Difference bewteen Single Client Access Name (SCAN) & Grid Naming Service
Hi ,
Whats the difference bewteen Single Client Access Name (SCAN) & Grid Naming Service in 11g RAC R2?
Regards,
Stephen
Hi Stephen,
There is a very good document about it (http://www.oracle.com/technetwork/products/clustering/overview/scan-129069.pdf).
Best regards,
Gennady
Similar Messages
-
Single Client Access Name for Weblogic Forms and Reports.
I have a 2 node clustered system:
Windows 2008 R2 64-bit
Weblogic 10.3.3 (on each node)
Weblogic Forms and Reports 11.1.1.3 (on each node)
Database 11gR2 RAC 11.2.0.1 (on each node)
The forms and reports are clustered and I can connect to each from each of the two servers and the cluster is working well.
The database uses Single Client Access Name (SCAN) to present the database as if it were one server called dbserver1.
I was wondering if there was a similar thing for Weblogic and what everyone else uses to present their application as a single name to the user.
I tried using Windows Network Load Balancing, but this stops the database scan listeners from working.
Thanks.Dear,
Did you find an answer to your question back in 2009?
We are facing the same installation architecture, but we do not find any concrete information regarding SCAN with Oracle Forms 11g
Geert -
SCAN (Single Client Access Name) not working properly
We are in the process of upgrading to 11.2.0.1.0 RAC (4 nodes) running Grid Infrastructure and SCAN via DNS. The setup went great as did the data pump. However when trying to connect to the SCAN address I am getting an ORA-12154 error. My TNS entry is as follows:
FMRQ=
(DESCRIPTION=
(ADDRESS=
(PROTOCOL=TCP)
(HOST=ncc1701rac-scan.dsd-k12.net)
(PORT=1521)
(CONNECT_DATA=
(SERVER=shared)
(SERVICE_NAME=fmrq)
If I change my Service_Name to be fmrq1, fmrq2, fmrq3, or fmrq4 which just so happen to be the SID's for each of my nodes I am able connect. I'm sure that I have missed something simple, but due to the lack of detailed documentation about how SCAN works I am not able to troubleshoot this on my own. Help is most definitely needed.Thank you for the reply. I have been trough that document several times trying to see if I missed anything. This all seems very straight forward which is why I am so confused as to why it isn't working. I have noticed that when I run "lsnrctl status" I see
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.6.22.41)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.6.22.51)(PORT=1521)))
Services Summary...
Service "+ASM" has 1 instance(s).
Instance "+ASM1", status READY, has 1 handler(s) for this service...
Service "fmrq" has 1 instance(s).
Instance "fmrq1", status READY, has 2 handler(s) for this service...
The command completed successfully
but when I run "lsnrctl status fmrq" I see:
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER_SCAN4)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.6.22.34)(PORT=1521)))
Services Summary...
Service "fmrq" has 4 instance(s).
Instance "fmrq1", status READY, has 2 handler(s) for this service...
Instance "fmrq2", status READY, has 2 handler(s) for this service...
Instance "fmrq3", status READY, has 2 handler(s) for this service...
Instance "fmrq4", status READY, has 2 handler(s) for this service...
The command completed successfully
So by this should my service_name "fmrq" work correctly? -
Access Manager 6 2005Q1 naming service behind load balancer
Access Manager is running on box A & box B using the Sun Web Server as its front end web server. Box A & B both have a complete install of Sun Web Server, Access Manager, and Directory Server. The Directory servers are set up to replicate changes between each other. Our Policy Agents are running on box C & box D under the Apache web servers.
Users will access applications on box C/D via https. The policy agents on box C/D should redirect the user to box A/B (via a load balancer VIP)for authentication. The redirect will be https. Once authenticated the user should be redirected back to box C/D.
All subsequent communications between the Agents on box C/D to AM on box A/B (via load balancer VIP) are http.
The load balancer VIP is setup in active/failover mode so all requests go to one server. We implemented it this way because our load balancers do not support SSL with cookies.
