MAPPING Length max 26
Hi Guru
please i have a question about mapping. I need to map two sys like that:
the souce sys have length = 40 but the Target sys is DB and need only 26 string or Char.
source sys -
> name(40)
Target sys -
name (26)
please could tell me how i can resolve this step? I have trying with Graphical mapping like name----length = constant 40 -
if then -
name ---substring(0....26) but i have error
please could you give input!
Thanks in advance.
Hi,
Use Standard Function Substing: on that In Starting Position u put : 0
Use Number of Characters u put : 25 and click ok.
Use like this 0 counts the first character + 25 = 26
Thanks,
Satya Kumar
Edited by: SATYA KUMAR AKKARABOYANA on May 30, 2008 2:02 PM
Similar Messages
-
SCD Map Lookup Max(dim_key)
I have one scd 2 dimension STORES_DIM that works properly and the solved dim has 6 rows of each STORE_NAME for each hierarchy level and adds a corresponding unique dim key. Good
I have another mapping to load another cube. I added a Key Lookup to grab the dimension key from the STORES_DIM based on the STORE_ID (input). Then inserts that key with the data into a cube. Although the STORES_DIM is built as scd 2, for this cube load I only need 1 row for each STORE_ID.
The problem: The mapping key lookup grabs all 6 dimension keys for just 1 STORE_ID and loads 6 rows into the target cube when I only need 1 row inserted.
The question:
How to handle this so the lookup only grabs the last dim key for each STORE_ID. In sql I would do a "select max(dimension_key) from STORES_DIM where STORE_ID = SOURCE_STORE_ID". Or is there another operator to use for this instead of key lookup?
Thanks for the assistance!!Hello RMomaha,
let your key lookup point to the dimension STORES_DIM (lookup-tab) and select "Use the most current record" (Type2 History Lookup-tab). This option returns the current record that corresponds to the attribute being looked up using the lookup condition. The current record is the one with the latest timestamp.
Regards
jwehner -
Reg: Value Mapping - Recommended Max Entries/Size
Hi,
Just curious to know if there is any recommendation on the max number of entries stored and retrieved in a Value Maps.
Is it suitable for storing entries in order of 5000 or 10000. Also is it effecient for retrieval from such a big Map.
Since it is stored in Java Cache, is there any limitation on the size (Number of Entries).
Anticipating your valuable inputs.
Thanks,
Sudharshan N AHi
There will be performance problem if more entries are used in Value mapping.
Value mapping replication will be better choice for huge records.
Regards
Abhijit -
Hi All,
I am writing a report (not a dynpro UI) using following code
selection-screen begin of block b1 with frame title block1.
select-options: swcv for p_string.
select-options: namespce for p_string.
selection-screen end of block b1.
parameters: srvintfc as checkbox default 'X'.
parameters: datatype as checkbox default space.
The fields name shown on the UI can't be greater than 8. Is there a way to over come this problem (and also not use dynpro UI)?
Also, I am using this
selection-screen begin of block b1 with frame title block1.
here block1 is somehow a variable. I am not able to see the text stored in it on the UI. Do I need to used some other way?
Please guide.
Regards,
Arpit
Edited by: Arpit Goyal on Jul 8, 2009 12:19 PMHi,
As for first quesiton - NO , you can't create parameter whose name exceeds 8 chars. This is SAP internal restriction.
As for second simply use
selection-screen begin of block b1 with frame title text-001. "use text symbols
Double click text-001 and enter text for it. You can also transalte it using menu entry Go to->translation . Activate it and go back to program. Now you have text displayed for this frame in logon language.
Regards
Marcin -
Issue in data Extraction , Source tables having columns wth lengthe 60
Hi BI Experts ,
Here I have a issue while extracting the data from Oracle tables. I encountered some columns for which the length of character stream is more than 60 , some where around 200 to 300 , for example : Reason for some action , Comments , discription .
I am not able to to treat them as master data text since these fileds are coming with the Transaction data . In SAP BI we can have the data type CHAR with length max to 60 . Now how can I deal this situation in a better way ??
Could you please come up with your ideas .
Expecting interesting solutions
AnuragHello Charan,
first check this Blog:
http://www.sdn.sap.com/irj/scn/weblogs;jsessionid=(J2EE3417800)ID0294722750DB10878770002327649734End?blog=/pub/wlg/3705
It may helps already.
Anouter methode is to report from PSA Tables. But here no How-to is available.
Br.
Joerg -
Please help: need to set max numer of characters in JFormattedTextField!!!
Hi there,
We use JFormattedTextFields, initializing them via the constructor JFormattedTextFields(Format), where we specify a DateFormat or Numberformat (allowing either integers or decimal numbers). This works fine, the problem now is that we need to specify a format to the JFormattedTextField that allows only for a fixed number of string characters.
Can this be done via the Format class?? Seems to be a complicated task to subclass the Format class, maybe one could use the MessageFormat class...
