NAT / PAT config conversion from PIX v6 to ASA Software 8.3 and above

Similar Messages

• Poor raw conversion from Fujifilm X100 .raf format in Lightroom 3 and 4

  I'm seeing very poor results when doing raw conversion from Fujifilm X100 .raf format. Who can I contact about this? Is there anything I can do?
  See below for what is supposed to be a white curtain, lit by stage lighting. It results in a blown out blue channel, serious loss of detail, and very ugly gradient.
  (Lightroom 4.2, Camera Raw 7.2 on LEFT  --- Fujifilm X100 in-camera jpg on RIGHT)
  And for more detail:
  (Lightroom 4.2, Camera Raw 7.2 on TOP  --- Fujifilm X100 in-camera jpg on BOTTOM)
  (Lightroom 4.2, Camera Raw 7.2 on LEFT --- Fujifilm X100 in-camera jpg on RIGHT)

  The blue light is so intense that it is, or almost is, saturating the sensor.
  The camera’s built-in raw conversion handles this by shifting the color to cyan—clipping the blue and allowing the green to contribute more.  I doubt there was cyan lighting in the scene, only blue.
  Adobe does not shift the hue, but this makes the blue seem over saturated.  Adobe’s conversion may be more colorimetrically correct, but less pleasing in this case of intense lighting that the sensor cannot accurately record.
  It is a difference in camera profile used between the camera and Adobe.  Since Adobe does not supply camera-match profiles for much more than Nikon and Canon cameras, you’re not going to be able to fix things other than managing the over-saturation using HSL or WB or other things like lower-vibrance, higher saturation. 
  You could try making your own camera profile using an X-Rite Color-Checker Passport or the color-checker and the Adobe DNG Profile Editor:
  http://xritephoto.com/ph_product_overview.aspx?id=1257

• How to upgrade from OSX 10.5.8 to 10.6 and above?

  Need help upgrading from Mac OS X 10.5.8 to new version like 10.6 and above so I can access the Apple App Store and get other version software updgrades.

  Choose About this Mac from the Apple menu and check the processor.
  If it's a PowerPC Mac, it's already running the newest OS it can.
  If it's a Core Duo Mac, click here, install the DVD, and run Software Update.
  If it's a Core 2 Duo or better Mac, upgrade it as if it was a Core Duo Mac, and once done, if desired, open the Mac App Store and try downloading Yosemite. If you get told it's incompatible, go to the online Apple Store and order a download code for Lion 10.7.
  Mac OS X 10.7 and newer don't support PowerPC software such as Microsoft Office 2004. If you upgrade the OS, back up the computer first.
  (124576)

• Conversion from 10.1.2 to 10.1.3 and persistence Exception

  We are in the process of migrating from ocj 10.1.2 to 10.1.3. We are implementing database replication of HttpSession. During that process we get a stack trace like this. It complains about an object not being able to be serialized. Any suggestions and comments are very welcome.
  thanks
  Sekar

  sorry forgot to include the stack trace
  Internal Exception: java.io.NotSerializableException: common.jsp._setsessionMapping: oracle.toplink.mappings.DirectMapMapping[values]Descriptor: Descriptor(com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.persistence.InternalHttpSessionObject --> [DatabaseTable(OC4J_HTTP_SESSION)])     at oracle.toplink.exceptions.DescriptorException.notSerializable(DescriptorException.java:1169)     at oracle.toplink.mappings.converters.SerializedObjectConverter.convertObjectValueToDataValue(SerializedObjectConverter.java:77)     at oracle.toplink.mappings.DirectCollectionMapping.buildElementClone(DirectCollectionMapping.java:206)     at oracle.toplink.mappings.DirectMapMapping.buildCloneForPartObject(DirectMapMapping.java:116)     at oracle.toplink.internal.indirection.NoIndirectionPolicy.cloneAttribute(NoIndirectionPolicy.java:45)     at oracle.toplink.mappings.ForeignReferenceMapping.buildClone(ForeignReferenceMapping.java:199)     at oracle.toplink.internal.descriptors.ObjectBuilder.populateAttributesForClone(ObjectBuilder.java:2116)     at oracle.toplink.publicinterface.UnitOfWork.cloneAndRegisterNewObject(UnitOfWork.java:674)     at oracle.toplink.publicinterface.UnitOfWork.internalRegisterObject(UnitOfWork.java:2571)     at oracle.toplink.internal.sessions.MergeManager.registerObjectForMergeCloneIntoWorkingCopy(MergeManager.java:821)     at oracle.toplink.internal.sessions.MergeManager.mergeChangesOfCloneIntoWorkingCopy(MergeManager.java:499)     at oracle.toplink.internal.sessions.MergeManager.mergeChanges(MergeManager.java:226)     at oracle.toplink.publicinterface.UnitOfWork.mergeClone(UnitOfWork.java:3050)     at oracle.toplink.publicinterface.UnitOfWork.deepMergeClone(UnitOfWork.java:1439)     at oracle.ias.container.persistence.NonTransactionalInternalPM.writeObject(NonTransactionalInternalPM.java:203)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.PersistenceHttpSession.removeValueFromMap(PersistenceHttpSession.java:239)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.EvermindHttpSession.removeAttribute(EvermindHttpSession.java:232)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.EvermindHttpSession.removeValue(EvermindHttpSession.java:219)     at common.jsp._login._jspService(Unknown Source)     [common/jsp/login.jsp]     at com.orionserver[Oracle Containers for J2EE 10g (10.1.3.0.0) ].http.OrionHttpJspPage.service(OrionHttpJspPage.java:59)     at oracle.jsp.runtimev2.JspPageTable.service(JspPageTable.java:416)     at oracle.jsp.runtimev2.JspServlet.internalService(JspServlet.java:478)     at oracle.jsp.runtimev2.JspServlet.service(JspServlet.java:401)     at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:719)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:376)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:870)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:451)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:218)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:119)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].server.http.HttpRequestHandler.run(HttpRequestHandler.java:112)     at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)     at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:230)     at oracle.oc4j.network.ServerSocketAcceptHandler.access$800(ServerSocketAcceptHandler.java:33)     at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:831)     at com.evermind[Oracle Containers for J2EE 10g (10.1.3.0.0) ].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)     at java.lang.Thread.run(Thread.java:595)Caused by: java.io.NotSerializableException: common.jsp._setsession     at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1075)     at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1369)     at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1341)     at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1284)     at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1073)     at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:291)     at oracle.toplink.mappings.converters.SerializedObjectConverter.convertObjectValueToDataValue(SerializedObjectConverter.java:74)

