Panic when connecting to VPN
Hi
We have several users who are getting panics when connecting to our VPN from home. They are configured to use either PPTP or IPSEC (they can choose either) and it happens across multiple macbooks, though not all, and when connecting to either type of VPN.
The panic logs show the following but my eye is drawn to what looks like a Sonnet SATA driver, which strikes me as odd. Any ideas ?
Sun May 15 13:56:58 2011
panic(cpu 1 caller 0x2aab59): Kernel trap at 0x01aae1e0, type 14=page fault, registers:
CR0: 0x8001003b, CR2: 0x00000000, CR3: 0x00100000, CR4: 0x00000660
EAX: 0x00000000, EBX: 0x00000000, ECX: 0x0054fdea, EDX: 0x447b1000
CR2: 0x00000000, EBP: 0x52f63f28, ESI: 0x00000004, EDI: 0x00000000
EFL: 0x00010246, EIP: 0x01aae1e0, CS: 0x00000008, DS: 0x00000010
Error code: 0x00000000
Backtrace (CPU 1), Frame : Return Address (4 potential args on stack)
0x52f63d08 : 0x21b510 (0x5d9514 0x52f63d3c 0x223978 0x0)
0x52f63d58 : 0x2aab59 (0x59aeec 0x1aae1e0 0xe 0x59b0b6)
0x52f63e38 : 0x2a09b8 (0x52f63e50 0x447b10c8 0x52f63f28 0x1aae1e0)
0x52f63e48 : 0x1aae1e0 (0xe 0x48 0x9300010 0x10)
0x52f63f28 : 0x554254 (0x447b1000 0x930bcc0 0x0 0x4bca4b54)
0x52f63f78 : 0x22fd0d (0x930bcc0 0x89b21dc 0x52f63fc8 0x550788)
0x52f63fc8 : 0x2a06dc (0x863ea0 0x0 0x2a06eb 0xa0f6ee4)
Kernel Extensions in backtrace (with dependencies):
com.sonnettech.driver.SonnetSATA(2.2.5)@0x1a9e000->0x1abbfff
dependency: com.apple.iokit.IOATAFamily(2.5.1)@0x1a91000
dependency: com.apple.iokit.IOPCIFamily(2.6)@0x927000
BSD process name corresponding to current thread: kernel_task
Mac OS version:
10J869
Kernel version:
Darwin Kernel Version 10.7.0: Sat Jan 29 15:17:16 PST 2011; root:xnu-1504.9.37~1/RELEASE_I386
System model name: MacBookPro5,2 (Mac-F2268EC8)
System uptime in nanoseconds: 6185013429022
unloaded kexts:
com.apple.iokit.IOATABlockStorage 2.6.0 (addr 0x58ec9000, size 0x57344) - last unloaded 6108231979777
loaded kexts:
com.sonnettech.SonnetSATABlockStorage 2.2.5
com.sonnettech.driver.SonnetSATA 2.2.5
com.apple.driver.AppleRAID 4.0.6 - last loaded 6145052191856
com.apple.filesystems.webdav 1.8.2
com.apple.filesystems.afpfs 9.7
com.apple.nke.asp_tcp 5.0
com.apple.driver.AppleBluetoothMultitouch 54
com.apple.driver.AppleHWSensor 1.9.3d0
com.apple.filesystems.autofs 2.1.0
com.apple.driver.AGPM 100.12.19
com.apple.driver.AppleMikeyHIDDriver 1.2.0
com.apple.driver.AppleMikeyDriver 1.9.9f12
com.apple.kext.AppleSMCLMU 1.5.0d3
com.apple.driver.AudioAUUC 1.54
com.apple.driver.AppleLPC 1.4.12
com.apple.driver.AppleUpstreamUserClient 3.5.4
com.apple.driver.AppleMCCSControl 1.0.17
com.apple.driver.SMCMotionSensor 3.0.0d4
com.apple.driver.AppleHDA 1.9.9f12
com.apple.Dont_Steal_Mac_OS_X 7.0.0
com.apple.driver.AudioIPCDriver 1.1.6
com.apple.driver.AppleIntelPenrynProfile 17
com.apple.driver.ACPI_SMC_PlatformPlugin 4.5.0d5
com.apple.driver.AppleGraphicsControl 2.8.68
com.apple.GeForce 6.2.6
com.apple.driver.AppleUSBTCButtons 200.3.2
com.apple.driver.AppleUSBTCKeyboard 200.3.2
com.apple.driver.AppleIRController 303.8
com.apple.iokit.SCSITaskUserClient 2.6.5
com.apple.iokit.IOAHCIBlockStorage 1.6.3
com.apple.driver.AirPortBrcm43224 427.36.9
com.apple.driver.AppleSmartBatteryManager 160.0.0
com.apple.driver.AppleAHCIPort 2.1.5
com.apple.BootCache 31
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0d1
com.apple.nvenet 2.0.15
com.apple.driver.AppleFWOHCI 4.7.1
com.apple.driver.AppleUSBHub 4.1.7
com.apple.driver.AppleUSBEHCI 4.1.8
com.apple.driver.AppleUSBOHCI 4.1.5
