Multicast (clustering) behind a VPN

Hi all,
When I work from home over a VPN, I can't get 2 WLS 9 servers (on my laptop) to form a cluster. I get these errors in the log:
<Aug 14, 2009 4:30:02 PM CDT> <Error> <Cluster> <BEA-000170> <Server busB did no
t receive the multicast packets that were sent by itself>
<Aug 14, 2009 4:30:02 PM CDT> <Critical> <Health> <BEA-310006> <Critical Subsyst
em Cluster has failed. Setting server state to FAILED.
Reason: Unable to receive self generated multicast messages>
I've tried setting the interface address to blank, localhost, 127.0.0.1, and the VPN-assigned ip address. I've also tried increasing the ttl. I get the same results every time.
I also tried using various multicast test utilities but they don't seem to receive their own messages, either.
I know to get Oracle Coherence to cluster behind a VPN at startup I have to set a well-known address property to my IP address.
This is with WLS 9.2.3 and XP Pro. Any idea what I can do with WLS?
thanks

Have you attempted to set up a MS Loopback Adapter and binding the WLS servers to that network interface? Not sure if it'll work, just an idea.

Similar Messages

  • Multicast via Remotes Access VPN (ASA)

    Hi all,
      I have an ASA 5505 that I would like to use as a head end device for several customers to RA into so they can access our TEST network.  The trouble is that the TEST net provides multicast video streams that my clients need to see.  I am currently doing this with a Windows Server and Clients via L2TP.  How can I do this with the ASA instead?  I know IPSEC doesn't support multicast.....can anything be done?

    Hi,
    Currently IPSec / Any connect doesn't support multicast over vpn tunnel. As you have now it is possible through L2TP with L2TP client / ASA / Windows Server or if you have IOS router it can be possible through DMVPN/GETVPN....
    Regards
    Karthik

  • 1720 VPN and Winproxy behind 826, VPN drop outs

    DSL into 826. Winproxy and 1720 into 826.
    1. Can the 826 prevent VPN traffic while allowing web traffic to flow thru Proxy?
    2. Does the Proxy server setting in IE connection override default gateway IP?
    The problem is that VPN clients have Default GW as IP to 1720 and proxy server WinProxy IP. Connections are unstable w/ no correlations. Web and VPN can both work or either or none.

    You could block all "non-proxy" access through the router by creating an access list doing so. The only IP you would allow through would be the proxy server's requests and then, only it's source address and proxy ports if you want to be very specific. As I understand it, when you configure a proxy setting in a browser, any request the browser makes (http, https, ftp, etc.) will be directed to only the proxy address and the default gateway will never be used. The PC would only use the default gateway for any non-browser client applications (VPN client software, telnet, ping, smtp, pop3, etc.) Of course, if you blocked all "non-proxy" traffic as I suggested, none of these applications wil work unless you modify your access list to allow them.

  • Multicast clustering IBM servers with N7K and 2k

         i have two severs IBM are working as a cluster and  connected to Fiber fabric extender 2K  using VPC as per attached diagram
         two IBM server are woriking fine  for network connectivity with N2k but the servers have a multicast named ( power HA 7.1) to work as acluster
          but i tried to configue multicat in N7K and N2k to server working as acluster but the servers are not working
         please advice me about the configuration in N7K and N2k  to working IBM servers as a cluster .

    One option is the IGMP querier:
    config t
      ip igmp snooping
      vlan 2
    switch(config-vlan-config)# ip igmp snooping querier 10.0.10.253
              (or a good source address of the interface)
    The other option is run PIM on the VLAN interface:
    feature pim 
    vlan 2
      ip pim sparse-mode
    Both has the same purpose: combined with IGMP snooping, the L3 interface will flood the VLAN with IGMP queries that traverse the inter-switch links. As a result, the inter-switch links will be included in the snooping port list. In turn,
    packets destined to 228.5.10.5 will be sent out the inter-switch link and reach the other server.
    Without the IGMP queries, 228.5.10.5 packets will not be sent from one switch to the other as it is not in the 224.0.0.0/24 range.

  • Multicast VPN support in RV042?

