Mars upgrade from 5.3.2 to 6.0.1
Hi all
I have mars version 5.3.2 and I need to upgarde it to the version 6.0.1 to be supported with CSM 3.2.1
My questions:
1- Is Mars 5.3.2 not supported on CSM 3.2.1?
2- Can I upgrade from 5.3.2 to 6.0.1 directly?
3- How to upgrade? steps please.
Thanks on advance,
If Gen 2 is running a version other than 5.3.6, upgrade to 6.0.1 is not supported. You should upgrade from earlier versions of 5.x to 5.3.6. See the Release Notes for Cisco Security MARS Appliance version 6.0.1 for upgrade procedure.
Upgrade from 5.3.6 to 6.0.1. For details on upgrading from 5.x to 6.0.1, see the Release Notes for Cisco Security MARS Appliance version 6.0.1.
Similar Messages
-
After MAR upgrade from 4.0 - 7.0 login to ars_db fails
Hi,
After MAR upgrade from 4.0 -> 7.0 login to ars_db fails with the message "inconsistent database structure". For me it is a bit weired to do the ars_db upgrade to 7.0 SP4 and then start the transport agent which is still in the 4.0 level but this is the way it is described in the upgrade guide in order to delete Blobs after MAR upgrade.
Is the guide here inconsistent? Don't we have to upgrade the tools and services first before deleting Blobs?
Did anyone experience similar issues?
Regards
WhityHello Whity
After upgrading the MAR,To upgrade the MRS Tools and Services follow the steps below:
1. Stop and uninstall the 4.0 Transport Agent Service. Use the Transport Installer to
uninstall the above services.
2. If you are not able to uninstall the TA, uninstall the service manually using the following command sc delete [service name]
.Also check that there are no entry for that service at the registry location HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
3. On your local copy of the Upgrade DVD open the folder Mobile_Client_Upgrade\UpgradePurposeOnly . If you upgrade from CRM 4.0 you have to run SETUP.exe. If you upgrade from a higher release you have to run UPGRADE.exe
4. Install the Transport Service again after MRS tools and services are upgraded to 7.0 SP 04.
In your case, TA was not uninstalled pripr to the MRS tools and servcies upgrade.Hence you still see 4.0 TA. Please follow the above steps to solve the issue.
Please refer to the section 5.2.7 section of the upgrade guide document for more information.
Regards
shankar -
MARS upgrade from CLI - not working
here's the syntax from the MARS online help to run the CLI upgrade utility
pnupgrade http://10.1.1.1/package [user] [passwd]
works ok if using FTP and "package" is located in the root directory of the FTP server
trying to download and install an upgrade from a non-root subfolder and MARS complains.
is there some restriction on where the upgrade package resides on the source server?
thanks
-randythe ftp server is a product calledMoveIT-DMZ - which apparently supports FTP, HTTP, HTTPS, SCP, etc.
I also had the same problem with a freeware FTP server (WARftpdaemon) running on my laptop - upgrade works fine unless I put the upgrade files in some subdirectory. -
Upgrade from Luna To Mars - project components are missing
I upgraded from Luna to Mars. Before upgrading, I exported by projects, upgraded and imported them. Now, in the Navigator, I only see a handful of items, outline view is empty, and so is the palette.
I'm new to Startdust and am experimenting, so I may have done something incorrectly. Does anyone know how to get the Model object back?Those paths you see are the location of the templates on the machine Adobe used to compile them.
Try deleteing all templates in your cfclasses folder and then restarting CF. -
XML DataSource delivers no mare data after upgrade from 7.01 to 7.31
Dear all,
we have an XML DataSource (BW DataSource with SOAP Connection) that worked fine till our upgrade from BW 7.01 to 7.31.
Now the delta infopackage is (still) succesfull but doesn't deliver any data.
In our XI system there is this error:
28.05.2014 08:01:05.399
Information
SOAP: call completed
28.05.2014 08:01:05.400
Information
The message was successfully retrieved from the send queue.
28.05.2014 08:01:05.402
Information
Executing request mapping "http://XXXXXXX/kam03/kampagne/reporting/visitorhistory/pi/CampaignVHOB2BWCampaignVHIB" (SWCV a2b526801e5111e0858eea100a375191)
28.05.2014 08:01:05.402
Information
The message status was set to DLNG.
28.05.2014 08:01:06.092
Information
Delivering to channel: SOAP_XI_RCV
28.05.2014 08:01:06.092
Information
MP: entering1
28.05.2014 08:01:06.092
Information
MP: processing local module localejbs/sap.com/com.sap.aii.af.soapadapter/XISOAPAdapterBean
28.05.2014 08:01:06.092
Information
SOAP: request message entering the adapter with user J2EE_GUEST
28.05.2014 08:01:06.470
Fehler
SOAP: call failed: java.lang.NullPointerException: while trying to invoke the method com.sap.aii.af.sdk.xi.mo.xmb.XMBMessageHeader.getMessageId() of an object loaded from local variable messageHeader
28.05.2014 08:01:06.472
Fehler
Adapter Framework caught exception: java.lang.NullPointerException: while trying to invoke the method com.sap.aii.af.sdk.xi.mo.xmb.XMBMessageHeader.getMessageId() of an object loaded from local variable 'messageHeader'
28.05.2014 08:01:06.472
Fehler
MP: exception caught with cause com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.lang.NullPointerException: while trying to invoke the method com.sap.aii.af.sdk.xi.mo.xmb.XMBMessageHeader.getMessageId() of an object loaded from local variable 'messageHeader'
28.05.2014 08:01:06.472
Fehler
SOAP: error occured: com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.lang.NullPointerException: while trying to invoke the method com.sap.aii.af.sdk.xi.mo.xmb.XMBMessageHeader.getMessageId() of an object loaded from local variable messageHeader
28.05.2014 08:01:06.472
Information
SOAP: sending a delivery error ack ...
28.05.2014 08:01:06.472
Information
SOAP: sent a delivery error ack
28.05.2014 08:01:06.476
Fehler
Transmitting the message to endpoint <local> using connection SOAP_http://sap.com/xi/XI/System failed, due to: com.sap.engine.interfaces.messaging.api.exception.MessagingException: java.lang.NullPointerException: while trying to invoke the method com.sap.aii.af.sdk.xi.mo.xmb.XMBMessageHeader.getMessageId() of an object loaded from local variable 'messageHeader'.
28.05.2014 08:01:06.493
Information
The asynchronous message was successfully scheduled to be delivered at Wed May 28 08:06:06 CEST 2014.
28.05.2014 08:01:06.493
Information
The message status was set to WAIT.
28.05.2014 08:06:06.482
Information
The message status was set to TBDL.
28.05.2014 08:06:06.783
Information
The message was successfully retrieved from the send queue.
28.05.2014 08:06:06.783
Information
Retrying to send message. Retry: 1
Does anybody have a clue and know what's wrong?
Thanks in advance.
Best regards,
NicoleHi Nicole,
First of all I am afraid that I am not an expert in this area. My impression is that the HTTP destination type is created on the receiver side (i.e. BW). If that is the case, then I think t/code SM59 is the right place where you can also create other connection types than ABAP (please refer to paragraph 4.1 of the document which was mentioned in the other discussion).
