NAT list getting hit for traffic from WAN IP
I have an 871 setup at home with a fairly basic configuration (NAT, Firewall, EasyVPN, Wireless). What I've noticed is that for traffic going from the WAN interface (FastEthernet4), it seems to be hitting the ACL in place for NAT. My config:
interface Loopback0
ip address 192.168.254.1 255.255.255.255
interface FastEthernet4
description Cable Modem Connection
bandwidth 384
ip address dhcp
ip nat outside
ip nat enable
no ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
no ip address
bridge-group 1
interface BVI1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip nat inside source list NATLIST interface FastEthernet4 overload
ip access-list extended NATLIST
permit ip 192.168.1.0 0.0.0.255 any
deny ip any any log
Seems to work just fine, but I will see this in my logs:
Oct 30 17:21:38 PDT: %SEC-6-IPACCESSLOGP: list NATLIST denied udp 76.22.98.39(0) -> 68.87.69.146(0), 1 packet
Oct 30 17:21:38 PDT: %SEC-6-IPACCESSLOGP: list NATLIST denied udp 76.22.98.39(0) -> 140.142.16.34(0), 1 packet
Oct 30 17:21:56 PDT: %SEC-6-IPACCESSLOGDP: list NATLIST denied icmp 76.22.98.39 -> 24.64.94.41 (0/0), 1 packet
Oct 30 17:23:38 PDT: %SEC-6-IPACCESSLOGP: list NATLIST denied udp 76.22.98.39(0) -> 207.188.29.230(0), 1 packet
Oct 30 17:25:38 PDT: %SEC-6-IPACCESSLOGDP: list NATLIST denied icmp 76.22.98.39 -> 121.18.13.100 (0/0), 2 packets
Oct 30 17:27:38 PDT: %SEC-6-IPACCESSLOGDP: list NATLIST denied icmp 76.22.98.39 -> 24.64.94.41 (0/0), 1 packet
Where 76.22.98.39 is the dynamic IP address from the cable provider. If the traffic isn't passing through the router, why is it trying to NAT it?
IOS Version is 12.4(6)T9
Hello Brom,
I am facing the same situation that I can see a whole bunch of log-entries which state that IP-packets with the source address of the routers own WAN-interface-address are trying to reach a variety of IPs somewhere out there.
I don't feel fine with just ignoring something - in only very rare situations this has been a good advise. I believe this is not a solution.
There's just one naging question you should be able to answer.
Since when needs the routers traffic translation? If the router sends packets because it want's to reach a destination for some reason it uses as source-address the address of the interface the traffic is supposed to leave and send's it directly there, doesn't it?
So why in the world are there thousends of packets denied by the NAT-process (ofcourse, the NATACL doesn't allow this address), all showing the same pattern
(pattern == protocol=udp AND source=ownWANIP AND port=0 AND destination=someIPoutthere AND port=0) as you can see from the following output, cause I think this is supicious and tryed it - wow! How do these packets get to the NAT-process anyway?!
