Relay traffic out same interface

Similar Messages

• Routing traffice using 2 interfaces

                  my question is whats the best solution for routing internet traffic out one interface and production, management traffic out another interface. using a cisco ISR 2900

  You can use PBR.
  Here are 2 documents with examples:
  http://www.cisco.com/en/US/docs/ios/12_2/qos/configuration/guide/qcfpbr_ps1835_TSD_Products_Configuration_Guide_Chapter.html
  https://supportforums.cisco.com/docs/DOC-1634
  HTH

• CSS11503 - Inbound and outbound traffic on same virtual interface

  Setup two CSS11503's running 8.10. Running and active/passive config.
  Two groups of servers each with a VIP. Both groups of servers on the same VLAN.
  The VIP's reside on VLAN1 and the servers are on VLAN2
  Problem:
  Servers from one group cannot access the other via it's VIP. Servers cannot access themselves via their VIP as well.
  Can ping the vip's with out a problem.
  I assume that this is because that traffic generated by a client is going in and out of the same interface.
  I have come across similar problems on various firewalls.
  Is there anyway of getting around this.
  Thanks
  Julian

  Julian,
  this is not the same issue as firewall preventing traffic to go in and out the same interface.
  The problem here is that the CSS will receive traffic from Server1, it will nat the vip into Server2 and forward traffic keeping the src ip unchanged.
  So, when Server2 replies, it sends the response to Server1. Since they are on the same subnet, the response bypass the CSS and Server1 receives a response from Server2 which is unknown to Server1 since it expects a response from the Vip.
  The solution is to implement source nat on the CSS for traffic originating from the servers.
  This can be done with a group and an ACL.
  This was discussed many times, so I think you should be able to find a sample config somewhere.
  If you can't let me know.
  Gilles.

• Not working traffic inside of the same interface

  Hi Guys.
  I need your help to configure a Cisco ASA 5510.
  Connencted the a single interface I have a switch. To this switch (same VLAN) there are connected:
  1. The Subnet of the main office (192.168.1.253)
  2. A router  (IP 192.168.1.254) that routes the traffic to a remote location (Subnet 192.168.8.0/24)
  I have so allowed any traffic incoming to the inside interface as follows:
  access-list inside_access_in extended permit ip any any
  and I have permitted traffic intra interface as follows:
  same-security-traffic permit intra-interface
  Then I created a static route:
  route inside 192.168.8.0 255.255.255.0 EXTERNAL_ROUTER 1
  Now I can successfully ping the destination:
  Pinging 192.168.8.10 with 32 bytes of data:
  Reply from 192.168.8.10: bytes=32 time=135ms TTL=123
  Reply from 192.168.8.10: bytes=32 time=146ms TTL=123
  Reply from 192.168.8.10: bytes=32 time=143ms TTL=123
  Reply from 192.168.8.10: bytes=32 time=188ms TTL=123
  Unfortunately I cannot RDP into that server. When I simulate the connection via Packet tracer, it tells me that the implicit deny on the bottom of the conncections from "inside" (firewall) does not allow the connection.
  It sounds to me like that "same-security-traffic permit intra-interface" does work only if there are 2 interfaces and not a single one.
  Unfortunately I cannot just unplug the cable and connect it into another port as the ip is on the same subnet and I cannot configure the other end router.
  Please help :-(
  Thanks,
  Dario Vanin

  Ahh OK, telco router.
  You can quickly test if it's working by configuring the PC with static routes for 192.168.8.0/24 pointing towards the router (192.168.1.254).
  Here is sample configuration on TCP State Bypass:
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080b2d922.shtml
  access-list tcp-bypass-acl permit tcp 192.168.1.0 255.255.255.0 192.168.8.0 255.255.255.0
  access-list tcp-bypass-acl permit tcp 192.168.8.0 255.255.255.0 192.168.1.0 255.255.255.0
  class-map tcp-bypass-cm
     match access-list tcp-bypass-acl
  policy-map tcp-bypass-policy
     class tcp-bypass-cm
         set connection advanced-options tcp-state-bypass
  service-policy tcp-bypass-policy inside