    Hello,
    A quick check of the user manual for the RV042 didn't reveal in crystal clarity whether the RV042 will tunnel multicast packets (between two RV042s).
    What I'd like to create is a VPN between two different offices. Some of the applications use multicast, and it's crucial that these apps 'see' each other in both offices (via VPN).
    The RV042 manual does mention a "multicast pass through" setting, but it didn't mention whether enabling this applies to a VPN connection established between the two offices, such that any multicast packet on LAN #1 is reflected to LAN #2 (and vice versa) through the VPN.
    Has anyone used RV042s to create a VPN between to locations/offices, and turned on multicast pass through? Have you found that apps which use multicast (e.g., iChat on Mac OS X, Bonjour advertised infranet websites, etc.) have their multicast traffic properly appear on both LANs?
    Thanks,
    Keith

    Are there any Cisco [or Linksys by Cisco] routers which support Multicast VPN (multicast packets tunneled over VPN)? Looks like there are a number of white papers on this topic, but I've yet to identify a particular model with this functionality.
    Thanks,
    Keith

  • I can connect my cisco mobile vpn but can't ping & access internal IP

    Hi somebody,
    i've configured mobile vpn configuration in cisco 7200 with GNS3. i can connect VPN to my cisco router with cisco vpn client software from outside. but i can't ping to internal ip and can't access internal resources.
    My Internal IP is 192.168.1.x . And IP for mobile VPN client from outside is 172.60.1.x.
    Your advise will be appreciate.
    here is my configuration with cisco 7200 in GNS 3,
    OfficeVPN_Router#sh run
    Building configuration...
    Current configuration : 2186 bytes
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname OfficeVPN_Router
    boot-start-marker
    boot-end-marker
    enable secret 5 $1$E0Gz$U8UzNtHOXy2CeoEFj30by0
    aaa new-model
    aaa authentication login userlist local
    aaa authorization network grouplist local
    aaa session-id common
    ip cef
    no ip domain lookup
    username asm privilege 15 password 0 pncsadmin
    username user privilege 15 password 0 pncsadmin
    username user1 privilege 15 password 0 pncsadmin
    username cisco123 secret 5 $1$lCOc$Db.e8AFd/0f02ZI4/aeV./
    crypto isakmp policy 10
    encr aes
    authentication pre-share
    group 2
    crypto isakmp client configuration group MWG
    key cisco
    dns 165.21.83.88
    pool vpnpool
    acl 101
    netmask 255.255.0.0
    crypto ipsec transform-set myset esp-aes esp-sha-hmac
    crypto dynamic-map dynmap 10
    set transform-set myset
    reverse-route
    crypto map mymap client authentication list userlist
    crypto map mymap isakmp authorization list grouplist
    crypto map mymap client configuration address initiate
    crypto map mymap client configuration address respond
    crypto map mymap 10 ipsec-isakmp dynamic dynmap
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex half
    interface FastEthernet1/0
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    duplex full
    speed 100
    interface FastEthernet1/1
    ip address 200.200.200.200 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    crypto map mymap
    ip local pool vpnpool 172.60.1.10 172.60.1.100
    no ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 200.200.200.201
    no ip http server
    no ip http secure-server
    ip nat inside source list 111 interface FastEthernet1/1 overload
    access-list 101 permit ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
    access-list 111 deny   ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
    access-list 111 permit ip any any
    control-plane
    gatekeeper
    shutdown
    line con 0
    exec-timeout 0 0
    password cisco123
    logging synchronous
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    password cisco123
    end
    OfficeVPN_Router#sh ver
    Cisco IOS Software, 7200 Software (C7200-A3JK9S-M), Version 12.4(25), RELEASE SOFTWARE (fc2)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2009 by Cisco Systems, Inc.
    Compiled Tue 21-Apr-09 18:50 by prod_rel_team
    ROM: ROMMON Emulation Microcode
    BOOTLDR: 7200 Software (C7200-A3JK9S-M), Version 12.4(25), RELEASE SOFTWARE (fc2)
    OfficeVPN_Router uptime is 30 minutes
    System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0x0, BOOT_COUNT 0, BOOTDATA 19
    System image file is "tftp://255.255.255.255/unknown"
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    Cisco 7206VXR (NPE400) processor (revision A) with 245760K/16384K bytes of memory.
    Processor board ID 4279256517
    R7000 CPU at 150MHz, Implementation 39, Rev 2.1, 256KB L2 Cache
    6 slot VXR midplane, Version 2.1
    Last reset from power-on
    PCI bus mb0_mb1 (Slots 0, 1, 3 and 5) has a capacity of 600 bandwidth points.
    Current configuration on bus mb0_mb1 has a total of 600 bandwidth points.
    This configuration is within the PCI bus capacity and is supported.
    PCI bus mb2 (Slots 2, 4, 6) has a capacity of 600 bandwidth points.
    Current configuration on bus mb2 has a total of 0 bandwidth points
    This configuration is within the PCI bus capacity and is supported.
    Please refer to the following document "Cisco 7200 Series Port Adaptor
    Hardware Configuration Guidelines" on Cisco.com <http://www.cisco.com>
    for c7200 bandwidth points oversubscription and usage guidelines.
    3 FastEthernet interfaces
    125K bytes of NVRAM.
    65536K bytes of ATA PCMCIA card at slot 0 (Sector size 512 bytes).
    8192K bytes of Flash internal SIMM (Sector size 256K).
    Configuration register is 0x2102
    OfficeVPN_Router#

