Failure when FWSM in transparent mode with multiple contexts

hi experts,
            We have two FWSMs working in active/standby state,  configured with multiple contexts in transparent mode. and the "outside" and "inside" interfaces for each context are in same subnet. 
            Now we have one FWSM broken and the RMA part can't arrived in short time, so  we have the risk that the sencond FWSM could be failed as well.   In the worst case if the two was broken or powered off simultaneously,   i wonder that if the communications between multiple contexts could be ok???
thanks in advance.

The software requirements for Cisco Secure ACS are dependent on the type of Extensible Authentication Protocol (EAP) desired. For full support of all the EAP types including EAP-Flexible Authentication via Secure Tunneling (FAST), use release 3.2.3 or higher.
http://www.cisco.com/en/US/netsol/ns340/ns394/ns431/ns434/networking_solutions_implementation_guide09186a008038906c.html

Similar Messages

  • WLSM, FWSM in transparent mode, VRF's , EAPFAST and LEAP

    Has anyone got any experience of all of the above.
    Some background - The FWSM is in transparent mode, using virtual contexts between the VRF and the main routing table to ensure relevant mobility traffic passes through the relevant security context.
    I can authenticate with LEAP via RADIUS, then obtain an IP through DHCP, ping my gateway from wireless client but not outside my VRF. If I remove the VRF from the tunnel interface associated with my mobility group all connectivity OK.
    With EAPFAST I can authenticate via RADIUS, but do not get an address through DHCP. If I use a static ( and use mobility trust on tunnel interface )I can not ping my gateway. If I remove the VRF off the tunnel interface associated with this type of users mobility group, I receive an address through DHCP, and can ping merrily everywhere.
    Has anybody got any thoughts if I am missing something here?

    The software requirements for Cisco Secure ACS are dependent on the type of Extensible Authentication Protocol (EAP) desired. For full support of all the EAP types including EAP-Flexible Authentication via Secure Tunneling (FAST), use release 3.2.3 or higher.
    http://www.cisco.com/en/US/netsol/ns340/ns394/ns431/ns434/networking_solutions_implementation_guide09186a008038906c.html

  • FWSM in Transparent mode help

    Hi all,
    i am actually designing for a new solution based on 6509 Switch with FWSM module, here is what i have :
    FWSM will be used in Transparent mode with two bridge group : 1 , 2 as mentioned on the image, i wonder if this is a correct deisgn or not, is this will work with no probleme with these two trunk links ?
    i've seen on the guidelines of this url :
    http://www.cisco.com/en/US/docs/security/fwsm/fwsm22/configuration/guide/fwmode.html#wp1184961
    "The transparent FWSM uses an inside interface and an outside interface only. "
    is it applicable in my case,
    any other information will be welcome.
    Thanks for help

    Hi,this is sample configuration.
    6509A:
    vlan 256
    name FWoutside
    int vlan 256
    ip addr 98.1.1.252 255.255.255.0
    6509B:
    vlan 255
    name FWinside
    int vlan 255
    ip addr 98.1.1.251 255.255.255.0
    firewall module 3 vlan-group 16,32
    firewall vlan-group 16 255
    firewall vlan-group 32 256
    FW:
    firewall transparent
    nameif vlan256 outside security0
    nameif vlan255 inside security100
    access-list ACL_IN extended permit ip any any
    access-group ACL_IN in interface outside
    access-group ACL_IN in interface inside
    6509B:
    6509B#ping 98.1.1.252
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 98.1.1.252, timeout is 2 seconds:
    Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
    6509B#

  • ASA Transparent Mode For Multiple Subnets

    I am looking to replace a FortiGate firewall which is currently working in transparent mode handling mutiple subnets with ASA 5515.  Currently, I am testing transparent mode configuration on ASA 5505, and it will not forward any traffic that is not in the same subnet as IP address assigned to BV interface.
    For example, the following configuration works.
    10.0.0.3/24 (computer) ---> 10.0.0.2/24 (firewall) ---> 10.0.0.1/24 (computer)
    However, the following does not work
    10.0.0.3/24 (computer) ---> 10.10.0.2/24 (firewall) ---> 10.0.0.1/24 (computer)
    I thought that transparent mode is just a bump in the wire, so why does the IP address/subnet assigned to BV interface affects the traffic?  Is the ASA capable of handling other/multiple subnets in transparent mode other than the subnet assigned to BV interface?
    By the way, I used to run PIX 515E 7.2(2) transparent mode filtering multiple subnets.  The current ASA 5505 is on 9.0(1).  Is it the limitation on the ASA 5505 model but not on the more powerful ASA model?
    Thank you

