RIP redistribution in to OSPF breaks when 1OSPF path goes down
Hi All,
I'm failing to understand why the RIP redistribution is breaking when I shutdown interface 0/0 on the mpls-usa router (mpls is just a naming convention). When 0/0 is up RIP is redistributed by when it is down I get nothing. See diagram below:
The topology:
Show ip route on mpls-2 and mpls-3 when interface 0/0 is down on mpls-usa
show ip route on mpls-2 and mpls-3 with eth 0/0 down
And this is my config on MPLS-USA
Hi,
First of all , please mention interfaces in your topology. Second in all routing table snapshot you cut the router hostname that also creates confusion.
Now in the last output, i am not sure that output is from MPLS-2 or MPLS-3 and where E0/1 is connected to. Regarding your question related to number of routes, i guess you would have only one route in routing table because in OSPF external routes other than route metric, metric to ASBR also comes in to picture.
When you shut one interface, route should not get disappeared. You can shut interface between MPLS-2 and MPLS-USA and share ospf lsa database output from MPLS-USA and MPLS-3. Also "show ip ospf nei" on MPLS-USA router.
Similar Messages
-
Is there a requirement to restart the JMS/Weblogc Server everytime when the DB goes down?
Question:
When the Database is shutdown gracefully everything was fine.
But when the Database is brought down with shutdown abort the MDB consumer will never consume messages from the topic again. And we need to restart the WebLogic Server in order to get the messages consumed again.
So is there a requirement to restart the JMS/Weblogc Server everytime when the DB goes down? If not, what type of failures will require the JMS/WLS restart?On a DB failure, a WL JDBC store service will make a brief attempt to reconnect before shutting itself down along with any services that depend on the store.
It isn't necessary to restart the entire WebLogic Server JVM to bring the affected service(s) back if you can use the Automatic Service Migration feature. ASM can automatically restart a failed service on a different WL Server in the same cluster, and/or can try a restart-in-place for the service if the service's original host WL Server JVM is still running. The Automatic Service Migration (pdf) white-paper has a thorough discussion of this area.
In addition to ASM, there's also a "whole server migration" option that can automatically restart or migrate an entire WL server.
Tom -
IOException when remote client goes down in Linux
Hello all -
This my first post here. I have ran into a bit of an issue with some code I have written. I have written a small client/server application that works on the premise that if the remote application ends, the socket will be broken, and an IOException will be thrown. I then catch the IOException and then end the particular thread associated with that socket. This works fine in Windows, but when I kill the remote application in Linux, an IOException is never thrown on the server, it's as if the socket is still there even tho the application ended. I'm thinking there is something different that happens when I kill a process in Linux vs Windows. I have tried using the SIGINT, and SIGTERM switches for kill but they made no difference. Does anyone have any idea, admittedly I am a Linux noob, thanks!
-KamIf the server is reading when the client goes down it won't get an IOException, it will get an EOS condition: read() returns -1, readLine() returns null, readXXX() for any other X throws an EOFException.
-
How do I make settings so that visited sites have a different color hypertext? For example, when I'm going down an ebay search list I want to know what items I already viewed.
* Make sure that the History is set to at least 1 day: Tools > Options > Privacy > History: "Remember visited pages for at least"
* Make sure that you do not start Firefox in Private Browsing mode (Tools > Stop Private Browsing is grayed, see [[Private Browsing]])
* To see all History and Cookie settings in Tools > Options > Privacy, choose the setting "Firefox will: Use custom settings for history"
Your above posted system details show outdated plugin(s) with known security and stability risks.
* Shockwave Flash 10.0 r12
Update the [[Managing the Flash plugin|Flash]] plugin to the latest version.
*http://www.adobe.com/software/flash/about/ -
Skype group chat breaking when my internet goes do...