Please, answer if you know of some whay to do this using the Format class (would not want to change our JFormattedTextField/Format based framework).
Best regards,
ACYou can try something like this:
public class FormattedText extends myJTextField {
int Max;
public FormattedText(int Max) {
super();
this.Max=Max;
protected Document createDefaultModel() {
return new FormattedDocument();
protected class FormattedDocument extends PlainDocument {
public void insertString(int offs, String str, AttributeSet a) throws BadLocationException {
int j;
int i=getLength();
String currentText=getText(0,i);
String beforeOffset=currentText.substring(0,offs);
String afterOffset=currentText.substring(offs,currentText.length());
String proposedResult=beforeOffset+str+afterOffset;
if (proposedResult.length()>Max) {
if (str.length()==1) return; // input too long
i=(int)(Max-i);
if (i<1) return; // nothing we can do
str=str.substring(0,i); // take as many characters as we can (otherwise we end up with a blank)
super.insertString(offs,str,a);
};o)
V.V. -
I am trying to set my legend names to a string longer then 29 charters but can not. If I try to set it to a string larger then 29 I get a Runtime error that the attribute value passed is not a valid value but do not get the error if the string is 29 charters or less. I have set the ATTR_LEGEND_AUTO_SIZE to 1 and manualy set the legend to a larger size but my text length max still is on 29. Is there a way to set the Max Text length in the legend to something larger?
TokarzJ wrote:
I am trying to set my legend names to a string longer then 29 charters but can not. If I try to set it to a string larger then 29 I get a Runtime error that the attribute value passed is not a valid value but do not get the error if the string is 29 charters or less. I have set the ATTR_LEGEND_AUTO_SIZE to 1 and manualy set the legend to a larger size but my text length max still is on 29. Is there a way to set the Max Text length in the legend to something larger?
Doesn't that property determine how many names are listed in the legend?
I can get more than that when I tried a chart in LV 8.6.
Plase post an example that demonstrates this issue.
Just trying to help,
Ben
Ben Rayner
I am currently active on.. MainStream Preppers
Rayner's Ridge is under construction -
How to increase the length of selection texts
Hi to all..
please do a favour......
My problem is ,I am not able to enter long text in SELECTION TEXTS after certain length ,but we need long texts .So what I have to do to enter long texts..
plz respondHi Suribabu,
In SE63 We can increase the length of the text.
There is one option called Praposal,Edit Icon, There you can increase the length Max 255(see the Data element LXEUNITLIN) of the selection text.
Regards
Bhavani -
Can we increase the length of a IO to more than 60?
Hi Experts,
I want have a requirement where in the incomming data for a particular IO is more than 60 in length. In order to mapp it in BW we have to increase the length of the IO to 80.
But, the problem is the standard is only 60 length max.
I want to know is there a way we can increase the length of the IO?
Your help is much appreciated.
Regards
BNHi,
Have a look at this thread
Maximum length of the long text is 60
Regards,
Amruth -
System description
1. Oracle BI Standard Edition One (OWB 10.2 + Oracle Std. Ed. One 10.1)
2. Windows Server 2003 R2
3. Oracle 9.2 (External server)
Problem description
We have a database Oracle 9.2 as a source database module in our Oracle Warehouse Builder repository.
Also we have as a target database, the Oracle Standard Ed. One database.
We have defined a ETL mapping on our repository in which we have mapped some columns from a table of the
source module (oracle 9.2) to a table on our repository. One of these columns has the type VARCHAR2(60).
The same type is defined on the target table in our target module in the repository.
After validating and deploying the mapping, we obtain a critical error when we are trying to execute the
mapping, the problem is that the length of the VARCHAR2(60) mapping on the source database is 60 bytes
but when the OWB tries to transfer the data, it thinks that is 60 characters and has only 60 bytes of space,
so the 60 characters do not fit in the target column.
Possible solution
We have found the parameter NLS_LENGTH_SEMANTICS which allows you to specify the length of a column
datatype in terms of CHARacters rather than in terms of BYTEs.
Question
Is it possible to alter the parameter NLS_LENGTH_SEMANTICS or there is another workaround to solve this
issue without changing the DDL on the target module or increasing the target data type to 120 bytes?
Thanks in advanceHello and thanks for the answer, my problem is that I don't want neither truncate my information nor increase the column map length in order to read the whole information. I would like to have a mapping and forget that maybe the information does not fit... But because the source database and target database are not the same, they have different settings, the problem is still there.
Any other solution that not imply losing information?
Thanks again. -
hi,
I tried creating an array of hash maps in my application .
but it continued to give me problem
can any of u help me in this regard.
thank youint SIZE=...;
HashMap[] maps=new HashMap[SIZE];
for(int i=0; i<maps.length; i++){
maps=new HashMap();
Gil
Or, for a purposely misleading solution...int SIZE=...;
HashMap[] maps = new HashMap[SIZE];
java.util.Arrays.fill(maps, new HashMap()); -
Putting A Layer Over Drawing Canvas - Tile Map
I want to make it so that a layer will be above the map when its drawn.
