Need help on configuration in 1:N mapping

hi experts,
i doing idoc to multiple file scenario,....
using 1:N multimapping without BPM...
i am following the bolg
https://www.sdn.sap.com/irj/sdn/weblogs?blog=/pub/wlg/3115... [original link is broken] [original link is broken] [original link is broken]
Actualy i am having a idoc which have 3 segments....and i have 3 differnt structures in target side....and for the 3 segments i have to create 3 different files....
can anyone help me how to proceed???

Hey,
     Import the idoc
      Create 3 different structures(Data type and message type)
      for file(structures corresponding to The Idoc Segments)
       Create a message mapping
        Source: Idoc
         target: Structure1
                    Structure2
                    Structure3
               this you can achieve by switching to message tab and selecting the different message types that you have created for files.
Create message interface
create interface mapping
In the interface mapping you will have 1 source and 3 target structure(similar to mesage mapping)
Now for Interface determination refer to the blog 3115
rewards points if useful
regards,
       Milan

Similar Messages

  • Need Help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect

    Hi All,
    I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
    2811 having C2800NM-ADVIPSERVICESK9-M
    2811 router connects to the Internet SW then connects to the Internet router.
    Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
    Below is router config for VPN & NAT
    crypto keyring ISR_Keyring
      pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    crypto isakmp keepalive 10
    crypto isakmp profile isa-profile
       keyring ISR_Keyring
       self-identity user-fqdn [email protected]
       match identity user vpn-proxy.websense.net
    crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
    crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
    set peer vpn.websense.net dynamic
    set transform-set ESP-NULL-SHA
    set isakmp-profile isa-profile
    match address 101
    interface FastEthernet0/1
    description connected to Internet
    ip address 216.222.208.101 255.255.255.128
    ip access-group HVAC_Public in
    ip nat outside
    ip virtual-reassembly
    duplex full
    speed 100
    no cdp enable
    crypto map GUEST_WEB_FILTER
    access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
    access-list 103 deny   ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
    access-list 103 permit ip 192.168.8.0 0.0.3.255 any
    ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
    ip nat inside source list 103 interface FastEthernet0/1 overload
    ip nat inside source route-map nonat pool mypool overload

    How does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
    Check
    show crypto isakmp sa
    show crypto ipsec sa
    show crypto session
    You'd better remove the preshared key from your post.

  • I have a PC and a need help to configure my external hard disk on my network. Thanks

    I have a PC and a need help to configure my external hard disk on my network. Thanks

    If you mean you wish to plug a USB drive into the Airport Extreme router (or TC not express) that is easy..
    The disk must be formatted FAT32.. as if.. stay away from FAT .. or HFS+ ie Mac OS extended Journaled.
    Format the disk on a Mac is best.. and even use GUID partition scheme not MBR.
    The PC has no issue writing and reading files because this is a network drive.. The PC does not write to the drive.. it writes files to the Airport OS which writes and reads the disk and passes the info using standard windows SMB.. To the windows computer it will be a Windows NT server.. FAT32 setup.
    If your setup is different.. to my hugely guessed assumptions.. give details.. always helps to have.. make and model.
    Make and model of disk.. make and model of router.. how the setup will be done.. what windows OS you run.. etc etc.
    As it stands your question could have nothing to do with apple at all.. other than you posted in a forum so I guess there is something apple in there somewhere.

  • Need help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 8.2(1)

    Need urgent help in configuring Client to Site IPSec VPN with Hairpinning on Cisco ASA5510 - 8.2(1).
    The following is the Layout:
    There are two Leased Lines for Internet access - 1.1.1.1 & 2.2.2.2, the latter being the Standard Default route, the former one is for backup.
    I have been able to configure  Client to Site IPSec VPN
    1) With access from Outside to only the Internal Network (172.16.0.0/24) behind the asa
    2) With Split tunnel with simultaneous assess to internal LAN and Outside Internet.
    But I have not been able to make tradiotional Hairpinng model work in this scenario.
    I followed every possible sugestions made in this regard in many Discussion Topics but still no luck. Can someone please help me out here???
    Following is the Running-Conf with Normal Client to Site IPSec VPN configured with No internat Access:
    LIMITATION: Can't Boot into any other ios image for some unavoidable reason, must use 8.2(1)
    running-conf  --- Working  normal Client to Site VPN without internet access/split tunnel
    ASA Version 8.2(1)
    hostname ciscoasa
    domain-name cisco.campus.com
    enable password xxxxxxxxxxxxxx encrypted
    passwd xxxxxxxxxxxxxx encrypted
    names
    interface GigabitEthernet0/0
    nameif internet1-outside
    security-level 0
    ip address 1.1.1.1 255.255.255.240
    interface GigabitEthernet0/1
    nameif internet2-outside
    security-level 0
    ip address 2.2.2.2 255.255.255.224
    interface GigabitEthernet0/2
    nameif dmz-interface
    security-level 0
    ip address 10.0.1.1 255.255.255.0
    interface GigabitEthernet0/3
    nameif campus-lan
    security-level 0
    ip address 172.16.0.1 255.255.0.0
    interface Management0/0
    nameif CSC-MGMT
    security-level 100
    ip address 10.0.0.4 255.255.255.0
    boot system disk0:/asa821-k8.bin
    boot system disk0:/asa843-k8.bin
    ftp mode passive
    dns server-group DefaultDNS
    domain-name cisco.campus.com
    same-security-traffic permit inter-interface
    same-security-traffic permit intra-interface
    object-group network cmps-lan
    object-group network csc-ip
    object-group network www-inside
    object-group network www-outside
    object-group service tcp-80
    object-group service udp-53
    object-group service https
    object-group service pop3
    object-group service smtp
    object-group service tcp80
    object-group service http-s
    object-group service pop3-110
    object-group service smtp25
    object-group service udp53
    object-group service ssh
    object-group service tcp-port
    object-group service udp-port
    object-group service ftp
    object-group service ftp-data
    object-group network csc1-ip
    object-group service all-tcp-udp
    access-list INTERNET1-IN extended permit ip host 1.2.2.2 host 2.2.2.3
    access-list CSC-OUT extended permit ip host 10.0.0.5 any
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq www
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq https
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ssh
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq ftp
    access-list CAMPUS-LAN extended permit udp 172.16.0.0 255.255.0.0 any eq domain
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq smtp
    access-list CAMPUS-LAN extended permit tcp 172.16.0.0 255.255.0.0 any eq pop3
    access-list CAMPUS-LAN extended permit ip any any
    access-list csc-acl remark scan web and mail traffic
    access-list csc-acl extended permit tcp any any eq smtp
    access-list csc-acl extended permit tcp any any eq pop3
    access-list csc-acl remark scan web and mail traffic
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 993
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq imap4
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq 465
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq www
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq https
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq smtp
    access-list INTERNET2-IN extended permit tcp any host 1.1.1.2 eq pop3
    access-list INTERNET2-IN extended permit ip any host 1.1.1.2
    access-list nonat extended permit ip 172.16.0.0 255.255.0.0 172.16.0.0 255.255.0.0
    access-list DNS-inspect extended permit tcp any any eq domain
    access-list DNS-inspect extended permit udp any any eq domain
    access-list capin extended permit ip host 172.16.1.234 any
    access-list capin extended permit ip host 172.16.1.52 any
    access-list capin extended permit ip any host 172.16.1.52
    access-list capin extended permit ip host 172.16.0.82 host 172.16.0.61
    access-list capin extended permit ip host 172.16.0.61 host 172.16.0.82
    access-list capout extended permit ip host 2.2.2.2 any
    access-list capout extended permit ip any host 2.2.2.2
    access-list campus-lan_nat0_outbound extended permit ip 172.16.0.0 255.255.0.0 192.168.150.0 255.255.255.0
    pager lines 24
    logging enable
    logging buffered debugging
    logging asdm informational
    mtu internet1-outside 1500
    mtu internet2-outside 1500
    mtu dmz-interface 1500
    mtu campus-lan 1500
    mtu CSC-MGMT 1500
    ip local pool vpnpool1 192.168.150.2-192.168.150.250 mask 255.255.255.0
    ip verify reverse-path interface internet2-outside
    ip verify reverse-path interface dmz-interface
    ip verify reverse-path interface campus-lan
    ip verify reverse-path interface CSC-MGMT
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-621.bin
    no asdm history enable
    arp timeout 14400
    global (internet1-outside) 1 interface
    global (internet2-outside) 1 interface
    nat (campus-lan) 0 access-list campus-lan_nat0_outbound
    nat (campus-lan) 1 0.0.0.0 0.0.0.0
    nat (CSC-MGMT) 1 10.0.0.5 255.255.255.255
    static (CSC-MGMT,internet2-outside) 2.2.2.3 10.0.0.5 netmask 255.255.255.255
    access-group INTERNET2-IN in interface internet1-outside
    access-group INTERNET1-IN in interface internet2-outside
    access-group CAMPUS-LAN in interface campus-lan
    access-group CSC-OUT in interface CSC-MGMT
    route internet2-outside 0.0.0.0 0.0.0.0 2.2.2.5 1
    route internet1-outside 0.0.0.0 0.0.0.0 1.1.1.5 2
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    aaa authentication enable console LOCAL
    http server enable
    http 10.0.0.2 255.255.255.255 CSC-MGMT
    http 10.0.0.8 255.255.255.255 CSC-MGMT
    http 1.2.2.2 255.255.255.255 internet2-outside
    http 1.2.2.2 255.255.255.255 internet1-outside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group5
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
    crypto map internet2-outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map internet2-outside_map interface internet2-outside
    crypto ca trustpoint _SmartCallHome_ServerCA
    crl configure
    crypto ca certificate chain _SmartCallHome_ServerCA
    certificate ca xyzxyzxyzyxzxyzxyzxyzxxyzyxzyxzy
            a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as a67a897as
        a67a897as a67a897as a67a897as a67a897as a67a897as
      quit
    crypto isakmp enable internet2-outside
    crypto isakmp policy 10
    authentication pre-share
    encryption aes
    hash md5
    group 2
    lifetime 86400
    telnet 10.0.0.2 255.255.255.255 CSC-MGMT
    telnet 10.0.0.8 255.255.255.255 CSC-MGMT
    telnet timeout 5
    ssh 1.2.3.3 255.255.255.240 internet1-outside
    ssh 1.2.2.2 255.255.255.255 internet1-outside
    ssh 1.2.2.2 255.255.255.255 internet2-outside
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    group-policy VPN_TG_1 internal
    group-policy VPN_TG_1 attributes
    vpn-tunnel-protocol IPSec
    username ssochelpdesk password xxxxxxxxxxxxxx encrypted privilege 15
    username administrator password xxxxxxxxxxxxxx encrypted privilege 15
    username vpnuser1 password xxxxxxxxxxxxxx encrypted privilege 0
    username vpnuser1 attributes
    vpn-group-policy VPN_TG_1
    tunnel-group VPN_TG_1 type remote-access
    tunnel-group VPN_TG_1 general-attributes
    address-pool vpnpool1
    default-group-policy VPN_TG_1
    tunnel-group VPN_TG_1 ipsec-attributes
    pre-shared-key *
    class-map cmap-DNS
    match access-list DNS-inspect
    class-map csc-class
    match access-list csc-acl
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class csc-class
      csc fail-open
    class cmap-DNS
      inspect dns preset_dns_map
    service-policy global_policy global
    prompt hostname context
    Cryptochecksum: y0y0y0y0y0y0y0y0y0y0y0y0y0y
    : end
    Neither Adding dynamic NAT for 192.168.150.0/24 on outside interface works, nor does the sysopt connection permit-vpn works
    Please tell what needs to be done here, to hairpin all the traffic to internet comming from VPN Clients.
    That is I need clients conected via VPN tunnel, when connected to internet, should have their IP's NAT'ted  against the internet2-outside interface address 2.2.2.2, as it happens for the Campus Clients (172.16.0.0/16)
    I'm not much conversant with everything involved in here, therefore please be elaborative in your replies. Please let me know if you need any more information regarding this setup to answer my query.
    Thanks & Regards
    maxs

