Need help with configuring a particular setting on SF300-08

Similar Messages

• ISM with NAT44 - Need help with configuration

  Hello everyone,
  I'm trying to set up NAT44 in the following scenario below and I'm having a hard time figuring out how to redirect the traffic. As you can see the big problem is that I have one single interface that connects to the internal network (10.0.0.0/8) and also to the tunnel destinations all in the same VRF. Can you guys give me a hand? The trafiic comes from network network 10.0.0.0/8 enters interface bundle-ether 2 (Now it needs to be translated), once it is translated, now it needs to reach the destination known via GRE tunnel.
  Configurations
  vrf NAT_IN
  address-family ipv4 unicast
  vrf BLUE
  address-family ipv4 unicast
  hw-module service cgn location 0/3/CPU0
  interface Bundle-Ether2
  description UPLINK TO METRO ETHERNET
  interface Bundle-Ether2.2 l2transport
  encapsulation dot1q 2
  rewrite ingress tag pop 1 symmetric
  interface GigabitEthernet200/0/0/43
  description LINK TO METRO ETHERNET
  bundle id 2 mode active
  interface GigabitEthernet300/0/0/43
  description LINK TO METRO ETHERNET
  bundle id 2 mode active
  interface BVI2
  description METRO
  vrf BLUE
  ipv4 address 100.0.0.10/24
  interface tunnel-ip 101
  description GRE_TUNNEL
  vrf BLUE
  ipv4 address 1.1.1.1/32
  tunnel mode gre ipv4
  tunnel source interface bvi 2
  tunnel destination 200.0.0.1
  interface BVI 100
  vrf BLUE
  ipv4 address [GATEWAY_100] [MASK_100]
  interface BVI 200
  vrf BLUE
  ipv4 address [GATEWAY_200] [MASK_200]
  interface BVI 300
  vrf BLUE
  ipv4 address [GATEWAY_300] [MASK_300]
  interface ServiceApp1
  vrf NAT_IN
  ipv4 address 10.0.2.1 255.255.255.252
  service cgn CGN service-type nat44
  interface ServiceApp2
  vrf BLUE
  ipv4 address 10.0.2.2 255.255.255.252
  service cgn CGN service-type nat44
  interface ServiceInfra1
  ipv4 address 10.0.3.1 255.255.255.0
  service-location 0/3/CPU0
  router static
  address-family ipv4 unicast
  vrf NAT_IN
  address-family ipv4 unicast
  0.0.0.0/0 ServiceApp1
  10.0.0.0/8 vrf BLUE bvI 2 <NEXT HOP>
  vrf BLUE
  address-family ipv4 unicast
  172.16.0.0/24 ServiceApp2
  router ospf METRO
  vrf BLUE
  router-id [ROUTER_ID]
  redistribute bgp 65500 metric 100
  area 0
  interface bvi 2
  router ospf BLUE
  vrf BLUE
  router-id [ROUTER ID]
  redistribute bgp 65500 metric 100
  area 10
  interface BVI100
  interface BVI200
  interface BVI200
  router bgp 65500
  address-family ipv4 unicast
  address-family vpnv4 unicast
  vrf BLUE
  rd 65500:2
  address-family ipv4 unicast
  redistribute static
  redistribute ospf BLUE
  neighbor 1.1.1.2
  remote-as 64512
  ebgp-multihop 5
  address-family ipv4 unicast
  route-policy PASS in
  route-policy PASS out
  service cgn CGN
  service-location preferred-active 0/3/CPU0
  service-type nat44 nat44
  portlimit 20000
  inside-vrf NAT_IN
  map outside-vrf BLUE address-pool 172.16.0.0/24
  Thanks in advance,
  Renato

