Routing FAIL
i have a problem accessing "certain" websites.
and it seems like its either blocked by verizon(highly doubt) or theres problem with routing.
the website address is dreamdota.com which has ip address of 106.187.37.80
first i did some traceroute
as you can see, routing times out after 14th.
i tried all other solutions such as using open dns, changing the ip address and stuffs but no luck.
also tried to call/chat with verizon agents but they have no idea about routings.
keep asking me to reset the router/asking for remote control of my computer/firewall blah blah blah im done with these non-sense.
i thought it would be better to post it on the forum see if theres any actual expert knows the solution or maybe tech engineerer might see this and fix the routing issue.
thanks
EDIT: i did some of research and found out that this was not the first time they have problems like this.
they said i have to report the problem but i dont konw where to report them since call/chat agents dont even know what routing is.
this is a trace from network-tools.com
that entire trace is not in verizons network, so the routing issues are not related to verizon.
TraceRoute to 106.187.37.80 [li380-80.members.linode.com]
Hop
(ms)
(ms)
(ms)
IP Address Host name
1
0
0
0
206.123.64.46
2
0
0
37
8.9.232.73
xe-5-3-0.edge3.dallas1.level3.net
3
0
0
0
4.69.145.126
vlan70.csw2.dallas1.level3.net
4
0
2
0
4.69.151.146
ae-73-73.ebr3.dallas1.level3.net
5
32
32
32
4.69.132.77
ae-3-3.ebr2.losangeles1.level3.net
6
32
32
40
4.69.137.22
ae-72-72.csw2.losangeles1.level3.net
7
32
67
32
4.69.144.79
ae-2-70.edge2.losangeles9.level3.net
8
34
34
34
4.53.228.14
kddi-americ.edge2.losangeles9.level3.net
9
34
34
34
59.128.2.105
lajbb002.kddnet.ad.jp
10
147
147
147
203.181.100.45
otejbb204.kddnet.ad.jp
11
160
160
161
124.215.194.180
cm-fcu203.kddnet.ad.jp
12
148
148
148
124.215.199.122
13
Destination host unreachable
Destination host unreachable
Destination host unreachable
14
Destination host unreachable
Destination host unreachable
Destination host unreachable
15
Timed out
Destination host unreachable
Timed out
16
Destination host unreachable
Timed out
Destination host unreachable
Trace aborted.
Similar Messages
-
WRT320N Router fails to assign an IP in either wired or wireless configuration
Hi
I bought a Links WRT320N router less the 6 months ago. I have been using it as a wireless router since without any problems.
A week ago one of the PC's in the networks did not receive a valid IP, although it was able to connect to the router
it happened to one PC only out of 4 we a using on the net. The machine got a default windows ip in the 169. Domain.
Strangely enough the problem went away after a day and then re-asserted itself two days later.
Today all of the PC connected to the router failed to get a valid IPs, I connected one of the PC's with an Ethernet cable but still was not able to get a valid IP.
Replacing the router with an older wireless router I had laying around enabled all the machines to connect
what could be the problem with the WRT320N?Connect one computer to the router with the Ethernet cable. Press and hold the reset button on the router for 30 seconds. Release the reset button and wait for 10 seconds. Power cycle the router and restart the computer.
Now check the IP address on the computer. If you have the valid IP address of 192.168.1.xxx and default gateway 192.168.1.1 then try to open the setup page of the router. If you are able to open the setup of the router then try to reconfigure the router.
If you are not getting the valid IP address on the computer then assign a static IP address on the computer. Go to Local area connection properties. Click on internet protocol TCP/IP properties and select ' use the following IP address'. Change the IP address to 192.168.1.10, subnet mask to 255.255.255.0 and default gateway to 192.168.1.1. Try to ping the router IP address.
If you get replies from the router IP address then open the setup page of the router and reconfigure the router. -
Routing failed to locate next hop for ICMP from outside:10.60.30.111/1 to inside:10.89.30.41/0
ASA 5505 Split tunneling stopped working when upgraded from 8.3(1) to 8.4(3).