Like I want a layer over this, cause im making a menu for the game, but the game is above the layer.
var tiles:Object = new Object({width:52, height:26}); // The size of the 'flat' tile. Tiles are allowed to be different dimentions, to give the '3D' effect.
var offset:Object = new Object({x:130, y:100}); // This object helps center the 'hero' to the stage.
var hero:Object = new Object({x:1, y:5}); // The starting position of the 'hero'
var canvas:Object = new Object({mc:_root.createEmptyMovieClip("canvas", _root.getNextHighestDepth())}); // Contains the primary movie clip and map information.
canvas.map = new Array( // Dictates the topography of the environment
// The reason I decided to to use 200 for walls and 100 for ground is to leave
// the option open add more tiles, such as 86 for another type of tile that is
// walkable. Since the collision detection code checks to see if the tile is
// less then 200 (less is walkable, 200 or above is not), there is no need to change
// the code toenable new tiles, simply name them a number between 0 and 200.
new Array(200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200,200),
new Array(200,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,200),
new Array(200,100,100,100,100,100,100,100,100,100,100,100,193,196,196,196,196,189,100,200),
new Array(200,100,100,100,100,100,100,100,100,100,100,100,194,187,182,182,179,190,100,200),
new Array(200,100,100,199,199,199,199,199,199,199,199,199,199,186,183,183,180,190,100,200),
new Array(201,199,199,199,100,100,100,100,100,100,100,100,194,186,183,183,180,190,100,200),
new Array(200,100,100,100,100,100,100,100,100,100,100,100,194,186,183,183,180,190,100,200),
new Array(200,100,100,100,100,100,100,100,100,100,100,100,194,186,183,183,180,190,100,200),
new Array(200,100,100,100,100,100,100,100,100,100,100,100,194,185,181,181,178,190,100,200),
new Array(200,100,100,100,100,100,100,100,100,100,100,100,192,195,195,195,195,188,100,200),
new Array(200,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,100,200),
new Array(200,100,100,100,100,100,200,200,200,200,200,200,200,200,200,200,200,200,200,200),
new Array(200,200,200,200,200,200,200)
_root.onLoad = function():Void
initmap(canvas.map); // Draw the map
initplayer(); // Draw the player
return;
_root.onEnterFrame = function():Void
input(); // Handle keyboard movement
return;
function input():Void // Modifies the 'hero' object, handles collision detection ('hero' and wall)
// Any tile less then 200 is walkable, anything above is not.
// No need to change this code handle more tiles, just name the tiles a number.
// (not the best way to do this but simple, quick, and easy to do)
if(Key.isDown(Key.LEFT) && canvas.map[hero.y - 1][hero.x] < 200) hero.y--;
else if(Key.isDown(Key.RIGHT) && canvas.map[hero.y + 1][hero.x] < 200) hero.y++;
else if(Key.isDown(Key.UP) && canvas.map[hero.y][hero.x - 1] < 200) hero.x--;
else if(Key.isDown(Key.DOWN) && canvas.map[hero.y][hero.x + 1] < 200) hero.x++;
move();
return;
function move():Void // Moves the background and the hero
// These three lines handle swapping the tile depths to give the '3D' effect
var d:Number = (hero.y * tiles.height) + (hero.x * tiles.width) + hero.y;
hero.mc.swapDepths(d);
canvas.mc["tile_" + hero.y + "_" + hero.x].swapDepths(d - 1);
// Move the hero in the opposite direction the environment moves
hero.mc._x = (tiles.width / 2) * (hero.y - hero.x) + offset.x;
hero.mc._y = (tiles.height / 2) * (hero.y + hero.x) + offset.y;
// Move the environment
canvas.mc._x = (tiles.width / 2) * (-hero.y - -hero.x) + offset.x;
canvas.mc._y = (tiles.height / 2) * (-hero.y + -hero.x) + offset.y;
return;
function initplayer():Void // Self-expalanatory
var d:Number = (hero.y * tiles.height) + (hero.x * tiles.width) + hero.y;
hero.mc = canvas.mc.attachMovie("hero", "hero_mc", d + 1, {_x:hero.x * tiles.width, _y:hero.y * tiles.height});
move();
return;
function initmap(map:Array):Void // Render map
var map_height:Number = map.length; // Determine height of the map
var map_width:Number = map[0].length; // Determine width of the map
for(var y = 0; y < map_height; y++)
for(var x = 0; x < map_width; x++)
// Movieclip depth is everything when doing an isometric game
var depth:Number = (y * tiles.height) + (x * tiles.width) + y;
// Attach tile to 'canvas'
var tile:MovieClip = canvas.mc.attachMovie("tile" + map[y][x], "tile_" + y + "_" + x, depth);
tile._x = (tiles.width / 2) * (y - x) + offset.x;
tile._y = (tiles.height / 2) * (y + x) + offset.y;
return;there are no layers when your fla is published (or tested). all displayobjects are assigned depths based on code used to assign depths and compiler code that assigns depths to objects you place on-stage in the authoring environment.
all objects placed on-stage in the authoring environment are placed at negative depths starting with about -16,380. that's why your menu (which is probably added to some layer in the authoring environment is below the movieclip you placed at nextHighestDepth() (which adds to no depth less than zero)
to change a movieclip's depth use the swapDepths() method of movieclips. -
Geographical map not zooming in properly.