• I am reading about this conversion from an AOL username to a new Apple ID. Is this legitimate and will I lose access to purchases?

  is this conversion from an AOL username to a new Apple ID legit? Will I lose access to purchases?

  Hi Kellyezvous,
  Thanks for participating in the Apple Support Communities.
  The conversion from AOL Username to Apple ID is legit, and you will not lose access to your iTunes Store purchases as a result of this change.
  For more information, see this Apple Support page:
  Convert your AOL Username to an Apple ID - Apple Support
  You must convert your AOL Username to an Apple ID to maintain access to the stores and to content you purchased previously.
  Apple can't provide support for AOL Username accounts that aren't converted by March 31, 2015. The conversion process applies only to AOL Usernames. You don't need to convert an Apple ID that ends in @aol.com. Also, this transition doesn't affect any AOL services that you use with your AOL Username.
  Cheers,
  Jeremy

• Can I use my email and phone number to start a new conversation from iMessage?

  Can I use my email and phone number to start a new conversation from iMessage?

  Can I use my email and phone number to start a new conversation from iMessage?

• Why does my Menu Bar is scrolling from left to right when I call it and not stabilizing?

  I have an an XP Windows system and I use Firefox as my default Browser, I suddenly found that my browaer is hit by something that makes the Menu Bar when I try to use it scrolling all menus from left to right so quickly that I can't point to any choice and keep doing this till I end it by mouse, also the information in the Autocomplete are not accessible as they don't show when trying to get them either by mouse or by the down key. I don.t know what to do putting in consideration that I uninstalled firefox and reinstalled it and this did not solve the problem.

  '''Try Firefox Safe Mode''' to see if the problem goes away. [[Troubleshoot Firefox issues using Safe Mode|Firefox Safe Mode]] is a troubleshooting mode that turns off some settings, disables most add-ons (extensions and themes).
  If Firefox is open, you can restart in Firefox Safe Mode from the Help menu:
  *In Firefox 29.0 and above, click the menu button [[Image:New Fx Menu]], click Help [[Image:Help-29]] and select ''Restart with Add-ons Disabled''.
  *In previous Firefox versions, click on the Firefox button at the top left of the Firefox window and click on ''Help'' (or click on ''Help'' in the Menu bar, if you don't have a Firefox button) then click on ''Restart with Add-ons Disabled''.
  If Firefox is not running, you can start Firefox in Safe Mode as follows:
  * On Windows: Hold the '''Shift''' key when you open the Firefox desktop or Start menu shortcut.
  * On Mac: Hold the '''option''' key while starting Firefox.
  * On Linux: Quit Firefox, go to your Terminal and run ''firefox -safe-mode'' <br>(you may need to specify the Firefox installation path e.g. /usr/lib/firefox)
  When the Firefox Safe Mode window appears, select "Start in Safe Mode".<br>
  [[Image:Safe Mode Fx 15 - Win]]
  '''''If the issue is not present in Firefox Safe Mode''''', your problem is probably caused by an extension, and you need to figure out which one. Please follow the [[Troubleshoot extensions, themes and hardware acceleration issues to solve common Firefox problems]] article to find the cause.
  ''To exit Firefox Safe Mode, just close Firefox and wait a few seconds before opening Firefox for normal use again.''
  When you figure out what's causing your issues, please let us know. It might help others with the same problem.

• IS THERE HARDWARE TO COPY FROM VCR TO THE ELEMENTS SOFTWARE?

  I am considering purchasing  the elements 8 to make movies with.  However, I have a vcr tape we made some time ago that I want to copy from the tape to the software to edit and make a training movie.  Is there hardware that comes with the elements that I can hook to the VCR and to the computer to copy the movie?  Thank you folks for the help.
  Dusty

  My way is probably a bit longer but it works for me as I don't need to do this way often, BUT I use my Toshiba VCR to DVD burner.  You can buy them fairly cheap, mine has a hard- drive but they come without and just burn directly to DVD.  Then I move the resulting VOB file from the DVD to my computer and use it in Premiere Elements.
  another way I've done it is to hook up my mini-DV camera to the VCR and tape it onto the camera and then CAPTURE in Premiere Elements.
  Have fun!
  Patricia

• REMOVING IPSEC VPN CONFIG FROM PIX 6.3 FIREWALL

  Hey,
  we have pix 6.3 serving as internet firewall and we are int process of replacing it with new ASA Device. currently there are several site to site and remote vpn are configured for access purposes. 
  i tried to remove one site2site ipsec vpn from pix and it starts acting like a loop generating the same error with qty that processor got 100% CPU, couldn't logged in through normal ssh so i connected via console and place back the isakmp and crypto map commands back in and the error stops.
  My purpose of this question is that how can i remove vpn config from pix without generating any error is there any formal process or order of removing rules from pix or we can do it one by one no order is required.
  MY PROCESS OF REMOVING CONFIG:
  REMOVE THE ACCESS-LIST INSIDEOUT AND OUTSIDE IN COMMANDS 
  REMOVE THE OBJECTS AND OBJECTS GROUPS
  REMOVE THE VPN DEFINED ACCESS-LIST FOR INTERESTING TRAFFIC
  REMOVE CRYPTO MAP TRANSFORM-SET
  REMOVE ISAKMP-POLICY
  REMOVE CRYPTO MAP 
  WE DO USE ISAKMP SHARED KAY MECHANISM "I DID NOT REMOVE THAT "
  BUT AS SOON AS I REMOVE THE CRYPTO MAP FROM THE PIX I GOT THIS ERROR
  IPSEC(crypto_map_check): crypto map XYZ 20 incomplete.  No peer or access-list specified.
  20 IS THE ISAKMP POLICY NUMBER & Peer and Access-list was removed from pix
  any help would great
  regards