• ASR1K 5xE1 MFR Frame relay traffic not forwarding in one direction

   Dear Techies, 
   Hope all is well !
  Im doing this inter-op testing with Alcatel device for frame-relay and MFRs and got stuck at this situation which is actually mind boggling and I think i might be missing something "silly" :-(
  Its a simple setup of
  1. My ASR 1002-X with a LAN (Gig0/0/0) port is connected to a traffic generator.(ixia).
  2. ASR WAN port is a 5xE1 bundled into a MFR circuit.
  3. WAN link goes to a Alcatel box giving me my FR-DCE with E1s over MFR.
  Issue is , I can send traffic to max throughput with  flow initiated from  LAN to WAN bit NOT the reverse flow initiated  from WAN side to LAN port. I see traffic coming into my 5xE1s (1.8 mbps each) but the traffic just wont go to the LAN side , somewhere it gets "stuck" or "dropped".
  PING works fine from both sides.......but sending traffic is not possible !!
  ASR CONFIG
  controller SONET 0/3/0
   framing sdh
   clock source line
   aug mapping au-4
   au-4 1 tug-3 1
    mode c-12
    tug-2 1 e1 1 unframed
    tug-2 1 e1 2 unframed
    tug-2 1 e1 3 unframed
    tug-2 2 e1 1 unframed
    tug-2 2 e1 2 unframed
    tug-2 2 e1 3 unframed
   au-4 1 tug-3 2
    mode c-12
    tug-2 1 e1 1 unframed
    tug-2 1 e1 2 unframed
    tug-2 1 e1 3 unframed
   au-4 1 tug-3 3
    mode c-12
  interface MFR1
   no ip address
   encapsulation frame-relay IETF
   load-interval 30
   frame-relay multilink bid 10MB-PiPe
   frame-relay multilink bandwidth-class a
   frame-relay lmi-type ansi
  interface MFR1.1 point-to-point
   ip address 10.10.17.2 255.255.255.0
   frame-relay interface-dlci 100   
  interface GigabitEthernet0/0/0
   no ip address
   load-interval 30
   negotiation auto
  interface GigabitEthernet0/0/0.110
   encapsulation dot1Q 110
   ip address 11.11.11.1 255.255.255.0
  interface Serial0/3/0.1/1/1/1:0
   no ip address
   encapsulation frame-relay MFR1
   frame-relay multilink lid First-Link
  interface Serial0/3/0.1/1/1/2:0
   no ip address
   encapsulation frame-relay MFR1
   frame-relay multilink lid Second-Link
  interface Serial0/3/0.1/1/1/3:0
   no ip address
   encapsulation frame-relay MFR1
   frame-relay multilink lid Third-Link
  interface Serial0/3/0.1/1/2/1:0
   no ip address
   encapsulation frame-relay MFR1
   frame-relay multilink lid Fourth-Link
  interface Serial0/3/0.1/1/2/2:0
   no ip address
   encapsulation frame-relay MFR1
   frame-relay multilink lid Fifth-Link
  SDH_FR#sh frame-relay mul
  SDH_FR#sh frame-relay multilink 
  Bundle: MFR1, State = up, class = A, fragmentation disabled
   BID = 10MB-PiPe
   Bundle links:
    Serial0/3/0.1/1/1/1:0, HW state = up, link state = Up, LID = First-Link
    Serial0/3/0.1/1/2/2:0, HW state = up, link state = Up, LID = Fifth-Link
    Serial0/3/0.1/1/2/1:0, HW state = up, link state = Up, LID = Fourth-Link
    Serial0/3/0.1/1/1/3:0, HW state = up, link state = Up, LID = Third-Link
    Serial0/3/0.1/1/1/2:0, HW state = up, link state = Up, LID = Second-Link
  SDH_FR#
  SDH_FR#
  SDH_FR#
  SDH_FR#sh fram
  SDH_FR#sh frame-relay pvc 100
  PVC Statistics for interface MFR1 (Frame Relay DTE)
  DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = MFR1.1
    input pkts 8045          output pkts 8044         in bytes 515748    
    out bytes 527920         dropped pkts 0           in pkts dropped 0         
    out pkts dropped 0                out bytes dropped 0         
    in FECN pkts 0           in BECN pkts 0           out FECN pkts 0         
    out BECN pkts 0          in DE pkts 0             out DE pkts 0         
    out bcast pkts 0         out bcast bytes 0         
    5 minute input rate 1000 bits/sec, 2 packets/sec
    5 minute output rate 1000 bits/sec, 2 packets/sec
    pvc create time 01:07:58, last time pvc status changed 01:07:58
    fragment type end-to-end fragment size 1400
  SDH_FR#
  SDH_FR#
  SDH_FR#
  SDH_FR#
  SDH_FR#
  SDH_FR#
  SDH_FR#ping 10.10.17.1-------------------------------------------------------------------------- THIS IS ALCATEL SIDE FROM TRAFFIC HAS TO COME.
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.10.17.1, timeout is 2 seconds:
  Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms
  SDH_FR#
  SDH_FR#
  SDH_FR#sh frame-relay traffic
  Frame Relay statistics:
          ARP requests sent 0, ARP replies sent 0
          ARP request recvd 0, ARP replies recvd 0
  SDH_FR#