I have two regions on my UI page R1 and R2. R1 has table containing all locations rows. R2 has geographical map displaying these locations on map. Both the components are sharing/using same data control. Now not all locations in R1 will have corresponding longitude and latitude values so it will be null for those locations. For geo map I have specified autozoomthemeid as theme id so that map should zoom in automatically to display all the locations on map to max zoom level.
But here its not zooming in to the max level. It is zooming to level to display only few of the locations. When I manually zoom out I can still see other locations on map. What could be possible reason for this? Is there any way I can make map component skip those locations which doesn't have corresponding longitude or latitude value.yes in this case I get a following error message on log.
DVT-26016: theme LocationMapPointTheme cannot be displayed: no latitude data at row 1
And I cant see any locations on map. So In order to avoid this situation I am specifying NVL(AddressDEO.GEOMETRY.SDO_POINT.X,200) AS LOC_LONGITUDE,NVL(AddressDEO.GEOMETRY.SDO_POINT.Y,200) AS LOC_LATITUDE in vo attribute expression. Though this is not throwing any exceptions but map zoom level is not appropriate to see all the points on map. -
HELP Setting Max Characters? Designer 7.0
I don't know if this is possible but for text boxes, instead of checking/setting the "Limit Length" "Max Chars: xxx", I want to limit the text to the size of the text box, not by the number of charcters. Help please...
It is right underneeth "Limit Length" "Max Chars: xxx" check box in Object pallet>>>>Field tab.
Hope that helps..... -
Problem with traffic over Remote Access VPN (Cisco ASA5505)
Hi
I've changed the VPN IP pool on a previously functioning VPN setup on a Cisco ASA5505, I've updated IP addresses everywhere it seemed appropriate, but now the VPN is no longer working. I am testing with a Cisco IPSec client, but the same happens with the AnyConnect client. Clients connect, but cannot access resources on the LAN. Split tunneling also doesn't work, internet is not accessible once VPN is connected.
I found a NAT exempt rule to not be correctly specified, but after fixing this, the problem still persists.
: Saved:ASA Version 8.2(1) !hostname ciscoasadomain-name our-domain.comenable password xxxxxxxx encryptedpasswd xxxxxxxx encryptednamesname 172.17.1.0 remote-vpn!interface Vlan1 nameif inside security-level 100 ip address 10.1.1.2 255.0.0.0 !interface Vlan2 nameif outside security-level 0 pppoe client vpdn group adslrealm ip address pppoe setroute !interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!ftp mode passiveclock timezone SAST 2dns domain-lookup insidedns domain-lookup outsidedns server-group DefaultDNS name-server 10.1.1.138 name-server 10.1.1.54 domain-name our-domain.comsame-security-traffic permit inter-interfacesame-security-traffic permit intra-interfaceobject-group network utobject-group protocol TCPUDP protocol-object udp protocol-object tcpaccess-list no_nat extended permit ip 10.0.0.0 255.0.0.0 remote-vpn 255.255.255.0 access-list split-tunnel standard permit 10.0.0.0 255.0.0.0 access-list outside_access_in extended permit tcp any interface outside eq https access-list outside_access_in extended permit tcp any interface outside eq 5061 access-list outside_access_in extended permit tcp any interface outside eq 51413 access-list outside_access_in extended permit udp any interface outside eq 51413 access-list outside_access_in extended permit tcp any interface outside eq 2121 access-list outside_access_in extended permit udp any interface outside eq 2121 access-list inside_access_out extended deny ip any 64.34.106.0 255.255.255.0 access-list inside_access_out extended deny ip any 69.25.20.0 255.255.255.0 access-list inside_access_out extended deny ip any 69.25.21.0 255.255.255.0 access-list inside_access_out extended deny ip any 72.5.76.0 255.255.255.0 access-list inside_access_out extended deny ip any 72.5.77.0 255.255.255.0 access-list inside_access_out extended deny ip any 216.52.0.0 255.255.0.0 access-list inside_access_out extended deny ip any 74.201.0.0 255.255.0.0 access-list inside_access_out extended deny ip any 64.94.0.0 255.255.0.0 access-list inside_access_out extended deny ip any 69.25.0.0 255.255.0.0 access-list inside_access_out extended deny tcp any any eq 12975 access-list inside_access_out extended deny tcp any any eq 32976 access-list inside_access_out extended deny tcp any any eq 17771 access-list inside_access_out extended deny udp any any eq 17771 access-list inside_access_out extended permit ip any any pager lines 24logging enablelogging asdm informationalmtu inside 1500mtu outside 1500ip local pool VPNPool 172.17.1.1-172.17.1.254icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp timeout 14400global (outside) 1 interfacenat (inside) 0 access-list no_natnat (inside) 1 10.0.0.0 255.0.0.0static (inside,outside) tcp interface 5061 10.1.1.157 5061 netmask 255.255.255.255 static (inside,outside) tcp interface https 10.1.1.157 4443 netmask 