Help, How to configure cisco ASA5505 to permit access to internal LAN

Hi everyone,
Once more I am stuck into another dilemma , I have configured a Cisco ASA 5505 to allow VPN access from outside to my LAN using Cisco VPN Client software. The connection is establishing properly with the ip address from my VPNPool.
From outside (on VPN connection) I can ping the interface e0/0 (outside) and the interface e0/1 (inside) of the firewall, but I cannot ping the layer 3 switch interface to which the ASA is connected ( int gi1/0/22 ip address 192.168.1.2/30 ) and I cannot ping any vlan interfaces inside my switch. Therefore, I cannot connect to any server on my internal LAN.
I hope my explaination does make sense, I am available at any time if further information is needed. Please find attached my ASA config.
Best regards,
BEN

Many thanks Marvin,
I have configured the router ospf the way you instructed me, I have changed the VPN Pool to a complete different class of 10.0.1.0/24, I have also configured : access-list OUTSIDE_IN_ACL permit icmp any any echo-relpy and access-group OUTSIDE_IN_ACL in interface outside. but I can only from my VPN connection ping both interfaces of the ASA and nothing else.
Please find attached my ASA and the layer 3 switch configs. And also ASA and L3 Switch ip route output.
Note this: When connected to my VPN, cmd>ip config /all it showing as follows: ip address 10.0.1.100
                                                                                                                               Subnet Mask 255.0.0.0
                                                                                                                                Def Gateway 10.0.0.1
                                                                                                                                dns server 192.168.30.3
Best regards,
BEN.
Message was edited by: Bienvenu Ngala

Similar Messages

How to configure Cisco ASA 5500 to work with the iPhone

We have Cisco ASA 5510 (latest firmware version), and apparently, according to Cisco website it is compatible with new iPhone 3G's IPSec client:
http://www.cisco.com/en/US/docs/security/vpnclient/cisco_vpnclient/iPhone/2.0/connectivity/guide/iphone.html
We've setup our first iPhone properly. It connects fine to the network, shows VPN connection as active. Gets a private IP address. But does not let any traffic go to the internal network. We thought it might be DNS problem, but it cannot connect to Exchange server even when using IP address instead of DNS. No luck either.
After checking ASA logs, we found that iPhone goes through Phase 1 authentication correctly. But then gives some kind of error, mentioning "Attribute 5".
Has anybody been successful configuring ASA5500 series (in particular 5510) to be used with iPhone?
I noticed that many people are having these problems.
Please do not post to this topic if you have ANY OTHER Cisco device.
Cisco specifies that iPhone is compatible only with Cisco ASA 5500 Security Appliances and PIX Firewalls. Neither Cisco IOS VPN routers nor the VPN 3000 Series Concentrators support the iPhone VPN capabilities.
Let's keep this topic only for users of ASA 5500 series and PIX Firewalls.
It would be extremely helpful for a large number of users if somebody posted a list of settings for ASA5500 or PIX firewall that DO work with iPhone 2.0
Thank you!
Oleg R

We found the solution and a bug in Cisco firmware (seems to be a bug).
First of all, thanks to our Chief Systems Architect Seb, here is a config that worked for us on a Cisco 5520 (latest firmware).
access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
access-list iphone_splitTunnelAcl standard permit <insert ip> <insert mask>
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set iphone esp-3des esp-sha-hmac
crypto ipsec transform-set iphone mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set pfs
crypto dynamic-map SYSTEMDEFAULT_CRYPTOMAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5 iphone
crypto map outside_map 10 match address vpn
crypto map outside_map 10 set transform-set ESP-AES-256-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEMDEFAULT_CRYPTOMAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto isakmp nat-traversal 20
group-policy iphone internal
group-policy iphone attributes
wins-server value <insert ip> <insert ip>
dns-server value <insert ip> <insert ip>
vpn-tunnel-protocol IPSec
ipsec-udp enable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value iphone_splitTunnelAcl
default-domain value <insert domain name>
tunnel-group iphone type remote-access
tunnel-group iphone general-attributes
address-pool VPN-Pool
authentication-server-group ActiveDirectory2
default-group-policy iphone
tunnel-group iphone ipsec-attributes
pre-shared-key <insert pre-shared key>
For iPhone you have to be using IPSec tab for configuration.
We tried to set up this config using the wizards, but it would not work.
Later it turned out that wizards by default set this setting:
"crypto isakmp nat-traversal 20"
equal to zero and there is no way to change it from the GUI.
Only after we changed it (increased the value from 0 to 20) through the command line the connection started working perfectly.
Please let me know how it works out for you.
Message was edited by: Rogik
Message was edited by: Rogik

