Forward and Reverse Pricing Calculations in the Same Pricing procedure
Hello,
I have a requirement where the Pricing has to set up to do the forward as reverse calculations in the same pricing procedure,For example:
There is :
PR00-Base Price
Less
K004:Discount(%)
will give
ZN00:Net Price
Less Cost
EK02
will give the Profit Margin-ZMAR
Forward calculation is possible as per SAP standard but the requirement is also to do reverse calculation such as
By entering Profit Margin-,The system should do a backward(Reverse calculation) and arrive on the Net price from the Net Price(ZN00) it should calculate the Duscount automatically.
Your inputs on this would be most helpful.
Regards
Mohammed Roshan
hi,
In Sale Order / Billing, in normal circumstances, tax will be calculated on the base price. On the other hand, if you want the system to reverse calculate, you can achieve the same.
In normal circumstances, system will calculate as follows:-,
you maintained the PR00 of a material as Rs 200.00
and Discount Rs. 25.00
Net Value Rs.175.00
If you want to reverse calculate which means your invoice value itself should be Rs.200.00 which is inclusive of Discount. Then your Discount condition type (or in case there is tax, any tax condition type - MWST / UTXJ) have the Calculation Type as u201CHu201D
With the above settings, your actual PR00 value would be 225.00 only, though you maintained Rs.200.00 for PR00.
Similar Messages
-
Subreport using the same Stored Procedure
I have a main report and a subreport that uses the same stored procedure. The stored procedure has 12 parameters and what I want to avoid is the user having to enter the same parameter values twice. When I created the subreport I put in the parameters + one field, the employee id field so that I could just test it on one employee.
After I entered the subreport into the main report, when I got to refresh the data, it's asking for params for BOTH reports. Is there any way to get around this? Because of the way the stored procedure returns the data, I had to create a subreport instead of just fitting it into one of the footers. I've looked at the subreport link and added the employee id as the key. When I ran it the first time, it returned the wrong date range on the sub.
Help! this thing is Way passed due!!Right click on the sub report and choose change sub report links
Top left pane contains your main report parameters use > to add
In the bottom left corner of that dialog then scroll down until you see the corresponding sub report parameter
Repeat for each parameter
This should then take the main report params and pass into the sub report -
Urgent: How to bring the same pricing procedure in reversal order??
Hi,
We have recently implementated CIN at our client location. For the orders present in the system before CIN implementation, when we are creating the reversal orders, system is bringing the new pricing procedure with CIN condition types?
Can we bring the same pricing procedure in the reversal order as in the sales order?
Please advise urgently.
Regards,
Peeyoosh.Dear Peeyoosh
I am unable to understand from your comments
"For the orders present in the system before CIN implementation, when we are creating the reversal orders"
Please let me know how do you reverse a sale order. To my knowledge, we can reverse delivery and billing but not sale order. Either we can close the sale order by assigning some reason for rejection or delete the sale order.
This being the case, please let me know why you are reversing and how you are reversing. If you want the same pricing procedure for both normal sales and returns, then maintain the same pricing procedure for both document types.
thanks
G. Lakshmipathi -
The request parameters don't go to the "page.jsp"...
If someone else runs into this, here is how I solved the problem -
If you create a PrintWriter object with the autoflush option, it
doesn't flush the underlying buffer till you call println on it. I
looked through the generated code for the servlet, and it was doing a
JSPWriter.print() to output information.
So, I changed the ResponseWrapper to keep a handle to the PrintWriter
object, and then flush it in the filter, and that works.
Why the same code behaves differently in JRun & Weblogic, I'm not sure
--Sridhar
-
I'm building a test Lync deployment on Azure; yes, I know this is not supported, hence "test".
Lync Front-End servers expose two set of web services, one for internal users and one for external ones; they listen on different ports (443 and 4443) on the same servers; when external services are published, you need a reverse proxy or a port forwarding
in order to map port 443 of a public IP address to port 4443 of the Front-End server(s). When you have multiple Front-End servers in a pool, you also need to load-balance them.
