Need Help in configuring Antivirus on content services
Hi All,
We are using Content Services 10.1.2.3.4 and for antivirus we are using Symnatec Antivirus Scan Engine(SAVSE) 5.1. We have installed Antivirus on both the boxes separately and while configuring the domain properties we are facing problem--> when we change the domain properties of one server it is automatically reflecting in the domain properties of the other server(for eg: if we change the hostname on server1 the same value is reflecting in server2 where we have previously kept server2's hostname).
Kindly suggest me how to proceed further I am following content services admin guide(B25275-04) for configuring antivirus
Regards
Vinil
Hi All,
We are using Content Services 10.1.2.3.4 and for antivirus we are using Symnatec Antivirus Scan Engine(SAVSE) 5.1. We have installed Antivirus on both the boxes separately and while configuring the domain properties we are facing problem--> when we change the domain properties of one server it is automatically reflecting in the domain properties of the other server(for eg: if we change the hostname on server1 the same value is reflecting in server2 where we have previously kept server2's hostname).
Kindly suggest me how to proceed further I am following content services admin guide(B25275-04) for configuring antivirus
Regards
Vinil
Similar Messages
-
I have a PC and a need help to configure my external hard disk on my network. Thanks
I have a PC and a need help to configure my external hard disk on my network. Thanks
If you mean you wish to plug a USB drive into the Airport Extreme router (or TC not express) that is easy..
The disk must be formatted FAT32.. as if.. stay away from FAT .. or HFS+ ie Mac OS extended Journaled.
Format the disk on a Mac is best.. and even use GUID partition scheme not MBR.
The PC has no issue writing and reading files because this is a network drive.. The PC does not write to the drive.. it writes files to the Airport OS which writes and reads the disk and passes the info using standard windows SMB.. To the windows computer it will be a Windows NT server.. FAT32 setup.
If your setup is different.. to my hugely guessed assumptions.. give details.. always helps to have.. make and model.
Make and model of disk.. make and model of router.. how the setup will be done.. what windows OS you run.. etc etc.
As it stands your question could have nothing to do with apple at all.. other than you posted in a forum so I guess there is something apple in there somewhere. -
Hi All,
I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
2811 having C2800NM-ADVIPSERVICESK9-M
2811 router connects to the Internet SW then connects to the Internet router.
Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
Below is router config for VPN & NAT
crypto keyring ISR_Keyring
pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
crypto isakmp profile isa-profile
keyring ISR_Keyring
self-identity user-fqdn [email protected]
match identity user vpn-proxy.websense.net
crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
set peer vpn.websense.net dynamic
set transform-set ESP-NULL-SHA
set isakmp-profile isa-profile
match address 101
interface FastEthernet0/1
description connected to Internet
ip address 216.222.208.101 255.255.255.128
ip access-group HVAC_Public in
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
crypto map GUEST_WEB_FILTER
access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
access-list 103 deny ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
access-list 103 permit ip 192.168.8.0 0.0.3.255 any
ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
ip nat inside source list 103 interface FastEthernet0/1 overload
ip nat inside source route-map nonat pool mypool overloadHow does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
Check
show crypto isakmp sa
show crypto ipsec sa
show crypto session
You'd better remove the preshared key from your post. -
Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
The following is the Layout:
There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
I have been able to configure Client to Site IPSec VPN
1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
But I have not been able to make tradiotional Hairpinng model work in this scenario.
I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
running-conf --- Working normal Client to Site VPN without internet access/split tunnel
ASA Version 8.2(1)
hostname ciscoasa
domain-name cisco.campus.com
enable password xxxxxxxxxxxxxx encrypted
passwd xxxxxxxxxxxxxx encrypted
names
interface GigabitEthernet0/0
nameif internet1-outside
security-level 0
ip address 1.1.1.1 255.255.255.240
interface GigabitEthernet0/1
nameif internet2-outside
security-level 0
ip address 2.2.2.2 255.255.255.224
interface GigabitEthernet0/2
nameif dmz-interface
security-level 0
ip address 10.0.1.1 255.255.255.0
interface GigabitEthernet0/3
nameif campus-lan
security-level 0
ip address 172.16.0.1 255.255.0.0
interface Management0/0
nameif CSC-MGMT
security-level 100
ip address 10.0.0.4 255.255.255.0
boot system disk0:/asa821-k8.bin
boot system disk0:/asa843-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name cisco.campus.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network cmps-lan
object-group network csc-ip
object-group network www-inside
object-group network www-outside
object-group service tcp-80
object-group service udp-53
object-group service https
object-group service pop3
object-group service smtp
object-group service tcp80
object-group service http-s
object-group service pop3-110
object-group service smtp25
object-group service udp53
object-group service ssh
object-group service tcp-port
object-group service udp-port
object-group service ftp
object-group service ftp-data
object-group network csc1-ip
object-group service all-tcp-udp
access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
access-list CSC-OUT extended permit ip host 10.0.0.5 any
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
access-list CAMPUS-LAN extended permit ip any any
access-list csc-acl remark scan web and mail traffic
access-list csc-acl extended permit tcp any any eq smtp
access-list csc-acl extended permit tcp any any eq pop3
access-list csc-acl remark scan web and mail traffic
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
access-list INTERNET2-IN extended permit ip any host 1.1.1.2
access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
access-list DNS-inspect extended permit tcp any any eq domain
access-list DNS-inspect extended permit udp any any eq domain
access-list capin extended permit ip host 172.16.1.234 any
access-list capin extended permit ip host 172.16.1.52 any