    Thank you @ttemirgaliyev, I tried but multiple context is not supported by ASA 5505.
    I have an example of PIX configuration in transparent mode filtering multiple subnets.  I was using this configuration in production environment in the past.  I am wondering if ASA 5510 or higher can handle this setup.
    : Saved
    : Written by enable_15 at 10:57:25.766 UTC Wed Jul 16 xxxx
    PIX Version 7.2(2)
    firewall transparent
    hostname pixfirewall
    enable password xxxxxxxxxx encrypted
    names
    interface Ethernet0
    nameif outside
    security-level 0
    interface Ethernet0.1
    vlan 1
    no nameif
    no security-level
    interface Ethernet1
    nameif inside
    security-level 100
    interface Ethernet1.1
    no vlan
    no nameif
    no security-level
    passwd xxxxxxxxxx encrypted
    ftp mode passive
    access-list outside extended permit udp any host 10.0.0.210
    access-list outside extended permit udp any host 10.0.0.3
    access-list outside extended permit tcp any host 10.0.0.110 eq smtp
    access-list outside extended permit tcp any host 10.0.0.110 eq www
    access-list outside extended permit tcp any host 10.0.0.57 eq smtp
    access-list outside extended permit tcp any host 10.0.0.57 eq www
    access-list outside extended permit tcp any host 10.0.0.75 eq www
    access-list outside extended permit tcp any host 10.0.0.75 eq ftp
    access-list outside extended permit tcp any host 10.0.0.75 eq 5003
    access-list outside extended permit tcp any host 10.0.0.75 eq 403
    access-list outside extended permit tcp any host 10.0.0.75 eq 407
    access-list outside extended permit tcp any host 10.0.0.76 eq ftp
    access-list outside extended permit tcp any host 10.0.0.2 eq pcanywhere-data
    access-list outside extended permit udp any host 10.0.0.2 eq pcanywhere-status
    access-list outside extended permit tcp any host 10.0.10.61
    access-list outside extended permit tcp any host 10.0.10.62
    access-list outside extended permit tcp any host 10.0.10.63
    access-list outside extended permit tcp any host 10.0.10.64
    access-list outside extended permit tcp any host 10.0.13.225 eq ftp
    access-list outside extended permit tcp host 192.168.4.30 host 10.0.17.254 eq telnet
    access-list outside extended permit tcp any host 10.0.13.225 eq telnet
    access-list outside extended permit tcp any host 10.0.10.61 eq 50
    access-list outside extended permit udp any host 10.0.10.61 eq isakmp
    access-list outside extended permit tcp any host 10.0.10.62 eq 50
    access-list outside extended permit udp any host 10.0.10.62 eq isakmp
    access-list outside extended permit tcp any host 10.0.10.63 eq 50
    access-list outside extended permit udp any host 10.0.10.63 eq isakmp
    access-list outside extended permit tcp any host 10.0.10.64 eq 50
    access-list outside extended permit udp any host 10.0.10.64 eq isakmp
    access-list outside extended permit tcp any host 10.0.0.219
    access-list outside extended permit udp any host 10.0.0.219
    access-list outside extended permit udp any host 10.0.10.61
    access-list outside extended permit udp any host 10.0.10.62
    access-list outside extended permit udp any host 10.0.10.63
    access-list outside extended permit udp any host 10.0.10.64
    access-list outside extended permit icmp any host 10.0.10.29
    access-list outside extended permit tcp any host 10.0.10.29 eq ftp
    access-list outside extended permit tcp any gt 1023 host 10.0.10.29 eq ftp-data
    access-list outside extended permit tcp any host 10.0.0.110 eq pop3
    access-list outside extended permit tcp any host 10.0.0.57 eq pop3
    access-list outside extended permit tcp any host 10.0.10.27 eq pcanywhere-data
    access-list outside extended permit udp any host 10.0.10.27 eq pcanywhere-status
    access-list outside extended permit tcp any host 10.0.10.31 eq pcanywhere-data
    access-list outside extended permit udp any host 10.0.10.31 eq pcanywhere-status
    access-list outside extended permit tcp any host 10.0.0.222 eq pcanywhere-data
    access-list outside extended permit udp any host 10.0.0.222 eq pcanywhere-status
    access-list outside extended permit icmp any host 10.0.10.28
    access-list outside extended permit tcp any host 10.0.10.28 eq pptp
    access-list outside extended permit gre any host 10.0.10.28
    access-list outside extended permit ip any host 10.0.10.28
    access-list outside extended permit ip any host 10.0.10.29
    access-list outside extended permit tcp any host 10.0.10.25 eq 8234
    access-list outside extended permit tcp any host 10.0.17.217 eq 8234
    access-list outside extended permit tcp any host 10.0.17.217 eq 8235
    access-list outside extended permit tcp any host 10.0.17.217 eq www
    access-list outside extended permit ip any host 10.0.10.36
    access-list outside extended permit ip any host 10.0.10.37
    access-list outside extended permit ip any host 10.0.10.38
    access-list outside extended permit ip any host 10.0.10.39
    access-list outside extended permit ip any host 10.0.10.40
    access-list outside extended permit ip any host 10.0.10.41
    access-list outside extended permit tcp any host 10.0.0.235 eq www