000894: Oct 10 06:57:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000895: Oct 10 06:58:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 4 packets
000896: Oct 10 06:59:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000897: Oct 10 06:59:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000898: Oct 10 07:02:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000899: Oct 10 07:04:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 16 packets
000900: Oct 10 07:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets
000901: Oct 10 07:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets
000902: Oct 10 07:08:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000903: Oct 10 07:09:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 5 packets
000904: Oct 10 07:11:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000905: Oct 10 07:11:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000906: Oct 10 07:13:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000907: Oct 10 07:14:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 14 packets
000908: Oct 10 07:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets
000909: Oct 10 07:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets
000910: Oct 10 07:18:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets
000911: Oct 10 07:19:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 2 packets
000913: Oct 10 07:22:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets
000914: Oct 10 07:22:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 3 packets
000915: Oct 10 07:23:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets
000916: Oct 10 07:24:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 8 packets
000917: Oct 10 07:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 3 packets
000918: Oct 10 07:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets
000919: Oct 10 07:29:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 3 packets
000920: Oct 10 07:30:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 2 packets
000921: Oct 10 07:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 3 packets
000922: Oct 10 07:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 3 packets
000923: Oct 10 07:34:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets
000924: Oct 10 07:35:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 24 packets
000925: Oct 10 07:38:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets
000926: Oct 10 07:38:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets
000928: Oct 10 07:39:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 3 packets
000929: Oct 10 07:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 1 packet
000930: Oct 10 07:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets
000931: Oct 10 07:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets
000932: Oct 10 07:44:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets
000936: Oct 10 07:47:35: %SEC-6-IPACCESSLOGP: list FAE00IN denied tcp 222.173.130.154(6000) -> 212.152.155.204(1433), 1 packet
000937: Oct 10 07:49:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 2 packets
000938: Oct 10 07:49:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets
000939: Oct 10 07:49:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets
000940: Oct 10 07:50:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets
000941: Oct 10 07:54:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 5 packets
000942: Oct 10 07:54:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000943: Oct 10 07:54:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000946: Oct 10 07:56:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets
000947: Oct 10 08:00:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 7 packets
000948: Oct 10 08:00:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets
000949: Oct 10 08:00:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets
000950: Oct 10 08:01:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000951: Oct 10 08:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 15 packets
000952: Oct 10 08:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000953: Oct 10 08:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000954: Oct 10 08:06:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000956: Oct 10 08:10:26: %SEC-6-IPACCESSLOGDP: list FORNAT denied icmp 212.152.155.204 -> 172.16.0.151 (0/0), 1 packet
000957: Oct 10 08:10:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 6 packets
000958: Oct 10 08:10:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000959: Oct 10 08:10:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000960: Oct 10 08:11:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000961: Oct 10 08:14:49: %SEC-6-IPACCESSLOGP: list FAE00IN denied tcp 216.133.175.69(2087) -> 212.152.155.204(5900), 1 packet
000962: Oct 10 08:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000963: Oct 10 08:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 11 packets
000964: Oct 10 08:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets
000966: Oct 10 08:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets
000968: Oct 10 08:21:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000969: Oct 10 08:21:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 6 packets
000970: Oct 10 08:21:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000971: Oct 10 08:21:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000972: Oct 10 08:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets
000973: Oct 10 08:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 3 packets
000974: Oct 10 08:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000975: Oct 10 08:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000976: Oct 10 08:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000977: Oct 10 08:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 29 packets
000978: Oct 10 08:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 2 packets
000979: Oct 10 08:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 2 packets
000980: Oct 10 08:38:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000981: Oct 10 08:39:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000982: Oct 10 08:39:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000983: Oct 10 08:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 2 packets
000984: Oct 10 08:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 1 packet
000985: Oct 10 08:44:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000986: Oct 10 08:44:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000987: Oct 10 08:49:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 2 packets
000988: Oct 10 08:50:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000989: Oct 10 08:50:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000990: Oct 10 08:52:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000991: Oct 10 08:54:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 5 packets
000992: Oct 10 08:59:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 6 packets
000993: Oct 10 08:59:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000994: Oct 10 08:59:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000995: Oct 10 09:00:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
000996: Oct 10 09:05:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 17 packets
000997: Oct 10 09:07:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
000998: Oct 10 09:07:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
000999: Oct 10 09:09:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
001002: Oct 10 09:10:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 7 packets
001003: Oct 10 09:15:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 14 packets
001004: Oct 10 09:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
001005: Oct 10 09:16:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
001006: Oct 10 09:17:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
001007: Oct 10 09:21:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 6 packets
001008: Oct 10 09:24:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
001009: Oct 10 09:24:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
001010: Oct 10 09:26:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
001012: Oct 10 09:27:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 4 packets
001013: Oct 10 09:32:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 26 packets
001014: Oct 10 09:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
001015: Oct 10 09:33:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
001016: Oct 10 09:35:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
001017: Oct 10 09:37:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 1 packet
001018: Oct 10 09:41:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
001019: Oct 10 09:41:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
001020: Oct 10 09:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
001021: Oct 10 09:43:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 1 packet
001022: Oct 10 09:48:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 195.96.0.3(0), 74 packets
001023: Oct 10 09:50:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 130.149.17.21(0), 1 packet
001024: Oct 10 09:50:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.12(0), 1 packet
001027: Oct 10 09:52:49: %SEC-6-IPACCESSLOGP: list FORNAT denied udp 212.152.155.204(0) -> 131.130.1.11(0), 1 packet
Similar Messages
-
I recently purchased 2 movies and was unable to view them. It kept saying unable to load movie when it had clearly downloaded. How do I get reimbursed for these 2 movies as I was unable to watch them and am pretty fed up with iTunes right now?
