EBS Bursting and routing AR Statements/Invoices to email/print

Hi
I've just read Gareth Roberts' really cool blog on a simple method to process AR statements (or any other Concurrent Request report) in XML.
http://garethroberts.blogspot.com/2008/01/beautiful-statements-in-1-easy-step.html
I'm looking for direction on how to burst the XMLP output and route the individual customer documents to email and / or printers.
Bursting is quite well descriped in the stand-alone BIP with the control file but I see no documentation of doing this with Concurrent Manager - (Nor any of the other XDOxxxxx concurrent programmes!!)
I've started looking at the XDOBURSTRPT concurrent programme but without documentation have not yet had any success.
Should XDOBURSTRPT be called with a fnd_request.submit_request directly after the request_submit for XDOREPPB?
How do these things hang together?
Thanks for any help.
Mike Mac

Hi Gareth
With your and Tim's help - just revisited his blog on bursting at
http://blogs.oracle.com/xmlpublisher/2007/04/05#a189 - I'm now getting close.
The fundamental change that has happened since Tim's blog is that XMLP now allows for the accessing of the RTF template file from the XMLP Responsibility Data Definintion upload (of the control file onto the Data definition).
But there's absolutely no documentation, that I can find, for the updated syntax of the control file itself where reference is made to the RTF Template also being managed by Concurrent Manager / Template Manager - instead of having to place the RTF on the server file system, and directly reference it in a hard-coded path.
A secondary question is how to access alternate ".rtf" formatting templates within one Bursting Control File (different templates for different conditions).
Tim also mentions the referencing of CUPS defined printers by name, and the ability to issue a regular unix lp command - its this documented anywhere?
Is there a new comprehensive reference for the 5.6.3 Bursting Control File and its use with Concurent Manager?
Thanks in anticipation
Mike

Similar Messages

Sending AR Customer Statements & Invoices by Email

We currently upgrading to R12 and have a requirement to find out if its possible to email customer Statements and invoices via email. We need the email to work for batch printing and individual printing. Is there any option avaliable in R12 that can be used to enable this functionality? Any suggestion are welcome and are appreciated.
Thanks in advance.

Thanks a lot Gareth.
So will have to do some customizations. We were wondering if we can do it without making any code changes, seems not.
This certainly is a good solution and it will give us the functionality even though we have to added some code changes I think its better then buying third party extensions. I also went through your blog and you have some very good technical information on Oracle Apps. Thank you for doing this good work.

XML Publisher (EBS) Bursting and Group By

I have a feeling I already know the answer to this question, but maybe not and there is a way around it. I'm using the seeded report Deposit Advice XML from EBS, and I copied it so I can use bursting. Here is my problem. The xml is not grouped by the way we need it so when I burst it it will either email us the full file or each person in a separate email.
Here is what I'm TRYING to accomplish. Is there a way in the Bursting Control File to have records grouped, the bursted (either by print/email etc).
For example I would like to have all organizations_id in ('100','101,'102') grouped into one file then emailed. I don't think this is possible without changing the original xml file and since it's seeded and spawned thats not going to happen. It does filter the records and email me each person separately. But that's because the XML is formatted that way.
Any ideas?

I figured it out
in your select if you want to group your output by say Organization_id change your select in your burst file to the following
<xapi:request select="/PAYSLIP_REPORT/PAYSLIP/EMPLOYEE_DETAILS/ORGANIZATION_ID">

Bursting and DeliveryManager - How to identify wrong email address

Hi,
I have created a BI report (based on Data Template)
Report generates the XML and then in the afterReport trigger, I am calling Bursting Program to send emails to the customers.
Everything works fine.
Problem is:
If, there is any wrong email address, then we are NOT receiving any notification and undeliverable message.
This happens for Bursting Request (program).
I have also written a sample Java Code using "DeliveryManager" XDO class, to check whether it thorws the exception in case of wrong email ID or incorrect domain.
But it also completes successfully and without any error. (no email .... obviuosly)
import oracle.apps.xdo.delivery.*;
public class EmailTest
public static void main(String args[])
try{
DeliveryManager dm = new DeliveryManager();
DeliveryRequest req = dm.createRequest(DeliveryManager.TYPE_SMTP_EMAIL);
req.addProperty(DeliveryPropertyDefinitions.SMTP_SUBJECT, "test mail");
req.addProperty(DeliveryPropertyDefinitions.SMTP_HOST, "appsrelay.xxx.com");
req.addProperty(DeliveryPropertyDefinitions.SMTP_FROM, "[email protected]");
req.addProperty(DeliveryPropertyDefinitions.SMTP_TO_RECIPIENTS, "[email protected]"); //WRONG EMAIL ADDRESS HERE
req.addProperty(DeliveryPropertyDefinitions.SMTP_CONTENT_TYPE, "application/pdf");
req.addProperty(DeliveryPropertyDefinitions.SMTP_CONTENT_FILENAME,"test.pdf");
req.setDocument("/home/appldev2/WYSEINVPRINTN2_17402678_1.PDF");
req.submit();
req.close();
catch(Exception e)
System.out.println("Exception at: "+e);
Then, I tried writing a send mail program using JAVAX EMAIL APIS.
import java.util.*;
import java.io.*;
import javax.mail.*;
import javax.mail.internet.*;
import javax.activation.*;
public class EmailTest2
public static void main(String args[])
String to = "[email protected]"; //WRONG EMAIL ADDRESS HERE
String cc = "[email protected]";
String bcc = "[email protected]";
String from = "[email protected]";
// SUBSTITUTE YOUR ISP'S MAIL SERVER HERE!!!
String host = "appsrelay.xxx.com";
String Subject="";
Properties props = new Properties();
// Get a session
Session session = Session.getInstance(props);
try{
Transport bus = session.getTransport("smtp");
bus.connect();
Message msg = new MimeMessage(session);
Address fromAddress = new InternetAddress(from);
msg.setFrom(fromAddress);
Address[] toAddresses = InternetAddress.parse(to);
msg.setRecipients
(Message.RecipientType.TO,toAddresses);
Address[] ccAddresses = InternetAddress.parse(cc);
msg.setRecipients
(Message.RecipientType.CC,ccAddresses);
Address[] bccAddresses = InternetAddress.parse(bcc);
msg.setRecipients
(Message.RecipientType.BCC,bccAddresses);
Subject = "test emails";
msg.setSubject(Subject);
msg.setSentDate(new Date());
MimeBodyPart p1 = new MimeBodyPart();
p1.setText(" \n" + "Please find attached the SPQ approval letter \n\n" + "Regards, \n");
Multipart mp = new MimeMultipart();
mp.addBodyPart(p1);
msg.setContent(mp);
msg.saveChanges();
bus.sendMessage(msg, toAddresses);
bus.sendMessage(msg, ccAddresses);
bus.close();
catch(Exception e)
System.out.println("Exception at: "+e);
This, program throws Exception when there is any invalid character or wrong domain specified.
"class javax.mail.SendFailedException: 553 5.1.2 <[email protected]>... Invalid host name"
Please help me to get some clue about how we can track the invalid email address and also, undeliverable emails in Bursting or XDO DeliveryManager classes.
Thanks a Lot,
-- Ejaz
Edited by: ESyd on Aug 9, 2010 1:14 AM