  Hi
  You could do either of 2 things.
  1) Enable NAT-Traversal on your ASA
  2) Add the following on your pix :
  fixup protocol esp-ike
  This allows one IPSEC connection to run through PAT.
  HTH
  Jon

• Upgrading from PIX to ASA 5512X

  Hi everyone,
  We are in the middle of upgrading from two PIX's to some new ASA5512X's. To give you some background on the situation we are upgrading these since the PIXs are fairly old. We had one extra that we had to use since one PIX has failed already. The guy that implemented the PIXs orginally was learning how to do so as he went so there is alot of needless config in the PIX, atleast from what I can tell. Another guy that works with me has done some configuration on the new ASAs and has done the majority of it so far. Today we went to install the new ASAs and switch everything over hoping it would work, but that didn't happen. It seems that there is something wrong with our NAT and ACLs somewhere along the lines. The way our network is laid out is that we have two school campus with a site-to-site VPN one is 172.17.0.0/16 and the other is 172.18.0.0/16. We also have a remote-access VPN on both ASA's. When we connected the new ASAs up and brought up the interfaces, nothing on the inside could ping the internet nor the other side. The VPN showed active on the ASA's and each ASA could ping the others outside interface, but that was it. I have posted the configs below. If anyone could help out I would GREATLY appreciate it! Thank you in advance!
  ASA1:
  : Saved
  : Written by enable_15 at 04:26:18.240 CDT Tue Mar 12 2013
  ASA Version 8.6(1)2
  hostname dallasroadASA
  enable password **** encrypted
  passwd **** encrypted
  names
  interface GigabitEthernet0/0
  nameif outside
  security-level 0
  ip address 70.x.x.x 255.255.255.0
  interface GigabitEthernet0/1
  nameif inside
  security-level 100
  ip address 172.18.1.1 255.255.255.0
  interface GigabitEthernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/4
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/5
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  ftp mode passive
  clock timezone CST -6
  clock summer-time CDT recurring
  dns domain-lookup inside
  dns server-group DefaultDNS
  name-server 172.18.2.21
  name-server 172.18.2.20
  object network WS_VLAN2
  subnet 172.17.2.0 255.255.255.0
  object network WS_VLAN3
  subnet 172.17.3.0 255.255.255.0
  object network WS_VLAN4
  subnet 172.17.4.0 255.255.255.0
  object network WS_VLAN5
  subnet 172.17.5.0 255.255.255.0
  object network WS_VLAN6
  subnet 172.17.6.0 255.255.255.0
  object network WS_VLAN7
  subnet 172.17.7.0 255.255.255.0
  object network WS_VLAN8
  subnet 172.17.8.0 255.255.255.0
  object network WS_VLAN9
  subnet 172.17.9.0 255.255.255.0
  object network WS_VLAN10
  subnet 172.17.10.0 255.255.255.0
  object network WS_VLAN11
  subnet 172.17.11.0 255.255.255.0
  object network WS_VLAN12
  subnet 172.17.12.0 255.255.255.0
  object network WS_VLAN13
  subnet 172.17.13.0 255.255.255.0
  object network WS_VLAN14
  subnet 172.17.14.0 255.255.255.0
  object network WS_VLAN15
  subnet 172.17.15.0 255.255.255.0
  object network WS_VLAN16
  subnet 172.17.16.0 255.255.255.0
  object network DR_VLAN2
  subnet 172.18.2.0 255.255.255.0
  object network DR_VLAN3
  subnet 172.18.3.0 255.255.255.0
  object network DR_VLAN4
  subnet 172.18.4.0 255.255.255.0
  object network DR_VLAN5
  subnet 172.18.5.0 255.255.255.0
  object network DR_VLAN6
  subnet 172.18.6.0 255.255.255.0
  object network DR_VLAN7
  subnet 172.18.7.0 255.255.255.0
  object network DR_VLAN8
  subnet 172.18.8.0 255.255.255.0
  object network DR_VLAN9
  subnet 172.18.9.0 255.255.255.0
  object network DR_VLAN10
  subnet 172.18.10.0 255.255.255.0
  object network DR_CORE_SW
  host 172.18.2.1
  object network dallasdns02_internal
  host 172.18.2.21
  object network faithdallas03_internal
  host 172.18.2.20
  object network dns_external
  host 70.x.x.x
  object network WorthStreet
  subnet 172.17.0.0 255.255.0.0
  object network DallasRoad
  subnet 172.18.0.0 255.255.0.0
  object-group network DALLAS_VLANS
  network-object object DR_VLAN10
  network-object object DR_VLAN2
  network-object object DR_VLAN3
  network-object object DR_VLAN4
  network-object object DR_VLAN5
  network-object object DR_VLAN6
  network-object object DR_VLAN7
  network-object object DR_VLAN8
  network-object object DR_VLAN9
  object-group network WORTH_VLANS
  network-object object WS_VLAN10
  network-object object WS_VLAN11
  network-object object WS_VLAN12
  network-object object WS_VLAN13
  network-object object WS_VLAN14
  network-object object WS_VLAN15
  network-object object WS_VLAN16
  network-object object WS_VLAN2
  network-object object WS_VLAN3
  network-object object WS_VLAN4
  network-object object WS_VLAN5
  network-object object WS_VLAN6
  network-object object WS_VLAN7
  network-object object WS_VLAN8
  network-object object WS_VLAN9
  object-group network dallasitnetwork
  network-object host 172.18.2.20
  network-object host 172.18.2.40
  object-group protocol tcpudp
  protocol-object udp
  protocol-object tcp
  object-group network dallasroaddns
  network-object host 172.18.2.20
  network-object host 172.18.2.21
  object-group service tcpservices tcp
  port-object eq ftp
  port-object eq ftp-data
  port-object eq www
  port-object eq ssh
  object-group network remotevpnnetwork
  network-object 172.18.50.0 255.255.255.0
  access-list L2LAccesslist extended permit ip 172.18.0.0 255.255.0.0 172.17.0.0 255.255.0.0
  access-list NONAT extended permit ip any 172.18.50.0 255.255.255.0
  access-list inside_inbound_access extended permit ip 172.18.0.0 255.255.0.0 172.17.0.0 255.255.0.0
  access-list inside_inbound_access extended permit ip object-group dallasitnetwork any
  access-list inside_inbound_access extended permit object-group tcpudp object-group dallasroaddns any eq domain
  access-list inside_inbound_access extended permit ip host 172.18.4.10 any
  access-list inside_inbound_access extended deny object-group tcpudp any any eq domain
  access-list inside_inbound_access extended deny tcp any any eq smtp
  access-list inside_inbound_access extended permit ip any any
  access-list outside_inbound_access extended permit tcp any host 70.x.x.x object-group tcpservices
  pager lines 24
  mtu outside 1500
  mtu inside 1500
  mtu management 1500
  ip local pool vpnaddresspool 172.18.50.0-172.18.50.255
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  nat (inside,outside) source static dallasdns02_internal dns_external