com.apple.driver.AppleEFINVRAM 1.4.0
com.apple.driver.AppleRTC 1.3.1
com.apple.driver.AppleHPET 1.5
com.apple.driver.AppleACPIButtons 1.3.5
com.apple.driver.AppleSMBIOS 1.6
com.apple.driver.AppleACPIEC 1.3.5
com.apple.driver.AppleAPIC 1.4
com.apple.driver.AppleIntelCPUPowerManagementClient 105.13.0
com.apple.security.sandbox 1
com.apple.security.quarantine 0
com.apple.nke.applicationfirewall 2.1.11
com.apple.driver.AppleIntelCPUPowerManagement 105.13.0
com.apple.driver.IOBluetoothHIDDriver 2.4.0f1
com.apple.driver.AppleMultitouchDriver 207.10
com.apple.driver.AppleProfileReadCounterAction 17
com.apple.driver.AppleSMBusController 1.0.8d0
com.apple.driver.AppleSMBusPCI 1.0.8d0
com.apple.driver.AppleProfileTimestampAction 10
com.apple.driver.AppleProfileThreadInfoAction 14
com.apple.driver.AppleProfileRegisterStateAction 10
com.apple.driver.AppleProfileKEventAction 10
com.apple.driver.AppleProfileCallstackAction 20
com.apple.iokit.IOFireWireIP 2.0.3
com.apple.iokit.IOATAFamily 2.5.1
com.apple.driver.DspFuncLib 1.9.9f12
com.apple.iokit.IOSurface 74.2
com.apple.iokit.IOBluetoothSerialManager 2.4.0f1
com.apple.iokit.IOSerialFamily 10.0.3
com.apple.iokit.IOAudioFamily 1.8.0fc1
com.apple.kext.OSvKernDSPLib 1.3
com.apple.driver.AppleHDAController 1.9.9f12
com.apple.iokit.IOHDAFamily 1.9.9f12
com.apple.iokit.AppleProfileFamily 41
com.apple.driver.AppleSMC 3.1.0d3
com.apple.driver.IOPlatformPluginFamily 4.5.0d5
com.apple.nvidia.nv50hal 6.2.6
com.apple.NVDAResman 6.2.6
com.apple.iokit.IONDRVSupport 2.2
com.apple.iokit.IOGraphicsFamily 2.2
com.apple.driver.BroadcomUSBBluetoothHCIController 2.4.0f1
com.apple.driver.AppleUSBBluetoothHCIController 2.4.0f1
com.apple.iokit.IOBluetoothFamily 2.4.0f1
com.apple.driver.AppleUSBMultitouch 206.6
com.apple.iokit.IOUSBHIDDriver 4.1.5
com.apple.driver.AppleUSBMergeNub 4.1.8
com.apple.driver.AppleUSBComposite 3.9.0
com.apple.iokit.IOSCSIMultimediaCommandsDevice 2.6.5
com.apple.iokit.IOBDStorageFamily 1.6
com.apple.iokit.IODVDStorageFamily 1.6
com.apple.iokit.IOCDStorageFamily 1.6
com.apple.driver.XsanFilter 402.1
com.apple.iokit.IOAHCISerialATAPI 1.2.5
com.apple.iokit.IOSCSIArchitectureModelFamily 2.6.5
com.apple.iokit.IO80211Family 314.1.1
com.apple.iokit.IOAHCIFamily 2.0.4
com.apple.iokit.IONetworkingFamily 1.10
com.apple.iokit.IOFireWireFamily 4.2.6
com.apple.iokit.IOUSBUserClient 4.1.5
com.apple.iokit.IOUSBFamily 4.1.8
com.apple.driver.NVSMU 2.2.7
com.apple.driver.AppleEFIRuntime 1.4.0
com.apple.iokit.IOHIDFamily 1.6.5
com.apple.iokit.IOSMBusFamily 1.1
com.apple.kext.AppleMatch 1.0.0d1
com.apple.security.TMSafetyNet 6
com.apple.driver.DiskImages 289
com.apple.iokit.IOStorageFamily 1.6.2
com.apple.driver.AppleACPIPlatform 1.3.5
com.apple.iokit.IOPCIFamily 2.6
com.apple.iokit.IOACPIFamily 1.3.0
...happens across multiple macbooks...The panic logs show the following but my eye is drawn to what looks like a Sonnet SATA driver, which strikes me as odd. Any ideas ?
I don't have an answer, but are these Macbook Pros with the ExpressCard slot? (17" MBP or older 15" MBPs.) If so, then do these users have external hard drives? Sonnet does make some ExpressCard SATA adapters so perhaps a driver update is needed.
http://eshop.macsales.com/Search/Search.cfm?Ntk=Primary&Ns=P_Popularity%7c1&Ne=8 050&N=4294967277&Ntt=PCMCIA+AND+Express34
Similar Messages
-
OS X Lion gets kernel panic when connecting via CIFS
A customer of ours has problems with OS X Lion clients that get kernel panic when connecting via CIFS (Novell OES server).