    Hi Jouni,
    Thanks again for your help, got it working. Actually the problem was ASA needed some time after configuring to work properly ( ?????? ). I configured and tested several times within a short period, during the day and was not working initially, GUI packet tracer was showing some problems (IPSEC Spoof detected) and also there was this left out dns. Its working fine now.
    But my problem is not solved fully here.
    Does hairpinning model allow access to the campus LAN behind ASA also?. Coz the setup is working now as i needed, and I can access Internet with the NAT'ed ip address (outside-interface). So far so good. But now I cannot access the Campus LAN behind the asa.
    Here the packet tracer output for the traffic:
    packet-tracer output
    asa# packet-tracer input internet2-outside tcp 192.168.150.1 56482 172.16.1.249 22
    Phase: 1
    Type: ACCESS-LIST
    Subtype:
    Result: ALLOW
    Config:
    Implicit Rule
    Additional Information:
    MAC Access list
    Phase: 2
    Type: FLOW-LOOKUP
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Found no matching flow, creating a new flow
    Phase: 3
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   172.16.0.0      255.255.0.0     campus-lan
    Phase: 4
    Type: ROUTE-LOOKUP
    Subtype: input
    Result: ALLOW
    Config:
    Additional Information:
    in   192.168.150.1   255.255.255.255 internet2-outside
    Phase: 5
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group internnet1-in in interface internet2-outside
    access-list internnet1-in extended permit ip 192.168.150.0 255.255.255.0 any
    Additional Information:
    Phase: 6
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 7
    Type: CP-PUNT
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 8
    Type: VPN
    Subtype: ipsec-tunnel-flow
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 9
    Type: NAT-EXEMPT
    Subtype: rpf-check
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 10
    Type: NAT
    Subtype:     
    Result: DROP
    Config:
    nat (internet2-outside) 1 192.168.150.0 255.255.255.0
      match ip internet2-outside 192.168.150.0 255.255.255.0 campus-lan any
        dynamic translation to pool 1 (No matching global)
        translate_hits = 14, untranslate_hits = 0
    Additional Information:
    Result:
    input-interface: internet2-outside
    input-status: up
    input-line-status: up
    output-interface: internet2-outside
    output-status: up
    output-line-status: up
    Action: drop
    Drop-reason: (acl-drop) Flow is denied by configured rule
    The problem here as you can see is the Rule for dynamic nat that I added to make hairpin work at first place
    dynamic nat
    asa(config)#nat (internet2-outside) 1 192.168.150.0 255.255.255.0
    Is it possible to access both
    1)LAN behind ASA
    2)INTERNET via HAIRPINNING  
    simultaneously via a single tunnel-group?
    If it can be done, how do I do it. What changes do I need to make here to get simultaneous access to my LAN also?
    Thanks & Regards
    Abhijit

  • Need help to Configure Cisco ACE 4710 Cluster Deployment

    Dear Experts,
    I'm newbie for Cisco ACE 4710, and still I'm in learning stage. Meanwhile I got chance at my work place to deploy a Cisco ACE 4710 cluster which should load balance the traffic between  two Application Servers based on HTTP and HTTPS traffic. So I was looking for good deployment guide in Cisco SBA knowledge base then finall found this guide.
    http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_DC_AdvancedServer-LoadBalancingDeploymentGuide-Feb2013.pdf
    This guide totally fine with my required deployment model. I have same deployment environment as this guide contains with ACE cluster that connects to two Cisco 3750X (Stack) switches. But I have some confusion places in this guide
    This guide follow the "One-armed mode" as a deployment method. But when I go through it further I have noticed that they have configured server VLAN as a 10.4.49.0/24 (all servers reside in it) and Client side VIP also in same VLAN which is 10.4.49.100/24 (even NAT pool also).
    My confusion is, as I have learned about Cisco ACE 4710 one-armed mode deployment method, it should has two VLAN segments, one for Client side which client request come and hit the VIP and then second one for Server side. which means besically two VLANs. So please be kind enough to go through above document then tell me where is wrong, what shoud I need to do for the best. Please this is an urgent, so need your help quickly.
    Thanks....!
    -Amal-

