Protocols allowed to pass ASA

Hi Everyone,
Need to know how can we tell from sh run config that what protocols are allowed means ASA is not doing any inspection
on them or we can say it is not blocking -    when traffic passes through the ASA?
Also is there any command which we can use from CLI to check this?
Thanks
Mahesh

Hi Julio,
If sh run shows following configuration
case1
policy-map global_policy
class inspection_default
  inspect icmp ***************************************
service-policy global_policy global
Does inspect icmp  here means that allow icmp if ping is sourced from inside of the network?
Need to know the exact purpose of inspect command in ASA config???
policy-map global_policy  ---  does it mean that it applies  to whole ASA  traffic ?
service-policy global_policy global ----Purpose of this command?
Thanks
Mahesh

Similar Messages

  • Dynamic Routing Protocol Support in Cisco ASA Multiple Context Mode

                       Dear Experts,
    Wold like to know whether dynamic Routing Protocol Support in Cisco ASA Firewall Multiple Context Mode. If yes then please provide OS version and Hardware Model of Cisco ASA Firewall. Appreciate the quick response.  Thanks.

    Hi,
    Check out this document for the information
    http://www.cisco.com/en/US/docs/security/asa/roadmap/asa_new_features.html#wp93116
    Its lists the following for software level 9.0(1)
    Multiple   Context Mode Features
    Dynamic routing in Security   Contexts
    EIGRP and OSPFv2 dynamic   routing protocols are now supported in multiple context mode. OSPFv3, RIP, and multicast routing   are not supported.
    Seems to me you would need some 9.x version to support the above mentioned Dynamic Routing Protocols.
    I don't think its related to the hardware model of the ASA other than that it requires a model that supports Multiple Context Mode. To my understanding the only model that doesnt support that is ASA5505 of the whole ASA5500 and ASA5500-X series.
    Hope this helps
    - Jouni

  • Which routing protocols are supported on ASA 5585

    Hi,
    I am curious to know which routing protocol is well supported on Cisco ASA 5585. do someone on the forum has implemented routing on ASA?
    I have ASA 5585 on context mode, as of now 4 contexts have been created. upstream device is Nexus.
    I have ASA with Software Version 8.4(4)1 and Device Manager Version 6.4(9).
    if someone can point me to good implemented example of routing protocol to their environment (like OSPF, BGP) that would be great.
    Thanks

    You're welcome.
    Multiple contexts adds another twist - in ASA 8.4 dynamic routing protocols are not supported at all for multiple contexts. Reference.
    ASA 9.0 added support for dynamic routing protocols in multiple context modes, including OSPF v2 (but not v3 for IPv6). Reference.
    FYI ASA 9.1(2) is current as of this writing and is the recommended release in the 9.x train. (Mentioned near the end of the latest TAC Security podcast - episode #37 here.)

  • Error Routing protocol - EIGRP between Cisco ASA with Switch 4506

    Dear Cisco Team,
    I have problem when I configed EIGRP between cisco ASA 5510 with core switch 4506. This is below error
    *Nov  4 05:08:09.898: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
    *Nov  4 05:09:29.409: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is down: retry limit exceeded
    *Nov  4 05:09:29.499: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
    *Nov  4 05:10:35.609: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.18 (GigabitEthernet2/42) is down: holding time expired
    *Nov  4 05:10:49.009: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is down: retry limit exceeded
    *Nov  4 05:10:53.230: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
    quang huy2004: *Nov  4 05:08:09.898: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
    *Nov  4 05:09:29.409: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is down: retry limit exceeded
    *Nov  4 05:09:29.499: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
    *Nov  4 05:10:35.609: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.18 (GigabitEthernet2/42) is down: holding time expired
    *Nov  4 05:10:49.009: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is down: retry limit exceeded
    *Nov  4 05:10:53.230: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.16.10.20 (GigabitEthernet2/42) is up: new adjacency
    the tech Spec
    ASA,  IOS : 8.0.2
    4506, License IP Base; OS: Unisal 15 M.2
    I checked between ASA with Router ok; but between ASA with 4506 error
    Can you help me ?

    Hello,
    This logs means that the hold time expired so the hello packets are not being received, usually means multicast packets are missed-224.0.0.10)
    I would recommend you to try another cable because this ussualy is a phisical or congestion issue.
    Can you try that and let us know the result, also if that does not help can you send us the following outputs:
    -Show ip EIGPR neighbors
    -Debug EIGRP packet hello
    Regards,
    Julio

  • Make "jar" files true executables: allow to pass in params in manifest!!

