Problem With PXE Across Subnets
I'm having a problem with PXE across subnets. The workstation boots,
finds the dhcp server, finds the tftp server, downloads linux.1 and
linux.2 with no problem. It is unable to download linux3.tgz, however.
I've tried two different zen servers. I can tftp the file from either
zen server in windows with no problem. I can tftp it from maintenance
mode if I use a workstation as a tftp server. I can tftp it in PXE on
the same subnet with no problems.
A packet trace on the workstation shows that it gets so far into the
download and then begins getting ICMP 'destination unreacable' packets
from the server with the 'port unreachable' flag set.
It sounds as if the server is closing the conversation on that port.
Can anyone shed any light on this for me?
Dave Thomas
Rivercrest Technologies, Inc.
Could you send me that trace? I would like to have a quick look
Ron
[email protected]
<[email protected]> wrote in message
news:iNOie.234$[email protected]..
> The source address is the zen server. I'm relatively certain there is
> not routing issue because I can tftp the file from windows with no issues
> etc. Also there are a lot of other services crossing the subnets that
> would fail if there is a routing issue.
>
> The 'port unreachable' flag seems to indicate that the zen server has
> stopped listening on the port that is being used for the transfer.
>
> Dave Thomas
>
> > Where do these ICMP "destination unreacable" come from? could there be a
> > routing issue to get to the imaging server?
> >
> > Ron
> >
> > <[email protected]> wrote in message
> > news:[email protected] oups.com...
> > > I'm having a problem with PXE across subnets. The workstation boots,
> > > finds the dhcp server, finds the tftp server, downloads linux.1 and
> > > linux.2 with no problem. It is unable to download linux3.tgz,
> however.
> > >
> > >
> > > I've tried two different zen servers. I can tftp the file from either
> > > zen server in windows with no problem. I can tftp it from maintenance
> > > mode if I use a workstation as a tftp server. I can tftp it in PXE on
> > > the same subnet with no problems.
> > >
> > > A packet trace on the workstation shows that it gets so far into the
> > > download and then begins getting ICMP 'destination unreacable' packets
> > > from the server with the 'port unreachable' flag set.
> > >
> > > It sounds as if the server is closing the conversation on that port.
> > >
> > > Can anyone shed any light on this for me?
> > >
> > > Dave Thomas
> > > Rivercrest Technologies, Inc.
> > >
> >
> >
>
Similar Messages
-
Kernel Panic with Netboot Across Subnet Intel iMac
I have a problem with trying to netboot a intel iMac across the subnet. It connects up goes to the spinning globe then the spinning globe stops spinning and I get a kernel panic.
I've tested that the mac can netboot in the same subnet as the netboot server. But I've got no idea why it's getting a kernel panic when trying to netboot across the subnet.
I'm using bombichs NBAS version 1.2
OS X 10.4.6 Server on the netboot server
I've created the intel netboot image via the updated 10.4.6 "System Image Utility" and have enabled it via Server Admin.
Here is the log I get after the restart.
============================================
panic(cpu 0 caller 0x002B7C75): nfsbootgetfh(v2,UDP) failed with 2
Backtrace, Format - Frame : Return Address (4 potential args on stack)
0x1396b994 : 0x128b5e (0x3bbeb8 0x1396b9b8 0x131bbc 0x0)
0x1396b9d4 : 0x2b7c75 (0x3d3fb0 0x2 0x0 0x2)
0x1396bdb4 : 0x2d027a (0x120a358 0x24a9c00 0xc 0x10)
0x1396bea4 : 0x1c6e6c (0x1 0x23b20c0 0x2466420 0x2486e00)
0x1396bee4 : 0x3111ab (0x23584c0 0x1 0x1396bf98 0x20)
0x1396bfb4 : 0x136e86 (0x0 0x7 0xfffff7ff 0x4a1000)
0x1396bfd4 : 0x197a21 (0x0 0xffffffff 0x4461f8 0x4a1000) Backtrace terminated-invalid frame pointer 0x0
Kernel version:
Darwin Kernel Version 8.6.1: Tue Mar 7 16:55:45 PST 2006; root:xnu-792.9.22.obj~1/RELEASE_I386
Model: iMac4,1, BootROM IM41.0039.B00, 2 processors, Intel Core Duo, 1.83 GHz, 1 GB
Graphics: ATI Radeon X1600, ATY,RadeonX1600, PCIe, 128 MB
Memory Module: DIMM1/BANK 1, 1 GB, DDR2 SDRAM, 667 MHz
AirPort: spairportwireless_card_type_airportextreme (0x14E4, 0x89), 103.2 (3.120.28.3)
Bluetooth: Version 1.7.3f4, 2 service, 1 devices, 1 incoming serial ports
Network Service: Built-in Ethernet, Ethernet, en0