So, a typical Lync deployment looks like this:
Internal users
|
443
|
Internal LB
192.168.0.20
443 443
| |
Lync FE 1 Lync FE 2
192.168.0.21 192.168.0.22
| |
4443 4443
External LB
Public IP Address
|
443
|
External Users
This should be easily replicated in Azure, as it supports both external load balancing and internal load balancing. They are even supported together in the same cloud service, so this configuration should be easy. However, it looks like "should"
is the keyword here.
After creating the external load balanced endpoint (which listens on external port 443 and forwards to port 4443 on the servers), I'm trying to create an internal load balancer and add internal endpoints to is; however, while the ILB can be created successfully,
adding an internal endpoint listening on port 443 and forwarding to port 443 on the servers fails miserably, with an error stating that port 443 is already in use by another endpoint:
Update-AzureVM : BadRequest : Port 443 is already in use by one of the endpoints in this deployment. Ensure that the port numbers are unique across endpoints within a deployment.
For reference, my commands are:
Add-AzureInternalLoadBalancer -InternalLoadBalancerName "LyncILB" -ServiceName "LyncFrontEnd" -SubnetName "LabSubnet" -StaticVNetIPAddress 192.168.0.20
(This completes successfully)
Get-AzureVM LYNCFE1 | Add-AzureEndpoint -Name "Https-Int" -Protocol "tcp" -LocalPort 443 -PublicPort 443 -LBSetName "HttpsIntLB" -DefaultProbe -InternalLoadBalancerName "LyncILB"
(This fails)
The existing external endpoint is configured as such:
Get-AzureVM LYNCFE1 | get-azureendpoint
LBSetName : HttpsExtLB
LocalPort : 4443
Name : HTTPS-Ext
Port : 443
Protocol : tcp
Vip :
ProbePath :
ProbePort : 4443
ProbeProtocol : tcp
ProbeIntervalInSeconds : 15
ProbeTimeoutInSeconds : 31
EnableDirectServerReturn : False
Acl : {}
InternalLoadBalancerName :
IdleTimeoutInMinutes :
LoadBalancerDistribution :
The error doesn't even make a lot of sense; the external load balancer listens on a public IP address, while the internal load balancer listens on a private IP address in the internal network; there
shouldn't be any conflict here... however it looks like there is one instead.
Why doesn't this work? Am I doing something wrong, or is Azure networking just being silly as usual again?Hello Massimo Pascucci,
The issue that you are facing when creating an endpoint with internal loadbalancer is the limitation of not allowing same ports to be listening under a single cloud service. This reason for this is that there is a limitation of only one private IP (Also
known as the Internal load balanced IP) per cloud service.
There is also a limitation on the Internal load balancer more than one port to be published per load balancer:
You can leave your feedback by following the link below:
https://social.msdn.microsoft.com/Forums/en-US/1805c5a0-3906-4cd6-8561-9802d77e0ae5/is-it-possible-to-use-both-an-ilb-and-an-elb-listening-on-the-same-port-in-the-same-azure-cloud?forum=WAVirtualMachinesVirtualNetwork
Refer to this article for more information on Internal load balancer:
http://azure.microsoft.com/blog/2014/05/20/internal-load-balancing/
Thanks,
Syed Irfan Hussain -
Asymmetric NAT rules matched for forward and reverse flows - NAT Issue
Having a problem with a VPN site trying to communicate to a subnet off my ASA 5505. The network is simple, VPN IPSEC remote site is 192.168.6.0/24 and I can ping and access hosts on 192.168.10.0/24 (called InfraNet). I am now trying to allow communications between 192.168.6.0/24 (called FD_net) to 192.168.9.0/24 (called Inside)
The Error:
5 Nov 12 2012 13:52:50 192.168.9.19 Asymmetric NAT rules matched for forward and reverse flows; Connection for icmp src outside:192.168.6.11 dst inside:192.168.9.19 (type 8, code 0) denied due to NAT reverse path failure
I understand this is a NAT issue; but I not seeing the error and could use a second set of eyes. Here's my current running configuration.
