MGCP flow problem - ASA
The following is the setup and the problem we have:
* MGCP call agent -- ASA 5510 -- vpn tunnel -- linksys -- MGCP gateway
* VPN tunnel setup is in aggresive mode (initiated as needed from linksys).
* When MGCP call agent is up but the vpn tunnel is still down, MGCP traffic (udp/2427) tried to reach gateway and failed --> this is as expected.
* Next, linksys brings up the vpn tunnel
* Any other IP traffic can go through the tunnel, but not MGCP traffic from call agent to gateway.
* Checked from packet tracer: it passed phase 1 & 2 (checking the flow), it found existing flow and used that flow. Then it stuck there, looks like it didn't know where to go next (no ACL or route checking).
We noticed that the annoying following workaround will make the MGCP goes through.
* shutdown MGCP call agent
* disconnect vpn tunnel from linksys
* system reload the ASA5510
* after ASA5510 is up, linksys initiate the vpn tunnel
* after vpn is up, bring up MGCP call agent
* MGCP traffic goes through the tunnel
It seems like ASA MGCP flow table is not updated if there is status change in VPN tunnel. Any idea how to fix this ?
Thanks for the reply.
However that wasn't mgcp ispection issue, it was more on dynamic vpn configuration issue. The setup is dynamic vpn initiated from remote sites (aggresive mode).
Worked with Cisco TAC and got the workaround. Following is the summary, hope it's useful.
1. Previous dynamic vpn config was:
crypto dynamic-map outside_dyn_map 20 set transform-set VPNHigh
When the tunnel was down and the call agent (central) was sending traffic to the call gateway (remote), the ASA created a connection to send the traffic out in the clear as it didn't match any crypto access-list due to the tunnel being dynamic.
2. The call agent (cetral) continued to attempt to send traffic to the call gateway (remote), which kept the conn up, even when the tunnel came up.
3. When the tunnel came up, the ASA continued to use the existing conn and sent the traffic out in the clear.
4. This is very similar to bug: CSCse36327 - GRE Packets are no longer encrypted and are sent out in the clear
http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCse36327
Even though that mentions GRE, it's the same issue.
5. After the tunnel was up and "clear local-host " was issued, the conn was torn down and a new conn was built to go over the tunnel.
6. To avoid this situation, a crypto acl for this dynamic tunnel was created:
access-list dyn-mgcp line 1 extended permit ip
crypto dynamic-map outside_dyn_map 20 match address dyn-mgcp
crypto dynamic-map outside_dyn_map 20 set transform-set VPNHigh
crypto dynamic-map outside_dyn_map 40 set transform-set VPNHigh
Now, when the call agent (central) sends traffic to the call gateway (remote) when the tunnel is down, the ASA drops the packets and doesn't build a conn until the tunnel is brought up.
7. This was tested by bringing down the tunnel and watching incoming packets from the call agent (central) to the call gateway (remote) and verified they weren't being sent out in the clear. The tunnel up was brought up and traffic started being passed between the call agent and the call gateway.
Similar Messages
-
I recently upgraded to iTunes 10.1.2 but I am unable to bring up coverflow. When I try to iTunes shuts down. Any ideas? On my Apple TV it doesn,t show any album artwork, could this be why?
I just installed iTunes 7 and supposedly got all the
album art for my songs. Now the problem is when go
to view cover flow it says it cannon be viewed on my
computer. What could be the problem?
I'm having the same cover flow problem on my imac using system 10.4.7 - itunes 7- says cover flow can not be viewed on this computer. Cover art shows on the other views - just not cover flow - Any ideas??? -
I recently converted to Mavericks. I'm finding that when I view files in 'cover flow' and delete a file from the list the picture of the file does not simultaneously delete and so become out of sync with the list. Anyone have this problem? a solution?
I had the same problem. You may need to fix this in the music library in iTunes. (right) Click on the album title info and choose Get Album Artwork. Some tracks don't have artwork and others pick up different artwork than you expect. You can live with what it has or upload your own if you prefer.