Serial ATA Device: WDC WD1600JS-40NGB2, 149.05 GB
Parallel ATA Device: PIONEER DVD-RW DVR-K05
USB Device: Built-in iSight, Micron, Up to 480 Mb/sec, 500 mA
USB Device: Hub in Apple Pro Keyboard, Mitsumi Electric, Up to 12 Mb/sec, 500 mA
USB Device: Apple Optical USB Mouse, Logitech, Up to 1.5 Mb/sec, 100 mA
USB Device: Apple Pro Keyboard, Mitsumi Electric, Up to 12 Mb/sec, 250 mA
USB Device: Bluetooth HCI, Up to 12 Mb/sec, 500 mA
USB Device: IR Receiver, Apple Computer, Inc., Up to 12 Mb/sec, 500 mA
Hope someone can help me with this problem
Cheers,
BerrySee
What is a kernel panic,
Technical Note TN2063: Understanding and Debugging Kernel Panics,
Mac OS X Kernel Panic FAQ,
Resolving Kernel Panics, and
Tutorial: Avoiding and eliminating Kernel panics for more details. -
Problems with iMessage across mobile devices
My wife and I both have iOS 5 on our iPhone 4's, and I have iOS 5 on my iPad 2 as well. I receive her messages from her phone on both my iPhone and my iPad, but my iPad won't let me reply: the Send button is blue, but the word "Send" stays grey, and won't function. Obviously it is receiving messages just fine, so I have something right in the settings, but why can't I send a message? It doesn't matter whether I am in my home wi-fii, or running across 3G- it won't work either way. Please help!
I am having huge problems with imessage. I go to send an imessage and the sending bar at the top gets to around 90% and then just stops. It takes around 10 minutes before it finally says fails. Often you dont even realise it has failed as it says it has sent, yet when you check your phone there is a red dot against it. This is a huge problem both in and out of wifi areas. My phone is usless when trying to text my wife who also has an iphone 4s as it only sends an imessage around 50% of the times I Try.
-
Problem with Pxe on IBM ThinkCenter
I am having a problem getting Zen 7 Imaging to work on IBm ThinkCenter 6072
desktops. I receive an ip address and going through the process seems to
work up until it actually goes into the Zen bash prompt to start the
program. The error reads "no network device found. Load network module
first". We run Zen 7 sp1 ir2 on a NW6.5 sp5 server. My ultimate goal is to
be able to run multcast image operations on the new IBM machines we just got
in.
MikeMost of the new ibms, laptops and desktop will not pxe boot. Any
thoughts????
"Mberg" <[email protected]> wrote in message
news:mJbHj.933$[email protected]..
> One more thing. These machines will pxe boot with a bootcd and allow me to
> image.
>
>
> "Mberg" <[email protected]> wrote in message
> news:lIbHj.931$[email protected]..
>>I am having a problem getting Zen 7 Imaging to work on IBm ThinkCenter
>>6072 desktops. I receive an ip address and going through the process seems
>>to work up until it actually goes into the Zen bash prompt to start the
>>program. The error reads "no network device found. Load network module
>>first". We run Zen 7 sp1 ir2 on a NW6.5 sp5 server. My ultimate goal is to
>>be able to run multcast image operations on the new IBM machines we just
>>got in.
>>
>> Mike
>>
>
> -
Problem with PXE install of T500
At my firm we have got a T500 for test and we are trying to make it run with our PXE environment.
We run PXE boot with Dos, and get a failure upon unattended installation of XP, something like "The Installation has run out of memory, and can not continue" roughly translated from danish.
We already have about 12 different machines in our setup, like T43, T60, T61 and they all run flawlessly in our setup. However this T500 kills the installation right after copying files to the partitioned harddrive.
We had this problem before and had to trim down bios functions to get enough memory free for the installation. But what can we trim on the bios of the T500? (type 2241-CTO)
Hope to get a fast reply
Kind regards
//CosmodkDisable Intel ATM from bios. This should free some memory.
Also fixes so issues with altiris pxe server if you are using it? -
Problem with persistence across scenes
I have a student who has created some code- see below. At the moment this code is in Scene 5 - but the blocks also appear on other scenes.
How does he limit this code to just one scene?
Can he replicate this to be used on other scenes, but starting out fresh.
