Domain over IP routed subnets - getting network browsing to work?
Hi, I have a small domain spanned across two different subnets. Each subnet has its own domain controller, and the two networks are linked via IP routing.
Network connectivity between the two subnets is good - replication between the two DCs is happening smoothly, and every workstation can access every other workstation regardless of which subnet they're on.
The problem is that network browsing doesn't seem to work across the subnets. If a user knows the name of the machine they're connecting to, then they can enter that name into Explorer's address bar and it will connect fine. But when they go to "Network"
or "My Network Places", only the machines from their own subnet appear there. When a user goes to "My Network Places" (or just "Network" in Win7's Explorer) then I would like them to see all the machines on both subnets, not just their own subnet.
Both DCs are running Server 2008 R2. What do I need to do to get network/computer browsing to work across the two subnets?
Hi,
Thank you for the post.
Is WINS really necessary?
Yes. NetBIOS resolution across subnets depend on WINS server.
Summary of WINS Benefits
WINS enables the Computer Browser service to collect and distribute browse lists across IP routers.
http://technet.microsoft.com/en-us/library/cc784180(WS.10).aspx
In a multiple subnet environment, make sure WINS is configured properly so that you have the proper NetBIOS name resolution.
http://blogs.technet.com/b/networking/archive/2008/07/25/netbios-browsing-across-subnets-may-fail-after-upgrading-to-windows-server-2008.aspx
If there are more inquiries on this issue, please feel free to let us know.
Regards
Rick Tan
TechNet Community Support
Similar Messages
-
How to get Network Printing to work with Brother!!
So i have my BROTHER DCP-7020 printer connected to my Windows machine and i've been sharing the printer on the network with my old iMac 24' which prints perfectly. Now i have the 27' imac and i have no idea why it won't do printing via network, plugging in USB works fine, i've installed the driver but it doesn't look like it did anything. It just worked on my 24' without any hassle, it gets detected in the "Printer Settings" automatically and i dont recall doing anything to get it to work before.
Can anyone give me some tips of why it won't print and what I need to do in order to get network printing to work on my new Mac?
By the way BOTH MACHINE runs SNOW LEOPARD.
Thanks in advance.Here's the troubleshoot: http://support.apple.com/kb/HT1404
And here is the manual method: http://support.apple.com/kb/HT3049
Hope this helps! -
Revision: 3256
Author: [email protected]
Date: 2008-09-18 09:14:24 -0700 (Thu, 18 Sep 2008)
Log Message:
More changes to get remote browser functionality working for MXUnit.
Need to copy http client jars from trunk/lib to trunk/qa/lib as part of the build. The http client jars are used by MXUnit when the remote browser, browser factory is being used.
Also need to copy xalan.jar from trunk/lib to trunk/qa/lib now as William recently made changes to MXUnit that added a dependency on xalan.jar.
In mxunit/build.xml made the browserFactory class for the MXUnit task use a property called mxunitBrowserFactory so different browser factories can now be passed in.
Modified Paths:
blazeds/trunk/qa/apps/qa-regress/build.xml
blazeds/trunk/qa/apps/qa-regress/testsuites/mxunit/build.xml
blazeds/trunk/qa/build.properties
blazeds/trunk/qa/resources/frameworks/qa-frameworks.zipAh, interesting. Here's what I get when I boot with the old GeForce 7300 plugged in.
System Profiler shows no extensions with "ATI" in the name. I'm not sure if this is to be expected though. Does System Profiler -> Software -> Extensions display the kexts installed on the system, or only those that the kernel decided to load at boot time? If the latter, I guess I wouldn't expect to see them. If the former, then might there be some registration step I need to do to tell the system that the ATI kexts are present and able to be loaded?
As for the presence of the extensions, if I look in /System/Library/Extensions, I find the following files when I do an 'ls -lF | grep ATI'...
