EM can connect to DB to export.
I am new to Oracle, so. I first can connect to the DB in stand alone mode, no prolem. Then through the OEM I log in ok but when I go to access the DB it asks for the user name and password, I use the sameones as in stand along but get ORA-01031 - insufficient privileges. Any ideas.
Thanks in Advance,
Phil
Deepak_DBA wrote:
hi,
check your tnsnames.ora file and see whether there is entryHe's already proven he has an entry in tnsnames. If he didn't he wouldn't have gotten an error indicataing a problem at the listener.
asnd also check listner.ora in the server
set oracle_home and SID and reload the listner... also check services and connect the server
Off the mark. His tnsnames was referencing host=localhost (which is ip address 127.0.0.1 and always means the local machine) and the listener was listening on a different ip address.
>
>
regards,
Deepak
Similar Messages
-
I can connect my cisco mobile vpn but can't ping & access internal IP
Hi somebody,
i've configured mobile vpn configuration in cisco 7200 with GNS3. i can connect VPN to my cisco router with cisco vpn client software from outside. but i can't ping to internal ip and can't access internal resources.
My Internal IP is 192.168.1.x . And IP for mobile VPN client from outside is 172.60.1.x.
Your advise will be appreciate.
here is my configuration with cisco 7200 in GNS 3,
OfficeVPN_Router#sh run
Building configuration...
Current configuration : 2186 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname OfficeVPN_Router
boot-start-marker
boot-end-marker
enable secret 5 $1$E0Gz$U8UzNtHOXy2CeoEFj30by0
aaa new-model
aaa authentication login userlist local
aaa authorization network grouplist local
aaa session-id common
ip cef
no ip domain lookup
username asm privilege 15 password 0 pncsadmin
username user privilege 15 password 0 pncsadmin
username user1 privilege 15 password 0 pncsadmin
username cisco123 secret 5 $1$lCOc$Db.e8AFd/0f02ZI4/aeV./
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp client configuration group MWG
key cisco
dns 165.21.83.88
pool vpnpool
acl 101
netmask 255.255.0.0
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
crypto map mymap client authentication list userlist
crypto map mymap isakmp authorization list grouplist
crypto map mymap client configuration address initiate
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp dynamic dynmap
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
interface FastEthernet1/1
ip address 200.200.200.200 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map mymap
ip local pool vpnpool 172.60.1.10 172.60.1.100
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 200.200.200.201
no ip http server
no ip http secure-server
ip nat inside source list 111 interface FastEthernet1/1 overload
access-list 101 permit ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
access-list 111 deny ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
access-list 111 permit ip any any
control-plane
gatekeeper
shutdown
line con 0
exec-timeout 0 0
password cisco123
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password cisco123
end
OfficeVPN_Router#sh ver
Cisco IOS Software, 7200 Software (C7200-A3JK9S-M), Version 12.4(25), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Tue 21-Apr-09 18:50 by prod_rel_team
ROM: ROMMON Emulation Microcode
BOOTLDR: 7200 Software (C7200-A3JK9S-M), Version 12.4(25), RELEASE SOFTWARE (fc2)
OfficeVPN_Router uptime is 30 minutes
System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
System image file is "tftp://255.255.255.255/unknown"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 7206VXR (NPE400) processor (revision A) with 245760K/16384K bytes of memory.
Processor board ID 4279256517
R7000 CPU at 150MHz, Implementation 39, Rev 2.1, 256KB L2 Cache
6 slot VXR midplane, Version 2.1
Last reset from power-on
PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth points.
Current configuration on bus mb0_mb1 has a total of 600 bandwidth points.
This configuration is within the PCI bus capacity and is supported.
PCI bus mb2 (Slots 2, 4, 6) has a capacity of 600 bandwidth points.
Current configuration on bus mb2 has a total of 0 bandwidth points
This configuration is within the PCI bus capacity and is supported.
Please refer to the following document "Cisco 7200 Series Port Adaptor
Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
for c7200 bandwidth points oversubscription and usage guidelines.
3 FastEthernet interfaces
125K bytes of NVRAM.
65536K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
8192K bytes of Flash internal SIMM (Sector size 256K).