-
Album view and Cover Flow problem
Well, im going to get one of the new ipods soon and they have that Cover Flow feature which is pretty cool. Anyway i have a problem, when i try and sort them by album, i go to Album View and even if the album names are the same, they arnt in the same box, because they have various artists. Ill show some pics now.
http://img530.imageshack.us/img530/9604/probz1nm0.jpg
See how they arnt in the same box because of their artists? Then when i go to Cover Flow tab, to see how it will look on my ipod it comes up like this
http://img530.imageshack.us/img530/6366/probz2wu4.jpg
All the ones without artcovers so far, are all the songs from the album "MOS" like you saw in the previous picture. So does anyone know how to fix that problem? Because i dont want like 20 MOS albums showing up on the Ipod with only 1 song in each of them when i can have them all in one.
ThanksYou need to select the "Compilation" button on each to overide the fact that there is a different artist for each song. think about it, the chances of two different artists having the same name for an album is pretty big. How is any music jukebox supposed ot know that they're the same....
select all the songs, open apple/control "I" and click on compilations on bottom right. -
IP-sec site-to-site problem ASA ver 9.1 vs IOS
Hi all,
I'm trying to set up site-to-site vpn between ASA and IOS router, but unsuccessful,
logs are :
1) this end is not behind a nat device
2) Received encrypted packet with no matching SA
the networks are:
172.25.0.0 (inside of ASA) A.A.A.A (outside of ASA) is needed to connect to IOS Router B.B.B.B address with 192.168.1.0 inside network
Below are configs:
ASA:
ASA-5505# sh run
: Saved
ASA Version 9.0(1)
hostname ASA-5505
domain-name 1.kz
names
ip local pool vpn_pool_ASA-5505 192.168.172.2-192.168.172.100 mask 255.255.255.0
ip local pool SAME_NET_ALA 172.25.66.200-172.25.66.210 mask 255.255.255.0
interface Ethernet0/0
switchport access vlan 2
speed 10
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 172.25.66.15 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address A.A.A.A 255.255.255.252
ftp mode passive
clock timezone ALMST 6
clock summer-time ALMDT recurring last Sun Mar 0:00 last Sun Oct 0:00
dns server-group DefaultDNS
domain-name 1.kz
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_172.25.66.0_24
subnet 172.25.66.0 255.255.255.0
object network NETWORK_OBJ_192.168.172.0_25
subnet 192.168.172.0 255.255.255.128
object network NETWORK_OBJ_172.25.66.192_27
subnet 172.25.66.192 255.255.255.224
object network ALA_office
subnet 192.168.1.0 255.255.255.0
object network NETWORK_OBJ_172.25.0.0_16
subnet 172.25.0.0 255.255.0.0
access-list SAME_NET_ALA_splitTunnelAcl standard permit 172.25.66.0 255.255.255.0
access-list SAME_NET_ALA_splitTunnelAcl standard permit 10.0.0.0 255.0.0.0
access-list SAME_NET_ALA_splitTunnelAcl standard permit 172.0.0.0 255.0.0.0
access-list VPN-OUT-INS extended permit ip 192.168.172.0 255.255.255.0 any log
access-list VPN-IN-INS extended permit ip any any log
access-list VPN-OUT-OUT extended permit ip any 192.168.172.0 255.255.255.0 log
access-list VPN-OUT-ALL standard permit any4
access-list net172 standard permit 172.25.0.0 255.255.0.0
access-list net10 standard permit 10.0.0.0 255.0.0.0
access-list outside_cryptomap extended permit ip object NETWORK_OBJ_172.25.66.0_24 object ALA_office
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static NETWORK_OBJ_172.25.66.0_24 NETWORK_OBJ_172.25.66.0_24 destination static NETWORK_OBJ_192.168.172.0_25 NETWORK_OBJ_192.168.172.0_25 no-proxy-arp route-lookup
nat (inside,outside) source static obj_any obj_any destination static NETWORK_OBJ_172.25.66.192_27 NETWORK_OBJ_172.25.66.192_27 no-proxy-arp route-lookup
nat (inside,outside) source static NETWORK_OBJ_172.25.66.0_24 NETWORK_OBJ_172.25.66.0_24 destination static ALA_office ALA_office no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
nat (inside,outside) after-auto source dynamic any interface
access-group VPN-IN-INS in interface inside
access-group VPN-IN-INS out interface inside
route outside 0.0.0.0 0.0.0.0 88.204.136.165 1
route inside 10.0.0.0 255.0.0.0 172.25.66.1 2