Depending upon what country that you are in (films can't be re-downloaded in all countries) then try deleting the films from your iTunes library and redownload them via the Purchased link under Quicklinks on the right-hand side of the iTunes store home page on your computer's iTunes
If you aren't in a country where you can re-download films or if they re-download with the same problem then try the 'report a problem' page to contact iTunes Support : http://reportaproblem.apple.com
If the 'report a problem' link doesn't work then you can try contacting iTunes support via this page : http://www.apple.com/support/itunes/contact/- click on Contact iTunes Store Support on the right-hand side of the page, then Purchases, Billing & Redemption -
Static-nat and vpn tunnel bound traffic from same private address?
Hi guys,
I have site-to-site tunnel local host @192.168.0.250 and remote-host @172.16.3.3.
For this local host @192.168.0.250, I also have a static one-to-one private to public.
static (mgmt-192,outside-50) 216.9.50.250 192.168.0.250 netmask 255.255.255.255
As you can see, IPSec SA shows end-points in question and traffic is being decrypted but not encrypted host traffic never enter into the tunnel, why?
How can I resolve this problem, without complicating the setup ?
BurlingtonASA1# packet-tracer input mgmt-192 icmp 192.168.0.250 8 0 172.16.3.3
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 outside-50
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.0.0 255.255.255.0 mgmt-192
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group mgmt_intf in interface mgmt-192
access-list mgmt_intf extended permit icmp any any
access-list mgmt_intf remark *** Permit Event02 access to DMZ Intf ***
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: INSPECT
Subtype: np-inspect
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: NAT-EXEMPT
Subtype:
Result: ALLOW
Config:
nat-control
match ip mgmt-192 host 192.168.0.250 outside-50 host 172.16.3.3
NAT exempt
translate_hits = 5, untranslate_hits = 0
Additional Information:
Phase: 9
Type: NAT
Subtype:
Result: ALLOW
Config:
static (mgmt-192,outside-50) 216.9.50.250 192.168.0.250 netmask 255.255.255.255
nat-control
match ip mgmt-192 host 192.168.0.250 outside-50 any
static translation to 216.9.50.250
translate_hits = 25508, untranslate_hits = 7689
Additional Information:
Phase: 10
Type: NAT
Subtype: host-limits
Result: ALLOW
Config:
static (mgmt-192,dmz2-172) 192.168.0.0 192.168.0.0 netmask 255.255.255.0
nat-control
match ip mgmt-192 192.168.0.0 255.255.255.0 dmz2-172 any
static translation to 192.168.0.0
translate_hits = 28867754, untranslate_hits = 29774713
Additional Information:
Phase: 11
Type: VPN
Subtype: encrypt
Result: ALLOW
Config:
Additional Information:
Phase: 12
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 1623623685, packet dispatched to next module
Result:
input-interface: mgmt-192
input-status: up
input-line-status: up
output-interface: outside-50
output-status: up
output-line-status: up
Action: allow
BurlingtonASA1#
Crypto map tag: map1, seq num: 4, local addr: 216.9.50.4
access-list newvpn extended permit ip host 192.168.0.250 host 172.16.3.3
local ident (addr/mask/prot/port): (192.168.0.250/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.16.3.3/255.255.255.255/0/0)
current_peer: 216.9.62.4
#pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
#pkts decaps: 53, #pkts decrypt: 53, #pkts verify: 53
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 216.9.50.4, remote crypto endpt.: 216.9.62.4
path mtu 1500, ipsec overhead 74, media mtu 1500
current outbound spi: 37CA63F1
current inbound spi : 461C843C
inbound esp sas:
spi: 0x461C843C (1176273980)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 77398016, crypto-map: map1
sa timing: remaining key lifetime (kB/sec): (3914997/25972)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x003FFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0x37CA63F1 (936010737)
transform: esp-aes-256 esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 77398016, crypto-map: map1
sa timing: remaining key lifetime (kB/sec): (3915000/25972)
IV size: 16 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001Hi
intersting VPN ACL
object-group network DM_INLINE_NETWORK_18
network-object YYY.YYY.YYY.0 255.255.255.0
object-group network DM_INLINE_NETWORK_22
network-object UUU.UUU.UUU.0 255.255.255.0
access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_22 object-group DM_INLINE_NETWORK_18
Static NAT
static (Inside,outside) XXX.XXX.XXX.171 YYY.YYY.YYY.39 netmask 255.255.255.255
No NAT
object-group network DM_INLINE_NETWORK_20
network-object UUU.UUU.UUU.0 255.255.255.0
access-list Inside_nat0_outbound extended permit ip ZZZ.ZZZ.ZZZ.0 255.255.255.0 object-group DM_INLINE_NETWORK_20
VPN CLient Pool
No pool configured as it uses the interesting traffic or protected traffic in ASDM - UUU.UUU.UUU.0 is the IP address range at the far side of the site to site VPN.