    Right now a jar file's manifest can have a "main-class" which makes the jar truly executable - you can double-click it. The problem is, if you need environment variables, there is no way to pass them in to your main-class' "args."
    So why don't we make it so when the jar's manifest is read, that in addition to "main-class" you can have "main-args"?
    That would mean everyone would no longer need to bundle java apps with ".exe" or ".bat" or ".sh" files!!! We could have truly Java applications, that are executables!!!
    Just package them in a jar, have a main class and the args for it!!
    what does everyone think?

    Right now a jar file's manifest can have a
    "main-class" which makes the jar truly executable -
    you can double-click it. The problem is, if you need
    environment variables, there is no way to pass them in
    to your main-class' "args."
    So why don't we make it so when the jar's manifest is
    read, that in addition to "main-class" you can have
    "main-args"?
    That would mean everyone would no longer need to
    bundle java apps with ".exe" or ".bat" or ".sh"
    files!!! We could have truly Java applications, that
    are executables!!!
    Just package them in a jar, have a main class and the
    args for it!!
    what does everyone think?OK, in reading the conversation I realize you need to be more specific. You are interested in passing parameters to the JVM, not to your application. Is this correct?
    If so, I understand what you are looking for. But this is handled by the system properties class. If you have some JVM parameter you need to set from the command line, besides memory and other USER ONLY parameters, they should be set by system properties. If they don't show up in system properties, then you need to request that they do.
    A jar file is already a cross platform executable of sorts. Why do you think its not?

  • Allow PPTP pass through

    Hi all,
    I have a Pix 515e version 6.1(5) I need to let PPTP pass through, is there any special configuration I have to do?
    I have already enabled the pptp on the ACLs.
    Thanks.

    Hi,
    If you have a device in the LAN to which you connect then I think you will need to configure Static NAT for that device to give it a public IP address. There is also a "inspect pptp" configuration.
    The software on your firewall is so old that I am not sure what the configuration format is though. I think in the older softwares the above "inspect" command was actually "fixup pptp"
    I would suggest looking at replacing your current firewall. The current software level is very very old.
    - Jouni

  • IPSec Pass Through on ASA

    I have a third party firewall behind a Cisco ASA. The Cisco ASA is doing PAT as there are no other IP addresses available. The third party firewall is attempting to build an IPSec tunnel to another firewall. The IPSec tunnel is not coming up. When I do a capture on the Cisco ASA firewall I see traffic hit the inside interface and leave the outside interface. I then see the reply traffic return and hit the outside interface of my Cisco ASA but it is not being allowed to pass through to the inside interface.I have enabled NAT-T on the thrid party firewall but it still does not get the reply traffic becuase it gets stopped at the Cisco ASA.
    Any thoughts?

    Is your third party FW attached directly to your ASA? If not, do you have a route to that device on your ASA?
    Please perform a packet-tracer to see why the return traffic is not reaching the third party FW..
    packet-tracer input outside udp 500 500 detail
    If the packet-tracer shows traffic going through successfully, perhaps it is your third party FW that is blocking the traffic?
    Please reply with packet-tracer results.
    Kind Regards,
    Kevin
    **Please remember to rate helpful posts as well as mark the question as 'answered' once your issue is resolved. This will help others to find your solution faster.

  • Problem with VPN Client passthrough on ASA 5505

    I am having a problem with passing through a VPN client connection on an ASA 5505. The ASA is running version 8 and terminates an anyconnect VPN. The ASA is using PAT. When the inside user connects with the VPN client, it connects but no traffic passes through the tunnel. I see the error
    305006 regular translation creation failed for protocol 50 src INSIDE:y.y.y.y dst OUTSIDE:x.x.x.x
    UDP 500,4500 and ESP are allowed into the ASA. Ipsec inspection has also been setup on a global policy, but the user still cannot pass traffice to the remote VPN he is connected through.
    At the Main Office we have an ASA 5510 that terminates a site to site VPN, allows remote connections with PAT and allows passthrough no problems. Any ideas?