  What is the access rate of the head end?
  Are you using a codec other than G711?
  How many total sites are involved, what protocols are you running?
  From the math, 32K is not enough CIR to ensure 4 calls proper Bandwidth. At what point is the voice degrading, is is choppy missing message, sound, jitter, echo or after 1, 2 or 3 calls.
  Even if you are using G729a, voice packets could be dropped. Not to say that it is here, but look at the FRS stats to see ip packets are being dropped.
  Traffic shaping is always recommended, rtp header compression will help, but the trade-off is around a 20% CPU hit.
  If you implement traffic shapping , it needs to be done throughout the network as queueing delays related to data on other slow links and at the headend (specifically here) could be the cause of the distortion alone. I would at least try traffic shapping first, then if the problem doen't go away, increase CIR for Voice, if there are still issues, implement LLQ.

• IPS not detecting packets Entering & Exiting Same Interface

  Hi,
  Consider scenario :-
  Host A--->Router B--->Router C
  All are in the same subnet
  Router C also has an active interface on another subnet.
  When I telnet from A to C (interface with ip address in another subnet),
  I force traffic from A to C to pass through B, by setting static routes AND ** DISABLING IP REDIRECTS ***
  Trafic flows from A to B IN through Fa0/0, and OUT again through Fa0/0 from B to C
  I have ACL's (permit/log) that show this flow !!!!
  I also have IPS enabled in/out on Fa0/0 on router B.
  However, traffic flowing through Router B, which enters / exits the same interface, does not get picked up by IPS. (I trigger signatures)
  Is this normal ?? Or am I missing something ?

  I don't use the router IPS, but I'll give it a shot;-) I don't understand the network config. I'll try to redraw the network to see if I understand what you're saying:
  Host A
  (NET1/IP1)
  |
  -------- (NET1/IP3) Router C (NET2/IP4)---
  |
  (NET1/IP2)
  Router B
  Host A uses Router B as its gateway to NET2 and since redirects are disabled on router B, all traffic from Host A to IP4 flows through router B. If the diagram above is correct though, return traffic from router C will not be routed through Router B because the destination is on the same network as router C. How are you getting return traffic to flow through router B?
  Based on the following doc:
  http://www.cisco.com/application/pdf/en/us/guest/products/ps6634/c1244/cdccont_0900aecd80327257.pdf
  If you're attempting to fire atomic signatures (single packet) then signatures should still fire anyway when inspected inbound. If you're attempting to trigger a stateful signature then this would be a plausible explanation.

• NM-16ESW - adding a switch into a 3725 router slot - can i route traffic out of the switch ?