I hope this helps
Thanks -
Get updates for documentation from developers without redoing Javadocs
I am new to Java. I have been tasked to create the documentation for our software project. hence I'm trying to use Javadoc for the technical documentation. The problem is if I run NetBeans IDE, and generate Javadocs today, then I will be missing all new Javadoc changes that developers put into the code in the next days and weeks ahead. Is there a way to get the Javadocs that exist today, and from here on out, to just get the updates to update to the Java docs? If not, is there a way that I can see the updates since a certain date, so that I only view updates?
I've never posted to this forum. I tried yesterday, and thought it worked. But I can't see my entry in the forums.Is there a way to get the Javadocs that exist today, and from here on out,
to just get the updates to update to the Java docs?Javadoc has no such option built-in.
People typically just run the javadoc tool to rebuild the docs from scratch each time they want a version of the docs with the latest update.
It has no "incremental build" where it updates only the minimum files necessary. A feature request exists for this:
javadoc cannot incrementally generate docs for a single Java class
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4032755
If not, is there a way that I can see the updates since a certain date,
so that I only view updates?Also not built into Javadoc. The program JDiff does that -- it shows the
diffs in context.
http://javadiff.sourceforge.net/
-Doug -
Get information for classes from call stack in abap (like java reflection)
Hi,
is there any possibilty to get following information:
I want to program a logging tool. You can create a logging object and use some methods like
xxxxx->add_msg(msg) to put logging information to the logging object.
but i also want to find out, from which class/object/runtime environment this msg comes.
example:
class CL_ABC uses the logging tool and does following call:
lo_logger = CL_logger->get_logger().
lo_logger->add_msg( 'test the code' ).
now the method ->add_msg() in logger object is called. inside this method, i want to have the information, from which class/object the ->add_msg() method is called. after the call, the logging object must have this information like:
CALL_CLASS: CL_ABC
CALL_LINE: 83
MSG: test the code
any ideas?You can use the SYSTEM_CALLSTACK function module.
Read this thread, Uwe has given details on both getting the calling class and method: Re: How to determine current method / interface method that is running?
Most probably this solves your needs.
Regards -
PRD account getting hit during Invoice verification . OBYC
Dear Experts ,
When i am posting incoming invoice , the PRD account is getting hit by minor amounts . What is the relevance of PRD & whether it should hit or not .
Regards
AnisHello Experts ,
I am posting invoice for the materials with moving average price in backdate.
eg
mat A : 1000 kg , Rs 1000 /-
mat B : 1000 kg , Rs 1000/-
Now i have got an unpanned delivery cost of Rs 500. When I am posting this price i detailed tab following entries occur ( simulate)
Vendor cr 2500-
GR IR clrng 1000
mat A Inv a/c 250
GR IR clrng 1000
Pr diff a/c 250
Here at the time of booking the invoice the stock of mat B is less than that in invoice . Also .... thet total of mat A Inv a/c & Pr diff a/c is 500/- that is total unpalnned del cost.
are the entries correct ?
What is the reason the price diff account is getting hit for mat B
also how can i make the unpanned delivery cost hit inv account all the time ??