Configuration register is 0x2102
OfficeVPN_Router#Dear Javier ,
Thanks for your info. i already tested as you say. but still i can't use & ping to my internal IP which is behind cisco VPN router. i posted my config file.
OfficeVPN_Router(config)#ip access-list resequence 111 10 10
OfficeVPN_Router(config)#do sh run
Building configuration...
Current configuration : 2201 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname OfficeVPN_Router
boot-start-marker
boot-end-marker
enable secret 5 $1$E0Gz$U8UzNtHOXy2CeoEFj30by0
aaa new-model
aaa authentication login userlist local
aaa authorization network grouplist local
aaa session-id common
ip cef
no ip domain lookup
username asm privilege 15 password 0 pncsadmin
username user privilege 15 password 0 pncsadmin
username user1 privilege 15 password 0 pncsadmin
username cisco123 secret 5 $1$lCOc$Db.e8AFd/0f02ZI4/aeV./
crypto isakmp policy 10
encr aes
authentication pre-share
group 2
crypto isakmp client configuration group MWG
key cisco
dns 165.21.83.88
pool vpnpool
acl 101
netmask 255.255.0.0
crypto ipsec transform-set myset esp-aes esp-sha-hmac
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
crypto map mymap client authentication list userlist
crypto map mymap isakmp authorization list grouplist
crypto map mymap client configuration address initiate
crypto map mymap client configuration address respond
crypto map mymap 10 ipsec-isakmp dynamic dynmap
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface FastEthernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex full
speed 100
interface FastEthernet1/1
ip address 200.200.200.200 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map mymap
ip local pool vpnpool 172.60.1.10 172.60.1.100
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 200.200.200.201
no ip http server
no ip http secure-server
ip nat inside source list 111 interface FastEthernet1/1 overload
access-list 101 permit ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
access-list 111 deny ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
control-plane
gatekeeper
shutdown
line con 0
exec-timeout 0 0
password cisco123
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password cisco123
end -
Weird - can connect to both instances - but not to main SID
As a newbie to RAC I got stuck...
after installation of grid, db SW and a sample DB "QRC" with dbca I can connect to both instances QRC1 and QRC2,
but not to QRC - here sqlplus tells me "connected to an idle instance"
What did I mix up??
rac11a ~ RDBMS > srvctl start database -d QRC -o open
PRCR-1004 : Resource ora.qrc.db is already running
rac11a ~ RDBMS >
[root@rac11a ~]# crsctl status res -t
NAME TARGET STATE SERVER STATE_DETAILS
Local Resources
ora.LISTENER.lsnr
ONLINE ONLINE rac11a
ONLINE ONLINE rac11b
ora.asm
OFFLINE OFFLINE rac11a
OFFLINE OFFLINE rac11b
ora.eons
ONLINE ONLINE rac11a
ONLINE ONLINE rac11b
ora.gsd
OFFLINE OFFLINE rac11a
OFFLINE OFFLINE rac11b
ora.net1.network
ONLINE ONLINE rac11a
ONLINE ONLINE rac11b
ora.ons
ONLINE ONLINE rac11a
ONLINE ONLINE rac11b
Cluster Resources
ora.LISTENER_SCAN1.lsnr
1 ONLINE ONLINE rac11b
ora.LISTENER_SCAN2.lsnr
1 ONLINE ONLINE rac11a
ora.LISTENER_SCAN3.lsnr
1 ONLINE ONLINE rac11a
ora.oc4j
1 OFFLINE OFFLINE
ora.qrc.db
1 ONLINE ONLINE rac11a Open
2 ONLINE ONLINE rac11b Open
ora.rac11a.vip
1 ONLINE ONLINE rac11a
ora.rac11b.vip
1 ONLINE ONLINE rac11b
ora.scan1.vip
1 ONLINE ONLINE rac11b
ora.scan2.vip
1 ONLINE ONLINE rac11a
ora.scan3.vip
1 ONLINE ONLINE rac11a
[root@rac11a ~]#
rac11a ~ RDBMS > tnsping qrc
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 02-FEB-2012 09:20:54
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = qrcscan.ddnett.de)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = QRC.ditanett)))
OK (40 msec)
rac11a ~ RDBMS > env | grep ORA
dbms_type=ORA
ORACLE_SID=QRC
ORACLE_BASE=/oracle/QRC
ORACLE_HOME=/oracle/QRC/11202
rac11a ~ RDBMS >
rac11a ~ RDBMS > sqlplus " / as sysdba"
SQL*Plus: Release 11.2.0.1.0 Production on Thu Feb 2 09:21:04 2012
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to an idle instance.
