IPSec Propogation Delay
Dear All,
I have cisco 3825 routers with AIM-VPN/EPII-PLUS on which i will run ospf and make tunnels between sites or between ospf routers.
I need to know that using AIM-VPN/EPII-PLUS how much processing delay for one IPSec tunnel. Lets suppose, i make a ipsec tunnel between two routers using 3DES,SHA,Preshared key, how much time router will take to encrypt,hashing etc the packet.
Hope u would get my point, what i want to know..
Regards.
There are few ways to keep tunnel open
-Periodic isakmp keepalives
crypto isakmp keepalive
-How you suggest increasing ipsec idle-timer and also ike/ipsec lifetime
isakmp policy 20 lifetime
crypto ipsec security-association lifetime
-Running NTP between the 2 routers thru the ipsec tunnel
I think there are no big issue.. we used this when IP sec between Cisco and non-Cisco device had problem to come up from non-Cisco side so we decided keep tunnel up
M.
Similar Messages
-
Installation Locked error while uploading meter readings in background
Hi,
Following is the process followed:-
Execute EL35 transaction to generate MRO Print in SAP ISU.
at back end a Meter readings are fetched from a data server and uploaded in the sap isu using BAPI BAPI_MTRREADDOC_UPLOAD as a background process after a propogation delay of a minute.
If the el35 requesting is closed the meter readings get uploaded.
However if the transaction is kept open then we get an error that installation is locked.
Please advice if there is a way to dequeue this lock while trigerring the EL35 transaction in first place..
Regards,
Sarvesh
<Removed contact details>
Edited by: Suhas Saha on Jul 25, 2011 11:24 AMHi,
Message - 'Format of MR 17737 not valid (MR document number 105677 ) signifies that number of pre-decimal places and number of post decimal places do not match with your register group configuration.
Since, you are suggesting that your logic works in most of the cases, I think when meter overflow happens and while you are converting it to actual read - this reading do not match with pre-decimal and post decimal places.
You need to double click on register group for a device, where you are facing this issue and then compare your calculated read in your code.
Hope this helps.
Regards,
Avinash -
Installation lock error while uploading meter readings in sap isu
Hi,
Following is the process followed:-
Execute EL35 transaction to generate MRO Print in SAP ISU.
at back end a process is triggered where Meter readings are fetched from a data server and uploaded in the sap isu using BAPI BAPI_MTRREADDOC_UPLOAD as a background process after a propogation delay of a minute after executing EL35.
If the el35 requesting is closed the meter readings get uploaded.
However if the transaction is kept open then we get an error that installation is locked.
Please advice if there is a way to dequeue this lock while trigerring the EL35 transaction in first place..
Regards,
Sarvesh
9920722958Hi,
Message - 'Format of MR 17737 not valid (MR document number 105677 ) signifies that number of pre-decimal places and number of post decimal places do not match with your register group configuration.
Since, you are suggesting that your logic works in most of the cases, I think when meter overflow happens and while you are converting it to actual read - this reading do not match with pre-decimal and post decimal places.
You need to double click on register group for a device, where you are facing this issue and then compare your calculated read in your code.
Hope this helps.
Regards,
Avinash -
Hi,I have a 512k HUB access-pipe and 6 pvc's configured on this pipe. WFQ is enabled by default on this WAN interface and no other queueing is used. When a packet arrives to be transmitted out to all 6 pvc's, I would expect a certain amount of serialisation/Propogation delay. My question is does the cisco router use the actual access-speed of the main interface ie the CIR/speed of the spoke sites are not involved.
MaryBy default, believe the hub site will transmit as quickly as possible.
Highly recommend defining each PVC as its own subinterface with traffic shaping that conforms to the far side's bandwidth.
BTW: at least in North America, the CIR usually isn't the limiting factor, the actually port speed is. Of course, when you exceed CIR the vendor could drop all traffic that's above it. If you define shaping, you could shape to CIR, port speed, or anything in between. -
Global Load Balancing / Failover....what about dns entries being cached?
It is my understanding that DNS is used to provide data center redundancy. How does one resolve the problem of dns entries being cached across the Internet? For example, I fail-over to my secondary datacenter, the IP addresses of my primary datacenter will likely be cached in dns servers across the Internet. What are some options for datacenter redundancy that can overcome these issues of dns propogation delays?
Thanks!The only option that you have is to run with a low TTL.
Unfortunately, there are applications out that that don't behave very well to a low TTL. Microsoft Internet Explorer, for example, needs to be restarted for it to do another name lookup. The same holds true for some proxies etc.
-A -
DNS migrated- can see webpage on all computers except two iMacs w/different
The webhost for our website had a hardware failure a couple of days ago, and migrated to a different server. Within hours, I could see the website on my pc at work (Firefox) and my friend could see it on her pc w/IE. But at home, no matter how many times I reset Safari, or restarted my iMac (10.4.8), I got the error page from the webhost- for over 30 hours. It finally came up when I got up at 6:30 this morning, then another friend emailed me and said he couldn't get the website (at 11:00 a.m. this morning) using a four year old eMac with Internet Explorer- even after clearing the cache. Is this just a Mac thing?