I tried making PRD rule valuation class specific & tried assigning inv accounts to it . BUT THE
SYSTEM DID NOT ALLOW ME TO SAVE SAYING THE ACCOUNT IS ALREADY USED IN BSX.
PL GIVE UR INPUTS -
No ACL deny logs for Traffic not matched by Static Object NATs and ACL. Need Help.
I start noticing that I do not see any denied traffic coming in on my ACL. To better explain, lets say I have this config.
### Sample Config ###
object network webserver
host 192.168.1.50
nat (dmz, outside) static X.X.X.X service tcp www www
access-list inbound extended permit ip any4 object webserver eq www
If I generate a traffic from the outside let's say a traffic that is trying to access X.X.X.X via TCP Port 8080 which obviously does not have any NAT entry to it going to my DMZ, I don't see the ACL denies it anymore but instead comes back with a Drop Reason: (nat-no-xlate-to-pat-pool) . On the packet trace I got this. (Below) it seems that does not even hit the ACL as there is no xlate found for it, at least to what the drop reason says.
Phase: 1
Type: CAPTURE
Subtype:
Result: ALLOW
Config:
Additional Information:
MAC Access list
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 Outside
Result:
input-interface: Outside
input-status: up
input-line-status: up
output-interface: Outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (nat-no-xlate-to-pat-pool) Connection to PAT address without pre-existing xlate
Before, using a regular Static PAT on ASA Versions 8.2(5) below, I could get the deny logs (ASA-4-106023). Generally, I use these logs, and are quite important for us specially during auditing.
My question is how can I generate logs for these type of dropped traffic on the ASA 9.1 Version?
Any comments/suggestions are gladly appreciated :)
Regards,
JohnI believe, but am not 100% sure, that the reason you are not seeing the ACL drop but a no NAT matched is because of the changes from 8.2 to 8.3 in the order of how things are done. In 8.3 and later you need to secify the real IP address when allowing packets in, and this is because NAT happens before the ACL is matched. So since there is no match on the NAT the packet is dropped then and there, never reaching the stage where ACLs are checked.
As to seeing drops in the ACL log...You might want to try adding an ACL that matches the NATed IP...but I don't think you will have much success with that either. My guess is that there is no way around this...at least no way I know of.
Please remember to select a correct answer and rate helpful posts -
For my Rapid Video Blogging I would like to bring the traffic from You Tube
I hear there are sites as complicated and financially up there, Blogcasts, and all kind of sites that I could try to get involved with to have a place where I can try to get the traffic from watching the Video Rapid Blogs. I am not sure of the technology, from simple sites to a full on website. Does anybody have this knowledge so I could get going on getting this set up. I would need some site to bring the traffic to where what I am selling is and hopefully have a good response.
I am brand new at all of this but I have the academic and practical knowledge-working for years in teaching at the college level in exercise physiology, have gone on to get my registered dietician degree so I left school when I was done, put a small studio together where I worked mostly with memdical doctor's referrals since I had been around the rehab docs during my rotation for my exercise physiology degree.
I love the studio, but all my bad technique when I was young and my sport injuries all hit at once. I developed brain CA, had some chemo and radiation. I had to close the studio but I still have to live so I am thinking this rapid video blogging, put out some 3 minute video blogs supporting my ability to help some people who tried all kinds of weight loss methods, work with the tried and true wy but add the psych in that which can help them not expect quick-fixes, not support nutrition bars that do not fit in until they are egged in a exercise program, get rid of all the stuff 24 hour fitness tries to sell them unless they want to know how many steps they take. I could put some 3-4 minute video blogs together bringing the potential customers back to my website or whatever kind of site i would need. i m not up-to-date on all the various site for stuff like this, but if anybody want s to help e get an awareness of what is out there available to me, I would appreciate if anybody has the knowledge and practice in these areas of websites, blog sites, to help me put some classy, straight to-the-pont video info together, I would really appreciate it. I keep reading about blog spots,mad a;; types of things like websites where iI could push the traffic fro You Tube bak to this site for some sales.I dont understand anything you said in your post.
Do you have a specific question about video production?
The forums are for individual technical or creative issues that users have with video production. I am sur someone will be able to help you, but and to get a response it is best to ask a specific question.