Please help : How to configure a datasource in 9iAS

Hello all,
I am new at 9iAS . Can anyone tell me how we configure datasource with JNDI name in 9iAS.
any help will be appriciated.
Thanks a lot
Madhukar
null

Do you mean from flash in a web page or do you mean
converting the swf file format (maybe with a decompiler or
whatever).
If you're meaning to do it from flash in a web page:
You can't save a movieclip from flash to svg. You could
perhaps record drawingAPI commands and create the appropriate svg
output in an internal xml object which you then send to the server.
But I don't know of any pre-built classes to do that (disclaimer:
because I don't know of any doesn't mean they don't exist).
Going from svg to flash is doing it the other way around.
Converting the svg paths back to actionscript drawing commands. I
think I've seen some examples of this online somewhere.

Need Help: How to configure/set-up custom interchange code values in B2B

Hello All,
Hope everybody is doing well.
We are currently facing a problem in implementing Inbound 850 Purchase Orders in B2B from one of our Trading Partners (Customer).
The Customer will be sending us EDI ANSI X12 ver 4010 Purchase Order files, but in the file they are sending a custom GS08 (8th element of GS Segment having Version/Release/Industry Identifier Code) value i.e. "004010RIFMAT".
The above value is not present in the Standard Code values when we define an ECS using B2B Document Editor.
Hence the document is failing in B2B since it is not able to identify the Trading Partner.
If anyone has faced similar issues, I would appreciate if you could let me know on how to configure the same in B2B. Please let me know the steps in detail.
Thanks In Advance.
Regards,
Dibya

Hello Dibya,
Can you create a new group ecs with appropriate codelist for GS08 and use it while modelling B2B flow. Make sure to undeploy and validate the agreement.
Rgds,Ramesh.

How to configure Cisco Unity connection 8.x to play an after hours call handler

Hi,
I have CUCM 8.6 and CUX 8.6, we have successfully configured Call Handlers to play greetings. But the problem is greeting is played complete day and all the day in a week. We want to customize this call handler so that it plays only during the business hours and also during the weekdays.
I have a recorded after hours and holiday greetings recorded but unable to find the way to configure it for Holiday greetins. Please help with the configuration part.
Regards
MAC

Hi MAC,
What you need to do is configure a schedule for the call handler. On Unity Connection, you can browse to System Settings > Schedules (and Holiday Schedules). In here, you create your schedules to say which times of the day you are open. You then go back to your call handler and apply these schedules that you've created.
Now when a call comes into the call handler, it will check the time against its schedule and play the appropriate greeting.

Remote access VPN with Cisco Router - Can not get the Internal Lan .