Any new on this issue?
Tycho Sjgren
Apoio ABOriginally Posted by tychosjogren
Sorry for the late response - had to check a few things with the customer.
They use the latest OES version with all the latest sp and patches applied. They have even tested with the an OES 11 beta with the same result. The OS run as a VM on VMware in 64 bit mode attached to a SAN. Has also been tested as a plain install without VMware. The Lion version is 10.7.2.
This is how the problem occurs:
1. Mount the CIFS share - no problems
2. Use the share - no problems
3. If the network connection drops you get a message that the CIFS volume has disappeared and you are asked to unmount it. When you do that you get a kernel panic. You can force the problem to happen by turning of WiFi.
So it is OES2 but which version (SP1, SP2, or SP3)? Interesting as I'd only heard of this with NetWare 6.5.
Do you (and anyone else experiencing this issue in this thread) know if this has recently started happening, perhaps after the latest November 2011 Scheduled Maintenance patches were installed?
I'll hopefully be able to do some testing tomorrow but in the meantime I've asked Novell ...
HTH. -
Can't Browse Web when connected to VPN
Hi,
I got interested in networks about a year ago. We had some spare networking kit lying around in our office and I decided to set up a lab.
I've been able to configure NAT w/ PAT on a cisco 3825.
I've got 1 access list, "Overloading" my OUTSIDE int, and a few "ip nat inside source static..." entries to handle my port forwards.
It's a very basic setup.
The router died recently, so I got a cheap replacement form ebay. Setting it all up was WAY easier than last time, so I decided to try something new.... VPN.
I'd previously had a port forward to a computer that was a VPN server, but I was able to use Cisco CCP to help me configure VPN. Yes, technically cheating for all you CLI-heads out there, so sorry-- to make you happy, I did thoroughly inspect and spent extra time appreciating the code it wanted to inject to my router.
Now, I've got VPN working, and I can access all the PC's on the LAN I'm VPN'ing to, but -- I can't access the web when connected to VPN.
I've fiddled with the access list, trying to make it ANY/ANY.
I'm not really sure what to do.
I looked around and most of the stuff out there is for a site-to-site, or PAT running on a tunnel...
My issue is pretty basic, probably. I just cant access outside when on VPN.
I'm more than willing to have another translation method.
I've attached my router config.
Can you have a look and let me know what would need changing...
Really appreciate any insight.
Thanks,
BrianHello Brian,
Basically this is the VPN group:
crypto isakmp client configuration group open
key (something)
dns 192.168.1.1 8.8.8.8
domain something.com
pool SDM_POOL_1
save-password
backup-gateway 192.168.1.1
max-users 5
netmask 255.255.255.0
banner ^Cyou have connected to the vpn-ings!. well done! ^
I see that you are doing tunnel all, and you are not split tunneling on this configuration, what you can do is to use split tunnel, under this configuration as follow:
ip access-list extended SPLIT_TUNNEL
permit ip XXXXX XXXXX 192.168.1.0 0.0.0.255
XXXXX --> are the inside subnets
Then under this:
crypto isakmp client configuration group open
acl SPLIT_TUNNEL
This will allow you to have access to the internal subnets through the tunnel and have access to internet through the internet connection on your computer.
For further details take a look to this document:
- http://www.cisco.com/c/en/us/support/docs/routers/3600-series-multiservice-platforms/91193-rtr-ipsec-internet-connect.html
Don't use Any on your ACL statements for split tunneling purposes.
Let me know how it works out!
Please don't forget to rate and mark as correct the helpful Post!
David Castro,
Regards, -
Can't access non-VPN resources when connected to VPN
I need to access web based resources over a VPN for work. My admin gave me the connection parameters, and I can connect to the VPN and access what I need, no problem. But when connected to VPN, I can't access websites, Subversion repositories, Skype, etc. that are not on the VPN.
On Windows, there's a connection property on VPN connections called "Use default gateway". With that option cleared on my Windows machine, I can access both VPN and non-VPN resources simultaneously. I can't spot anything equivalent in the VPN connection in Network Preferences.
So I guess the question is: what network settings on Mac (Snow Leopard) will enable me to access both VPN and normal resources simultaneously?I have found a workaround. It isn't optimal, and it's disappointing that VPN is so poorly supported on Mac. Though the specific IPs are probably applicable only to the particular VPN I connect to, maybe the general idea can be of help to others and your network admins can supply the particular IPs you need.
1. My Admin had me open Network Preferences, select the VPN connection, click the Tools icon at the bottom, and select Set Service Order. In that dialog, move the VPN connection to the bottom of the list (my EVDO modem that gets me my internet connection is fist in the list). Apply this change.
2. Next, my admin asked me to run the following in Terminal, once when VPN was not connected (but internet was connected), and again with VPN connected, and send him the output:
*netstat -nr*
3. After looking at the terminal output, admin told me to run the following in Terminal with the VPN connected:
*sudo route add -net 10.123 -netmask 255.255.0.0 10.123.50.1*
After disconnecting both VPN and Internet connection and reactivating each in turn (internet, then VPN), I was able to access both VPN and non-VPN resources simultaneously.