Is this about a technical problem you have or something about setting up a web site? If its the latter this is the wrong forum. -
Getting error while hitting weblogic server from EBS client instance
Hi,
We are trying to hit weblogic server from EBS client instance.
Steps Done from our side :-
1. Created a self signed key store and certificate (.cer file) with server host name and used it for SSL enabling on weblogic server.
2. Created a self signed key store and certificate (.cer file) with client host name and used it for SSL enabling on oracle EBS client.
3. Imported client certificate .cer file in Server Side Trust Store.
4. Used Server keystore for client side verification.
We are getting these logs from Client Side (Oracle EBS AS) :-
<Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=Entrust Root Certification Authority - G2,OU=(c) 2009 Entrust\, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=thawte Primary Root CA - G3,OU=(c) 2008 thawte\, Inc. - For authorized use only,OU=Certification Services Division,O=thawte\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 3,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=T-TeleSec GlobalRoot Class 2,OU=T-Systems Trust Center,O=T-Systems Enterprise Services GmbH,C=DE". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GlobalSign,O=GlobalSign,OU=GlobalSign Root CA - R3". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "OU=Security Communication RootCA2,O=SECOM Trust Systems CO.\,LTD.,C=JP". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 9, 2012 10:40:33 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=VeriSign Universal Root Certification Authority,OU=(c) 2008 VeriSign\, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 9, 2012 10:40:34 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=KEYNECTIS ROOT CA,OU=ROOT,O=KEYNECTIS,C=FR". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 9, 2012 10:40:34 AM AST> <Notice> <Security> <BEA-090898> <Ignoring the trusted CA certificate "CN=GeoTrust Primary Certification Authority - G3,OU=(c) 2008 GeoTrust Inc. - For authorized use only,O=GeoTrust Inc.,C=US". The loading of the trusted certificate list raised a certificate parsing exception PKIX: Unsupported OID in the AlgorithmIdentifier object: 1.2.840.113549.1.1.11.>
<Nov 9, 2012 10:40:34 AM AST> <Warning> <Security> <BEA-090542> <Certificate chain received from whjed-ebspay.nmc.com - 192.168.100.169 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
<Nov 9, 2012 10:40:34 AM AST> <Warning> <Security> <BEA-090542> <Certificate chain received from whjed-ebspay.nmc.com - 192.168.100.169 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
<Nov 9, 2012 10:40:34 AM AST> <Warning> <Security> <BEA-090542> <Certificate chain received from whjed-ebspay.nmc.com - 192.168.100.169 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.>
javax.net.ssl.SSLKeyException: [Security:090542]Certificate chain received from whjed-ebspay.nmc.com - 192.168.100.169 was not trusted causing SSL handshake failure. Check the certificate chain to determine if it should be trusted or not. If it should be trusted, then update the client trusted CA configuration to trust the CA certificate that signed the peer certificate chain. If you are connecting to a WLS server that is using demo certificates (the default WLS server behavior), and you want this client to trust demo certificates, then specify -Dweblogic.security.TrustKeyStore=DemoTrust on the command line for this client.
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:158)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:363)
at oracle.apps.nmc.filetransmission.DigitalSigner.sendSignedFileToBank(DigitalSigner.java:532)
at oracle.apps.nmc.filetransmission.DigitalSigner.signXmlFile(DigitalSigner.java:330)
at oracle.apps.nmc.filetransmission.DigitalSigner.invokerInit(DigitalSigner.java:437)
at oracle.apps.nmc.filetransmission.DigitalSigner.runProgram(DigitalSigner.java:390)
at oracle.apps.fnd.cp.request.Run.main(Run.java:157)
We are getting these logs from Server Side (Weblogic server) :-
<Nov 9, 2012 10:34:51 AM AST> <Warning> <Security> <BEA-090482> <BAD_CERTIFICATE alert was received from whjed-apstest3.nmc.com - 192.168.100.246. Check the peer to determine why it rejected the certificate chain (trusted CA configuration, hostname verification). SSL debug tracing may be required to determine the exact reason the certificate was rejected.>
Kindly suggest on this.