    Dear Javier ,
    Thanks for your info. i already tested as you say. but still i can't use & ping to my internal IP which is behind cisco VPN router. i posted my config file.
    OfficeVPN_Router(config)#ip access-list resequence 111 10 10
    OfficeVPN_Router(config)#do sh run
    Building configuration...
    Current configuration : 2201 bytes
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname OfficeVPN_Router
    boot-start-marker
    boot-end-marker
    enable secret 5 $1$E0Gz$U8UzNtHOXy2CeoEFj30by0
    aaa new-model
    aaa authentication login userlist local
    aaa authorization network grouplist local
    aaa session-id common
    ip cef
    no ip domain lookup
    username asm privilege 15 password 0 pncsadmin
    username user privilege 15 password 0 pncsadmin
    username user1 privilege 15 password 0 pncsadmin
    username cisco123 secret 5 $1$lCOc$Db.e8AFd/0f02ZI4/aeV./
    crypto isakmp policy 10
    encr aes
    authentication pre-share
    group 2
    crypto isakmp client configuration group MWG
    key cisco
    dns 165.21.83.88
    pool vpnpool
    acl 101
    netmask 255.255.0.0
    crypto ipsec transform-set myset esp-aes esp-sha-hmac
    crypto dynamic-map dynmap 10
    set transform-set myset
    reverse-route
    crypto map mymap client authentication list userlist
    crypto map mymap isakmp authorization list grouplist
    crypto map mymap client configuration address initiate
    crypto map mymap client configuration address respond
    crypto map mymap 10 ipsec-isakmp dynamic dynmap
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex half
    interface FastEthernet1/0
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    duplex full
    speed 100
    interface FastEthernet1/1
    ip address 200.200.200.200 255.255.255.0
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    crypto map mymap
    ip local pool vpnpool 172.60.1.10 172.60.1.100
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 200.200.200.201
    no ip http server
    no ip http secure-server
    ip nat inside source list 111 interface FastEthernet1/1 overload
    access-list 101 permit ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
    access-list 111 deny   ip 192.168.1.0 0.0.0.255 172.60.0.0 0.0.255.255
    access-list 111 permit ip 192.168.1.0 0.0.0.255 any
    control-plane
    gatekeeper
    shutdown
    line con 0
    exec-timeout 0 0
    password cisco123
    logging synchronous
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    password cisco123
    end

  • ASA VPN client question

    Hello.
    I have a question about a connection between an asa5505-sec-bun-k9 (that acts as Easy VPN client) and a EASY VPN server.
    The connection with the Easy VPN server is OK but I cannot more connect to internet and create VPN connections to my ASA5505 when I enable the feature.
    Is this a normal condition with Easy VPN Client enabled?

    u need to do split tunneling on ur vpn server and apply it to the vpn client config on the vpn server that encypt only traffic destined to the server side pravite network
    lets say the private network behind the vpn server is 192.168.1.0/24
    so make a standard ACL
    access-list split standard permit 192.168.1.0 255.255.255.0
    group-policy [ur grop policy name] attributes
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split
    then when u connect from the easy client only traffic to 192.168.1.0 will go through the tunnel other traffic will not be part of encrypted traffic
    good luck
    Rate if helpful

  • VPN with 2 network cards - vpn clients cannot see LAN.

