Passing Public IPs through multiple ASA's (Part 2) - Continued

Similar Messages

• Multiple Public IP's on ASA 5520

  Hi,
  I have ASA 5520 with Ver 8.2.
  Outside interface is directly connected to ISP's router(TelePacific) and is assigned one of public IP:198.24.210.226.
  There are two servers inside the network with the private IP's:192.168.1.20 for DB Server, and 192.168.1.91 for Web Server.
  I did Static NAT 198.24.210.226 to 192.168.1.20  and 198.24.210.227 to 192.168.1.91.
  When I access DB Server(198.24.210.226) it's working OK but when I access Web Server(198.24.210.227) there is no response at all.
  I checked the inside traffic, it even did not get into the firewall.
  Is this the problem with ISP's router?  How can we route all of our public IP's to the outside interface(198.24.210.226)?
  interface GigabitEthernet0/1
  nameif inside
  ip address 192.168.1.1 255.255.255.0
  security-level 100
  no shutdown
  interface GigabitEthernet0/0
  nameif outside
  ip address 198.24.210.226 255.255.255.248
  security-level 0
  no shutdown
  route outside 0.0.0.0 0.0.0.0  198.24.210.225
  nat (inside) 1 192.168.1.0 255.255.255.0
  global (outside) 1 198.24.210.226 255.255.255.255
  static (inside,outside) tcp 198.24.210.226 3389 192.168.1.10 3389 netmask 255.255.255.255 dns
  static (inside,outside) tcp 198.24.210.226 9070 192.168.1.10 9070 netmask 255.255.255.255 dns
  static (inside,outside) tcp 198.24.210.227 3389 192.168.1.20 3389 netmask 255.255.255.255 dns
  static (inside,outside) tcp 198.24.210.227 80   192.168.1.20 80   netmask 255.255.255.255 dns
  access-list OUTSIDE-IN extended permit tcp any  host 198.24.210.226 eq 3389
  access-list OUTSIDE-IN extended permit tcp any  host 198.24.210.226 eq 9070
  access-list OUTSIDE-IN extended permit tcp any  host 198.24.210.227 eq 3389
  access-list OUTSIDE-IN extended permit tcp any  host 198.24.210.227 eq 80
  access-group OUTSIDE-IN in interface outside

  Also,
  You seen to have an /29 public subnet. You should be able to use IP addresses from this subnet to configure NAT on your firewall. I dont think you need any specific configurations to allow the usage of the whole subnet as NAT IP addresses.
  You can naturally check the following
  show run sysopt
  Check that you DONT have the following
  sysopt noproxyarp outside
  At the moment you are not actually configuring Static NAT but rather Static PAT.
  You are only forwarding some ports from certain public IP addresses to the local IP address. If you were doing Static NAT, then you would actually be staticly binding the public IP addresses to the local IP address. So it would apply to any TCP/UDP port and you would only need to use the ACL to allow traffic.
  Though in that case you would have to replace the .226 IP address with something else as its the firewall interface IP address and it should not be assigned to be used by a single host on the LAN usually.
  If you wanted to staticly assing public IPs to both of these servers you could do
  static (inside,outside) 198.24.210.227 192.168.1.91 netmask 255.255.255.255
  static (inside,outside) 198.24.210.228 192.168.1.10 netmask 255.255.255.255
  access-list OUTSIDE-IN extended permit tcp any  host 198.24.210.228 eq 3389
  access-list OUTSIDE-IN extended permit tcp any  host 198.24.210.228 eq 9070
  access-list OUTSIDE-IN extended permit tcp any  host 198.24.210.227 eq 3389
  access-list OUTSIDE-IN extended permit tcp any  host 198.24.210.227 eq 80
  - Jouni

• Map SMTP port on multiple Public IPs to single private IP.