route inside 172.0.0.0 255.0.0.0 172.25.66.1 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 172.25.66.16 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set Alma-set esp-aes esp-sha-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set peer B.B.B.B
crypto map outside_map 1 set ikev1 transform-set Alma-set
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 1
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto ikev1 policy 5
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
enable outside
no anyconnect-essentials
group-policy web_access internal
group-policy web_access attributes
vpn-tunnel-protocol ssl-clientless
webvpn
url-list value PRTG
group-policy SAME_NET_ALA internal
group-policy SAME_NET_ALA attributes
dns-server value 8.8.8.8
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SAME_NET_ALA_splitTunnelAcl
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
vpn-tunnel-protocol ikev1
group-policy GroupPolicy_to_ALA internal
tunnel-group SAME_NET_ALA type remote-access
tunnel-group SAME_NET_ALA general-attributes
address-pool SAME_NET_ALA
default-group-policy SAME_NET_ALA
tunnel-group SAME_NET_ALA ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group web_access type remote-access
tunnel-group web_access general-attributes
default-group-policy web_access
tunnel-group B.B.B.B type ipsec-l2l
tunnel-group B.B.B.B general-attributes
default-group-policy GroupPolicy1
tunnel-group B.B.B.B ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect http
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:932099620805dc22d9e48a5e04314887
: end
and IOS Router:
R1921_center#sh run
Building configuration...
Current configuration : 6881 bytes
! Last configuration change at 12:22:45 UTC Fri Aug 29 2014 by yerzhan
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R1921_center
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
aaa new-model
aaa authentication login userauthen local
aaa authorization network groupauthor local
aaa session-id common
ip cef
ip domain name yourdomain.com
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-260502430
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-260502430
revocation-check none
rsakeypair TP-self-signed-260502430
crypto pki certificate chain TP-self-signed-260502430
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32363035 30323433 30301E17 0D313331 31323630 35343131
355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3236 30353032
34333030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C178A16C 26637A32 E2FE6EB2 DE63FC5D 2F4096D2 1A223CAF 52A122A1 F152F0E0
D2305008 FA312D36 E055D09C 730111B6 487A01D5 629F8DE4 42FF0444 4B3B107A
F6439BA2 970EFE71 C9127F72 F93603E0 11B3F622 73DB1D7C 1889D57C 88C3B141
ED39B0EA 377CE1F7 610F9C76 FC9C843F A81AEFFE 07917A4B 2946032B 207160B9
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 1680146B B9F671FA BDD822DF 76802EEA 161D18D6 9B8C4030 1D060355
1D0E0416 04146BB9 F671FABD D822DF76 802EEA16 1D18D69B 8C40300D 06092A86
4886F70D 01010505 00038181 00B0C56F F1F4F85C 5FE7BF24 27D1DF41 7E9BB9CE
0447910A 07209827 E780FA0D 3A969CD0 12929830 14AAA496 0D17F684 7F841261
56365D9C AA15019C ABC74D0A 3CD4E002 F63AA181 B3CC4461 4E56E58D C8237899
29F48CFA 67C4B84B 95D456C3 F0CF858D 43C758C3 C285FEF1 C002E2C5 DCFB9A8A
6A1DF7E3 EE675EAF 7A608FB7 88
quit
license udi pid CISCO1921/K9 sn FCZ1748C14U
redundancy
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
crypto isakmp policy 5
encr aes 256
authentication pre-share
group 2
crypto isakmp key PSK-KEY address A.A.A.A
crypto isakmp key 6 PSK-KEY address 0.0.0.0
crypto isakmp client configuration group ALA-EMP-VPN
key *.*.*.*
dns 8.8.8.8
domain cisco.com
pool ippool
acl 101
netmask 255.255.255.0
crypto ipsec transform-set dmvpn_alad esp-3des esp-md5-hmac
mode transport
crypto ipsec transform-set myset esp-3des esp-md5-hmac
mode tunnel
crypto ipsec transform-set TRIPSECMAX esp-3des esp-md5-hmac
mode transport
crypto ipsec transform-set AES-SHA esp-aes esp-sha-hmac
mode tunnel
crypto ipsec profile MAXPROFILE
set transform-set TRIPSECMAX
crypto ipsec profile dmvpn_profile
set transform-set dmvpn_alad
crypto dynamic-map dynmap 10
set transform-set myset