Regards
Deepak GuptaHi;
Please make a search BEA-090482 Check the peer to determine why it rejected at metalink. There are 8 docs avaliable, please review them
Regard
Helios -
How to get the selected values from multiselected list
Hi,
I have a multiselect list displaying all the years from 2003 to 2008 (used dynamic LOV). The user can choose one or more years as per his needs, and then when user clicks on the link the selected values of the list are to be captured and a pop up page of a Discoveror report needs to be opened where these years get passed as a parameter. I tried several methods to capture the value, but either one or all are getting passed but not exactly what the user has chosen.
This is how it looks:
P2_FISCAL_YEAR is a multiselect list containing values from 2003,2004... 2008
If user chooses 2004 and 2007
then I want the url to capture these values and pass as parameters for my discoveror reports. as '&qp_fiscal_year=2004,2007'
Any help is appreciated!
Thanks in advance,
Sapna.Hi,
I have a multiselect list displaying all the years from 2003 to 2008 (used dynamic LOV). The user can choose one or more years as per his needs, and then when user clicks on the link the selected values of the list are to be captured and a pop up page of a Discoveror report needs to be opened where these years get passed as a parameter. I tried several methods to capture the value, but either one or all are getting passed but not exactly what the user has chosen.
This is how it looks:
P2_FISCAL_YEAR is a multiselect list containing values from 2003,2004... 2008
If user chooses 2004 and 2007
then I want the url to capture these values and pass as parameters for my discoveror reports. as '&qp_fiscal_year=2004,2007'
Any help is appreciated!
Thanks in advance,
Sapna. -
How to get the list of values for a dynamic parameter using Web Services SDK?
<p>I am struggling to get the list of values for a dynamic parameter of a report.</p><p>I am using Java Web Services SDK ... I tried to use PromptInfo.getLOV().getValues() method but it does not work.</p><p>First of all ... is this possible (to get the list of values for a dynamic param) using Web Services?</p><p>Second of all, if this is possible, how should I do it ... it seems it works fine when running the report from CMC. It asks for DB logon info and after that it provides a list of values.</p><p>Thx </p>
<p>Your assumption is correct. We are trying to get the LOVs from the Crystal Report. I was not aware that this is not supported by Web Services SDK.</p><p>We used Web Services SDK to integrated the Crystal Reports in our web application. We implemented some basic actions for reports: schedule, view instances, run ad-hoc reports.</p><p>We encountered this problem when trying to run/schedule reports with dynamic parameters (a list of values from DB). We were unable to get the LOVs.</p><p>Please let me know if you can think of an alternative to look at.</p><p>Thanks a lot,</p><p>Catalin </p>
-
How do I get all the songs from an album to show in the album view? Currently, if an album lists the artist plus a guest artist, those are shown separately and appear to be two different albums on my iPod. How do I get all the songs on that album together on my iPod? If the album is a collaboration wtih many artists, each sond may appear as a separate album.
I used to have this problem.
First, you need to go back on iTunes
you need to go to each of the songs that are having this problem
Click the album so all the songs drop down
Right click the songs that have this problem
Click ' Get info '
Click the tab that says " info '
The box that says ' album artist ' should probably be empty (correct me if I'm wrong)
Click it and type the artist of the entire album, NOT the songs guest artist
as such,
ARTIST
JAY-Z Feat. Justin Timberlake
ALBUM ARTIST
JAY-Z
These should be separate for each artist
If you write the same album artists for each song by that artist, all the songs should be on 1 album -
Hi there,
I'm Very sorry for asking this. I guess it's a very basic problem, but I'm very new to Flash and Flash media Server and I need a very fast answer...
Currently I'm working on a Director project using a flash program which connects to Flash Media Server (I guess version 3, it's quite old). Unfortunately they forgot to make a flash method to send the actual userlist (or a notification when someone logged in or out) to Director. AND, unfortunately, they lost the source code of that flash programm, so I cannot look into it or alter it *sigh*.
Now I want to do a new flash programm which covers the old one, letting all known methods "pass trough" and building an additional method to gain the user list (or login/out notification).
How do I get the login information from Flash Media Server? (Would be good if you could provide an idea already for flash code... as I said I'm a tard at flash till now)
Thank you so much. And I hope you understand my situation asking here...
Janahparmar : yes, that's what I feared... I hoped it would be possible to tell the server from which application I do need the login information. What a mess.