However, I suggest to involve a basis/system administrator and if possible also an XI consultant to come to a solution. My gut feeling says that it's a connection problem which has to be solved in either the BW system, XI system or in both systems.
Best regards,
Sander -
Slow table creation after upgrade from 10.2.0.3 to 11.2.0.1 using DBUA
I've recently completed a database upgrade from 10.2.0.3 to 11.2.0.1 using the DBUA.
I've since encountered a slowdown when running a script which drops and recreates a series of ~250 tables. The script normally runs in around 19 seconds. After the upgrade, the script requires ~2 minutes to run.
By chance has anyone encountered something similar?
The problem may be related to the behavior of an "after CREATE on schema" trigger which grants select privileges to a role through the use of a dbms_job call; between 10g and the database that was upgraded from 10G to 11g. Currently researching this angle.
I will be using the following table creation DDL for this abbreviated test case:
create table ALLIANCE (
ALLIANCEID NUMBER(10) not null,
NAME VARCHAR2(40) not null,
CREATION_DATE DATE,
constraint PK_ALLIANCE primary key (ALLIANCEID)
using index
tablespace LIVE_INDEX
tablespace LIVE_DATA;When calling the above DDL, an "after CREATE on schema" trigger is fired which schedules a job to immediately run to grant select privilege to a role for the table which was just created:
create or replace
trigger select_grant
after CREATE on schema
declare
l_str varchar2(255);
l_job number;
begin
if ( ora_dict_obj_type = 'TABLE' ) then
l_str := 'execute immediate "grant select on ' ||
ora_dict_obj_name ||
' to select_role";';
dbms_job.submit( l_job, replace(l_str,'"','''') );
end if;
end;
{code}
Below I've included data on two separate test runs. The first is on the upgraded database and includes optimizer parameters and an abbreviated TKPROF. I've also, included the offending sys generate SQL which is not issued when the same test is run on a 10g environment that has been set up with a similar test case. The 10g test run's TKPROF is also included below.
The version of the database is 11.2.0.1.
These are the parameters relevant to the optimizer for the test run on the upgraded 11g SID:
{code}
SQL> show parameter optimizer
NAME TYPE VALUE
optimizer_capture_sql_plan_baselines boolean FALSE
optimizer_dynamic_sampling integer 2
optimizer_features_enable string 11.2.0.1
optimizer_index_caching integer 0
optimizer_index_cost_adj integer 100
optimizer_mode string ALL_ROWS
optimizer_secure_view_merging boolean TRUE
optimizer_use_invisible_indexes boolean FALSE
optimizer_use_pending_statistics boolean FALSE
optimizer_use_sql_plan_baselines boolean TRUE
SQL> show parameter db_file_multi
NAME TYPE VALUE
db_file_multiblock_read_count integer 8
SQL> show parameter db_block_size
NAME TYPE VALUE
db_block_size integer 8192
SQL> show parameter cursor_sharing
NAME TYPE VALUE
cursor_sharing string EXACT
SQL> column sname format a20
SQL> column pname format a20
SQL> column pval2 format a20
SQL> select sname, pname, pval1, pval2 from sys.aux_stats$;
SNAME PNAME PVAL1 PVAL2
SYSSTATS_INFO STATUS COMPLETED
SYSSTATS_INFO DSTART 03-11-2010 16:33
SYSSTATS_INFO DSTOP 03-11-2010 17:03
SYSSTATS_INFO FLAGS 0
SYSSTATS_MAIN CPUSPEEDNW 713.978495
SYSSTATS_MAIN IOSEEKTIM 10
SYSSTATS_MAIN IOTFRSPEED 4096
SYSSTATS_MAIN SREADTIM 1565.746
SYSSTATS_MAIN MREADTIM
SYSSTATS_MAIN CPUSPEED 2310
SYSSTATS_MAIN MBRC
SYSSTATS_MAIN MAXTHR
SYSSTATS_MAIN SLAVETHR
13 rows selected.
{code}
Output from TKPROF on the 11g SID:
{code}
create table ALLIANCE (
ALLIANCEID NUMBER(10) not null,
NAME VARCHAR2(40) not null,
CREATION_DATE DATE,
constraint PK_ALLIANCE primary key (ALLIANCEID)
using index
tablespace LIVE_INDEX
tablespace LIVE_DATA
call count cpu elapsed disk query current rows
Parse 1 0.00 0.00 0 0 0 0
Execute 1 0.00 0.00 0 0 4 0
Fetch 0 0.00 0.00 0 0 0 0
total 2 0.00 0.00 0 0 4 0
Misses in library cache during parse: 1
Optimizer mode: ALL_ROWS
Parsing user id: 324
{code}
... large section omitted ...
Here is the performance hit portion of the TKPROF on the 11g SID:
{code}
SQL ID: fsbqktj5vw6n9
Plan Hash: 1443566277
select next_run_date, obj#, run_job, sch_job
from
(select decode(bitand(a.flags, 16384), 0, a.next_run_date,
a.last_enabled_time) next_run_date, a.obj# obj#,
decode(bitand(a.flags, 16384), 0, 0, 1) run_job, a.sch_job sch_job from
(select p.obj# obj#, p.flags flags, p.next_run_date next_run_date,
p.job_status job_status, p.class_oid class_oid, p.last_enabled_time
last_enabled_time, p.instance_id instance_id, 1 sch_job from
sys.scheduler$_job p where bitand(p.job_status, 3) = 1 and
((bitand(p.flags, 134217728 + 268435456) = 0) or
(bitand(p.job_status, 1024) <> 0)) and bitand(p.flags, 4096) = 0 and
p.instance_id is NULL and (p.class_oid is null or (p.class_oid is
not null and p.class_oid in (select b.obj# from sys.scheduler$_class b
where b.affinity is null))) UNION ALL select
q.obj#, q.flags, q.next_run_date, q.job_status, q.class_oid,
q.last_enabled_time, q.instance_id, 1 from sys.scheduler$_lightweight_job
q where bitand(q.job_status, 3) = 1 and ((bitand(q.flags, 134217728 +
268435456) = 0) or (bitand(q.job_status, 1024) <> 0)) and
bitand(q.flags, 4096) = 0 and q.instance_id is NULL and (q.class_oid
is null or (q.class_oid is not null and q.class_oid in (select
c.obj# from sys.scheduler$_class c where
c.affinity is null))) UNION ALL select j.job, 0,
from_tz(cast(j.next_date as timestamp), to_char(systimestamp,'TZH:TZM')
), 1, NULL, from_tz(cast(j.next_date as timestamp),