When a user was connecting to the old 8.3(1) appliance they could access all of our subnets: 10.60.0.0/16, 10.89.0.0/16, 10.33.0.0/16, 10.1.0.0/16
but now they cannot and in the logs I can just see
6 Oct 31 2012 08:17:59 110003 10.60.30.111 1 10.89.30.41 0 Routing failed to locate next hop for ICMP from outside:10.60.30.111/1 to inside:10.89.30.41/0
any hints? i have tried almost everything. the running configuration is:
: Saved
ASA Version 8.4(3)
hostname asa
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.60.70.1 255.255.0.0
interface Vlan2
nameif outside
security-level 0
ip address 80.90.98.217 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns domain-lookup inside
dns domain-lookup outside
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_10.33.0.0_16
subnet 10.33.0.0 255.255.0.0
object network NETWORK_OBJ_10.60.0.0_16
subnet 10.60.0.0 255.255.0.0
object network NETWORK_OBJ_10.89.0.0_16
subnet 10.89.0.0 255.255.0.0
object network NETWORK_OBJ_10.1.0.0_16
subnet 10.1.0.0 255.255.0.0
object network tetPC
host 10.60.10.1
description test
object network NETWORK_OBJ_10.60.30.0_24
subnet 10.60.30.0 255.255.255.0
object network NETWORK_OBJ_10.60.30.64_26
subnet 10.60.30.64 255.255.255.192
object network SSH-server
host 10.60.20.6
object network SSH_public
object network ftp_public
host 80.90.98.218
object network rdp
host 10.60.10.4
object network ftp_server
host 10.60.20.2
object network ssh_public
host 80.90.98.218
object service FTP
service tcp destination eq 12
object network NETWORK_OBJ_10.60.20.3
host 10.60.20.3
object network NETWORK_OBJ_10.60.40.192_26
subnet 10.60.40.192 255.255.255.192
object network NETWORK_OBJ_10.60.10.10
host 10.60.10.10
object network NETWORK_OBJ_10.60.20.2
host 10.60.20.2
object network NETWORK_OBJ_10.60.20.21
host 10.60.20.21
object network NETWORK_OBJ_10.60.20.4
host 10.60.20.4
object network NETWORK_OBJ_10.60.20.5
host 10.60.20.5
object network NETWORK_OBJ_10.60.20.6
host 10.60.20.6
object network NETWORK_OBJ_10.60.20.7
host 10.60.20.7
object network NETWORK_OBJ_10.60.20.29
host 10.60.20.29
object service port_tomcat
service tcp source range 8080 8082
object network TBSF
subnet 172.16.252.0 255.255.255.0
object network MailServer
host 10.33.10.2
description Mail Server
object service HTTPS
service tcp source eq https
object network test
object network access_web_mail
host 10.60.50.251
object network downtown_Interface_host
host 10.60.50.1
description downtown Interface Host
object service Oracle_port
service tcp source eq sqlnet
object network NETWORK_OBJ_10.60.50.248_29
subnet 10.60.50.248 255.255.255.248
object network NETWORK_OBJ_10.60.50.1
host 10.60.50.1
object network NETWORK_OBJ_10.60.50.0_28
subnet 10.60.50.0 255.255.255.240
object network brisel
subnet 10.191.191.0 255.255.255.0
object network NETWORK_OBJ_10.191.191.0_24
subnet 10.191.191.0 255.255.255.0
object network NETWORK_OBJ_10.60.60.0_24
subnet 10.60.60.0 255.255.255.0
object-group service TCS_Service_Group
description This Group of available Services is for TCS Clients
service-object object port_tomcat
object-group service HTTPS_ACCESS tcp
port-object eq https
object-group network DM_INLINE_NETWORK_1
network-object 10.1.0.0 255.255.0.0
network-object 10.33.0.0 255.255.0.0
network-object 10.60.0.0 255.255.0.0
network-object 10.89.0.0 255.255.0.0
access-list outside_1_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.33.0.0 255.255.0.0
access-list outside_2_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.89.0.0 255.255.0.0
access-list outside_3_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.1.0.0 255.255.0.0
access-list OUTSIDE_IN extended permit icmp any any time-exceeded
access-list OUTSIDE_IN extended permit icmp any any unreachable
access-list OUTSIDE_IN extended permit icmp any any echo-reply
access-list OUTSIDE_IN extended permit icmp any any source-quench
access-list OUTSIDE_IN extended permit tcp 194.2.20.0 255.255.255.0 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit tcp host 194.25.12.0 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit icmp host 80.90.98.222 host 80.90.98.217
access-list OUTSIDE_IN extended permit tcp host 162.162.4.1 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit tcp host 98.85.125.2 host 80.90.98.221 eq ssh
access-list OAKDCAcl standard permit 10.60.0.0 255.255.0.0
access-list OAKDCAcl standard permit 10.33.0.0 255.255.0.0
access-list OAKDCAcl remark backoffice
access-list OAKDCAcl standard permit 10.89.0.0 255.255.0.0
access-list OAKDCAcl remark maint
access-list OAKDCAcl standard permit 10.1.0.0 255.255.0.0
access-list osgd standard permit host 10.60.20.4
access-list osgd standard permit host 10.60.20.5
access-list osgd standard permit host 10.60.20.7
access-list testOAK_splitTunnelAcl standard permit 10.60.0.0 255.255.0.0
access-list snmp extended permit udp any eq snmptrap any
access-list snmp extended permit udp any any eq snmp
access-list downtown_splitTunnelAcl standard permit host 10.60.20.29
access-list webMailACL standard permit host 10.33.10.2
access-list HBSC standard permit host 10.60.30.107
access-list HBSC standard deny 10.33.0.0 255.255.0.0
access-list HBSC standard deny 10.89.0.0 255.255.0.0
access-list outside_4_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.191.191.0 255.255.255.0
access-list OAK-remote_splitTunnelAcl standard permit 10.1.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.33.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.60.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.89.0.0 255.255.0.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool OAKPRD_pool 10.60.30.110-10.60.30.150 mask 255.255.0.0
ip local pool mail_sddress_pool 10.60.50.251-10.60.50.255 mask 255.255.0.0
ip local pool test 10.60.50.1 mask 255.255.255.255
ip local pool ipad 10.60.30.90-10.60.30.99 mask 255.255.0.0
ip local pool TCS_pool 10.60.40.200-10.60.40.250 mask 255.255.255.0
ip local pool OSGD_POOL 10.60.50.2-10.60.50.10 mask 255.255.0.0
ip local pool OAK_pool 10.60.60.0-10.60.60.255 mask 255.255.0.0
ip verify reverse-path interface inside
ip verify reverse-path interface outside
ip audit name ThreatDetection attack action alarm
ip audit interface inside ThreatDetection
ip audit interface outside ThreatDetection
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo inside
icmp permit any echo outside
asdm history enable
arp timeout 14400
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.33.0.0_16 NETWORK_OBJ_10.33.0.0_16
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.89.0.0_16 NETWORK_OBJ_10.89.0.0_16
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.1.0.0_16 NETWORK_OBJ_10.1.0.0_16