reverse-route
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 20 ipsec-isakmp
set peer A.A.A.A
set transform-set AES-SHA
match address VPN_ASA_PAV
interface Loopback1
ip address 10.10.10.10 255.255.255.255
interface Tunnel2
ip address 192.168.101.1 255.255.255.240
no ip redirects
ip nhrp authentication NHRPMAX
ip nhrp map multicast dynamic
ip nhrp network-id 4679
ip ospf network broadcast
ip ospf hello-interval 30
ip ospf priority 10
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 4679
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description to_LAN
ip address 192.168.1.253 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
description to_ISP
ip address B.B.B.B 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto map clientmap
router ospf 100
auto-cost reference-bandwidth 1000
area 0 authentication message-digest
area 192.168.1.0 authentication message-digest
redistribute static subnets
passive-interface default
no passive-interface Tunnel1
network 10.10.10.10 0.0.0.0 area 192.168.1.0
network 192.168.1.0 0.0.0.255 area 192.168.1.0
network 192.168.222.0 0.0.0.15 area 0
router ospf 1
router-id 1.1.1.1
redistribute static subnets
passive-interface default
no passive-interface Tunnel2
network 10.10.10.10 0.0.0.0 area 192.168.1.0
network 192.168.1.0 0.0.0.255 area 192.168.1.0
network 192.168.101.0 0.0.0.15 area 0
ip local pool ippool 192.168.33.1 192.168.33.20
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 111 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.1.11 22 B.B.B.B 8022 extendable
ip route 0.0.0.0 0.0.0.0 B.B.B.C
ip access-list extended ACL-NAT
deny ip 192.168.1.0 0.0.0.255 172.25.0.0 0.0.255.255
permit ip any any
ip access-list extended ACL-VPN
permit ip 192.168.1.0 0.0.0.255 172.25.0.0 0.0.255.255
ip access-list extended VPN_ASA_PAV
permit ip 192.168.1.0 0.0.0.255 172.25.66.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.33.0 0.0.0.255
access-list 111 deny ip 192.168.1.0 0.0.0.255 192.168.33.0 0.0.0.255
access-list 111 permit ip any any
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 0 0
privilege level 15
transport input telnet ssh
line vty 5 15
exec-timeout 0 0
privilege level 15
transport input telnet ssh
scheduler allocate 20000 1000
endDear Richard,
they are mirrorly matches from both sides.
ASA:
access-list outside_cryptomap extended permit ip object NETWORK_OBJ_172.25.66.0_24 object ALA_office
object network NETWORK_OBJ_172.25.66.0_24
subnet 172.25.66.0 255.255.255.0
object network ALA_office
subnet 192.168.1.0 255.255.255.0
IOS:
ip access-list extended VPN_ASA_PAV
permit ip 192.168.1.0 0.0.0.255 172.25.66.0 0.0.0.255 -
Aside from Pages not importing Word (from a Mac) properly when there's columns involved I have another column problem.
I'd like to find a way to make a document that has two equal side-by-side columns, lets call them Column A on the left and Column B on the right. So when I start typing in Column B on the right and reach the bottom of the page the text continues on that new page in Column B.
As far as I can tell it's impossible to do this as every time I reach the end of a page, the text jumps to the left into Column A. Is there any way to set it up so when you type in one column pages automatically jumps to that same column on the next page without having to add section or layout or column breaks for every single page?
This is a bit of a nightmare. It seems Pages can't do a simple two column document as it insists on linking them together for every new page it creates as you type text.
Can anyone help me?There are definitely some liimitations in how Pages handles its flow of information. I dislike the fact that once you have placed your pages the way you want from the pages within a template there is no way of having the text automatically flow from one to the next (irritating since some of my templates are designed to be journals)
Pages won't do what you want. I am sure there are programs which are better suited to do so because they are designed for that particular market. I thank you, however for not stamping your feet and demanding that it be the very next thing for them to accomplish on their growing list of things to do next.
