Recovering mtu/PAT issues

Similar Messages

• PAT Issues

  We have a MPLS network which is having some issues for customers using PAT. The case is if I have a CE configured with public IP address or static NAT they have no problems to navigate or do anything on Internet. But if I configure PAT they simply cannot open some pages like hotmail, etc. in that case if I adjust MTU or MSS they can navigate. There is some solution to avoid this?? or somebody knows why it can be happening? as long as I know the packet size doesnt change with PAT.
  Thanks for the help.

  Every device in a IP path intercepting TCP, needs to advertise the MSS option. Or if this segment size is not used then segement of any size may be received.
  And such packets which upon receipt have DF bit set then you have a problem and you will have be able to browse such packets from content rich websites.
  What you can do is:
  1) use this command on you ip nat inside and ip nat outside interface
  interface x/x
  ip add x.x.x.x x.x.x.x
  ip nat inside
  ip tcp adjust-mss 1452
  interface x/x
  ip add x.x.x.x x.x.x.x
  ip nat outside
  ip tcp adjust-mss 1452
  This should solve your problem without changing any MTU or MSS on the customer CE.
  1) Now two questions, you had a problem before beause of the MTU right, now what is this NAT/PAT.
  2) Where are you doing this NAT and PAT.
  Can u explain the data path, for eg
  CE<-->NAT<-->PE<--MPLS-->PE-ASBR<-->Internet.
  HTH-Cheers,
  Swaroop

• Excise duty recover account- urgent issue

  < MODERATOR:  Message locked.  Please read the [Rules of Engagement|https://www.sdn.sap.com/irj/sdn/wiki?path=/display/home/rulesofEngagement] before posting next time. >
  Dear All,
  After doing billing and it is released into accounting then in excise duty account is showing more on credit side , but as per i know it should get nullify ..
  it is not nullifying pls tell me what i have to do if any configuration is done pls guide me.
  Thanks & Regards,
  Satish Kumar.m

  Hi,
  Once Post Goods Issue has been done.
  Accounting Entries
  COGS A/c Dr 100
  Inventory A/c Cr.
  After that when we do billing through T.CodeJ1IN there will be two accounting documents one is for excise i.e
  Excise Paid A/c Dr 16  (Verify the same should be attached in ETT Table under CENVAT Suspense)
  Excise Duty Payable A/c Cr 16
  Customer A/c Dr 116
  To Excise Recovered A/c 16 (Verify in ETT Table GL Account will be attached to 'DLFC' Excise Transaction key)
  To Sales A/c100
  Thanks,
  Padmaja N

• PAT issue on an ISA550

  I need a little assistance.  I am using an ISA550 with a Static IP block assigned using Static NAT and everything thing seems fine EXCEPT for 1 program.  This program needs port 443 mapped to port 22 on the private address however I can't determine how to do that.  The server that program is on is assigned a Static address so I need to access it through the public address.  I hope this is clear.  Does anyone know how to do this?

  Jim,
  Thanks for your reply.  I have tried all the examples on those pages to no avail.  The issue I run into is that I am using Static NAT and when I run a scan on the public or private address of any server, I show these ports to be open.  I am trying to configure a product that is designed to be port mapped from 443 to 22, however when I try Dynamic PAT, Port Forwarding, Triggering, Advanced NAT, etc., I get an error that the port is configured using Static NAT (which is as it should be) but I am stumped.  This is the error I am getting.  
  External port 443 is closed. Manually configure your broadband router to map external port 443 (TCP) to port 22 on internal host.
  Since I am using Static NAT, this should happen automatically.

• MTU related issues with FRoMPLS

  Hi Folks,
  While using FRoMPLS I am experiencing limitations in the Edge MTU. The
  edge MTU is limited to 1492 bytes above which the packets are droped. The MPLS MTU between PE routers has been changed to 1526 bytes. I understand AToM does not do fragmentation. I did see a workaround in he Web saying increasing the Core MTU to carry the Edge MTU of 1500. This does not seem to work. Any change in the core MTU does not reflect in the edge MTU. Can anyone help me isolae the issue.
  thanks in advance
  ashraf

  the way i usually solves these kind of issues of mtu is:
  if you suspect the problem is somwhere in your core between both pe routers
  change the atom mpls implementation just for the diagnostic to be a layer3 vpn then from the ce do an extended ping where you set the df bit to 1 and the size to 1500 so routers in the core will not fragment the packet then do "debug ip icmp" on the ce and then ping the other ce
  the result of this action is you will see with the debug the hop that cannot do fragmentation .(icmp cannot fragment)
  and on these routers in your core you should concentrate and change the mtu with the t"ag-switching mtu 1526" command.
  from my experience sometimes usually on ethernet interfaces (not giga)and regular serial if you enlarge the mtu it is not inuff you should also shut and unshut the interface and sometimes even reload the router.so i hope large part of your core is pos and giga.
  also because atom does not support fragnentation make sure each link connecting the ce to pe on both sides have the same mtu
  after you see that with a layer 3 vpn there is no fragmentation then switch back to atom.
  good luck
  guy

• Recovered scan file issue

  How do I open a scan file that has been recovered as a raw file?