: Saved
ASA Version 8.3(2)
hostname fw1
domain-name xxxxxxxx.xxx
enable password <removed>
passwd <removed>
names
interface Vlan1
description Town Internal Network
nameif inside
security-level 100
ip address 192.168.9.1 255.255.255.0
interface Vlan2
description Public Internet
nameif outside
security-level 0
ip address 173.xxx.xxx.xxx 255.255.255.248
interface Vlan3
description DMZ (CaTV)
nameif dmz
security-level 50
ip address 192.168.2.1 255.255.255.0
interface Vlan10
description Infrastructure Network
nameif InfraNet
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan13
description Guest Wireless
nameif Wireless-Guest
security-level 25
ip address 192.168.1.1 255.255.255.0
interface Vlan23
nameif StateNet
security-level 75
ip address 10.63.198.2 255.255.255.0
interface Vlan33
description Police Subnet
shutdown
nameif PDNet
security-level 90
ip address 192.168.0.1 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport trunk allowed vlan 1,5,10,13
switchport trunk native vlan 1
switchport mode trunk
speed 100
duplex full
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
switchport trunk allowed vlan 1,10,13
switchport trunk native vlan 1
switchport mode trunk
interface Ethernet0/5
switchport access vlan 23
interface Ethernet0/6
shutdown
interface Ethernet0/7
switchport trunk allowed vlan 1
switchport trunk native vlan 1
switchport mode trunk
shutdown
banner exec Access Restricted to Personnel Only
banner login Access Restricted to Personnel Only
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
domain-name xxxxxxx.xxx
same-security-traffic permit inter-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object service IMAPoverSSL
service tcp destination eq 993
description IMAP over SSL
object service POPoverSSL
service tcp destination eq 995
description POP3 over SSL
object service SMTPwTLS
service tcp destination eq 465
description SMTP with TLS
object network obj-192.168.9.20
host 192.168.9.20
object network obj-claggett-https
host 192.168.9.20
object network obj-claggett-imap4
host 192.168.9.20
object network obj-claggett-pop3
host 192.168.9.20
object network obj-claggett-smtp
host 192.168.9.20
object network obj-claggett-imapoverssl
host 192.168.9.20
object network obj-claggett-popoverssl
host 192.168.9.20
object network obj-claggett-smtpwTLS
host 192.168.9.20
object network obj-192.168.9.120
host 192.168.9.120
object network obj-192.168.9.119
host 192.168.9.119
object network obj-192.168.9.121
host 192.168.9.121
object network obj-wirelessnet
subnet 192.168.1.0 255.255.255.0
object network WirelessClients
subnet 192.168.1.0 255.255.255.0
object network obj-dmznetwork
subnet 192.168.2.0 255.255.255.0
object network FD_Firewall
host 74.94.142.229
object network FD_Net
subnet 192.168.6.0 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_24
subnet 192.168.10.0 255.255.255.0
object network obj-TownHallNet
subnet 192.168.9.0 255.255.255.0
object network obj_InfraNet
subnet 192.168.10.0 255.255.255.0
object-group service EmailServices
description Normal Email/Exchange Services
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_1
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq pop3
service-object tcp destination eq https
service-object tcp destination eq smtp
object-group service DM_INLINE_SERVICE_2
service-object object IMAPoverSSL
service-object object POPoverSSL
service-object object SMTPwTLS
service-object tcp destination eq https
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group network obj_clerkpc
description Clerk's PCs
network-object object obj-192.168.9.119
network-object object obj-192.168.9.120
network-object object obj-192.168.9.121
object-group network TownHall_Nets
network-object 192.168.10.0 255.255.255.0
network-object object obj-TownHallNet
object-group network DM_INLINE_NETWORK_1
network-object 192.168.10.0 255.255.255.0
