L2L VPN with source and destination NAT

Similar Messages

• How to keep sort order in Shuttle item's source and destination boxes?

  I have defined a shuttle item on a page and the list of values in the source box is populated by a SQL with sort order specified. In the Settings of the shuttle item, Show Controls value is set to Moving Only instead of All. When a user moves selected values from the source box to the destination box or vice versa, the list of values does not maintain the original sort order. For example, if I have 26 values A through Z, a user can put value Z before A in the destination box. And when a user move A from the destination box to the source box, A is the last item in the source box. The reset button clears everything in the destination box and resets the source box to the original sorted list. This is not the solution that I am looking for. I would like to see the items in the source and destination boxes to maintain their original sort order all the time.
  Is it possible?
  APEX v4.0.1.00.03
  Oracle 11g (v11.2.0.1.0)

  Hi,
  See if this post help
  Re: Sort Shuttle Right
  Regards,
  Jari

• Dbms_lob.getlength() returns different source and destination lengths

  I am fairly new to PL/SQL so maybe this is an obvious problem but here goes. I am updating a clob field with a text file ~5KB in size. The field updates fine (as far as I can tell). Before I update the field, I open the source file as a bfile and then inquire the length using dbms_lob.getlength(). I then update the clob field using dbms_lob.loadclobfromfile(). This seems to work fine. However, when I use dbms_lob.getlength() on the destination object returned by dbms_lob.loadclobfromfile(), I get a length 3 characters less than then the source object (5072 vs 5075). Both the source and destination offsets are set to 1.
  Probing on what documentation I could find, I found this at http://download.oracle.com/docs/cd/B28359_01/appdev.111/b28419/d_lob.htm#i998484:
  "The length returned for a BFILE includes the EOF, if it exists. Any 0-byte or space filler in the LOB caused by previous ERASE or WRITE operations is also included in the length count. The length of an empty internal LOB is 0."
  I did not create the source file and I believe it is a Unix type file (because of the lack of CRs) and I am running on Windows 7. I am also using 11g Express. Could the use of a Unix-type file for a CLOB on a Windows system be causing this character count difference?
  Once I found this issue I can work around it. I just want to understand what is going on.
  Thanks to all who look at this.

  The EOF and the LF versus CR/LF could influence the count difference, yes.
  Another explain could possibly be character set conversions. The BFILE I believe counts bytes, a CLOB would count "characters" - so if the source happens to contain a few multibyte characters (UTF), then the byte count would be larger than the character count.
  To help you find the cause for your exact file, then I can suggest a couple of things you might do to explore the issue:
  <li>Load the file into a BLOB instead of a CLOB and see what getlength() returns for the BLOB. BLOBs would also do byte counts and not try to treat the source as text.
  <li>Save the CLOB back into the filesystem and compare the original file with the exported CLOB and check the differences with some filecompare tool.

• Could nt complete your request because source and destination files are the same

  Hi, thank you for reading.
  I'm having this problem and it's driving me nuts.
  I'm actually following a tutorial that you can check out here: http://nightshifted.tumblr.com/post/2559360661/tutorial-paused-animations
  basically I'm trying to do a animated gif with canvas (I'm sorry if my english is not so great). when I try to drag the layers into the canvas (step 2 of the tutorial), I get the error: "could not complete your request because source and destination are the same".
  can anybody help me? I have both CS3 and CS5 and they the error appears in both.
  thank you in advanced

  I think they mean select the layers and frames and using the move tool, drag
  inside the document (click inside the document window and drag) to move the
  selected layers to the top half  (transparent area), not to drag the layers from
  the layers palette into the document, which would give that error.
  MTSTUNER

• Dynamic source and destination tables

  Hi all
  I've got to import 142 tables from csv into SQL 2008 on a regular basis.
  I was looking at building a 142-part SSIS package to do this, then thought there must be a dynamic way of doing it.
  Is there any way of dynamically changing the source and and destination tables?
  The csv filenames will remain identical, the SQL tables will be the same names but with "_Staging" at the end of them (e.g. SRSection.csv will always go into SRSection_Staging).
  I can then write MERGE statements to update the main tables from the staging data.
  Any help on this would be greatly appreciated.
  I get the the feeling I would need a FOREACH LOOP container but I'd really aprreciate a step-by-step guide if you can.