  Got another possibility, a long shot but maybe worth trying.
  1 - download and run iWebSites.
  2 - use iWebSites to create a new domain file, open it with iWeb, create a new site with the same theme as your current site, save and quit.
  (NOTE: there's a bug in iWS regarding changing domain files. Click on the Default button to make the new site the default and then open iWeb by clicking on it's icon in the Dock. Don't use the Open Now button in iWebSites).
  3 - back in iWS select the two domain files and try to merge them with the Merge button.
  4 - if iWS is able to read and merge your old domain file with the new one open the new merged domain file.
  5 - see if you can select and publish the old site to a folder on the desktop. If not then see if you can drag the pages, one by one, into to the new site and publish. Doing it one by one might tell you if it's just one page that is causing the issue.
  This is a trial and error method and might get you a site or partial site working in iWeb.

• Static PAT issue with 8.4

  I have a simple small network setup here, and trying to setup a simple Static PAT on HTTPS, for some reason the NAT rule is dropping the packet.  Here is the setup.
  Internal Subnet: 172.31.0.0/24
  External Internet DHCP
  Host object: 172.31.0.13
  There is also a SSL anyconnect VPN setup but is using port 444.
  object network obj_any-01
  nat (inside,outside) dynamic interface
  object network LD-App01
  nat (inside,outside) static interface service tcp https https
  nat (inside,any) after-auto source static obj-172.31.0.0 obj-172.31.0.0 destination static Personal-VPN Personal-VPN no-proxy-arp
  object network obj-172.31.0.0
  subnet 172.31.0.0 255.255.255.0
  object network Personal-VPN
  subnet 172.31.1.0 255.255.255.0
  object network obj_any-01
  subnet 0.0.0.0 0.0.0.0
  object network LD-App01
  host 172.31.0.13
  access-list inside_access_in extended permit ip any any
  access-list inside_nat0_outbound extended permit ip 172.31.0.0 255.255.255.0 object Personal-VPN
  access-list Personal-VPN-ACL standard permit 172.31.0.0 255.255.255.0
  access-list outside_access_in extended permit icmp any any
  access-list outside_access_in extended permit tcp any object LD-App01 eq https
  access-group inside_access_in in interface inside
  access-group outside_access_in in interface outside
  Here is the packet trace
  Phase: 1
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   172.31.0.0      255.255.255.0   inside
  Phase: 2
  Type: ACCESS-LIST
  Subtype: log
  Result: ALLOW
  Config:
  access-group outside_access_in in interface outside
  access-list outside_access_in extended permit tcp any object LD-App01 eq https
  Additional Information:
  Phase: 3
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 4
  Type: HOST-LIMIT
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Phase: 5
  Type: NAT
  Subtype: rpf-check
  Result: DROP
  Config:
  object network LD-App01
  nat (inside,outside) static interface service tcp https https
  Additional Information:
  Result:
  input-interface: outside
  input-status: up
  input-line-status: up
  output-interface: inside
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (acl-drop) Flow is denied by configured rule
  Please Help...
  Thanks,
  Lee

  Here is the current object list and the nat command with the failure message.  I'm also running the current 8.4(3)
  LD-FW01# show run ob
  object network obj-172.31.0.0
  subnet 172.31.0.0 255.255.255.0
  object network Personal-VPN
  subnet 172.31.1.0 255.255.255.0
  object network obj_any-01
  subnet 0.0.0.0 0.0.0.0
  object network LD-App01
  host 172.31.0.13
  description Spiceworks
  object service https
  service tcp source eq https
  object network outside_int_ip
  host 76.188.84.144
  LD-FW01# con t
  LD-FW01(config)# object network LD-App01
  LD-FW01(config-network-object)# nat (inside,outside) 1 source static LD-App01 $
  ERROR: Address 75.188.84.144 overlaps with outside interface address.
  ERROR: NAT Policy is not downloaded

• MTU Size Issue on Cisco 3560 Switch

  Could anybody tell me how to change MTU Size on a Cisco 3560 Switch.i mean to say whether it is to be changed on FastEthernet Interfaces or on VLAN 1 or on Global Configuration Mode and with which Command to change it.