ATI1300Controller.kext
ATI1600Controller.kext
ATI1900Controller.kext
ATI2400Controller.kext
ATI2600Controller.kext
ATI3800Controller.kext
ATI4500Controller.kext
ATI4600Controller.kext
ATI4800Controller.kext
ATI5000Controller.kext
ATIFramebuffer.kext
ATIRadeonX1000.kext
ATIRadeonX1000GA.plugin
ATIRadeonX1000GLDriver.bundle
ATIRadeonX1000VADriver.bundle
ATIRadeonX2000.kext
ATIRadeonX2000GA.plugin
ATIRadeonX2000GLDriver.bundle
ATIRadeonX2000VADriver.bundle
ATIRadeonX3000.kext
ATIRadeonX3000GA.plugin
ATIRadeonX3000GLDriver.bundle
ATIRadeonX3000VADriver.bundle
ATISupport.kext
So lots of ATI-related goodies. The dates are all either Aug 2 or Aug 6, so I'm guessing they came with the Snow Leopard Graphics Update, which I think was released just after those dates.
I'm getting ready to return the card and try another, but will hold off another day or two, since it still seems plausible that there might be a software issue lurking...
Thanks again for your help,
Jerry -
I play an online game which requires me to open and set up several tabs, click on them offline, and then reload all tabs. With this new update, the work offline button does not work. I click on it 'Work Offline', a checkmark appears before the option. But when I click on the confirm button on the tab, it does not show the usual message that I am offline and I should try again after going online.
I also do a lot of offline reading, which was possible with the previous Firefox versions. I'd load them while I was online, then I could read them when I was offline. Now I can't do this.
I am not happy with this new version of FF. Is there a way to revert to the old Firefox?Does the Live Http Headers extension confirm that there is network traffic?
*https://addons.mozilla.org/firefox/addon/live-http-headers/
I notice that you are likely infected by Conduit software (malware) looking a the browser.newtab.url pref in the System Details list.
Your System Details list shows that you have a user.js file in the profile folder to initialize prefs each time Firefox starts.
The user.js file is only present if you or other software has created this file and normally it wouldn't be there.
You can check its content with a plain text editor (right-click: Open with) if you didn't create this file yourself.
The user.js file is read each time Firefox is started and initializes preferences to the value specified in this file, so preferences set via user.js can only be changed temporarily for the current session.
*http://kb.mozillazine.org/Preferences_not_saved
You can also check in "Windows Control Panel > Programs" for recently installed programs to see if anything from Conduit.
*Control Panel > Programs > Programs and Features > Uninstall or change a program
*Click the Installed column to sort by this heading -
Can't get widget browser to work
Hi., I installed the widget browser and its giving me this
Failed getting Widget Feed. Reload | Show More Information
Show more information :
Failed getting Widget Feed. Make sure you are connected to the internet.
Unknown error.
Tried signing in :
The login attempt timed out. Make sure that you are connected to the internet, and try to log in again.
I am connected to the internet,. I cleared all cookies, and have it on Accept All Cookies in both Firefox and iExplorer.
Please someone help me
Thank You
KylieHello,
In order to see those folders, you may need to enable the "Show hidden folder" option on your pc (Start>Control Panel>Large Icons view>Folder options>View tab>Advanced Settings>Show hidden files, folders, and drives)
But, it looks like some other user (JudeGr) may have found the solution. Can you try it:
http://forums.adobe.com/message/3442087
I hope this does the trick -
I've downloaded the update a total of three times now. Each time an error message saying that the webpage can not be found is the only thing that comes up no matter what page i try to access. I've tried to restart my computer, restart firefox, run windows 7 troubleshooter on the wireless connection all to no avail.
== URL of affected sites ==
http://That is not the problem. When I enstall a new browser or updates for the one i have i temporarily uninstall the security program to ensure that there are no conflicts. Once the updates or new browser is installed i reinstall the security program and double check to make sure it has permission.
-
Every time I open Firefox, within several minutes, the screen freezes, and the only way I can make it work is to force quit.