    Dear Kanwal,
    I need quick help for you. Following are the Application LB requirements which I received from my clinet side.
    Following detail required for configuring Oracle EBS Apps tier on HA:
    LBR IP and Name required to configure EBS APPS Tier (i.e, ap1ebs & ap2ebs nodes)
    Suggested IP and Name for LBR:
    IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
    ebiz.xxxx.lk [on port 80 for http protocol accessibility]
    This LBR IP & name must be resolve and respond on DNS network
    Server Farm detail for LBR Setup
    Following detail will be use for configuring the LBR:
    LBR IP and Name :
    IP : 172.25.45.x [should be on same 172.25.45 subnet of ap1ebs & ap2ebs nodes]
    ebiz.xxxx.lk [on port 80 for http protocol accessibility]
    This LBR IP & name must be resolve and respond on DNS network
    Server Farm Detail for LBR setup:
    Server 1 (EBS App1 Node, ap1ebs):
    IP : 172.25.45.19
    Server Name: ap1ebs.xxxx.lk [ap1ebs hostname is an example, actual hostname will be use]
    Protocol: http
    Port: 8000
    Server 2 (EBS App2 Node, ap2ebs):
    IP : 172.25.45.20
    Server Name: ap2ebs.xxxx.lk [ap2ebs hostname is an example, actual hostname will be use]
    Protocol: http
    Port: 8000
    Since my client needs to access URL ebiz.xxxx.lk which should be resolved by IP 172.25.45.21 (virtual IP) via http (80) before they deploy the app on the two servers I just ran web service on both servers (Linux) and was trying to access http://172.25.45.21 it was working fine and gave me index.html page. Now after my client has deployed the application then when he tries to access the page http://172.25.45.21 he cannot see his main login page. But still my testing web servers are there on both servers when I type http://172.25.45.21 it will get index.html page, but not my client web login page. What can I do for this ?
    Following are my latest config :
    probe http Get-Method
      description Check to url access /OA_HTML/OAInfo.jsp
      interval 10
      faildetect 2
      passdetect interval 30
      request method get url /OA_HTML/OAInfo.jsp
      expect status 200 200
    probe udp http-8000-iRDMI
      description IRDMI (HTTP - 8000)
      port 8000
    probe http http-probe
      description HTTP Probes
      interval 10
      faildetect 2
      passdetect interval 30
      passdetect count 2
      request method get url /index.html
      expect status 200 200
    probe https https-probe
      description HTTPS traffic
      interval 10
      faildetect 2
      passdetect interval 30
      passdetect count 2
      ssl version all
      request method get url /index.html
    probe icmp icmp-probe
      description ICMP PROBE FOR TO CHECK ICMP SERVICE
    rserver host ebsapp1
      description ebsapp1.xxxx.lk
      ip address 172.25.45.19
      conn-limit max 4000000 min 4000000
      probe icmp-probe
      probe http-probe
      inservice
    rserver host ebsapp2
      description ebsapp2.xxxx.lk
      ip address 172.25.45.20
      conn-limit max 4000000 min 4000000
      probe icmp-probe
      probe http-probe
      inservice
    serverfarm host ebsppsvrfarm
      description ebsapp server farm
      failaction purge
      predictor response app-req-to-resp samples 4
      probe http-probe
      probe icmp-probe
      inband-health check log 5 reset 500
      retcode 404 404 check log 1 reset 3
      rserver ebsapp1 80
        conn-limit max 4000000 min 4000000
        probe icmp-probe
        inservice
      rserver ebsapp2 80
        conn-limit max 4000000 min 4000000
        probe icmp-probe
        inservice
    sticky http-cookie jsessionid HTTP-COOKIE
      cookie insert browser-expire
      replicate sticky
      serverfarm ebsppsvrfarm
    class-map type http loadbalance match-any default-compression-exclusion-mime-type
      description DM generated classmap for default LB compression exclusion mime types.
      2 match http url .*gif
      3 match http url .*css
      4 match http url .*js
      5 match http url .*class
      6 match http url .*jar
      7 match http url .*cab
      8 match http url .*txt
      9 match http url .*ps
      10 match http url .*vbs
      11 match http url .*xsl
      12 match http url .*xml
      13 match http url .*pdf
      14 match http url .*swf
      15 match http url .*jpg
      16 match http url .*jpeg
      17 match http url .*jpe
      18 match http url .*png
    class-map match-all ebsapp-vip
      2 match virtual-address 172.25.45.21 tcp eq www
    class-map type management match-any remote_access
      2 match protocol xml-https any
      3 match protocol icmp any
      4 match protocol telnet any
      5 match protocol ssh any
      6 match protocol http any
      7 match protocol https any
      8 match protocol snmp any
    policy-map type management first-match remote_mgmt_allow_policy
      class remote_access
        permit
    policy-map type loadbalance first-match ebsapp-vip-l7slb
      class default-compression-exclusion-mime-type
        serverfarm ebsppsvrfarm
      class class-default
        compress default-method deflate
        sticky-serverfarm HTTP-COOKIE
    policy-map multi-match int455
      class ebsapp-vip
        loadbalance vip inservice
        loadbalance policy ebsapp-vip-l7slb
        loadbalance vip icmp-reply active
        nat dynamic 1 vlan 455
    interface vlan 455
      ip address 172.25.45.36 255.255.255.0
      peer ip address 172.25.45.35 255.255.255.0
      access-group input ALL
      nat-pool 1 172.25.45.22 172.25.45.22 netmask 255.255.255.0 pat
      service-policy input remote_mgmt_allow_policy
      service-policy input int455
      no shutdown
    ft interface vlan 999
      ip address 10.1.1.1 255.255.255.0
      peer ip address 10.1.1.2 255.255.255.0
      no shutdown
    ft peer 1
      heartbeat interval 300
      heartbeat count 10
      ft-interface vlan 999
    ft group 1
      peer 1
      no preempt
      priority 110
      associate-context Admin
      inservice
    ip route 0.0.0.0 0.0.0.0 172.25.45.1
    Hope you will reply me soon
    Thanks....!
    -Amal-

  • Need Help for configuring Floating static route in My ASA.

