OPC Tunneller

Any issues with Matrikon OPC Tunneller and Labview DSC?
Here is the answer I got from Matrikon, just want to hear if there is any experience here.
Hi Bob
Tunneller has no known issues with LabView OPC client. Tunneller tends to need very little configuration (in fact, only the IP address is needed) in order to work correctly. If you run into anything during the installation or configuration please let us know and we can assist further.
Regards,
Justin Smalley
MatrikonOPC Support Specialist
North America Toll-Free:
Solved!
Go to Solution.

I went to site the next day after posting this and tested the Tunneller client with the site system.  I had talked to the IT people prior to leaving and as long as you know all the right settings it makes using OPC clients in DSC very easy when a firewall is in place.
Once the Tunneller is open, the OPC server of interest appears on your local machine when browsing from your LabView project. 

Similar Messages

  • Problem to connect with OPC Server opc.sinumerik.machineswitch using DS_Open

    Hi,
    I want to connect to an Siemens OPC server type opc.sinumerik.machineswitch using DS_Open calls (CVI 6.0) to read few tags. Running my client software (as well as the NI- sample test client) locally on the same computer as the server the connection works and I can access the tags.
    Running the client-software on a remote PC then the DS_Open call "hangs-up" (not even an error message). All the DCOM settings etc should be ok, since I can access the tags using the Siemens Client OPC-Scout as test client.
    I have used the same calls in several previous applications and it works with other servers (Bachmann, WinCC), so I am pretty sure that I use the correct URLS etc.
    What can be the reason for a specific incompatibility?
    Any idea is highly appreciated.
    Cheers,
    Ronald

    Hi Roland,
    as experience shows, Remote DataSocket is hard to implement.
    The best way to implement this communication is the following:
    First of all, check the DCOM -Settings
    Using OPC via DCOM with Windows XP
    http://www.opcfoundation.org/DownloadFile.aspx?RI=326
    Use the “NI-OPC Server” to create a tunnel between the Siemens OPC server and your PC.
    Install the NI-OPC Server on your PC and use the “OPC DA Client Driver” to access the tags on the Siemens OPC server.
    After that you can access the created tags in the NI-OPC Server with CVI and DataSocket.
    Please download the NI OPC Servers Evaluation-Version to test communication.
    NI OPC Servers
    http://sine.ni.com/nips/cds/view/p/lang/en/nid/209059
    Download NI OPC Servers Evaluation
    https://lumen.ni.com/nicif/us/evalopc/content.xhtml
    Regards
    Ulrich

  • OPC URL features

    Hello
    Can any one please explain this OPC URL (what each part mean?)
    opc://localhost/Tunneller:ric841x1si.da.1\\\ric841x1\66TI1450
    I do not understand these parts “Tunneller:ric841x1si.da.1” and “\\\ric841x1\66TI1450”
    Please let we know if there is a link for more advance tricks for OPC URL
    I am getting this error:
    1/22/2007        10:41:34 AM   Err Code:         -1967259646   SourceataSocket Connect.vi
    Error: Parsing URL.<ERR>      Addtl Txt: Multiple OPC Items Monitor
    Let me know if you know what error is this
    Thank you
    Amit

    Hello Doug
    First of all, thank you for your information on OPC URL.
    Actually, this is first time I am using OPC with LabView, and I am looking older application which has OPC URL. I wanted to understand how OPC URL address works.
    By reading some document I understand some part of the URL but not fully.
    You have explained very clearly what I am looking for.
    "Tunneller:ric841x1.osi.da.1" is the name of the OPC server ( I am confuse with colon ‘:’ and point ‘.’)
    “ric841x1" is most likely a folder within this particular process for organizational purposes
    "66TI1450" would be an individual register or data item
    Again great help, thank you for that.
    Amit

  • IP Phone SSL VPN and Split tunneling

    Hi Team,
    I went throught the following document which is very useful:
    https://supportforums.cisco.com/docs/DOC-9124
    The only things i'm not sure about split-tunneling point:
    Group-policy must not be configured with split tunnel or split exclude.  Only tunnel all is the supported tunneling policy
    I could see many implementation when they used split-tunneling, like one of my customer:
    group-policy GroupPolicy1 internal
    group-policy GroupPolicy1 attributes
    banner value This system is only for Authorized users.
    dns-server value 10.64.10.13 10.64.10.14
    vpn-tunnel-protocol ssl-client
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value split-tunnel
    default-domain value prod.mobily.lan
    address-pools value SSLClientPool
    webvpn
      anyconnect keep-installer installed
      anyconnect ssl rekey time 30
      anyconnect ssl rekey method ssl
      anyconnect ask none default anyconnect
    username manager-max password XTEsn4mfYvPwC5af encrypted privilege 15
    username manager-max attributes
    vpn-group-policy GroupPolicy1
    tunnel-group PhoneVPN type remote-access
    tunnel-group PhoneVPN general-attributes
    address-pool SSLClientPool
    authentication-server-group AD
    default-group-policy GroupPolicy1
    tunnel-group PhoneVPN webvpn-attributes
    group-url https://84.23.107.10 enable
    ip local pool SSLClientPool 10.200.18.1-10.200.18.254 mask 255.255.254.0
    access-list split-tunnel remark split-tunnel network list
    access-list split-tunnel standard permit 10.0.0.0 255.0.0.0
    It is working for them w/o any issue.
    My question would be
    - is the limitation about split-tunneling still valid? If yes, why it is not recommended?
    Thanks!
    Eva

    Hi,
    If you're not using certificates in client authentication then the SSL handshake will complete before the user is requested to authenticate with username/password.  If this authentication request fails you will see the SSL session terminated immediately following this failure (as in the logs you provided).  Notice the 5 seconds between the SSL session establishment and termination, this is most likely when the user is being authenticated against the aaa server.  If the phone is failing authentication against an external aaa-server you'll want to investigate the logs on that server to determine the root cause of the failure.  The ASA can also provide confirmation of the authentication request/reject with the command 'show aaa-server'.  If you want to see what's going on at an authentication protocol level you can enable several debugs including "debug aaa authentication|common|internal' and protocol specific debugs such as 'debug radius user|session|all' or 'debug ldap'.
    Did this answer your question? If so, please mark it Answered!