So for the past few days my internet has been unexpectedly going down at random times. This is normally not too big an issue but whenever it happens while I am sending a message in a group chat, the whole thing breaks meaning no new messages appear and I can't send any messages. Signing in and out doesn't fix the issue and neither does a PC restart. I know messages are being sent as I can see them on my mobile but not on the desktop app. The only way I can fix it is by leaving and rejoining the chat which is a pain as someone has to re add me every time (it happens quite frequently). Is there any other way to fix this?
In a P2P Moderated chat, the messages are only delivered when at least one of your assigned "buddies" is Online. This is different from new Cloud-based group chats, where messages are delivered via a Cloud server. In MODERATED chats, the creator has the option to REMOVE any message, but cannot EDIT anyone. http://community.skype.com/t5/Windows-desktop-client/Can-t-edit-my-own-messages-in-a-moderated-chat/m-p/4037582#M354165
-
Unable to access DFS shares when server 1 goes down
Hello all,
I have a test domain I am building in order to prepare for a new domain we are going to create. We currently have an SBS 2003 that is reaching the end of its' life. We are going to start fresh. I have setup domain-based DFS along with DFS folder replication
for each of the folders. So far, all is working ok, up to this point.
Replication is occurring as it should and my Hyper-V test machines can connect to the mapped drives via the DFS namespace.
\\domain\namespace\target folder
However, once I shut down the primary server (SRV01) I am no longer able to access the shares. The namespace servers tab on the center window of the namespace MMC, has both SRV01 and 02 listed. I receive no errors except "Unable to connect to \\domain\namespace\target
folder because it is unavailable". It is not "failing over" to the secondary available server.
Once I power SRV01 back up, connectivity is then restored to the folders and mapped drives. Is there something I should check for, or am missing?
Any and all insight is appreciated.
Dario GarciaHi,
1. Run DFSUTIL /pktinfo to see if the referral target is still the primary server when it is actually down.
If so, run DFSUTIL /pktflush to flush the cached information and try to access the namespace again.
2. If 1 cannot help, whether DNS is also configged on primary server? If so, as it is down,
\\domain may not be recognized.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected] -
Secondary DNS failing to redirect clients when Primary DNS goes down
I have a single domain with two Windows 2008 servers, DC1 (physical) and DC2 (virtual). Both servers run DNS and are GC servers, and the entire domain is on the same subnet (192.168.0.x).
All clients on the network are configured to use DC1 as primary DNS, DC2 as secondary DNS.
DHCP is enabled only on DC1. (This might be part of the issue, not sure).
The problem is that when DC1 goes down for a reboot or repair, we lose access to the internet from our clients. Trying to pull up any website results in a "Page cannot be displayed" error. DC2 is available during this time and can be
pinged from any client but does not resolve DNS requests, even if I specify it as the primary DNS server on one of my workstations. However I can log on to DC2 locally and browse the web.
Here are the results of a DCdiag /dnsall from DC2 (I bolded areas of concern):
Directory Server Diagnosis
Performing initial setup:
* Connecting to directory service on server DC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DC2 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : mydomain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : mydomain.com
Starting test: DNS
Test results for domain controllers:
DC: DC2.mydomain.com
Domain: mydomain.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoftr Windows Serverr 2008 Standard
(Service Pack level: 2.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000006] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:0C:29:91:59:68
IP Address is static
IP address: 192.168.0.249
DNS servers:
192.168.0.105 (DC1.mydomain.com.) [Valid]
127.0.0.1 (DC2) [Valid]
The A host record(s) for this DC was found
Warning: The AAAA record for this DC was not found
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.) - mydomain.com]
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.0.105 (DC1.mydomain.com.) [Valid]
192.168.0.7 (<name unavailable>) [Invalid (unreachable)]
Error: Forwarders list has invalid forwarder: 192.168.0.7 (<name unavailable>)
TEST: Delegations (Del)
Delegation information for the zone: mydomain.com.
Delegated domain name: _msdcs.mydomain.com.
