Getting intermittent connection to internal resources from vpn remote connection
Hi there,
I have an intermittent issue happening on my company's firewall, and I'm at a loss as to how to troubleshoot further. I'm hoping someone can give me some tips or pointers in the right direction.
We recently made some changes to our network, which included moving an ASA 5505 from one location to another. In moving this we also connected it to a different switch. It used to hang off a Cisco 3560, and now it hangs off a ProCurve 5406zl.
The setup is that the ASA is connected on two ports to the HP, which is simply a layer 2 device sitting between the firewall and the uplink to our ISP. One port, e0/0, is the outside interface and is set to switchport access vlan 2. The second interface, e0/1, is set for vlan 1, also access mode. It has an IP of 10.0.0.2. The HP on the other end of that has an IP of 10.0.0.1. So outside VPN connections come through the HP to the ASA on e0/0, and back out the ASA on port e0/1 to reach devices on the internal network.
What happens is that when a user connects to the VPN, they can reach internal resources intermittently. For example, I tried to ping an internal server IP address (let's say 10.0.0.23) from my laptop, while on the VPN, and pings failed. However I could ping that IP from the ASA itself. Another example is that during one VPN connection I was unable to connect to an internal web server, but once I disconnected and connected ahain I could reach the server fine.
The intermittent nature of the problem made me think that it could be an ARP issue, that somehow the traffic is getting sent back out the wrong interface sometimes, hence the lack of communication. However when I did show switch mac-address | include mac address, using the base mac of the HP, I only saw the mac address of the HP on one interface, e0/1. That makes me think that things are working as they should. Although I guess maybe it should appear on both interfaces...? I don't know. Can anyone share some ideas of what the problem might be, or how I can most effectively troubleshoot this? It seems like the symptoms are indicative of some kind of rookie mistake, but for the life of me I can't figure out what it is.
I appreciate your responses. Thanks.
Hi Jeff, and thanks. I didn't change anything in the config actually. The IP ranges didn't change, nor did the IP of the ASA itself. In its old setting it hung off of an intermittent Cisco switch, let's say IP 10.100.0.25. There were two other switches that used VRRP with a shared IP of 10.100.10.1 and acted as the default gateway for all devices on the network, except the ASA. The gateway switches in turn used the ASA, 10.100.10.2, as the default gateway. So, internal traffic would flow through 10.100.0.1 unless it needed to access an external network, i.e. the WAN, in which case the switch at 10.100.10.1 would send the traffic to the ASA at 10.100.10.2. The ASA's default gateway was the public IP of our ISP.
In the change we moved from using a Cisco core to an HP core, so the ASA was moved to hang directly off the HP. The HP was re-IP'd as 10.100.10.1, the ASA stayed the same. I didn't change any configuration on the ASA, and the only thing did to the HP was to change it's default gateway to point to the ASA (same as the old setup), and set the ports for the different vlans.
What I've also found is that at times once I establish a vpn connection I cannot even ping the connected HP switch from my client machine, but I can ping it from the ASA. If I disconnect from the vpn and try again, it may work. Here's some output based on commands in this link,
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00807c35e7.shtml#s1. For this command I am attempting to first ping 10.100.10.1 (the HP switch) and then ssh to it.
asa# capture capin interface inside match ip host 10.100.15.3 host 10.100$
asa# show cap
asa# show capture capin
18 packets captured
1: 11:00:24.574997 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request
2: 11:00:24.577210 802.1Q vlan#1 P6 10.100.10.1 > 10.100.15.3: icmp: echo reply
3: 11:00:25.585342 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request
4: 11:00:26.576676 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request
5: 11:00:27.584259 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request
6: 11:00:28.577896 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request
7: 11:00:29.590682 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request
8: 11:00:30.579529 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request
9: 11:00:31.588363 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request
10: 11:00:32.588317 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request
11: 11:00:38.699441 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S 2589950443:2589950443(0) win 65535
12: 11:00:39.642651 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S 2589950443:2589950443(0) win 65535
13: 11:00:40.645352 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S 2589950443:2589950443(0) win 65535
14: 11:00:41.648815 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S 2589950443:2589950443(0) win 65535