  Hi all,
  I have added the above module (16 switch port) into my router.
  R16#show ip int br
  Interface IP-Address OK? Method Status Protocol
  FastEthernet0/0 unassigned YES unset administratively down down
  FastEthernet0/1 unassigned YES unset administratively down down
  FastEthernet1/0 unassigned YES unset administratively down down
  FastEthernet1/1 unassigned YES unset administratively down down
  FastEthernet1/2 unassigned YES unset administratively down down
  FastEthernet1/3 unassigned YES unset administratively down down
  FastEthernet1/4 unassigned YES unset administratively down down
  FastEthernet1/5 unassigned YES unset administratively down down
  FastEthernet1/6 unassigned YES unset administratively down down
  FastEthernet1/7 unassigned YES unset administratively down down
  FastEthernet1/8 unassigned YES unset administratively down down
  FastEthernet1/9 unassigned YES unset administratively down down
  FastEthernet1/10 unassigned YES unset administratively down down
  FastEthernet1/11 unassigned YES unset administratively down down
  FastEthernet1/12 unassigned YES unset administratively down down
  FastEthernet1/13 unassigned YES unset administratively down down
  FastEthernet1/14 unassigned YES unset administratively down down
  FastEthernet1/15 unassigned YES unset administratively down down
  Vlan1 unassigned YES unset up down
  R16(config-if)#int fa1/0
  R16(config-if)#ip address 192.168.10.1 255.255.255.0
  % IP addresses may not be configured on L2 links.
  R16(config-if)#
  q1) Not being able to set IP to the interface as shown above, I would believe it is really a switch port.  Is there anyway I can see what kind of port a interface is or can be ? (switch port, routed port etc ?)   or whether is it a L2 or L3 switch ?
  q2) in that case, since the switch is already inside the router, how do i route L3 traffic out of the switch ? 
  Assuming fe0/1 on the router is the interface connected to external network.
  and 2 workstations attached to the switch ports fe1/1 and and fe1/2, how can i set their gateway to point to fe0/1's IP ? Can fe0/1 to be connected to fe1/0 internally ?
  Regards,
  Noob

  Hi KOE SIZE JIE, 
  q1) I tried the no switchport command on the 16switch port module and it works. I can set an IP on the switch port. But according to Liam, it is a L2 switch, how come we can assign no switchport command ?
  As Bilal pointed out, I was mistaken you can issue the "no switchport" for a L3 routed port on that specific module. 
  q2) it is said that on a L2 switch only 1 SVI can be connected (for management purpose only) and L2 switch is not able to do routing. With the L2 switch module inserted into the router, will the SVI be able to do routing then ?
  I believe this goes back to what Bilal was saying about limited functionality on the EtherSwitch. I will have to play with one in GNS3 to give you a solid answer. 
  But I think what it is trying to say is... You cannot use SVI's for inter-vlan routing. You can only have a single SVI for management purposes. 
  q3)Liam, you mention earlier fa0/0 is pointing to some network. is fa0/0 in the same router as the 16 switchport module ?
  ip route 10.10.10.0 255.255.255.0 192.168.1.254 -- this command seems to be saying to access the 10.10.10.0 network, please go to the next hop IP 192.168.1.254 (but again, you are setting this next hop IP on the current router interface itself) - did i get anything wrong ?
  I have read back my post and this reads wrong. 
  When i showed you the code snippet, 192.168.1.254 would be the interface on the next hop router. Not the router you are issuing the ip route command on. You would also need an IP address on the router interface directly connected to the next hop router. I.E 192.168.1.253
  You will not then receive that error. Sorry about that, my sloppy config without a diagram!
  HTHs,
  Liam

• MTU for out going interface.

  Hi Expert,
  I have ASR9010 with single incoming interface(GE) and two outgoing interfaces(TenG1 and Bundle-E(TenG2)). the routing/cef/label is configured to forwarding traffic out TenG1. All interfaces are configured with MTU 9194.
  - When I inject traffic with 1500byte size, traffic has been forwarded out TenG1 as intended.
  - Same traffic but change the size to 9000byte, traffic has been forwared out Bundle-E and it can not reach the destination.... routing /CEF still say that it should be forwared out TenG1.
  Any possibility that I have done something wrong?
  Regard,
  Marit.