Dear Sir ,
I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .Please see the attachment for Scenario, Configuration and Ping status.
I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
Below is the IP address of the device.
Local PC connect with Router -2 (Through MS Loopback) Router -2 Router-1 PC -01
IP Address :10.10.10.2 Mask : 255.255.255.0 F0/01
IP address:10.10.10.1
Mask:255.255.255.0 F0/0
IP Address :20.20.20.1
Mask :255.255.255.0
F0/1
IP address :192.168.1.3
Mask:255.255.255.0
F0/0
IP address :20.20.20.2
Mask :255.255.255.0
F0/1
IP address :192.168.1.1
Mask:255.255.255.0
I can ping from local PC to the network 10.10.10.0 and 20.20.20.0 .Please find the attach file for ping status .So connectivity is ok from my local PC to Remote Router 1 and 2.
Through Cisco remote vpn client, I can get connected with the VPN Router R1 (Please see the VPN Client pic.)But cannot ping the network 192.168.1.0
Need your help to fix the problem.
Router R2 Configuration :!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R2
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip tcp synwait-time 5
interface FastEthernet0/0
ip address 20.20.20.2 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
end
Router R1 Configuration :
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R1
boot-start-marker
boot-end-marker
aaa new-model
aaa authentication login USERAUTH local
aaa authorization network NETAUTHORIZE local
aaa session-id common
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
username vpnuser password 0 strongpassword
ip tcp synwait-time 5
crypto keyring vpnclientskey
pre-shared-key address 0.0.0.0 0.0.0.0 key cisco123
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group remotevpn
key cisco123
dns 192.168.1.2
wins 192.168.1.2
domain mycompany.com
pool vpnpool
acl VPN-ACL
crypto isakmp profile remoteclients
description remote access vpn clients
keyring vpnclientskey
match identity group remotevpn
client authentication list USERAUTH
isakmp authorization list NETAUTHORIZE
client configuration address respond
crypto ipsec transform-set TRSET esp-3des esp-md5-hmac
crypto dynamic-map DYNMAP 10
set transform-set TRSET
set isakmp-profile remoteclients
crypto map VPNMAP 10 ipsec-isakmp dynamic DYNMAP
interface FastEthernet0/0
ip address 20.20.20.1 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPNMAP
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip local pool vpnpool 192.168.50.1 192.168.50.10
ip forward-protocol nd
ip route 10.10.10.0 255.255.255.0 FastEthernet0/0
no ip http server
no ip http secure-server
ip nat inside source list NAT-ACL interface FastEthernet0/0 overload
ip access-list extended NAT-ACL
deny ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended VPN-ACL
permit ip 192.168.1.0 0.0.0.255 192.168.50.0 0.0.0.255
control-plane
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
end

Dear All,
I am doing Remote Access VPN through Cisco Router. Before the real deployment, I want to simulate it with GNS3.Need you help to complete the job .
Please see the attachment for Scenario, Configuration and Ping status. I am getting IP address when i connect through VPN client .But I can not ping to the internal lan -192.168.1.0.Need your help to sole the issue.
Waiting for your responce .
--Milon

How to Configure Cisco ASA 5512 for multiple public IP interfaces

Hi
I have a new ASA 5512 that I would like to configure for multiple public IP support. My problem may be basic but I am an occasional router admin and don't touch this stuff enough to retain everything I have learned.
Here is my concept.    We have a very basic network setup using three different ISPs that are currently running with cheap routers for internet access. We use these networks to open up access for Sales to demo different products that use a lot of bandwidth (why we have three)
I wanted to use the 5512 to consolidate the ISPs so we are using one router to manage the connections. I have installed an add on license that allows multiple outside interfaces along with a number of other features.
Outside Networks (I've changed the IPs for security purposes)
Outside1 E 0/0 : 74.55.55.210 255.255.255.240 gateway 74.55.55.222
Outside2 E 0/2: 50.241.134.220 255.255.248 gateway 50.241.134.222
Inside1 : E 0/1 192.168.255.1 255.255.248.0
Inside2 : E 0/3 172.16.255.1 255.255.248.0
My goal is to have Inside 1 route all internet traffic using Outside1 and Inside 2 to use Outside2.    The problem is I can't seem to do this. I can get inside 1 to use outside 1 but Inside2 uses Outside 1 as well.
I tried adding static routes on Outside2 to have all 172.16.248.0/21 traffic use gateway 50.241.134.222 but that doesn't seem to work.
I can post my config up as needed. I am not well versed in Cisco CLI, I've been using the ASDM 7.1 app. My ASA 5512 is at 9.1.
Thanks in advance for the suggestions/help

I have been away for a while and am just getting caught up on some posts. so my apology for a delayed response.
I find the response very puzzling. It begins by proclaiming that to achieve the objective we must use Policy Based Routing. But then in the suggested configuration there is no PBR. What it gives us is two OSPF processes using one process for each of the public address ranges and with some strange distribute list which uses a route map. I am not clear what exactly it is that this should accomplish and do not see how it contributes to having one group of users use one specific ISP and the other group of users use the other ISP>
To the original poster
It seems to me that you have chosen the wrong device to implement the edge function of your network. The ASA is a good firewall and it does some routing things. But fundamentally it is not a router. And to achieve what you want were a group of users will use a specified ISP and the other group of users will use the other ISP you really need a router. You want to control outbound traffic based on the source of the traffic, and that is a classic situation where PBR is the ideal solution. But the ASA does not do PBR.
HTH
Rick

How to configure CISCO ASA 5510 for internal remote desktop ?