15: 11:00:42.649777 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S 2589950443:2589950443(0) win 65535
16: 11:00:43.659832 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S 2589950443:2589950443(0) win 65535
17: 11:00:45.654049 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S 2589950443:2589950443(0) win 65535
18: 11:00:49.664699 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S 2589950443:2589950443(0) win 65535
18 packets shown
asa# show capture capin detail
18 packets captured
1: 11:00:24.574997 001d.45e5.85ce 441e.a16a.8b00 0x8100 102: 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request (ttl 64, id 38278)
2: 11:00:24.577210 441e.a16a.8b00 001d.45e5.85ce 0x8100 102: 802.1Q vlan#1 P6 10.100.10.1 > 10.100.15.3: icmp: echo reply [tos 0xe0] (ttl 255, id
3: 11:00:25.585342 001d.45e5.85ce 441e.a16a.8b00 0x8100 102: 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request (ttl 64, id 9469)
4: 11:00:26.576676 001d.45e5.85ce 441e.a16a.8b00 0x8100 102: 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request (ttl 64, id 50837)
5: 11:00:27.584259 001d.45e5.85ce 441e.a16a.8b00 0x8100 102: 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request (ttl 64, id 24048)
6: 11:00:28.577896 001d.45e5.85ce 441e.a16a.8b00 0x8100 102: 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request (ttl 64, id 57505)
7: 11:00:29.590682 001d.45e5.85ce 441e.a16a.8b00 0x8100 102: 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request (ttl 64, id 8438)
8: 11:00:30.579529 001d.45e5.85ce 441e.a16a.8b00 0x8100 102: 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request (ttl 64, id 64136)
9: 11:00:31.588363 001d.45e5.85ce 441e.a16a.8b00 0x8100 102: 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request (ttl 64, id 24534)
10: 11:00:32.588317 001d.45e5.85ce 441e.a16a.8b00 0x8100 102: 802.1Q vlan#1 P0 10.100.15.3 > 10.100.10.1: icmp: echo request (ttl 64, id 56295)
11: 11:00:38.699441 001d.45e5.85ce 441e.a16a.8b00 0x8100 82: 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S [tcp sum ok] 2589950443:2589950
12: 11:00:39.642651 001d.45e5.85ce 441e.a16a.8b00 0x8100 82: 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S [tcp sum ok] 2589950443:2589950
13: 11:00:40.645352 001d.45e5.85ce 441e.a16a.8b00 0x8100 82: 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S [tcp sum ok] 2589950443:2589950
14: 11:00:41.648815 001d.45e5.85ce 441e.a16a.8b00 0x8100 82: 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S [tcp sum ok] 2589950443:2589950
15: 11:00:42.649777 001d.45e5.85ce 441e.a16a.8b00 0x8100 82: 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S [tcp sum ok] 2589950443:2589950
16: 11:00:43.659832 001d.45e5.85ce 441e.a16a.8b00 0x8100 82: 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S [tcp sum ok] 2589950443:2589950
17: 11:00:45.654049 001d.45e5.85ce 441e.a16a.8b00 0x8100 82: 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S [tcp sum ok] 2589950443:2589950
18: 11:00:49.664699 001d.45e5.85ce 441e.a16a.8b00 0x8100 66: 802.1Q vlan#1 P0 10.100.15.3.57943 > 10.100.10.1.22: S [tcp sum ok] 2589950443:2589950
18 packets shown
asa# show capture capin trace
7 packets captured
1: 11:04:53.510685 802.1Q vlan#1 P0 10.100.15.3.57954 > 10.100.10.1.22: S 1151368455:1151368455(0) win 65535
2: 11:04:54.491414 802.1Q vlan#1 P0 10.100.15.3.57954 > 10.100.10.1.22: S 1151368455:1151368455(0) win 65535
3: 11:04:55.482488 802.1Q vlan#1 P0 10.100.15.3.57954 > 10.100.10.1.22: S 1151368455:1151368455(0) win 65535
4: 11:04:56.499119 802.1Q vlan#1 P0 10.100.15.3.57954 > 10.100.10.1.22: S 1151368455:1151368455(0) win 65535
5: 11:04:57.489308 802.1Q vlan#1 P0 10.100.15.3.57954 > 10.100.10.1.22: S 1151368455:1151368455(0) win 65535
6: 11:04:58.493275 802.1Q vlan#1 P0 10.100.15.3.57954 > 10.100.10.1.22: S 1151368455:1151368455(0) win 65535
7: 11:05:00.495473 802.1Q vlan#1 P0 10.100.15.3.57954 > 10.100.10.1.22: S 1151368455:1151368455(0) win 65535
7 packets shown
Here are some additional potentially relevant sections of my ASA config (public IPs changed for security):
asa# show route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 1.1.1.125 to network 0.0.0.0
C 1.1.1.64 255.255.255.192 is directly connected, outside
S 10.100.15.3 255.255.255.255 [1/0] via 1.1.1.125, outside
S 10.105.0.0 255.255.0.0 [1/0] via 10.100.10.1, inside
C 10.100.0.0 255.255.0.0 is directly connected, inside
S* 0.0.0.0 0.0.0.0 [255/0] via 1.1.1.125, outside
Thanks in advance for your suggestions and observations.
Similar Messages
-
Getting error when reading xml file from a remote connection
Hi all,
I want to read an xml file from a remote connection, not from my local machine.So when i am creating the data server i am giving the host name(that is the ip of the machine where the xml file is located), giving the proper username and password and giving the path of the xml file. When i am testing the connection the error that is coming:- "Connection failed and the xml file could not be created, verify that you have write permission in the directory"...
but read write and execute permissions have been given on the directory as well as to the file...