This works for awhile, and then I go through the whole thing
again.c uses the same profile folder as the Windows and Linux platform.
You can locate the Firefox Profile Folder via
*Help > Troubleshooting Information > Profile Directory: Open Containing Folder
* http://kb.mozillazine.org/Profile_folder_-_Firefox
Copy and Paste this code in the Code field in the <i>"Tools > Error Console"</i> and click the <i>Evaluate</i> button to see the location of the profile folder.
<pre><nowiki>alert(Components.classes["@mozilla.org/file/directory_service;1"].getService(Components.interfaces.nsIProperties).get("ProfD", Components.interfaces.nsIFile).path);
</nowiki></pre> -
How can i get my items to stay in place and not cross over each other when readjusting the browser s
How can i get my items to stay in place and not cross over each other when readjusting the browser size.
Basically on my site when i go from a small screen to a big screen everything doesn't adjust to the screen size. I don't know what im missing
Here's the link to the page all the pages & they all do it
http://theatricalworkslive.com/
Thanks in advancePlease read this whole message before doing anything.
This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, or by a peripheral device.
Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode and log in to the account with the problem. Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a software RAID, you can’t do this. Post for further instructions.
Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs. The next normal boot may also be somewhat slow.
The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin. Test while in safe mode. Same problem? After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test. -
Help required network configuration - Gateway route settings get erased on reboot.
Oracle Linux 7
Linux myhostname 3.8.13-35.3.1.el7uek.x86_64 #2 SMP Wed Jun 25 15:27:43 PDT 2014 x86_64 x86_64 x86_64 GNU/Linux
#cat /etc/sysconfig/network-scripts/ifcfg-eno16780032
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="eno16780032"
UUID="2d1107e3-8bd9-49b1-b726-701c56dc368b"
ONBOOT="yes"
IPADDR0="34.36.140.86"
PREFIX0="22"
GATEWAY0="34.36.143.254"
DNS1="34.36.132.1"
DNS2="34.34.132.1"
DOMAIN="corp.halliburton.com"
HWADDR="00:50:56:AC:3F:F9"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
NM_CONTROLLED="no"
#route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 34.36.143.254 0.0.0.0 UG 0 0 0 eno16780032
34.36.140.0 0.0.0.0 255.255.252.0 U 0 0 0 eno16780032
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eno16780032
When I reboot the machine, the first line in route table gets erased, I then run:
#route add default gw 34.36.143.254
After which network works fine.
Help required. I don't want to use NetworkManager.The following might be useful:
https://access.redhat.com/solutions/783533
"When transitioning from NetworkManager to using the network initscript, the default gateway parameter in the interface's ifcfg file will be depicted as 'GATEWAY0'. In order for the ifcfg file to be compatible with the network initscript, this parameter must be renamed to 'GATEWAY'. This limitation will be addressed in an upcoming release of RHEL7."
NetworkManager is now the default mechanism for RHEL 7. Personally I don't quite understand this, because as far as I can gather it is a program for systems to automatically detect and connect to known networks. I think such functionality can be useful when switching between wireless and wired networks, but for a server platform, I wonder. -
I'm trying to read some XML data from temperature logger over my network. I'm using LabView version 2009 sp1. I'm using the URL Get Document Vi. It works fine when using Internet sites like google or foxnews etc...
When I use it with my temperature logger most of the time I get an Error 66...but some times it does work and actually retrieves the document.
I can use the same address "http://172.22.21.68/XMLfeed.rb" (Internet Explorer or Google Chrome) in my browser and get a response every time. When accessing from my browser the server in the temperature logger does take around 6 seconds to respond, but it does respond every time.
Is the URL Get Document Vi exceeding a timeout? If so, where can I set it to wait longer?