network-object 192.168.9.0 255.255.255.0
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_2 any interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_1 any host 192.168.9.20
access-list StateNet_access_in extended permit ip object-group obj_clerkpc any
access-list outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_1 object FD_Net
pager lines 24
logging enable
logging asdm debugging
logging mail errors
logging from-address hostmaster@xxxxxxxxx
logging recipient-address john@xxxxxxxxx level errors
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu Wireless-Guest 1500
mtu StateNet 1500
mtu InfraNet 1500
mtu PDNet 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-635.bin
no asdm history enable
arp timeout 14400
nat (InfraNet,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
nat (inside,outside) source static TownHall_Nets TownHall_Nets destination static FD_Net FD_Net
object network obj_any
nat (inside,outside) static interface
object network obj-claggett-https
nat (inside,outside) static interface service tcp https https
object network obj-claggett-imap4
nat (inside,outside) static interface service tcp imap4 imap4
object network obj-claggett-pop3
nat (inside,outside) static interface service tcp pop3 pop3
object network obj-claggett-smtp
nat (inside,outside) static interface service tcp smtp smtp
object network obj-claggett-imapoverssl
nat (inside,outside) static interface service tcp 993 993
object network obj-claggett-popoverssl
nat (inside,outside) static interface service tcp 995 995
object network obj-claggett-smtpwTLS
nat (inside,outside) static interface service tcp 465 465
object network obj-192.168.9.120
nat (inside,StateNet) static 10.63.198.12
object network obj-192.168.9.119
nat (any,StateNet) static 10.63.198.10
object network obj-192.168.9.121
nat (any,StateNet) static 10.63.198.11
object network obj-wirelessnet
nat (Wireless-Guest,outside) static interface
object network obj-dmznetwork
nat (any,outside) static interface
object network obj_InfraNet
nat (InfraNet,outside) static interface
access-group outside_access_in in interface outside
access-group StateNet_access_in in interface StateNet
route outside 0.0.0.0 0.0.0.0 173.166.117.190 1
route StateNet 10.0.0.0 255.0.0.0 10.63.198.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable 5443
http 192.168.9.0 255.255.255.0 inside
http 74.xxx.xxx.xxx 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set pfs
crypto map outside_map 2 set peer 173.xxx.xxx.xxx
crypto map outside_map 2 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 192.168.9.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.9.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
dhcpd dns 208.67.222.222 208.67.220.220
dhcpd lease 10800
dhcpd auto_config outside
dhcpd address 192.168.2.100-192.168.2.254 dmz
dhcpd dns 8.8.8.8 8.8.4.4 interface dmz
dhcpd enable dmz
dhcpd address 192.168.1.100-192.168.1.254 Wireless-Guest
dhcpd enable Wireless-Guest
threat-detection basic-threat
threat-detection statistics host number-of-rate 2
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 63.240.161.99 source outside prefer
ntp server 207.171.30.106 source outside prefer
ntp server 70.86.250.6 source outside prefer
webvpn
group-policy FDIPSECTunnel internal
group-policy FDIPSECTunnel attributes
vpn-idle-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec
username support password <removed> privilege 15
tunnel-group 173.xxx.xxx.xxx type ipsec-l2l
tunnel-group 173.xxx.xxx.xxx general-attributes
default-group-policy FDIPSECTunnel
tunnel-group 173.xxx.xxx.xxx ipsec-attributes
pre-shared-key *****
smtp-server 192.168.9.20
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:e4dc3cef0de15123f11439822880a2c7
: end
Any ideas would be appreciated.
JohnI don't see any inspection-commands in your config. Is there a reason for not using any of them?