SQL>
rac11a ~ RDBMS > lsnrctl status
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 02-FEB-2012 08:23:25
Uptime 0 days 1 hr. 16 min. 21 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /oracle/LOCAL/GRID/11202/network/admin/listener.ora
Listener Log File /oracle/LOCAL/BASE/diag/tnslsnr/rac11a/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.141)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.241)(PORT=1521)))
Services Summary...
Service "QRC.ditanett" has 1 instance(s).
Instance "QRC1", status READY, has 1 handler(s) for this service...
Service "QRCXDB.ditanett" has 1 instance(s).
Instance "QRC1", status READY, has 1 handler(s) for this service...
The command completed successfully
rac11a ~ RDBMS >
rac11b ~ RDBMS > lsnrctl status
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
Alias LISTENER
Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
Start Date 02-FEB-2012 08:24:02
Uptime 0 days 1 hr. 17 min. 12 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /oracle/LOCAL/GRID/11202/network/admin/listener.ora
Listener Log File /oracle/LOCAL/BASE/diag/tnslsnr/rac11b/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.142)(PORT=1521)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=192.168.2.242)(PORT=1521)))
Services Summary...
Service "QRC.ditanett" has 1 instance(s).
Instance "QRC2", status READY, has 1 handler(s) for this service...
Service "QRCXDB.ditanett" has 1 instance(s).
Instance "QRC2", status READY, has 1 handler(s) for this service...
The command completed successfully
rac11b ~ RDBMS >Hi,
after installation of grid, db SW and a sample DB "QRC" with dbca I can connect to both instances QRC1 and QRC2,
rac11a $ env | grep ORA
dbms_type=ORA
ORACLE_SID=QRC
ORACLE_BASE=/oracle/QRC
ORACLE_HOME=/oracle/QRC/11202
rac11a ~ RDBMS >
rac11a $ sqlplus " / as sysdba"
SQL*Plus: Release 11.2.0.1.0 Production on Thu Feb 2 09:21:04 2012
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to an idle instance.
SQL>
The Oracle System ID (SID) is used to uniquely identify a particular database on a system. For this reason, one cannot have more than one database with the same SID on a host.
When using RAC, all instances belonging to the same database must have unique SID's even using different hosts.
So, you must set ORACLE_SID to QRC1 where Instance 1 is running or QRC2 where Instance 2 is running.
To know where instance number is running you can get this info following steps below:
$GRID_HOME/bin/olsnodes -n
lnxora01 1
lnxora02 2In example above all instance created by DBCA on lnxora01 will have prefix 1 (e.g db QRC will have QRC1) and on lnxora02 will have prefix 2. (it's not a rule, because I can set manually the number of instance as I wish)
Or exists another way to find it: (on local node)
ps -ef |grep pmon
ora_pmon_QRC1 So, to connect just set right ORACLE_SID
eg:
export ORACLE_SID=QRC1
sqlplus / as sysdbaRegards,
Levi Pereira -
I created new RAC DB, how i can connect to sql?
export ORACLE_SID=testtest.test.com - esm01p:/opt/oracle
set $ORACLE_HOME=/opt/oracle/10.2.0.1.0ricsflgrd401.ric.infineon.com - esm01p:/opt/oracle
sqlplus /nologSQL*Plus: Release 10.2.0.1.0 - Production on Tue Oct 31 11:36:31 2006
Copyright (c) 1982, 2005, Oracle. All rights reserved.
SQL> connect /as sysdba;
Connected to an idle instance.
I created new RAC DB, how i can connect to sql?Instead of the database name, try the instance name with number.
