Echo static routing rule
Hi all,
Can some one please explain to me when i can use the echo static rule in a mediator component.
oracle student guide present the echo service like this : "the echo service, to use an internat echo mechanism that enables the request message to be echoed as a response message, which can be transformed before returned to the caller"
any help are welcome.
thanks
According to the documentation Echo is available for the follwing patterns
The echo option is supported only with the Mediator interfaces having the following types of WSDL files:
Request/Reply
Request/Reply/Fault
Request/Callback
Note:
The echo option is not available for Mediator interfaces having Request/Reply/Fault/Callback WSDL Files.
The echo option is available for synchronous operations like Request/Reply and Request/Reply/Fault.
Note:
The echo option is available for the synchronous operations only when the routing rule is sequential because parallel routing rules are not supported for Mediators with synchronous operations.
For synchronous operations, having a conditional filter set, the echo option does not return any response to the caller, when the filter condition is set to false. Instead, a null response is returned to the caller.
The echo option is available for asynchronous operations only if the Mediator interface has a callback operation. In this case, the echo is run on a separate thread.
Note:
The asynchronous echo option is available only when the routing rule is parallel. To use the echo option, then sequential routing rules are not supported for Mediators with asynchronous operations.
You can use the follionw link for further information
http://download.oracle.com/docs/cd/E15523_01/integration.1111/e10224/med_createrr.htm
Similar Messages
-
Mediator static routing - Wait for 1 to complete
Hello,
I have 1 mediator which has 2 static routing rules. Each routing rule calls an asynchronous BPEL (BPEL1 & BPEL2). Is there a way that I can tell mediator to not kick off BPEL2 until it receives the callback from BPEL1?
Thanks!
SamHi Sam,
Not sure about the mediator option about Time Out , but you can acheive the goal in BPEL.
You can make 2 calls to 2 mediators ( split ur 2 routing rules in 2 mediator ) and have an wait activity in first call of BPEL. -
Default static route and Null 0
Hi Everyone,
Need to clear some doubts for below setup
Switch 3550A is connected to Internet Router and has OSPF nei relationship with it.
3550A# sh run int fa0/11
Building configuration...
Current configuration : 272 bytes
interface FastEthernet0/11
description OSPF LAN Connection to 2691 Router Interface Fas 0/1
no switchport
ip address 192.168.5.2 255.255.255.254
sh ip route shows
3550A#sh ip route
Gateway of last resort is 192.168.5.3 to network 0.0.0.0
O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:39:56, FastEthernet0/11
3550A#
All is working fine.
For testing purposes i config below static route on 3550A
ip default-network 192.168.1.0
ip route 192.168.1.0 255.255.255.0 Null0
After above change
3550A# sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
S* 192.168.1.0/24 is directly connected, Null0
O*E2 0.0.0.0/0 [110/1] via 192.168.5.3, 20:38:38, FastEthernet0/11
Now i can not ping to internet as below
3550A#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Success rate is 0 percent (0/5)
When we ping from Switch then source IP is always the Outside interface IP right?
So in this case Switch is using which IP as source?
Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
Null interface right?
Extended ping works fine as below
3550A#ping
Protocol [ip]:
Target IP address: 4.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.5.2
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.5.2
Success rate is 100 percent (5/5), round-trip min/avg/max = 76/79/80 ms
Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
Regards
MAheshHi Mahesh,
When we ping from Switch then source IP is always the Outside interface IP right?
That is correct. By default it is always the outgoing interface on the device unless you specify it differently.
Ping to internet is not working as default network is set to 192.168.1.0 and all request goes to this IP and then it goes to
Null interface right?
That is correct. Null0 can't be used as next-hop.
Second thing to confirm is this ping works because 192.168.5.2 is directly connected to Internet Router interface?
No, that is because 192.168.5.0/30 is NATed. Remember 192.168.x.x address is a private segment and cannot access the Internet unless NAT is used.