The bad news is that every time I need to connect I have to run route add in Terminal and enter my password. I will probably make a shell script to at least run the command so I don't have to remember it.
Here's hoping this helps if others bump into this pernicious little problem. -
Kerberos issue when connecting via VPN
Hi,
I am have some issues when connecting via VPN.
The following kdc log is issued when I log via VPN
May 02 12:12:21 ATHENA.MYDOMAIN.LAN krb5kdc[163](info): DISPATCH: repeated (retransmitted?) request from 192.168.2.5, resending previous response
May 02 12:12:21 ATHENA.MYDOMAIN.LAN krb5kdc[163](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.2.5: UNKNOWN_SERVER: authtime 1146535939, [email protected] for ldap/[email protected], Server not found in Kerberos database
I also have a system log May 2 12:12:21 ATHENA DirectoryService[41]: GSSAPI Error: Miscellaneous failure (Server not found in Kerberos database)
This logs only happen while logging through VPN.
Any idea?
Cheers
BenHi,
When using your VPN are yo using Terminal LIcense or Remote Desktop Connection?
Please do the following to save form settings:
1. Only 1 module should be open when using form settings.
Close other modules that doesn't need.
2. Close the module after changed. To make sure the settings are saved.
3. Always close all the module before exiting SBO program, use the click FIle and Exit habit.
4. Terminal Licensing should be use when connecting remotely.
Thanks.
Clint -
Hello,
I have a RD farm using 3 Win 2012 servers (1 broker and 2 session host), for internal use only, have not
configured gateway for internet access.
Users are able to connect to RD farm website and remote into terminal server, within office
but can only connect to RD farm website and cannot remote into terminal server , when connected via VPN
Its takes long time at securing connection and fails.
ThanksHi,
Thank you for your posting in Windows Server Forum.
First of all I would suggest you to configure RD gateway role on your server and pass all the connection through it because it’s a best practice to use RD Gateway in RDS Farm.
Apart from this, if you are not using RD Gateway then you must check that you have successfully forwarded port 3389 for RDS to access via VPN. Also check that you have made configuration under IIS Manager to enable Forms Authentication. Please check
this link.
In addition, please refer beneath article for additional details.
1. How to Access Windows Remote Desktop Over the Internet
2. Remote Desktop Services in Windows 2008 R2 – Part 3 – RD Web Access & RemoteApp
(For reference)
Hope it helps!
Thanks,
Dharmesh -
Possible to select self-signed certificate for client validation when connecting to VPN with EAP-TLS
In windows 8.2, I have a VPN connection configured with PPTP as the outer protocol and EAP : "Smart card or other certificate ..." as the inner protocol. Under properties, in the "When connecting" section I've selected "Use a certificate
on this computer" and un-checked "Use simple certificate selection".
My preference would be to use separate self-signed certificates for all clients rather than having a common root certificate that signed all of the individual client certificates. I've tried creating the self-signed certificate both with and without the
client authentication EKU specified, and I've added the certificate to the trusted root certificate authority store on the client. But when I attempt to connect to the VPN I can not get the self signed certificate to appear on the "Choose a certificate"
drop down.
Are self signed certificates supported for this use in EAP-TLS? If it makes a difference, I'm working with makecert (not working with a certificate server).
TIA,
-RickHi Rick,
Thank you for your patience.
According to your description, would you please let me know what command you were using to make a self-signed certificate by tool makecert? I would like to try to reproduce this issue. Also based on my experience, please let me
know if the certificate has private key associated and be present in the local machine store. Hence, please move the certificate from the trusted root certificate authority store to personal store.
Best regards,
Steven Song
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
MBP Kernel Panic when connecting to HDTV (DVI)
I have a 15" MacBook Pro that has been working perfectly since I got it. I tried today to connect it to my Hitachi 51" HDTV (via DVI) and got an instant Kernel Panic. I used my 15" Powerbook with this HDTV without any issues.
I've searched and found folks with kernel panics when waking their MBP if the RAM is faulty, but nothing at all about issues when connecting an external display. I am running with all the latest updates, firmware update, etc.
I don't have any problems connecting to a 23" Cinema display or to a 19" Samsung LCD, but I tried several times to connect to the HDTV and got a kernel panic each time. I changed resolutions on one try and still got the same issue (720x480 so the TV would see it as 480p). I even tried booting up with the display already connected and it kernel panic'd when it tried to switch into the full OS X GUI.
The specific error is in the panic.log is:
Sat Jun 10 16:23:48 2006
panic(cpu 0 caller 0x0019CAEF): Unresolved kernel trap (CPU 0, Type 0=divide error), registers:
CR0: 0x80010033, CR2: 0x35863000, CR3: 0x00d6e000, CR4: 0x000006e0
EAX: 0x00000001, EBX: 0x00000000, ECX: 0x251a36fc, EDX: 0x00000000
ESP: 0x251a360c, EBP: 0x251a36d8, ESI: 0x00000000, EDI: 0x00000000
EFL: 0x00010247, EIP: 0x0078ca44, CS: 0x00000008, DS: 0x0a8c0010
Backtrace continues...