  Thank guys,
  After Spirent has been took out then I generated traffic by using ping with jumbo frame packet from CPE it suddenly reached the destination. So, there might be something wrong with Spirent configuration but I still wonder even wrongly configured spirent could effect routing decision on router ??
  Xander,
  I can confirm that the load balance had been took out and CEF clearly shown that the outgoing was TenG interface.
  "if the egress interface had a smaller mtu then the packet size, meaning that the egress Lc would punt for fragmentation, it could be the sw injected the packets down into other paths then what you'd expect." <-- This is what I worry, could it possible to happen that way?

• Stetting up FTP and SFTP adapters for the same interface

  Experts-
  I have a situation in which client has a requirement to setup both FTP and SFTP adapters (from adapetive adapters) for the same interface. They want to have a copy of file locally and also want a file to be sent out securly using SFTP. In my interface which was previously developed they have used one business system and added FTP and SFTP to the same. If try to add new Receiver Agreement it will say that the object already exists as the Interface Mapping is same.
  Please send me any suggestions which would resolve my problem

  Hi Hari,
  As you cannot create two Receiver agreement using only one receiver interface , please create a new receiver Interface, add that in interface determination step and then assing a different channel to new receiver agreement.
  If your requirement is to store the file ,i would suggest write the file in your unix directory using NFS( /usr/sap...). then run a AFT job (if already set up in your landscape) to transfer file securly to target destination.Not sure if its feasible in your case otherwise you can use  SFTP for the secure transfer.
  Best Regards
  Srinivas

• Routing vlan traffic out from SGE2000P

  We have one SGE2000P switch that we are testing in Layer 3. We have a very simple configuration with some vlans that we want to route to our corporate network, but I want to test if there is actually traffic coming out from the up-link port first.
  1- Created the vlans:
  VLAN1:     10.10.1.12 /16 (native)
  VLAN10: 172.16.10.1 /24
  VLAN20:  192.168.0.1 /24
  2- Assigned ports to VLans:
  Port g3 is in Vlan 10
  Port g22 is in Vlan 20
  Port g1 is by default on Vlan 1 (native)
  3 - Connected PCs to Vlans:
  PC connected at g3 has Vlan 10 IP as gateway (172.16.10.1)
  PC connected at g22 has Vlan 20 IP as gateway (192.168.0.1)
  4 - Looks like intervlan routing is working 'cause both PCs can ping each other.
  5 - I added a default route to another testing machine's IP, ie, 0.0.0.0 /0 10.10.0.1 connected to port g1, but the ping doesn't work.
  Now the questions:
  1 - How can I test if there is traffic being routed to port g1 from the vlans ???
  2 - What else do I need to add in the switch config to take traffic out from the vlans to Port g1 ???
  For reference, the sw's running-config:
  console# show running-config
  vlan database
  vlan 10,20
  exit
  interface ethernet g3
  switchport access vlan 10
  exit
  interface ethernet g22
  switchport access vlan 20
  exit
  interface vlan 1
  ip address 10.10.1.12 255.255.0.0          
  exit
  interface vlan 10
  ip address 172.16.10.1 255.255.255.0
  exit
  interface vlan 20
  ip address 192.168.0.1 255.255.255.0
  exit
  ip route 0.0.0.0 0.0.0.0 10.10.0.1 
  console#
  Any help / comment is much appreciated.
  Thanks in advance,
  jose

  Hello Jose,
  In order for a vlan to be active, you will have to have something connected to a port on that vlan. In this case you should be able to add a PC to port g1 and set it to be 10.10.1.1 with gateway of 10.10.1.12.
  If you are looking to add a router in place as the main way out to the internet, you will:
  have to have the router IP be 10.10.1.1
  add a static route in the router for each subnet pointing back to 10.10.1.12
  With the ip route already in there for 0.0.0.0 to 10.10.1.1, you should be able to get online.

• How to find all routes that are going out an interface in IOS-XR.