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.30.0_24 NETWORK_OBJ_10.60.30.0_24
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.30.64_26 NETWORK_OBJ_10.60.30.64_26
nat (inside,outside) source static NETWORK_OBJ_10.60.20.29 NETWORK_OBJ_10.60.20.29 destination static NETWORK_OBJ_10.60.40.192_26 NETWORK_OBJ_10.60.40.192_26 service any port_tomcat
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.50.1 NETWORK_OBJ_10.60.50.1
nat (inside,outside) source static MailServer MailServer destination static NETWORK_OBJ_10.60.50.248_29 NETWORK_OBJ_10.60.50.248_29
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.50.0_28 NETWORK_OBJ_10.60.50.0_28
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.191.191.0_24 NETWORK_OBJ_10.191.191.0_24
nat (inside,outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_10.60.60.0_24 NETWORK_OBJ_10.60.60.0_24 no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 80.90.98.222 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.60.10.10 255.255.255.255 inside
http 10.33.30.33 255.255.255.255 inside
http 10.60.30.33 255.255.255.255 inside
snmp-server host inside 10.33.30.108 community ***** version 2c
snmp-server host inside 10.89.70.30 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set lux_trans_set esp-aes esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 84.51.31.173
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set peer 98.85.125.2
crypto map outside_map 2 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set peer 220.79.236.146
crypto map outside_map 3 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 4 match address outside_4_cryptomap
crypto map outside_map 4 set pfs
crypto map outside_map 4 set peer 159.146.232.122
crypto map outside_map 4 set ikev1 transform-set lux_trans_set
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto ikev1 policy 50
authentication pre-share
encryption aes
hash sha
group 1
lifetime 86400
crypto ikev1 policy 70
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
telnet 10.60.10.10 255.255.255.255 inside
telnet 10.60.10.1 255.255.255.255 inside
telnet 10.60.10.5 255.255.255.255 inside
telnet 10.60.30.33 255.255.255.255 inside
telnet 10.33.30.33 255.255.255.255 inside
telnet timeout 30
ssh 10.60.10.5 255.255.255.255 inside
ssh 10.60.10.10 255.255.255.255 inside
ssh 10.60.10.3 255.255.255.255 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd dns 155.2.10.20 155.2.10.50 interface inside
dhcpd auto_config outside interface inside
threat-detection basic-threat
threat-detection scanning-threat shun duration 3600
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
tftp-server inside 10.60.10.10 configs/config1
webvpn
group-policy testTG internal
group-policy testTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol l2tp-ipsec
group-policy TcsTG internal
group-policy TcsTG attributes
vpn-idle-timeout 20
vpn-session-timeout 120
vpn-tunnel-protocol ikev1
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value testOAK_splitTunnelAcl
address-pools value TCS_pool
group-policy downtown_interfaceTG internal
group-policy downtown_interfaceTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value downtown_splitTunnelAcl
group-policy HBSCTG internal
group-policy HBSCTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value HBSC
group-policy OSGD internal
group-policy OSGD attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-session-timeout none
vpn-tunnel-protocol ikev1
group-lock value OSGD
split-tunnel-policy tunnelspecified
split-tunnel-network-list value testOAK_splitTunnelAcl
group-policy OAKDC internal
group-policy OAKDC attributes
vpn-tunnel-protocol ikev1
group-lock value OAKDC
split-tunnel-policy tunnelspecified
split-tunnel-network-list value OAKDCAcl
intercept-dhcp 255.255.0.0 disable
address-pools value OAKPRD_pool
group-policy mailTG internal
group-policy mailTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value webMailACL
group-policy OAK-remote internal
group-policy OAK-remote attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value OAK-remote_splitTunnelAcl
vpn-group-policy OAKDC
service-type nas-prompt
tunnel-group DefaultRAGroup general-attributes
address-pool OAKPRD_pool
address-pool ipad
default-group-policy DefaultRAGroup_1
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 84.51.31.173 type ipsec-l2l
tunnel-group 84.51.31.173 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 98.85.125.2 type ipsec-l2l
tunnel-group 98.85.125.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 220.79.236.146 type ipsec-l2l
tunnel-group 220.79.236.146 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OAKDC type remote-access
tunnel-group OAKDC general-attributes
address-pool OAKPRD_pool
default-group-policy OAKDC
tunnel-group OAKDC ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TcsTG type remote-access
tunnel-group TcsTG general-attributes
address-pool TCS_pool
default-group-policy TcsTG
tunnel-group TcsTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group downtown_interfaceTG type remote-access
tunnel-group downtown_interfaceTG general-attributes
address-pool test
default-group-policy downtown_interfaceTG
tunnel-group downtown_interfaceTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TunnelGroup1 type remote-access
tunnel-group mailTG type remote-access
tunnel-group mailTG general-attributes
address-pool mail_sddress_pool
default-group-policy mailTG
tunnel-group mailTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group testTG type remote-access
tunnel-group testTG general-attributes
address-pool mail_sddress_pool
default-group-policy testTG
tunnel-group testTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OSGD type remote-access
tunnel-group OSGD general-attributes
address-pool OSGD_POOL
default-group-policy OSGD
tunnel-group OSGD ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group HBSCTG type remote-access
tunnel-group HBSCTG general-attributes
address-pool OSGD_POOL
default-group-policy HBSCTG
tunnel-group HBSCTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 159.146.232.122 type ipsec-l2l
tunnel-group 159.146.232.122 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OAK-remote type remote-access
tunnel-group OAK-remote general-attributes
address-pool OAK_pool
default-group-policy OAK-remote
tunnel-group OAK-remote ipsec-attributes
ikev1 pre-shared-key *****
policy-map global_policy
prompt hostname context
no call-home reporting anonymous
hpm topN enable
: end
asdm history enableDear Darko,
The problem here is the overlapp issue with the Internal network.