access-list capin extended permit ip any host 172.16.1.52
access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
access-list capout extended permit ip host 2.2.2.2 any
access-list capout extended permit ip any host 2.2.2.2
access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu internet1-outside 1500
mtu internet2-outside 1500
mtu dmz-interface 1500
mtu campus-lan 1500
mtu CSC-MGMT 1500
ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
ip verify reverse-path interface internet2-outside
ip verify reverse-path interface dmz-interface
ip verify reverse-path interface campus-lan
ip verify reverse-path interface CSC-MGMT
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (internet1-outside) 1 interface
global (internet2-outside) 1 interface
nat (campus-lan) 0 access-list campus-lan_nat0_outbound
nat (campus-lan) 1 0.0.0.0 0.0.0.0
nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
access-group INTERNET2-IN in interface internet1-outside
access-group INTERNET1-IN in interface internet2-outside
access-group CAMPUS-LAN in interface campus-lan
access-group CSC-OUT in interface CSC-MGMT
route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
http server enable
http 10.0.0.2 255.255.255.255 CSC-MGMT
http 10.0.0.8 255.255.255.255 CSC-MGMT
http 1.2.2.2 255.255.255.255 internet2-outside
http 1.2.2.2 255.255.255.255 internet1-outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map internet2-outside_map interface internet2-outside
crypto ca trustpoint _SmartCallHome_ServerCA
crl configure
crypto ca certificate chain _SmartCallHome_ServerCA
certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
a67a897as a67a897as a67a897as a67a897as a67a897as
quit
crypto isakmp enable internet2-outside
crypto isakmp policy 10
authentication pre-share
encryption aes
hash md5
group 2
lifetime 86400
telnet 10.0.0.2 255.255.255.255 CSC-MGMT
telnet 10.0.0.8 255.255.255.255 CSC-MGMT
telnet timeout 5
ssh 1.2.3.3 255.255.255.240 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet1-outside
ssh 1.2.2.2 255.255.255.255 internet2-outside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
group-policy VPN_TG_1 internal
group-policy VPN_TG_1 attributes
vpn-tunnel-protocol IPSec
username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
username administrator password xxxxxxxxxxxxxx encrypted privilege 15
username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
username vpnuser1 attributes
vpn-group-policy VPN_TG_1
tunnel-group VPN_TG_1 type remote-access
tunnel-group VPN_TG_1 general-attributes
address-pool vpnpool1
default-group-policy VPN_TG_1
tunnel-group VPN_TG_1 ipsec-attributes
pre-shared-key *
class-map cmap-DNS
match access-list DNS-inspect
class-map csc-class
match access-list csc-acl
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class csc-class
csc fail-open
class cmap-DNS
inspect dns preset_dns_map
service-policy global_policy global
prompt hostname context
Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
: end
Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
Thanks & Regards
maxsHi Jouni,
Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
But my problem is not solved fully here.
Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
Here the packet tracer output for the traffic:
packet-tracer output
asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
MAC Access list
Phase: 2
Type: FLOW-LOOKUP
Subtype:
Result: ALLOW
Config:
Additional Information:
Found no matching flow, creating a new flow
Phase: 3
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 172.16.0.0 255.255.0.0 campus-lan
Phase: 4
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 192.168.150.1 255.255.255.255 internet2-outside
Phase: 5
Type: ACCESS-LIST
Subtype: log
Result: ALLOW
Config:
access-group internnet1-in in interface internet2-outside
access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
Additional Information:
Phase: 6
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 7
Type: CP-PUNT
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 8
Type: VPN
Subtype: ipsec-tunnel-flow
Result: ALLOW
Config:
Additional Information:
Phase: 9
Type: NAT-EXEMPT
Subtype: rpf-check
Result: ALLOW
Config:
Additional Information:
Phase: 10
Type: NAT
Subtype:
Result: DROP
Config:
nat (internet2-outside) 1 192.168.150.0 255.255.255.0
match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
dynamic translation to pool 1 (No matching global)
translate_hits = 14, untranslate_hits = 0
Additional Information:
Result:
input-interface: internet2-outside
input-status: up
input-line-status: up
output-interface: internet2-outside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
dynamic nat
asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
Is it possible to access both
1)LAN behind ASA
2)INTERNET via HAIRPINNING
simultaneously via a single tunnel-group?
If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
Thanks & Regards
Abhijit -
Need Help:Handling CLOB in OSB Proxy Service
Hello All-
We have created an AQ in Oracle DB which will have the following message Structure:
CREATE OR REPLACE TYPE enqueue_payload AS OBJECT
( field1 VARCHAR2(100),
field2 VARCHAR2(100),
field3 DATE,
field4 VARCHAR2(100),
field5 NUMBER,
payload CLOB,
In the Payload field we are enqueing an XML message.
We have to use a OSB proxy service to dequeue the message from the AQ, transform it to another format and send to a SOA Composite.
We created a AQ Adapter in Jdeveloper 11g and imported the WSDL, XSD and .jca jca binding file into the OSB project. And configured the OSB proxy service using the WSDL imported.
However in OSB proxy service message flow when I try to create an XQUERY transformation, I see that the Payload field does not expose the structure of the XML message that is being enqueued. I even changed the message structure definition to have the payload field as XMLType. But it didn't help.
On analyzing the XSD created by AQ Adapter, I see that the payload is being defined as "string" in the XSD.
Inputs Needed
=========
1. How can we parse the payload field defined as CLOB/XMLType in OSB so that I can see the structure of the XML message it holds ?
2. Is there any in-built function in OSB to convert it to XML ?
3. Any other inputs in order to transform the XML message coming in the payload field as CLOB/XMLType
Please provide your inputs and I hope that I have clearly explained my use case.
Thanks in advance for your time and help!!
Regards,
DibyaHi Atheek-
Please find the logs below:
Payload:: Indicates the actual payload with all the headers fields coming from AQ
Payload After Applying the Function:: Indicates the data that is logged after applying the fn-bea:inlinedXML function.