The data returned to the agent from a call to the naming service contains the host name of our AM hosts instead of the load balancer VIP. Subsequent calls from the agent to AM bypass the load balancer and go directly to one of the AM hosts.
We are looking to upgrade our load balancers to a version that supports cookies with ssl in order to take advantage of the second AM host.
How do we configure AM so the values returned by the naming service contain the load balancer VIP instead of the actual AM host names?Bernhard,
We have upgraded our Web PA to version 2.1-09. One of your previous replies stated the com.iplanet.am.naming.ignoreNamingservice property was not availalbe in the PA agent properties but only in the Java SKD. Indeed we do not see such a key in the new Web PA AMAgent.properties.
Can you please explain how to configure the AMAgent.properties and/or the Access Manager server (or properties) so that subsequent calls to the services (returned by the call to the naming service) get directed thru the load balancer? Below are the setting in our AMAgent and AMConfig properties files
AMAgent.properties
com.sun.am.namingURL = https://lb-mydomain.com:443/amserver/namingservice
com.sun.am.policy.am.loginURL = https://lb-mydomain.com:443/amserver/UI/Login
AMConfig.properties
com.iplanet.am.server.protocol=https
com.iplanet.am.server.host=am.mydomain.com
com.iplanet.am.server.port=443
com.iplanet.am.console.protocol=https
com.iplanet.am.console.host=lb-mydomain.com
com.iplanet.am.console.port=443
com.iplanet.am.profile.host=lb-mydomain.com
com.iplanet.am.profile.port=443
com.iplanet.am.naming.url=https://lb-mydomain.com:443/amserver/namingservice
com.iplanet.am.notification.url=https://lb-mydomain.com:443/amserver/notifica
tionservice
If we set com.iplanet.am.server.host=lb-mydomain.com we get an exception when trying to start the AM web container. I don't know if this may be partof our issue or not. Please comment.
Thanks,
Craig -
Difference bewteen thin client and thick client
Hi:
can someone explain the difference between the thin client app and thick client app?Thin Client: Little to no logic on front end. Typically a 3 tier architecture. Example is a web browser
Thick Client: Typically a client-server type architecture where some business logic/processing occurs on the front end -
SL5 client accessing an secured (HTTPS) Odata service
I have a SL5 client that is hosted on Windows Azure.
I have some OData WCF services that work perfectly fine. Calling the odata services from the SL5 client works fine both running locally and remotely on Azure. The problem is https. I've uploaded the bought certificate and I can call the odata wcf services
secure by using https from Fiddler2 and it gets the proper results.
When I run the SL5 client locally in my VS2012 environment it also works fine calling the https endpoint. After deployment to Windows Azure the client stops working and the calls to the https endpoints don't work anymore :-(
anybody has a clue?hi RiccardoBecker,
Thanks for posting!
Base on my experience, when hosted WCF service on windows azure, we could use Service Bus (http://msdn.microsoft.com/en-us/library/windowsazure/ee173579.aspx )to access
it on client side in intranet or internet. So if you used in intranet, I suggest you could create service bus to access it. Or if you use internet, I suggest you check your endpoint address setting. You need use your cloud address to access
wcf service on client side. You could download those code sample (http://code.msdn.microsoft.com/windowsazure/CSAzureWCFServices-20c7d9c5 &
http://www.codeproject.com/Articles/188464/Host-WCF-Services-in-an-Azure-Worker-Role ) and try it.
Any question, please let me know.
Regards,
Will
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
GNS (Grid Naming Service) Real World configuration
I am looking for some information on setting up of the GNS. It would be really good to see the actual configuration that someone has used in configuring this in a larger corporation, rather than the over simplified examples that appear in the Oracle DOCO and elsewhere.
The questions I would like to see answered are:
Has anyone set this up in their network?
Do you have more than one Cluster? (eg Pre-Prod/Prod)
If so have you created seperate sub-domains?