  Hello,
  we have a need to map smtp on multiple external public IPs to a single Internal IP. We need https,www, and pop3 for the external IP to go to one internal, and smtp to go to a different internal.
  What we'd like to do:
  static (inside,outside) tcp <ip1>.39 80 10.1.1.63 http
  static (inside,outside) tcp <ip1>.39 pop3 10.1.1.63 pop3
  static (inside,outside) tcp <ip1>.39 https 10.1.1.63 https
  static (inside,outside) tcp <ip1>.39 smtp 10.1.1.41 smtp
  static (inside,outside) tcp <ip2>.40 80 10.1.1.64 http
  static (inside,outside) tcp <ip2>.40 pop3 10.1.1.64 pop3
  static (inside,outside) tcp <ip2>.40 https 10.1.1.64 https
  static (inside,outside) tcp <ip2>.40 smtp 10.1.1.41 smtp
  But the PIX cries about overlapping NAT statements.
  We need this because we're an IT outsourcing company and we typically manage our customer's DNS zones. Of course, in every bunch there's an exception and one customer has their DNS hosted elsewhere. We changed the necessary DNS on our side for our customers when we made a mail change (which is close to 100 customers), but when we did this it broke this one-of customer. The DNS hoster for the customer is a little one-man shop and the guy is out of the office for two weeks. What a mess. For some reason their DNS is not using our MX record, so it broke when we made our upgrade.
  Is there any way we can accomplish anythign similar to what we're trying to do? This is a PIX 515E with 7.0(6) Thanks.

  Ok, we found a work-around that wil be fine for now. We added a 2nd IP to the 10.1.1.41 server and just the .39 server to that. So we're only using 1 server for the time being, but that's ok.

• Use multiple public IPs addresses

  Hello there!
  In my environment, I have four public IPs, and I have a TMG Firewall working.
  When I publish servers by TMG using one of my IP adresses, it works.
  But, when I use anyone else, it isn't work.
  I'm new in TMG Server, so I want to know if there is some setting to do to use other public IP adresses to publish servers by TMG.
  Thanks in advance.
  Lucas Gustavo

  Hi,
  You don't need any additional configuration apart from creating a Server Publishing Rule or (Secure) Web Publishing Rule. Can you be a bit more specific? Some questions:
  - Does your TMG have one or two network interfaces?
  - Have you configured all four IP Addresses manually on the interface with the same subnet mask?
  - What are you trying to publish
  - When you create a Server-/Web Publishing Rule, do you select a specific IP Address or All IP Addresses?
  Boudewijn
  Boudewijn Plomp, BPMi Infrastructure & Security | Please remember, if you see a post that helped you please click "Vote as Helpful" and if it answered your question, please click "Mark as Answer".

• How do I search for a word through multiple files in my directories ??

  Hello everyone
  How do I search for a word through multiple files in my directories ??
  I am guessing one tedious way to do it would be to pass all the file names as command line arguments but I"m sure there exist a much easier and faster way to do it.
  Thanks a lot

  You need to pass only the directory name as parameter and then retrieve the files(recursively throug subdirs or not, however you wish) of that directory.
  There were at least 2 threads yesterday on how to retrieve files from directory, and there are many others in the archive so I leave the search part to you ;)
  HTH
  Mike