The function fn-bea:inlinedXML is extracting the data from the XML tags :(
####<Dec 20, 2010 12:14:26 PM GMT+05:30> <Info> <ALSB Logging> <vhydaiavm-03> <osb_server1> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <BEA1-000A464703C2C06A4338> <6751713a0ce9f61d:-6e70b631:12d02855fef:-7ff4-0000000000000002> <1292827466595> <BEA-000000> < [PipelinePairNode1, PipelinePairNode1_request, stage1, REQUEST] Payload:: <apps:ORA_FUSION_LOAD_XMLTYPE xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:apps="http://xmlns.oracle.com/xdb/APPS">
*<RICE_ID>PRJ_INT_30</RICE_ID>*
*<SOURCE_SYSTEM>ORACLE</SOURCE_SYSTEM>*
*<DATETIME>2010-12-20T10:49:17.000Z</DATETIME>*
*<TRANSACTION_ID>PRJ_INT_30-1</TRANSACTION_ID>*
*<RECORD_COUNT>1</RECORD_COUNT>*
*<PAYLOAD><![CDATA[<ALTPPSEGHIERARCHY><sgmt_name>Company</sgmt_name><include_parent_child>C</include_parent_child><parent_flex_value>P</parent_flex_value><child_flex_value_low>03</child_flex_value_low><child_flex_value_high>03</child_flex_value_high><start_date_active></start_date_active><end_date_active></end_date_active></ALTPPSEGHIERARCHY>]]></PAYLOAD>*
*<ATTRIBUTE1 NULL="TRUE"/>*
*<ATTRIBUTE2 NULL="TRUE"/>*
*<ATTRIBUTE3 NULL="TRUE"/>*
*<ATTRIBUTE4 NULL="TRUE"/>*
*<ATTRIBUTE5 NULL="TRUE"/>*
*</apps:ORA_FUSION_LOAD_XMLTYPE>>*
####<Dec 20, 2010 12:14:26 PM GMT+05:30> <Info> <ALSB Logging> <vhydaiavm-03> <osb_server1> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <BEA1-000A464703C2C06A4338> <6751713a0ce9f61d:-6e70b631:12d02855fef:-7ff4-0000000000000002> <1292827466595> <BEA-000000> < [PipelinePairNode1, PipelinePairNode1_request, stage1, REQUEST] Payload After Applying the Function:: PRJ_INT_30ORACLE2010-12-20T10:49:17.000ZPRJ_INT_30-11>
####<Dec 20, 2010 12:14:26 PM GMT+05:30> <Info> <JDBC> <vhydaiavm-03> <osb_server1> <[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <6751713a0ce9f61d:-6e70b631:12d02855fef:-7ff4-0000000000000002> <1292827466688> <BEA-001128> <Connection for pool "EBS_DHAARA_DataSource" closed.> -
Need help: unable to login Adobe Content Viewer on iPad
Need help: not able to login with my Adobe Id and password on adobe content viewer on iPad. I'm able to login on the adobe.com site with my Id and password, but not on my iPad in the adobe content viewer. I've reset my Adobe ID password a couple of times to make sure I'm using the correct password and ID and I've even tried it with a complete new Adobe ID account, but it has not helped. Anybody who knows how to solve this?
Your Adobe ID needs to be verified to work with DPS. Can you use that Adobe ID to sign in to the Folio Builder panel? If not, sign in to http://digitalpublishing.acrobat.com and follow the prompts to verify the Adobe ID.
If your Adobe ID is verified, try removing the Adobe Content Viewer app from both the iPad and iTunes, sync, and install it again. -
Need Help on Configurations of Data Services on IBM AIX Platform
Hi All,
We are in the process of installing Data Services XI 3.2 on IBM AIX platform.We are having some showstoppers which we are not able to resolve.
It would be of great help to us if anyone can give some inputs.
Lanscape:
Data services server: Server A
OS - AIBM AIX
DB2 Database: Server B
OS - AIBM AIX
Activities Performed till now on DB2 Side:
Multi user development:
1. Created 2 DBu2019s on Server B
· REPO_CR (Central Repository u2013 Which is used for multi-user environment).
· REPO_LR (Local Repository u2013 Which is used for actual development like login and build jobs).
2. Created multiple schemas under REPO_LR(One Schema for each user).
· User1, User2, User3, etcu2026 (These schemas can hold metadata of Data Services XI which can be used for reference).
Each and every schema should have itu2019s their own user name and password
Activities Performed till now on Data Services Side:
1.Installed Dataservices
Activities Yet to be done on Data Services Side:
1.Configure Repository manager (Create central repository REPO_CR of type sucure using repository manager)
2.Configure Job Server(Create a Job server and assign the local repository REPO_LR to the same)
Issues:
While creating the central repository usning the below command:
./repoman -UCRREP -Ppassword -SServer B -NDB2 -QREPO_CR -tcentral -c -a -d
an error ocurred as :"Error while creating the Local Repository"
I think we are getting this error because of some connectivity issue between DB2 server and Data services Server.
Please share all of your valuable thoughts.
Note:Our DB2 admin said we cannot create any ODBC connections on AIX platform
Thanks,
Munithe arguments that you are passing to repoman are not correct, if your server name has space then you should enclose that in quotes, else it will be treated as 2 arguments, you are passing -SServer B it should be -S"Server B"
-SServer B
I don't think you need to pass -Q option for DB2, its required only for Sybase Repo
for DB2 you will have to install the DB2 Client, and create a Node and Catalog the database on that node
if you are able to open DB2 command prompt form the unix and use that database, then try using the following args to create DB2 Repo
-Uusername -Ppassword -NDB2 -SDBName -tcentral -c -a -d
or better use Repository Manager from Windows to create repos -
Need help to Configure Cisco ACE 4710 Cluster Deployment
Dear Experts,
I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
Thanks....!