-bash-3.00$ crsstat
HA Resource Target State
ora.racdev.db ONLINE ONLINE on tstorarac01
ora.racdev.racdev1.inst ONLINE ONLINE on tstorarac01
ora.racdev.racdev2.inst ONLINE ONLINE on tstorarac02
ora.racdev.racdev3.inst ONLINE ONLINE on tstorarac03
-bash-3.00$ export ORACLE_SID=racdev
-bash-3.00$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.2.0 - Production on Tue Oct 31 10:55:03 2006
Copyright (c) 1982, 2005, Oracle. All Rights Reserved.
Connected to an idle instance.
SQL> exit
Disconnected
-bash-3.00$ export ORACLE_SID=racdev1
-bash-3.00$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.2.0 - Production on Tue Oct 31 10:55:15 2006
Copyright (c) 1982, 2005, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - 64bit Production
With the Partitioning, Real Application Clusters and Data Mining options
SQL> -
I have a network of 9 macs that connect via ethernet and a router. All of a sudden one of the macs cannot be connected to. It can connect to all others and the internet, but no one can connect to that one. I have appletalk active and file sharing on, but everytime someone tries to connect to it, it is not on the network. Additionally, the personal file sharing keeps turning off even though I have it locked. Any ideas?
Hi orangekay
not sure where you got the idea that I have
bizarre encrypted filesystem plugins and scripts you have manipulating them all the time
because I do not have any such running, just normal Applescripts that do tasks that could be done by hand. -
I installed windows 7 to my macbook pro, but my mousepad does not work in windows 7 and also i can not connect my windows 7 to projector, but i can use my macbook's mouse pad and i can connect my mac to projector,so please help me for windows 7 problem
i try to download now, do you think when i download and install the windows support software, can i fix the problem?
-
I have a black Macbook 4,1 running 10.7.5, an iMac 11,3 running 10.7.5 and a new Macbook Air 6,2 running 10.9.5., I have file sharing turned on on all machines. All machines are visible and I can connect all machines except for the Macbook Air. The Macbook air can see the other 2 Macs but does not connect to either of them or even give me the option to connect as a guest or a registered user. The other Macs connect to the Macbook Air but it will not connect with them. Any help is appreciated. Thank You.
The warranty entitles you to complimentary phone support for the first 90 days of ownership.
-
Hey everyone, I've been experiencing this problem for a very long time, my Macbook Pro has a lot of trouble connecting to my Belkin N1 wireless, however, when I sit far away from the router I seem to be able to connect and use the internet, though I have a lot of 'System Timeout' and have to reboot my wireless. After we moved houses, my room is extremely near the wireless, and before the Belkin was formatted with a password, I was able to use the internet without a problem. However, now I can connect to the wireless, and Network Diagnostics tells me that everything is good to go, however, I just can't seem to use the internet. No pages will load, I've tried everything changing proxies, looking through my security certificates and tried using IP addresses instea of website names and nothing seems to work.
I've gone to the store and have always been dismissed, with the excuse that Belkin is just not compatible my Macbook. I'm not technologically savvy, but I can follow instructions.
Thank you in advance!Hello blinchikis. Welcome to the Apple Discussions!
Which Belkin model do you have? Are you running wireless encyption, WEP or WPA? If so, if you temporarily disable encryption, can you connect your iBook to the Internet now? How about if you connect your iBook, directly using an Ethernet cable? -
Just bought MacBook Pro, cannot connect to the Internet at home. I have wifi at home and my iPad and cell phone can connect to the wifi
*** When you post for help, please state which OS X is installed.
If you aren't sure, click About this Mac from your Apple menu
Troubleshooting advice can depend on that information. -
The circuit of my macbook is dead yet the hard drive is fine. I need to access a file from the hard drive, how can i do this? The mac turns on the screen freezes as bright blue. Is there a cable i can connect to another mac that will let me transfer the file?
There is another option if the Macbook will start up in Target Disk Mode.
Restart the computer while holding down the T key. If you see the firewire symbol moving around on the screen you can connect this one to another one in TDM. You will need a suitable cable to connect the two Macs.
http://support.apple.com/kb/ht1661
Firewire symbol: -
Cisco ASA 5510 - Cisco Client Can Connect To VPN But Can't Ping!