to_char(systimestamp,'TZH:TZM')), NULL, 0 from sys.job$ j where
(j.field1 is null or j.field1 = 0) and j.this_date is null) a order by
1) where rownum = 1
call count cpu elapsed disk query current rows
Parse 1 0.00 0.00 0 0 0 0
Execute 1 0.00 0.00 0 0 0 0
Fetch 1 0.47 0.47 0 9384 0 1
total 3 0.48 0.48 0 9384 0 1
Misses in library cache during parse: 1
Optimizer mode: CHOOSE
Parsing user id: SYS (recursive depth: 1)
Rows Row Source Operation
1 COUNT STOPKEY (cr=9384 pr=0 pw=0 time=0 us)
1 VIEW (cr=9384 pr=0 pw=0 time=0 us cost=5344 size=6615380 card=194570)
1 SORT ORDER BY STOPKEY (cr=9384 pr=0 pw=0 time=0 us cost=5344 size=11479630 card=194570)
194790 VIEW (cr=9384 pr=0 pw=0 time=537269 us cost=2563 size=11479630 card=194570)
194790 UNION-ALL (cr=9384 pr=0 pw=0 time=439235 us)
231 FILTER (cr=68 pr=0 pw=0 time=920 us)
231 TABLE ACCESS FULL SCHEDULER$_JOB (cr=66 pr=0 pw=0 time=690 us cost=19 size=13157 card=223)
1 TABLE ACCESS BY INDEX ROWID SCHEDULER$_CLASS (cr=2 pr=0 pw=0 time=0 us cost=1 size=40 card=1)
1 INDEX UNIQUE SCAN SCHEDULER$_CLASS_PK (cr=1 pr=0 pw=0 time=0 us cost=0 size=0 card=1)(object id 5056)
0 FILTER (cr=3 pr=0 pw=0 time=0 us)
0 TABLE ACCESS FULL SCHEDULER$_LIGHTWEIGHT_JOB (cr=3 pr=0 pw=0 time=0 us cost=2 size=95 card=1)
0 TABLE ACCESS BY INDEX ROWID SCHEDULER$_CLASS (cr=0 pr=0 pw=0 time=0 us cost=1 size=40 card=1)
0 INDEX UNIQUE SCAN SCHEDULER$_CLASS_PK (cr=0 pr=0 pw=0 time=0 us cost=0 size=0 card=1)(object id 5056)
194559 TABLE ACCESS FULL JOB$ (cr=9313 pr=0 pw=0 time=167294 us cost=2542 size=2529254 card=194558)
{code}
and the totals at the end of the TKPROF on the 11g SID:
{code}
OVERALL TOTALS FOR ALL NON-RECURSIVE STATEMENTS
call count cpu elapsed disk query current rows
Parse 1 0.00 0.00 0 0 0 0
Execute 2 0.00 0.00 0 0 4 0
Fetch 0 0.00 0.00 0 0 0 0
total 3 0.00 0.00 0 0 4 0
Misses in library cache during parse: 1
Misses in library cache during execute: 1
OVERALL TOTALS FOR ALL RECURSIVE STATEMENTS
call count cpu elapsed disk query current rows
Parse 70 0.00 0.00 0 0 0 0
Execute 85 0.01 0.01 0 62 208 37
Fetch 49 0.48 0.49 0 9490 0 35
total 204 0.51 0.51 0 9552 208 72
Misses in library cache during parse: 5
Misses in library cache during execute: 3
35 user SQL statements in session.
53 internal SQL statements in session.
88 SQL statements in session.
Trace file: 11gSID_ora_17721.trc
Trace file compatibility: 11.1.0.7
Sort options: default
1 session in tracefile.
35 user SQL statements in trace file.
53 internal SQL statements in trace file.
88 SQL statements in trace file.
51 unique SQL statements in trace file.
1590 lines in trace file.
18 elapsed seconds in trace file.
{code}
The version of the database is 10.2.0.3.0.
These are the parameters relevant to the optimizer for the test run on the 10g SID:
{code}
SQL> show parameter optimizer
NAME TYPE VALUE
optimizer_dynamic_sampling integer 2
optimizer_features_enable string 10.2.0.3
optimizer_index_caching integer 0
optimizer_index_cost_adj integer 100
optimizer_mode string ALL_ROWS
optimizer_secure_view_merging boolean TRUE
SQL> show parameter db_file_multi
NAME TYPE VALUE
db_file_multiblock_read_count integer 8
SQL> show parameter db_block_size
NAME TYPE VALUE
db_block_size integer 8192
SQL> show parameter cursor_sharing
NAME TYPE VALUE
cursor_sharing string EXACT
SQL> column sname format a20
SQL> column pname format a20
SQL> column pval2 format a20
SQL> select sname, pname, pval1, pval2 from sys.aux_stats$;
SNAME PNAME PVAL1 PVAL2
SYSSTATS_INFO STATUS COMPLETED
SYSSTATS_INFO DSTART 09-24-2007 11:09
SYSSTATS_INFO DSTOP 09-24-2007 11:09
SYSSTATS_INFO FLAGS 1
SYSSTATS_MAIN CPUSPEEDNW 2110.16949
SYSSTATS_MAIN IOSEEKTIM 10
SYSSTATS_MAIN IOTFRSPEED 4096
SYSSTATS_MAIN SREADTIM
SYSSTATS_MAIN MREADTIM
SYSSTATS_MAIN CPUSPEED
SYSSTATS_MAIN MBRC
SYSSTATS_MAIN MAXTHR
SYSSTATS_MAIN SLAVETHR
13 rows selected.
{code}
Now for the TKPROF of a mirrored test environment running on a 10G SID:
{code}
create table ALLIANCE (
ALLIANCEID NUMBER(10) not null,
NAME VARCHAR2(40) not null,
CREATION_DATE DATE,
constraint PK_ALLIANCE primary key (ALLIANCEID)
using index
tablespace LIVE_INDEX
tablespace LIVE_DATA
call count cpu elapsed disk query current rows
Parse 1 0.00 0.00 0 0 0 0
Execute 1 0.00 0.01 0 2 16 0
Fetch 0 0.00 0.00 0 0 0 0
total 2 0.01 0.01 0 2 16 0
Misses in library cache during parse: 1
Optimizer mode: ALL_ROWS
Parsing user id: 113
{code}
... large section omitted ...
Totals for the TKPROF on the 10g SID:
{code}
OVERALL TOTALS FOR ALL NON-RECURSIVE STATEMENTS
call count cpu elapsed disk query current rows
Parse 1 0.00 0.02 0 0 0 0
Execute 1 0.00 0.00 0 2 16 0
Fetch 0 0.00 0.00 0 0 0 0
total 2 0.00 0.02 0 2 16 0
Misses in library cache during parse: 1
OVERALL TOTALS FOR ALL RECURSIVE STATEMENTS
call count cpu elapsed disk query current rows
Parse 65 0.01 0.01 0 1 32 0
Execute 84 0.04 0.09 20 90 272 35
Fetch 88 0.00 0.10 30 281 0 64
total 237 0.07 0.21 50 372 304 99
Misses in library cache during parse: 38
Misses in library cache during execute: 32
10 user SQL statements in session.
76 internal SQL statements in session.
86 SQL statements in session.
Trace file: 10gSID_ora_32003.trc
Trace file compatibility: 10.01.00
Sort options: default
1 session in tracefile.
10 user SQL statements in trace file.
76 internal SQL statements in trace file.
86 SQL statements in trace file.
43 unique SQL statements in trace file.
949 lines in trace file.
0 elapsed seconds in trace file.
{code}
Edited by: user8598842 on Mar 11, 2010 5:08 PMSo while this certainly isn't the most elegant of solutions, and most assuredly isn't in the realm of supported by Oracle...
