Intermittent Routing between Shared IP Zones

Similar Messages

• Route between global and non-global zones

  Hi Folks,
  I haven't been able to find an answer to this question searching the archives, so I'll try here. My global zone gets her IP (10.153.197.n) via DHCP, and I've had to use 192.168.1.n addresses for the non global zones. Is there a simple route statement I can issue to allow communication between the global and non global zones? I'm running Solaris 10 x86 03/2005.
  Thanks very much,
  -Adam vonNieda

  If you're only interested in passing traffic between the global zone and the non-global zones, just add a virtual interface to the global zone.
  For example, in the global zone:
  ifconfig ce0:4 plumb 192.168.1.x netmask + broadcast + up
  Then you will be able to pass traffic between the global and non-global zones.
  If you're looking for the global zone to proxy traffic between the non-global zones and the rest of the network, take a look at http://balance.sf.net

• Auto attendant intermittently routes call to out of region/not in dial plan UM server

  Hi all,
  Exchange 2013 on prem, hardware not virtual. CU5 w/Lync 2013 
  I've got calls that get intermittently routed to UM servers that are out of region and not in the dial plan.  The out of region UM server sees the call is outside of business hours & sends helpdesk calls to voicemail instead of the appropriate phone
  menu.
  Additionally, when Exchange admins who are in different time zones look at the GUI w/the AA's business hours they see a time skew even though the time displayed is listed as Eastern.  I think the mis-routing & the time zone skew are related.  When
  the Tokyo server gets the call it checks the time: 3AM? Not in business hours even though in Eastern Time where the call is supposed to go, it is in business hours.
  In the Lync client log (as seen via the snooper tool) this is the last message before the call gets transferred:
  “ms-diagnostics:
  15032;reason="Re-directing request to the destination in 302” 
  Additionally the time zone on the AA schedule is set to Eastern Time.  Why is the TYO UM server ignoring this and applying local time? 
  Any tips to point me in the right direction would be appreciated.
  Adam

  Number two was correct!  The affected site did not have an arbitration mailbox.  Details follow.
  I still have the underlying problem of AA's getting the time zone of the UM server applied rather than the time zone they are allegedly set to (for example Beijing business hours served from a TYO UM server getting TYO time).
  With the help of MS support we resolved the immediate problem: calls getting routed to our TYO site.
  It turns out that every AD site with Exchange servers needs to have an arbitration mailbox with the grammar generator role set & ready.  If a site with UM servers does not have an arbitration mailbox it will proxy the call to another site that does.
   In our case, it would route them to our Tokyo site that applied the wrong hours to the auto attendant.
  Here's how we created the arbitration mailbox
  [PS] C:\temp\autoattendant>New-Mailbox -Arbitration -Name "A new UM Grammar Mailbox" -Database <some db hosted in site> -UserPrincip
  alName [email protected] -DisplayName "A new UM Grammar Mailbox"
  C:\temp\autoattendant>Set-Mailbox [email protected] -Arbitration -UMGrammar:$true
  This keeps the call from going out of site to an Exchange UM server in a different time zone.
  The tricky bit is that this does not immediately work.  The mailbox needs to pick up the OrganizationCapabilityUMGrammarReady capability which it will only get when the grammar generator runs.  In 2010 you were able to kick this off manually.  In
  2013 it runs once a day.  You have to wait until Get-Mailbox -Arbitration | fl name, servername, persistedcapabilities shows the OrganizationCapabilityUMGrammarReady has been assigned to the mailbox.
  I still have not yet resolved the underlying problem of why UM servers are ignoring the time zone setting on AA's business hours.

• What is difference between Shared ,Exclusive and Exclusive but not commulat

  what is difference between Shared ,Exclusive and Exclusive but not commulative lock modes plese tell me