Since the VPN pool is:
ip local pool OAKPRD_pool 10.60.30.110-10.60.30.150 mask 255.255.0.0
And the local network is:
interface Vlan1
nameif inside
security-level 100
ip address 10.60.70.1 255.255.0.0
So since you have some NAT rules telling the FW that 10.60.0.0/16 is connected to the inside, we need to change that and force it to know that 10.60.30.0/24 is actually reachable to the outside.
On the other hand, yes you could point to outside interface, but is not a good practice.
Thanks.
Portu.
In case you do not have any further questions, please mark this post as answered. -
My wireless router in my home has failed. I purchased a new router, but it will not allow some of the characters which I used for my old password. Therefore I cannot access the internet with my ipad mini or my ipod touch. I am unable to change the password on either device. How do I go about changing the password on these units so that I can access the internet? Thanks
Terry Beckinghamhttp://www.apple.com/support/appleid/contact/
-
Suggestions for Routing Failed IDOCS
We are developing an order processing system that receives an order message from a trading partner and creates and ORDERS05 IDOC. When we hand the IDOC to the SAP business system it might go right into the system as a valid order or might fail for any number of business reasons. (out of stock, contract expired, etc)
In the case that an order can not be processed, we will need to send a negative acknowledgment to the trading partner.
What's the best way to generate that negative acknowledgment?
Two ideas have been floated in our team:
(1) Write a program to poll for failed IDOC's and send a message.
(2) Can we find a way to use ALE to reroute an in failed state (say status 51) to XI where I can generate a negative acknowledgment?
Your suggestions and experiences are welcome!That's a very good document - I've used it before.
I imported the schema for the ALEAUD message into our scenario to see if it might fit our needs. However, ALEAUD is only a "technical acknowledgment" and won't be able to tell WHY a message failed.
I need to get a copy of the bad IDOC. It has the fields that I need to construct an intelligent application-acknowledgment. (Buyer, seller, line item, product description, error message, etc)
It feels like we need some kind of workflow to route a bad idoc to another system for additional processing. -
3845 router failing to look up routes from routing table correctly!
Hi all,
Got a really strange issue which I am wondering if someone can point me in the right direction for. Facts of the issue:
- Some customers, all with a specific ISP, cannot access a hosted service we host internally
- External user can reach service but never gets a response - hence focussing on reachability of their public IP
- Cisco 3845 router used, peers with service provider over BGP - receives full internet routing tables
- All affected customers receive dynamic IP addresses within the same /10 public IP range
I received an example IP address and when doing "show ip route x.x.x.x" for this IP, the router responds "Subnet not in table". When trying to traceroute to the IP, the router doesnt even go to the next hop. However, the subnet is definitely in the routing table with the correct next hop (and, for complete information, is also within the BGP updates). Before anyone asks the question :) - yes I have definitely verified that the hosts are within this subnet.
If I put a static /32 route in for this specific IP address, everything works fine - then fails again once its taken out.
I literally cannot understand why the router is not correctly performing the lookup for the hosts within this subnet. I can understand a lot of potential reasons why the BGP received route wouldnt be placed in the routing table, but that is not the case here.
Some other factors (if applicable):
- Nothing showing in the logs
- Plenty memory available (despite the high number of routes)
- Plenty CPU resource available
- No default route is ran
I am going to restart the router and really expect this to resolve the issue (would log a TAC but this one is a bit time precious) - but it is frankly doing my head in and I assume I am missing something!