Currently, 50 blocks spawn on top of one another. These are used for teaching addition or multiplication. When they've been dragged out into a pattern, we don't want that pattern on another scene, we want them on on top of the other.
The code is not overly elegant, but it does work - except for being repeated across scenes.
block = []
//this function creates a block at a certain location and adds it to an array
//new identifiers are block30 and so on
function spawnBlock(){
blockSpawn = attachMovie("block","block"+_root.getNextHighestDepth(),_root.getNextHighestDepth(),{_x:5 50,_y:300});
block.push(blockSpawn._name);
//this runs the spawnBlock funtion 50 times creating 50 new blocks
//change 50 to the number of blocks desired
for(i=0;i<50;i++){
spawnBlock();
//trace(block[i]); //testing if the funtion was working
function dragSetup(clip){ //this is used to assign a movie clip to funtion that can be reused with each block that is created
clip.onPress = function(){
startDrag(this);
clip.onRelease = clip.onReleaseOutside=function(){ //same as above
stopDrag();
//this lets each block that is needed to be dragged
//add in more lines to let more blocks get dragged
dragSetup(block0);
dragSetup(block1);
dragSetup(block2);
dragSetup(block3);
dragSetup(block4);
dragSetup(block5);
dragSetup(block6);
dragSetup(block7);
dragSetup(block8);
dragSetup(block9);
remainder removed for brevity.use:
function clear_blockF():Void{
for(var i:Number=block.length-1;i>=0;i--){
this[block[i]].removeMovieClip();
block.length=0; -
Problems with communication across a network using shared variables
I have two programs(projects) running on two different computers connected with a LAN. I am using LabVIEW 8.0, and the DSC-module. The program on one of the computers have measurements that I want to collect and show on the program running on the other computer on the network. I choose the indicator where I want to show the data, select ''Properties'', ''Data binding'', ''Shared Variable Engine (NI-PSP)'', ''Network Items'' and then browse for a Network...but the problem is that in my ''Network Neighborhood'' There is only one computer...and that is the one I am one...not the computer on my Network that I want to communicate with....
Have anyone any suggestions on how to solve this?
Kind regards MariMari,
Check this link regarding trouble shooting network-published shared variables:
http://digital.ni.com/public.nsf/websearch/6E37AC5435E44F9F862570D2005FEF25?OpenDocument
This might be a firewall issue, so I would check that first.
Frode -
PXE across subnets using IP Helper Address
For 10 years I have been trying to get my network engineers to add an IP Helper address of our SCCM PXE Server in order to provide an Enterprise PXE service for our campus (Large University). And every year they keep telling me
they won’t do it due to security concerns. I’m not exactly sure what they mean or what they are afraid of but I am looking for others who have been in this same situation and have been able to accomplish what has been a never ending exercise in futility for
me. I am looking for a white paper or a case study that I can use to help build my case and hope that someday I can convince our engineers that the world won't come to an end by adding IP Helper addresses... they won’t do it due to security concerns. I’m not exactly sure what they mean or what they are afraid of..
You need to get to the bottom of their specific concerns....
PXE involves the use of TFTP (to download the NBP + boot.sdi + boot.wim).
TFTP is neither robust/resilient nor particularly secure.
But I'm guessing that the concern must surely be more related to the payload/content (i.e. what is within the boot image itself) that might be the worry?
The boot image (potentially) contains licensed products (not directly a security concern), and certificates, accounts, passwords, scripts ?
If you have the F8 debug feature enabled in your boot image, it could be used to "live boot" a computer, access the filesystem on that computer, and basically provide uncontrolled access to the files/documents/data on that computer (assuming that your computers
are not using any form of disk encryption).
For this last reason, F8-debug should not remain enabled for "normal" operation.
In our organisation, we mitigate that risk with disk encryption. We also don't distribute boot media nor full media - PXE is the only way we deploy OS (well, outside of the datacentre, that is).
Our networking team were initially concerned about PXE - but not from the security aspect, more from the capacity/bandwidth perspective. So we worked with them to plan/design/place the boot servers, and the DP's placement.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Problems with PXE boot for clients
Hi,
I have an environment where I have clients on av VLAN connected to a Cisco 2960X (WS-C2960X-48LPD-L ) with layer 3 configuration. The clients do a PXE boot to get configuration. The thing is that this does not work on all switches. The switches have the exact same configuration, the only thing that differs is Hardware Board Revision Number. (That I can find..) The ones that works has 0x05 and the ones that doesn´t work has 0x12. The PXE server is connected on a different VLAN in the same switch.
I have configured spanning-tree portfast on the interfaces. I have ip-helper on the VLAN. The PXE server is also the DHCP server.