DNS server: DC1.mydomain.com. IP:192.168.0.105 [Valid]
TEST: Dynamic update (Dyn)
Test record _dcdiag_test_record added successfully in zone mydomain.com
Test record _dcdiag_test_record deleted successfully in zone mydomain.com
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 192.168.0.105:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Matching CNAME record found at DNS server 192.168.0.249:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
Matching
SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching
SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Warning: Record Registrations not found in some network adapters
TEST: External name resolution (Ext)
Internet name www.microsoft.com was resolved successfully
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.0.7 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.7
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.168.0.105 (DC1.mydomain.com.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.mydomain.com. is operational on IP 192.168.0.105
DNS server: 192.168.0.249 (DC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: mydomain.com
DC2
PASS WARN FAIL PASS PASS WARN PASS
......................... mydomain.com failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: IntersiteLooks like it may be trying to forward to a machine that's down (DC1 and another 192.168.0.7) and root hints aren't available.
Check out this article:
http://technet.microsoft.com/en-us/library/ff807391(v=ws.10).aspx
See if you can enable DNS access through the firewall to the Internet if it's not already available. Try to match whatever forwarder settings are on DC1, or remove them entirely and let the server resolve DNS from Internet root servers. Alternativly,
you could change your forwarder to a public DNS server you have access to, your ISP should supply this or you could test with something common like 4.2.2.2.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
ASA has to be failed over when primary ISP goes down.
I have an outside 7206 router that is configured with BGP. Behind that I have an ASA 5520 with a failover. Everytime my primary ISP goes down I have to failover the ASA to restablish a connection to the secondary ISP. When the primary comes back on line I have to fail it over again. I have had Cisco TAC look at the ASA and they didn't see anything misconfigured on the ASA. Doesn't seem to be any problems with the router config either. Any Ideas on what could be causing this?
Thanks for your responses. Sorry, I'm new to this. Here are the configs and a simple pic of the primary asa and router the way thery are deployed. I've been dealing with issue for a while. Hoping to get some help here.
7206 router:
show runn
Building configuration...
Current configuration : 4678 bytes
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname lee-border
boot-start-marker
boot-end-marker
enable secret 5 **********************
no aaa new-model
ip subnet-zero
ip cef
ip name-server 206.77.62.152
interface FastEthernet0/0
no ip address
shutdown
duplex half
interface GigabitEthernet0/1
description Univ. of Texas OTS for ISP and Inet2
no ip address
duplex full
speed 100
media-type rj45
negotiation auto
interface GigabitEthernet0/1.7
description Internet2 Access
encapsulation dot1Q 7
ip address 192.88.12.238 255.255.255.252
interface GigabitEthernet0/1.16
description THENet-Access
encapsulation dot1Q 16
ip address 207.80.110.134 255.255.255.252
interface GigabitEthernet0/1.743
description UT OTS TX-BB Peering
encapsulation dot1Q 743
ip address 192.124.228.114 255.255.255.252
interface GigabitEthernet0/2
description Phonoscope ISP Service
ip address 66.60.235.146 255.255.255.248
duplex full
speed 100
media-type rj45
negotiation auto
interface GigabitEthernet0/3
description Lee College Internal LANs
ip address 68.232.208.241 255.255.255.240 secondary
ip address 68.232.208.1 255.255.255.248
duplex full
speed auto
media-type rj45
negotiation auto
interface ATM1/0
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/1
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/2
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/3
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/4
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/5
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/6
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface ATM1/7
no ip address
shutdown
no ima-group
no atm ilmi-keepalive
interface FastEthernet2/0
no ip address
shutdown
duplex half
interface FastEthernet4/0
no ip address
duplex auto
speed auto
interface FastEthernet4/1
no ip address
shutdown
duplex auto
speed auto
router bgp 46094
no synchronization