It has nothing to do with your Mac, but your ISP's DNS servers.
All DNS servers will cache DNS data and serve requests from the cache. The zone file will include a tag that tells DNS servers how long to cache the data for.
What you're experiencing is most likely an effect of that cache. For example, if your DNS is set to cache for one day and user A performs an initial lookup via ISP A's DNS server at 11:59pm then all subsequent requests to the same DNS server will return the same result for the next 24 hours. Even if you change the zone file at 12:00am the ISP's DNS server believes it has a valid data and will return the same result until the 24 hour timeout has expired.
In the meantime if User B performs an initial lookup via ISP B's DNS server at 12:01am he'll get the new zone data with the new address.
This conflict (where two different servers claim to have valid responses that are different) is known as the DNS propogation delay and it's largely out of your control since it's affected by servers outside of your domain.
The only thing you can do is to lower the timeout for your zone so that remote servers cache the data for shorter periods of time, with the corresponding increase in traffic to your DNS servers since the ISP's DNS servers will make more frequent requests for your zone data, even if it hasn't changed. -
Hi Don ,
All the manager servers in a cluster send heartbeat messages to each other
using multicast adress) after a certain time period ( i.e every 10 sec ) ,
at that time it updates their local JNDI tree .
When we do clustering and a new object object get bound to a cluster then
that object's JNDI will be replicated to all the server's in the cluster .
Thanks and regards
Johnny
"Don Ferguson" <[email protected]> wrote in message
news:[email protected]...
> We are using ip-multicast to propogate the JNDI information to other
> servers in the cluster. I believe the update is sent immediately
> (rather than batched and refreshed periodically) but I'm not sure what
> the propogation delay.
>
> matt wrote:
> >
> > Selvan,
> > My understanding is that by default all objects registered to JNDI will
be
> > clustered unless you specify a "do not cluster" property in the
> > properties file. The exact property can be found in the API doc for
JNDI.
> > Sunil
> >
> > Selvan Ramasamy <[email protected]> wrote in message
> > news:[email protected]...
> > > Hello,
> > >
> > > If I do cluster few servers then what about the objects I bind them in
the
> > > JNDI.
> > > how frequently these JNDI get reflected to all the cluster servers.
> > > I am going to do some caching for my clients by binding some java
> > classes
> > > in the JNDI.
> > >
> > > I think that I am not clear about JNDI bindings with cluster.
> > >
> > > Please help me out what exactly happens when do clustering and a new
> > object
> > > get bound in the JNDI.
> > >
> > > Thanks
> > > /selvan
> > >
> > > Selvan Ramasamy
> > > Captura Software Inc
> > >
> > >
> > >
-
How can I manage four NI5112s in one system?
Now in system there are four NI5112s.All the NI5112s have the same configuration and all their inputs are connected to the same pulse signal source.All the NI5112s use analog edge triggering and the trigering source is the input signal.So all the NI5112s should be trigered at the same time.However,when I fetch the waveform with the function niScope_Fetch in sequence,I find that the values of wfmInfo.absoluteInitialX vary a lot(10-70ms).why?
The reason the absoluteInitialX values differ from one board to the next is probably due to the fact they are not armed at the exact same time, so the individual board timestamp clocks start at slightly different times. This is also due to the fact that the boards are running completely independent of each other.
I have attached an example program that will be available on the Developer Library for High-Speed Digitizers shortly. It is set up to synchronize two boards in PXI, and to increase it to 4 simply expand the slave board array and the additional propogation delay arrays to have 3 inputs (Master board will be the 4th board). Also the VI is setup to have the master board in slot 2 of the chassis and take advantage of the Star Trigger capabilit
ies of slot 2 in the PXI chassis.
Let me know if you are using PCI boards and we can see about modifying the code for PCI.
Good Luck on your project!
Attachments:
Multiple_NI_PXI-5112_Synchronization_Demo.llb 136 KB -
Error of data exchange with an external server
Help to understand.