  nat (inside,outside) source static faithdallas03_internal dns_external
  nat (inside,outside) source dynamic any interface
  nat (any,outside) source static remotevpnnetwork remotevpnnetwork destination static remotevpnnetwork remotevpnnetwork description NONAT for remote vpn users
  nat (inside,outside) source static DallasRoad DallasRoad destination static WorthStreet WorthStreet
  access-group outside_inbound_access in interface outside
  access-group inside_inbound_access in interface inside
  route outside 0.0.0.0 0.0.0.0 70.x.x.x 1
  route inside 172.18.0.0 255.255.0.0 172.18.1.2 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  ldap attribute-map CISCOMAP
    map-name  VPNALLOW IETF-Radius-Class
    map-value VPNALLOW FALSE NOACESS
    map-value VPNALLOW TRUE ALLOWACCESS
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server LDAP protocol ldap
  aaa-server LDAP (inside) host 172.17.2.28
  server-port 389
  ldap-base-dn DC=campus,DC=fcschool,DC=org
  ldap-scope subtree
  ldap-naming-attribute sAMAccountName
  ldap-login-password ****
  ldap-login-dn CN=fcsadmin,CN=Users,DC=campus,DC=fcschool,DC=org
  server-type microsoft
  ldap-attribute-map CISCOMAP
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 172.17.11.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
  crypto map outside_map 10 match address L2LAccesslist
  crypto map outside_map 10 set peer 71.x.x.x
  crypto map outside_map 10 set ikev1 transform-set myset
  crypto map outside_map 10 set reverse-route
  crypto map outside_map interface outside
  crypto ikev1 enable outside
  crypto ikev1 policy 1
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 65535
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  telnet timeout 5
  ssh 172.18.0.0 255.255.0.0 inside
  ssh 172.17.0.0 255.255.0.0 inside
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy NOACCESS internal
  group-policy NOACCESS attributes
  vpn-simultaneous-logins 0
  vpn-tunnel-protocol ikev1
  group-policy DfltGrpPolicy attributes
  dns-server value 172.18.2.20
  vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-clientless
  password-storage enable
  group-policy DallasRoad internal
  group-policy DallasRoad attributes
  dns-server value 172.18.2.20 172.18.2.21
  password-storage enable
  default-domain value campus.fcschool.org
  group-policy ALLOWACCESS internal
  group-policy ALLOWACCESS attributes
  banner value Now connected to the FCS Network
  vpn-tunnel-protocol ikev1
  username iwerkadmin password i6vIlW5ctGaR0l7n encrypted privilege 15
  tunnel-group remoteaccessvpn type remote-access
  tunnel-group remoteaccessvpn general-attributes
  address-pool vpnaddresspool
  authentication-server-group LDAP
  tunnel-group 71.x.x.x type ipsec-l2l
  tunnel-group 71.x.x.x ipsec-attributes
  ikev1 pre-shared-key ****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect ip-options
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny 
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip 
    inspect xdmcp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:fd69fbd7a2cb0a6a125308dd85302198
  : end
  ASA2:
  : Saved
  : Written by enable_15 at 09:27:47.579 UTC Tue Mar 12 2013
  ASA Version 8.6(1)2
  hostname worthstreetASA
  enable password **** encrypted
  passwd **** encrypted
  names
  interface GigabitEthernet0/0
  nameif outside
  security-level 0
  ip address 71.x.x.x 255.255.255.0
  interface GigabitEthernet0/1
  nameif inside
  security-level 100
  ip address 172.17.1.1 255.255.255.0
  interface GigabitEthernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/4
  shutdown
  no nameif
  no security-level
  no ip address
  interface GigabitEthernet0/5
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  boot system disk0:/asa861-2-smp-k8.bin
  ftp mode passive
  dns domain-lookup inside
  dns server-group DefaultDNS
  name-server 172.17.2.23
  name-server 172.17.2.28
  object network mail_external
  host 71.x.x.x
  object network mail_internal
  host 172.17.2.57
  object network faweb_external
  host 71.x.x.x
  object network netclassroom_external
  host 71.x.x.x
  object network blackbaud_external
  host 71.x.x.x
  object network netclassroom_internal
  host 172.17.2.41
  object network nagios
  host 208.x.x.x
  object network DallasRoad_ASA
  host 70.x.x.x
  object network WS_VLAN2
  subnet 172.17.2.0 255.255.255.0
  object network WS_VLAN3
  subnet 172.17.3.0 255.255.255.0
  object network WS_VLAN4
  subnet 172.17.4.0 255.255.255.0
  object network WS_VLAN5
  subnet 172.17.5.0 255.255.255.0
  object network WS_VLAN6
  subnet 172.17.6.0 255.255.255.0
  object network WS_VLAN7
  subnet 172.17.7.0 255.255.255.0
  object network WS_VLAN8
  subnet 172.17.8.0 255.255.255.0
  object network WS_VLAN9
  subnet 172.17.9.0 255.255.255.0
  object network WS_VLAN10
  subnet 172.17.10.0 255.255.255.0
  object network WS_VLAN11
  subnet 172.17.11.0 255.255.255.0
  object network WS_VLAN12
  subnet 172.17.12.0 255.255.255.0
  object network WS_VLAN13
  subnet 172.17.13.0 255.255.255.0
  object network WS_VLAN14
  subnet 172.17.14.0 255.255.255.0
  object network WS_VLAN15
  subnet 172.17.15.0 255.255.255.0
  object network WS_VLAN16
  subnet 172.17.16.0 255.255.255.0
  object network DR_VLAN2
  subnet 172.18.2.0 255.255.255.0
  object network DR_VLAN3
  subnet 172.18.3.0 255.255.255.0
  object network DR_VLAN4
  subnet 172.18.4.0 255.255.255.0
  object network DR_VLAN5
  subnet 172.18.5.0 255.255.255.0
  object network DR_VLAN6
  subnet 172.18.6.0 255.255.255.0
  object network DR_VLAN7
  subnet 172.18.7.0 255.255.255.0
  object network DR_VLAN8
  subnet 172.18.8.0 255.255.255.0
  object network DR_VLAN9
  subnet 172.18.9.0 255.255.255.0
  object network DR_VLAN10
  subnet 172.18.10.0 255.255.255.0
  object network WS_CORE_SW
  host 172.17.2.1
  object network blackbaud_internal
  host 172.17.2.26
  object network spiceworks_internal
  host 172.17.2.15
  object network faweb_internal
  host 172.17.2.31
  object network spiceworks_external
  host 71.x.x.x
  object network WorthStreet
  subnet 172.17.0.0 255.255.0.0
  object network DallasRoad
  subnet 172.18.0.0 255.255.0.0
  object network remotevpnnetwork
  subnet 172.17.50.0 255.255.255.0
  object-group icmp-type echo_svc_group
  icmp-object echo
  icmp-object echo-reply
  object-group service mail.fcshool.org_svc_group
  service-object icmp
  service-object icmp echo
  service-object icmp echo-reply
  service-object tcp destination eq www
