Redundant stateful CSS11501 between two sites
We have layer 2 connectivity between to core sites and are implementing two new CSS11501's. Is it possable to implement these in a active/backup configuration and stateful?
not statefullness.
To be statefull your setup needs a dedicated link between the 2 CSS - no extra hop or L2 switch.
You can give it a try but this is not a supported setup.
For active/backup this is no problem.
Regards,
Gilles.
Similar Messages
-
Exchange High availability between two sites with two servers
Hi Team,
I have a requirement to deploy exchange server 2010 between two sites. but i have limited resources to full fill this. below the summary.
2 servers in two sites
different subnets will user for two sites
Need to deploy DAG.
please let me know the considerations for this deployment.
Thank youHi - In this scenario, you would setup the following: Site 1: Exchange 2010 Multi-Role server File Share location to place File Share Witness for the DAG Site 2: Exchange 2010 Multi-Role server The above will give you 2 nodes in the primary location and
one node in the secondary location so that resources will stay in Site one. You will also need to enable DAC (Datacenter Activation Coordination) on the DAG so that the Cluster group can be managed by Exchange. Last but not least, you will want to restrict
automatic failover of resources to Site 2 by blocking that action on the Exchange server in Site 2 using 'Set-MailboxServer <servername> -DatabaseCopyAutoActivationPolicy Blocked' This will make you manually failover to site 2 and not end up with resources
there after a sudden failure or issue that is not impacting the entire site.Jason Apt Microsoft Certified Master | Exchange 2010 -
Metro-E circuits between two sites
We have two sites connected by two equal cost Metro Ethernet circuits from two different service providers. we also have two redundant L3 core switches at both sites. What is the best way to connect these two sites for load balancing as well as redundancy? They are on different subnets. The core switches currently run HSRP. We also evaluating GLBP as a possible alternative.We want to possibly avoid all single points of failure.
You could, as you note, use GLBP, but an alternative could be, make the two paths from the intial/primary HSRP gateway appear equal cost. Many routing protocols would then alternate flows across the two paths.
-
Mapi connection behaviour between two sites-Exchange 2010
Hello,
I have small doubt, need help from you guys,
i have two sites A, B, DAG is span over the two sites;
Both site has array Of different FQDN
site A has active copies, its PASSIVE copies are in site-B
i have witnesserver in third location
if Active mailbox database in Site-A fails, passive copy on Site-B will become active; i guess
My question is ===> without downtime or without MANUAL Task, will mapi connection goes to site-B copy ??? ,Hi,
In Cross Site maintainence we, have to work out mainly on Database Activation Coordination Mode(DAC) which avoids the split brain syndrome.
below URL's gives you clear vision on how we can do that and what it is for.
- http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/planning-deploying-testing-exchange-2010-site-resilient-solution-sized-medium-organization-part7.html
- https://technet.microsoft.com/en-us/library/dd979790.aspx
Regards,
Gowtham T -
Repository synchronization between two sites
Hi All,
We are using Oracle Designer 6i for our designs. We are creating DFDs, PFDs and ERDs. Two teams are working on this at two different locations. Can somebody suggest the way to synchronize (combine) the work done by both the teams into a single repository. For example, Team A has created DFDs, PFDs and ERDs at Location1. Team B is also creating DFDs, PFDs and ERDs at Location2. Team B will be using some of the functions in their diagrams created by Team A. Now we want to apply the changes done by Team B into the repository located at Location1.
Thanks in advance for any suggestions
regards,
VijayHi Vishal,
thanks a lot for your reply. You have suggested that we can import the entire application system at Site B. At this time we are using non-versioned repository. And we are using only one application system. But the problem is that at Site B some people are making changes to the same application system used at Site A. I understand that if i have to import an application system, i have to make sure that there is no application system with the same name at the destination. So in this case if i have to import the Site A's application system at Site B, first i have to delete the Site B application system. In which case i will be losing all the changes made by the Team at Site B. But my requirement is that i want to incorporate the chages made at Site B's application system into the Site A's application system. Can you please give your thoughts about this.
thanks in advance
regards,
Vijay -
Setup AD Domain Between Two Sites
I am starting to learn Active Directory on Windows server. Currently I have downloaded Windows Server 2012 R2 eval. Using basic home internet connection at my house and neighbours (who agreed to help me with my studying) we each have your basic home WiFi
routers. Would like to test out setting up a domain in which a DC is at my house, and one at his house and be able to replicate the directory between the two DC's.