  Hi Somnath,
  Let's see if you can help with this new scenario. I want to extend this NAT configuration to a new site (BO1), but instead of using this entire setup with ASR9K, etc, I just want to use ASR9000v module and have this AS9K + ISM as the host. The first problem I see in this scenario is that I have the same 10.0.0.0/8 network in both sites, network which will access the same resources as the devices in the 10.0.0.0/8 in the main site.
  1) Do you think if I create a new inside VRF [NAT_IN1] would address this issue?
  2) Can I use the same outside VRF?
  Here is the configurations.
  !! IOS XR Configuration 4.3.1
  vrf NAT_IN
  address-family ipv4 unicast
    import route-target
     65500:2
     65500:3
    export route-target
     65500:3
  vrf RED
  address-family ipv4 unicast
    import route-target
     65500:1
    export route-target
     65500:1
  vrf NAT_OUT
  address-family ipv4 unicast
    import route-target
     65500:4
    export route-target
     65500:4
  vrf SATELLITE
  vrf BLUE
  address-family ipv4 unicast
    import route-target
     65500:2
    export route-target
     65500:2
  hw-module service cgn location 0/3/CPU0
  ipv4 access-list ABF
  5 permit ospf any any
  10 permit ipv4 any 10.200.0.0 0.0.255.255 nexthop1 vrf NAT_IN ipv4 10.0.2.2
  20 permit icmp any any
  interface Bundle-Ether3
  description Uplink (BE3 - VRF NAT_IN) - VLAN 20
  vrf NAT_IN
  ipv4 address 1.1.1.1 255.255.255.0
  ipv4 access-group ABF ingress
  interface Bundle-Ether22
  description LOOPBACK CABLE NAT_OUT
  vrf NAT_OUT
  ipv4 address 10.0.1.1 255.255.255.0
  interface Bundle-Ether23
  description LOOPBACK CABLE BLUE
  vrf BLUE
  ipv4 address 10.0.1.2 255.255.255.0
  interface 6
  description Uplink  (BE6 - Global) - VLAN 20,51,80-82
  interface 6.2
  ipv4 address 1.1.1.2 255.255.255.0
  encapsulation dot1q 2
  interface 6.51 l2transport
  description EFP - BE6 - VLAN 51
  encapsulation dot1q 51
  rewrite ingress tag pop 1 symmetric
  interface 6.80 l2transport
  description EFP - BE6 - VLAN 80
  encapsulation dot1q 80
  rewrite ingress tag pop 1 symmetric
  interface 6.81 l2transport
  description EFP - BE6 - VLAN 81
  encapsulation dot1q 81
  rewrite ingress tag pop 1 symmetric
  interface 6.82 l2transport
  description EFP - BE6 - VLAN 82
  encapsulation dot1q 82
  rewrite ingress tag pop 1 symmetric
  interface Bundle-Ether100
  description Bundle to Satellite 100
  vrf SATELLITE
  ipv4 point-to-point
  ipv4 unnumbered Loopback0
  nv
    satellite-fabric-link satellite 100
     remote-ports GigabitEthernet 0/0/0-43
  interface Bundle-Ether200
  description Bundle to Satellite 200
  vrf SATELLITE
  ipv4 point-to-point
  ipv4 unnumbered Loopback0
  nv
    satellite-fabric-link satellite 200
     remote-ports GigabitEthernet 0/0/0-43
  interface Bundle-Ether300
  description Bundle to Satellite 300
  vrf SATELLITE
  ipv4 point-to-point
  ipv4 unnumbered Loopback0
  nv
    satellite-fabric-link satellite 300
     remote-ports GigabitEthernet 0/0/0-35
  interface Loopback0
  description MGMT SATELLITE
  vrf SATELLITE
  ipv4 address 10.0.0.254 255.255.255.0
  interface tunnel-ip31101
  description BLUE-TUNNEL01
  vrf BLUE
  ipv4 address 10.200.253.90 255.255.255.252
  tunnel mode gre ipv4
  tunnel source 6.2
  tunnel destination 13.13.13.13
  interface tunnel-ip31102
  description BLUE-TUNNEL02
  vrf BLUE
  ipv4 address 10.200.253.94 255.255.255.252
  tunnel mode gre ipv4
  tunnel source 6.2
  tunnel destination 14.14.14.14
  interface tunnel-ip31103
  description RED-TUNNEL03
  vrf RED
  ipv4 address 10.200.253.90 255.255.255.252
  tunnel mode gre ipv4
  tunnel source 6.2
  tunnel destination 13.13.13.13
  interface tunnel-ip31104
  description RED-TUNNEL04
  vrf RED
  ipv4 address 10.200.253.94 255.255.255.252
  tunnel mode gre ipv4
  tunnel source 6.2
  tunnel destination 14.14.14.14
  interface TenGigE0/0/0/0
  description LINK TO SATELLITE 100
  bundle id 100 mode on
  interface TenGigE0/0/0/1
  description LINK TO SATELLITE 100
  bundle id 100 mode on
  interface TenGigE0/0/0/2
  description LINK TO SATELLITE 200
  bundle id 200 mode on
  interface TenGigE0/0/0/3
  description LINK TO SATELLITE 200
  bundle id 200 mode on
  interface TenGigE0/0/0/4
  description LINK TO SATELLITE 300
  vrf SATELLITE
  ipv4 point-to-point
  ipv4 unnumbered Loopback0
  nv
    satellite-fabric-link satellite 300
     remote-ports GigabitEthernet 0/0/36-43
  interface TenGigE0/0/0/5
  description LINK TO SATELLITE 300
  bundle id 300 mode on
  interface TenGigE0/0/0/16
  description UPLINK  (BE6 - GLOBAL) - VLAN 20,51,80-82
  bundle id 6 mode active
  interface TenGigE0/1/0/16
  description UPLINK  (BE6 - GLOBAL) - VLAN 20,51,80-82
  bundle id 6 mode active
  interface TenGigE0/0/0/17
  description UPLINK  (BE3 - VRF NAT_IN) - VLAN 20
  bundle id 3 mode active
  interface TenGigE0/1/0/17
  description UPLINK  (BE3 - VRF NAT_IN) - VLAN 20
  bundle id 3 mode active
  interface TenGigE0/0/0/22
  description LOOPBACK CABLE TE0/1/0/22
  bundle id 22 mode on
  interface TenGigE0/0/0/23
  description LOOPBACK CABLE TE0/1/0/23
  bundle id 22 mode on
  interface TenGigE0/1/0/0
  description LINK TO SATELLITE 100
  bundle id 100 mode on
  interface TenGigE0/1/0/1
  description LINK TO SATELLITE 100
  bundle id 100 mode on
  interface TenGigE0/1/0/2
  description LINK TO SATELLITE 200
  bundle id 200 mode on
  interface TenGigE0/1/0/3
  description LINK TO SATELLITE 200
  bundle id 200 mode on
  interface TenGigE0/1/0/4
  description LINK TO SATELLITE 300
  bundle id 300 mode on
  interface TenGigE0/1/0/5
  description LINK TO SATELLITE 300
  bundle id 300 mode on
  interface TenGigE0/1/0/22
  description LOOPBACK CABLE TE0/0/0/22
  bundle id 23 mode on
  interface TenGigE0/1/0/23
  description LOOPBACK CABLE TE0/0/0/23
  bundle id 23 mode on
  interface BVI30
  vrf RED
  ipv4 address 10.200.25.193 255.255.255.192
  interface BVI31
  vrf BLUE
  ipv4 address 10.200.1.1 255.255.255.248