-Amal-Dear Kanwal,
I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
Following detail required for configuring Oracle EBS Apps tier on HA:
LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
Suggested IP and Name for LBR:
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm detail for LBR Setup
Following detail will be use for configuring the LBR:
LBR IP and Name :
IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
ebiz.xxxx.lk [on port 80 for http protocol accessibility]
This LBR IP & name must be resolve and respond on DNS network
Server Farm Detail for LBR setup:
Server 1 (EBS App1 Node, ap1ebs):
IP : 172.25.45.19
Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Server 2 (EBS App2 Node, ap2ebs):
IP : 172.25.45.20
Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
Protocol: http
Port: 8000
Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
Following are my latest config :
probe http Get-Method
description Check to url access /OA_HTML/OAInfo.jsp
interval 10
faildetect 2
passdetect interval 30
request method get url /OA_HTML/OAInfo.jsp
expect status 200 200
probe udp http-8000-iRDMI
description IRDMI (HTTP - 8000)
port 8000
probe http http-probe
description HTTP Probes
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
request method get url /index.html
expect status 200 200
probe https https-probe
description HTTPS traffic
interval 10
faildetect 2
passdetect interval 30
passdetect count 2
ssl version all
request method get url /index.html
probe icmp icmp-probe
description ICMP PROBE FOR TO CHECK ICMP SERVICE
rserver host ebsapp1
description ebsapp1.xxxx.lk
ip address 172.25.45.19
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
rserver host ebsapp2
description ebsapp2.xxxx.lk
ip address 172.25.45.20
conn-limit max 4000000 min 4000000
probe icmp-probe
probe http-probe
inservice
serverfarm host ebsppsvrfarm
description ebsapp server farm
failaction purge
predictor response app-req-to-resp samples 4
probe http-probe
probe icmp-probe
inband-health check log 5 reset 500
retcode 404 404 check log 1 reset 3
rserver ebsapp1 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
rserver ebsapp2 80
conn-limit max 4000000 min 4000000
probe icmp-probe
inservice
sticky http-cookie jsessionid HTTP-COOKIE
cookie insert browser-expire
replicate sticky
serverfarm ebsppsvrfarm
class-map type http loadbalance match-any default-compression-exclusion-mime-type
description DM generated classmap for default LB compression exclusion mime types.
2 match http url .*gif
3 match http url .*css
4 match http url .*js
5 match http url .*class
6 match http url .*jar
7 match http url .*cab
8 match http url .*txt
9 match http url .*ps
10 match http url .*vbs
11 match http url .*xsl
12 match http url .*xml
13 match http url .*pdf
14 match http url .*swf
15 match http url .*jpg
16 match http url .*jpeg
17 match http url .*jpe
18 match http url .*png
class-map match-all ebsapp-vip
2 match virtual-address 172.25.45.21 tcp eq www
class-map type management match-any remote_access
2 match protocol xml-https any
3 match protocol icmp any
4 match protocol telnet any
5 match protocol ssh any
6 match protocol http any
7 match protocol https any
8 match protocol snmp any
policy-map type management first-match remote_mgmt_allow_policy
class remote_access
permit
policy-map type loadbalance first-match ebsapp-vip-l7slb
class default-compression-exclusion-mime-type
serverfarm ebsppsvrfarm
class class-default
compress default-method deflate
sticky-serverfarm HTTP-COOKIE
policy-map multi-match int455
class ebsapp-vip
loadbalance vip inservice
loadbalance policy ebsapp-vip-l7slb
loadbalance vip icmp-reply active
nat dynamic 1 vlan 455
interface vlan 455
ip address 172.25.45.36 255.255.255.0
peer ip address 172.25.45.35 255.255.255.0
access-group input ALL
nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
service-policy input remote_mgmt_allow_policy
service-policy input int455
no shutdown
ft interface vlan 999
ip address 10.1.1.1 255.255.255.0
peer ip address 10.1.1.2 255.255.255.0
no shutdown
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 999
ft group 1
peer 1
no preempt
priority 110
associate-context Admin
inservice
ip route 0.0.0.0 0.0.0.0 172.25.45.1
Hope you will reply me soon
Thanks....!
-Amal- -
Need help to Configure FTPS connection for File Sender Adapter
Hi,
I want to Configure, FTPS connection (Secured Connection) for File Sender Adapter. Could anyone please guide me, what Information I require to configure. I just want to know what Information should I request the team inorder the configure FTPS so that it can be deployed properly.
I have checked with [SAP Help Link|http://help.sap.com/saphelp_nw04/helpdata/EN/e3/94007075cae04f930cc4c034e411e1/content.htm] and while configuring the communication channel found that I need Keystore and the X.509 Certificate and Private Key. which needs to be deployed on the J2EE server by using the Visual Administrator.
Is there anything else, I need to configure.
Any help would be appreciated in this regard.
Thanks & Regards,
Varun.KThe basic things are Certificate/Keys which you already know. Usually it is enough for running a sceanrio.
However, if you have additional requirements, like FTPS for "Connection Security" for encryption, then you may need additional details like commands. Rest all settings are same as FTP.
Regards,
Prateek -
Need help in creating SOA SUITE RESTFul Service.
Hi All,
I have a requirement to provide a restful service url to other party to post plain xml message.
So i have configured HTTBinding as below
Type : Service
Operation Type : One Way
OperationName : Send
Verb : Post
Payload type : xml
its one way transaction, we dont need to send response back to other party.
After my configuration, when i use the URL to post some xml message from REST client
i get a error "<error>oracle.fabric.common.FabricException: Unable to find operation: unknown</error>" same error even in composite with no instace created
and when i add a header property SOAPAction : Send then message goes through adapter and i see instances in composite.
But unfortunatly the team whos posting messages to fusion were not able to add any property
Is there any we can solve this with out Header Property added at client side.
Or Do we have any other way to create a RESTFull service in soa suite(i guess OSB allows this.)
Help appreciated
im using soa suite 11g
thanks in advance guys
Regards
Sujan.Amir
You need to set the compatibility of the setup.exe file that was downloaded
- right click setup.exe
- click on properties
- go to the compatibility tab, check the box that says 'run this program in compatibility mode for',
- select 'Windows XP service pack 2' from the drop down list.
- Click ok and try again
It then runs it as if it was XP (v 5.2 )
However there are a bunch of other tasks to do install on vista
check
'Start SOA Suite' fails after laptop restart.
for details of other config..
It would be interesting to see if you are successful as I currently cannot install it on my vista machine..
Good luck
Will -
Need Help for configuring Floating static route in My ASA.
Hi All,
I need your support for doing a floating static route in My ASA.
I have tried this last time but i was not able to make it. But this time i have to Finish it.