  Please check this :- http://sql-bi-dev.blogspot.com/2010/07/dynamic-database-connection-using-ssis.html  
  STEP1:
  To begin, Create two tables as shown below in on of the environment:
  -- Table to store list of Sources
  CREATE TABLE SourceList (
     ID [smallint],
     ServerName [varchar](128),
     DatabaseName [varchar](128),
     TableName [varchar](128),
     ConnString [nvarchar](255)
  GO
  -- Local Table to store Results
  CREATE TABLE Results(
     TableName  [varchar](128),
     ConnString [nvarchar](255),
     RecordCount[int],
     ActionTime [datetime]
  GO
  STEP 2:
  Insert all connection strings in SourceList table using below script:
  INSERT INTO SourceList
  SELECT 1 ID,
  '(local)' ServerName,
  --Define required Server
  'TestHN' DatabaseName,--Define DB Name
  'TestTable' TableName,
  'Data Source=(local);Initial Catalog=TestHN;Provider=SQLNCLI10.1;Integrated Security=SSPI;Auto Translate=False;' ConnString
  Insert as many connections as you want.
  STEP 3:
  Add new package in your project and rename it with ForEachLoopMultipleServers.dtsx. Add following variable:
  Variable
  Type
  Value
  Purpose
  ConnString
  String
  Data Source=(local);
  Initial Catalog=TestHN;
  Provider=SQLNCLI10.1;
  Integrated Security=SSPI;
  Auto Translate=False;
  To store default connection string
  Query
  String
  SELECT '' TableName,
  N'' ConnString,
  0 RecordCount,
  GETDATE() ActionTime
  Default SQL Query string.
  This can be modified at runtime based on other variables
  SourceList
  Object
  System.Object
  To store the list of connection strings
  SourceTable
  String
  Any Table Name.
  It can be blank.
  To store the table name of current connection string.
  This table will be queried at run time
  STEP 4:
  Create two connection managers as shown below:
  Local.TestHN: For local database which has table SourceList. Also this will be used to store the result in Results table.
  DynamicConnection: This connection will be used for setting up dynamic connection with multiple servers.
  Now click on DynamicConnection in connection manager and click on ellipse to set up dynamic connection string. Map connection String with variable
  User::ConnString.
  STEP 5:
  Drag and drop Execute SQL Task and rename with "Execute SQL Task - Get List of Connection Strings". Now click on properties and set following values as shown in snapshot:
  Result Set: Full Result Set
  Connection: Local.TestHN
  ConnectionType: Direct Input
  SQL Statement: SELECT ConnString,TableName FROM SourceList
  Now click on Result Set to store the result of SQL Task in variable User::SourceList.
  STEP 6:
  Drag and drop ForEach Loop container from toolbox and rename with "Foreach Loop Container - DB Tables". Double click on ForEach Loop container to open Foreach Loop Editor. Click on Collection  and select
  Foreach ADO Enumerator as Enumerator. In Enumerator configuration, select User::SourceList as ADO object source variable as shown below:
  STEP 7: Drag and drop Script Task inside ForEach Loop container and double click on it to open Script Task Editor. Select
  User::ConnString,User::SourceTable as
  ReadOnlyVariables and User::Query as
  ReadWriteVariables. Now click on Edit Script button and write following code in Main function:
  public void Main()
  try
  String Table = Dts.Variables["User::SourceTable"].Value.ToString();
  String ConnString = Dts.Variables["User::ConnString"].Value.ToString();
  MessageBox.Show("SourceTable = " + Table +
  "\nCurrentConnString = " + ConnString);
  //SELECT '' TableName,N'' ConnString,0 RecordCount,GETDATE() ActionTime
  string SQL = "SELECT '" + Table +
  "' AS TableName, N'" + ConnString +
  "' AS ConnString, COUNT (*) AS RecordCount, GETDATE() AS ActionTime FROM " + Dts.Variables["User::SourceTable"].Value.ToString() +
  " (NOLOCK)";
        Dts.Variables["User::Query"].Value = SQL;
        Dts.TaskResult = (int)ScriptResults.Success;
  catch (Exception e)
        Dts.Log(e.Message, 0,
  null);
  STEP 8:
  Drag and drop Data Flow Task and double click on it to open Data Flow tab. Add OLE DB Source and Destination. Double click on OLE DB Source to configure the properties. Select
  DynamicConnection as OLE DB connection manager and
  SQL command from variable as Data access mode. Select variable name as User::Query. Now click on
  columns to genertae meta data.
  Double click on OLE DB Destination to configure the properties. Select Local.TestHN as
  OLE DB connection manager and Table or view - fast load as
  Data access mode. Select [dbo].[Results] as Name of the table or the view. now click on
  Mappings to map the columns from source. Click OK and save changes.
  Finally DFT will look like below snapshot:
  STEP 9: We are done with package development and its time to test the package.
  Right click on the package in Solution Explorer and select execute. The message box will display you the current connection string.
   Once you click OK, it will execute Data Flow Task and load the record count in Results table. This will be iterative process untill all the connection are done. Finally package will execute successfully.
  You can check the data in results table:
  Here is the result:
  SELECT *
  FROM SourceList
  SELECT *
  FROM Results
  Regards, Pradyothana DP. Please Mark This As Answer if it solved your issue. Please Mark This As Helpful if it helps to solve your issue. ========================================================== http://www.dbainhouse.blogspot.in/

• HPCM custom driver use source and destination

  Hi All,
  I'm using HPCM 12.1.2, I need your help to create one custom driver that uses information from source and destination. I need to use 1 dimension of source and 2 of destination.
  I have the situation bellow:
  STAGE1 (SOURCE)
  Dim1 Machine
  Dim2 Account
  STAGE2 (DESTINATION)
  Dim1 Process
  Dim2 Operation
  Dim 3 Account
  Measure: Time used in the Machine
  The infromation is extracted:
  Machine1 - Process1 - Operation1 = 10 Hours
  Machine1 - Process1 - Operation2 = 9 Hours
  Machine2 - Process1 - Operation1 = 13 Hours
  How can I create one Driver that I could use these informations? It is possible?
  Thanks in Advance
  Diogo
  Edited by: user10432898 on 15/05/2012 14:21

  Hi Alex,
  You have to increase the Max Row size limit in Xcelsius.
  Goto >> File menu >> Preferences >> Increase the "Max Row Sixe"  by default it will be 500 you can increase it as per the requirement.
  Regards,
  AnjaniKumar C.A.