    access-list outside extended permit tcp any host 10.0.10.2 eq www
    access-list outside extended permit tcp any host 10.0.10.2 eq 3389
    access-list outside extended permit tcp host 192.168.1.234 host 10.0.0.211 eq 4899
    access-list outside extended permit tcp any host 10.0.0.211 eq www
    access-list outside extended permit tcp any host 10.0.10.35 eq www
    access-list outside extended permit tcp any host 10.0.10.36 eq www
    access-list outside extended permit tcp any host 10.0.10.37 eq www
    access-list outside extended permit tcp any host 10.0.10.38 eq www
    access-list outside extended permit tcp any host 10.0.10.39 eq www
    access-list outside extended permit tcp any host 10.0.10.40 eq www
    access-list outside extended permit tcp any host 10.0.10.41 eq www
    access-list outside extended permit tcp any host 10.0.0.110 eq https
    access-list outside extended permit tcp any host 10.0.0.57 eq https
    access-list outside extended permit tcp any host 10.0.0.75 eq https
    access-list outside extended permit tcp any host 10.0.17.217 eq https
    access-list outside extended permit tcp any host 10.0.0.234 eq 220
    access-list outside extended permit tcp any host 10.0.0.235 eq https
    access-list outside extended permit tcp any host 10.0.10.2 eq https
    access-list outside extended permit tcp any host 10.0.0.211 eq https
    access-list outside extended permit tcp any host 10.0.10.35 eq https
    access-list outside extended permit tcp any host 10.0.10.36 eq https
    access-list outside extended permit tcp any host 10.0.10.37 eq https
    access-list outside extended permit tcp any host 10.0.10.38 eq https
    access-list outside extended permit tcp any host 10.0.10.39 eq https
    access-list outside extended permit tcp any host 10.0.10.40 eq https
    access-list outside extended permit tcp any host 10.0.10.41 eq https
    access-list outside extended permit tcp any host 10.0.10.35 eq 8234
    access-list outside extended permit tcp any host 10.0.10.36 eq 8234
    access-list outside extended permit tcp any host 10.0.10.37 eq 8234
    access-list outside extended permit tcp any host 10.0.10.38 eq 8234
    access-list outside extended permit tcp any host 10.0.10.39 eq 8234
    access-list outside extended permit tcp any host 10.0.10.40 eq 8234
    access-list outside extended permit tcp any host 10.0.10.41 eq 8234
    access-list outside extended permit tcp any host 10.0.10.35 eq 8235
    access-list outside extended permit tcp any host 10.0.10.36 eq 8235
    access-list outside extended permit tcp any host 10.0.10.37 eq 8235
    access-list outside extended permit tcp any host 10.0.10.38 eq 8235
    access-list outside extended permit tcp any host 10.0.10.39 eq 8235
    access-list outside extended permit tcp any host 10.0.10.40 eq 8235
    access-list outside extended permit tcp any host 10.0.10.41 eq 8235
    access-list outside extended permit udp any host 10.0.0.222
    access-list outside extended permit gre any any
    access-list outside extended permit ip host 10.0.10.28 any
    access-list outside extended permit ip host 10.0.0.211 any
    access-list outside extended permit ip host 10.0.10.35 any
    access-list outside extended permit ip host 10.0.10.36 any
    access-list outside extended permit ip host 10.0.10.37 any
    access-list outside extended permit ip host 10.0.10.38 any
    access-list outside extended permit ip host 10.0.10.39 any
    access-list outside extended permit ip host 10.0.10.40 any
    access-list outside extended permit ip host 10.0.10.41 any
    access-list outside extended permit ip host 10.0.0.222 any
    access-list outside extended permit ip host 10.0.0.234 any
    access-list outside extended permit icmp host 10.0.0.234 any
    access-list outside extended permit tcp any host 10.0.0.235 eq 3389
    access-list outside extended permit ip host 10.0.0.254 any
    access-list outside extended permit tcp any host 10.0.0.2 eq 3389
    access-list outside extended permit tcp any host 10.0.13.240 eq 5900
    access-list outside extended permit udp any host 10.0.13.240 eq 5900
    access-list outside extended permit tcp any host 10.0.13.240 eq 3283
    access-list outside extended permit udp any host 10.0.13.240 eq 3283
    access-list outside extended permit tcp any host 10.0.13.240 eq ssh
    access-list outside extended permit tcp any host 10.0.10.12 eq www
    access-list outside extended permit tcp any host 10.0.0.212 eq www
    pager lines 24
    mtu outside 1500
    mtu inside 1500
    ip address 10.0.0.230 255.255.255.0
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    access-group outside in interface outside
    route outside 0.0.0.0 0.0.0.0 10.0.0.254 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    snmp-server host inside 10.0.0.234 community xxxx
    no snmp-server location
    no snmp-server contact
    snmp-server community xxxx
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    snmp-server enable traps syslog
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 outside
    ssh 0.0.0.0 0.0.0.0 inside
    ssh timeout 60
    console timeout 0
    prompt hostname context
    Cryptochecksum:c887f562a196123a335c5ebeba0ad482
    : end