Hi,
Actually delivery failure notification is nothing to do with bursting or Delivery API, For me it deliver the notification if delivery address is incorrect (not exists), though the bursting engine does not through any error for invalid email format.
If you really looking for the solution, as a workaround :
I would use the file delivery
Implement the Bursting Status Listener
within Before Document Delivery, implement the customize delivery solution by using javax.mail logic to email the report.
For most of us, It is too much and better to raise a SR, but you already implemented the other part, so just combine these two to get what you want.

Easy Link 1.6 no longer works and latest version states will not work with my router

I have the WRT54G router (version 8.00.2 firmware) and the Easy Link Software I got with it no longer works correctly (version 1.6), saying I am not connected to the internet even though I clearly am connected. (I theorize that it tries to connect by pinging Linksys and I cannot ping Linksys using any method, so I think Linksys no longer accepts pings.) I downloaded the newest version, thinking it would work, and the forum states it will only work with a few routers that are more recent (I bought mine in Jan 2008.) Am I out of luck, with no verion working correctly? I appreciated the information that was found in the Easy Link Advisor software that I no longer have.

Cunning1_
You are a legend!! I have spent countless hours uninstalling, reinstalling itunes, playing with firewall settings, reading articles on this problem!! I only have to un-sync my iphone 5 and then the airplay icon magically appeared!!! Maybe I have too many devices syncing via wi-fi, or maybe it is the Iphone syncing??
Whatever - one step and now I can enjoy my music through my house again!
Thank you, Thank you, Thank you