Any help or guidance would be appreciated!Hi all,
Got a really strange issue which I am wondering if someone can point me in the right direction for. Facts of the issue:
- Some customers, all with a specific ISP, cannot access a hosted service we host internally
- External user can reach service but never gets a response - hence focussing on reachability of their public IP
- Cisco 3845 router used, peers with service provider over BGP - receives full internet routing tables
- All affected customers receive dynamic IP addresses within the same /10 public IP range
I received an example IP address and when doing "show ip route x.x.x.x" for this IP, the router responds "Subnet not in table". When trying to traceroute to the IP, the router doesnt even go to the next hop. However, the subnet is definitely in the routing table with the correct next hop (and, for complete information, is also within the BGP updates). Before anyone asks the question :) - yes I have definitely verified that the hosts are within this subnet.
If I put a static /32 route in for this specific IP address, everything works fine - then fails again once its taken out.
I literally cannot understand why the router is not correctly performing the lookup for the hosts within this subnet. I can understand a lot of potential reasons why the BGP received route wouldnt be placed in the routing table, but that is not the case here.
Some other factors (if applicable):
- Nothing showing in the logs
- Plenty memory available (despite the high number of routes)
- Plenty CPU resource available
- No default route is ran
I am going to restart the router and really expect this to resolve the issue (would log a TAC but this one is a bit time precious) - but it is frankly doing my head in and I assume I am missing something!
Any help or guidance would be appreciated! -
Start ALert Router failed with Database Error -444 SQLstate 42724
HI,
When I create a stored procedure SAPCL and follow the subsequents steps & Verify SAPCL is running, I get the message SAPCL stored procedure has been successfully installed.
Then when I Load the ALert Router(SUccessful) and start the ALert Router, I get the following message.
Database error -444 at EXE
> [IBM][CLI Driver][DB2] DSNT408I SQLCODE = -444, ERROR: USER
> PROGRAM SAPCL COULD NOT BE FOUND
> DSNT418I SQLSTATE = 42724 SQLSTATE
> RETURN CODE
> DSNT415I SQLERRP = DSNX9CAC SQL
> PROCEDURE DETECTING ERROR
> DSNT416I SQLERRD = 0 0 0 -1 0
> 0 SQL DIAGNOSTIC INFORMATION
> DSNT416I SQLERRD = X'00000000'
> X'00000000' X'00000000' X'FFFFFFFF' X'00000000'
> X'00000000' SQL DIAGNOSTIC INFORMATION
Can you please let me know a few pointers in this regard.Hi,
ERROR => CONNECT failed with sql error '12154'
[dbsloci.c 10704] B ***LOG BV3=> severe db error 12154 ; work process is stopped
[dbsh#2 @ 1199] [dbsh 1199 ] B ***LOG BY2=> sql error 12154 performing CON [dblink#3 @ 431] [dblink 0431 ] B ***LOG BY0=> ORA-12154: TNS:could not resolve the connect identifier specified
Make a connectivity test with: "R3trans -d" and supply trans.log along with dev_w0 and dev_w1 traces.
Please refer Note 443867 - ORA-12154 Collective SAP note and correct your TNSNAME.ora and LISTENER.ORA entries.
Also see Note 34479 - Collective note for problems with SQL-Net V2 ORACLE.
Regards,
Bhavik g. Shroff -
Retrieve mails lost for routing fail in distribution list
hi
I read mails from external provider with a pop connector and write them in exchange 2010.
(message tracking: EventID : RECEIVE Source: SMTP)
I wrote a wrong internal distribution list, so I got no mail delivered to the list
(message tracking: EventID : FAIL Source: ROUTING)
anyway, exchange gave me a MessageID for every lost mail.
tracking goes back 30 days ('cause or retention period?)
question is (you can imagine):
- are the mails somewhere in server ?
- as and administrator, can I retrieve them (by EMC, powershell, etc...)
Thanks
RobertoHi Ed
it's not in this way.
As i said in fist post, mails was "received" by exchange
in tracking tool i can see them as
EventID : RECEIVE Source: SMTP , with the WRONG address, that caused the routing to fail.
on the SAME line in tracking tool, i anyway got a MessageID, so i imagine they are "somewhere" IN exchange...
Roberto -
When I call a service using domain routing I get an error message:
LIBGW_CAT:5025
I have no idea what that means.
My configuration is as follows:
*DM_IMPORT
SO_IMPORT ROUTING=deptid
SO_EXPORT ROUTING=deptid
*DM_ROUTING
deptid FIELD=DEPTID BUFTYPE="FML32:long"
RANGES="10101010:SO10101010,20202020:SO20202020"
I have FLDTBLDIR32 and FLDTBLS32 set.
Tuxedo ver. 7.1
Platform: Windows 2000
RMI have found an answer to my question.
There is an error in domain routing (Tuxedo version 7.1).
Have a look at:
http://www.bea.com/support/askbea/tux/S-06595.shtml
RM
U¿ytkownik "Joe Gavan" <[email protected]> napisa³ w wiadomo¶ci
news:3b1586a6$[email protected]..
>
Rafal,
You can check the meaning of failure messages in the Tuxedo documentationunder
messages.
The online versions can be found at
http://edocs.bea.com/tuxedo/tux71/messages/index.htm
and your particular one at
http://edocs.bea.com/tuxedo/tux71/messages/libgw/libgw050.htm
5025
ERROR: dmroute failed, could not find routing criteria of routing_name forbuffer
type FML32
Description
A routing_name was specified for a DM_REMOTE_SERVICES entry in theDMCONFIG file
that does not appear in the DM_ROUTING section, and the standard FML32routing
function is used (which requires a matching DM_ROUTING entry).