Helo,I have a client that want to install new ASA (5510) in their network.
and then I did some experiment to implement it. the topology is like this :
--------configuration---------
2800 router :
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 192.168.11.3 255.255.255.0
duplex auto
speed auto
ip route 192.168.12.0 255.255.255.0 172.16.1.2
1841 router :
interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
ip route 0.0.0.0 0.0.0.0 172.16.1.1
ASA 5510 :
: Saved
: Written by enable_15 at 19:21:31.639 UTC Mon Sep 13 2010
ASA Version 8.2(1)
hostname ciscoasa
enable password **** encrypted
passwd ***** encrypted
names
name 192.168.12.0 Branch
dns-guard
interface Ethernet0/0
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.11.1 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
shutdown
no nameif
no security-level
no ip address
management-only
boot system disk0:/asa821-k8.bin
ftp mode passive
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 Branch 255.255.255.0
access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 any
access-list inside_access_in extended permit ip Branch 255.255.255.0 192.168.11.0 255.255.255.0
tcp-map mssmap
synack-data allow
invalid-ack allow
seq-past-window allow
urgent-flag allow
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
asdm location Branch 255.255.255.0 inside
no asdm history enable
arp timeout 14400
static (inside,inside) 192.168.11.2 192.168.11.2 netmask 255.255.255.255
static (inside,inside) 192.168.12.2 192.168.12.2 netmask 255.255.255.255
access-group inside_access_in in interface inside
route inside Branch 255.255.255.0 172.16.1.1 1
timeout xlate 3:00:00
timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 0.0.0.0 0.0.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username ***** password ***** encrypted
class-map mymap
match access-list inside_access_in
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
policy-map myPolicy
class mymap
set connection advanced-options mssmap
service-policy global_policy global
service-policy myPolicy interface inside
prompt hostname context
Cryptochecksum:a605d94f29924e5267644dd0f4476145
: end
I can successfully ping from host 192.168.12.2 to 192.168.11.2, but I can't do remote desktop from those host.
then I use wireshark to capture packet in my computer and it says that TCP ACKed Lost Segment.
"1373","164.538081","192.168.11.2","192.168.12.2","TCP","47785 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2"
"1374","164.538993","192.168.12.2","192.168.11.2","TCP","[TCP ACKed lost segment] ms-wbt-server > 47785 [RST, ACK] Seq=1 Ack=1407706213 Win=0 Len=0"
I can guarantee that both computers are remote desktop enabled and all firewall have been disabled.
please help, any suggest would be great .
thanks .
sincerley yours
-IAN WIJAYA-

ear Ian_benderaz,
Thank god i am not alone on this ,
Me too having the exact same problem , i can ping to the host ,but no remote desktop .
Somebody please help me on this , how enable remote desktop on asa 5505
Thanks

How to configure Cisco Airespace in Cisco Secure ACS v5.3

Need some help regarding Cisco Airespace configuration in Cisco Secure ACS v5.3. We're migrating to ACS v5.3 but we're encountering an issue with
Cisco Airespace. It is only working on ACS4.1 but when we tried to move it to Cisco Secure ACS v5.3, it is not working.

Ok, we have a legacy Cisco wireless devices called Cisco Airespace and this device is the result of Cisco acquisition of Airespace Wireless Network in 2005. Cisco improve this technology and make it a perfect device for WLAN. Going back to my issue, as I mention we have this device and it is working in our older version of ACS (4.x). Since we have now a latest version of ACS which is 5.3. We wanted to migrate all the device into our latest version of ACS including older version (Airespace). Since this is an older device, I'm thinking that the VSA attributes needs to manually added and create Policy and Access Service specific to Cisco Airespace. I've attached the Dictionaries attributed that I've added and needs some advise if I got the correct value for below item
Airespace-WLAN-Id
Airespace-QoS-Level
Airespace-DSCP
Airespace-802.1p-Tag
Airespace-Interface-Name
Airespace-ACL-Name
Below link is the configuration guide for Cisco Airespace under ACS 4.x
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080891919.shtml