There is a client which is connected to a server, data exchange with a server is realized through a method sendData(byte[] sendbytes, String code, int resplen)
OutputStream socketOutputStream = null;
public void connect() throws SeedLinkException, IOException {
try {
String host_name = sladdr.substring(0, sladdr.indexOf(':'));
int nport = Integer.parseInt(sladdr.substring(sladdr.indexOf(':') + 1));
// create and connect Socket
Socket sock = new Socket();
sock.setReceiveBufferSize(65536);
sock.setReuseAddress(true);
sock.setKeepAlive(true);
sock.connect(new InetSocketAddress(host_name, nport));
// Wait up to 10 seconds for the socket to be connected
int timeout = 10;
int i = 0;
while (i++ < timeout && !sock.isConnected())
if (!sock.isConnected()) {
String message = "[" + sladdr + "] socket connect time-out (" + timeout + "s)";
//sllog.log(true, 0, message);
throw(new SeedLinkException(message));
// socket connected
sllog.log(false, 1, "[" + sladdr + "] network socket opened");
// Set the KeepAlive socket option, not really useful in this case
sock.setKeepAlive(true);
this.socket = sock;
this.socketInputStream = socket.getInputStream();
this.socketOutputStream = socket.getOutputStream();
} catch (Exception e) {
//e.printStackTrace();
errorLine = "cannot connect to SeedLink server: " + e.getMessage();
throw(new SeedLinkException("[" + sladdr + "] cannot connect to SeedLink server: "
+ e));
// Everything should be connected, say hello
try {
sayHello();
} catch (SeedLinkException sle) {
try {
socket.close();
socket = null;
} catch (Exception e1) {;}
throw sle;
} catch (IOException ioe) {
try {
socket.close();
socket = null;
} catch (Exception e1) {;}
throw ioe;
} // End of connect()
public byte[] sendData(byte[] sendbytes, String code, int resplen) throws SeedLinkException, IOException {
try {
socketOutputStream.write(sendbytes);
} catch (IOException ioe) {
throw(ioe);
if (resplen <= 0)
return(null); // no response requested
// If requested, wait up to 30 seconds for a response
byte[] bytesread = null;
int ackcnt = 0; // counter for the read loop
int ackpoll = 50; // poll at 0.05 seconds for reading
int ackcntmax = 30000 / ackpoll; // 30 second wait
while ((bytesread = receiveData(resplen, code)) != null && bytesread.length == 0) {
if (ackcnt > ackcntmax){
errorLine = "no response from SeedLink server to " + (new String(sendbytes,0,sendbytes.length-1));
throw (new SeedLinkException("[" + code +
"] no response from SeedLink server to '" +
(new String(sendbytes)) + "'"));
Util.sleep(ackpoll);
ackcnt++;
if (bytesread == null)
throw(new SeedLinkException("[" + code + "] bad response to '" + sendbytes + "'"));
return(bytesread);
} // End of sendData()
The given code is a part j2ee Web application.
Why the specified method normally works in Tomcat a server,
and at all refuses to work in Java System Application Sever 8 or 9. (data exchange does not occur)
I can not understand in what the reason ...José,
The 6036E User Manuals gives the best definition of the STARTSCAN, TRIG, and CONVERT* signals as well as their relationship to eachother. See 4-20 Connecting Timing Signals of the User Manual for this information as well as timing diagrams.
NI 6034E/6035E/6036E User Manual
http://digital.ni.com/manuals.nsf/websearch/B935FC073150374F86256BF10073995A?OpenDocument&node=132100_US
You are correct that configuring your board for external timing is just as simple as connecting your external clock to a PFI line and using it as the STARTSCAN signal. The clock output of your GPS receiver will now be defining when scans are perform on your 6036E due to the synchronization between the two devices. The only synchronization issue you may encounter is
propogation delay. This will be a factor of the cable length connecting your GPS clock to the 6036E.
Regards,
Justin Britten
Applications Engineer
National Instruments -
Impact on Packet delay and Jitter due to IPSec
We are planning to use IPSec between two 7604 routers. And IPSec actually adds more overhead to the packet there will be impact on the traffic. We would like to know the impact on Packet delay and Jitter due to IPsec on 7604 or 7606 routers.
Hi Jger, is this for something like a message of the day? What are you using UDP 17 for? UDP is still best effort which the switch may not necessarily be faulted for. You may try something such as turning off spanning tree on the ports to see if that can help somehow.
-Tom
Please mark answered for helpful posts -
File Sharing over IPsec with RV220W
Hello all,
Ultimately, the issue is that I have two RV220Ws with an IPsec VPN tunnel between them that appears to be up but that I can't seem to get folder sharing going over. Here's the background.
I originally had two Netgear FVS318s set up with a VPN tunnel and everything worked as expected. I could connect to the server at the office from a machine at home and browse the files and more importantly do nightly backups of files that had changed at the office over the VPN to the house. The problem with the FVS318s was that for wireless I had to have another device and that the WAN to LAN throughput was something like 7Mbps. Kind of limiting when you consistently get 22Mbps from the ISP.
So, I bought two Cisco RV220Ws to replace them with. I started by replacing the one at home and was able to get it going with the FVS318 at the office. The VPN was stable and I had no problem browsing the files on the server as I had already been doing. A couple weeks later I replaced the FVS318 at the office with the other RV220W and the VPN came up fine but I lost all ability to file share between the two sites. I've watched the phase 1 and 2 negotiations and they look good from both ends. Looking at the IPsec Connection Status shows IPsec SA Established. I know that the tunnel is there because I can ping various machines at the other site from either end. I've tried just about everything I can think of but I just can not get file sharing going. The other issue is that while I can ping each of the RV220Ws from either end, when I try to hit the distant end's management console through a web browser, I get the initial SSL certificate warning that I click proceed on and then it just sits there spinning trying to load the management console on the distant RV220W. With the FVS318s I could hit the distant end management consoles via browser. So, here's more detail.