    Hi All,
    I need your support for doing a floating static route in My ASA.
    I have tried this last time but i was not able to make it. But this time i have to Finish it.
    Please find our network Diagram and configuration of ASA
    route outside 0.0.0.0 0.0.0.0 6.6.6.6 1 track 1
    route outside 0.0.0.0 0.0.0.0 6.6.6.6 1
    route rOutside 0.0.0.0 0.0.0.0 3.3.3.3 10
    route inside 10.10.4.0 255.255.255.0 10.10.3.1 1
    route inside 10.10.8.0 255.255.255.0 10.10.3.1 1
    route inside 10.10.9.0 255.255.255.0 10.10.3.1 1
    route inside 10.10.15.0 255.255.255.0 10.10.3.1 1
    route rOutside x.x.x.x 255.255.255.255 5.5.5.5 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    http server enable
    http 10.10.3.77 255.255.255.255 inside
    http 10.10.8.157 255.255.255.255 inside
    http 10.10.3.59 255.255.255.255 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    sla monitor 123
    type echo protocol ipIcmpEcho 8.8.8.8 interface outside
    num-packets 3
    frequency 10
    sla monitor schedule 123 life forever start-time now
    crypto ipsec transform-set cpa esp-3des esp-md5-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map vpn_cpa 1 match address acl_cpavpn
    crypto map vpn_cpa 1 set peer a.a.a.a
    crypto map vpn_cpa 1 set transform-set abc
    crypto map vpn_cpa 1 set security-association lifetime seconds 3600
    crypto map vpn_cpa interface outside
    crypto isakmp identity address
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption 3des
    hash md5
    group 2
    lifetime 86400
    crypto isakmp policy 65535
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    track 1 rtr 123 reachability
    telnet 10.10.3.77 255.255.255.255 inside
    telnet 10.10.8.157 255.255.255.255 inside
    telnet 10.10.3.61 255.255.255.255 inside
    telnet timeout 500
    ssh timeout 5
    console timeout 0
    threat-detection basic-threat
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ntp server 10.10.3.14
    webvpn
    tunnel-group .a.a.a.a ipsec-attributes
    pre-shared-key *
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny 
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
    inspect sip 
      inspect xdmcp
    service-policy global_policy global
    smtp-server 10.10.5.11
    prompt hostname context
    Cryptochecksum:eea6e7b6efe5d1a180439658c3912942
    : end
    i think half of the configuration stil there in the ASA.
    Diagram.
    Thanks
    Roopesh

    You have missed the last command in your configuration, Please check it again
    route ISP1  0.0.0.0 0.0.0.0 6.6.6.6 track 1
    route ISP2   0.0.0.0 0.0.0.0 3.3.3.3
    sla monitor 10
    type echo protocol ipIcmpEcho 8.8.8.8 interface ISP1
    num-packets 3
    frequency 10
    sla monitor schedule 123 life forever start-time now
    track 1 rtr 123 reachability
    You can do NAT in same way, here the logical name of the interface will be different.
    Share the result
    Please rate any helpful posts.

  • ISM with NAT44 - Need help with configuration

    Hello everyone,
    I'm trying to set up NAT44 in the following scenario below and I'm having a hard time figuring out how to redirect the traffic. As you can see the big problem is that I have one single interface that connects to the internal network (10.0.0.0/8) and also to the tunnel destinations all in the same VRF. Can you guys give me a hand? The trafiic comes from network network 10.0.0.0/8 enters interface bundle-ether 2 (Now it needs to be translated), once it is translated, now it needs to reach the destination known via GRE tunnel.
    Configurations
    vrf NAT_IN
    address-family ipv4 unicast
    vrf BLUE
    address-family ipv4 unicast
    hw-module service cgn location 0/3/CPU0
    interface Bundle-Ether2
    description UPLINK TO METRO ETHERNET
    interface Bundle-Ether2.2 l2transport
    encapsulation dot1q 2
    rewrite ingress tag pop 1 symmetric
    interface GigabitEthernet200/0/0/43
    description LINK TO METRO ETHERNET
    bundle id 2 mode active
    interface GigabitEthernet300/0/0/43
    description LINK TO METRO ETHERNET
    bundle id 2 mode active
    interface BVI2
    description METRO
    vrf BLUE
    ipv4 address 100.0.0.10/24
    interface tunnel-ip 101
    description GRE_TUNNEL
    vrf BLUE
    ipv4 address 1.1.1.1/32
    tunnel mode gre ipv4
    tunnel source interface bvi 2
    tunnel destination 200.0.0.1
    interface BVI 100
    vrf BLUE
    ipv4 address [GATEWAY_100] [MASK_100]
    interface BVI 200
    vrf BLUE
    ipv4 address [GATEWAY_200] [MASK_200]
    interface BVI 300
    vrf BLUE
    ipv4 address [GATEWAY_300] [MASK_300]
    interface ServiceApp1
    vrf NAT_IN
    ipv4 address 10.0.2.1 255.255.255.252
    service cgn CGN service-type nat44
    interface ServiceApp2
    vrf BLUE
    ipv4 address 10.0.2.2 255.255.255.252
    service cgn CGN service-type nat44
    interface ServiceInfra1
    ipv4 address 10.0.3.1 255.255.255.0
    service-location 0/3/CPU0
    router static
    address-family ipv4 unicast
    vrf NAT_IN
    address-family ipv4 unicast
    0.0.0.0/0 ServiceApp1
    10.0.0.0/8 vrf BLUE bvI 2 <NEXT HOP>
    vrf BLUE
    address-family ipv4 unicast
    172.16.0.0/24 ServiceApp2
    router ospf METRO
    vrf BLUE
    router-id [ROUTER_ID]
    redistribute bgp 65500 metric 100
    area 0
    interface bvi 2
    router ospf BLUE
    vrf BLUE
    router-id [ROUTER ID]
    redistribute bgp 65500 metric 100
    area 10
    interface BVI100
    interface BVI200
    interface BVI200
    router bgp 65500
    address-family ipv4 unicast
    address-family vpnv4 unicast
    vrf BLUE
    rd 65500:2
    address-family ipv4 unicast
    redistribute static
    redistribute ospf BLUE
    neighbor 1.1.1.2
    remote-as 64512
    ebgp-multihop 5
    address-family ipv4 unicast
    route-policy PASS in
    route-policy PASS out
    service cgn CGN
    service-location preferred-active 0/3/CPU0
    service-type nat44 nat44
    portlimit 20000
    inside-vrf NAT_IN
    map outside-vrf BLUE address-pool 172.16.0.0/24
    Thanks in advance,
    Renato

