Problem with Configuring ACL on ASA 5505

Similar Messages

• Problem with saving config on asa 5505

  I have asa 5505 with 512mb , i am trying to save ios on it but i failed many times , I have sandisk 2GB and i formatted with windows on fat but every time i see disk0 failed , any ideas what is the problem ?
  Thanks                  

  I have asa 5505 with 512mb , i am trying to save ios on it but i failed many times , I have sandisk 2GB and i formatted with windows on fat but every time i see disk0 failed , any ideas what is the problem ?
  Thanks                  

• Site to Site VPN Problems With 2801 Router and ASA 5505

  Hello,
  I am having some issue setting up a site to site ipsec VPN between a Cisco 2801 router and a Cisco ASA 5505. I was told there was a vpn previously setup with an old hosting provider, but those connections have been servered. Right now I am trying to get the sites to talk to the 2801. Here ere are my current configs, please let me know if you need anything else. Im stumped on this one. Thanks.
  IP scheme at SIte A:
  IP    172.19.3.x
  sub 255.255.255.128
  GW 172.19.3.129
  Site A Ciscso 2801 Router
  Current configuration : 11858 bytes
  version 12.4
  service timestamps debug datetime localtime
  service timestamps log datetime localtime show-timezone
  service password-encryption
  hostname router-2801
  boot-start-marker
  boot-end-marker
  logging message-counter syslog
  logging buffered 4096
  aaa new-model
  aaa authentication login userauthen group radius local
  aaa authorization network groupauthor local
  aaa session-id common
  clock timezone est -5
  clock summer-time zone recurring last Sun Mar 2:00 1 Sun Nov 2:00
  dot11 syslog
  ip source-route
  ip dhcp excluded-address 172.19.3.129 172.19.3.149
  ip dhcp excluded-address 172.19.10.1 172.19.10.253
  ip dhcp excluded-address 172.19.3.140
  ip dhcp ping timeout 900
  ip dhcp pool DHCP
     network 172.19.3.128 255.255.255.128
     default-router 172.19.3.129
     domain-name domain.local
     netbios-name-server 172.19.3.7
     option 66 ascii 172.19.3.225
     dns-server 172.19.3.140 208.67.220.220 208.67.222.222
  ip dhcp pool VoiceDHCP
     network 172.19.10.0 255.255.255.0
     default-router 172.19.10.1
     dns-server 208.67.220.220 8.8.8.8
     option 66 ascii 172.19.10.2
     lease 2
  ip cef
  ip inspect name SDM_LOW cuseeme
  ip inspect name SDM_LOW dns
  ip inspect name SDM_LOW ftp
  ip inspect name SDM_LOW h323
  ip inspect name SDM_LOW https
  ip inspect name SDM_LOW icmp
  ip inspect name SDM_LOW imap
  ip inspect name SDM_LOW pop3
  ip inspect name SDM_LOW netshow
  ip inspect name SDM_LOW rcmd
  ip inspect name SDM_LOW realaudio
  ip inspect name SDM_LOW rtsp
  ip inspect name SDM_LOW esmtp
  ip inspect name SDM_LOW sqlnet
  ip inspect name SDM_LOW streamworks
  ip inspect name SDM_LOW tftp
  ip inspect name SDM_LOW tcp
  ip inspect name SDM_LOW udp
  ip inspect name SDM_LOW vdolive
  no ip domain lookup
  ip domain name domain.local
  multilink bundle-name authenticated
  key chain key1
  key 1
     key-string 7 06040033484B1B484557
  crypto pki trustpoint TP-self-signed-3448656681
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-3448bb6681
  revocation-check none
  rsakeypair TP-self-signed-344bbb56681
  crypto pki certificate chain TP-self-signed-3448656681
  certificate self-signed 01
    3082024F
              quit
  username admin privilege 15 password 7 F55
  archive
  log config
    hidekeys
  crypto isakmp policy 10
  encr 3des
  hash md5
  authentication pre-share
  group 2
  crypto isakmp key XXXXX address 209.118.0.1
  crypto isakmp key xxxxx address SITE B Public IP
  crypto isakmp keepalive 40 5
  crypto isakmp nat keepalive 20
  crypto isakmp client configuration group IISVPN
  key 1nsur3m3
  dns 172.19.3.140
  wins 172.19.3.140
  domain domain.local
  pool VPN_Pool
  acl 198
  crypto isakmp profile IISVPNClient
     description VPN clients profile
     match identity group IISVPN
     client authentication list userauthen
     isakmp authorization list groupauthor
     client configuration address respond
  crypto ipsec transform-set myset esp-3des esp-md5-hmac
  crypto dynamic-map Dynamic 5
  set transform-set myset
  set isakmp-profile IISVPNClient
  qos pre-classify
  crypto map VPN 10 ipsec-isakmp
  set peer 209.118.0.1
  set peer SITE B Public IP
  set transform-set myset
  match address 101
  qos pre-classify
  crypto map VPN 65535 ipsec-isakmp dynamic Dynamic
  track 123 ip sla 1 reachability
  delay down 15 up 10
  class-map match-any VoiceTraffic
  match protocol rtp audio
  match protocol h323
  match protocol rtcp
  match access-group name VOIP
  match protocol sip
  class-map match-any RDP
  match access-group 199
  policy-map QOS
  class VoiceTraffic
      bandwidth 512
  class RDP
      bandwidth 768
  policy-map MainQOS
  class class-default
      shape average 1500000
    service-policy QOS
  interface FastEthernet0/0
  description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$
  ip address 172.19.3.129 255.255.255.128
  ip access-group 100 in
  ip inspect SDM_LOW in
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface FastEthernet0/0.10
  description $ETH-VoiceVLAN$$
  encapsulation dot1Q 10
  ip address 172.19.10.1 255.255.255.0
  ip inspect SDM_LOW in
  ip nat inside
  ip virtual-reassembly
  interface FastEthernet0/1
  description "Comcast"
  ip address PUB IP 255.255.255.248
  ip access-group 102 in
  ip inspect SDM_LOW out
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  crypto map VPN
  interface Serial0/1/0
  description "Verizon LEC Circuit ID: w0w13908 Site ID: U276420-1"
  bandwidth 1536
  no ip address
  encapsulation frame-relay IETF
  frame-relay lmi-type ansi
  interface Serial0/1/0.1 point-to-point
  bandwidth 1536
  ip address 152.000.000.18 255.255.255.252
  ip access-group 102 in
  ip verify unicast reverse-path
  ip inspect SDM_LOW out
  ip nat outside
  ip virtual-reassembly
  frame-relay interface-dlci 500 IETF 
  crypto map VPN
  service-policy output MainQOS
  interface Serial0/2/0
  description "PAETEC 46.HCGS.788446.CV (Verizon ID) / 46.HCGS.3 (PAETEC ID)"
  ip address 123.252.123.102 255.255.255.252
  ip access-group 102 in
  ip inspect SDM_LOW out
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  crypto map VPN
  service-policy output MainQOS
  ip local pool VPN_Pool 172.20.3.130 172.20.3.254
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 50.00.000.110 track 123
  ip route 0.0.0.0 0.0.0.0 111.252.237.000 254
  ip route 122.112.197.20 255.255.255.255 209.252.237.101
  ip route 208.67.220.220 255.255.255.255 50.78.233.110
  no ip http server
  no ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip flow-top-talkers
  top 20
  sort-by bytes
  ip nat inside source route-map COMCAST interface FastEthernet0/1 overload
  ip nat inside source route-map PAETEC interface Serial0/2/0 overload
  ip nat inside source route-map VERIZON interface Serial0/1/0.1 overload
  ip nat inside source static tcp 172.19.3.140 21 PUB IP 21 extendable
  ip access-list extended VOIP
  permit ip 172.20.3.0 0.0.0.127 host 172.19.3.190
  permit ip host 172.19.3.190 172.20.3.0 0.0.0.127
  ip radius source-interface FastEthernet0/0
  ip sla 1
  icmp-echo 000.67.220.220 source-interface FastEthernet0/1
  timeout 10000
  frequency 15
  ip sla schedule 1 life forever start-time now
  access-list 23 permit 172.19.3.0 0.0.0.127
  access-list 23 permit 172.19.3.128 0.0.0.127
  access-list 23 permit 173.189.251.192 0.0.0.63
  access-list 23 permit 107.0.197.0 0.0.0.63
  access-list 23 permit 173.163.157.32 0.0.0.15
  access-list 23 permit 72.55.33.0 0.0.0.255
  access-list 23 permit 172.19.5.0 0.0.0.63
  access-list 100 remark "Outgoing Traffic"
  access-list 100 deny   ip 67.128.87.156 0.0.0.3 any
  access-list 100 deny   ip host 255.255.255.255 any
  access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
  access-list 100 permit tcp host 172.19.3.190 any eq smtp
  access-list 100 permit tcp host 172.19.3.137 any eq smtp
  access-list 100 permit tcp any host 66.251.35.131 eq smtp
  access-list 100 permit tcp any host 173.201.193.101 eq smtp
  access-list 100 permit ip any any
  access-list 100 permit tcp any any eq ftp
  access-list 101 remark "Interesting VPN Traffic"
  access-list 101 permit ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
  access-list 101 permit ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
  access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.10
  access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.11
  access-list 101 permit tcp any any eq ftp
  access-list 101 permit tcp any any eq ftp-data
  access-list 102 remark "Inbound Access"
  access-list 102 permit udp any host 152.179.53.18 eq non500-isakmp
  access-list 102 permit udp any host 152.179.53.18 eq isakmp
  access-list 102 permit esp any host 152.179.53.18
  access-list 102 permit ahp any host 152.179.53.18
  access-list 102 permit udp any host 209.000.000.102 eq non500-isakmp