Dimo Hristov: thanks for your offer! I already tried decompiling the flash program with the shareware version of Trillix Decompiler. It only decompiled the UI (in a terrible way) but no source code at all. It was the shareware version where I can decompile 2 or 3 programms to test the software. Are you sure the non-free version of Trilix Flash Decompiler will do..? -
Hi,
I have a SharePoint List (SPList) and need to provide the URL for the list. It should be possible to copy this URL to the browsers address field and navigate to the corresponding Details or Overview View (or default view) of the list.
Additionally, I have a List Item object (SPListItem) and need the URL to directly navigate to the DispForm.aspx of this item.
I tried it like this:
string listURL = ... + "/Lists/" + myList.Title;
string itemURL = listURL + "/DispForm.aspx?ID=/" + id;
The URLs are correct as long as the "Internal Name" of the list is the same as the displayed name of the list. But in SharePoint it is possible to add a List-Template with no blanks in the name (e.g. 'MyList'), but later rename it and include a blank (e.g. 'My List'). In this case the listURL I retrieve with the above code snippet does not work anymore! For SharePoint only a URL with the list name without blanks is existent. In short: the URL does not include the blank for the list in the url but myList.Title does!!
So my question is, how can I get a URL that directly leads to my list's Details view (or default view) and the URL that leads directly to the list items "DispForm.aspx"??Hi,
It seems you need to get correct ListItem URL from ListItem’s property, and thanks for all helpful suggestions.
In this situation, would you please try using List’s Form property instead of “SubString”, code like this:
string itemURL = yourweb.Url+"/"+yourlist.Forms[PAGETYPE.PAGE_DISPLAYFORM].Url + "?ID=" + item.ID;
Then you will actual retrieve the correct path to the DispForm.aspx page.
Hope this sample can help.
Best Regards,
-Aaron -
Getting a list of users and permission from a folder
I run this command to get a a list of users and permission from a folder
$project_folder = "\\servername\foldername"
get-acl $project_folder | %{ $_.Access } | ft -property IdentityReference, AccessControlType, FileSystemRights > folder.csv.
This only lists information for 1 folder.
If i have multiple folders how should the code be modified?this is the code i am looking for
$project_folder
= "\\servername\foldername\foldername1"
get-acl $project_folder | %{ $_.Access } | ft -property IdentityReference, AccessControlType,
FileSystemRights > folder.csv.
I run this code and this gives me the information for only the folder 'foldername1'.
Ex. i need a list of users who have permmission in \\servername\foldername\foldername2.
i run the code and it gives me the permissions and list of users in foldername2.
This is the issue
IF there are multiple folders \\servername\foldername\foldername2, \\servername\foldername\foldername1,
i need to run the code each time for 1 folder.
is there a command where i can combine the path of these 2 or more folders and export
it to csv
Ex. $project_folder
= "\\servername\foldername\foldername1",
"\\servername\foldername\foldername2"
get-acl $project_folder | %{ $_.Access } | ft -property IdentityReference, AccessControlType,
FileSystemRights > folder.csv.
This will give me the list of users and the type of access they have in foldername1 and
foldername2
Maybe you are looking for
-
Converting seconds to Days,Hours,mins and secs
Hi gurus, I have a metric in seconds , which is a box uptime . I want to convert that into Days,hours , mins and secs .How can I do that ? For example , If I have 433500 secs , I should show it as 5days 00:25:00 or in some meaningful format . Can any
-
Feature request (need this)
got my playbook. love it. go canada. now here are the features i need to improve usability. allow me to do a text find in browsers. (ctrl-f) allow me to move the cursor left right up and down by placing one finger in the bottom left bezel and gest
-
Acrobat 11 installation.
What are the steps to "move" Acrobat 11 from my old computer to my new computer?
-
Bonjour à tous, Voici mon problème : Concrètement je reçois un signal externe TTL à 10Hz , je dois capter une image d'un phénomène qui intervient quelques centaines de µs après le signal 10Hz (mais je ne sais pas exactement quand). J'ai un trigger di
-
How to adjust the advance with invoice
Hi all, the scenario is I am getting Rs 2,00,000 as advance from one finance company.( I have created seperate nature account in finance co name in the liability side because always i have advance from it) then I am doing credit sales to that financ