I am really lost on how to go about configuring the routers and respective DNS servers for this to work properly. Anybody know of a basic guide to get me started?1. First of all for simple transfer you need to open ports that AD uses
http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
2. AD uses DNS that is integrated (in majority of cases) and use of public DNS is unwanted. Similar situation is with DHCP. On the other way, router assignes IP and resolve FQDN.
3. Some configurations with WiFi cards are not allowed in WS2012, for example teaming.
4. Using WiFi is unexpected in AD. That is why I would use least problematic locan network configuration or virtual one.
5. I recommend some reading about AD, Technet guides and step-by-step guides as well as books that ain AD basics.
Regards
Milos -
Site to Site VPN Between Two ASA 5505's Up But Not Passing Traffic
hello,
i am setting up a site to site vpn between two asa 5505's. the tunnel is up but i cannot get it to pass traffic and i have run out of ideas at this point. i am on site as i am posting this question and only have about 4 hours left to figure this out, so any help asap is greatly appreciated. i'll post the configs below along with the output of sh crypto isakmp sa and sh ipsec sa.
FYI the asa's are different versions, one is 9.2 the other is 8.2
Note: 1.1.1.1 = public ip for Site A 2.2.2.2 = public ip for site B
Site A running config:
Result of the command: "sh run"
: Saved
ASA Version 8.2(2)
hostname csol-asa
enable password WI19w3dXj6ANP8c6 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.1.0 san_antonio_inside
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 24.93.41.125
name-server 24.93.41.126
object-group network NETWORK_OBJ_192.168.2.0_24
access-list inside_access_out extended permit ip any any
access-list outside_access_out extended permit ip any any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in_1 extended permit icmp any interface outside
access-list outside_access_in_1 extended permit tcp any interface outside eq pop3
access-list outside_access_in_1 extended permit tcp any interface outside eq 8100
access-list outside_access_in_1 extended permit udp any interface outside eq 8100
access-list outside_access_in_1 extended permit udp any interface outside eq 1025
access-list outside_access_in_1 extended permit tcp any interface outside eq 1025
access-list outside_access_in_1 extended permit tcp any interface outside eq 5020
access-list outside_access_in_1 extended permit tcp any interface outside eq 8080
access-list outside_access_in_1 extended permit tcp any interface outside eq www
access-list outside_access_in_1 extended permit ip san_antonio_inside 255.255.255.0 any
access-list outside_1_cryptomap extended permit ip 192.168.2.0 255.255.255.0 host san_antonio_inside
access-list outside_1_cryptomap_1 extended permit ip 192.168.2.0 255.255.255.0 san_antonio_inside 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 san_antonio_inside 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (inside) 2 interface
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface pop3 192.168.2.249 pop3 netmask 255.255.255.255
static (inside,outside) tcp interface 8100 192.168.2.161 8100 netmask 255.255.255.255
static (inside,outside) udp interface 8100 192.168.2.161 8100 netmask 255.255.255.255
static (inside,outside) udp interface 1025 192.168.2.161 1025 netmask 255.255.255.255
static (inside,outside) tcp interface 5020 192.168.2.8 5020 netmask 255.255.255.255
static (inside,outside) tcp interface 8080 192.168.2.251 8080 netmask 255.255.255.255
static (inside,inside) tcp interface www 192.168.2.8 www netmask 255.255.255.255
static (inside,outside) tcp interface 1025 192.168.2.161 1025 netmask 255.255.255.255
access-group inside_access_out out interface inside
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
http 2.2.2.2 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map1 1 match address outside_1_cryptomap_1
crypto map outside_map1 1 set peer 2.2.2.2
crypto map outside_map1 1 set transform-set ESP-3DES-SHA
crypto map outside_map1 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.2.30-192.168.2.155 inside
dhcpd dns 24.93.41.125 24.93.41.126 interface inside
dhcpd domain corporatesolutionsfw.local interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
group-policy DfltGrpPolicy attributes
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key *****
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:021cf43a4211a99232849372c380dda2