Site-to-Site VPN btw Pix535 and Router 2811, can't get it work

Hi, every one, I spent couple of days trying to make a site-to-site VPN between PIX535 and router 2811 work but come up empty handed, I followed instructions here:
http://www.cisco.com/en/US/products/ps9422/products_configuration_example09186a0080b4ae61.shtml
#1: PIX config:
: Saved
: Written by enable_15 at 18:05:33.678 EDT Sat Oct 20 2012
PIX Version 8.0(4)
hostname pix535
interface GigabitEthernet0
description to-cable-modem
nameif outside
security-level 0
ip address X.X.138.132 255.255.255.0
ospf cost 10
interface GigabitEthernet1
description inside 10/16
nameif inside
security-level 100
ip address 10.1.1.254 255.255.0.0
ospf cost 10
access-list outside_access_in extended permit ip any any
access-list inside_nat0_outbound extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
access-list inside_nat0_outbound extended permit ip any 10.1.1.192 255.255.255.248
access-list outside_cryptomap_dyn_60 extended permit ip any 10.1.1.192 255.255.255.248
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
pager lines 24
ip local pool cnf-8-ip 10.1.1.192-10.1.1.199 mask 255.255.0.0
global (outside) 10 interface
global (outside) 15 1.2.4.5
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 15 10.1.0.0 255.255.0.0
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 X.X.138.1 1
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-MD5
crypto dynamic-map outside_dyn_map 20 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 20 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 40 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA
crypto dynamic-map outside_dyn_map 40 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 40 set security-association lifetime kilobytes 4608000
crypto dynamic-map outside_dyn_map 60 match address outside_cryptomap_dyn_60
crypto dynamic-map outside_dyn_map 60 set transform-set ESP-3DES-MD5 ESP-3DES-SHA ESP-DES-MD5 ESP-DES-SHA
crypto dynamic-map outside_dyn_map 60 set security-association lifetime seconds 28800
crypto dynamic-map outside_dyn_map 60 set security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.21.29
crypto map outside_map 1 set transform-set ESP-DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto map outside_map 65534 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp identity hostname
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption des
hash sha
group 1
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 3600
group-policy GroupPolicy1 internal
group-policy cnf-vpn-cls internal
group-policy cnf-vpn-cls attributes
wins-server value 10.1.1.7
dns-server value 10.1.1.7 10.1.1.205
vpn-tunnel-protocol IPSec l2tp-ipsec
default-domain value x.com
username sean password U/h5bFVjXlIDx8BtqPFrQw== nt-encrypted
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key secret1
radius-sdi-xauth
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cnf-vpn-cls type remote-access
tunnel-group cnf-vpn-cls general-attributes
address-pool cnf-8-ip
default-group-policy cnf-vpn-cls
tunnel-group cnf-vpn-cls ipsec-attributes
pre-shared-key secret2
isakmp ikev1-user-authentication none
tunnel-group cnf-vpn-cls ppp-attributes
authentication ms-chap-v2
tunnel-group X.X.21.29 type ipsec-l2l
tunnel-group X.X.21.29 ipsec-attributes
pre-shared-key SECRET
class-map inspection_default
match default-inspection-traffic
service-policy global_policy global
prompt hostname context
Cryptochecksum:9780edb09bc7debe147db1e7d52ec39c
: end
#2: Router 2811 config:
! Last configuration change at 09:15:32 PST Fri Oct 19 2012 by cnfla
! NVRAM config last updated at 13:45:03 PST Tue Oct 16 2012
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname LA-2800
crypto pki trustpoint TP-self-signed-1411740556
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1411740556
revocation-check none
rsakeypair TP-self-signed-1411740556
crypto pki certificate chain TP-self-signed-1411740556
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343131 37343035 3536301E 170D3132 31303136 32303435
30335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34313137
34303535 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100F75F F1BDAD9B DE9381FD 165B5188 7EAF9685 CF15A317 1B424825 9C66AA28
C990B2D3 D69A2F0F D745DB0E 2BB4995D 73415AC4 F01B2019 84373199 C4BCF9E0
E599B86C 17DBDCE6 47EBE0E3 8DBC90B2 9B4E217A 87F04BF7 A182501E 24381019
A61D2C05 5404DE88 DA2A1ADC A81B7F65 C318B697 7ED69DF1 2769E4C8 F3449B33
35AF0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 074C412D 32383030 301F0603 551D2304 18301680 14B56EEB
88054CCA BB8CF8E8 F44BFE2C B77954E1 52301D06 03551D0E 04160414 B56EEB88
054CCABB 8CF8E8F4 4BFE2CB7 7954E152 300D0609 2A864886 F70D0101 04050003
81810056 58755C56 331294F8 BEC4FEBC 54879FF5 0FCC73D4 B964BA7A 07D20452
E7F40F42 8B355015 77156C9F AAA45F9F 59CDD27F 89FE7560 F08D953B FC19FD2D
310DA96E A5F3E83B 52D515F8 7B4C99CF 4CECC3F7 1A0D4909 BD08C373 50BB53CC
659C4246 2CB7B79F 43D94D96 586F9103 9B4659B6 5C8DDE4F 7CC5FC68 C4AD197A 4EC322
            quit
crypto isakmp policy 1
authentication pre-share
crypto isakmp key SECRET address X.X.138.132 no-xauth
crypto ipsec transform-set la-2800-trans-set esp-des esp-sha-hmac
crypto map la-2800-ipsec-policy 1 ipsec-isakmp
description vpn ipsec policy
set peer X.X.138.132
set transform-set la-2800-trans-set
match address 101
interface FastEthernet0/0
description WAN Side
ip address X.X.216.29 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
crypto map la-2800-ipsec-policy
interface FastEthernet0/1
description LAN Side
ip address 10.20.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed auto
no mop enabled
ip nat inside source route-map nonat interface FastEthernet0/0 overload
access-list 10 permit X.X.138.132
access-list 99 permit 64.236.96.53
access-list 99 permit 98.82.1.202
access-list 101 remark vpn tunnerl acl
access-list 101 remark SDM_ACL Category=4
access-list 101 remark tunnel policy
access-list 101 permit ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 deny   ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 110 permit ip 10.20.0.0 0.0.0.255 any
snmp-server community public RO
route-map nonat permit 10
match ip address 110
webvpn gateway gateway_1
ip address X.X.216.29 port 443
ssl trustpoint TP-self-signed-1411740556
inservice
webvpn install svc flash:/webvpn/svc.pkg
webvpn context gateway-1
title "b"
secondary-color white
title-color #CCCC66
text-color black
ssl authenticate verify all
policy group policy_1
   functions svc-enabled
   svc address-pool "WebVPN-Pool"
   svc keep-client-installed
   svc split include 10.20.0.0 255.255.0.0
default-group-policy policy_1
gateway gateway_1
inservice
end
#3: Test from Pix to router:
Active SA:    1
    Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1   IKE Peer: X.X.21.29
    Type    : user            Role    : initiator
    Rekey   : no              State   : MM_WAIT_MSG2
>>DEBUG:
Oct 22 12:07:14 pix535:Oct 22 12:20:28 EDT: %PIX-vpn-3-713902: IP = X.X.21.29, Removing peer from peer table failed, no match!
Oct 22 12:07:14 pix535 :Oct 22 12:20:28 EDT: %PIX-vpn-4-713903: IP = X.X.21.29, Error: Unable to remove PeerTblEntry
#4: test from router to pix:
LA-2800#sh crypto isakmp sa
IPv4 Crypto ISAKMP SA
dst             src             state          conn-id slot status
X.X.138.132 X.X.216.29 MM_KEY_EXCH       1017    0 ACTIVE
>>debug
LA-2800#ping 10.1.1.7 source 10.20.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.7, timeout is 2 seconds:
Packet sent with a source address of 10.20.1.1
Oct 22 16:24:33.945: ISAKMP:(0): SA request profile is (NULL)
Oct 22 16:24:33.945: ISAKMP: Created a peer struct for X.X.138.132, peer port 500
Oct 22 16:24:33.945: ISAKMP: New peer created peer = 0x488B25C8 peer_handle = 0x80000013
Oct 22 16:24:33.945: ISAKMP: Locking peer struct 0x488B25C8, refcount 1 for isakmp_initiator
Oct 22 16:24:33.945: ISAKMP: local port 500, remote port 500
Oct 22 16:24:33.945: ISAKMP: set new node 0 to QM_IDLE
Oct 22 16:24:33.945: ISAKMP: Find a dup sa in the avl tree during calling isadb_insert sa = 487720A0
Oct 22 16:24:33.945: ISAKMP:(0):Can not start Aggressive mode, trying Main mode.
Oct 22 16:24:33.945: ISAKMP:(0):found peer pre-shared key matching 70.169.138.132
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-rfc3947 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-07 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-03 ID
Oct 22 16:24:33.945: ISAKMP:(0): constructed NAT-T vendor-02 ID
Oct 22 16:24:33.945: ISAKMP:(0):Input = IKE_MESG_FROM_IPSEC, IKE_SA_REQ_MM
Oct 22 16:24:33.945: ISAKMP:(0):Old State = IKE_READY New State = IKE_I_MM1
Oct 22 16:24:33.945: ISAKMP:(0): beginning Main Mode exchange
Oct 22 16:24:33.945: ISAKMP:(0): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_NO_STATE