  • IPSec tunnel on sub-interface on ASA 5510

    Hello All,
    I working on a security solution using ASA firewall and need some technical advice on ASA. Is it possible to setup a IPSec tunnels  on each subinterface of a physical interface on ASA 5510?
    I would be greatul if someone please reply post this with some details.
    Regards,
    Muds

    Hi Jennifer,
    Thanks very much for your reply. I understand where you coming from, but the reason of using sub-interfaces is that, we have only one physical interface on the firewall connected to the MPLS cloud, and we need to setup a seperate IPSec tunnels for each client for security and integrity. In the current scenario, I have static peers and we can easily setup a static route to peer address.
    Many thanks for your assistance, please feel free to to advise if you have any other suggestion.
    Regards,
    Muds 

  • Unable to see logs while using split tunnel for RA

    hi everyone,
    I have config RA   VPN at my home lab using split tunnel.
    I can connect fine and able to browse the internet.
    When i go to internet sites i do not see logs generated on the VPN ASA?
    Need to understand whats the reason behind this?
    ASA1# sh conn all
    5 in use, 12 most used
    UDP outside  10.0.0.51:138 inside  10.0.0.255:138, idle 0:01:38, bytes 201, flags -
    TCP outside  192.168.98.2:49509 NP Identity Ifc  192.168.1.171:443, idle 0:00:07, bytes 1067370, flags UOB
    TCP outside  192.168.98.2:49507 NP Identity Ifc  192.168.1.171:443, idle 0:00:03, bytes 137779, flags UOB
    UDP outside  192.168.98.2:49903 NP Identity Ifc  192.168.1.171:500, idle 0:00:01, bytes 40927, flags -
    TCP outside  192.168.99.2:35902 NP Identity Ifc  192.168.1.171:22, idle 0:00:00, bytes 179887, flags UOB
    Where 192.168.98.2 is IP of PC.
    10.0.0.51 is IP assigned from VPN pool to PC.
    Regards
    Mahesh

    Hi Mahesh,
    You are using Split Tunnel VPN. This means that you have configured the VPN Client connection to only tunnel specific networks through the VPN Connection while its active. You have probably configured an ACL that contains your LAN network behind the ASA.
    This means that only traffic destined to that LAN network mentioned in the ACL reaches your ASA through the VPN Connection.
    The Internet traffic of the user or any traffic that is NOT destined to that network in the ACL will simply use the VPN Client users PCs local Internet connection or local network.
    This is the reason you are not seeing any of the Internet connections from the VPN Client on the ASA. The VPN Client connection is only configured to forward traffic to the LAN network and pass all other traffic past the VPN Connection through the users local network connection.
    If you were to configure Full Tunnel VPN for the user this would mean that ALL traffic would be forwarded from the VPN Client through the ASA and the ASA would control where that traffic would be forwarded and if that traffic would be allowed.
    If you want to look at the current configuration on the CLI you would first have to issue
    show run tunnel-group
    And find the connection that you are using at the moment. Then you would have to check what "group-policy" is configured under that "tunnel-group"
    Then you could issue the command
    show run group-policy
    This would list you the Group Policy configuration for the VPN connection and would show something like this under it
    split-tunnel-policy tunnelspecified
    split-tunnel-network-list value
    The above configuration would show you the ACL that the VPN Client configuration is using to tell the VPN Client what traffic to send through the VPN Connection.
    Hope this helps
    - Jouni