  • Problem with Failover FWSM (With Multiple Context)

    Dear All,
    I have 2 Catalyst 6500 with FWSM module, the catalyst and FWSM is redudant. FWSM with multiple context.
    i had done with catalyst 6500, but when i try to add (Admin -> Security and Monitor Devices) module with fwsm context is always error.
    i add this context in the active context.
    this is the error message when i try to add fwsm on mars.
    The first one;
    expect: spawn id exp3 not open
    while executing
    "expect -nobrace {<--- More --->} {
    send_user "\n"
    send -- " "
    exp_continue
    } {assword: } {
    s..."
    invoked from within
    "expect {
    "<--- More --->" {
    send_user "\n"
    send -- " "
    exp_continue
    "assword: " {
    (file "./sshpix7x.exp" line 105)
    st_key
    the second:
    invoked from within
    "expect {
    "<--- More --->" {
    send_user "\n"
    send -- " "
    exp_continue
    "assword: " {
    (file "./sshpix7x.exp" line 105)
    st_key
    and sometime:
    spawn ssh -c 3des -l siem-mars 10.x.x.x
    Connection timed out
    For Information :
    The FWSM Firewall Version 4.0(6)
    and,
    CSMAERS-200
    Product Version               :    6.0.6 ( 3368 )
    Data Package Version     :     35
    IPS Signature Version     :     454
    IPS Custom Signature Version     :     0
    Anyone can help me please...
    Thanks b4,
    Best Regards,
    Naga

    Hi Teck Yong Ng,
    I am not sure about your problem, but normally what happens when we install two databases on the same host is there will be conflict between the ports connecting to the database.
    In your case the second system database might also have the same port number which you have for the first system.that is why i think you are facing this issue.
    Try to look at the port numbers.
    Regards,
    Bharath Kumar.K
    Message was edited by:
            Bharath Kumar K

  • [Non IE Regression] Support for full screen mode with multiple monitors

    This seems to be a regression with Flash Player v11.2.202.x (for all other browsers).
    With Internet Explorer it is still working.
    http://kb2.adobe.com/cps/890/cpsid_89050.html
    == Support for full screen mode with multiple monitors ==
    Full screen content will remain in full-screen on secondary monitors, allowing users to watch full-screen content while working on another display.
    Tested on Windows 7 x64 SP1 with:
    - Internet Explorer 9
    - Firefox Release, Beta, Aurora, Nightly
    - Opera 12 build 1116
    In bugbase.adobe.com I cannot choose v11.2.x

    Please vote for it If you have the same problem:
    https://bugbase.adobe.com/index.cfm?event=bug&id=3016912
    Thanks

  • For some reason, my compression option is grayed out under "File" menu, and when I select a folder with multiple files, or multiple documents, and try to right-click or tap the mousepad with two fingers, I do not get a "compress" option available. Help.