  interface BVI32
  vrf BLUE
  ipv4 address 10.200.25.129 255.255.255.224
  interface BVI33
  vrf BLUE
  ipv4 address 10.200.25.1 255.255.255.128
  interface BVI36
  vrf BLUE
  ipv4 address 10.200.237.145 255.255.255.240
  interface BVI51
  vrf RED
  ipv4 address 192.168.7.12 255.255.255.0
  interface BVI80
  vrf RED
  ipv4 address 10.200.26.169 255.255.255.224
  interface BVI81
  vrf BLUE
  ipv4 address 10.200.25.164 255.255.255.240
  interface BVI82
  vrf BLUE
  ipv4 address 10.200.25.180 255.255.255.240
  interface ServiceApp1
  description NAT_IN
  vrf NAT_IN
  ipv4 address 10.0.2.1 255.255.255.252
  service cgn CGN service-type nat44
  interface ServiceApp2
  description NAT_OUT
  vrf NAT_OUT
  ipv4 address 10.0.2.5 255.255.255.252
  service cgn CGN service-type nat44
  interface ServiceInfra1
  description ISM
  ipv4 address 10.0.3.1 255.255.255.0
  service-location 0/3/CPU0
  prefix-set PS_ROUTES
    10.200.0.8,
    10.200.5.40/29,
    10.200.1.0/29,
    10.200.5.32/29,
    10.200.0.144/28,
    10.200.106.0/28,
    10.200.106.16/28
  end-set
  prefix-set PS_BGP_BLUE_OUT
    10.200.24.192/26,
    10.200.5.40/29,
    10.200.240.0/25,
    10.200.1.0/29,
    10.200.25.128/27,
    10.200.25.0/25,
    10.200.5.32/29,
    10.200.26.0/25,
    10.200.0.144/28,
    10.200.27.128/27,
    10.200.27.0/25,
    10.200.106.0/28,
    10.200.106.128/25,
    10.200.106.16/28,
    10.200.107.128/25
  end-set
  route-policy RP_DENY_ALL
    drop
  end-policy
  route-policy RP_PASS_ALL
    pass
  end-policy
  route-policy RP_BGP_BLUE_OUT
    if destination in PS_BGP_BLUE_OUT then
      pass
    endif
  end-policy
  route-policy RP_PASS_ROUTES
    if destination in PS_ROUTES then
      pass
    endif
  end-policy
  router static
  address-family ipv4 unicast
    0.0.0.0/0 1.1.1.20
  vrf NAT_IN
    address-family ipv4 unicast
     0.0.0.0/0 ServiceApp1
  vrf RED
  vrf NAT_OUT
    address-family ipv4 unicast
     0.0.0.0/0 10.0.1.2
     10.200.24.192/26 ServiceApp2
  vrf BLUE
    address-family ipv4 unicast
     10.200.24.192/26 10.0.1.1
  router ospf
  log adjacency changes
  vrf NAT_IN
    router-id 1.1.1.1
    disable-dn-bit-check
    redistribute bgp 65500 metric 5 metric-type 2 route-policy RP_PASS_ROUTES
    area 7
     interface Bundle-Ether3
  router ospf RED
  log adjacency changes
  vrf RED
    router-id 10.200.26.169
    disable-dn-bit-check
    redistribute bgp 65500 metric 10 metric-type 2
    area 11
     interface BVI30
     interface BVI80
  router ospf BLUE
  log adjacency changes
  vrf BLUE
    router-id 10.200.25.164
    disable-dn-bit-check
    redistribute static
    redistribute bgp 65500 metric 10 metric-type 2
    area 0
     interface BVI81
     interface BVI82
    area 2
     interface BVI31
     interface BVI32
     interface BVI33
     interface BVI36
  router bgp 65500
  address-family ipv4 unicast
  address-family vpnv4 unicast
  vrf NAT_IN
    rd 65500:3
    bgp router-id 1.1.1.1
    address-family ipv4 unicast
     route-target download
  vrf RED
    rd 65500:1
    bgp router-id 10.200.253.90
    address-family ipv4 unicast
     network 10.200.25.192/26
     network 10.200.26.128/27
     network 10.200.26.192/27
     network 10.200.27.192/26
     network 10.200.104.128/27
     network 10.200.104.160/27
    neighbor 10.200.253.89
     remote-as 64512
     ebgp-multihop 5
     update-source tunnel-ip31103
     address-family ipv4 unicast
      route-policy RP_PASS_ALL in
      route-policy RP_PASS_ALL out
      soft-reconfiguration inbound
    neighbor 10.200.253.93
     remote-as 64512
     ebgp-multihop 5
     update-source tunnel-ip31104
     address-family ipv4 unicast
      route-policy RP_PASS_ALL in
      route-policy RP_PASS_ALL out
      soft-reconfiguration inbound
  vrf BLUE
    rd 65500:2
    bgp router-id 10.200.253.90
    address-family ipv4 unicast
     network 10.200.0.144/28
     network 10.200.1.0/29
     network 10.200.5.32/29
     network 10.200.5.40/29
     network 10.200.24.192/26
     network 10.200.25.0/25
     network 10.200.25.128/27
     network 10.200.26.0/25
     network 10.200.27.0/25
     network 10.200.27.128/27
     network 10.200.106.0/28
     network 10.200.106.16/28
     network 10.200.106.128/25
     network 10.200.107.128/25
     network 10.200.240.0/25
    neighbor 10.200.253.89
     remote-as 64512
     ebgp-multihop 5
     update-source tunnel-ip31101
     address-family ipv4 unicast
      route-policy RP_PASS_ALL in
      route-policy RP_BGP_BLUE_OUT out
      soft-reconfiguration inbound
    neighbor 10.200.253.93
     remote-as 64512
     ebgp-multihop 5
     update-source tunnel-ip31102
     address-family ipv4 unicast
      route-policy RP_PASS_ALL in
      route-policy RP_BGP_BLUE_OUT out
      soft-reconfiguration inbound
  l2vpn
  load-balancing flow src-dst-ip
  bridge group VLAN30
    bridge-domain VLAN30
     routed interface BVI30
  bridge group VLAN31
    bridge-domain VLAN31
     routed interface BVI31
  bridge group VLAN32
    bridge-domain VLAN32
     routed interface BVI32
  bridge group VLAN33
    bridge-domain VLAN33
     routed interface BVI33
  bridge group VLAN36
    bridge-domain VLAN36
     routed interface BVI36
  bridge group VLAN51
    bridge-domain VLAN51
     routed interface BVI51
  bridge group VLAN80
    bridge-domain VLAN80
     interface 6.80
     routed interface BVI80
  bridge group VLAN81
    bridge-domain VLAN81
     interface 6.81
     routed interface BVI81
  bridge group VLAN82
    bridge-domain VLAN82
     interface 6.82
     routed interface BVI82
  nv
  satellite 100
    type asr9000v
    ipv4 address 10.0.0.1
  satellite 200
    type asr9000v
    ipv4 address 10.0.0.2
  satellite 300
    type asr9000v
    ipv4 address 10.0.0.3
  service cgn CGN
  service-location preferred-active 0/3/CPU0
  service-type nat44 nat44
    portlimit 20000
    inside-vrf NAT_IN
     map outside-vrf NAT_OUT address-pool 10.200.24.192/26
  Thanks in advance,
  Renato

