How to configure QOS on certain IP in the Cisco ASA 5510

Similar Messages

• How to Enable IP Accounting or capture packets in Cisco ASA 5510 (8.2)

  Hi All,
  How to Enable IP Accounting or capture packets in Cisco ASA 5510 (8.2)
  Thanks
  Roopesh

  Hi Roopesh,
  Please go through this document for detailed documentation on captures:
  https://supportforums.cisco.com/docs/DOC-17814
  Hope that helps.
  Thanks,
  Varun Rao
  Security Team,
  Cisco TAC

• How to configure multiple listeners to listen for the same instance.

  Hello everyone,
  I am running oracle database 11g and I want information regarding how to configure multiple listeners to listen for the same database instance. Actually I know how to configure more than one listener but the main thing that I am confused about is when we create listener.ora file, do we have to statically register the database instance with both the listeners or the instance will register itself with both the listeners.
  According to my knowledge the instance will register with the listener specified by LOCAL_LISTENER parameter and we cannot have more than one value for this parameter.
  Please only give detailed answers with example as I am tired of simple answers with details that I already know.

  Hello,
  Yes, it can make sense to have several listener for one Oracle instance. For instance you may have one listener for the applications another listener for DBA administration tasks as well as one listener dedicated to dataguard broker. It is not possible to have several listeners listening on the same IP and Port.
  By default the database try to automatically register to a listener on port 1521. To instruct the instance to register to a specifc list of listeners you can add in the init.ora the local_listener parameter with an alias definition:
  i.e
  local_listener=MY_SET_OFF_LISTENERS
  in your tnsname.ora add an entry called:
  MY_SET_OFF_LISTENERS_LOCAL= (ADDRESS_LIST=
  (ADRESS=(PROTOCOL=TCP)(HOST=myhostname)(PORT=1530))
  (ADRESS=(PROTOCOL=TCP)(HOST=myhostname)(PORT=1531))
  (ADRESS=(PROTOCOL=TCP)(HOST=myhostname)(PORT=1532))
  In this sample your instance will register to three listeners listening on respectively port 1530, 1531 and 1532
  If you want your clients can be balanced over the 3 listeners

• How to configuration of pricing procedure based on the Region

  Hi,
  please help me how to configuration of pricing procedure based on the Region in the roll out project.
  Thanks
  mustafa

  What I proposed to do was,
  a. Create routes like 0 day route, 1 Day route, 2 day route etc.
  b. Route determination is based on the Shipping condition of the customer. Put in the shipping condition for the customer as 00 - immediate delivery. 01 - By Truck, 02 - By Rail, 03 - Ship etc
  c. Now, put in your route determination in such a way that routes change in the sales order with shipping condition (SC). Like, if the shipping condition is set to 00, then 0 day route comes up. Meaning immediate delivery, if SC is 01, then your normal route by truck picks up. etc.
  When the sales order is manually created, you know the time of creation. As route is one of the criteria, the material confirmation happens based on number of days you put in the route to reach the destination. Now that you have the material available for today's delivery, the delivery program can be run to create it, or it can be manually created.
  Now, when you configure the route you have to specify 'Transit duration in calendar days'.
  When you have the sales order created electronically (say thru EDI), then, you may have to ask them to send in shipping condition. Else, you have to modify the function module Idoc_input_orders in such a way that if the sales order creation time is < 12 PM, then put shipping condition as 00, else copy what ever is there in the customer.
  If you do not want to check the time manually when the user creates the sales order, then you may have to use the user exit MV45AFZZ (and I think you can use Save_order_prepare) to check the time and change the shipping condition. By this you will avoid extra coding in Idoc_input_orders and also need not bother if the user changed the route or not.
  Hope my explanation helps.
  Regards,
  Mukund S

• Could you please tell me how to configure NSP as « trusted » system  in the latest trial version of NetWeaver?