Regards,
SouravHi Sutirtha,
Initially I have started the agent.sh giving the agent name <agent name>and port number 20910 and defined it in the topology manager it is showing that the agent test is succesful. Then I tested a particular Data server against that agent and the test was successful.
After this we had stopped the agent and restarted it.
However now suddenly the testing against the remote agent is failing with the following excep:
java.lang.Exception:
at com.sunopsis.graphical.l.pm.a(pm.java)
at com.sunopsis.graphical.l.pm.s(pm.java)
at com.sunopsis.graphical.l.pm.g(pm.java)
at com.sunopsis.graphical.l.pm.a(pm.java)
at com.sunopsis.graphical.l.pm.a(pm.java)
at com.sunopsis.graphical.l.iz.actionPerformed(iz.java)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.Dialog$1.run(Unknown Source)
at java.awt.Dialog.show(Unknown Source)
at java.awt.Component.show(Unknown Source)
at java.awt.Component.setVisible(Unknown Source)
at com.sunopsis.graphical.l.pm.q(pm.java)
at com.sunopsis.graphical.l.pm.<init>(pm.java)
at com.sunopsis.graphical.frame.b.jh.bx(jh.java)
at com.sunopsis.graphical.frame.bo.w(bo.java)
at com.sunopsis.graphical.frame.bo.d(bo.java)
at com.sunopsis.graphical.frame.w.actionPerformed(w.java)
at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
at java.awt.Component.processMouseEvent(Unknown Source)
at java.awt.Component.processEvent(Unknown Source)
at java.awt.Container.processEvent(Unknown Source)
at java.awt.Component.dispatchEventImpl(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
at java.awt.Container.dispatchEventImpl(Unknown Source)
at java.awt.Window.dispatchEventImpl(Unknown Source)
at java.awt.Component.dispatchEvent(Unknown Source)
at java.awt.EventQueue.dispatchEvent(Unknown Source)
at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
at java.awt.EventDispatchThread.run(Unknown Source)
PS: do i have to modify any file after or before starting the odi agent
Thnks and Rgds,
Sourav
Edited by: user13263578 on Mar 15, 2011 9:35 PM
Edited by: user13263578 on Mar 15, 2011 9:48 PM -
When I connect the USB dongle from the camera connection kit I get an accessory not supported by iPad message. The card reader triggered the same msg but works now. Same msg with vga. Others have posted this problem but the only suggestion anyone has offered is to reboot, which doesn't help. I've tried.
Thanks Fred. The nearest Apple store is about two hours away, so we did the next best thing & took it to Best Buy. It stumped the "Apple Guy" there. Apparently when an Apple product is turned on it works. Period. I'm impressed that the products are normally so dependable--it just stinks that I got the one in a million that's not. Anyway, now we wait for a service call Tuesday morning. Thanks again!
-
Thinking of purchasing Time Capsule.... Can I access my documents saved on (Home Network) Time Capsule from another Network??? For instance, I can access my documents saved on MyBookLive (which is connected to my wifi) from ANY wifi connection... Like when I'm at school I can download documents stored on my MyBookLive at home.... I love this feature... But I would prefer to keep my products apple... So my question is can I access my documents from ANYWHERE with Time Capsule???
Other products I have: MacBook (2009 limited edition it's aluminum) two iPad2 (2012) iPhone 5 (2012) two iphone4 iPod touch (2010) iPod Nano (2011)Remote access to TC is allowed by BTMM and iCloud service.
Not for ipad or iphone.. only the Macbook although I think people have some work arounds..
NOTE. Your school firewall should block it. If I was still working in network admin I would. ie you are risking the whole network to get access to files unchecked for viruses.. and please don't just say Macs don't get viruses, you can still be the source of the infection even if you don't suffer the disease. Just a carrier.
http://support.apple.com/kb/HT3486 -
Can't access internal network from VPN using PIX 506E
Hello,
I seem to be having an issue with my PIX configuration. I can ping the VPN client from the the internal network, but can cannot access any resources from the vpn client. My running configuration is as follows:
Building configuration...