If your problem is only with ICMP, then you should enable at least icmp-inspection. You can do that easiely with the legacy command " fixup protocol icmp"
Sent from Cisco Technical Support iPad App -
How do i do a forward and reverse sweep two independent variables
Hi,
So I was looking through the post on how to do a forward and reverse sweep with a real-time x-y plot. I have a similar situation except that instead of sweeping (forward and reverse) of one variable, but instead two variables (in my case, I call it gate voltage G-S Volt and source-drain voltage S-D Volt). I understand how to do it with one variable as provided in previous posts, but I am caught when I add another variable to reverse sweep. I have attached my vi to this post. Any suggesstions is greatly appreciated. Thank you. Also, a little more details on my plot, I am plotting current vs gate voltage which forward and reverse sweepeing (gate and source-drain voltage)..
Attachments:
FET_Isd - Vg measurement_Vg_201.vi 45 KBjasonct,
It is very difficult to follow what your code is doing. It violates all of the style guide and good practice recommendation for LabVIEW code.
The diagram should fit on one screen. SubVIs can help. Generally dataflow eliminates the need for sequence structures. Stacked sequence structures in particular obscure the code. Local variables are prone to race conditions, violate dataflow, and are not needed for the uses you are making of them. Wiring should go right to left, with minimal numbers of bends. Comments documenting what you are doing are helpful to others looking at your code and to you next month when you wonder why you did it that way.
Lynn -
Hi,
I have an ASA5510 running version 8.2(5). I have set up a new network on interface Ethernet0/1.777 of the fwl. The firewall works perfectly with remote access VPNs but has now given me the error with the new network that has been set up:
%ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for tcp src outside:10.159.159.3/49204 dst tru777:10.1.34.19/3389 denied due to NAT reverse path failure
The difference between the other networks and the new one that I have set up is that this is the first one using a private addressing scheme. I understand that NAT is not allowing something along the way but I cant figure out what needs to change in order to get it to work. My config is as follows:
interface Ethernet0/1.777
description TRU 777
vlan 777
nameif tru777
security-level 50
ip address 10.1.34.17 255.255.255.240 standby 10.1.34.18
access-list acl_tru777 remark * ALLOW ALL OUTBOUND *
access-list acl_tru777 extended permit ip any any
access-list RA-VPN extended permit ip 10.1.34.16 255.255.255.240 10.159.159.0 255.255.255.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 10.0.0.0 255.0.0.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 172.16.0.0 255.240.0.0
access-list acl_no-nat extended permit ip 10.1.34.0 255.255.255.0 192.168.0.0 255.255.0.0
access-list acl_ra-lock-tru777 extended permit ip 10.1.34.16 255.255.255.240 10.159.159.0 255.255.255.0
access-list acl_ra-lock-tru777 extended permit ip 10.159.159.0 255.255.255.0 10.1.34.16 255.255.255.240
ip local pool ra-pool 10.159.159.0-10.159.159.254 mask 255.255.255.0
nat (tru777) 4 access-list acl_no-nat
nat (tru777) 2 10.1.34.16 255.255.255.240
global (outside) 2 x.x.x.x
crypto isakmp nat-traversal 20
I think that is everything you should need, if not please just ask.
Thank you very much in advance,
ChrisHi Julio,
Here you go:
FWL01# sh nameif
Interface Name Security
Ethernet0/0 outside 0
Ethernet0/1 CLIENTS 50
Ethernet0/1.314 tru01 50
Ethernet0/1.313 dmz01 50
Ethernet0/1.316 tru02 50
Ethernet0/1.776 dmz776 50
Ethernet0/1.777 tru777 50
Management0/0 management 100
FWL01# sh run nat
nat (tru02) 1 192.168.3.0 255.255.255.240
nat (tru777) 4 access-list acl_no-nat
nat (tru777) 2 10.1.34.16 255.255.255.240
FWL01# sh run glob
global (outside) 1 interface
global (outside) 2 x.x.x.x
Thanks,
Chris -
When I take photos of myself, the image come out backwards. I have an iPad2 and an iPad 3, and both of them do the same with my self portraits. Any ideas on how to fix this. I use wifi.
Gmabert-
The front camera displays a reversed image on the screen, as if you were looking into a mirror. When you take a picture, it comes out normal, which is backwards to what you would have observed on the screen.