bgp log-neighbor-changes
network 68.232.208.0 mask 255.255.240.0
network 198.216.112.0 mask 255.255.252.0
network 207.80.120.0 mask 255.255.252.0
neighbor 66.60.235.145 remote-as 22442
neighbor 66.60.235.145 description Phonoscope
neighbor 66.60.235.145 next-hop-self
neighbor 66.60.235.145 send-community
neighbor 66.60.235.145 version 4
neighbor 66.60.235.145 soft-reconfiguration inbound
neighbor 66.60.235.145 route-map Lee-out out
neighbor 192.88.12.237 remote-as 276
neighbor 192.88.12.237 description Internet2 Peering
neighbor 192.88.12.237 send-community
neighbor 192.88.12.237 version 4
neighbor 192.88.12.237 route-map I2-in in
neighbor 192.88.12.237 route-map Lee-I2-out out
neighbor 192.88.12.237 password 7 132C4546070901
neighbor 192.124.228.113 remote-as 6922
neighbor 192.124.228.113 description UT-Commodity
neighbor 192.124.228.113 send-community
neighbor 192.124.228.113 soft-reconfiguration inbound
neighbor 192.124.228.113 route-map OTS-in in
neighbor 192.124.228.113 route-map OTS-out out
no auto-summary
ip default-gateway 192.124.228.113
ip classless
ip route 68.232.208.0 255.255.240.0 Null0 250
ip route 68.232.209.0 255.255.255.0 68.232.208.2
ip route 68.232.211.0 255.255.255.0 68.232.208.2
ip route 68.232.212.0 255.255.252.0 68.232.208.2
ip route 68.232.216.0 255.255.248.0 68.232.208.2
ip route 198.216.112.0 255.255.252.0 Null0 250
ip route 198.216.113.0 255.255.255.0 198.216.115.1
ip route 198.216.114.0 255.255.255.0 198.216.115.1
ip route 207.80.8.0 255.255.255.0 198.216.115.1
ip route 207.80.120.0 255.255.252.0 Null0 250
ip route 207.80.120.0 255.255.255.0 198.216.115.1
ip route 207.80.121.0 255.255.255.0 198.216.115.1
ip route 207.80.122.0 255.255.255.0 198.216.115.1
ip route 207.80.123.0 255.255.255.0 198.216.115.1
no ip http server
access-list 90 permit 68.232.208.0 0.0.15.255
access-list 90 deny any
access-list 91 permit 198.216.112.0 0.0.3.255
access-list 91 permit 207.80.112.0 0.0.15.255
access-list 91 deny any
route-map OTS-out permit 10
match ip address 90
route-map Lee-out permit 10
match ip address 90
route-map I2-in permit 10
set local-preference 200
route-map Lee-I2-out permit 10
match ip address 90
route-map Lee-I2-out permit 20
match ip address 91
route-map OTS-in permit 10
set local-preference 150
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password 7 *****************
login
end
ASA (Primary)
logging permit-hostdown
mtu Outside 1500
mtu inside 1500
mtu LeeDMZ 1500
mtu management 1500
failover
failover lan unit secondary
failover lan interface failover GigabitEthernet0/3
failover link failover GigabitEthernet0/3
failover interface ip failover 172.16.1.1 255.255.255.0 standby 172.16.1.2
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any LeeDMZ
asdm image disk0:/asdm-623.bin
no asdm history enable
arp timeout 14400
global (Outside) 1 68.232.211.1-68.232.223.253
global (Outside) 1 interface
global (Outside) 1 68.232.223.254
global (Outside) 2 68.232.209.25
global (LeeDMZ) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0 tcp 16384 12000
nat (LeeDMZ) 2 access-list NAT_NEW_ISA
nat (LeeDMZ) 1 192.168.10.0 255.255.255.0
static (inside,Outside) 68.232.209.10 10.1.200.253 netmask 255.255.255.255
static (inside,LeeDMZ) 10.1.0.0 10.1.0.0 netmask 255.255.0.0
static (inside,LeeDMZ) 192.168.3.0 192.168.3.0 netmask 255.255.255.0
static (inside,Outside) 68.232.209.53 10.1.254.3 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.5 192.168.10.5 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.6 192.168.10.6 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.51 192.168.10.51 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.37 192.168.10.37 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.75 192.168.10.75 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.101 192.168.10.101 netmask 255.255.255.255
static (inside,LeeDMZ) 192.168.2.0 192.168.2.0 netmask 255.255.255.0
static (LeeDMZ,Outside) 68.232.209.102 192.168.10.102 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.38 192.168.10.38 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.23 192.168.10.23 netmask 255.255.255.255
static (inside,Outside) 68.232.209.136 10.1.7.37 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.111 192.168.10.111 netmask 255.255.255.255
static (inside,Outside) 68.232.209.8 10.1.13.8 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.103 192.168.10.103 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.92 192.168.10.92 netmask 255.255.255.255
static (inside,Outside) 68.232.209.4 10.1.6.2 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.219 192.168.10.219 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.217 192.168.10.217 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.206 192.168.10.206 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.234 192.168.10.234 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.33 192.168.10.33 netmask 255.255.255.255