: Saved
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password N/JZnmeC2l5j3YTN encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
hostname SwantonFw2
domain-name *****.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list outside_access_in permit icmp any any
access-list allow_ping permit icmp any any echo-reply
access-list allow_ping permit icmp any any unreachable
access-list allow_ping permit icmp any any time-exceeded
access-list INSIDE-IN permit tcp interface inside interface outside
access-list INSIDE-IN permit udp any any eq domain
access-list INSIDE-IN permit tcp any any eq www
access-list INSIDE-IN permit tcp any any eq ftp
access-list INSIDE-IN permit icmp any any echo
access-list INSIDE-IN permit tcp any any eq https
access-list inside_outbound_nat0_acl permit ip 192.168.0.0 255.255.255.0 192.168.240.0 255.255.255.0
access-list swanton_splitTunnelAcl permit ip any any
access-list outside_cryptomap_dyn_20 permit ip any 192.168.240.0 255.255.255.0
no pager
mtu outside 1500
mtu inside 1500
ip address outside 192.168.1.150 255.255.255.0
ip address inside 192.168.0.35 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPN_Pool 192.168.240.1-192.168.240.254
pdm location 0.0.0.0 255.255.255.0 outside
pdm location 192.168.1.26 255.255.255.255 outside
pdm location 192.168.240.0 255.255.255.0 outside
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 1 192.168.0.0 255.255.255.0 0 0
access-group outside_access_in in interface outside
access-group INSIDE-IN in interface inside
route outside 0.0.0.0 0.0.0.0 192.168.1.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map client authentication LOCAL
crypto map outside_map interface outside
isakmp enable outside
isakmp identity address
isakmp policy 20 authentication pre-share
isakmp policy 20 encryption des
isakmp policy 20 hash md5
isakmp policy 20 group 2
isakmp policy 20 lifetime 86400
vpngroup swanton address-pool VPN_Pool
vpngroup swanton dns-server 192.168.1.1
vpngroup swanton split-tunnel swanton_splitTunnelAcl
vpngroup swanton idle-time 1800
vpngroup swanton password ********
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.0.36-192.168.0.254 inside
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd auto_config outside
dhcpd enable inside
username scott password hwDnqhIenLiwIr9B encrypted privilege 15
username norm password ET3skotcnISwb3MV encrypted privilege 2
username tarmbrecht password Zre8euXN6HxXaSdE encrypted privilege 2
username jlillevik password 9JMTvNZm3dLhQM/W encrypted privilege 2
username ruralogic password 49ikl05C8VE6k1jG encrypted privilege 15
username bzeiter password 1XjpdpkwnSENzfQ0 encrypted privilege 2
username mwalla password l5frk9obrNMGOiOD encrypted privilege 2
username heavyfab1 password 6.yy0ys7BifWsa9k encrypted privilege 2
username heavyfab3 password 6.yy0ys7BifWsa9k encrypted privilege 2
username heavyfab2 password 6.yy0ys7BifWsa9k encrypted privilege 2
username djet password wj13fSF4BPQzUzB8 encrypted privilege 2
username cmorgan password y/NeUfNKehh/Vzj6 encrypted privilege 2
username cmayfield password Pe/felGx7VQ3I7ls encrypted privilege 2
username jeffg password zQEQceRITRrO4wJa encrypted privilege 2
terminal width 80
Cryptochecksum:9005f35a85fa5fe31dab579bbb1428c8
: end
[OK]
Any help will be greatly appreciatedBj,
Are you trying to access network resources behind the inside interface?
ip address inside 192.168.0.35 255.255.255.0
If so, please make the following changes:
1- access-list SWANTON_VPN_SPLIT permit ip 192.168.0.0 255.255.255.0 192.168.240.0 255.255.255.0
2- no vpngroup swanton split-tunnel swanton_splitTunnelAcl
vpngroup swanton split-tunnel SWANTON_VPN_SPLIT
3- no access-list outside_cryptomap_dyn_20 permit ip any 192.168.240.0 255.255.255.0
4- isakmp nat-traversal 30
Let me know how it goes.
Portu.
Please rate any helpful posts -
How to get the Ip address of machine from which a connection is obtained
Hi,
We are using Oracle HA solution and we would use at least 2 Db servers. I would like to know whether there is any way of obtaining the Ip address of the machine from which the connection has been obtained?
Thanks
Himadriknow whether
there is any way of obtaining the Ip address ofthe
machine from which the connection has beenobtained?
Let me get you right. Basically looks like you want
to get the IP address of the client machines who
connect to your server? Yes it very much possible.
Even a simple tool like netstat -a -n display
the IP addresses/port of remote hosts (clients). Its
part of the IP protocol to carry the addresses in the
packets. The question is how do you want to do this
in java? You should look at
java.net.ServerSocket.accept().getInetAddress()
API
trust it helps,
-BJNo. I have multiple databases which are used in a Oracle RAC solution. You can obtain connections from more than one DB servers. My question was how to obtain get the IP address of the DB Server from which the connection has been obtained.
Himadri -
Hello,
I have an Exchange 2010 question which I will post in the Exchange 2013 section since the Ask a question button in the legacy Exchange Servers section of technet takes me back to the part of Technet where I can only ask questions regarding Exchange 2013.
If someone can point me to a part where I can place a question in an Exchange 2010 forum please let me know.
We have Exchange 2010 setup with a CAS array listening to outlook.internaldomain.com
We have TMG 2010 setup with a rule for Outlook Anywhere, the rule listens to mail.externaldomain.com and traffic that meets this rule is let through to outlook.internaldomain.com.