• Source Nat and Destination Nat

  Is any of the above working in the ACE OR CSM module by default?
  What is an advantage of configuring destination NAT on the ACE Box?

  Hello,
  On both the CSM and ACE, destination NAT (a.k.a. server nat) is enabled by default in a serverfarm. Source NAT needs to be manually configured on both devices, as it is not a default configuration.
  In server load balancing, destination NAT is very common. When clients connect to a VIP on the load balancer, the load balancer will then choose a real server the send the connection to. The destination IP address of the client-to-server traffic will be NAT'd from the virtual IP address (VIP) to the real server's IP address. The server's reply will be sourced with the real server's IP address, initially. The load balancer will again perform NAT to change the source IP address from the real server's IP address back to the VIP address prior to forwarding the response back to the client. This way, the client only knows about the VIP address, and not the real server's IP address.
  Best regards,
  Sean

• L2L vpn with Palo Alto Firewall

  I am setting up a l2l tunnel with a palo alto firewall and having trouble.  It is a fairly simple setup, we are encrypting public to public traffic for sftp upload from the asa side.  Here are the relevant parts of the config and various outputs...  Remote side admin states that phase 1 passes and we experience a timeout waiting for phase 2.  Any help would be appreciated.
  1.1.1.1 (customer2 destination address)
  1.1.1.2 (customer2 vpn gateway)
  2.2.2.0 (local public ip space)
  name 1.1.1.1 CustomerVPN2 description Customer VPN2
  access-list Inside_nat0_outbound extended permit ip 2.2.2.0 255.255.255.240 host CustomerVPN2
  access-list Outside_4_cryptomap extended permit ip 2.2.2.0 255.255.255.240 host CustomerVPN2
  crypto map Outside_map 4 match address Outside_4_cryptomap
  crypto map Outside_map 4 set connection-type originate-only
  crypto map Outside_map 4 set peer 1.1.1.2
  crypto map Outside_map 4 set transform-set ESP-AES-256-SHA
  crypto isakmp policy 50
  authentication pre-share
  encryption aes-256
  hash sha
  group 2
  lifetime 86400
  tunnel-group 1.1.1.2 type ipsec-l2l
  tunnel-group 1.1.1.2 ipsec-attributes
  pre-shared-key *
  sh crypto isakmp (notice listed as type:user)
  8   IKE Peer: 1.1.1.2
      Type    : user            Role    : initiator
      Rekey   : no              State   : MM_WAIT_MSG2
  debug crypto ipsec (Looks like it tries all crypto maps except the relevant one)
  IPSEC(crypto_map_check): crypto map Outside_map 1 does not hole match for ACL Outside_1_cryptomap.
  IPSEC(crypto_map_check): crypto map Outside_map 2 does not hole match for ACL Outside_2_cryptomap.
  IPSEC(crypto_map_check): crypto map Outside_map 3 does not hole match for ACL Outside_3_cryptomap.
  IPSEC(crypto_map_check): crypto map Outside_map 3 does not hole match for ACL OO_temp_Outside_map3.
  and finally.
  Oct 03 10:39:09 [IKEv1]: IP = 1.1.1.2, Removing peer from peer table faile
  d, no match!
  Oct 03 10:39:09 [IKEv1]: IP = 1.1.1.2, Error: Unable to remove PeerTblEntr

  Thanks Lee and Manish
  I have no access to the palo alto logs.  I am working with the admin at the other end and this is what he said.  I used the real ip's because it was getting too confusing... 
  I figured out what is wrong.  It didn’t click at first but because my firewall uses “route-based” VPNs as opposed to the “policy-based” VPNs on an ASA, I need to specify a route for your source address(es) which is 66.x.x.48/28.  The issue with that is when my gateway tries to respond to your gateway IKE packets, it is trying to send it over the route that I specified, since 66.x.x.62 is included in this network, and the firewall tries to send the IKE response packets over the tunnel that doesn’t exist.  I changed the route to be 66.x.x.48/32 and it was successful with IKE phase 1 but fails on phase 2 because it is sourcing from 66.x.x.62/32.
  So long story short of what we need to do.  Either you need to NAT your internal address to a different public IP on that firewall or I can assign you a transit network IP (such as 192.168.74.55 or something) and you would NAT that internal address to that transit IP
  Not sure how to translate the traffic for this vpn without changing the global nat, it looks like policy nat is the solution.