Do you have pre 11gR2 clients connecting to your Database?
If so how are these configured to connect to the databases?
Are you using OID or some other SQL*Net name resolution?
If so, how have you configured these?
I would really like to see actual DNS entries is possible.
Peter.Abuse reported.
-
How corba client and server find Naming service
hello
i want to ask how corba client and server find the Naming service ?
10xBy using a well-known port (I think the default for JavaIDL's NS is 1049) on a well-known address (localhost).
As these values are not really standard, you can specify them when starting the server and client (+-ORBInitialPort 1050 -ORBInitialHost localhost+). See the documentation . -
No client access on DAG switchover - Single site
Let’s summarize my environment:
I have 3 Exchange 2013 SP1 (cu4) server in one site. CAS01, only have cas role and MBX01&MBX02 have only mailbox. Both mailbox are in a DAG (DAG01).
The server mounting my database is MBX02. Whenever a switchover to MBX01 occur (or when I force it whith Move-ActiveMailboxDatabase –server MBX02 -ActivateOnServer MBX01), all my client get disconnected so no more outlook, active sync
and even owa. As soon as I roll them back on MBX02, everything returns to normal. However, every single email delivered while the DAG was mounted on MBX01 are getting delivered to the mailbox server so dag is working properly for the mail flow, minus the client
access HA.
Now I know that on Exchange 2010 and the issue could have been with the value of –rpcclientaccessserver on my database, but this value is not used anymore on 2013.
Any ideas?
ThanksHi S.Nithyanandham
1. No my servers are working pretty fine is I create a non dag DB on MBX01, Client access and mail flow is fine. Turning off both Windows firewall didn’t
change anything
2.
Server Check Result Error
MBX01 ClusterService Passed
MBX01 ReplayService Passed
MBX01 ActiveManager Passed
MBX01 TasksRpcListener Passed
MBX01 TcpListener Passed
MBX01 ServerLocatorService Passed
MBX01 DagMembersUp Passed
MBX01 ClusterNetwork Passed
MBX01 QuorumGroup Passed
MBX01 FileShareQuorum Passed
MBX01 DatabaseRedundancy Passed
MBX01 DatabaseAvailability Passed
Server Check Result Error
MBX02 ClusterService Passed
MBX02 ReplayService Passed
MBX02 ActiveManager Passed
MBX02 TasksRpcListener Passed
MBX02 TcpListener Passed
MBX02 ServerLocatorService Passed
MBX02 DagMembersUp Passed
MBX02 ClusterNetwork Passed
MBX02 QuorumGroup Passed
MBX02 FileShareQuorum Passed
MBX02 DatabaseRedundancy Passed
MBX02 DatabaseAvailability Passed
MBX02 DBCopySuspended Passed
MBX02 DBCopyFailed Passed
MBX02 DBInitializing Passed
MBX02 DBDisconnected Passed
MBX02 DBLogCopyKeepingUp Passed
MBX02 DBLogReplayKeepingUp Passed
3. I’ve double check that and recreated the dag binding multiple time with no luck.
4. yes they are
[PS] C:\Windows\system32>get-mailboxdatabasecopystatus | ft -au
Name Status CopyQueueLength ReplayQueueLength LastInspectedLogTime ContentIndexState
DB1\MBX01 Mounted 0 0
Healthy
DB2\MBX01 Mounted 0 0
Healthy
DB3\MBX01 Mounted 0 0
Healthy
DB4\MBX01 Mounted 0 0
Healthy
[PS] C:\Windows\system32>get-mailboxdatabasecopystatus -server mbx02 | ft -au
Name Status CopyQueueLength ReplayQueueLength LastInspectedLogTime ContentIndexState
DB1\MBX02 Healthy 0 0 2015-01-12 19:57:58 Healthy
DB2\MBX02 Healthy 0 0 2015-01-12 19:58:10 Healthy
DB3\MBX02 Healthy 0 0 2015-01-12 19:58:07 Healthy
DB4\MBX02 Healthy 0 0 2015-01-12 20:00:23 Healthy
5. None except those related to the failover if I bring MBX02 down
6. File share is fine and acessible.
Then please explain me what you are trying to say on the below mentioned line?