How i configure cisco wireless controller

how i can confiure cisco wireless controller

Cisco Wireless LAN Controller Configuration Guide, Release 7.0:
http://www.cisco.com/c/en/us/td/docs/wireless/controller/7-0/configuration/guide/c70.html

How to Configuration Cisco 3725 with NEC ASPILA EX

Dear all;
Now i have Cisco 3725 with 1-Port Channelized E1/T1/ISDN-PRI, i am connect to NEC ASPILA EX with PRI I/F (1PRIU-A1.
The controller link state up, but when clients dialin to RAS not have ring back or not connect to RAS.
anyone can help me?

Hi;
i'am config cisco as you recommended is "isdn protocol-emulate network" and "clock source should be internal". After the remote computer call to RAS it have modem signal and then connected, next time it disconnect. can i change some parameter for this problem or what i'am wrong?. I post config, status, and debug message for you. Help me..
===== show isdn status ===========
#show isdn status
Global ISDN Switchtype = primary-net5
ISDN Serial2/0:15 interface
******* Network side configuration *******
dsl 0, interface ISDN Switchtype = primary-net5
Layer 1 Status:
ACTIVE
Layer 2 Status:
TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
Layer 3 Status:
0 Active Layer 3 Call(s)
Active dsl 0 CCBs = 0
The Free Channel Mask: 0xFFFF7FFF
Number of L2 Discards = 0, L2 Session ID = 0
Total Allocated ISDN CCBs = 0
=============== sh controllers e1 2/0 brief ========
#sh controllers e1 2/0 brief
E1 2/0 is up.
Applique type is Channelized E1 - unbalanced
No alarms detected.
alarm-trigger is not set
Framing is CRC4, Line Code is HDB3, Clock Source is Internal.
Module type is Channelized E1/T1 PRI
Version info Firmware: 0000001D, FPGA: 0
Hardware revision is 0.0 , Software revision is 29
Protocol revision is 1
number of CLI resets is 0
receive remote alarm : 0,
transmit remote alarm : 0,
receive AIS alarm : 0,
transmit AIS alarm : 0,
loss of frame : 1,
loss of signal : 1,
Loopback test : 0,
transmit AIS in TS 16 : 0,
receive LOMF alarm : 0,
transmit LOMF alarm : 0,
========== Interface config.=============
controller E1 2/0
clock source internal
line-termination 75-ohm
pri-group timeslots 1-31
interface Serial2/0:15
no ip address
ip nat inside
encapsulation ppp
ip policy route-map nachi-worm
dialer rotary-group 1
dialer-group 1
isdn switch-type primary-net5
isdn protocol-emulate network
isdn incoming-voice modem
no fair-queue
no cdp enable
=================Debug Message when call to RAS ===========================
Mar 6 22:40:29 BANGKOK: ISDN Se2/0:15 Q931: RX <- SETUP pd = 8 callref = 0x000B
Bearer Capability i = 0x8090A3
Standard = CCITT
Transer Capability = Speech
Transfer Mode = Circuit
Transfer Rate = 64 kbit/s
Channel ID i = 0xA9838B
Exclusive, Channel 11
Calling Party Number i = 0x0081, N/A
Plan:Unknown, Type:Unknown
Called Party Number i = 0x81, '075205600'
Plan:ISDN, Type:Unknown
Low Layer Compat i = 0x8090A3
High Layer Compat i = 0x9181
Mar 6 22:40:29 BANGKOK: ISDN Se2/0:15 Q931: TX -> CALL_PROC pd = 8 callref = 0x800B
Channel ID i = 0xA9838B
Exclusive, Channel 11
Mar 6 22:40:29 BANGKOK: ISDN Se2/0:15 Q931: TX -> ALERTING pd = 8 callref = 0x800B
Mar 6 22:40:29 BANGKOK: ISDN Se2/0:15 Q931: TX -> CONNECT pd = 8 callref = 0x800B
Mar 6 22:40:35 BANGKOK: %ISDN-6-CONNECT: Interface Serial2/0:10 is now connected to unknown unknown
Mar 6 22:40:46 BANGKOK: %ISDN-6-DISCONNECT: Interface Serial2/0:10 disconnected from unknown , call lasted 17 seconds
Mar 6 22:40:46 BANGKOK: ISDN Se2/0:15 Q931: TX -> DISCONNECT pd = 8 callref = 0x800B
Cause i = 0x8290 - Normal call clearing
Mar 6 22:40:47 BANGKOK: ISDN Se2/0:15 Q931: RX <- RELEASE pd = 8 callref = 0x000B
Mar 6 22:40:47 BANGKOK: ISDN Se2/0:15 Q931: TX -> RELEASE_COMP pd = 8 callref = 0x800B
==============================================