Attachments:
Error 66.jpg 183 KBIt looks like the TCP Buffered Read has a 2.5 sec timeout, I believe that is where I had trouble as well. Try creating your own URL Get HTTP Doc vi in which you call URL Get Document in normal mode, with an appropriate number of characters to fetch (enough characters so that you capture all the important data in the XML file).
Attachments:
ex1.PNG 33 KB -
Dear Sirs ,
my I phone 4 is limited to some network so i wanna make my I phone free to all networkes all over , how can i get the code to unblock itThere is no "code to unblock it". It can only be unlocked by the carrier it's locked to. Contact them and see if they offer that service and if you qualify.
-
Dear Friends,
Facing an issue for adding a desktop in Domain over VSAT. When I say enter after typing the domain name which i want to join. I am asked for User name and Password. After User name and password is entered it waits for a long
time and then it gives an error as Network Path not Found. I am pretty surprised why is it happening like that.
In hosts file too I am mentioning the IP of the DC at my Data Center.
I have another site over VSAT which has worst latency and more RTO's than this one, but on that site I am able to add a desktop in Domain. I don't have domain controller at the remote site which is connected by VSAT.Please do not hardcode the domain IP address in your HOSTS file. That will just create issues.
Please make sure that your client computer points only to internal DNS servers for DNS resolutions.
You can use NSlookup to make sure that DNS resolution for your DCs A and SRV records are working properly:
http://social.technet.microsoft.com/wiki/contents/articles/29184.nslookup-for-beginners.aspx
https://support.microsoft.com/en-us/kb/241515?wa=wsignin1.0
Also, make sure that you have no connectivity failures between your remote site and the one having your DCs using
ping: http://social.technet.microsoft.com/wiki/contents/articles/30110.ping-for-beginners.aspx
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Whenever I try to open Network browser it gets an error.
I was trying to open Network Browser and I got this error: "Network Browser is unable to launch because your system software is not configured properly.".
I really want to start this,
My computer is a iBook Clamshell g3 Blue-Berry,
running Mac OS 9.2.2.
I have 64 MB of RAM,
and a 6 GB hard drive,
Thanks.I really need Help! Please.
I was trying to open Network Browser and I got this error: "Network Browser is unable to launch because your system software is not configured properly.".
I really want to start this,
My computer is a iBook Clamshell g3 Blue-Berry,
running Mac OS 9.2.2.
I have 64 MB of RAM,
and a 6 GB hard drive,
Thanks. -
Cisco ASA 5505 Routing between internal networks
Hi,
I am new to Cisco ASA and have been configuring my new firewall but one thing have been bothering. I cannot get internal networks and routing between them to work as I would like to. Goal is to set four networks and control access with ACL:s between those.
1. Outside
2. DMZ
3. ServerNet1
4. Inside
ASA version is 9.1 and i have been reading on two different ways on handling IP routing with this. NAT Exempt and not configuring NAT at all and letting normal IP routing to handle internal networks. No matter how I configure, with or without NAT I cannot get access from inside network to DMZ or from ServerNet1 to DMZ. Strange thing is that I can access services from DMZ to Inside and ServerNet1 if access list allows it. For instance DNS server is on Inside network and DMZ works great using it.