When I have a failover and database are mounted and healthy I can’t connect trougth any devices but email sent to my organization are devilered in databases correctly. I can see them with Get-MessageTrackingLog. In addition, my Wtachguard
in front of my cas is not reporting any bounce or error, everything is delivred and queue is empty inside it.
A big Thank you for your help
Alex
Alexandre Contant -
RE: Accessing multiple Env from single Client-PC
Look in the "System Management Guide" under connected environments page
72. This will allow services in your primary environment to find
services in your connected environment. However, there is a bug
reported on this feature which is fixed in 2F4 for the HP and H1 for all
other servers. The following is from Forte:
The connected environments bug that was fixed in 2F4 is #24282. The
problem
was in the nodemgr/name server source code and caused the following to
occur:
Service1 is in connected envs A and B.
Client has env A as primary, B as secondary.
Envmgr A dies before the client has ever made a call to Service1.
Afer env A is gone, client makes a call to Service1 which causes Envmgr
B to
seg fault.
You should upgrade your node manager/env manager nodes to 2F4. The 2F2
development and runtime clients are fully compatible with 2F4 servers.
Kal Inman
Andersen Windows
From: Inho Choi[SMTP:[email protected]]
Sent: Monday, April 21, 1997 2:04 AM
To: [email protected]
Subject: Accessing multiple Env from single Client-PC
Hi, All!
Is there anybody has any idea to access multiple environments from
single client-PC? I have to have multiple environments because each
environment resides geographically remote node and network bandwidth,
reliability are not good enough to include all the systems into single
environment.
Using Control Panel for doing this is not easy for those who are not
familiar with Windows. The end-user tend to use just single application
to access all necessary services.
I could consider two option to doing this:
1. Make some DOS batch command file to switch different environment
like, copying back/forward between environment repositories and
set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
proper client partition(ftexec).
2. Duplicate necessary services among each environment.
But, these two options have many drawbacks in terms of system
management(option 1), performance(option 2) and others.
Has anybody good idea to implement this? Any suggestion would be
appreciated.
Inho Choi, Daou Tech., Inc.
email: [email protected]
phone: +82-2-3450-4696Look in the "System Management Guide" under connected environments page
72. This will allow services in your primary environment to find
services in your connected environment. However, there is a bug
reported on this feature which is fixed in 2F4 for the HP and H1 for all
other servers. The following is from Forte:
The connected environments bug that was fixed in 2F4 is #24282. The
problem
was in the nodemgr/name server source code and caused the following to
occur:
Service1 is in connected envs A and B.
Client has env A as primary, B as secondary.
Envmgr A dies before the client has ever made a call to Service1.
Afer env A is gone, client makes a call to Service1 which causes Envmgr
B to
seg fault.
You should upgrade your node manager/env manager nodes to 2F4. The 2F2
development and runtime clients are fully compatible with 2F4 servers.
Kal Inman
Andersen Windows
From: Inho Choi[SMTP:[email protected]]
Sent: Monday, April 21, 1997 2:04 AM
To: [email protected]
Subject: Accessing multiple Env from single Client-PC
Hi, All!
Is there anybody has any idea to access multiple environments from
single client-PC? I have to have multiple environments because each
environment resides geographically remote node and network bandwidth,
reliability are not good enough to include all the systems into single
environment.
Using Control Panel for doing this is not easy for those who are not
familiar with Windows. The end-user tend to use just single application
to access all necessary services.
I could consider two option to doing this:
1. Make some DOS batch command file to switch different environment
like, copying back/forward between environment repositories and
set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
proper client partition(ftexec).
2. Duplicate necessary services among each environment.
But, these two options have many drawbacks in terms of system
management(option 1), performance(option 2) and others.
