Repository synchronization between two sites

Hi All,
We are using Oracle Designer 6i for our designs. We are creating DFDs, PFDs and ERDs. Two teams are working on this at two different locations. Can somebody suggest the way to synchronize (combine) the work done by both the teams into a single repository. For example, Team A has created DFDs, PFDs and ERDs at Location1. Team B is also creating DFDs, PFDs and ERDs at Location2. Team B will be using some of the functions in their diagrams created by Team A. Now we want to apply the changes done by Team B into the repository located at Location1.
Thanks in advance for any suggestions
regards,
Vijay

Hi Vishal,
thanks a lot for your reply. You have suggested that we can import the entire application system at Site B. At this time we are using non-versioned repository. And we are using only one application system. But the problem is that at Site B some people are making changes to the same application system used at Site A. I understand that if i have to import an application system, i have to make sure that there is no application system with the same name at the destination. So in this case if i have to import the Site A's application system at Site B, first i have to delete the Site B application system. In which case i will be losing all the changes made by the Team at Site B. But my requirement is that i want to incorporate the chages made at Site B's application system into the Site A's application system. Can you please give your thoughts about this.
thanks in advance
regards,
Vijay

Similar Messages

How to ...synchronization between two databases

Hi,
I want to set up automatic synchronization between two databases. For example, database DB1 and DB2 have table t1 and t2 with the same columns. If someone updates a record in table t1, I want automatically update the record in t2 or vice-versa.
How can I make an automatic system like that?

1) What is the business goal you're trying to satisfy? Failover, reporting, replication, geographic co-location, etc. each have their own set of technologies. Explaining what you're trying to accomplish from a business perspective will help us identify which technology (or technologies) to focus on.
2) Are you synchronizing a single table? Or multiple tables? Or all the tables in a schema? Or all the tables in a database?
3) Is there a stable network connection between the boxes?
4) What version of Oracle do you have (10.2, 10.1, 9.2, 9.0.1, etc)? What edition (standard, express, enterprise, etc)?
5) How quickly after a change has been made on DB1 does the change need to reflect on DB2?
6) Am I correct in understanding that you want to be able to change the same row of data on either DB1 or DB2? So the replication needs to go in both directions?
Justin

Exchange High availability between two sites with two servers

Hi Team,
I have a requirement to deploy exchange server 2010 between two sites. but i have limited resources to full fill this. below the summary.
2 servers in two sites
different subnets will user for two sites
Need to deploy DAG.
please let me know the considerations for this deployment.
Thank you

Hi - In this scenario, you would setup the following: Site 1: Exchange 2010 Multi-Role server File Share location to place File Share Witness for the DAG Site 2: Exchange 2010 Multi-Role server The above will give you 2 nodes in the primary location and
one node in the secondary location so that resources will stay in Site one. You will also need to enable DAC (Datacenter Activation Coordination) on the DAG so that the Cluster group can be managed by Exchange. Last but not least, you will want to restrict
automatic failover of resources to Site 2 by blocking that action on the Exchange server in Site 2 using 'Set-MailboxServer <servername> -DatabaseCopyAutoActivationPolicy Blocked' This will make you manually failover to site 2 and not end up with resources
there after a sudden failure or issue that is not impacting the entire site.Jason Apt Microsoft Certified Master | Exchange 2010

Toplink cache synchronization between two nodes using tomcat

Hi,
In our appcation we have two nodes. Using websphere we used to synchronize toplink cache between two nodes. Can we do same thing using tomcat.