• Trying to pass internet with a Cisco ASA 5505

  Hello,
     I have not been having much success configuring my 5505 for Internet access, and I'm sure there are a few small things I'm missing.  At times I believe I got it to the point where I could ping, but still not pass through the Internet traffic.  At this point, I reset the 5505 and only changed a couple of settings. 
  I have an external range with these characteristics: Network Address 67.139.113.16 (.17 is Gateway), SM: 255.255.255.248, available IP: 67.139.113.218
  The external connection is through a T1 modem, and when I put those settings in my laptop, I can access just fine.
  When I went through the startup wizard in the ADSM, I maded the internal interface 10.209.0.3, subnet mask: 255.255.255.0
  I selected PAT in the Wizard, but don't know if I should have, or if the NAT rules I tried to put in are fine.
  Eventually I want to add a Site to Site VPN to the rest of the 10.0.0.0 network, but I can't even pass the Internet through to the inside.
  Also, this will eventually be behind another hosted firewall, so I'm not worried about restricting access, even currently.
  However, I suspect the problem is that traffic is being blocked with the NAT rules or Access rules.
  I wish I could just disable those inherent deny rules
  Outside of pings to 10.209.0.3, all pings come back as request timed out.
  Can someone please review this, and see if they notice anything I can change?
  I do appreciate it....
  Config:
  : Saved
  ASA Version 8.2(5)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  name 10.0.0.0 Eventual
  name 10.209.0.0 Local
  name 67.139.113.216 T1
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 0
  ip address 10.209.0.3 255.0.0.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 67.139.113.218 255.255.255.248
  time-range Indefinite
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object ip
  protocol-object icmp
  protocol-object udp
  protocol-object tcp
  access-list inside_access_in extended permit object-group DM_INLINE_PROTOCOL_1 Local 255.255.255.0 any time-range Indefinite
  pager lines 24
  logging enable
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any outside
  icmp permit any inside
  asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 0.0.0.0 0.0.0.0 dns tcp 255 255  udp 255
  access-group inside_access_in in interface inside
  route inside 0.0.0.0 0.0.0.0 67.139.113.217 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http Eventual 255.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 10.209.0.201-10.209.0.232 inside
  dhcpd dns 8.8.8.8 8.8.4.4 interface inside
  dhcpd auto_config outside interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  call-home reporting anonymous
  Cryptochecksum:d3c4872f997a93984332213f98fbe12b
  : end
  asdm location Eventual 255.0.0.0 inside
  asdm location Local 255.255.255.0 inside
  asdm location T1 255.255.255.248 inside
  asdm history enable

  Unfortunately that didn't work....
  The new config:
  : Saved
  ASA Version 8.2(5)
  hostname ciscoasa
  enable password 8Ry2YjIyt7RRXU24 encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  name 10.0.0.0 Eventual
  name 10.209.0.0 Local
  name 67.139.113.216 T1
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 0
  ip address 10.209.0.3 255.0.0.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 67.139.113.218 255.255.255.248
  time-range Indefinite
  ftp mode passive
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object-group protocol DM_INLINE_PROTOCOL_1
  protocol-object ip
  protocol-object icmp
  protocol-object udp
  protocol-object tcp
  pager lines 24
  logging enable
  logging asdm informational
  mtu outside 1500
  mtu inside 1500
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any outside
  icmp permit any inside
  asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  route inside 0.0.0.0 0.0.0.0 67.139.113.217 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http Eventual 255.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 10.209.0.201-10.209.0.232 inside
  dhcpd dns 8.8.8.8 8.8.4.4 interface inside
  dhcpd auto_config outside interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  call-home reporting anonymous
  Cryptochecksum:64bbf533cf1bd591e797c053ea9e107a
  : end
  asdm location Eventual 255.0.0.0 inside
  asdm location Local 255.255.255.0 inside
  asdm location T1 255.255.255.248 inside
  asdm history enable
  I am getting some more encouraging messages in the Syslog, but I still cannot bing 8.8.8.8 or the outside interface.
  5
  Aug 29 2008
  01:42:55
  8.8.4.4
  53
  Asymmetric NAT rules matched for forward and reverse flows; Connection for udp src inside:10.209.0.6/64477 dst inside:8.8.4.4/53 denied due to NAT reverse path failure
  6
  Aug 29 2008
  01:42:54
  10.209.0.6
  1686
  SSL session with client inside:10.209.0.6/1686 terminated.
  6
  Aug 29 2008
  01:42:54
  10.209.0.6
  1686
  10.209.0.3
  443
  Deny TCP (no connection) from 10.209.0.6/1686 to 10.209.0.3/443 flags FIN ACK on interface inside

• Using multiple refinement web parts on the same page but have them hidden until needed