Any suggestions?
Regards,
CarinaIt seems NIC teaming was configured really incorrectly in this case. Different switches require different configuration with specific settings on the Windows Server side. Sometimes incorrect configurations work when network traffic is low but start behaving
funny when it increases. The reason behind this is Windows hosts sending back answers to its peers via different physical links, and the switch doesn't expect it and drops "incorrect" frames.
You can find detailed description of different teaming modes here:
http://www.aidanfinn.com/?p=14004
If you use LACP, be sure to set up port channel on Cisco switches or LACP trunk on HP switches. Otherwise you might want to use the Switch Independent mode.
Evgeniy Lotosh
MCSE: Server infractructire, MCSE: Messaging -
NetBoot across subnets with a bootpd relay
Hello Apple Community!
I've got 4 subnets at my school, each with various Macs around campus. I have a Mavericks server on each subnet currently, each with their own NetBoot images. It's a pain to keep everything updated. I can get a single client Mac (pre-2011) to boot across subnets using the bless command, but that's not really a viable solution for us to run a bless command on each client every single time we want to netboot. So far, the solution has been just to have dedicated netboot servers on each subnet, but I know there has to be a better way.
This article (OS X Server: How to use NetBoot across subnets - Apple Support) describes three different methods for netbooting across subnets, but two of them are not really viable for us. Those involve reconfiguring the network to allow BootP data to pass across subnets or configuring one server with multiple network connections, one for each subnet. However, option #2 describes configuring a bootpd relay. Based on my reading, this sounds like exactly what I need. However, I can't find any good documentation to walk me through setting it up.
I've thoroughly read the bootpd man page, which has had me editing the /etc/bootpd.plist on multiple servers. This hasn't gotten me very far. My clients still don't see the remote NetBoot server. It seems like the relay is supposed to redirect broadcasts from the remote Netboot server, through a local NetBoot server to the client. But I have no idea how to make this work.
Could someone please give me more guidance on what I'm supposed to be doing here? I'd like to host a single NetBoot server and have any client on any subnet be able to option-boot to see the NetBoot startup options (I have multiple NetBoot images, from Apple Service Toolkit to DeployStudio and Mavericks/Yosemite installers in between). Even if I could get it to just netboot to one default source (AST), I could deal with that. I'm also happy to host multiple NetBoot servers, but with all my NetBoot images in one location. I'm stumped in this multiple subnet environment and I need help. Please help.Thanks again for your feedback. I had forgotten I left the "tftp://" on the IP address. Though, I've tried that multiple ways, starting with IP only. Also, per the bootpd man page (https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/ man8/bootpd.8.html), <allow/> and <deny/> are lists for MAC address allowances and when nothing is defined everything goes through. These are there by default, though I will remove them and see what happens. Also, according to the man page, bootp_enabled enables on all connections when a boolean is set rather than an array. Though I will still change this also and see what happens. The array that comes after the netboot_disabled key is auto-generated by NetInstall when you turn the service on in Server.app.
Essentially, that plist comes from a fresh activation of NetInstall. I deleted the previous .plist, rebooted the server and when I turned on NetInstall, that's what was created, plus my bootp modifications.
All that said, you said that you assumed I started the relay with the 'debug & logging' options enabled. I haven't started the relay in any active sense. So far, I've just been modifying this .plist, and rebooting a bunch of times, but that's where I seem to get lost. Is there a way to actively "start" the relay? I'd love to look at these 'debug & logging' options. As for the 'Startup Disk' prefs on the client Mac, they do not show any significant change. Basically, they just don't see the remote server as a startup option. I have not gleaned any pertinent info from console, though I'm not sure I know what I'm looking for.
On a side note, I had a wild hair to try something different. I set my local subnet's server to look at a NetBootSP0 folder that was actually a symlink to a NetBootSP0 folder that was mounted as a file share from the remote NetBoot server. This really looked like it might work. When you boot the client, it saw the startup volumes from the remote server. However, upon boot, it doesn't seem to make the connection and winds up booting back to the internal hard drive. It was worth a try... -
Two Cisco ASA 5505, IPSec Multiple Subnets, Problem with Phase2, DSL
Hi all.