    I am having a simuliar issue with my ASA 5505 that I have set up. I am trying to VPN into the Office. I have no problem accessing the Office network when I am on the internet without the ASA 5505. After I installed the 5505, and there is internet access, I try to connect to the Office network without success. The VPN connects with the following error.
    3 Dec 31 2007 05:30:00 305006 xxx.xx.114.97
    regular translation creation failed for protocol 50 src inside:192.168.1.9 dst outside:xxx.xx.114.97
    HELP?

  • Cisco ASA 8.6 configuration issues

    Hello all ,
                                                 internet router-----------outside------------- ASA -------inside-------------cisco 3750 (----A----)
                                                                                                            |
                                                                                                            |
                                                                                                         DMZ
                                                                                                             |
                                                                                                             |                                                                                                        
                                                                                                             Cisco  3750 (-----B---)
    1- switch A -- wireless User + Cisco Wireless Ip phones
    2- Switch B -- CUCM
    Problem discriptiom :
    --- from switch A i can not ping SwitchB (DMZ) so ip phones can not reached to CUCM
    --- on switchA 4 VLANS are configured with Different SSIDs and internet is working fine .
    --- on Switch A   i want 2 VLANs (vlan60 and vlan 80) to communicate with DMZ also (Not working )
    ## some relevent Config is as under :
    SWITCH A CONFIG
    ===============
    vlan internal allocation policy ascending
              interface FastEthernet0
               no ip address
               no ip route-cache cef
               no ip route-cache
               shutdown
              interface GigabitEthernet1/0/1
               switchport access vlan 60
               switchport mode access
               spanning-tree portfast
    |
    |
    |
    |
    |
    |
              interface GigabitEthernet1/0/23
               description **connected to ASA-Inside**
               switchport access vlan 100
               switchport mode access
    interface Vlan10
               ip address X.X.100.5 255.255.255.0
              interface Vlan50
               ip address X.X.6.12 255.255.255.0
              interface Vlan60
               ip address X.X.8.251 255.255.255.0
              interface Vlan80
               ip address X.X.10.251 255.255.255.0
              interface Vlan100
               ip address X.X.20.1 255.255.255.0
              ip classless
              ip route 0.0.0.0 0.0.0.0 X.X.20.2
    =========================================
    ASA CONFIG
    interface GigabitEthernet0/0
    nameif inside
    security-level 100
    ip address X.X.20.2 255.255.255.0
    |
    |
    interface GigabitEthernet0/2
    nameif DMZ
    security-level 50
    ip address X.X.21.2 255.255.255.0
    |
    |
    interface GigabitEthernet0/5
    nameif outside
    security-level 0
    ip address 192.168.2.5 255.255.255.0
    |
    |
    object network IN-OUT
    subnet 0.0.0.0 0.0.0.0
    object network W-PHONE
    subnet X.X.10.0 255.255.255.0
    object network BECA-WIRELESS-USER
    subnet X.X.8.0 255.255.255.0
    pager lines 24
    |
    |
    nat (inside,outside) source dynamic IN-OUT interface
    nat (inside,DMZ) source dynamic W-PHONE interface
    nat (inside,DMZ) source dynamic BECA-WIRELESS-USER interface
    route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
    route inside X.X.6.0 255.255.255.0 X.X.20.1 1
    route inside X.X.7.0 255.255.255.0 X.X.20.1 1
    route inside X.X.8.0 255.255.255.0 X.X.20.1 1
    route inside X.X.10.0 255.255.255.0 X.X.20.1 1
    timeout xlate 3:00:00
    ============================================
    switch B
    interface GigabitEthernet1/0/17
             switchport access vlan 50
             switchport mode access
             switchport voice vlan 20
             spanning-tree portfast
            interface GigabitEthernet1/0/18
             switchport access vlan 50
             switchport mode access
    interface Vlan10
             ip address X.X.100.1 255.255.255.0
            interface Vlan20
             ip address X.X.7.1 255.255.255.0
             ip helper-address X.X.6.6
            interface Vlan50
             ip address X.X.6.30 255.255.255.0
             ip helper-address X.X.6.6
            interface Vlan60
             ip address X.X.8.252 255.255.255.0
            interface Vlan101
             ip address X.X.21.1 255.255.255.0
            ip forward-protocol nd
            ip http server
            ip http secure-server
            ip route 0.0.0.0 0.0.0.0 X.X.6.4
            ip route X.X.6.0 255.255.255.0 X.X.21.2
            ip route X.X.7.0 255.255.255.0 X.X.21.2