static (inside,Outside) 68.232.209.246 10.1.1.246 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.11 192.168.10.11 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.100 192.168.10.100 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.120 192.168.10.120 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.70 192.168.10.70 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.36 192.168.10.36 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.50 192.168.10.50 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.22 192.168.10.22 netmask 255.255.255.255
static (inside,Outside) 68.232.209.121 10.1.1.121 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.20 192.168.10.20 netmask 255.255.255.255
static (inside,Outside) 68.232.209.203 10.1.55.203 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.15 192.168.10.15 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.25 192.168.10.25 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.55 192.168.10.55 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.143 192.168.10.143 netmask 255.255.255.255
static (LeeDMZ,Outside) 68.232.209.34 192.168.10.34 netmask 255.255.255.255
access-group out-in in interface Outside
access-group 170 in interface inside
access-group dmz in interface LeeDMZ
route Outside 0.0.0.0 0.0.0.0 68.232.208.1 1
route inside 10.1.0.0 255.255.0.0 10.1.200.1 1
route inside 192.168.2.0 255.255.255.0 10.1.200.254 1
route inside 192.168.3.0 255.255.255.0 10.1.200.254 1
route inside 192.168.5.0 255.255.255.0 10.1.200.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
url-server (inside) vendor websense host 10.1.1.66 timeout 10 protocol TCP version 1 connections 5
aaa authentication ssh console LOCAL
filter url except 10.1.4.4 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.136 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.30 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 0.0.0.0 0.0.0.0 192.168.10.36 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 192.168.10.22 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 192.168.10.100 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.27 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.30 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.89.2 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.11 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.61 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.1.7 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 192.168.10.38 255.255.255.255 allow
filter url except 0.0.0.0 0.0.0.0 10.1.89.10 255.255.255.255 allow
filter url except 10.1.56.189 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.4.15 255.255.255.255 0.0.0.0 0.0.0.0
filter https except 10.1.4.30 255.255.255.255 0.0.0.0 0.0.0.0
filter url except 10.1.1.0 255.255.255.0 0.0.0.0 0.0.0.0
filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
filter ftp 21 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow
http server enable
http 192.168.1.0 255.255.255.0 management
http 10.1.4.29 255.255.255.255 management
http 10.1.4.30 255.255.255.255 management
http 10.1.4.31 255.255.255.255 management
http 10.1.4.4 255.255.255.255 management
snmp-server host inside 10.1.1.215 community *****
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
service resetoutside
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map Outside_map 1 match address Outside_1_cryptomap
crypto map Outside_map 1 set peer 216.168.57.82
crypto map Outside_map 1 set transform-set ESP-3DES-SHA
crypto map Outside_map interface Outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=LEE-ASA
crl configure
crypto ca trustpoint ASDM_Lee
enrollment self
subject-name CN=LEE-ASA
crl configure
crypto isakmp enable Outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 10.1.4.29 255.255.255.255 management
telnet 10.1.4.30 255.255.255.255 management
telnet 10.1.4.31 255.255.255.255 management
telnet 10.1.4.4 255.255.255.255 management
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 LeeDMZ
ssh 0.0.0.0 0.0.0.0 management
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection scanning-threat shun except ip-address 10.1.4.0 255.255.255.0
threat-detection scanning-threat shun duration 3600
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
url-block url-mempool 2500
url-block url-size 4
dynamic-filter updater-client enable
dynamic-filter use-database
dynamic-filter enable interface Outside
dynamic-filter drop blacklist interface Outside