  • EZVPN public internet split tunnel with dialer interface

    I have a job on where I need to be able to use EZVPN with split tunnel but still have access to an external server from the corporate network as the external server will only accept connections from the corporate public IP address.
    So I have not only included the corporate C class in the interesting traffic but also the IP address of the external server.  
    So all good so far, traffic for the corporate network goes down the tunnel as well as the IP address for the external server.
    Now comes the problem, I am trying to send the public IP traffic for the external server out of the corporate network into the public internet but it just drops and does not get back out the same interface into the internet.
    I checked out this procedure and it did not help as the route map counters do not increase with my attempt to reach the external router.
    http://www.cisco.com/c/en/us/support/docs/security/vpn-client/71461-router-vpnclient-pi-stick.html 
    And to just test the process, I removed the split tunnel and just have everything going down the tunnel so I can test with any web site.  I also have a home server on the network that is reached so I can definitly reach into the network at home which is  the test for the corporate network I am trying to reach.
    Its a cisco 870 router and here is the config
    Router#sh run
    Building configuration...
    Current configuration : 4617 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname Router
    boot-start-marker
    boot-end-marker
    logging message-counter syslog
    enable secret 5 *************************
    enable password *************************
    aaa new-model
    aaa authentication login default local
    aaa authentication login ciscocp_vpn_xauth_ml_1 local
    aaa authorization exec default local 
    aaa authorization network ciscocp_vpn_group_ml_1 local 
    aaa session-id common
    dot11 syslog
    ip source-route
    ip dhcp excluded-address 192.168.1.1
    ip dhcp excluded-address 192.168.1.2
    ip dhcp excluded-address 192.168.1.3
    ip dhcp excluded-address 192.168.1.4
    ip dhcp excluded-address 192.168.1.5
    ip dhcp excluded-address 192.168.1.6
    ip dhcp excluded-address 192.168.1.7
    ip dhcp excluded-address 192.168.1.8
    ip dhcp excluded-address 192.168.1.9
    ip dhcp excluded-address 192.168.1.111
    ip dhcp pool myDhcp
       network 192.168.1.0 255.255.255.0
       dns-server 139.130.4.4 
       default-router 192.168.1.1 
    ip cef
    ip inspect name myfw http
    ip inspect name myfw https
    ip inspect name myfw pop3
    ip inspect name myfw esmtp
    ip inspect name myfw imap
    ip inspect name myfw ssh
    ip inspect name myfw dns
    ip inspect name myfw ftp
    ip inspect name myfw icmp
    ip inspect name myfw h323
    ip inspect name myfw udp
    ip inspect name myfw realaudio
    ip inspect name myfw tftp
    ip inspect name myfw vdolive
    ip inspect name myfw streamworks
    ip inspect name myfw rcmd
    ip inspect name myfw isakmp
    ip inspect name myfw tcp
    ip name-server 139.130.4.4
    username ************************* privilege 15 password 0 *************************
    crypto isakmp policy 1
     encr 3des
     authentication pre-share
     group 2
    crypto isakmp client configuration group HomeFull
     key *************************
     dns 8.8.8.8 8.8.8.4
     pool SDM_POOL_1
     include-local-lan
     netmask 255.255.255.0
    crypto isakmp profile ciscocp-ike-profile-1
       match identity group HomeFull
       client authentication list ciscocp_vpn_xauth_ml_1
       isakmp authorization list ciscocp_vpn_group_ml_1
       client configuration address respond
       virtual-template 3
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
    crypto ipsec profile CiscoCP_Profile1
     set security-association idle-time 1740
     set transform-set ESP-3DES-SHA 
     set isakmp-profile ciscocp-ike-profile-1
    crypto ctcp port 10000 
    archive
     log config
      hidekeys
    interface Loopback10
     ip address 10.0.0.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly
    interface ATM0
     no ip address
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip flow ingress
     no atm ilmi-keepalive
    interface ATM0.1 point-to-point
     description TimsInternet
     ip flow ingress
     ip policy route-map VPN-Client
     pvc 8/35 
      encapsulation aal5mux ppp dialer
      dialer pool-member 3
    interface FastEthernet0
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    interface Virtual-Template3 type tunnel
     ip unnumbered Dialer3
     tunnel mode ipsec ipv4
     tunnel protection ipsec profile CiscoCP_Profile1
    interface Vlan1
     ip address 192.168.1.1 255.255.255.0
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip inspect myfw in
     ip nat inside
     ip virtual-reassembly
     no ip route-cache cef
     no ip route-cache
     ip tcp adjust-mss 1372
     no ip mroute-cache
     hold-queue 100 out
    interface Dialer0
     no ip address
    interface Dialer3
     ip address negotiated
     ip access-group blockall in
     no ip redirects
     no ip unreachables
     no ip proxy-arp
     ip mtu 1492
     ip flow ingress
     ip nat outside
     ip virtual-reassembly
     encapsulation ppp
     ip tcp header-compression
     ip policy route-map VPN-Client
     no ip mroute-cache
     dialer pool 3
     dialer-group 1
     no cdp enable
     ppp chap hostname *************************@direct.telstra.net
     ppp chap password 0 *************************
    ip local pool SDM_POOL_1 10.0.0.10 10.0.0.100
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer3
    ip http server
    ip http authentication local
    no ip http secure-server
    ip nat inside source list 101 interface Dialer3 overload
    ip access-list extended VPN-OUT
     permit ip 10.0.0.0 0.0.0.255 any
    ip access-list extended blockall
     remark CCP_ACL Category=17
     permit udp any any eq non500-isakmp
     permit udp any any eq isakmp
     permit esp any any
     permit ahp any any
     permit tcp any any eq 10000
     deny   ip any any
    access-list 101 permit ip 192.168.1.0 0.0.0.255 any
    access-list 101 permit ip 10.0.0.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    route-map VPN-Client permit 10
     match ip address VPN-OUT
     set ip next-hop 10.0.0.2
    control-plane
    line con 0
     no modem enable
    line aux 0
    line vty 0 4
     password cisco
    scheduler max-task-time 5000
    end
    Router#exit
    Connection closed by foreign host.

    Thanks for the response.
    Not sure how that would help as I can connect into the internal network just fine, but I want to hairpin back out the interface and surf the internet from the VPN client.  The policy route map makes the L10 the next hop and it has NAT.

  • How to read enumerated values from an OPC server via Datasocket

    Hi Labviewers,
    I am using LV8.2 and I am trying to find if it is possible to read enumerations from an OPC server via Datasocket, not just the values.
    I can successfully read a value for an OPC server via Datasocket and I get a value for example 3, is it possible to get the enumeration/string that corresponds to this value i.e. "Open".
    Many thanks in advance
    Dimitris

    Hi Sarah,
    With the input type as variant I get the following response:
    1                                     <-This is the current numeric value of the parameter
    4 Attribute(s):
       'Quality' -> 192
       'TimeHigh' -> 29861723
       'TimeLow' -> -665408304
       'Timestamp' -> 39.238E+3
    With the Input set to         Enum constant I get no values or strings coming back. With the Input set to                Ring constant I just get the numeric value   
    Dimitris   

