F5-asm and ace forward and reverse traffic
Hi all,
In our datacentre setup , we have f5 asm & ace- cisco for loadbalancing
in which f5 is configured with self ip& below the selfip,the nodeip is there which is inturn the
virtual ip for Ace t2 context
the incoming traffic on f5 is like
Publicip:xx--> f5.selfip:80-->Ace virtualip:yy
for the ace request handling is of below
Ace.virtualip:yy-->Rserver:xx
but here the issue is that reverse http response flow is some what not analogous
rserver:xx-->f5.selfip:80 & back to the Public ip
myquery is that why the reply back from the rserver is not given back to ace virtual ip, but to the
selfip of f5
Good morning,
You need to configure your routing in a way that the return traffic goes through the ACE. If you don't, you may end up in the situation you are seeing
Daniel
Similar Messages
-
My file, edit, view, history, bookmarks, tools, and help buttons at the top of the screen are gone, along with my forward and back button.
For details of how to restore it, see https://support.mozilla.com/kb/menu+bar+is+missing
Once the menu bar is restored, you can use the Toolbars entry in the View menu to restore other toolbars such as the navigation toolbar. -
I am running on a Mac (Lion) with FF 25.0. I typically hide the toolbar because I like to max out my screen space without having to go into full screen mode. So I typically use a custom keyboard command to navigate forward and back during my browser session, but occasionally the keyboard command fails and the page is unresponsive. In the past all I had to do was go up to the History drop down menu and choose "Back" or "Forward". I would also use the "Home" selection to get back to my homepage. But ever since I updated to 25.0 those selection are now gone from the History menu.
Is there any way to restore them? And are they gone for all users (was this a global change) or are one of my add-ons simply not playing nice and causing this problem? TIA!On WinXP Back, Forward, and Home was last in the Firefox 3.6 versions and disappeared as of Firefox 4.0 - and hasn't been seen since.
Doesn't the Mac OSX versions of Firefox have Back and Forward in the context menu (right-click), as Windows and Linux versions do? -
How can I disable the mouse button 4 and 5 "forward" and "back" functions through firefox?
I've seen this problem come up on forums before but was unable to find a good solution.
When using Ventrilo, I have my speak button bound to the mouse button 4 of my logitech mouse. This button is conveniently placed for gaming because it makes use of my otherwise unused right thumb, and I have been using it for years and probably couldn't adjust if i tried to change it.
Firefox uses mouse button 4 for the "back" function, meaning that if i'm on ventrilo while browsing the web with firefox, i have to remember to move the cursor to the menu bar at the bottom of my screen or go back a page. it's infuriating if i forgot, especially if i'm playing some sort of browser game at the time, as i basically have to restart whatever i'm doing.
The only solutions i've found for this involve binding mouse button 4 to some other (rarely used) key, which is an annoying solution at best, or changing some vital computer files, which I dont have the expertise to do myself and dont trust anyone else to do for me. It's an absolutely unacceptable solution anyway: why should i have to change my computer's files to disable a function which should be editable through firefox?
does anyone know how this can be fixed? or know how we can get mozilla to put this feature into some future patch, as other people have been asking them to do for YEARS?This can be a highly frustrating problem. I just spent 45 minutes working on an email. Nearing the end I go to grab my mouse after typing and accidentally hit mouse 4 and lose everything. This isn't the first time I have lost work or an email. I would say the ONLY reason why there currently lacks a strong feedback against this is because the majority of people do not have mouse 4+5 buttons on their mice. Please add the option to just disable this "feature". It's just far to easy to accidentally hit these buttons accidentally and potentially lose a lot. I don't know anyone who actually uses these buttons anyways.
-
I tried to reply to an email and could not write a reply in the response box. I could not even attach a file. So I tried opening a new message box and I still could not compose a message. It appears there is an error the coding. Please fix it a soon as possible. This happens to be my lifeline.
Many Thanks!Thank you very much for the response Jason and I am sorry for the late reply but as usual life got in the way.