• MS NLB with ASA and Static NAT from PUP to NLB IP

  Hi all,
  I am trying to get MS NLB up and running.  It is almost all working.  Below is my physical setup.
  ASA 5510 > Cat 3750X >2x ESXi 5.1 Hosts > vSwitch > Windows 2012 NLB Guest VMs.
  I have two VMs runing on two different ESXi hosts.  They have two vNICs.  One for managment and one for inside puplic subnet.  The inside puplic subnet NICs are in the NLB cluster.  The inside public subnet is NATed on the ASA to a outide public IP.
  192.168.0.50 is the 1st VM
  192.168.0.51 is the 2nd VM
  192.168.0.52 is the cluster IP for heartbeat
  192.168.0.53 is the cluster IP for NLB traffic.
  0100.5e7f.0035 is the cluster MAC.
  The NLB cluster is using MULTICAST
  I have read the doumentation for both the ASA and CAT switch for adding a static ARP using the NLB IP and NLB MAC. 
  For the ASA I found
  http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/mode_fw.html#wp1226249
  ASDM
  Configuration > Device Management > Advanced > ARP > ARP Static Table
  I was able to add my stic ARP just fine.
  However, the next step was to enable ARP inspection.
  Configuration > Device Management > Advanced > ARP > ARP Inspection
  My ASDM does not list ARP Inspection, only has the ARP Static Table area. Not sure about this.
  For the CAT Switch I found
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
  I added the both the ARP and Static MAC.  For the static MAC I used the VLAN ID of the inside public subnet and the interfaces connected to both ESXi hosts.
  On the ASA I added a static NAT for my outside Public IP to my inside pupblic NLB IP and vise versa.  I then added a DNS entry for our domain to point to the outside public IP.  I also added it to the public servers section allowing all IP traffic testing puproses.
  At any rate the MS NLB is working ok. I can ping both the Public IP and the Inside NLB IP just fine from the outside. (I can ping the inside NLB IP becuase I'm on a VPN with access to my inside subnets)  The problem is when I go to access a webpade from my NLB servers using the DNS or the Public IP I get a "This Page Can't Be Displyed" messgae.  Now while on the VPN if I use the same URL but insied use the NLB IP and not the Public IP it works fine. 
  So I think there is soemthing wrong with the NATing of the Public to NLB IP even tho I can ping it fine.  Below is my ASA Config. I have bolded the parts of Interest.
  Result of the command: "show run"
  : Saved
  ASA Version 8.4(4)9
  hostname MP-ASA-1
  enable password ac3wyUYtitklff6l encrypted
  passwd ac3wyUYtitklff6l encrypted
  names
  dns-guard
  interface Ethernet0/0
  nameif outside
  security-level 0
  ip address 198.XX.XX.82 255.255.255.240
  interface Ethernet0/1
  description Root Inside Interface No Vlan
  speed 1000
  duplex full
  nameif Port-1-GI-Inside-Native
  security-level 100
  ip address 10.1.1.1 255.255.255.0
  interface Ethernet0/1.2
  description Managment LAN 1 for Inside Networks
  vlan 2
  nameif MGMT-1
  security-level 100
  ip address 192.168.180.1 255.255.255.0
  interface Ethernet0/1.3
  description Managment LAN 2 for Inside Networks
  vlan 3
  nameif MGMT-2
  security-level 100
  ip address 192.168.181.1 255.255.255.0
  interface Ethernet0/1.100
  description Development Pubilc Network 1
  vlan 100
  nameif DEV-PUB-1
  security-level 50
  ip address 192.168.0.1 255.255.255.0
  interface Ethernet0/1.101
  description Development Pubilc Network 2
  vlan 101
  nameif DEV-PUB-2
  security-level 50
  ip address 192.168.2.1 255.255.255.0
  interface Ethernet0/1.102
  description Suncor Pubilc Network 1
  vlan 102
  nameif SUNCOR-PUB-1
  security-level 49
  ip address 192.168.3.1 255.255.255.0
  interface Ethernet0/1.103
  description Suncor Pubilc Network 2
  vlan 103
  nameif SUNCOR-PUB-2
  security-level 49
  ip address 192.168.4.1 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  boot system disk0:/asa844-9-k8.bin
  ftp mode passive
  clock timezone PST -8
  clock summer-time PDT recurring
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network Inside-Native-Network-PNAT
  subnet 10.1.1.0 255.255.255.0
  description Root Inisde Native Interface Network with PNAT
  object network ASA-Outside-IP
  host 198.XX.XX.82
  description The primary IP of the ASA
  object network Inside-Native-Network
  subnet 10.1.1.0 255.255.255.0
  description Root Inisde Native Interface Network
  object network VPN-POOL-PNAT
  subnet 192.168.100.0 255.255.255.0
  description VPN Pool NAT for Inside
  object network DEV-PUP-1-Network
  subnet 192.168.0.0 255.255.255.0
  description DEV-PUP-1 Network
  object network DEV-PUP-2-Network
  subnet 192.168.2.0 255.255.255.0
  description DEV-PUP-2 Network
  object network MGMT-1-Network
  subnet 192.168.180.0 255.255.255.0
  description MGMT-1 Network
  object network MGMT-2-Network
  subnet 192.168.181.0 255.255.255.0
  description MGMT-2 Network
  object network SUNCOR-PUP-1-Network
  subnet 192.168.3.0 255.255.255.0
  description SUNCOR-PUP-1 Network
  object network SUNCOR-PUP-2-Network
  subnet 192.168.4.0 255.255.255.0
  description SUNCOR-PUP-2 Network
  object network DEV-PUB-1-Network-PNAT
  subnet 192.168.0.0 255.255.255.0
  description DEV-PUB-1-Network with PNAT
  object network DEV-PUB-2-Network-PNAT
  subnet 192.168.2.0 255.255.255.0
  description DEV-PUB-2-Network with PNAT
  object network MGMT-1-Network-PNAT
  subnet 192.168.180.0 255.255.255.0
  description MGMT-1-Network with PNAT
  object network MGMT-2-Network-PNAT
  subnet 192.168.181.0 255.255.255.0
  description MGMT-2-Network with PNAT
  object network SUNCOR-PUB-1-Network-PNAT
  subnet 192.168.3.0 255.255.255.0
  description SUNCOR-PUB-1-Network with PNAT
  object network SUNCOR-PUB-2-Network-PNAT
  subnet 192.168.4.0 255.255.255.0
  description SUNCOR-PUB-2-Network with PNAT
  object network DEV-APP-1-PUB
  host 198.XX.XX.XX
  description DEV-APP-2 Public Server IP
  object network DEV-APP-2-SNAT
  host 192.168.2.120
  description DEV-APP-2 Server with SNAT
  object network DEV-APP-2-PUB
  host 198.XX.XX.XX
  description DEV-APP-2 Public Server IP
  object network DEV-SQL-1
  host 192.168.0.110
  description DEV-SQL-1 Inside Server IP
  object network DEV-SQL-2
  host 192.168.2.110
  description DEV-SQL-2 Inside Server IP
  object network SUCNOR-APP-1-PUB
  host 198.XX.XX.XX
  description SUNCOR-APP-1 Public Server IP
