidth>
<x:FitHeight>2</x:FitHeight>
<x:ValidPrinterInfo/>
<x:PaperSizeIndex>9</x:PaperSizeIndex>
<x:Scale>86</x:Scale>
<x:HorizontalResolution>600</x:HorizontalResolution>
<x:VerticalResolution>600</x:VerticalResolution>
<x:Gridlines/>
<x:HeaderPicture>
<x:Location>Left</x:Location>
<x:Source>http://www.sap.com/global/images/sap_logo.gif</x:Source>
<x:Height>37</x:Height>
<x:Width>73</x:Width>
<x:LockAspectRatio/>
<x:ColorType>Automatic</x:ColorType>
</x:HeaderPicture>
</x:Print>
// page breaks
<x:PageBreaks>
<x:ColBreaks>
<x:ColBreak>
<x:Column>9</x:Column>
<x:RowEnd>78</x:RowEnd>
</x:ColBreak>
</x:ColBreaks>
<x:RowBreaks>
<x:RowBreak>
<x:Row>42</x:Row>
<x:ColEnd>15</x:ColEnd>
</x:RowBreak>
</x:RowBreaks>
</x:PageBreaks>
// column widths
<x:ColWidths>
<col style='mso-width-source:auto'>
<col style='mso-width-source:auto'>
<col style='mso-width-source:auto'>
<col width=200 style='mso-width-source:userset'>
<col width=70 style='mso-width-source:userset'>
<col width=70 style='mso-width-source:userset'>
<col width=70 style='mso-width-source:userset'>
<col width=70 style='mso-width-source:userset'>
<col width=70 style='mso-width-source:userset'>
<col width=70 style='mso-width-source:userset'>
<col width=70 style='mso-width-source:userset'>
<col width=70 style='mso-width-source:userset'>
<col width=70 style='mso-width-source:userset'>
</x:ColWidths>
// BW parameters
<x:BW>
<hierarchy_icons hide=X>
</x:BW>
-->
</body>
</html> -
Implementing "object-group service"
Running 8.2(3) on an ASA 5510
I have created the two following object groups.
object-group service gatewayTCP tcp
port-object eq 88
port-object eq 135
port-object eq 445
port-object eq ldaps
port-object eq 3268
port-object eq 3269
object-group service gatewayTCP-UDP tcp-udp
port-object eq domain
port-object eq 389
port-object eq 464
port-object range 49152 65535
I have run into an issue with "domain" working in the tcp-udp type. The following access-list does not work without explicitly calling out "domain" for both TCP and UDP. Everywhere I looked I appear to be doing it right so what am I missing. Does "permit tcp" need to be "permit ip" to cover both tcp and udp? I found one article with someone suggestiong just make it "permit tcp" and it will work. Not in a position to test at the moment so figured I'd ask here. Want to be sure I'm not getting bit anywhere else related to these object groups in case I am not implementing them correctly?
access-list dmzAccess extended permit tcp host 172.26.11.10 host 10.16.11.203 object-group gatewayTCP
access-list dmzAccess extended permit tcp host 172.26.11.10 host 10.16.11.203 object-group gatewayTCP-UDP
Is this a bug with service object groups? Is there some place I need to enable this feature?Hi,
Have you tried configuring it like this
object-group service GATEWAY-SERVICES
service-object tcp eq 88
service-object tcp eq 135
service-object tcp eq 445
service-object tcp eq ldaps
service-object tcp eq 3268
service-object tcp eq 3269
service-object tcp eq 53
service-object udp eq 53
service-object tcp eq 389
service-object udp eq 389
service-object tcp eq 464
service-object udp eq 464
service-object tcp range 49152 65535
service-object udp eq 49152 65535
access-list dmzAccess permit object-group GATEWAY-SERVICES host 172.26.11.10 host 10.16.11.203
I am not sure if it was only after software 8.3+ that the command under the actual "object-group" was of format "service-object tcp source" / "service-object tcp destination" (or the same for UDP)
- Jouni -
Object-group with network-object containing an IP address range
Hello,
Does the ASA treat an object-group with a network-object containing a range of IP addresses as a netmask? For example, I can apply this configuration without the ASA throwing any errors though the configuration calls for a 'net mask':
object-group network test
network-object 192.168.0.0 192.168.63.255
network-object-group mode commands/options:
A.B.C.D Enter an IPv4 network mask
sh run ob id test
object-group network test
network-object 192.168.0.0 192.168.63.255
I found that in the documentation it requires a netmask as oppose to a range. Is this a bug in the code? I am running code version 8.0(5)23 on a 5520. If this is not a bug how does the ASA treat this type of configuration when applied to an access list? When I ran a quick packet trace and denied access from that range it looks like the ASA doesn't read that configuration properly. Thank you.