Here is the running conf:
interface Ethernet0/0
switchport access vlan 20
interface Ethernet0/1
switchport access vlan 20
interface Ethernet0/2
switchport access vlan 19
interface Ethernet0/3
switchport access vlan 10
switchport trunk allowed vlan 10,19-20
switchport trunk native vlan 1
interface Ethernet0/4
switchport access vlan 10
interface Ethernet0/5
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/6
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/7
switchport access vlan 10
interface Vlan10
nameif inside
security-level 90
ip address 192.168.2.1 255.255.255.0
interface Vlan11
nameif ServerNet1
security-level 100
ip address 192.168.4.1 255.255.255.0
interface Vlan19
nameif DMZ
security-level 10
ip address 192.168.3.1 255.255.255.0
interface Vlan20
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-192.168.2.0
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network DNS
host 192.168.2.10
description DNS Liikenne
object network Srv2
host 192.168.2.10
description DC, DNS, DNCP
object network obj-192.168.4.0
subnet 192.168.4.0 255.255.255.0
object network ServerNet1
subnet 192.168.4.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network RFC1918
object-group network InternalNetworks
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq domain
service-object udp destination eq domain
service-object udp destination eq nameserver
service-object udp destination eq ntp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
port-object eq ftp
port-object eq ftp-data
object-group service rdp tcp-udp
description Microsoft RDP
port-object eq 3389
object-group service DM_INLINE_TCP_2 tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group service DM_INLINE_SERVICE_2
service-object tcp destination eq domain
service-object udp destination eq domain
object-group network DM_INLINE_NETWORK_1
network-object object obj-192.168.2.0
network-object object obj-192.168.4.0
access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
access-list dmz_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
access-list DMZ_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
access-list ServerNet1_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu ServerNet1 1500
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711-52.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,DMZ) source static obj-192.168.2.0 obj-192.168.2.0 destination static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp
object network obj_any
nat (inside,outside) dynamic interface
nat (DMZ,outside) after-auto source dynamic obj_any interface destination static obj_any obj_any
nat (ServerNet1,outside) after-auto source dynamic obj-192.168.4.0 interface
access-group ServerNet1_access_in in interface ServerNet1
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 192.168.4.0 255.255.255.0 ServerNet1
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.4.0 255.255.255.0 ServerNet1
ssh 192.168.2.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymousHi Jouni,
Yep, Finnish would be good also =)
In front of ASA is DSL modem, on the trunk ports is Hyper-V host that uses the trunk ports so that every VM has their VLAN ID defined in the VM level. Everything is working good on that end. Also there is WLAN Access Pois on one of the ASA ports, on the WLAN AP there is the management portal address on DMZ that i have been testing agains (192.168.3.4)
If i configure Dynamic PAT from inside to the DMZ then the traffic starts to work from inside to all hosts on DMZ but thats not the right way to do it so no shortcuts =)
Here is the conf now, still doesnt work:
interface Ethernet0/0
switchport access vlan 20
interface Ethernet0/1
switchport access vlan 20
interface Ethernet0/2
switchport access vlan 19
interface Ethernet0/3
switchport access vlan 10
switchport trunk allowed vlan 10,19-20
switchport trunk native vlan 1
interface Ethernet0/4
switchport access vlan 10
interface Ethernet0/5
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/6
switchport access vlan 10
switchport trunk allowed vlan 10-11,19-20
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/7
switchport access vlan 10
interface Vlan10
nameif inside
security-level 90
ip address 192.168.2.1 255.255.255.0
interface Vlan11
nameif ServerNet1
security-level 100
ip address 192.168.4.1 255.255.255.0
interface Vlan19
nameif DMZ
security-level 10
ip address 192.168.3.1 255.255.255.0
interface Vlan20
nameif outside
security-level 0
ip address dhcp setroute
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network obj-192.168.2.0
subnet 192.168.2.0 255.255.255.0
object network obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object network DNS
host 192.168.2.10
description DNS Liikenne
object network Srv2
host 192.168.2.10
description DC, DNS, DNCP
object network obj-192.168.4.0
subnet 192.168.4.0 255.255.255.0
object network ServerNet1
subnet 192.168.4.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network RFC1918
object-group network InternalNetworks
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq domain
service-object udp destination eq domain
service-object udp destination eq nameserver
service-object udp destination eq ntp
object-group service DM_INLINE_TCP_1 tcp
port-object eq www
port-object eq https
port-object eq ftp
port-object eq ftp-data
object-group service rdp tcp-udp
description Microsoft RDP
port-object eq 3389
object-group service DM_INLINE_TCP_2 tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group service DM_INLINE_SERVICE_2
service-object tcp destination eq domain
service-object udp destination eq domain
object-group network DM_INLINE_NETWORK_1
network-object object obj-192.168.2.0
network-object object obj-192.168.4.0
object-group network DEFAULT-PAT-SOURCE
description Default PAT source networks
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
network-object 192.168.4.0 255.255.255.0
access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
access-list dmz_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
access-list DMZ_access_in extended deny ip any object-group InternalNetworks
access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
access-list ServerNet1_access_in extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu ServerNet1 1500
mtu inside 1500
mtu DMZ 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-711-52.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (any,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
access-group ServerNet1_access_in in interface ServerNet1
access-group inside_access_in in interface inside
access-group DMZ_access_in in interface DMZ
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
http 192.168.4.0 255.255.255.0 ServerNet1
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 192.168.4.0 255.255.255.0 ServerNet1
ssh 192.168.2.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous -
Path Selection for Routes Across MPLS Network
Customer hub site has two CE routers with two links connected to two seperate PE routers in the Carrier's MPLS network. At the customer's remote site one CE router on a single link is connected to PE router in MPLS network.