I ended up doing some more experimentation and I did fix the bug you pointed out. When this didn't solve the problem I started to look at other files. It turned out that my .bash_aliases file was the real culprit. The offending line was:
alias su='su -l | cd ~/' # invokes a login shell then changes to root's home directory
I fixed the issue by changing that line to read:
alias su='su -l ' # invokes a login shell then changes to root's home directory
As always thank you for the help, -
Viewing video files in a finder window used to have f.forward and rewind arrows
In Leopard, when i would highlight one of my video files, i would get the "play >" and "Fast Forward >>" and "rewind <<" arrows, along with a timeline "thermometer" indicator
now with Lion, all i get is a countdown clock in the middle of the video in the finder window.
is there a way to get the "play" "FF" "RW" and "timeline thermometer" indicator back?
thanks for your helpbump
anybody know? -
Port forwarding and DMZ refuses to work properly on WRT54G wireless router.
I have a network setup on the wireless WRT54G version 8 (with latest firmware) router and port forwarding and DMZ refuse to work correctly. I'm trying to use bittorrent and connect my xbox360 to my computer and neither work properly even after setting up port forwarding in the "Applications and Gaming" tab.
here's a screenshot of my port forwarding page:
http://img205.imageshack.us/img205/1497/linksysbg2.jpg
here's a screenshot of the DMZ page (my computer's IP ends in 102 obviously):
http://img510.imageshack.us/img510/2131/linksys1rf5.jpg
now, I've experienced this type of problem before. On a different linksys router a year or 2 back I remember the DMZ never working on that one either and I eventually had to buy a d-link router which worked perfectly. I'm only using this wireless router because it's my roommates and he brought it up. Somebody please explain to me why this isn't working correctly. I am becoming more and more frustrated as I lose faith in linksys routers. ThanksDid you tired upgrade of the firmware on the router??
Also after upgrade reset & reconfigure the router for few seconds ... so that the firmware works properly for longer time .... -
How do I make my Timeline play forward or reverse depending on its current location?
I'm attempting to make a side scrolling site. I have a wide div set up in the main timeline that animates 1000px at a time on the x-coordinate between the labels I have set for each "page".
I would like to click a button and go to the associated label and stop. I am faced with 2 problems:
1. Sometimes this would require the playhead to move in reverse rather than forward.
2. I originally had stop triggers on the timeline under the labels but if I am able to get my first problem fixed these triggers would stop the animatin before reaching the label.
I'm just learning java so I'm guessing I need an if statement and a function.
Example of what I'm trying to figure out:
I want to press work button and play to label "work".
If I'm at label "home" I need to play(); and stop at label "work". If I were at label "blog" I would need to playReverse(); to label "work".
Please help! I've been going looney trying to figure it out!Thank you for your reply!
My post may have been a little misleading...
I have a navigation bar with 5 items. Home, work, blog, about, contact. My main timeline has a symbol that is 6000px wide. Inside that symbol are individual symbols that make each of these "pages" which are 1000px each. My timeline has animations that last 1.5 secs each and animate the main symbol 1000px on the x dimension to stop on the main stage which is 1000px. Essentially it creates a 5 "page" side scrolling layout. I have the five labels on the timeline starting at 0s with "home", 1.5s labeled "work", 3s labeled "blog"... etc.
I wish to be able to click blog and travel forward or reverse on the timeline and then stop on "blog". Then If you click home you should reverse along the timeline and stop on "home". If I have any stop(); triggers on the timeline it would stop in transition to my target label without reaching it. In addition a generic play(); or playReverse(); doesnt target a specific label which is whats required for my navigation bar.
I need to play forward or reverse from the current location on the timeline and stop when it reaches a specific label. Visually you would be sliding back and forth across the pages as you use the navigation.
Is there a way to do this with variables?
I'm going to try triggers on the timeline like this sym.setVariable("pageValue", "home"); when on the "home" label. sym.setVariable("pageValue", "work"); when on the "work" label.
but then how would I tie that to my buttons?