-JohnHello,
Thank you for your replies. In code version 8.0(5)23, it appears I am able to define a "range" of IP addresses as in:
192.168.0.0 192.168.63.255 as opposed to defining a range with a netmask like 192.168.0.0 255.255.192.0.
With the "range" of IP address applied to the "object-group network test" with sub command "network-object 192.168.0.0 192.168.63.255" the ASA does not pick up on said "range" when this object group is applied to a DENY access list. It only reads it properly when the netmask is attached, which is the correct configuration, as in: "network-object 192.168.0.0 255.255.192.0".
To clarify, I mean range as in 192.168.0.0 - 192.168.63.255.
Hope this helps to understand. I am just curious as to why this is even able to be applied in such a way or if it is a bug in this particular code version? I can also confirm that this can be done in code version 8.4(2). See below snippets of my configuration in the 8.4(2) code version:
access-list 101 line 3 extended deny ip object-group testmask any 0x577f55a8
access-list 101 line 3 extended deny ip 192.168.0.0 192.168.63.255 any (hitcnt=0) 0x0623b0c4
access-list 101 line 4 extended permit tcp any any eq 89 (hitcnt=1) 0x36f1e5cd
Packet trace results in allowing the "range" of IP address:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: dmztest
output-status: up
output-line-status: up
Action: allow
Now with the "correct" configuration:
access-list 101 line 3 extended deny ip object-group testmask any 0x577f55a8
access-list 101 line 3 extended deny ip 192.168.0.0 255.255.192.0 any (hitcnt=1) 0xa31c6bbd
access-list 101 line 4 extended permit tcp any any eq 89 (hitcnt=1) 0x36f1e5cd
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: dmztest
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Thank you.
-John -
EDI: Syntax error in IDoc (mandatory group/segment missing)
hi EDI/IDoc experts,
Need you help urgently. According to the requirement, i need populate a segement E1IDT01 of basic type PEXR2002 . I added the code , then run and generate an idoc , the new segment
E1IDT01 was populated, but Syntax error 26 happend. Error message as below. It also strange that i can see E1IDKU5 populate out as usual, but some others segment disappeared , i am sure that in my code ,i didn't changed any variable related to other segement . how can i fix this problem?
EDI: Syntax error in IDoc (mandatory group missing)
Message no. E0079
Diagnosis
The segment group E1IDKU5 has the attribute 'Mandatory' in the syntax description of the basic type PEXR2002 (customer enhancement ). However, the segment group is missing in the IDoc. The segment number logged in the status record identifies the item before which the segment group is missing.
Procedure
Please check the IDoc or the syntax description of the basic type PEXR2002 (customer enhancement ).Hi all,
Thanks so much for your concern!
Finally ,this problem has been figured out .
Requirement is user want to use segment E1IDT01 in idoc to populate the long text they maintained in accounting document vendor item line (use FB01 to create accounting doc).
Why I made out " EDI: Syntax error in IDoc (mandatory group/segment missing)" this message out ,because I didn't fill data correctly. I missed to keep SY-TABIX in momory .
when we use Function module ,or do..enddo...or read table it_table. we should be careful that SY-TABIX is changed .So we can't just use MODIFY EDIDD_TABLE INDEX SY-TABIX in the last . we should define a local variable to keep SY-TABIX in memory and then use it to modify EDIDD_TABLE.
Follow is the final code.
IF SEGMENT_NAME = 'E1IDT01'.
TABLES :STXL.
* Define for long text getting
DATA: LIT_TLINE LIKE TLINE OCCURS 0 WITH HEADER LINE.
DATA: LV_STRING(2000) TYPE C.
DATA: LV_TDNAME TYPE THEAD-TDNAME,
LV_ID TYPE THEAD-TDID VALUE '0001',
LV_LANG TYPE THEAD-TDSPRAS VALUE 'E' ,
LV_OBJ TYPE THEAD-TDOBJECT VALUE 'DOC_ITEM'.
data: LV_LINE TYPE I, " long Text lines
LV_LEN TYPE I, " long Text length
LV_TABIX LIKE SY-TABIX.
* Clear memory
CLEAR:LV_TDNAME,
LV_STRING,
LV_LINE,
LIT_TLINE, LIT_TLINE[],
LV_LEN,
LV_TABIX.
* Keep sy-tabix memory using a variable--This is the key point
LV_TABIX = SY-TABIX.
* Combine TDNAME with company code + accounting doc + fiscal year + item number.
CONCATENATE REGUP_DATA-BUKRS REGUP_DATA-BELNR
REGUP_DATA-GJAHR REGUP_DATA-BUZEI INTO LV_TDNAME.