Yes, TopLink implements cache synchronization using JMS or RMI easily, which are not dependent on the server being used - though it JMS especially does require a JMS provider that is accessible from each node. Cache synchronization is now cache coordination, and is described using JPA properties here:
http://wiki.eclipse.org/EclipseLink/Examples/JPA/CacheCoordination
the Toplink cache synchronization/coordination with JMS | EMBARCADEROS seems to be a good read for cache coordination over JMS, but is more aimed at TopLink's sessions.xml configuration.
Best Regards,
Chris

Password synchronization between two domains

Hey everybody,
we have currently the situation, where we comes to password synchronization between Domain A and Domain B. Trust relationships are not possible caused we need separated authentications between productive network and user tools.
So we would sync from Domain A (windows 2008 R2) --> Domain B (windows 2008 R2)
Domain B would also replicate per Okta to Office365 Cloud.
Now my question, could anyone point me in the right direction, what tools are usefully on the market to accomplish these issues.
Sorry for my limited english.
Best and thanks

You can try using FIM with PCNS to sync passwords from Domain A to Domain B: https://technet.microsoft.com/en-us/library/jj590203(v=ws.10).aspx
As for Office 365, you can simply implement an ADFS platform and federate it so that your users will be using their AD passwords. It is also possible to sync passwords with DirSync.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

Mapi connection behaviour between two sites-Exchange 2010

Hello,
I have small doubt, need help from you guys,
i have two sites A, B, DAG is span over the two sites;
Both site has array Of different FQDN
site A has active copies, its PASSIVE copies are in site-B
i have witnesserver in third location
if Active mailbox database in Site-A fails, passive copy on Site-B will become active; i guess
My question is ===> without downtime or without MANUAL Task, will mapi connection goes to site-B copy ??? ,

Hi,
In Cross Site maintainence we, have to work out mainly on Database Activation Coordination Mode(DAC) which avoids the split brain syndrome.
below URL's gives you clear vision on how we can do that and what it is for.
- http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/planning-deploying-testing-exchange-2010-site-resilient-solution-sized-medium-organization-part7.html
- https://technet.microsoft.com/en-us/library/dd979790.aspx
Regards,
Gowtham T

Metro-E circuits between two sites

We have two sites connected by two equal cost Metro Ethernet circuits from two different service providers. we also have two redundant L3 core switches at both sites. What is the best way to connect these two sites for load balancing as well as redundancy? They are on different subnets. The core switches currently run HSRP. We also evaluating GLBP as a possible alternative.We want to possibly avoid all single points of failure.

You could, as you note, use GLBP, but an alternative could be, make the two paths from the intial/primary HSRP gateway appear equal cost. Many routing protocols would then alternate flows across the two paths.

Redundant stateful CSS11501 between two sites

We have layer 2 connectivity between to core sites and are implementing two new CSS11501's. Is it possable to implement these in a active/backup configuration and stateful?

not statefullness.
To be statefull your setup needs a dedicated link between the 2 CSS - no extra hop or L2 switch.
You can give it a try but this is not a supported setup.
For active/backup this is no problem.
Regards,
Gilles.

Data synchronization between two offices

Hi everyone,
After building a database for our growing company, we have a problem with our data and its synchronization. Our company has a rather small, but growing, book warehouse and sells books online. We have been able to deal with orders and stock because sales were not that large.
But today we sell more and more books and the addition of a database means we need to synchronize our data from the warehouse database to the main office one, mainly to be able to know what kind of stock we have. I think we will have to go with a batch syncing scheduled twice a day for now. We have been dealing with Talend open studio so far and enjoy the product.
Do you think Talend will be able to stand that type of operation? What kind of software could be used in this case?
Thanks all!

Hi there,
I don't know Talend and thus cannot say anything about the product.
However, based on your requirement description I'd say you better go for a system with one single database.
Only that way you can check your current stock when you need it.
Moreover a single database solution is far less complex and reduces a ton of problems you will always face with distributed databases.
just my two cents...
Lars

Synchronization between two master detail jsf page

hi guys,
i have two jsf page, how can i synchronize the row selected (af:table) on the first page of one master detail ( the detail table) with the second page.
In my case in the second page i can make modifications in a dialog Popup, but the row selected (the detail table) in the first page is shown in the popup
i want the selected record of the detail table in the second page will be shown in the popup
thanks for your help
Edited by: fakhri_tn on Nov 13, 2012 11:47 PM