(and I tried a few different things, hoping to figure out a way to do this. One of which was to design a templlate which was half the width of a sheet of paper. It was determining what was placed on the second side which was difficult.)
now, of course, depending on how long your document was going to be you could try something different by making an infinitely long sheet of paper. At every point where the header would be you just incorporated a text box or shape with a wrap so your text would skip down to the next virtual page.
Of course, this sounds like far more work, and distracting to the natural creation process of a writer. Find the software which removes itself from your creative juices and lets you concentrate on being the awsome writer you are.
Just my 2¢ CDN (about half a penny US.)
Gerry. -
Hi,
When I am executing The Bapi in Ecc6.0 its goes to Short dump.
Short Dump error is:page area over flow in abap/4 memory.
This is very Urgent please suggest me how to overcome this short dump.
regards,
babuhi
https://forums.sdn.sap.com
abapcode.blogspot.com
ABAP/4 programs can take a very long time to execute, and can make other processes have to wait before executing. Here are some tips to speed up your programs and reduce the load your programs put on the system:
Use the GET RUN TIME command to help evaluate performance. It's hard to know whether that optimization technique REALLY helps unless you test it out. Using this tool can help you know what is effective, under what kinds of conditions. The GET RUN TIME has problems under multiple CPUs, so you should use it to test small pieces of your program, rather than the whole program.
Generally, try to reduce I/O first, then memory, then CPU activity. I/O operations that read/write to hard disk are always the most expensive operations. Memory, if not controlled, may have to be written to swap space on the hard disk, which therefore increases your I/O read/writes to disk. CPU activity can be reduced by careful program design, and by using commands such as SUM (SQL) and COLLECT (ABAP/4).
Avoid 'SELECT *', especially in tables that have a lot of fields. Use SELECT A B C INTO instead, so that fields are only read if they are used. This can make a very big difference.
Field-groups can be useful for multi-level sorting and displaying. However, they write their data to the system's paging space, rather than to memory (internal tables use memory). For this reason, field-groups are only appropriate for processing large lists (e.g. over 50,000 records). If you have large lists, you should work with the systems administrator to decide the maximum amount of RAM your program should use, and from that, calculate how much space your lists will use. Then you can decide whether to write the data to memory or swap space. See the Fieldgroups ABAP example.
Use as many table keys as possible in the WHERE part of your select statements.
Whenever possible, design the program to access a relatively constant number of records (for instance, if you only access the transactions for one month, then there probably will be a reasonable range, like 1200-1800, for the number of transactions inputted within that month). Then use a SELECT A B C INTO TABLE ITAB statement.
Get a good idea of how many records you will be accessing. Log into your productive system, and use SE80 -> Dictionary Objects (press Edit), enter the table name you want to see, and press Display. Go To Utilities -> Table Contents to query the table contents and see the number of records. This is extremely useful in optimizing a program's memory allocation.
Try to make the user interface such that the program gradually unfolds more information to the user, rather than giving a huge list of information all at once to the user.
Declare your internal tables using OCCURS NUM_RECS, where NUM_RECS is the number of records you expect to be accessing. If the number of records exceeds NUM_RECS, the data will be kept in swap space (not memory).
Use SELECT A B C INTO TABLE ITAB whenever possible. This will read all of the records into the itab in one operation, rather than repeated operations that result from a SELECT A B C INTO ITAB... ENDSELECT statement. Make sure that ITAB is declared with OCCURS NUM_RECS, where NUM_RECS is the number of records you expect to access.
If the number of records you are reading is constantly growing, you may be able to break it into chunks of relatively constant size. For instance, if you have to read all records from 1991 to present, you can break it into quarters, and read all records one quarter at a time. This will reduce I/O operations. Test extensively with GET RUN TIME when using this method.
Know how to use the 'collect' command. It can be very efficient.
Use the SELECT SINGLE command whenever possible.
Many tables contain totals fields (such as monthly expense totals). Use these avoid wasting resources by calculating a total that has already been calculated and stored.
verify if it can give an idea to the question. -
Mail flow problem after upgrade from cu1 to sp1
I have update Exchange server 2013 CU1 to SP1 (CAS Role). After upgrade mail cannot flow. all the mail are stuck.
CAS server use to mail flow outside and receive from outside. but The problem is this CAS server mail flow not work after upgrade exchange server 2013 CU1 to SP1.
Please give suggest.