Action
Correct and re-load the DMCONFIG file, or provide an application-specificrouting
function for FML32 typed buffers.
I am confused as your example seems to suggest that you have the configset right,
try doing a dmunloadcf > temp to see what the running config looks like.
Joe -
Netgear CG3000dv2 N450 Router failing activation
I am trying to get my new Netgear CG3000dv2 N450 modem to activate on the Comcast network. Comcast activation team worked to activate it during 2 lengthy sessions this week while talking to me over the phone. An onsite visit by a Comcast technician was not successful either. The technician found that our cable connectivity is well within normal parameters. Our old Motorola Surfboard SB5101 is currently functional on the starter performance package (6 down/1up). Numerous attempts have been made including resetting the Netgear to factory defaults and re-adding the device to our account. The Netgear locks fine on the upstream & downstream channels and the power levels and SNR are nearly perfect as viewed on the Netgear admin interface's Connection status. The cabling is a home run all the way from the router to where the Comcast cable enters our cabin. I have attempted adding a splitter to see if the signal was too good but this made no difference. I could see difference in the power level and SNR though as viewed on the Netgear admin interface. The Internet light does not go solid and activation is unsuccessful. The Comcast activation page was seen on our PC during one of the early troubleshooting sessions. The CG3000dv2 N450 was recently purchased in March and was working perfectly for 2 months on the Cox network at our winter home in Arizona. I believe the device is functioning properly. The CG3000dv2 N450 is on the "approved" list of Comcast (and Cox) devices but is fairly new with the retail version release this year. Troubleshooting with Netgear is underway. The Netgear is currently running firmware version 1.03.03. This may have been an update provided by Cox as the initial release is 1.02.10. I'm attempting to roll back the firmware (tftp client procedure using a PC) but would like to confirm the supported firmware on the Comcast network for this device. The Comcast activation team stated that they don't have access to this information but escalated the question to 2nd level support as of last evening. I'm waiting to hear back. Netgear claims the CG3000dv2 works just fine on the Comcast network. The device log indicates IPv6 connectivity on the Comcast network but a critical error SYNC Timing Synchronization failure - Failed to acquire QAM/QPSK symbol timing is reported. Their only reasonable suggestion so far is that there might be an incompatibility in this version of firmware on the Comcast network. Does anyone have the CG3000dv2 N450 running on the Comcast network? What version of the firmware is it running? Does Comcast push down new firmware versions and what is the current version for this model? The Comcast tech stated the Internet light should go solid even if the Netgear isn't the primary on our account and is just plugged into the cable (our Motorola is primary currently). Can anyone confirm this?
Three weeks of troubleshooting failed to find a solution to provision the Netgear CG3000Dv2 N450 on the Comcast network. The Netgear was able to successfully connect on 2 occasions but failed repeatedly most of the time making the configuration unworkable and unstable. This Netgear worked flawlessly for 2 months on the Cox network at our winter home in Arizona but could not be made to function at our summer cabin in Washington State on the Comcast network. Fortunately, our old Motorola SB5101 (end-of-life) and Linksys WRT54G router (vintage 2001) remained working perfectly on the Comcast network during this frustrating experience. Some observations and a wee bit of advice: I strongly suggest not buying a Netgear modem if using the Comcast network! However, I might consider it if using Cox. The Cox service is outstanding in that they have a short list of "Preferred Devices" and another longer list of "Additional Cox Recommended Devices" on their web site. The CG3000Dv2 N450 is on the Cox "Preferred" list and it seems they rent the commercial version so they're very familiar with it. The N450 worked flawlessly on their network and I believe that Cox updated the firmware on my device. Don't bother contacting the modem vendor technical support (i.e. Netgear). Save yourself a frustrating and fruitless experience. Return the modem immediately if the cable company technician isn't able to make it work during the 1st on-site visit. Return it, choose another brand modem and try again.Netgear refused to answer basic questions after repeated attempts. Such questions as "What is the most current firmware version?, "Can customer owners upgrade/downgrade the firmware on the CG3000Dv2?", "Why does Netgear provide the initial release firmware on the web site if there is no ability to update it?", "What should the indicator lights be upon plugging in the Netgear before activation is initiated?" and "Has Netgear seen a problem like mine before?" I received conflicting answers to the customer firmware upgrade question. One 1st tier "expert" said I could downgrade to the version available on their web site and provided the documented TFTP procedure. However, the next analyst repeatedly said this wasn't possible. There was a Netgear web site problem (404) when attempting to pull down the firmware version. I reported it but was told to try again from another PC. We did a couple rounds like this and the web site was finally repaired over the weekend allowing me to get the firmware. It was a long shot to downgrad the firmware that Cox likely pushed down but it seemed worth a try. To Netgear's credit, I was eventually put in touch with 2nd tier technical support in the Philippines and got a promise to escalate the case to their engineering department. However, nothing came of this after I provided a copious amount of data and my questions remained unanswered to this day even after repeating them yet again. Expect to run the version of firmware that is on the cable modem at purchase