Hi,
in this case you need to pass the SelectedRowKeySet of the detail table in page one. So what you can do is
1. create a managed bean in page flow scope
2. when navigating to page 2, access the table component (make sure you don't create a managed bean component reference in the page flow bean and instead use a backing bean for component instance lookup) and read its selected row key set
3. On page 2, reference the page flow managed bean saved rowKeySet from the selected row keys property of the table
Frank

Setup AD Domain Between Two Sites

I am starting to learn Active Directory on Windows server. Currently I have downloaded Windows Server 2012 R2 eval. Using basic home internet connection at my house and neighbours (who agreed to help me with my studying) we each have your basic home WiFi
routers. Would like to test out setting up a domain in which a DC is at my house, and one at his house and be able to replicate the directory between the two DC's.
I am really lost on how to go about configuring the routers and respective DNS servers for this to work properly. Anybody know of a basic guide to get me started?

1. First of all for simple transfer you need to open ports that AD uses
http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
2. AD uses DNS that is integrated (in majority of cases) and use of public DNS is unwanted. Similar situation is with DHCP. On the other way, router assignes IP and resolve FQDN.
3. Some configurations with WiFi cards are not allowed in WS2012, for example teaming.
4. Using WiFi is unexpected in AD. That is why I would use least problematic locan network configuration or virtual one.
5. I recommend some reading about AD, Technet guides and step-by-step guides as well as books that ain AD basics.
Regards
Milos

"how do i synchronize between two outputs"

Hi
I'm using a bapi data service "po_bapi_getlist" which have two outputs :header and raws.
When I'm connecting each output to table view, the output information is not synchronized,
when i put the cursor on the line's header - "po nam" the cursor is not standing on the relevant "po nam" raw in raw view .
The BAPI structure has one input and tow output ports and they are both RecordSets (table output).
They have the same key fields PO_ number.
i've added the info' about our system for your review \ help:
GML version: 799.14.0027
Client version: 700.14.0.1
VCServer version:700.14.0.1
Flex version:700.14.0.1
Portal content version (HTMLBKit): 700.14.0.1
Portal Connector version: 700.14.0.1
Thanks ahead,
Regards
Eli.

Hi Eli,
Create dummy fields in the outputs that match the missing fields. The dummy fields have to be the same type as the real fields they represent. Then in the union all fields will show up. You can then use a goup by object to put the values together. I have done this a few times and it works. Hope this helps.
Example:
Output 1
firstname
lastname
address   (dummy field)
city           (dummy field)
Output 2
address
city
firstname (dummy field)
lastname   (dummy field)

No sync between two computers since last update

running Mail 2.0.5 (746.2) / 10.4.3 (8F46)
Did in the past: synchronize/copy (actually used rsync) all my Library/Mail files between two machines (including preferences asf) and have the same settings and mails on both machines.
Since the latest update this no longer works. Instead, each time mail starts on the machine onto which I copied, it complains that something is corrupt and that it has to update all the indices. (I have >100,000 emails; therefore, this is slightly annoying.)
any advice on how to synchronize between two machines (without going through .mac which is not an option for me due to the slowness)?

The fact of the matter is that PSE is aimed at the casual/hobbyist user, and will always have some limitations because of that. There are workarounds to "push the envelope", but they will always require constant vigilance and effort.
You can get some tips (and warnings) about storing the catalog on a network drive here:
http://www.johnrellis.com/psedbtool/photoshop-elements-faq.htm#_Storing_the_catalog
To answer your immediate concern, you basically want to have one and only one copy of the catalog somewhere that's accessed by both computers. That catalog should be listing photos that are stored in one and only one "master" image location. Then you can use SyncToy to keep the images in sync to that master image location, and use Organizer to update its thumbnails whenever the original images are changed. N.B.: the Organizer's catalog does not support multiple concurrent access.
Ken
P.S., I've never used the sync to photoshop.com, so someone else will have to comment about that.
Message was edited by: photodrawken to add postscript.