I've used the DBMS_IJOB.DROP_USER_JOBS('username'); package to remove the 194558 orphaned job entries from the job$ table. Don't ask, I've no clue how they all got there; but I've prepared some evil looks to unleash upon certain developers tomorrow morning.
Not being able to reorganize the JOB$ table to free the now wasted ~67MB of space I've opted to create a new index on the JOB$ table to sidestep the full table scan.
CREATE INDEX SYS.JOB_F1_THIS_NEXT ON SYS.JOB$ (FIELD1, THIS_DATE, NEXT_DATE) TABLESPACE SYSTEM;The next option would be to try to find a way to grant the select privilege to the role without using the aforementioned "after CREATE on schema" trigger and dbms_job call. This method was adopted to cover situations in which a developer manually added a table directly to the database rather than using the provided scripts to recreate their test environment.
I assume that the following quote from the 11gR2 documentation is mistaken, and there is no such beast as "create or replace table" in 11g:
http://download.oracle.com/docs/cd/E11882_01/server.112/e10592/statements_9003.htm#i2061306
"Dropping a table invalidates dependent objects and removes object privileges on the table. If you want to re-create the table, then you must regrant object privileges on the table, re-create the indexes, integrity constraints, and triggers for the table, and respecify its storage parameters. Truncating and replacing have none of these effects. Therefore, removing rows with the TRUNCATE statement or replacing the table with a *CREATE OR REPLACE TABLE* statement can be more efficient than dropping and re-creating a table." -
After upgrade from 10.2.0.1 to 10.2.0.4 enterprise manager not working
after upgrade from 10.2.0.1 to 10.2.0.4
on windows enterprise manager is not working
Edited by: 830525 on Mar 24, 2012 9:44 AMF:\Documents and Settings\hakem>emctl start dbconsole
Oracle Enterprise Manager 10g Database Control Release 10.2.0.4.0
Copyright (c) 1996, 2007 Oracle Corporation. All rights reserved.
https://M1C3:1158/em/console/aboutApplication
Starting Oracle Enterprise Manager 10g Database Control ...The OracleDBConsoleor
cl service is starting..........................................................
The OracleDBConsoleorcl service could not be started.
A service specific error occurred: 1.
More help is available by typing NET HELPMSG 3547.
F:\Documents and Settings\hakem>NET HELPMSG 3547
A service specific error occurred: ***.
EXPLANATION
A service-specific error occurred.
ACTION
Refer to the Help or documentation for that service to determine the problem.
that's what happen while trying to start db console -
Upgraded from 10.6.8 to Yosemite and now safari crashes and everything is extrememly slow
How do I fix my computer after upgrading from 10.6.8 to 10.10.1? Safari quits responding constantly, my computer runs so slow it is virtually useless. I have an early 2008 iMac, 2.66gHz Intel 2 Duo Core, 2 G Mem. I got this report from EtreCheck
Problem description:
Downloaded “free upgrade” to Yosemite. I have to constantly force quit Safari, because it stops responding. All apps are now so slow as to make my machine virtually useless.
EtreCheck version: 2.1.8 (121)
Report generated March 9, 2015 at 4:31:04 PM MDT
Download EtreCheck from http://etresoft.com/etrecheck
Click the [Click for support] links for help with non-Apple products.
Click the [Click for details] links for more information about that line.
Hardware Information: ℹ️
iMac (20-inch, Early 2008) (Verified)
iMac - model: iMac8,1
1 2.66 GHz Intel Core 2 Duo CPU: 2-core
2 GB RAM Upgradeable
BANK 0/DIMM0
1 GB DDR2 SDRAM 800 MHz ok
BANK 1/DIMM1
1 GB DDR2 SDRAM 800 MHz ok
Bluetooth: Old - Handoff/Airdrop2 not supported
Wireless: en1: 802.11 a/b/g/n
Video Information: ℹ️
ATI Radeon HD 2600 Pro - VRAM: 256 MB
iMac 1680 x 1050
System Software: ℹ️
OS X 10.10.1 (14B25) - Time since boot: 0:37:17
Disk Information: ℹ️
ST3320820AS_Q disk0 : (320.07 GB)
EFI (disk0s1) <not mounted> : 210 MB
GrannysRide (disk0s2) / : 319.21 GB (228.32 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
USB Information: ℹ️
LaCie P'9220 Mobile Drive 500.11 GB
disk1s1 (disk1s1) <not mounted> : 32 KB
Porsche (disk1s3) /Volumes/Porsche : 499.97 GB (370.04 GB free)
Apple Inc. Built-in iSight
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
Logitech USB Receiver
Apple Computer, Inc. IR Receiver
Gatekeeper: ℹ️
Mac App Store and identified developers
Kernel Extensions: ℹ️
/System/Library/Extensions
[not loaded] com.sierrawireless.driver.SierraSupport (1.4.0) [Click for support]
[not loaded] com.sierrawireless.driver.SierraSupportKicker (1.4.0) [Click for support]
/Volumes/Porsche/Applications/TechTool Deluxe.app
[not loaded] com.micromat.iokit.TTIOMIATADriver (1.2) [Click for support]
[not loaded] com.micromat.iokit.TTIOMIFWDriver (1.2) [Click for support]
Launch Agents: ℹ️
[loaded] com.google.keystone.agent.plist [Click for support]
[loaded] com.hp.help.tocgenerator.plist [Click for support]
[running] com.hp.productresearch.plist [Click for support]
[running] com.trusteer.rapport.rapportd.plist [Click for support]
Launch Daemons: ℹ️
[loaded] com.adobe.fpsaud.plist [Click for support]
[loaded] com.adobe.versioncueCS3.plist [Click for support]
[loaded] com.google.keystone.daemon.plist [Click for support]
[running] com.trusteer.rooks.rooksd.plist [Click for support]
User Launch Agents: ℹ️
[loaded] com.adobe.ARM.[...].plist [Click for support]
[failed] com.adobe.ARM.[...].plist [Click for support] [Click for details]
[failed] com.iYogi.MacTuneupHelper.plist [Click for support] [Click for details]
[failed] com.jdibackup.JustCloud.autostart.plist [Click for support] [Click for details]
User Login Items: ℹ️
Yahoo! Widgets Application (/Applications/Yahoo! Widgets.app)
Dropbox Application (/Applications/Dropbox.app)
Internet Plug-ins: ℹ️
AdobePDFViewerNPAPI: Version: 10.1.13 [Click for support]
Flash Player: Version: 16.0.0.305 - SDK 10.6 [Click for support]
GarminGPSControl: Version: 3.0.1.0 Release - SDK 10.4 [Click for support]
AdobePDFViewer: Version: 10.1.13 [Click for support]
Unity Web Player: Version: UnityPlayer version 2.6.1f3 [Click for support]
googletalkbrowserplugin: Version: 5.40.2.0 - SDK 10.8 [Click for support]
Scorch: Version: 5.2.5 [Click for support]
iPhotoPhotocast: Version: 7.0
RealPlayer Plugin: Version: Unknown [Click for support]
RL Secure Plug-In Layer: Version: Unknown - SDK 10.5 [Click for support]
QuickTime Plugin: Version: 7.7.3
FlashPlayer-10.6: Version: 16.0.0.305 - SDK 10.6 [Click for support]
Yahoo! Installer 3: Version: 1.0.128 [Click for support]
Silverlight: Version: 5.1.30514.0 - SDK 10.6 [Click for support]
CouponPrinter-FireFox_v2: Version: Version 1.1.6 [Click for support]
Google Earth Web Plug-in: Version: 7.1 [Click for support]
Default Browser: Version: 600 - SDK 10.10
Flip4Mac WMV Plugin: Version: 2.4.4.2 [Click for support]