Site: Home
Subnet: 192.168.1.x
Comcast Business Class Internet with a static IP
Site: Office
Subnet: 10.2.10.x
Comcast Business Class Internet with a static IP
I know the difference between my static (inbound IP) and my gateway (outbound IP)
I tried creating firewall access rules by defining services as follows:
FS-TCP: 135 - 139 TCP
FS-UDP: 135 - 139 UDP
SMB-TCP: 445 TCP
SMB-UDP: 445 UDP
Then the firewall access rules as follows (I'll just give a couple examples so you'll get the gist)
Connection type: Inbound (WAN(Internet) > LAN (local network))
Action: Always allow
Service: SMB-TCP
Source IP: Single IP
Start: xxx.xxx.xxx.xxx (this is the gateway IP of the distant end at home)
Send to Local Server (DNAT IP): 10.2.10.x (the static IP of the server)
When that wasn't working, I created another set of rules for the internal IPs of the distant end as follows:
Connection type: Inbound (WAN(Internet) > LAN (local network))
Action: Always allow
Service: SMB-TCP
Source IP: Address Range
Start: 192.168.1.1
Finish: 192.168.1.254
Send to Local Server (DNAT IP): 10.2.10.x (the static IP of the server)
I also enabled Remote Management of the RV220W as:
Access Type: Single IP address
IP Address: xxx.xxx.xxx.xxx (gateway IP of the distant end at home)
Port 443
When that didn't work, I created two additional firewall rules for port 443 for the home gateway IP and the internal 192.168.1.x IPs. Still no go.
So this is where I'm stuck. In the FVS318s I did not have to create any firewall rules for the VPN traffic. I started off with no rules for the RV220W because I didn't expect it'd need them and then I began adding the firewall rules in order to troubleshoot. Here's the funny thing. If I drop the FVS318 back into place at the office site, it all works as expected.
So where do I go from here guys? About the only thing I haven't done is burn down the VPN tunnel in the RV220Ws and I haven't done that because I can ping hosts on either end and if I drop the FVS318 back into place it works fine. I'm totally stumped and would sincerely appreciate any assistance anyone could provide. If you need additional configuration information, I can provide that.
Thanks.Thanks for answering, I was beginning to worry nobody had any idea how to help.
The IP subnets did not change on either end.
I am using the IP address to map. Critical machines are either static IP or reserved in DHCP and are all in the IP range of the VPN Policy.
I can ping distant end machines in both directions by IP through the tunnel but I can not ping by hostname. I do not have NETBIOS enabled on the VPN policy. I'm using OpenDNS on both sides, so when I try to ping the hostname of the server I get the opendns.com IP back because it couldn't resolve the IP of the hostname during the lookup.
Sorry for the delay in replying. Unfortunately, one end is at home, the other at my wife's business. During the day, I'm at work on the other side of town from both. -
[SOLVED]Connecting to L2TP/IPSec VPN problem: pppd seems not starting
I'm trying to connect to an L2TP/IPsec VPN server, by ipsec-tools + xl2tpd.
Here is my setup:
/etc/racoon.conf:
log debug;
path pre_shared_key "/etc/racoon/psk.txt";
padding {
maximum_length 20;
randomize off;
strict_check off;
exclusive_tail off;
remote anonymous {
exchange_mode main;
doi ipsec_doi;
situation identity_only;
generate_policy on;
nat_traversal on;
proposal_check obey;
proposal {
encryption_algorithm aes 256;
lifetime time 3600 sec;
hash_algorithm sha1;
authentication_method pre_shared_key;
dh_group modp1024;
sainfo anonymous {
lifetime time 3600 sec;
encryption_algorithm aes 256;
authentication_algorithm hmac_sha1;
compression_algorithm deflate;
/etc/racoon/psk.txt:
#broadband
137.189.192.201 the-server-psk
137.189.192.204 the-server-psk
Here the two IPs are the IPs of vpn.cuhk.edu.hk, which is the VPN server.
/etc/xl2tpd/xl2tpd.conf:
[global]
port = 1701
auth file = /etc/ppp/pap-secrets
debug network = yes
debug avp = yes
debug packet = yes
debug state = yes
debug tunnel = yes
[lac connect]
lns = vpn.cuhk.edu.hk
name = vpn-server
redial = yes
redial timeout = 15
max redials = 5
hidden bit = yes
refuse chap = yes
require pap = yes
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
/etc/ppp/pap-secrets:
# Secrets for authentication using PAP
# client server secret IP addresses
myusername * mypassword *
/etc/ppp/options.xl2tpd:
lock
debug
mtu 1000
nobsdcomp
nodeflate
noaccomp
nopcomp
novj
defaultroute
refuse-chap
refuse-mschap
refuse-mschap-v2
connect-delay 5000
name myusername
password mypassword
spd.sh:
#!/bin/sh
Then I do the following:
# 192.168.1.1 is my lan gateway
sudo ip route add 137.189.192.201 via 192.168.1.1
sudo ip route add 137.189.192.204 via 192.168.1.1
# For adding spd, script from the VPN server
echo -e flush\; | sudo setkey -c
echo -e spdflush\; | sudo setkey -c
echo -e spdadd 192.168.1.173/32\[1701\] 0.0.0.0\/0\[0\] any \-P out ipsec esp\/transport\/\/require\; | sudo setkey -c
sudo systemctl start racoon
sudo systemctl start xl2tpd
echo "c connect" | sudo tee /var/run/xl2tpd/l2tp-control
I expect that some network interface like ppp0 will be created, but nothing happened.