Site to Site VPN Between Two ASA 5505's Up But Not Passing Traffic

hello,
i am setting up a site to site vpn between two asa 5505's. the tunnel is up but i cannot get it to pass traffic and i have run out of ideas at this point. i am on site as i am posting this question and only have about 4 hours left to figure this out, so any help asap is greatly appreciated. i'll post the configs below along with the output of sh crypto isakmp sa and sh ipsec sa.
FYI the asa's are different versions, one is 9.2 the other is 8.2
Note: 1.1.1.1 = public ip for Site A 2.2.2.2 = public ip for site B
Site A running config:
Result of the command: "sh run"
: Saved
ASA Version 8.2(2)
hostname csol-asa
enable password WI19w3dXj6ANP8c6 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.1.0 san_antonio_inside
interface Vlan1
nameif inside
security-level 100
ip address 192.168.2.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 1.1.1.1 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns domain-lookup inside
dns server-group DefaultDNS
name-server 24.93.41.125
name-server 24.93.41.126
object-group network NETWORK_OBJ_192.168.2.0_24
access-list inside_access_out extended permit ip any any
access-list outside_access_out extended permit ip any any
access-list outside_access_in extended permit icmp any any
access-list outside_access_in_1 extended permit icmp any interface outside
access-list outside_access_in_1 extended permit tcp any interface outside eq pop3
access-list outside_access_in_1 extended permit tcp any interface outside eq 8100
access-list outside_access_in_1 extended permit udp any interface outside eq 8100
access-list outside_access_in_1 extended permit udp any interface outside eq 1025
access-list outside_access_in_1 extended permit tcp any interface outside eq 1025
access-list outside_access_in_1 extended permit tcp any interface outside eq 5020
access-list outside_access_in_1 extended permit tcp any interface outside eq 8080
access-list outside_access_in_1 extended permit tcp any interface outside eq www
access-list outside_access_in_1 extended permit ip san_antonio_inside 255.255.255.0 any
access-list outside_1_cryptomap extended permit ip 192.168.2.0 255.255.255.0 host san_antonio_inside
access-list outside_1_cryptomap_1 extended permit ip 192.168.2.0 255.255.255.0 san_antonio_inside 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.2.0 255.255.255.0 san_antonio_inside 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (inside) 2 interface
global (outside) 101 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 101 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface pop3 192.168.2.249 pop3 netmask 255.255.255.255
static (inside,outside) tcp interface 8100 192.168.2.161 8100 netmask 255.255.255.255
static (inside,outside) udp interface 8100 192.168.2.161 8100 netmask 255.255.255.255
static (inside,outside) udp interface 1025 192.168.2.161 1025 netmask 255.255.255.255
static (inside,outside) tcp interface 5020 192.168.2.8 5020 netmask 255.255.255.255
static (inside,outside) tcp interface 8080 192.168.2.251 8080 netmask 255.255.255.255
static (inside,inside) tcp interface www 192.168.2.8 www netmask 255.255.255.255
static (inside,outside) tcp interface 1025 192.168.2.161 1025 netmask 255.255.255.255
access-group inside_access_out out interface inside
access-group outside_access_in_1 in interface outside
route outside 0.0.0.0 0.0.0.0 1.1.1.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.2.0 255.255.255.0 inside
http 2.2.2.2 255.255.255.255 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map outside_map1 1 match address outside_1_cryptomap_1
crypto map outside_map1 1 set peer 2.2.2.2
crypto map outside_map1 1 set transform-set ESP-3DES-SHA
crypto map outside_map1 interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.2.30-192.168.2.155 inside
dhcpd dns 24.93.41.125 24.93.41.126 interface inside
dhcpd domain corporatesolutionsfw.local interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
group-policy DfltGrpPolicy attributes
tunnel-group 2.2.2.2 type ipsec-l2l
tunnel-group 2.2.2.2 ipsec-attributes
pre-shared-key *****
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:021cf43a4211a99232849372c380dda2
: end
Site A sh crypto isakmp sa:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 2.2.2.2
Type : L2L Role : responder
Rekey : no State : MM_ACTIVE
Site A sh ipsec sa:
Result of the command: "sh ipsec sa"
interface: outside
Crypto map tag: outside_map1, seq num: 1, local addr: 1.1.1.1
access-list outside_1_cryptomap_1 extended permit ip 192.168.2.0 255.255.255.0 192.168.1.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (san_antonio_inside/255.255.255.0/0/0)
current_peer: 2.2.2.2