  I have a search results page that has several different Core Results web parts on it (each is connected to a different result source). all hidden by tabs using the HillbillyTabs interface
  http://www.sharepointhillbilly.com/Lists/Posts/Post.aspx?ID=42
  unfortunately you cant share a refinement web part across multiple results web parts. So I am left trying to figure out how to hide several refinement web parts and only show the active refinement webpart when the result source tab is selected.
  The template im using is an OOTB standard search results template with the refinement panel on the left navigation zone and the core results web parts configured in the main content zone.
  Scenario:
  Search text box passes query to multiple results web parts on a page. Only one results web part is displayed at a time (active tab). The refiner for the active tab shows and displays its refiners in the navigation panel.
  There are multiple refinement web parts in the navigation panel associated with each core results web part in the main content zone. These refiner web parts are configured with custom refiners.
  the results page displays just one results web part at a time via tabbed interface.
  I am trying to figure out how to make the refiner web parts show and hide depending on which tab is selected.
  Any help pointing to someone thats already attempted this would be appreciated! 
  Eric

  Hi,
  For your issue, you can consider using SharePoint Search Navigation which can achieve a similar feature but not on the same page.
  Search Navigation allows users to move quickly between search experiences listed in the Navigation. Navigation is displayed in the Quick Launch control on search pages, and can also be shown as a drop-down menu from the search box.
  For more information, you can refer to the blog:
  http://blogs.technet.com/b/tothesharepoint/archive/2013/11/13/how-to-add-a-customized-search-vertical-to-your-search-results-page-in-sharepoint-2013.aspx
  Best Regards,
  Eric
  TechNet Community Support
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
  [email protected]

• Public ip address for asa

  HI.......
  We have Cisco router 2851 and asa firewall. We configured on he router for IP phones and ISP connected. The ISP directly connected on the router and asa firewall connected to the router. We have plan to configure VPN on the router. We have available public ip address. if i configure the VPN on the firewall we need to configure firewall local ip address to public ip address. SO how to configure firewall local ip to public ip ? Where we can configure , mean on the router or firewall. please see my firewall and router configuration ...
  Please help .....

  The ASA would typically be where you setup your public IP Address(es). The firewall normally needs to have a public IP on the outside interface for that to work. Once it does, you can perform dynamic NAT for outbound connections ("global (Outside) 1 xxx.xxx.xxx.185 netmask 255.255.255.255" does this).
  However on the config you attached your outside interface has a private (RFC 1918) address:
  interface Ethernet0/3
  speed 100
  duplex full
  nameif Outside
  security-level 0
  ip address 192.168.255.2 255.255.255.252
  Plus it being a /30 only gives you two addresses - one for the ASA and one for the router's Gi0/0 (per that config which you also attached). This is a bit odd setup but it seems to have been hacked together to work using the routing statement on the router "ip route xxx.xxx.xxx.184 255.255.255.248 192.168.255.2".
  It's really a bit of a mess and extending it further may be possible but will make it even more complicated. I'd advise having someone sit down and re-work how the public IPs are routed to make it look like a more typical setup.

• Edit table data through multiple forms

  Hi everyone,
  I have a report page with records from a table. I want to edit the records through multiple forms: one form holds half of the columns to edit, another form holds the rest.
  I'm not sure how to create the connections between the pages with the forms and the report page with the record to edit.
  Any help would be greatly appreciated!
  Thank you!

  Ways you could go about this:
  1. Manually create the items on each page, then on the final page have your own process with the code: insert into <table> (1,2,3,4,5) values (:p1_item, :p1_item2, :p1_item3, :p2_item1, :p2_item2);
  2. Have a DML process on each page, only with the columns you want to insert - of course, the items on the pages after the first form page would have to be nullable (which isn't really a good idea imo, unless of course it follows the business rules), otherwise you wouldn't be able to do the initial insert on the first form page - then after create have a branch to the next form page, passing in the primary key to the next page, so its just updating the row when you hit apply changes.
  3. APEX_COLLECTION?
  Trent

• Photoshop Mask Layer, see through multiple layers.