• Need help with Different approaches to setting variables in a Flash movie in Adobe Flash CS3 Professional Version

  Hi,
  I'm using Adobe Flash CS3 Professional version of Flash
  software,
  I need help and guidance on
  Different approaches to setting variables in a Flash movie,
  what I should do in the fla file, and in the html file.
  Thanks, Gil

  Hi petro_jemes,
  Just a little claritification, you need to add the value to the variable "[string]$ou", and also change the language in the variable "$emailbody" in the function "Get-ADUserPasswordExpirationDate".
  I hope this helps.

• Need help with configuring a Printer Driver in Oracle apps

  Hi,
  We have set of interfaces/concurrent jobs which are programed to send the output file to file location1. Now we need to direct the output for all these jobs to file location2. The idea is to not modify the existing code, but have configuration in place which will re-direct the output files to the new “file location2”, once the concurrent job run is complete.
  We have come across “Using Dummy Printer driver” option wherein we created a dummy printer driver with arguments as below and attached this printer to all these concurrent jobs.
  mv <file location1>/$PROFILES$.TITLE <file location2>
  This option is working fine if both the file locations are hard coded. But both these locations are configured in 2 separate profile options and the filepath would change from once Oracle instance to another.
  We are looking for solutions where we can pass the profile option value to this printer driver instead of hardcoding it in the argument.
  Also, please suggest any other solution to move the output files to a different location.
  Please note that our client is on Oracle On-Demand environment (apps – 11.5.10) and hence a shell script cannot be used for this.
  Thanks,
  Kiranmayi.