we have following IPSec configuration:
ASA Site 1:
Cisco Adaptive Security Appliance Software Version 9.1(1)
crypto ipsec ikev1 transform-set TSAES esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set TSMD5 esp-3des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal PropAES256
access-list SITE_2 extended permit ip 172.27.0.0 255.255.0.0 172.27.97.0 255.255.255.0
access-list SITE_2 extended permit ip 172.28.60.0 255.255.254.0 172.27.97.0 255.255.255.0
access-list SITE_2 extended permit ip 172.22.0.0 255.255.0.0 172.27.97.0 255.255.255.0
access-list SITE_2 extended permit ip 172.27.0.0 255.255.0.0 172.27.99.0 255.255.255.0
access-list SITE_2 extended permit ip 172.22.0.0 255.255.0.0 172.27.99.0 255.255.255.0
crypto map CMVPN 5 match address SITE_2
crypto map CMVPN 5 set peer IP_SITE2
crypto map CMVPN 5 set ikev2 ipsec-proposal PropAES256
crypto map CMVPN interface OUTSIDE
route OUTSIDE 172.27.97.0 255.255.255.0 citic-internet-gw 255
route OUTSIDE 172.27.99.0 255.255.255.0 citic-internet-gw 255
tunnel-group IP_SITE2 type ipsec-l2l
tunnel-group IP_SITE2 general-attributes
default-group-policy VPN_S2S_WAN
tunnel-group IP_SITE2 ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
ASA Site 2:
Cisco Adaptive Security Appliance Software Version 9.1(4)
access-list SITE_1 extended permit ip 172.27.97.0 255.255.255.0 172.28.60.0 255.255.254.0
access-list SITE_1 extended permit ip 172.27.97.0 255.255.255.0 172.27.0.0 255.255.0.0
access-list SITE_1 extended permit ip 172.27.97.0 255.255.255.0 172.22.0.0 255.255.0.0
access-list SITE_1 extended permit ip 172.27.99.0 255.255.255.0 172.27.0.0 255.255.0.0
access-list SITE_1 extended permit ip 172.27.99.0 255.255.255.0 172.22.0.0 255.255.0.0
crypto map CMVPN 10 match address SITE_1
crypto map CMVPN 10 match address SITE_1
crypto map CMVPN 10 set peer IP_SITE1
crypto map CMVPN 10 set ikev2 ipsec-proposal IKEV2AES
crypto map CMVPN 10 set reverse-route
crypto map CMVPN interface OUTSIDE
tunnel-group IP_SITE1 type ipsec-l2l
tunnel-group IP_SITE1 general-attributes
default-group-policy VPN_S2S_WAN
tunnel-group IP_SITE1 ipsec-attributes
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
We are not able to reach from 172.22.20.x ips 172.27.99.x.
It seems so that the phase2 for this subnet is missing…...... as long as we try to reach from 172.27.99.x any ip in 172.22.20.x.
We are using similar configuration on many sites and it works correctly expect sites with DSL line.
We can exclude problem with NAT,ACL or routing. The connection is working fine as long as “we open all phase 2 manually” . After re-open (idle timeout) the tunnel the problem comes back.
Thanks in advance for your help.
Regards.
Jan
ASA Site 1# sh vpn-sessiondb detail l2l filter ipaddress ASA Site 2
Session Type: LAN-to-LAN Detailed
Connection : IP ASA Site 2
Index : 3058 IP Addr : IP ASA Site 2
Protocol : IKEv2 IPsec
Encryption : IKEv2: (1)AES256 IPsec: (3)AES256
Hashing : IKEv2: (1)SHA512 IPsec: (3)SHA1
Bytes Tx : 423634 Bytes Rx : 450526
Login Time : 19:59:35 HKT Tue Apr 29 2014
Duration : 1h:50m:45s
IKEv2 Tunnels: 1
IPsec Tunnels: 3
IKEv2:
Tunnel ID : 3058.1
UDP Src Port : 500 UDP Dst Port : 500
Rem Auth Mode: preSharedKeys
Loc Auth Mode: preSharedKeys
Encryption : AES256 Hashing : SHA512
Rekey Int (T): 86400 Seconds Rekey Left(T): 79756 Seconds
PRF : SHA512 D/H Group : 5
Filter Name :
IPv6 Filter :
IPsec:
Tunnel ID : 3058.2
Local Addr : 172.22.0.0/255.255.0.0/0/0
Remote Addr : 172.27.97.0/255.255.255.0/0/0
Encryption : AES256 Hashing : SHA1
Encapsulation: Tunnel
Rekey Int (T): 28800 Seconds Rekey Left(T): 22156 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4607648 K-Bytes
Idle Time Out: 25 Minutes Idle TO Left : 24 Minutes
Bytes Tx : 312546 Bytes Rx : 361444
Pkts Tx : 3745 Pkts Rx : 3785
IPsec:
Tunnel ID : 3058.3
Local Addr : 172.27.0.0/255.255.0.0/0/0
Remote Addr : 172.27.97.0/255.255.255.0/0/0
Encryption : AES256 Hashing : SHA1
Encapsulation: Tunnel
Rekey Int (T): 28800 Seconds Rekey Left(T): 22165 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4607952 K-Bytes
Idle Time Out: 25 Minutes Idle TO Left : 24 Minutes
Bytes Tx : 50014 Bytes Rx : 44621
Pkts Tx : 496 Pkts Rx : 503
IPsec:
Tunnel ID : 3058.4
Local Addr : 172.27.0.0/255.255.0.0/0/0
Remote Addr : 172.27.99.0/255.255.255.0/0/0
Encryption : AES256 Hashing : SHA1
Encapsulation: Tunnel
Rekey Int (T): 28800 Seconds Rekey Left(T): 22324 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4607941 K-Bytes
Idle Time Out: 25 Minutes Idle TO Left : 24 Minutes
Bytes Tx : 61074 Bytes Rx : 44461
Pkts Tx : 402 Pkts Rx : 437
NAC:
Reval Int (T): 0 Seconds Reval Left(T): 0 Seconds
SQ Int (T) : 0 Seconds EoU Age(T) : 6648 Seconds
Hold Left (T): 0 Seconds Posture Token:
Redirect URL :
.... after ping from 172.27.99.x any ip in 172.22.20.x.