Kernel loadable modules in backtrace (with dependencies):
com.apple.kext.ATINDRV(4.2.6)@0x771000
dependency: com.apple.iokit.IOGraphicsFamily(1.4.3)@0x574000
dependency: com.apple.iokit.IONDRVSupport(1.4.3)@0x58f000
com.apple.iokit.IONDRVSupport(1.4.3)@0x58f000
dependency: com.apple.iokit.IOPCIFamily(2.0)@0x565000
dependency: com.apple.iokit.IOGraphicsFamily(1.4.3)@0x574000
So definitely something with the graphics subsystem. Anyone have any hints?
MacBook Pro 2GHz 2GB RAM ATI x1600 256MB Mac OS X (10.4.6)What happens if you boot from the DVD that came with the MBP instead of booting from your hard drive? It could have something to do with your configuration.
-
Default Gateway when connected to VPN
Thanks for reading!
This is probably a dump question so bear with me...
I have set up a VPN connection with a Cisco ASA 5505 fronting internet, with the customers environment behind it (on the same subnet), When connected ot the VPN I can reach the inside Router fronting me and one switch behind the Router (every switch is connected to the router), but nothing else.
My beet is that the Router is messing with my connection, but,, nevermind that!, the setup ain't complete anyway... my question is more related to the Gateway I'm missing when I'm, from the outside, is connected to the VPN on the ASA, could this mess it up? Shouldn't I have a Standard-Gateway in the ipconfig settings in windows?
This is who it looks like now:
Anslutningsspecifika DNS-suffix . : VPNOFFICE
IP-adress . . . . . . . . . . . . : 10.10.10.1
Nätmask . . . . . . . . . . . . . : 255.255.255.0
Standard-gateway . . . . . . . . :
The internal network is :
172.16.12.0 255.255.255.0
Below is my config for the ASA, thanks a lot!!!!!!!
!FlASH PÅ ROUTERN FRÅN BÖRJAN
!asa841-k8.bin
hostname DRAKENSBERG
domain-name default.domain.invalid
enable password XXXXXXX
names
interface Vlan1
nameif inside
security-level 100
ip address 172.16.12.4 255.255.255.0
interface Vlan10
nameif outside
security-level 0
ip address 97.XX.XX.20 255.255.255.248
interface Ethernet0/0
switchport access vlan 10
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CEST 1
clock summer-time CEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list nonat extended permit ip 172.16.12.0 255.255.255.0 10.10.10.0 255.255.255.0
access-list MSS_EXCEEDED_ACL extended permit tcp any any
access-list VPN-SPLIT-TUNNEL remark VPN SPLIT TUNNEL
access-list VPN-SPLIT-TUNNEL standard permit 172.16.12.0 255.255.255.0
tcp-map MSS-MAP
exceed-mss allow
pager lines 24
logging enable
logging timestamp
logging buffer-size 8192
logging console notifications
logging buffered notifications
logging asdm notifications
mtu inside 1500
mtu outside 1500
ip local pool VPN 10.10.10.1-10.10.10.40 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any outside
asdm image disk0:/asdm-625-53.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 172.16.12.0 255.255.255.0
route outside 0.0.0.0 0.0.0.0 97.XX.XX.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 172.16.12.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 172.16.12.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
group-policy VPNOFFICE internal
group-policy VPNOFFICE attributes
dns-server value 215.122.145.18
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value VPN-SPLIT-TUNNEL
default-domain value VPNOFFICE
split-dns value 215.122.145.18
msie-proxy method no-proxy
username admin password XXXXXX privilege 15
username Daniel password XXXXX privilege 0
username Daniel attributes
vpn-group-policy VPNOFFICE
tunnel-group VPNOFFICE type remote-access
tunnel-group VPNOFFICE general-attributes
address-pool VPN
default-group-policy VPNOFFICE
tunnel-group VPNOFFICE ipsec-attributes
pre-shared-key XXXXXXXXXX
class-map MSS_EXCEEDED_MAP
match access-list MSS_EXCEEDED_ACL
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp error
inspect pptp
inspect ipsec-pass-thru
inspect icmp
class MSS_EXCEEDED_MAP
set connection advanced-options MSS-MAP
service-policy global_policy global
privilege cmd level 3 mode exec command perfmon
privilege cmd level 3 mode exec command ping
privilege cmd level 3 mode exec command who
privilege cmd level 3 mode exec command logging
privilege cmd level 3 mode exec command failover
privilege cmd level 3 mode exec command packet-tracer
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config
privilege show level 3 mode exec command reload
privilege show level 3 mode exec command mode
privilege show level 3 mode exec command firewall
privilege show level 3 mode exec command asp