* When vendor item has long text , read long text into lv_string
SELECT SINGLE *
FROM STXL
WHERE TDOBJECT = LV_OBJ
AND TDNAME = LV_TDNAME
AND TDID = LV_ID
AND TDSPRAS = 'E'.
IF SY-SUBRC = 0.
CALL FUNCTION 'READ_TEXT'
EXPORTING
CLIENT = SY-MANDT
ID = LV_ID
LANGUAGE = LV_LANG
NAME = LV_TDNAME
OBJECT = LV_OBJ
TABLES
LINES = LIT_TLINE.
IF NOT LIT_TLINE[] IS INITIAL.
DESCRIBE TABLE LIT_TLINE LINES LV_LINE.
DO LV_LINE TIMES.
READ TABLE LIT_TLINE INDEX SY-INDEX.
CONCATENATE LV_STRING LIT_TLINE-TDLINE INTO LV_STRING.
ENDDO.
LV_LEN = STRLEN( LV_STRING ).
* Make sure we only need less than 840 charicters
IF LV_LEN > 840.
LV_STRING = LV_STRING+0(840).
LV_LEN = 840.
ENDIF.
* Populate Vendor item long text with segment E1IDT01 start from
* Fields TXT03 to TXT14.
EDIDD_TABLE-SDATA+147(LV_LEN) = LV_STRING.
MODIFY EDIDD_TABLE INDEX LV_TABIX.
ENDIF.
ENDIF.
ENDIF. -
Access list with multiple object groups
Hello Everyone,
I am using a cisco ASA 5525 with 8.6 code. I am trying to setup access list for oubound access meaning hosts accessing the internet. I have created an access list called outbound_access and did "access-groupc outbound_access in interface inside "
I am trying to use object-groups where ever i can. Here is an example.
object-group service obj_Meraki_outbound
service-object tcp destination eq 443
service-object tcp destination eq 80
service-object tcp destination eq 7734
service-object tcp destination eq 7752
service-object udp destination eq 7351
object-group network obj_Meraki_lan
network-object 10.2.11.0 255.255.255.240
network-object 10.5.11.0 255.255.225.240
object-group network obj_Meraki_pub
des This group lists all hosts associated with Meraki.
network-object host 64.156.192.154
network-object host 64.62.142.12
network-object host 64.62.142.2
network-object host 74.50.51.16
network-object host 74.50.56.218
object-group service obj_Meraki_outbound
service-object tcp destination eq 443
service-object tcp destination eq 80
service-object tcp destination eq 7734
service-object tcp destination eq 7752
service-object udp destination eq 7351
object-group network obj_Meraki_lan
network-object 10.x.x.x 255.255.255.240
network-object 10.x.x.x 255.255.225.240
object-group network obj_Meraki_pub
des This group lists all hosts associated with Meraki.
network-object host 64.156.192.154
network-object host 64.62.142.12
network-object host 64.62.142.2
network-object host 74.50.51.16
network-object host 74.50.56.218
I have tried tying all these groups together in multiple ways but cannot figure out how to do this. This what i think it should be "access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub"
What i want is the use the service objects and the source network would be obj_Meraki_lan and destination would be obj_Meraki_pub. It seems the rules completely change when you use object groups. Can someone explain this maybe with a few examples. I am already using object groups in many acls but not for every element.
ThanksHi,
Seems to work on my test ASA
Attached it to my current LAN interface.
ASA(config)# packet-tracer input LAN tcp 10.2.11.1 12345 64.156.192.154 80
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 WAN
Phase: 2
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outbound_access in interface LAN
access-list outbound_access extended permit object-group obj_Meraki_outbound object-group obj_Meraki_lan object-group obj_Meraki_pub
object-group service obj_Meraki_outbound
service-object tcp destination eq https
service-object tcp destination eq www
service-object tcp destination eq 7734
service-object tcp destination eq 7752
service-object udp destination eq 7351
object-group network obj_Meraki_lan
network-object 10.2.11.0 255.255.255.240
network-object 10.5.11.0 255.255.255.240
object-group network obj_Meraki_pub
description: This group lists all hosts associated with Meraki.
network-object host 64.156.192.154
network-object host 64.62.142.12
network-object host 64.62.142.2
network-object host 74.50.51.16
network-object host 74.50.56.218
Additional Information:
access-list outbound_access line 1 extended permit tcp 10.2.11.0 255.255.255.240 host 64.156.192.154 eq www (hitcnt=1) 0x4d812691
Also have used such configuration in some special cases where the customer has insisted on allow specific TCP/UDP ports between multiple networks. And nothing is stopping from adding ICMP into the "object-group service" also.