    Hi Somnath,
    Let's see if you can help with this new scenario. I want to extend this NAT configuration to a new site (BO1), but instead of using this entire setup with ASR9K, etc, I just want to use ASR9000v module and have this AS9K + ISM as the host. The first problem I see in this scenario is that I have the same 10.0.0.0/8 network in both sites, network which will access the same resources as the devices in the 10.0.0.0/8 in the main site.
    1) Do you think if I create a new inside VRF [NAT_IN1] would address this issue?
    2) Can I use the same outside VRF?
    Here is the configurations.
    !! IOS XR Configuration 4.3.1
    vrf NAT_IN
    address-family ipv4 unicast
      import route-target
       65500:2
       65500:3
      export route-target
       65500:3
    vrf RED
    address-family ipv4 unicast
      import route-target
       65500:1
      export route-target
       65500:1
    vrf NAT_OUT
    address-family ipv4 unicast
      import route-target
       65500:4
      export route-target
       65500:4
    vrf SATELLITE
    vrf BLUE
    address-family ipv4 unicast
      import route-target
       65500:2
      export route-target
       65500:2
    hw-module service cgn location 0/3/CPU0
    ipv4 access-list ABF
    5 permit ospf any any
    10 permit ipv4 any 10.200.0.0 0.0.255.255 nexthop1 vrf NAT_IN ipv4 10.0.2.2
    20 permit icmp any any
    interface Bundle-Ether3
    description Uplink (BE3 - VRF NAT_IN) - VLAN 20
    vrf NAT_IN
    ipv4 address 1.1.1.1 255.255.255.0
    ipv4 access-group ABF ingress
    interface Bundle-Ether22
    description LOOPBACK CABLE NAT_OUT
    vrf NAT_OUT
    ipv4 address 10.0.1.1 255.255.255.0
    interface Bundle-Ether23
    description LOOPBACK CABLE BLUE
    vrf BLUE
    ipv4 address 10.0.1.2 255.255.255.0
    interface 6
    description Uplink  (BE6 - Global) - VLAN 20,51,80-82
    interface 6.2
    ipv4 address 1.1.1.2 255.255.255.0
    encapsulation dot1q 2
    interface 6.51 l2transport
    description EFP - BE6 - VLAN 51
    encapsulation dot1q 51
    rewrite ingress tag pop 1 symmetric
    interface 6.80 l2transport
    description EFP - BE6 - VLAN 80
    encapsulation dot1q 80
    rewrite ingress tag pop 1 symmetric
    interface 6.81 l2transport
    description EFP - BE6 - VLAN 81
    encapsulation dot1q 81
    rewrite ingress tag pop 1 symmetric
    interface 6.82 l2transport
    description EFP - BE6 - VLAN 82
    encapsulation dot1q 82
    rewrite ingress tag pop 1 symmetric
    interface Bundle-Ether100
    description Bundle to Satellite 100
    vrf SATELLITE
    ipv4 point-to-point
    ipv4 unnumbered Loopback0
    nv
      satellite-fabric-link satellite 100
       remote-ports GigabitEthernet 0/0/0-43
    interface Bundle-Ether200
    description Bundle to Satellite 200
    vrf SATELLITE
    ipv4 point-to-point
    ipv4 unnumbered Loopback0
    nv
      satellite-fabric-link satellite 200
       remote-ports GigabitEthernet 0/0/0-43
    interface Bundle-Ether300
    description Bundle to Satellite 300
    vrf SATELLITE
    ipv4 point-to-point
    ipv4 unnumbered Loopback0
    nv
      satellite-fabric-link satellite 300
       remote-ports GigabitEthernet 0/0/0-35
    interface Loopback0
    description MGMT SATELLITE
    vrf SATELLITE
    ipv4 address 10.0.0.254 255.255.255.0
    interface tunnel-ip31101
    description BLUE-TUNNEL01
    vrf BLUE
    ipv4 address 10.200.253.90 255.255.255.252
    tunnel mode gre ipv4
    tunnel source 6.2
    tunnel destination 13.13.13.13
    interface tunnel-ip31102
    description BLUE-TUNNEL02
    vrf BLUE
    ipv4 address 10.200.253.94 255.255.255.252
    tunnel mode gre ipv4
    tunnel source 6.2
    tunnel destination 14.14.14.14
    interface tunnel-ip31103
    description RED-TUNNEL03
    vrf RED
    ipv4 address 10.200.253.90 255.255.255.252
    tunnel mode gre ipv4
    tunnel source 6.2
    tunnel destination 13.13.13.13
    interface tunnel-ip31104
    description RED-TUNNEL04
    vrf RED
    ipv4 address 10.200.253.94 255.255.255.252
    tunnel mode gre ipv4
    tunnel source 6.2
    tunnel destination 14.14.14.14
    interface TenGigE0/0/0/0
    description LINK TO SATELLITE 100
    bundle id 100 mode on
    interface TenGigE0/0/0/1
    description LINK TO SATELLITE 100
    bundle id 100 mode on
    interface TenGigE0/0/0/2
    description LINK TO SATELLITE 200
    bundle id 200 mode on
    interface TenGigE0/0/0/3
    description LINK TO SATELLITE 200
    bundle id 200 mode on
    interface TenGigE0/0/0/4
    description LINK TO SATELLITE 300
    vrf SATELLITE
    ipv4 point-to-point
    ipv4 unnumbered Loopback0
    nv
      satellite-fabric-link satellite 300
       remote-ports GigabitEthernet 0/0/36-43
    interface TenGigE0/0/0/5
    description LINK TO SATELLITE 300
    bundle id 300 mode on
    interface TenGigE0/0/0/16
    description UPLINK  (BE6 - GLOBAL) - VLAN 20,51,80-82
    bundle id 6 mode active
    interface TenGigE0/1/0/16
    description UPLINK  (BE6 - GLOBAL) - VLAN 20,51,80-82
    bundle id 6 mode active
    interface TenGigE0/0/0/17
    description UPLINK  (BE3 - VRF NAT_IN) - VLAN 20
    bundle id 3 mode active
    interface TenGigE0/1/0/17
    description UPLINK  (BE3 - VRF NAT_IN) - VLAN 20
    bundle id 3 mode active
    interface TenGigE0/0/0/22
    description LOOPBACK CABLE TE0/1/0/22
    bundle id 22 mode on
    interface TenGigE0/0/0/23
    description LOOPBACK CABLE TE0/1/0/23
    bundle id 22 mode on
    interface TenGigE0/1/0/0
    description LINK TO SATELLITE 100
    bundle id 100 mode on
    interface TenGigE0/1/0/1
    description LINK TO SATELLITE 100
    bundle id 100 mode on
    interface TenGigE0/1/0/2
    description LINK TO SATELLITE 200
    bundle id 200 mode on
    interface TenGigE0/1/0/3
    description LINK TO SATELLITE 200
    bundle id 200 mode on
    interface TenGigE0/1/0/4
    description LINK TO SATELLITE 300
    bundle id 300 mode on
    interface TenGigE0/1/0/5
    description LINK TO SATELLITE 300
    bundle id 300 mode on
    interface TenGigE0/1/0/22
    description LOOPBACK CABLE TE0/0/0/22
    bundle id 23 mode on
    interface TenGigE0/1/0/23
    description LOOPBACK CABLE TE0/0/0/23
    bundle id 23 mode on
    interface BVI30
    vrf RED
    ipv4 address 10.200.25.193 255.255.255.192
    interface BVI31
    vrf BLUE
    ipv4 address 10.200.1.1 255.255.255.248
    interface BVI32
    vrf BLUE
    ipv4 address 10.200.25.129 255.255.255.224
    interface BVI33
    vrf BLUE
    ipv4 address 10.200.25.1 255.255.255.128
    interface BVI36
    vrf BLUE
    ipv4 address 10.200.237.145 255.255.255.240
    interface BVI51
    vrf RED
    ipv4 address 192.168.7.12 255.255.255.0
    interface BVI80
    vrf RED
    ipv4 address 10.200.26.169 255.255.255.224
    interface BVI81
    vrf BLUE
    ipv4 address 10.200.25.164 255.255.255.240
    interface BVI82
    vrf BLUE
    ipv4 address 10.200.25.180 255.255.255.240
    interface ServiceApp1
    description NAT_IN
    vrf NAT_IN
    ipv4 address 10.0.2.1 255.255.255.252
    service cgn CGN service-type nat44
    interface ServiceApp2
    description NAT_OUT
    vrf NAT_OUT
    ipv4 address 10.0.2.5 255.255.255.252
    service cgn CGN service-type nat44
    interface ServiceInfra1
    description ISM
    ipv4 address 10.0.3.1 255.255.255.0
    service-location 0/3/CPU0
    prefix-set PS_ROUTES
      10.200.0.8,
      10.200.5.40/29,
      10.200.1.0/29,
      10.200.5.32/29,
      10.200.0.144/28,
      10.200.106.0/28,
      10.200.106.16/28
    end-set
    prefix-set PS_BGP_BLUE_OUT
      10.200.24.192/26,
      10.200.5.40/29,
      10.200.240.0/25,
      10.200.1.0/29,
      10.200.25.128/27,
      10.200.25.0/25,
      10.200.5.32/29,
      10.200.26.0/25,
      10.200.0.144/28,
      10.200.27.128/27,
      10.200.27.0/25,
      10.200.106.0/28,
      10.200.106.128/25,
      10.200.106.16/28,
      10.200.107.128/25
    end-set
    route-policy RP_DENY_ALL
      drop
    end-policy
    route-policy RP_PASS_ALL
      pass
    end-policy
    route-policy RP_BGP_BLUE_OUT
      if destination in PS_BGP_BLUE_OUT then
        pass
      endif
    end-policy
    route-policy RP_PASS_ROUTES
      if destination in PS_ROUTES then
        pass
      endif
    end-policy
    router static
    address-family ipv4 unicast
      0.0.0.0/0 1.1.1.20
    vrf NAT_IN
      address-family ipv4 unicast
       0.0.0.0/0 ServiceApp1
    vrf RED
    vrf NAT_OUT
      address-family ipv4 unicast
       0.0.0.0/0 10.0.1.2
       10.200.24.192/26 ServiceApp2
    vrf BLUE
      address-family ipv4 unicast
       10.200.24.192/26 10.0.1.1
    router ospf
    log adjacency changes
    vrf NAT_IN
      router-id 1.1.1.1
      disable-dn-bit-check
      redistribute bgp 65500 metric 5 metric-type 2 route-policy RP_PASS_ROUTES
      area 7
       interface Bundle-Ether3
    router ospf RED
    log adjacency changes
    vrf RED
      router-id 10.200.26.169
      disable-dn-bit-check
      redistribute bgp 65500 metric 10 metric-type 2
      area 11
       interface BVI30
       interface BVI80
    router ospf BLUE
    log adjacency changes
    vrf BLUE
      router-id 10.200.25.164
      disable-dn-bit-check
      redistribute static
      redistribute bgp 65500 metric 10 metric-type 2
      area 0
       interface BVI81
       interface BVI82
      area 2
       interface BVI31
       interface BVI32
       interface BVI33
       interface BVI36
    router bgp 65500
    address-family ipv4 unicast
    address-family vpnv4 unicast
    vrf NAT_IN
      rd 65500:3
      bgp router-id 1.1.1.1
      address-family ipv4 unicast
       route-target download
    vrf RED
      rd 65500:1
      bgp router-id 10.200.253.90
      address-family ipv4 unicast
       network 10.200.25.192/26
       network 10.200.26.128/27
       network 10.200.26.192/27
       network 10.200.27.192/26
       network 10.200.104.128/27
       network 10.200.104.160/27
      neighbor 10.200.253.89
       remote-as 64512
       ebgp-multihop 5
       update-source tunnel-ip31103
       address-family ipv4 unicast
        route-policy RP_PASS_ALL in
        route-policy RP_PASS_ALL out
        soft-reconfiguration inbound
      neighbor 10.200.253.93
       remote-as 64512
       ebgp-multihop 5
       update-source tunnel-ip31104
       address-family ipv4 unicast
        route-policy RP_PASS_ALL in
        route-policy RP_PASS_ALL out
        soft-reconfiguration inbound
    vrf BLUE
      rd 65500:2
      bgp router-id 10.200.253.90
      address-family ipv4 unicast
       network 10.200.0.144/28
       network 10.200.1.0/29
       network 10.200.5.32/29
       network 10.200.5.40/29
       network 10.200.24.192/26
       network 10.200.25.0/25
       network 10.200.25.128/27
       network 10.200.26.0/25
       network 10.200.27.0/25
       network 10.200.27.128/27
       network 10.200.106.0/28
       network 10.200.106.16/28
       network 10.200.106.128/25
       network 10.200.107.128/25
       network 10.200.240.0/25
      neighbor 10.200.253.89
       remote-as 64512
       ebgp-multihop 5
       update-source tunnel-ip31101
       address-family ipv4 unicast
        route-policy RP_PASS_ALL in
        route-policy RP_BGP_BLUE_OUT out
        soft-reconfiguration inbound
      neighbor 10.200.253.93
       remote-as 64512
       ebgp-multihop 5
       update-source tunnel-ip31102
       address-family ipv4 unicast
        route-policy RP_PASS_ALL in
        route-policy RP_BGP_BLUE_OUT out
        soft-reconfiguration inbound
    l2vpn
    load-balancing flow src-dst-ip
    bridge group VLAN30
      bridge-domain VLAN30
       routed interface BVI30
    bridge group VLAN31
      bridge-domain VLAN31
       routed interface BVI31
    bridge group VLAN32
      bridge-domain VLAN32
       routed interface BVI32
    bridge group VLAN33
      bridge-domain VLAN33
       routed interface BVI33
    bridge group VLAN36
      bridge-domain VLAN36
       routed interface BVI36
    bridge group VLAN51
      bridge-domain VLAN51
       routed interface BVI51
    bridge group VLAN80
      bridge-domain VLAN80
       interface 6.80
       routed interface BVI80
    bridge group VLAN81
      bridge-domain VLAN81
       interface 6.81
       routed interface BVI81
    bridge group VLAN82
      bridge-domain VLAN82
       interface 6.82
       routed interface BVI82
    nv
    satellite 100
      type asr9000v
      ipv4 address 10.0.0.1
    satellite 200
      type asr9000v
      ipv4 address 10.0.0.2
    satellite 300
      type asr9000v
      ipv4 address 10.0.0.3
    service cgn CGN
    service-location preferred-active 0/3/CPU0
    service-type nat44 nat44
      portlimit 20000
      inside-vrf NAT_IN
       map outside-vrf NAT_OUT address-pool 10.200.24.192/26
    Thanks in advance,
    Renato