privilege show level 3 mode exec command cpu
privilege show level 3 mode exec command interface
privilege show level 3 mode exec command clock
privilege show level 3 mode exec command dns-hosts
privilege show level 3 mode exec command access-list
privilege show level 3 mode exec command logging
privilege show level 3 mode exec command vlan
privilege show level 3 mode exec command ip
privilege show level 3 mode exec command ipv6
privilege show level 3 mode exec command failover
privilege show level 3 mode exec command asdm
privilege show level 3 mode exec command arp
privilege show level 3 mode exec command route
privilege show level 3 mode exec command ospf
privilege show level 3 mode exec command aaa-server
privilege show level 3 mode exec command aaa
privilege show level 3 mode exec command eigrp
privilege show level 3 mode exec command crypto
privilege show level 3 mode exec command vpn-sessiondb
privilege show level 3 mode exec command ssh
privilege show level 3 mode exec command dhcpd
privilege show level 3 mode exec command vpnclient
privilege show level 3 mode exec command vpn
privilege show level 3 mode exec command blocks
privilege show level 3 mode exec command wccp
privilege show level 3 mode exec command webvpn
privilege show level 3 mode exec command module
privilege show level 3 mode exec command uauth
privilege show level 3 mode exec command compression
privilege show level 3 mode configure command interface
privilege show level 3 mode configure command clock
privilege show level 3 mode configure command access-list
privilege show level 3 mode configure command logging
privilege show level 3 mode configure command ip
privilege show level 3 mode configure command failover
privilege show level 5 mode configure command asdm
privilege show level 3 mode configure command arp
privilege show level 3 mode configure command route
privilege show level 3 mode configure command aaa-server
privilege show level 3 mode configure command aaa
privilege show level 3 mode configure command crypto
privilege show level 3 mode configure command ssh
privilege show level 3 mode configure command dhcpd
privilege show level 5 mode configure command privilege
privilege clear level 3 mode exec command dns-hosts
privilege clear level 3 mode exec command logging
privilege clear level 3 mode exec command arp
privilege clear level 3 mode exec command aaa-server
privilege clear level 3 mode exec command crypto
privilege cmd level 3 mode configure command failover
privilege clear level 3 mode configure command logging
privilege clear level 3 mode configure command arp
privilege clear level 3 mode configure command crypto
privilege clear level 3 mode configure command aaa-server
prompt hostname context
Cryptochecksum:aaa1f198bf3fbf223719e7920273dc2e
: endI didn't realise I had that crypto settings on, thanks my bad!!!
But... the 172.16.12.0 network is directly connected, the Router (that to be honest is a firewall) / switches is all on the same subnet (172.16.12.X/24), so sorry I didn't explain thoroughly, was more wondering about the GW and didn't want to overcomplicate things..
The Firewall/Router dosen't do any routing, so it should work right (I you count out the firewalling in the firewall and so forth, there shouldn't be any problems accomplishing this with the ASA)? The Firewall is more a DHCP for the clients/Firwall for the clients.. this will change in the future.. it will be removed,
the vpn network is staticly routed back to my ASA in that firewall...
I don't like this solution.. but this is who it looks.. for now..
(VPN network is 10.10.10.X/24)
But... shouldn't I see a default gateway under ipconfig when I'm connected to the VPN from internet, on the vpn client that's vpned in, is this correct?
THANKS for all the help! -
Problems accessing 1 remote desktop when connected with VPN
Hi everyone,
I have an ASA 5505 and have a problem where when I connect through VPN I can RDP into a server using its internal address but I cannot RDP to another server using its internal address.
The one I can connect to has an IP of 192.168.2.10 and the one I cannot connect to has an IP of 192.168.2.11 on port 3390.
Both rules are configured exactly the same except for the IP addresses and I cannot see why I cannot connect to this one server.
I am also able to connect to my camera system with an IP 192.168.2.25 on port 37777 and able to ping any other device on the internal network.
I've also tried pinging it and telneting to port 3390 with no success.
Here is the config.