: end
Site A sh crypto isakmp sa:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 2.2.2.2
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
Site A sh ipsec sa:
Result of the command: "sh ipsec sa"
interface: outside
Crypto map tag: outside_map1, seq num: 1, local addr: 1.1.1.1
access-list outside_1_cryptomap_1 extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (san_antonio_inside/255.255.255.0/0/0)
current_peer: 2.2.2.2
#pkts encaps: 1, #pkts encrypt: 1, #pkts digest: 1
#pkts decaps: 239, #pkts decrypt: 239, #pkts verify: 239
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 1, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 1.1.1.1, remote crypto endpt.: 71.40.110.179
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: C1074C40
current inbound spi : B21273A9
inbound esp sas:
spi: 0xB21273A9 (2987553705)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 1691648, crypto-map: outside_map1
sa timing: remaining key lifetime (kB/sec): (3914989/27694)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xC1074C40 (3238480960)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 1691648, crypto-map: outside_map1
sa timing: remaining key lifetime (kB/sec): (3914999/27694)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Site B running config:
Result of the command: "sh run"
: Saved
: Serial Number: JMX184640WY
: Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
ASA Version 9.2(2)4
hostname CSOLSAASA
enable password WI19w3dXj6ANP8c6 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 2.2.2.2 255.255.255.248
ftp mode passive
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network mcallen_network
subnet 192.168.2.0 255.255.255.0
access-list outside_cryptomap extended permit ip object NETWORK_OBJ_192.168.1.0_24 object mcallen_network
access-list outside_access_in extended permit ip object mcallen_network 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-731-101.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static mcallen_network mcallen_network no-proxy-arp route-lookup
nat (inside,outside) after-auto source dynamic any interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 2.2.2.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map3 1 match address outside_cryptomap
crypto map outside_map3 1 set peer 1.1.1.1
crypto map outside_map3 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map3 interface outside
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.200-192.168.1.250 inside
dhcpd dns 24.93.41.125 24.93.41.126 interface inside
dhcpd domain CSOLSA.LOCAL interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
ikev1 pre-shared-key *****
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4e058021a6e84ac7956dca0e5a143b8d
: end
Site B sh crypto isakmp sa:
Result of the command: "sh crypto isakmp sa"
IKEv1 SAs:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 1.1.1.1
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
There are no IKEv2 SAs
Site B sh ipsec sa:
Result of the command: "sh ipsec sa"
interface: outside
Crypto map tag: outside_map3, seq num: 1, local addr: 71.40.110.179
access-list outside_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
current_peer: 1.1.1.1
#pkts encaps: 286, #pkts encrypt: 286, #pkts digest: 286
#pkts decaps: 1, #pkts decrypt: 1, #pkts verify: 1
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 286, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2/0, remote crypto endpt.: 1.1.1.1/0
path mtu 1500, ipsec overhead 58(36), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: B21273A9
current inbound spi : C1074C40
inbound esp sas:
spi: 0xC1074C40 (3238480960)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, IKEv1, }
slot: 0, conn_id: 28672, crypto-map: outside_map3
sa timing: remaining key lifetime (kB/sec): (4373999/27456)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000003
outbound esp sas:
spi: 0xB21273A9 (2987553705)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, IKEv1, }
slot: 0, conn_id: 28672, crypto-map: outside_map3
sa timing: remaining key lifetime (kB/sec): (4373987/27456)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001Hi Keegan,
Your tunnel is up and encrypting traffic one way, the other end is not able to encrypt the traffic.
I would suggest to do a 'clear xlate'? Sometimes if you setup the nonat configuration after you've attempted other configurations, you need to 'clear xlate' before the previous NAT configuration is cleared and the new one works.