HTH
Reza -
Setting up static routing in sa520. Im stuck.
Hello,
I finally got my cisco router and all excited about it i tried to set it up. Everything went fine until i wanted a local machine to get its own IP adress that is reachable from the outside.
Basicly i used static IP setting in the wan/ip4v menu. This worked great and with the router assigning dhcp too all computers.
Now all the local computers has internet connection and they share one ip adress on the outside.
As for where im stuck. I have a xserve with 2 networkcards. It runs a FTP server which we use local but we also have customers needing to reach it from the outside. The local FTP works but im having difficulties assigning a outside IP too it. Our ISP has provided 5 different ipadresses.
I have tried to do this in 2 different ways where the second way is preferable.
first try:
Use the optional port as a second wan. give it the same settings as the first wan got but another ip-adress.
Then connect the xserves outside network card directly too that wan port and use dhcp. This did not work.
second try:
Assign a static routing from the wan2(optional port) too the local ipadress for the xserve.
Can someone elaborate on how this should be done?
Thank you.
Edit:
Later today i will try this firewall rule.
http://bildr.no/view/580301
Basicly i want to forward any connections from wan2 too 192.168.1.33 which is my server. Does that look correct?Thank you for your quick reply.
Im using version 1.1.21.
Im actully quite sure that its a user problem rather then firmware error. It´s the first time i evern touch a Cisco router and i havn´t done that much networking.
I can show you how i did it on my xserve. Maybe you can elaborate on how i can do it the same way.
redirect_port
proto
tcp
targetIP
192.168.1.50
targetPortRange
80
aliasIP
77.40.XXX.220
aliasPortRange
8888
Basicly it says push whatever trafic from ip 77.40.xxx.220 too 192.168.1.50 on the local network.
How can i do the same thing on my cisco router? It´s a NAT ip-forward rule.
Edit:
Screenshot shows what i have been trying.
I have chosen optional wan which is set to use another external IP adress but this does not work. It would be so much easier if i could just type in the external IP adress there and use the same gateway, dns as the main WAN.
Added config aswell.
Thank you. -
Need Help for configuring Floating static route in My ASA.
Hi All,
I need your support for doing a floating static route in My ASA.
I have tried this last time but i was not able to make it. But this time i have to Finish it.
Please find our network Diagram and configuration of ASA
route outside 0.0.0.0 0.0.0.0 6.6.6.6 1 track 1
route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
route rOutside 0.0.0.0 0.0.0.0 3.3.3.3 10
route inside 10.10.4.0 255.255.255.0 10.10.3.1 1
route inside 10.10.8.0 255.255.255.0 10.10.3.1 1
route inside 10.10.9.0 255.255.255.0 10.10.3.1 1
route inside 10.10.15.0 255.255.255.0 10.10.3.1 1
route rOutside x.x.x.x 255.255.255.255 5.5.5.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.10.3.77 255.255.255.255 inside
http 10.10.8.157 255.255.255.255 inside
http 10.10.3.59 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
crypto ipsec transform-set cpa esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map vpn_cpa 1 match address acl_cpavpn
crypto map vpn_cpa 1 set peer a.a.a.a
crypto map vpn_cpa 1 set transform-set abc
crypto map vpn_cpa 1 set security-association lifetime seconds 3600
crypto map vpn_cpa interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
track 1 rtr 123 reachability
telnet 10.10.3.77 255.255.255.255 inside
telnet 10.10.8.157 255.255.255.255 inside
telnet 10.10.3.61 255.255.255.255 inside
telnet timeout 500
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.10.3.14
webvpn
tunnel-group .a.a.a.a ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
smtp-server 10.10.5.11
prompt hostname context
Cryptochecksum:eea6e7b6efe5d1a180439658c3912942
: end
i think half of the configuration stil there in the ASA.
Diagram.
