RPRAPA00 Address length
Hi Expert,
I'm currently facing issue with program RPRAPA00. When it retrieve HR Master Record Infotype 6 Address field STRAS which is 60 characters, and it's truncated to 35 characters in the program RPRAPA00 which is refering to BLAF1-STRAS. So in the Vendor Master I can only see 35 characters for the Street name.
But Vendor Master Street Name do allow me to enter 60 characters, tcode XK02. I found that the Vendor Master address table is ADRC and the field is STREET which is 60 characters.
Is there any other way to solve the above issue?
Thank you.
Regards,
Henry
Goto SE38 enter RPRAPA00, select documentation and click display.
SAP says, if you are not satisfied with the adress, then change it in an Exit.
This program calls RFBIKR00 to create a batch input.
Goto SE38 enter RFBIKR00, select documentation and click display.
SAP tells you that this program is not sufficient for central adresses. the cental adresses need to be loaded in an extra step.
Read the docu for the full detail.
Search OSS for notes on adress data load
Similar Messages
-
Cisco/Linksys WRVS4400N email address length limit
I have noticed that when I try and enter in an e-mail address for alert logs that I am unable to using the web form provided as there is a length limit.
The only way I have managed to get around this is to use the firefox plugin tamper data - https://addons.mozilla.org/en-us/firefox/addon/tamper-data/
I am using the latest firmware:
V2.0.0.8-ETSI
Are there any other solutions/updates/fixes available?Hi Mark, thank you for using our forum, my name is Johnnatan I am part of the Small business Support community. I apologize for this but I don´t understand your problem. If you could give us more details that going to be really helpful in order to help you.
Greetings,
Johnnatan Rodriguez Miranda.
Cisco Network Support Engineer. -
Getting IP Address information from an NSNetService object
I have an NSNetService object that I received from doing a Bonjour discovery. This object represents a web server that I want to connect to.
I have the following (nasty) code for doing that:
- (void) serviceReceived:(BonjourViewController*)bvc didResolveInstance:(NSNetService*)ref;
if (ref == nil) {
// The resolve was cancelled.
return;
NSArray* addressArray = [ref addresses];
if ([addressArray count] == 0) {
return;
NSData* address = [addressArray objectAtIndex:0];
void* buffer[[address length]];
[address getBytes:buffer];
int ipAddress = (int) buffer[1];
int classA = ipAddress & 0x000000FF;
int classB = (ipAddress & 0x0000FF00) >> 8;
int classC = (ipAddress & 0x00FF0000) >> 16;
int classD = (ipAddress & 0xFF000000) >> 24;
int port = [ref port];
NSString* hostName = [NSString stringWithFormat:@"%d.%d.%d.%d:%d", classA, classB, classC, classD, port];
NSURL* url = [[NSURL alloc] initWithScheme:@"http" host:hostName path:@"/index.html"];
I can't just use the hostname because it's not a valid DNS entry, and the Bonjour name doesn't work with most of the libraries like:
NSXMLParser *parser = [[NSXMLParser alloc] initWithContentsOfURL:URL];
Oddly enough, Safari is perfectly happy with the Bonjour name "compname.local.".
There must be a better way of getting an NSString with the dotted-quad than getting the bytes and manually picking apart the IP address from them. This code breaks as soon as we all move to IPv6.
Any help would be appreciated,
-Chris.
Message was edited by: clevans
Message was edited by: clevansUse an application bean if you want to keep a list of
all the users stored on a server.
When someone logs on, grab the ip, login name, and
password. Store this in the application scope bean.
Every time a page is accessed, check the ip to see if
it has been previously stored in the bean. If so,
load the login and password and use them for logging
in to the page. If not, include another preset login
page, or lik to it with the previous page stored in a
session scope bean.
The ips, login names, and passwords should be enclosed
in a class (simple one with three fields). When
someone logs on, create a new instance and send it to
the application scope bean, where it should be stored
in a java.util.HashMap (my favorite kind, and really
quick).
There should also be a way to time-out the user after
a while of not connecting - removing their ip from the
application scope bean. Very important if you want
security.
That's all I can think of for now.
Spaceman40Close enough, however I will point out that you don't need to store the password. I am also confused why you are saying an application level bean. This needs to be a bean that can be accessed by all of our applications. If one application creates the bean all of them should be able to see it.
I was thinking of doing this: Each application gets a session bean that looks for an entity bean with the primary key of the client's IP address. If the bean is there it gets the user ID from that and logs that user into the system. If the bean isn't there, it fires off a login procedure for the client to enter their username and password. If the login is successful it creates the bean. The session bean stays around until the user logs out of the system. The last session bean linked to that entity bean destroys it.
Has anyone seen this before? Is there a design pattern for a last one out turn off the light in EJB? -
Get IP address ... behind xDSL ...of the ISP
Hi i m looking for a cool way to get not my localhost address.... i need to get my IP ... i have the next code:
import java.net.*;
public class TestIP {
public static void main(String args[]) { try {
InetAddress[] addresses;
addresses = InetAddress.getAllByName(InetAddress.getLocalHost().getHostName()); for (int i=0; i<addresses.length; i++) { System.out.println(addresses<i>.getHostAddress()); } } catch(UnknownHostException e) { System.out.println (e.getMessage()); }
this code if is coorect (but is not)...give all the ip of your PC ...but....
thanks for the help ....... :)look, i am behind a Router and the router use NAT ..
the point is if i can get the outside Address , i can
do some hacking tricks to bypass the router and make a
server behind ... in a different port of course like
the.ip.address:8989 / index.htmlWrite a small server application that prints out the remote client host name / IP address when a connection is received. Host it somewhere outside your network and connect to it from your machine. This will display your external IP.
Alternatively, you could browse to one of those online credit card forms, the type where they display a warning about fraud, and display your IP and the time (Your IP has been recorded...) -
Let me give a few structures before I pose my issue
create table testBlock(`lan1IP` varchar(255) not null unique, `siteID` varchar(255) not null);Thats a table in MySQL
The following class is meant to update IP addresses by automatically filling in the next entry
* To change this template, choose Tools | Templates
* and open the template in the editor.
import java.util.*;
public class IPAdder
private final int MAXIMUM_OCTETS = 4;
private final int MAXIMUM_VALUE = 254;
private final int MINIMUM_VALUE = 0;
private final int SUBNET_VALUE = 32;
private int[] currentIPAddress;
private int[] nextIPAddress;
private boolean canGetNextIP = false;
public IPAdder()
//System.out.println(Integer.toBinaryString(MAXIMUM_VALUE));
currentIPAddress = new int[]{0, 0, 0, 0};
nextIPAddress = new int[]{0, 0, 0, 0};
public int[] getCurrentIP()
return currentIPAddress;
public void setCurrentIP(String ipAddress)
try
StringTokenizer tokens = new StringTokenizer(ipAddress, ".");
int numberOfTokens = tokens.countTokens();
/*int count = ipAddress.split("\\.").length; // This is an alternative piece of code
System.out.println(count);*/
if (numberOfTokens != 4)
throw new NumberFormatException("Invalid IP address");
else
int tokenNumber = 0;
while (tokens.hasMoreTokens())
currentIPAddress[tokenNumber] = Integer.parseInt(tokens.nextToken());
tokenNumber++;
canGetNextIP = true;
catch (Exception e)
e.printStackTrace();
public int[] getNextIP(int[] currentIPAddress)
try
if (canGetNextIP)
for (int octet = 0; octet < MAXIMUM_OCTETS; octet++)
int octetValue = currentIPAddress[octet];
if (octetValue < MINIMUM_VALUE || octetValue > MAXIMUM_VALUE)
throw new NumberFormatException("Cannot get next IP address as the original is invalid");
// THE CODE TO GET THE NEXT IP ADDRESS STARTS HERE
nextIPAddress = currentIPAddress;
// Add 1 to the last octet
nextIPAddress[3] = nextIPAddress[3] + SUBNET_VALUE;
// Test whether we are within limits
if (nextIPAddress[3] > MAXIMUM_VALUE)
nextIPAddress[2] = nextIPAddress[2] + 1;
nextIPAddress[3] = 0;
if (nextIPAddress[2] > MAXIMUM_VALUE)
nextIPAddress[1] = nextIPAddress[1] + 1;
nextIPAddress[2] = 0;
if (nextIPAddress[1] > MAXIMUM_VALUE)
nextIPAddress[0] = nextIPAddress[0] + 1;
nextIPAddress[1] = 0;
if (nextIPAddress[0] > MAXIMUM_VALUE)
throw new NumberFormatException("Maximum IP Address allocated!");
// THE CODE TO GET THE NEXT IP ADDRESS ENDS HERE
return nextIPAddress;
else
throw new NumberFormatException("Cannot get next IP address as the original is invalid");
catch (Exception e)
e.printStackTrace();
return currentIPAddress;
}The following code is the one that sets the limits on what to add and is, in effect, the main class.
import java.sql.*;
import javax.swing.*;
public class Connector
static private IPAdder adder = new IPAdder();
static public void main(String[] args)
try
Class.forName("com.mysql.jdbc.Driver").newInstance();
System.out.println("Loaded driver successfully");
//System.out.println("Connecting to database...");
Connection connection = DriverManager.getConnection("jdbc:mysql://localhost/parameters?", "root", "");
//System.out.println("Connected");
Statement statement = connection.createStatement();
// Insert the first IP address
String firstIPAddress = JOptionPane.showInputDialog(null, "Enter first IP");
String currentAddress = firstIPAddress;
String lastIPAddress = JOptionPane.showInputDialog(null, "Enter last IP");
statement.executeUpdate("INSERT INTO testBlock values('" + firstIPAddress + "', 'FREE IP')");
// Keep inserting while the last IP has not been reached
do
// Get the last IP from the database
String query = "SELECT * FROM testBlock";
Statement st = connection.createStatement();
ResultSet rs = statement.executeQuery(query);
while(rs.next())
currentAddress = rs.getString("lan1IP");
// add the next
System.out.print("Current address: " + currentAddress + " ");
adder.setCurrentIP(currentAddress);
int[] adressOld = adder.getCurrentIP();
int[] address = adder.getNextIP(adressOld);
System.out.print("Next IP ");
String IPADD2 = "";
for(int i = 0; i < address.length; i++)
IPADD2 += String.valueOf(address) + ".";
// This is the next IP Addres >> System.out.println(IPADD2.substring(0, IPADD2.length() - 1));
// Add it to the database
try
Statement s = connection.createStatement();
String q = "INSERT INTO testBlock values('" + IPADD2.substring(0, IPADD2.length() - 1) + "', 'FREE IP')";
// Do the above while we havent reached the maximum available allocated IP
s.executeUpdate(q);
System.out.println("Address " + IPADD2.substring(0, IPADD2.length() - 1) + " added successfully");
// set the current as the next one
currentAddress = IPADD2.substring(0, IPADD2.length() - 1);
compare(currentAddress, lastIPAddress);
catch(Exception e)
System.out.println("Exception adding ip: " + e);
// set the current as the last one
currentAddress = lastIPAddress;
// go back to the loop
continue;
// Insert the next IP adress
while(!currentAddress.equalsIgnoreCase("lastIPAddress"));
catch(Exception e)
System.out.println(e);
private static void compare(String a, String b)
System.out.print("Comparing currentAddress (" + a + ") and lastIPAddress (" + b + ") ... ");
if(a.equalsIgnoreCase(b))
System.out.println("SAME");
System.exit(0);
else
System.out.println("Different");
This code runs to produce[ Connector.main({ }) ]
Loaded driver successfully
Current address: 1.1.1.1 Next IP Address 1.1.1.33 added successfully
Comparing currentAddress (1.1.1.33) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.1.33 Next IP Address 1.1.1.65 added successfully
Comparing currentAddress (1.1.1.65) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.1.65 Next IP Address 1.1.1.97 added successfully
Comparing currentAddress (1.1.1.97) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.1.97 Next IP Address 1.1.1.129 added successfully
Comparing currentAddress (1.1.1.129) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.1.129 Next IP Address 1.1.1.161 added successfully
Comparing currentAddress (1.1.1.161) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.1.161 Next IP Address 1.1.1.193 added successfully
Comparing currentAddress (1.1.1.193) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.1.193 Next IP Address 1.1.1.225 added successfully
Comparing currentAddress (1.1.1.225) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.1.225 Next IP Address 1.1.2.0 added successfully
Comparing currentAddress (1.1.2.0) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.2.0 Next IP Address 1.1.2.32 added successfully
Comparing currentAddress (1.1.2.32) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.2.32 Next IP Address 1.1.2.64 added successfully
Comparing currentAddress (1.1.2.64) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.2.64 Next IP Address 1.1.2.96 added successfully
Comparing currentAddress (1.1.2.96) and lastIPAddress (1.1.1.255) ... Different
Current address: 1.1.2.96 Next IP Address 1.1.2.128 added successfully
Comparing curr
[root@iss IPFiller]#
Now, check out this line from the results:Comparing currentAddress (1.1.1.225) and lastIPAddress (1.1.1.255) ... DifferentSo this is my issue:
I want the program to populate the databases with entries from the starting IP address to the ending IP address. But the program overpasses and overshoots the maximum specified.