    I don't know why, but when I select a folder with multiple docs contained within it, or multiple files, the Compress option is grayed out under the File menu, nor is it available when I right-click. Please help.

    Yes it is, but I have the same problem of the option does not appear with "right click" (I'm actually control-clicking), and COMPRESS is grayed out under the file menu. I'd like to fix it.
    Hmm. After finding the Archive Utility,* I tried archiving the folder. It came out as .cpgz, ugh. Found there was a preference to make .zip the default. It worked!
    And now…the menus are not grayed out. ?!?! OK.'
    Hope this helps someone.
    *You cannot find this via search, apparently it is a hidden file, you have to click from the root drive through to /System/Library/CoreServices (Thanks for the file path Alberto!)

  • Transparent mode with AIP-SSM-20

    I currently have an ASA5510 in routed mode with an AIP-SSM-20.
    There is a requirement to use a fibre optic connection between this ASA and another ASA across campus, so the AIP-SSM will have to be removed and replaced with the SSM-4GE.  This part should present no issue.
    However, this will remove the IPS device, and I still want to use IPS.
    So, what I am thinking is to get another ASA5510, install the AIP-SSM, configure ASA for transparent mode and put it in between the inside of the routed ASA and my LAN.  The transparent ASA would be functioning strictly as an IPS appliance.
    Setup would look something like this:
    Internal LAN <> transparent ASA with IPS <> routed ASA <> WAN
    Can the AIP-SSM still perform IPS with the ASA in transparent mode?
    Is there a way to configure the ASA and AIP-SSM such that traffic to/from a particular server completely bypasses the AIP-SSM?
    I have a couple of fileservers that generate heavy traffic and could overload the AIP-SSM.
    Regards.

    AFAIR, There is no problem to setup AIP in a transparent firewall.
    "An ASA in transparent mode can run an AIP.  In the event the AIP fails,
    the IPS will fail-open and the ASA will continue to pass traffic.
    However, if an interface or cable fails, then traffic will stop.  You
    would need a failover pair to account for this failure event, which
    means another ASA and matching AIP."
    And no there is no problem to exclude certain hosts/ports/subnets from inspection by IPS via MPF.
    http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ips.html#wp1050744
    What I however consider however is if the ASAs 5510 as second tier firewall for 5520s will be enough.
    http://www.cisco.com/en/US/products/ps6120/prod_models_comparison.html
    HTH,
    Marcin

  • Transparent firewall with failover with multiple contexts

                       I am running 8.4(2) on ASA5585s. They are in mulitble context mode and set to transparent firewall with active/active failover. When I do a sh failover in a context I see 2 of my interfaces are (waiting). I have a BVI and these are the ip addresses on the interfaces in he "sh failover" below.
    Failover On
    Last Failover at: 11:54:39 GMT/IST Feb 23 2012
            This context: Standby Ready
                    Active time: 175394 (sec)
                      Interface ctxb-inside (x.x.x.165): Normal (Waiting)
                      Interface ctxb-outside (x.x.x.165): Normal (Monitored)
            Peer context: Active
                    Active time: 11390663 (sec)
                      Interface ctxb-inside (x.x.x.164): Normal (Monitored)
                      Interface ctxb-outside (x.x.x.164): Normal (Waiting)
    Why are the interfaces in (waiting)?

    Are you able to ping between the interfaces? ie: can you ping x.x.x.165 from x.x.x.164 and visa versa? If you are not able to ping it, that means there is no connectivity between the 2, hence the status is in Normal (Waiting) because it has not received the hello packet on that corresponding interface.
    Here is the reference guide FYI:
    http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/s3.html#wp1505709

  • Unable to share files when in a IM convo with multiple people Lync 2013

    Hello,
    I'm in the middle of a migration from lync server 2010 to lync server 2013. The users I have migrated over to lync 2013 are not able to send/share attachments when in a convo with multiple people.
    However, users can send/share files when IM'ing with individual people.
    I've been researching this issue for quite some time but still having a problem pinpointing  the issue.
    Any help would be greatly appreciated.
    Thanks.