  Hello Mark,
  I can't support the netopia router/modem, but I would think there should be an admin guide for the configuration. If it is a modem/router and you said there is rules for allowing or blocking services, which sounds like access list you should be able to create a rule for the client you want to block on the modem/router to prevent it from talking to the internet.
  If you want to insure no outside security threats can make it to the computer staticly assign an IP address but don't give it a default gateway address. The client will not be able to talk to any other network but its own. It sounds like you only have one vlan or a flat network so this should work, but if you need to be able to have this computer in the future talk to other networks internally then it isn't a viable solution. Blocking at the modem/router would be the only solution.
  The SG300-08 Switch you could setup an ACL to block that client from talking to the modem/router, but the potential for causing valid traffic from being blocked in your own network grows.
  To create this rule you would first
  go to Access Control
  Create a MAC Base ACL (give it a meaning full name)
  Create 2 a MAC BASE ACE
  Rule 1
  Priority 10
  Action Deny
  Destination Any
  Source User Defined
  MAC address of client wanting to be blocked
  Apply
  Rule 2
  Priority 20
  Action Permit
  Destination Any
  Source Any
  Apply
  Bind the ACL to a port
  Make sure to only bind the ACL to the port that connects to the router/modem.
  Cisco Small Business Support Center
  Randy Manthey
  CCNA, CCNA - Security

• Need help with configuring setup cost as variable based on quantity

  Hello,
  I am brand new to PP and my client has inquiry as to how they can make the setup costs variable based on the production quantity. They already have the machine and labor working correctly, so I compared the formulas for machine and labor time with that of the formula for setup time and they are not the same (in fact, setup time does not have any formula). Do I simply need to create a formula for this or are there multiple other steps? If anyone can give instruction on how to set this up it would be of great help.
  Thanks,
  MH

  Check in the Work Center, tab Costing where Setup Time should have a formula using operation quantity / base quantity as ratio.
  Setup time should be included as parameter in the standard value key.
  The formula in the Capacity Tab would have only effect on the capacity evaluation, but no costs impact.
  Edited by: Dario on Feb 2, 2011 7:04 PM

• Need help with configuration

  I'm new to Cisco and we just took over a client with an ASA 5505 I need to do 2 things first
  I  need to know how to open or forward ports to an internal IP address   they want me to open ports 3389 and 1433 to an internal address   192.168.192.52
  but only from       207.235.73.64 and 255.255.255.192
                                40.143.46.64 and 255.255.255.192
  o      and
        66.192.91.128 and 255.255.255.192
        40.143.28.64 and 255.255.255.192
  And  second Id link to getb the ASDM downlaoded and working as I;ve used  that before in other offices and it helps me out as a non cisco expert. I  try going to the device IP in a browser 192.168.192.1/admin and just  get a prompt for username and password but it doesn;t take the one I  have. Here is the config on the device right now. Any help you guys can  point me to Id appreciate. 4 hours of Google research has gotten me no  where
  sho run
  : Saved
  ASA Version 7.2(3)
  hostname vmine
  domain-name mine
  enable password CyQcVKTj6CW8.Vsj encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.192.1 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address x.x.x.x 255.255.255.248
  interface Vlan3
  mac-address 001f.6ce3.bd99
  no forward interface Vlan1
  nameif guest
  security-level 10
  ip address 205.10.2.1 255.255.255.0
  interface Ethernet0/0
  description Internet-Connection
  switchport access vlan 2
  interface Ethernet0/1
  description Connection to Inside Network
  speed 100
  duplex full
  interface Ethernet0/2
  shutdown
  interface Ethernet0/3
  switchport access vlan 2
  interface Ethernet0/4
  switchport access vlan 3
  interface Ethernet0/5
  description Connection to Public Network
  switchport access vlan 3
  speed 100
  duplex full
  interface Ethernet0/6
  shutdown
  interface Ethernet0/7
  shutdown
  passwd CyQcVKTj6CW8.Vsj encrypted
  ftp mode passive
  dns server-group DefaultDNS
  domain-name domain
  access-list guest extended permit icmp any any
  access-list guest extended permit ip any any
  access-list inside extended permit icmp any any
  access-list inside extended permit ip any any
  access-list outside extended permit icmp any any echo-reply
  access-list outside extended permit tcp any any eq 8440
  access-list nonat extended permit ip 192.168.192.0 255.255.255.0 192.168.252.0 255.255.255.0
  access-list outside-in extended permit tcp any any eq https
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  access-list outside-in extended permit tcp host x.x.x.x any eq 1433
  pager lines 24
  logging enable
  logging buffer-size 16384
  logging buffered informational
  mtu inside 1500
  mtu outside 1500
  mtu guest 1500
  ip local pool vpn-ip 192.168.252.1-192.168.252.
  10
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 x.x.x.x
  global (outside) 2 x.x.x.x
  nat (inside) 0 access-list nonat
  nat (inside) 1 192.168.192.0 255.255.255.0
  nat (guest) 2 205.10.2.0 255.255.255.0
  static (inside,outside) tcp interface www 192.168.192.170 www netmask 255.255.255.255
  static (inside,outside) tcp interface https 192.168.192.170 https netmask 255.255.255.255
  static (inside,outside) x.x.x.x 192.168.192.52 netmask 255.255.255.255
  access-group inside in interface inside
  access-group outside-in in interface outside
  access-group guest in interface guest
  route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout uauth 0:05:00 absolute
  http server enable
  http 0.0.0.0 0.0.0.0 inside
  http 192.168.192.0 255.255.255.0 inside
  snmp-server host inside 192.168.192.10 poll community ciscosnmp
  snmp-server location PIX
  no snmp-server contact
  snmp-server community ciscosnmp
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  snmp-server enable traps syslog
  crypto ipsec transform-set DES-MD5 esp-des esp-md5-hmac
  crypto dynamic-map dynvpn 10 set transform-set DES-MD5
  crypto map vpn 65535 ipsec-isakmp dynamic dynvpn
  crypto map vpn interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash md5
  group 2
  lifetime 28800
  crypto isakmp nat-traversal  20
  telnet timeout 5
  ssh 0.0.0.0 0.0.0.0 inside
  ssh 0.0.0.0 0.0.0.0 outside
  ssh timeout 30
  console timeout 0
  dhcpd dns 209.253.113.10 209.253.113.18
  dhcpd address 205.10.2.10-205.10.2.99 guest
  dhcpd dns 209.253.113.10 209.253.113.18 interface guest
  dhcpd enable guest
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect netbios
    inspect rsh
    inspect rtsp
    inspect skinny
    inspect esmtp
    inspect sqlnet
    inspect sunrpc
    inspect tftp
    inspect sip
    inspect xdmcp
    inspect ipsec-pass-thru
  service-policy global_policy global
  group-policy RA-VPN internal
  group-policy RA-VPN attributes
  split-tunnel-policy tunnelspecified
  split-tunnel-network-list value nonat
  username VMRemote password .RSNgq92vZTSELWV encrypted
  username VMRemote attributes
  vpn-group-policy RA-VPN
  username VMVPN password jSqp8CjjxHhRa6jk encrypted
  username kernels password jDS98nJtthzlEvw5 encrypted
  tunnel-group VMVPN type ipsec-ra
  tunnel-group VMVPN general-attributes
  address-pool vpn-ip
  tunnel-group VMVPN ipsec-attributes
  pre-shared-key *
  prompt hostname context
  Cryptochecksum:52c3d65fc1111c561b1598cc341dc6d5
  : end