Has anybody good idea to implement this? Any suggestion would be
appreciated.
Inho Choi, Daou Tech., Inc.
email: [email protected]
phone: +82-2-3450-4696 -
Accessing multiple Env from single Client-PC
Hi, All!
Is there anybody has any idea to access multiple environments from
single client-PC? I have to have multiple environments because each
environment resides geographically remote node and network bandwidth,
reliability are not good enough to include all the systems into single
environment.
Using Control Panel for doing this is not easy for those who are not
familiar with Windows. The end-user tend to use just single application
to access all necessary services.
I could consider two option to doing this:
1. Make some DOS batch command file to switch different environment
like, copying back/forward between environment repositories and
set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
proper client partition(ftexec).
2. Duplicate necessary services among each environment.
But, these two options have many drawbacks in terms of system
management(option 1), performance(option 2) and others.
Has anybody good idea to implement this? Any suggestion would be
appreciated.
Inho Choi, Daou Tech., Inc.
email: [email protected]
phone: +82-2-3450-4696Hi, All!
Is there anybody has any idea to access multiple environments from
single client-PC? I have to have multiple environments because each
environment resides geographically remote node and network bandwidth,
reliability are not good enough to include all the systems into single
environment.
Using Control Panel for doing this is not easy for those who are not
familiar with Windows. The end-user tend to use just single application
to access all necessary services.
I could consider two option to doing this:
1. Make some DOS batch command file to switch different environment
like, copying back/forward between environment repositories and
set up forte.ini for changing FORTE_NS_ADDRESS. After then, invoke
proper client partition(ftexec).
2. Duplicate necessary services among each environment.
But, these two options have many drawbacks in terms of system
management(option 1), performance(option 2) and others.
Has anybody good idea to implement this? Any suggestion would be
appreciated.
Inho Choi, Daou Tech., Inc.
email: [email protected]
phone: +82-2-3450-4696 -
RPC client access log and IIS log, difference??
RPC logging is in "C:\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access" by default.
And IIS logs is in "C:\inetpub\logs\LogFiles\W3SVC1" by default.
Just want to know which client will generate which Log?
For example, exchange server 2010 supports:
Outlook Web App
Outlook anywhere
Exchange ActiveSync
POP3 and IMAP4
Autodiscover
So far as I know, "exchange activesync" is always appear in IIS log. But outlook users(all in domain), most of them are always appear in RPC log, but sometime a few users appear in IIS log.
For example:(IIS log)
2014-03-31 00:01:51 172.23.0.100 POST /EWS/Exchange.asmx - 443 TEST\alice 172.26.0.41 Microsoft+Office/14.0+(Windows+NT+6.1;+Microsoft+Outlook+14.0.7116;+Pro) - 200 0 0 312
RPC log:
2014-03-31T00:42:09.964Z,1024,1,/o=first organization/ou=exchange administrative group(fydibohf23spdlt) /cn=recipients/cn=alice,,OUTLOOK.EXE,14.0.7108.5000,Cached,,,ncacn_http,,OwnerLogon,0,00:00:00.0156287,,
I want to understand the logging rules, please help?Hi, Steve:
Thanks very much for your reply. I have a question to your reply here.
RPC-->Outlook clients, and then EWS(includes Outlook 2011??) What's the difference between Outlook clients and Outlook 2011(I think it should be 2010?), but is that Outlook 2010 not belong to 'Outlook clients'?