    Hi,
    Did the issue also happen between users who still in Lync server 2010 pool?
    Did the issue happen internal or external?
    Please double check if MCU on Lync 2013 FE server works well, when two participants are connected, the session is essentially peer-to-peer. When three or more participants are connected, the Sharing feature depends on the Front End Server Multi Point Control
    Unit (MCU) to provide the sharing stream to all parties.
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • Connection failure when connecting to the net with...

    I hope someone can help me. I have got Nokia PC suite on my PC. I often use it to connect to the net. Just recently I had a few viruses on my pc and now since they have been cleaned off I keep getting a connection failure when I try to connect. I have tried uninstalling and reinstalling my software but nothing seems to help. I know it is something to do with my pc as I have tried four different phones that do work on other pc's, just not this one.
    I have checked to make sure all the modem settings are right and that the phone is detected as a modem.
    What should I try that might help solve this??
    Thanks
    Katherine

    Make sure you have entered the access point in the one touch access settings, enter the settings maually and try to connect.
    If a reply has solved your problem click Accept as solution button, doing it will help others know the solution. Thanks.

  • Botnet Filter with multiple Context Mode

    We used the Botnet Filter in Single Context Mode for a long Time. Now we converted to multiple Context Mode and the Database is no longer updated. In the system Context I can See the update settings but when I try to update the result is always "no DNS server". Since the system context has no interfaces there are no DNS settings etc.
    How should be the Botnet Filter configured in Multiple Context Mode?
    Thanks for any response in advance.

    sh run | grep dns
    dns domain-lookup T-COM
    dns domain-lookup COLT
    dns server-group DefaultDNS
    policy-map type inspect dns preset_dns_map
    inspect dns preset_dns_map
    ping update-manifests.ironport.com
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 204.15.82.17, timeout is 2 seconds:
    Success rate is 100 percent (5/5), round-trip min/avg/max = 160/162/170 ms
    ping updates.ironport.com
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 80.239.221.64, timeout is 2 seconds:
    ASA Version 8.4(2)
    hostname DE-VM-TER-FW-02
    enable password 8Ry2Yj8765U24 encrypted
    passwd 2KFQnb6IdI.2KY75 encrypted
    names
    interface GigabitEthernet0/0.3207
    nameif TR_v207
    security-level 50
    ip address 10.28.6.60 255.255.255.248
    interface GigabitEthernet0/0.3208
    nameif TR_v208
    security-level 70
    ip address 10.28.6.68 255.255.255.248
    interface GigabitEthernet0/0.3209
    nameif TR_v209
    security-level 80
    ip address 10.28.6.76 255.255.255.248
    interface GigabitEthernet0/0.3210
    nameif TR_v210
    security-level 90
    ip address 10.28.6.84 255.255.255.248
    interface GigabitEthernet0/1
    nameif COLT
    security-level 0
    ip address 217.111.58.46 255.255.255.240
    interface GigabitEthernet0/3
    nameif T-COM
    security-level 0
    ip address 194.25.250.94 255.255.255.240
    dns domain-lookup T-COM
    dns domain-lookup COLT
    dns server-group DefaultDNS
    name-server 8.8.8.8
    object network COLT_dynamic_NAT
    subnet 0.0.0.0 0.0.0.0
    object network T-COM_dynamiy_NAT
    subnet 0.0.0.0 0.0.0.0
    object-group network DM_INLINE_NETWORK_1
    network-object 10.0.0.0 255.0.0.0
    network-object 172.16.0.0 255.240.0.0
    network-object 192.168.0.0 255.255.0.0
    access-list COLT_access_in extended deny ip any any
    access-list T-COM_access_in extended permit tcp any object DEUAG01-actsync eq https
    access-list T-COM_access_in extended permit tcp any object DEUAG01-portal eq https
    access-list T-COM_access_in extended deny ip any any
    access-list TR_3208_access_in extended deny ip any object-group DM_INLINE_NETWORK_1
    access-list TR_3208_access_in extended permit ip any any
    access-list TR_3208_access_in extended permit icmp any any
    access-list TR_v207_access_in extended deny ip any any
    access-list TR_v210_access_in extended deny ip any any
    access-list TR_v209_access_in extended deny ip any any
    pager lines 24
    logging enable
    logging asdm informational
    mtu TR_v208 1500
    mtu T-COM 1500
    mtu COLT 1500
    mtu TR_v207 1500
    mtu TR_v210 1500
    mtu TR_v209 1500
    ip verify reverse-path interface T-COM
    ip verify reverse-path interface COLT
    ipv6 access-list TR_v207_access_ipv6_in deny ip any any
    ipv6 access-list TR_v208_access_ipv6_in deny ip any any
    ipv6 access-list TR_v209_access_ipv6_in deny ip any any
    ipv6 access-list TR_v210_access_ipv6_in deny ip any any
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    object network COLT_dynamic_NAT
    nat (any,COLT) dynamic interface
    object network T-COM_dynamiy_NAT
    nat (any,T-COM) dynamic interface
    access-group TR_3208_access_in in interface TR_v208
    access-group TR_v208_access_ipv6_in in interface TR_v208
    access-group T-COM_access_in in interface T-COM
    access-group COLT_access_in in interface COLT
    access-group TR_v207_access_in in interface TR_v207
    access-group TR_v207_access_ipv6_in in interface TR_v207
    access-group TR_v210_access_in in interface TR_v210
    access-group TR_v210_access_ipv6_in in interface TR_v210
    access-group TR_v209_access_in in interface TR_v209
    access-group TR_v209_access_ipv6_in in interface TR_v209
    route T-COM 0.0.0.0 0.0.0.0 194.25.250.81 1
    route COLT 0.0.0.0 0.0.0.0 217.111.58.33 20
    route TR_v208 10.28.24.0 255.255.255.0 10.28.6.65 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    user-identity default-domain LOCAL
    no snmp-server location
    no snmp-server contact
    telnet timeout 5
    ssh timeout 5
    no threat-detection statistics tcp-intercept
    dynamic-filter use-database
    dynamic-filter enable interface T-COM
    dynamic-filter enable interface COLT
    dynamic-filter drop blacklist interface T-COM
    dynamic-filter drop blacklist interface COLT
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
    message-length maximum client auto
    message-length maximum 512
    policy-map global_policy
    class inspection_default
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
    inspect dns preset_dns_map dynamic-filter-snoop
    service-policy global_policy global
    Cryptochecksum:7bbe975fb39e189e99d8878787a0037
    : end
    System Context
    dynamic-filter updater-client enable
    ​ Can't resolve update-manifests.ironport.com, make sure dns nameserver is configured

