Pix 8.0(3) - Telnet not working
Hello,
I configured a Pix firewalll for telnet using the command "telnet ip netmask interface_name" but for some reason it does not wokr.
i checked the configuration on the firewall and the other device accessing the pix with telnet do not have additional configuration.
From wireshark capture I can see the pix replies my telnet atempts with a tcp rst packet.
Do you know what could be wrong in the configuration?
Regards.
Thats make things more easy. Because you can debug SSH connections. where as telnet doesnt have such an option.
But still we didnt resolve the telnet issue. If possible try to do the configuration from the scrach. The reason I suggest this is I had a connectivity issue with a PIX 515 and no matter what I did, no packets were going through the PIX to outside.This happen all of a sudden. So I did a fresh configuration and It worked (Though this is not a good solution ;-)
Similar Messages
-
Telnet not working i need help : Could not open connection to the host !!
hello all im back today with big problem with telnet i dont know why !!
i have to computers one of them in my home and the other one in my office both of them use windows 7 so
home PC internet IP : 82.205.100.161
office PC internet IP : 82.102.237.175
so i go to control panel and then to windows features and i check Telnet Client and Telnet server
then i turn off my firewall
then i start telnet service
then i execute netstat -ab to know telnet port :
[tlntsvr.exe]
TCP [::]:135 Hacker-HP:0 LISTENING
is there anythink i need to do to get that damn connection over internet NOT LAN !! pleaze help me i still get this sucks error : Could not open connection to the host
peace
Dr.BL@CKDeaTHHi,
Telnet server use TCP port 23 by default.
Here is a screenshot of my lab server,
To verify if the TCP port 23 has been opened, we can use the portqry tool.
Here is the download link,
http://www.microsoft.com/en-us/download/details.aspx?id=17148
Best Regards.
Steven Lee
TechNet Community Support -
Pix messages to attend friends not working
None of my friends on att can receive my picture messages . this has been going on for about a week. It started with screen shots and now is all picture messages . can you help!
i had problems with verizon messages doing the same thing & switched to the default samsung texting app.
-
One other thing - I had a problem with the key pairing so I rebuilt the rsa 1024 and the unit started working. Unfortunately I reloaded without the config in place and now I cannot get it to work again. Any help will be greatly apprecaited although I did review a dozen other posts of people having similar problems and for some reason there is never any conclusion as to the solution and I am not sure why.
Some other info from the client end:
I just ran the stats on the client and packets are being encrypted BUT none are decrypted.
Also Tunnel received 0 and sent 115119
Encryption is 168-bit 3-DES
Authentication is HMAC-SHA1
also even though the allow LAN is selected in the Cisco VPN client it states the local LAN is disabled in the client stats
also Transparent tunneling is selcted but in the stats it states it is inactive
I am connecting with the Cisco VPN Client Ver 5.0.07.0440
This config works. It is on the internal net 192.168..40.x and all users obtain dhcp and surf the web. It has required ports opened.The problem is that you can connect remotely via the VPN and you receive an IP address from the remote-vpn pool but you cannot see any machines on the internal network. The pix is at 40.2 and you cannot ping the pix and the pix from the remote PC connecting via the VPN and youcannot ping the remote PC from the PIX console when the remote is connected and receives the first IP address in the VPN pool of 192.168.40.25
I need to see the internal network and map network drives. I have another friend that is running the same config and it works but his computer is on a linksys wireless and has an IP of 192.168.1.x and the IP he receives from the VPN pool is 192.168.1.25 so I do not know if the same network is allowing this config to work even if there is an error in the config. In my present case I obtain the ip of 192.168.40.25 from the VPN pool and my connecting pc on 192.168.1.x I really am not sure how the VPN virtual adapter works. I am assuming it routes all traffic from your connecting PC to and from the virtual adapater but I really do not know for sure.
Other people have had similar issues with accessing the internal network from the VPN. One solution was the split-tunnel, another was the natting and another had to do with the encrption where there and an issue with the encrypt and ecrypt which was stopping the communicaton via the VPN.
I still cannot seem to find the issue with this config and any help will be greatly appreciated.
This is the config
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password somepassword
hostname hostname
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
object-group network internal_trusted_net
network-object 192.168.40.0 255.255.255.0
object-group icmp-type icmp_outside
icmp-object echo-reply
icmp-object unreachable
icmp-object time-exceeded
icmp-object source-quench
access-list OutToIn permit icmp any xxx.xxx.xxx.0 255.255.255.248 object-group icmp_outside
access-list no_nat_inside permit ip 192.168.40.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list split_tunnel permit ip 192.168.40.0 255.255.255.0 192.168.40.0 255.255.255.0
access-list OutToIn permit ip any any
access-list outbound permit ip any any
(NOTE: I had many more entries in the access list but removed them. Even with the above two allowing everything it does not work)
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside xxx.xxx.xxx.xxx 255.255.255.248
ip address inside 192.168.40.2 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool vpn_client_pool 192.168.40.25-192.168.40.30
pdm history enable
arp timeout 14400
global (outside) 1 interface
I had this statement missing from the previous posted config but even with the nat (inside) 0 access-list no_nat_inside it still does not work.
nat (inside) 0 access-list no_nat_inside
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
access-group acl_outside_in in interface outside
access-group outbound in interface inside
route outside 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server LOCAL protocol local
http server enable
http 192.168.40.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community $XXXXXX$
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set 3des_strong esp-3des esp-sha-hmac
crypto dynamic-map clientmap 50 set transform-set 3des_strong
crypto map vpn 50 ipsec-isakmp dynamic clientmap
crypto map vpn client configuration address initiate
crypto map vpn client configuration address respond
crypto map vpn client authentication LOCAL
crypto map vpn interface outside
isakmp enable outside
isakmp identity address
isakmp client configuration address-pool local vpn_client_pool outside
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup remote-vpn split-tunnel split_tunnel
vpngroup remote-vpn idle-time 10800
vpngroup remote-vpn password ANOTHER PASSWORD
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 outside
ssh 192.168.40.0 255.255.255.0 inside
ssh timeout 30
console timeout 60
dhcpd address 192.168.40.100-192.168.40.131 inside
dhcpd dns xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
dhcpd lease 3600
dhcpd ping_timeout 750
dhcpd enable inside
username AUSER password PASSWORD privilege 15
terminal width 80
****************** End of config
I have been searching docs and other people's postings trying to obtain the info to make this work. It appears pretty much boiler plate but I believe my problem is in the natting. I am using a range in the internal network for the VPN pool and I have tried switching this to other networks but this has not helped. Unfortunately I have been unable to get the PDM to work and I believe this is a PC config thing and I did not want to waste the time on it. I read a post where a person using the PDM interface with the same problem (not being able to access the internal network) was able to go to a section in the VPN wizard and set the Address Exeption Translation. They said they originally set the VPN subnet when they did not have to. Many of the other blogs I read also stated that if the natting is not proper for the VPN pool- that it will not work but I am confused by the examples. They show as I do the complete range for an access-list called no_nat_inside but I believe it should only have the VPN pool IP range and not the entire network since the others do require natting - not sure if my thought process is correct here. Any help will be greatly apprecaited. Also this morning I just tried a boiler plate example from CISCO and it also did not do what I need for it to do. And I also connect a PC to obtain an IP to see if I can see it - no good. The PC can ping the PIX and viceversa but no one can ping the remote PC that connects via the CISCO Remote VPN client even though it receive an address from the vpnpool. Also include LAN is checked off on the client. This was mentioned in anther post.