Best Regards,
Ryo -
Hi everyone,
it's probably just me but I have tried real hard to get a simple AnyConnect setup working in a lab environment on my ASA 5505 at home, without luck. When I connect with the AnyConnect client I get the error message "User not authorized for AnyConnect Client access, contact your administrator". I have searched for this error and tried some of the few solutions out there, but to no avail. I also updated the ASA from 8.4.4(1) to 9.1(1) and ASDM from 6.4(9) to 7.1(1) but still the same problem. The setup of the ASA is straight forward, directly connected to the Internet with a 10.0.1.0 / 24 subnet on the inside and an address pool of 10.0.2.0 / 24 to assign to the VPN clients. Please note that due to ISP restrictions, I'm using port 44455 instead of 443. I had AnyConnect working with the SSL portal, but IKEv2 IPsec is giving me a headache. I have stripped down certificate authentication which I had running before just to eliminate this as a potential cause of the issue. When running debugging, I do not get any error messages - the handshake completes successfully and the local authentication works fine as well.
Please find the current config and debugging output below. I appreciate any pointers as to what might be wrong here.
: Saved
ASA Version 9.1(1)
hostname ASA
domain-name ingo.local
enable password ... encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd ... encrypted
names
name 10.0.1.0 LAN-10-0-1-x
dns-guard
ip local pool VPNPool 10.0.2.1-10.0.2.10 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif Internal
security-level 100
ip address 10.0.1.254 255.255.255.0
interface Vlan2
nameif External
security-level 0
ip address dhcp setroute
regex BlockFacebook "facebook.com"
banner login This is a monitored system. Unauthorized access is prohibited.
boot system disk0:/asa911-k8.bin
ftp mode passive
clock timezone PST -8
clock summer-time PDT recurring
dns domain-lookup Internal
dns domain-lookup External
dns server-group DefaultDNS
name-server 10.0.1.11
name-server 75.153.176.1
name-server 75.153.176.9
domain-name ingo.local
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network LAN-10-0-1-x
subnet 10.0.1.0 255.255.255.0
object network Company-IP1
host xxx.xxx.xxx.xxx
object network Company-IP2
host xxx.xxx.xxx.xxx
object network HYPER-V-DUAL-IP
range 10.0.1.1 10.0.1.2
object network LAN-10-0-1-X
access-list 100 extended permit tcp any4 object HYPER-V-DUAL-IP eq 3389 inactive
access-list 100 extended permit tcp object Company-IP1 object HYPER-V-DUAL-IP eq 3389
access-list 100 extended permit tcp object Company-IP2 object HYPER-V-DUAL-IP eq 3389
tcp-map Normalizer
check-retransmission
checksum-verification
no pager
logging enable
logging timestamp
logging list Threats message 106023
logging list Threats message 106100
logging list Threats message 106015
logging list Threats message 106021
logging list Threats message 401004
logging buffered errors
logging trap Threats
logging asdm debugging
logging device-id hostname
logging host Internal 10.0.1.11 format emblem
logging ftp-bufferwrap
logging ftp-server 10.0.1.11 / asa *****
logging permit-hostdown
mtu Internal 1500
mtu External 1500
ip verify reverse-path interface Internal
ip verify reverse-path interface External
icmp unreachable rate-limit 1 burst-size 1
icmp deny any echo External
asdm image disk0:/asdm-711.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network obj_any
nat (Internal,External) dynamic interface
object network LAN-10-0-1-x
nat (Internal,External) dynamic interface
object network HYPER-V-DUAL-IP
nat (Internal,External) static interface service tcp 3389 3389
access-group 100 in interface External
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server radius protocol radius
aaa-server radius (Internal) host 10.0.1.11
key *****
radius-common-pw *****
user-identity default-domain LOCAL
aaa authentication ssh console radius LOCAL
http server enable
http LAN-10-0-1-x 255.255.255.0 Internal
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map External_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map External_map interface External
crypto ca trustpoint srv01_trustpoint
enrollment terminal
crl configure
crypto ca trustpoint asa_cert_trustpoint
keypair asa_cert_trustpoint
crl configure
crypto ca trustpoint LOCAL-CA-SERVER
keypair LOCAL-CA-SERVER
crl configure
crypto ca trustpool policy
crypto ca server
cdp-url http://.../+CSCOCA+/asa_ca.crl:44435
issuer-name CN=...
database path disk0:/LOCAL_CA_SERVER/
smtp from-address ...