dynamic-filter whitelist
address 192.168.10.0 255.255.255.0
address 10.1.1.6 255.255.255.255
address 10.1.1.2 255.255.255.255
dynamic-filter blacklist
address 46.249.59.47 255.255.255.255
address 95.215.2.8 255.255.255.255
address 94.75.201.36 255.255.255.255
ntp server 64.250.229.100 source Outside
ntp server 24.56.178.140 source Outside prefer
webvpn
username **********************************
username **************************************
username ************************************
tunnel-group 216.168.57.82 type ipsec-l2l
tunnel-group 216.168.57.82 ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect icmp
inspect dns migrated_dns_map_1 dynamic-filter-snoop
inspect rtsp
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http
https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email
[email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:************************************: end -
OSPF with ipsec VTI interface goes down before dead timer.
I have a strange issue that OSPF will initially start working, hellos are exchanged both ways but then after about 3 – 6 hellos one of the sides stops getting them and the ipsec VTI tunnel drops on router A even before the dead timer reaches 0. Is this default behavior, when OSPF is over a VTI interface if it doesn’t receive hellos is drops the tunnel?
I’m at a loss as to what is going on since it looks like only one neighbor stops receiving hellos, router A, for a brief period of time. This VTI tunnel is going over another provider’s FW and they have assured me the tunnel destination/source ips are wide open they also sent me the ACL and I can verify this. The weird thing is if I enable EIGRP it works great with no issues. On router B I am using the same source/ip unnumbered interface on multiple VTI tunnels to to other destinations but this shouldn’t cause any issues I don’t think. I have never had an issue like this and from what I can tell the router A just stops briefly getting hellos after 3 – 6 initial hellos and drops the protocol on the VTI interface. If I set the dead timer on router A long enough it will stop receiving hellos but stay up and then after a while you get “LOADING to FULL” as the hellos start coming in again. Again the tunnel goes over a cisco 800 which I have no control over it and a potential FW before that but I saw the ACL and ip is being allowed. I was thinking this could be a trolling issue on the FW but it doesn’t explain why EIGRP works. FYI I was having a recursive routing issue before but I have since fixed that and the issue still continues.
******** it turns out that i was using the same source ip on multiple tunnels. IPsec would get confused with packets coming in and would deliver packets to the wrong tunnel interface. This was solved but using the key command with a different key number on each set of tunnels with the shared profile command
"If more than one mGRE tunnel is configured on a router that use the same tunnel source address, the shared keyword must be added to the tunnel protection command on all such tunnel interfaces. Each mGRE tunnel interface still requires a unique tunnel key, NHRP network-ID, and IP subnet address. This is common on a branch router when a dual DMVPN cloud topology is deployed. "
Router A:
router ospf 1
router-id 10.213.22.2
passive-interface default
network x.x.97.26 0.0.0.0 area 0
interface Tunnel1
ip unnumbered GigabitEthernet0/1
ip virtual-reassembly in
ip tcp adjust-mss 1398
ip ospf network point-to-point
load-interval 30
tunnel source GigabitEthernet0/1
tunnel mode ipsec ipv4
tunnel destination x.x.173.109
tunnel path-mtu-discovery
tunnel protection ipsec profile VTI-to-NB
router B:
router ospf 1
router-id 172.17.2.6
priority 1
redistribute static subnets route-map Lan-static-RM
passive-interface default
no passive-interface Tunnel1
no passive-interface Tunnel4
no passive-interface Tunnel5
network x.x.173.109 0.0.0.0 area 0
network 172.17.2.6 0.0.0.0 area 0
network 192.168.1.47 0.0.0.0 area 0
interface Tunnel4
ip unnumbered GigabitEthernet0/2
ip virtual-reassembly in
ip tcp adjust-mss 1398
ip ospf network point-to-point
load-interval 30
tunnel source GigabitEthernet0/2
tunnel mode ipsec ipv4
tunnel destination x.x.97.26
tunnel path-mtu-discovery
tunnel protection ipsec profile VTI_NB_to_dorrance_prv
end
thanks PDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
I haven't studied your config, but I can tell you I have production environment using OSPF across VTI (and GRE, and GRE/IPSec and DMVPN) tunnels without issue. I.e. so OSPF can be okay with VTI tunnels. -
Call drop when VXML server goes down
Can somebody tell me what should ideally happen in the below given scenario?