Thank you once again.Hi,
PIX501 is a very very old Cisco firewall that has not been sold for a long time to my understanding. It also doesnt support even close to new software levels.
If you wanted to replace the PIX501 the corresponding model nowadays would be ASA5505 which is the smallest Cisco ASA firewall with 8 switch port module. There is already a new ASA5500-X Series (while ASA5505 is of the original ASA 5500 Series) but they have not yet introduced a replacing model for this model nor have they stopped selling this unit. I have a couple of them at home. Though naturally they are more expensive than your usual consumer firewalls.
But if you wanted to replace your PIX firewall then I would probably suggest ASA5505. Naturally you could get some other models too but the cost naturally rises even more. I am not sure at what price these are sold as used.
I used some PIX501 firewalls at the start of my career but have not used them in ages since ASA5505 is pretty much the firewall model we use when we need a firewall/vpn device for a smaller network/branch site.
Here is a PDF of the original ASA5500 Series.
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/prod_brochure0900aecd80285492.pdf
Here is a PDF of the new ASA5500-X Series
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/at_a_glance_c45-701635.pdf
I am afraid that its very hard for me atleast to troubleshoot this especially since I have not seen any outputs yet. Also the very old CLI and lack of GUI (?) make it harder to see what the problem is.
Could you provide the requested outputs?
From the PIX after connection test
show crypto ipsec sa
Screen captures of the VPN Client routing and statistics sections.
- Jouni -
Telnet session not working in OEL -5
Telnet session not working in OEL -5
==============================
1. Installed xinetd and telnet-server packages on the box.
2. Enabled the xinetd service.
# service xinetd start
# chkconfig xinetd on
Telnet still not working. Please help.
Lily.Re-ran the /etc/init.d/xinetd restart command. Telnet cannot connect and this is what I get:
Unencrypted connection refused. Goodbye.
Below is the telnet.cfg
==================
# default: on
# description: The telnet server serves telnet sessions; it uses \
# unencrypted username/password pairs for authentication.
service telnet
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
log_on_failure += USERID
disable = no
=================== -
Hi,
I have PIX with OS ver 7.2 and I am trying to setup RAVPN, however it keeps failing and I get the following error on the PIX when enabling the crypto debug commands:
Apr 05 01:47:15 [IKEv1]: Group = ccie, IP = 192.1.24.114, Error: Unable to remov
e PeerTblEntry
Apr 05 01:47:20 [IKEv1]: Group = ccie, IP = 192.1.24.114, Removing peer from pee
r table failed, no match!
And the following error is from my VPN client ver 4.8.01:
The remote peer is no longer responding
01:53:32.493 04/05/08 Sev=Warning/2 IKE/0xE300009B
Fragmented msg rcvd with no associated SA (PacketReceiver:133)
Please find attached my full PIX config.
Any idea why the RAVPN is failing to establish?!!
R/ HaithamGenerally this is an account code or billing code issue. Often it is a credit limit issue.
The folks at the X1 help line should be able to fix this 877-896-8678.
jongul wrote:
The premium networks and basic networks are not working with On Demand since I've moved. I have called support twice with this issue but they say "we are passing the problem up the next level of support and I should get a call about it". This issue has been happening for a week and I am not able to access services I am paying for. What can I do? (I have already had the box reset several times) -
Hello!
We have cat3550 12.1(19)EA1a and we want to setup VRF in next scheme:
cat3550------(inside)PIX(dmz)----r2600
------------tunnel1-------
r2600 is a exit point of all tunnels and is a point of connection VRF and global routing.
There are two subnets,which we want to connect each other and connect these subnets to the rest net.
we are using two tunnels to 2600 router and VRF
that are a VRF and EIGRP parts from our config:
ip vrf MMM
rd 1016:247
interface Tunnel1
ip vrf forwarding MMM
ip unnumbered Vlan247
tunnel source Loopback0
tunnel destination 192.168.240.254
interface Vlan247
ip vrf forwarding MMM
ip address 192.168.247.46 255.255.255.240
no ip redirects
router eigrp 1016
network 192.168.0.37 0.0.0.0
network 192.168.37.0 0.0.0.255
network 192.168.40.128 0.0.0.15
network 192.168.252.32 0.0.0.3
network 192.168.252.36 0.0.0.3
no auto-summary
eigrp router-id 192.168.0.37
no eigrp log-neighbor-changes
ip route 0.0.0.0 0.0.0.0 192.168.252.33
ip route 0.0.0.0 0.0.0.0 192.168.252.37 2
ip route vrf MMM 0.0.0.0 0.0.0.0 Tunnel1
ip route vrf MMM 192.168.247.48 255.255.255.248 Tunnel1
where 192.168.247.48 255.255.255.248 - another subnet in VRF
All nodes from cat3550 in vlan247 must go to inside nodes using VRF and tunnel, all others using usual routing (EIGRP).
So,we want to access mail server 192.168.7.33, which is located in inside net (not VRF), but not successfull.
As I see all packets from node in VLAN247 are go straight on to server (not via tunnel),and back packets go via PIX (because there are no subnets 192.168.247.48 255.255.255.248 and 192.168.247.32 255.255.255.240 in EIGRP routing, and PIX is a default routing point)
and I see PIX log message like this:
Deny tcp src inside:192.168.7.33/110 dst dmz:192.168.247.35/49384 by access-group "acl_inside"
(permit clause is from DMZ to INSIDE zone, not vice versa)
However when i do
telnet 192.168.7.33 110 /vrf MMM
from cat3550
it works fine!
and I see that packets go correctly via tunnel and then via PIX to server.
Accessing between subnets 192.168.247.48 255.255.255.248 and 192.168.247.32 255.255.255.240 is fine too! (why???)
I tried set
ip route vrf MMM 192.168.7.33 255.255.255.255 Tunnel1
but no effect.
What I do wrong? Why does it not work?
I hope I explain clearly.
Thanks!I found that VRF work correctly when and only when destination host not in global routing (EIGRP in my case). But this happen with ip of nodes within VLAN, ip address of VLAN on cisco is access correctly anytime.
Why? Does anybody knows it?
help me,please! -
HTML5 does not work in Android 5 and Ubuntu
Hi! Today my tablet Google Nexus 7 updated to Android 5, and I noticed a problem with Firefox. I noticed that does not work HTML5 mp3 player / It can be seen on the website http://audiobook-online.com/?page_id=2971. Instead of playing a song, it is suggested to download the file. This same problem in Ubuntu system on a netbook Emachine M350. In Google Chrome everything is fine. This can be seen in the screenshots.
http://pixs.ru/showimage/Screenshot_6315323_14799085.png
http://pixs.ru/showimage/Screenshot_2281471_14799099.pngYes this is a known issue. You will need to use Firefox Beta until Dec 1 or so to get h264 video playback. There are two other codecs webm and ogg video that continue to function. So sites that support multiple formats should continue to work.