Fred -
Hight of ipod and click wheel surface not the same
The highness of surface from my ipod itself and clickwheel is not exactly the same. clickwheel is a little bit higher which is irritating while using it.
I checked some other ipods (5g's) and some have exactly the same level all over the cover which gives a better feeling.
Is it a failure from production or just a question of allowed tolerances?
Any experience with apple support?
ipod video 30gb Windows XPAfter a lot of searching and working on this, I found the problem - and it wasn't my previously theorized conspiracy to get us all to buy more from Apple.... It was quite simple actually.
http://docs.info.apple.com/article.html?artnum=304508 I followed all of these directions including re-installing the dlls and the usb drivers, but I think the key was that I have multiple USB devices plugged into my computer. I unplugged all but my wireless keyboard. Then I used a different USB port for my iPod than I had tried before. It updated..... Yeah. I don't have to buy one of the new over priced fancy models!!!! -
Asymmetric NAT rules matched for forward and reverse flows
Hi! I don't know why this comes up in the logs when I have configured my vpn like so:
crypto dynamic-map L2L_MAP 50 set reverse-route
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 20 match address IDP_VPN
crypto map L2L_MAP 20 set peer x.x.x.x
crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 40 match address cp_l2l_map_40
crypto map L2L_MAP 40 set peer x.x.x.x
crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 60 match address bwi_l2l
crypto map L2L_MAP 60 set peer x.x.x.x
crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 80 match address outside_80_cryptomap
crypto map L2L_MAP 80 set peer x.x.x.x
crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map L2L_MAP interface outside
crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
crypto map INSIDE_map interface inside
I am able to connect successfully via vpn client. Its just that i cant reach the internal servers... Any ideas?
i get this error:
Oct 18 2012 00:52:37: %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src outside:10.10.13.221/137 dst inside:10.10.13.255/137 deniedI put in the important configs:
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.0 standby x.x.x.x
ospf cost 10
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 10.10.13.5 255.255.255.0 standby 10.10.13.6
ospf cost 10
interface GigabitEthernet0/2
nameif dmz
security-level 50
no ip address
ospf cost 10
interface GigabitEthernet0/2.720
vlan 720
nameif dmz-vsp
security-level 50
ip address 172.24.0.1 255.255.255.0 standby 172.24.0.2
ospf cost 10
interface GigabitEthernet0/2.724
vlan 724
nameif dmz-dbz
security-level 75
ip address 172.24.4.1 255.255.255.0 standby 172.24.4.2
ospf cost 10
interface GigabitEthernet0/2.725
vlan 725
nameif dmz-smtp
security-level 50
ip address 172.24.5.1 255.255.255.0 standby 172.24.5.2
ospf cost 10
dns domain-lookup outside
dns domain-lookup inside
dns server-group DefaultDNS
name-server 10.10.10.50
domain-name xxxx.local
access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 172.16.0.0 255.255.0.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.2.0 255.255.255.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.3.0 255.255.255.0 10.40.4.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.0.0 255.255.0.0 10.40.14.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.10.0 255.255.255.0 10.10.13.0 255.255.255.0
access-list nonatacl extended permit ip 10.10.13.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list nonatacl extended permit ip 192.168.6.0 255.255.255.0 10.10.13.0 255.255.255.0
ip local pool inshse-vpn-pool2 192.168.6.220-192.168.6.230 mask 255.255.255.0
global (outside) 201 192.168.16.1-192.168.16.250
global (outside) 202 10.201.5.145-10.201.5.158
global (outside) 4 10.10.13.180-10.10.13.189 netmask 255.0.0.0