  Hi all,
  So if I have the following set up in IOS:
  interface GigabitEthernet7/0/0.265
  encapsulation dot1Q 265
  ip vrf forwarding test
  ip address 1.1.1.1 255.255.255.252
  ip verify unicast reverse-path
  end
  ip route vrf Apollo 2.2.2.0 255.255.255.248 1.1.1.2
  I can see all the routes that are going out the interface using show ip cef command:
  ios-router#show ip cef vrf test GigabitEthernet7/0/0.265
  2.2.2.0/29
    nexthop 1.1.1.2 GigabitEthernet7/0/0.265
  1.1.1.0/30
    attached to GigabitEthernet7/0/0.265
  1.1.1.2/32
    attached to GigabitEthernet7/0/0.265
  In case of IOS-XR (ASR9K 4.3.2 or 4.3.1) the same setup and command shows only
  attached routes:
  router static
  vrf test
    address-family ipv4 unicast
     2.2.2.0/29 1.1.1.2
  RP/0/RSP0/CPU0:TST_riga-sb7-pe-asr9#show cef vrf test bundle-ether2.265
  Prefix              Next Hop            Interface
  1.1.1.0/30          attached            Bundle-Ether2.2220333
  1.1.1.0/32          broadcast           Bundle-Ether2.2220333
  1.1.1.1/32          receive             Bundle-Ether2.2220333
  1.1.1.2/32          1.1.1.2             Bundle-Ether2.2220333
  1.1.1.3/32          broadcast           Bundle-Ether2.2220333
  Is there any command to see all the routes that are going out an interface without complicated parsing
  of the configuration, recursive show cef commands etc.?

  You can accomplish this with the "show route" command.  Here is an example:
  P/0/RSP1/CPU0:ASR9006-E#sh route next-hop tenGigE 0/3/0/2
  Tue Oct  8 15:34:58.046 UTC
  Codes: C - connected, S - static, R - RIP, B - BGP
         D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
         N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
         E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
         i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-2
         ia - IS-IS inter area, su - IS-IS summary null, * - candidate default
         U - per-user static route, o - ODR, L - local, G  - DAGR
         A - access/subscriber, - FRR Backup path
  Gateway of last resort is 172.18.87.1 to network 0.0.0.0
  D    10.95.248.1/32 [90/128512] via 10.129.56.210, 4d00h, TenGigE0/3/0/2
  C    10.129.56.208/30 is directly connected, 4d00h, TenGigE0/3/0/2
  L    10.129.56.209/32 is directly connected, 4d00h, TenGigE0/3/0/2
  O    10.242.142.240/30 [110/20] via 10.129.56.210, 3d11h, TenGigE0/3/0/2
                         [110/20] via 10.129.56.214, 3d11h, TenGigE0/3/0/3
  D    192.168.1.16/32 [90/128512] via 10.129.56.210, 4d00h, TenGigE0/3/0/2
  D    192.168.20.39/32 [90/128512] via 10.129.56.210, 4d00h, TenGigE0/3/0/2
  RP/0/RSP1/CPU0:ASR9006-E#
  Thanks,
  Bryan

• DHCP Server & DHCP Relay on the same box

  Hi,
  I was wondering if there was any tricky way to have both the DHCP server and DHCP Relay present at the same time and have router use Relay option before local DHCP pool?
  I must say that both DHCP Pool and "ip helper address" command serve the same interface. By default, router will look for locally available pools and send DHCPOFFER by itself without relaying the DHCPDISCOVER to a remote DHCP server, so incoming interface takes precedence over DHCP-relay option and I was wondering if you could tweak that...
  Thanks,
  David

  Well.. as far as I know what you are asking is not possible... :(
  Did it help?