If I click work and I'm on home I need it to check: var myVariable = sym.getVariable("pageValue"); and then an if or else statement I think? I'm such a noob. I'm trying really hard to grasp it
something like: if pageValue = "home" { sym.play();} else if pageValue = "blog","about","contact" {sym.playReverse} if pageValue = "work" {sym.stop();};
I know there is probably all kinds of syntax errors there but can someone understand what I'm getting at?
to make this even more tricky I am interacting with the stage with an html and css navigation bar that lays over the stage so I need this to be in function style (see code)
function goHome()
javascript:var targetComp = AdobeEdge.getComposition('EDGE-57204389');
targetComp.getStage().playReverse();
and then call it like this in html
<li><a href="javascript:goHome();" class="three-d">
Dynamic
<span class="three-d-box"><span class="front">Dynamic</span><span class="back">Artisans</span></span>
</a></li>
This works to play the stage in reverse but its not the functionality I need. Any help would be greatly appreciated and a great learning point for me and hopefully others in my situation! -
Asymmetric NAT rules matched for forward and reverse flows - NAT Issue
Having a problem with a VPN site trying to communicate to a subnet off my ASA 5505. The network is simple, VPN IPSEC remote site is 192.168.6.0/24 and I can ping and access hosts on 192.168.10.0/24 (called InfraNet). I am now trying to allow communications between 192.168.6.0/24 (called FD_net) to 192.168.9.0/24 (called Inside)
The Error:
5 Nov 12 2012 13:52:50 192.168.9.19 Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:192.168.6.11 dst inside:192.168.9.19 (type 8, code 0) denied due to NAT reverse path failure
I understand this is a NAT issue; but I not seeing the error and could use a second set of eyes. Here's my current running configuration.
: Saved
ASA Version 8.3(2)
hostname fw1
domain-name xxxxxxxx.xxx
enable password <removed>
passwd <removed>
names
interface Vlan1
description Town Internal Network
nameif inside
security-level 100
ip address 192.168.9.1 255.255.255.0
interface Vlan2
description Public Internet
nameif outside
security-level 0
ip address 173.xxx.xxx.xxx 255.255.255.248
interface Vlan3
description DMZ (CaTV)
nameif dmz
security-level 50
ip address 192.168.2.1 255.255.255.0
interface Vlan10
description Infrastructure Network
nameif InfraNet
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan13
description Guest Wireless
nameif Wireless-Guest
security-level 25
ip address 192.168.1.1 255.255.255.0
interface Vlan23
nameif StateNet
security-level 75
ip address 10.63.198.2 255.255.255.0
interface Vlan33
description Police Subnet
shutdown
nameif PDNet
security-level 90
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport trunk allowed vlan 1,5,10,13
switchport trunk native vlan 1
switchport mode trunk
speed 100
duplex full
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
switchport trunk allowed vlan 1,10,13
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/5
switchport access vlan 23
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport trunk allowed vlan 1
switchport trunk native vlan 1
switchport mode trunk
shutdown
banner exec Access Restricted to Personnel Only
banner login Access Restricted to Personnel Only
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name xxxxxxx.xxx
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object service IMAPoverSSL
service tcp destination eq 993
description IMAP over SSL
object service POPoverSSL
service tcp destination eq 995
description POP3 over SSL
object service SMTPwTLS
service tcp destination eq 465
description SMTP with TLS
object network obj-192.168.9.20
host 192.168.9.20
object network obj-claggett-https
host 192.168.9.20
object network obj-claggett-imap4
host 192.168.9.20
object network obj-claggett-pop3
host 192.168.9.20
object network obj-claggett-smtp
host 192.168.9.20
object network obj-claggett-imapoverssl
host 192.168.9.20
object network obj-claggett-popoverssl
host 192.168.9.20
object network obj-claggett-smtpwTLS
host 192.168.9.20
object network obj-192.168.9.120
host 192.168.9.120
object network obj-192.168.9.119
host 192.168.9.119
object network obj-192.168.9.121
host 192.168.9.121
object network obj-wirelessnet
subnet 192.168.1.0 255.255.255.0
object network WirelessClients
subnet 192.168.1.0 255.255.255.0
object network obj-dmznetwork
subnet 192.168.2.0 255.255.255.0
object network FD_Firewall
host 74.94.142.229
object network FD_Net
subnet 192.168.6.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0
object network obj-TownHallNet
subnet 192.168.9.0 255.255.255.0
object network obj_InfraNet
subnet 192.168.10.0 255.255.255.0
object-group service EmailServices
description Normal Email/Exchange Services