  object network SUNCOR-APP-2-SNAT
  host 192.168.4.120
  description SUNCOR-APP-2 Server with SNAT
  object network SUNCOR-APP-2-PUB
  host 198.XX.XX.XX
  description DEV-APP-2 Public Server IP
  object network SUNCOR-SQL-1
  host 192.168.3.110
  description SUNCOR-SQL-1 Inside Server IP
  object network SUNCOR-SQL-2
  host 192.168.4.110
  description SUNCOR-SQL-2 Inside Server IP
  object network DEV-APP-1-SNAT
  host 192.168.0.120
  description DEV-APP-1 Network with SNAT
  object network SUNCOR-APP-1-SNAT
  host 192.168.3.120
  description SUNCOR-APP-1 Network with SNAT
  object network PDX-LAN
  subnet 192.168.1.0 255.255.255.0
  description PDX-LAN for S2S VPN
  object network PDX-Sonicwall
  host XX.XX.XX.XX
  object network LOGI-NLB--SNAT
  host 192.168.0.53
  description Logi NLB with SNAT
  object network LOGI-PUP-IP
  host 198.XX.XX.87
  description Public IP of LOGI server for NLB
  object network LOGI-NLB-IP
  host 192.168.0.53
  description LOGI NLB IP
  object network LOGI-PUP-SNAT-NLB
  host 198.XX.XX.87
  description LOGI Pup with SNAT to NLB
  object-group network vpn-inside
  description All inside accessible networks
  object-group network VPN-Inside-Networks
  description All Inside Nets for Remote VPN Access
  network-object object Inside-Native-Network
  network-object object DEV-PUP-1-Network
  network-object object DEV-PUP-2-Network
  network-object object MGMT-1-Network
  network-object object MGMT-2-Network
  network-object object SUNCOR-PUP-1-Network
  network-object object SUNCOR-PUP-2-Network
  access-list acl-vpnclinet extended permit ip object-group VPN-Inside-Networks any
  access-list outside_access_out remark Block ping to out networks
  access-list outside_access_out extended deny icmp any any inactive
  access-list outside_access_out remark Allow all traffic from inside to outside networks
  access-list outside_access_out extended permit ip any any
  access-list outside_access extended permit ip any object LOGI-NLB--SNAT
  access-list outside_access extended permit ip any object SUNCOR-APP-2-SNAT
  access-list outside_access extended permit ip any object SUNCOR-APP-1-SNAT
  access-list outside_access extended permit ip any object DEV-APP-2-SNAT
  access-list outside_access extended permit ip any object DEV-APP-1-SNAT
  access-list outside_cryptomap extended permit ip object-group VPN-Inside-Networks object PDX-LAN
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu Port-1-GI-Inside-Native 1500
  mtu MGMT-1 1500
  mtu MGMT-2 1500
  mtu DEV-PUB-1 1500
  mtu DEV-PUB-2 1500
  mtu SUNCOR-PUB-1 1500
  mtu SUNCOR-PUB-2 1500
  mtu management 1500
  ip local pool Remote-VPN-Pool 192.168.100.1-192.168.100.20 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any outside
  icmp permit any Port-1-GI-Inside-Native
  icmp permit any MGMT-1
  icmp permit any MGMT-2
  icmp permit any DEV-PUB-1
  icmp permit any DEV-PUB-2
  icmp permit any SUNCOR-PUB-1
  icmp permit any SUNCOR-PUB-2
  asdm image disk0:/asdm-649-103.bin
  no asdm history enable
  arp DEV-PUB-1 192.168.0.53 0100.5e7f.0035 alias
  arp timeout 14400
  no arp permit-nonconnected
  nat (Port-1-GI-Inside-Native,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (DEV-PUB-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (DEV-PUB-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (MGMT-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (MGMT-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (SUNCOR-PUB-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (SUNCOR-PUB-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (DEV-PUB-1,outside) source static DEV-PUP-1-Network DEV-PUP-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (DEV-PUB-2,outside) source static DEV-PUP-2-Network DEV-PUP-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (MGMT-1,outside) source static MGMT-1-Network MGMT-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (MGMT-2,outside) source static MGMT-2-Network MGMT-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (Port-1-GI-Inside-Native,outside) source static Inside-Native-Network Inside-Native-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (SUNCOR-PUB-1,outside) source static SUNCOR-PUP-1-Network SUNCOR-PUP-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (SUNCOR-PUB-2,outside) source static SUNCOR-PUP-2-Network SUNCOR-PUP-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  object network Inside-Native-Network-PNAT
  nat (Port-1-GI-Inside-Native,outside) dynamic interface
  object network VPN-POOL-PNAT
  nat (Port-1-GI-Inside-Native,outside) dynamic interface
  object network DEV-PUB-1-Network-PNAT
  nat (DEV-PUB-1,outside) dynamic interface
  object network DEV-PUB-2-Network-PNAT
  nat (DEV-PUB-2,outside) dynamic interface
  object network MGMT-1-Network-PNAT
  nat (MGMT-1,outside) dynamic interface
  object network MGMT-2-Network-PNAT
  nat (MGMT-2,outside) dynamic interface
  object network SUNCOR-PUB-1-Network-PNAT
  nat (SUNCOR-PUB-1,outside) dynamic interface
  object network SUNCOR-PUB-2-Network-PNAT
  nat (SUNCOR-PUB-2,outside) dynamic interface
  object network DEV-APP-2-SNAT
  nat (DEV-PUB-2,outside) static DEV-APP-2-PUB
  object network SUNCOR-APP-2-SNAT
  nat (SUNCOR-PUB-2,outside) static SUNCOR-APP-2-PUB
  object network DEV-APP-1-SNAT
  nat (DEV-PUB-1,outside) static DEV-APP-1-PUB
  object network SUNCOR-APP-1-SNAT
  nat (SUNCOR-PUB-1,outside) static SUCNOR-APP-1-PUB
  object network LOGI-NLB--SNAT
  nat (DEV-PUB-1,outside) static LOGI-PUP-IP
  object network LOGI-PUP-SNAT-NLB
  nat (outside,DEV-PUB-1) static LOGI-NLB-IP
  access-group outside_access in interface outside
  access-group outside_access_out out interface outside
  route outside 0.0.0.0 0.0.0.0 198.145.120.81 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.168.1.0 255.255.255.0 outside
  http 10.1.1.0 255.255.255.0 Port-1-GI-Inside-Native
  http 192.168.180.0 255.255.255.0 MGMT-1
  http 192.168.100.0 255.255.255.0 Port-1-GI-Inside-Native
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
    inspect icmp error
  service-policy global_policy global
  prompt hostname context
  call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:d6f9f8e2113dc03cede9f2454dba029b
  : end
  Any help would be great! I think the issue is in teh NAT as I am able to access NLB IP from the outside and could not do that before adding the Static ARP stuff. 
  Thanks,
  Chris