Is there something wrong here?Remove the 'continue' statement. It is causing your do-while test to never be executed. As it is the last thing in the block it is redundant anyway.
-
Mac Lion won't accept IP address sent from DHCP server
Upgraded to Lion a few days ago. Everything worked for a couple days. Plug in the ethernet cable today and I never get an ip address with DHCP from my router. I have 2 other devices plugged into the router and they get ip addresses normally. Captured the DHCP communication to see if I was getting a valid DHCP offer and I am...it is included. The Lion firewall is disabled. For some reason Lion isn't accepting the DHCP offer. Could this be a bug or maybe something in a cache needs to cleaned out. I connect to several different networks daily and they all work except for this one.
The line in Bold type shows the ip address being offered that never gets accepted by lion.
No. Time Source Destination Protocol Info
26 21.993141 10.19.39.97 255.255.255.255 DHCP DHCP Offer - Transaction ID 0x4e299603
Frame 26 (353 bytes on wire, 353 bytes captured)
Arrival Time: Aug 5, 2011 19:30:01.105566000
[Time delta from previous captured frame: 0.001086000 seconds]
[Time delta from previous displayed frame: 0.001086000 seconds]
[Time since reference or first frame: 21.993141000 seconds]
Frame Number: 26
Frame Length: 353 bytes
Capture Length: 353 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp:bootp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: e8:b7:48:e6:ab:5c (e8:b7:48:e6:ab:5c), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Destination: Broadcast (ff:ff:ff:ff:ff:ff)
Address: Broadcast (ff:ff:ff:ff:ff:ff)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: e8:b7:48:e6:ab:5c (e8:b7:48:e6:ab:5c)
Address: e8:b7:48:e6:ab:5c (e8:b7:48:e6:ab:5c)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 10.19.39.97 (10.19.39.97), Dst: 255.255.255.255 (255.255.255.255)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 339
Identification: 0x00fa (250)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 255
Protocol: UDP (0x11)
Header checksum: 0x882c [correct]
[Good: True]
[Bad : False]
Source: 10.19.39.97 (10.19.39.97)
Destination: 255.255.255.255 (255.255.255.255)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Source port: bootps (67)
Destination port: bootpc (68)
Length: 319
Checksum: 0x038d [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x4e299603
Seconds elapsed: 0
Bootp flags: 0x8000 (Broadcast)
1... .... .... .... = Broadcast flag: Broadcast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 10.19.39.98 (10.19.39.98)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: Apple_17:fd:5d (c4:2c:03:17:fd:5d)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Offer
Option: (53) DHCP Message Type
Length: 1
Value: 02
Option: (t=54,l=4) DHCP Server Identifier = 10.19.39.97
Option: (54) DHCP Server Identifier
Length: 4
Value: 0A132761
Option: (t=51,l=4) IP Address Lease Time = 1 day, 23 hours, 39 minutes, 50 seconds
Option: (51) IP Address Lease Time
Length: 4
Value: 00029E46
Option: (t=58,l=4) Renewal Time Value = 23 hours, 49 minutes, 55 seconds
Option: (58) Renewal Time Value
Length: 4
Value: 00014F23
Option: (t=59,l=4) Rebinding Time Value = 1 day, 17 hours, 42 minutes, 16 seconds
Option: (59) Rebinding Time Value
Length: 4
Value: 00024A78
Option: (t=1,l=4) Subnet Mask = 255.255.255.240
Option: (1) Subnet Mask
Length: 4
Value: FFFFFFF0
Option: (t=6,l=8) Domain Name Server
Option: (6) Domain Name Server
Length: 8
Value: AB44E278AB46A8B7
IP Address: 171.68.226.120
IP Address: 171.70.168.183
Option: (t=44,l=8) NetBIOS over TCP/IP Name Server
Option: (44) NetBIOS over TCP/IP Name Server
Length: 8
Value: AB443935AD2573BF
IP Address: 171.68.57.53
IP Address: 173.37.115.191
Option: (t=3,l=4) Router = 10.19.39.97
Option: (3) Router
Length: 4
Value: 0A132761
End OptionI have seen the same issue with my iOS and Mac OS devices (iPhone and MacBook Pro). I have written my own DHCP server (http://notebook.kulchenko.com/embedded/dhcp-and-dns-servers-with-arduino) and have had troubles getting my devices to connect (Windows Vista and Ubuntu devices connect fine). I suspect that this problem happens because the DHCP Offer message is sent to a broadcast address, even though (at least in my case) the broadcast flag is off in the DHCP Discover message I see.
Unfortunately you didn't include the Discover message, so I can't tell for sure, but if it indeed has the broadcast flag set to 0, then the server should send the response message using unicast as per DHCP spec (http://www.ietf.org/rfc/rfc2131.txt, section 4.1):
If the broadcast bit is not set and 'giaddr' is zero and
'ciaddr' is zero, then the server unicasts DHCPOFFER and DHCPACK
messages to the client's hardware address and 'yiaddr' address.
So, it seems like in this case the server may be at fault, even though it would be nice for Mac OS to accept broadcast responses (and would solve my problem too).
Can someone confirm that Mac OS does not accept broadcast responses to DHCP Discover and DHCP Request messages? Thanks.
Paul. -
ASA DHCP Request incorrect hostname length
I have an ASA 5505 with software version 8.2(1). It is making DHCP requests for IPSec clients that connect to the ASA. The DHCP requests packets the ASA makes have an extra '00' appended to the hostname field, and the length field is the size of the hostname + 1.
The DHCP server is Microsoft Server 2003 and this causes the hostname to be registered with an unknown character which appears as []hostname. Then when server 2003 tries to update the DNS record, it fails because of the invalid character in the hostname.
Is there anyway to have the ASA have the correct length for the hostname field in the DHCP packet, or a workaround that will solve this problem?I am thinking it may not be option 12 in the DHCP packet, but option 81. I have included a portion of the DHCP request from the ASA below:
Option: (t=53,l=1) DHCP Message Type = DHCP Request
Option: (53) DHCP Message Type
Length: 1
Value: 03
Option: (t=57,l=2) Maximum DHCP Message Size = 1152
Option: (57) Maximum DHCP Message Size
Length: 2
Value: 0480
Option: (t=61,l=42) Client identifier
Option: (61) Client identifier
Length: 42
Value: 00636973636F2D303032312E353537352E636131372D6D79...
Option: (t=54,l=4) Server Identifier = 192.168.8.3
Option: (54) Server Identifier
Length: 4
Value: C0A80803
Option: (t=50,l=4) Requested IP Address = 192.168.8.105
Option: (50) Requested IP Address
Length: 4
Value: C0A80869
Option: (t=12,l=11) Host Name = "myhostname"
Option: (12) Host Name
Length: 11
Value: 6D79686F73746E616D6500
Option: (t=51,l=4) IP Address Lease Time = 8 days
Option: (51) IP Address Lease Time
Length: 4
Value: 000A8C00
Option: (t=55,l=6) Parameter Request List
Option: (55) Parameter Request List
Length: 6
Value: 01060F2C0321
1 = Subnet Mask
6 = Domain Name Server
15 = Domain Name
44 = NetBIOS over TCP/IP Name Server
3 = Router
33 = Static Route
Option: (t=81,l=14) Client Fully Qualified Domain Name
Option: (81) Client Fully Qualified Domain Name
Length: 14
Value: 0400000A6D79686F73746E616D65
Flags: 0x04
0000 .... = Reserved flags: 0x00
.... 0... = Server DDNS: Some server updates
.... .1.. = Encoding: Binary encoding
.... ..0. = Server overrides: No override
.... ...0 = Server: Client
A-RR result: 0
PTR-RR result: 0
Client name: 0A6D79686F73746E616D65
End Option
Padding
Notice in option 81 the Client Name has a leading binary value of 0A (which is a new line): 0A6D79686F73746E616D65.
Does CSCsz07757 relate to that? Is there a way to have the ASA not include option 81 as part of the DHCP requests it makes?
Thank you. -
Bounced emails: automatically deactivating bad addresses...
Just wanted a little feedback on what strategy might be best for automating the deactivation process. I have a database with a list of addresses that needs to be frequently updated-- any messages that I receive in a certain inbox are typically bounced emails and I wish to deactivate these addresses in my database so I no longer send to them.
The best method I can think of, short of going through and manually identifying the original address I sent to (I've got better things to do!), seems to be to develop a method which parses the entire header and finds any email addresses (rebuilding any tokens that contain '@') and through brute force, simply tries to deactivate any and all reconstructed email addresses that I find. Not a very elegant method, I know. Since I won't be needing to automatically send emails to myself (return addresses and original sender) and anyone else of the 'postmaster' or 'MAILER-DAEMON' variety, I assume that any other email addresses contained within the header (somewhere)will be the one(s) that I'm looking for. Is this a fair assumption?
Has any got a suggestion on how to improve this crude parsing? Everything I've read online suggests that a 100% success rate is impossible due to the lack of standards imposed on header content. Anything I send out is not guaranteed to come back to me, according to my understanding, so what other options may be available?
Cheers,
SeanHere's the first bit of code for testing my brute-force method... It seems to work fine as long for generating possible addresses as there are no instances of '@' at the beginning or end of a parsable-string-- ie. " @xxx", "xxx@ ", etc.. I'm working on that part right now... shouldn't be too hard. Can anyone see possible/definite flaws or improvements/issues I may want to consider? Any comments on this code are much appreciated.
<code>
String content = new String("a string generated from email content");
StringTokenizer st1 = new StringTokenizer( content, "@" ); //finds possible instances of email addresses
int numberTokens=st1.countTokens();
int record=0;
String garbage;
if(numberTokens>1){
// create array to hold user and hostname values for all addresses
String address[] = new String[ 2*(numberTokens-1) ];
for( int i=0; i<numberTokens; i++ ){
String content2 = new String( st1.nextToken() );
StringTokenizer st2 = new StringTokenizer( content2, " <>()" ); //set characters which may denote/separate addresses
int numberTokens2 = st2.countTokens();
for( int j=0; j<numberTokens2; j++ ){
if( ((i==0)&&(j==numberTokens2-1)) || //to get first username (first '@' token)
((i==numberTokens-1)&&(j==0)) || //to get last domain name (last '@' token)
((i>0&&i<numberTokens-1)&&(j==0||j==(numberTokens2-1))) ){ //get username/domain (encapuslated '@' tokens)
address[record] = st2.nextToken();
record++;
}else if( (st2.hasMoreTokens()) ) //move parser to next token if exists
//or let for-loop expire.
garbage = st2.nextToken();
for(int k=0;k<address.length;k++ )
System.out.println(address[k]); //let's see how we did
</code> -
Get local machine Internet IP address
Hi all,
I want to get the internet IP address (from ISP) of my computer. But my computer already has a internal IP address. How can I get the Internet IP instead of Internal IP?
I tried :
InetAddress mNet = InetAddress.getLocalHost();
String t = mNet.getHostAddress();
But the IP is Internal once.