ASA Site 1# sh vpn-sessiondb detail l2l filter ipaddress ASA Site 2
Session Type: LAN-to-LAN Detailed
Connection : IP ASA Site 2
Index : 3058 IP Addr : IP ASA Site 2
Protocol : IKEv2 IPsec
Encryption : IKEv2: (1)AES256 IPsec: (4)AES256
Hashing : IKEv2: (1)SHA512 IPsec: (4)SHA1
Bytes Tx : 784455 Bytes Rx : 1808965
Login Time : 19:59:35 HKT Tue Apr 29 2014
Duration : 2h:10m:48s
IKEv2 Tunnels: 1
IPsec Tunnels: 4
IKEv2:
Tunnel ID : 3058.1
UDP Src Port : 500 UDP Dst Port : 500
Rem Auth Mode: preSharedKeys
Loc Auth Mode: preSharedKeys
Encryption : AES256 Hashing : SHA512
Rekey Int (T): 86400 Seconds Rekey Left(T): 78553 Seconds
PRF : SHA512 D/H Group : 5
Filter Name :
IPv6 Filter :
IPsec:
Tunnel ID : 3058.2
Local Addr : 172.22.0.0/255.255.0.0/0/0
Remote Addr : 172.27.97.0/255.255.255.0/0/0
Encryption : AES256 Hashing : SHA1
Encapsulation: Tunnel
Rekey Int (T): 28800 Seconds Rekey Left(T): 20953 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4606335 K-Bytes
Idle Time Out: 25 Minutes Idle TO Left : 24 Minutes
Bytes Tx : 652492 Bytes Rx : 1705136
Pkts Tx : 7419 Pkts Rx : 7611
IPsec:
Tunnel ID : 3058.3
Local Addr : 172.27.0.0/255.255.0.0/0/0
Remote Addr : 172.27.97.0/255.255.255.0/0/0
Encryption : AES256 Hashing : SHA1
Encapsulation: Tunnel
Rekey Int (T): 28800 Seconds Rekey Left(T): 20962 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4607942 K-Bytes
Idle Time Out: 25 Minutes Idle TO Left : 24 Minutes
Bytes Tx : 60128 Bytes Rx : 52359
Pkts Tx : 587 Pkts Rx : 594
IPsec:
Tunnel ID : 3058.4
Local Addr : 172.27.0.0/255.255.0.0/0/0
Remote Addr : 172.27.99.0/255.255.255.0/0/0
Encryption : AES256 Hashing : SHA1
Encapsulation: Tunnel
Rekey Int (T): 28800 Seconds Rekey Left(T): 21121 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4607931 K-Bytes
Idle Time Out: 25 Minutes Idle TO Left : 24 Minutes
Bytes Tx : 70949 Bytes Rx : 50684
Pkts Tx : 475 Pkts Rx : 514
IPsec:
Tunnel ID : 3058.5
Local Addr : 172.22.0.0/255.255.0.0/0/0
Remote Addr : 172.27.99.0/255.255.255.0/0/0
Encryption : AES256 Hashing : SHA1
Encapsulation: Tunnel
Rekey Int (T): 28800 Seconds Rekey Left(T): 28767 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4608000 K-Bytes
Idle Time Out: 25 Minutes Idle TO Left : 24 Minutes
Bytes Tx : 961 Bytes Rx : 871
Pkts Tx : 17 Pkts Rx : 14
NAC:
Reval Int (T): 0 Seconds Reval Left(T): 0 Seconds
SQ Int (T) : 0 Seconds EoU Age(T) : 7852 Seconds
Hold Left (T): 0 Seconds Posture Token:
Redirect URL :Hi,
on 212 is see
tunnel-group 195.xxx.xxx.xxx type ipsec-l2l
tunnel-group 195.xxx.xxx.xxx ipsec-attributes
pre-shared-key
When you define the peer with static tunnel-group entry ASA is looking for peer configuration in static crypto map. If the peer is behind static NAT configure a proper static crypto map with matching acl and proposals.