  I am using MPLS on my Routers and the MTU size i have set on my Router Interfaces is 1524.
  When i do a normal ping from Customer's one site to another (where my Traffic has to pass through this Switch VLAN)i get a reply , but when a Ping with a Byte Size of 1500 or more the Packets get completely dropped.
  I think due to MTU Mistach bet. Switch and Router the Packets r getting droped,that is why i was trying to change it.
  could the Packets get dropped because of this reason.Please suggest.

• SATA and PATA issue

  I currently have system set up running XP Pro on Neo-2LS motherboard and a Western Digital 80meg SATA hard drive. I want to add my old 80 meg IDE (PATA) harddrive.  However, I cannot get my regular IDE harddrive to be recognized in windows or in the BIOS.  My SATA drive still fine after I connected the second harddrive.  I have my Bios setting set to PATA and SATA in native mode.  I searched through the forums but have not found anything that worked.  Your suggestions on how to solve this would be much appreciated.
  Thanks in advance.
   

  All that you need is one software utility ,for hard drive automated installation , visit the site of your hard disk maker , in order to download the software .
  You will end up with one boot diskette, that it will boot your system and will guide you all the way..

• Yoga 2 Pro - Wake From Sleep Issue

  Hey Guys,
  Just recently purchased a Y2P (i7 256gb) less than a week ago. The issue i am currently experiencing is when i wake the laptop from sleep, usually at least 15 mins of sleep, the laptop will come up but then the system is considerably laggy/slow & then becomes completely unresponsive so much to the point that it seems as if it freezes. I am not able to move the mouse (trackpad & usb mouse) & the keyboard buttons do not work/register anymore. Pressing the power button does not put the laptop back to sleep but i can still see everything on the screen from where i left off before closing the lid & the laptop goes into sleep mode. Only way i can recover from this issue is to do a hard reset by holding the power button until the machine powers off & then to boot it back up.
  Also, i have updated the BIOS & did all the windows updates from a clean install of Windows 8.1 (different from a factory reset) in order to avoid the Superfish vulnerability. All the drivers have been installed as well (confirmed by the Device Manager).
  Any other people experiencing the same problem & have any potential fix for this issue? Any help on this matter would be much appreciated.
  Solved!
  Go to Solution.

  You can try this -
  Go to Control Panel >> Power Options >> Change Plan Settings (For active plan)
  Click on Change Advanced Power settings
  Under Sleep option, Change the Hybrid Sleep option (to the opposite of whatever is set right now for both On Battery and Plugged In)
  Also, not sure if fastboot is enabled on your laptop but you can try disabling it. Google "Disable fastboot in win 8.1" and you will get the results.
  Let me know if any of those helped you.
  Current System - Lenovo Y510P, GT755M SLI, 8GB RAM, 1TB HDD + 24GB SSD
  When your plans fail, your Real Story begins!!

• Very serious issue with MSI K8N Neo2-FX: need urgent help!

  Hi! I am facing the following problems:
  1. 3D Mark 05 demo, COD2 single player and Half Life 2 become semi-frozen.
  2. The audio loops, and audio & video go out of sync.
  3.VPU Recover/Infinite loop issue DOES NOT kick in.
  4. The semi frozen game responds poorly to mouse movement.
  Note: All redundant processes and programs in Windows XP are closed. My system specs:
  Athlon 64 3000+ E6
  256 mb ddr333 kingston valueram + 256 mb ddr400 kingston valueram=512 mb ddr333 total memory running in dual channel mode @ 2.5-3-3-7 (RAM is OK, worked fine on my previous system)
  MSI K8N Neo2-FX bios version 1.B0(latest) chipset: nforce 3 250gb http://www.msi.com.tw/program/produc...il.php?UID=649
  gigabyte radeon 9600XT BIOS Part Number BK-ATI VER008.015.058.000 (Card stable at 1.6 V AGP, 1.5 V gave me VPU Recover; Card ran fine on my previous system)
  Realtek ALC 850 onboard audio
  Antec SL 450 450 watt PSU (new, voltages ok) latest drivers/bios/firmware for everything Windows XP Pro SP2 + all updates. Please help.