  service-object tcp destination eq https
  service-object tcp destination eq imap4
  service-object tcp destination eq pop3
  service-object tcp destination eq smtp
  object-group service nagios_svc_group tcp
  port-object eq 12489
  object-group service http_s_svc_group tcp
  port-object eq www
  port-object eq https
  object-group network DALLAS_VLANS
  network-object object DR_VLAN10
  network-object object DR_VLAN2
  network-object object DR_VLAN3
  network-object object DR_VLAN4
  network-object object DR_VLAN5
  network-object object DR_VLAN6
  network-object object DR_VLAN7
  network-object object DR_VLAN8
  network-object object DR_VLAN9
  object-group network WORTH_VLANS
  network-object object WS_VLAN10
  network-object object WS_VLAN11
  network-object object WS_VLAN12
  network-object object WS_VLAN13
  network-object object WS_VLAN14
  network-object object WS_VLAN15
  network-object object WS_VLAN16
  network-object object WS_VLAN2
  network-object object WS_VLAN3
  network-object object WS_VLAN4
  network-object object WS_VLAN5
  network-object object WS_VLAN6
  network-object object WS_VLAN7
  network-object object WS_VLAN8
  network-object object WS_VLAN9
  object-group network MailServers
  network-object host 172.17.2.57
  network-object host 172.17.2.58
  network-object host 172.17.2.17
  object-group protocol DM_INLINE_PROTOCOL
  protocol-object ip
  protocol-object udp
  protocol-object tcp
  object-group network DNS_Servers
  network-object host 172.17.2.23
  network-object host 172.17.2.28
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  access-list outside_access_in extended permit object-group mail.fcshool.org_svc_group any object mail_internal
  access-list outside_access_in extended permit tcp object nagios object mail_internal object-group nagios_svc_group
  access-list outside_access_in extended permit tcp any object faweb_external object-group http_s_svc_group
  access-list outside_access_in extended permit tcp any object netclassroom_external object-group http_s_svc_group
  access-list outside_access_in extended permit tcp any object blackbaud_external eq https
  access-list outside_access_in extended permit tcp any object spiceworks_external object-group http_s_svc_group
  access-list L2LAccesslist extended permit ip 172.17.0.0 255.255.0.0 172.18.0.0 255.255.0.0
  access-list inside_inbound extended permit object-group TCPUDP object-group DNS_Servers any eq domain
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL host 172.17.15.10 any inactive
  access-list inside_access_in extended permit tcp object-group MailServers any eq smtp
  access-list inside_access_in extended permit tcp host 172.17.14.10 any eq smtp
  access-list inside_access_in extended deny object-group TCPUDP any any eq domain
  access-list inside_access_in extended deny tcp any any eq smtp
  access-list inside_access_in extended permit ip any any
  access-list vpn_access extended permit ip any any
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  mtu management 1500
  ip local pool vpnaddresspool 172.17.50.1-172.17.50.255
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-66114.bin
  no asdm history enable
  arp timeout 14400
  nat (inside,outside) source static mail_internal mail_external
  nat (inside,outside) source static netclassroom_internal netclassroom_external
  nat (inside,outside) source static faweb_internal faweb_external
  nat (inside,outside) source static spiceworks_internal interface
  nat (inside,outside) source static blackbaud_internal blackbaud_external
  nat (inside,outside) source dynamic any interface
  nat (inside,outside) source static WorthStreet WorthStreet destination static DallasRoad DallasRoad
  nat (any,outside) source static remotevpnnetwork remotevpnnetwork destination static remotevpnnetwork remotevpnnetwork description NONAT for remote vpn users
  access-group outside_access_in in interface outside
  access-group inside_access_in in interface inside
  route outside 0.0.0.0 0.0.0.0 71.x.x.x 1
  route inside 172.17.0.0 255.255.0.0 172.17.2.1 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  ldap attribute-map CISCOMAP
    map-name  VPNALLOW IETF-Radius-Class
    map-value VPNALLOW FALSE NOACESS
    map-value VPNALLOW TRUE ALLOWACCESS
  dynamic-access-policy-record DfltAccessPolicy
  network-acl vpn_access
  aaa-server LDAP protocol ldap
  aaa-server LDAP (inside) host 172.17.2.28
  ldap-base-dn DC=campus,DC=fcschool,DC=org
  ldap-scope subtree
  ldap-naming-attribute sAMAccountName
  ldap-login-password Iw@FCS730w
  ldap-login-dn CN=VPN Admin,CN=Users,DC=campus,DC=fcschool,DC=org
  server-type microsoft
  ldap-attribute-map CISCOMAP
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 172.17.0.0 255.255.0.0 inside
  http 172.18.0.0 255.255.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec ikev1 transform-set myset esp-aes-256 esp-sha-hmac
  crypto map outside_map 10 match address L2LAccesslist
  crypto map outside_map 10 set peer 70.x.x.x
  crypto map outside_map 10 set ikev1 transform-set myset
  crypto map outside_map 10 set reverse-route
  crypto map outside_map interface outside
  crypto ikev1 enable outside
  crypto ikev1 policy 1
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  crypto ikev1 policy 65535
  authentication pre-share
  encryption aes
  hash sha
  group 2
  lifetime 86400
  telnet 172.17.0.0 255.255.0.0 inside
  telnet 172.18.0.0 255.255.0.0 inside
  telnet 192.168.1.0 255.255.255.0 inside
  telnet timeout 5
  ssh 172.17.0.0 255.255.0.0 inside
  ssh 172.18.0.0 255.255.0.0 inside
  ssh 192.168.1.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  management-access management
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl encryption aes256-sha1 aes128-sha1 3des-sha1
  webvpn
  group-policy NOACCESS internal
  group-policy NOACCESS attributes
  vpn-simultaneous-logins 0
  vpn-tunnel-protocol ikev1
  group-policy ALLOWACCESS internal
  group-policy ALLOWACCESS attributes
  banner value Now connected to the FCS Network
  vpn-tunnel-protocol ikev1
  username iwerkadmin password i6vIlW5ctGaR0l7n encrypted privilege 15
  tunnel-group 70.x.x.x type ipsec-l2l
  tunnel-group 70.x.x.x ipsec-attributes
  ikev1 pre-shared-key FC$vpnn3tw0rk
  tunnel-group remoteaccessvpn type remote-access
  tunnel-group remoteaccessvpn general-attributes
  address-pool vpnaddresspool
  authentication-server-group LDAP
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:b599ba0f719f39b213e7f01fe55588ac
  : end