Here is the infomration when I run ipconfig :
0 Ethernet adapter :
IP Address. . . . . . . . . : xxx.xxx.xxx.xxx
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . : xxx.xxx.xxx.xxx
1 Ethernet adapter :
IP Address. . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . :
2 Ethernet adapter :
IP Address. . . . . . . . . : xxx.xxx.xxx.xxx
Subnet Mask . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . :
Remark : 0 Ethernet adapter is Internet IP, 2 Ethernet adapter is Internal IP
Thanks!Hi,
This code should print all the IP addresses from the local machine:
import java.net.*;
public class TestIP {
public static void main(String args[]) {
try {
InetAddress[] addresses;
addresses = InetAddress.getAllByName(InetAddress.getLocalHost().getHostName());
for (int i=0; i<addresses.length; i++) {
System.out.println(addresses.getHostAddress());
catch(UnknownHostException e) {
System.out.println (e.getMessage());
Hope this helps,
Kurt. -
Mixed message lengths on CAN Bus using USB-8473 Device
I am attempting to use the Frame API functions for LabVIEW
and send both 11-bit and 29-bit headers over a bus that uses both address lengths. I am currently successfully sending 11-bit
packets but the 29-bit packets are having their addressing truncated to the 11-bit
length when put on the bus.
As far as I can see I should have to set the standard
comparator to 0xCFFFFFFFF and then send messages. I am using a NI USB-8473 CAN Device for doing
this. Is there anything else I need to
change for extended addressing?You need to OR your Extended ID with the 0x20000000 before giving it to the NCwriteNet.vi.
This is the way that the underlying CAN driver and hardware know that is it an extended ID you are trying to send.
The ID on the CAN bus will NOT have the ORed ID but only your ID. The driver/hardware filter the 0x20000000 from the ID.
This is the same for reading an extended ID on the CAN bus.
Before using the ArbitrationId, you need to AND the ArbitrationId with 0x1FFFFFFF to filter the extended flag out. -
Cisco phone not getting ip address
Hi all ,
Cisco 2950 switch
Phone and dhcp server are in the same default vlan .PC's are getting ip address from dhcp server but not the phone
ThanksHi
I can see the mac address has registered on the switch . And i have tried couple of phones , result was same .
Then i did run a packet sniffing using wireshark .
I could see dhcp discover from the phone and offer from the server a couple of times .
i am attaching the dhcp offer part from the wireshark .
And i saw one error also
Error part
Option: (150) TFTP Server Address
Length: 11
TFTP Server Address: 49.48.46.48 (49.48.46.48)
TFTP Server Address: 46.55.49.46 (46.55.49.46)
[Expert Info (Error/Protocol): Option length isn't a multiple of 4]
[Option length isn't a multiple of 4]
[Severity level: Error]
[Group: Protocol]
Option: (255) End
Option End: 255
i don't have any idea about the Tftp server address mentioned above . -
Email address validation with JavaMail
Hi there,
Does anyone know whether the JavaMail library provides any means to validate email addresses? My first thought was to use the AddressException but this doesn't work. I was able to construct address such as
InternetAddress a1 = new InternetAddress("foo");
InternetAddress a2 = new InternetAddress("--------foo---------");
InternetAddress a3 = new InternetAddress("?$@%##$%??%$$#");
without the AddressException being thrown... Any comments would be appreciated.
Regards,
ArmanI use this simple test and is does the trick for me.
* @param address :string met email adress zoals
[email protected]
* @return :true valid address, false invalid
address.
private static boolean validmailadress(String address)
// address should must have a length of minimal 3
examp: a@b
if (address.length()<3) return false;
if(address.indexOf("@")==-1) return false;
return true;
Regards,
Wil.I think this is wrong. Take for example, would you call this valid?
abc@abc
Your code will call this valid, but to you and, it is very wrong. All you have to do is check that there is a '.' anywhere after the '@' and there is something after that.
Well, I will write one and post it here later. -
Can't PXE boot a Surface Pro 3 after already successfully imaging it
hey guys. To try to eliminate a lot of the initial question that come up with this issue, I figure I will start with established info. Our SCCM environment is healthy, and all images, drivers and apps are distributed to all of our DP's. We can image
PC's and laptops with no issue at all. We use network PXE booting. Using a 64 bit boot image. Needed drivers are injected into the boot image. Firmware on the Surface was updated. Using the Surface NIC dongle. THis dongle was only used to image
this Surface Pro 3 tablet one time. There is no record of the MAC of the dongle in SCCM since I deleted the Surface out, to make it an unknown again.
So, with a lot of trial and error, I was finally able to get this tab to PXE boot, and then successfully image. Was testing out the new windows 8.1 image I had built.
Since it ewas successful I wanted to add all of our apps to the TS and test them out in imaging. Well, I can no longer get this thing to PXE boot. It shows trying to Start PXE over IPv4, then just skips to IPv6, then boots up into windows.
I have delted the secure keys form ther BIOS, then reloaded them. I have tried hte full shut down method (Holding Volume Up and Power for 15 seconds, then waiting for 10 seconds or longer, then trying to PXE boot. I am getting a valid connection fro
mthe dongle.
Nothinhg I try works. Its tries to PXE boot over IPv4, but never gets there. But I can PXE boot any of our PC's or Laptops,m so its just an issue with this damn Surface Pro 3.
ANy advice?So I finally got our server guy to enable the logging and get that smspxe.log file to be accessible. So here is the info from the log, when I attempt to PXE boot the Surface. I see the last 2 lines where it ignores the request, I just don't know why its
ignoring it.
PXE::CNotifyTimer::TimerSignalFunc SMSPXE 4/14/2015 3:04:18 PM 8896 (0x22C0)
PXE::CNotifyTimer::ProcessTimer SMSPXE 4/14/2015 3:04:18 PM 8896 (0x22C0)
Potentially missed device 50:1A:C5:FE:D6:E9 SMSPXE 4/14/2015 3:04:18 PM 8896 (0x22C0)
Cleared Old Devices: 1 / 1 SMSPXE 4/14/2015 3:04:18 PM 8896 (0x22C0)
PXE::CBootImageManager::PerformMaintenenceTasks SMSPXE 4/14/2015 3:04:18 PM 8896 (0x22C0)
PXE::CBootImageManager::PurgeOldImages SMSPXE 4/14/2015 3:04:18 PM 8896 (0x22C0)
Purging old images: 0 SMSPXE 4/14/2015 3:04:18 PM 8896 (0x22C0)
PXE::CNotifyTimer::Init SMSPXE 4/14/2015 3:04:18 PM 8896 (0x22C0)
PXE::CNotifyTimer::CancelTimer SMSPXE 4/14/2015 3:04:18 PM 8896 (0x22C0)
PXE::CNotifyTimer::RegisterTimeout SMSPXE 4/14/2015 3:04:18 PM 8896 (0x22C0)
[172.028.000.223:67] Recv From:[172.028.011.002:67] Len:347 1ad0230 SMSPXE 4/14/2015 3:04:37 PM 5928 (0x1728)
============> Received from client: SMSPXE 4/14/2015 3:04:37 PM 5928 (0x1728)
DHCP message:
Operation: BootRequest (1)
Hardware Address type: 1
Hardware Address Length: 6
Hop Count: 1
Transaction ID: 24038353
Seconds Since Boot: 0
Client IP Address: 000.000.000.000
Your IP Address: 000.000.000.000
Server IP Address: 000.000.000.000
Relay Agent IP Address: 172.028.011.002
Hardware Address: 50:1a:c5:fe:d6:e9:
Magic Cookie: 63538263
Options:
Type = 53 DHCP Message Type: 1=DHCPDiscover
Type = 57 Max DHCP Message Size: 05b8
Type = 55 Paramerter Request List: 0102030405060c0d0f111216171c28292a2b3233363a3b3c4243618081828384858687
Type = 97 UUID: 0068745ee6b94c0e21b76054522b6a7e02
Type = 94 UNDI: 010310
Type = 93 Client system Arch: 0007
Type = 60 ClassIdentifier: PXEClient:Arch:00007:UNDI:003016 SMSPXE 4/14/2015 3:04:37 PM 5928 (0x1728)
<============ SMSPXE 4/14/2015 3:04:37 PM 5928 (0x1728)
ProcessMessage: Context:0241DF40 dTime:0 SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
50:1A:C5:FE:D6:E9, E65E7468-4CB9-210E-B760-54522B6A7E02: DHCP Discover received. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
[172.028.000.223:67] Recv From:[172.028.011.003:67] Len:347 159d1f0 SMSPXE 4/14/2015 3:04:37 PM 5928 (0x1728)
============> Received from client: SMSPXE 4/14/2015 3:04:37 PM 5928 (0x1728)
DHCP message:
Operation: BootRequest (1)
Hardware Address type: 1
Hardware Address Length: 6
Hop Count: 1
Transaction ID: 24038353
Seconds Since Boot: 0
Client IP Address: 000.000.000.000
Your IP Address: 000.000.000.000
Server IP Address: 000.000.000.000
Relay Agent IP Address: 172.028.011.003
Hardware Address: 50:1a:c5:fe:d6:e9:
Magic Cookie: 63538263
Options:
Type = 53 DHCP Message Type: 1=DHCPDiscover
Type = 57 Max DHCP Message Size: 05b8
Type = 55 Paramerter Request List: 0102030405060c0d0f111216171c28292a2b3233363a3b3c4243618081828384858687
Type = 97 UUID: 0068745ee6b94c0e21b76054522b6a7e02
Type = 94 UNDI: 010310
Type = 93 Client system Arch: 0007
Type = 60 ClassIdentifier: PXEClient:Arch:00007:UNDI:003016 SMSPXE 4/14/2015 3:04:37 PM 5928 (0x1728)
<============ SMSPXE 4/14/2015 3:04:37 PM 5928 (0x1728)
ProcessMessage: Context:0241DE50 dTime:0 SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
50:1A:C5:FE:D6:E9, E65E7468-4CB9-210E-B760-54522B6A7E02: DHCP Discover received. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Initialized CStringStream object with string: c7c22c7d-4f40-49f1-b7ed-871c18a07b05;2015-04-14T19:04:37Z. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Initialized CStringStream object with string: c7c22c7d-4f40-49f1-b7ed-871c18a07b05;2015-04-14T19:04:37Z. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Set enterpirse certificate in transport SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Set enterpirse certificate in transport SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Set media certificate in transport SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Set authenticator in transport SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
CLibSMSMessageWinHttpTransport::Send: URL: JAG-SCCM-01E.jonesapparel.com:443 GET /SMS_MP_AltAuth/.sms_aut?MPKEYINFORMATIONEX SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
In SSL, but with no client cert SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Set media certificate in transport SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Set authenticator in transport SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
CLibSMSMessageWinHttpTransport::Send: URL: JAG-SCCM-01E.jonesapparel.com:443 GET /SMS_MP_AltAuth/.sms_aut?MPKEYINFORMATIONEX SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
In SSL, but with no client cert SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Request was successful. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Request was successful. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Set authenticator in transport SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Set authenticator in transport SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Setting message signatures. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Setting the authenticator. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
CLibSMSMessageWinHttpTransport::Send: URL: JAG-SCCM-01E.jonesapparel.com:443 CCM_POST /ccm_system_AltAuth/request SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
In SSL, but with no client cert SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Setting message signatures. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Setting the authenticator. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
CLibSMSMessageWinHttpTransport::Send: URL: JAG-SCCM-01E.jonesapparel.com:443 CCM_POST /ccm_system_AltAuth/request SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
In SSL, but with no client cert SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Request was successful. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