- Jouni -
PA GL IMPORT시 GROUP ID MISSING
제품: FIN_GL
작성날짜 : 2006-05-30
PA GL IMPORT시 GROUP ID MISSING
==============================
PURPOSE
특정 Group ID에 IMport가 안될경우
Problem Description
"No records exist for this Source with a Group ID"에러 메시지로
GL Import가 안됨
Workaround
gl_interface_control insert
Solution Description
INSERT INTO gl_interface_control
JE_SOURCE_NAME,
STATUS,
GROUP_ID,
SET_OF_BOOKS_ID,
INTERFACE_TABLE_NAME
VALUES
'Project Accounting',
'S',
16368,
1,
'PA_GL_INTERFACE'
16368 Group Id를 넣으시고 Import를 수행해 보시기 바랍니다.
Reference Documents
-------------------Hi,
Prior to creation of the Z Object - there must be FRS (Functional Requirement Specifications) document, with which you do analize the issue. There you will find the logic and tables / fileds technical names.
Where you gave the t.code of sets, can not be identified for the same.
Regards
VG -
One single Group Footer missing
Post Author: dbguy123456
CA Forum: General
I have inherited a Crystal Report (v.10). When I print preview it the Group Footer for just one group is missing. It is grouped on product, thus product 1 doesn't have a footer, but products 2, 3,... do have their footers. I've looked all over the place for what is causing this and can't figure it out. Since I wasn't the creator of the report (she is no longer available), I can't figure out how she did this.
How can I get product 1's footer to appear?Post Author: wapper
CA Forum: General
Probably conditional suppressing. Open "format section" dialog for this group footer and check for a formula in "Suppress" button. If it is empty, also check for suppressing of individual field objects in the group footer section.
Wapper -
Hello and thank you in advance
I have a ipsec tunnel setup with the use of object groups. This ipsec tunnel is active and in production. If I need to add one more IP to that object group will I need to do anything for it to take effect or that will be done automatically?
Sorry for a stupid question.If you need to add one more IP to the object group for the crypto ACL, you would need to add the same on the remote VPN peer as crypto ACL needs to mirror image between the 2 sites.
Once changes has been done, you would need to clear the tunnel as the SA for the new IP will only be built during the negotiation. -
Hello Guys,
my question is do below access-lists operate the same way? I am confused about source and destination ports in object-group based acl.
ip access-list extended 101
deny tcp any any eq bgp
deny tcp any eq bgp any
deny tcp any any eq ftp
deny tcp any eq ftp any
service object group services
tcp eq bgp
tcp eq ftp
ip access-list extended 101
deny object-group service any any
Following question is if the purpose is to deny any traffic where source port is bgp (e.g. deny any eq bgp any), how it can be configured using object group service.
Thanks in advance
RegardsHi,
Have you tried configuring it like this
object-group service GATEWAY-SERVICES
service-object tcp eq 88
service-object tcp eq 135
service-object tcp eq 445
service-object tcp eq ldaps
service-object tcp eq 3268
service-object tcp eq 3269
service-object tcp eq 53
service-object udp eq 53
service-object tcp eq 389
service-object udp eq 389
service-object tcp eq 464
service-object udp eq 464
service-object tcp range 49152 65535
service-object udp eq 49152 65535
access-list dmzAccess permit object-group GATEWAY-SERVICES host 172.26.11.10 host 10.16.11.203
I am not sure if it was only after software 8.3+ that the command under the actual "object-group" was of format "service-object tcp source" / "service-object tcp destination" (or the same for UDP)
- Jouni
Maybe you are looking for
-
DVD-R discs will not play on DVD Player
The DVD-R discs I made will not play on DVD Player Version 4.0. I transferred VHS to DVD-R using an RCA VHS/DVD Recorder. The discs played well in 3 different DVD players but will not play on my i-book. Please help? New At This i-book G4 Mac OS X (
-
How do i make an error message come up if i type a letter not a number
Hi i have a problem with a program that when i type a letter where a number should be in JOptionPane the program crashes as it should. I would like it to return an error message i know how to return an error message if an incorrect number is returned
-
How to download the Windows version of the CS6 trial?
Im trying before I buy but I mistakenly downloaded everything to my mac instaed of my pc. Can I get a redo?
-
About 3 weeks ago, I noticed that my internet speed has dropped from the normal 13-14 mbps download to between 0.5-4.0 mbps download, and similar results in upload. My ping has risen from the normal 30ms to anywhere from 250 to 1000ms. It's ridiculou
-
Safari Quits unexpectedly (can use Firefox fine)
I open Safari and it just shuts down before it even finishs opening. Here is the problem report Date/Time: 2011-08-09 15:54:40.354 -0400 OS Version: 10.4.11 (Build 8S165) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Co