  • Page truncated when printing a transparent color with Windows 2000

    Hi,
    We use the JDK 1.5.0_11 in a Windows 2000 SP4 platform with 2GB of RAM.
    When printing a transparent color on a large page with a Windows 2000 platform,
    - The printed page is unexpectedly truncated (the bottom of the page is not printed) or
    - Even worse, the operating system crashes with a blue screen.
    Notice that we neither have any exception thrown nor any log written !
    Notice that this problem never occurs with a Windows XP platform !
    The problem can be reproduced as follows:
    1. Run the sample below,
    2. The "Page Setup" dialog is opened,
    3. Select a large paper size such as A2 or A1,
    4. Press the "Ok" button,
    5. The "Print" dialog is opened,
    6. Select a printer which can handle this paper size,
    7. Press the "Ok" button,
    8. The printed page is unexpectedly either truncated or the operating system crashes.
    If you do not have a printer handling such large paper sizes,
    the problem can still be reproduced using the latest version of "PDFCreator".
    Could anybody provide us with some hints ?
    Thank you very much for your help ...
    Xavier
    import java.awt.Color;
    import java.awt.Font;
    import java.awt.Graphics;
    import java.awt.Graphics2D;
    import java.awt.geom.Rectangle2D;
    import java.awt.print.PageFormat;
    import java.awt.print.Paper;
    import java.awt.print.Printable;
    import java.awt.print.PrinterException;
    import java.awt.print.PrinterJob;
    public class Main {
        public static void main(String[] args) throws Exception {
            PrinterJob job = PrinterJob.getPrinterJob();
            job.pageDialog(job.defaultPage());
            job.setPrintable(new MyPrintable());
            if (job.printDialog()) {
                try {
                    job.print();
                } catch (PrinterException exception) {
                    System.out.println(exception);
    class MyPrintable implements Printable {
        public int print(Graphics g, PageFormat format, int pageIndex) {
            if (pageIndex != 0) {
                return NO_SUCH_PAGE;
            Graphics2D g2 = (Graphics2D) g;
            g2.setFont(new Font("Serif", Font.PLAIN, 36));
            g2.setPaint(new Color(255, 0, 0, 127));
            for (long i= 0; i<format.getImageableWidth(); i++) {
                g2.drawString("www.java2s.com", (long) format.getImageableX() + i*18, (long) format.getImageableY() + i*18);
            Rectangle2D outline = new Rectangle2D.Double(
                    format.getImageableX(),
                    format.getImageableY(),
                    format.getImageableWidth(),
                    format.getImageableHeight());
            g2.draw(outline);
            return PAGE_EXISTS;
    }

    I did this with the Windows de-installer and it did not work. Is there something more I need to do? Does Mozilla have a program for removing its software that is more complete?