  Hi,
  As per your 1st query , I think he Static NAT should work fine.
  To restrict the access from the outside only for certain IP , you can use Source Based ACL:-
  access-list outside-in extended permit tcp 207.235.73.64 255.255.255.192 host x.x.x.x eq 3389
  access-list outside-in extended permit tcp 40.143.46.64 255.255.255.192 host x.x.x.x eq 3389
  access-list outside-in extended permit tcp 66.192.91.128 255.255.255.192 host x.x.x.x eq 3389
  access-list outside-in extended permit tcp 40.143.28.64 255.255.255.192 host x.x.x.x eq 3389
  access-list outside-in extended permit tcp 207.235.73.64 255.255.255.192 host x.x.x.x eq 1433
  access-list outside-in extended permit tcp 40.143.46.64 255.255.255.192 host x.x.x.x eq 1433
  access-list outside-in extended permit tcp 66.192.91.128 255.255.255.192 host x.x.x.x eq 1433
  access-list outside-in extended permit tcp 40.143.28.64 255.255.255.192 host x.x.x.x eq 1433
  If you would like to use the LOCAL username and Passowrd on the ASA:-
  aaa authentication http console LOCAL
  Thanks and Regards,
  Vibhor

• Need help with ASA config to set up proxy on DMZ

  Hello guys,
  I have a problem, I´m trying to configure an ASA as shown in the attached scenario.
  I need that all inside users to go to the proxy server on DMZ and from there they will go out to the internet.
  Right now i have:
  INSIDE INTERFACE
  Access-list inside permit ip 10.1.1.0 255.255.255.0 host 11.1.1.6
  DMZ INTERFACE
  Access-list dmz permit ip host 11.1.1.6 any
  OUTSIDE INTERFACE
  Access-list outside permit ip any host <proxy server public ip>
  REGARDING NAT I HAVE THE FOLLOWING:
  Static (dmz,outside) <proxy server public> 11.1.1.6 netmask 255.255.255.255
  My question would be if it would work with this configuration? Do i need to apply Nat on my inside hosts?  Would all my inside hosts when reached the ASA will be send to the proxy and then through the proxy it will send them back to the ASA and then to the internet??
  Thanks,
  Tony

  Hello Jennifer,
  Thanks for your response. So basically i will need to add a static to allow trafic from inside to dmz without being natted. I don't know what proxy server it will be, the server would be managed by another party, but in my inside hosts i will need to set all the parameters to point to the proxy, once this done trafic will go out through the proxy server to the dmz interface of the ASA and then to the outside world, is that correct?
  Do you think this configuration would work???
  Outside = security 0
  Inside = security 100
  DMZ = security 50
  static (dmz,outside) 11.1.1.6 netmask 255.255.255.255
  static (inside,dmz) 10.1.1.0 10.1.1.0 netmask 255.255.255.0
  access-list inside permit tcp 10.1.1.0 255.255.255.0 any
  access-list dmz permit ip host 11.1.1.6 any
  access-group inside in interface inside
  access-group dmz in interface dmz
  Basically with this configuration my web request will go to the proxy on the DMZ and then from there it will go out to the internet??
  Thanks