  • Cisco ASA 5505 - IPsec Tunnel issue

    Issue with IPsec Child SA
    Hi,
    I have a site to site VPN tunnel setup with a Cisco ASA5505 and a Checkpoint Firewall. The version of software is 9.22. I am using IKEv2 for Phase 1 encryption. The following is my cisco asa configuration:
    hostname GARPR-COM1-WF01
    xlate per-session deny tcp any4 any4
    xlate per-session deny tcp any4 any6
    xlate per-session deny tcp any6 any4
    xlate per-session deny tcp any6 any6
    xlate per-session deny udp any4 any4 eq domain
    xlate per-session deny udp any4 any6 eq domain
    xlate per-session deny udp any6 any4 eq domain
    xlate per-session deny udp any6 any6 eq domain
    names
    interface Ethernet0/0
     description Failover Link
     switchport access vlan 950
    interface Ethernet0/1
     description Outside FW Link
     switchport access vlan 999
    interface Ethernet0/2
     description Inside FW Link
     switchport access vlan 998
    interface Ethernet0/3
     description Management Link
     switchport access vlan 6
    interface Ethernet0/4
     shutdown
    interface Ethernet0/5
     shutdown
    interface Ethernet0/6
     shutdown
    interface Ethernet0/7
     shutdown
    interface Vlan1
     no nameif
     no security-level
     no ip address
    interface Vlan6
     nameif management
     security-level 100
     ip address 10.65.1.20 255.255.255.240
    interface Vlan950
     description LAN Failover Interface
    interface Vlan998
     nameif inside
     security-level 100
     ip address 10.65.1.5 255.255.255.252
    interface Vlan999
     nameif outside
     security-level 0
     ip address ************* 255.255.255.248
    boot system disk0:/asa922-4-k8.bin
    ftp mode passive
    dns server-group DefaultDNS
     domain-name ***************
    object network North_American_LAN
     subnet 10.73.0.0 255.255.0.0
     description North American LAN
    object network Queretaro_LAN
     subnet 10.74.0.0 255.255.0.0
     description Queretaro_LAN
    object network Tor_LAN
     subnet 10.75.0.0 255.255.0.0
     description Tor LAN
    object network Mor_LAN
     subnet 10.76.0.0 255.255.0.0
     description Mor LAN
    object network Tus_LAN
     subnet 10.79.128.0 255.255.128.0
     description North American LAN
    object network Mtl_LAN
     subnet 10.88.0.0 255.255.0.0
     description Mtl LAN
    object network Wic_LAN
     subnet 10.90.0.0 255.254.0.0
     description Wic LAN
    object network Wic_LAN_172
     subnet 172.18.0.0 255.255.0.0
     description Wic Servers/Legacy Client LAN
    object network Mtl_LAN_172
     subnet 172.19.0.0 255.255.0.0
     description Mtl Servers/Legacy Client LAN
    object network Tor_LAN_172
     subnet 172.20.0.0 255.255.0.0
     description Tor Servers/Legacy Client LAN
    object network Bridge_LAN_172
     subnet 172.23.0.0 255.255.0.0
     description Bridge Servers/Legacy Client LAN
    object network Mtl_WLAN
     subnet 10.114.0.0 255.255.0.0
     description Mtl Wireless LAN
    object network Bel_WLAN
     subnet 10.115.0.0 255.255.0.0
     description Bel Wireless LAN
    object network Wic_WLAN
     subnet 10.116.0.0 255.255.0.0
     description Wic Wireless LAN
    object network Mtl_Infrastructure_10
     subnet 10.96.0.0 255.255.0.0
     description Mtl Infrastructre LAN
    object network BA_Small_Site_Blocks
     subnet 10.68.0.0 255.255.0.0
     description BA Small Sites Blocks
    object network Bel_LAN
     subnet 10.92.0.0 255.255.0.0
     description Bel LAN 10 Network
    object network LAN_172
     subnet 172.25.0.0 255.255.0.0
     description  LAN 172 Network
    object network Gar_LAN
     subnet 10.65.1.0 255.255.255.0
     description Gar LAN
    object network garpr-com1-wf01.net.aero.bombardier.net
     host **************
     description Garching Firewall
    object-group network BA_Sites
     description Internal Networks
     network-object object BA_Small_Site_Blocks
     network-object object Bel_LAN
     network-object object Bel_LAN_172
     network-object object Bel_WLAN
     network-object object Bridge_LAN_172
     network-object object Mtl_Infrastructure_10
     network-object object Mtl_LAN
     network-object object Mtl_LAN_172
     network-object object Mtl_WLAN
     network-object object Mor_LAN
     network-object object North_American_LAN
     network-object object Queretaro_LAN
     network-object object Tor_LAN
     network-object object Tor_LAN_172
     network-object object Tus_LAN
     network-object object Wic_LAN
     network-object object Wic_LAN_172
     network-object object Wic_WLAN
    access-list 101 extended permit ip object garpr-com1-wf01.net.aero.bombardier.net object Bel_LAN_172
    access-list 101 extended permit ip object Garching_LAN object-group BA_Sites
    pager lines 24
    logging enable
    logging timestamp
    logging buffered warnings
    logging trap informational
    logging asdm informational
    logging host outside 172.25.5.102
    mtu management 1500
    mtu inside 1500
    mtu outside 1500
    failover
    failover lan unit primary
    failover lan interface Failover_Link Vlan950
    failover polltime interface msec 500 holdtime 5
    failover key *****
    failover interface ip Failover_Link 192.168.124.1 255.255.255.0 standby 192.168.124.2
    icmp unreachable rate-limit 1 burst-size 1
    asdm image disk0:/asdm-731-101.bin
    asdm history enable
    arp timeout 14400
    no arp permit-nonconnected