  access-list 102 permit udp any host 209.000.000.102 eq isakmp
  access-list 102 permit esp any host 209.000.000.102
  access-list 102 permit ahp any host 209.000.000.102
  access-list 102 permit udp any host PUB IP eq non500-isakmp
  access-list 102 permit udp any host PUB IP eq isakmp
  access-list 102 permit esp any host PUB IP
  access-list 102 permit ahp any host PUB IP
  access-list 102 permit ip 72.55.33.0 0.0.0.255 any
  access-list 102 permit ip 107.0.197.0 0.0.0.63 any
  access-list 102 deny   ip 172.19.3.128 0.0.0.127 any
  access-list 102 permit icmp any any echo-reply
  access-list 102 permit icmp any any time-exceeded
  access-list 102 permit icmp any any unreachable
  access-list 102 permit icmp any any
  access-list 102 deny   ip any any log
  access-list 102 permit tcp any host 172.19.3.140 eq ftp
  access-list 102 permit tcp any host 172.19.3.140 eq ftp-data established
  access-list 102 permit udp any host SITE B Public IP  eq non500-isakmp
  access-list 102 permit udp any host SITE B Public IP  eq isakmp
  access-list 102 permit esp any host SITE B Public IP
  access-list 102 permit ahp any host SITE B Public IP
  access-list 110 remark "Outbound NAT Rule"
  access-list 110 remark "Deny VPN Traffic NAT"
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.19.10.0 0.0.0.255
  access-list 110 deny   ip 172.19.10.0 0.0.0.255 172.19.3.128 0.0.0.127
  access-list 110 deny   ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 host 172.19.250.11
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 host 172.19.250.10
  access-list 110 permit ip 172.19.3.128 0.0.0.127 any
  access-list 110 permit ip 172.19.10.0 0.0.0.255 any
  access-list 198 remark "Networks for IISVPN Client"
  access-list 198 permit ip 172.19.3.0 0.0.0.127 172.20.3.128 0.0.0.127
  access-list 198 permit ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
  access-list 199 permit tcp any any eq 3389
  route-map PAETEC permit 10
  match ip address 110
  match interface Serial0/2/0
  route-map COMCAST permit 10
  match ip address 110
  match interface FastEthernet0/1
  route-map VERIZON permit 10
  match ip address 110
  match interface Serial0/1/0.1
  snmp-server community 123 RO
  radius-server host 172.19.3.7 auth-port 1645 acct-port 1646 key 7 000000000000000
  control-plane
  line con 0
  line aux 0
  line vty 0 4
  access-class 23 in
  privilege level 15
  transport input telnet ssh
  line vty 5 15
  access-class 23 in
  privilege level 15
  transport input telnet ssh
  scheduler allocate 20000 1000
  ntp server 128.118.25.3
  ntp server 217.150.242.8
  end
  IP scheme at site B:
  ip     172.19.5.x
  sub  255.255.255.292
  gw   172.19.5.65
  Cisco ASA 5505 at Site B
  ASA Version 8.2(5)
  hostname ASA5505
  domain-name domain.com
  enable password b04DSH2HQqXwS8wi encrypted
  passwd b04DSH2HQqXwS8wi encrypted
  names
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
  nameif inside
  security-level 100
  ip address 172.19.5.65 255.255.255.192
  interface Vlan2
  nameif outside
  security-level 0
  ip address SITE B public IP 255.255.255.224
  boot system disk0:/asa825-k8.bin
  ftp mode passive
  clock timezone est -5
  clock summer-time zone recurring last Sun Mar 2:00 last Sun Oct 2:00
  dns server-group DefaultDNS
  domain-name iis-usa.com
  same-security-traffic permit intra-interface
  object-group network old hosting provider
  network-object 72.55.34.64 255.255.255.192
  network-object 72.55.33.0 255.255.255.0
  network-object 173.189.251.192 255.255.255.192
  network-object 173.163.157.32 255.255.255.240
  network-object 66.11.1.64 255.255.255.192
  network-object 107.0.197.0 255.255.255.192
  object-group network old hosting provider
  network-object host 172.19.250.10
  network-object host 172.19.250.11
  access-list 100 extended permit ip 172.19.5.64 255.255.255.192 object-group old hosting provider
  access-list 100 extended permit ip 172.19.5.64 255.255.255.192 172.19.3.128 255.255.255.128
  access-list 10 extended deny ip 0.0.0.0 255.0.0.0 any
  access-list 10 extended deny ip 127.0.0.0 255.0.0.0 any
  access-list 10 extended deny ip 169.254.0.0 255.255.0.0 any
  access-list 10 extended deny ip 172.16.0.0 255.255.0.0 any
  access-list 10 extended deny ip 224.0.0.0 224.0.0.0 any
  access-list 10 extended permit icmp any any echo-reply
  access-list 10 extended permit icmp any any time-exceeded
  access-list 10 extended permit icmp any any unreachable
  access-list 10 extended permit icmp any any traceroute
  access-list 10 extended permit icmp any any source-quench
  access-list 10 extended permit icmp any any
  access-list 10 extended permit tcp object-group old hosting provider any eq 3389
  access-list 10 extended permit tcp any any eq https
  access-list 10 extended permit tcp any any eq www
  access-list 110 extended permit ip 172.19.5.64 255.255.255.192 172.19.3.0 255.255.255.128
  access-list 110 extended permit ip 172.19.5.64 255.255.255.192 object-group old hosting provider
  pager lines 24
  logging enable
  logging timestamp
  logging console emergencies
  logging monitor emergencies
  logging buffered warnings
  logging trap debugging
  logging history debugging
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip verify reverse-path interface inside
  ip verify reverse-path interface outside
  ip audit name jab attack action alarm drop reset
  ip audit name probe info action alarm drop reset
  ip audit interface outside probe
  ip audit interface outside jab
  ip audit info action alarm drop reset
  ip audit attack action alarm drop reset
  ip audit signature 2000 disable
  ip audit signature 2001 disable
  ip audit signature 2004 disable
  ip audit signature 2005 disable
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit 75.150.169.48 255.255.255.240 outside
  icmp permit 72.44.134.16 255.255.255.240 outside
  icmp permit 72.55.33.0 255.255.255.0 outside
  icmp permit any outside
  icmp permit 173.163.157.32 255.255.255.240 outside
  icmp permit 107.0.197.0 255.255.255.192 outside
  icmp permit 66.11.1.64 255.255.255.192 outside
  icmp deny any outside
  asdm image disk0:/asdm-645.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list 100
  nat (inside) 1 0.0.0.0 0.0.0.0
  access-group 10 in interface outside
  route outside 0.0.0.0 0.0.0.0 174.78.151.225 1
  timeout xlate 3:00:00
  timeout conn 24:00:00 half-closed 0:10:00 udp 0:10:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 24:00:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http 107.0.197.0 255.255.255.192 outside
  http 66.11.1.64 255.255.255.192 outside
  snmp-server host outside 107.0.197.29 community *****
  snmp-server host outside 107.0.197.30 community *****
  snmp-server host inside 172.19.250.10 community *****
  snmp-server host outside 172.19.250.10 community *****
  snmp-server host inside 172.19.250.11 community *****
  snmp-server host outside 172.19.250.11 community *****
  snmp-server host outside 68.82.122.239 community *****
  snmp-server host outside 72.55.33.37 community *****
  snmp-server host outside 72.55.33.38 community *****
  snmp-server host outside 75.150.169.50 community *****
  snmp-server host outside 75.150.169.51 community *****
  no snmp-server location
  no snmp-server contact
  snmp-server community *****
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  crypto map VPNMAP 10 match address 110
  crypto map VPNMAP 10 set peer 72.00.00.7 old vpn public ip Site B Public IP
  crypto map VPNMAP 10 set transform-set ESP-3DES-MD5
  crypto map VPNMAP 10 set security-association lifetime seconds 86400
  crypto map VPNMAP 10 set security-association lifetime kilobytes 4608000
  crypto map VPNMAP interface outside
  crypto isakmp identity address
  crypto isakmp enable outside
  crypto isakmp policy 20
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  telnet 172.19.5.64 255.255.255.192 inside
  telnet 172.19.3.0 255.255.255.128 outside
  telnet timeout 60
  ssh 0.0.0.0 0.0.0.0 inside
  ssh 0.0.0.0 0.0.0.0 outside
  ssh timeout 60
  console timeout 0
  management-access inside
  dhcpd dns 172.19.3.140
  dhcpd wins 172.19.3.140
  dhcpd ping_timeout 750
  dhcpd domain iis-usa.com
  dhcpd address 172.19.5.80-172.19.5.111 inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection scanning-threat shun except object-group old hosting provider
  threat-detection statistics
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ntp server 128.118.25.3 source outside
  ntp server 217.150.242.8 source outside
  tunnel-group 72.00.00.7 type ipsec-l2l
  tunnel-group 72.00.00.7 ipsec-attributes
  pre-shared-key *****
  tunnel-group old vpn public ip type ipsec-l2l
  tunnel-group old vpn public ip ipsec-attributes
  pre-shared-key *****
  tunnel-group SITE A Public IP  type ipsec-l2l
  tunnel-group SITE A Public IP  ipsec-attributes
  pre-shared-key *****
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect netbios
    inspect tftp
    inspect pptp
    inspect sip 
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:
  : end