o1dbrowserplugin: Version: 5.40.2.0 - SDK 10.8 [Click for support]
JavaAppletPlugin: Version: 15.0.0 - SDK 10.10 Check version
User internet Plug-ins: ℹ️
Move_Media_Player: Version: npmnqmp 071503000004 [Click for support]
UploadManager: Version: Unknown - SDK 10.5 [Click for support]
ContentManager: Version: Unknown - SDK 10.5 [Click for support]
RocketEngine: Version: Unknown - SDK 10.5 [Click for support]
Safari Extensions: ℹ️
1-ClickWeather
Exposer
Better Facebook
3rd Party Preference Panes: ℹ️
Adobe Version Cue CS3 [Click for support]
Flash Player [Click for support]
Flip4Mac WMV [Click for support]
Trusteer Endpoint Protection [Click for support]
Time Machine: ℹ️
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
GrannysRide: Disk size: 319.21 GB Disk used: 90.89 GB
Destinations:
Porsche [Local]
Total size: 499.97 GB
Total number of backups: 22
Oldest backup: 2014-12-24 19:07:22 +0000
Last backup: 2015-03-09 21:30:59 +0000
Size of backup disk: Adequate
Backup size 499.97 GB > (Disk used 90.89 GB X 3)
Top Processes by CPU: ℹ️
3% WindowServer
1% Safari
0% hidd
0% discoveryd
0% com.apple.WebKit.Networking
Top Processes by Memory: ℹ️
116 MB Safari
106 MB com.apple.WebKit.WebContent
101 MB mds_stores
34 MB WindowServer
30 MB com.apple.WebKit.Networking
Virtual Memory Information: ℹ️
57 MB Free RAM
741 MB Active RAM
701 MB Inactive RAM
297 MB Wired RAM
3.35 GB Page-ins
59 MB Page-outs
Diagnostics Information: ℹ️
Mar 9, 2015, 03:45:22 PM Self test - passed
Mar 9, 2015, 01:34:51 PM /Library/Logs/DiagnosticReports/Safari_2015-03-09-133451_[redacted].hang
Mar 9, 2015, 11:53:40 AM /Users/[redacted]/Library/Logs/DiagnosticReports/Spotlight_2015-03-09-115340_[r edacted].crash
Mar 9, 2015, 03:34:14 PM /Library/Logs/DiagnosticReports/Safari_2015-03-09-153414_[redacted].hangSlow performance after installing Yosemite on an older Mac is often caused by inadequate memory. Although you can install the upgrade on a Mac with 2 GB of memory, experience has shown that at least 4 GB is needed for full performance.
Select About This Mac from the Apple menu. If you have less than 4 GB of memory, and your model has upgradable memory, install as much as it can take, or at least that much. Any reputable RAM vendor will have a web form in which you can select the Mac model and be directed to compatible parts. -
Upgrading from PIX to ASA 5512X
Hi everyone,
We are in the middle of upgrading from two PIX's to some new ASA5512X's. To give you some background on the situation we are upgrading these since the PIXs are fairly old. We had one extra that we had to use since one PIX has failed already. The guy that implemented the PIXs orginally was learning how to do so as he went so there is alot of needless config in the PIX, atleast from what I can tell. Another guy that works with me has done some configuration on the new ASAs and has done the majority of it so far. Today we went to install the new ASAs and switch everything over hoping it would work, but that didn't happen. It seems that there is something wrong with our NAT and ACLs somewhere along the lines. The way our network is laid out is that we have two school campus with a site-to-site VPN one is 172.17.0.0/16 and the other is 172.18.0.0/16. We also have a remote-access VPN on both ASA's. When we connected the new ASAs up and brought up the interfaces, nothing on the inside could ping the internet nor the other side. The VPN showed active on the ASA's and each ASA could ping the others outside interface, but that was it. I have posted the configs below. If anyone could help out I would GREATLY appreciate it! Thank you in advance!
ASA1:
: Saved
: Written by enable_15 at 04:26:18.240 CDT Tue Mar 12 2013
ASA Version 8.6(1)2
hostname dallasroadASA
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 70.x.x.x 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.18.1.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
name-server 172.18.2.21
name-server 172.18.2.20
object network WS_VLAN2
subnet 172.17.2.0 255.255.255.0
object network WS_VLAN3
subnet 172.17.3.0 255.255.255.0
object network WS_VLAN4
subnet 172.17.4.0 255.255.255.0
object network WS_VLAN5
subnet 172.17.5.0 255.255.255.0
object network WS_VLAN6
subnet 172.17.6.0 255.255.255.0
object network WS_VLAN7
subnet 172.17.7.0 255.255.255.0
object network WS_VLAN8
subnet 172.17.8.0 255.255.255.0
object network WS_VLAN9
subnet 172.17.9.0 255.255.255.0
object network WS_VLAN10
subnet 172.17.10.0 255.255.255.0
object network WS_VLAN11
subnet 172.17.11.0 255.255.255.0
object network WS_VLAN12
subnet 172.17.12.0 255.255.255.0
object network WS_VLAN13
subnet 172.17.13.0 255.255.255.0
object network WS_VLAN14
subnet 172.17.14.0 255.255.255.0
object network WS_VLAN15
subnet 172.17.15.0 255.255.255.0
object network WS_VLAN16
subnet 172.17.16.0 255.255.255.0
object network DR_VLAN2
subnet 172.18.2.0 255.255.255.0
object network DR_VLAN3
subnet 172.18.3.0 255.255.255.0
object network DR_VLAN4
subnet 172.18.4.0 255.255.255.0
object network DR_VLAN5
subnet 172.18.5.0 255.255.255.0
object network DR_VLAN6
subnet 172.18.6.0 255.255.255.0
object network DR_VLAN7
subnet 172.18.7.0 255.255.255.0
object network DR_VLAN8
subnet 172.18.8.0 255.255.255.0
object network DR_VLAN9
subnet 172.18.9.0 255.255.255.0
object network DR_VLAN10
subnet 172.18.10.0 255.255.255.0
object network DR_CORE_SW
host 172.18.2.1
object network dallasdns02_internal
host 172.18.2.21
object network faithdallas03_internal
host 172.18.2.20
object network dns_external
host 70.x.x.x
object network WorthStreet
subnet 172.17.0.0 255.255.0.0
object network DallasRoad
subnet 172.18.0.0 255.255.0.0
object-group network DALLAS_VLANS
network-object object DR_VLAN10
network-object object DR_VLAN2
network-object object DR_VLAN3
network-object object DR_VLAN4
network-object object DR_VLAN5
network-object object DR_VLAN6
network-object object DR_VLAN7
network-object object DR_VLAN8
network-object object DR_VLAN9
object-group network WORTH_VLANS
network-object object WS_VLAN10
network-object object WS_VLAN11
network-object object WS_VLAN12
network-object object WS_VLAN13
network-object object WS_VLAN14
network-object object WS_VLAN15
network-object object WS_VLAN16
network-object object WS_VLAN2
network-object object WS_VLAN3
network-object object WS_VLAN4
network-object object WS_VLAN5
network-object object WS_VLAN6
network-object object WS_VLAN7
network-object object WS_VLAN8
network-object object WS_VLAN9
object-group network dallasitnetwork
network-object host 172.18.2.20
network-object host 172.18.2.40
object-group protocol tcpudp
protocol-object udp
protocol-object tcp
object-group network dallasroaddns
network-object host 172.18.2.20
network-object host 172.18.2.21
object-group service tcpservices tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq ssh
object-group network remotevpnnetwork
network-object 172.18.50.0 255.255.255.0