ThanksI didn't connect to queue viewer as because the version of exchange 2013 server are different. in the environment two CAS server and two Mailbox server. i just update one CAS server into SP1. and another CAS in CU3. Mailbox 01 is CU3 and Mailbox 02 is CU
1. So their is version difference in the environment.
So, when i update CAS server to SP1. That server is not working for mail flow.
Please suggest. -
Internal order work flow problem
Both WF issues are related to internal orders , Transaction KO03
==========
Example for 1 st case
consider A , 1 , 2, 3 , 4 are approvers
A --->>>> 1) , 2) , 3) , 4)
if A doesnt approved in 3 days , then it go to 1 , 2, 3, 4
after 3 days , any one of them 1, 2 ,3 , 4 can approve it
3 days passes , but before any one of them approve , its already approved by A
all of 1, 2 , 3, 4 have mail in their inbox for approval , but
here work flow is completed , what work flow is supposed to do , it does
, but in status error is coming .
why this is error is coming , even when workflow completed and workflow does its job
==========
Second problem
one user X have approved , after its approval status should change to approved ,
but it is not changing and it is showing status in process .
therefore work flow monitoring team , who is checking which WF request are still in process
again initiating workflow .
Now again same cycle repeats , it again comes to inbox of same user , who earlier approves.
Please suggest why status is not changing , even after approval , why it is showing status in process
and why same user X , who earlier approves it , getting mail in its inbox for approving it.What is G/R?
-
I have a process flow in dev A---->B--->C----->D--->Send Success Email.
This is running fine in dev. But I exported it and imported in my test env.
Now my process flow is not behaving correctly.
It runs A and D together parallelly and it does not run B and C at all.
I don't know what seems to be the problem. I checked everything and
it looks the same. Any help is appreciated. Thank you.This bit of SQL will highlight duplicated transitions, execute as repository owner.
SELECT aip.package_name
,aipt.process_name
,aipt.source_activity_name
,aipt.target_activity_name
,aipt.transition_name
FROM all_iv_process_transitions aipt
,all_iv_processes aip
WHERE (source_activity_id, transition_order) IN (
SELECT source_activity_id
,transition_order
FROM all_iv_process_transitions
GROUP BY source_activity_id
,transition_order
HAVING COUNT (*) > 1)
AND aipt.process_id = aip.process_id
AND aip.package_name = 'SS_LOAD' -- substitue your process flow package name
ORDER BY source_activity_id
,transition_order
Cheers
Si -
Photoshop CS6 color flow problem
Hey there!
I have returned once again to these forums because I seek help with Photoshop. I haven't used PS in a few months so it might be just me not remembering the correct settings OR a technical problem, but I seem to be having problem with color flow...
Here's what happens: Whenever I select a normal hard brush and try to paint with it the color flow stays the same and only becomes noticeable at around 20%, merely on the edges of the brush. On top of that the color values stay the same in the middle of the line I draw when flow is between 100% and 10%. I've tested and confirmed this with eyedropper tool.
However if I just click with the brush and don't drag it along the canvas the flow works just fine anywhere between 100% and 1%. Because of this it's impossible to mix colors on screen and shade artwork properly. I don't know if I need to check/uncheck certain settings, but I can't seem to find a reason why it's acting like this, nor can I fix this on my own. Could there be a problem with my tablet?
I really hope someone can help me with this. I've searched the internet for answers but couldn't find any so my last resort was to write on official Adobe forums. Thanks in advance for taking your time and reading my post.
Have a nice day!
Jerry
P.S. I've made a simple diagram to show you my problem and included it in an image below:This worked in a way... I did exactly what you wrote, I changed the spacing to 100%(or more) and now the color flow is definitely noticeable no matter what it's value in % is, but my brush stroke turns into a series of connected dots.. I remember reducing the spacing from a default value of 25% to 1% on all of my brushes exactly because of this.
If I turn the spacing back down and below 100% to a more reasonable value the dots will start to overlap and the brush stroke will become smoother, but the color flow will become less and less visible as the % of the spacing decreases.
This is the solution I've come up with: In order to compensate for the visible overlapping at larger brush sizes AND keep the color flow functioning I increased the document resolution a few times and then pressed Control + 0 to fit the canvas on my screen. When you have a big canvas the large brush becomes much smaller and you can't really see the overlapping anymore, while still being able to maintain control of the flow of color.