255.255.255.255 static (inside,outside) tcp interface 51413 10.1.1.25 51413 netmask 255.255.255.255 static (inside,outside) udp interface 51413 10.1.1.25 51413 netmask 255.255.255.255 static (inside,outside) tcp interface 2121 10.1.1.25 2121 netmask 255.255.255.255 static (inside,outside) udp interface 2121 10.1.1.25 2121 netmask 255.255.255.255 access-group outside_access_in in interface outsidetimeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00dynamic-access-policy-record DfltAccessPolicyaaa-server AD protocol ldapaaa-server AD (inside) host 10.1.1.138 ldap-base-dn dc=our-domain,dc=com ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password * ldap-login-dn cn=ciscoasa,cn=Users,dc=ourdomain,dc=com server-type auto-detectaaa authentication ssh console AD LOCALaaa authentication telnet console LOCAL http server enable 4343http 0.0.0.0 0.0.0.0 outsidehttp 10.0.0.0 255.0.0.0 insidehttp remote-vpn 255.255.255.0 insidesnmp-server host inside 10.1.1.190 community oursnmpsnmp-server host inside 10.1.1.44 community oursnmpno snmp-server locationno snmp-server contactsnmp-server community *****snmp-server enable traps snmp authentication linkup linkdown coldstartcrypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set FirstSet esp-3des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800crypto ipsec security-association lifetime kilobytes 4608000crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5crypto dynamic-map dyn1 1 set transform-set FirstSetcrypto dynamic-map dyn1 1 set reverse-routecrypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAPcrypto map mymap 1 ipsec-isakmp dynamic dyn1crypto map mymap interface outsidecrypto ca trustpoint ASDM_TrustPoint0 enrollment self subject-name CN=ciscoasa crl configurecrypto ca trustpoint CA1 revocation-check crl none enrollment retry period 5 enrollment terminal fqdn ciscoasa.our-domain.com subject-name CN=ciscoasa.our-domain.com, OU=Department, O=Company, C=US, St=New York, L=New York keypair ciscoasa.key crl configurecrypto ca certificate chain ASDM_TrustPoint0 certificate xxxxxxx ... quitcrypto ca certificate chain CA1 certificate xxxxxxxxxxxxxx ... quit certificate ca xxxxxxxxxxxxx ... quitcrypto isakmp enable outsidecrypto isakmp policy 1 authentication rsa-sig encryption 3des hash md5 group 2 lifetime 86400crypto isakmp policy 5 authentication pre-share encryption 3des hash sha group 2 lifetime 86400crypto isakmp policy 10 authentication pre-share encryption des hash sha group 2 lifetime 86400ssh 10.0.0.0 255.0.0.0 insidessh timeout 5console timeout 0vpdn group adslrealm request dialout pppoevpdn group adslrealm localname username6@adslrealmvpdn group adslrealm ppp authentication papvpdn username username6@adslrealm password ********* store-localvpdn username username@adsl-u password ********* store-localvpdn username username2@adslrealm password ********* dhcpd auto_config outside!threat-detection basic-threatthreat-detection scanning-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptntp server x.x.x.x source outsidessl trust-point ASDM_TrustPoint0 outsidewebvpn port 4343 enable outside svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1 svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2 svc image disk0:/anyconnect-linux-2.5.2014-k9.pkg 3 svc enablegroup-policy defaultgroup internalgroup-policy defaultgroup attributes dns-server value 10.1.1.138 10.1.1.54 split-tunnel-policy tunnelspecified split-tunnel-network-list value split-tunnel default-domain value our-domain.comgroup-policy DfltGrpPolicy attributes dns-server value 10.1.1.138 10.1.1.54 vpn-tunnel-protocol IPSec l2tp-ipsec svc split-tunnel-policy tunnelspecified split-tunnel-network-list value split-tunnel address-pools value VPNPool webvpn svc ask none default svcusername person1 password xxxxxxx encryptedusername admin password xxxxxxxx encrypted privilege 15username person2 password xxxxxxxxx encryptedusername person3 password xxxxxxxxxx encryptedtunnel-group DefaultRAGroup general-attributes address-pool VPNPool default-group-policy defaultgrouptunnel-group DefaultRAGroup ipsec-attributes trust-point CA1tunnel-group OurCompany type remote-accesstunnel-group OurCompany general-attributes address-pool VPNPooltunnel-group OurCompany webvpn-attributes group-alias OurCompany enable group-url https://x.x.x.x/OurCompany enabletunnel-group OurIPSEC type remote-accesstunnel-group OurIPSEC general-attributes address-pool VPNPool default-group-policy defaultgrouptunnel-group OurIPSEC ipsec-attributes pre-shared-key * trust-point CA1!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters message-length maximum 512policy-map type inspect sip sip-map parameters max-forwards-validation action drop log state-checking action drop log rtp-conformance policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect netbios inspect tftp inspect icmp inspect pptp inspect sip sip-map ! service-policy global_policy globalprompt hostname context Cryptochecksum:xxxxxxxxxxxxxxxxx: end
I've checked all the debug logs I could think of and tried various troubleshooting steps. Any ideas?