  Dear All -
  I am a new learner to Photoshop and working on Layers and Layer Mask to obtain see through multiple Layers effect.
  Below is the description of my problem that I am looking forward towards resolution in this forum. I will be glad if some expert can guide me on this.
  I have three layers of different colors as below.
  Layer 1topmost layer) with Red color filled rectangle.
  Layer 2(below Layer 1) with Green color filled rectangle.
  Layer 3(bottom most layer, below Layer 2) with Blue color filled rectangle.
  When I erase something with brush on Layer 1 using masking Layer 1, it hollows the erased part and start showing the Green color of Layer 2 in hollow section of Layer 1.
  What I want to achieve is that, when I erase Layer 1 using layer mask, then it should hollow Layer 1 as well as Layer 2 and should show Blue color in the hollow section of Layer 1.
  i.e: Hollow section made on Layer 1(using Layer Mask on Layer 1) should also be applied on Layer 2 so that Layer 1 and Layer 2 becomes hollow using eraser and I should see through Layer 1 and Layer 2 and Blue color of Layer 3 should be visible from the hollow section.
  Though I can do this by Flattening Layer 1 and Layer 2 together so that it forms one single Image, and then when I hollow this Flattened image using Layer Mask, then it will show me Blue color. But I do not want to do this, as I would lose the flexibility to unhollow/recover the hollow region on both Layer 1 and Layer 2 independently in the future.
  Thank You,
  Saurabh Khanna.

  Here's a sample of copying the layer mask onto layer 2 using a hard cutout.
  Here's the same thing using a soft feather cutout.

• 1 isp(T1), 1 unmanaged switch, 2 routers(WRT54G), 2 public ips

  1 isp(T1), 1 unmanaged switch, 2 routers(WRT54G), 2 public ips - How should I connect everthing?
  Help. I got a client with a T1 and multiple public IP's that he wants to share with his neighboring companies. How should I connect everying.

  You need a manageable switch and create VLAN so you can segement the taffic between the 2 internet connections.

• Trying to add multiple ship to parties using BAPI_BUPR_PFCT_CREATEFROMDATA

  Hi all,
  I am trying to add relation ship to a business partner. I have two business partners BP1 and BP2. I need to assign BP2 as u201CShip to Partyu201D for BP1. I was able to do this using BAPI_BUPR_PFCT_CREATEFROMDATA.
  But my actual requirement is to add more than one business partner as u201CShip to partyu201D to BP1 in my ZFunction Module in one instance itself.
  BAPI_BUPR_PFCT_CREATEFROMDATA. Will take input as Business partners and assigns BP2 as Ship to party to BP1.
  But my requirement is I have to assign more than one business partners as Ship to parties for this BP1.
  But BAPI_BUPR_PFCT_CREATEFROMDATA accepts only a single business partner at a time. So I created a Z function Module and declared a tables paramters which accepts any number  of Businesss partner. I also declared an import paramter to accept the business parter number for which all the business partners in table should be assigned as Ship to parties.
  I tried passing the values from this table to the BAPI but it shows me a waring message saying
  u201CAfter Enhancement you may not be able to convert the structure WA_SOLDu201D into a number and it would no longer be a valid operandu201D
  If I execute the Zfunction Module it is not assigning the business partners from the input table as ship to parties to the business partner(import paramters).
  Please help me...how can i assign multiple ship to parties for a business partner at one instance iteslf using BAPI_BUPR_PFCT_CREATEFROMDATA...
  here is how i desgined my Zfunction Module...........
  Impot paramters = CUST_NO) TYPE  BU_NAMEP_F
  Tables paramters = I_SOLD like  ZSOLD_TO OPTIONAL
  My structure Zsold_to has follwing componenet
  BP type BU_NAMEP_F
  Here is my codeu2026u2026..
  FUNCTION Z_FUNCTION.
  ""Local Interface:
  *"  IMPORTING
  *"     VALUE(CUST_NO) TYPE  BU_NAMEP_F
  *"  TABLES
  *"      I_SOLD STRUCTURE  ZSOLD_TO OPTIONAL
  *"      IT_RETURN1 STRUCTURE  BAPIRET2 OPTIONAL
  *"      IT_RETURN2 STRUCTURE  BAPIRET2 OPTIONAL
  DATA: WA_SOLD TYPE ZSOLD_TO.
  LOOP AT I_SOLD TO WA_SOLD.
  *Call the BAPI BAPI_BUPR_PFCT_CREATEFROMDATA.
  CALL FUNCTION 'BAPI_BUPR_PFCT_CREATEFROMDATA'
    EXPORTING
      BUSINESSPARTNER1           =  CUST_NO
      BUSINESSPARTNER2           =  WA_SOLD-BP
      RELATIONSHIPCATEGORY       =  'CRMH02'
  TABLES
      RETURN                     =  it_RETURN1.
  *Call Commit Work
  CALL FUNCTION 'BAPI_TRANSACTION_COMMIT'
    EXPORTING
      WAIT          =   'X'
  IMPORTING
      RETURN        =  it_RETURN2.
  ENDLOOP.
  ENDFUNCTION.
  Please help me...how can i assign multiple ship to parties for a business partner at one instance iteslf using BAPI_BUPR_PFCT_CREATEFROMDATA...
  Regards,
  Jessica Sam
  Edited by: jessica sam on Jan 19, 2009 1:57 AM
  Edited by: jessica sam on Jan 19, 2009 2:09 PM