Hi,
I have an ASA 5510 with the configuration below. I have configure the ASA as remote access vpn server with cisco vpn client, my problem now is I can connect but I can't ping.
Config
ciscoasa# sh run
: Saved
ASA Version 8.0(3)
hostname ciscoasa
enable password 5QB4svsHoIHxXpF/ encrypted
names
name xxx.xxx.xxx.xxx SAP_router_IP_on_SAP
name xxx.xxx.xxx.xxx ISA_Server_second_external_IP
name xxx.xxx.xxx.xxx Mail_Server
name xxx.xxx.xxx.xxx IncomingIP
name xxx.xxx.xxx.xxx SAP
name xxx.xxx.xxx.xxx WebServer
name xxx.xxx.xxx.xxx cms_eservices_projects_sharepointold
name 192.168.2.2 isa_server_outside
interface Ethernet0/0
nameif outside
security-level 0
ip address IncomingIP 255.255.255.248
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.253 255.255.255.0
management-only
passwd 123
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
object-group service TCP_8081 tcp
port-object eq 8081
object-group service DM_INLINE_TCP_1 tcp
port-object eq 3389
port-object eq ftp
port-object eq www
port-object eq https
port-object eq smtp
port-object eq pop3
port-object eq 3200
port-object eq 3300
port-object eq 3600
port-object eq 3299
port-object eq 3390
port-object eq 50000
port-object eq 3396
port-object eq 3397
port-object eq 3398
port-object eq imap4
port-object eq 587
port-object eq 993
port-object eq 8000
port-object eq 8443
port-object eq telnet
port-object eq 3901
group-object TCP_8081
port-object eq 1433
port-object eq 3391
port-object eq 3399
port-object eq 8080
port-object eq 3128
port-object eq 3900
port-object eq 3902
port-object eq 7777
port-object eq 3392
port-object eq 3393
port-object eq 3394
port-object eq 3395
port-object eq 92
port-object eq 91
port-object eq 3206
port-object eq 8001
port-object eq 8181
port-object eq 7778
port-object eq 8180
port-object eq 22222
port-object eq 11001
port-object eq 11002
port-object eq 1555
port-object eq 2223
port-object eq 2224
object-group service RDP tcp
port-object eq 3389
object-group service 3901 tcp
description 3901
port-object eq 3901
object-group service 50000 tcp
description 50000
port-object eq 50000
object-group service Enable_Transparent_Tunneling_UDP udp
port-object eq 4500
access-list inside_access_in remark connection to SAP
access-list inside_access_in extended permit ip 192.168.2.0 255.255.255.0 host SAP_router_IP_on_SAP
access-list inside_access_in remark VPN Outgoing - PPTP
access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any eq pptp
access-list inside_access_in remark VPN Outgoing - GRE
access-list inside_access_in extended permit gre 192.168.2.0 255.255.255.0 any
access-list inside_access_in remark VPN - GRE
access-list inside_access_in extended permit gre any any
access-list inside_access_in remark VPN Outgoing - IKE Client
access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq isakmp
access-list inside_access_in remark VPN Outgoing - IPSecNAT - T
access-list inside_access_in extended permit udp 192.168.2.0 255.255.255.0 any eq 4500
access-list inside_access_in remark DNS Outgoing
access-list inside_access_in extended permit udp any any eq domain
access-list inside_access_in remark DNS Outgoing
access-list inside_access_in extended permit tcp any any eq domain
access-list inside_access_in remark Outoing Ports
access-list inside_access_in extended permit tcp 192.168.2.0 255.255.255.0 any object-group DM_INLINE_TCP_1
access-list inside_access_in extended permit ip 172.16.1.0 255.255.255.0 any
access-list outside_access_in extended permit ip any any
access-list outside_access_in extended permit tcp any any eq pptp
access-list outside_access_in extended permit gre any any
access-list outside_access_in extended permit gre any host Mail_Server
access-list outside_access_in extended permit tcp any host Mail_Server eq pptp
access-list outside_access_in extended permit esp any any
access-list outside_access_in extended permit ah any any
access-list outside_access_in extended permit udp any any eq isakmp
access-list outside_access_in extended permit udp any any object-group Enable_Transparent_Tunneling_UDP
access-list VPN standard permit 192.168.2.0 255.255.255.0
access-list corp_vpn extended permit ip 192.168.2.0 255.255.255.0 172.16.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool POOL 172.16.1.10-172.16.1.20 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-603.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 2 Mail_Server netmask 255.0.0.0
global (outside) 1 interface
global (inside) 2 interface
nat (inside) 0 access-list corp_vpn