Regards
LionelHi
The bulk of the devices are not even routing through the ASA, internal devices such as IP phones, printers, etc. There is also large wastage of IP addresses which needs to be sorted out at some stage.
Outside IP address is 196.215.40.160. The DSL modem is configured as an LLC bridge.
Here are the debug logs when connecting if this helps at all. Nothing is logged when a connection is attempted though.
Regards
Lionel
Oct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 765Oct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing SA payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing ke payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing ISA_KE payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing nonce payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing ID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received Fragmentation VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, IKE Peer included IKE fragmentation capability flags: Main Mode: True Aggressive Mode: FalseOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received NAT-Traversal RFC VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received NAT-Traversal ver 03 VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received NAT-Traversal ver 02 VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received xauth V6 VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received Cisco Unity client VIDOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, processing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: IP = 197.79.9.227, Received DPD VIDOct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, Connection landed on tunnel_group OurIPSECOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing IKE SA payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, IKE SA Proposal # 1, Transform # 5 acceptable Matches global IKE entry # 2Oct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing ISAKMP SA payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing ke payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing nonce payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Generating keys for Responder...Oct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing ID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing hash payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Computing hash for ISAKMPOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing Cisco Unity VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing xauth V6 VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing dpd vid payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing NAT-Traversal VID ver 02 payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing Fragmentation VID + extended capabilities payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing VID payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Send Altiga/Cisco VPN3000/Cisco ASA GW VIDOct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=0) with payloads : HDR + SA (1) + KE (4) + NONCE (10) + ID (5) + HASH (8) + VENDOR (13) + VENDOR (13) + VENDOR (13) + VENDOR (13) + NAT-D (130) + NAT-D (130) + VENDOR (13) + VENDOR (13) + NONE (0) total length : 436Oct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=0) with payloads : HDR + HASH (8) + NAT-D (130) + NAT-D (130) + NOTIFY (11) + NONE (0) total length : 128Oct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing hash payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Computing hash for ISAKMPOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing NAT-Discovery payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, computing NAT Discovery hashOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, processing notify payloadOct 15 17:08:51 [IKEv1]: Group = OurIPSEC, IP = 197.79.9.227, Automatic NAT Detection Status: Remote end IS behind a NAT device This end IS behind a NAT deviceOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:08:51 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:08:51 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=b8b02705) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 72Oct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=b8b02705) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 88Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, process_attr(): Enter!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, IP = 197.79.9.227, Processing MODE_CFG Reply attributes.Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: primary DNS = 10.1.1.138Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: secondary DNS = 10.1.1.54Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: primary WINS = clearedOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: secondary WINS = clearedOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: split tunneling list = split-tunnelOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: default domain = our-domain.comOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: IP Compression = disabledOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: Split Tunneling Policy = Split NetworkOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: Browser Proxy Setting = no-modifyOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKEGetUserAttributes: Browser Proxy Bypass Local = disableOct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, User (person2) authenticated.Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=a2171c19) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64Oct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=a2171c19) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 64Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, process_attr(): Enter!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Processing cfg ACK attributesOct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=3257625f) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 164Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, process_attr(): Enter!