If the peer is behind dynamic nat refer this example :http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/81883-ipsec-iosrtr-dyn-pix-nat.html
Regards,
Abaji. -
Problems with counter in renaming interface not maintaining consistency across multiple libraries
Happy New Year, all.
We have a problem in Aperture that I was curious if others had, and I'm hoping somebody has figured out a workaround they will share with me. Originally, we used Aperture and it had one huge library for our different types of photography. We had to change away from that setup because if there was a problem it would take ages to troubleshoot a ~500GB library and perform actions like rebuilding the library. We didn't want to do this, but splitting into six libraries has improved the speed in general and has made rebuilding smaller individual libraries quicker.
We shoot a lot of photos and want each photo to have a unique number (along with a custom name). We set up a rename option in Aperture that has "Custom Name_Counter" and set counter to be six digits. The problem this seemed to create is that the counter in the rename function doesn't produce a unique number consistently across libraries. If I'm in library A, and I rename a batch of files, the counter will go up and remember its last number as long as I stay in Library A. The minute I switch to Library B, the number is at where it was the last time I used Library B. This indicates to me that the preferences travel with the library.
Does anybody know a way that I can have a global preferences file, rather than a library preferences file? It seems it maybe used to be this way, but one of the version 3 upgrades forced me to delete a preferences file for the Facebook bug a couple of version 3 subversions ago.
On a different note, another problem with renaming is that it is so slow. Renaming master files for even 100 or so files takes minutes. Does anybody else have this happen? Sometimes it's faster, but I haven't been able to figure out a pattern to this.
I've submitted feature requests for revamping the renaming interface for Aperture for at least a couple of years. It never seems to improve. iView Media Pro, a program I used six years ago, had a great renaming setup and I wish Aperture
Maybe it's time to reinstall Aperture. I bought it on disc, so it's not through the App store. Does anybody have experience reinstalling? I would, of course, like to keep keywords and other preferences.hallerphoto wrote:
Machine is a Mac Pro dual quad-core 2.16 GHz.
I am unaware of a 2.16 GHz Mac Pro tower. Are you referring to a Macbook Pro or to an iMac? Or is it a configuration I am just unaware of?
My concern is that it seems that you may be making major workflow compromises that might be better dealt with by hardware changes as feasible. E.g. most 2.16 GHz Mac CPUs are about 1/6 as strong as a top Mac Pro today or about 1/4 as strong as today's Macbook Pros, and that has huge implications on Aperture performance.
Also, graphics processors of the 2.16 GHz era were ridiculously weak compared to modern Macs. Aperture has historically performed best with strong GPUs (e.g. the strongest G5 towers would not run Aperture without a GPU upgrade). If you stay with the existing box a GPU upgrade may (if feasible) be in order.
You did not mention RAM, which has defining impact on Aperture performance.
Even if no hardware upgrades are made, it is useful to know what hardware performance bottlenecks may exist. So some questions:
• Which Mac(s), exactly?
• Which OS version and which Aperture version?
• How much RAM is on board?
• If a Mac Pro, which GPU card is in use?
• What mass storage (hard drives and SSDs), how connected and how full?
Thanks.
-Allen -
Problems with *.zmg Image deploy via PXE
Hi all,
I am currently faced with the following problem unfortunately:
We use ZCM pre boot (pxe) to image our clients with a windows7.zmg image which was configured with sysprep.
The image is created on a PC, which has a 300GB HDD. The windows partition is over the total size of the hdd.
This imaging process on a new pc is as following script shows:
Code:
# Delete + MBR partition table
dd if = /dev/zero of=/dev/sda bs=512 count=1
# partition
fdisk /dev/sda << EOF
w
EOF
# imaging
img rp server IP path/to/image.zmg
This works quite well so far, with the only problem, that the partition on the new PC has the maximum of 300 GB. So if I image this image on a pc, which hdd has 500 GB, 200 GB will remain unpartitioned.