  I have removed the old "set peer" and have added:
  IOS router:
  access-list 101 permit ip 172.19.3.128 0.0.0.127 172.19.5.64 0.0.0.65
  ASA fw:
  access-list 110 extended permit ip 172.19.5.64 255.255.255.192 172.19.3.128 255.255.255.128
  on the router I have also added;
  access-list 110 deny  ip 172.19.3.128 0.0.0.127 172.19.5.64 0.0.0.63
  Here is my acl :
  access-list 110 remark "Outbound NAT Rule"
  access-list 110 remark "Deny VPN Traffic NAT"
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.19.10.0 0.0.0.255
  access-list 110 deny   ip 172.19.10.0 0.0.0.255 172.19.3.128 0.0.0.127
  access-list 110 deny   ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 host 172.19.250.11
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 host 172.19.250.10
  access-list 110 permit ip 172.19.3.128 0.0.0.127 any
  access-list 110 permit ip 172.19.10.0 0.0.0.255 any
  access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.19.5.64 0.0.0.63
  access-list 198 remark "Networks for IISVPN Client"
  access-list 198 permit ip 172.19.3.0 0.0.0.127 172.20.3.128 0.0.0.127
  access-list 198 permit ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
  Still no ping tothe other site.

• Problem with nat-ing on asa 5505

  i have the asa5505 with asa8.4.2 and asdm 6.4.5. i use this asa5505 for connecting my network 192.168.0.0/24 with network 10.15.100.0/24. my wan port of asa5505 on network 10.13.74.0/24, lan port is on 192.168.0.0./24. this configuration worked ok until my isp changed router on address 10.13.74.1. i nat-ed on asa5505, i puted access policy and i had access network 10.15.100.0/24. but now i can't. the users from network can access devices on addresses 192.168.0.20 and 192.168.0.22 but i can't access the network 10.15.100.0/24. my configuration of asa5505 is:
  Result of the command: "show runn": Saved:ASA Version 8.4(2) !hostname ciscoasaenable password 8Ry2YjIyt7RRXU24 encryptedpasswd 2KFQnbNIdI.2KYOU encryptednames!interface Ethernet0/0 switchport access vlan 2!interface Ethernet0/1!interface Ethernet0/2!interface Ethernet0/3!interface Ethernet0/4!interface Ethernet0/5!interface Ethernet0/6!interface Ethernet0/7!interface Vlan1 nameif inside security-level 100 ip address 192.168.0.17 255.255.255.0 !interface Vlan2 nameif outside security-level 0 ip address 10.13.74.33 255.255.255.0 !ftp mode passiveobject network obj_any subnet 0.0.0.0 0.0.0.0object network server host 192.168.0.20object network sharepointdri host 192.168.0.22object network paragraflex host 192.168.0.20object network dri.local subnet 192.168.0.0 255.255.255.0object service ParagrafLex1 service tcp source eq 6190 description Odlazniobject service paragraf service tcp destination eq 6190 description dolazniobject network nonat host 192.168.0.20object network lokalnamreza range 192.168.0.1 192.168.0.254object network natnetwork subnet 192.168.0.0 255.255.255.0object network natmreze subnet 192.168.0.0 255.255.255.0object-group service DM_INLINE_SERVICE_2 service-object ip service-object icmp echo-reply service-object tcp object-group service DM_INLINE_SERVICE_1 service-object icmp echo-reply service-object tcp service-object ip service-object tcp destination eq domain service-object tcp destination eq ldap service-object object ParagrafLex1 object-group service DM_INLINE_SERVICE_8 service-object ip service-object tcp service-object icmp echo-replyobject-group service DM_INLINE_SERVICE_3 service-object tcp service-object tcp destination eq domain service-object tcp destination eq ldap object-group service DM_INLINE_SERVICE_4 service-object tcp service-object icmp echo-replyobject-group protocol DM_INLINE_PROTOCOL_2 protocol-object udp protocol-object tcpobject-group protocol TCPUDP protocol-object udp protocol-object tcpobject-group service DM_INLINE_SERVICE_5 service-object ip service-object icmp echo-replyobject-group protocol DM_INLINE_PROTOCOL_1 protocol-object ip protocol-object tcpobject-group service DM_INLINE_SERVICE_6 service-object ip service-object tcp service-object icmp echo-reply service-object icmp service-object tcp destination eq https object-group service DM_INLINE_SERVICE_7 service-object ip service-object tcp service-object icmp echo-reply service-object tcp destination eq https object-group network DM_INLINE_NETWORK_1 network-object 10.13.74.0 255.255.255.0 network-object 10.15.100.0 255.255.255.0object-group service DM_INLINE_SERVICE_9 service-object tcp-udp service-object tcp destination eq https service-object tcp destination eq domain object-group service DM_INLINE_SERVICE_10 service-object ip service-object tcp service-object icmp echo-replyobject-group service DM_INLINE_SERVICE_11 service-object ip service-object tcp service-object icmp echo-replyaccess-list nonat extended permit object-group DM_INLINE_SERVICE_8 192.168.0.0 255.255.255.0 object-group DM_INLINE_NETWORK_1 access-list inside_access_out extended permit object-group DM_INLINE_SERVICE_6 any any access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_2 object dri.local 10.15.100.0 255.255.255.0 access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_7 any any access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_3 object dri.local 10.13.74.0 255.255.255.0 access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_4 any any access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_3 192.168.0.0 255.255.255.0 10.13.74.0 255.255.255.0 access-list outside_access_in_1 extended permit object paragraf any object server access-list outside_access_in_1 extended permit object-group DM_INLINE_SERVICE_1 any object server access-list outside_access_in_1 extended permit object-group DM_INLINE_PROTOCOL_1 any object sharepointdri access-list outside_access_in_1 extended permit object-group DM_INLINE_SERVICE_10 object natmreze any access-list outside_access_out extended permit object-group DM_INLINE_SERVICE_9 any any access-list outside_access_out extended permit object-group DM_INLINE_SERVICE_11 object natmreze 10.15.100.0 255.255.255.0 pager lines 24logging asdm informationalmtu inside 1500mtu outside 1500icmp unreachable rate-limit 1 burst-size 1no asdm history enablearp outside 10.13.74.1 000d.bd64.a8e2 arp timeout 14400!object network server nat (inside,outside) static 10.13.74.34 dnsobject network sharepointdri nat (any,any) static 10.13.74.39object network nonat nat (inside,outside) static 192.168.0.20object network natmreze nat (any,any) static 10.13.74.42 dnsaccess-group inside_access_in in interface insideaccess-group inside_access_out out interface insideaccess-group outside_access_in_1 in interface outsideaccess-group outside_access_out out interface outsideroute outside 0.0.0.0 0.0.0.0 10.13.74.1 1route outside 10.15.100.0 255.255.255.0 10.13.74.1 1timeout xlate 3:00:00timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolutetimeout tcp-proxy-reassembly 0:01:00timeout floating-conn 0:00:00dynamic-access-policy-record DfltAccessPolicyuser-identity default-domain LOCALhttp server enablehttp 192.168.0.0 255.255.255.0 insideno snmp-server locationno snmp-server contactsnmp-server enable traps snmp authentication linkup linkdown coldstart warmstarttelnet timeout 5ssh timeout 5console timeout 0dhcpd auto_config outside!threat-detection basic-threatthreat-detection statistics access-listno threat-detection statistics tcp-interceptwebvpn!class-map inspection_default match default-inspection-traffic!!policy-map type inspect dns preset_dns_map parameters  message-length maximum client auto  message-length maximum 512policy-map type inspect ftp paragraf parameterspolicy-map global_policy class inspection_default  inspect dns   inspect icmp   inspect ip-options   inspect netbios   inspect tftp   inspect h323 h225   inspect h323 ras !service-policy global_policy globalprompt hostname context state priority domain no call-home reporting anonymousCryptochecksum:61572938ed01b1c7447e43fcb2df4bc8: end
  what i do? plz help me?
  thanks

  Please do this, and let me know how it goes
  no access-list nonat extended permit object-group DM_INLINE_SERVICE_8 192.168.0.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
  no access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_3 object dri.local 10.13.74.0 255.255.255.0
  no access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_4 any any
  no access-list uprava_access_out extended permit object-group DM_INLINE_SERVICE_3 192.168.0.0 255.255.255.0 10.13.74.0 255.255.255.0
  access-list inside_access_in line 1 permit ip 192.168.0.0 255.255.255.0 any
  access-list outside_access_in_1 line 1 permit ip any 192.168.0.0 255.255.255.0
  no object network nonat
  no access-group inside_access_out out interface inside
  no access-group outside_access_out out interface outside
  no route outside 10.15.100.0 255.255.255.0 10.13.74.1 1

• Problem with AnyConnect VPN on ASA 5505

  Hello everyone,
  We're troubleshooting an issue where a client cannot pass any traffic across an AnyConnect VPN with an ASA5505 as the endpoint. The client receives and IP address in the 172.16.0.1/24 range and the ASA creates a static route to the 10.0.0.0/24 internal network but we cannot ping or connect to any internal IP address. The connection appears to fully build and pass traffic (based on the byte counts which increase) but we can't talk to the main network.
  Does anyone have any ideas as to what I can check?
  Thanks!
  Ryan

  AnyConnect client should not be in the same subnet as the internal hosts. It needs to be unique subnet within your environment, so you were on the right path initially.
  If you can share your config, that would be easier for us to check.
  In the meantime, a few things to check:
  1) Have you configured split tunnel policy?
  2) Do you have NAT exemption configured?
  3) Any VPN filter configured that might be blocking the traffic?
  4) Does the internal network know how to route back to the VPN Pool subnet (ie: via the ASA)
  5) Lastly, do you have "inspect icmp" configured?