  Also If I change to NAT from the public IP to the NLB IP to use either one of the phsyical IPs of the NLB cluster (192.168.0.50 or 51) it works fine when using the public IP.  So it's definatly an issue when NATing the VIP of NLB cluster.
  Chris

• SQL Server replication and size differences of source and destination databases

  I set up snapshot replication for a DB between two SQL instances.  On the source instance, the DB shows as 106612.56MB with 34663.75MB as available free space.  I expected that the replica would then end up being 71948.81MB (106612.56 - 34663.75
  because it wouldn't replicate the white space).  The resultant replica database is showing as 35522.94MB.  The required data appears to be present in the replicated DB as the SSRS reports that use it are able to find the data they look for.  But
  why the large discrepancy in size between the source and replicated DB?  The replicated DB is less than 1/2 the size of the source DB.  I've searched around and can't seem to find any explanation.  I realize this isn't mirroring so the DBs will
  not be identical in size but I did not expect to see such a large difference between the two.  I am replicating all almost all articles (tables, stored procs, etc.) with the exception of a handful of stored procedures and user-defined functions that either
  reference invalid column names in a table (vendor bug) or reference another DB that is not present on the replica's instance.  I would expect these 4-5 articles can not account for a 37000 MB size difference between the two DBs.
  Please note that this has nothing to do with transaction log size.  I am specifically talking about the database size and am not looking at the size that combines both DB and TxLog size.
  Any insight?