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp Mail_Server 8001 ISA_Server_second_external_IP 8001 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 8000 ISA_Server_second_external_IP 8000 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server pptp isa_server_outside pptp netmask 255.255.255.255
static (inside,outside) tcp Mail_Server smtp isa_server_outside smtp netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 587 isa_server_outside 587 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 9444 isa_server_outside 9444 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 9443 isa_server_outside 9443 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3389 isa_server_outside 3389 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3390 isa_server_outside 3390 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server 3901 isa_server_outside 3901 netmask 255.255.255.255
static (inside,outside) tcp SAP 50000 isa_server_outside 50000 netmask 255.255.255.255
static (inside,outside) tcp SAP 3200 isa_server_outside 3200 netmask 255.255.255.255
static (inside,outside) tcp SAP 3299 isa_server_outside 3299 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server www isa_server_outside www netmask 255.255.255.255
static (inside,outside) tcp Mail_Server https isa_server_outside https netmask 255.255.255.255
static (inside,outside) tcp Mail_Server pop3 isa_server_outside pop3 netmask 255.255.255.255
static (inside,outside) tcp Mail_Server imap4 isa_server_outside imap4 netmask 255.255.255.255
static (inside,outside) tcp cms_eservices_projects_sharepointold 9999 isa_server_outside 9999 netmask 255.255.255.255
static (inside,outside) 192.168.2.0 access-list corp_vpn
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set transet esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map dynmap 10 set pfs
crypto dynamic-map dynmap 10 set transform-set transet ESP-3DES-SHA
crypto map cryptomap 10 ipsec-isakmp dynamic dynmap
crypto map cryptomap interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no crypto isakmp nat-traversal
telnet 192.168.2.0 255.255.255.0 inside
telnet 192.168.1.0 255.255.255.0 management
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx interface inside
dhcpd domain domain.local interface inside
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics access-list
tftp-server management 192.168.1.123 /
group-policy mypolicy internal
group-policy mypolicy attributes
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN
username vpdn password 123
username vpdn attributes
vpn-group-policy mypolicy
service-type remote-access
tunnel-group mypolicy type remote-access
tunnel-group mypolicy general-attributes
address-pool POOL
default-group-policy mypolicy
tunnel-group mypolicy ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect pptp
service-policy global_policy global
prompt hostname context
Cryptochecksum:b8bb19b6cb05cfa9ee125ad7bc5444ac
: end
Thank you very much.Here is the output:
ciscoasa# packet-tracer input outside icmp 172.16.1.10 8 0 192.168.2.1
Phase: 1
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 2
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
static (inside,outside) 192.168.2.0 access-list corp_vpn
nat-control
match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
static translation to 192.168.2.0
translate_hits = 0, untranslate_hits = 139
Additional Information:
NAT divert to egress interface inside
Untranslate 192.168.2.0/0 to 192.168.2.0/0 using netmask 255.255.255.0
Phase: 3
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group outside_access_in in interface outside
access-list outside_access_in extended permit ip any any
Additional Information:
Phase: 4
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
Additional Information:
Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype: rpf-check
Result: ALLOW
Config:
static (inside,outside) 192.168.2.0 access-list corp_vpn
nat-control
match ip inside 192.168.2.0 255.255.255.0 outside 172.16.1.0 255.255.255.0
static translation to 192.168.2.0
translate_hits = 0, untranslate_hits = 140
Additional Information:
Phase: 11
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule -
How I can connect MBP early 2010 with a TV by HDMI
I have a MBP early 2011, with a Firewire 800 conecction, a thunderbolt conecction an 2 USB 2.0 Conex, so how can I connect a hdmi tv with my MBP, because my old DVI cable can´t connect. I don´t know if the miniDVI can connect in some port I have.