#pkts encaps: 1, #pkts encrypt: 1, #pkts digest: 1
#pkts decaps: 239, #pkts decrypt: 239, #pkts verify: 239
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 1, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 1.1.1.1, remote crypto endpt.: 71.40.110.179
path mtu 1500, ipsec overhead 58, media mtu 1500
current outbound spi: C1074C40
current inbound spi : B21273A9
inbound esp sas:
spi: 0xB21273A9 (2987553705)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 1691648, crypto-map: outside_map1
sa timing: remaining key lifetime (kB/sec): (3914989/27694)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0xFFFFFFFF 0xFFFFFFFF
outbound esp sas:
spi: 0xC1074C40 (3238480960)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, }
slot: 0, conn_id: 1691648, crypto-map: outside_map1
sa timing: remaining key lifetime (kB/sec): (3914999/27694)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001
Site B running config:
Result of the command: "sh run"
: Saved
: Serial Number: JMX184640WY
: Hardware: ASA5505, 512 MB RAM, CPU Geode 500 MHz
ASA Version 9.2(2)4
hostname CSOLSAASA
enable password WI19w3dXj6ANP8c6 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 2.2.2.2 255.255.255.248
ftp mode passive
object network NETWORK_OBJ_192.168.1.0_24
subnet 192.168.1.0 255.255.255.0
object network mcallen_network
subnet 192.168.2.0 255.255.255.0
access-list outside_cryptomap extended permit ip object NETWORK_OBJ_192.168.1.0_24 object mcallen_network
access-list outside_access_in extended permit ip object mcallen_network 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-731-101.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static mcallen_network mcallen_network no-proxy-arp route-lookup
nat (inside,outside) after-auto source dynamic any interface
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 2.2.2.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transport
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map3 1 match address outside_cryptomap
crypto map outside_map3 1 set peer 1.1.1.1
crypto map outside_map3 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map3 interface outside
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh stricthostkeycheck
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd address 192.168.1.200-192.168.1.250 inside
dhcpd dns 24.93.41.125 24.93.41.126 interface inside
dhcpd domain CSOLSA.LOCAL interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
anyconnect-essentials
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1
tunnel-group 1.1.1.1 type ipsec-l2l
tunnel-group 1.1.1.1 ipsec-attributes
ikev1 pre-shared-key *****
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4e058021a6e84ac7956dca0e5a143b8d
: end
Site B sh crypto isakmp sa:
Result of the command: "sh crypto isakmp sa"
IKEv1 SAs:
Active SA: 1
Rekey SA: 0 (A tunnel will report 1 Active and 1 Rekey SA during rekey)
Total IKE SA: 1
1 IKE Peer: 1.1.1.1
Type : L2L Role : initiator
Rekey : no State : MM_ACTIVE
There are no IKEv2 SAs
Site B sh ipsec sa:
Result of the command: "sh ipsec sa"
interface: outside
Crypto map tag: outside_map3, seq num: 1, local addr: 71.40.110.179
access-list outside_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
local ident (addr/mask/prot/port): (192.168.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (192.168.2.0/255.255.255.0/0/0)
current_peer: 1.1.1.1
#pkts encaps: 286, #pkts encrypt: 286, #pkts digest: 286
#pkts decaps: 1, #pkts decrypt: 1, #pkts verify: 1
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 286, #pkts comp failed: 0, #pkts decomp failed: 0
#pre-frag successes: 0, #pre-frag failures: 0, #fragments created: 0
#PMTUs sent: 0, #PMTUs rcvd: 0, #decapsulated frgs needing reassembly: 0
#TFC rcvd: 0, #TFC sent: 0
#Valid ICMP Errors rcvd: 0, #Invalid ICMP Errors rcvd: 0
#send errors: 0, #recv errors: 0
local crypto endpt.: 2.2.2.2/0, remote crypto endpt.: 1.1.1.1/0
path mtu 1500, ipsec overhead 58(36), media mtu 1500
PMTU time remaining (sec): 0, DF policy: copy-df
ICMP error validation: disabled, TFC packets: disabled
current outbound spi: B21273A9
current inbound spi : C1074C40
inbound esp sas:
spi: 0xC1074C40 (3238480960)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, IKEv1, }
slot: 0, conn_id: 28672, crypto-map: outside_map3
sa timing: remaining key lifetime (kB/sec): (4373999/27456)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000003
outbound esp sas:
spi: 0xB21273A9 (2987553705)
transform: esp-3des esp-sha-hmac no compression
in use settings ={L2L, Tunnel, IKEv1, }
slot: 0, conn_id: 28672, crypto-map: outside_map3
sa timing: remaining key lifetime (kB/sec): (4373987/27456)
IV size: 8 bytes
replay detection support: Y
Anti replay bitmap:
0x00000000 0x00000001