  Another factor could be that on the publisher the data is distributed through pages, paragraphs and extents. Depending on your fill factor and the amount of deletes and your datatype, there could be space in the pages, paragraphs and extents which have not
  been reclaimed.
  During the bcp process which is part of the snapshot application process on the subscriber all the data will be in the tables in a contiguous fashion. I would suspect this would be why you have the difference in space usage.
  looking for a book on SQL Server 2008 Administration?
  http://www.amazon.com/Microsoft-Server-2008-Management-Administration/dp/067233044X looking for a book on SQL Server 2008 Full-Text Search?
  http://www.amazon.com/Pro-Full-Text-Search-Server-2008/dp/1430215941

• Source and destination clarification needed

  Hi Guys,
  We are using SRM as an add-on component to ECC 6.0. We are on SRM Server 5.5. In the defination of backend system SAP asked us to create 4 entries.
  1. ONECLNTERP : RFC tick is on
  2. ONECLNTEBP:
  3. ONECLNTSUS:
  4. XXXCLNTYYY: Local tick is on.
  So this means 'ONECLNTERP' is my backend system i.e. ECC 6.0 and 'XXXCLNTYYY' is my local system.
  Now while defining backend system for Product category there is one 'Source System and there is 'Target system'. Source System: System from which master data is replicated. So this should be my SRM system (as Product category is a part of SRM) or this should be ECC (as My product categories are copy of material group from ECC).
  Target system is the system into which follow-on document of SC is transfered i.e. Backend ECC system.
  Am I correct to say the above. I'm confused about which system is source and which system is destination.
  While defining the Account Assignement category and defining the PR document type I'm facing the same problem as I've to define the source system.
  Can anybody clarify me??
  Thanks
  Debashish

  Hello Deb,
  I have not worked on ECC 6.0.
  But logically speaking the
  source system - has to be yr ECC as SRM would be taking the ref of matl masters from there only
  Target system - would be yr same ECC again if you are using only one backend (and I think you are)
  (if you are using multiple backend and you want followon document in diff backend then here the SID of that backend would come)
  BR
  Dinesh

• Association must have both source and destination ends.

  I am getting this error when trying to developer Oracle Applications framework page using ICX and FND information. I am trying to find out if there is something missing. I don't see an assocation that is missing a source or destination.

  {forum:id=210}

• Setting up a project where source and destination are different formats

  Howdy...
  I'm a recent Vegas user who is just switching over to FCP6.
  My question is this: When your source footage and destination format are two unrelated formats (for instance, HDV for source footage, Apple-TV H264 for destination), is it better to set up the project for your source footage format, or for your destination format?
  In Vegas it didn't really matter, but it was good to use the destination format because you could preview what it'd look like at the size and frame-rate that you were going to end up in.
  In FCP6, however, it seems that importing HDV into a H264 project may not work as well, becuase it wants to render the footage into the correct format before you can preview it.
  FYI: The final desitnation is my gadget podcast, http://www.neo-fight.tv, which I have shot on HDV and edited on Vegas for the past year. FCP is very new to me, but I'm enjoying learning something new.
  Let me know your thoughts...
  Best,
  Benjamin
  http://www.neo-fight.tv [The TV Show for The 'Not-So-Geeky']
  MacBook, MacPro   Mac OS X (10.4.9)  

  Hi Benjamin - Prior to fcs 2 I worked in whatever my capture format was and will still continue to do that. I plan to use ProRes now - but if I was coming from an hdv source I'd prolly opt to capture using DVCPro HD and working in that.
  "In FCP6, however, it seems that importing HDV into a H264 project may not work as well, becuase it wants to render the footage into the correct format before you can preview it."
  As far as working in .h264 is concerned and combining other formats into that I really don't know.
  h264 for me is a delivery format - so I'd opt to still work in native capture format and then transcode/convert at the end. More options ....

• Clarification about source and destination IPs for internal clients and Edge server

  I just wanted to get some clarification on the correct traffic flow between internal Lync clients and the Edge server.
  From all the diagrams I've looked at I was under the impression that if internal clients need to hit the Edge server to talk to external clients they should always do so through the Edge Internal interface which bridges to the Edge External interface and
  out to the internet.  Specifically port 3478 from the Edge AV External interface to the internal clients.
  We aren't seeing that in our environment.  When internal clients are talking to external clients we see the Edge AV External interface communicating directly with the internal client.  In fact we found this out because after the migration to Lync
  2013 external users couldn't created a AV connection to internal users on either the Lync servers.  We saw traffic on 3478 being dropped between the Edge AV External interface and the internal client.  Once we opened that port AV traffic worked.
  We never put this rule in until we introduced Lync 2013.  Lync 2010 didn't seem to require it.
  Is that the correct flow?

  I would also really love to know the outcome of this but it looks like the thread is marked as "Answered" and it is not so. 
  I've been working with a troublesome Lync deployment in which internal users are having issues sharing their desktop with external and federated users. After opening up all the 50000-59999 range for TCP/UDP on the A/V Edge external interface things are working
  much better, but we still see sporadic failures.
  It lead us to start digging into the network traffic. We see that UDP traffic on port 3478 is being routed back from the external client to the Edge A/V's external interface, inside of the DMZ's perimeter, then directly to the internal client on the internal
  network. It doesn't look like it's making a connection since the stream is so small, so I wonder if there is a design flaw in my topology?
  There are persistent static routes on the Edge server that use the internal interface to route internally directed traffic over the internal gateway. Tracert confirms the flow, but in wireshark traces, running during successful connections, UDP port 3478
  is still sending packets directly to the internal IP from Edge's A/V address. 
  We also see successfully connected sessions communicate on a different network route that we use to handle internet traffic rather than our Lync topology's route (the one defined for A/V traffic). The connection opens on ports in the 50000 range, but goes
  over a router that we have not configured for such traffic. Is that possible?
  Why is UDP traffic on 3478 trying to go directly to internal clients from external interface ?
  It sounds like it's happening elsewhere... Is this a legitimate issue to be diagnosing? Has it been observed and/or resolved by others?