  Hi,
  I am facing the same issue I have created the Target Group and then assigned the BP to target group using BAPI 
    BAPI_TARGETGROUP_ADD_BP . Called BAPI 
    BAPI_TRANSACTION_COMMIT after this. Table  CRMD_MKTTG_TG_I is getting updated with BP guid but its not showing in WEB UI screen.
  Please help me.
  Thanks and Regards,
  Ranadev

• Unable to establish OSPFv3 neighbors through transparent ASA

  I have 2 devices running IPv6 with an ASA ver 8.4(2) in transparent mode with multiple contexts in between them.  I can ipv6 ping the devices through the ASA but can not get the 2 devices to establish OSPFv3 adjacency.  They are able to establish adjacency with ipv4 OSPF.  When running debug ipv6 ospf hello I see each of the devices sending hellos but not receiving them from the device on the other side of the ASA. I notice that the hellos are coming from the link local addresses and not the unique global addresses that I applied to the interfaces. If I connect a device directly to one of the devices I can establish OSPFv3 adjacency without a problem.
  Any thoughts?
  Bob

  Bob,
  It is expected that OSPF/EIGRP etc use link local rather than unique global ;-)
  Regarding the problem.
  - please enable
  logging buffered infologging buffer-size 1000000
  - and ASP drop capure.
  cap ASP type asp all
  Try establishing the adjacency and check
  show logg sh cap ASP
  I would also try establishing the adjacency without multicast (point-to-multipoint network should allow this).
  Marcin

• Async Traffic through and ASA

  Hi Guys,
  This is a little bit of an odd request however I need to allow a sync routing due to some legacy routing to pass through my ASA.
  I have allowed IP any any between the particular hosts involved to allow for high ports etc..
  However the ASA is tearing down the session as it never see's the ACK.
  Hence is there a way to turn off the ip inspection or some other way to get this traffic through the firewall.
  Thanks
  Scott

  On an iPad I don't believe that you can. If you made the iPad tunnel through your laptop or desktop computer is may be possible to specify what traffic you want sent through the VPN or otherwise. But I have a feeling that would be very complicated to setup and keep working well.

• Is there any way to recover files when the back up catalog has been deleted accidently.  I can see a preview of the photos, but I cannot access or edit them.  They say "the folder cannot be located" and "the photo is missing".  I have gone through multipl

  I can see a preview of the photos, but I cannot access or edit them.  They say "the folder cannot be located" and "the photo is missing".  I have gone through multiple Adobe tutorials to try and recover them to no avail.  Any tips?

  Backup catalogs wouldn't have helped with this problem anyway, but naturally, you shouldn't delete backup catalogs for a while.
  The solution to reconnecting the folders is given here: Adobe Lightroom - Find moved or missing files and folders