  Lock objects are used to synchronize access to the same data by more than one program.
  The lock mode controls whether several users can access data records at the same time. The lock mode can be assigned separately for each table in the lock object. When the lock is set, the corresponding lock entry is stored in the lock table of the system for each table.
  There are three types of lock modes
  1.Exclusive
  2.Shared
  3.Exclusive not cummulative
  Exclusive lock: The locked data can only be displayed or edited by a single user. A request for another exclusive lock or for a shared lock is rejected.
  Shared lock: More than one user can access the locked data at the same time in display mode. A request for another shared lock is accepted, even if it comes from another user. An exclusive lock is rejected.
  Exclusive but not cumulative: Exclusive locks can be requested several times from the same transaction and are processed successively. In contrast, exclusive but not cumulative locks can be called only once from the same transaction. All other lock requests are rejected.
  please go through these links:
  http://help.sap.com/saphelp_nw04/helpdata/en/a2/3547360f2ea61fe10000009b38f839/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/af/22ab01dd0b11d1952000a0c929b3c3/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eeb2446011d189700000e8322d00/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eebf446011d189700000e8322d00/frameset.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/cf/21eed9446011d189700000e8322d00/frameset.htm
  briefly :
  You can lock the table or record by using following types of locking:
  1) Exclusive (E) the locked data can only be displayed or modified by single user i.e the owner of the object. Access to other users is denied.
  2) Shared (S) several users can access the same record simultaneously, but only in display mode and except the first one, who has asked for the data in update mode.
  3) Exclusive not cumulating (X) it is similar to exclusive lock. It allows only a single user access. E can be called several times from the same transaction. In contrast, a lock type X can be called only once during the transaction. Any other call for this lock is rejected.
  Activation of Lock Object
  1) When you activate the lock object, the functions are automatically generated. And these are ENQUEUE-EZN and DEQUEUE-EZN. EZN is name of the lock object.
  2) While ENQUEUE is used in program to set the code over the selected data depending upon the lock object arguments. DEQUEUE is used to release the lock.
  Thanks
  Seshu

• Problem of routing between inside and outside on ASA5505

  I have a ASA5505 with mostly factory default configuration. Its license allows only two vlan interfaces (vlan 1 and vlan 2). The default config has interface vlan 1 as inside (security level 100), and interface vlan 2 as outside (security level 0 and using DHCP).
  I only changed interface vlan 1 to IP 10.10.10.1/24. After I plugged in a few hosts to vlan 1 ports and connect port Ethernet0/0 (default in vlan 2) to a live network, here are a couple of issues I found:
  a) One host I plugged in is a PC, and another host is a WAAS WAE device. Both are in vlan 1 ports. I hard coded their IP to 10.10.10.250 and 10.10.10.101, /24 subnet mask, and gateway of 10.10.10.1. I can ping from the PC to WAE but not from WAE to the PC, although the WAE has 10.10.10.250 in its ARP table. They are in the same vlan and same subnet, how could it be? Here are the ping and WAE ARP table.
  WAE#ping 10.10.10.250
  PING 10.10.10.250 (10.10.10.250) from 10.10.10.101 : 56(84) bytes of data.
  --- 10.10.10.250 ping statistics ---
  5 packets transmitted, 0 packets received, 100% packet loss
  WAE#sh arp
  Protocol Address Flags Hardware Addr Type Interface
  Internet 10.10.10.250 Adj 00:1E:37:84:C9:CE ARPA GigabitEthernet1/0
  Internet 10.10.10.10 Adj 00:14:5E:85:50:01 ARPA GigabitEthernet1/0
  Internet 10.10.10.1 Adj 00:1E:F7:7F:6E:7E ARPA GigabitEthernet1/0
  b) None of the hosts in vlan 1 in 10.10.10.0/24 can ping interface vlan 2 (address in 172.26.18.0/24 obtained via DHCP). But on ASA routing table, it has both 10.10.10.0/24 and 172.26.18.0/24, and also a default route learned via DHCP. Is ASA able to route between vlan 1 and vlan 2? (inside and outside). Any changes I can try?
  Here are ASA routing table and config of vlan 1 and vlan 2 (mostly its default).
  ASA# sh route
  Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
  D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
  N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
  E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
  i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
  * - candidate default, U - per-user static route, o - ODR
  P - periodic downloaded static route
  Gateway of last resort is 172.26.18.1 to network 0.0.0.0
  C 172.26.18.0 255.255.255.0 is directly connected, outside
  C 127.1.0.0 255.255.0.0 is directly connected, _internal_loopback
  C 10.10.10.0 255.255.255.0 is directly connected, inside
  d* 0.0.0.0 0.0.0.0 [1/0] via 172.26.18.1, outside
  interface Vlan1
  nameif inside
  security-level 100
  ip address 10.10.10.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address dhcp setroute
  interface Ethernet0/0
  switchport access vlan 2
  All other ports are in vlan 1 by default.