• PAT between 2 networks on same interface

  Hi,
  I'm using asa 5505 with 8.4(2) and have the following problem.
  I have 2 Networks. each Network has it's own externel Internet-Ip and also Mail-Server.
  Here is the example:
  Network1:
  192.168.1.0/24
  Mail-Server: 192.168.1.10
  External: 1.1.1.1
  Network2:
  192.168.2.0/24
  Mail-Server: 192.168.2.10
  External: 2.2.2.2
  Both Networks are connectet through a routing-network to the asa
  interface: routed
  net: 10.10.10.0/24
  Now I want a communication between the two Mailservers with their external Ip-Address.
  I did a static NAT from ipnt any to int any or also from int routed to int routed, but nothing worked.
  Packet tracer showed at NAT-Lookup where the externel adress of the second Mailserver is passed:
  Info
  Static translate Network1 to Network1
  But it should show a translation from network1 to network1-external
  Due to Security reasons, I cannot paste the whole config. I hope the example tells enough about my Problem.
  Under 8.0 I did the same configuration with Policy-Nat and it worked.
  Thanks for help
  Sent from Cisco Technical Support iPad App

  Hello Roman,
  1-Are they behind the same interface?
  2-Can you explain a little bit better your network? A diagram would be great
  Can you try this:
  Object network Server-inside
  host: 192.168.1.10
  Object network: Server-secondary
  host: 192.168.2.10
  Object network Natted-inside
  host 1.1.1.1
  Object network Natted-secondary_server
  host 2.2.2.2
  Same-security permit intra-interface
  nat (routed,routed) source static Server-inside  Natted-inside destination static Server-secondary Natted-secondary_server
  nat (routed,routed) source static Server-secondary Natted-secondary_server destination static Server-inside  Natted-inside
  Regards,
  Julio

• How to config. different Operations of the same Interface to different BPM

  Hi Gurus
     I have a very urgent problem.
     The requirement is like this:
     Customer creates an invoice in A1S and release it. Information of the invoice is retrieved via two service interfaces:
          CustomerInvoiceProcessingInvoiceAccountingOut
          CustomerInvoiceProcessingReceivablesPayablesOut
          with operation NotifyOfInvoice;
     These two interfaces will transfer the information into XI and the information will be filled into a BAPI, BAPI_ACC_DOCUMENT_A1S, to R3. Then the finacial document together with the invoice will be created in the R3.
     when customer cancels the invoice in A1S, Information of the cancellation is retrieved via the same two service interfaces:
          CustomerInvoiceProcessingInvoiceAccountingOut
          CustomerInvoiceProcessingReceivablesPayablesOut
          with operation NotifyOfInvoiceCancellation;
     These two interfaces will transfer the information into XI and the information will be filled into a BAPI, BAPI_ACC_DOCUMENT_REV_POST, to R3. Then the reverse finacial document will be created in R3.
      My solution is like this:
      1. for invoice creation:
       Both messages sent to BPM_1, then send to R3.  3 interface determinations are needed for 3 abstract interfaces.
      2. for invoice cancellation:
       Both messages sent to BPM_2, then send to R3. 3 interface determinations are needed for 3 abstract interfaces.
      My problem is this:
      No matter during creation or cancellation, the same interfaces are triggered. The related receiver determination will distribute the information to both of two BPMs. However the information only contains data of one operaton: creation or cancellation. Error messages will appear in monitor for the other BPM. For example, when customer creates an invoice, the information only contains data of creation whereas it is sent to two BPMs via the receiver determination. the BPM for cancellation surely can not deal with this information then error appears.
      My question is : how can i solve the problem? How can i avoid the appearance of the error? thanks
  Message was edited by:
          SAP LCR

  Hi,
  In the receiver determination you can route the message to the RIGHT BPM according to the content of the payload. So each time only one BPM is called.
  Regards,
  Hui

• Same interface name in alert for the synchronous messages

  Dear Friends,
     I have configured the alert for my interfaces. In the container i have added the message id, sender interface and receiver interface variables. While the error occurs, the alert is getting triggered. But in the alert long text in both the sender and receiver interface the Same 'is_Update'(receiver interface)  is only coming.
  But in the case of asynchronous interface alerts the sender and receiver interface are coming correctly in the long text of the alert.
  Please tell me what might me the problem.
  Thanks and Regards
  Prem

  thanks for ure reply....
     ya i have given the correct interrface names.... this problem is nt only for my interface. this is for all the developers over here...in long text the same interface name is coming for both the sender interface and in receiver interface