::DecompressBuffer(65536) SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Decompression (zlib) succeeded: original size 148, uncompressed size 298. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Client lookup reply: <ClientIDReply><Identification Unknown="0" ItemKey="0" ServerName=""><Machine><ClientID/><NetbiosName/></Machine></Identification></ClientIDReply>
SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
MP_LookupDevice succeeded: 0 1 0 1 0 SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
50:1A:C5:FE:D6:E9, E65E7468-4CB9-210E-B760-54522B6A7E02: device is not in the database. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Getting boot action for unknown machine: item key: 2046820352 SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Request was successful. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
::DecompressBuffer(65536) SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Decompression (zlib) succeeded: original size 148, uncompressed size 298. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Client lookup reply: <ClientIDReply><Identification Unknown="0" ItemKey="0" ServerName=""><Machine><ClientID/><NetbiosName/></Machine></Identification></ClientIDReply>
SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
MP_LookupDevice succeeded: 0 1 0 1 0 SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
50:1A:C5:FE:D6:E9, E65E7468-4CB9-210E-B760-54522B6A7E02: device is not in the database. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Getting boot action for unknown machine: item key: 2046820352 SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Initialized CStringStream object with string: c7c22c7d-4f40-49f1-b7ed-871c18a07b05;2015-04-14T19:04:37Z. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Set enterpirse certificate in transport SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Initialized CStringStream object with string: c7c22c7d-4f40-49f1-b7ed-871c18a07b05;2015-04-14T19:04:37Z. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Set enterpirse certificate in transport SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Set media certificate in transport SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Set authenticator in transport SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
CLibSMSMessageWinHttpTransport::Send: URL: JAG-SCCM-01E.jonesapparel.com:443 GET /SMS_MP_AltAuth/.sms_aut?MPKEYINFORMATIONEX SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
In SSL, but with no client cert SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Set media certificate in transport SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Set authenticator in transport SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
CLibSMSMessageWinHttpTransport::Send: URL: JAG-SCCM-01E.jonesapparel.com:443 GET /SMS_MP_AltAuth/.sms_aut?MPKEYINFORMATIONEX SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
In SSL, but with no client cert SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Request was successful. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Request was successful. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Set authenticator in transport SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Set authenticator in transport SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Setting message signatures. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Setting the authenticator. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
CLibSMSMessageWinHttpTransport::Send: URL: JAG-SCCM-01E.jonesapparel.com:443 CCM_POST /ccm_system_AltAuth/request SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
In SSL, but with no client cert SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Setting message signatures. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Setting the authenticator. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
CLibSMSMessageWinHttpTransport::Send: URL: JAG-SCCM-01E.jonesapparel.com:443 CCM_POST /ccm_system_AltAuth/request SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
In SSL, but with no client cert SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Request was successful. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
::DecompressBuffer(65536) SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Decompression (zlib) succeeded: original size 409, uncompressed size 950. SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Client boot action reply: <ClientIDReply><Identification Unknown="0" ItemKey="2046820352" ServerName=""><Machine><ClientID>c70485df-9130-4b41-b61b-6c9e11b2f69a</ClientID><NetbiosName/></Machine></Identification><PXEBootAction
LastPXEAdvertisementID="" LastPXEAdvertisementTime="" OfferID="10020125" OfferIDTime="4/2/2015 11:12:00 AM" PkgID="100000D0" PackageVersion="" PackagePath BootImageID="10000087" Mandatory="0"/></ClientIDReply>
SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Client Identity: c70485df-9130-4b41-b61b-6c9e11b2f69a SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
50:1A:C5:FE:D6:E9, E65E7468-4CB9-210E-B760-54522B6A7E02: SMSID=c70485df-9130-4b41-b61b-6c9e11b2f69a OfferID=10020125, PackageID=100000D0, PackageVersion=, BootImageID=10000087, PackagePath=http://JAG-SCCM-01E.jonesapparel.com/SMS_DP_SMSPKG$/10000087, Mandatory=0 SMSPXE 4/14/2015
3:04:37 PM 7484 (0x1D3C)
50:1A:C5:FE:D6:E9, E65E7468-4CB9-210E-B760-54522B6A7E02: found optional advertisement 10020125 SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
============> Reply to client (DHCPDISCOVER): SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
DHCP message:
Operation: BootReply (2)
Hardware Address type: 1
Hardware Address Length: 6
Hop Count: 0
Transaction ID: 24038353
Seconds Since Boot: 0
Client IP Address: 000.000.000.000
Your IP Address: 000.000.000.000
Server IP Address: 172.028.000.223
Relay Agent IP Address: 172.028.011.002
Hardware Address: 50:1a:c5:fe:d6:e9:
Magic Cookie: 63538263
Options:
Type = 53 DHCP Message Type: 2=DHCPOffer
Type = 54 Server idenitifier: 172.028.000.223
Type = 97 UUID: 0068745ee6b94c0e21b76054522b6a7e02
Type = 60 ClassIdentifier: PXEClient SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
<============ SMSPXE 4/14/2015 3:04:37 PM 7484 (0x1D3C)
Request was successful. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
::DecompressBuffer(65536) SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Decompression (zlib) succeeded: original size 409, uncompressed size 950. SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Client boot action reply: <ClientIDReply><Identification Unknown="0" ItemKey="2046820352" ServerName=""><Machine><ClientID>c70485df-9130-4b41-b61b-6c9e11b2f69a</ClientID><NetbiosName/></Machine></Identification><PXEBootAction
LastPXEAdvertisementID="" LastPXEAdvertisementTime="" OfferID="10020125" OfferIDTime="4/2/2015 11:12:00 AM" PkgID="100000D0" PackageVersion="" PackagePath="xx
BootImageID="10000087" Mandatory="0"/></ClientIDReply>
SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
Client Identity: c70485df-9130-4b41-b61b-6c9e11b2f69a SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
50:1A:C5:FE:D6:E9, E65E7468-4CB9-210E-B760-54522B6A7E02: SMSID=c70485df-9130-4b41-b61b-6c9e11b2f69a OfferID=10020125, PackageID=100000D0, PackageVersion=, BootImageID=10000087, PackagePath=http://JAG-SCCM-01E.jonesapparel.com/SMS_DP_SMSPKG$/10000087, Mandatory=0 SMSPXE 4/14/2015
3:04:37 PM 7480 (0x1D38)
50:1A:C5:FE:D6:E9, E65E7468-4CB9-210E-B760-54522B6A7E02: found optional advertisement 10020125 SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
============> Reply to client (DHCPDISCOVER): SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
DHCP message:
Operation: BootReply (2)
Hardware Address type: 1
Hardware Address Length: 6
Hop Count: 0
Transaction ID: 24038353
Seconds Since Boot: 0
Client IP Address: 000.000.000.000
Your IP Address: 000.000.000.000
Server IP Address: 172.028.000.223
Relay Agent IP Address: 172.028.011.003
Hardware Address: 50:1a:c5:fe:d6:e9:
Magic Cookie: 63538263
Options:
Type = 53 DHCP Message Type: 2=DHCPOffer
Type = 54 Server idenitifier: 172.028.000.223
Type = 97 UUID: 0068745ee6b94c0e21b76054522b6a7e02
Type = 60 ClassIdentifier: PXEClient SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
<============ SMSPXE 4/14/2015 3:04:37 PM 7480 (0x1D38)
[172.028.000.223:67] Recv From:[172.028.011.003:67] Len:359 1acbeb0 SMSPXE 4/14/2015 3:04:40 PM 5928 (0x1728)
[172.028.000.223:67] Recv From:[172.028.011.002:67] Len:359 15a41f0 SMSPXE 4/14/2015 3:04:40 PM 5972 (0x1754)
============> Received from client: SMSPXE 4/14/2015 3:04:40 PM 5928 (0x1728)
============> Received from client: SMSPXE 4/14/2015 3:04:40 PM 5972 (0x1754)
DHCP message:
Operation: BootRequest (1)
Hardware Address type: 1
Hardware Address Length: 6
Hop Count: 1
Transaction ID: 24038353
Seconds Since Boot: 0
Client IP Address: 000.000.000.000
Your IP Address: 000.000.000.000
Server IP Address: 000.000.000.000
Relay Agent IP Address: 172.028.011.003
Hardware Address: 50:1a:c5:fe:d6:e9:
Magic Cookie: 63538263
Options:
Type = 53 DHCP Message Type: 3=DHCPRequest
Type = 54 Server idenitifier: 172.028.000.015
Type = 50 Requested IP: 172.028.011.052
Type = 57 Max DHCP Message Size: ff00
Type = 55 Paramerter Request List: 0102030405060c0d0f111216171c28292a2b3233363a3b3c4243618081828384858687
Type = 97 UUID: 0068745ee6b94c0e21b76054522b6a7e02
Type = 94 UNDI: 010310
Type = 93 Client system Arch: 0007
Type = 60 ClassIdentifier: PXEClient:Arch:00007:UNDI:003016 SMSPXE 4/14/2015 3:04:40 PM 5928 (0x1728)
DHCP message:
Operation: BootRequest (1)
Hardware Address type: 1
Hardware Address Length: 6
Hop Count: 1
Transaction ID: 24038353
Seconds Since Boot: 0
Client IP Address: 000.000.000.000
Your IP Address: 000.000.000.000
Server IP Address: 000.000.000.000
Relay Agent IP Address: 172.028.011.002
Hardware Address: 50:1a:c5:fe:d6:e9:
Magic Cookie: 63538263
Options:
Type = 53 DHCP Message Type: 3=DHCPRequest
Type = 54 Server idenitifier: 172.028.000.015
Type = 50 Requested IP: 172.028.011.052
Type = 57 Max DHCP Message Size: ff00
Type = 55 Paramerter Request List: 0102030405060c0d0f111216171c28292a2b3233363a3b3c4243618081828384858687
Type = 97 UUID: 0068745ee6b94c0e21b76054522b6a7e02
Type = 94 UNDI: 010310
Type = 93 Client system Arch: 0007
Type = 60 ClassIdentifier: PXEClient:Arch:00007:UNDI:003016 SMSPXE 4/14/2015 3:04:40 PM 5972 (0x1754)
<============ SMSPXE 4/14/2015 3:04:40 PM 5928 (0x1728)
<============ SMSPXE 4/14/2015 3:04:40 PM 5972 (0x1754)
Ignoring req from [172.028.011.003:67] Dest Server:[172.028.000.015] SMSPXE 4/14/2015 3:04:40 PM 5928 (0x1728)
Ignoring req from [172.028.011.002:67] Dest Server:[172.028.000.015] SMSPXE 4/14/2015 3:04:40 PM 5972 (0x1754) -
ASA 5510 with Cisco 2811 Router Behind it - Not forwarding traffic
Hi all,
Some might know that I have been dealing with an issue where I cannot seem to get forwarded packets to reach their destinations behind an ASA 5510 that has a Cisco 2811 connected directly behind it.
Some examples that work.
I can SSH into the ASA.
I can SSH to the Cisco Routers behind the ASA.
I cannot reach items beind the Cisco Routers.
My Configuration is this (I am sure I included a bunch of info I didn't need to, but I am hoping it'll help!):
I have a static Ip assigned to my Ouside Interface Ethernet 0/1
It has an IP address of 199.195.xxx.xxx
I am trying to learn how to shape network traffic (this is all new to me) via the ASA and the Routers to specific devices.
The Inside Interface on the ASA is 10.10.1.1 255.255.255.252
The Outside Interface on the 2811 is 10.10.1.2 255.255.255.252
I can ping the router from the ASA. I can SSH through the ASA to the router.
BUT I CANNOT ACCESS DEVICES BEHIND THE ROUTER.
So, I wanted to BAM that statement above because I just don't kjnow where the issue is. Is the issue on the router or the ASA, my guess is, the router, but I just don't know.
Here are my configs, helpfully someone can help.
ASA errors on the ASDM when I try and hit resources; specifically a web device behind the ASA and the 2811. It's Ip address 192.168.1.5 it's listening on port 80.Static IP, not assigned via DHCP.