  Hi Derrick,
  I just did the same for a customer; replaced 2 PIX515s failover cluster with 5512X. The NAT change is major with ASAs version 8.3 and later...
  here's what you need: a manual NAT rule called twice NAT (policy NAT or NONAT is the old terminology) for the VPNs to work. also add the no-proxy-arp keyword:
  nat (inside,outside) source static INSIDE_NETWORKS INSIDE_NETWORKS VPN_NETWORKS VPN_NETWORKS no-proxy-arp
  nat (inside,outside) source static INSIDE_NETWORKS INSIDE_NETWORKS RA_VPN_NETWORKS RA_VPN_NETWORKS no-proxy-arp
  then the dynamic PAT for internet access (after the twice NATs for VPN); could be a manual NAT like you did, or preferred an object NAT.
  you did:
  nat (inside,outside) source dynamic any interface
  would also work with object nat:
  object network INSIDE_NETWORKS
  subnet ...
  nat (inside,outside) dynamic interface
  Same on the other side (except the networks are reversed since the inside network is now what the other side refers to as vpn network and vice versa)
  If you don't put the no-proxy-arp, your NAT configuration will cause network issues.
  also to be able to pass pings through ASA, add the following:
  policy-map global_policy
  class inspection_default
    inspect icmp
  The asa will do some basic inspection of the ICMP protocol with that config ex. it will make sure there is 1 echo-reply for each echo-request...
  hope that helps,
  Patrick