• Problem with configuration of wifi newtork- dhcp

  hi.
  i've got a small problem with configuration of wi-fi network.
  i use dhcp network.
  there are some errors about network during boot up (but its to fast for my to write it down)
  after log-in i have to setup network access by typing
  iwconfig eth2 essid SpeedTouchBCE72F
  and then i heve to run this command
  dhclient
  and after that i've got an access to internet
  this is my rc.file
  # /etc/rc.conf - Main Configuration for Arch Linux
  # LOCALIZATION
  # LOCALE: available languages can be listed with the 'locale -a' command
  # HARDWARECLOCK: set to "UTC" or "localtime"
  # TIMEZONE: timezones are found in /usr/share/zoneinfo
  # KEYMAP: keymaps are found in /usr/share/kbd/keymaps
  # CONSOLEFONT: found in /usr/share/kbd/consolefonts (only needed for non-US)
  # CONSOLEMAP: found in /usr/share/kbd/consoletrans
  # USECOLOR: use ANSI color sequences in startup messages
  LOCALE="pl_PL.UTF-8"
  HARDWARECLOCK="localtime"
  TIMEZONE="Europe/London"
  KEYMAP="-u pl2"
  CONSOLEFONT="lat2-16.psfu.gz"
  USECOLOR="yes"
  LC_ALL="pl_PL.UTF-8"
  LESSCHARSET="UTF-8"
  # HARDWARE
  # Scan hardware and load required modules at bootup
  MOD_AUTOLOAD="yes"
  # Module Blacklist - modules in this list will never be loaded by udev
  MOD_BLACKLIST=()
  # Modules to load at boot-up (in this order)
  #   - prefix a module with a ! to blacklist it
  MODULES=()
  # Scan for LVM volume groups at startup, required if you use LVM
  USELVM="no"
  # NETWORKING
  HOSTNAME="linugrat"
  # Use 'ifconfig -a' or 'ls /sys/class/net/' to see all available
  # interfaces.
  # Interfaces to start at boot-up (in this order)
  # Declare each interface then list in INTERFACES
  #   - prefix an entry in INTERFACES with a ! to disable it
  #   - no hyphens in your interface names - Bash doesn't like it
  # Note: to use DHCP, set your interface to be "dhcp" (eth0="dhcp")
  lo="lo 127.0.0.1"
  eth2="dhcp"
  INTERFACES=(lo eth2)
  ROUTES=(!gateway)
  # Routes to start at boot-up (in this order)
  # Declare each route then list in ROUTES
  #   - prefix an entry in ROUTES with a ! to disable it
  gateway="default gw 192.168.0.1"
  ROUTES=(gateway)
  # Enable these network profiles at boot-up.  These are only useful
  # if you happen to need multiple network configurations (ie, laptop users)
  #   - set to 'menu' to present a menu during boot-up (dialog package required)
  #   - prefix an entry with a ! to disable it
  # Network profiles are found in /etc/network-profiles
  #NET_PROFILES=(main)
  # DAEMONS
  # Daemons to start at boot-up (in this order)
  #   - prefix a daemon with a ! to disable it
  #   - prefix a daemon with a @ to start it up in the background
  DAEMONS=(syslog-ng ipw3945d network netfs crond)
  # End of file
  szymon

  Hi Mariano
  I think you need to <b>restart your portal Engine</b> after making correct settings.
  Also please refer to the link below to get a better insight:-
  http://help.sap.com/saphelp_nw04s/helpdata/en/0b/719a425ffac46ae10000000a155106/frameset.htm
  Regards
  Navneet