publish-crl External 44436
crypto ca certificate chain srv01_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain asa_cert_trustpoint
certificate <output omitted>
quit
crypto ca certificate chain LOCAL-CA-SERVER
certificate <output omitted>
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable External client-services port 44455
crypto ikev2 remote-access trustpoint asa_cert_trustpoint
telnet timeout 5
ssh LAN-10-0-1-x 255.255.255.0 Internal
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh xxx.xxx.xxx.xxx 255.255.255.255 External
ssh timeout 5
ssh version 2
console timeout 0
no vpn-addr-assign aaa
no ipv6-vpn-addr-assign aaa
no ipv6-vpn-addr-assign local
dhcpd dns 75.153.176.9 75.153.176.1
dhcpd domain ingo.local
dhcpd option 3 ip 10.0.1.254
dhcpd address 10.0.1.50-10.0.1.81 Internal
dhcpd enable Internal
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address LAN-10-0-1-x 255.255.255.0
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
dynamic-filter use-database
dynamic-filter enable interface Internal
dynamic-filter enable interface External
dynamic-filter drop blacklist interface Internal
dynamic-filter drop blacklist interface External
ntp server 128.233.3.101 source External
ntp server 128.233.3.100 source External prefer
ntp server 204.152.184.72 source External
ntp server 192.6.38.127 source External
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
ssl trust-point asa_cert_trustpoint External
webvpn
port 44433
enable External
dtls port 44433
anyconnect image disk0:/anyconnect-win-3.1.02026-k9.pkg 1
anyconnect profiles profile1 disk0:/profile1.xml
anyconnect enable
smart-tunnel list SmartTunnelList1 mstsc mstsc.exe platform windows
smart-tunnel list SmartTunnelList1 putty putty.exe platform windows
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-client ssl-clientless
webvpn
anyconnect profiles value profile1 type user
username write.ingo password ... encrypted
username ingo password ... encrypted privilege 15
username tom.tucker password ... encrypted
class-map TCP
match port tcp range 1 65535
class-map type regex match-any BlockFacebook
match regex BlockFacebook
class-map type inspect http match-all BlockDomains
match request header host regex class BlockFacebook
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 1500
id-randomization
policy-map TCP
class TCP
set connection conn-max 1000 embryonic-conn-max 1000 per-client-max 250 per-client-embryonic-max 250
set connection timeout dcd
set connection advanced-options Normalizer
set connection decrement-ttl
policy-map type inspect http HTTP
parameters
protocol-violation action drop-connection log
class BlockDomains
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect dns preset_dns_map dynamic-filter-snoop
inspect http HTTP
service-policy global_policy global
service-policy TCP interface External
smtp-server 199.185.220.249
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command vpn-sessiondb
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command dynamic-filter
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command service-policy
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege clear level 3 mode exec command dynamic-filter
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:41a021a28f73c647a2f550ba932bed1a
: end
Many thanks,
IngoHi Jose,
here is what I got now:
ASA(config)# sh run | begin tunnel-group
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool VPNPool
authorization-required
and DAP debugging still the same:
ASA(config)# DAP_TRACE: DAP_open: CDC45080
DAP_TRACE: Username: tom.tucker, aaa.cisco.grouppolicy = DfltGrpPolicy
DAP_TRACE: Username: tom.tucker, aaa.cisco.username = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username1 = tom.tucker
DAP_TRACE: Username: tom.tucker, aaa.cisco.username2 =
DAP_TRACE: Username: tom.tucker, aaa.cisco.tunnelgroup = DefaultWEBVPNGroup
DAP_TRACE: Username: tom.tucker, DAP_add_SCEP: scep required = [FALSE]
DAP_TRACE: Username: tom.tucker, DAP_add_AC:
endpoint.anyconnect.clientversion="3.1.02026";
endpoint.anyconnect.platform="win";
DAP_TRACE: Username: tom.tucker, dap_aggregate_attr: rec_count = 1
DAP_TRACE: Username: tom.tucker, Selected DAPs: DfltAccessPolicy
DAP_TRACE: Username: tom.tucker, DAP_close: CDC45080
Unfortunately, it still doesn't work. Hmmm.. maybe a wipe of the config and starting from scratch can help?