-
SMGW, gateway monitoring not working
hi team,
when i try to run the Tx SMGW, i get an pop up with a message "connection could not be established to local gateway" (hostname sapgw10)
i tried to telnet to the host and it returns blank to the prompt after few seconds. [ECC6.0, WIN 2003, MSSQL]
D:\usr\sap\DV2\SYS\exe\uc\NTI386>gwmon -v
Connect to gateway on host OSISAP01, service sapgw00 failed
ERROR partner '10.20.40.21:sapgw00' not reached
TIME Fri Jan 02 01:14:18 2009
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -10
MODULE nixxi.cpp
LINE 2823
DETAIL NiPConnect2
SYSTEM CALL connect
ERRNO 10061
ERRNO TEXT WSAECONNREFUSED: Connection refused
COUNTER 1
could someone let me know the roadmap to troubleshoot the issue.
the log of the dev_rd as follows.
trc file: "dev_rd", trc level: 1, release: "700"
Mon Dec 15 19:31:56 2008
***LOG S00=> GwInitReader, gateway started ( 2552) [gwxxrd.c 1757]
systemid 560 (PC with Windows NT)
relno 7000
patchlevel 0
patchno 150
intno 20050900
make: multithreaded, Unicode, optimized
pid 2552
gateway runs with dp version 237000(ext=110000) (@(#) DPLIB-INT-VERSION-237000-UC)
gateway (version=700.2007.02.22)
gw/local_addr : 0.0.0.0
CCMS: AlInitGlobals : alert/use_sema_lock = TRUE.
Bind service sapgw10 (socket) to port 3310
GwPrintMyHostAddr: my host addresses are :
1 : [10.20.40.21] OSISAP01.OptimalSol.com (HOSTNAME)
2 : [127.0.0.1] OSISAP01.OptimalSol.com (LOCALHOST)
Full qualified hostname = OSISAP01.OptimalSol.com
DpSysAdmExtCreate: ABAP is active
DpSysAdmExtCreate: VMC (JAVA VM in WP) is not active
Mon Dec 15 19:31:57 2008
DpShMCreate: sizeof(wp_adm) 31440 (1572)
DpShMCreate: sizeof(tm_adm) 4401096 (21896)
DpShMCreate: sizeof(wp_ca_adm) 24000 (80)
DpShMCreate: sizeof(appc_ca_adm) 8000 (80)
DpCommTableSize: max/headSize/ftSize/tableSize=500/8/528056/528064
DpShMCreate: sizeof(comm_adm) 528064 (1048)
DpSlockTableSize: max/headSize/ftSize/fiSize/tableSize=0/0/0/0/0
DpShMCreate: sizeof(slock_adm) 0 (96)
DpFileTableSize: max/headSize/ftSize/tableSize=0/0/0/0
DpShMCreate: sizeof(file_adm) 0 (72)
DpShMCreate: sizeof(vmc_adm) 0 (1544)
DpShMCreate: sizeof(wall_adm) (38456/34360/64/184)
DpShMCreate: sizeof(gw_adm) 48
DpShMCreate: SHM_DP_ADM_KEY (addr: 07630040, size: 5073928)
DpShMCreate: allocated sys_adm at 07630040
DpShMCreate: allocated wp_adm at 07632098
DpShMCreate: allocated tm_adm_list at 07639B68
DpShMCreate: allocated tm_adm at 07639B98
DpShMCreate: allocated appc_ca_adm at 07A72120
DpShMCreate: allocated comm_adm at 07A74060
DpShMCreate: system runs without slock table
DpShMCreate: system runs without file table
DpShMCreate: allocated vmc_adm_list at 07AF4F20
DpShMCreate: allocated gw_adm at 07AF4F60
DpShMCreate: system runs without vmc_adm
DpShMCreate: allocated ca_info at 07AF4F90
MtxInit: -2 0 0
Mon Dec 15 19:32:26 2008
GwDpInit: attached to gw_adm at 07AF4F60
Wed Dec 17 00:20:10 2008
***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused) [nixxi.cpp 2823]
ERROR => NiPConnect2: SiPeekPendConn failed for hdl 12 / sock 1412
(SI_ECONN_REFUSE/10061; I4; ST; 10.20.40.17:3301) [nixxi.cpp 2823]
LOCATION SAP-Gateway on host OSISAP01 / sapgw10
ERROR partner 'dalnas1.optimalsol.com:sapgw01' not reached
TIME Wed Dec 17 00:20:10 2008
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -10
MODULE nixxi.cpp
LINE 2823
DETAIL NiPConnect2
SYSTEM CALL connect
ERRNO 10061
ERRNO TEXT WSAECONNREFUSED: Connection refused
COUNTER 1638
GwTraceHdlInfo:
HANDLE = 12
TIME = Wed Dec 17 00:20:09 2008
SOCKET = 1412
STAT = NI_CONN_WAIT
TYPE = STREAM IPv4
OUT = 0 messages 0 bytes
IN = 0 messages 0 bytes
LOCAL = 0.0.0.0:3104
REMOTE = -
OPTIONS = BUFFERED
ni hdl = 12
type = CLIENT
net_stat = CONNECT_TO_REM_GW_PENDING
hostaddr = 10.20.40.17
opcode = NORMAL_CLIENT
conn opcode = REMOTE_GATEWAY
conn vers = 0
index = 140
data = 00000000
ext_info = 014A2060
offset = 0
rest_len = 0
snc_forced = 0
remote gateway infos:
hostname =
hostaddr = 10.20.40.17
service = sapgw01
tpname = sapdp01
Wed Dec 31 03:54:49 2008
***LOG Q0I=> NiIRead: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 4424]
Wed Dec 31 03:54:50 2008
ERROR => NiIRead: SiRecv failed for hdl 10 / sock 1440
(SI_ECONN_BROKEN/10054; I4; ST; 10.20.40.20:4830) [nixxi.cpp 4424]
***LOG S23=> GwIDisconnectClient, client disconnected (048) [gwxxrd.c 11658]
***LOG S74=> GwIDisconnectClient, client disconnected ( osisap02) [gwxxrd.c 11669]
***LOG S0R=> GwIDisconnectClient, client disconnected () [gwxxrd.c 11704]
***LOG S0I=> GwIDisconnectClient, client disconnected ( jlaunch) [gwxxrd.c 11717]
LOCATION SAP-Gateway on host OSISAP01 / sapgw10
ERROR connection to partner 'osisap02:4830' broken
TIME Wed Dec 31 03:54:49 2008
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -6
MODULE nixxi.cpp
LINE 4424
DETAIL NiIRead
SYSTEM CALL recv
ERRNO 10054
ERRNO TEXT WSAECONNRESET: Connection reset by peer
COUNTER 20753
***LOG Q0I=> NiIRead: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 4424]
ERROR => NiIRead: SiRecv failed for hdl 11 / sock 1432
(SI_ECONN_BROKEN/10054; I4; ST; 10.20.40.20:4834) [nixxi.cpp 4424]
***LOG S23=> GwIDisconnectClient, client disconnected (050) [gwxxrd.c 11658]
***LOG S74=> GwIDisconnectClient, client disconnected ( osisap02) [gwxxrd.c 11669]
***LOG S0R=> GwIDisconnectClient, client disconnected () [gwxxrd.c 11704]
***LOG S0I=> GwIDisconnectClient, client disconnected ( jlaunch) [gwxxrd.c 11717]
LOCATION SAP-Gateway on host OSISAP01 / sapgw10
ERROR connection to partner 'osisap02:4834' broken
TIME Wed Dec 31 03:54:50 2008
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -6
MODULE nixxi.cpp
LINE 4424
DETAIL NiIRead
SYSTEM CALL recv
ERRNO 10054
ERRNO TEXT WSAECONNRESET: Connection reset by peer
COUNTER 20756
WARNING => NiGetHdlParamEx: invalid hdl 11 [nixx.c 2498]
main: ignore type 0
main: NiSelNext (ni_hdl=16, read=1, write=1, connect=0, hdl_info=07230448)
request from CLIENT
GwRequest: request from client 68
GwGetMemory: allocated 073BFFB0 (len=34615)
NiHsLGetHostName: found address 10.20.40.20 in cache