• Mapping with both source and destination as flat files???

  hi I have two two flat files(large data) for example A and B.
  let us say
  A has records of format( characteres of size(5) , numbers of size(6) , characteres of size(5) )
  B has records of format( characteres of size(5) , numbers of size(6) )
  i have to map these flat files so that rocords with numbers in both files should be added where the records of characters in both files are same) and output a flat file C .
  i.e
  A(aaaaa111111bbbbb222222ccccc111111
  bbbbb111111fffff666666ddddd333333)
  B (aaaaa222222)
  output should be(aaaaa333333)
  i have created the flat file module and could able to sample A and B .
  I have also created an external table based on A and B.but the data is not been showed ih the external table.How to map this.
  Pls guide me.
  srry for being long here.
  Thanks 4 ur time.

  Sounds like your datatypes/settings are incorrect.
  To process a file (let's call it stuff.txt) with fixed length records such as the following...
  aaaaa111111bbbbb222222ccccc111111bbbbb111111fffff666666ddddd
  Here is an example tcl script. There are some variables you have to setup for the flat file module, the oracle module, the File location and project name all of which should exist before running. It will create the flat file, external table, a simple mapping from external table to flat file defined by tcl variable target_file (in same directory as the LOC_SRC_FILES, you can change this..its just for demo purposes and will write a comma separated file). Hopefully this will get you up and going with your problem...
  # Create the modules etc and set the values below, then run
  set project MY_PROJECT
  set ff_module FF
  set ff_location LOC_SRC_FILES
  set ora_module MM
  set target_file my_target_file
  OMBCC '/$OMB_CURRENT_PROJECT'
  OMBDCC
  OMBCC '$ff_module'
  OMBCREATE FLAT_FILE 'FSTUFF' SET PROPERTIES (DATA_FILE_NAME,IS_DELIMITED, RECORD_LENGTH) VALUES ('stuff.txt',0, '16') ADD RECORD 'FSTUFF'
  OMBALTER FLAT_FILE 'FSTUFF' MODIFY RECORD 'FSTUFF' ADD FIELD 'FIELDA' SET PROPERTIES (DATATYPE,START_POSITION,END_POSITION,MAXIMUM_LENGTH) VALUES ('CHAR',1,5,5)
  OMBALTER FLAT_FILE 'FSTUFF' MODIFY RECORD 'FSTUFF' ADD FIELD 'FIELDB' SET PROPERTIES (DATATYPE,START_POSITION,END_POSITION,MAXIMUM_LENGTH) VALUES ('DECIMAL EXTERNAL',6,11,6)
  OMBALTER FLAT_FILE 'FSTUFF' MODIFY RECORD 'FSTUFF' ADD FIELD 'FIELDC' SET PROPERTIES (DATATYPE,START_POSITION,END_POSITION,MAXIMUM_LENGTH) VALUES ('CHAR',12,16,5)
  OMBCC '../$ora_module'
  OMBCREATE EXTERNAL_TABLE 'FSTUFF_EXT' SET PROPERTIES(LOAD_NULLS_WHEN_MISSING_VALUES,TRIM) VALUES (1, 'RIGHT') SET REFERENCE RECORD 'FSTUFF' OF FLAT_FILE '../$ff_module/FSTUFF' DEFAULT_LOCATION '$ff_location'
  OMBCREATE MAPPING 'FILE_TO_FILE'
  OMBALTER MAPPING 'FILE_TO_FILE' ADD EXTERNAL_TABLE OPERATOR 'SOURCE_STUFF' BOUND TO EXTERNAL_TABLE 'FSTUFF_EXT'
  OMBALTER MAPPING 'FILE_TO_FILE' ADD FLAT_FILE OPERATOR 'TARGET_FILE'
  OMBALTER MAPPING 'FILE_TO_FILE' ADD CONNECTION FROM GROUP 'OUTGRP1' OF OPERATOR 'SOURCE_STUFF' TO GROUP 'INOUTGRP1' OF OPERATOR 'TARGET_FILE'
  OMBALTER MAPPING 'FILE_TO_FILE' SET PROPERTIES (GENERATION_LANGUAGE) VALUES ('PLSQL')
  OMBALTER MAPPING 'FILE_TO_FILE' MODIFY OPERATOR 'TARGET_FILE' SET PROPERTIES (TARGET_DATA_FILE_NAME) VALUES ('$target_file')
  OMBALTER MAPPING 'FILE_TO_FILE' MODIFY OPERATOR 'TARGET_FILE' SET PROPERTIES (TARGET_DATA_FILE_LOCATION) VALUES ('$ff_location')
  You can do all this in the UI, just thought it would be useful as a script for you.
  Cheers
  David