  Hi,
  Could you please tell me how to configure NSP as « trusted » system in the latest trial version of NetWeaver?
  Please see the attachment.
  Thanks,
  Marc

  Hi Marc,
  go to transaction STRUSTSSO2, generate a certificate for your system, then add it to certicate list and to ACL for your client.
  There will probabely be  several parameters to set in instance profile if you plan to use SSO.
  Best regards,
  Vincent

• Configure our own Public IP pool on Cisco ASA firewall

  Hey everyone,
  I need some assistance on the below requirement...Today we have only one internet circuit connected with our external firewall where we are using /26 public IP address for all external traffic. Now we managed to obtain our own subnet (/24) from ARIN and would like to configure on the firewall/internet router for all external services. Is my approach right in order to configure our own subnet on the firewall?
  1. Create a dedicated interface on the Cisco ASA firewall for new public pool...if there is no free interface; then virtual interface also should be fine.
  2. Make sure an appropriate route towards Internet router ( or create default route towards OUTSIDE interface)
  3. Speak to Internet service provider and explain that you are planning to use this specific public IP address on your n/w and ask them to publish in their BGP world with proper prefix#
  4.Implement one external static NAT and make sure everything works as expected.
  Thanks in advance Network Experts!!!
  Regards
  VGS

  You have the basics. but I do have a couple comments / questions
  1. What ASA are you running? If you do not have a free interface and plan to create subinterfaces, you will need to remove the configuration of one of the interfaces, then create subinterfaces and then re-apply the configuration you removed to one of the subinterfaces there...So, why not just overwrite the existing external interface?  Also, keep in mind that the ASA does not support two default routes.  (though I have heard some rumours that this might be added to the 9.3 release, but I have not had this confirmed)
  4. You don't really say what you are going to use this new setup for, but if you are using it for internet then adding just a static NAT will not be enough, you will also need a dynamic NAT.
  Please remember to select a correct answer and rate helpful posts

• How to configure CISCO ASA 5510 for internal remote desktop ?

  Helo,I have a client that want to install new ASA (5510) in their network.
  and then I did some experiment to implement it. the topology is like this :
  --------configuration---------
  2800 router :
  interface FastEthernet0/0
  ip address 172.16.1.1 255.255.255.0
  duplex auto
  speed auto
  interface FastEthernet0/1
  ip address 192.168.11.3 255.255.255.0
  duplex auto
  speed auto
  ip route 192.168.12.0 255.255.255.0 172.16.1.2
  1841 router :
  interface FastEthernet0/0
  ip address 172.16.1.2 255.255.255.0
  duplex auto
  speed auto
  interface FastEthernet0/1
  ip address 192.168.12.1 255.255.255.0
  duplex auto
  speed auto
  ip route 0.0.0.0 0.0.0.0 172.16.1.1
  ASA 5510 :
  : Saved
  : Written by enable_15 at 19:21:31.639 UTC Mon Sep 13 2010
  ASA Version 8.2(1)
  hostname ciscoasa
  enable password **** encrypted
  passwd ***** encrypted
  names
  name 192.168.12.0 Branch
  dns-guard
  interface Ethernet0/0
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 192.168.11.1 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  shutdown
  no nameif
  no security-level
  no ip address
  management-only
  boot system disk0:/asa821-k8.bin
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 Branch 255.255.255.0
  access-list inside_access_in extended permit ip 192.168.11.0 255.255.255.0 any
  access-list inside_access_in extended permit ip Branch 255.255.255.0 192.168.11.0 255.255.255.0
  tcp-map mssmap
    synack-data allow
    invalid-ack allow
    seq-past-window allow
    urgent-flag allow
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-621.bin
  asdm location Branch 255.255.255.0 inside
  no asdm history enable
  arp timeout 14400
  static (inside,inside) 192.168.11.2 192.168.11.2 netmask 255.255.255.255
  static (inside,inside) 192.168.12.2 192.168.12.2 netmask 255.255.255.255
  access-group inside_access_in in interface inside
  route inside Branch 255.255.255.0 172.16.1.1 1
  timeout xlate 3:00:00
  timeout conn 10:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 0.0.0.0 0.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  username ***** password ***** encrypted
  class-map mymap
  match access-list inside_access_in
  class-map inspection_default
  match default-inspection-traffic
  policy-map global_policy
  class inspection_default
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
  policy-map myPolicy
  class mymap
    set connection advanced-options mssmap
  service-policy global_policy global
  service-policy myPolicy interface inside
  prompt hostname context
  Cryptochecksum:a605d94f29924e5267644dd0f4476145
  : end
  I can successfully ping from host 192.168.12.2 to 192.168.11.2, but I can't do remote desktop from those host.
  then I use wireshark to capture packet in my computer and it says that TCP ACKed Lost Segment.
  "1373","164.538081","192.168.11.2","192.168.12.2","TCP","47785 > ms-wbt-server [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2"
  "1374","164.538993","192.168.12.2","192.168.11.2","TCP","[TCP ACKed lost segment] ms-wbt-server > 47785 [RST, ACK] Seq=1 Ack=1407706213 Win=0 Len=0"
  I can guarantee that both computers are remote desktop enabled and all firewall have been disabled.
  please help, any suggest would be great .
  thanks .
  sincerley yours
  -IAN WIJAYA-