access-list L2LAccesslist extended permit ip 172.18.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list NONAT extended permit ip any 172.18.50.0 255.255.255.0
access-list inside_inbound_access extended permit ip 172.18.0.0 255.255.0.0 172.17.0.0 255.255.0.0
access-list inside_inbound_access extended permit ip object-group dallasitnetwork any
access-list inside_inbound_access extended permit object-group tcpudp object-group dallasroaddns any eq domain
access-list inside_inbound_access extended permit ip host 172.18.4.10 any
access-list inside_inbound_access extended deny object-group tcpudp any any eq domain
access-list inside_inbound_access extended deny tcp any any eq smtp
access-list inside_inbound_access extended permit ip any any
access-list outside_inbound_access extended permit tcp any host 70.x.x.x object-group tcpservices
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnaddresspool 172.18.50.0-172.18.50.255
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static dallasdns02_internal dns_external
nat (inside,outside) source static faithdallas03_internal dns_external
nat (inside,outside) source dynamic any interface
nat (any,outside) source static remotevpnnetwork remotevpnnetwork destination static remotevpnnetwork remotevpnnetwork description NONAT for remote vpn users
nat (inside,outside) source static DallasRoad DallasRoad destination static WorthStreet WorthStreet
access-group outside_inbound_access in interface outside
access-group inside_inbound_access in interface inside
route outside 0.0.0.0 0.0.0.0 70.x.x.x 1
route inside 172.18.0.0 255.255.0.0 172.18.1.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
ldap attribute-map CISCOMAP
map-name VPNALLOW IETF-Radius-Class
map-value VPNALLOW FALSE NOACESS
map-value VPNALLOW TRUE ALLOWACCESS
dynamic-access-policy-record DfltAccessPolicy
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 172.17.2.28
server-port 389
ldap-base-dn DC=campus,DC=fcschool,DC=org
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password ****
ldap-login-dn CN=fcsadmin,CN=Users,DC=campus,DC=fcschool,DC=org
server-type microsoft
ldap-attribute-map CISCOMAP
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.17.11.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
crypto map outside_map 10 match address L2LAccesslist
crypto map outside_map 10 set peer 71.x.x.x
crypto map outside_map 10 set ikev1 transform-set myset
crypto map outside_map 10 set reverse-route
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 172.18.0.0 255.255.0.0 inside
ssh 172.17.0.0 255.255.0.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1
group-policy DfltGrpPolicy attributes
dns-server value 172.18.2.20
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
password-storage enable
group-policy DallasRoad internal
group-policy DallasRoad attributes
dns-server value 172.18.2.20 172.18.2.21
password-storage enable
default-domain value campus.fcschool.org
group-policy ALLOWACCESS internal
group-policy ALLOWACCESS attributes
banner value Now connected to the FCS Network
vpn-tunnel-protocol ikev1
username iwerkadmin password i6vIlW5ctGaR0l7n encrypted privilege 15
tunnel-group remoteaccessvpn type remote-access
tunnel-group remoteaccessvpn general-attributes
address-pool vpnaddresspool
authentication-server-group LDAP
tunnel-group 71.x.x.x type ipsec-l2l
tunnel-group 71.x.x.x ipsec-attributes
ikev1 pre-shared-key ****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:fd69fbd7a2cb0a6a125308dd85302198
: end
ASA2:
: Saved
: Written by enable_15 at 09:27:47.579 UTC Tue Mar 12 2013
ASA Version 8.6(1)2
hostname worthstreetASA
enable password **** encrypted
passwd **** encrypted
names
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 71.x.x.x 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.17.1.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa861-2-smp-k8.bin
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 172.17.2.23
name-server 172.17.2.28
object network mail_external
host 71.x.x.x
object network mail_internal
host 172.17.2.57
object network faweb_external
host 71.x.x.x
object network netclassroom_external
host 71.x.x.x
object network blackbaud_external
host 71.x.x.x
object network netclassroom_internal
host 172.17.2.41
object network nagios
host 208.x.x.x
object network DallasRoad_ASA
host 70.x.x.x
object network WS_VLAN2
subnet 172.17.2.0 255.255.255.0
object network WS_VLAN3
subnet 172.17.3.0 255.255.255.0
object network WS_VLAN4
subnet 172.17.4.0 255.255.255.0
object network WS_VLAN5
subnet 172.17.5.0 255.255.255.0
object network WS_VLAN6
subnet 172.17.6.0 255.255.255.0
object network WS_VLAN7
subnet 172.17.7.0 255.255.255.0
object network WS_VLAN8
subnet 172.17.8.0 255.255.255.0
object network WS_VLAN9
subnet 172.17.9.0 255.255.255.0
object network WS_VLAN10
subnet 172.17.10.0 255.255.255.0
object network WS_VLAN11
subnet 172.17.11.0 255.255.255.0
object network WS_VLAN12
subnet 172.17.12.0 255.255.255.0
object network WS_VLAN13
subnet 172.17.13.0 255.255.255.0
object network WS_VLAN14
subnet 172.17.14.0 255.255.255.0
object network WS_VLAN15
subnet 172.17.15.0 255.255.255.0
object network WS_VLAN16
subnet 172.17.16.0 255.255.255.0
object network DR_VLAN2
subnet 172.18.2.0 255.255.255.0
object network DR_VLAN3
subnet 172.18.3.0 255.255.255.0
object network DR_VLAN4
subnet 172.18.4.0 255.255.255.0
object network DR_VLAN5
subnet 172.18.5.0 255.255.255.0
object network DR_VLAN6
subnet 172.18.6.0 255.255.255.0
object network DR_VLAN7
subnet 172.18.7.0 255.255.255.0
object network DR_VLAN8
subnet 172.18.8.0 255.255.255.0
object network DR_VLAN9
subnet 172.18.9.0 255.255.255.0
object network DR_VLAN10
subnet 172.18.10.0 255.255.255.0
object network WS_CORE_SW
host 172.17.2.1
object network blackbaud_internal
host 172.17.2.26
object network spiceworks_internal
host 172.17.2.15
object network faweb_internal
host 172.17.2.31
object network spiceworks_external
host 71.x.x.x
object network WorthStreet
subnet 172.17.0.0 255.255.0.0
object network DallasRoad
subnet 172.18.0.0 255.255.0.0
object network remotevpnnetwork
subnet 172.17.50.0 255.255.255.0
object-group icmp-type echo_svc_group
icmp-object echo
icmp-object echo-reply
object-group service mail.fcshool.org_svc_group
service-object icmp
service-object icmp echo
service-object icmp echo-reply
service-object tcp destination eq www
service-object tcp destination eq https
service-object tcp destination eq imap4
service-object tcp destination eq pop3
service-object tcp destination eq smtp
object-group service nagios_svc_group tcp
port-object eq 12489
object-group service http_s_svc_group tcp
port-object eq www
port-object eq https
object-group network DALLAS_VLANS
network-object object DR_VLAN10
network-object object DR_VLAN2
network-object object DR_VLAN3
network-object object DR_VLAN4
network-object object DR_VLAN5
network-object object DR_VLAN6