HTH
"Please rate useful posts" -
Reroute some vrf traffic between 2 sites over redundant link
hey guys,
We have a single client (in vrf) with 2 sites in different states and running over our mpls core.. Our primary link in our core is experiencing degredation of service and want to route this client over our redundant link while keeping all other clients going over our primary link - is this possible?
The client in question has its own vrf (L3VPN) at both sites and is running over mpls between both sites. We want to re-route this particular client to take our backup path, while keeping everyone else between both sites going over the primary. We are not using TE, instead LDP to build MPLS.
I don't believe this is possible to only re-route one client, however I thought I would ask the question.
We cannot failover to secondary link for everyone between both sites because the link doesn't have the capacity.
Thanks in advance.Hi,
Using MPLS TE would certainly be an option. You would need to setup an MPLS TE LSP over the backup. You would also need to configure a separate lookback interface on each PE and use this loopback interface address as the next hop for the specific VRF
ip vrf X
bgp next-hop loopback 999
ip route 255.255.255.255 Tu1
This way you would make sure that only the traffic for this specific VRF would travel over the TE tunnel.
Regards -
Hi All,
Please have a look in to the below mentioned environment.
primary site :SITE 1
server 1
server 2
secondary site :SITE 2
server 3
Note : All the above three servers are in single DAG .All the database are mounted on the server (server 1) which is located in the primary site (I.E SITE 1).
On that 5 databases we are having 3500 users .Based on the user designation we have allocated the mailbox size.
Query : Each and every day we are having the large no copy queue length for all the five databases to the server located in SITE 2.
Please help me out on this and also tell me is there any tool available to exactly get the required bandwidth for the exchange servers located between the active directory sites.
Thanks & Regards S.NithyanandhamI don't know of any tool that can calculate things for you but latency is the biggest thing you have to worry about. The other issues is looking at the network gear between the 2 sites. I have seen many times were switches get maxed out if they are set to
1 GB or even ports getting maxed out and need to bonded for more throughput. Test your latency from the edge of each site then test it within to see if there is a difference.
Regardless of their geographic location relative to other DAG members, each member of the DAG must have round trip network latency no greater than 500 milliseconds between each other member.
As the round trip latency between two Mailbox servers hosting copies of a database increases, the potential for replication not being up to date also increases. Regardless of the latency of the solution, customers should validate that the networks between
all DAG members is capable of satisfying the data protection and availability goals of the deployment. Configurations with higher latency values may require special tuning of DAG, replication, and network parameters, such as increasing the number of databases
or decreasing the number of mailboxes per database, to achieve the desired goals.
Round trip latency requirements may not be the most stringent network bandwidth and latency requirement for a multi-datacenter configuration. You must evaluate the total network load, which
includes client access, Active Directory, transport, continuous replication, and other application traffic, to determine the necessary network requirements for your environment.
http://technet.microsoft.com/en-us/library/dd638104(v=exchg.150).aspx
DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com -
"Sharing" a stateful session bean between two servlets, beans
Hello!
I just started to learn some java ee programming and was wondering how i would share one stateful session bean between two servlets.
I created the bean with @Stateful.
I tried to inject the stateful bean in both servlets by @EJB and i can manipulate the object, but each servlet seems to have its own object.
The bean has a remote interface that it implements.
What i also tried was to add the mappedName to the @Stateful expression. Something like: @Stateful(mappedName="name") and to use the bean by @EJB(mappedName="name") but it had no effect.
Im using glassfish 2.1 with netbeans 6.7.1 as my environment (standard settings)
dummy question, but i googled like hours and couldnt find anything : \
hope someone can help and sorry for my bad english
greets and thanksHi there!
I think you are searching for something like an application wide singleton. There is the possibility to define such one in the Glassfish admin console.
Hope this helps! -
Using Measurement Studio (Vis. Basic), I'm trying to calculate as a numerical value the total or average power between two stated frequencies of the AutoPowerSpectrum. The PowerFrequencyEstimate Method gets me part of the way there. Using appropriate values of the input variables SearchFreq and Span, I divided the range between my two frequencies into 12 segments and let PowerFrequencyEstimate find the frequency and its power at the highest point in each segment. Then I added the 12 resulting powers. Since these are power values at several peaks, not average power over a given frequency range, it's not exactl
y what I want. Do any other approaches occurr to anyone?