6
Feb 14 2014
19:38:56
98.22.121.x
41164
192.168.1.5
80
Built inbound TCP connection 1922859 for Outside:98.22.121.x/41164 (98.22.121.x/41164) to Inside:192.168.1.5/80 (199.195.168.x/8080)
6
Feb 14 2014
19:38:56
10.10.1.2
80
98.22.121.x
41164
Deny TCP (no connection) from 10.10.1.2/80 to 98.22.121.x/41164 flags SYN ACK on interface Inside
ASA5510# sh nat
Auto NAT Policies (Section 2)
1 (DMZ) to (Outside) source static ROUTER-2821 interface service tcp ssh 2222
translate_hits = 1, untranslate_hits = 18
2 (Inside) to (Outside) source static ROUTER-2811 interface service tcp ssh 222
translate_hits = 0, untranslate_hits = 13
3 (VOIP) to (Outside) source static ROUTER-3745 interface service tcp ssh 2223
translate_hits = 0, untranslate_hits = 3
4 (Inside) to (Outside) source static RDP-DC1 interface service tcp 3389 3389
translate_hits = 0, untranslate_hits = 236
5 (Inside) to (Outside) source static WEBCAM-01 interface service tcp www 8080
translate_hits = 0, untranslate_hits = 162
Manual NAT Policies (Section 3)
1 (any) to (Outside) source dynamic PAT-SOURCE interface
translate_hits = 1056862, untranslate_hits = 83506
ASA5510# show access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096)
alert-interval 300
access-list USERS; 1 elements; name hash: 0x50681c1e
access-list USERS line 1 standard permit 10.10.1.0 255.255.255.0 (hitcnt=0) 0xdd6ba495
access-list Outside_access_in; 5 elements; name hash: 0xe796c137
access-list Outside_access_in line 1 extended permit tcp host 98.22.121.x object ROUTER-2811 eq ssh (hitcnt=37) 0x5a53778d
access-list Outside_access_in line 1 extended permit tcp host 98.22.121.x host 10.10.1.2 eq ssh (hitcnt=37) 0x5a53778d
access-list Outside_access_in line 2 extended permit tcp host 98.22.121.x object ROUTER-2821 eq ssh (hitcnt=8) 0x9f32bc21
access-list Outside_access_in line 2 extended permit tcp host 98.22.121.x host 10.10.0.2 eq ssh (hitcnt=8) 0x9f32bc21
access-list Outside_access_in line 3 extended permit tcp host 98.22.121.x interface Outside eq https (hitcnt=0) 0x385488b2
access-list Outside_access_in line 4 extended permit tcp host 98.22.121.x object WEBCAM-01 eq www (hitcnt=60) 0xe66674ec
access-list Outside_access_in line 4 extended permit tcp host 98.22.121.x host 192.168.1.5 eq www (hitcnt=60) 0xe66674ec
access-list Outside_access_in line 5 extended permit tcp host 98.22.121.x object RDP-DC1 eq 3389 (hitcnt=3) 0x02f13f4e
access-list Outside_access_in line 5 extended permit tcp host 98.22.121.x host 192.168.1.2 eq 3389 (hitcnt=3) 0x02f13f4e
access-list dmz-access-vlan1; 1 elements; name hash: 0xc3450860
access-list dmz-access-vlan1 line 1 extended permit ip 128.162.1.0 255.255.255.0 any (hitcnt=0) 0x429fedf1
access-list dmz-access; 3 elements; name hash: 0xf53f5801
access-list dmz-access line 1 remark Permit all traffic to DC1
access-list dmz-access line 2 extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2 (hitcnt=0) 0xd2dced0a
access-list dmz-access line 3 remark Permit only DNS traffic to DNS server
access-list dmz-access line 4 extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain (hitcnt=0) 0xbb21093e
access-list dmz-access line 5 remark Permit ICMP to all devices in DC
access-list dmz-access line 6 extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0 (hitcnt=0) 0x71269ef7
CISCO-2811#show access-lists
Standard IP access list 1
10 permit any (1581021 matches)
CISCO-2811#show translate
CISCO-2811#show route
CISCO-2811#show route-map
CISCO-2811#show host
CISCO-2811#show hosts
Default domain is maladomini.int
Name/address lookup uses domain service
Name servers are 192.168.1.2, 199.195.168.4, 205.171.2.65, 205.171.3.65, 8.8.8.8
Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate
temp - temporary, perm - permanent
NA - Not Applicable None - Not defined
Host Port Flags Age Type Address(es)
api.mixpanel.com None (temp, OK) 2 IP 198.23.64.21
198.23.64.22
198.23.64.18
198.23.64.19
198.23.64.20
ASA5510:
ASA5510# sh run all
: Saved
ASA Version 9.1(4)
command-alias exec h help
command-alias exec lo logout
command-alias exec p ping
command-alias exec s show
terminal width 80
hostname ASA5510
domain-name maladomini.int
enable password x encrypted
no fips enable
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
xlate per-session permit tcp any4 any4
xlate per-session permit tcp any4 any6
xlate per-session permit tcp any6 any4
xlate per-session permit tcp any6 any6
xlate per-session permit udp any4 any4 eq domain
xlate per-session permit udp any4 any6 eq domain
xlate per-session permit udp any6 any4 eq domain
xlate per-session permit udp any6 any6 eq domain
passwd x encrypted
names
dns-guard
lacp system-priority 32768
interface Ethernet0/0
description LAN Interface
speed auto
duplex auto
no flowcontrol send on
nameif Inside
security-level 100
ip address 10.10.1.1 255.255.255.252
delay 10
interface Ethernet0/1
description WAN Interface
speed auto
duplex auto
no flowcontrol send on
nameif Outside
security-level 0
ip address 199.195.168.xxx 255.255.255.240
delay 10
interface Ethernet0/2
description DMZ
speed auto
duplex auto
no flowcontrol send on
nameif DMZ
security-level 100
ip address 10.10.0.1 255.255.255.252
delay 10
interface Ethernet0/3
description VOIP
speed auto
duplex auto
no flowcontrol send on
nameif VOIP
security-level 100
ip address 10.10.2.1 255.255.255.252
delay 10
interface Management0/0
speed auto
duplex auto
management-only
shutdown
nameif management
security-level 0
no ip address
delay 10
regex _default_gator "Gator"
regex _default_firethru-tunnel_2 "[/\\]cgi[-]bin[/\\]proxy"
regex _default_shoutcast-tunneling-protocol "1"
regex _default_http-tunnel "[/\\]HT_PortLog.aspx"
regex _default_x-kazaa-network "[\r\n\t ]+[xX]-[kK][aA][zZ][aA][aA]-[nN][eE][tT][wW][oO][rR][kK]"
regex _default_msn-messenger "[Aa][Pp][Pp][Ll][Ii][Cc][Aa][Tt][Ii][Oo][Nn][/\\][Xx][-][Mm][Ss][Nn][-][Mm][Ee][Ss][Ss][Ee][Nn][Gg][Ee][Rr]"
regex _default_GoToMyPC-tunnel_2 "[/\\]erc[/\\]Poll"
regex _default_gnu-http-tunnel_uri "[/\\]index[.]html"
regex _default_aim-messenger "[Hh][Tt][Tt][Pp][.][Pp][Rr][Oo][Xx][Yy][.][Ii][Cc][Qq][.][Cc][Oo][Mm]"
regex _default_gnu-http-tunnel_arg "crap"
regex _default_icy-metadata "[\r\n\t ]+[iI][cC][yY]-[mM][eE][tT][aA][dD][aA][tT][aA]"
regex _default_GoToMyPC-tunnel "machinekey"
regex _default_windows-media-player-tunnel "NSPlayer"
regex _default_yahoo-messenger "YMSG"
regex _default_httport-tunnel "photo[.]exectech[-]va[.]com"
regex _default_firethru-tunnel_1 "firethru[.]com"
checkheaps check-interval 60
checkheaps validate-checksum 60
boot system disk0:/asa914-k8.bin
ftp mode passive
clock timezone UTC 0
dns domain-lookup Outside
dns server-group DefaultDNS
name-server 199.195.168.4
name-server 205.171.2.65
name-server 205.171.3.65
domain-name maladomini.int
same-security-traffic permit inter-interface
object service ah pre-defined
service ah
description This is a pre-defined object
object service eigrp pre-defined
service eigrp
description This is a pre-defined object
object service esp pre-defined
service esp
description This is a pre-defined object
object service gre pre-defined
service gre
description This is a pre-defined object
object service icmp pre-defined
service icmp
description This is a pre-defined object
object service icmp6 pre-defined
service icmp6
description This is a pre-defined object
object service igmp pre-defined
service igmp
description This is a pre-defined object
object service igrp pre-defined
service igrp
description This is a pre-defined object
object service ip pre-defined
service ip
description This is a pre-defined object
object service ipinip pre-defined
service ipinip
description This is a pre-defined object
object service ipsec pre-defined
service esp
description This is a pre-defined object
object service nos pre-defined
service nos
description This is a pre-defined object
object service ospf pre-defined
service ospf
description This is a pre-defined object
object service pcp pre-defined
service pcp
description This is a pre-defined object
object service pim pre-defined
service pim
description This is a pre-defined object
object service pptp pre-defined
service gre
description This is a pre-defined object
object service snp pre-defined
service snp
description This is a pre-defined object
object service tcp pre-defined
service tcp
description This is a pre-defined object
object service udp pre-defined
service udp
description This is a pre-defined object
object service tcp-aol pre-defined
service tcp destination eq aol
description This is a pre-defined object
object service tcp-bgp pre-defined
service tcp destination eq bgp
description This is a pre-defined object
object service tcp-chargen pre-defined
service tcp destination eq chargen
description This is a pre-defined object
object service tcp-cifs pre-defined
service tcp destination eq cifs
description This is a pre-defined object
object service tcp-citrix-ica pre-defined
service tcp destination eq citrix-ica
description This is a pre-defined object
object service tcp-ctiqbe pre-defined
service tcp destination eq ctiqbe
description This is a pre-defined object
object service tcp-daytime pre-defined
service tcp destination eq daytime
description This is a pre-defined object
object service tcp-discard pre-defined
service tcp destination eq discard
description This is a pre-defined object
object service tcp-domain pre-defined
service tcp destination eq domain
description This is a pre-defined object
object service tcp-echo pre-defined
service tcp destination eq echo
description This is a pre-defined object
object service tcp-exec pre-defined
service tcp destination eq exec
description This is a pre-defined object
object service tcp-finger pre-defined
service tcp destination eq finger
description This is a pre-defined object
object service tcp-ftp pre-defined
service tcp destination eq ftp
description This is a pre-defined object
object service tcp-ftp-data pre-defined
service tcp destination eq ftp-data
description This is a pre-defined object
object service tcp-gopher pre-defined
service tcp destination eq gopher
description This is a pre-defined object
object service tcp-ident pre-defined
service tcp destination eq ident
description This is a pre-defined object
object service tcp-imap4 pre-defined
service tcp destination eq imap4
description This is a pre-defined object
object service tcp-irc pre-defined
service tcp destination eq irc
description This is a pre-defined object
object service tcp-hostname pre-defined
service tcp destination eq hostname
description This is a pre-defined object
object service tcp-kerberos pre-defined
service tcp destination eq kerberos
description This is a pre-defined object
object service tcp-klogin pre-defined
service tcp destination eq klogin
description This is a pre-defined object
object service tcp-kshell pre-defined
service tcp destination eq kshell
description This is a pre-defined object
object service tcp-ldap pre-defined
service tcp destination eq ldap
description This is a pre-defined object
object service tcp-ldaps pre-defined
service tcp destination eq ldaps
description This is a pre-defined object
object service tcp-login pre-defined
service tcp destination eq login
description This is a pre-defined object
object service tcp-lotusnotes pre-defined
service tcp destination eq lotusnotes
description This is a pre-defined object
object service tcp-nfs pre-defined
service tcp destination eq nfs
description This is a pre-defined object
object service tcp-netbios-ssn pre-defined
service tcp destination eq netbios-ssn
description This is a pre-defined object
object service tcp-whois pre-defined
service tcp destination eq whois
description This is a pre-defined object
object service tcp-nntp pre-defined
service tcp destination eq nntp
description This is a pre-defined object
object service tcp-pcanywhere-data pre-defined
service tcp destination eq pcanywhere-data
description This is a pre-defined object
object service tcp-pim-auto-rp pre-defined
service tcp destination eq pim-auto-rp
description This is a pre-defined object
object service tcp-pop2 pre-defined
service tcp destination eq pop2
description This is a pre-defined object
object service tcp-pop3 pre-defined
service tcp destination eq pop3
description This is a pre-defined object
object service tcp-pptp pre-defined
service tcp destination eq pptp