with no upgrades during the life of your customer owned device. Some cable companies (e.g. Comcast per a 2nd tier technical support analyst) do not push down firmware to customer owned equipment. Some modem vendors (e.g. Netgear) apparently do not provide firmware upgrades to customers or incorporate the required tool to do so (e.g. no firmware upgrade option on the CG3000Dv2 N450 web interface). Netgear apparently only provides firmware to ISPs hoping or assuming the ISP will push it down to the customer modem. It seems this is a false hope at least when it comes to Comcast. Don't buy a combo unit that has both the cable modem and wireless router in one package. It is simpler and less expensive to replace just the modem if it is defective, breaks after the warrantee expires, or is incompatible with the cable provider network. The cost for 2 devices over one is very insignificant considering the flexibility. Plus the wireless router's firmware can be upgraded by the owner. The combo unit was a desire in that our plan was to take it between AZ and WA. This purchase was a big mistake. Comcast should, but is probably unlikely to, improve their service based on Cox's business model. Troubleshooting ran the gambit including being told at one point that the Netgear wasn't a supported device.It seems reasonable, from my customer perspective, to provide a short list of modems and/or combo devices that are "preferred", i.e. known to work reliably on the Comcast network and are very familiar to the technical staff. The onsite Comcast technician had never seen a CG3000Dv2 N450 but did his best to activate it. I suppose a short list isn't something a company would do if the goal is to rent equipment to customers. Comcast tier 1 support was unable to answer basic questions such as "Does Comcast update firmware on customer owned devices?", "What modem does Comcast prefer and is known to work on their network if the Netgear isn't a supported device? However, Comcast 2nd tier was most helpful which was greatly appreciated. To their credit, Comcast did attempt to activate the Netgear on 5 occasions including an on-site technician visit. There were no issues found with our cabling and power/SNR were well within optimal range. The Comcast technician said Netgear's Internet light should go solid even if the Netgear modem isn't the primary device on the account. This proved to be true during those 2 brief occasions when the Netgear modem was able to establish connectivity. I found a post from another Comcast customer that described a problem possibly similar to mine. He suggested there might be an issue somewhere in the network affecting my home but this might be darn near impossible to find. He suggested other modem gear such as the Zoom 5341J is better able to handle issues of this nature. I purchased the Zoom 5341J and a Western Digital My Net N900 wireless router (for both it was only ~$10 more than the CG3000Dv2 N450). I plugged the cable into the Zoom modem and it immediately locked the 8 downstream channels and 4 upstream. Several reboots and a 24 hour burn-in period indicated the Zoom was stable and functional so worthy of going online. Activation by Comcast was completed without any problems. The WD N900 is a feature rich, dual band wireless router. This unit is far superior to the Netgear that only has basic functionality. So far the network using the new gear has been reliable and from all indications is working well. I hope my findings will help others in provisioning their Comcast Internet service and avoid a most frustrating experience. Good luck!
-
Is my router failing? - WRT54G wireless-G firmware v.8
It's gotten to the point where on average I have to power cycle the router at least once a day to regain the connection for both wired and wireless computers in our home network.
My questions are these:
1. Is there a way to diagnose the problem properly?
2. If the router is indeed failing, can anyone recomend a new one as this is the second router of the same type in two years to begin failing on us and to be frank im getting tired throwing 80 USD away every two years.Your router needs to be Upgraded...Download the firmware from here
Follow these steps to upgrade the firmware on the device: -
Open an Internet Explorer browser page.In the address bar type - 192.168.1.1
Leave username blank & in password use admin in lower case...
Click on the 'Administration' tab- Then click on the 'Firmware Upgrade' sub tab- Here click on 'Browse' and browse the .bin firmware file and click on "Upgrade"...
Wait for few seconds until it shows that "Upgrade is successful" After the firmware upgrade, click on "Reboot" and you will be returned back to the same page OR it will say "Page cannot be displayed".
Press and hold the reset button for 30 seconds...
Then, unplug the power cable while holding down the reset button for another 30 Seconds...
Plug the power cable back in, and keep holding down the reset button for another 30 Seconds...
Release the reset button...Now re-configure your router... -
Trying to blackhole or reject attacking IPs with route fails
My server is under heavy attack from an ip group in Hong Kong.
Trying to add a blackhole route in Yosemite with any of these commands or similar:
sudo route -v add -net 103.41.124.0/24 -blackhole
sudo route -v add -net 103.41.124.0/24 -reject
sudo route -v add -host 103.41.124.48 -reject
results in something like:
sudo route -v add -net 103.41.124.0/24 -blackhole
Password:
u: inet 103.41.124.0; RTM_ADD: Add Route: len 116, pid: 0, seq 1, errno 0, flags:<UP,GATEWAY,STATIC,BLACKHOLE>
locks: inits:
sockaddrs: <DST,NETMASK>
103.41.124.0 (0) 0 ffff ff
route: writing to routing socket: Invalid argument
add net 103.41.124.0: Invalid argument
What's the problem here?You would have to specify a destination; e.g.
sudo route -v add -net 103.41.124.0/24 127.0.0.1 -blackhole -
SNMP-5-COLDSTART: SNMP agent on host abuja_router is undergoing a cold start
SSH-5-ENABLED: SSH 2.0 has been enabledHi jimoh,
there is nothing wrong with this log, just means that router, probably has lost its power and regained again. You can verify the last reload reason issuing the "sh ver" command.