• Problem with Configuring Tomcat for running jsp web applications..Plz HELP

  I am using Tomcat 5.5 and Jdk 1.5.0_12 and Oracle 10g. I am using jdbc-odbc bridge connection
  to connect to the database. I have placed my project folder called
  tdm under the webapps folder in Tomcat. This 'tdm' folder consists of
  a collection of html pages,jsp pages and images of my project. Also I created a
  WEB-INF folderand in that I have lib folder which contains catalina-root.jar
  , classes12.jar and nls_charset.jar files. And also in the WEB-INF folder I have the web.xml
  file which looks like this
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!--
  Copyright 2004 The Apache Software Foundation
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
  http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
  -->
  <web-app>
  <resource-ref>
  <description>Oracle Datasource example</description>
  <res-ref-name>jdbc/gdn</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Container</res-auth>
  </resource-ref>
  </web-app>
  My Server.xml file in Tomcat\conf folder is as follows
  <!-- Example Server Configuration File -->
  <!-- Note that component elements are nested corresponding to their
  parent-child relationships with each other -->
  <!-- A "Server" is a singleton element that represents the entire JVM,
  which may contain one or more "Service" instances. The Server
  listens for a shutdown command on the indicated port.
  Note: A "Server" is not itself a "Container", so you may not
  define subcomponents such as "Valves" or "Loggers" at this level.
  -->
  <Server port="8005" shutdown="SHUTDOWN">
  <!-- Comment these entries out to disable JMX MBeans support used for the
  administration web application -->
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <!-- Global JNDI resources -->
  <GlobalNamingResources>
  <!-- Test entry for demonstration purposes -->
  <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
  <!-- Editable user database that can also be used by
  UserDatabaseRealm to authenticate users -->
  <Resource name="UserDatabase" auth="Container"
  type="org.apache.catalina.UserDatabase"
  description="User database that can be updated and saved"
  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
  pathname="conf/tomcat-users.xml" />
  <Resource name="jdbc/gdn" auth="Container"
  type="javax.sql.DataSource" driverClassName="sun.jdbc.odbc.JdbcOdbcDriver"
  url="jdbc:odbc:gdn"
  username="system" password="tiger" maxActive="20" maxIdle="10"
  maxWait="-1"/>
  </GlobalNamingResources>
  <!-- A "Service" is a collection of one or more "Connectors" that share
  a single "Container" (and therefore the web applications visible
  within that Container). Normally, that Container is an "Engine",
  but this is not required.
  Note: A "Service" is not itself a "Container", so you may not
  define subcomponents such as "Valves" or "Loggers" at this level.
  -->
  <!-- Define the Tomcat Stand-Alone Service -->
  <Service name="Catalina">
  <!-- A "Connector" represents an endpoint by which requests are received
  and responses are returned. Each Connector passes requests on to the
  associated "Container" (normally an Engine) for processing.
  By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
  You can also enable an SSL HTTP/1.1 Connector on port 8443 by
  following the instructions below and uncommenting the second Connector
  entry. SSL support requires the following steps (see the SSL Config
  HOWTO in the Tomcat 5 documentation bundle for more detailed
  instructions):
  * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
  later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
  * Execute:
  %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
  $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
  with a password value of "changeit" for both the certificate and
  the keystore itself.
  By default, DNS lookups are enabled when a web application calls
  request.getRemoteHost(). This can have an adverse impact on
  performance, so you can disable it by setting the
  "enableLookups" attribute to "false". When DNS lookups are disabled,
  request.getRemoteHost() will return the String version of the
  IP address of the remote client.
  -->
  <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
  <Connector
  port="5050" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" redirectPort="8443" acceptCount="100"
  connectionTimeout="20000" disableUploadTimeout="true" />
  <!-- Note : To disable connection timeouts, set connectionTimeout value
  to 0 -->
       <!-- Note : To use gzip compression you could set the following properties :
                 compression="on"
                 compressionMinSize="2048"
                 noCompressionUserAgents="gozilla, traviata"
                 compressableMimeType="text/html,text/xml"
       -->
  <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
  <!--
  <Connector port="8443"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" disableUploadTimeout="true"
  acceptCount="100" scheme="https" secure="true"
  clientAuth="false" sslProtocol="TLS" />
  -->
  <!-- Define an AJP 1.3 Connector on port 8009 -->
  <Connector port="8009"
  enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
  <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
  <!-- See proxy documentation for more information about using this. -->
  <!--
  <Connector port="8082"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" acceptCount="100" connectionTimeout="20000"
  proxyPort="80" disableUploadTimeout="true" />
  -->
  <!-- An Engine represents the entry point (within Catalina) that processes
  every request. The Engine implementation for Tomcat stand alone
  analyzes the HTTP headers included with the request, and passes them
  on to the appropriate Host (virtual host). -->
  <!-- You should set jvmRoute to support load-balancing via AJP ie :
  <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
  -->
  <!-- Define the top level container in our container hierarchy -->
  <Engine name="Catalina" defaultHost="localhost">
  <!-- The request dumper valve dumps useful debugging information about
  the request headers and cookies that were received, and the response
  headers and cookies that were sent, for all requests received by
  this instance of Tomcat. If you care only about requests to a
  particular virtual host, or a particular application, nest this
  element inside the corresponding <Host> or <Context> entry instead.
  For a similar mechanism that is portable to all Servlet 2.4
  containers, check out the "RequestDumperFilter" Filter in the
  example application (the source for this filter may be found in
  "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
  Request dumping is disabled by default. Uncomment the following
  element to enable it. -->
  <!--
  <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
  -->
  <!-- Because this Realm is here, an instance will be shared globally -->
  <!-- This Realm uses the UserDatabase configured in the global JNDI
  resources under the key "UserDatabase". Any edits
  that are performed against this UserDatabase are immediately
  available for use by the Realm. -->
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
  resourceName="UserDatabase"/>
  <!-- Comment out the old realm but leave here for now in case we
  need to go back quickly -->
  <!--
  <Realm className="org.apache.catalina.realm.MemoryRealm" />
  -->
  <!-- Replace the above Realm with one of the following to get a Realm
  stored in a database and accessed via JDBC -->
  <!--
  <Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="org.gjt.mm.mysql.Driver"
  connectionURL="jdbc:mysql://localhost/authority"
  connectionName="test" connectionPassword="test"
  userTable="users" userNameCol="user_name" userCredCol="user_pass"
  userRoleTable="user_roles" roleNameCol="role_name" />
  -->
  <!--
  <Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="oracle.jdbc.driver.OracleDriver"
  connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
  connectionName="scott" connectionPassword="tiger"
  userTable="users" userNameCol="user_name" userCredCol="user_pass"
  userRoleTable="user_roles" roleNameCol="role_name" />
  -->
  <!--
  <Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="sun.jdbc.odbc.JdbcOdbcDriver"
  connectionURL="jdbc:odbc:CATALINA"
  userTable="users" userNameCol="user_name" userCredCol="user_pass"
  userRoleTable="user_roles" roleNameCol="role_name" />
  -->
  <!-- Define the default virtual host
  Note: XML Schema validation will not work with Xerces 2.2.
  -->
  <Host name="localhost" appBase="webapps"
  unpackWARs="true" autoDeploy="true"
  xmlValidation="false" xmlNamespaceAware="false">
  <!-- Defines a cluster for this node,
  By defining this element, means that every manager will be changed.
  So when running a cluster, only make sure that you have webapps in there
  that need to be clustered and remove the other ones.
  A cluster has the following parameters:
  className = the fully qualified name of the cluster class
  name = a descriptive name for your cluster, can be anything
  mcastAddr = the multicast address, has to be the same for all the nodes
  mcastPort = the multicast port, has to be the same for all the nodes
  mcastBindAddr = bind the multicast socket to a specific address
  mcastTTL = the multicast TTL if you want to limit your broadcast
  mcastSoTimeout = the multicast readtimeout
  mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
  mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
  tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
  tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
  in case of multiple ethernet cards.
  auto means that address becomes
  InetAddress.getLocalHost().getHostAddress()
  tcpListenPort = the tcp listen port
  tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
  has a wakup bug in java.nio. Set to 0 for no timeout
  printToScreen = true means that managers will also print to std.out
  expireSessionsOnShutdown = true means that
  useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
  false means to replicate the session after each request.
  false means that replication would work for the following piece of code: (only for SimpleTcpReplicationManager)
  <%
  HashMap map = (HashMap)session.getAttribute("map");
  map.put("key","value");
  %>
  replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
  * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
  * Synchronous means that the thread that executes the request, is also the
  thread the replicates the data to the other nodes, and will not return until all
  nodes have received the information.
  * Asynchronous means that there is a specific 'sender' thread for each cluster node,
  so the request thread will queue the replication request into a "smart" queue,
  and then return to the client.
  The "smart" queue is a queue where when a session is added to the queue, and the same session
  already exists in the queue from a previous request, that session will be replaced
  in the queue instead of replicating two requests. This almost never happens, unless there is a
  large network delay.
  -->
  <!--
  When configuring for clustering, you also add in a valve to catch all the requests
  coming in, at the end of the request, the session may or may not be replicated.
  A session is replicated if and only if all the conditions are met:
  1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
  2. a session exists (has been created)
  3. the request is not trapped by the "filter" attribute
  The filter attribute is to filter out requests that could not modify the session,
  hence we don't replicate the session after the end of this request.
  The filter is negative, ie, anything you put in the filter, you mean to filter out,
  ie, no replication will be done on requests that match one of the filters.
  The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
  filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
  ending with .gif and .js are intercepted.
  The deployer element can be used to deploy apps cluster wide.
  Currently the deployment only deploys/undeploys to working members in the cluster
  so no WARs are copied upons startup of a broken node.
  The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
  When a new war file is added the war gets deployed to the local instance,
  and then deployed to the other instances in the cluster.
  When a war file is deleted from the watchDir the war is undeployed locally
  and cluster wide
  -->
  <!--
  <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
  managerClassName="org.apache.catalina.cluster.session.DeltaManager"
  expireSessionsOnShutdown="false"
  useDirtyFlag="true"
  notifyListenersOnReplication="true">
  <Membership
  className="org.apache.catalina.cluster.mcast.McastService"
  mcastAddr="228.0.0.4"
  mcastPort="45564"
  mcastFrequency="500"
  mcastDropTime="3000"/>
  <Receiver
  className="org.apache.catalina.cluster.tcp.ReplicationListener"
  tcpListenAddress="auto"
  tcpListenPort="4001"
  tcpSelectorTimeout="100"
  tcpThreadCount="6"/>
  <Sender
  className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
  replicationMode="pooled"
  ackTimeout="15000"/>
  <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
  filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
  <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
  tempDir="/tmp/war-temp/"
  deployDir="/tmp/war-deploy/"
  watchDir="/tmp/war-listen/"
  watchEnabled="false"/>
  </Cluster>
  -->
  <!-- Normally, users must authenticate themselves to each web app
  individually. Uncomment the following entry if you would like
  a user to be authenticated the first time they encounter a
  resource protected by a security constraint, and then have that
  user identity maintained across all web applications contained
  in this virtual host. -->
  <!--
  <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
  -->
  <!-- Access log processes all requests for this virtual host. By
  default, log files are created in the "logs" directory relative to
  $CATALINA_HOME. If you wish, you can specify a different
  directory with the "directory" attribute. Specify either a relative
  (to $CATALINA_HOME) or absolute path to the desired directory.
  -->
  <!--
  <Valve className="org.apache.catalina.valves.AccessLogValve"
  directory="logs" prefix="localhost_access_log." suffix=".txt"
  pattern="common" resolveHosts="false"/>
  -->
  <!-- Access log processes all requests for this virtual host. By
  default, log files are created in the "logs" directory relative to
  $CATALINA_HOME. If you wish, you can specify a different
  directory with the "directory" attribute. Specify either a relative
  (to $CATALINA_HOME) or absolute path to the desired directory.
  This access log implementation is optimized for maximum performance,
  but is hardcoded to support only the "common" and "combined" patterns.
  -->
  <!--
  <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
  directory="logs" prefix="localhost_access_log." suffix=".txt"
  pattern="common" resolveHosts="false"/>
  -->
  <Context path="/tdm" docBase="tdm" debug="0" reloadable="true" />
  </Host>
  </Engine>
  </Service>
  </Server>
  I have set the context path to /tdm in the server.xml file. Should this be placed in context.xml?
  My first page in the project is called Homepage.html. To start my project I give http://localhost:5050/tdm/homepage.html
  in a browser. Here I accept a username and password from the user and then do the validation in
  a valid.jsp file, where I connect to the database and check and use jsp:forward to go to next pages
  accordingly. However when I enter the username and password and click Go in the homepage, nothing is
  displayed on the next page. The URL in the browser says valid.jsp but a blank screen appears.
  WHY DOES IT HAPPEN SO? DOES IT MEAN THAT TOMCAT IS NOT RECOGNIZING JAVA IN MY SYSTEM OR IS IT A PROBLEM
  WITH THE DATABASE CONNECTION OR SOMETHING ELSE? I FEEL THAT TOMCAT IS NOT EXECUTING JSP COMMANDS?
  IS IT POSSIBLE?WHY WILL THIS HAPPEN?
  I set the JAVA_HOME and CATALINA_HOME environment to the jdk and tomcat folders resp.
  Is there any other thing that I need to set in classpath? Should I have my project as a
  WAR file in the webapps of TOMCAT or just a folder i.e. directory structure will fine?