    We would also need to see the ACL configuration of the ASA as this is what actually controls the flow of traffic, that is if routing is correct which it seems to be from your configuration.
    What you can do is run a packet-tracer on the ASA to see if the packet is allowed through the ASA:
    packet-tracer input inside tcp 12345 detail
    This should give you an indication where or if there is a misconfiguration on the ASA.
    Please post the output here if you require further assistance.  Also a full ASA configuration (remove public IPs and passwords) would help to identify the issue.
    Please remember to rate and select a correct answer

  • ASA Transparent mode multicast traffic in 8.2 and 8.4

    Hi,
    When i configure 8.2 in trasparent mode and deploy the a network that was wrok on EIGRP after that i found the neighborship was stop when i allow the mutlicast address and prtocol on outside interface it was start the working But when i deploy an ASA with 8.4 IOS and then allow the multicast address and protocol both the interface (Inside and outside) after that it was start working.
    So i want to know that what the reasion to allow multicast address and protocol on 8.4 IOS for both interface. I am not able to find any answer for this.

    Hi Mahesh,
    By default ASA in transparent mode do not allow any packets not having a valid EtherType greater than or equal to 0x600. As per my knowledge this concept remain same for all versions of ASA. Most control plane protocols are denied.
    ASA in transparent mode only allows ARP, broadcast traffic, TCP and UDP inspected unicast traffic.
    For EIGRP to work through transparent firewall, we need to open ACLs in both direction for multicast and unicast both type of EIGRP traffic on all versions of ASA Firewall.

  • Basic configuration on ASA 5520

    i am runnig ASA in GNS3
    am confused a little bit....by default ip traffic is allowed from higher to lower security level....i had just configured interfaces with security level, name and ip address and no shutdown....the traffic will pass throught the asa or not....no NAT , ACL or  Routes are configured....

    I am not sure I understand your question correctly.  Do you mean that you have configured the interfaces and traffic is not passing?
    If you configure one interface with security level 100 and another with a security level lower than 100 (lets say 0 for simplicity) then, as of version 8.3, traffic will pass through the ASA from the higher security level to the lower security level without the need of further configuration.  That is assuming that on the lower security level interface is not connected to the internet where private IP address range is not routable.  In this case traffic will pass through the ASA, you will just not get any return traffic.
    Prior to 8.2 you had to configure a NAT statement or issue the no nat-control command in order for traffic to be allowed through the ASA but as of 8.2 that feature was disabled by default and in 8.3 (or perhaps 8.4) it was removed completely.
    If you add an ACL to the ASA interface then the security levels have nothing to say in the way traffic flows.  The security levels only come into play if there are no ACLs configured on the interface.
    Please remember to rate and select a correct answer

  • Configuring port-object in ASA

    Hi Everyone,
    I need to config port-object eq 17800 etc in ASA.
    I tried command object-group   service  xyz
    but there is no option for port-object eq ?
    Regards
    Mahesh

    Hi,
    I think you have probably configured the "object-group service " without defining the protocol used
    For example
    ASA(config)# object-group service TEST
    ASA(config-service-object-group)# ?
      description          Specify description text
      group-object        Configure an object group as an object
      help                    Help for service object-group configuration commands
      no                       Remove an object or description from object-group
      service-object       Configure a service object
    ASA(config-service-object-group)#
    However if we specify the "object-group service " with either "tcp" or "udp" or "tcp-udp" at the end then you will have the option of "port-object" command
    ASA(config)# object-group service TEST tcp-udp
    ASA(config-service-object-group)# ?
      description    Specify description text
      group-object  Configure an object group as an object
      help              Help for service object-group configuration commands
      no                 Remove an object or description from object-group
      port-object     Configure a port object
    ASA(config-service-object-group)#
    Though even if you used the original "object-group service " configuration you could still define it as an "object-group" which for example contains the allowed destination ports in some ACL.
    For example the following would group TCP/17800 and UDP/17800 in one "object-group" and use them in an ACL
    object-group service TEST
    service-object tcp destination eq 17800
    service-object udp destination eq 17800
    access-list TEST extended permit object-group TEST any any
    When we look how the actual ACL looks like we see the following
    ASA(config)# show access-list TEST
    access-list TEST; 2 elements; name hash: 0xd37fdb2b
    access-list TEST line 1 extended permit object-group TEST any any (hitcnt=0) 0x0abc0954
      access-list TEST line 1 extended permit tcp any any eq 17800 (hitcnt=0) 0x25ac5419
      access-list TEST line 1 extended permit udp any any eq 17800 (hitcnt=0) 0xc6e32e33
    Hope this helps
    - Jouni