NiIGetHostName: addr 10.20.40.20 = hostname 'osisap02'
***LOG Q0I=> NiIRead: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 4424]
ERROR => NiIRead: SiRecv failed for hdl 16 / sock 1372
(SI_ECONN_BROKEN/10054; I4; ST; 10.20.40.20:4952) [nixxi.cpp 4424]
Adresse Offset bad request
GwSaveErrInfo2: save err info (240)
***LOG S23=> GwIDisconnectClient, client disconnected (068) [gwxxrd.c 11658]
***LOG S74=> GwIDisconnectClient, client disconnected ( osisap02) [gwxxrd.c 11669]
***LOG S0R=> GwIDisconnectClient, client disconnected () [gwxxrd.c 11704]
***LOG S0I=> GwIDisconnectClient, client disconnected ( jlaunch) [gwxxrd.c 11717]
LOCATION SAP-Gateway on host OSISAP01 / sapgw10
ERROR connection to partner 'osisap02:4952' broken
TIME Wed Dec 31 03:54:50 2008
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -6
MODULE nixxi.cpp
LINE 4424
DETAIL NiIRead
SYSTEM CALL recv
ERRNO 10054
ERRNO TEXT WSAECONNRESET: Connection reset by peer
COUNTER 20760
GwSaveErrInfo: save err info (240)
GwSysErr: delete conn 7 (94444887)
GwIDelR3Conn: send error message to server
GwSendRc3: send (appc_rc=CM_PRODUCT_SPECIFIC_ERROR / sap_rc=NI_READ_FAILED) to client OSISAP01 / sapgw10 (0)
GwRqDpSendTo: (OSISAP01 / sapgw10, gw_id=0, appc_ca_blk=-1, len=320, comm_index=-1)
LOCK APPC ca_blk 6
DpGetCpicCommIdx: found index 7 via appc_hdr
found comm entry 7 (tid/uid/mode/conv_id/a_r: 29/68/0/94444887/0)
GwFiSearchConvId: deleted 94444887 local, conn=7
GwRqDpSendTo: send close (bad rc or deallocate)
GwInitLocCommAdmEntry: init gw_comm_adm entry 7
GwListRemove: elem 7 not in comm_write_list
GwListRemove: elem 7 not in comm_wait_list
GwInitLocCommAdmEntry: 0 waiting writes to rem gw
make DISP owner of appc_ca_blk 6
DpRqPutIntoQueue: put request into queue (reqtype 0, prio LOW, rq_id 14778)
GwDispWakeUp: send wakeup with ni handle 1
NiIWrite: hdl 1 sent data (wrt=1,pac=1,MESG_IO)
-OUT- sender_id APPC_SERVER tid 29 wp_ca_blk -1 wp_id -1
-OUT- action SEND_TO_WP uid 68 appc_ca_blk 6 type NOWP
-OUT- new_stat NO_CHANGE mode 0 len 320 rq_id 14778
GwIDelR3Conn: decrement conv_no of client 0: 0
GwIDelR3Conn: idx/conv = ((-1/3) | (-1/0)), delete conv 7 from conv-table
GwClearConn: conv_no/tcp_conv_no/sna_conv_no: 2/2/0
GwClearConn: free err info
GwClearConn: free r3 conv info
GwClearConn: free buffer info
GwClearConn: free frag overflow area
GwFiSearchConvId: not found 94444887 (remove=1)
GwListInsert: insert elem 7 into conn_free_list (at begin)
GwListInsert: 498 elems in conn_free_list
GwListRemove: elem 7 not in conn_search_list
GwListRemove: elem 7 not in conn_write_list
GwListRemove: remove elem 7 from conn_inuse_list
GwListRemove: 2 elems in conn_inuse_list
GwSelClear: clear RWC for hdl 16
NiICloseHandle: shutdown and close hdl 16 / sock 1372
GwIFreeMemForLU_TP: freed memory for sys 68
GwListRemove: elem 68 not in sys_r3_list
GwListRemove: elem 68 not in sys_reg_list
GwListRemove: remove elem 68 from sys_inuse_list
GwListRemove: 4 elems in sys_inuse_list
GwUpdateClient: act_sys: 4
GwIDisconnectClient: client 68 disconnected
GwFreeMemory: free 073BFFB0 (len=34615)
WARNING => NiGetHdlParamEx: invalid hdl 16 [nixx.c 2498]
main: ignore type 0
main: NiSelNext (ni_hdl=12, read=1, write=1, connect=0, hdl_info=07230348)
request from CLIENT
GwRequest: request from client 85
GwGetMemory: allocated 073BFFB0 (len=34615)
NiHsLGetHostName: found address 10.20.40.20 in cache
NiIGetHostName: addr 10.20.40.20 = hostname 'osisap02'
***LOG Q0I=> NiIRead: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 4424]
ERROR => NiIRead: SiRecv failed for hdl 12 / sock 1396
(SI_ECONN_BROKEN/10054; I4; ST; 10.20.40.20:1664) [nixxi.cpp 4424]
Adresse Offset bad request
GwSaveErrInfo2: save err info (240)
***LOG S23=> GwIDisconnectClient, client disconnected (085) [gwxxrd.c 11658]
***LOG S74=> GwIDisconnectClient, client disconnected ( osisap02) [gwxxrd.c 11669]
***LOG S0R=> GwIDisconnectClient, client disconnected () [gwxxrd.c 11704]
***LOG S0I=> GwIDisconnectClient, client disconnected ( jlaunch) [gwxxrd.c 11717]
LOCATION SAP-Gateway on host OSISAP01 / sapgw10
ERROR connection to partner 'osisap02:1664' broken
TIME Wed Dec 31 03:54:50 2008
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -6
MODULE nixxi.cpp
LINE 4424
DETAIL NiIRead
SYSTEM CALL recv
ERRNO 10054
ERRNO TEXT WSAECONNRESET: Connection reset by peer
COUNTER 20764
GwSaveErrInfo: save err info (240)
GwSysErr: delete conn 3 (99889818)
GwIDelR3Conn: send error message to server
GwSendRc3: send (appc_rc=CM_PRODUCT_SPECIFIC_ERROR / sap_rc=NI_READ_FAILED) to client OSISAP01 / sapgw10 (0)
GwRqDpSendTo: (OSISAP01 / sapgw10, gw_id=0, appc_ca_blk=-1, len=320, comm_index=-1)
LOCK APPC ca_blk 7
DpGetCpicCommIdx: found index 8 via appc_hdr
found comm entry 8 (tid/uid/mode/conv_id/a_r: 36/283/0/99889818/0)
GwFiSearchConvId: deleted 99889818 local, conn=3
GwRqDpSendTo: send close (bad rc or deallocate)
GwInitLocCommAdmEntry: init gw_comm_adm entry 8
GwListRemove: elem 8 not in comm_write_list
GwListRemove: elem 8 not in comm_wait_list
GwInitLocCommAdmEntry: 0 waiting writes to rem gw
make DISP owner of appc_ca_blk 7
DpRqPutIntoQueue: put request into queue (reqtype 0, prio LOW, rq_id 14779)
GwDispWakeUp: send wakeup with ni handle 1
NiIWrite: hdl 1 sent data (wrt=1,pac=1,MESG_IO)
-OUT- sender_id APPC_SERVER tid 36 wp_ca_blk -1 wp_id -1
-OUT- action SEND_TO_WP uid 283 appc_ca_blk 7 type NOWP
-OUT- new_stat NO_CHANGE mode 0 len 320 rq_id 14779
GwIDelR3Conn: decrement conv_no of client 0: 0
GwIDelR3Conn: idx/conv = ((-1/3) | (-1/0)), delete conv 3 from conv-table
GwClearConn: conv_no/tcp_conv_no/sna_conv_no: 1/1/0
GwClearConn: free err info
GwClearConn: free r3 conv info
GwClearConn: free buffer info
GwClearConn: free frag overflow area
GwFiSearchConvId: not found 99889818 (remove=1)
GwListInsert: insert elem 3 into conn_free_list (at begin)
GwListInsert: 499 elems in conn_free_list
GwListRemove: elem 3 not in conn_search_list
GwListRemove: elem 3 not in conn_write_list