Thank YouTrue but read beyond the title to his question, says 2011 and a TB port. I guess it's which one you want to believe...
-
How can connect my macbook pro mid 2012 to my imac 21.5 inch mid 2010 ?? I want to use imac like a display for macbook.
Target Display Mode: Frequently Asked Questions (FAQ)
with a mini display to mini display cable. Attach it to the Thunderbolt port on your MBP and to the mini display port on your iMac.
How do I enable TDM?
Make sure both computers are turned on and awake.
Connect a male-to-male Mini DisplayPort or ThunderBolt cable to each computer.
Press Command-F2 on the keyboard of the iMac being used as a display to enable TDM.
Note: In Keyboard System Preferences, if the checkbox is enabled for "Use all F1, F2, etc. keys as standard functions keys," the key combination changes to Command-Fn-F2. -
i am setting u a new time capsule. i already have a wifi setup in my office. now i want to use this time capsule just as a wireless backup machine. do i still need to attached a DSL cable, or it can connect to my existing wifi and start working ?
You probably can, but this type of configuration is not recommended or supported by Apple.
Two cautions if you want to try this:
1) The Time Capsule has to be configured to "Join" your existing wireless network in this type of setup...and to do that, you must know the exact type of wireless security that your network is using.
2) Backups are likely going to take twice as long. The wireless signal must travel from your computer to the wireless router and then from the wireless router back to the Time Capsule. Two "hops"......even if the computer is located close to the Time Capsule.
If you want to try this, we can tell you how....but with no guarantees on your results....since this is not officially supported. -
How many users can connect to a shared drive on a non-server workstation?
How many users can connect to a shared drive on a non-server workstation? We're waiting for our server to arrive and in the interum we're using a Pegasus 2 R6 attached to an iMac running Mavericks as our fileserver. It's been sketchy, the connection to the server being dropped once in a while or the inability to mount the drive after a week of success. The Pegasus we're using now will be attached to a server once it arrives. For now I need to figure what's coausing trouble before I commit to this being our main storage as planned. The data is backed up every night so I'm not worried, its the usability issues. 5-7 people are mounting this drive and opening/saving at the same time. Is there a limit to Maverick's fileserving ability that may be causing this? Understandable if so.
The file server in the client version of OS X has a default limit of 10 simultaneous connections. That limit can be raised by installing OS X Server, or lowered by setting a hidden preference. Assuming you've done neither, you may be able to solve the problem temporarily by stopping and restarting file sharing in the Sharing preference pane, or permanently by setting another hidden preference on the server to break idle connections quickly.
defaults write /Library/Preferences/com.apple.AppleFileServer idleDisconnectOnOff -bool YES
Stop and restart file sharing. To reverse the change, run this command in the same way:
defaults write /Library/Preferences/com.apple.AppleFileServer idleDisconnectOnOff -bool NO
Credit for this solution to ASC member suter:
this file server will not allow any additional users to log on
Maybe you are looking for
-
Video out to tv and monitor adaptors......
how come the video out is different in the new alu imac compared to the old white imac....i had a white flat panel 17inch 1.4ghz model and i bought the white video adaptors for hooking up a 2nd monitor or going to a tv and now they dont fit on the ne
-
we are upgrading from ACS 2.6 to 4.1 should we order the upgrade software (CSACS-4.1-WINUP-K9) or should we order the regular package (CSACS-4.1-WIN-K9)since 2.6 is so out of date?
-
Photos not restored from backup?!
I backed up my iphone 4 and then restored it to original settings. When I tried to restore from my back up on itunes my music and photos were gone. I do not know what to do, any help? If I took the phone to an apple store would they be able to fix it
-
as this is a urgent req. pls can any one suggest what r the diff. screen exits in va01 tcode and how ton find them. thanx and regards
-
I've experienced a bug with my N80 since I got it -- after a while (can't tell how long, differs) it refuses do dial. No matter what I try -- select a name from the contact list, dial a number directly, dial someone from the log -- it does nothing, a