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_1
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq pop3
service-object tcp destination eq https
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_2
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group network obj_clerkpc
description Clerk's PCs
network-object object obj-192.168.9.119
network-object object obj-192.168.9.120
network-object object obj-192.168.9.121
object-group network TownHall_Nets
network-object 192.168.10.0 255.255.255.0
network-object object obj-TownHallNet
object-group network DM_INLINE_NETWORK_1
network-object 192.168.10.0 255.255.255.0
network-object 192.168.9.0 255.255.255.0
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any host 192.168.9.20
access-list StateNet_access_in extended permit ip object-group obj_clerkpc any
access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object FD_Net
pager lines 24
logging enable
logging asdm debugging
logging mail errors
logging from-address hostmaster@xxxxxxxxx
logging recipient-address john@xxxxxxxxx level errors
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu Wireless-Guest 1500
mtu StateNet 1500
mtu InfraNet 1500
mtu PDNet 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-635.bin
no asdm history enable
arp timeout 14400
nat (InfraNet,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
nat (inside,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
object network obj_any
nat (inside,outside) static interface
object network obj-claggett-https
nat (inside,outside) static interface service tcp https https
object network obj-claggett-imap4
nat (inside,outside) static interface service tcp imap4 imap4
object network obj-claggett-pop3
nat (inside,outside) static interface service tcp pop3 pop3
object network obj-claggett-smtp
nat (inside,outside) static interface service tcp smtp smtp
object network obj-claggett-imapoverssl
nat (inside,outside) static interface service tcp 993 993
object network obj-claggett-popoverssl
nat (inside,outside) static interface service tcp 995 995
object network obj-claggett-smtpwTLS
nat (inside,outside) static interface service tcp 465 465
object network obj-192.168.9.120
nat (inside,StateNet) static 10.63.198.12
object network obj-192.168.9.119
nat (any,StateNet) static 10.63.198.10
object network obj-192.168.9.121
nat (any,StateNet) static 10.63.198.11
object network obj-wirelessnet
nat (Wireless-Guest,outside) static interface
object network obj-dmznetwork
nat (any,outside) static interface
object network obj_InfraNet
nat (InfraNet,outside) static interface
access-group outside_access_in in interface outside
access-group StateNet_access_in in interface StateNet
route outside 0.0.0.0 0.0.0.0 173.166.117.190 1
route StateNet 10.0.0.0 255.0.0.0 10.63.198.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable 5443
http 192.168.9.0 255.255.255.0 inside
http 74.xxx.xxx.xxx 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 173.xxx.xxx.xxx
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.9.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.9.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd lease 10800
dhcpd auto_config outside
dhcpd address 192.168.2.100-192.168.2.254 dmz
dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
dhcpd enable dmz
dhcpd address 192.168.1.100-192.168.1.254 Wireless-Guest
dhcpd enable Wireless-Guest
threat-detection basic-threat
threat-detection statistics host number-of-rate 2
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 63.240.161.99 source outside prefer
ntp server 207.171.30.106 source outside prefer
ntp server 70.86.250.6 source outside prefer
webvpn
group-policy FDIPSECTunnel internal
group-policy FDIPSECTunnel attributes
vpn-idle-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec
username support password <removed> privilege 15
tunnel-group 173.xxx.xxx.xxx type ipsec-l2l
tunnel-group 173.xxx.xxx.xxx general-attributes
default-group-policy FDIPSECTunnel
tunnel-group 173.xxx.xxx.xxx ipsec-attributes
pre-shared-key *****
smtp-server 192.168.9.20
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:e4dc3cef0de15123f11439822880a2c7
: end
Any ideas would be appreciated.
JohnI don't see any inspection-commands in your config. Is there a reason for not using any of them?
If your problem is only with ICMP, then you should enable at least icmp-inspection. You can do that easiely with the legacy command " fixup protocol icmp"
Sent from Cisco Technical Support iPad App -
Port forwarding and LAN traffic suddenly stopped working
My WRT54G was chugging along happily for many months, and suddenly all port forwarding and local LAN traffic stopped flowing. All PCs behind the router on the LAN side can get to all WAN sites just fine, but they cannot ping one another. All of them can ping the router (192.168.1.1) just fine.
Any ideas?