  • Need help to Configure FTPS connection for File Sender Adapter

    Hi,
    I want to Configure, FTPS connection (Secured Connection) for File Sender Adapter. Could anyone please guide me, what Information I require to configure. I just want to know what Information should I request the team inorder the configure FTPS so that it can be deployed properly.
    I have checked with [SAP Help Link|http://help.sap.com/saphelp_nw04/helpdata/EN/e3/94007075cae04f930cc4c034e411e1/content.htm] and while configuring the communication channel found that I need Keystore and the X.509 Certificate and Private Key.  which needs to be deployed on the J2EE server by using the Visual Administrator.
    Is there anything else, I need to configure.
    Any help would be appreciated in this regard.
    Thanks & Regards,
    Varun.K

    The basic things are Certificate/Keys which you already know. Usually it is enough for running a sceanrio.
    However, if you have additional requirements, like FTPS for "Connection Security" for encryption, then you may need additional details like commands. Rest all settings are same as FTP.
    Regards,
    Prateek

  • Need Help on Configurations of Data Services on IBM AIX Platform

    Hi All,
    We are in the process of installing Data Services XI 3.2 on IBM AIX platform.We are having some showstoppers which we are not able to resolve.
    It would be of great help to us if anyone can give some inputs.
    Lanscape:
    Data services server: Server A
    OS - AIBM AIX
    DB2 Database: Server B
    OS - AIBM AIX
    Activities Performed till now on DB2 Side:
    Multi user development:
    1.       Created 2 DBu2019s on Server B
    ·          REPO_CR (Central Repository u2013 Which is used for multi-user environment).
    ·          REPO_LR (Local Repository u2013 Which is used for actual development like login and build   jobs).
    2.       Created multiple schemas under REPO_LR(One Schema for each user).
    ·          User1, User2, User3, etcu2026 (These schemas can hold metadata of Data Services XI which can be used for reference).
    Each and every schema should have itu2019s their own user name and password
    Activities Performed till now on Data Services Side:
    1.Installed Dataservices
    Activities Yet to be done on Data Services Side:
    1.Configure Repository manager (Create central repository REPO_CR of type sucure using repository manager)
    2.Configure Job Server(Create a Job server and assign the local repository REPO_LR to the same)
    Issues:
    While creating the central repository usning the below command:
    ./repoman -UCRREP -Ppassword -SServer B -NDB2 -QREPO_CR -tcentral -c -a -d
    an error ocurred as :"Error while creating the Local Repository"
    I think we are getting this error because of some connectivity issue between DB2 server and Data services Server.
    Please share all of your valuable thoughts.
    Note:Our DB2 admin said we cannot create any ODBC connections on AIX platform
    Thanks,
    Muni

    the arguments that you are passing to repoman are not correct, if your server name has space then you should enclose that in quotes, else it will be treated as 2 arguments, you are passing -SServer B it should be -S"Server B"
    -SServer B
    I don't think you need to pass -Q option for DB2, its required only for Sybase Repo
    for DB2 you will have to install the DB2 Client, and create a Node and Catalog the database on that node
    if you are able to open DB2 command prompt form the unix and use that database, then try using the following args to create DB2 Repo
    -Uusername -Ppassword -NDB2 -SDBName -tcentral -c -a -d
    or better use Repository Manager from Windows to create repos

  • New to sap - need help in configure backup strategy for SAP XI server.