  ear Ian_benderaz,
  Thank god i am not alone on this ,
  Me too having the exact same problem , i can ping to the host ,but no remote desktop .
  Somebody please help me on this , how enable remote desktop on asa 5505 
  Thanks 

• How can I jump to certain region on the same page?

  Hi,
  I want to jump to certain region on the same page.
  1) Let say I have 5 regions on page 15 and I have to able to redirect from region 1 to region 5 with out scrolling.
  2) I have to able to branch from page 2 to page 15 ==> region 4.
  How can I do it?
  I thank you for any help in advance.

  I can get this to work but the page is submitted, either when I use a button with URL link or from a link on a display only text field.
  Is this how it is supposed to work? I thought it was supposed to work just on the browser so it is fast.
  IGNORE THIS!
  =============================
  I resolved it easily by modifying the URL from f?p=blah blah to #LINK_NAME
  Message was edited by:
  user530800

• How do you delete only certain pictures from the photo library on the iphone 5?

  I just purchased an iphone 5. I would like to know how you delete only certain pictures from the photo library. You can delete from camera roll, but not photo library!! There are duplicate pics and ones that I don't even want on my phone.

  Your photo library is a complete list of all photos on your phone, including the camera roll and any albums you've created.
  Therefore it will always duplicate photos in your camera roll.
  The images are simply links, not additional copies of the photo

• How to set permissions on certain Webparts of the Webpart Gallery?

  Hi,
  I have a couple of webparts available in the Webpart Gallery. I do not want all those who have access to use every webpart, but only a few and some esp. not ;-)
  Is it possible to set permissions on certain webparts in the webpart gallery so that certain people cannot use them when looking for available webparts?
  Thanks
  Sven

  Hello,
  Please have a look into this link:
  http://office.microsoft.com/en-us/sharepoint-server-help/manage-and-share-web-parts-and-web-part-pages-HA010024106.aspx
  Hope the information helps!
  Thanks & Regards, Chandra Shekhar

• How to display date for each packet in a Cisco ASA packet capture

  Hello,
  Quick question...On a Cisco ASA (v8.2) how does one show the date of each packet in a packet capture?
  When performing a packet capture from CLI you can do a "show capture testcapture" command and you can see that the time is at the beginning of each packet but how does one view the date as well as the time for each packet?  I know you can export the packet capture and it will show the date & time in wireshark but sometimes for just quick and dirty capture I'd like to view the capture from the CLI on the ASA itself without doing an export. 
  Sample capture below.  Time is displayed but not the date of the packet capture.  Issuing command "sh cap test detail" doesn't show the date either.  I checked on an ASA running v9 and it also doesn't show the date in the packet capture.
  ASA5505# sh cap test
     1: 08:51:56.112085 802.1Q vlan#12 P0 10.150.40.240.500 > x.x.x.x:  udp 404
     2: 08:52:18.111871 802.1Q vlan#12 P0 10.150.40.240.29082 > x.x.x.x.53:  udp 37
     3: 08:52:18.165366 802.1Q vlan#12 P0 y.y.y.y.53 > 10.150.40.240.29082:  udp 53
     4: 08:52:32.129235 802.1Q vlan#12 P0 10.150.40.240.500 > x.x.x.x4.500:  udp 404
     5: 08:52:37.111627 802.1Q vlan#12 P0 10.150.40.240.500 > x.x.x.x.500:  udp 404
     6: 08:52:49.111490 802.1Q vlan#12 P0 10.150.40.240.500 > x.x.x.x.500:  udp 404
  Thanks for any help.
  Joe