We have two media/vxml servers. We have a ACE load balancer which sends calls to these two servers. When the customer call is sent to CVP for self service (VXML application) , if the VXML server is shut down (via the CVP OAMP) , should the call drop ? or survivability kicks in the gateway ?
What we saw is the call is dropped after 2-3 seconds of silence.
We see in the CVP PIM logs that " called party disconnect" event and ends the call. Similarly in the gateway we see the transport down message and discnnects the call. is this correct?
Is there any way to preserve this call and treat it?Hi Shravan,
If you had configured survivability then ideally that call should hit the survivabilty. Normally on the VXML Gateways survivability is not auto configured, we would need to configure accordingly depending on the requirement. If survivability is not configured then the call would disconnect
Additionally, could you please let us know the call flow for the self service in your setup
Thanks,
Dass
Please rate useful posts -
Some kind of alarm when the internet goes down
Good day. I am using WiFi to connect to the internet. Someone else owns the modem and
gave me permission to use it. Sometimes, the modem is working, but looses the internet connection.
I want to know, does anyone know of an add-on or windows gadget or program that would let me
know when the net is out.on windows 7 you could try the following (please note that my OS is not in english, so i may not get the exact right labels in my description): go to the windows task planner & create a new task. give it a name of your choosing and switch to the trigger tab where you create a new trigger (''launch task at an event''; protocol: ''system'', source: ''dns client events'', event-id: ''1014''). <br>then go to the actions tab, where you can set-up a custom message, which will pop up in a dialog once the trigger is called (or set any other action; for example you could make firefox open another custom tab through [https://developer.mozilla.org/en-US/docs/Mozilla/Command_Line_Options command line arguments], etc.)...
-
ACE slowness issue when one server goes down
Hi,
We are having two application servers.Both are load balanced using ACE.
When we bring down one server, we find that when we upload some files into the second application server, its too slow.
But when primary server comes up again the performance increases.This issue happens only when we bring the primary server down.
We are using cookie based stickiness.Any ideas where we can look into.
Rgds.,
SachinDepending on the load-balancing algorithm or predictor that you configure, the ACE performs a series of checks and calculations to determine which server can best service each client request. The ACE bases server selection on several factors including the source or destination address, cookies, URLs, HTTP headers, or the server with the fewest connections with respect to load.
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA1_7_/configuration/slb/guide/classlb.html -
Can you still work when the internet goes down?
Since internet service in this country is pretty unreliable, will that make it difficult to get work done when internet is down? Where I live, high speed internet isn't even available, so will I even be able to use Photoshop at all? Should I just find an alternative app?
Your Creative Cloud desktop applications (such as Photoshop and Illustrator) are installed directly on your computer, so you won't need an ongoing Internet connection to use them on a daily basis.
You will need to be online when you install and license your software. If you have an annual membership, you'll be asked to connect to the web to validate your software licenses every 30 days.
Please refer the below FAQ link for more details:
http://www.adobe.com/in/products/creativecloud/faq.html
-Harshit yadav -
JMS Uniform Distribute Queue Unit Of Order, problem when one node goes down
Hi ,
I have the following code which post a message (with Unit of Order set ) to a Uniform Distribute Queue in a cluster with two member servers (server1 and server2).