Oct 22 16:24:33.945: ISAKMP:(0):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.049: ISAKMP (0:0): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_NO_STATE
Oct 22 16:24:34.049: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Oct 22 16:24:34.049: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
Oct 22 16:24:34.049: ISAKMP:(0): processing SA payload. message ID = 0
Oct 22 16:24:34.049: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID is NAT-T v2
Oct 22 16:24:34.049: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.049: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
Oct 22 16:24:34.053: ISAKMP:(0):found peer pre-shared key matching 70.169.138.132
Oct 22 16:24:34.053: ISAKMP:(0): local preshared key found
Oct 22 16:24:34.053: ISAKMP : Scanning profiles for xauth ...
Oct 22 16:24:34.053: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
Oct 22 16:24:34.053: ISAKMP:      encryption DES-CBC
Oct 22 16:24:34.053: ISAKMP:      hash SHA
Oct 22 16:24:34.053: ISAKMP:      default group 1
Oct 22 16:24:34.053: ISAKMP:      auth pre-share
Oct 22 16:24:34.053: ISAKMP:      life type in seconds
Oct 22 16:24:34.053: ISAKMP:      life duration (VPI) of 0x0 0x1 0x51 0x80
Oct 22 16:24:34.053: ISAKMP:(0):atts are acceptable. Next payload is 0
Oct 22 16:24:34.053: ISAKMP:(0):Acceptable atts:actual life: 0
Oct 22 16:24:34.053: ISAKMP:(0):Acceptable atts:life: 0
Oct 22 16:24:34.053: ISAKMP:(0):Fill atts in sa vpi_length:4
Oct 22 16:24:34.053: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
Oct 22 16:24:34.053: ISAKMP:(0):Returning Actual lifetime: 86400
Oct 22 16:24:34.053: ISAKMP:(0)::Started lifetime timer: 86400.
Oct 22 16:24:34.053: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID seems Unity/DPD but major 123 mismatch
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID is NAT-T v2
Oct 22 16:24:34.053: ISAKMP:(0): processing vendor id payload
Oct 22 16:24:34.053: ISAKMP:(0): vendor ID seems Unity/DPD but major 194 mismatch
Oct 22 16:24:34.053: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 22 16:24:34.053: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
Oct 22 16:24:34.057: ISAKMP:(0): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_SA_SETUP
Oct 22 16:24:34.057: ISAKMP:(0):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.057: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Oct 22 16:24:34.057: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
Oct 22 16:24:34.181: ISAKMP (0:0): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_SA_SETUP
Oct 22 16:24:34.181: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
Oct 22 16:24:34.181: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
Oct 22 16:24:34.181: ISAKMP:(0): processing KE payload. message ID = 0
Oct 22 16:24:34.217: ISAKMP:(0): processing NONCE payload. message ID = 0
Oct 22 16:24:34.217: ISAKMP:(0):found peer pre-shared key matching X.X.138.132
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID is Unity
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID seems Unity/DPD but major 55 mismatch
Oct 22 16:24:34.217: ISAKMP:(1018): vendor ID is XAUTH
Oct 22 16:24:34.217: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.217: ISAKMP:(1018): speaking to another IOS box!
Oct 22 16:24:34.221: ISAKMP:(1018): processing vendor id payload
Oct 22 16:24:34.221: ISAKMP:(1018):vendor ID seems Unity/DPD but hash mismatch
Oct 22 16:24:34.221: ISAKMP:received payload type 20
Oct 22 16:24:34.221: ISAKMP:received payload type 20
Oct 22 16:24:34.221: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 22 16:24:34.221: ISAKMP:(1018):Old State = IKE_I_MM4 New State = IKE_I_MM4
Oct 22 16:24:34.221: ISAKMP:(1018):Send initial contact
Oct 22 16:24:34.221: ISAKMP:(1018):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
Oct 22 16:24:34.221: ISAKMP (0:1018): ID payload
next-payload : 8
type         : 1
address      : X.X.216.29
protocol     : 17
port         : 500
length       : 12
Oct 22 16:24:34.221: ISAKMP:(1018):Total payload length: 12
Oct 22 16:24:34.221: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:34.221: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:34.225: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
Oct 22 16:24:34.225: ISAKMP:(1018):Old State = IKE_I_MM4 New State = IKE_I_MM5
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 198554740
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 812380002
Oct 22 16:24:38.849: ISAKMP:(1017):purging node 773209335..
Success rate is 0 percent (0/5)
LA-2800#
Oct 22 16:24:44.221: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:24:44.221: ISAKMP (0:1018): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
Oct 22 16:24:44.221: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:24:44.221: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:44.221: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:44.317: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:24:44.317: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:44.321: ISAKMP:(1018): retransmission skipped for phase 1 (time since last transmission 96)
Oct 22 16:24:48.849: ISAKMP:(1017):purging SA., sa=469BAD60, delme=469BAD60
Oct 22 16:24:52.313: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:24:52.313: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:52.313: ISAKMP:(1018): retransmitting due to retransmit phase 1
Oct 22 16:24:52.813: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:24:52.813: ISAKMP (0:1018): incrementing error counter on sa, attempt 2 of 5: retransmit phase 1
Oct 22 16:24:52.813: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:24:52.813: ISAKMP:(1018): sending packet to X.X138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:24:52.813: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:24:52.913: ISAKMP:(1018): phase 1 packet is a duplicate of a previous packet.
Oct 22 16:24:52.913: ISAKMP:(1018): retransmission skipped for phase 1 (time since last transmission 100)
Oct 22 16:25:00.905: ISAKMP (0:1018): received packet from X.X.138.132 dport 500 sport 500 Global (I) MM_KEY_EXCH
Oct 22 16:25:00.905: ISAKMP: set new node 422447177 to QM_IDLE
Oct 22 16:25:03.941: ISAKMP:(1018):SA is still budding. Attached new ipsec request to it. (local 1X.X.216.29, remote X.X.138.132)
Oct 22 16:25:03.941: ISAKMP: Error while processing SA request: Failed to initialize SA
Oct 22 16:25:03.941: ISAKMP: Error while processing KMI message 0, error 2.
Oct 22 16:25:12.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:12.814: ISAKMP (0:1018): incrementing error counter on sa, attempt 4 of 5: retransmit phase 1
Oct 22 16:25:12.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:25:12.814: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:25:12.814: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:25:22.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:22.814: ISAKMP (0:1018): incrementing error counter on sa, attempt 5 of 5: retransmit phase 1
Oct 22 16:25:22.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH
Oct 22 16:25:22.814: ISAKMP:(1018): sending packet to X.X.138.132 my_port 500 peer_port 500 (I) MM_KEY_EXCH
Oct 22 16:25:22.814: ISAKMP:(1018):Sending an IKE IPv4 Packet.
Oct 22 16:25:32.814: ISAKMP:(1018): retransmitting phase 1 MM_KEY_EXCH...
Oct 22 16:25:32.814: ISAKMP:(1018):peer does not do paranoid keepalives.
Oct 22 16:25:32.814: ISAKMP:(1018):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 70.169.138.132)
Oct 22 16:25:32.814: ISAKMP:(1018):deleting SA reason "Death by retransmission P1" state (I) MM_KEY_EXCH (peer 70.169.138.132)
Oct 22 16:25:32.814: ISAKMP: Unlocking peer struct 0x488B25C8 for isadb_mark_sa_deleted(), count 0
Oct 22 16:25:32.814: ISAKMP: Deleting peer node by peer_reap for X.X.138.132: 488B25C8
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node 1112432180 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node 422447177 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):deleting node -278980615 error FALSE reason "IKE deleted"
Oct 22 16:25:32.814: ISAKMP:(1018):Input = IKE_MESG_INTERNAL, IKE_PHASE1_DEL
Oct 22 16:25:32.814: ISAKMP:(1018):Old State = IKE_I_MM5 New State = IKE_DEST_SA
Oct 22 16:26:22.816: ISAKMP:(1018):purging node 1112432180
Oct 22 16:26:22.816: ISAKMP:(1018):purging node 422447177
Oct 22 16:26:22.816: ISAKMP:(1018):purging node -278980615
Oct 22 16:26:32.816: ISAKMP:(1018):purging SA., sa=487720A0, delme=487720A0
****** The PIX is also used    VPN client access , such as Cicso VPN client 5.0, working fine ; Router is used as SSL VPN server, working too
I know there are lots of data here, hopefully these data may be useful for   diagnosis purpose.
Any suggestions and advices are greatly appreciated.
Sean