Thanks
RoopeshYou have missed the last command in your configuration, Please check it again
route ISP1 0.0.0.0 0.0.0.0 6.6.6.6 track 1
route ISP2 0.0.0.0 0.0.0.0 3.3.3.3
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface ISP1
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
You can do NAT in same way, here the logical name of the interface will be different.
Share the result
Please rate any helpful posts. -
11g mediator enrichment, passing parameters between routing rules
Hi,
I am trying to make mediator enrichment work with a sync request / response service, One-way enrichment works perfectly in PS1.
So I have a few routing rules and try to use the response data of the previous routing in the next routing and end with a echo request.
For this I am trying to pass on variables between routing rules. but is seems that an assign and xslt variables. only live inside the routing rule.
I am trying the hack the mplan file to make this work but without any luck.
Is this possibe and how.
Thanks Edwin -
Configuring Static Route Tracking Using ASDM 7.1(3) ASA 9.1(2)
I have recently updated my ASA5520 to 9.1(2) and I am using ASDM 7.1(3) to configure Static Route Tracking. I have done this previoussy in earlier version of ASDM without a problem. There seems to be a new field in the Tracked Options section. What is the "Target Interface"? Is it the interface I want to use as the standby route when the Monitor fails? Or is it the Interface that is doing the monitoring?
I have looked through Cisco ASA Series General Operations ASDM Configuration Guide Software Version 7.1, as well as older ASDM books and this field is never listed or described.Hi,
The target interface will be the interface through which you will be polling some destination IP address with ICMP Echos to determine if the route through that interface is still valid.
So in your case you would use "Outside"
Heres the link to the ASA Command Reference listing the above "type" command under the "sla monitor 1" configuration
http://www.cisco.com/en/US/docs/security/asa/command-reference/t2.html#wp1568359
- Jouni -
Hi All
Is it possible in IOS to have for a particular subnet:
a) Two static routes?
b) Make one static route a higher priority than the other?
c) If one static router "goes down", failover to the lower priority static route?
We have a l2tp/vpdn connection to a supplier which can be accessed via two vlans/routes. I would like to make one route the preferred one but the "route" to failover if the preferred route goes down.
Again, many thanks in advance for all responses!
Thanks
JohnHi John,
Hope the below explaination will help you...
R1(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2
R1(config)# ip route 0.0.0.0 0.0.0.0 3.3.3.3 10
If you notice the Administrative Distance for the secondary route pointing to ISP2 is increased to 10 so that it becomes the backup link.
The above configuration with just two floating static routes partially accomplishes our requirement as it will work only in the scenario where the routers interfaces connected to the WAN link are in up/down or down/down status. But in a lot of situations we see that even though the links remain up but we are not able to reach the gateway, this usually happens when the issue is at the ISP side.
In such scenarios, IP SLAs becomes an engineer's best friend. With around six additional IOS commands we can have a more reliable automatic failover environment.
Using IP SLA the Cisco IOS gets the ability to use Internet Control Message Protocol (ICMP) pings to identify when a WAN link goes down at the remote end and hence allows the initiation of a backup connection from an alternative port. The Reliable Static Routing Backup using Object Tracking feature can ensure reliable backup in the case of several catastrophic events, such as Internet circuit failure or peer device failure.
IP SLA is configured to ping a target, such as a publicly routable IP address or a target inside the corporate network or your next-hop IP on the ISP's router. The pings are routed from the primary interface only. Following a sample configuration of IP SLA to generate icmp ping targeted at the ISP1s next-hop IP.
R1(config)# ip sla 1
R1(config)# icmp-echo 2.2.2.2 source-interface FastEthernet0/0
R1(config)# timeout 1000
R1(config)# threshold 2
R1(config)# frequency 3
R1(config)# ip sla schedule 1 life forever start-time now
The above configuration defines and starts an IP SLA probe.
The ICMP Echo probe sends an ICMP Echo packet to next-hop IP 2.2.2.2 every 3 seconds, as defined by the “frequency” parameter.
Timeout sets the amount of time (in milliseconds) for which the Cisco IOS IP SLAs operation waits for a response from its request packet.