description This is a pre-defined object
object service tcp-lpd pre-defined
service tcp destination eq lpd
description This is a pre-defined object
object service tcp-rsh pre-defined
service tcp destination eq rsh
description This is a pre-defined object
object service tcp-rtsp pre-defined
service tcp destination eq rtsp
description This is a pre-defined object
object service tcp-sip pre-defined
service tcp destination eq sip
description This is a pre-defined object
object service tcp-smtp pre-defined
service tcp destination eq smtp
description This is a pre-defined object
object service tcp-ssh pre-defined
service tcp destination eq ssh
description This is a pre-defined object
object service tcp-sunrpc pre-defined
service tcp destination eq sunrpc
description This is a pre-defined object
object service tcp-tacacs pre-defined
service tcp destination eq tacacs
description This is a pre-defined object
object service tcp-talk pre-defined
service tcp destination eq talk
description This is a pre-defined object
object service tcp-telnet pre-defined
service tcp destination eq telnet
description This is a pre-defined object
object service tcp-uucp pre-defined
service tcp destination eq uucp
description This is a pre-defined object
object service tcp-www pre-defined
service tcp destination eq www
description This is a pre-defined object
object service tcp-http pre-defined
service tcp destination eq www
description This is a pre-defined object
object service tcp-https pre-defined
service tcp destination eq https
description This is a pre-defined object
object service tcp-cmd pre-defined
service tcp destination eq rsh
description This is a pre-defined object
object service tcp-sqlnet pre-defined
service tcp destination eq sqlnet
description This is a pre-defined object
object service tcp-h323 pre-defined
service tcp destination eq h323
description This is a pre-defined object
object service tcp-udp-cifs pre-defined
service tcp-udp destination eq cifs
description This is a pre-defined object
object service tcp-udp-discard pre-defined
service tcp-udp destination eq discard
description This is a pre-defined object
object service tcp-udp-domain pre-defined
service tcp-udp destination eq domain
description This is a pre-defined object
object service tcp-udp-echo pre-defined
service tcp-udp destination eq echo
description This is a pre-defined object
object service tcp-udp-kerberos pre-defined
service tcp-udp destination eq kerberos
description This is a pre-defined object
object service tcp-udp-nfs pre-defined
service tcp-udp destination eq nfs
description This is a pre-defined object
object service tcp-udp-pim-auto-rp pre-defined
service tcp-udp destination eq pim-auto-rp
description This is a pre-defined object
object service tcp-udp-sip pre-defined
service tcp-udp destination eq sip
description This is a pre-defined object
object service tcp-udp-sunrpc pre-defined
service tcp-udp destination eq sunrpc
description This is a pre-defined object
object service tcp-udp-tacacs pre-defined
service tcp-udp destination eq tacacs
description This is a pre-defined object
object service tcp-udp-www pre-defined
service tcp-udp destination eq www
description This is a pre-defined object
object service tcp-udp-http pre-defined
service tcp-udp destination eq www
description This is a pre-defined object
object service tcp-udp-talk pre-defined
service tcp-udp destination eq talk
description This is a pre-defined object
object service udp-biff pre-defined
service udp destination eq biff
description This is a pre-defined object
object service udp-bootpc pre-defined
service udp destination eq bootpc
description This is a pre-defined object
object service udp-bootps pre-defined
service udp destination eq bootps
description This is a pre-defined object
object service udp-cifs pre-defined
service udp destination eq cifs
description This is a pre-defined object
object service udp-discard pre-defined
service udp destination eq discard
description This is a pre-defined object
object service udp-domain pre-defined
service udp destination eq domain
description This is a pre-defined object
object service udp-dnsix pre-defined
service udp destination eq dnsix
description This is a pre-defined object
object service udp-echo pre-defined
service udp destination eq echo
description This is a pre-defined object
object service udp-www pre-defined
service udp destination eq www
description This is a pre-defined object
object service udp-http pre-defined
service udp destination eq www
description This is a pre-defined object
object service udp-nameserver pre-defined
service udp destination eq nameserver
description This is a pre-defined object
object service udp-kerberos pre-defined
service udp destination eq kerberos
description This is a pre-defined object
object service udp-mobile-ip pre-defined
service udp destination eq mobile-ip
description This is a pre-defined object
object service udp-nfs pre-defined
service udp destination eq nfs
description This is a pre-defined object
object service udp-netbios-ns pre-defined
service udp destination eq netbios-ns
description This is a pre-defined object
object service udp-netbios-dgm pre-defined
service udp destination eq netbios-dgm
description This is a pre-defined object
object service udp-ntp pre-defined
service udp destination eq ntp
description This is a pre-defined object
object service udp-pcanywhere-status pre-defined
service udp destination eq pcanywhere-status
description This is a pre-defined object
object service udp-pim-auto-rp pre-defined
service udp destination eq pim-auto-rp
description This is a pre-defined object
object service udp-radius pre-defined
service udp destination eq radius
description This is a pre-defined object
object service udp-radius-acct pre-defined
service udp destination eq radius-acct
description This is a pre-defined object
object service udp-rip pre-defined
service udp destination eq rip
description This is a pre-defined object
object service udp-secureid-udp pre-defined
service udp destination eq secureid-udp
description This is a pre-defined object
object service udp-sip pre-defined
service udp destination eq sip
description This is a pre-defined object
object service udp-snmp pre-defined
service udp destination eq snmp
description This is a pre-defined object
object service udp-snmptrap pre-defined
service udp destination eq snmptrap
description This is a pre-defined object
object service udp-sunrpc pre-defined
service udp destination eq sunrpc
description This is a pre-defined object
object service udp-syslog pre-defined
service udp destination eq syslog
description This is a pre-defined object
object service udp-tacacs pre-defined
service udp destination eq tacacs
description This is a pre-defined object
object service udp-talk pre-defined
service udp destination eq talk
description This is a pre-defined object
object service udp-tftp pre-defined
service udp destination eq tftp
description This is a pre-defined object
object service udp-time pre-defined
service udp destination eq time
description This is a pre-defined object
object service udp-who pre-defined
service udp destination eq who
description This is a pre-defined object
object service udp-xdmcp pre-defined
service udp destination eq xdmcp
description This is a pre-defined object
object service udp-isakmp pre-defined
service udp destination eq isakmp
description This is a pre-defined object
object service icmp6-unreachable pre-defined
service icmp6 unreachable
description This is a pre-defined object
object service icmp6-packet-too-big pre-defined
service icmp6 packet-too-big
description This is a pre-defined object
object service icmp6-time-exceeded pre-defined
service icmp6 time-exceeded
description This is a pre-defined object
object service icmp6-parameter-problem pre-defined
service icmp6 parameter-problem
description This is a pre-defined object
object service icmp6-echo pre-defined
service icmp6 echo
description This is a pre-defined object
object service icmp6-echo-reply pre-defined
service icmp6 echo-reply
description This is a pre-defined object
object service icmp6-membership-query pre-defined
service icmp6 membership-query
description This is a pre-defined object
object service icmp6-membership-report pre-defined
service icmp6 membership-report
description This is a pre-defined object
object service icmp6-membership-reduction pre-defined
service icmp6 membership-reduction
description This is a pre-defined object
object service icmp6-router-renumbering pre-defined
service icmp6 router-renumbering
description This is a pre-defined object
object service icmp6-router-solicitation pre-defined
service icmp6 router-solicitation
description This is a pre-defined object
object service icmp6-router-advertisement pre-defined
service icmp6 router-advertisement
description This is a pre-defined object
object service icmp6-neighbor-solicitation pre-defined
service icmp6 neighbor-solicitation
description This is a pre-defined object
object service icmp6-neighbor-advertisement pre-defined
service icmp6 neighbor-advertisement
description This is a pre-defined object
object service icmp6-neighbor-redirect pre-defined
service icmp6 neighbor-redirect
description This is a pre-defined object
object service icmp-echo pre-defined
service icmp echo
description This is a pre-defined object
object service icmp-echo-reply pre-defined
service icmp echo-reply
description This is a pre-defined object
object service icmp-unreachable pre-defined
service icmp unreachable
description This is a pre-defined object
object service icmp-source-quench pre-defined
service icmp source-quench
description This is a pre-defined object
object service icmp-redirect pre-defined
service icmp redirect
description This is a pre-defined object
object service icmp-alternate-address pre-defined
service icmp alternate-address
description This is a pre-defined object
object service icmp-router-advertisement pre-defined
service icmp router-advertisement
description This is a pre-defined object
object service icmp-router-solicitation pre-defined
service icmp router-solicitation
description This is a pre-defined object
object service icmp-time-exceeded pre-defined
service icmp time-exceeded
description This is a pre-defined object
object service icmp-parameter-problem pre-defined
service icmp parameter-problem
description This is a pre-defined object
object service icmp-timestamp-request pre-defined
service icmp timestamp-request
description This is a pre-defined object
object service icmp-timestamp-reply pre-defined
service icmp timestamp-reply
description This is a pre-defined object
object service icmp-information-request pre-defined
service icmp information-request
description This is a pre-defined object
object service icmp-information-reply pre-defined
service icmp information-reply
description This is a pre-defined object
object service icmp-mask-request pre-defined
service icmp mask-request
description This is a pre-defined object
object service icmp-mask-reply pre-defined
service icmp mask-reply
description This is a pre-defined object
object service icmp-traceroute pre-defined
service icmp traceroute
description This is a pre-defined object
object service icmp-conversion-error pre-defined
service icmp conversion-error
description This is a pre-defined object
object service icmp-mobile-redirect pre-defined
service icmp mobile-redirect
description This is a pre-defined object
object network ROUTER-2811
host 10.10.1.2
object network ROUTER-2821
host 10.10.0.2
object network WEBCAM-01
host 192.168.1.5
object network DNS-SERVER
host 192.168.1.2
object network ROUTER-3745
host 10.10.2.2
object network RDP-DC1
host 192.168.1.2
object-group network PAT-SOURCE
network-object 10.10.1.0 255.255.255.252
network-object 10.10.0.0 255.255.255.252
network-object 10.10.2.0 255.255.255.252
network-object 192.168.0.0 255.255.255.0
network-object 172.16.10.0 255.255.255.0
network-object 172.16.20.0 255.255.255.0
network-object 128.162.1.0 255.255.255.0
network-object 128.162.10.0 255.255.255.0
network-object 128.162.20.0 255.255.255.0
object-group network DM_INLINE_NETWORK_2
network-object host 98.22.121.x
object-group network Outside_access_in
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object gre
access-list USERS standard permit 10.10.1.0 255.255.255.0