    nat (inside,outside) source static Gar_LAN Gar_LAN destination static BA_Sites BA_Sites no-proxy-arp route-lookup
    route outside 0.0.0.0 0.0.0.0 ************* 1
    route inside 10.65.1.0 255.255.255.255 10.65.1.6 1
    route inside 10.65.1.16 255.255.255.240 10.65.1.6 1
    route inside 10.65.1.32 255.255.255.240 10.65.1.6 1
    route inside 10.65.1.48 255.255.255.240 10.65.1.6 1
    route inside 10.65.1.64 255.255.255.240 10.65.1.6 1
    route inside 10.65.1.128 255.255.255.128 10.65.1.6 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa-server TACACS+ protocol tacacs+
    aaa-server RADIUS protocol radius
    user-identity default-domain LOCAL
    aaa authentication ssh console LOCAL
    aaa authentication telnet console LOCAL
    http server enable
    http 10.65.1.0 255.255.255.0 inside
    http 172.25.5.0 255.255.255.0 inside
    http 10.65.1.21 255.255.255.255 management
    snmp-server host inside 172.25.49.0 community ***** udp-port 161
    snmp-server host outside 172.25.49.0 community *****
    snmp-server host inside 172.25.5.101 community ***** udp-port 161
    snmp-server host outside 172.25.5.101 community *****
    snmp-server host inside 172.25.81.88 poll community *****
    snmp-server host outside 172.25.81.88 poll community *****
    snmp-server location:
    snmp-server contact
    snmp-server community *****
    snmp-server enable traps syslog
    crypto ipsec ikev2 ipsec-proposal aes256
     protocol esp encryption aes-256
     protocol esp integrity sha-1
    crypto ipsec security-association lifetime seconds 3600
    crypto ipsec security-association pmtu-aging infinite
    crypto map GARCH 10 match address 101
    crypto map GARCH 10 set pfs group19
    crypto map GARCH 10 set peer *******************
    crypto map GARCH 10 set ikev2 ipsec-proposal aes256
    crypto map GARCH 10 set security-association lifetime seconds 3600
    crypto map GARCH interface outside
    crypto ca trustpool policy
    no crypto isakmp nat-traversal
    crypto ikev2 policy 10
     encryption aes-256
     integrity sha256
     group 19
     prf sha256
     lifetime seconds 86400
    crypto ikev2 enable outside
    telnet 10.65.1.6 255.255.255.255 inside
    telnet timeout 5
    ssh stricthostkeycheck
    ssh 172.25.5.0 255.255.255.0 inside
    ssh 172.19.9.49 255.255.255.255 inside
    ssh 172.25.5.0 255.255.255.0 outside
    ssh 172.19.9.49 255.255.255.255 outside
    ssh timeout 30
    ssh version 2
    ssh key-exchange group dh-group1-sha1
    console timeout 30
    management-access inside
    dhcprelay server 172.25.81.1 outside
    dhcprelay server 172.25.49.1 outside
    dhcprelay enable inside
    dhcprelay timeout 60
    threat-detection basic-threat
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    ntp server 172.19.109.41
    ntp server 172.19.109.42
    ntp server 172.19.9.49 source outside
    tunnel-group ********* type ipsec-l2l
    tunnel-group ********* ipsec-attributes
     ikev2 remote-authentication pre-shared-key *****
     ikev2 local-authentication pre-shared-key *****
    class-map inspection_default
     match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
     parameters
      message-length maximum client auto
      message-length maximum 512
    policy-map global_policy
     class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect ip-options
      inspect netbios
      inspect rsh
      inspect rtsp
      inspect skinny
      inspect esmtp
      inspect sqlnet
      inspect sunrpc
      inspect tftp
      inspect sip
      inspect xdmcp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    call-home
     profile CiscoTAC-1
      no active
      destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
      destination address email [email protected]
      destination transport-method http
      subscribe-to-alert-group diagnostic
      subscribe-to-alert-group environment
      subscribe-to-alert-group inventory periodic monthly
      subscribe-to-alert-group configuration periodic monthly
      subscribe-to-alert-group telemetry periodic daily
    Cryptochecksum:25ad9bf6db66a31e840ad96f49cd7e37
    : end
    I believe when a VPN tunnel is setup there should be one Child sa per subnet. The internal network of 10.65.1.0/24 should be setup with a child sa to the networks that were specified above depending on if there is traffic destined for them. What I am seeing is multiple child sa setup for the same subnet like the example below:
    GARPR-COM1-WF01# sh crypto ikev2 sa | i 172.19
              remote selector 172.19.0.0/0 - 172.19.255.255/65535
              remote selector 172.19.0.0/0 - 172.19.255.255/65535
              remote selector 172.19.0.0/0 - 172.19.255.255/65535
              remote selector 172.19.0.0/0 - 172.19.255.255/65535
              remote selector 172.19.0.0/0 - 172.19.255.255/65535
              remote selector 172.19.0.0/0 - 172.19.255.255/65535
              remote selector 172.19.0.0/0 - 172.19.255.255/65535
              remote selector 172.19.0.0/0 - 172.19.255.255/65535
              remote selector 172.19.0.0/0 - 172.19.255.255/65535
              remote selector 172.19.0.0/0 - 172.19.255.255/65535
    where for destination network 10.92.0.0/16 there is only one child sa:
    GARPR-COM1-WF01# sh crypto ikev2 sa | i 10.92
              remote selector 10.92.0.0/0 - 10.92.255.255/6553
    Should this be the case or does anyone have any idea why there is multiple child sa setup for the same subnet?
    Thanks
    Jonathan