ASA Version 8.4(4)1
interface Ethernet0/0
switchport access vlan 3
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Vlan3
nameif outside
security-level 0
ip address 10.1.1.1 255.255.255.0
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network CTSG-LAN-OUT
range 10.1.1.10 10.1.1.49
object network CTSG-LAN-IN
subnet 192.168.2.0 255.255.255.0
object service RDP3389
service tcp destination eq 3389
description To DC
object network SERVER-IN
host 192.168.2.10
object network SERVER-OUT
host 10.1.1.50
object network CAMERA-IN-TCP
host 192.168.2.25
object network CAMERA-OUT
host 10.1.1.51
object service CAMERA-TCP
service tcp destination eq 37777
object network SERVER-Virt-IN
host 192.168.2.11
object network SERVER-Virt-OUT
host 10.1.1.52
object service RDP3390
service tcp destination eq 3390
description To VS for Master
object network CAMERA-IN-UDP
host 192.168.2.25
object service CAMERA-UDP
service udp destination eq 37778
object network CTSG-LAN-OUT-VPN
subnet 10.1.1.128 255.255.255.128
object network SERVER-Virt-IN-VPN
host 192.168.2.11
object network SERVER-IN-VPN
host 192.168.2.10
object network CAMERA-IN-VPN
host 192.168.2.25
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list inside1_access_in remark Implicit rule: Permit all traffic to less secure networks
access-list inside1_access_in extended permit ip any any
access-list outside_access_in extended permit object RDP3389 any host 192.168.2.10
access-list outside_access_in extended permit object RDP3390 any host 192.168.2.11
access-list outside_access_in extended permit object CAMERA-TCP any host 192.168.2.25
access-list outside_access_in extended permit object CAMERA-UDP any host 192.168.2.25
pager lines 24
logging enable
logging buffer-size 10240
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool RAVPN 10.1.1.129-10.1.1.254 mask 255.255.255.128
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static SERVER-IN-VPN SERVER-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
nat (inside,outside) source static CAMERA-IN-VPN CAMERA-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
nat (inside,outside) source static SERVER-Virt-IN-VPN SERVER-Virt-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
object network CTSG-LAN-IN
nat (inside,outside) dynamic interface
object network SERVER-IN
nat (inside,outside) static SERVER-OUT service tcp 3389 3389
object network CAMERA-IN-TCP
nat (inside,outside) static CAMERA-OUT service tcp 37777 37777
object network SERVER-Virt-IN
nat (inside,outside) static SERVER-Virt-OUT service tcp 3390 3390
access-group inside1_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.1.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP
-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=SACTSGRO
crl configure
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.168.2.0 255.255.255.0 inside
telnet timeout 15
ssh 192.168.2.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 15
dhcpd auto_config inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password xxxxx encrypted privilege 15
username admin attributes
vpn-group-policy DfltGrpPolicy
tunnel-group CTSGRA type remote-access
tunnel-group CTSGRA general-attributes
address-pool RAVPN
tunnel-group CTSGRA ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:0140431e7642742a856e91246356e6a2
: end
Thanks for your helpOk,
So you basically have configured the router so that you can connect directly to the ASA using the Cisco VPN Client. And also the objective was to in the end only allow traffic to the LAN through the VPN Client connection ONLY.
It would seem to me to achieve that, you would only need the following NAT configurations
VPN Client NAT0 / NAT Exempt / Identity NAT
object network LAN
subnet 192.168.2.0 255.255.255.0
object network VPN-POOL
subnet 10.1.1.128 255.255.255.128
nat (inside,outside) source static LAN LAN destination static VPN-POOL VPN-POOL
The purpose of the above NAT configuration is simply to tell the ASA that dont do any kind of NAT when there is traffic between the LAN network of 192.168.2.0/24 and the VPN Pool of 10.1.1.128/25. This way if you have any additional hosts on the LAN that need to be connected to, you wont have to make any form of changes to the NAT configurations for the VPN client users. You just allow the connections in the ACL (explained later below)
Default PAT
object-group network DEFAULT-PAT-SOURCE
network-object 192.168.2.0 255.255.255.0
nat (inside,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
This configurations purpose is just to replace the earlier Dynamic PAT rule on the ASA. I guess your router will be doing the translation from the ASA "outside" interface IP address to the routers public IP address and this configuration should therefore allow normal Internet usage from the LAN.
I would suggest removing all the other NAT configuration before adding these.
Controlling VPN clients access to internal resources
Also I assume that your current VPN client is configured as Full Tunnel. In other words it will tunnel all traffic to the the VPN connection while its active?
To control the traffic coming from the VPN Client users I would suggest that you do the following
Configure "no sysopt connection permit-vpn" This will change the ASA operation so that connections coming through a VPN connections ARE NOT allowed by default to bypass the "outside" interface ACL. Therefore after this change you can allow the connections you need in the "outside" interface ACL.
Configure any rules you need regarding the VPN client connections to the "outside" interface ACL. Though I guess they already exist since you are connecting there without the VPN also
I cant guarantee this with 100% certainty but it would seem to me that the above things should get you to the point where you can access the internal resources ONLY after when you have connected to the ASA through the VPN client connection. Naturally take precautions like configuration backups if you are going to do major configuration changes. Also if you are remotely managing the ASA then you also have the option to configure a timer on the ASA after which it will automatically reload. This could help in situations where a missconfiguration breaks you management connection and you have no other way to connect remotely. Then the ASA would simply reboot after the timer ran out and also reboot with the original configuration (provided you hadnt saved anything in between)
Why are you using a different port for the other devices RDP connection? I can understand it if its used through the Internet but if the RDP connection would be used through the VPN Client only then I dont think there is no need to manipulate the default port of 3389 on the server or on the ASA.
Also naturally if there is something on the actual server side preventing these connections then these configuration changes might not help at all.
Let me know if I have understood something wrong
- Jouni -
General Settings not retained when connecting via VPN
Forum,
We have a user who connects to SAP via a VPN connection. Since then they have found that any form settings/column amendments made are not being retained when next logging into SAP.
When these changes were made direct in the office, they are retained.
My question. Is there any differences in how the settings are retained within SAP when accessing via a VPN?