  I should have made the config easier to read. So here is what's on the ASA and the problems I have. The ASA only allows two VLAN interfaces configured (default to Int VLAN 1 - nameif inside, and Int VLAN 2 - nameif outside)
  port 0: in VLAN 2 (outside). DHCP configured. VLAN 2 pulled IP in 172.26.18.0/24, default gateway 172.26.18.1
  port 1-7: in VLAN 1 (inside). VLAN 1 IP is 10.10.10.1. I set all devices IP in VLAN 1 to 10.10.10.0/24, default gateway 10.10.10.1
  I have one PC in port 1 and one WAE device in port 2. PC IP set to 10.10.10.250 and WAE set to 10.10.10.101. PC can ping WAE but WAE can't ping PC. Both can ping default gateway.
  If I can't ping from inside interface to outside interface on ASA, how can I verify inside hosts can get to outside addresses and vise versa? I looked at ASA docs, but didn't find out how to set the routing between inside and outside. They are both connected interfaces, should they route between each other already?
  Thanks a lot

• Cisco ASA 5505 Routing between internal networks

  Hi,
  I am new to Cisco ASA and have been configuring my new firewall but one thing have been bothering. I cannot get internal networks and routing between them to work as I would like to. Goal is to set four networks and control access with ACL:s between those.
  1. Outside
  2. DMZ
  3. ServerNet1
  4. Inside
  ASA version is 9.1 and i have been reading on two different ways on handling IP routing with this. NAT Exempt and not configuring NAT at all and letting normal IP routing to handle internal networks. No matter how I configure, with or without NAT I cannot get access from inside network to DMZ or from ServerNet1 to DMZ. Strange thing is that I can access services from DMZ to Inside and ServerNet1 if access list allows it. For instance DNS server is on Inside network and DMZ works great using it.
  Here is the running conf:
  interface Ethernet0/0
  switchport access vlan 20
  interface Ethernet0/1
  switchport access vlan 20
  interface Ethernet0/2
  switchport access vlan 19
  interface Ethernet0/3
  switchport access vlan 10
  switchport trunk allowed vlan 10,19-20
  switchport trunk native vlan 1
  interface Ethernet0/4
  switchport access vlan 10
  interface Ethernet0/5
  switchport access vlan 10
  switchport trunk allowed vlan 10-11,19-20
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/6
  switchport access vlan 10
  switchport trunk allowed vlan 10-11,19-20
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/7
  switchport access vlan 10
  interface Vlan10
  nameif inside
  security-level 90
  ip address 192.168.2.1 255.255.255.0
  interface Vlan11
  nameif ServerNet1
  security-level 100
  ip address 192.168.4.1 255.255.255.0
  interface Vlan19
  nameif DMZ
  security-level 10
  ip address 192.168.3.1 255.255.255.0
  interface Vlan20
  nameif outside
  security-level 0
  ip address dhcp setroute
  ftp mode passive
  clock timezone EEST 2
  clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network obj-192.168.2.0
  subnet 192.168.2.0 255.255.255.0
  object network obj-192.168.3.0
  subnet 192.168.3.0 255.255.255.0
  object network DNS
  host 192.168.2.10
  description DNS Liikenne
  object network Srv2
  host 192.168.2.10
  description DC, DNS, DNCP
  object network obj-192.168.4.0
  subnet 192.168.4.0 255.255.255.0
  object network ServerNet1
  subnet 192.168.4.0 255.255.255.0
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group network RFC1918
  object-group network InternalNetworks
  network-object 192.168.2.0 255.255.255.0
  network-object 192.168.3.0 255.255.255.0
  object-group service DM_INLINE_SERVICE_1
  service-object tcp destination eq domain
  service-object udp destination eq domain
  service-object udp destination eq nameserver
  service-object udp destination eq ntp
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq www
  port-object eq https
  port-object eq ftp
  port-object eq ftp-data
  object-group service rdp tcp-udp
  description Microsoft RDP
  port-object eq 3389
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq ftp
  port-object eq ftp-data
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_SERVICE_2
  service-object tcp destination eq domain
  service-object udp destination eq domain
  object-group network DM_INLINE_NETWORK_1
  network-object object obj-192.168.2.0
  network-object object obj-192.168.4.0
  access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
  access-list dmz_access_in extended deny ip any object-group InternalNetworks
  access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
  access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
  access-list DMZ_access_in extended deny ip any object-group InternalNetworks
  access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
  access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
  access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
  access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
  access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
  access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
  access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
  access-list ServerNet1_access_in extended permit ip any any
  pager lines 24
  logging enable
  logging asdm informational
  mtu ServerNet1 1500
  mtu inside 1500
  mtu DMZ 1500
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-711-52.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,DMZ) source static obj-192.168.2.0 obj-192.168.2.0 destination static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp
  object network obj_any
  nat (inside,outside) dynamic interface
  nat (DMZ,outside) after-auto source dynamic obj_any interface destination static obj_any obj_any
  nat (ServerNet1,outside) after-auto source dynamic obj-192.168.4.0 interface
  access-group ServerNet1_access_in in interface ServerNet1
  access-group inside_access_in in interface inside
  access-group DMZ_access_in in interface DMZ
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  http 192.168.4.0 255.255.255.0 ServerNet1
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpool policy
  telnet timeout 5
  ssh 192.168.4.0 255.255.255.0 ServerNet1
  ssh 192.168.2.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous

  Hi Jouni,
  Yep, Finnish would be good also =)
  In front of ASA is DSL modem, on the trunk ports is Hyper-V host that uses the trunk ports so that every VM has their VLAN ID defined in the VM level. Everything is working good on that end. Also there is WLAN Access Pois on one of the ASA ports, on the WLAN AP there is the management portal address on DMZ that i have been testing agains (192.168.3.4)
  If i configure Dynamic PAT from inside to the DMZ then the traffic starts to work from inside to all hosts on DMZ but thats not the right way to do it so no shortcuts =)
  Here is the conf now, still doesnt work:
  interface Ethernet0/0
  switchport access vlan 20
  interface Ethernet0/1
  switchport access vlan 20
  interface Ethernet0/2
  switchport access vlan 19
  interface Ethernet0/3
  switchport access vlan 10
  switchport trunk allowed vlan 10,19-20
  switchport trunk native vlan 1
  interface Ethernet0/4
  switchport access vlan 10
  interface Ethernet0/5
  switchport access vlan 10
  switchport trunk allowed vlan 10-11,19-20
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/6
  switchport access vlan 10
  switchport trunk allowed vlan 10-11,19-20
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/7
  switchport access vlan 10
  interface Vlan10
  nameif inside
  security-level 90
  ip address 192.168.2.1 255.255.255.0
  interface Vlan11
  nameif ServerNet1
  security-level 100
  ip address 192.168.4.1 255.255.255.0
  interface Vlan19
  nameif DMZ
  security-level 10
  ip address 192.168.3.1 255.255.255.0
  interface Vlan20
  nameif outside
  security-level 0
  ip address dhcp setroute
  ftp mode passive
  clock timezone EEST 2
  clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network obj-192.168.2.0
  subnet 192.168.2.0 255.255.255.0
  object network obj-192.168.3.0
  subnet 192.168.3.0 255.255.255.0
  object network DNS
  host 192.168.2.10
  description DNS Liikenne
  object network Srv2
  host 192.168.2.10
  description DC, DNS, DNCP
  object network obj-192.168.4.0
  subnet 192.168.4.0 255.255.255.0
  object network ServerNet1
  subnet 192.168.4.0 255.255.255.0
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group network RFC1918
  object-group network InternalNetworks
  network-object 192.168.2.0 255.255.255.0
  network-object 192.168.3.0 255.255.255.0
  object-group service DM_INLINE_SERVICE_1
  service-object tcp destination eq domain
  service-object udp destination eq domain
  service-object udp destination eq nameserver
  service-object udp destination eq ntp
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq www
  port-object eq https
  port-object eq ftp
  port-object eq ftp-data
  object-group service rdp tcp-udp
  description Microsoft RDP
  port-object eq 3389
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq ftp
  port-object eq ftp-data
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_SERVICE_2
  service-object tcp destination eq domain
  service-object udp destination eq domain
  object-group network DM_INLINE_NETWORK_1
  network-object object obj-192.168.2.0
  network-object object obj-192.168.4.0
  object-group network DEFAULT-PAT-SOURCE
  description Default PAT source networks
  network-object 192.168.2.0 255.255.255.0
  network-object 192.168.3.0 255.255.255.0
  network-object 192.168.4.0 255.255.255.0
  access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
  access-list dmz_access_in extended deny ip any object-group InternalNetworks
  access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
  access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
  access-list DMZ_access_in extended deny ip any object-group InternalNetworks
  access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
  access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
  access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
  access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
  access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
  access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
  access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
  access-list ServerNet1_access_in extended permit ip any any
  pager lines 24
  logging enable
  logging asdm informational
  mtu ServerNet1 1500
  mtu inside 1500
  mtu DMZ 1500
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-711-52.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (any,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
  access-group ServerNet1_access_in in interface ServerNet1
  access-group inside_access_in in interface inside
  access-group DMZ_access_in in interface DMZ
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  http 192.168.4.0 255.255.255.0 ServerNet1
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpool policy
  telnet timeout 5
  ssh 192.168.4.0 255.255.255.0 ServerNet1
  ssh 192.168.2.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous

• SG300: How to set up routing between VLANs?