Thanks,
Ingo -
Mailbox and Client Access on the same servers for CAS HA (L4 LB) and Mailbox DAG
Hi, I would like to ask this question.
I'm reading all sort of documentation that I'm finding on the internet, but I can't understand if what I'm thinking to do is possible.
I would like to setup a basic environment configuring only two Exchange 2013 on two Win 2012 R2 servers. Both servers will be Mailbox (MBX) and Client Access (CAS). I will create a two-member DAG using File Share Witness or Disk Witness for the Dynamic Quorum.
Then I will setup Outlook Anywhere with internal and external namespace for CAS redundancy and layer 4 load balancing.
In this scenario I will not need to install a third part load balancer.
Am I doing right or I watching a movie?
Thanks in advanceHi ,
You could need to have the HLB or virtual load balancers for redundancy.
Disadvantages of some load balancing methods :
If you use Windows NLB then it can provide redundancy on server level failure and not on application level.
In case if we use the windows round robin method for load balancing then it wouldn't provide server level and application level redundancy during the failures.At the Same time we need to manually adjust the DNS records during the server failure but on the
client end dns caches will create the issues.
Lets consider you are having the internal and external names for outlook anywhere like below .
internal and external outlook anywhere name :
mail.domain.com
For the above name just configure the HOST A record in windows DNS and map it to load balancer ip.Then the second step would be to configure your exchange servers in LB .So all the internal and external outlook client connectivity will happen via LB to exchange
servers.In that case if anyone of the server is down then LB will automatically make the outlook client to get connected to the server which is alive and at the same time none of the request from outlook client to LB will get forward to the server which is
in down state.
Note : Make sure you are having the redundancy for LB devices also otherwise it would be a single point of failure on the LB end .
Please reply me if anything is unclear.
Thanks & Regards S.Nithyanandham -
Difference between SAP Menu Access and SPRO
Hi everybody,
Can someone tel me what is the difference between SAP Menu Access and SPRO ?
Is it possible to add topics in them (SAP Menu and SPRO) ?
Thank you in advance
Best regards
MustaphaDear,
SAP menu access is initial screen for SAP. after putting client no and usr name and pwd we can able to see the initial screen of SAP.
SPRO - SAP reference IMG . Through this transaction code SAP Functional Consultants they can able to customizing the settings related to COMPANY requirements.
SAP menu access ,SPRO we can't add any topics. But in SAP menu access we can add the transactions programs like that.
Thanks,
Sankar M
Maybe you are looking for
-
Create a PDF. with Illustrator that Adobe Reader Can Edit
How do I export a file to .PDF with a single line of text that can be edited with Adobe Reader. I'm Creating a sign template and the their is a spot for the price that needs to be changed every week with Adobe Reader. Is this possible
-
Here is some debug output from a simple test I run against a WL6.1 Server. Notice the 35 secs. it takes to get Initial Context. -- Initializing bean access. -- Succeeded getting naming context. -- Execution time: 35047 ms. -- Succeeded looking up jnd
-
I have copied a database (all physical files) from one server to another. I now want to change the Oracle SID (from prod to dev) of the copied database - How can I achieve this? Thanks in advance Terry
-
Hi all i have a sequence my_seq and i wrote this on key-next-item select my_seq into :sno from dual; but it gives me error ora: 08002 plesae guide thanks and regards vikas
-
How to nicest/cleanest add images in page regions ?
How do I the nicest/cleanest way add an image to an region? 1. One way is to add an image to an Content Area Folder, and then set the folder to 'Publish as portlet'. But the portlet then contains a lot of links to folders - NOT nice... 2. An other wa