Please find our network Diagram and configuration of ASA
route outside 0.0.0.0 0.0.0.0 6.6.6.6 1 track 1
route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
route rOutside 0.0.0.0 0.0.0.0 3.3.3.3 10
route inside 10.10.4.0 255.255.255.0 10.10.3.1 1
route inside 10.10.8.0 255.255.255.0 10.10.3.1 1
route inside 10.10.9.0 255.255.255.0 10.10.3.1 1
route inside 10.10.15.0 255.255.255.0 10.10.3.1 1
route rOutside x.x.x.x 255.255.255.255 5.5.5.5 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 10.10.3.77 255.255.255.255 inside
http 10.10.8.157 255.255.255.255 inside
http 10.10.3.59 255.255.255.255 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
sla monitor 123
type echo protocol ipIcmpEcho 8.8.8.8 interface outside
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
crypto ipsec transform-set cpa esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map vpn_cpa 1 match address acl_cpavpn
crypto map vpn_cpa 1 set peer a.a.a.a
crypto map vpn_cpa 1 set transform-set abc
crypto map vpn_cpa 1 set security-association lifetime seconds 3600
crypto map vpn_cpa interface outside
crypto isakmp identity address
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
track 1 rtr 123 reachability
telnet 10.10.3.77 255.255.255.255 inside
telnet 10.10.8.157 255.255.255.255 inside
telnet 10.10.3.61 255.255.255.255 inside
telnet timeout 500
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 10.10.3.14
webvpn
tunnel-group .a.a.a.a ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
smtp-server 10.10.5.11
prompt hostname context
Cryptochecksum:eea6e7b6efe5d1a180439658c3912942
: end
i think half of the configuration stil there in the ASA.
Diagram.
Thanks
RoopeshYou have missed the last command in your configuration, Please check it again
route ISP1 0.0.0.0 0.0.0.0 6.6.6.6 track 1
route ISP2 0.0.0.0 0.0.0.0 3.3.3.3
sla monitor 10
type echo protocol ipIcmpEcho 8.8.8.8 interface ISP1
num-packets 3
frequency 10
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
You can do NAT in same way, here the logical name of the interface will be different.
Share the result
Please rate any helpful posts. -
Need help regarding configuring the WebService Call from RTD to Siebel
Hi All,
Can someone help me with the information on how do i configure a Webservice Call from RTD to Siebel?
Any high-level or granular details on this would be very helpful as I am new working on this product. How can a jax-ws be utilized to achieve the same?
Thanks in advance.
Best Regards,
HariharanIf you actually need a portal service though, this will not work. However, you could have the portal service return a Document object, which is basically the text of the HTML file you want to display. Then, when calling the portal service, you can simply output the text to the IPortalComponentResponse object
I hope this helps
Darrell -
ISM with NAT44 - Need help with configuration
Hello everyone,
I'm trying to set up NAT44 in the following scenario below and I'm having a hard time figuring out how to redirect the traffic. As you can see the big problem is that I have one single interface that connects to the internal network (10.0.0.0/8) and also to the tunnel destinations all in the same VRF. Can you guys give me a hand? The trafiic comes from network network 10.0.0.0/8 enters interface bundle-ether 2 (Now it needs to be translated), once it is translated, now it needs to reach the destination known via GRE tunnel.
Configurations
vrf NAT_IN
address-family ipv4 unicast
vrf BLUE
address-family ipv4 unicast
hw-module service cgn location 0/3/CPU0
interface Bundle-Ether2
description UPLINK TO METRO ETHERNET
interface Bundle-Ether2.2 l2transport
encapsulation dot1q 2
rewrite ingress tag pop 1 symmetric
interface GigabitEthernet200/0/0/43
description LINK TO METRO ETHERNET
bundle id 2 mode active
interface GigabitEthernet300/0/0/43
description LINK TO METRO ETHERNET
bundle id 2 mode active
interface BVI2
description METRO
vrf BLUE
ipv4 address 100.0.0.10/24
interface tunnel-ip 101
description GRE_TUNNEL
vrf BLUE
ipv4 address 1.1.1.1/32
tunnel mode gre ipv4
tunnel source interface bvi 2
tunnel destination 200.0.0.1
interface BVI 100
vrf BLUE
ipv4 address [GATEWAY_100] [MASK_100]
interface BVI 200
vrf BLUE
ipv4 address [GATEWAY_200] [MASK_200]
interface BVI 300
vrf BLUE
ipv4 address [GATEWAY_300] [MASK_300]
interface ServiceApp1
vrf NAT_IN
ipv4 address 10.0.2.1 255.255.255.252
service cgn CGN service-type nat44
interface ServiceApp2
vrf BLUE
ipv4 address 10.0.2.2 255.255.255.252
service cgn CGN service-type nat44
interface ServiceInfra1
ipv4 address 10.0.3.1 255.255.255.0
service-location 0/3/CPU0
router static
address-family ipv4 unicast
vrf NAT_IN
address-family ipv4 unicast
0.0.0.0/0 ServiceApp1
10.0.0.0/8 vrf BLUE bvI 2 <NEXT HOP>
vrf BLUE
address-family ipv4 unicast
172.16.0.0/24 ServiceApp2
router ospf METRO
vrf BLUE
router-id [ROUTER_ID]
redistribute bgp 65500 metric 100
area 0
interface bvi 2
router ospf BLUE
vrf BLUE
router-id [ROUTER ID]
redistribute bgp 65500 metric 100
area 10
interface BVI100
interface BVI200
interface BVI200
router bgp 65500
address-family ipv4 unicast
address-family vpnv4 unicast
vrf BLUE
rd 65500:2
address-family ipv4 unicast
redistribute static
redistribute ospf BLUE
neighbor 1.1.1.2
remote-as 64512
ebgp-multihop 5
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
service cgn CGN
service-location preferred-active 0/3/CPU0
service-type nat44 nat44
portlimit 20000
inside-vrf NAT_IN
map outside-vrf BLUE address-pool 172.16.0.0/24
Thanks in advance,
RenatoHi Somnath,
Let's see if you can help with this new scenario. I want to extend this NAT configuration to a new site (BO1), but instead of using this entire setup with ASR9K, etc, I just want to use ASR9000v module and have this AS9K + ISM as the host. The first problem I see in this scenario is that I have the same 10.0.0.0/8 network in both sites, network which will access the same resources as the devices in the 10.0.0.0/8 in the main site.