GwListRemove: remove elem 3 from conn_inuse_list
GwListRemove: 1 elems in conn_inuse_list
GwSelClear: clear RWC for hdl 12
NiICloseHandle: shutdown and close hdl 12 / sock 1396
GwIFreeMemForLU_TP: freed memory for sys 85
GwListRemove: elem 85 not in sys_r3_list
GwListRemove: elem 85 not in sys_reg_list
GwListRemove: remove elem 85 from sys_inuse_list
GwListRemove: 3 elems in sys_inuse_list
GwUpdateClient: act_sys: 3
GwIDisconnectClient: client 85 disconnected
GwFreeMemory: free 073BFFB0 (len=34615)
WARNING => NiGetHdlParamEx: invalid hdl 12 [nixx.c 2498]
main: ignore type 0
main: NiSelNext (ni_hdl=23, read=1, write=1, connect=0, hdl_info=07230608)
request from CLIENT
GwRequest: request from client 144
GwGetMemory: allocated 073BFFB0 (len=34615)
NiHsLGetHostName: found address 10.20.40.20 in cache
NiIGetHostName: addr 10.20.40.20 = hostname 'osisap02'
***LOG Q0I=> NiIRead: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 4424]
ERROR => NiIRead: SiRecv failed for hdl 23 / sock 1272
(SI_ECONN_BROKEN/10054; I4; ST; 10.20.40.20:4678) [nixxi.cpp 4424]
Adresse Offset bad request
GwSaveErrInfo2: save err info (240)
***LOG S23=> GwIDisconnectClient, client disconnected (144) [gwxxrd.c 11658]
***LOG S74=> GwIDisconnectClient, client disconnected ( osisap02) [gwxxrd.c 11669]
***LOG S0R=> GwIDisconnectClient, client disconnected () [gwxxrd.c 11704]
***LOG S0I=> GwIDisconnectClient, client disconnected ( jlaunch) [gwxxrd.c 11717]
LOCATION SAP-Gateway on host OSISAP01 / sapgw10
ERROR connection to partner 'osisap02:4678' broken
TIME Wed Dec 31 03:54:50 2008
RELEASE 700
COMPONENT NI (network interface)
VERSION 38
RC -6
MODULE nixxi.cpp
LINE 4424
DETAIL NiIRead
SYSTEM CALL recv
ERRNO 10054
ERRNO TEXT WSAECONNRESET: Connection reset by peer
COUNTER 20768
GwSaveErrInfo: save err info (240)
GwSysErr: delete conn 12 (37288997)
GwIDelR3Conn: send error message to server
GwSendRc3: send (appc_rc=CM_PRODUCT_SPECIFIC_ERROR / sap_rc=NI_READ_FAILED) to client OSISAP01 / sapgw10 (0)
GwRqDpSendTo: (OSISAP01 / sapgw10, gw_id=0, appc_ca_blk=-1, len=320, comm_index=-1)
LOCK APPC ca_blk 8
DpGetCpicCommIdx: found index 10 via appc_hdr
found comm entry 10 (tid/uid/mode/conv_id/a_r: 28/561/0/37288997/0)
GwFiSearchConvId: deleted 37288997 local, conn=12
GwRqDpSendTo: send close (bad rc or deallocate)
GwInitLocCommAdmEntry: init gw_comm_adm entry 10
GwListRemove: elem 10 not in comm_write_list
GwListRemove: elem 10 not in comm_wait_list
GwInitLocCommAdmEntry: 0 waiting writes to rem gw
make DISP owner of appc_ca_blk 8
DpRqPutIntoQueue: put request into queue (reqtype 0, prio LOW, rq_id 14780)
GwDispWakeUp: send wakeup with ni handle 1
NiIWrite: hdl 1 sent data (wrt=1,pac=1,MESG_IO)
-OUT- sender_id APPC_SERVER tid 28 wp_ca_blk -1 wp_id -1
-OUT- action SEND_TO_WP uid 561 appc_ca_blk 8 type NOWP
-OUT- new_stat NO_CHANGE mode 0 len 320 rq_id 14780
GwIDelR3Conn: decrement conv_no of client 0: 0
GwIDelR3Conn: idx/conv = ((-1/3) | (-1/0)), delete conv 12 from conv-table
GwClearConn: conv_no/tcp_conv_no/sna_conv_no: 0/0/0
GwClearConn: free err info
GwClearConn: free r3 conv info
GwClearConn: free buffer info
GwClearConn: free frag overflow area
GwFiSearchConvId: not found 37288997 (remove=1)
GwListInsert: insert elem 12 into conn_free_list (at begin)
GwListInsert: 500 elems in conn_free_list
GwListRemove: elem 12 not in conn_search_list
GwListRemove: elem 12 not in conn_write_list
GwListRemove: remove elem 12 from conn_inuse_list
GwListRemove: 0 elems in conn_inuse_list
GwSelClear: clear RWC for hdl 23
NiICloseHandle: shutdown and close hdl 23 / sock 1272
GwIFreeMemForLU_TP: freed memory for sys 144
GwListRemove: elem 144 not in sys_r3_list
GwListRemove: elem 144 not in sys_reg_list
GwListRemove: remove elem 144 from sys_inuse_list
GwListRemove: 2 elems in sys_inuse_list
GwUpdateClient: act_sys: 2
GwIDisconnectClient: client 144 disconnected
GwFreeMemory: free 073BFFB0 (len=34615)
WARNING => NiGetHdlParamEx: invalid hdl 23 [nixx.c 2498]
main: ignore type 0
main: NiSelNext (ni_hdl=9, read=1, write=0, connect=0, hdl_info=07230288)
request from CLIENT
GwRequest: request from client 113
GwGetMemory: allocated 073BFFB0 (len=34615)
NiHsLGetHostName: found address 10.20.40.21 in cache
NiIGetHostName: addr 10.20.40.21 = hostname 'OSISAP01.OptimalSol.com'
***LOG Q0I=> NiIRead: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 4424]
ERROR => NiIRead: SiRecv failed for hdl 9 / sock 1460
(SI_ECONN_BROKEN/10054; I4; ST; 10.20.40.21:4191) [nixxi.cpp 4424]
Adresse Offset bad request
GwSelClear: clear RWC for hdl 9
NiICloseHandle: shutdown and close hdl 9 / sock 1460
GwUpdateClient: act_reg: 20403
GwIFreeMemForLU_TP: freed memory for sys 113
GwUpdateClient: act_reg: 20402
GwListRemove: elem 113 not in sys_r3_list
GwListRemove: remove elem 113 from sys_reg_list
GwListRemove: 0 elems in sys_reg_list
GwListRemove: remove elem 113 from sys_inuse_list
GwListRemove: 1 elems in sys_inuse_list
GwUpdateClient: act_sys: 1
GwIDisconnectClient: client 113 disconnected
GwFreeMemory: free 073BFFB0 (len=34615)
GwReadReqIndex: (process_id: -1)
GwReadReqIndex: no filled request-index-blockHai,
Please check the link below...
http://help.sap.com/saphelp_nw04/helpdata/en/bb/9f13194b9b11d189750000e8322d00/frameset.htm
If you have a stand alone gateway on WINDOWS then you can kill the process and start it again, if you have installed together with your Instance then you should restart the whole Instance.
Killing the process gwrd and then starting or forcing it to start will not work (waste of time), I have had the similar problem sometime back but on UNIX. I guess it will be same in WINDOWS as well.
So the better way is to restart the whole Instance.
Regards,
Yoganand.V -
Jabber client's click to dial feature is not working for Windows 7 Proffessional OS
Hi,
Currently running UCM 9.x and CUP 9.x. There is no AD intigration for UCM.
Problem i am facing is that the Jabber client is working properly for Click to dial feature on Windows 7 enterprise OS and it is not on Windows 7