Hi Sean,
Current configuration:
On the PIX:
crypto isakmp policy 5
      authentication pre-share
      encryption 3des
      hash sha
      group 2
      lifetime 86400
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer X.X.21.29
crypto map outside_map 1 set transform-set ESP-DES-SHA
crypto map outside_map 1 set security-association lifetime seconds 28800
crypto map outside_map 1 set security-association lifetime kilobytes 4608000
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
access-list outside_1_cryptomap extended permit ip 10.1.0.0 255.255.0.0 10.20.0.0 255.255.0.0
tunnel-group X.X.21.29 type ipsec-l2l
tunnel-group X.X.21.29 ipsec-attributes
     pre-shared-key SECRET
On the Router:
crypto isakmp policy 1
      authentication pre-share
crypto map la-2800-ipsec-policy 1 ipsec-isakmp
      description vpn ipsec policy
      set peer X.X.138.132
      set transform-set la-2800-trans-set
      match address 101
access-list 101 permit ip 10.20.0.0 0.0.0.255 10.1.0.0 0.0.255.255
crypto ipsec transform-set la-2800-trans-set esp-des esp-sha-hmac
crypto isakmp key SECRET address X.X.138.132 no-xauth
Portu.
Please rate any helpful posts
Message was edited by: Javier Portuguez