• Shared Public IP to two Servers - ASA 5510 8.3. NAT/PAT

  I have a situation where we have a single DMZ server currently statically forwarded to a single public IP.  TCP ports 80, 443, 8080, 8500, 53, and 21 are open to this server via an access list.
  However, we have added an additional server to the DMZ, and because our web developers did not communicate with me beforehand, we are forced to use the same DNS name (thus, the same piblic IP) for this server.  This server only needs traffic on TCP/8800 forwarded to it.
  I am using ASDM 6.4 for configuration of this, as I am required to take multiple screen shots of the procedure for our change control policy.
  My question lies in the reconfiguration of NAT/ PAT.  Since our current server has a single static NAT to a single public IP, it is simply natted for "any" port.  I understand that I can add the new server as an object, and only PAT it on TCP 8800, but will I then have to go back and reconfigure the first server multiple times for PAT, or will the ASA notice the specific PAT, and forward 8800 to the new server without affecting the existing "old" server?
  It appears ASDM will not allow me to put multiple ports into a single network object.  I am assuming I will need to add 6 separate object translations for the "old" server based on TCP port, and 1 object translation for the "new" server, correct?

  OK, so I beleive I've truncated this down to what you need in order to give me a hand.  Remember that I must configure this using ADSM for screenshot purposes.  There is currently a temporary static one-to-one NAT in place for NCAFTP01 until we resolve the outbound issue, but I realize this must be removed to properly test.  I'll explain the desired topology below the config.:
  : Saved
  ASA Version 8.3(1)
  hostname ASA-SVRRM-5510
  domain-name domain.corp
  names
  name 10.20.1.23 NCASK333
  name 10.20.1.40 Barracuda
  interface Ethernet0/0
  nameif Outside
  security-level 0
  ip address 1.1.1.3 255.255.255.248
  interface Ethernet0/1
  description DMZ
  nameif DMZ
  security-level 20
  ip address 172.16.10.1 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  nameif Inside
  security-level 100
  ip address 10.20.1.249 255.255.0.0
  object network mail.domain.com
  host 10.20.1.40
  object network NCASK333
  host 10.20.1.23
  object network obj-10.20.1.218
  host 10.20.1.218
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network NETWORK_OBJ_10.192.0.0_16
  subnet 10.192.0.0 255.255.0.0
  object network NETWORK_OBJ_10.20.0.0_16
  subnet 10.20.0.0 255.255.0.0
  object network Remote Site
  host 10.1.1.1
  object network NCAFTP01:80
  host 172.16.10.10
  object network 1.1.1.5
  host 1.1.1.5
  object network NCASK820
  host 10.20.1.61
  description Exchange Server/ KMS
  object service AS2
  service tcp source eq 8800 destination eq 8800
  object network NCAFTP01:21
  host 172.16.10.10
  object network NCAFTP01:443
  host 172.16.10.10
  object network NCAFTP01:53
  host 172.16.10.10
  object network NCAFTP01:53UDP
  host 172.16.10.10
  object network NCAFTP01:8080
  host 172.16.10.10
  object network NCAFTP01:8500
  host 172.16.10.10
  object network NCAFTP01:5080
  host 172.16.10.10
  object network NCADMZ02:8800
  host 172.16.10.11
  object network NCAFTP01
  host 172.16.10.10
  object-group service DM_INLINE_SERVICE_1
  service-object gre
  service-object tcp destination eq pptp
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq www
  port-object eq https
  port-object eq imap4
  port-object eq pop3
  port-object eq smtp
  port-object eq domain
  object-group service DM_INLINE_SERVICE_2
  service-object icmp
  service-object icmp traceroute
  object-group service DM_INLINE_SERVICE_3
  service-object tcp destination eq 8080
  service-object tcp destination eq 8500
  service-object tcp destination eq domain
  service-object tcp destination eq ftp
  service-object tcp destination eq www
  service-object tcp destination eq https
  service-object udp destination eq domain
  service-object icmp
  service-object tcp destination eq 5080
  service-object object AS2
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_TCP_3 tcp
  port-object eq 8080
  port-object eq www
  port-object eq https
  port-object eq echo
  object-group network DM_INLINE_NETWORK_5
  network-object 172.16.10.0 255.255.255.0
  nat (Inside,any) source static any any destination static obj-10.192.0.0 obj-10.192.0.0
  nat (Inside,ATTOutside) source static NETWORK_OBJ_10.20.0.0_16 NETWORK_OBJ_10.20.0.0_16 destination static NETWORK_OBJ_10.192.0.0_16 NETWORK_OBJ_10.192.0.0_16
  nat (Inside,ATTOutside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_10.192.0.0_16 NETWORK_OBJ_10.192.0.0_16
  object network mail.domain.com
  nat (Inside,ATTOutside) static 1.1.1.4
  object network NCASK333
  nat (Inside,ATTOutside) static 1.1.1.6
  object network obj-10.20.1.218
  nat (Inside,ATTOutside) static 1.1.1.2
  object network obj_any
  nat (Inside,ATTOutside) dynamic interface
  object network NCAFTP01:80
  nat (any,ATTOutside) static 1.1.1.5 service tcp www www
  object network NCAFTP01:21
  nat (any,ATTOutside) static 1.1.1.5 service tcp ftp ftp
  object network NCAFTP01:443
  nat (any,ATTOutside) static 1.1.1.5 service tcp https https
  object network NCAFTP01:53
  nat (any,ATTOutside) static 1.1.1.5 service tcp domain domain
  object network NCAFTP01:53UDP
  nat (any,ATTOutside) static 1.1.1.5 service udp domain domain
  object network NCAFTP01:8080
  nat (any,ATTOutside) static 1.1.1.5 service tcp 8080 8080
  object network NCAFTP01:8500
  nat (any,ATTOutside) static 1.1.1.5 service tcp 8500 8500
  object network NCAFTP01:5080
  nat (any,ATTOutside) static 1.1.1.5 service tcp 5080 5080
  object network NCADMZ02:8800
  nat (any,ATTOutside) static 1.1.1.5 service tcp 8800 8800
  object network NCAFTP01
  nat (any,ATTOutside) static 1.1.1.5
  nat (DMZ,ATTOutside) after-auto source dynamic obj_any interface
  timeout xlate 3:00:00
  class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect pptp
  class class-default
  : end
  Coming from the outside to public IP 1.1.1.5, we want ports 80, 443, 8080, 8500, 21, and 53 to translate to NCAFTP01/ 172.16.10.10.  We want traffic sent to 1.1.1.5 on "AS2" (tcp port 8800) to translate to NCADMZ02/172.16.10.11. 
  This part is functional, as you instructed above, I simply needed to create individual PAT statements. 
  My current issue lies in the outbound translation.  When we send a request out from NCAFTP01/ 172.16.10.10 on any port, we want it to translate to a public IP of 1.1.1.5.  When we send a request out from NCADMZ02/172.16.10.11, we also want it to translate to 1.1.1.5.  So in effect, we want it to NAT both devices outbound to the same public IP, but use PAT inbound.  These are the only two devices in our DMZ, so if I can simply translate all traffic from the DMZ network outbound to 1.1.1.5, I feel it would be the simplest solution.  My question is if we do this, when a request comes inbound from the outside, would the translation fall over to PAT?
  This comes about because the client on the outside requires us to use a specific IP to connect to thier EDI server on port 5080.