network-object object DR_VLAN7
network-object object DR_VLAN8
network-object object DR_VLAN9
object-group network WORTH_VLANS
network-object object WS_VLAN10
network-object object WS_VLAN11
network-object object WS_VLAN12
network-object object WS_VLAN13
network-object object WS_VLAN14
network-object object WS_VLAN15
network-object object WS_VLAN16
network-object object WS_VLAN2
network-object object WS_VLAN3
network-object object WS_VLAN4
network-object object WS_VLAN5
network-object object WS_VLAN6
network-object object WS_VLAN7
network-object object WS_VLAN8
network-object object WS_VLAN9
object-group network MailServers
network-object host 172.17.2.57
network-object host 172.17.2.58
network-object host 172.17.2.17
object-group protocol DM_INLINE_PROTOCOL
protocol-object ip
protocol-object udp
protocol-object tcp
object-group network DNS_Servers
network-object host 172.17.2.23
network-object host 172.17.2.28
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_access_in extended permit object-group mail.fcshool.org_svc_group any object mail_internal
access-list outside_access_in extended permit tcp object nagios object mail_internal object-group nagios_svc_group
access-list outside_access_in extended permit tcp any object faweb_external object-group http_s_svc_group
access-list outside_access_in extended permit tcp any object netclassroom_external object-group http_s_svc_group
access-list outside_access_in extended permit tcp any object blackbaud_external eq https
access-list outside_access_in extended permit tcp any object spiceworks_external object-group http_s_svc_group
access-list L2LAccesslist extended permit ip 172.17.0.0 255.255.0.0 172.18.0.0 255.255.0.0
access-list inside_inbound extended permit object-group TCPUDP object-group DNS_Servers any eq domain
access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL host 172.17.15.10 any inactive
access-list inside_access_in extended permit tcp object-group MailServers any eq smtp
access-list inside_access_in extended permit tcp host 172.17.14.10 any eq smtp
access-list inside_access_in extended deny object-group TCPUDP any any eq domain
access-list inside_access_in extended deny tcp any any eq smtp
access-list inside_access_in extended permit ip any any
access-list vpn_access extended permit ip any any
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
ip local pool vpnaddresspool 172.17.50.1-172.17.50.255
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
nat (inside,outside) source static mail_internal mail_external
nat (inside,outside) source static netclassroom_internal netclassroom_external
nat (inside,outside) source static faweb_internal faweb_external
nat (inside,outside) source static spiceworks_internal interface
nat (inside,outside) source static blackbaud_internal blackbaud_external
nat (inside,outside) source dynamic any interface
nat (inside,outside) source static WorthStreet WorthStreet destination static DallasRoad DallasRoad
nat (any,outside) source static remotevpnnetwork remotevpnnetwork destination static remotevpnnetwork remotevpnnetwork description NONAT for remote vpn users
access-group outside_access_in in interface outside
access-group inside_access_in in interface inside
route outside 0.0.0.0 0.0.0.0 71.x.x.x 1
route inside 172.17.0.0 255.255.0.0 172.17.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
ldap attribute-map CISCOMAP
map-name VPNALLOW IETF-Radius-Class
map-value VPNALLOW FALSE NOACESS
map-value VPNALLOW TRUE ALLOWACCESS
dynamic-access-policy-record DfltAccessPolicy
network-acl vpn_access
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 172.17.2.28
ldap-base-dn DC=campus,DC=fcschool,DC=org
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password Iw@FCS730w
ldap-login-dn CN=VPN Admin,CN=Users,DC=campus,DC=fcschool,DC=org
server-type microsoft
ldap-attribute-map CISCOMAP
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.17.0.0 255.255.0.0 inside
http 172.18.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
crypto map outside_map 10 match address L2LAccesslist
crypto map outside_map 10 set peer 70.x.x.x
crypto map outside_map 10 set ikev1 transform-set myset
crypto map outside_map 10 set reverse-route
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 65535
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
telnet 172.17.0.0 255.255.0.0 inside
telnet 172.18.0.0 255.255.0.0 inside
telnet 192.168.1.0 255.255.255.0 inside
telnet timeout 5
ssh 172.17.0.0 255.255.0.0 inside
ssh 172.18.0.0 255.255.0.0 inside
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
management-access management
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption aes256-sha1 aes128-sha1 3des-sha1
webvpn
group-policy NOACCESS internal
group-policy NOACCESS attributes
vpn-simultaneous-logins 0
vpn-tunnel-protocol ikev1
group-policy ALLOWACCESS internal
group-policy ALLOWACCESS attributes
banner value Now connected to the FCS Network
vpn-tunnel-protocol ikev1
username iwerkadmin password i6vIlW5ctGaR0l7n encrypted privilege 15
tunnel-group 70.x.x.x type ipsec-l2l
tunnel-group 70.x.x.x ipsec-attributes
ikev1 pre-shared-key FC$vpnn3tw0rk
tunnel-group remoteaccessvpn type remote-access
tunnel-group remoteaccessvpn general-attributes
address-pool vpnaddresspool
authentication-server-group LDAP
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:b599ba0f719f39b213e7f01fe55588ac
: endHi Derrick,
I just did the same for a customer; replaced 2 PIX515s failover cluster with 5512X. The NAT change is major with ASAs version 8.3 and later...
here's what you need: a manual NAT rule called twice NAT (policy NAT or NONAT is the old terminology) for the VPNs to work. also add the no-proxy-arp keyword:
nat (inside,outside) source static INSIDE_NETWORKS INSIDE_NETWORKS VPN_NETWORKS VPN_NETWORKS no-proxy-arp
nat (inside,outside) source static INSIDE_NETWORKS INSIDE_NETWORKS RA_VPN_NETWORKS RA_VPN_NETWORKS no-proxy-arp
then the dynamic PAT for internet access (after the twice NATs for VPN); could be a manual NAT like you did, or preferred an object NAT.
you did:
nat (inside,outside) source dynamic any interface
would also work with object nat:
object network INSIDE_NETWORKS
subnet ...
nat (inside,outside) dynamic interface
Same on the other side (except the networks are reversed since the inside network is now what the other side refers to as vpn network and vice versa)
If you don't put the no-proxy-arp, your NAT configuration will cause network issues.
also to be able to pass pings through ASA, add the following:
policy-map global_policy
class inspection_default
inspect icmp
The asa will do some basic inspection of the ICMP protocol with that config ex. it will make sure there is 1 echo-reply for each echo-request...
hope that helps,
Patrick -
Tag not being created after upgrade from 9i to 10g
We're upgrading from 9i to 10g - about time - and we've hit some "unexpected behaviour".