Help : how to configure attendance in schema (PE02)

dear SAP masters,
can u help me find what's wrong with my schema? it can't work properly
VARSTP2002 :
- N
- Y :
 HRS?4.00 :
 - <
 - = :
 - HRS=1
 - ADDZLS2816
 - > :
 - HRS=1
 - ADDZLS2816
(condition : if there is some data in Infotype 2002, then check if attendance hours / STDAZ is more or equal to 4 hours, then add some value to wage type 2816)
thanks & regards,
Edison

Hi Srinivas,
I have a question on this.Will they get one leave added to quota after 20 days of physical attendance?so that they can use that later?
In that case,you can write a PCR.
you have to use a counter time type to count the number of attendance.
Please follow these steps.
1.Create a timetype for example say Z123 .name it as Day counter.and create anotehr time type to store leave accruals.
2.then create some absence quota and for leave accrual and in set base entitle ments for that quota specify this time type Z234 in the day balace column.(I will paste the link which explains,how to create a abs quota which is to be generated by TE).
3.write a rule like this
VARSTPRSNT //EMPLOEE PRESENT?
 N 
Y HRS=DZ123
 HRS?20
 < HRS=1
 ADDDBZ123
HRS=1
 ADDDBZ234
 HRS=0
 ADDDBZ123Z
call this rule with ACTIO
here is the link,which explains how to create an abs quota
Time quota configuration

How to configure cisco 3650-24ts-s switch in high availability mode

Hi, I bought 2 nos 3650-24ts-s switch with accessories. i have created 10 vlans & given internal access in one switch. Now I need to configure another switch as standby or HA mode so if any thing goes wrong in first switch, second one will take automatic. Pl help to provide me step by step guide for doing the same.thnaks

Depending on license you could have access to setup HSRP between them. Since they aren't stacked switches I would also do a port channel.

HELP: How to configure ichat

I want to use google talk on ichat.
what i've done so far.
- registered with google talk
- downloaded spark
- failed to create a new spark/ jabber account using my google talk id. which server i need to fill in here?? talk.google.com???
i'm really stuck in the bushes..

You should be able to click past those to the Jabber screen. (or in fact to iChat launching with no Buddy List).
Form there you should be able to Access the Preferences.
The Instructions are written from the Tiger Premise that you already use iChat and would have a AIM or @mac name.
http://www.ralphjohns.co.uk/page2.html My version
Ryan's version
I have not forced iChat to go through the Start Up screen whilst in Leopard.
The Jabber page may now contain a drop down like the AIM/@mac one earlier for Jabber and Google
Hope that helps
9:07 PM Tuesday; February 12, 2008

Please help how to configure this.....

SAP GURUS
The symbol for the currency key is missing in form ZFI_VOUCHER
Following foreign currency checks could not be printed
CoCd Payment document/Payment order
2000 1500000003

Hello
This is a tech issue and not configuration.
You need to add a command in the SAP script form, take the assistance of an ABAPer
Looking at checks printing program RFFOUS_C, specifically at subrutine scheck at RFFORI01 include, you can see the error F0 254 (the one i was getting when all these sapscript deep diving started) and why it is raised... The program simply looks for a non-comment line containing the pattern "REGU+-WAERS" in window CHECK of the parametrized form to be used for printing the check... With this information is easy to get a round to error, and your tip just enters well in this logic
Reg
Suresh

Help, How to configure cisco ASA5505 to permit access to internal LAN

Similar Messages

Maybe you are looking for