Threshold sets the rising threshold that generates a reaction event and stores history information for the Cisco IOS IP SLAs operation.
After defining the IP SLA operation our next step is to define an object that tracks the SLA probe. This can be accomplished by using the IOS Track Object as shown below:
R1(config)# track 1 ip sla 1 reachability
The above command will track the state of the IP SLA operation. If there are no ping responses from the next-hop IP the track will go down and it will come up when the ip sla operation starts receiving ping response.
To verify the track status use the use the “show track” command as shown below:
R1# show track
Track 1
IP SLA 1 reachability
Reachability is Down
1 change, last change 00:03:19
Latest operation return code: Unknown
The above output shows that the track status is down. Every IP SLAs operation maintains an operation return-code value. This return code is interpreted by the tracking process. The return code may return OK, OverThreshold, and several other return codes.
Different operations may have different return-code values, so only values common to all operation types are used. The below table shows the track states as per the IP SLA return code.
Tracking
Return Code
Track State
Reachability
OK or over threshold
(all other return codes)
Up
Down
The Last step in the IP SLA Reliable Static Route configuration is to add the “track” statement to the default routes pointing to the ISP routers as shown below:
R1(config)# ip route 0.0.0.0 0.0.0.0 2.2.2.2 track 1
R1(config)# ip route 0.0.0.0 0.0.0.0 3.3.3.3 10
The track number keyword and argument combination specifies that the static route will be installed only if the state of the configured track object is up. Hence if the track status is down the secondary route will be used to forward all the traffic.
Please rate the helpfull posts.
Regards,
Naidu. -
How do you promote a static route over a directly connected?
Hi all,
I have a need for a static route to be used instead of a directly connected route. (Long story - involving firewalls and anti-spoofing.. but can go further if required)
I am using a Cisco 3750 switch. I notice directly connected routes have a metric of 0, and the highest metric I can give a static route is 1.
Therefore, how is it possible for me to make the switch use the static route and not the directly connected?
Any help would be appreciated!
Cheers,
BenHi Rick,
Thanks for your patience.
Maybe I should start again.
Initially we had 16 VLANs within the 10.0/16 address space. We have some Cisco 3750's connected by dark fibre accross a couple of kms and then lower access switches all hanging of these by some means. The network is flat.
We have a checkpoint firewall hanging off one of the 3750s connected using a TRUNK port. The firewall has an IP address on all VLANs and is used to route traffic between VLANs based on its ruleset.
So if I have a user in VLAN 10 who wants to talk to VLAN 20, they travel to the firewall, if a rule permits the access, the firewall routes the packet on to VLAN 2 and the switches deliver at Layer 2.
The switches all have their default VLAN 1 disabled, and have an IP address on our management VLAN to allow us to manage the switches.
Its quite important that this IP is on a secured management VLAN as we don't want just anyone being able to snoop switch logins etc..
If we need to login to a switch, the firewall routes our traffic from whatever VLAN we are on to the Management VLAN.
One of our VLANs (the Desktop VLAN) is quite large (approx 1300 hosts) and suffers a great deal from too much arp broadcast traffic.
As we have a flat switched network across several kms, the cost of putting in routers to subnet this large VLAN is excessive.
However, the 3750's we have are perfectly capable of routing between VLANs, so we decide to create a load of new VLANs instead of subnetting our large VLAN. We don't want to use the firewall to route between these new VLANs as thats just giving the firewall more to do, and previously all these hosts were on a single subnet, so we have no need for any strict security - at most we can use ACLs on the switches if we even need that!
So far so good.
With 1300 hosts, we obviously can't make sudden topology changes. Therefore we need to be able to route between the Desktop VLAN and the new VLANs.
We therefore introduce the static routes between the firewall and the switches.
So the firewall says:
route 10.1.0.0/16 via Multilayer switch IP on 10.1.0.0/16
The multilayer switch says:
route 10.0.0.0/16 via Firewall IP on 10.1.0.0/16
This allows routing perfectly between the Desktop VLAN and the new VLANs.