Regards,
JuanHi,
When using your VPN are yo using Terminal LIcense or Remote Desktop Connection?
Please do the following to save form settings:
1. Only 1 module should be open when using form settings.
Close other modules that doesn't need.
2. Close the module after changed. To make sure the settings are saved.
3. Always close all the module before exiting SBO program, use the click FIle and Exit habit.
4. Terminal Licensing should be use when connecting remotely.
Thanks.
Clint -
Cant send emails from gmail or yahoo when connected to vpn
I use a vpn to mask my IP address. When I am connected through my VPN I cannot send emails from my gmail or yahoo accounts through thunderbird
If i disconect vpn they go through fineJust a guess, but if you change the outgoing server name to an IP address such as 74.125.136.108 for Gmail, does it work?
https://support.hidemyass.com/entries/24893686-SMTP-Sending-emails-while-connected-to-VPN#thunderbird -
ITunes won't play via Airport Express when connected to VPN
Once connected to VPN iTunes just won't work but still plays on my computer. I believe it has something to do with the firewall but I do not know how to get around it. Can anyone help? I would love to listen to music via my stereo speakers while doing work...Thanks!
Is this what you are looking for? http://docs.info.apple.com/article.html?artnum=93396
or
http://docs.info.apple.com/article.html?artnum=108071 -
Can't send mail when connected to vpn
I'm hooked up with a private vpn service using OpenVpn. Everything works beautifully -- except that I can't send mail (receiving is no problem) because the SMTP ports offered through Mail 4.5 (ports 25, 465, 587) are blocked by many VPN providers as an anti-spam measure. I can't use port 993 with SSL because I live in Monaco, which has one ISP -- and it does not provide or support secure email (which is one of the reasons I want the VPN).
Is there another port I can select for SMTP, or some configuration tricks I'm missing? Thanks...:)Hello Brian,
Basically this is the VPN group:
crypto isakmp client configuration group open
key (something)
dns 192.168.1.1 8.8.8.8
domain something.com
pool SDM_POOL_1
save-password
backup-gateway 192.168.1.1
max-users 5
netmask 255.255.255.0
banner ^Cyou have connected to the vpn-ings!. well done! ^
I see that you are doing tunnel all, and you are not split tunneling on this configuration, what you can do is to use split tunnel, under this configuration as follow:
ip access-list extended SPLIT_TUNNEL
permit ip XXXXX XXXXX 192.168.1.0 0.0.0.255
XXXXX --> are the inside subnets
Then under this:
crypto isakmp client configuration group open
acl SPLIT_TUNNEL
This will allow you to have access to the internal subnets through the tunnel and have access to internet through the internet connection on your computer.
For further details take a look to this document:
- http://www.cisco.com/c/en/us/support/docs/routers/3600-series-multiservice-platforms/91193-rtr-ipsec-internet-connect.html
Don't use Any on your ACL statements for split tunneling purposes.
Let me know how it works out!
Please don't forget to rate and mark as correct the helpful Post!
David Castro,
Regards, -
IPod Restore failed, now Kernel Panic when connect to Mac
My iPod is a little older and has had trouble updating though the iPod Updaters so in order to get the latest updater on my iPod I've had to just restor the iPod using that specific updater. iPod Updater froze during my last restore and now I have incomplete software on my iPod and connecting it to my Mac results in immediate kernel panic. How can I get my iPod back to a usable state?
Thanks.Just got back from trying this idea and IT WORKS. For people that might have this problem, I booted from the CD/DVD and lauched Disk Utility and did a Repair Disk. I did it twice actually for good measure. Afterwards I booted back to the System Folder on the HD and I performed a restore of my iPod using the iPod Updater 2005-06-26.app updater. I've read that my whatever generation iPod works best with that one (I have the click wheel with the 4 buttons above it).
Thanks for all your help.
Maybe you are looking for
-
Service/Maintenace Order type ZMSO not completely maintained for plant SE50
Hi All, Am trying to create a Service Order with T.Code IW31 and after entering the order type, priority, Llyods code, Plant and Bus.Area and press enter I got error " Service/Maintenace Order type ZMSO not completely maintained for plant SE50 " Diag
-
System Image Backup in Windows 10
I'm trying to do an image Backup on the Windows 10 Build 9879 system disk but find that it's no longer possible. How do I do it? Renee "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me
-
hi, i have to parse a word doc n extract only the relevant info. so can anyone pls tell me the method of doin it? thanks tulip
-
Can I Skip Uncommitted Row ?
Hi SQL Gurus, I have a requirement in our query to skip uncommitted row. eg : After I insert in table A, after insert trigger will insert row into table B before commit, when I query to Table B, how can skip the uncomitted row ? Is there such functio
-
[MAYBE SOLVED :) ] Awesome - where to find reliable info
I tried Awesome yesterday and does pretty much what I was looking for. The problem for me as a Awesome-n00b is the quite radical changes to code between versions. Even from 3 to 3.1 there are a lot of changes, so many that I haven't been able to figu