  I have recently purchased a Cisco SG300-10.  I need it to perform routing between two VLANs on the switch. Seems like this should be quick and easy to do from the built in GUI. When I configure it according to the documentation, it does not ropute between the VLANs.
  I have set the system mode to L3 (for level 3 switching).
  I have followed the instructions on pages 26 through 33 of the attached PDF (which I obtained from the Cisco site). I used the same ports on the switch and the same IP addresses as shown in the document.
  Everything works until I attempt the step "ping 10.1.1.10" on page 33. This is the step to verify the level 3 switching between the 2 PCs (on separate VLANs).
  The switch Firmware Version (Active Image): 1.3.5.58
  I have attached the running configuration from the switch. It is the file named "running-config.txt".   
  The 2 PCs that I am using are running Windows 7 and Windows 8.

  Hi jkst,
  There is a very minimum requirement to obtain layer 3 intervlan routing
  1- 2 VLAN in layer 3 mode assigned an IP address
  config t
  vlan database
  vlan 2
  int vlan 1
  ip address 192.168.1.1 /24
  int vlan 2
  ip address 192.168.2.1 /24
  2 - Active link state on each VLAN - Define a port for the second vlan then connect an IP device to that port and another device to another port since the rest of the ports will default to vlan 1
  config t
  int gi2
  switchport mode access
  switchport access vlan 2
  3 - Assign your device #1 that connects to any port an ip address on the same subnet as vlan 1
  Computer in vlan 1 IP info=
  192.168.1.100
  255.255.255.0
  192.168.1.1
  Computer in vlan 2 IP info-
  192.168.2.100
  255.255.255.0
  192.168.2.1
  Assuming these devices respond to ping and do not have external wireless communication, this will provide basic IP connectivity through the switch across vlans.
  -Tom
  Please mark answered for helpful posts

• How e-mail is routed between two servers

  Hi ,
  Please anybody tell me how e-mail is routed between two servers , from the software point of view as well as hardware point of view .
  And how Java mail API related to that .
  Thanks,
  Kiz

  If you're looking for a simple answer there isn't one. Here's a place to start.
  http://community.roxen.com/developers/idocs/rfc/rfc974.html

• Prevent routing between 2 logical networks without a VLAN

  Background: We have some older hubs in our network. As such, we cannot implement a VLAN yet. We have a 10/100 ethernet network across our campus for our production users. We have multiple buildings on the campus and one physical network. We are installing Cisco 1100 WAPs to provide our guests with wireless internet access. Our DHCP server is configured to hand out 192.168.1.x addresses to our guests. Our DHCP server has 192.168.0.x reservations for our production machines.
  Questions:
  1) Would this ACL prevent traffic from routing between the 192.168.0.x and 192.168.1.x networks?
  access-list 105 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
  2) Does anyone have a better solution for preventing our guests from accessing our production machines? Once all the hubs are replaced with switches, we plan to implement a VLAN.
  TIA,
  Mark

  Are you sure you want to protect your Guest WLAN from your production Network, not the otherway round? Your access-list states that the .0 network (production) is not allowed to access the .1 (wlan) network. Then, i don't see in your config the activation of any of your access-list. They are just defined without being activated on any of your interfaces. Plus there is missing the allow at the end of the access-list, because there is an implicite deny at the end of any access-list.

• Can u proxy between two LOCAL zones on a Gatekeeper?

  Is it possible to proxy a call between two local zones on the same gatekeeper?
  Thanks for any replies.

  I also tried this last year to overcome issues with Access Control Lists preventing school sites from directly communicating with each other, and unfortunately the answer is no! The proxy will only work with calls to remote zones.
  However from version 12.3 (4)T of the MCM gatekeeper IOS, there is also a feature included called IP to IP gateway, which will do what you want, and will actually work better than the proxy as it is codec transparent (the proxy will re-encode your VC to H.261 and G.711).
  More info can be found here:
  http://www.cisco.com/en/US/products/sw/voicesw/ps5640/products_qanda_item09186a00801da69b.shtml

• Master Data basis-- difference between a Xportation zone and tariff zone?