When I fire up my laptop, which is connected to the internet, and start Outlook and let it configure my profile through autodiscover it sets it up correct and fills the Outlook profile with a servername stating outlook.internaldomain.com and a proxyserver
to be used stating mail.externaldomain.com. After initial setup when my Outlook starts it almost immediatly prompts me for a username and a password so this is working fine.
At the office we have an internal network segment where DHCP is servicing the connecting clients and giving them our internal DNS servers because they need connection to some other network segments which are not available to the internet. This network segment
does not have access to our internal Exchange environment but has full access to the internet. Clients in this network segment do want to use Outlook so using Outlook Anywhere for them is the logical way to go. When I connect my laptop to this network segment
I get handed an IP address and our internal DNS servers, when I start Outlook it takes about two minutes before a the credential prompt pops up and another 2 to 6 minutes after entering credentials before it says all folders are in sync. This is quite long
and our clients find this unacceptable.
I started testing what might be going on here and I have found that when I manually enter external DNS servers the Outlook password prompt will popup in seconds and all is working as expected so it seems Outlook is trying to connect to the internal servername
when using our internal DNS servers (which can resolve outlook.internalnetwork.com) instead of directly going to the proxy server which is to be used for Outlook Anywhere.
When I start a network monitor trace my thoughts are confirmed because when I am connected to the internal network segment OUTLOOK.EXE first tries to connect to outlook.internaldomain.com, it almost immediately gets a response stating that this route is
inaccessible but OUTLOOK.EXE keeps on trying to connect untill some sort of time out is reached (somewhere around two minutes) after which it connects to mail.externaldomain.com and Outlook shows the credential prompt.
So to round it up, when connected to DNS servers that can resolve the internal servername Outlook tries to connect to the internal servername in stead of the external name, Outlook does not reckognize the answer from the network that the internal route is
not acessible (or it does but does nothing with this information).
Has anybody experienced this behaviour in Outlook?
Does anyone have a solution in where I can force Outlook to connect to it's proxyserver and disregard the internal servername?Thank you for your reply.
The client computers that are experiencing the issues are not domain joined, the only reason I can think of why this is occurring is because the DNS servers are able to resolve the internal hostname of the server, but I would expect Outlook to always use
the proxy server that has been set in the configuration of the Outlook profile. Or at least acknowledging the answer that the initially tried route is inaccessible and immediately continue to the proxy server.
For setting the same hostname for internal and external use, we use different namespaces internally and externally, do you mean setting the external hostname on the CAS array for internal use ? Wouldn't that push all internal communication to the internet
and to the outside interface of the TMG where the server is published with that hostname ? -
Query a List of Open WMI connections on a server from a remote system
We are monitoring a specific windows service on a server using Sitescope remote monitoring. The sitescope system uses a WMI method to Check if the service on a specific server is up or not. Initially it works like a charm but over time the WMI connections from
sitescope time out and we have been told that Sitescope is not closing the WMI connection it opens gracefully and the open connections pile up.
I am looking for a way to list open WMI connections to a specific service and/or server from a remote system and a way to kill those connections via a scheduled PowerShell (or batch/perl) script. I was able to list specific classes by -list parameter
of the Get-WmiObject cmdlet
but am unable to determine which class will give me the information that I require and the method to kill those connections.Sitescope is not closing the WMI connection it opens gracefully and the open connections pile up.
1. It's not clear what "not closing the WMI connection it opens gracefully" means. WMI is a management technology that uses DCOM to connect to remote computers. (Is it really a question about DCOM?)
2. It's not clear what specifically "open connections pile up" means and what problem(s) it causes.
3. This is really a support question for that software's developer, not a question about WMI.
-- Bill Stewart [Bill_Stewart] -
SR520 Auto Reconnect VPN Remote Connection
Hi,
I am new to the SR520 router, and I have gotten the vpn server and remote to work. We have 3 of these routers, one at our corporate site, and one at each of our remote sites. The VPN's work good, but I would like them to auto-reconnect because we have some voice traffic that needs to pass over them, and the staff is not very capable of using the connection tool. Is this possible? Is there a time out on them that I can remove?
I have only used the Cisco Configuration Assistant to configure them, and when I used the command line, the vpn's wouldn't work.
Any help would be appreciated.Addis and I connected with Andy Hickman who share the following that could work for this.
To keep the tunnel up you can use the auto connect feature of EZVPN. This is pretty straight forward, just do the following:
Starting from a standard configuration built by CCA1.9 for remote access, use the following to allow the remote router to connect automatically to the UC500 VPN server.
On the UC500, add the following configuration via CLI:
crypto isakmp client configuration group EZVPN_GROUP_1
save-password
On the remote device (870 or SR520), add the following configuration via CLI:
crypto ipsec client ezvpn EZVPN_REMOTE_CONNECTION_1
username password
It is also strongly recommended that password encryption is configured on the remote device:
password encryption aes
key config-key password-encrypt -
New install issue-unable to connect to DB server from a remote client.