1) Do you think if I create a new inside VRF [NAT_IN1] would address this issue?
2) Can I use the same outside VRF?
Here is the configurations.
!! IOS XR Configuration 4.3.1
vrf NAT_IN
address-family ipv4 unicast
import route-target
65500:2
65500:3
export route-target
65500:3
vrf RED
address-family ipv4 unicast
import route-target
65500:1
export route-target
65500:1
vrf NAT_OUT
address-family ipv4 unicast
import route-target
65500:4
export route-target
65500:4
vrf SATELLITE
vrf BLUE
address-family ipv4 unicast
import route-target
65500:2
export route-target
65500:2
hw-module service cgn location 0/3/CPU0
ipv4 access-list ABF
5 permit ospf any any
10 permit ipv4 any 10.200.0.0 0.0.255.255 nexthop1 vrf NAT_IN ipv4 10.0.2.2
20 permit icmp any any
interface Bundle-Ether3
description Uplink (BE3 - VRF NAT_IN) - VLAN 20
vrf NAT_IN
ipv4 address 1.1.1.1 255.255.255.0
ipv4 access-group ABF ingress
interface Bundle-Ether22
description LOOPBACK CABLE NAT_OUT
vrf NAT_OUT
ipv4 address 10.0.1.1 255.255.255.0
interface Bundle-Ether23
description LOOPBACK CABLE BLUE
vrf BLUE
ipv4 address 10.0.1.2 255.255.255.0
interface 6
description Uplink (BE6 - Global) - VLAN 20,51,80-82
interface 6.2
ipv4 address 1.1.1.2 255.255.255.0
encapsulation dot1q 2
interface 6.51 l2transport
description EFP - BE6 - VLAN 51
encapsulation dot1q 51
rewrite ingress tag pop 1 symmetric
interface 6.80 l2transport
description EFP - BE6 - VLAN 80
encapsulation dot1q 80
rewrite ingress tag pop 1 symmetric
interface 6.81 l2transport
description EFP - BE6 - VLAN 81
encapsulation dot1q 81
rewrite ingress tag pop 1 symmetric
interface 6.82 l2transport
description EFP - BE6 - VLAN 82
encapsulation dot1q 82
rewrite ingress tag pop 1 symmetric
interface Bundle-Ether100
description Bundle to Satellite 100
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 100
remote-ports GigabitEthernet 0/0/0-43
interface Bundle-Ether200
description Bundle to Satellite 200
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 200
remote-ports GigabitEthernet 0/0/0-43
interface Bundle-Ether300
description Bundle to Satellite 300
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 300
remote-ports GigabitEthernet 0/0/0-35
interface Loopback0
description MGMT SATELLITE
vrf SATELLITE
ipv4 address 10.0.0.254 255.255.255.0
interface tunnel-ip31101
description BLUE-TUNNEL01
vrf BLUE
ipv4 address 10.200.253.90 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 13.13.13.13
interface tunnel-ip31102
description BLUE-TUNNEL02
vrf BLUE
ipv4 address 10.200.253.94 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 14.14.14.14
interface tunnel-ip31103
description RED-TUNNEL03
vrf RED
ipv4 address 10.200.253.90 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 13.13.13.13
interface tunnel-ip31104
description RED-TUNNEL04
vrf RED
ipv4 address 10.200.253.94 255.255.255.252
tunnel mode gre ipv4
tunnel source 6.2
tunnel destination 14.14.14.14
interface TenGigE0/0/0/0
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/0/0/1
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/0/0/2
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/0/0/3
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/0/0/4
description LINK TO SATELLITE 300
vrf SATELLITE
ipv4 point-to-point
ipv4 unnumbered Loopback0
nv
satellite-fabric-link satellite 300
remote-ports GigabitEthernet 0/0/36-43
interface TenGigE0/0/0/5
description LINK TO SATELLITE 300
bundle id 300 mode on
interface TenGigE0/0/0/16
description UPLINK (BE6 - GLOBAL) - VLAN 20,51,80-82
bundle id 6 mode active
interface TenGigE0/1/0/16
description UPLINK (BE6 - GLOBAL) - VLAN 20,51,80-82
bundle id 6 mode active
interface TenGigE0/0/0/17
description UPLINK (BE3 - VRF NAT_IN) - VLAN 20
bundle id 3 mode active
interface TenGigE0/1/0/17
description UPLINK (BE3 - VRF NAT_IN) - VLAN 20
bundle id 3 mode active
interface TenGigE0/0/0/22
description LOOPBACK CABLE TE0/1/0/22
bundle id 22 mode on
interface TenGigE0/0/0/23
description LOOPBACK CABLE TE0/1/0/23
bundle id 22 mode on
interface TenGigE0/1/0/0
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/1/0/1
description LINK TO SATELLITE 100
bundle id 100 mode on
interface TenGigE0/1/0/2
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/1/0/3
description LINK TO SATELLITE 200
bundle id 200 mode on
interface TenGigE0/1/0/4
description LINK TO SATELLITE 300
bundle id 300 mode on
interface TenGigE0/1/0/5
description LINK TO SATELLITE 300
bundle id 300 mode on
interface TenGigE0/1/0/22
description LOOPBACK CABLE TE0/0/0/22
bundle id 23 mode on
interface TenGigE0/1/0/23
description LOOPBACK CABLE TE0/0/0/23
bundle id 23 mode on
interface BVI30
vrf RED
ipv4 address 10.200.25.193 255.255.255.192
interface BVI31
vrf BLUE
ipv4 address 10.200.1.1 255.255.255.248
interface BVI32
vrf BLUE
ipv4 address 10.200.25.129 255.255.255.224
interface BVI33
vrf BLUE
ipv4 address 10.200.25.1 255.255.255.128
interface BVI36
vrf BLUE
ipv4 address 10.200.237.145 255.255.255.240
interface BVI51
vrf RED
ipv4 address 192.168.7.12 255.255.255.0
interface BVI80