However the moment we enable ip routing on the switches we break access between the desktop VLAN and the Management VLAN.
A packet leaves the desktop VLAN through the default gateway on the firewall. This is then routed to the Management VLAN. The return packet doesn't use the Management VLAN default gateway (firewall), it follows the static route on the switch and ends up at the firewall on 10.1.0.0/16. This is subsequently dropped as the firewall knows the packet hasn't come from the 10.1.0.0/16 network, it originally came from the desktop VLAN on 10.0.0.0/16.
It might seem we can define a route on the switch to say:
route 10.0.50.0/24 (management VLAN) via 10.0.50.254 (firewall). However, this would result in all packets from 10.1.0.0/16 being dropped by the firewall.
The other problem is that if we are on a new VLAN and want to talk to the management VLAN. The packet goes to its default gateway on the switch. The switch says - "I have an IP on the management VLAN, its directly connected" - therefore it ignores the static route, and passes the packet on its way. We have now bypassed the firewall, which is bad.
Incidentally the return packets get routed through the firewall and dropped, as the original packet didn't come through the firewall, there is no entry in the state table for its return.
I think if we turned off the management interface on the switch and managed it through the interface on 10.1.0.0/16, I assume everything would work. However, we don't want to do this for a whole load of other reasons I wont go into.
Im sure there must be a fairly simple solution - I just don't have enough experience!
Cheers,
Ben -
Hi folks.
Just needing to find out how to implement static routing in my router. I can't seem to get it to work.
I have an internal server that I want all of my requests to go to, and it has an internal IP of 192.168.1.7. This router is 192.168.1.1, so it's pretty straight forward. So I thought. Also, can I break up various services to point to different machines? Such as:
Machine
Ports
192.168.1.21
80, 443
192.168.1.7
25, 53, 110, 143, 995, 587
Firmware is 1.0.5.4
Any advice appreciated.
CheersHello,
Thank you for the information and I'm sorry you are having issues with your device.
I think your problem is related to the configuration you are using.
First of all, go ahead and delete all the static routing and the port forwarding rules you have created as it will be better to start from zero.
These are the requirements for this to work, make sure you met them:
1- Check the WAN IP of the router and make sure it is the public IP address. If you don't have the public IP address then contact your ISP to get the modem on bridge mode.
2- Make sure that the server you are trying to reach from the outside is using the IP address of the router as the default gateway
3- Go to the firewall and then to access rules and create all the rules needed for your server (Check the attached screenshot). Here is a document showing how to create the rules:
http://sbkb.cisco.com/CiscoSB/ukp.aspx?vw=1&docid=01ef2188693e42058388dbfe3311ea1f_Access_Rules_Configuration_on_Cisco_Small_Business_RV120W_Wi.xml&pid=2&respid=0&snid=7&dispid=0&cpage=search
Keep in mind that this is everything that needs to be done to open the ports. When you create the access rules a matching port forwarding rule is created automatically.
Please let us know if you have any questions -
AnyConnect Configuration - Tunnel subnets that are on "Static Routes"
Hi!
I've been trying to setup my Cisco ASA to handle VPN connections to a couple of subnets.
So we have a LAN which we have XenServers on (Lab environment)
On these machines we have a pfSense each to get a public IP so that we can NAT services to our virtual machines.
We are currently running AnyConnect to reach the managemen network "172.20.20.0/24"
But the pfSense's have their own IP's on this management vlan. So I thought that I could setup a static route to them.
So I did setup the route, I can now ping all the subnets.
The next thing to do is to get the AnyConnect to be able to reach all of these subnets.
I'll post a image that describes our network topology:
And I think i've got everything right. But it seems that something is missing. I've run out of ideas, and im still learning.
So it could just be soemthing easy. I will attach the network sketch and the config.
Thanks!