• Need help with 4-5 camera set up for audio/video podcast

  Hey guys. I'm overseeing the podcast/audiobook studio construction for my company's new entertainment venture. It will ultimately be my job to produce the podcasts and audiobooks. The catch is that they also want to film the podcasts as well. I'm trying to find the most affordable set up that makes the editing/conversion process easiest for me on FCPX.
  As you'll see I'm a bit all over the place. The essentials for what I'm looking for is
  1) The right Camcorder
  2) The most efficient way to record, edit and sync audio
  What is the most affordable camcorder to use that works really well with FCPX? I've been hearing rumors that some aren't compatable and require a tedious conversion process. The Kodak Zi8 seems perfect because it shoots in 1080p and has a mic input, but I'm not sure if it works well with FCPX. Now, I don't know if the mic input is necessary. I was thinking the easiest way to automatically sync audio is by plugging the 4 mics into the camera's mic input and record that way. That should sync everything up automatically right? I also watched a tutorial on the multicam editing option in Final Cut and that seems perfect for this project. Do I need a mic input if I use this method? It seems like the syncing is super easy with the built in camera audio and the podcast audio files together.
  I also would like to be able to record directly into the computer but don't know if that's possible. The process of taking 4-5 SD cards and uploading it after each shoot that way seems super tedious. I'm not sure if there is way to do that.
  Another option would be for us to buy a video switcher but all the options seem so expensive. Anybody know of good hardware that'd work? That way I could edit on the go and if we want to make this a live ustream we can do so. I was also thinking about switcher software and using MIDI. Not sure if that is possible either.

  Lets ignore whether you should be doing this, but, if they are requesting that you do it, have at it.
  Although, the simplicity of this is mind boggling, for them not to do it...ah well, you're donating for a non profit, they are probably the cheapest game in town, and lost the sole employee who could scratch their backside...
  Choice one, I dont recommend this one - File > Print booklet, 2 up saddle stitch. Flip back and forth using the Print Settings button at the bottom to orient the page layout and set paper size. Set the printer as Adobe PDF. Keep checking the Preview in the main Print Booklet dialog, I had to set a page range of 39 pages in a 40 page book for this to work last week.
  Choice two - If you have set a 44 page document with bleeds, export to pdf, toggle "Use ducument bleeds", no crops. Place those reulting pdf's in a new 11 x 17, landscape doc, with appropriate bleeds. How you defined the bleeds in the 44 page document dictates how much fiddling you will have to do at the center (fold line) of the new 11 x 17 "imposed" document. (If your 44 page was not set as facing pages, you might have defind inside bleed to zero. If it was not set as a facing pages document, it references top, bottom, left and right bleeds) (The use of pdf for this is not necessary, you could just as easily place pages from the original InDesign file as pdf's) Setting a blue line/guide line at the center would help to crop in bleeding frames.
  All above seems too simple, you are only needing to impose pages 22-23 for these steps btw.
  @Scott Falkner - I knew I was being to wordy.

• Need help with configuring for WindowsXP

  I'm running through the J2EE tutorial right now and I encountered a problem in Chapter 3. The problem came from setting up the database for Duke's Book Store. I am supposed to run the command asant create-db_common. I get the message:
  BUILD FAILED
  file:C:/j2eetutorial14/examples/common/targets.xml:21: C:\pointbase\lib not found.
  The directory that it really wants is C:\Sun\AppServer\pointbase\lib
  Is there an environment variable that I need to set in Windows?
  Is there somewhere else that I need to set the asant file to search out the Sun/AppServer directory?
  Thanks

  Did you set the j2ee.home property in common\build.properties correctly? In the futrure please search the forum before posting a question, I believe this question has been posted a few times. If the previous posts don't help then by all means feel free to post again.

• Need help with configure script for audacious plugin

  Hello. I have written a small plugin for audacious, that uses an Amarok script to retrieve song lyrics and displays them in a window. I'd like to make an AUR package of it, but I don't even know how to write a configure script. I used to compile it with audacious-plugins, but I suppose a package with all audacious plugins plus my own would be sort of a duplicate of the vanilla audacious-plugins.
  Can anyone help me?

  btn1.addEventListener(MouseEvent.CLICK,f1):
  function f1(e:MouseEvent){
  nextFrame();
  btn2.addEventListener(MouseEvent.CLICK,f2):
  function f2(e:MouseEvent){
  prevFrame();

• Need help with configuring web root and root url URL

  Hello Folks,
  I have been trying for a while to the flex 4 tutorial which asks you to connect to a mysql database. I have been able to configure the DB but cannot figure out what my web root and root url should be. Is there a web service that needs to be deployed or started. Would it be the IP address of the database that I created ( I tried that ) . I get the idea that an apache service must be started somehow on my flex environment and then I must find the root of the apache server. I dont see an apache directory anywhere. I am finding this difficult to know where to begin.

  Hi,
  First you need to be running a web server on your computer something like wamp/mamp is usually the better choice as most people have had the best success with this server setup(and it has all the current services like php and myssql)
  When you use the wizard the path to your webroot is usually whre you located the wamp/mamp install, for windows it maybe something like c:\wamp\www not 100% sure about macs but I think the 'www' folder on a mac is 'htdocs'.
  your url is either http://localhost or http://127.0.0.1.
  David.