Then I check the record, and find something weird in xl2tpd log (from journalctl, racoon and sudo logs skipped):
8月 21 01:13:40 nkdesktop systemd[1]: Stopped Level 2 Tunnel Protocol Daemon (L2TP).
8月 21 01:13:41 nkdesktop systemd[1]: Starting Racoon IKEv1 key management daemon for IPSEC...
8月 21 01:13:41 nkdesktop systemd[1]: Started Racoon IKEv1 key management daemon for IPSEC.
8月 21 01:13:43 nkdesktop systemd[1]: Starting Level 2 Tunnel Protocol Daemon (L2TP)...
8月 21 01:13:43 nkdesktop systemd[1]: Started Level 2 Tunnel Protocol Daemon (L2TP).
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: setsockopt recvref[30]: Protocol not available
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Using l2tp kernel support.
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: xl2tpd version xl2tpd-1.3.6 started on nkdesktop PID:19639
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Forked by Scott Balmos and David Stipp, (C) 2001
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Inherited by Jeff McAdams, (C) 2002
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Forked again by Xelerance (www.xelerance.com) (C) 2006
8月 21 01:13:43 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Listening on IP address 0.0.0.0, port 1701
8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: get_call: allocating new tunnel for host 137.189.192.204, port 1701.
8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Connecting to host vpn.cuhk.edu.hk, port 1701
8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is (null)(0). Tunnel is 0, call is 0.
8月 21 01:13:45 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: sending SCCRQ
8月 21 01:13:46 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select timeout
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select timeout
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 103, tunnel = 30858, call = 0 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 2 (Start-Control-Connection-Reply)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: protocol_version_avp: peer is using version 1, revision 0.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: framing_caps_avp: supported peer frames: async sync
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: bearer_caps_avp: supported peer bearers:
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: firmware_rev_avp: peer reports firmware version 1648 (0x0670)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: hostname_avp: peer reports hostname 'eriwan'
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: vendor_avp: peer reports vendor 'Adtran, l2tpd'
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_tunnel_avp: using peer's tunnel 4733
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: receive_window_size_avp: peer wants RWS of 4. Will use flow control.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Start-Control-Connection-Reply(2). Tunnel is 4733, call is 0.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: sending SCCCN
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Connection established to 137.189.192.204, 1701. Local: 30858, Remote: 4733 (ref=0/0).
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Calling on tunnel 30858
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is (null)(0). Tunnel is 4733, call is 0.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: sending ICRQ
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 12, tunnel = 30858, call = 0 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 28, tunnel = 30858, call = 63662 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 63662
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 11 (Incoming-Call-Reply)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_call_avp: using peer's call 31346
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Incoming-Call-Reply(11). Tunnel is 4733, call is 31346.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: Sending ICCN
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Call established with 137.189.192.204, Local: 63662, Remote: 31346, Serial: 1 (ref=0/0)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: start_pppd: I'm running:
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "/usr/sbin/pppd"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "passive"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "nodetach"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: ":"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "refuse-chap"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "name"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "vpn-server"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "debug"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "file"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "/etc/ppp/options.xl2tpd"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "plugin"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "pppol2tp.so"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "pppol2tp"
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: "7"
8月 21 01:13:47 nkdesktop pppd[19647]: Plugin pppol2tp.so loaded.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 12, tunnel = 30858, call = 0 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 12, tunnel = 30858, call = 63662 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 38, tunnel = 30858, call = 63662 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 63662
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 14 (Call-Disconnect-Notify)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: result_code_avp: peer closing for reason 1 (General request to clear control connection), error = 0 ()
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_call_avp: using peer's call 31346
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Call-Disconnect-Notify(14). Tunnel is 4733, call is 31346.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: Connection closed to 137.189.192.204, serial 1 ()
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: Terminating pppd: sending TERM signal to pid 19647
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: recv packet from 137.189.192.204, size = 38, tunnel = 30858, call = 0 ref=0 refhim=0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: handle_avps: handling avp's for tunnel 30858, call 0
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: message_type_avp: message type 4 (Stop-Control-Connection-Notification)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: assigned_tunnel_avp: using peer's tunnel 4733
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: result_code_avp: peer closing for reason 1 (General request to clear control connection), error = 0 ()
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: message type is Stop-Control-Connection-Notification(4). Tunnel is 4733, call is 0.
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: control_finish: Connection closed to 137.189.192.204, port 1701 (), Local: 30858, Remote: 4733
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: build_fdset: closing down tunnel 30858
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select returned error 9 (Bad file descriptor)
8月 21 01:13:47 nkdesktop xl2tpd[19639]: xl2tpd[19639]: network_thread: select returned error 4 (Interrupted system call)
... then xl2tpd repeatedly trying to build a connection and fails for every 15s ...
I think pppd should have showed more logs, rather than just loading a module.
But I have no idea about what's wrong.
Or did I just forget to turn on the log function of pppd? If so, how should I turn it on?
Anyone can help?