    Hi there,
    I had same issue with PIX 506E and it was not even a circuit issue and I got ride of it and problem got fixed with PIX515E
    I don't know, the device is too old to stay alive.
    thanks

  • CISCO ASA 5505 Split Tunnel DNS with Site to Site VPN

    I have a working configuration for Site to Site VPN between our head office and a private AWS VPC instance.
    The tunnel is active and I can ping the IP address of the remote network and connect to the remote machines using the IP address, but we need to use the FQDN and not the IP.  We have a DNS server set up in AWS for any DNS queries for the remote domain name.
    My question is whether or not the ASA 5505 supports a DNS split tunnel for Site to Site VPN and how it can be configured.
    I can not find where I can interogate the DNS query to be redirected to the VPN tunnel when our domain name is used in a DNS query.  Thus, any pings I try with the FQDN of our servers in AWS are failing as they are going to the default DNS, which is the internet.
    Can any one point me in the right direction on how to configure this DNS rewrite so that we can access our AWS private cloud using FQDN from our AWS domain rather than an IP address?

    Jose, your fix to problem 1 allows all access from the outside, assuming you applied the extended list to the outside interface.  Try to be more restrictive than an '...ip any any' rule for outside_in connections.  For instance, this is what I have for incoming VOIP (access list and nat rules):
    access list rule:
    access-list outside_access_in extended permit udp any object server range 9000 9049 log errors
    nat rule:
    nat (inside,outside) source static server interface service voip-range voip-range
    - 'server' is a network object *
    - 'voip-range' is a service group range
    I'd assume you can do something similar here in combination with my earlier comment:
    access-list incoming extended permit tcp any any eq 5900
    Can you explain your forwarding methodology a little more?  I'm by no means an expert on forwarding, but the way I read what you're trying to do is that you have an inbound VNC request coming in on 5900 and you want the firewall to figure out which host the request should go to.  Or is it vice-versa, the inbound VNC request can be on port 6001-6004 ?

  • VPN Client Tunnel Connection Pix506E

    Situation:  Trying to connect to PiX 506e for vpn client tunnel.  The tunnel shows the following when using the sho isa sa command:
    qm_idle 0 0 
    then after about 3-4 minutes the client workstaiton is receiving error:  Reason 412:  the remote peer is no longer responding
    The same workstation on the same internet connection from the home office is able to connect to an ASA 5505 vpn client with no problems.
    I have enabled:  nat traversal on the pix506e and tried serveral options on the client side.
    The Pix506E also has site to site vpn tunnels that are working without any problems.
    Pix Software version:  6.3.5
    Any ideas?

    Try to connect from a different internet connection and see if you are having the same issue.
    Also, turn on the logs on the vpn client and see why it's failing.

  • Cisco ASA 5505 Site to site VPN IPSEC tunnel to an Clavister Firewall

    Hi,
    I have weird problem with a Site to site VPN tunnel from a Cisco ASA 5505 to an Clavister Firewall.
    When I restart the Cisco ASA 5505 the tunnel is up and down,up, down, down, and I get all strange messages when I see if the tunnel is up or down with the syntax: show crypto isakmp sa
    After a while like 5-10 min the vpn site to site tunnel is up and here is the strange thing happening I have all accesslists and tunnel accesslists right I can only access one remote network (Main site Clavister Firewall) trought the vpn tunnel behind the Cisco ASA 5505, and I have 5 more remote networks that I want to access but only one remote network is working trought the vpn tunnel behind the Cisco ASA. I see that when I do this syntax in ASA: show crypto ipsec sa.
    They had a Clavister Firewall before on that site before and now they have a Cisco ASA 5505 and all the rules on the main site thats have the big Clavister Firewall is intact so the problems are in the Cisco ASA 5505.
    Here is some logs that ASDM give me about the tunnel issue, but like I said, the tunnel is up and only one remote network is reachable in that tunnel.....
    3
    Nov 21 2012
    07:11:09
    713902
    Group = 195.149.180.254, IP = 195.149.169.254, Removing peer from correlator table failed, no match!
    3
    Nov 21 2012
    07:11:09
    713902
    Group = 195.149.180.254, IP = 195.149.169.254, QM FSM error (P2 struct &0xc92462d0, mess id 0x1c6bf927)!
    3
    Nov 21 2012
    07:11:09
    713061
    Group = 195.149.180.254, IP = 195.149.169.254, Rejecting IPSec tunnel: no matching crypto map entry for remote proxy 0.0.0.0/0.0.0.0/0/0 local proxy 0.0.0.0/0.0.0.0/0/0 on interface outside
    5
    Nov 21 2012
    07:11:09
    713119
    Group = 195.149.180.254, IP = 195.149.169.254, PHASE 1 COMPLETED
    Here is from the syntax: show crypto isakmp sa
    Result of the command: "show crypto isakmp sa"
       Active SA: 1
        Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
    Total IKE SA: 1
    1   IKE Peer: 195.149.180.254
        Type    : L2L             Role    : responder
        Rekey   : no              State   : MM_ACTIVE
    Result of the command: "show crypto ipsec sa"
    interface: outside
        Crypto map tag: CustomerCryptoMap, seq num: 10, local addr: 213.180.90.29
          access-list arvika_garnisonen permit ip 172.22.65.0 255.255.255.0 192.168.123.0 255.255.255.0
          local ident (addr/mask/prot/port): (172.22.65.0/255.255.255.0/0/0)
          remote ident (addr/mask/prot/port): (192.168.123.0/255.255.255.0/0/0)
          current_peer:195.149.180.254
          #pkts encaps: 2188, #pkts encrypt: 2188, #pkts digest: 2188
          #pkts decaps: 2082, #pkts decrypt: 2082, #pkts verify: 2082
          #pkts compressed: 0, #pkts decompressed: 0
          #pkts not compressed: 2188, #pkts comp failed: 0, #pkts decomp failed: 0
          #pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
          #PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
          #send errors: 0, #recv errors: 0
          local crypto endpt.: 213.180.67.29, remote crypto endpt.: 195.149.180.254
          path mtu 1500, ipsec overhead 74, media mtu 1500
          current outbound spi: E715B315
        inbound esp sas:
          spi: 0xFAC769EB (4207372779)
             transform: esp-aes-256 esp-sha-hmac no compression
             in use settings ={L2L, Tunnel, PFS Group 5, }
             slot: 0, conn_id: 2879488, crypto-map: CustomerCryptoMap
             sa timing: remaining key lifetime (kB/sec): (38738/2061)
             IV size: 16 bytes
             replay detection support: Y
             Anti replay bitmap:
              0xFFFFFFFF 0xFFFFFFFF
        outbound esp sas:
          spi: 0xE715B315 (3876958997)
             transform: esp-aes-256 esp-sha-hmac no compression
             in use settings ={L2L, Tunnel, PFS Group 5, }
             slot: 0, conn_id: 2879488, crypto-map: CustomerCryptoMap
             sa timing: remaining key lifetime (kB/sec): (38673/2061)
             IV size: 16 bytes
             replay detection support: Y
             Anti replay bitmap:
              0x00000000 0x00000001
    And here are my Accesslists and vpn site to site config:
    crypto isakmp enable outside
    crypto isakmp policy 10
    authentication pre-share
    encryption aes-256
    hash sha
    group 5
    lifetime 84600
    crypto isakmp nat-traversal 40
    crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    crypto map CustomerCryptoMap 10 match address VPN_Tunnel
    crypto map CustomerCryptoMap 10 set pfs group5
    crypto map CustomerCryptoMap 10 set peer 195.149.180.254
    crypto map CustomerCryptoMap 10 set transform-set ESP-AES-256-SHA
    crypto map CustomerCryptoMap interface outside
    access-list VPN_Tunnel extended permit ip 172.22.65.0 255.255.255.0 192.168.123.0 255.255.255.0 -------> This is the only remote network I can reach behind the Cisco ASA and the other remote networks dont work..
    access-list VPN_Tunnel extended permit ip 172.22.65.0 255.255.255.0 host 10.1.34.5
    access-list VPN_Tunnel extended permit ip 172.22.65.0 255.255.255.0 host 10.1.20.76
    access-list VPN_Tunnel extended permit ip 172.22.65.0 255.255.255.0 host 62.88.129.221
    access-list VPN_Tunnel extended permit ip 172.22.65.0 255.255.255.0 172.22.71.0 255.255.255.0
    access-list nonat extended permit ip 172.22.65.0 255.255.255.0 192.168.123.0 255.255.255.0
    access-list nonat extended permit ip 172.22.65.0 255.255.255.0 host 10.1.34.5
    access-list nonat extended permit ip 172.22.65.0 255.255.255.0 host 10.1.20.76
    access-list nonat extended permit ip 172.22.65.0 255.255.255.0 host 62.88.129.221
    access-list nonat extended permit ip 172.22.65.0 255.255.255.0 172.22.71.0 255.255.255.0
    nat (inside) 0 access-list nonat
    All these remote networks are at the Main Site Clavister Firewall.
    Best Regards
    Michael