vrf RED
ipv4 address 10.200.26.169 255.255.255.224
interface BVI81
vrf BLUE
ipv4 address 10.200.25.164 255.255.255.240
interface BVI82
vrf BLUE
ipv4 address 10.200.25.180 255.255.255.240
interface ServiceApp1
description NAT_IN
vrf NAT_IN
ipv4 address 10.0.2.1 255.255.255.252
service cgn CGN service-type nat44
interface ServiceApp2
description NAT_OUT
vrf NAT_OUT
ipv4 address 10.0.2.5 255.255.255.252
service cgn CGN service-type nat44
interface ServiceInfra1
description ISM
ipv4 address 10.0.3.1 255.255.255.0
service-location 0/3/CPU0
prefix-set PS_ROUTES
10.200.0.8,
10.200.5.40/29,
10.200.1.0/29,
10.200.5.32/29,
10.200.0.144/28,
10.200.106.0/28,
10.200.106.16/28
end-set
prefix-set PS_BGP_BLUE_OUT
10.200.24.192/26,
10.200.5.40/29,
10.200.240.0/25,
10.200.1.0/29,
10.200.25.128/27,
10.200.25.0/25,
10.200.5.32/29,
10.200.26.0/25,
10.200.0.144/28,
10.200.27.128/27,
10.200.27.0/25,
10.200.106.0/28,
10.200.106.128/25,
10.200.106.16/28,
10.200.107.128/25
end-set
route-policy RP_DENY_ALL
drop
end-policy
route-policy RP_PASS_ALL
pass
end-policy
route-policy RP_BGP_BLUE_OUT
if destination in PS_BGP_BLUE_OUT then
pass
endif
end-policy
route-policy RP_PASS_ROUTES
if destination in PS_ROUTES then
pass
endif
end-policy
router static
address-family ipv4 unicast
0.0.0.0/0 1.1.1.20
vrf NAT_IN
address-family ipv4 unicast
0.0.0.0/0 ServiceApp1
vrf RED
vrf NAT_OUT
address-family ipv4 unicast
0.0.0.0/0 10.0.1.2
10.200.24.192/26 ServiceApp2
vrf BLUE
address-family ipv4 unicast
10.200.24.192/26 10.0.1.1
router ospf
log adjacency changes
vrf NAT_IN
router-id 1.1.1.1
disable-dn-bit-check
redistribute bgp 65500 metric 5 metric-type 2 route-policy RP_PASS_ROUTES
area 7
interface Bundle-Ether3
router ospf RED
log adjacency changes
vrf RED
router-id 10.200.26.169
disable-dn-bit-check
redistribute bgp 65500 metric 10 metric-type 2
area 11
interface BVI30
interface BVI80
router ospf BLUE
log adjacency changes
vrf BLUE
router-id 10.200.25.164
disable-dn-bit-check
redistribute static
redistribute bgp 65500 metric 10 metric-type 2
area 0
interface BVI81
interface BVI82
area 2
interface BVI31
interface BVI32
interface BVI33
interface BVI36
router bgp 65500
address-family ipv4 unicast
address-family vpnv4 unicast
vrf NAT_IN
rd 65500:3
bgp router-id 1.1.1.1
address-family ipv4 unicast
route-target download
vrf RED
rd 65500:1
bgp router-id 10.200.253.90
address-family ipv4 unicast
network 10.200.25.192/26
network 10.200.26.128/27
network 10.200.26.192/27
network 10.200.27.192/26
network 10.200.104.128/27
network 10.200.104.160/27
neighbor 10.200.253.89
remote-as 64512
ebgp-multihop 5
update-source tunnel-ip31103
address-family ipv4 unicast
route-policy RP_PASS_ALL in
route-policy RP_PASS_ALL out
soft-reconfiguration inbound
neighbor 10.200.253.93
remote-as 64512
ebgp-multihop 5
update-source tunnel-ip31104
address-family ipv4 unicast
route-policy RP_PASS_ALL in
route-policy RP_PASS_ALL out
soft-reconfiguration inbound
vrf BLUE
rd 65500:2
bgp router-id 10.200.253.90
address-family ipv4 unicast
network 10.200.0.144/28
network 10.200.1.0/29
network 10.200.5.32/29
network 10.200.5.40/29
network 10.200.24.192/26
network 10.200.25.0/25
network 10.200.25.128/27
network 10.200.26.0/25
network 10.200.27.0/25
network 10.200.27.128/27
network 10.200.106.0/28
network 10.200.106.16/28
network 10.200.106.128/25
network 10.200.107.128/25
network 10.200.240.0/25
neighbor 10.200.253.89
remote-as 64512
ebgp-multihop 5
update-source tunnel-ip31101
address-family ipv4 unicast
route-policy RP_PASS_ALL in
route-policy RP_BGP_BLUE_OUT out
soft-reconfiguration inbound
neighbor 10.200.253.93
remote-as 64512
ebgp-multihop 5
update-source tunnel-ip31102
address-family ipv4 unicast
route-policy RP_PASS_ALL in
route-policy RP_BGP_BLUE_OUT out
soft-reconfiguration inbound
l2vpn
load-balancing flow src-dst-ip
bridge group VLAN30
bridge-domain VLAN30
routed interface BVI30
bridge group VLAN31
bridge-domain VLAN31
routed interface BVI31
bridge group VLAN32
bridge-domain VLAN32
routed interface BVI32
bridge group VLAN33
bridge-domain VLAN33
routed interface BVI33
bridge group VLAN36
bridge-domain VLAN36
routed interface BVI36
bridge group VLAN51
bridge-domain VLAN51
routed interface BVI51
bridge group VLAN80
bridge-domain VLAN80
interface 6.80
routed interface BVI80
bridge group VLAN81
bridge-domain VLAN81
interface 6.81
routed interface BVI81
bridge group VLAN82
bridge-domain VLAN82
interface 6.82
routed interface BVI82
nv
satellite 100
type asr9000v
ipv4 address 10.0.0.1
satellite 200
type asr9000v
ipv4 address 10.0.0.2
satellite 300
type asr9000v
ipv4 address 10.0.0.3
service cgn CGN
service-location preferred-active 0/3/CPU0
service-type nat44 nat44
portlimit 20000
inside-vrf NAT_IN
map outside-vrf NAT_OUT address-pool 10.200.24.192/26
Thanks in advance,
Renato -
Need help in configuring the Oracle app server with OC DB Server
Hello people
I attempted to insta;; Oracle Clinical 4.5 and I have a problem that you mayhave resolved a long time back and I need some help. This is what I have done on the installation.