Professional OS.
The Jabber client which is logged on to Windows 7 enterprise OS, works
fine but if same user can logged on to the Windows 7 Professional OS will
not work click to dial.
Please help us to resolve it.
Thanks & Regards,
KrishnaHi John,
Thanks for your reply but I can't see the option to reach the "deployment" perspective. Its not available for me.
Btw, I'm using SAP NetWeaver 7.1 Composition Environment SP12 PAT0000 Build id: 201105061501.
Also, I have checked a few SDN posts about using the "undeploy" tool after connecting using telnet, but I can't use that method too as telnet ports are blocked by firewall. We use different method to connect to the OS, if required.
Any other suggestions?
Thanks,
Deoraj. -
ASA-5505 Site-to-Site Not Working
I am somewhat new to Cisco but to do have some experience. I am trying to connect two ASA 5505's together via site-to-site VPN. They are configured with public IPs and all other services are working. I have used the VPN wizard on both boxes successfully but the tunnels are not working. The two devices are on the Comcast network. Any help would be appreacited.
Site A: ASA 5505 w/50 User license
Site B: ASA 5505 w/10 User license
Site A Config:
ASA Version 8.2(5)
hostname *********************
enable password 6.De4e7UzES9wBPg encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.100.10 Web_Server
name 10.0.6.0 Ghost_Flower_Inside
name 10.0.5.0 San_Mateo_Inside
name 10.0.5.100 Any_Connect_100
name 10.0.5.101 Any_Connect_101
name 10.0.5.102 Any_Connect_102
name 10.0.5.103 Any_Connect_103
name 10.0.5.104 Any_Connect_104
name 10.0.5.105 Any_Connect_105
name 10.0.5.106 Any_Connect_106
name 10.0.5.107 Any_Connect_107
name 10.0.5.108 Any_Connect_108
name 10.0.5.109 Any_Connect_109
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 12
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.5.201 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 173.10.XXX.XXX 255.255.255.252
interface Vlan12
no forward interface Vlan1
nameif dmz
security-level 50
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 75.75.75.75
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network Any_Connect_DHCP
network-object host Any_Connect_100
network-object host Any_Connect_101
network-object host Any_Connect_102
network-object host Any_Connect_103
network-object host Any_Connect_104
network-object host Any_Connect_105
network-object host Any_Connect_106
network-object host Any_Connect_107
network-object host Any_Connect_108
network-object host Any_Connect_109
access-list outside_access_in extended permit tcp any interface outside eq www
access-list outside_access_in extended permit tcp any interface outside eq ssh
access-list outside_1_cryptomap extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
access-list inside_nat0_outbound extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group Any_Connect_DHCP any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool AnyConnectDHCPPool Any_Connect_100-10.0.5.110 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (dmz) 1 192.168.100.2 netmask 255.255.255.255
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (dmz,outside) tcp interface www Web_Server www netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 173.10.XXX.XXX 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.0.1.0 255.255.255.0 inside
http 10.1.10.0 255.255.255.0 outside
http San_Mateo_Inside 255.255.255.255 inside
http San_Mateo_Inside 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 173.12.XXX.XXX
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
vpn-sessiondb max-webvpn-session-limit 10
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 10.0.1.0 255.255.255.0 inside
ssh San_Mateo_Inside 255.255.255.0 inside
ssh 10.1.10.0 255.255.255.0 outside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 10.0.5.10-10.0.5.30 inside
dhcpd dns 75.75.75.75 75.75.76.76 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 1 regex "Intel Mac OS X"
svc profiles CATS disk0:/cats.xml
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 75.75.75.75
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
webvpn
svc profiles value CATS
username user1 password tTq7bIZ.C4x0j.qv encrypted privilege 15
username ********* password sPxon1E6hTszm7Ko encrypted privilege 15
tunnel-group 173.12.XXX.XXX type ipsec-l2l
tunnel-group 173.12.XXX.XXX ipsec-attributes
pre-shared-key *****
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:1751532c3624a6c2eec3c1ae0c31fe03
: end
Site B:
ASA Version 8.2(5)
hostname ***************
enable password 6.De4e7UzES9wBPg encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.100.10 Web_Server
name 10.0.6.0 Ghost_Flower_Inside
name 10.0.5.0 San_Mateo_Inside
name 10.0.5.100 Any_Connect_100
name 10.0.5.101 Any_Connect_101
name 10.0.5.102 Any_Connect_102
name 10.0.5.103 Any_Connect_103
name 10.0.5.104 Any_Connect_104
name 10.0.5.105 Any_Connect_105
name 10.0.5.106 Any_Connect_106
name 10.0.5.107 Any_Connect_107
name 10.0.5.108 Any_Connect_108
name 10.0.5.109 Any_Connect_109
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
switchport access vlan 12
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.0.5.201 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 173.10.XXX.XXX 255.255.255.252
interface Vlan12
no forward interface Vlan1
nameif dmz
security-level 50
ip address 192.168.100.1 255.255.255.0
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 75.75.75.75
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group network Any_Connect_DHCP
network-object host Any_Connect_100
network-object host Any_Connect_101
network-object host Any_Connect_102
network-object host Any_Connect_103
network-object host Any_Connect_104
network-object host Any_Connect_105
network-object host Any_Connect_106
network-object host Any_Connect_107
network-object host Any_Connect_108
network-object host Any_Connect_109
access-list outside_access_in extended permit tcp any interface outside eq www