    Hi,
    I'd start by getting the configuration of the remote site related to Local/Remote network configurations and go through them. Even though no changes have been made.
    If they are mirror images of eachother already I'd say its probably some problem related to Cisco/Clavister setup
    Seems especially wierd to me that one of the error messages includes 0.0.0.0 lines.
    I have run into some problems with L2L VPN configurations when our Cisco device just doesnt want to work with the remote end device. In some cases we have confirmed that our networks defined for the L2L VPN are exactly the same and yet when checking debugs on the ASA side we can see the remote end device using totally wrong network masks for the VPN negotiaton and therefore it failed. That problem we corrected with changing the network masks a bit.
    Maybe you could try to change the Encryption Domain configurations a bit and test it then.
    You could also maybe take some debugs on the Phase2 and see if you get anymore  hints as to what could be the problem when only one network is working for the L2L VPN.
    - Jouni

  • Routing Issue for Remote Access Clients over Site to Site VPN tunnels

    I have a customer that told me that Cisco has an issue when a customer has a topology of let's say 3 sites that have site to site tunnels built and a Remote Access client connects to site A and needs resources at Site B but the PIX won't route to that site. Has this been fixed in the ASA?

    Patrick, that was indeed true for a long time.
    But now it is fixed in PIX and ASA version 7.x.
    Please refer to this document for details:
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008046f307.shtml