If I run
SELECT xmlelement("TestMsg",
XMLFOREST(m.tx_id "MsgNum",
m.tx_type "MsgTyp"
) MESSAGE -- this is the alias for the XMLFOREST item
) ut_xml
FROM (select 1 tx_id, 'test' tx_type from dual) mon my 9.2.0.4 database I get
<TestMsg>
<MESSAGE>
<MsgNum>1</MsgNum>
<MsgTyp>test</MsgTyp>
</MESSAGE>
</TestMsg>- an extra tag is created based on the alias of the XMLFOREST item.
on my 10.2.0.4 database I get
<TestMsg>
<MsgNum>1</MsgNum>
<MsgTyp>test</MsgTyp>
</TestMsg>no MESSAGE tag.
Some of the XML parsing we have is taking account of this MESSAGE tag and hence is now breaking.
I guess my question is whether we've messed up the install of XMLDB or whether the 9i behaviour was incorrect and we should amend the parsing to the 10g behaviour.Behavior change...?
SELECT xmlelement("TestMsg",
xmlelement("MESSAGE",
XMLFOREST(m.tx_id "MsgNum",
m.tx_type "MsgTyp"
)) ut_xml
FROM (select 1 tx_id, 'test' tx_type from dual) m
will give output in 10.2.0.4.0 EE
UT_XML
<TestMsg>
<MESSAGE>
<MsgNum>1</MsgNum>
<MsgTyp>test</MsgTyp>
</MESSAGE>
</TestMsg>Edited by: Marco Gralike on Mar 29, 2011 1:07 PM -
Serial number not valid when upgrading from LR4 to LR5 [was:leewayphotography]
J’ai acheté LR 4 il y a 1 an avec le n° de série sur la boite. J’ai acheté l’upgrade pour LR 5 et je n’ai jamais pu installer la version définitive avec ce n° de série.Ce n° de série n'est pas valide. La durée version d’essai est terminée et donc je dois retourner à LR 4 pour continuer à travailler ? Pourquoi cela ne fonctionne pas?
Bonjour.
J'ai bien compris votre réponse qu'il fallait utiliser un nouveau n° de série. J'ai bien téléchargé LR5 le 18 mars 2014, j'ai bien reçu une facture
n° IEE2014000174985 mais je n'ai pas de trace d'un nouveau n° de série. Il n'est pas sur la facture, ni dans le logiciel?
Que faut-il faire
Leewayphotography
From: John Waller
Sent: Monday, April 21, 2014 10:14 PM
To: leewayphotography
Subject: Serial number not valid when upgrading from LR4 to LR5 was:leewayphotography
Re: Serial number not valid when upgrading from LR4 to LR5 was:leewayphotography
created by John Waller in Photoshop Lightroom - View the full discussion -
MARS upgrade error : 6.0.7 to 6.0.8
Hello,
I have minor problem upgrading cs mars applience:
I've already tried several times to download this package directly from cisco.com, but unfortunately that did not helped me.
Maybe someone knows the solution for this problem?You can download the upgrade package to a local system and attempt to upgrade manually.
The upgrade package can be downloaded here:
http://www.cisco.com/cgi-bin/tablebuild.pl/cs-mars
You can then run the upgrade from the CLI using the pnupgrade command as outlined here:
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.1/command/reference/cref1.html#wp1139301
Or configure the GUI to access the file you downloaded.
Scott -
Routes not being followed after upgrade from ES to ES2
We are upgrading from ES to ES2 and now our routes are not working.
We have 2 routes leaving an AssignTask operation, Deny and Approve. The users get assinged their form, they make any required changes, and then click one of these buttons to complete the process. In ES this works fine. In ES2 they can see the buttons, but when they click them the route is not being followed and the process remains stuck at the AssignTask operation.
If they close the form they can use the approve or deny icons on the task summary panel but they loose any changes they have made.
Any help would be greatly appreciated.Behavior change...?
SELECT xmlelement("TestMsg",
xmlelement("MESSAGE",
XMLFOREST(m.tx_id "MsgNum",
m.tx_type "MsgTyp"
)) ut_xml
FROM (select 1 tx_id, 'test' tx_type from dual) m
will give output in 10.2.0.4.0 EE
UT_XML
<TestMsg>
<MESSAGE>
<MsgNum>1</MsgNum>
<MsgTyp>test</MsgTyp>
</MESSAGE>
</TestMsg>Edited by: Marco Gralike on Mar 29, 2011 1:07 PM -
Why upgrade from iOS 6.0.2 to 6.1?
Hi everybody!
What would the improvements on my iPhone5 be if I upgraded from iOS 6.0.2 to 6.1?
Is Maps any better?
Thanks for your help,
BerHi,
There are 2 patches one with little lock beside says security and released JAN-2008:
6637274 Oracle Database Family: Patch
ORACLE 10G 10.1.0.5 PATCH 21 BUG FOR WINDOWS 32 BIT 10.1.0.5 15-JAN-2008 59M View Readme Download Now
One without little lock which says General and released MAR-2008:
6751853 Oracle Database Family: Patch
ORACLE 10G 10.1.0.5 PATCH 22 BUG FOR WINDOWS 32 BIT 10.1.0.5 04-MAR-2008 60M View Readme Download Now
Which one to apply?
Thanks -
Cs-mars upgrade, data corruption
Hi,
anyone know if exists a way of do an upgrade of CS-MARS and don't lose the configuration of the log parsers created manually for non Cisco equipments? During an upgrade we got this data corrupted...
Thank you.
Best regards,Which version did you upgrade from? The new version 6.x allows yout o export/import customer parsers so that this problem does not occur.
Have a look at this link:
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/user/guide/combo/cfgCustm.html#wp657726
Regards
Farrukh
Maybe you are looking for
-
ECM - roll up functionality in ECM when a manager left the company
Hi Experts, When a Manager B reports to Manager A. Manager B leaves the company and has 5 employees reporting to him; his position is now vacant in SAP. Should Manager A now see the 5 employees that reported to Manager B in Manager Au2019s list of
-
How can I sync my ical local calendar with my icloud calendar
Hi there In our company is it forbidden to install a new software, but i can sync my macbook with our exchange server. Now I want sync my iCal with Exchange and then my iCloud with my iCal Can I do this? thx
-
How to use true type font in smartform with ECC6
hi,expert: I want to use true type font "Comic Sans MS.ttf". I upload this font file by SE73 named ZTT2I. In SE73.. select the Radio button "Font Families" And click on the "True type Font Installation" button. click the font attribute ITALIC. Our pr
-
IPad crashed after attempting to install iOS 5.1
I attempted to update my iPad to iOS 5.1. When I did, I got a blue screen. I can not start my iPad, and it appears to have crashed. It won't even start up enough to restore. Any ideas?
-
I am trying to update to 10.1.1 from 10.1.0 in order to install swf files. With 10.1.0 I keep getting a 1 frame swf that doesn't play. Reading this forum I found that I may need 10.1.1 for Flash 8 files. This is the link I went to: 10.1.1updateAfter