Last edited by nnkken (2014-08-24 08:42:03)Additional information:
Today I decrypted the IPSec ESP packets by Wireshark (what an awesome function) and compared the L2TP message of my ArchLinux and MacOSX to the same VPN Server.
And I found that while both ArchLinux and MacOSX sends Incomming_Call_Connection (ICCN) packet, the packet are quite different:
The ArchLinux ICCN Packet has 2 additional AVP fields: Random Vector AVP and RX Connect Speed AVP.
Also, the Connect Speed AVP (and also the RX Connect Speed AVP) field is 0, which is different from MacOSX (100000).
After the ICCN packet, MacOCX sends a PPP packet over L2TP, while ArchLinux sends nothing and the server sends a Call_Disconnect_Notification to ArchLinux.
Anyone knows whether this is a bug or something wrong in config?
Last edited by nnkken (2014-08-22 20:19:49) -
Problem when applying IPSEC to DMVPN
Hi i have some trouble with DMVPN
i configured NHRP between a HUB and aSPOKE:
HUB
tu0 tu1
| |
ISP
|
tu0,tu1
SPOKE
the HUB has two physical interfaces and two logical interfaces.
The SPOKE has one physical interface and two logical interfaces.
in configured NHRP correctly, the tunnels are detected in the HUB and the SPOKE.
when i add the profile IPSEC to the intefaces i lose tunnel1.
SPOKE1#sh ip nhrp
10.1.1.4/32 via 10.1.1.4, Tunnel0 created 02:22:01, never expire
Type: static, Flags: authoritative used
NBMA address: 190.1.1.1
10.2.2.4/32 via 10.2.2.4, Tunnel1 created 02:18:21, never expire
Type: static, Flags: authoritative used
NBMA address: 190.1.2.1
SPOKE1#debug ip nhrp
tunnel0
*Mar 1 03:50:09.399: NHRP: Attempting to send packet via DEST 10.1.1.4
*Mar 1 03:50:09.399: NHRP: Encapsulation succeeded. Tunnel IP addr 190.1.1.1
*Mar 1 03:50:09.399: NHRP: Send Registration Request via Tunnel0 vrf 0, packet size: 82
*Mar 1 03:50:09.403: src: 10.1.1.1, dst: 10.1.1.4
*Mar 1 03:50:09.403: NHRP: 82 bytes out Tunnel0
*Mar 1 03:50:09.519: NHRP: Receive Registration Reply via Tunnel0 vrf 0, packet size: 102
*Mar 1 03:50:09.519: NHRP: netid_in = 0, to_us = 1
tunnel 1
*Mar 1 03:50:30.575: NHRP: Attempting to send packet via DEST 10.2.2.4
*Mar 1 03:50:30.575: NHRP: Encapsulation succeeded. Tunnel IP addr 190.1.2.1
*Mar 1 03:50:30.575: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 82
*Mar 1 03:50:30.579: src: 10.2.2.1, dst: 10.2.2.4
*Mar 1 03:50:30.579: NHRP: 82 bytes out Tunnel1
*Mar 1 03:50:30.579: NHRP: Resetting retransmit due to hold-timer for 10.2.2.4
no reply from the HUB.
HUB#sh ip nhrp
10.1.1.1/32 via 10.1.1.1, Tunnel0 created 00:05:05, expire 00:08:29
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.11
just tunnel0 is there !
i have also this on the HUB :
*Mar 1 03:58:54.519: %CRYPTO-6-IKMP_MODE_FAILURE: Processing of Quick mode failed with peer at 191.1.1.11 (physical adress of SPOKE1)
configs :
HUB :
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key techservices address 0.0.0.0 0.0.0.0
crypto ipsec transform-set AES_MD5 esp-aes esp-md5-hmac
crypto ipsec profile DMVPN
set transform-set AES_MD5
interface Tunnel0
bandwidth 10000
ip address 10.1.1.4 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 123
ip nhrp authentication dmvpn1
ip nhrp map multicast dynamic
ip nhrp network-id 123
no ip split-horizon eigrp 123
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
interface Tunnel1
bandwidth 10000
ip address 10.2.2.4 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 124
ip nhrp authentication dmvpn2
ip nhrp map multicast dynamic
ip nhrp network-id 124
no ip split-horizon eigrp 124
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 124
tunnel protection ipsec profile DMVPN
router eigrp 123
network 10.1.1.0 0.0.0.255
network 172.16.4.0 0.0.0.255
no auto-summary
router eigrp 124
network 10.2.2.0 0.0.0.255
network 172.16.4.0 0.0.0.255
no auto-summary
SPOKE1:
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key techservices address 0.0.0.0 0.0.0.0
crypto ipsec transform-set AES_MD5 esp-aes esp-md5-hmac
crypto ipsec profile DMVPN
set transform-set AES_MD5
interface Tunnel0
bandwidth 10000
ip address 10.1.1.1 255.255.255.0
ip mtu 1400
ip nhrp authentication dmvpn1
ip nhrp map multicast 190.1.1.1
ip nhrp map 10.1.1.4 190.1.1.1
ip nhrp network-id 123
ip nhrp holdtime 600
ip nhrp nhs 10.1.1.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
interface Tunnel1
bandwidth 10000
ip address 10.2.2.1 255.255.255.0
ip mtu 1400
ip nhrp authentication dmvpn2
ip nhrp map multicast 190.1.2.1
ip nhrp map 10.2.2.4 190.1.2.1
ip nhrp network-id 124