Branch office setup with L3 switch and router with IOS security

Hello,
I am in the process of putting together a small branch office network and I am in need of some design advise. The network will support about 10-15 workstations/phones, 3-4 printers, and 4-5 servers. In addition we will eventually have up to 25-30 remote users connecting to the servers via remote access VPN, and there will also be 2-3 site-to-site IPSec tunnels to reach other branches.
I have a 2911 (security bundle) router and 3560 IP Base L3 switch to work with. I have attached a basic diagram of my topology. My initial design plan for the network was to setup separate VLANs for workstation, phone, printer, and server traffic. The 3560 would then be setup with SVIs to perform routing between VLANs. The port between the router and switch would be setup as a routed port, and static routes would be applied on the switch and router as necessary. The thought behind this was that I'd be utilizing the switch backplane for VLAN routing instead instead of doing router-on-a-stick.
Since there is no firewall between the switch and router my plan was to setup IOS firewalling on the router. From what I am reading ZBF is my best option for this. What I was hoping for was a way to set custom policies for each VLAN, but it seems that zones are applied per interface. Since the interface between the router and switch is a routed interface, not a trunk/subinterface(s), it doesn't seem like there would be a way for me to use ZBF to control traffic on different VLANs. From what I am gathering I would have to group all of my internal network into one zone, or I would have to scrap L3 switching all together and do router-on-a-stick if I want to be able to set separate policies for each VLAN. Am I correct in my thinking here?
I guess what I am getting at is that I really don't want to do router-on-a-stick if I have a nice switch backplane to do all of the internal routing. At the same time I obviously need some kind of firewalling done on the router, and since different VLANs have different security requirements the firewalling needs to be fairly granular.
If I am indeed correct in the above thinking what would be the best solution for my scenario? That is, how can I setup this network so that I am utilizing the switch to do L3 routing while also leveraging the firewall capabilities of IOS security?
Any input would be appreciated.
Thanks,
Austin

Thanks for the input.
1. I agree, since I have only three to four printers, they need not be in a separate VLAN. I simply was compartmentalizing VLANs by function when I initially came up with the design.
2. Here's a little more info on the phone situation. The phones are VoIP. The IP PBX is on premise, but they are currently on a completely separate ISP/network. The goal in the future is to converge the data and voice networks and setup PBR/route maps to route voice traffic out the voice ISP and data traffic out the other ISP. This leads up to #3.
3. The reason a router was purchased over a firewall was that ASA's cannot handle routing and dual ISPs very well. PBR is not supported at all on an ASA, and dual ISPs can only be setup in an active/standby state. Also, an ASA Sec+ does not have near the VPN capabilities that the 2911 security does. The ASA Sec+ would support only 25 concurrent IPSec connections while the 2911 security is capable of doing an upwards of 200 IPSec connections.
Your point about moving the SVI's to a firewall to perform filtering between VLANs makes sense, however, wouldn't this be the same thing as creating subinterfaces on a router? In both cases you are moving routing from the switch backplane to the firewall/routing device, which is what I am trying to avoid.

EBS BAI2 and ZBA Accounts

Hi All,
How to handle clearing for ZBA posting in EBS.
We have one concentration account and it funds to 4 ZBA accounts.
On the outgoing ZBA it will post Debit to clearing account - posting type 1
On the incoming ZBA it should clear the Debit in the clearing account - posting type 5
The clearing account mentioned above is the clearing account for the concentration account. Will this work? i have tried but not the items are not clearing
ZBA BAI code outgoing - 581
ZBA BAI code incoming - 281

Are the concentration account and the 4 ZBA accounts all assigned to the same company code? If so, then yes, you can handle clearing of ZBA postings within EBS.
The key to the clearings is that the posting type 1 (post) transactions have to post before the posting type 5 (clear) transactions. EBS posts the statements in the order that they come through in the bank statement file. So if, for example, the 1st statement in the file contains the incoming ZBA (posting type 5) transaction and the 2nd statement in the file has the outgoing ZBA (posting type 1), the incoming ZBA postings will not clear because at the time the 1st statement is processed, becuase the outgoing ZBA transaction from the 2nd statement have not posted.
Where in the file is the concentration account? Is it before the ZBA accounts? After the ZBA accounts? You may need to adjust your configuration based on the order of the accounts in the file.
Also, does the concentration account normally have just incoming ZBA transactions, just outgoing ZBA transactions or both incoming and outgoing ZBA transactions? If the concentration account has both incoming ZBA and outgoing ZBA transactions, then you may need to assign the posting rules differently to the concentration account than to the ZBA accounts. For example, if the concentration account is the 1st account in the statement, then both 581 and 281 should be assigned to posting rules with posting type 1 (post) - and the ZBA accounts should have 581 and 281 assigned to posting rules with posting type 5 (clear). If the concentration account is last in the file, then the configuration would be just the opposite - the concentration account would have all posting type 5 posting rules and the ZBA accounts would be posting type 1.
Also, if you plan to use one clearing GL account, you'll need to make sure to fully specify that account in the account symbol configuration - do not use any masking.
Regards,
Shannon

XML Report Bursting and distribution

I want to send PDF report as an attachment to more than 200 suppliers using XML Report Bursting
In XML Report Bursting and distribution, do we need to configure the "Mail Server" on apps. (I mean any configuration is required on apps server)?
Thanks,
[email protected]

Hi,
You'll need to be able to connect to your mailserver via SMTP.
Check out the following:
http://garethroberts.blogspot.com/2008/03/bi-publisher-ebs-bursting-101.html
Regards,
Gareth
Blog: http://garethroberts.blogspot.com/

Bursting and Distributing a Report Error

Dear All,
Following the example of bursting and distribution in below document
as similar case is required in my production environment.
[http://download-west.oracle.com/docs/html/B10602_01/orbr_dist.htm]
i have followed the entire sequence as mentioned except i have to place it on Application server path
and run it from Application Server path URL
http://MYSERVER:7778/reports/rwservlet?report=Inventoryreport_Kashif_dist.rdf
&userid=oe/oe@kashif&authid=admin/admin&distribute=yes&destination=distribution.xml
where distribution.xml and inventoryreport_kashif_dist.rdf are in same directory
but it returns the following errors
REP-34304: /d:/orawin90/reports/dtd/distribution.dtd (No such file or directory)
REP-34304: Distribution failed to complete; review the distribution lists
Any help would be appreciated
Regards,
Kashif