Thanks.Most people here won't do your homework for you. If you make an attempt yourself and get stuck then post your code (wrapped in code tags for easy reading), include any errors you get and what line they occur on and most of all ask a specific question. Don't just say "It doesn't work".
However, your assignment mentions that you are not allowed to use inbuilt C/C++ functions. This is a Java forum. Although the languages are similar and some here have C experience, try posting in a C forum. -
What is the difference between these two sites.
What is the difference between (this site) Apple Support Communities and the Developer forum.
When I search on "apple developers forum" what is the difference between the first and the seconde hit.
RL6001RL6001 wrote:
What is the difference between (this site) Apple Support Communities and the Developer forum.
Aside from any other benefits of the paid developer programs, the Developer forums are focused solely on developers. This forums is just one little out-of-the-way corner of a much larger, more consumer oriented discussion site. Questions asked in the Developer forums are typically more difficult and may take several days to get an answer. Questions here are more beginner-type questions and you will get an answer much more quickly. The Developer forums are mostly populated by professional developers who have a much different perspective than you get on most other public internet forums. If you don't know what I'm talking about then you probably wouldn't believe me anyway. -
Mirrored Storage between two servers
Hello,
Is it possible to create redundant storage using two Windows 2012 r2 servers? I've been looking all over and any HA options always reference having external shared storage presented to the cluster (I assume NAS/SAN). I am also assuming that said
posts expect that whatever tech is being used for shared storage deals with keeping that data fault tolerant (e.g., mirrored SAN) and the Windows cluster need not be aware of that happening in the background.
Due to lack of any storage hardware in my environment I was hoping there was a way to create a redundant file share/system between two Windows 2012 r2 servers at which point I could then create an iSCSI target to present a virtual drive to an application
server cluster. That way if one of the "storage servers" fails it won't take down the application running on the app server. I looked into DFS however since the app locks its files those won't replicate across.
I hope my question wasn't too convoluted.
Thanks for any guidance!Hi Bkboudreau,
If I am not misunderstand your question, you are finding the method for iSCSI target servers synchronize iSCSI data.
Replication of data between sites is very important in a multi-site cluster, and is accomplished in different ways by different hardware vendors. You can choose the hardware
storage vendor solution when you want to synchronize data between two shared storage.
You cannot use the feature in Windows Server 2008 called Distributed File System Replication (DFS-R) as your data replication method in a multi-site cluster. DFS-R only performs
its data replication after a file is closed. This works well for files such as documents, presentations, or spreadsheets, but it will not work for files that are held open, such as databases or virtual machines. You must choose a replication option other than
DFS-R.
The related KB:
Requirements and Recommendations for a Multi-Site Failover Cluster
http://technet.microsoft.com/zh-cn/library/dd197575(v=ws.10).aspx
The similar thread:
how to sync the data between the two iSCSI target server
http://social.technet.microsoft.com/Forums/windowsserver/en-US/067ba543-369c-4d22-9f00-1f41d7aedc00/how-to-sync-the-data-between-the-two-iscsi-target-server?forum=winserverClustering
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
How DHCP scope will work between two Wireless contoller
Dear All,
I would like to inform you that we are going to deploy Wireless Network with redundancy of Wireless LAN Controller and we need to figure out how DHCP scope would work during fail over any one of Wireless LAN controller and DHCP Server .I have two site where Two Differenet DHCP Server would be palced with different DHCP socpe.So My query is that if Site-A(according to attached diagram) DHCP Server and controller fails how Wireless client will take the DHCP scope from Site-B(according to attached diagram) DHCP Server as it has been configured different DHCP Scope.Can any one tell me whether i can configure same DHCP Scope at Both Site's DHCP Server.
Is there any way to configure same DHCP Scope for two sites.For your infromation client wants two Different DHCP Server with different scope for Two Site and how redundancy would be ensured if any one WLC or DHCP goes down.
I am eagerly waiting for your reply as early as possible.Please help to figure out the solution.
I am going to attached Sample Design for your reference.