  I am using Tomcat 5.5 and Jdk 1.5.0_12 and Oracle 10g. I am using jdbc-odbc bridge connection
  to connect to the database. I have placed my project folder called
  tdm under the webapps folder in Tomcat. This 'tdm' folder consists of
  a collection of html pages,jsp pages and images of my project. Also I created a
  WEB-INF folderand in that I have lib folder which contains catalina-root.jar
  , classes12.jar and nls_charset.jar files. And also in the WEB-INF folder I have the web.xml
  file which looks like this
  <?xml version="1.0" encoding="ISO-8859-1"?>
  <!--
  Copyright 2004 The Apache Software Foundation
  Licensed under the Apache License, Version 2.0 (the "License");
  you may not use this file except in compliance with the License.
  You may obtain a copy of the License at
  http://www.apache.org/licenses/LICENSE-2.0
  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
  -->
  <web-app>
  <resource-ref>
  <description>Oracle Datasource example</description>
  <res-ref-name>jdbc/gdn</res-ref-name>
  <res-type>javax.sql.DataSource</res-type>
  <res-auth>Container</res-auth>
  </resource-ref>
  </web-app>
  My Server.xml file in Tomcat\conf folder is as follows
  <!-- Example Server Configuration File -->
  <!-- Note that component elements are nested corresponding to their
  parent-child relationships with each other -->
  <!-- A "Server" is a singleton element that represents the entire JVM,
  which may contain one or more "Service" instances. The Server
  listens for a shutdown command on the indicated port.
  Note: A "Server" is not itself a "Container", so you may not
  define subcomponents such as "Valves" or "Loggers" at this level.
  -->
  <Server port="8005" shutdown="SHUTDOWN">
  <!-- Comment these entries out to disable JMX MBeans support used for the
  administration web application -->
  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <!-- Global JNDI resources -->
  <GlobalNamingResources>
  <!-- Test entry for demonstration purposes -->
  <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
  <!-- Editable user database that can also be used by
  UserDatabaseRealm to authenticate users -->
  <Resource name="UserDatabase" auth="Container"
  type="org.apache.catalina.UserDatabase"
  description="User database that can be updated and saved"
  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
  pathname="conf/tomcat-users.xml" />
  <Resource name="jdbc/gdn" auth="Container"
  type="javax.sql.DataSource" driverClassName="sun.jdbc.odbc.JdbcOdbcDriver"
  url="jdbc:odbc:gdn"
  username="system" password="tiger" maxActive="20" maxIdle="10"
  maxWait="-1"/>
  </GlobalNamingResources>
  <!-- A "Service" is a collection of one or more "Connectors" that share
  a single "Container" (and therefore the web applications visible
  within that Container). Normally, that Container is an "Engine",
  but this is not required.
  Note: A "Service" is not itself a "Container", so you may not
  define subcomponents such as "Valves" or "Loggers" at this level.
  -->
  <!-- Define the Tomcat Stand-Alone Service -->
  <Service name="Catalina">
  <!-- A "Connector" represents an endpoint by which requests are received
  and responses are returned. Each Connector passes requests on to the
  associated "Container" (normally an Engine) for processing.
  By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
  You can also enable an SSL HTTP/1.1 Connector on port 8443 by
  following the instructions below and uncommenting the second Connector
  entry. SSL support requires the following steps (see the SSL Config
  HOWTO in the Tomcat 5 documentation bundle for more detailed
  instructions):
  * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
  later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
  * Execute:
  %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
  $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
  with a password value of "changeit" for both the certificate and
  the keystore itself.
  By default, DNS lookups are enabled when a web application calls
  request.getRemoteHost(). This can have an adverse impact on
  performance, so you can disable it by setting the
  "enableLookups" attribute to "false". When DNS lookups are disabled,
  request.getRemoteHost() will return the String version of the
  IP address of the remote client.
  -->
  <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
  <Connector
  port="5050" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" redirectPort="8443" acceptCount="100"
  connectionTimeout="20000" disableUploadTimeout="true" />
  <!-- Note : To disable connection timeouts, set connectionTimeout value
  to 0 -->
       <!-- Note : To use gzip compression you could set the following properties :
                 compression="on"
                 compressionMinSize="2048"
                 noCompressionUserAgents="gozilla, traviata"
                 compressableMimeType="text/html,text/xml"
       -->
  <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
  <!--
  <Connector port="8443"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" disableUploadTimeout="true"
  acceptCount="100" scheme="https" secure="true"
  clientAuth="false" sslProtocol="TLS" />
  -->
  <!-- Define an AJP 1.3 Connector on port 8009 -->
  <Connector port="8009"
  enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
  <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
  <!-- See proxy documentation for more information about using this. -->
  <!--
  <Connector port="8082"
  maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
  enableLookups="false" acceptCount="100" connectionTimeout="20000"
  proxyPort="80" disableUploadTimeout="true" />
  -->
  <!-- An Engine represents the entry point (within Catalina) that processes
  every request. The Engine implementation for Tomcat stand alone
  analyzes the HTTP headers included with the request, and passes them
  on to the appropriate Host (virtual host). -->
  <!-- You should set jvmRoute to support load-balancing via AJP ie :
  <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1">
  -->
  <!-- Define the top level container in our container hierarchy -->
  <Engine name="Catalina" defaultHost="localhost">
  <!-- The request dumper valve dumps useful debugging information about
  the request headers and cookies that were received, and the response
  headers and cookies that were sent, for all requests received by
  this instance of Tomcat. If you care only about requests to a
  particular virtual host, or a particular application, nest this
  element inside the corresponding <Host> or <Context> entry instead.
  For a similar mechanism that is portable to all Servlet 2.4
  containers, check out the "RequestDumperFilter" Filter in the
  example application (the source for this filter may be found in
  "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
  Request dumping is disabled by default. Uncomment the following
  element to enable it. -->
  <!--
  <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
  -->
  <!-- Because this Realm is here, an instance will be shared globally -->
  <!-- This Realm uses the UserDatabase configured in the global JNDI
  resources under the key "UserDatabase". Any edits
  that are performed against this UserDatabase are immediately
  available for use by the Realm. -->
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
  resourceName="UserDatabase"/>
  <!-- Comment out the old realm but leave here for now in case we
  need to go back quickly -->
  <!--
  <Realm className="org.apache.catalina.realm.MemoryRealm" />
  -->
  <!-- Replace the above Realm with one of the following to get a Realm
  stored in a database and accessed via JDBC -->
  <!--
  <Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="org.gjt.mm.mysql.Driver"
  connectionURL="jdbc:mysql://localhost/authority"
  connectionName="test" connectionPassword="test"
  userTable="users" userNameCol="user_name" userCredCol="user_pass"
  userRoleTable="user_roles" roleNameCol="role_name" />
  -->
  <!--
  <Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="oracle.jdbc.driver.OracleDriver"
  connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
  connectionName="scott" connectionPassword="tiger"
  userTable="users" userNameCol="user_name" userCredCol="user_pass"
  userRoleTable="user_roles" roleNameCol="role_name" />
  -->
  <!--
  <Realm className="org.apache.catalina.realm.JDBCRealm"
  driverName="sun.jdbc.odbc.JdbcOdbcDriver"
  connectionURL="jdbc:odbc:CATALINA"
  userTable="users" userNameCol="user_name" userCredCol="user_pass"
  userRoleTable="user_roles" roleNameCol="role_name" />
  -->
  <!-- Define the default virtual host
  Note: XML Schema validation will not work with Xerces 2.2.
  -->
  <Host name="localhost" appBase="webapps"
  unpackWARs="true" autoDeploy="true"
  xmlValidation="false" xmlNamespaceAware="false">
  <!-- Defines a cluster for this node,
  By defining this element, means that every manager will be changed.
  So when running a cluster, only make sure that you have webapps in there
  that need to be clustered and remove the other ones.
  A cluster has the following parameters:
  className = the fully qualified name of the cluster class
  name = a descriptive name for your cluster, can be anything
  mcastAddr = the multicast address, has to be the same for all the nodes
  mcastPort = the multicast port, has to be the same for all the nodes
  mcastBindAddr = bind the multicast socket to a specific address
  mcastTTL = the multicast TTL if you want to limit your broadcast
  mcastSoTimeout = the multicast readtimeout
  mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
  mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
  tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
  tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
  in case of multiple ethernet cards.
  auto means that address becomes
  InetAddress.getLocalHost().getHostAddress()
  tcpListenPort = the tcp listen port
  tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
  has a wakup bug in java.nio. Set to 0 for no timeout
  printToScreen = true means that managers will also print to std.out
  expireSessionsOnShutdown = true means that
  useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
  false means to replicate the session after each request.
  false means that replication would work for the following piece of code: (only for SimpleTcpReplicationManager)
  <%
  HashMap map = (HashMap)session.getAttribute("map");
  map.put("key","value");
  %>
  replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
  * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
  * Synchronous means that the thread that executes the request, is also the
  thread the replicates the data to the other nodes, and will not return until all
  nodes have received the information.
  * Asynchronous means that there is a specific 'sender' thread for each cluster node,
  so the request thread will queue the replication request into a "smart" queue,
  and then return to the client.
  The "smart" queue is a queue where when a session is added to the queue, and the same session
  already exists in the queue from a previous request, that session will be replaced
  in the queue instead of replicating two requests. This almost never happens, unless there is a
  large network delay.
  -->
  <!--
  When configuring for clustering, you also add in a valve to catch all the requests
  coming in, at the end of the request, the session may or may not be replicated.
  A session is replicated if and only if all the conditions are met:
  1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
  2. a session exists (has been created)
  3. the request is not trapped by the "filter" attribute
  The filter attribute is to filter out requests that could not modify the session,
  hence we don't replicate the session after the end of this request.
  The filter is negative, ie, anything you put in the filter, you mean to filter out,
  ie, no replication will be done on requests that match one of the filters.
  The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
  filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
  ending with .gif and .js are intercepted.
  The deployer element can be used to deploy apps cluster wide.
  Currently the deployment only deploys/undeploys to working members in the cluster
  so no WARs are copied upons startup of a broken node.
  The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
  When a new war file is added the war gets deployed to the local instance,
  and then deployed to the other instances in the cluster.
  When a war file is deleted from the watchDir the war is undeployed locally
  and cluster wide
  -->
  <!--
  <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
  managerClassName="org.apache.catalina.cluster.session.DeltaManager"
  expireSessionsOnShutdown="false"
  useDirtyFlag="true"
  notifyListenersOnReplication="true">
  <Membership
  className="org.apache.catalina.cluster.mcast.McastService"
  mcastAddr="228.0.0.4"
  mcastPort="45564"
  mcastFrequency="500"
  mcastDropTime="3000"/>
  <Receiver
  className="org.apache.catalina.cluster.tcp.ReplicationListener"
  tcpListenAddress="auto"
  tcpListenPort="4001"
  tcpSelectorTimeout="100"
  tcpThreadCount="6"/>
  <Sender
  className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
  replicationMode="pooled"
  ackTimeout="15000"/>
  <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
  filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
  <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
  tempDir="/tmp/war-temp/"
  deployDir="/tmp/war-deploy/"
  watchDir="/tmp/war-listen/"
  watchEnabled="false"/>
  </Cluster>
  -->
  <!-- Normally, users must authenticate themselves to each web app
  individually. Uncomment the following entry if you would like
  a user to be authenticated the first time they encounter a
  resource protected by a security constraint, and then have that
  user identity maintained across all web applications contained
  in this virtual host. -->
  <!--
  <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
  -->
  <!-- Access log processes all requests for this virtual host. By
  default, log files are created in the "logs" directory relative to
  $CATALINA_HOME. If you wish, you can specify a different
  directory with the "directory" attribute. Specify either a relative
  (to $CATALINA_HOME) or absolute path to the desired directory.
  -->
  <!--
  <Valve className="org.apache.catalina.valves.AccessLogValve"
  directory="logs" prefix="localhost_access_log." suffix=".txt"
  pattern="common" resolveHosts="false"/>
  -->
  <!-- Access log processes all requests for this virtual host. By
  default, log files are created in the "logs" directory relative to
  $CATALINA_HOME. If you wish, you can specify a different
  directory with the "directory" attribute. Specify either a relative
  (to $CATALINA_HOME) or absolute path to the desired directory.
  This access log implementation is optimized for maximum performance,
  but is hardcoded to support only the "common" and "combined" patterns.
  -->
  <!--
  <Valve className="org.apache.catalina.valves.FastCommonAccessLogValve"
  directory="logs" prefix="localhost_access_log." suffix=".txt"
  pattern="common" resolveHosts="false"/>
  -->
  <Context path="/tdm" docBase="tdm" debug="0" reloadable="true" />
  </Host>
  </Engine>
  </Service>
  </Server>
  I have set the context path to /tdm in the server.xml file. Should this be placed in context.xml?
  My first page in the project is called Homepage.html. To start my project I give http://localhost:5050/tdm/homepage.html
  in a browser. Here I accept a username and password from the user and then do the validation in
  a valid.jsp file, where I connect to the database and check and use jsp:forward to go to next pages
  accordingly. However when I enter the username and password and click Go in the homepage, nothing is
  displayed on the next page. The URL in the browser says valid.jsp but a blank screen appears.
  WHY DOES IT HAPPEN SO? DOES IT MEAN THAT TOMCAT IS NOT RECOGNIZING JAVA IN MY SYSTEM OR IS IT A PROBLEM
  WITH THE DATABASE CONNECTION OR SOMETHING ELSE? I FEEL THAT TOMCAT IS NOT EXECUTING JSP COMMANDS?
  IS IT POSSIBLE?WHY WILL THIS HAPPEN?
  I set the JAVA_HOME and CATALINA_HOME environment to the jdk and tomcat folders resp.
  Is there any other thing that I need to set in classpath? Should I have my project as a
  WAR file in the webapps of TOMCAT or just a folder i.e. directory structure will fine?