Best Regars:
Jonathan HerlinI tried the commands you wrote.
When I do the packet-trace I get the following.
ASA5505(config)# packet-tracer input inside tcp 192.168.60.100 80 172.20.23.68$
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcb52a1f0, priority=1, domain=permit, deny=false
hits=65188, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
input_ifc=inside, output_ifc=any
Phase: 2
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.20.23.0 255.255.255.0 inside
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group inside_access_in in interface inside
access-list inside_access_in extended permit ip any any
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcb51d4b0, priority=13, domain=permit, deny=false
hits=453, user_data=0xc9635ee0, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=inside, output_ifc=any
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xcb52def8, priority=0, domain=inspect-ip-options, deny=true
hits=51642, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=inside, output_ifc=any
Phase: 5
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
out id=0xcc3fd5f8, priority=0, domain=user-statistics, deny=false
hits=51667, user_data=0xcc28aaf0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=any, output_ifc=inside
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
in id=0xcb52def8, priority=0, domain=inspect-ip-options, deny=true
hits=51644, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=inside, output_ifc=any
Phase: 7
Type: USER-STATISTICS
Subtype: user-statistics
Result: ALLOW
Config:
Additional Information:
Reverse Flow based lookup yields rule:
out id=0xcc3fd5f8, priority=0, domain=user-statistics, deny=false
hits=51668, user_data=0xcc28aaf0, cs_id=0x0, reverse, flags=0x0, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
input_ifc=any, output_ifc=inside
Phase: 8
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 52463, packet dispatched to next module
Module information for forward flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_tcp_normalizer
snp_fp_translate
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Module information for reverse flow ...
snp_fp_tracer_drop
snp_fp_inspect_ip_options
snp_fp_translate
snp_fp_tcp_normalizer
snp_fp_adjacency
snp_fp_fragment
snp_ifc_stat
Result:
input-interface: inside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: allow
ASA5505(config)#
So it seems to work, but I can't access "172.20.20.11" which is one of the static route pfSense's. May be that the Cisco is proppertly configured, but can't work with the pfSense's.
And I can't figure out where the packet is going, cause it seems like the package reaches the pfSense without any problems?
And the pfSense is working just fine.
/ Jonathan -
Any static routing experts here?
Have a setup involving 3 routers and various workstations as follows
Ont Cat5 -> Actiontec wan port. Actiontec subnet 192.168.1
Actiontec lan port -> Netgear wndr3200 wan port (192.168.1.253). Netgear seubnet 192.168.0
Actiontec lan port -> Dlink dir655 wan port (192.168.1.254). Dlink subnet 192.168.3
Have user devices on all 3 subnets and the can all talk to the internet fine. In addition can access the Actiontec admin from any device on the Netgear or Dlink subnets.
Would like to be able to access the Netgear and Dlink subnets from devices on Actiontec subnet. I know this involes building static routes on all the routers and have done this but still can't access so presume either my static routes are incorrect or more likely there is something I have to in the router firewalls. I lean more to the router firewalls as I am guessing they are blocking the inbound traffic.
Anybody have any hints as to how this is done?
Solved!
Go to Solution.You'd generally have a static route pointed to the (WAN) address of the next router in the chain.
Your outside router (Actiontec) would have
static route 192.168.0.0/24 with the nexthop 192.168.1.253.
static route 192.168.3.0/24 with the nexthop 192.168.1.254.
Your Dlink and netgear shouldn't need any static routes needed (since they are, generally speaking, default routing to the wan port). The problem you're running into is that they're also NATing the address.
So when you receive a packet from 192.168.3.2 (connected to the DLINK) on 192.168.1.2 (connected to the ACTIONTEC) the receiving device sees src:192.168.1.254 dst:192.168.1.2 most likely. When you're sending a packet to 192.168.3.2, with a nexthop of 192.168.1.254, that natting part isn't going to work like you expect (it's expecting a packet to 192.168.1.254 with a specific port, which it will then port-forward to 192.168.3.2 on the port you tell it to, whether it's the same port or not, based on port forwarding rules built on the dlink).