access-list Outside_access_in extended permit tcp host 98.22.121.x object ROUTER-2811 eq ssh
access-list Outside_access_in extended permit tcp host 98.22.121.x object ROUTER-2821 eq ssh
access-list Outside_access_in extended permit tcp host 98.22.121.x interface Outside eq https
access-list Outside_access_in extended permit tcp host 98.22.121.x object WEBCAM-01 eq www
access-list Outside_access_in extended permit tcp host 98.22.121.x object RDP-DC1 eq 3389
access-list dmz-access-vlan1 extended permit ip 128.162.1.0 255.255.255.0 any
access-list dmz-access remark Permit all traffic to DC1
access-list dmz-access extended permit ip 128.162.1.0 255.255.255.0 host 192.168.1.2
access-list dmz-access remark Permit only DNS traffic to DNS server
access-list dmz-access extended permit udp 128.162.1.0 255.255.255.0 host 192.168.1.2 eq domain
access-list dmz-access remark Permit ICMP to all devices in DC
access-list dmz-access extended permit icmp 128.162.1.0 255.255.255.0 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging buffer-size 4096
logging asdm-buffer-size 100
logging asdm informational
logging flash-minimum-free 3076
logging flash-maximum-allocation 1024
logging rate-limit 1 10 message 747001
logging rate-limit 1 1 message 402116
logging rate-limit 1 10 message 620002
logging rate-limit 1 10 message 717015
logging rate-limit 1 10 message 717018
logging rate-limit 1 10 message 201013
logging rate-limit 1 10 message 201012
logging rate-limit 1 1 message 313009
logging rate-limit 100 1 message 750003
logging rate-limit 100 1 message 750002
logging rate-limit 100 1 message 750004
logging rate-limit 1 10 message 419003
logging rate-limit 1 10 message 405002
logging rate-limit 1 10 message 405003
logging rate-limit 1 10 message 421007
logging rate-limit 1 10 message 405001
logging rate-limit 1 10 message 421001
logging rate-limit 1 10 message 421002
logging rate-limit 1 10 message 337004
logging rate-limit 1 10 message 337005
logging rate-limit 1 10 message 337001
logging rate-limit 1 10 message 337002
logging rate-limit 1 60 message 199020
logging rate-limit 1 10 message 337003
logging rate-limit 2 5 message 199011
logging rate-limit 1 10 message 199010
logging rate-limit 1 10 message 337009
logging rate-limit 2 5 message 199012
logging rate-limit 1 10 message 710002
logging rate-limit 1 10 message 209003
logging rate-limit 1 10 message 209004
logging rate-limit 1 10 message 209005
logging rate-limit 1 10 message 431002
logging rate-limit 1 10 message 431001
logging rate-limit 1 1 message 447001
logging rate-limit 1 10 message 110003
logging rate-limit 1 10 message 110002
logging rate-limit 1 10 message 429007
logging rate-limit 1 10 message 216004
logging rate-limit 1 10 message 450001
flow-export template timeout-rate 30
flow-export active refresh-interval 1
mtu Inside 1500
mtu Outside 1500
mtu management 1500
mtu DMZ 1500
mtu VOIP 1500
icmp unreachable rate-limit 1 burst-size 1
icmp deny any Outside
asdm image disk0:/asdm-715.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
object network ROUTER-2811
nat (Inside,Outside) static interface service tcp ssh 222
object network ROUTER-2821
nat (DMZ,Outside) static interface service tcp ssh 2222
object network WEBCAM-01
nat (Inside,Outside) static interface service tcp www 8080
object network ROUTER-3745
nat (VOIP,Outside) static interface service tcp ssh 2223
object network RDP-DC1
nat (Inside,Outside) static interface service tcp 3389 3389
nat (any,Outside) after-auto source dynamic PAT-SOURCE interface
access-group Outside_access_in in interface Outside
ipv6 dhcprelay timeout 60
router rip
network 10.0.0.0
version 2
no auto-summary
route Outside 0.0.0.0 0.0.0.0 199.195.168.113 1
route Inside 128.162.1.0 255.255.255.0 10.10.0.2 1
route Inside 128.162.10.0 255.255.255.0 10.10.0.2 1
route Inside 128.162.20.0 255.255.255.0 10.10.0.2 1
route Inside 172.16.10.0 255.255.255.0 10.10.1.2 1
route Inside 172.16.20.0 255.255.255.0 10.10.1.2 1
route Inside 192.168.1.0 255.255.255.0 10.10.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
action continue
no cts server-group
no cts sxp enable
no cts sxp default
no cts sxp default source-ip
cts sxp reconciliation period 120
cts sxp retry period 120
user-identity enable
user-identity domain LOCAL
user-identity default-domain LOCAL
user-identity action mac-address-mismatch remove-user-ip
user-identity inactive-user-timer minutes 60
user-identity poll-import-user-group-timer hours 8
user-identity ad-agent active-user-database full-download
user-identity ad-agent hello-timer seconds 30 retry-times 5
no user-identity user-not-found enable
aaa authentication ssh console LOCAL
http server enable 443
http 0.0.0.0 0.0.0.0 Inside
http 98.22.121.x 255.255.255.255 Outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
no snmp-server enable traps syslog
no snmp-server enable traps ipsec start stop
no snmp-server enable traps entity config-change fru-insert fru-remove fan-failure power-supply power-supply-presence cpu-temperature chassis-temperature power-supply-temperature chassis-fan-failure
no snmp-server enable traps memory-threshold
no snmp-server enable traps interface-threshold
no snmp-server enable traps remote-access session-threshold-exceeded
no snmp-server enable traps connection-limit-reached
no snmp-server enable traps cpu threshold rising
no snmp-server enable traps ikev2 start stop
no snmp-server enable traps nat packet-discard
snmp-server enable
snmp-server listen-port 161
fragment size 200 Inside
fragment chain 24 Inside
fragment timeout 5 Inside
no fragment reassembly full Inside
fragment size 200 Outside
fragment chain 24 Outside
fragment timeout 5 Outside
no fragment reassembly full Outside
fragment size 200 management
fragment chain 24 management
fragment timeout 5 management
no fragment reassembly full management
fragment size 200 DMZ
fragment chain 24 DMZ
fragment timeout 5 DMZ
no fragment reassembly full DMZ
fragment size 200 VOIP
fragment chain 24 VOIP
fragment timeout 5 VOIP
no fragment reassembly full VOIP
no sysopt connection timewait
sysopt connection tcpmss 1380
sysopt connection tcpmss minimum 0
sysopt connection permit-vpn
sysopt connection reclassify-vpn
no sysopt connection preserve-vpn-flows
no sysopt radius ignore-secret
no sysopt noproxyarp Inside
no sysopt noproxyarp Outside
no sysopt noproxyarp management
no sysopt noproxyarp DMZ
no sysopt noproxyarp VOIP
service password-recovery
no crypto ipsec ikev2 sa-strength-enforcement
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec security-association replay window-size 64
crypto ipsec security-association pmtu-aging infinite
crypto ipsec fragmentation before-encryption Inside
crypto ipsec fragmentation before-encryption Outside
crypto ipsec fragmentation before-encryption management
crypto ipsec fragmentation before-encryption DMZ
crypto ipsec fragmentation before-encryption VOIP
crypto ipsec df-bit copy-df Inside
crypto ipsec df-bit copy-df Outside
crypto ipsec df-bit copy-df management
crypto ipsec df-bit copy-df DMZ
crypto ipsec df-bit copy-df VOIP
crypto ca trustpool policy
revocation-check none
crl cache-time 60
crl enforcenextupdate
crypto isakmp identity auto
crypto isakmp nat-traversal 20
crypto ikev2 cookie-challenge 50
crypto ikev2 limit max-in-negotiation-sa 100
no crypto ikev2 limit max-sa
crypto ikev2 redirect during-auth
crypto ikev1 limit max-in-negotiation-sa 20
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Inside
ssh 98.22.121.x 255.255.255.255 Outside
ssh timeout 60
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 0
vpn-addr-assign aaa
vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 0
ipv6-vpn-addr-assign aaa
ipv6-vpn-addr-assign local reuse-delay 0
no vpn-sessiondb max-other-vpn-limit
no vpn-sessiondb max-anyconnect-premium-or-essentials-limit
no remote-access threshold
l2tp tunnel hello 60
tls-proxy maximum-session 100
threat-detection rate dos-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate dos-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate bad-packet-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate bad-packet-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate acl-drop rate-interval 600 average-rate 400 burst-rate 800
threat-detection rate acl-drop rate-interval 3600 average-rate 320 burst-rate 640
threat-detection rate conn-limit-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate conn-limit-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate icmp-drop rate-interval 600 average-rate 100 burst-rate 400
threat-detection rate icmp-drop rate-interval 3600 average-rate 80 burst-rate 320
threat-detection rate scanning-threat rate-interval 600 average-rate 5 burst-rate 10
threat-detection rate scanning-threat rate-interval 3600 average-rate 4 burst-rate 8
threat-detection rate syn-attack rate-interval 600 average-rate 100 burst-rate 200
threat-detection rate syn-attack rate-interval 3600 average-rate 80 burst-rate 160
threat-detection rate fw-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate fw-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate inspect-drop rate-interval 600 average-rate 400 burst-rate 1600
threat-detection rate inspect-drop rate-interval 3600 average-rate 320 burst-rate 1280
threat-detection rate interface-drop rate-interval 600 average-rate 2000 burst-rate 8000
threat-detection rate interface-drop rate-interval 3600 average-rate 1600 burst-rate 6400
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 24.56.178.140 source Outside prefer
ssl server-version any
ssl client-version any
ssl encryption rc4-sha1 dhe-aes128-sha1 dhe-aes256-sha1 aes128-sha1 aes256-sha1 3des-sha1
ssl certificate-authentication fca-timeout 2
webvpn
memory-size percent 50
port 443
dtls port 443
character-encoding none
no http-proxy
no https-proxy
default-idle-timeout 1800
portal-access-rule none
no csd enable
no anyconnect enable
no tunnel-group-list enable
no tunnel-group-preference group-url
rewrite order 65535 enable resource-mask *
no internal-password
no onscreen-keyboard
no default-language
no smart-tunnel notification-icon
no keepout
cache
no disable
max-object-size 1000
min-object-size 0
no cache-static-content enable
lmfactor 20
expiry-time 1
no auto-signon
no error-recovery disable
no ssl-server-check
no mus password
mus host mus.cisco.com
no hostscan data-limit
: # show import webvpn customization
: Template
: DfltCustomization
: # show import webvpn url-list
: Template
: # show import webvpn translation-table
: Translation Tables' Templates:
: PortForwarder
: banners
: customization
: url-list
: webvpn
: Translation Tables:
: fr PortForwarder
: fr customization
: fr webvpn
: ja PortForwarder
: ja customization
: ja webvpn
: ru PortForwarder
: ru customization
: ru webvpn
: # show import webvpn mst-translation
: No MS translation tables defined
: # show import webvpn webcontent
: No custom webcontent is loaded
: # show import webvpn AnyConnect-customization
: No OEM resources defined
: # show import webvpn plug-in
group-policy DfltGrpPolicy internal
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-idle-timeout alert-interval 1
vpn-session-timeout none
vpn-session-timeout alert-interval 1
vpn-filter none
ipv6-vpn-filter none
vpn-tunnel-protocol ikev1 ikev2 l2tp-ipsec ssl-clientless
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
ipv6-split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
split-tunnel-all-dns disable
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
client-bypass-protocol disable
gateway-fqdn none
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
msie-proxy pac-url none
msie-proxy lockdown enable
vlan none
nac-settings none
address-pools none
ipv6-address-pools none
smartcard-removal-disconnect enable
scep-forwarding-url none
client-firewall none
client-access-rule none
webvpn
url-list none
filter none
homepage none
html-content-filter none
port-forward name Application Access
port-forward disable
http-proxy disable
sso-server none
anyconnect ssl dtls enable
anyconnect mtu 1406
anyconnect firewall-rule client-interface private none
anyconnect firewall-rule client-interface public none
anyconnect keep-installer installed
anyconnect ssl keepalive 20
anyconnect ssl rekey time none
anyconnect ssl rekey method none
anyconnect dpd-interval client 30
anyconnect dpd-interval gateway 30
anyconnect ssl compression none