ip nhrp holdtime 600
ip nhrp nhs 10.2.2.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 124
tunnel protection ipsec profile DMVPN
router eigrp 123
network 10.1.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
router eigrp 124
network 10.2.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
regardsbut when i add an other SPOKE there is a problem :
HUB
| |
SPOKE1___ ISP__SPOKE2
HUB:
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set AES_MD5 esp-aes esp-md5-hmac
crypto ipsec profile DMVPN
set transform-set AES_MD5
interface Tunnel0
bandwidth 1000
ip address 10.1.1.4 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 123
ip nhrp authentication dmvpn1
ip nhrp map multicast dynamic
ip nhrp network-id 123
no ip split-horizon eigrp 123
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN
interface Tunnel1
bandwidth 1000
ip address 10.2.2.4 255.255.255.0
no ip redirects
ip mtu 1400
no ip next-hop-self eigrp 124
ip nhrp authentication dmvpn2
ip nhrp map multicast dynamic
ip nhrp network-id 124
no ip split-horizon eigrp 124
tunnel source FastEthernet1/0
tunnel mode gre multipoint
tunnel key 124
tunnel protection ipsec profile DMVPN
router eigrp 123
network 10.1.1.0 0.0.0.255
network 172.16.4.0 0.0.0.255
no auto-summary
router eigrp 124
network 10.2.2.0 0.0.0.255
network 172.16.4.0 0.0.0.255
no auto-summary
SPOKE1 :
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set AES_MD5 esp-aes esp-md5-hmac
crypto ipsec profile DMVPN
set transform-set AES_MD5
interface Tunnel0
bandwidth 1000
ip address 10.1.1.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication dmvpn1
ip nhrp map multicast 190.1.1.1
ip nhrp map 10.1.1.4 190.1.1.1
ip nhrp network-id 123
ip nhrp holdtime 600
ip nhrp nhs 10.1.1.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN shared
interface Tunnel1
bandwidth 1000
ip address 10.2.2.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication dmvpn2
ip nhrp map multicast 190.1.2.1
ip nhrp map 10.2.2.4 190.1.2.1
ip nhrp network-id 124
ip nhrp holdtime 600
ip nhrp nhs 10.2.2.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 124
tunnel protection ipsec profile DMVPN shared
router eigrp 123
network 10.1.1.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
router eigrp 124
network 10.2.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255
no auto-summary
SPOKE2 :
crypto isakmp policy 10
encr aes
hash md5
authentication pre-share
group 2
crypto isakmp key cisco address 0.0.0.0 0.0.0.0
crypto ipsec transform-set AES_MD5 esp-aes esp-md5-hmac
crypto ipsec profile DMVPN
set transform-set AES_MD5
interface Tunnel0
bandwidth 1000
ip address 10.1.1.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication dmvpn1
ip nhrp map multicast 190.1.1.1
ip nhrp map 10.1.1.4 190.1.1.1
ip nhrp network-id 123
ip nhrp holdtime 600
ip nhrp nhs 10.1.1.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 123
tunnel protection ipsec profile DMVPN shared
interface Tunnel1
bandwidth 1000
ip address 10.2.2.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication dmvpn2
ip nhrp map multicast 190.1.2.1
ip nhrp map 10.2.2.4 190.1.2.1
ip nhrp network-id 124
ip nhrp holdtime 600
ip nhrp nhs 10.2.2.4
ip nhrp registration timeout 300
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 124
tunnel protection ipsec profile DMVPN shared
router eigrp 123
network 10.1.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255
no auto-summary
router eigrp 124
network 10.2.2.0 0.0.0.255
network 172.16.2.0 0.0.0.255
no auto-summary
HUB:
HUB#sh ip nhrp
10.1.1.1/32 via 10.1.1.1, Tunnel0 created 00:15:17, expire 00:09:21
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.11
10.1.1.2/32 via 10.1.1.2, Tunnel0 created 00:12:09, expire 00:07:50
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.12
10.2.2.1/32, Tunnel1 created 00:02:57, expire 00:00:07
Type: incomplete, Flags: negative
Cache hits: 7
10.2.2.2/32 via 10.2.2.2, Tunnel1 created 00:12:00, expire 00:07:58
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.12
HUB can't have the NBMA adress for 10.2.2.1 for SPOKE1
HUB#ping 10.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
*Mar 1 00:45:18.431: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel1 netid-out 124
*Mar 1 00:45:18.435: NHRP: Checking for delayed event 0.0.0.0/10.2.2.1 on list (Tunnel1).
*Mar 1 00:45:18.435: NHRP: No node found..
*Mar 1 00:45:07.131: NHRP: MACADDR: if_in null netid-in 0 if_out Tunnel1 netid-out 124
*Mar 1 00:45:07.131: NHRP: Checking for delayed event 0.0.0.0/10.2.2.1 on list (Tunnel1).