But is that really the only way?
Also, what would you say is the optimal spacing value? -
I have a dimension named "flow" which contains information about the different flows in the application like opening , adjustments, sales and closing.
Also, i have an account dimension. Since customer had to track opening, closing for certain account items i had to create the flow dimension.
My application has weeks in it and then month, qtr and year.
The problem i am facing is that though i am able to write correct opening and ending balance script on flows but the week total is displayed at the month level and similarily monh total on the qtr level rather that opening i.e. first and closing i.e. last value for summary time periods.
Since this is not an account dimension, I cannot use time balance properties to resolve.
Plz help how i can solve thispleaseeeeeeeeeeeeeee? You sound like my children.
accessing action like ExecuteWithParams in java methodWhen you run the application, make sure you are running the task flow view activity, and not the JSPX page directly. The easiest way to check if you are is to look at the URL you're using. If the URL has a ".jspx" in it, you're doing it wrong - try removing the ".jspx"
john -
Using [subform].keep.next to fix flow problems?
Hi,
I have a dynamic form with many subforms, and I am having trouble getting certain subforms which function as headers to stay on the same page as their body subforms when they are flowed. I tried using the "Keep with Next" property in the GUI for the header subform, but that seems to pertain to content areas, which I am not using, and does not work for me... it elicits strange behavior from some of the subforms where they are completely rearranged at runtime or when I click the "next" button in design.
I was excited to find that you can specify to keep a subform with the next object using javascript through the "subform.keep.next = 'pageArea'" syntax... but I can' t get that to work either.
It seems that the scripting modules are only triggered by events, so under what event do I put my script to specify this property?
I can't post the form itself, because it contains some proprietary info from my company, but I'll try to describe what going on in the form below:
The form is saved as a dynamic form, is set to run in Adobe 7.0.5 or later, and the text formatting and event model are set to version 7. My LiveCycle version is 8.2.1.
I have many categories of options which users can pick from on my form. Each category has a subform with a text header and a drop-down list of "yes" or "no", and then another main subform or two that contain the actual options. If they don't wish to use any options form a particular category, the user can pick "no" from the drop-down in the header subform and the next subform(s) containing the options for that category is hidden. Of course, once one subform is hidden, the subforms coming after move up and the pagination changes.
The layout looks like this:
>MainForm
>Page1 (flowed)
>Subform1_Header (positioned)
>Subform1_Body (flowed, so that internal subforms can be split across pages)
>Subform1a_BodyOptions (positioned)
>Subform1b_BodyOptions (positioned)
>Subform2_Header (positioned)
>Subform2_Body (flowed, so that internal subforms can be split across pages)
>Subform2a_BodyOptions (positioned)
>Subform2b_BodyOptions (positioned)
>Page2 (flowed)
>Subform3_Header (positioned)
>Subform3_Body (flowed, so that internal subforms can be split across pages)
>Subform3a_BodyOptions (positioned)
>Subform3b_BodyOptions (positioned)
This hiding/showing works fine when all of the categories are visible, but when one or more is hidden and the next subforms move up, the header subforms are often set as the last thing on a page, with their options, which are much longer, being pushed to the next page. I want to always make sure that no matter how the subforms are flowed, the header stays with its options on the same page. I tried putting the above script to keep with next on the exit event of the drop-down list, which is what triggers the hiding on the subforms, but I don't see any results.
I am not using content areas because I am not using master pages... my subforms are all totally different sizes, so I don't know how to make a master page to fit all. Right now I just have a flowed regular page object containing my subforms for each page on the form that exists when all of the subforms are showing. I don't know if maybe my problem is that I'm not using the page objects or master pages as I should? Ideally this layout should just be one long page-break-less list of subforms that paginate dynamically depending on what sets of options the user wants, but I can't figure out how to make this work.
Any help at all would be appreciated.
-JessThanks for the smaple, djaknow
The thing is, the objects in my body subforms are all static themselves... the expanding doesn't happen when a user types in too much information to fit in the subform. It's hiding/showing of the subforms which make other subforms move up or down
I have tried using the "keep with next" option as you have done for the second header/subform combo. Try using it on the subform called "sub13ExportOptionsHeader" in my sample, under page 4. For me, when I select this the whole subform jumps down so that it is located between sub14a_sec2 and sub14a_sec3 in the layout.