  Hi,
  I would suggest copying the capture from the ASA to some local host and opening the capture file with Wireshark to view the information
  For example
  copy /pcap capture:test tftp://x.x.x.x/test.pcap
  This should copy the current data in the capture to the mentioned location with the mentioned filename.
  I personally view the captures on the ASA CLI only if I am just confirming that some traffic comes to the firewall or when I am checking what happens to a TCP connection that can not be formed. Its a lot easier to go through bigger captures by copying them from the ASA and viewing them with an actual software meant for that purpose.
  Hope this helps :)
  - Jouni

• How to configure oracle dataguard for connecting to the second nic.

  hi
  i want deploy my oracle dataguard on a remote site on a separate lease line
  and on the second nic of the primary. i just have a concern that what
  configurations should be made in the primary or standby to make sure the replication can work as the first nic is connected to receive the general database
  data and the second nic is being planned for replication only.
  so how standby will come to know that it has to pick which one of then.
  waiting for an early reply
  manish lall
  [email protected]

  thanks for the reply
  does that mean nothing is to be needed to configure for oracle standby as such.
  can you give me some idea of how this ip routing configuration will be done

• How to Configure CATS Profiles in order for the Hours to be posted to CO

  Hi All,
  I have quick question for you all, how do I configure the CATS Time Entry Profiles so as to enable me to post the Hours (Different Receiving Cost Centers & Receiving Internal Orders) to CO.
  Currently I enter time using TCODE: CAT2 and a CATS Profile and Save the Timesheet.
  Following which I Approve Times using CAT4.
  Then when I try to transfer time to both HR and CO using TCODE: CATA time gets transferred to HR Time Management Infotypes but not to CO.
  I tried a couple of other TCODES as well i.e: CAT7 & CAPS and tried posting to CO but I am getting a message saying that "NO DATA TO TRANSFER" despite there been ample data fit to be transferred to CO.
  So, my question to you all is how do you handle this situation in your implementation/organization.
  Looking forward to hear from you soon.
  Regards,
  Aslam

  Hi Aslam,
  Im not sure why this isnt working.
  Try approving timesheets using CATS_APPR_LITE
  And check whether the timesheets are approved.
  Once that is done.
  Run CAT7
  This would post the data from CATS to controlling.
  Regards,
  Brinda

• How to configure Goto context menu function on the web?

  We are running a web template on IE browser.  After the report run successfully, left click on any key figure column, we can see Goto context menu, from here, we can go to detailed report (e.g. from the current Cube level to more detailed ODS level).  However we find this jump from cube level to ODS level (Goto context manu) works on our QA system other than DEV system.  
  These stuff were configured by SAP consultants who left our company one year ago, if anyone knows how to make the Goto context menu works by drilling down from cube level to ODS level, please let us know and we are really appreciated!

  dear Bhanu,
  We figured out the problem, it is because we click Goto then select "Display Documents" which yields a 400 error, then go back to click Goto, pick up the target link we want and it yield the error.  After we hit F5 to reload the URL link, then directly select Goto our target, then it works fine!
  But one more question, under Goto context menu, we find four menu context items:
  1. Display Documents
  2. Documents for Navigation Status
  3. Our application target1
  4. Our application target2
  Select option 1 yields an error like mentioned above.
  Select option 2 pops up a new window with Key Figure selection box and a button called "Additional Functions", but seems go nowhere.
  Option 3 is setup in our system by using RSBBS like you suggested.
  Option 4 is not in RSBBS.
  Then our questions are for option 1, 2, and 4.  What are the functionalities of option 1 and 2, are these two standard web functionalities of BW web reports? and these two options always show up on the web no matter whether they work or not, right?  We are confused with option 4, it's not listed in RSBBS, then how come it show up?

• How to configure Alpha Numeric No range for the Material Type

  Dear Expert,
  i kindly request for expert help on alpha numeric no range for the Material Type.
  business is looking for material no like 910442208571D. at present we have no range like 9000000000000 to 9999999999999
  how i can configure in the system??
  pl. help me on this
  Thanks a lot
  H shah

  Hi,
  System will not bring alphanumeric number of materials automatically during MM01.
  Check use exit MGA00002 - Material Master (Industry): Number Assignment.
  Also check 2 Function Modules:
  EXIT_SAPLMG02_001 - Customer Exit: Internal Material Number Assignment
  EXIT_SAPLMG02_002 - Customer Exit: External Material Number Assignment.
  Regards,
  Biju K