Thanks,
CurtisI solved this. Turned out to not be the router at all, but the accidental enablement of the "Stateful Firewall" within my Cisco VPN client. Once this option is turned on, the machine gets isolated from the LAN, even when the VPN client isn't visibly running.
-
Forward and Reverse Pricing Calculations in the Same Pricing procedure
Hello,
I have a requirement where the Pricing has to set up to do the forward as reverse calculations in the same pricing procedure,For example:
There is :
PR00-Base Price
Less
K004:Discount(%)
will give
ZN00:Net Price
Less Cost
EK02
will give the Profit Margin-ZMAR
Forward calculation is possible as per SAP standard but the requirement is also to do reverse calculation such as
By entering Profit Margin-,The system should do a backward(Reverse calculation) and arrive on the Net price from the Net Price(ZN00) it should calculate the Duscount automatically.
Your inputs on this would be most helpful.
Regards
Mohammed Roshanhi,
In Sale Order / Billing, in normal circumstances, tax will be calculated on the base price. On the other hand, if you want the system to reverse calculate, you can achieve the same.
In normal circumstances, system will calculate as follows:-,
you maintained the PR00 of a material as Rs 200.00
and Discount Rs. 25.00
Net Value Rs.175.00
If you want to reverse calculate which means your invoice value itself should be Rs.200.00 which is inclusive of Discount. Then your Discount condition type (or in case there is tax, any tax condition type - MWST / UTXJ) have the Calculation Type as u201CHu201D
With the above settings, your actual PR00 value would be 225.00 only, though you maintained Rs.200.00 for PR00. -
How do i do a forward and reverse sweep two independent variables
Hi,
So I was looking through the post on how to do a forward and reverse sweep with a real-time x-y plot. I have a similar situation except that instead of sweeping (forward and reverse) of one variable, but instead two variables (in my case, I call it gate voltage G-S Volt and source-drain voltage S-D Volt). I understand how to do it with one variable as provided in previous posts, but I am caught when I add another variable to reverse sweep. I have attached my vi to this post. Any suggesstions is greatly appreciated. Thank you. Also, a little more details on my plot, I am plotting current vs gate voltage which forward and reverse sweepeing (gate and source-drain voltage)..
Attachments:
FET_Isd - Vg measurement_Vg_201.vi 45 KBjasonct,
It is very difficult to follow what your code is doing. It violates all of the style guide and good practice recommendation for LabVIEW code.
The diagram should fit on one screen. SubVIs can help. Generally dataflow eliminates the need for sequence structures. Stacked sequence structures in particular obscure the code. Local variables are prone to race conditions, violate dataflow, and are not needed for the uses you are making of them. Wiring should go right to left, with minimal numbers of bends. Comments documenting what you are doing are helpful to others looking at your code and to you next month when you wonder why you did it that way.
Lynn -
Forward and reverse coefficients
Hi all, I am a newbie here.
I am currently working on a filter project. I am required to design a filter in LabView based on the filter circuit and a list of coefficients given. (i have 512 coefficients here, so i dun think it is the 1 that i need)
I was thinking of using IIR filter to achieve this. The problem that i am facing now is i do not know how to determine the reverse coefficients and the forward coefficients input to IIR filter.
I would like to know if there is any formula or way to find these two coefficients? Is there any better way to create this filter in Labview?
I would really appreciate if anyone can help me in this. thanks thanks =)
Regads,
Hauo WahHai,
FIR or IIR filters are generic models that can be used to create other filters.
Dive into dspguru.com website to get detailed info on digital filters. I am attaching the smothing filter co-efficients vi along with this mail. This vi ships along with the professional development system of LabVIEW not sure about 6.1 having this VI.
The VI i have attached is converted to 8.0 version (i was able to convert up to that only!!) try converting to the version required.
Feel free to post for any queries.
With regards,
JK
(Certified LabVIEW Developer)
Give Kudos for Good Answers, and Mark it a solution if your problem is solved.