I had previously tried using these options on an earlier version of the form and had no problems like this at desgin time, when I previewed in LiveCycle, or when I tested it in Acrobat 9. However, when I tested the form in Acrobat 8, I had similar issues... when certain subforms were hidden, some of the still visible subforms were rearranged so that they were not in the correct order anymore. I never truly resolved this issue; the only thing that fixed it was to have neither Keep With Previous or Keep With Next selected for every subform. -
Approval Flow problem for the newly created user
Dear friends.
We have a new user .
The approval flow is not starting for her shopping carts.
I have checked YAM to see the cost centre but it is correct.
What could be the problem and how do i check the workflow.
I am not much into the technical side of SRM.Hi,
You can use Tx BBP_PD with Shopping cart number, Alo you can view the workflow logs in swi1 or swi2_freq. Then you can check starting conditions
BR
Reward if helpful -
OK, so this is what I am working with...
All Graphic Designers are on Mac OSX Snow Leopard running Adobe InDesign CS5
All Editors/Writers are on PC (various versions of windows?) running Adobe InCopy CS6
We are all working off a server to share these files...
This is our current "work flow", I've created .icmt files for the Editors/Writers to start their content in.
I have also created .indt files for the Graphic Designers to start the layout process.
Once the Editors/Writers have opened a .icmt file and entered the content, they save the file out as .icml files, then notifies the Designers that the content is ready to be placed.
The Designer then opens the .indt file and places the .icml files into the layout (this document usually runs about 16 letter size pages with approximately 30 assignments (.icml files)).
The file is then saved as a .indd file.
Now during the editing process while the designer is still laying out the document, the Editor/Writer opens the .indd file in InCopy and checks out an assignment to start their edits... and on several occasions after spending a good amount of time on edits, they check it back in, but they lose ALL of their edits that they just made??? What are we doing wrong here (sometimes it works, sometime it doesn't)?
If anyone could help me, i'd very much appreciate it.
Thanks!Hello. I am recently having problems with my
PowerBook. Hope you guys could help out =)...
Firstly, I am having that 'beach ball problem' where
the color beach ball keeps spinning and spinning when
I'm loading applications or even using Safari.
Secondly, I went to Disk Utility and did a 'Verify
Disk Permissions'. My results are as follows:
Verifying volume “Macintosh HD”
Volume Header needs minor repair
The volume Macintosh HD needs to be repaired.
Error: The underlying task reported failure on exit
1 HFS volume checked
Volume needs repair
I'm so lost and worried now! My questions is, my hard
disk going to crash or something? I have no backup at
all! Help Help!
PowerBook G4 15-inch Mac OS X
(10.4.3)
Don't know about the beach ball. But the message indicates that the disk is probably OK. However, you cannot repair a disk while the system has it mounted; esp. the startup disk. You have to startup up using another disk; e.g., the install CD/DVD. Then you can run the disk utility and repair your main disk.
Maybe you are looking for
-
Getting the error LOG file opened at 01/29/07 18:13:12 while selecting from
I am getting following error in log file while selecting from a external table LOG file opened at 01/29/07 18:13:12 KUP-04040: file test.csv in UTL not found. I am follwoing the following steps: connect as sys user : CREATE OR REPLACE DIRECTORY UTL a
-
Is their any way to remove headers and footers in numbers 09?
Is their any way to remove headers and footers in numbers 09?
-
Empty files are getting created at receiver FTP server
Hi Experts, I have an Idoc to File scenario where I am sending an XML file to receiver FTP server. Scenario is working fine but sometimes an empty file is getting generated at receiver FTP server. I have already selected ignore empty file at receiver
-
Extract text from PDF without opening PDF in window C#
Hello, I'm creating a application for searching text in PDF's. I found some code wich uses the SDK from Acrobat (Installed on my system). But all the snippets I find seem to open a PDF window and then extract the text. Is it possible to extract the t
-
No sales organizations in the list
When create any sales document error message "Enter a sales organization" appears but no Sales Organization exists in the list. The org. structure is created according to C01_BB_ConfigGuide. When editing a business partner in Sold-to-party role, no s