  • Dynamin VPN/GRE can't ping other side of tunnel

    I am new at this VPN stuff and tryiong to setup a GRE Dynamic IP VPN between my offfice and home.  Here is what I ahve done thus far:
    OFFICE
    interface Tunnel0
    ip address 172.30.1.1 255.255.255.252
    no ip redirects
    ip mtu 1400
    ip nhrp map multicast dynamic
    ip nhrp network-id 1
    ip tcp adjust-mss 1360
    tunnel source FastEthernet0/0
    tunnel mode gre multipoint
    tunnel key 1
    interface FastEthernet0/0
    ip address 40.197.68.9 255.255.255.248
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    HOME
    interface Tunnel0
    ip address 172.30.1.2 255.255.255.252
    ip mtu 1400
    ip nhrp map multicast 40.197.68.9
    ip nhrp map 172.30.1.1 40.197.68.9
    ip nhrp network-id 1
    ip nhrp nhs 172.30.1.1
    ip tcp adjust-mss 1360
    tunnel source GigabitEthernet0/0
    tunnel destination 40.197.68.9
    tunnel key 1
    interface GigabitEthernet0/0
    description Router
    ip address 192.168.30.1 255.255.255.252
    duplex auto
    speed auto
    When I ping 172.30.1.1 from the HOME router, I get 0/5 success.  Not good!  I have not setup any IPSec yet.
    Results for HOME router
    show ip nhrp nhs detail
    Legend: E=Expecting replies, R=Responding, W=Waiting
    Tunnel0:
    172.30.1.1   E priority = 0 cluster = 0  req-sent 53  req-failed 0  repl-recv 0
    sh int t0
    Tunnel0 is up, line protocol is up
      Hardware is Tunnel
      Internet address is 172.30.1.2/30
      MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation TUNNEL, loopback not set
      Keepalive not set
      Tunnel source 192.168.30.1 (GigabitEthernet0/0), destination 40.197.68.9
       Tunnel Subblocks:
          src-track:
             Tunnel0 source tracking subblock associated with GigabitEthernet0/0
              Set of tunnels with source GigabitEthernet0/0, 1 member (includes iterators), on interface <OK>
      Tunnel protocol/transport GRE/IP
        Key 0x1, sequencing disabled
        Checksumming of packets disabled
      Tunnel TTL 255, Fast tunneling enabled
      Tunnel transport MTU 1472 bytes
      Tunnel transmit bandwidth 8000 (kbps)
      Tunnel receive bandwidth 8000 (kbps)
      Last input 00:40:28, output 00:00:25, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/0 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         0 packets input, 0 bytes, 0 no buffer
         Received 0 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         106 packets output, 12612 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 output buffer failures, 0 output buffers swapped out
    sh ip route
    Gateway of last resort is 192.168.30.2 to network 0.0.0.0
    S*    0.0.0.0/0 [1/0] via 192.168.30.2
          10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
    C        10.110.0.0/24 is directly connected, GigabitEthernet0/1.110
    L        10.110.0.1/32 is directly connected, GigabitEthernet0/1.110
    C        10.115.0.0/24 is directly connected, GigabitEthernet0/1.115
    L        10.115.0.1/32 is directly connected, GigabitEthernet0/1.115
          172.16.0.0/30 is subnetted, 1 subnets
    S        172.16.2.0 [1/0] via 192.168.30.6
          172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
    C        172.30.1.0/30 is directly connected, Tunnel0
    L        172.30.1.2/32 is directly connected, Tunnel0
    S     192.168.2.0/24 is directly connected, GigabitEthernet0/0
    S     192.168.10.0/24 is directly connected, GigabitEthernet0/0
          192.168.30.0/24 is variably subnetted, 4 subnets, 2 masks
    C        192.168.30.0/30 is directly connected, GigabitEthernet0/0
    L        192.168.30.1/32 is directly connected, GigabitEthernet0/0
    C        192.168.30.4/30 is directly connected, GigabitEthernet0/1.30
    L        192.168.30.5/32 is directly connected, GigabitEthernet0/1.30
    S     192.168.50.0/24 [1/0] via 192.168.30.6
          192.168.69.0/24 is variably subnetted, 2 subnets, 2 masks
    C        192.168.69.0/24 is directly connected, GigabitEthernet0/1.69
    L        192.168.69.3/32 is directly connected, GigabitEthernet0/1.69
    S     192.168.100.0/24 [1/0] via 192.168.30.6
    S     192.168.125.0/24 [1/0] via 192.168.30.6
    S     192.168.200.0/24 [1/0] via 192.168.30.6
    sh dmvpn
    Interface: Tunnel0, IPv4 NHRP Details
    Type:Spoke, NHRP Peers:1,
    # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb
         1    50.197.68.90      172.30.1.1  NHRP 02:30:17     S
    Results for OFFICE router
    show ip nhrp nhs detail
    sh dmvpn
    sh int t0
    Tunnel0 is up, line protocol is up
      Hardware is Tunnel
      Internet address is 172.30.1.1/30
      MTU 17912 bytes, BW 100 Kbit/sec, DLY 50000 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation TUNNEL, loopback not set
      Keepalive not set
      Tunnel source 40.197.68.9 (FastEthernet0/0)
       Tunnel Subblocks:
          src-track:
             Tunnel0 source tracking subblock associated with FastEthernet0/0
              Set of tunnels with source FastEthernet0/0, 1 member (includes iterators), on interface <OK>
      Tunnel protocol/transport multi-GRE/IP
        Key 0x1, sequencing disabled
        Checksumming of packets disabled
      Tunnel TTL 255, Fast tunneling enabled
      Tunnel transport MTU 1472 bytes
      Tunnel transmit bandwidth 8000 (kbps)
      Tunnel receive bandwidth 8000 (kbps)
      Last input 00:43:56, output never, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: fifo
      Output queue: 0/0 (size/max)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         0 packets input, 0 bytes, 0 no buffer
         Received 0 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         0 packets output, 0 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 output buffer failures, 0 output buffers swapped out
    show ip route
    S*    0.0.0.0/0 [1/0] via 40.197.68.94
          40.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
    C        40.197.68.8/29 is directly connected, FastEthernet0/0
    L        40.197.68.9/32 is directly connected, FastEthernet0/0
          172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
    C        172.30.1.0/30 is directly connected, Tunnel0
    L        172.30.1.1/32 is directly connected, Tunnel0
    S     192.168.2.0/24 [1/0] via 192.168.10.5
          192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
    C        192.168.10.0/24 is directly connected, FastEthernet0/1
    L        192.168.10.1/32 is directly connected, FastEthernet0/1
    S     192.168.69.0/24 is directly connected, FastEthernet0/0
    Why can't Io ping from the HOME router to the OFFICE router?

    I fugured this problem out.  I needed to setup PKI/IKE and once that was done on both routers, my tunned now passes some data.

  • How to configure full tunnel with VPN client and router?

    I know the concept of split tunnel....Is it possibe to configure vpn client and router full tunnel or instead of router ASA? I know filter options in concentrators is teher options in ISR routers or ASA?

    I think it is possible. Following links may help you
    http://www.cisco.com/en/US/products/hw/routers/ps274/products_configuration_example09186a0080819289.shtml

Maybe you are looking for

  • How can I free my Elements 5 Organizer from a "Runtime Error!" message that won't quit?

    I recently installed Elements 5 on my new Windows 7 computer, and I've spent many hours re-creating hundreds of stacks and tags that I developed on my old XP computer.  Elements 5 has worked perfectly well for several days.   But when I asked it to r

  • How I fixed my wifi on iphone with clearwire

    After so many tries and hours of pain........! I first got on apple support and had my internet redone by support help. Then went to the genius bar and made sure my iphone worked with wifi-it did. Then back to the drawing board. Finally went to the a

  • Greek characteres in a file

    Hello, i've a file which is encoded in unicode. This file has some normal characters and some special characters wich are greek. Now i need to read this file using utl_file and map the information to a database table. The table as some columns as var

  • ORA-1503 during install of iAS 9i R2 infrastructure

    Hello, I am installing Oracle 9iAS R2 infrastructure on a freshly installed Windows 2000 (SP3) system. During operation of the Database Configuration assistant the message "ORA-01503 - CREATE CONTROLFILE failed" apppears. The last lines in the iasdbA

  • Rating scales

    How do I construct a rating scale with a statment (question) on the left hand side and the right hand side of the range i.e. two statements that I am asking people to evaluate and agree with