  What is the difference between a transportation zone and tariff zone, & why would a transportation zone be different from a tariff zone?

  What is the difference between a transportation zone and tariff zone, & why would a transportation zone be different from a tariff zone?

• HT4623 By updating my iphone 4 by IOS 6 the map is not working when i ask for route between places it gives direction not found between places

  I have updated my IOS to IOS 6 of my iphone 4.
  When i ask for route between two famous places, it gives reply that direction not found between places.
  I dont understand
  Whats this

  I had the same experience with a new iPhone 5 that I bought  last week. Did not have a chance to measure battery life before the 6.0.2 upgrade installed but I set up my phone exactly like my 4S and immediately started running out of power after short periods. Went to Xmas get together with fully charged 5 and 4S. Heading home the iPhone 5 shut down for low battery and the 4S had 65% power. Both phones had two half phone calls on then and no data usage.
  That night I fully charged the iPhone 5 and, without lighting it up, put it on my night table. Next morning I picked it up and looked at battery indicator and I had 42% charge with NO activity!
  Tried it again next night and wound up with 37% charge. (Slept longer).
  Today I called the carrier and reactivated the 4S.  Took the 5 to Apple Store and they kindly gave me choice of new replacement phone or refund. I took the refund. Uniquely, the Apple Store said it was Verizon CDMA phones that were coming back.
  The are other strings on this with temporary solutions, but from my experience with 7 firmware changes on an HTC 4G phone the problem will continue because the solution will be hardware caused. We are in the days where RTM means Rush to Market - not Release To Manufacturing.
  I fear the only solution is to either wait for the next model (I did not notice a really major change in performance over the 4S in LTE heavy Seattle area) - or switch to another manufacturer.
  It might be useful for these forums to indicate if you have a GSM or CDMA phone to see which have more problems.
  Discouraged....

• WOL - add router between ADSL modem and computer?

  Hi
  My computer is connected to a Livebox ADSL modem (the Sagem F@ast 3202).
  I am trying set the system up so it wakes up from sleep at the reception of a magic packet from the internet. I have forwarded port 9 as per instrux on the web. The computer wakes up only sporadically though.
  I read long ago somewhere online (but can't for the life of me find it) that one can add another router (between the Livebox and the computer, I assume) which would "listen" for the magic packet and then wake up the computer.
  I happen to have an old DLink DSL-604+. Is this something I could add to the chain of equipment to make the setup more stable? If so, how should the DLink be configured?
  Thanks for any insight.
  /p

  Thanks for the suggestion.
  I've looked in the settings on the Livebox and find, under the Firewall tab, something called Access control. It lets me defined a username, password and port using which I may access the Livebox's setup page from the internet.
  Apart from this, I find under the Firewall tab something called Policies and NAT but neither appears to be relevant to me. If there's any other disconnect setting I can't find it. I guess it could be in the flash ROM somewhere.
  My test indicates that I can access the Livebox setup page without the computer having to be on (obvious). Is there some way to start a sleeping computer from within such a setup page (longshot)?
  /p

• Creating Route between points

  Hi all,
  Am currently using oracle database 10gR2 that contains some spatial data of the city of auckland, nz. I am using oracle maps to display the data and the normal navigational features as such. But what I want to do is determine a route between two locations on the map. There is a distance tool that just measures the distance between two points. But I'm not sure how to go about finding a route between two points. In the tabe in the database there are columns for F_NODE and T_NODE which I'm guessing is the start and end node of each line? Any help in this matter is greatly appreciated.
  Kind Regards,
  Avinash

  Avi
  Did not worked with Mapviewer and Networks as such, but the Ora App Server Map Viewer User Guide has a section on Networks 2.3.7 Network Themes starting on page 83.
  http://download.oracle.com/otn/other/mapviewer/pdf/mapviewer_10131_ug.pdf
  I hope this can give you a start.
  Luc

• Routing between SSIDs

  I have an Aironet 1242AG AP,
  I am interested in creating two different SSIDs with different security levels (eg. No Enc. and WPA2 Enc.).
  I am also interested in routing between the two (such that one will function like a "backup" connection, which sees and connects to everything that the other one sees and connects to).
  Can I please get some examples of configuration? And maybe some written guide?

  Creating 2 different SSID's on one AP with different encryption is only possible if you use VLAN's on the switch and AP.