I have redesigned the imaging now follows:
Code:
# imaging
img pc1 NTFS
img rp server IP path/to/image.zmg a1: p1
img pa1
Now the entire HDD is used for the partition, but after the imaging the PC doesn`t boot, and stops with a black screen and a blinking cursor.
I am typing this on a problem with the mbr, but does not know how to fix it: (
I have to modify the imaging-process, that i can use the image on every HDD size with the result, that always the max partitionsize is used.hi all, i am having an issue where found out that Imaging Script cannot be used to multicast so i am running in to a problem now. If i push out an image via zcm script bundle it works fine with your suggestions but i cannot seem to figure out why the image wipes out all the hard drives in the systems during multicast image set or a single image load via pxe boot.
First problem:
if i push out an image via Zenworks Image preboot bundle file set is set to 1 it wipes out all the hardrvie in the system (tow hard drive, disk 0 and disk 1. i can certainly fix the disk resizing issue by adding a script to unattaned file after the image is loaded to resize the disk automatically using diskpart commands. which works fine.
Second problem:
here is what i did:
1. created an multicast Image Set
2. number of clients needed set to 1
3. Time out in five minutes
It does not load the image znd waits for session to start.
how can i automate this via zcm to make sure on pxe boot the both pcs receive the image as scheduled in zcm.
Please assist.
thank you. -
I own an iPhone 4s come across a problem with syncing music to my phone.
I own an iPhone 4s and I have recently come across a problem with syncing music to my phone. Whenever I try to sync it, nine or ten songs get synced then the sync cancels. It only syncs the first song on each album but not for all of them, some of the albums don't sync at all. I have been dealing with this problem for a while. I have updated iTunes to the newest update and iOS 7 to the newest update.
Well, the fact is, you have a carrier locked iPhone...locked to Verizon, to be specific. The only way that phone will work is if it is first activated on Verizon's network. Once you do that, you can then request that Verizon unlock the sim slot. However, once Verizon unlocks the sim slot, I doubt you'll be able to get the phone to work with any GSM carrier in the US. The unlocking of the sim slot is done for International travel outside of the US.
If you want to use Straight Talk, your best bet is to sell this phone & use the proceeds to purchase an officially unlocked iPhone 4S directly from Apple.
Good luck. -
I am having problems with video and high content webpages freezing. I am also getting pixel lines across my webpages. Maybe two or three lines. I was running os 10.4 but I just up graded to 10.6 the other day. I have 2GB of RAM.
Exactlly which model iMac do you have?
see > How to identify iMac models
Unfortunately that is not all that uncommon for the Early Intel iMac's given there age and the fact that the air intakes are probably choked with dust. Then add the extra heat caused by running a more intense OS X which is causing it to run a little warmer than normal and putting extra stress on the graphic and display components.
My 6½ year old 17" Early 2006 Core Duo w/2GB of RAM is also running 10.6.8 and is also starting to get a single line that (knock on wood) goes away after a few minutes, while many others started getting permanent ones after 2 or 3 years. One thing that I think has helped, is that about every 3 or 4 months I shutdown and vigorously vacuum out the bottom grill work and small vent under the stand to keep it running cool.
On that note: unfortunately I can only suggest that you clean your intake vents and hope that no permanent or irreversible damage has been done.
Maybe you are looking for
-
iTunes crashes when I click the iTunes Store block. What can I do to get the iTunes Store to open on my computer running Window 7 (all updates installed)? It used to work last fall but some update must have reset something or the newer version of i
-
I cannot send or receive texts or use any of my apps after updating to iOS 7.1.1
I got the iPhone 5S 16GB less than two weeks ago. I did the update after purchasing and everything has been fine. My internet, apps, texts all stopped working last night. I have restored to factory settings, taken out the SIM card, and wiped the phon
-
Any idea why command-shift-delete is not working?
I have had a MacBook Pro for a few years, and recently purchased a new iMac. the iMac arrived, and I transferred everything from the MBP to the iMac using the Migration Assistant. Worked very well, from what I can tell. The only thing I am unable to
-
Hi, i have small doubt in table creation of Smart Forms. If the no of records in Table are less than the page size. how to increase the table view till end of the page or till footer? the table shoould be displayed till fully not truncated upto the n
-
i just opened my mail on icloud and all messages disappeared from the last year! I have one email left in my inbox which is the most recent. I moved to icloud 2 weeks ago and it has been working fine until now. How can I retrieve old messages? Thank