access-list outside_access_in extended permit tcp any interface outside eq ssh
access-list outside_1_cryptomap extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
access-list inside_nat0_outbound extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
access-list inside_nat0_outbound extended permit ip object-group Any_Connect_DHCP any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool AnyConnectDHCPPool Any_Connect_100-10.0.5.110 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
global (dmz) 1 192.168.100.2 netmask 255.255.255.255
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (dmz,outside) tcp interface www Web_Server www netmask 255.255.255.255
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 173.10.242.182 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication http console LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.0.1.0 255.255.255.0 inside
http 10.1.10.0 255.255.255.0 outside
http San_Mateo_Inside 255.255.255.255 inside
http San_Mateo_Inside 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 173.12.XXX.XXX
crypto map outside_map 1 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
vpn-sessiondb max-webvpn-session-limit 10
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh 10.0.1.0 255.255.255.0 inside
ssh San_Mateo_Inside 255.255.255.0 inside
ssh 10.1.10.0 255.255.255.0 outside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd address 10.0.5.10-10.0.5.30 inside
dhcpd dns 75.75.75.75 75.75.76.76 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
svc image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 1 regex "Intel Mac OS X"
svc profiles CATS disk0:/cats.xml
svc enable
tunnel-group-list enable
group-policy DfltGrpPolicy attributes
dns-server value 75.75.75.75
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
webvpn
svc profiles value CATS
username ************** password sPxon1E6hTszm7Ko encrypted privilege 15
tunnel-group 173.12.XXX.XXX type ipsec-l2l
tunnel-group 173.12.XXX.XXX ipsec-attributes
pre-shared-key *****
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:1751532c3624a6c2eec3c1ae0c31fe03
: endHi Kevin,
Both the sides have IP address of 173.10.XXX.XXX on the respective Outside interfaces and you have configured the peers for 173.12.X.X.
Please ensure the correct IP addresses for VPN peers are configured , via the following command:
crypto map outside_map 1 set peer X.X.X.X
e.g. If you have 173.10.X.X on Site X and 173.12.X.X on Site Y , then
On Site X, peer would be
crypto map outside_map 1 set peer 173.12.X.X
and the tunnel-group will be
tunnel-group 173.12.XXX.XXX type ipsec-l2l
tunnel-group 173.12.XXX.XXX ipsec-attributes
pre-shared-key *****
On Site Y, peer would be
crypto map outside_map 1 set peer 173.10.X.X
and the tunnel-group will be
tunnel-group 173.10.XXX.XXX type ipsec-l2l
tunnel-group 173.10.XXX.XXX ipsec-attributes
pre-shared-key *****
Also , the nat exempt would be complimentary on each other i.e.
On Site X,
access-list inside_nat0_outbound extended permit ip San_Mateo_Inside 255.255.255.0 Ghost_Flower_Inside 255.255.255.0
On Site Y,
access-list inside_nat0_outbound extended permit ip Ghost_Flower_Inside 255.255.255.0 San_Mateo_Inside 255.255.255.0
Hope that helps.
Regards,
Dinesh Moudgil -
Animated gif do not work properly on N85
I bought recently an N85 and downloaded some animated gif pictures and they do not run fluently as they should. The SAME gifs work great on both the E51 and 5700. What is the problem with the new photo viewer in N85?
Another issue I have with the photo viewer is that I transfered 50 photos to the memory (Sandisk micro SDHC Ultra 8gb class 6) and when I browse the photos its very slow and some pictures are pixely for a long time when viewing them.So, it is a general problem in iOS 8.x.x
Awesome....
So I got a ridiculous slow ipad 3 with lots of glitches and not working multigestures.
Is this the the uncomparable user experience which Tim Cook is talking about? -
The Port : 6001 is not working in the system
Hi Experts,
OS : AIX 6.1
SAP : SAP Netweaver EHP1
In the OS level the Port : 6001 is not working and giving the out put as...
pb2adm> telnet abcprdpb2 6001
Trying...
telnet: connect: A remote host refused an attempted connect operation.
Virtual host : abcprdpb2
As it is the BI java stack system & I configured the SMD & wily in the system. From the BI java stack system the wily agent is not working and it uses the port : 6001.
Now the issue is regarding to the port : 6001
when telnet in the same system which is Virtual host : abcprdpb2 is not working and which I have given the output above. It is working when I telnet to the other systems. Please see the output below...
pb2adm> telnet abcprd001 6001
Trying...
Connected to abcprd001.
Escape character is '^]'.
Connection closed.
From other system virtual host : abcprd001
As I have checked with the firewall team and said it is fine in the system and same us AIX team also. But still port : 6001 issue is not resolved in the Virtual host : abcprdpb2
Can you please let me know how to open the port : 6001 in the Virtual host : abcprdpb2 and also how we can confirm that port : 6001 is opened or blocked in the Virtual host : abcprdpb2.
Thanks & Regards,
Sandeep.Hi,
The both mentioned virtual systems are in different LPAR's (Physical host).
Already I have checked the /etc/services and looks every thing is fine in the file. I have also checked the file inetd.conf and I didn't find any thing # on the Telnet.It seems every thing is fine in the both files.
Can you please look in to it and provide some thing which I have to look in the OS level.
Thanks & Regards,
Sandeep -
Agent (10.2.0.5.0) on OEL is running, upload is not working
Hello,
I am installing boot/stage server for provisioning on Oracle Enterprise Linux, so I need to install Management Agent.
Agent is installed and running. But upload XML files is not working (last successful heartbeat to OMS: unknown).