--UDQ is targeted to a subdeployment that is mapped to two JMS servers pointing to each member servers
--Connection Factory is using default targeting ( i tried mapping to Sub deployment also)
javax.naming.InitialContext serverContext = new javax.naming.InitialContext();
javax.jms.QueueConnectionFactory qConnFactory = (javax.jms.QueueConnectionFactory)serverContext.lookup(jmsQConnFactoryName);
javax.jms.QueueConnection qConn = (javax.jms.QueueConnection)qConnFactory.createConnection();
javax.jms.QueueSession qSession = qConn.createQueueSession(false, Session.AUTO_ACKNOWLEDGE);
javax.jms.Queue q = ( javax.jms.Queue)serverContext.lookup(jmsQName);
weblogic.jms.extensions.WLMessageProducer qSender = (weblogic.jms.extensions.WLMessageProducer) qSession.createProducer(q);
qSender.setUnitOfOrder("MyUnitOfOrder");
javax.jms.ObjectMessage message = qSession.createObjectMessage();
HashMap<String, Object> map = new HashMap<String, Object>();
map.put("something", "SomeObject");
message.setObject(map);
qSender.send(message);
} catch (Exception e) {
Steps followed:
1. Post a message from "server1"
2. Message picked up by "server2"
3. Everything fine
4. Shutdown "server2"
5. Post a message from "server1"
6. ERROR: "hashed member of MyAppJMSModule!MyDistributedQ is MyAppJMSModule!MyJMSServer-2@MyDistributedQ which is not available"
WebLogic version : 10.3.5
Is there a way (other than configuring Path Service ) to make this code work "with unit of order" for a UDQ even if some member servers go down ?
Thanks very much for your time.If you want to avoid use of the Path Service, then the alternative is to make the destination members highly available. This will help ensure that the host member for a particular UOO is up.
One approach to HA is to configure "service migration". For more information see the Automatic Service Migration white-paper at
http://www.oracle.com/technology/products/weblogic/pdf/weblogic-automatic-service-migration-whitepaper.pdf
In addition, I recommend referencing Best Practices for JMS Beginners and Advanced Users
http://docs.oracle.com/cd/E17904_01/web.1111/e13738/best_practice.htm#JMSAD455 to help with WL configuration in general.
Hope this helps,
Tom -
Alert Mail when Notification Mailer goes down
Hi all,
Is it possible to fire an alert whenever the Workflow Notification Mailer goes down ?
Regards,
Mashhi Mash,
Is it possible to fire an alert whenever the Workflow Notification Mailer goes down ?EBs release version and platform
please see this
Alert to monitor Workflow notification mailer services
;) AppsmAsti ;)
Sharing is Caring
Maybe you are looking for
-
Using Excel Functions, such as VLOOKUP to compare two columns of text for similarities
My problem seems simple but I am struggling to figure it out. I have two columns of text. I am trying to see if the text in column B appears in column A. However, it is not always an exact match, and I basically want to check if column A contains the
-
Is it possible to use Acrobat 9 sdk to check accessibility?
Is it possible to use Acrobat 9 sdk to check accessibility of a pdf and get whether the pdf is accessible or not? I've found InvokeAccessibilityCheckerCmdSnip.cpp that seems to call accessibility validator, but I don't know if that will make what I n
-
In Garageband, there is a little triangle in the timeline that represents the end of the song. When you render (mix) the song out to a file, it will do it till it gets to that triangle. Am I correct in saying that I need to add a gap at the end of ev
-
step i have performed. 1. created STO with document type UB and then marked the return PO check box at item overview level 2. went to Vl10d created a delivery with it 3. now trying to do PGI but getting the below error. Update control of movement typ
-
Can audiobook chapters be added to on-the-go?
Can I add chapters from an audiobook to on-the-go? I have audiobooks in my Nano 5G. Pressing and holding the highlight would work for music, but apparently not for a book chapter. Thanks. Don