• Problem with configuration supporting point in MD62

  Hi,
  well I have detected a problem with my planned independent requirements for some materials.
  The materials that are concerned are semifinished product which have an active BOM.
  Example :
  material A composed with material B and C.
  On the material A I have the strategy group 54. For these materials I have "VSE" PIR.
  The problem is that for many materials, the VSE needs can not be seen by components.
  Example, on material A, I have a VSE need on 15.02.2010, MRP generates a planned order on 15.02.2010 on material A. No problem but I have in MD04 an alert 52 for these PO.
  I go to material B or C in MD04 and I don't see any needs ! The planned order needs have not been splitted to the components.
  I have seen that if I go to MD62 for material A and if I click on "Configuration supporting point", everything is OK after next MRP Run but the problem seems to go back after few days.
  The strange thing is that it works perfectly for some materials and it doesn't work for others materials although there is no differences between data of these materials !
  Finally, I have to say that program RM60RR20 is turning every night and I have seen that there are some calls to function DELETE_SUPPOINT. Maybe this program is deleting the supporting point but it should recreate the supporting point after...
  Is there anybody which know how this program is working or why sometimes my supporting point is deleted without being recreate ?
  Thanks.

  Hi Frederico,
  Have you tried typing the query in query manager and are you sure you've selected the correct column? You can check the column name if you switch system information on and verifying the values in the database for that column.
  Hope it helps,
  Adele

• Ibooks - Problem with configuration of my iPhone. Please Restore?

  I had bought a book on my iPad today .. and I sync'd it with my iPhone so I can read it on my iPhone as well .. but when I open the book it says " There is a problem with the configuration of your iPhone. Please restore with iTunes and reinstall iBooks."
  anybody know what is going on?

  Hi Kern,
  It sounds like you jailbroke you iPhone. Try restoring it and setting it up as a new device.
  This article discusses that error.
  WTH.

• Problem with configuring the application in websphere

  Hi,
  We have taken the back up of war file which was working and have deployed the same,We are using websphere as the application server due to some problem with the configuration we are getting the following error when we are trying to run the application.
  Could any one please suggest on the same.
  [7/22/08 5:04:30:766 EDT] 9f0473c WebGroup E SRVE0026E: [Servlet Error]-[GAServlet]: java.lang.NoClassDefFoundError: Error while defining class: com.xxrx.ga.al.GAServlet
  This error indicates that the class: com.objectframe.servlet.OFServlet
  could not be located while defining the class: com.xxrx.ga.al.GAServlet
  This is often caused by having the class at a higher point in the classloader hierarchy
  Dumping the current context classloader hierarchy:
  ==> indicates defining classloader
  *** indicates classloader where the missing class could have been found
  ==>[0]
  com.ibm.ws.classloader.CompoundClassLoader@1fec073f
  Local ClassPath: C:\Documents and Settings\XG\Desktop\MyWorkspace\XG_Pilot\WebContent\WEB-INF\classes;C:\Documents and Settings\XG\Desktop\MyWorkspace\activation1;C:\Documents and Settings\XG\Desktop\MyWorkspace\classes121;C:\Documents and Settings\XG\Desktop\MyWorkspace\CLIENT-GDDRel40-QA.71;C:\Documents and Settings\XG\Desktop\MyWorkspace\cos1;C:\Documents and Settings\XG\Desktop\MyWorkspace\ejs1;C:\Documents and Settings\XG\Desktop\MyWorkspace\fscontext1;C:\Documents and Settings\XG\Desktop\MyWorkspace\jfoundations1;C:\Documents and Settings\XG\Desktop\MyWorkspace\JRAPI-GDDRel40-QA.71;C:\Documents and Settings\XG\Desktop\MyWorkspace\LOADER-GDDRel40-QA.71;C:\Documents and Settings\XG\Desktop\MyWorkspace\log4j1;C:\Documents and Settings\XG\Desktop\MyWorkspace\mail1;C:\Documents and Settings\XG\Desktop\MyWorkspace\MAILER-GDDRel40-QA.71;C:\Documents and Settings\XG\Desktop\MyWorkspace\mvcf-1.0.21;C:\Documents and Settings\XG\Desktop\MyWorkspace\providerutil1;C:\Documents and Settings\XG\Desktop\MyWorkspace\REPORT-GDDRel40-QA.71;C:\Documents and Settings\XG\Desktop\MyWorkspace\XG_Pilot\WebContent;
  Delegation Mode: PARENT_FIRST
  [1] com.ibm.ws.classloader.JarClassLoader@531728191 Local Classpath: Delegation mode: PARENT_FIRST
  [2] com.ibm.ws.classloader.ExtJarClassLoader@1932756796 Local ClassPath: E:\XIP\IBM\WebSphere Studio\Application Developer IE\v5.1\runtimes\ee_v51\lib\app; Delegation Mode: PARENT_LAST
  [3] com.ibm.ws.classloader.ProtectionClassLoader@723a473c
  [4] com.ibm.ws.bootstrap.ExtClassLoader@3822873d
  [5] sun.misc.Launcher$AppClassLoader@383fc73d
  [6] sun.misc.Launcher$ExtClassLoader@3833c73d
  ---Original exception---
  java.lang.NoClassDefFoundError: com/objectframe/servlet/OFServlet
  at java.lang.ClassLoader.defineClass0(Native Method)
  at java.lang.ClassLoader.defineClass(ClassLoader.java(Compiled Code))
  at java.security.SecureClassLoader.defineClass(SecureClassLoader.java(Compiled Code))
  at com.ibm.ws.classloader.CompoundClassLoader._defineClass(CompoundClassLoader.java:446)
  at com.ibm.ws.classloader.CompoundClassLoader.findClass(CompoundClassLoader.java(Compiled Code))
  at com.ibm.ws.classloader.CompoundClassLoader.loadClass(CompoundClassLoader.java:300)
  at java.lang.ClassLoader.loadClass(ClassLoader.java(Compiled Code))
  at java.beans.Beans.instantiate(Beans.java:201)
  at java.beans.Beans.instantiate(Beans.java:62)
  at com.ibm.ws.webcontainer.webapp.WebAppServletManager.loadServlet(WebAppServletManager.java:188)
  at com.ibm.ws.webcontainer.webapp.WebAppServletManager.getServletReference(WebAppServletManager.java:455)
  at com.ibm.ws.webcontainer.webapp.WebApp.getServletReference(WebApp.java:652)
  at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcherInfo.calculateInfo(WebAppRequestDispatcherInfo.java:187)
  at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcherInfo.<init>(WebAppRequestDispatcherInfo.java:68)
  at com.ibm.ws.webcontainer.webapp.WebApp.getRequestDispatcher(WebApp.java:1462)
  at com.ibm.ws.webcontainer.webapp.WebApp.getRequestDispatcher(WebApp.java:1421)
  at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:268)
  at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
  at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:182)
  at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:334)
  at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
  at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:618)
  at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:443)
  at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:672)
  --- end Original exception----