    Problem: When a VPN client connects they can only access the server and not any LAN computers. Unable to even ping the LAN computers. The VPN client machine connects via PPTP and receives the appropriate IP address but the subnet mask field is blank. The router is being set to 192.168.1.2
    Here's my network setup:
    en0: (external) IP: 192.168.1.2 and is connected to aDSL modem (192.168.1.1)
    en1: (internal net) IP: 192.168.2.1
    The internal en1 network range is: 192.168.2.2 - 192.168.2.25
    The VPN range being handed out is: 192.168.2.26 - 192.168.2.30
    VPN client machines are able to fully interact with the server, just cannot reach any LAN computers.
    Any ideas??
    XServe Mac OS X (10.4.9) Various Intel laptops and G5/G4 Lan machines
    XServe   Mac OS X (10.4.9)   Various Intel laptops and G5/G4 Lan machines

    >The network address at the vpn client location is not 192.168.2.0/24. The vpn client has a public IP.
    So you're saying that your client system has a 192.168.2.x address, and that's also the address range you're using behind the VPN?
    That won't work.
    You now have two 192.168.2.x networks - one local to the client and one over the VPN.
    Normal routing rules dictate that the local connection wil always take priority over the remote connection, so the client will look on the local LAN for anything in the 192.168.2.x range, completely ignoring the VPN.
    If you think about it, your machine is told that it has two paths to get to anything in the 192.168.2.x network, either directly connected, or across the VPN connection. Given teh choice, which one do you think you'd take?
    The only real solution here is to use a different subnet at each end of the link - either change the client network to something else, or change the internal corp network. If you don't do that you'll have to set up host-based routes (one per system over the VPN) that overrides the local routing table (assuming that's even possible... I'd have to think about it).

  • How to handle multiple site to site IPsec vpn on ASA, any best practice to to manage multiple ipsec vpn configrations

    how to handle multiple site to site IPsec vpn on ASA, any best practice to to manage multiple ipsec vpn configurations
    before ver 8.3 and after version 8.3 ...8.4.. 9 versions..

    Hi,
    To my understanding you should be able to attach the same cryptomap to the other "outside" interface or perhaps alternatively create a new crypto map that you attach only to your new "outside" interface.
    Also I think you will probably need to route the remote peer ip of the VPN connection towards the gateway IP address of that new "outside" and also the remote network found behind the VPN connection.
    If you attempt to use VPN Client connection instead of L2L VPN connection with the new "outside" interface then you will run into routing problems as naturally you can have 2 default routes active at the sametime (default route would be required on the new "outside" interface if VPN Client was used since you DONT KNOW where the VPN Clients are connecting to your ASA)
    Hope this helps
    - Jouni

  • How not to check mail for VPN only mail accounts?

    I have a internal mail server that is only accessible via VPN.
    How can I tell the iPhone not to check the mailbox without first being connected via VPN?

    Unfortunately you can't. Technically, you should be able to set it to manual and be done, but there seems to be a bug in the entire PUSH/FETCH/MANUAL algorithm.
    I have found that the iPhone will check for email of POP3 accounts that are set to manual when it pulls PUSH email or even if I go into any inbox.
    If you are worried about revealing your password, there is some good news. Even if the phone goes to check your email that is behind a VPN server, it won't send the password until the TCP connection is established with the email server. Since this connection is never established, there is no password sent.

  • Lion VPN with a Windows 7 client; can't browse network

    So, here's my setup..
    I have a Lion Server running VPN (192.168.1.11 /24), a windows box behind the VPN (192.168.1.15) and a Windows 7 client connecting.
    I've been able to get the Windows 7 client to actually connect to the VPN. I can also manually go to the client machine (i.e. \\192.168.1.15 ), and I've even thought of creating a static hosts entry for the netbios name -> IP, but, while all that works, the simple fact is that I can NOT browse the network using either a mac client OR a windows client.
    DHCP/DNS is being done by the router (A Verizon Actiontec router with a MoCA connection.)
    I COULD get the lion server to serve dns/dhcp for the whole network, but, haven't yet. Lion server uses the router IP as it's DNS (and does not use the local DNS at all). I've tried to both ways though; didn't solve the issue.
    So, is there any way to fix the ability to browse beyond the VPN? Lion does not include (that I can find) a WINS server....
    Lion server is DMZ'd from the router. So, all ports are open.
    Help!

    No one has any ideas on how to fix this?

  • Email Server Behind WRV210

    We just purchased and setup the WRV210 VPN router, but we are having a major issue with it. We are running a mail server behind the VPN router, but we can no longer connect to it through Outlook. We forwarded all of the appropriate ports but still can't connect. On our previous router we only had to forward the ports and everything worked. We can't telnet the SMTP port or anything. We have disabled the firewall and tried nearly every setting we could fine. We access the webmail service that runs on the website (Port 80) and all of the other websites. We can also VPN into the router and access all of the servers. We are also able to do outbound transactions from within the network (when using local IP's) hence why all features in webmail work. Our problem is when trying connect to POP and SMTP through outlook.  This is a mjor issue as it is now interrupting our day-to-day operations.