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Agent Version : 10.2.0.5.0
OMS Version : 10.2.0.5.0
Protocol Version : 10.2.0.5.0
Agent Home : /home/oracle/OracleHomes/agent10g
Agent binaries : /home/oracle/OracleHomes/agent10g
Agent Process ID : 3141
Parent Process ID : 3122
Agent URL : https://localhost.localdomain:3872/emd/main/
Repository URL : https://xxx.xx.xx:1159/em/upload
Started at : 2009-12-10 11:00:13
Started by user : oracle
Last Reload : 2009-12-10 11:00:13
Last successful upload : (none)
Last attempted upload : (none)
Total Megabytes of XML files uploaded so far : 0.00
Number of XML files pending upload : 123
Size of XML files pending upload(MB) : 3.37
Available disk space on upload filesystem : 71.78%
Last attempted heartbeat to OMS : 2009-12-10 11:44:05
Last successful heartbeat to OMS : unknown
Agent is Running and Ready
When issuing emctl upload agent receiving error:
EMD upload error: uploadXMLFiles skipped :: OMS version not checked yet..
When trying to secure, everything is fine:
Enter Agent Registration Password Agent successfully restarted... Done. Securing agent... Successful.
When trying to unsecure then getting:
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Checking Agent for HTTP... Done.
Agent successfully stopped... Done.
Unsecuring agent... Started.
OMS Upload URL - http://xxx.xx.xx:4889/em/upload/ is locked or unavailable.
Unsecuring Agent... Failed.
Agent successfully restarted... Done.
when trying to connect with telnet:
Trying 192.168.8.59...
Connected to xxx.xx.xx (192.168.8.59).
Escape character is '^]'.
then issued
^]
and received:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>501 Method Not Implemented</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
^] to /index.html not supported.<P>
Invalid method in request ^]<P>
<HR>
<ADDRESS>Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server Server at xxx.xx.xx Port 4889</ADDRESS>
</BODY></HTML>
Connection closed by foreign host.
And sample of emagent.trc imho regarding this situation:
2009-12-10 11:00:13,661 Thread-1173184 ERROR pingManager: nmepm_pingReposURL: Did not receive a response header from repository
Help needed! What should I check? I am very new to Linux, maybe I missed something?
Waiting for any response,
Best regards,
Nikolajus
Edited by: Nikolajus on Dec 10, 2009 6:48 AMThanks for answering, Rob
My activity was:
On OMS:
[oracle@gc bin]$ ./emctl secure unlock
Oracle Enterprise Manager 10g Release 5 Grid Control
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
OMS Console is unlocked. HTTP ports too can be used to access console.
Agent Upload is unlocked. Unsecure Agents may upload over HTTP.
Then on boot_test:
./emctl unsecure agent (all completed without errors)
Then:
./emctl secure agent
Securing agent... Successful.
Then back to OMS:
[oracle@gc bin]$ ./emctl secure lock
Oracle Enterprise Manager 10g Release 5 Grid Control
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
OMS Console is locked. Access the console over HTTPS ports.
Agent Upload is locked. Agents must be secure and upload over HTTPS port.
Then on boot_test:
[oracle@boot_test bin]$ ./emctl stop agent
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Stopping agent ... stopped.
[oracle@boot_test bin]$ ./emctl start agent
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Starting agent ..... started.
[oracle@boot_test bin]$ ./emctl clearstate agent
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
EMD clearstate completed successfully
[oracle@boot_test bin]$ ./emctl upload agent
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
EMD upload error: uploadXMLFiles skipped :: OMS version not checked yet..
And the status is:
[oracle@boot_test bin]$ ./emctl status agent
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Agent Version : 10.2.0.5.0
OMS Version : 10.2.0.5.0
Protocol Version : 10.2.0.5.0
Agent Home : /home/oracle/OracleHomes/agent10g
Agent binaries : /home/oracle/OracleHomes/agent10g
Agent Process ID : 29610
Parent Process ID : 29594
Agent URL : https://localhost.localdomain:3872/emd/main/
Repository URL : https://xxx.xx.xx:1159/em/upload
Started at : 2009-12-11 09:42:54
Started by user : oracle
Last Reload : 2009-12-11 09:42:54
Last successful upload : (none)
Last attempted upload : (none)
Total Megabytes of XML files uploaded so far : 0.00
Number of XML files pending upload : 78
Size of XML files pending upload(MB) : 3.84
Available disk space on upload filesystem : 71.95%
Last attempted heartbeat to OMS : 2009-12-11 09:51:01
Last successful heartbeat to OMS : unknown
Agent is Running and Ready
So, it seems nothing changed. Am I missing something? Waiting for any help!
Best regards,
Nikolajus -
IBM cognos TM1 Executive viewer is not working on direct Access
Hi,
We are implementing DirectAccess in our environment and testing applications in test lab. It has been observed that executive viewer is not working on Direct Access but working fine over VPN mobile checkpoint. When DA client click on open view button it
gives error
" Additional information:
Unable to connect to server XYZ.com using TCP-IP port 7112. Please make sure that IBM cognos TM1 executive viewer server is started and the port is not blocked by any proxy server or firewall"
but from client telnet is working on port 7112. All ports between DA server and application server are open 3389,7112 and 80.
Also select database option is grayed out and user is unable to select the database. When switching to VPN its working fine.
We are using Executive viewer 9.4.
Any help would be appreciated.It sounds like this program may not be capable of talking over IPv6, which DirectAccess uses. First make sure that when you connect it is trying to talk to a hostname and not an IPv4 address. If your program is calling for "192.168.1.100" - this is never
going to work over DirectAccess. It must call for a name that DirectAccess can resolve to an IPv6 address for communication over DA.
If you confirm it is talking to a name, and then if you confirm that you can do other things to that same name (can you RDP into the server for example?), then that confirms that DirectAccess traffic flow is working to that name/server.
If RDP works but the application still doesn't work, then the application is probably incapable of IPv6. You can either ask IBM if they have a newer version that does talk IPv6, otherwise I have a utility available that can intercept packets from these kinds
of problematic applications and flip the packets into IPv6 on the DA client. Let me know if you need any further information on that: http://www.ivonetworks.com/news/2013/05/ivo-networks-announces-app46-for-directaccess/
Maybe you are looking for
-
Adobe CC desktop app is completely blank and OOBE folder is not the solution
Just bought a new mac pro and transferred all my setting/apps over via Migration Assistant. Adobe programs worked directly after transferring. However, after rebooting nothing worked. I can't remember the specific error messages because it was days a
-
Launch.ica files opening with Adobe Reader not Java
I was trying to set up to get remote access to my server at work and one step was missed (loading the citrix software onto my computer), so when I tried to open it, it created a launch.ica file. I tried to open the file since it would not open automa
-
Add StationGlobal, FileGlobal and Locals from a C# code module
Is it possible to create StationGlobal, FileGlobal and Locals from a C# code module? I know it is possible to get and set variables using PropertyObject, but as far as I know it is not possible to create them. Best regards
-
I have a table which consists the records of Punching Cards as given below: SQL> SELECT * FROM PUNCH_DUP ORDER BY DT; ST_NO TIME DATE N0B725 9:12 09-SEP-05 N0B725 16:52 09-SEP-05 N0B725 9:14 10-SEP-05 N0B725 16:55 10-SEP-05 Now i want print the data
-
I have various users logged in as guests to a shared drive I have connected to my imac. I have carbon copy cloner auto shutdown at night after a back up but sometimes users are still connected and hence my mac gives a prompt saying that there are co