I need your help in centralizing my tnsnames.ora and sqlnet.ora files. I am an Oracle Clinical guy and not an Oracle Expert, hence the request.
Part_1
1. Installed Oracle 9i 9.2 database on Win2K server - W2kOCSVR
2. Installed Oracle Clinical 4.5 and created DB on W2KOCSVR.
3. Started up database and all is fine - tnsnames and sqlnet.ora
4. Each of these is on a separate partition including the OS.
Part-II
1. Installed Oracle Appl Server 9iAs 1.0.2.2.2a on another machine OCMIDTIER. This installed Oracle iSuites home and stuff.
2. Then I installed Oracle 9i developer suite - Oracle forms and reports.
3. Installed Jinitiator 1.1.8.24 on the middle tier machine.
4. Basically this is the middle tier that is a Webserver that will be linked to the Database Server in Part-I
and lastly, I will have web clients with Jinitiator and a web browser.
Requirement:
I need to centralize the TNSNAMES.ora file and the SQLNET.ora file on all the machines. How do I do this?.
I have the TNSNAMES.ora and the SQLNET.ora on DB server and it is working fine. However, I have noticed many tsnnames.ora files on the middle tier - OCMIDTIER. (I've left out the example files)
a) E:\ORACLE\806\net80\admin\tnsnames.ora
b) E:\ORACLE\806\net80\tnsapi\tnsnames.ora
c) E:\ORACLE\iSuites\hs\admin\tnsnames.ora
d) E:\ORACLE\iSuites\network\admin\tnsnames.ora
All I need to know is which if these files do I need to integrate with the Tnsnames.ora file on the DB server - W2kOCSVR and how do I go about doing this?.
Your help is appreciated. If I were to see a copy of your tnsnames.ora on the webserver (middle tier) and the sqlnet.ora, I will be able to get an idea of how this is done. Right now, I am using tnsnames.ora but once I learn how this ties up, I can move to names sever.
Thanks for your help.
CecilHi Cecil,
I got into the same issue. I copied the content from the good tnsnames.ora to tnsnames.ora on webserver and it worked fine. I copied the details of the connect string that was working fine on dbserver. i was working on W2k server. Hope this helps
Gonnagar -
Need help with configuring a Printer Driver in Oracle apps
Hi,
We have set of interfaces/concurrent jobs which are programed to send the output file to file location1. Now we need to direct the output for all these jobs to file location2. The idea is to not modify the existing code, but have configuration in place which will re-direct the output files to the new “file location2”, once the concurrent job run is complete.
We have come across “Using Dummy Printer driver” option wherein we created a dummy printer driver with arguments as below and attached this printer to all these concurrent jobs.
mv <file location1>/$PROFILES$.TITLE <file location2>
This option is working fine if both the file locations are hard coded. But both these locations are configured in 2 separate profile options and the filepath would change from once Oracle instance to another.
We are looking for solutions where we can pass the profile option value to this printer driver instead of hardcoding it in the argument.
Also, please suggest any other solution to move the output files to a different location.
Please note that our client is on Oracle On-Demand environment (apps – 11.5.10) and hence a shell script cannot be used for this.
Thanks,
Kiranmayi.Hello Mark,
I can't support the netopia router/modem, but I would think there should be an admin guide for the configuration. If it is a modem/router and you said there is rules for allowing or blocking services, which sounds like access list you should be able to create a rule for the client you want to block on the modem/router to prevent it from talking to the internet.
If you want to insure no outside security threats can make it to the computer staticly assign an IP address but don't give it a default gateway address. The client will not be able to talk to any other network but its own. It sounds like you only have one vlan or a flat network so this should work, but if you need to be able to have this computer in the future talk to other networks internally then it isn't a viable solution. Blocking at the modem/router would be the only solution.
The SG300-08 Switch you could setup an ACL to block that client from talking to the modem/router, but the potential for causing valid traffic from being blocked in your own network grows.
To create this rule you would first
go to Access Control
Create a MAC Base ACL (give it a meaning full name)
Create 2 a MAC BASE ACE
Rule 1
Priority 10
Action Deny
Destination Any
Source User Defined
MAC address of client wanting to be blocked
Apply
Rule 2
Priority 20
Action Permit
Destination Any
Source Any
Apply
Bind the ACL to a port
Make sure to only bind the ACL to the port that connects to the router/modem.
Cisco Small Business Support Center
Randy Manthey
CCNA, CCNA - Security
Maybe you are looking for
-
how do I save a pdf document
-
C4580 Photosmart wireless with HP dv7 notebook and no router....
Hi, I purchased a Photosmart c4580 for the wireless capabilities because we are on the road alot, but I can't seem to set it up. I have a Verizon broadband Pantech usb connection for internet and I guess it doesn't recognize that. How would I go ab
-
I can chat Sep/2014, but I don't see that option anymore When I click contact us, internet, and there shows "Live Chat", but there's no button or anything to click on. How do I begin chatting online, I don't have to walk out of office to call everyti
-
I've deployed a servlet testServlet in oc4j and when I load the servlet in browser, the following error occurs: java.lang.UnsupportedClassVersionError: company/abc/testServlet (Unsupported major.minor version 48.0) does anyone know why? Thanks.
-
It is impossible to update the latest BIOS for Satellite L40-17S
First of all why are there so many BIOS updates in a short time? I get my brand new L40-17S (20/05/08) with the BIOS 1.70, the Tempro software from Toshiba give me the warning to update it to 1.80 that works fine, after a few day's a new warning upda