• Need to create a transport of SD config data from DEV 120 to DEV 110

  During our conversion some config modifications were mad in DEV 120 instead of DEV 110.
  I need to get the config:
  SPRO> Sales Distribution> Billing> Billing Documents> copy sales documents to Billing documents
  From 120 to 110.
  I have tried to force a transport creation in 120, and used SCC1 to import into 110, but no data comes over.
  How can I force all the data from these config tables to load into a transport so can send from 120 to 110.
  Thanks,
  Bev Barbush

  Hi Beverly,
  I would try bringing this transport in via STMS and then reviewing the import log to see why the data is not going across. What I've normally seen in this situation is the data was not correctly added to the transport before it was imported.
  I would NOT copy config tables back from the QAS system. Copying select portions of config data from one system to another is likely to break all sorts of logical relationships between tables.
  Have you guys tried running a config comparison between 110 and 120 to see what the actual differences are?
  Hope that helps.
  J. Haynes

• Link to configuration convertor tool from PIX to ASA

                     Hi,
  I have been looking unsuccessfully for the Cisco tool that take the PIX config an dconvert it to ASA (PIX 5125 to ASA 5520). I was wondering if I need that and if its a Yes, where I can find that Tool on the Cisco Site please?
  Regards,
  Masood

  hello again,
  this cofiguration has really confused me since it has the standby keyword under the inside interface!? I do not want to change any configs under the inside interface of my current PIX confiuration.
  Would you please be able to tell me what I need to type on the ASAs to configure them for this cable based failover?
  here is what the link you suggested has listed which ias confusing since it has the standby keyowrd under the inside interface?
  interface Ethernet0/0
  nameif outside
  security-level 0
  ip address 172.22.1.252 255.255.255.0 standby 172.22.1.253
  no shut
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 10.10.10.10 255.255.255.0 standby 10.10.10.11
  no shut
  interface Ethernet0/2
  nameif dmz
  security-level 50
  ip address 192.168.60.1 255.255.255.0 standby 192.168.60.2
  no shut interface Ethernet0/0
  nameif outside
  security-level 0
  ip address 172.22.1.252 255.255.255.0 standby 172.22.1.253
  no shut
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 10.10.10.10 255.255.255.0 standby 10.10.10.11
  no shut
  interface Ethernet0/2
  nameif dmz
  security-level 50
  ip address 192.168.60.1 255.255.255.0 standby 192.168.60.2
  no shut
  and the STANDBY:
  failover
  failover lan unit secondary
  failover lan interface failover Ethernet0/3
  failover key *****
  failover interface ip failover 192.168.55.1 255.255.255.0 standby 192.168.55.2
  Now, I already have the configs from PIX 525 which I am going to paste directly onto the ASA which has been doengraded to 8.2.3.
  so how does it works with the failover configuration?
  can you please advise on how I go about the followings:
  1- configure failover before I past the PIX config onto the ASA?
  2- paste config for PIX 525 onto the ASA which I have already downgraded the ASA to 8.2.3 version.
  Please advise.
  Regards,
  Masood

• Field setting when collective conversion from planned order to PR

  Dear expert:
  Is there any way(except ABAP enhancement) to add the field "tracking number" in MD15 when I conduct collective conversion from planned order to PR. Seems in standard config this field in not included in this screen. I have set this field as a mandatory field, but even though when I conduct the conversion, this field still can not be displayed in the MD15 conversion screen.

  Hi,
  There are following T. Codes to convert Planned Order to PR;
  MD14 - Individual Conversion
  MD15 - Collective Conversion
  MDUM - In Background
  Also MD04
  User Exit is LMDZU001 - User exits in additional planning

• 3 SATA and 1 PATA config problem

  I have been using 2 non-RAID SATA drives and 1 DVD drive and now want to add an additional SATA drive.   No matter what I change in the BIOS for the SATA/PATA config, I can not get this 3rd SATA to be seen.
  Any suggestions?
  TIA,
  Rick

  You don't say which board specifically you have but since you are adding a 3rd SATA drive, I assume it's an FIS2R with Serial1-4 connectors and IDE1-3 connectors.
  I'll also assume you are adding the SATA drive to Serial3 or 4.
  Serial3&4, and IDE 3 are on the Promise controller(a seperate controller from the Intel one where all your other stuff is located). The only place to activate this controller in the Bios is Bios>>Integrated Peripherals>>Promise Controller-Set to "As SATA" if you have no interest in setting up a Raid here.
  Save Bios and you should see a very quick screen flash during the next boot with the drive info. There's nothing to configure in "As SATA" mode.
  When XP boots it will probably find a "new device". Choose not to install drivers. Then load your MSI CD and  select to install the Promise U-SATA driver for WinXP.
  You should now be able to partition/format the drive if it isn't already.