Attachments:
Smoothing Filter Coefficients.vi 21 KB -
Hi,
I have an ASA5510 running version 8.2(5). I have set up a new network on interface Ethernet0/1.777 of the fwl. The firewall works perfectly with remote access VPNs but has now given me the error with the new network that has been set up:
%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:10.159.159.3/49204 dst tru777:10.1.34.19/3389 denied due to NAT reverse path failure
The difference between the other networks and the new one that I have set up is that this is the first one using a private addressing scheme. I understand that NAT is not allowing something along the way but I cant figure out what needs to change in order to get it to work. My config is as follows:
interface Ethernet0/1.777
description TRU 777
vlan 777
nameif tru777
security-level 50
ip address 10.1.34.17 255.255.255.240 standby 10.1.34.18
access-list acl_tru777 remark * ALLOW ALL OUTBOUND *
access-list acl_tru777 extended permit ip any any
access-list RA-VPN extended permit ip 10.1.34.16 255.255.255.240 10.159.159.0 255.255.255.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 172.16.0.0 255.240.0.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list acl_ra-lock-tru777 extended permit ip 10.1.34.16 255.255.255.240 10.159.159.0 255.255.255.0
access-list acl_ra-lock-tru777 extended permit ip 10.159.159.0 255.255.255.0 10.1.34.16 255.255.255.240
ip local pool ra-pool 10.159.159.0-10.159.159.254 mask 255.255.255.0
nat (tru777) 4 access-list acl_no-nat
nat (tru777) 2 10.1.34.16 255.255.255.240
global (outside) 2 x.x.x.x
crypto isakmp nat-traversal 20
I think that is everything you should need, if not please just ask.
Thank you very much in advance,
ChrisHi Julio,
Here you go:
FWL01# sh nameif
Interface Name Security
Ethernet0/0 outside 0
Ethernet0/1 CLIENTS 50
Ethernet0/1.314 tru01 50
Ethernet0/1.313 dmz01 50
Ethernet0/1.316 tru02 50
Ethernet0/1.776 dmz776 50
Ethernet0/1.777 tru777 50
Management0/0 management 100
FWL01# sh run nat
nat (tru02) 1 192.168.3.0 255.255.255.240
nat (tru777) 4 access-list acl_no-nat
nat (tru777) 2 10.1.34.16 255.255.255.240
FWL01# sh run glob
global (outside) 1 interface
global (outside) 2 x.x.x.x
Thanks,
Chris -
Asymmetric NAT rules matched for forward and reverse flows
Hi! I don't know why this comes up in the logs when I have configured my vpn like so:
crypto dynamic-map L2L_MAP 50 set reverse-route
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 20 match address IDP_VPN
crypto map L2L_MAP 20 set peer x.x.x.x
crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 40 match address cp_l2l_map_40
crypto map L2L_MAP 40 set peer x.x.x.x
crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 60 match address bwi_l2l
crypto map L2L_MAP 60 set peer x.x.x.x
crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 80 match address outside_80_cryptomap
crypto map L2L_MAP 80 set peer x.x.x.x
crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map L2L_MAP interface outside
crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
crypto map INSIDE_map interface inside
I am able to connect successfully via vpn client. Its just that i cant reach the internal servers... Any ideas?
i get this error:
Oct 18 2012 00:52:37: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:10.10.13.221/137 dst inside:10.10.13.255/137 deniedI put in the important configs:
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
ospf cost 10
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.13.5 255.255.255.0 standby 10.10.13.6
ospf cost 10
interface GigabitEthernet0/2
nameif dmz
security-level 50
no ip address
ospf cost 10
interface GigabitEthernet0/2.720
vlan 720
nameif dmz-vsp
security-level 50
ip address 172.24.0.1 255.255.255.0 standby 172.24.0.2
ospf cost 10
interface GigabitEthernet0/2.724
vlan 724
nameif dmz-dbz
security-level 75
ip address 172.24.4.1 255.255.255.0 standby 172.24.4.2
ospf cost 10
interface GigabitEthernet0/2.725
vlan 725
nameif dmz-smtp
security-level 50
ip address 172.24.5.1 255.255.255.0 standby 172.24.5.2
ospf cost 10
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.10.10.50
domain-name xxxx.local