    Did you open the Ports 25 and 110 ? What Firmware are you running on the router ? Did you try to reset and re-configure all the setting ?

  • SNMP Management of individual VPN Tunnels

    Is there a way of indexing individual VPN Tunnels statically, through a VPN3000 concentrator?
    If I MIB browse a VPN3000 concentrator, I can see the individual VPN tunnels each with ifindex numbers, so for the period this tunnel is active, I can collect performance statistics from it. The problem occurs when the connection from the same site is reset, the ifindex is renumbered which means I have to relearn the new ifindex in order to continue collecting information.
    Is there a way around this, or is there another solution for getting traffic statistics from VPN tunnels between sites, via SNMP?

    Since the if numbers change the best way to get your stats would be from the routers behind the vpn on either side. Then you can turn on ip accounting or use netflow on the routers. There is a free netflow collector @ www.ntop.org. I think this approach will work if you.
    Hope this helps.

  • Internet stopped working when connected to Cisco VPN

    Hi,
    I have configured IPSec (Ikev1) Remote access VPN in ASA 5520, VPN is connecting properly and i am able to access all internal resources but Internet is not working when connected to VPN. I have investigated on this and found problem with the default gateway, i am getting ddefault gateway duringVPN connection. I am surprised in ASA there is no default gateway configured for remote VPN IP pool then how remote clients can get default gateway.
    I am describing my problem in below given image Please help me to shootout it.
    Thanks in advanve.

    Hi,
    The top configurations is specified to Tunnel All traffic as you can see from the "split-tunnel-policy tunneall". In this case the Split Tunnel ACL is ignored to my understanding.
    The bottom configuration is specified to use Split Tunnel but I cant see the ACL specified there.
    To my understanding you should be seeing routes on your actual computers routing table for the networks that are reached through the VPN.
    On a Windows machine you can open the command prompt and issue the command "route print" to view the routes
    Here is an example when I am connected to one Split Tunnel VPN (click to enlarge)
    To my understanding there is no default gateway in the virtual VPN interface configurations as the host forward all the traffic that needs to be tunneled to the actual virtual interface and from there on in it heads through the VPN Connection.
    Here is an example what the VPN Client Statistics/Route Details tells me
    Both Internet and the remote network/host behind the VPN connection can be reached.
    What does the above window show for you in your VPN Client when active?
    - Jouni

  • Mpls forwarding for multicast

    hi,
    dose anybody can tell me that if current IOS support label switching multicast traffic in the core mpls network? i search the cco and find some information only about support multicast traffic in mpls/vpn.
    could you answer this question or give me some links to read, thanks a lot :-)

    On the Cisco Feature Navigator you can look for:
    Multicast-VPN: Multicast Support for MPLS VPN
    http://tools.cisco.com/ITDIT/CFN/Dispatch
    As fare I remember there is a special range Labels reserved for Multicasting but can't find this any more in the RFC
    I think its an inportand feature for service providers if they want to connect customers that use Multicasting
    Hope this help
    Gerrit Frans van Pelt

Maybe you are looking for

  • Mail freezes computer temporarily when retriving mail w/14 GB Mail folder

    Hi, I'd bet that my mailbox being enormous is why my computer basically locks up for a minute or so whenver I have mail, even little ones with no attachments. Here are the specifics: ~/library/mail is 13.73 GB ~/library/mail downloads is 536 mb ~/lib

  • Retrieving Raw Files after import...?

    I shoot all RAW files and have imported them to my iPhoto. How do I retrieve the RAW file from iphoto. If I copy and drag them out of iPhoto they are .jpg... Is it too late and does iPhoto convert them upon import. Also and clue on if Aperture does t

  • Attendance (IT 2002) - to display in team calender

    Dear All, Once a maanger has approved the over time in MSS, he no longer has access to view the approved records. I went through the documentation where i read that team calender supports both IT 2001 & IT 2002. Right now in the team calender only IT

  • Address issue

    Good morning Experts, we have a very strange issue with IT0006 for Norway. We have an employee which works in Norway but lives in Sweden. So normally our HR would just enter the Swedish address in IT6 how they do for similar cases in other countries

  • Ciscoworks Firewall Module Support

    /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-