  Quote from: Richard on 03-May-06, 08:40:18
  bhanja_trinanjan,
  If you can get 2.3.3.6 Mushkin, OCZ, or Corsair, then you would be the set.
  PC-3200 or higher would be the way to go. If you ever plan on overclocking, then PC-4000 is the best option.
  Take Care,
  Richard
  Thanks for your help. I am trying to locate Corsair dealers in Kolkata(My hometown). Are there any known issues with the K8N Neo 2 FX? I bought this motherboard just a few days back and I am facing so many problems.
  Does this motherboard undervolt the AGP and RAM slots? Will I have to increase AGP and DDR voltage to make my system stable? Doesn't the raising of these voltages shorten the life of the video card and ram modules? I want to buy Corsair/OCZ/Mushkin. But in case it's unavailable, will Kingston RAM lead to an unstable system?

• Recover written over file

  I saved over an important document in iWorks Pages last night that I need to recover. The issue is that the backup feature in Pages was not enabled. There has to be a way that this file can be found on my mac.

  File > Revert To > Browse All Versions…

• I'm using mac OSX 10.9.5 to write to NAS, I need to decrease the SMB max MTU size used by the OSX

  I'm using mac OSX 10.9.5 to write to NAS, I need to decrease the SMB max MTU size used by the OSX

  By default, OS X Mavericks 10.9.5 Network MTU is set to 1500. If you perform the following at your SMB server, with an MTU of 1500, you will likely receive Message too long, and the SMB share takes a very long while to mount. This might be the contributing factor that has you believe it is an SMB MTU configuration issue.
  ping -c 1 -D -s 1500 smbserver
  If you dial the Network MTU down in a custom setting, the ping is immediate, and the SMB share mounts briskly. I tried values in small decrements until the message too long ceased.
  ping -c 1 -D -s 1472 smbserver
  I have done some searching and I do not see how, in Apple's current SMB implementation, that one can configure /etc/nsmb.conf to reduce SMB MTU size. See man nsmb.conf.
  More on this subject.

• How to recover from datasource.getConnection hangover

  Hi,
  We have a standalone J2EE application wherein the app tries to restart itself in case of FATAL errors like connection loss etc.
  Database: Oracle10g
  Driver: oracle.jdbc.driver.OracleDriver
  Issue: On error, the service tries to restart itself dueing which it aborts the connection and recreates the connection with datasource.getConnection().
  In some cases during Soak testing, if the database goes down then the application seems to hang on datasource.getConnection() for almost 3 hours and greater.
  Options we tried :
  1. Use OracleDataSource and setLoginTimeout as 10 secs.
  There seems to be no effect on the code. Not sure whether the datasource actually uses the timeout interval.
  2. Use CONNECT_TIMEOUT_LISTENER=10 in listener.ora on the database server.
  Does not seem to resolve the issue. getConnection still hangs.
  Any suggestions what would be the best way to recover from this issue?

  Hi,
  The same should be available in the source system (DEV), Surprising how / why the same is available in BW system.
  I checked the SAP ERP source system to which I have an access and the same is not available in the source system not in the BW system
  My sugession is to go for a generic datasource after identifying the table with the help of functional consultant.
  Regards
  Venkata Devaraj

• Logic 9 not responding to computer keyboard correctly

  In Logic Pro 9, dialog boxes (such as the Save As) do not receive the computer keyboard strokes. Instead, Logic processes them as key commands. This even though the dialog box has the focus and the mouse can select fields and highlight their entries. Very strange. Typing sometimes works correctly, but usually not. And once it doesn't, even if it did earlier, I must reboot to have a hope to fix it.
  This happens with the Save As dialog, and with any other dialog box that has typeable fields.
  I am current on Logic 9 and Mac OS X.

  Okay, I figured out enough to work around it and to fix it without having to restart Logic or reboot. I can't work out the exact chain of events to reproduce it, but here are the important things to do if it happens. And BTW, it happens to me on the File>Bounce dialog box, not the File>Save As dialog. I assume this is actually a bug.
  1.) Sometimes the key commands do get disabled, and none of them work. So you have to go to Logic Pro > Preferences > Key Commands and select Options > Initialize. Just like immo says.
  2.) Sometimes, this isn't enough. In which case, do two more things...
  3.) Be sure the Arrange subwindow has the focus (ie, the white band around the window), and
  4.) Be sure the first time you try to enter anything into the Bounce dialog window it is in the Save As filename field, not the End measure numeric field (or any other). If I try to enter any keyboard values into any other field first, I can't and I also can't then enter anything into the Save As field either. I then just have to start over again with the key command initialization step and so on.
  These workarounds combined have allowed me to always recover from this issue. Though I do have to do them multiple times in a session, at least when I'm bouncing down.
  Thanks everyone for your input and help!
  Best,
  Brian