Hi experts,
I am new to setting up oracle server so pls bear with me...
I setup a db server (11g on top of 64bit Oracle Linux) at home (static 192.168.1.90). I verified that db, listener are up and running. However, I tried to connect to the server from a different client machine (192.168.1.108) within my home network but the server cannot be reached. I was able to ping both client and server using the IP addresses and hostnames. I followed the following steps to perform troubleshooting but was unable to move on beyond step 3, telnet-ing the server on port 1521. Can someone help me out what I should do make the port # (1521) is reachable by the client?
1. Check with "ping" using the IP address ("ping 198.11.34.43"
2. Check with "ping" using DNS name (e.g. "tnsping uranus")
3. Try telnet to the IP on port 1521 (telnet 1.2.3.4 1521)
4. Check with "tnsping" using TNS service name
5. Invoke SQL*Plus from the OS command line "sqlplus fred@flintstone". If this fails, check to ensure that your listener is the flintstone service defined.
6. Sign-on to SQL*Plus and connect with the TNS name ("connect fred/flintstome@service_name"
7. Within SQL*Plus, try a select from table@remote_db_link
thanks a lot in advance.user6391746 wrote:
Hi experts,
I am new to setting up oracle server so pls bear with me...
I setup a db server (11g on top of 64bit Oracle Linux) at home (static 192.168.1.90). I verified that db, listener are up and running. However, I tried to connect to the server from a different client machine (192.168.1.108) within my home network but the server cannot be reached. I was able to ping both client and server using the IP addresses and hostnames. I followed the following steps to perform troubleshooting but was unable to move on beyond step 3, telnet-ing the server on port 1521. Can someone help me out what I should do make the port # (1521) is reachable by the client?
1. Check with "ping" using the IP address ("ping 198.11.34.43"
2. Check with "ping" using DNS name (e.g. "tnsping uranus")
3. Try telnet to the IP on port 1521 (telnet 1.2.3.4 1521)
4. Check with "tnsping" using TNS service name
5. Invoke SQL*Plus from the OS command line "sqlplus fred@flintstone". If this fails, check to ensure that your listener is the flintstone service defined.
6. Sign-on to SQL*Plus and connect with the TNS name ("connect fred/flintstome@service_name"
7. Within SQL*Plus, try a select from table@remote_db_link
thanks a lot in advance.solution depends upon which ERROR is thrown.
Is COPY & PASTE broken for you?
It is really, Really, REALLY difficult to fix a problem that can not be seen.
use COPY & PASTE so we can see what you do & how Oracle responds. -
Inserting to a new table from a remote connection
I am having difficulties with selecting records from a remote database and inserting them into a current table. The following
statement is what I am using:
insert into sme_lc (WTN, BTN, BTNNAME, PICCODE, PICDATE, CRDDDST)
select a.wtn_cd as WTN,
a.old_btn_cd as BTN,
a.old_billing_nm as BTNName,
'LC LOSS' as PICCode,
a.event_dt as PICDate,
b.crd||b.ddst_cd as CRDDDST
from [email protected] a, [email protected] b
where a.old_btn_cd = b.btn_cd
and a.old_btn_cust_cd = b.cust_cd_suf
and b.crd in ('ASM','AMM')
and a.status_cd = 'L'
and a.status_type_cd = 'A'
and a.region_cd = 'O'
and a.event_dt between to_date('02-04-01','yy-mm-dd') and to_date('02-04-30','yy-mm-dd')
and (a.old_btn_cd, a.old_btn_cust_cd, a.wtn_cd) not in
(select old_btn_cd, old_btn_cust_cd, wtn_cd from [email protected] c
where c.old_btn_cd = a.old_btn_cd and c.old_btn_cust_cd = a.old_btn_cust_cd
and c.wtn_cd = a.wtn_cd
and c.status_cd = 'W' and a.status_cd = 'L' and c.event_dt > a.event_dt);
It returns an error of
and a.event_dt between to_date('02-04-01','yy-mm-dd') and to_date('02-04-30','yy-mm-dd')
ERROR at line 15:
ORA-00920: invalid relational operator
ORA-02063: preceding line from EIA.WORLD
If I remove the insert statement and simply run a select query, it runs fine. Does anyone have any ideas? Your help is much
appreciated!Try the following:
insert into sme_lc
(WTN, BTN, BTNNAME,
PICCODE, PICDATE, CRDDDST)
select a.wtn_cd, a.old_btn_cd , a.old_billing_nm,
'LC LOSS', a.event_dt, b.crd||b.ddst_cd
from [email protected] a, [email protected] b
where a.old_btn_cd = b.btn_cd
and a.old_btn_cust_cd = b.cust_cd_suf
and b.crd in ('ASM','AMM')
and a.status_cd = 'L'
and a.status_type_cd = 'A'
and a.region_cd = 'O'
and (a.event_dt between to_date('02-04-01','yy-mm-dd') and to_date('02-04-30','yy-mm-dd') )
and NOT EXISTS
(select 1
from [email protected] c
where c.old_btn_cd = a.old_btn_cd
and c.old_btn_cust_cd = a.old_btn_cust_cd
and c.wtn_cd = a.wtn_cd
and c.status_cd = 'W'
and c.event_dt > a.event_dt); -
How can I get my hp eprint email address from a remote location?