  Hi Guillaume,
  I have been "playing" with section you mentioned since yesterday, but I could reach my goal :(
  An example of the problem is as following:
  Manager 1 is added to both “Project Managers” and “Resource Managers”. Accordingly he is added to “My Projects” category permission.
  Manager2.TeamLead1 (not a descendent of Manager 1) is added to only “Project Managers” and accordingly he is added to “My Projects” category permission.
  I want (Manager2.TeamLead1)’s projects to viewable only for his Manager 2 (and the Director), not for Manager 1, because the Manager1 is not responsible for managing his work
  How can I achieve that ?? :)
  Thanks,

• Problems with Configuration of AdobeInteractiveForms

  Hello everbody,
  I have installed/deployded
  - SP11 of Netweaver Developer Studio
  - Adobe Acrobat Reader 6.02
  - Adobe Document Services SP 11
  I have cofigured the Adobe Document Services according to the "Adobe Document Service Configuration Guide"
  Everthing worked fine, except for the Installation of The Credential:
  In page 24 in chapter "4.4 Registering the Password for a Credential" it says:
  To register the password for a credential:
  1. Log on to the Visual Administrator
  2. Choose Services -> Document Services Configuration
  3. select Credentials
  4. Choose Browse to search for the name of the credential
  When I click Browse I get the following error:
  An error occured when indexing the credential files:
  com.adobe.services.sap.configuration.ConfigurationException:...
  org.com.CORBA.BAD_OPERATION: The delegate has not been set! vmcid:0x0 minor code:0 completed:No
  Despite this problem, I have been trying to create an Interactive Form via WebDynpro. On "Deploy new Archive an run", the following error is returned in the browser:
  "java.lang.NullPointerException
       at com.sap.tc.webdynpro.pdfobject.core.PDFObject.checkResponseStatus(PDFObject.java:334)
       at com.sap.tc.webdynpro.pdfobject.core.PDFObject.doSoapCall(PDFObject.java:266)
       at com.sap.tc.webdynpro.pdfobject.core.PDFObject.createPDF(PDFObject.java:209)
  Another interesting effect is, that I get a 404 when calling http://localhost:50000/adobe/RegisterCredential
  Calling http://localhost:50000/AdobeDocumentServices/Config is working fine.
  I have tried already to undeploy and redeploy the Adobe Document Services without any effect.
  Has anybody experienced the same problem?
  Regards,
  Andreas Putscher

  Thanks,
  Moving the shared drive into the dock solves the problem. We have worked with it over the weekend. Access to the shared drive is now responding as expected, the problems with iTunes are gone and also the info of the files and directories is working fine.
  Regards

• Problem with configuration settings.

  I have a Nokia 3110 classic .Recently I had a problem with Personal Configuration settings .
  When I want to add new App types it displays "Cannot add new account.Memory Full."
  So I also cannot be able to save Configuration settings as it displays"Only 70 sets allowed.Settings discarded".
  So please help me.
  Solved!
  Go to Solution.

  A workaround is available on internet, Not on this forum. But i am afraid i am not allowed to post it here.
  Try to Google this keyword " Only 70 sets allowed.Settings discarded"
  Previous Phones: 6600, 7610, 6230, 6230i, 1100, 1112, N70, N73, N95, N95 8GB, 5800XM, 5230, C5, iPhone 3GS, SE Xperia X10, N900, N8, SE Xperia Arc
  Current Phones: Nokia N9, iPhone 4

• Build shared problem with configure / config.guess

  Hi,
  I'm constructing some 3rd party libraries from source level with configure/automake in Suse 9.2. A common mistake in all libs is done by config.guess: it prints out "i686-pc-linux-gnuaout" which switch off the shared support at all. It's easy to workaround by print "i686-pc-linux" instead directly from configure:
  ac_config_guess="echo i686-pc-linux"
  Then the shared support is enabled and there left some minor problems with linker options -soname and --rpath. Then some libs can create the shared libs, for instance the apr and xml2.
  Others do not, for instance log4cxx and acetao, but they do not produce any error. It looks like that simply the shared link step is not done, however the symbolic links to the release version are done. I also tryed with LD=CC and LD=cc instead of the gnu ld, but then already in config.log the shared support is not recognized. If I build by hand:
  cc -shared *.o -o libACE.so
  it seems to work and the result usable by applications. Since acatao includes lots of libraries to build, the manual creation is not handy / possible. So any hint to solving that are welcome. I'm using the latest sunstudio version (feb2007).
  thanx rolf

  It really depends on autoconf/libtool version those libs are using.
  Till the most recent versions libtool had absolutely no clue that SunStudio exists on Linux. And default fallback happened to be gcc.
  If you give me some specific lib (source URL or name/version) I can tell you why this lib does not configure with Sun Studio :)
  Most recent version of autoconf is wize enough to handle Sun Studio on Linux. So one of the solutions for the libs might be to upgrade to a newer autoconf. Not what common user would commonly do though...
  regards,
  __Fedor.

• Probleme with sharing, acl and posix

  i have xserve and xraid on 10.5.6
  all datas are on xraid volume
  but all rules are ignored
  sharing is ok but acl & posix are ignored for all sharing in xraid volume but ok in internal HD
  in terminal
  sudo fsaclctl -a /Volumes/XRAID/
  return
  ProcessVolume: processing /Volumes/XRAID
  Access control lists are supported on /Volumes/XRAID.
  ProcessVolume: processing
  error (-1) from . (Unknown error: -1). Support for access control lists is unknown.
  ProcessVolume: processing
  error (-1) from . (Unknown error: -1). Support for access control lists is unknown.
  any idea??

  Hi Tony,
  I've already had a look at Gerrit's explanation and it certainly clears things up. The way it is currently configured does actually work (I did some testing with regard to the 4th user creating folders) due to the ACLs being inherited.
  Basically, everything is working as it is, but it's just a bit of a bodge job (I think) having people using the same log-in account (albeit different short names, creating a pseudo-group).
  If Finder Comments were editable by users with RW access, rather than only the file owner, it would all work delightfully. I'm really surprised that this issue hasn't been raised before, which is leading me to believe that something in the way our permissions are set up is causing the problem. I even tried giving explicit write permissions to the .DS_Store file, but it still doesn't allow people to write comments.
  I did read somewhere that someone reckons that people with RW permissions (and not the file owner) can write Finder comments. Can anyone verify/de-verify (is that a word?!) this?
  Thanks,
  Tom

• PI 7.11 problem with configuration wizard

  hello guys,
  during the configuration wizard to use PI functionalty of my PI system I receive a massage regarding the not correct registration of my system into SLD
  ABAP technical system 'SID on HOSTNAME\SID' not found . But it's correctly in the abap technical systems.
  What could be wrong? Is it related to the fact I performed a NAMED INSTANCE installation with MSSQL ?
  anyone of us had the same problem?

  Hello Bruno,
  Please follow the MANUAL wizard from the link below:
  http://help.sap.com/saphelp_nwpi71/helpdata/EN/a0/40084136b5f423e10000000a155106/frameset.htm
  Perhaps the automatic wizard could lead to a lot of problems.
  It should solve the issue with the wizard.
  Regards,
  Caio Cagnani