    hi gurus
    being a netweaver guy, recently i have been given  the responsibility of few basis activities.like database backup.
    can any one tell me clear procedure to take both daily online and weekend full offline backup of oracle in to disk first and then to tape.   i have seen in the internet  material few discussing about brbackup and few about sap DB13. i am totally confused which one to use, and which is good. please help
    akhil

    Hi,
    welcome on board as SAP Netweaver guy,
    don't be confused both DB13 and BRtools are the same both of them will call brbackup.
    to configure the brtools you have to change in your brtools profiles located at  %ORACLE_HOME%/dbs
    please before changing any thing take backup from that folder.
    - to take the backup to disk then to tape you will need extra backup software, because using the SAP slandered tools you have to select either Disk or Tape.
    Thanks
    Sherif

  • Need help in configuring Cisco AP to support EAP authentication

    Hello all,
    in desperation after trying for more than 3 weeks, I am trying in this way to get a solution to my following problem.
    I am trying to build up as 802.1x scenario using 802.11b infrastructure (RADIUS server, Cisco 1100 Aironet AP, Cisco PCMCIA WLAN card with Xsupplicant software, the complete OS is Linux). I am trying to use EAP-MD5 authentication. It seems that the things are funtioning in standalone mode.
    The client wants to authenticate to access WLAN. It sends EAPoL start packet and gets a request from AP for user identity. Good. Then the user sends his identity with EAP packet. The Cisco AP is forwarding the request to RDAIUS server as specified in many documents. It is also Good. RADIUS server is sending a request for challenge (Password). Upto this point things are gooing fine.
    Now the Cisco AP is not sending this challenge to the
    Xsupplicant, it is just ignoring it. Can any one help me in this point. If needed I can also send the configuration file of the AP.
    I would be very thankful, if I could solve this Problem with your support.
    Thanking you in advance,
    Felix

    As per the RFC for RADIUS, a RADIUS Server receiving an Access-Request with a Message- Authenticator Attribute present MUST calculate the correct value of the Message-Authenticator and silently discard the packet if it does not match the value sent. A RADIUS Client receiving an Access-Accept, Access-Reject or Access-Challenge with a Message-Authenticator Attribute present MUST calculate the correct value of the Message-Authenticator and silently discard the packet if it does not match the value sent.

  • Need help regarding configuring the WebService Call from RTD to Siebel

    Hi All,
    Can someone help me with the information on how do i configure a Webservice Call from RTD to Siebel?
    Any high-level or granular details on this would be very helpful as I am new working on this product. How can a jax-ws be utilized to achieve the same?
    Thanks in advance.
    Best Regards,
    Hariharan

    If you actually need a portal service though, this will not work. However, you could have the portal service return a Document object, which is basically the text of the HTML file you want to display. Then, when calling the portal service, you can simply output the text to the IPortalComponentResponse object
    I hope this helps
    Darrell

  • Need help with configuration

    I'm new to Cisco and we just took over a client with an ASA 5505 I need to do 2 things first
    I  need to know how to open or forward ports to an internal IP address   they want me to open ports 3389 and 1433 to an internal address   192.168.192.52
    but only from       207.235.73.64 and 255.255.255.192
                                  40.143.46.64 and 255.255.255.192
    o      and
          66.192.91.128 and 255.255.255.192
          40.143.28.64 and 255.255.255.192
    And  second Id link to getb the ASDM downlaoded and working as I;ve used  that before in other offices and it helps me out as a non cisco expert. I  try going to the device IP in a browser 192.168.192.1/admin and just  get a prompt for username and password but it doesn;t take the one I  have. Here is the config on the device right now. Any help you guys can  point me to Id appreciate. 4 hours of Google research has gotten me no  where
    sho run
    : Saved
    ASA Version 7.2(3)
    hostname vmine
    domain-name mine
    enable password CyQcVKTj6CW8.Vsj encrypted
    names
    interface Vlan1
    nameif inside
    security-level 100
    ip address 192.168.192.1 255.255.255.0
    interface Vlan2
    nameif outside
    security-level 0
    ip address x.x.x.x 255.255.255.248
    interface Vlan3
    mac-address 001f.6ce3.bd99
    no forward interface Vlan1
    nameif guest
    security-level 10
    ip address 205.10.2.1 255.255.255.0
    interface Ethernet0/0
    description Internet-Connection
    switchport access vlan 2
    interface Ethernet0/1
    description Connection to Inside Network
    speed 100
    duplex full
    interface Ethernet0/2
    shutdown
    interface Ethernet0/3
    switchport access vlan 2
    interface Ethernet0/4
    switchport access vlan 3
    interface Ethernet0/5
    description Connection to Public Network
    switchport access vlan 3
    speed 100
    duplex full
    interface Ethernet0/6
    shutdown
    interface Ethernet0/7
    shutdown
    passwd CyQcVKTj6CW8.Vsj encrypted
    ftp mode passive
    dns server-group DefaultDNS
    domain-name domain
    access-list guest extended permit icmp any any
    access-list guest extended permit ip any any
    access-list inside extended permit icmp any any
    access-list inside extended permit ip any any
    access-list outside extended permit icmp any any echo-reply
    access-list outside extended permit tcp any any eq 8440
    access-list nonat extended permit ip 192.168.192.0 255.255.255.0 192.168.252.0 255.255.255.0
    access-list outside-in extended permit tcp any any eq https
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    access-list outside-in extended permit tcp host x.x.x.x any eq 1433
    pager lines 24
    logging enable
    logging buffer-size 16384
    logging buffered informational
    mtu inside 1500
    mtu outside 1500
    mtu guest 1500
    ip local pool vpn-ip 192.168.252.1-192.168.252.
    10
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm.bin
    no asdm history enable
    arp timeout 14400
    global (outside) 1 x.x.x.x
    global (outside) 2 x.x.x.x
    nat (inside) 0 access-list nonat
    nat (inside) 1 192.168.192.0 255.255.255.0
    nat (guest) 2 205.10.2.0 255.255.255.0
    static (inside,outside) tcp interface www 192.168.192.170 www netmask 255.255.255.255
    static (inside,outside) tcp interface https 192.168.192.170 https netmask 255.255.255.255
    static (inside,outside) x.x.x.x 192.168.192.52 netmask 255.255.255.255
    access-group inside in interface inside
    access-group outside-in in interface outside
    access-group guest in interface guest
    route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout uauth 0:05:00 absolute
    http server enable
    http 0.0.0.0 0.0.0.0 inside
    http 192.168.192.0 255.255.255.0 inside
    snmp-server host inside 192.168.192.10 poll community ciscosnmp
    snmp-server location PIX
    no snmp-server contact
    snmp-server community ciscosnmp
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    snmp-server enable traps syslog
    crypto ipsec transform-set DES-MD5 esp-des esp-md5-hmac
    crypto dynamic-map dynvpn 10 set transform-set DES-MD5
    crypto map vpn 65535 ipsec-isakmp dynamic dynvpn
    crypto map vpn interface outside
    crypto isakmp identity address
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption des
    hash md5
    group 2
    lifetime 28800
    crypto isakmp nat-traversal  20
    telnet timeout 5
    ssh 0.0.0.0 0.0.0.0 inside
    ssh 0.0.0.0 0.0.0.0 outside
    ssh timeout 30
    console timeout 0
    dhcpd dns 209.253.113.10 209.253.113.18
    dhcpd address 205.10.2.10-205.10.2.99 guest
    dhcpd dns 209.253.113.10 209.253.113.18 interface guest
    dhcpd enable guest
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
      inspect ipsec-pass-thru
    service-policy global_policy global
    group-policy RA-VPN internal
    group-policy RA-VPN attributes
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value nonat
    username VMRemote password .RSNgq92vZTSELWV encrypted
    username VMRemote attributes
    vpn-group-policy RA-VPN
    username VMVPN password jSqp8CjjxHhRa6jk encrypted
    username kernels password jDS98nJtthzlEvw5 encrypted
    tunnel-group VMVPN type ipsec-ra
    tunnel-group VMVPN general-attributes
    address-pool vpn-ip
    tunnel-group VMVPN ipsec-attributes
    pre-shared-key *
    prompt hostname context
    Cryptochecksum:52c3d65fc1111c561b1598cc341dc6d5
    : end