• Need help with my MX98715 NIC setting

  Hi,
  I had trouble with my MX98715 NIC. My question is, how can I change the transceiver capablities of my MX98715-based Ethernet Adapter from adv_autoneg_cap to adv_10hdx_cap&#65311;
  I tried to change everything including system file or use the ndd command, but it takes no effects.
  I changed the /etc/system file by adding:
  set hme:hme_adv_autoneg_cap=0
  set hme:hme_adv_10hdx_cap=1
  set mxfe0:mxfe0_adv_autoneg_cap=0
  set mxfe0:mxfe0_adv_10hdx_cap=1
  Then I reboot my system, but the Solaris 10 still auto negotiates it with the 100Mbps full duplex.
  What's wrong with it?

  I had solve this problem by use the driver from Masayuki Murayama.
  I think the tu-2.2.0 is the suitable driver for MX98715 and etc.

• Need help with hard-wiring speaker set-up

  Heres what I am trying to do:
  I have a pair of nice old-fashioned speakers. Old-fashioned meaning that there are two wires coming out of each, stereo sound. The ends of the wires are just metal strands, well, you know, they have been cut off. They originally had plugs at the end that could plug into normal sterio outputs. I cut them off because I wanted to use them for an old radio. But now I need speakers for my imach g5 and these will work if only I can connect the wires some how. So should I but plugs to go on the end? I need to pair the wires together, I am guessing? Any help would be much appreciated. This is quite urgent.
  I have made a little diagram of what I mean.
  [IMG]http://img250.imageshack.us/img250/795/speakersetup6wb.jpg[/IMG]

  You will need to put the plug ends back on the wires. I'm fairly sure that any attempt to solder the wires in "permanantly" would be dangerous to the computer. I am absolutely positive that any such attempt to wire them in, would void whatever warranty you may or may not have left.

• Need help with voiceover multiband compressor setting

  Hi there,
  I produce a national talk radio and TV program, and we often do voiceover for various commercials, spots, underwriting, etc. I've been running them through the "broadcast" preset in the multiband compressor, but have been told by a couple of people that it's too bassy and isn't sounding good on their end. While it sounds ok on my end, since this has been mentioned by several people, I'd like to change it.
  Is there a better multiband compressor preset either already in audition or that someone could tell me how to create that would sound better for what i'm trying to do?Again, from the ones that are already in the multiband compressor, broadcast is the closest to what i want, but isn't quite it...
  Best,
  David

  If the compressed sound itself is okay, then probably the easiest thing to do is to EQ the result, rather than play about with the compression. What you really need to do though is to get yourself a monitoring system that sounds the same as the one the clients are using!
  Generally when people produce bass-heavy sound, it's because they are monitoring on something woefully small, with no real bass response. So you produce sound that sounds okay on your computer monitors, or whatever and inevitably the file sounds bass-heavy on a more neutral system.
  None of us here could tell you what would be better settings, or what EQ to use, simply because we haven't heard any of the offending sound. If you post a sample, we could at least listen to it on a neutral system (I have 3!) and tell you what we think might improve it.

• Need help with configuring QoS

  Hello,
  We are in the process of implementing MPLS for our WAN links so that we can run VoIP between 9 locations in the USA and I have lots of questions regarding how to configure QoS.
  We have a dedicated E1 connection to our headquarters in Germany. This location houses all of our SAP servers.
  In each location in the US, we will be using Avaya IP telephones and media gateways for voice communications. We also have some Polycom units in the field for video confererncing.
  How would I begin to configure QoS for these network connections.
  I was planning on using IP precedence or DSCP for marking the traffic and prioritizing as follows.
  Highest Priority: Voice and video
  2nd Highest: SAP and Oracle traffic
  Default priority: Lotus notes, www access
  Here are some questions that I have:
  1- For voice/video, which DSCP values or IP precedence values do I use?
  2- How do I assign voice/video to the LLQ queue?
  3- For SAP, what is the best way to mark the SAP traffic? From my understanding, SAP uses a variety of ports.
  4- For SAP and Oracle, should I use the CBWFQ queus? Is that preferable over other queues for this traffic?
  5- Should I make another classification of traffic for things like signaling for Voice and TFTP/FTP?
  6- If so for #5, what IP precedence/DSCP value(s) should I use and which queuing mechanism should I use?
  Thanks for the help in advance. At this point, you can probably tell that I am a newbie to QoS.
  Pete

  I can answer a few since i have a ton of avaya ip phones deployed.
  1)personally i leave both bearer and signaling in same queue at 46 (Diffserv) and 5 (COS) Video would be 40/4.
  2)sample config:
  class-map match-all voip-fr
  match ip dscp 46 (all traffic that have DSCP 46)
  class-map match-all vovid-fr
  match ip dscp 40(all traffic that have DSCP 40)
  policy-map llq
  class voip-fr
  priority 100 (Reserve 100Kbps priority bw for DSCP 46)
  class vovid-fr
  bandwidth 300 (Reserve 300Kbps non-priority bw for DSCP 40)
  class class-default
  fair-queue
  Serial Interface 0/0
  service-policy output llq (Apply policy map to voice and signaling
  traffic)
  5) nope. leave tftp and data in the default queue
  Also, since you are deploying Avaya IPT make sure you look at this document. great document i used.
  http://support.avaya.com/elmodocs2/comm_mgr/r3_1/pdfs/245600_4_2.pdf