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Processing cfg Request attributesOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for IPV4 address!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for IPV4 net mask!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for DNS server address!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for WINS server address!Oct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Received unsupported transaction mode attribute: 5Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Application Version!Oct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Client Type: iPhone OS Client Application Version: 7.0.2Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Banner!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Default Domain Name!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Split DNS!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Split Tunnel List!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Local LAN Include!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for PFS setting!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Save PW setting!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for FWTYPE!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for backup ip-sec peer list!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, MODE_CFG: Received request for Client Browser Proxy Setting!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Obtained IP addr (172.17.1.1) prior to initiating Mode Cfg (XAuth enabled)Oct 15 17:09:02 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Assigned private IP address 172.17.1.1 to remote userOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, construct_cfg_set: default domain = our-domain.comOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Send Client Browser Proxy Attributes!Oct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Browser Proxy set to No-Modify. Browser Proxy data will NOT be included in the mode-cfg replyOct 15 17:09:02 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:09:02 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=3257625f) with payloads : HDR + HASH (8) + ATTR (14) + NONE (0) total length : 210Oct 15 17:09:03 [IKEv1 DECODE]: IP = 197.79.9.227, IKE Responder starting QM: msg id = c9359d2eOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Delay Quick Mode processing, Cert/Trans Exch/RM DSID in progressOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Resume Quick Mode processing, Cert/Trans Exch/RM DSID completedOct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, PHASE 1 COMPLETEDOct 15 17:09:03 [IKEv1]: IP = 197.79.9.227, Keep-alive type for this connection: DPDOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Starting P1 rekey timer: 3420 seconds.Oct 15 17:09:03 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=c9359d2e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 284Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing hash payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing SA payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing nonce payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing ID payloadOct 15 17:09:03 [IKEv1 DECODE]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, ID_IPV4_ADDR ID received172.17.1.1Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Received remote Proxy Host data in ID Payload: Address 172.17.1.1, Protocol 0, Port 0Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing ID payloadOct 15 17:09:03 [IKEv1 DECODE]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, ID_IPV4_ADDR_SUBNET ID received--10.0.0.0--255.0.0.0Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Received local IP Proxy Subnet data in ID Payload: Address 10.0.0.0, Mask 255.0.0.0, Protocol 0, Port 0Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, QM IsRekeyed old sa not found by addrOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Selecting only UDP-Encapsulated-Tunnel and UDP-Encapsulated-Transport modes defined by NAT-TraversalOct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE Remote Peer configured for crypto map: dyn1Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing IPSec SA payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IPSec SA Proposal # 1, Transform # 6 acceptable Matches global IPSec SA entry # 1Oct 15 17:09:03 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE: requesting SPI!IPSEC: New embryonic SA created @ 0xCB809F40, SCB: 0xC9613DB0, Direction: inbound SPI : 0x96A6C295 Session ID: 0x0001D000 VPIF num : 0x00000002 Tunnel type: ra Protocol : esp Lifetime : 240 secondsOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE got SPI from key engine: SPI = 0x96a6c295Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, oakley constucting quick modeOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing blank hash payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing IPSec SA payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing IPSec nonce payloadOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing proxy IDOct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Transmitting Proxy Id: Remote host: 172.17.1.1 Protocol 0 Port 0 Local subnet: 10.0.0.0 mask 255.0.0.0 Protocol 0 Port 0Oct 15 17:09:03 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, constructing qm hash payloadOct 15 17:09:03 [IKEv1 DECODE]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE Responder sending 2nd QM pkt: msg id = c9359d2eOct 15 17:09:03 [IKEv1]: IP = 197.79.9.227, IKE_DECODE SENDING Message (msgid=c9359d2e) with payloads : HDR + HASH (8) + SA (1) + NONCE (10) + ID (5) + ID (5) + NONE (0) total length : 152Oct 15 17:09:06 [IKEv1]: IP = 197.79.9.227, IKE_DECODE RECEIVED Message (msgid=c9359d2e) with payloads : HDR + HASH (8) + NONE (0) total length : 52Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, processing hash payloadOct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, loading all IPSEC SAsOct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Generating Quick Mode Key!Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, NP encrypt rule look up for crypto map dyn1 1 matching ACL Unknown: returned cs_id=c9f22e78; rule=00000000Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Generating Quick Mode Key!Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, NP encrypt rule look up for crypto map dyn1 1 matching ACL Unknown: returned cs_id=c9f22e78; rule=00000000Oct 15 17:09:06 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Security negotiation complete for User (person2) Responder, Inbound SPI = 0x96a6c295, Outbound SPI = 0x09e97594IPSEC: New embryonic SA created @ 0xCB8F7418, SCB: 0xC9F6DD30, Direction: outbound SPI : 0x09E97594 Session ID: 0x0001D000 VPIF num : 0x00000002 Tunnel type: ra Protocol : esp Lifetime : 240 secondsIPSEC: Completed host OBSA update, SPI 0x09E97594IPSEC: Creating outbound VPN context, SPI 0x09E97594 Flags: 0x00000025 SA : 0xCB8F7418 SPI : 0x09E97594 MTU : 1492 bytes VCID : 0x00000000 Peer : 0x00000000 SCB : 0x99890723 Channel: 0xC6691360IPSEC: Completed outbound VPN context, SPI 0x09E97594 VPN handle: 0x001E7FCCIPSEC: New outbound encrypt rule, SPI 0x09E97594 Src addr: 10.0.0.0 Src mask: 255.0.0.0 Dst addr: 172.17.1.1 Dst mask: 255.255.255.255 Src ports Upper: 0 Lower: 0 Op : ignore Dst ports Upper: 0 Lower: 0 Op : ignore Protocol: 0 Use protocol: false SPI: 0x00000000 Use SPI: falseIPSEC: Completed outbound encrypt rule, SPI 0x09E97594 Rule ID: 0xCB5483E8IPSEC: New outbound permit rule, SPI 0x09E97594 Src addr: 196.215.40.160 Src mask: 255.255.255.255 Dst addr: 197.79.9.227 Dst mask: 255.255.255.255 Src ports Upper: 4500 Lower: 4500 Op : equal Dst ports Upper: 41593 Lower: 41593 Op : equal Protocol: 17 Use protocol: true SPI: 0x00000000 Use SPI: falseIPSEC: Completed outbound permit rule, SPI 0x09E97594 Rule ID: 0xC9242228Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, IKE got a KEY_ADD msg for SA: SPI = 0x09e97594IPSEC: Completed host IBSA update, SPI 0x96A6C295IPSEC: Creating inbound VPN context, SPI 0x96A6C295 Flags: 0x00000026 SA : 0xCB809F40 SPI : 0x96A6C295 MTU : 0 bytes VCID : 0x00000000 Peer : 0x001E7FCC SCB : 0x985C5DA5 Channel: 0xC6691360IPSEC: Completed inbound VPN context, SPI 0x96A6C295 VPN handle: 0x0020190CIPSEC: Updating outbound VPN context 0x001E7FCC, SPI 0x09E97594 Flags: 0x00000025 SA : 0xCB8F7418 SPI : 0x09E97594 MTU : 1492 bytes VCID : 0x00000000 Peer : 0x0020190C SCB : 0x99890723 Channel: 0xC6691360IPSEC: Completed outbound VPN context, SPI 0x09E97594 VPN handle: 0x001E7FCCIPSEC: Completed outbound inner rule, SPI 0x09E97594 Rule ID: 0xCB5483E8IPSEC: Completed outbound outer SPD rule, SPI 0x09E97594 Rule ID: 0xC9242228IPSEC: New inbound tunnel flow rule, SPI 0x96A6C295 Src addr: 172.17.1.1 Src mask: 255.255.255.255 Dst addr: 10.0.0.0 Dst mask: 255.0.0.0 Src ports Upper: 0 Lower: 0 Op : ignore Dst ports Upper: 0 Lower: 0 Op : ignore Protocol: 0 Use protocol: false SPI: 0x00000000 Use SPI: falseIPSEC: Completed inbound tunnel flow rule, SPI 0x96A6C295 Rule ID: 0xCB7CFCC8IPSEC: New inbound decrypt rule, SPI 0x96A6C295 Src addr: 197.79.9.227 Src mask: 255.255.255.255 Dst addr: 196.215.40.160 Dst mask: 255.255.255.255 Src ports Upper: 41593 Lower: 41593 Op : equal Dst ports Upper: 4500 Lower: 4500 Op : equal Protocol: 17 Use protocol: true SPI: 0x00000000 Use SPI: falseIPSEC: Completed inbound decrypt rule, SPI 0x96A6C295 Rule ID: 0xCB9BF828IPSEC: New inbound permit rule, SPI 0x96A6C295 Src addr: 197.79.9.227 Src mask: 255.255.255.255 Dst addr: 196.215.40.160 Dst mask: 255.255.255.255 Src ports Upper: 41593 Lower: 41593 Op : equal Dst ports Upper: 4500 Lower: 4500 Op : equal Protocol: 17 Use protocol: true SPI: 0x00000000 Use SPI: falseIPSEC: Completed inbound permit rule, SPI 0x96A6C295 Rule ID: 0xCBA7C740Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Pitcher: received KEY_UPDATE, spi 0x96a6c295Oct 15 17:09:06 [IKEv1 DEBUG]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Starting P2 rekey timer: 3417 seconds.Oct 15 17:09:06 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, Adding static route for client address: 172.17.1.1 Oct 15 17:09:06 [IKEv1]: Group = OurIPSEC, Username = person2, IP = 197.79.9.227, PHASE 2 COMPLETED (msgid=c9359d2e)
Maybe you are looking for
-
Advanced Property Editor still pops up, how do I disable it?
I've had this problem for a very long time and I'm sick of it; the Advanced Property Editor still pops up! I've tried all these previously: * Safe mode (no add-ons present) * New profile * Change mouse several times (seriously, this is NOT the issue)
-
EMail report in HTML format in Background
Hi all, We have a report which sends the output in HTML format to the internet email address. We use the function module SO_NEW_DOCUMENT_ATT_SEND_API1 for doing this. When we are executing this in foreground the entire output is available in the HTML
-
How is the new iPod Update?
hi there... this morning i woke up and found out there is a new iPod updater... i have some converted videos into iPod format... i wonder they might cause a problem or be in conflict with the new iPod update... any ideas???
-
cant we buy on the itunes store HD Movies? I cant find any! And by the way, does the movies come with the option of adding subtitles? my first language aint english and i really need AT LEAST english subtitles. somebody help!
-
Hi, I am using NI PCI-5640R. Following FPGA Base Clocks are available to me: (1) Configuration_Clk (2) RTSI_Ref_Clk (3) DAC_0_IQ_Clk (4) DAC_1_IQ_Clk (5) ADC_0_Port_A_Clk (6) ADC_1_Port_A_Clk Can anyone help me with brief description