Hi Keegan,
Your tunnel is up and encrypting traffic one way, the other end is not able to encrypt the traffic.
I would suggest to do a 'clear xlate'? Sometimes if you setup the nonat configuration after you've attempted other configurations, you need to 'clear xlate' before the previous NAT configuration is cleared and the new one works.
HTH
"Please rate useful posts"

Need to know how to calculate and allocate the server side bandwidth between two exchange sites for DAG replication

Hi All,
Please have a look in to the below mentioned environment.
primary site :SITE 1
server 1
server 2
secondary site :SITE 2
server 3
Note : All the above three servers are in single DAG .All the database are mounted on the server (server 1) which is located in the primary site (I.E SITE 1).
On that 5 databases we are having 3500 users .Based on the user designation we have allocated the mailbox size.
Query : Each and every day we are having the large no copy queue length for all the five databases to the server located in SITE 2.
Please help me out on this and also tell me is there any tool available to exactly get the required bandwidth for the exchange servers located between the active directory sites.
Thanks & Regards S.Nithyanandham

I don't know of any tool that can calculate things for you but latency is the biggest thing you have to worry about. The other issues is looking at the network gear between the 2 sites. I have seen many times were switches get maxed out if they are set to
1 GB or even ports getting maxed out and need to bonded for more throughput. Test your latency from the edge of each site then test it within to see if there is a difference.
Regardless of their geographic location relative to other DAG members, each member of the DAG must have round trip network latency no greater than 500 milliseconds between each other member.
As the round trip latency between two Mailbox servers hosting copies of a database increases, the potential for replication not being up to date also increases. Regardless of the latency of the solution, customers should validate that the networks between
all DAG members is capable of satisfying the data protection and availability goals of the deployment. Configurations with higher latency values may require special tuning of DAG, replication, and network parameters, such as increasing the number of databases
or decreasing the number of mailboxes per database, to achieve the desired goals.
Round trip latency requirements may not be the most stringent network bandwidth and latency requirement for a multi-datacenter configuration. You must evaluate the total network load, which
includes client access, Active Directory, transport, continuous replication, and other application traffic, to determine the necessary network requirements for your environment.
http://technet.microsoft.com/en-us/library/dd638104(v=exchg.150).aspx
DJ Grijalva | MCITP: EMA 2007/2010 SPA 2010 | www.persistentcerebro.com

Repository synchronization between two sites

Similar Messages

Maybe you are looking for