Hi jkathuria,
First you need to have manager_mailID in XML
In Bursting Tab
--> Enable Bursting
--> make Split By ID
--> make Delivery By manager_mailID
then in Query Builder
SELECT
DISTINCT ID Key,
'Template Name' TEMPLATE,
'RTF' TEMPLATE_FORMAT,
'en-US' LOCALE,
'PDF' OUTPUT_FORMAT,
'EMAIL' DEL_CHANNEL,
manager_mailID PARAMETER1,
'if u want cc to any other mail include here in singlequotes' PARAMETER2,(optional)
'[email protected]' PARAMETER3,
'Tax Invoice Report ' PARAMETER4,
'Please find the attachment for More Details.' PARAMETER5,
'true' PARAMETER6,
'' PARAMETER7
FROM
table name
this will work for u r Requirment.
cheers,
chintu

Bursting and printer trays

Hi, we are using BI Publisher Bursting (release 11.5.3) to split a range of invoices into smaller PDF files. Now the first page of each invoice should be printed from tray 1, the rest from tray 2 (for that reason we are first bursting the file).
Currently we are using the Delivery Request API to specify printer trays. However, the submit process takes about 10-12 seconds for each request.
If we have about 100 invoices in our file and print to two trays we submit 100x2 requests (sequentially) taking between 2000 and 2400 seconds (33-40 minutes!).
This is way too slow.
We would prefer to specify the trays directly in the bursting control file. Is this possible?
A related issue may be that the printers used are postscript printers. We use the pdftops filter in the delivery manager to convert the PDF to PS before they are printed and we use CUPS printing. If we print directly using bursting, would it be possible to print the PDF to the PS CUPS printer??
Does anyone else have had these performance problems using the delivery manager?
PS: We pass a directory and a prefix for the range of files we want to print (for example MYFILES_*) (among other parameters ofcourse like the pdftops command and the output type to indicate whether it can be PDF or must be PS). I assume this is the way to use the delivery manager? Or is someone else doing this differently?
Edited by: user640374 on Jul 19, 2010 12:41 PM

Hi Aidan,
That was a great Idea! Many Thanks.
I costed me hours to try all the printer driver but it I was successful.
Here my solution:
I changed my windows driver to the standard Win Server 2003 included HP Laserjet 4. I reseted the printer to factory settings. Without reseting it was not working.
Then I took the sap tray test program to identify which tray which number has. It's a standard test. Go to transaction SO10 and enter textname SAPSCRIPT-TRAYTEST. After that I changed the tray control number (try01,...) in the program.
Now It's working.

Modem and router replacement

Hi All
New here and already have a question...I'm looking to buy the Draytek 2750 which has the VDSL modem and router built in to the same box, my question is - do I have to configure the modem portion or will it just detect and sync with the line? does anyone have the config if needed?
I've searched but can't find a definative answer.
Thanks in advance

Hi dazzpowder and welcome to the forum. Not sure about the 2750 or whether any other vdsl modem will work with Infinity although I don't see why not but don't quote me. I use the WAN 2 ethernet port on a Draytek 2820n but as it does not have a built in vdsl modem I still have to use the BT supplied modem. The 2820 does a sterling job (as do most Draytek equipments - just a pity that their customer support is less than ideal). If ou are willing to stay with the BT modem then there are a number of other routers with an ethernet WAN port that will work OK.
I have 'complained' before about the lack of configurability or even being able to see the line stats with the BT modem but I don't see a solution any time soon.
wedding
Mistakes and embarrasing goofs in e-mails are only discovered when you've sent them!

Implication of not having EBS structure and clearing accounts

Hi,
In-House Cash(IHC) utilizes clearing accounts and Electronic Bank Statements (EBS) structure, however, we are contemplating to introduce an external reconciliation tool which reconciles bank accounts with GL directly and hence omit utilization of EBS and clearing accounts. This will require a non standard SAP configuration for IHC.
We would like to seek the opinion of the experts here on the potential impact of not using EBS and clearing accounts on IHC and other SAP functionality to help us better assess our options.
Looking forward to hear your advice. Thank you.
Regards,
Alvin Lim

Are the concentration account and the 4 ZBA accounts all assigned to the same company code? If so, then yes, you can handle clearing of ZBA postings within EBS.
The key to the clearings is that the posting type 1 (post) transactions have to post before the posting type 5 (clear) transactions. EBS posts the statements in the order that they come through in the bank statement file. So if, for example, the 1st statement in the file contains the incoming ZBA (posting type 5) transaction and the 2nd statement in the file has the outgoing ZBA (posting type 1), the incoming ZBA postings will not clear because at the time the 1st statement is processed, becuase the outgoing ZBA transaction from the 2nd statement have not posted.
Where in the file is the concentration account? Is it before the ZBA accounts? After the ZBA accounts? You may need to adjust your configuration based on the order of the accounts in the file.
Also, does the concentration account normally have just incoming ZBA transactions, just outgoing ZBA transactions or both incoming and outgoing ZBA transactions? If the concentration account has both incoming ZBA and outgoing ZBA transactions, then you may need to assign the posting rules differently to the concentration account than to the ZBA accounts. For example, if the concentration account is the 1st account in the statement, then both 581 and 281 should be assigned to posting rules with posting type 1 (post) - and the ZBA accounts should have 581 and 281 assigned to posting rules with posting type 5 (clear). If the concentration account is last in the file, then the configuration would be just the opposite - the concentration account would have all posting type 5 posting rules and the ZBA accounts would be posting type 1.
Also, if you plan to use one clearing GL account, you'll need to make sure to fully specify that account in the account symbol configuration - do not use any masking.
Regards,
Shannon