Does that help at all? Unless you can turn natting off, you need to be doing port-based stuff with port forwarding, in the setup you're describing, IMO.
Paul -
BRF+ Routing Rule not showing Expression
Hi Experts,
I am trying to create a BRF+ routing rule (line item by line item) within SAP Standard Process ID - SAP_GRAC_ACCESS_REQUEST
The purpose is to use it as a detour based upon Role attributes. Although the rule is generated in ABAP screen, when I try to modify BRF+ rule, the Expression where decision table is located, not coming up.
When I test it, it gives error - Expression not set.
What could be the issue? Need your help.
Thanks & Regards,
SabitaHi Sabita,
Definitely look up those courses! I'm an instructor for them in the UK and these sorts of questions are exactly those which most people ask on the courses!
GRFN_MW_S_ROUTING is a structure which contains those two fields. This should be the Result Data Object which will then automatically place those two fields as the results.
The Condition columns are user driven inputs where you give the criteria for the routing rules e.g. Business process or role criticality etc.
For routing rules or initiator rules, there are two sources for the information; the request header (attributes of the request) or the request line items (attributes of the roles on the request). There are some fields which may exist in both (e.g. Business process for the access request or the business process assigned to the Role) which explains why there are duplicates in the list. When selecting the conditions, scroll right to the bottom of the list and you'll find the Structures which show Header or Line Item. If you expand those, then you will see the list of fields again. By doing this, you'll know whether you're looking at the header or line item field.
Select the appropriate fields as the columns and then add in the rows to identify the specific criteria. -
Advertise implicit-null label for static routes
Hi, I want to ask if there is any way to change the label or stop adveritise label for an static route. Normally LDP advertises an Implicit Null label for directly connected routes. We want to do similar thing for static routes.
We need to do this is because somehow we need to do rate-limit on the PE interface connecting to the core network instead of the interface connecting to CE. As the incoming packets still got labelled, the rate-limit is skipped. So we want to stop the PE creates label for the static routes or advertises them with implicit null label. Thanks in advance.Calvin,
Bear in mind that if you only enter the "no mpls ldp advertise-label" command, LDP will stop propagating all labels, which might not ba what you want. If you selectively want to propagate certain labels, then you need to also use "mpls advertise label for " as Shivlu suggested.
Regards, -
Check for Null in Mediator Static Routing filter
Using Expression Builder for Mediator component how can I check the values for NULL in a particular XML element. In my case the XSD is
<xs:complexType name="OdsCadDataSet">
<xs:choice>
<xs:element name="odsCadCase" type="OdsCadCase" minOccurs="0"
maxOccurs="1"/>
<xs:element name="odsCadEvent" type="OdsCadEvent" minOccurs="0"
maxOccurs="1"/>
<xs:element name="odsCadUnitStatus" type="OdsCadUnitStatus"
minOccurs="0" maxOccurs="1"/>
</xs:choice>
</xs:complexType>
I want to check in expression builder of mediator whether odsCase, odsCadEvent, odsCadUnitStatus is been processed. I have three static routing for each element and plan to put filter which checks is odsCadCase is null and so forth. How to have this use case.
Thanks
Edited by: user5108636 on 28/06/2010 00:15helo, i have same problem here...