I am currently away from home and need to print something for my wife. I have tested out eprint before but never tried it from a remote location. I cannot recall the email address for my printer. Is there any way to retrieve this without being at the printer? I imagine that I had to sign in to the eprintcenter website to test this so alternatively, is there a way to retrieve the email address I used to set up my eprintcenter account? I am offered a way to retrieve the password but that doesn't help much if I cannot recall my eprintcenter account's email.
Thanks,
JeffHi Epoclaen,
I see that you are trying to locate your ePrint email address. The only way this can be done would be to log into your ePrint account so it would require you to remember your ePrint log on information. The email address that's used to create an account is usually your personal email address. I would try using your personal email address to log into the account. Let me know how it goes. -
Getting intermittent AccessViolationExceptions when accessing stores from Outlook.Stores object
We have a very strange situation in which we get random AccessViolationExceptions when trying to access stores (in particular our own) via the Outlook.Stores.
Here's a code snippet of how we're calling this (currently done in our Outlook.ExplorerEvents_ActivateEventHandler handler, and only the first time is is called)
Outlook.NameSpace ns = ThisAddIn.OutlookApplication.GetNamespace("MAPI");
Outlook.Stores stores = ns.Stores;
Outlook.Store store = null;
int nStoreCount = stores.Count;
for (int i = 1; i < nStoreCount; i++)
store = stores[i];
String name = store.DisplayName;
store = null;
When we get to the point of accessing a store via index, we will sometimes get the AccessViolationException, but only sometimes and only (as far as I can tell, since the order isn't always the same from run to run) our message store.
We originally had this bit of code in our ThisAddin_Startup sequence, but it would actually crash Outlook completely when the exception occurred, so I moved it out of there and it at least now doesn't bring down the whole application.
MFCMAPI has no trouble opening the message store ever.
I have seen some references in my research to problems with .net 4.0 and earlier with regards to SynchronizationContext being null, and we are using 4.0 and getting null SynchronizationContext.current values. But we get that when the exception doesn't happen,
too, so I don't know if that's a red herring. However, this code is a back-port from a newer version of our software that was coded against .Net 4.5, and we don't see the issue there at all. As this is going into a patch, build with VS2010, we can't change
the target platform.
I have tried moving the call to worker threads, and I even saw one suggestion of trying to do it in our Outlook.ExplorerEvents_SelectionChangeEventHandler code, but nothing seems to work.
I should note that after the exception occurs, and the Outlook Explorer window opens and populates, if the user manually clicks our message store node, the MSProviderInit->IMSProvider::Logon sequence fires, and fires without the MDB_NO_DIALOG flag being
sent in. During Outlook's start-up, we get that sequence of calls several times, but always with the MDB_NO_DIALOG set, so we return MAPI_E_LOGON_FAILED and don't execute the code which creates our IMsgStore object. So the user's manual operation causes our
IMsgStore to get created and everything is fine. The reason the above code is added is to try to simulate the user's manual action and sort of 'tickle' the store creation process.
When the AccessViolationException does not occur, we get the full MSProviderInit->IMSProvider::Logon, etc sequence. When it does except, we don't even get our MSProviderInit entry point called. It's almost as if our dll gets loaded and then Outlook loses
it.
Any thoughts on this?Hi Kevin Delgado,
>>if somebody knows what these other flags mean/are defined as in the context of the IMSProvider::Logon call, that would be great<<
Did you mean that the value of ulFlags? If yes, you can refer to the document below:
ulFlags
[in] A bitmask of flags that controls how the logon is performed. The following flags can be set:
MAPI_DEFERRED_ERRORS
The call is allowed to succeed even if the underlying object is not available to the calling implementation. If the object is not available, a subsequent call to the object might raise an error.
MAPI_UNICODE
The passed-in strings are in Unicode format. If MAPI_UNICODE is not set, the strings are in ANSI format.
MDB_NO_DIALOG
Prevents the display of logon dialog boxes. If this flag is set, the error value MAPI_E_LOGON_FAILED is returned if the logon is unsuccessful. If this flag is not set, the message store provider can prompt the user to correct a name or password, to insert
a disk, or to perform other actions that are necessary to establish connection to the store.