access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 172.16.0.0 255.255.0.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.2.0 255.255.255.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.3.0 255.255.255.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.14.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.10.0 255.255.255.0 10.10.13.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.6.0 255.255.255.0 10.10.13.0 255.255.255.0
ip local pool inshse-vpn-pool2 192.168.6.220-192.168.6.230 mask 255.255.255.0
global (outside) 201 192.168.16.1-192.168.16.250
global (outside) 202 10.201.5.145-10.201.5.158
global (outside) 4 10.10.13.180-10.10.13.189 netmask 255.0.0.0
global (outside) 101 interface
global (outside) 1 x.x.x.x netmask 255.0.0.0
global (inside) 204 10.10.13.70-10.10.13.79 netmask 255.0.0.0
nat (inside) 0 access-list nonatacl
nat (inside) 201 access-list NAT_TO_IDP
nat (inside) 202 access-list inside2-vsp_nat_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
nat (dmz-vsp) 202 access-list dmz-vsp_nat_outbound
nat (dmz-vsp) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside 10.0.0.0 255.240.0.0 10.10.13.1 1
route inside 10.40.1.0 255.255.255.0 10.10.13.1 1
route inside 10.40.2.0 255.255.255.0 10.10.13.1 1
route inside 10.40.3.0 255.255.255.0 10.10.13.1 1
route inside 10.40.4.0 255.255.255.0 10.10.13.1 1
route inside 10.40.13.0 255.255.255.0 10.10.13.1 1
route inside 10.40.254.0 255.255.255.0 10.10.13.1 1
route inside 172.16.0.0 255.255.0.0 10.10.13.1 1
route inside 192.168.2.0 255.255.255.0 10.10.13.1 1
dynamic-access-policy-record DfltAccessPolicy
aaa-server VPN_Auth protocol radius
aaa-server VPN_Auth (inside) host 10.10.2.20
timeout 5
key *****
no mschapv2-capable
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map L2L_MAP 50 set reverse-route
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 20 match address IDP_VPN
crypto map L2L_MAP 20 set peer x.x.x.x
crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 40 match address cp_l2l_map_40
crypto map L2L_MAP 40 set peer x.x.x.x
crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 60 match address nonatacl
crypto map L2L_MAP 60 set peer x.x.x.x
crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 80 match address outside_80_cryptomap
crypto map L2L_MAP 80 set peer x.x.x.x
crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map L2L_MAP interface outside
crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
crypto map INSIDE_map interface inside
crypto isakmp enable outside
crypto isakmp enable inside
crypto isakmp enable dmz
crypto isakmp enable dmz-vsp
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
group-policy ihasavpn2_gp internal
group-policy ihasavpn2_gp attributes
dns-server value 10.10.10.52
vpn-tunnel-protocol IPSec
default-domain value xxxx.local
tunnel-group ihasavpn2 type remote-access
tunnel-group ihasavpn2 general-attributes
address-pool inshse-vpn-pool2
authentication-server-group VPN_Auth
authentication-server-group (inside) VPN_Auth
default-group-policy ihasavpn2_gp
tunnel-group ihasavpn2 ipsec-attributes
pre-shared-key *****
tunnel-group ihasavpn2 ppp-attributes
authentication ms-chap-v2
Maybe you are looking for
-
Best way to achieve 2-monitor hookup on '08 mini?
I have tried a dvi splitter but so far little success. I only want to use one monitor at a time. Thanks
-
I just bought Toast 9 for my MacBook Pro. A big idea is to be able to burn High Definition Video DVDs, such as Blu-Ray. Will a newer MacBook Pro (purchased new late-November 2007) burn High-Definition DVD? Blu-Ray? If not, what do I need to do to get
-
Creating custom pause/stop screens in DVD SP 4?
My boss asked me to create a dvd- in which- when the viewer paused or stopped the video, the screen would go to our company's logo instead of the dvd player's default logo screen. I vaguely remember seeing something like this on a DVD I rented once.
-
How to insert a code for a function module into a Customer Exit Variable?
I have two Key Figures viz., Net Prchs Rtl, and Net Prchs Unt. Both these Key figures have This Week (TW) and Last Week (LW). There is a variable for This week but there is no variable defined for Last week. I need to get data in the column LW (Last
-
Hi all we have 2 Call Manager 7.1.2.31900-1 boxes. Recently we had a power outage and the servers were not shut down properly. One remaining issue we are having trouble resolving is this error below. It appears in the logs every 15 seconds or so. Any