I have a xsd:choice on request like this:
<message>
<properties>
<property name="tracking.compositeInstanceId" value="80003"/>
<property name="tracking.ecid" value="0000J1MQVAZBDC^5lVg8yZ1DtZWJ000T5r"/>
<property name="transport.http.remoteAddress" value="10.106.17.137"/>
</properties>
<parts>
<part name="request">
<ns1:parametrosConsultaGuia>
<ns1:guiaCompensacaoRequest>
<ns1:anoGuia>2011</ns1:anoGuia>
<ns1:numeroGuia>314</ns1:numeroGuia>
<ns1:codigoFatoGerador>6</ns1:codigoFatoGerador>
<ns1:codigoPorte>77011</ns1:codigoPorte>
</ns1:guiaCompensacaoRequest>
<ns1:guiaComplementarRequest>
<ns1:codigoEntidade/>
<ns1:classeEmbarcacao/>
<ns1:codigoPorte/>
<ns1:codigoAssunto/>
<ns1:fatoGerador/>
<ns1:numeroTransacaoInternet/>
</ns1:guiaComplementarRequest>
<ns1:guiaDesarquivamentoRequest>
<ns1:codigoAssunto/>
<ns1:idPessoa/>
</ns1:guiaDesarquivamentoRequest>
<ns1:guiaDividaAtivaRequest>
<ns1:numeroDebito/>
<ns1:codigoUsuario/>
</ns1:guiaDividaAtivaRequest>
<ns1:guiaNormalRequest>
<ns1:codigoEntidade/>
<ns1:codigoAssunto/>
<ns1:fatoGerador/>
<ns1:numeroTransacaoInternet/>
</ns1:guiaNormalRequest>
<ns1:guiaReferenciaRequest>
<ns1:numeroGuiaPai/>
<ns1:anoGuiaPai/>
<ns1:codigoEntidade/>
<ns1:classeEmbarcacao/>
<ns1:codigoAssunto/>
</ns1:guiaReferenciaRequest>
<ns1:guiaRemanescenteRequest>
<ns1:numeroDebito/>
<ns1:codigoUsuario/>
</ns1:guiaRemanescenteRequest>
<ns1:guiaMultaRequest>
<ns1:codigoEntidade/>
<ns1:dataVencimento/>
<ns1:valorMulta/>
<ns1:percentualDesconto/>
<ns1:percentualAcrescimo/>
</ns1:guiaMultaRequest>
</ns1:parametrosConsultaGuia>
</part>
</parts>
</message>
I tried everything to check if some of the requests are filled but allways mediator returns null:
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaReferenciaRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaCompensacao.getGuiaCompensacao"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "$in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaCompensacaoRequest != ''" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaRemanescenteService.getGuiaRemanescente"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaRemanescenteRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaMultaService.gerarBoleto"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaMultaRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaDividaAtiva.getGuiaDividaAtiva"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaDividaAtivaRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaDesarquivamento.getGuiaDesarquivamento"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaDesarquivamentoRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaComplementarService.gerarBoleto"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaComplementarRequest) > 0" resulted false
<payload>
Atividade03/06/2011 13:50:42MensagemonCase "GuiaNormalService.gerarBoleto"
03/06/2011 13:50:42MensagemEvaluation of xpath condition "string-length($in.request/guia:guiaRequest/guia:parametrosConsultaGuia/guia:guiaNormalRequest) > 0" resulted false
<payload>
Maybe you are looking for
-
How to rename a resource in PS 2013
Hi, From PS 2003 to PS 2010, it was possible to "unlink" a user / resource from the active directory and rename it. In PS 2013 it's not possible anymore. The problem is that many of my clients need that feature. Let me explain why. Imagine we have a
-
Eprocurement Requisition upon "save and preview Approval"
Hi, We have implemented eprocurement module 9.0 ver and found a strange problem. After creating a requisition,while we click the button -"Save and preview Approvals" it shows the approval path. If we happen to edit the requisition twice or thrice and
-
How do I add an Audio Book that I have...
How do I add an Audio Book that I have thats in the correct format to iTunes.My Audio Book Playlist is not there in iTunes,My iPod shows that Audio Books is there,but not in iTunes?..Thanks for any help..:)
-
Please, someone knows how can I change my country in itunes, so I can change my payment information?
-
Text spacing & keyboard mapping problem
When I type inside a text box I am now getting the characters jammed together as if there was negative letterspacing. It is also entering the wrong characters than what I type. For example, an uppercase R generates an uppercase Q. I have checked othe