MDB_NO_MAIL
The message store should not be used for sending or receiving mail. The flag signals MAPI not to notify the MAPI spooler that this message store is being opened. If this flag is set and the message store is tightly coupled with a transport provider,
the provider does not need to call the IMAPISupport::SpoolerNotify method.
MDB_TEMPORARY
Logs on the store so that information can be retrieved programmatically from the profile section, without use of dialog boxes. This flag instructs MAPI that the store is not to be added to the message store table and that the store cannot be made permanent.
If this flag is set, message store providers do not need to call the IMAPISupport::ModifyProfile method.
MDB_WRITE
Requests read/write permission.
Also you can get more detail about IMSProvider::Logon function from link below:
https://msdn.microsoft.com/en-us/library/office/cc842201.aspx
Hope it is hlepful.
Regards & Fei
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Getting at a JAR file resource from an applet
I have an applet, which contains a class DBFReader (which I did not write, and do not have source code to). DBFReader takes a string as an argument that indicates the file name/location:
DBFReader mine = new DBFReader(String filelocation);
The file I want to get at is in the same JAR file as the applet it is not in a subdirectory or package. I cannot figure out how to get at the file. I have already tried the following:
DBFReader mine = new DBFReader(getClass().getResource("mydbffile.dbf"));
and
DBFReader mine = new DBFReader(getClass().getResource("mydbffile.dbf").getFile());
Neither of these work. Is there any way for me to get at this file?
Thanks,
PatrickThe error is runtime - the DBFReader throws an exception when you try to initialize it.
Patrick -
How to get records into two internal tables from 1 internal table?
VERME LGPLA
252.000 EA 300 0149A 410 0149
276.000 EA 300 0149A 410 0107
516.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
I have above records in my one internal table ITAB.
I want to divide these records in to two internal tables ITAB1 and ITAB2. and this is based on LGPLA and VERME.
If there is same LGPLA (last column) and different VERME (1st column) available, then it should append ITAB1
Otherwise it should append ITAB2.
ITAB1 should contain ,
516.000 EA 300 0149A 400 3013
ITAB2 should contain ,
252.000 EA 300 0149A 410 0149
276.000 EA 300 0149A 410 0107
528.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
528.000 EA 300 0149A 400 3013
I have tried with this code
Loop at itab .
IF lv_prev_lgpla = wa-lgpla and lv_prev_verme <> wa-verme.
APPEND wa TO itab1.
else.
APPEND wa TO itab2.
endif.
lv_prev_lgpla = wa-vlpla.
lv_prev_verme = wa-anfme.
Endloop.
But it contains,
516.000 EA 300 0149A 400 3013
in table ITAB2 which I dont want.
Points rewarded soon.
Regards,
RonnDear Ronny,
i am gining the solution below.But would request you to change your ITAB STRUCTURE LIKE THIS BEFORE USING THE CODE
VERME LGPLA
252.000 EA 300 0149A 0149 410
276.000 EA 300 0149A 0107 410
516.000 EA 300 0149A 3013 400
528.000 EA 300 0149A 3013 400
528.000 EA 300 0149A 3013 400
528.000 EA 300 0149A 3013 400
528.000 EA 300 0149A 3013 400
528.000 EA 300 0149A 3013 400
528.000 EA 300 0149A 3013 400
then do as follows.
SORT ITAB BY LGPLA VERME.
LOOP AT ITAB INTO WITAB.
W_INDEX = SY-TABIX.
here take all the abOve fields in temp fieds.
LW_VERME = WITAB-VERME..AND SO ON.
AT END OF LGPLA.
MOVE: all LW fields to work area of ITAB1
APPEND work area of ITAB1 TO ITAB1.
DELETE ITAB INDEX W_INDEX
ENDAT.
ENDLOOP.
Basically what u r doing here is thet u r using processing event.
So whenerv VERME changes this event will be triggered.
Just try this out...something like this only will be he logic.
Please let me know further
Maybe you are looking for
-
Safari (version 6.0.2) keeps crashing
I would greatly appreciate anyone's help as I have grown terrribly frustrated with Safari crashing randomly on me. I have searched the forum and the internet for possible solutions and have tried some but I have not been able to solve the issue. I a
-
Invalid object error while migrating oracle forms 6i to APEX
Hi, I have a form name abc.fmb and I did converted to xml and imported using application migration in APEX With these I have nine PL/SQL libraries (PLL). converted it to PLD using rwconvertor and imported in APEX. Also, I have 4 tables i.e data base
-
VPN disconnect after 1 minute with INTEL 10.4.5 to SERVER 10.4.6?
any clue?
-
itunes had a upgrade and it said it failed and i have tryed to uninstall and then reinstall , i havve run a reoair program and nothing seems to work. any ideas
-
Is send connectors fault tolerant for source servers?
Hi! I am in the process of applying SP3 on our Exchange 2010 environment. I have two Hubs that are both specified as source servers in our send connector to the internet. I just want to double check that when I'm applying SP3 to one of the server, th