*Mar 1 00:48:30.759: NHRP: Checking for delayed event 0.0.0.0/10.2.2.1 on list (Tunnel1).
*Mar 1 00:48:30.763: NHRP: No node found.
*Mar 1 00:48:30.763: NHRP: Attempting to send packet via DEST 10.2.2.1
*Mar 1 00:48:30.767: NHRP: Send Resolution Request via Tunnel1 vrf 0, packet size: 82
*Mar 1 00:48:30.771: src: 10.2.2.4, dst: 10.2.2.1
*Mar 1 00:48:30.771: NHRP: Encapsulation failed for destination 10.2.2.1 out Tunnel1
SPOKE1#
*Mar 1 00:53:38.695: NHRP: Setting retrans delay to 64 for nhs dst 10.2.2.4
*Mar 1 00:53:38.699: NHRP: Attempting to send packet via DEST 10.2.2.4
*Mar 1 00:53:38.699: NHRP: Encapsulation succeeded. Tunnel IP addr 190.1.2.1
*Mar 1 00:53:38.703: NHRP: Send Registration Request via Tunnel1 vrf 0, packet size: 82
*Mar 1 00:53:38.711: src: 10.2.2.1, dst: 10.2.2.4
*Mar 1 00:53:38.715: NHRP: 82 bytes out Tunnel1
no reply from the HUB
SPOKE1#ping 10.2.2.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.2.4, timeout is 2 seconds:
Success rate is 0 percent (0/5)
the SPOKE can't reach 10.2.2.4
after a few time :
HUB#sh ip nhrp
10.1.1.1/32 via 10.1.1.1, Tunnel0 created 00:25:03, expire 00:09:35
Type: dynamic, Flags: authoritative unique registered used
NBMA address: 191.1.1.11
10.1.1.2/32 via 10.1.1.2, Tunnel0 created 00:21:55, expire 00:08:03
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.12
10.2.2.2/32 via 10.2.2.2, Tunnel1 created 00:21:47, expire 00:08:12
Type: dynamic, Flags: authoritative unique registered
NBMA address: 191.1.1.12
only 3 tunnels -
IPSec Certificate Authentication from Linux Strongswan client to Windows Advanced Firewall (2012)
Hi,
Has anybody had any success in getting a Linux Strongswan client (or Openswan) to connect to a win2012 Advanced Firewall using certificates and IPSec? My Security Connection Rule requires authentication both inbound and outbound. The cert is
installed correctly on the Linux box.
I can get a connection using pre-shared keys, but haven't been able to establish a Quick Mode session when using certs. I've tried (literally) hundreds of different configs without success. Event log shows either 'No Policy Configured' or 'Unknown
Authentication'.
Windows clients can connect correctly with certs. I've deliberately excluded details as the Linux config can be setup in so many different ways, i'd rather start by looking at someone elses config that works (if that actually exists).
Thanks
MickHi,
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thanks for your understanding and support.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
How to reduce the IPSec VPN connection establishment time
Hi,
I set up an IPSec VPN with NAT-T between two cisco router 871. In particular one router acts as a SERVER and the other one as a CLIENT. All the traffic coming from the hosts connected to the CLIENT-router is sent over the VPN (no split tunnel). Everything works perfectly.
The only problem is the amount of time the VPN takes to establish the first connection between the two routers. In particular it takes about two minutes.
Could anybody tell me if this amount of time can be reduced (with a partcular configuration instruction)?
Or this is the minimum amount of time required for the first connection establishment?
Thank you for your help.Sara,
Two minutes sound like a lot of time even with a super slow Internet connection. Could you share your configs to see if there is anything on the VPN config that is adding such a huge delay? The connection stablishment shouldnt take more than a few seconds.
Thanks,
Raga
Maybe you are looking for
-
Hi All, I have completed of creating objects and testing in development for a project. I have created infoobjects, infosources, ods's and cubes and now i have to send them to quality system. i have a task before sending them.It is to organize the obj
-
10g UIX Where to put ResourceBundle?
I'm looking at putting all my Strings in a ResourceBundle for my UIX pages. I've read the documentation for Internationalization, but I think the piece that I'm missing is where to put the properties file. Say I've got a file called 'strings.properti
-
Compare tables in two schemas for the table with particular column & value
Hello All, I have a query to find out the list of table from a given schema to extract all the tables having a search column . ex : SELECT OWNER, TABLE_NAME, COLUMN_NAME FROM ALL_TAB_COLUMNS WHERE OWNER='<SCHEMA_NAME>' AND COLUMN_NAME='<COLUMN_NAME>'
-
"reconnect" old events to the Event Library
I imported a bunch of DV tapes last spring(onto HDD "iMovie VIdeos 1") and everything worked great, but I hadn't used iMovie since then, until this week. I'm now importing old VHS tapes(onto HDD "iMovie VIdeos 2"). This importing is also going well.
-
Contacts have not synced in blackberry bridge.
How do I sync my contacts in blackberry bridge on my playbook? Everything else is fine.