global (outside) 101 interface
global (outside) 1 x.x.x.x netmask 255.0.0.0
global (inside) 204 10.10.13.70-10.10.13.79 netmask 255.0.0.0
nat (inside) 0 access-list nonatacl
nat (inside) 201 access-list NAT_TO_IDP
nat (inside) 202 access-list inside2-vsp_nat_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
nat (dmz-vsp) 202 access-list dmz-vsp_nat_outbound
nat (dmz-vsp) 101 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside 10.0.0.0 255.240.0.0 10.10.13.1 1
route inside 10.40.1.0 255.255.255.0 10.10.13.1 1
route inside 10.40.2.0 255.255.255.0 10.10.13.1 1
route inside 10.40.3.0 255.255.255.0 10.10.13.1 1
route inside 10.40.4.0 255.255.255.0 10.10.13.1 1
route inside 10.40.13.0 255.255.255.0 10.10.13.1 1
route inside 10.40.254.0 255.255.255.0 10.10.13.1 1
route inside 172.16.0.0 255.255.0.0 10.10.13.1 1
route inside 192.168.2.0 255.255.255.0 10.10.13.1 1
dynamic-access-policy-record DfltAccessPolicy
aaa-server VPN_Auth protocol radius
aaa-server VPN_Auth (inside) host 10.10.2.20
timeout 5
key *****
no mschapv2-capable
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map L2L_MAP 50 set reverse-route
crypto dynamic-map OUTSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 40 set pfs
crypto dynamic-map OUTSIDE_dyn_map 40 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 60 set pfs
crypto dynamic-map OUTSIDE_dyn_map 60 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set transform-set ESP-3DES-SHA
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime seconds 288000
crypto dynamic-map OUTSIDE_dyn_map 65535 set security-association lifetime kilobytes 4608000
crypto dynamic-map INSIDE_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 20 match address IDP_VPN
crypto map L2L_MAP 20 set peer x.x.x.x
crypto map L2L_MAP 20 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 40 match address cp_l2l_map_40
crypto map L2L_MAP 40 set peer x.x.x.x
crypto map L2L_MAP 40 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 60 match address nonatacl
crypto map L2L_MAP 60 set peer x.x.x.x
crypto map L2L_MAP 60 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 80 match address outside_80_cryptomap
crypto map L2L_MAP 80 set peer x.x.x.x
crypto map L2L_MAP 80 set transform-set ESP-3DES-SHA
crypto map L2L_MAP 65535 ipsec-isakmp dynamic OUTSIDE_dyn_map
crypto map L2L_MAP interface outside
crypto map INSIDE_map 65535 ipsec-isakmp dynamic INSIDE_dyn_map
crypto map INSIDE_map interface inside
crypto isakmp enable outside
crypto isakmp enable inside
crypto isakmp enable dmz
crypto isakmp enable dmz-vsp
crypto isakmp policy 20
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
group-policy ihasavpn2_gp internal
group-policy ihasavpn2_gp attributes
dns-server value 10.10.10.52
vpn-tunnel-protocol IPSec
default-domain value xxxx.local
tunnel-group ihasavpn2 type remote-access
tunnel-group ihasavpn2 general-attributes
address-pool inshse-vpn-pool2
authentication-server-group VPN_Auth
authentication-server-group (inside) VPN_Auth
default-group-policy ihasavpn2_gp
tunnel-group ihasavpn2 ipsec-attributes
pre-shared-key *****
tunnel-group ihasavpn2 ppp-attributes
authentication ms-chap-v2 -
Null and empty string not being the same in object?
Hello,
I know that null and empty string are interpreted the same in oracle.
However I discovered the strange behaviour concerning user defined objects:
create or replace
TYPE object AS OBJECT (
value VARCHAR2(2000)
declare
xml xmltype;
obj object;
begin
obj := object('abcd');
xml := xmltype(obj);
dbms_output.put_line(xml.getStringVal());
obj.value := '';
xml := xmltype(obj);
dbms_output.put_line(xml.getStringVal());
obj.value := null;
xml := xmltype(obj);
dbms_output.put_line(xml.getStringVal());
end;
When creating xml from object, all not-null fields are transformed into xml tag.
I supposed that obj.value being either '' or null will lead to the same result.