Thanks and regards
ErfanErfan:
My query was that if one wireless client already associated
WLC-A with one IP block of Location-A (DHCP Server) using SSID named TEST. If DHCP-A or WLC-A goes down then how that same client would associate with WLC-B and get the IP Block from Location-B (DHCP Server) using same SSID name TEST.
In this case the clinets connected to the APs in location A will disconnect (if the WLC went down) and they have to connect again when the APs join WLC-B. They will get IP address from location B block then.
If DHCP went down when new clinets try to connect the primary DHCP is down so they are referred to the secondary DHCP. connected clinets will disconnect only when their DHCP lease times out. They will try to renew but the DHCP server is not available. They will disconnect then and connect again and getting IP from B site.
1. How we will create same policy for that two different block using same SSID.
what policy? where?..etc?
2. client would be connected with Access point but they will get the IP through VLAN interface of the Controller and we have to assign IP helper address in the interface vlan.So how the the client would get the IP block if we assign two IP helper address in the interface vlan in case of failure of DHCP and WLC of one location.
3. If we assign two IP helper address then which DHCP Server will release the IP for client and we can make delay between two DHCP Server to release the IP address.
If two IP helpers are configured the switch will send them both the client's request and they client receives two offers. The clients chooses one of the offers. Usually the clinet will accept the faster DHCP server to respond.
If you are using the DHCP on the WLC then it is different. The WLC will always try to reach the primary DHCP server as long as it is reachable. If the primary DHCP is not reachable then it falls back to the secondary DHCP server.
Note that when you use IP helper then you usually disable DHCP Proxy feature on the controller. Do you have it disabled? -
Least Cost Routing VoIP between CME sites - can it be done?
Is it possible to configure LCR between two CME sites? I have two different CME's that are in two different states and would like to take advantage of the PSTN connections at both sites. I'm currently using h323 dial-peers for 4-digit dialing and toll bypass, but am not quite sure how to get site A to dial out site B's ISDN line for PSTN calls.
I'm using CallManager Express at both sites.
Any hints?
Thanks.Mike,
This can be done. Make the configuration transparent to the IP phone users, so they will just dial the numbers as long distance numbers. Configure redundancy via dial-peers. Two dial-peers will do the trick. The first dial-peer will send the call to the remote gateway for it to be routed out as a local call. If the number dialed is dialed as 91+10 digits, strip the 91 (and the area code if necessary) before sending the call to the remote gateway which should already be configured to route the call out as a local call. The second dial-peer is a failover dial-peer, to be used incase the WAN is down or the remote gateway is not available to route out the call. In this case, the call is sent out the local gateway as a normal long distance call.
The configuration could look somewhat like this:
voice translation-rule 4
rule 1 /^91212/ /212/
voice translation-profile LCR
translate called 4
dial-peer voice 1 voip
description ** LCR Via CME_Site_B **
destination-pattern 91212[2-9]......
translation-profile outgoing LCR
preference 1
dial-peer voice 2 pots
description ** LD to CME_Site_B Via Local PSTN**
destination-pattern 91212[2-9]......
preference 2
forward-digits 11
port x/x
Hope this helps.
Michael.
Maybe you are looking for
-
ADF Security from Database Table
I have two database tables one holding username and password and other username and role. I want to secure my ADF application based on this. I have already gone through the following link -> http://www.oracle.com/technology/products/jdev/howtos/1013/
-
Data set in Data not fill properly using ODP(Oracle.DataAccess.dll 64bit)
public void BindFun() OracleParameter[] o_OracleParameters; OracleConnection o_Connection = new OracleConnection(VRODPConnection()); OracleCommand o_OracleCommand = new OracleCommand(); Oracle
-
Lumia 800 WPA internet problem
I have WiFi router and it has WPA-Personal protection. My computer connects to internet without problem but my Lumia 800 does not. The phone connects to the network but not to the internet. Please help I have no idea what is the problem. Thanks
-
Hi can any one explanin how to configure connection pooling in jBoss server.
-
Hi, Does anybody have steps of cloning RAC instnce with oracle apps either 11i or R12. 1. Single node 2. multinode Appreciate your help. Regards H