  • Schedule Line Cat and Passing of Reqs:  Credit Hold Situation

    Business need is for orders that are on credit hold to not pass requirements to create a purchase req. after MRP is executed. I realize that this can be controlled by the Schedule Line Category. So, I would have schedule line category of “XX” on the sales order line. Is there a way for the schedule line category to be changed to a different value (which will allow the passing of requirements to MRP) after the order is released from Credit Hold? How do we get the schedule line category to change on the sales order once the order is removed from credit hold? Can this be accomplished through standard configuration?

    Hi Tom,
      You can use the reason for rejection at the item level.
      But for this you have to maintain somne configuration.Goto sprosd-sales-sales document item--define reson for rejection.
      Here for a particular reason for rejection just put tick under blc column.
      This means the order doesn't require billing.
      Now put the same reason for rejection in your item level.The status of the order would change from open to completed.
      Completed status means that there are no requirements left for this order.
      There will be no requirements in MD04 as well.
      When you want to process the order again just remove the reson for rejection and proceed.
      But there is one problem with this solution.In future if you want to find this order in VA05 ,it will not appear because the status is completed.It would be difficult to find the orders where you put the reason for rejection.
    The only way to find those orders is thru tables.
    Goto SE16 and table VBAP .field is ABGRU.
    In the selectio screen of VBAP put ABGRU and you will get all the orders.
    Reward points if it helps
    Regards
    Karan
    Message was edited by:
            Karan Bhatia

  • Server 2012 and 2012 R2 do not allow access to all 7 optical SAS drives?

    The following problem occurs with Windows Server 2008 R2, 2012 and 2012 R2, Datacenter or Standard. 
    I have an external SAS enclosure with seven optical drives and one hot-swap SAS/SATA bay that connects using two SFF-8088 connectors (no internal SAS expander, etc.).  The purpose is to use the seven bluray writers to write multiple copies of a large
    database simultaneously.  The optical drives are also occasionally used to read datasets that come on multiple discs (usually 8-12 per dataset and up to 15 datasets at a time).  Because of the volume, more optical drives are definitely better. 
    Regardless of the type of SAS controller used to connect this enclosure, some significant functionality is always missing.
    For writing, it is best to connect directly to the optical drives (which do their own buffering) so a HBA would seem better than a hardware RAID controller.  I have tried several HBAs, including LSI-9211, LSI-9240-IT, Dell H310-IT.  In all cases,
    Windows only sees four DVD drives and the hot-swap bay.  The drives Windows sees work perfectly for reading and writing.  MegaRAID Storage Manager (LSI controller software) sees all seven optical drives and the hot-swap bay.  LSI says this
    must be a Windows problem.  Strangely, if I remove (any) three optical drives and replace them with hot-swap bays, all eight devices are recognized by Windows.
    If I use a true RAID controller (tried LSI-9260, Dell H800, Dell H810, HP 812P, IBM 5015), windows and MSM see all seven drives and the hot-swap bay, reads from the optical drives are fine, but writing large discs times out (presumably because of buffering
    by the RAID card) so I can't write DVDs.
    Is there a way to get Server to recognize all seven optical drives on an HBA?  Ideally, I'd like to add several of these enclosures but I can't even get one working properly!
    The system is a Tyan (Dell) MB with dual Xeon E5-2620s and 64Gb RDIMM.  Currently includes LSI-9260 (2Tb SAS 10k in RAID 0), Dell H810 (32Tb SAS in RAID 6), and LSI-9211 (optical enclosure + 3Tb hot-swap).  Just installed Server 2012 R2 Datacenter
    for testing.
    Any help would be greatly appreciated.