  • Trying to setup 1131 in autonomous mode with multiple ssids and vlans

    hi there,
    I'm trying to setup an aironet 1131 in autonomous mode with a WLAN for each VLAN.
    I can connect to the SSID "BLUGstaff" but I don't pick up a DHCP address and when I set a static IP I can't anything on the vlan so I can only assume I have made an error.
    I have attached the config for the access point.
    The switch port the access point connects to has the following config...
    interface FastEthernet1/0/3
    description ## Access Point ##
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 121
    switchport trunk allowed vlan 1,121-124
    switchport mode trunk
    spanning-tree portfast
    end
    Can anyone explain what I've done wrong? Thanks in advance for any help,
    Huw

    Hello Huw,
    as i see in your confirguartion.
    native VLAN is 121. so you have to correct following in your AP configuration
    1) interface Dot11Radio0.121
    encapsulation dot1Q 121 native
    bridge-group 121         ->>>>>>>>>>>>>>>> change this to brige-group 1 , native always tied to bridge group 1
    2)
    interface FastEthernet0.121
    encapsulation dot1Q 121
    add also under this sub interface
    bridge-group 1
    please let me know how it goes.
    Kind regards
    Talal
    ==========
    please rate answers that you find useful , and mark as answered - when it is :-) - so others can find it easily

  • FWSM in transparent mode

    i find in cisco site document about transparent mode .link as follow:
    http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/mod_icn/fwsm/fwsm_2_3/fwsm_cfg/fwmode.htm#wp1184961
    it said:
    The Firewall Services Module (FWSM) connects the same network on its inside and outside ports but uses different VLANs on the inside and outside
    how can i config two different vlan belong to same network?
    is there somebody give me a example.
    thank you very much

    Hi,this is sample configuration.
    6509A:
    vlan 256
    name FWoutside
    int vlan 256
    ip addr 98.1.1.252 255.255.255.0
    6509B:
    vlan 255
    name FWinside
    int vlan 255
    ip addr 98.1.1.251 255.255.255.0
    firewall module 3 vlan-group 16,32
    firewall vlan-group 16 255
    firewall vlan-group 32 256
    FW:
    firewall transparent
    nameif vlan256 outside security0
    nameif vlan255 inside security100
    access-list ACL_IN extended permit ip any any
    access-group ACL_IN in interface outside
    access-group ACL_IN in interface inside
    6509B:
    6509B#ping 98.1.1.252
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 98.1.1.252, timeout is 2 seconds:
    Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
    6509B#

Maybe you are looking for

  • Excise invoice without delivery - Milestone and Progressive billing

    Hi all We have a scenario where we need to create excise invoice wihtout delivery We are using order based billing because we have PS(WBS) integration, milestone and progressive billing scenario. We dont  want to use J1is, we want to use J1iin only,

  • Apps showing up twice in suggested apps for open with

    Brand new MacBook Pro with clean install of 10.8.2 (not restored from backup).  Had this thing for two days and today is the first time that I'm trying to use it.  Don't have a lot installed on it yet.  In other words, we're about best case scenario

  • Console to external monitor

    Hello! I'm running a thinkpad and I'd like to have the console sent to the external monitor. I configured the BIOS and it works up to the grub menu. After selecting the grub option, it snaps back to the internal monitor (with a copy to the external m

  • Change the database charecterset in 9.2.0.7

    Hi, we have 9.2.0.7 database running on HP-UX Itanium 64bit. we have current WE8MSWIN1252 as the charecter set. we use this db for banking application. This Database contains english and Arabic data also. so we are in the process of upgrade of bankin

  • Printing contact notes in non-list form

    Is there a way I can print the notes I made for a contact without having them appear in a column?  When I check the notes box prior to printing the only choice is a list that produces them and than haves them set out in a skinny column.   My work aro