However this is output from Oracle 9i:
<OBJECT_ID><VALUE>abcd</VALUE></OBJECT_ID>
<OBJECT_ID><VALUE></VALUE></OBJECT_ID>
<OBJECT_ID/>
Oracle 10g behaves as expected:
<OBJECT><VALUE>abcd</VALUE></OBJECT>
<OBJECT/>
<OBJECT/>
However Oracle 9i behaviour leads me to the conclusion that oracle
must somehow distinguish between empty string and null in user defined objects...
Can someone clarify this behaviour?
Thus is it possible to test if object's field is empty or null?However Oracle 9i behaviour leads me to the conclusion that oracle
must somehow distinguish between empty string and null in user defined objects...
Can someone clarify this behaviour?
Thus is it possible to test if object's field is empty or null?A lot of "fixes" were done, relating to XML in 10g and the XML functionality of 9i was known to be buggy.
I think you can safely assume that null and empty strings are treated the same by Oracle regardless. If you're using anything less than 10g, it's not supported any more anyway, so upgrade. Don't rely on any assumptions that may appear due to bugs. -
I have lost my apple ID for my ipod, now ive got a new iphone and i want to use the same ID for both, can anyone one tell me how to do this? ( i no my ID for the iphone)
Just use the same ID.
These may alos help:
How to use multiple iPods, iPads, or iPhones with one computer
What is the best way to manage multiple...: Apple Support Communities -
Ok Apple users...Is there a way to delete e-mails on my Mac and not have to delete the same e-mails on my iPhone, and iPad...and vise-versa. I have the Cloud, and thought that everything would sync all of the time. If you know of a setting I need to adjust, please let me know.
Are you referring to @mac.com, @me.com or @icloud.com emails? Or some other email providers emails?
If the former, it should do that automatically. If the latter, no. iCloud does not (nor is it supposed to) sync non-Apple provided emails. -
Runing BO 6.5 and Xi 3.0 on the same machine
I have installed 6.5 and Xi 3.0 on the same workstation. Both versions run fine when I run them one at a time (open one, work on it, then exit before starting the other).
However, when I run 6.5 and Xi 3.0 simultaneously, then the next time I try to run either of them, I receive a message asking me to install again.
Has anyone run into this?
Michael OHello Constantino,
Is there no way this will work? As I have several customers thinking about or planning an upgrade/migration to XI 3.0, running legacy and new software side-by-side on the same machine is a very important issue, especially as migrations are usually an incremental process, requiring both versions to co-exist for some time.
I have never had any problems running 5.x / 6.x and XI r2 on the same machine, even simultaneous, that's why I'm so surprised at the sudden change.
Any input would be welcome! Thank you!
Kind regards,
Kristof Speeckaert
Maybe you are looking for
-
Hi All,. Iam facing a problem..pls help me in this.. i am calling a jsp which is running on other server and from their i am calling an applet.. pls see the code ie subnav.jsp here sp.document.manager.url=http\://localhost\:90/inventx/login.jsp?Retur
-
Exporting and making a dvd - the best way is . . . ?
I have just posted a question about subtitles, but now I just need to know from the experts out there what is the best/fastest way to export your project and make a dvd. For years I've had issues with this - from it taking too long (up to 6 hours to
-
Referenz on interface controller needed
Hello, my COMPONENTCONTROLLER has an interface method which needs to be called outside the web dynpro component. To be more specific: this method needs to be called in an ABAP OO class, not in a using component. Therefore I want to transfer a referen
-
Just installed iWork 08 on my new Macbook Air (Mavericks) - writing 'invisibly' in Pages
Hi All I've just installed iWork08 but when I try and type something in Pages, it's as though I've written it in invisible ink. I have to highlight the whole page to see what I've just written (it comes up as a mauve colour). Does anyone have any ide
-
Is there a way to hide and unhide specific files programmatically using Labview?
I writing an application that produces 3 binary data files and I want the user to only see 1 of the 3 files. I'm using Labview 6.1 and windows 2000.