How can I configure the CE routers at the hub site to advertised the same network across the MPLS network to the CE router at the remote site? Also, how can I configure the CE router at the remote site to select on of the router as the primary and the other as secondary? Can I use local-preference on the CE router at the remote site to selected on path over the other.
I'm not sure if this makes any sense. Any help will be appreciated. ThanksEven with multiple RDs for VRFs belonging to the same VPN, you still need IBGP multipath, correct? Multiple RDs is just to get around the RR restriction.
Also, you posted this message a while back:
"If you have many VPN customers all using the same addresses (most likely rfc1918), the fact that they have different RDs and that the PE prepends the RD to the prefixes exchanged between PEs will make the same prefixes different in the MPLS VPN core
cust1 advertises 192.168.1.0/24 with RD 1:1 therefore
VPNv4 prefix is 1:1:192.168.1.0
cust2 advertises 192.168.1.0/24 with RD 1:2 therefore
VPNv4 prefix is 1:2:192.168.1.0"
My test lab does not support the IBGP multipath command, and thus even with different RDs, it still only installs one best path.
I understand that RD = make unique VPNv4 routes in SP space, and that RT = what to import into the VRF. However, I am having a hard time visualizing the scenario with mutiple RDs for the same VPN for load balancing purposes. I am trying to understand the logic behind it.
Per your example, if both 1:1 and 1:2 are received by the remote PE, assuming IBGP multipath is enabled, why would the remote PE load balance between the two links? Why would it assume that the hub subnets are reachable via two different PEs, and that it's not two different, isolated VPNs altogether?
Is it b/c you imported both 1:1 and 1:2 into a VRF at the remote PE?
Maybe you are looking for
-
Getting error while posting GR using IBD from BAPI_GOODSMVT_CREATE
Hi Experts, While posting GR from IBD using BAPI_GOODSMVT_CREATE with all necessary values like plant,material,mvttype and serial numbers etc... getting error from BAPI return "1 E VLA 315 Item 000010 requires serial numbers; use the inbound deliver
-
Unresponsive Ipod Nano 2nd generation
Hi, I was interested in listening to my ipod through my car's cassette player so one day at Walmart I seen a product that makes this possible. I picked one up and hooked it all up. I don't think I had it connected for 2 minutes, I never got to the po
-
Last night the mail application from Apple lost all my old emails, which were stored in mailboxes, neatly sorted by category. What happened and how do I find them? Details: I shut down mail to run errands outside my office. My late model MacBook
-
I can't figure out why I can see a file I created in an application window but not the Mac finder. I have to log out for it to show up. This happens from many applications. I create or save a file or folder and then the only way to see it in real tim
-
Following is the sql code SELECT mbr_contr_med_cov_flag, mbr_contr_rx_cov_flag, src_mbr_id, cov_cd_eff_dt, MIN ( TO_DATE ( SYS_CONNECT_BY_PATH ( DECODE (LE