Regards,
Alessandro -
Connection to a specific router fails with reassociation denied (-9)
Hi folks,
I'm brand new to apple computers, so please be patient with me
I'm trying to connect to a WPA/AES encrypted network at work with my airport wlan.
The errormessage on /var/log/system.log is
Apple80211Agent[356]: Error joining XXX: Connection failed (-9 reassociation denied).
My home network, which is also WPA but TKIP encrypted works fine for me. Asking mama google didnt help me, so I hope to get some more information on that issue here.
Regards,
Mariopush
is nobody else having this problem? -
I have no idea whats going on here. There are 4 routers involved, the main router configs are as follows and the others I have attached. I Need the router named Tower to redirect traffic back down the serial interface to the router named JCWAtoDowntown. The problem is the JCWAtoTower Router is in the way and redirects the traffic back to the tower when it receives the traffic from the tower because that is it's default gateway. What needs to happen to make the JCWAtoTower router redirect the traffic coming back from the tower and put it to the JCWAtoDowntown router.
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname JCW
enable secret xxxx
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
ip name-server x.x.x.x
ip name-server x.x.x.x
interface Tunnel1
no ip address
interface FastEthernet0
ip address 10.6.18.4 255.255.255.0
speed auto
interface Serial0
ip address 192.168.101.2 255.255.255.0
no fair-queue
service-module t1 clock source internal
service-module t1 timeslots 1-24
interface Serial1
ip address 192.168.100.4 255.255.255.0
ip accounting output-packets
no fair-queue
service-module t1 clock source internal
service-module t1 timeslots 1-24
router rip
network 10.0.0.0
network 192.168.100.0
network 192.168.101.0
default-information originate
ip classless
ip forward-protocol udp 5631
ip forward-protocol udp 5632
ip route 0.0.0.0 0.0.0.0 192.168.100.1
ip http server
arp 10.6.18.5 00c0.b607.d30b ARPA
line con 0
logging synchronous
line aux 0
line vty 0 4
session-timeout 60
Gateway of last resort is 192.168.100.1 to network 0.0.0.0
R 69.0.0.0/8 [120/2] via 10.6.18.2, 00:00:00, FastEthernet0
R 192.168.104.0/24 [120/1] via 10.6.18.2, 00:00:00, FastEtherne
t0
R 67.0.0.0/8 [120/2] via 192.168.100.1, 00:00:05, Serial1
10.0.0.0/24 is subnetted, 1 subnets
C 10.6.18.0 is directly connected, FastEthernet0
R 192.168.0.0/24 [120/1] via 192.168.101.1, 00:00:09, Serial0
R 192.168.1.0/24 [120/1] via 192.168.100.1, 00:00:05, Serial1
C 192.168.100.0/24 is directly connected, Serial1
C 192.168.101.0/24 is directly connected, Serial0
S* 0.0.0.0/0 [1/0] via 192.168.100.1The default route for the 10.6.18.2(JCWAtoTower) is 192.168.104.1 (Tower) and it has a 2nd default route to 10.6.1.8.4 (JCWAtoDowntown) with a metric of 2.
If I shut off the S0 int on 10.6.18.2 the traffic redirects just fine,
On the Tower router there is a default route of 69.146.108.57 and a 2nd route 10.6.18.4 with a metric of 2, the problem is at the tower, when I shut off the Fa0 interface(internet) the traffic redirects to the JCWAtoTower router (the next router in line) and instead of passing through to the 10.6.18.4 (JCWAtoDowntown) Router it puts the traffic back to the tower because thats the default route. How can I get the JCWAtoTower router to recognize that the internet interface at the tower has gone down to allow the redirected traffic to now go to the 10.6.18.4 router?
Thanks in advance for your help and any configs.
Maybe you are looking for
-
Stock Transport Orders within AII, also using HUM
Dear all, we currently have the following issue at my customer: We are implementing SAP AII on top of an existing solution, using WM and HUM. In the current solution for STOs from 1 plant to another, the GI of an outbound delivery triggers the SPED o
-
Alter type to increase varray size
I have the following: CREATE OR REPLACE TYPE idvarray is varray(10) of INTEGER CREATE TABLE event_availability_map , event_id_list idvarray I would like to increase the size of idvarray, how can I do this?
-
SQL Developer as default for .sql extension
I specified SQL Developer as the default application for the .sql file extension. When I double click a .sql file, SQL Developer will start up and even open the file but I always receive a Windows error message stating 'Windows cannot find MyFile.sql
-
Cache download gives error in IE
Hi, My customer has created a virtual directory with Alias /LockheedDownload "D:\Lockheed_files" <Directory d:\Lockheed_files> #AllowOverride None Options FollowSymLinks Indexes Multiviews IndexOptions FoldersFirst FancyIndexing NameWidth=* IndexIgno
-
Install Oracle Form/Report 6i Developer
Hi all, Just confirm: I've downloaded d2k6irelease2.tar from http://www.oracle.com/technology/software/products/forms/htdocs/linuxsoft.html. Is that the right one for Oracle Form/Report 6i Developer? If not, please let's me know where can i find the