    I've had the experience of working as a validation engineer for Intel, who at the time was developing a SAS/SATA storage controller chipset for thier new xeon processors. The chipset was included in their motherboard offerings. I validated the linux driver,
    which is now included in the linux kernel as of the 3.x series kernel.
    My first question is, what type of SAS enclosure are you using for your optical drives/hot swap bay? You will be surprised at how many enclosures don't actually provide a 100% direct-attached storage configuration, and instead opt to work as a mini expander
    instead. In our validation, we tested several SAS enclosures, and we found several that even though they were advertised as direct-attached enclosures, by inspecting the data transmission with a SAS protocol analyzer we found communication over SMP (Serial
    Management Protocol).
    To ensure it is NOT the enclosure causing the anomaly, i'd connect the 7 optical drives directly to each storage controller unit (or sff-8087). These cards can support around 256 devices via expander attached configuration, as that is how many sas addresses
    the scu's can support. Either way, they can only support a maximum of 8 devices direct-attached (4 per SCU). I would use a multi-line SFF-8087 SATA breakout cable to directly connect your optical drives to the HBA, 4 on SCU0 and the other 3 on SCU1.
    I find it strange that LSI's storage manager can see all of the drives, but windows cannot. Since the SAS protocol allows for the ATAPI cmd set to be sent via scsi commands, the only thing I can think of is if windows can only recognize a certain amount
    of SAS-addresses utilizing the ATAPI cmd set. Technically, it should only be limited by the number of devices the hba can support, and in either LSI thats 256. Otherwise the enclosure may be doing something funny with the initiator (SCU), where one initiator
    may take precedence over the other. Again, testing a direct connection with a SFF-8087 SATA breakout cable will eliminate the enclosure as a factor.
    I can understand from a developer perspective for the desire to have windows recognize the devices instead of relying on the lsi storage app. Firstly, that app is monstrous and unwieldy. Secondly, it does not allow for customized solutions/scripting to fully
    access the optical devices, since you have to interact w/ lsi's storage mgr. 3rd, this should simply work if MS is fully compliant with the SAS protocol.
    Finally, I want to make sure everyone is aware that a fully compliant 6G SAS compliant device will support SSP (Serial SCSI protocol), SMP (Serial Management Protocol), and STP (Sata Tunneling Protocol). STP basically defines how SATA devices can inter-operate
    within the sas fabric by tunneling ATA commands via the SCSI cmd set. This is a basic functionality guaranteed within the overall SAS protocol; if your HBA supports SAS & SATA, it will support SSP, SMP, and STP frames (this is usually always listed on
    the HBA), and therefore it will fully support SATA devices. A SAS device will support SSP & SMP. A SATA-only HBA will support the ATA cmd set only (and thus, cannot inter-operate within a SAS fabric).
    Please note that at the very least, a direct-attached configuration should provide the number of Storage Controller Units x 4 fully working SATA devices (generally each internal SFF-8087 is a scu, most HBA's have a min of 2 SCU's, and 4 directly addressable
    devices per SCU (8 direct attached devices total). Generally, any issues that will arise from SATA devices will be the result of expander-attached configurations. There are many points a SATA device can experience errors in a expander-attached configuration,
    from the routing mechanism being utilized (table vs subtractive), to the type of expander being used (fan-out vs edge expander). Expanders will generally at least support 1 method of routing, if not both, and may or may not support multi-level configurations
    (this is specifically dependent on the hba). It was not uncommon in our testing to come across expanders that would work great w/ SAS & SATA w/ 1 level expander, but fail to communicate with SATA devices past 2 or more levels. This falls on the responsibility
    of the HBA, specifically the driver for the OS.
    More Info on SATA Tunneling Protocol (STP): 
    http://www.serialstoragewire.net/Articles/2004_0225/developer_article_2_feb.html

  • BAdI - AC_DOCUMENT / data passing for nested structures

    Hi all.
    I need your help for this scenario:  
    I used this to pass value of MM field to FI field from transaction MIGO.
    Our company placed field in EKKN-WEMPF to BSEG-ZUONR.
    For this one option was:  BAdI AC_DOCUMENT
    Questions: 
    1.  Nested structures - passing of data:
    First problem encountered was with the reading of data from nested structures and passing them to nested structures as well.  How to do this?  I have used a certain declaration but any input will be much appreciated. 
    2.  When I activated my BAdI, it says error on FI Interface,
    specifically on AWREF and AWORG fields. 
    It is currently blank.  Can I use the values in IM_DOCUMENT to pass to EX_DOCUMENT? 
    (What is a good way to do it since simple syntax does not allow for passing of data bec. structures are incompatible, and added complexity, it has nested structures.)
    If you have sample code for this, it would truly be helpful. 
    Thanks and God bless!

    Hi,
    Check that for which condition the message is triggering.
    Try to check the condition.
    Regards
    Sandipan

Maybe you are looking for