Configd overwrites DNS and routing from OpenVPN

Apologies if this is covered elsewhere. I've looked and found no definitive answers.
Problem:
OpenVPN creates a tunnel on a virtual network interface tap0 which is configured via DHCP. Once up a script is called to update the routing tables and set DNS. On linux and windows this works and is very stable because static routing configurations are employed. On Mac OS X v10.6 routing configurations are dynamic and managed by configd. Once the virtual interface comes up the routing tables and DNS can be changed, but after a short while, configd will come along and change the routing and DNS configurations and break the VPN.
This is covered in some detail in this article.
http://www.afp548.com/article.php?story=20041015131913324
Question: How to write the DNS and routing entries into preferences at the time OpenVPN comes up so that they will persist when configd updates the system?
Details:
1. Commands used by OpenVPN script to update the routing table and DNS
/usr/sbin/ipconfig set "$dev" DHCP
/usr/sbin/scutil <<EOF
d.init
get State:/Network/Service/DHCP-$dev/DNS
d.add SupplementalMatchDomains * $domain_name
set State:/Network/Service/DHCP-$dev/DNS
EOF
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36 2010 /sbin/route add -net 192.168.120.1 192.168.1.1 255.255.255.255
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: add net 192.168.120.1: gateway 192.168.1.1
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36 2010 /sbin/route delete -net 0.0.0.0 192.168.1.1 0.0.0.0
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: delete net 0.0.0.0: gateway 192.168.1.1
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: Sun Feb 7 11:19:36 2010 /sbin/route add -net 0.0.0.0 192.168.110.1 0.0.0.0
Feb 7 11:19:36 MacBook-Pro org.openvpn[44]: add net 0.0.0.0: gateway 192.168.110.1
2. Every looks good for a few minutes
MacBook-Pro:~ user$ netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.110.1 UGSc 0 0 tap0
default 192.168.110.1 UGScI 41 88 tap0
127 localhost UCS 0 0 lo0
localhost localhost UH 0 0 lo0
169.254 link#5 UCS 0 0 en1
192.168.1 link#5 UC 1 0 en1
192.168.1.1 0:1e:e5:86:79:22 UHLWI 1 17 en1 1187
192.168.1.101 localhost UHS 0 0 lo0
192.168.110 link#7 UCS 2 0 tap0
192.168.110.1 0:17:3f:9b:e3:e2 UHLWI 43 8 tap0 1182
192.168.110.3 0:1c:c0:f:90:3b UHLWI 12 137213 tap0 454
192.168.110.29 localhost UHS 0 0 lo0
192.168.120.1/32 192.168.1.1 UGSc 1 0 en1
MacBook-Pro:~ user$ sudo scutil --dnsDNS configuration
resolver #1
domain : celoso.net
search domain[0] : celoso.net
nameserver[0] : 208.67.222.222
nameserver[1] : 208.67.220.220
nameserver[2] : 4.2.2.3
order : 200000
resolver #2
domain : celoso.net
nameserver[0] : 192.168.110.3
nameserver[1] : 192.168.110.3
order : 100400
3. Then something will trigger configd to update the DNS or routing tables, the only evidence of which I have been able to find is the following message in the system.log
Feb 7 11:20:34 MacBook-Pro configd[13]: network configuration changed.
4. And either the DNS or routing tables will be changed e.g.
MacBook-Pro:~ user$ sudo /usr/sbin/scutil --dns
Password:
DNS configuration
resolver #1
domain : celoso.net
search domain[0] : celoso.net
nameserver[0] : 208.67.222.222
nameserver[1] : 208.67.220.220
nameserver[2] : 4.2.2.3
order : 200000
resolver #2
domain : local
options : mdns
timeout : 2
order : 300000
MacBook-Pro:~ user$ netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 0 0 en1
default 192.168.110.1 UGScI 52 81 tap0
127 localhost UCS 0 0 lo0
localhost localhost UH 0 0 lo0
169.254 link#5 UCS 0 0 en1
192.168.1 link#5 UC 1 0 en1
192.168.1.1 0:1e:e5:86:79:22 UHLWI 1 17 en1 1196
192.168.1.101 localhost UHS 0 0 lo0
192.168.110 link#7 UCS 2 0 tap0
192.168.110.1 0:17:3f:9b:e3:e2 UHLWI 54 5 tap0 1199
192.168.110.3 0:1c:c0:f:90:3b UHLWI 0 34 tap0 1161
192.168.110.29 localhost UHS 0 0 lo0
192.168.120.1/32 192.168.1.1 UGSc 1 0 en1

The question is what event is causing configd to change configurations.
In general, this will only occur if an interface goes down or if a DHCP address needs to be renewed.

And/or if statement in rtf templates.

Hi all,
I'm using XML Publisher 4.5.
I have created a word template file (rtf) for my reports. I need to be able to show some content in the template file by using and and/or if statement.
fx. <?if:doc_type='STANDARD'?> OR <?if:doc_type='DEFAULT'?>
How can I do this?
In advance thank you.
Best regards
Kenneth

Hi D,
Thank you for your answer.
I have seriously thought about that solution; but I don't think it's a smart way to do it.
If i do it like that, i need to copy the whole table and paste it inside the if statements.
I have two xml elements that I need to make the decisions on. POH_PO_TYPE & CP_RELEASE_NUM.
POH_PO_TYPE can be: STANDARD, RELEASE or BLANKET.
CP_RELEASE_NUM can be: '' or N
If POH_PO_TYPE is RELEASE AND CP_RELEASE_NUM is not ''
OR POH_PO_TYPE is STANDARD
OR POH_PO_TYPE is BLANKET AND CP_RELEASE_NUM is ''
THEN show table (which contains the whole PO).
It shall show the content of the PO in any of these cases.
BR Kenneth

EBS Bursting and routing AR Statements/Invoices to email/print

Similar Messages

Maybe you are looking for