    Hi,
    As per your 1st query , I think he Static NAT should work fine.
    To restrict the access from the outside only for certain IP , you can use Source Based ACL:-
    access-list outside-in extended permit tcp 207.235.73.64 255.255.255.192 host x.x.x.x eq 3389
    access-list outside-in extended permit tcp 40.143.46.64 255.255.255.192 host x.x.x.x eq 3389
    access-list outside-in extended permit tcp 66.192.91.128 255.255.255.192 host x.x.x.x eq 3389
    access-list outside-in extended permit tcp 40.143.28.64 255.255.255.192 host x.x.x.x eq 3389
    access-list outside-in extended permit tcp 207.235.73.64 255.255.255.192 host x.x.x.x eq 1433
    access-list outside-in extended permit tcp 40.143.46.64 255.255.255.192 host x.x.x.x eq 1433
    access-list outside-in extended permit tcp 66.192.91.128 255.255.255.192 host x.x.x.x eq 1433
    access-list outside-in extended permit tcp 40.143.28.64 255.255.255.192 host x.x.x.x eq 1433
    If you would like to use the LOCAL username and Passowrd on the ASA:-
    aaa authentication http console LOCAL
    Thanks and Regards,
    Vibhor

  • Need help to configure my mac...

    Hi, guys! So my Mac finally arrived yesterday and now I´m officially a happy mac user!
    However, as a new one, I need some help getting around... So I have 2 questions:
    1) is there any special configuration I should use to make it faster? Let me explain myself better: before I bought my macbook, I tried one out at my local store (an i5, 320 HDD, 4Gb RAM) and it was so fast it impressed me! Iphoto, for instance, would launch faster than I could blink, it was incredibily fast. Mty macbook, however, is not that fast (even though it´s an i7...). Iphoto will take about 6-8 seconds to launch in my own computer (and pictures are not even there yet!), which is a serious delay compared to what I´ve seen at store, so I wonder if that´s a misconfiguration issue, something I´m doing wrong... By the way, all the software installed in the machine is up-to-date.
    2) my screen is high resolution and pictures/images look great on it, but the fonts seem to be too small. I have looked around but couldn´t find an option to keep the maximum video resolution while making fonts a little bigger at the same time. Is there a way to do that like there is in windows?
    Ok, so thank you for reading, I really appreciate any help I can get!
    Cheers,
    Renata

    1) is there any special configuration I should use to make it faster? Let me explain myself better: before I bought my macbook, I tried one out at my local store (an i5, 320 HDD, 4Gb RAM) and it was so fast it impressed me! Iphoto, for instance, would launch faster than I could blink, it was incredibily fast. Mty macbook, however, is not that fast (even though it´s an i7...). Iphoto will take about 6-8 seconds to launch in my own computer (and pictures are not even there yet!), which is a serious delay compared to what I´ve seen at store, so I wonder if that´s a misconfiguration issue, something I´m doing wrong... By the way, all the software installed in the machine is up-to-date.
    Number one, do not buy cache cleaning software. This will actually slow your system down.
    Number two, keep at least two copies of your data at all times*:
    http://www.macmaps.com/backup.html
    Once you are happy with your backup, leave your machine on overnight. This runs scripts you can also run with tools such as Macjanitor or Anacron manually.
    Occassionally you might want to check your directory status*:
    http://www.macmaps.com/directoryfaq.html
    Don't let your system get too full*:
    http://www.macmaps.com/diskfull.html
    Run the hardware test that came with your system while it is still under warranty.
    http://support.apple.com/kb/HT1509
    Buy AppleCare in the first year, so you have warranty for three years from date of computer's purchase.
    Apple menu -> System Preferences -> Displays lets you change the screen resolution an color tone of your machine for better legibility.
    Apple menu -> System Preferences -> Universal Access has a magnification feature if it is still is illegible.
    - * Links to my pages may give me compensation.
    Message was edited by: a brody

  • Need help with configuring QoS

    Hello,
    We are in the process of implementing MPLS for our WAN links so that we can run VoIP between 9 locations in the USA and I have lots of questions regarding how to configure QoS.
    We have a dedicated E1 connection to our headquarters in Germany. This location houses all of our SAP servers.
    In each location in the US, we will be using Avaya IP telephones and media gateways for voice communications. We also have some Polycom units in the field for video confererncing.
    How would I begin to configure QoS for these network connections.
    I was planning on using IP precedence or DSCP for marking the traffic and prioritizing as follows.
    Highest Priority: Voice and video
    2nd Highest: SAP and Oracle traffic
    Default priority: Lotus notes, www access
    Here are some questions that I have:
    1- For voice/video, which DSCP values or IP precedence values do I use?
    2- How do I assign voice/video to the LLQ queue?
    3- For SAP, what is the best way to mark the SAP traffic? From my understanding, SAP uses a variety of ports.
    4- For SAP and Oracle, should I use the CBWFQ queus? Is that preferable over other queues for this traffic?
    5- Should I make another classification of traffic for things like signaling for Voice and TFTP/FTP?
    6- If so for #5, what IP precedence/DSCP value(s) should I use and which queuing mechanism should I use?
    Thanks for the help in advance. At this point, you can probably tell that I am a newbie to QoS.
    Pete

    I can answer a few since i have a ton of avaya ip phones deployed.
    1)personally i leave both bearer and signaling in same queue at 46 (Diffserv) and 5 (COS) Video would be 40/4.
    2)sample config:
    class-map match-all voip-fr
    match ip dscp 46 (all traffic that have DSCP 46)
    class-map match-all vovid-fr
    match ip dscp 40(all traffic that have DSCP 40)
    policy-map llq
    class voip-fr
    priority 100 (Reserve 100Kbps priority bw for DSCP 46)
    class vovid-fr
    bandwidth 300 (Reserve 300Kbps non-priority bw for DSCP 40)
    class class-default
    fair-queue
    Serial Interface 0/0
    service-policy output llq (Apply policy map to voice and signaling
    traffic)
    5) nope. leave tftp and data in the default queue
    Also, since you are deploying Avaya IPT make sure you look at this document. great document i used.
    http://support.avaya.com/elmodocs2/comm_mgr/r3_1/pdfs/245600_4_2.pdf

Maybe you are looking for

  • Page Up and Down with space bar

    After I installed Safari 3.0.5, when I press the space bar typing this post, the web page goes down. I want to know if somebody else get the same problem, and how do I prevent that? or maybe is a new bug. With Safari 3.0.4 this keyboard shortcut work

  • 2008 Mac Mini - what webcam can I buy for this computer?????

    OMG help me. I have a 2008 Mac Mini - I need to skype and have tried a few webcams that either just don't work or there is no sound - I understand it nees to be the correct kind for mac... so what webcam can I use on this computer I've been researchi

  • Which migration path would you pick?

    You have 2 instances of DBMS with multiple applications attached to them: one is Oracle and the other is SQL Server. They evolved over the years from different organizations serving the same types of clientele but the clientele are disjoint. What wou

  • Attribute unit in query

    Hi gurus, In my query, i have used the keyfigure attribute. on the attribute i have created the formula variable. moving price is the attribute with unit USD price unit is the other attribute with unit LB i have created two formula variable with repl

  • Find out from which table a ES gets his data

    Hello, I'm now asking myself (for a couple of hours) how I can find out from which table(s) a Enterprise Service gets his data. I don't find any hint about this on ES Workplace, sproxy or soamanager. Has anyone a usefull hint for me?