anyconnect dtls compression none
anyconnect modules none
anyconnect profiles none
anyconnect ask none
customization none
keep-alive-ignore 4
http-comp gzip
download-max-size 2147483647
upload-max-size 2147483647
post-max-size 2147483647
user-storage none
storage-objects value cookies,credentials
storage-key none
hidden-shares none
smart-tunnel disable
activex-relay enable
unix-auth-uid 65534
unix-auth-gid 65534
file-entry enable
file-browsing enable
url-entry enable
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
smart-tunnel auto-signon disable
anyconnect ssl df-bit-ignore disable
anyconnect routing-filtering-ignore disable
smart-tunnel tunnel-policy tunnelall
always-on-vpn profile-setting
password-policy minimum-length 3
password-policy minimum-changes 0
password-policy minimum-lowercase 0
password-policy minimum-uppercase 0
password-policy minimum-numeric 0
password-policy minimum-special 0
password-policy lifetime 0
no password-policy authenticate-enable
quota management-session 0
tunnel-group DefaultL2LGroup type ipsec-l2l
tunnel-group DefaultL2LGroup general-attributes
no accounting-server-group
default-group-policy DfltGrpPolicy
tunnel-group DefaultL2LGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
isakmp keepalive threshold 10 retry 2
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultRAGroup type remote-access
tunnel-group DefaultRAGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no override-account-disable
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
tunnel-group DefaultRAGroup webvpn-attributes
customization DfltCustomization
authentication aaa
no override-svc-download
no radius-reject-message
no proxy-auth sdi
no pre-fill-username ssl-client
no pre-fill-username clientless
no secondary-pre-fill-username ssl-client
no secondary-pre-fill-username clientless
dns-group DefaultDNS
no without-csd
tunnel-group DefaultRAGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
no ikev1 radius-sdi-xauth
isakmp keepalive threshold 300 retry 2
ikev1 user-authentication xauth
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultRAGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
tunnel-group DefaultWEBVPNGroup type remote-access
tunnel-group DefaultWEBVPNGroup general-attributes
no address-pool
no ipv6-address-pool
authentication-server-group LOCAL
secondary-authentication-server-group none
no accounting-server-group
default-group-policy DfltGrpPolicy
no dhcp-server
no strip-realm
no nat-assigned-to-public-ip
no scep-enrollment enable
no password-management
no override-account-disable
no strip-group
no authorization-required
username-from-certificate CN OU
secondary-username-from-certificate CN OU
authentication-attr-from-server primary
authenticated-session-username primary
tunnel-group DefaultWEBVPNGroup webvpn-attributes
customization DfltCustomization
authentication aaa
no override-svc-download
no radius-reject-message
no proxy-auth sdi
no pre-fill-username ssl-client
no pre-fill-username clientless
no secondary-pre-fill-username ssl-client
no secondary-pre-fill-username clientless
dns-group DefaultDNS
no without-csd
tunnel-group DefaultWEBVPNGroup ipsec-attributes
no ikev1 pre-shared-key
peer-id-validate req
no chain
no ikev1 trust-point
no ikev1 radius-sdi-xauth
isakmp keepalive threshold 300 retry 2
ikev1 user-authentication xauth
no ikev2 remote-authentication
no ikev2 local-authentication
tunnel-group DefaultWEBVPNGroup ppp-attributes
no authentication pap
authentication chap
authentication ms-chap-v1
no authentication ms-chap-v2
no authentication eap-proxy
class-map type inspect http match-all _default_gator
match request header user-agent regex _default_gator
class-map type inspect http match-all _default_msn-messenger
match response header content-type regex _default_msn-messenger
class-map type inspect http match-all _default_yahoo-messenger
match request body regex _default_yahoo-messenger
class-map type inspect http match-all _default_windows-media-player-tunnel
match request header user-agent regex _default_windows-media-player-tunnel
class-map type inspect http match-all _default_gnu-http-tunnel
match request args regex _default_gnu-http-tunnel_arg
match request uri regex _default_gnu-http-tunnel_uri
class-map type inspect http match-all _default_firethru-tunnel
match request header host regex _default_firethru-tunnel_1
match request uri regex _default_firethru-tunnel_2
class-map type inspect http match-all _default_aim-messenger
match request header host regex _default_aim-messenger
class-map type inspect http match-all _default_http-tunnel
match request uri regex _default_http-tunnel
class-map type inspect http match-all _default_kazaa
match response header regex _default_x-kazaa-network count gt 0
class-map type inspect http match-all _default_shoutcast-tunneling-protocol
match request header regex _default_icy-metadata regex _default_shoutcast-tunneling-protocol
class-map class-default
match any
class-map inspection_default
match default-inspection-traffic
class-map type inspect http match-all _default_GoToMyPC-tunnel
match request args regex _default_GoToMyPC-tunnel
match request uri regex _default_GoToMyPC-tunnel_2
class-map type inspect http match-all _default_httport-tunnel
match request header host regex _default_httport-tunnel
policy-map type inspect rtsp _default_rtsp_map
description Default RTSP policymap
parameters
policy-map type inspect ipv6 _default_ipv6_map
description Default IPV6 policy-map
parameters
verify-header type
verify-header order
match header routing-type range 0 255
drop log
policy-map type inspect h323 _default_h323_map
description Default H.323 policymap
parameters
no rtp-conformance
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
no message-length maximum server
dns-guard
protocol-enforcement
nat-rewrite
no id-randomization
no id-mismatch
no tsig enforced
policy-map type inspect esmtp _default_esmtp_map
description Default ESMTP policy-map
parameters
mask-banner
no mail-relay
no special-character
no allow-tls
match cmd line length gt 512
drop-connection log
match cmd RCPT count gt 100
drop-connection log
match body line length gt 998
log
match header line length gt 998
drop-connection log
match sender-address length gt 320
drop-connection log
match MIME filename length gt 255
drop-connection log
match ehlo-reply-parameter others
mask
policy-map type inspect ip-options _default_ip_options_map
description Default IP-OPTIONS policy-map
parameters
router-alert action allow
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225 _default_h323_map
inspect h323 ras _default_h323_map
inspect rsh
inspect rtsp
inspect esmtp _default_esmtp_map
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options _default_ip_options_map
inspect icmp
inspect icmp error
inspect pptp
class class-default
policy-map type inspect sip _default_sip_map
description Default SIP policymap
parameters
im
no ip-address-privacy
traffic-non-sip
no rtp-conformance
policy-map type inspect dns _default_dns_map
description Default DNS policy-map
parameters
no message-length maximum client
no message-leI ran those commands while I had the nat off on the router and here are the results. note, i didn't make any changes to the ASA as you only said to remove the router RIP which I did and reloaded and no change.
As long as the statements ip nat outside on the Fastethernet 0/0 is off and the ip nat inside is off on the vlan and the overload statement is taken out, I cannot hit the internet.
CISCO-2811#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CISCO-2811(config)#int
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/1.3
CISCO-2811(config-subif)#no ip nat inside
CISCO-2811(config-subif)#exit
CISCO-2811(config)#inter
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/0
CISCO-2811(config-if)#no ip nat outside
CISCO-2811(config-if)#exit
CISCO-2811(config)#$nside source list 1 interface FastEthernet0/0 overload
Dynamic mapping in use, do you want to delete all entries? [no]: y
CISCO-2811(config)#exit
CISCO-2811#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.1.1 202 c47d.4f3b.8ea6 ARPA FastEthernet0/0
Internet 10.10.1.2 - 0019.55a7.2ae8 ARPA FastEthernet0/0
Internet 172.16.10.1 - 0019.55a7.2ae9 ARPA FastEthernet0/1.1
Internet 172.16.10.3 238 0011.5c73.28c1 ARPA FastEthernet0/1.1
Internet 172.16.10.50 72 cc2d.8c78.065a ARPA FastEthernet0/1.1
Internet 172.16.20.1 - 0019.55a7.2ae9 ARPA FastEthernet0/1.2
Internet 172.16.20.3 196 0011.5c73.28c2 ARPA FastEthernet0/1.2
Internet 192.168.1.1 - 0019.55a7.2ae9 ARPA FastEthernet0/1.3
Internet 192.168.1.2 0 0024.e864.01a8 ARPA FastEthernet0/1.3
Internet 192.168.1.3 155 0011.5c73.28c0 ARPA FastEthernet0/1.3
Internet 192.168.1.5 61 4802.2a4c.1c74 ARPA FastEthernet0/1.3
Internet 192.168.1.20 0 5cf9.dd52.5fa9 ARPA FastEthernet0/1.3
Internet 192.168.1.50 0 308c.fb47.f2d9 ARPA FastEthernet0/1.3
Internet 192.168.1.51 1 ec35.8677.4057 ARPA FastEthernet0/1.3
Internet 192.168.1.52 1 b418.d136.ef72 ARPA FastEthernet0/1.3
Internet 192.168.1.53 1 8853.9572.e113 ARPA FastEthernet0/1.3
Internet 192.168.1.54 12 0009.b044.9f23 ARPA FastEthernet0/1.3
Internet 192.168.1.55 0 f47b.5e9a.7ae5 ARPA FastEthernet0/1.3
Internet 192.168.1.149 0 001e.4fc5.a199 ARPA FastEthernet0/1.3
Internet 192.168.1.174 0 b8ac.6fff.af83 ARPA FastEthernet0/1.3
CISCO-2811#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.10.1.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.10.1.1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.1.0/30 is directly connected, FastEthernet0/0
L 10.10.1.2/32 is directly connected, FastEthernet0/0
172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C 172.16.10.0/24 is directly connected, FastEthernet0/1.1
L 172.16.10.1/32 is directly connected, FastEthernet0/1.1
C 172.16.20.0/24 is directly connected, FastEthernet0/1.2
L 172.16.20.1/32 is directly connected, FastEthernet0/1.2
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, FastEthernet0/1.3
L 192.168.1.1/32 is directly connected, FastEthernet0/1.3
ASA
ASA5510# sh arp
Inside 10.10.1.2 0019.55a7.2ae8 12342
Outside 199.195.168.113 000c.4243.581a 2
Outside 199.195.168.116 e05f.b947.116b 2436
Outside 199.195.168.120 0017.c58a.1123 9192
DMZ 10.10.0.2 0025.849f.63e0 3192
VOIP 10.10.2.2 000d.bcdc.fc40 7754
ASA5510# sh route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 199.195.168.113 to network 0.0.0.0
S 172.16.20.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
S 172.16.10.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
S 128.162.1.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
S 128.162.10.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
S 128.162.20.0 255.255.255.0 [1/0] via 10.10.0.2, DMZ
C 199.195.168.112 255.255.255.240 is directly connected, Outside
C 10.10.0.0 255.255.255.252 is directly connected, DMZ
C 10.10.1.0 255.255.255.252 is directly connected, Inside
S 192.168.1.0 255.255.255.0 [1/0] via 10.10.1.2, Inside
S* 0.0.0.0 0.0.0.0 [1/0] via 199.195.168.113, Outside
ASA5510# show xlate
35 in use, 784 most used
Flags: D - DNS, e - extended, I - identity, i - dynamic, r - portmap,
s - static, T - twice, N - net-to-net
TCP PAT from DMZ:10.10.0.2 22-22 to Outside:199.195.168.x 2222-2222
flags sr idle 481:54:14 timeout 0:00:00
TCP PAT from Inside:10.10.1.2 22-22 to Outside:199.195.168.x 222-222
flags sr idle 51:06:46 timeout 0:00:00
TCP PAT from VOIP:10.10.2.2 22-22 to Outside:199.195.168.x 2223-2223
flags sr idle 687:32:27 timeout 0:00:00
TCP PAT from Inside:192.168.1.2 3389-3389 to Outside:199.195.168.x 3389-3389
flags sr idle 457:17:01 timeout 0:00:00
TCP PAT from Inside:192.168.1.5 80-80 to Outside:199.195.168.x 8080-8080
flags sr idle 52:18:58 timeout 0:00:00
NAT from Outside:0.0.0.0/0 to any:0.0.0.0/0
flags sIT idle 353:10:21 timeout 0:00:00
UDP PAT from any:10.10.1.2/52581 to Outside:199.195.168.x/52581 flags ri idle 0:00:00 timeout 0:00:30
UDP PAT from any:10.10.1.2/55389 to Outside:199.195.168.x/55389 flags ri idle 0:00:03 timeout 0:00:30
UDP PAT from any:10.10.1.2/51936 to Outside:199.195.168.x/51936 flags ri idle 0:00:04 timeout 0:00:30
UDP PAT from any:10.10.1.2/51345 to Outside:199.195.168.x/51345 flags ri idle 0:00:09 timeout 0:00:30
UDP PAT from any:10.10.1.2/55985 to Outside:199.195.168.x/55985 flags ri idle 0:00:18 timeout 0:00:30
UDP PAT from any:10.10.1.2/49368 to Outside:199.195.168.x/49368 flags ri idle 0:00:22 timeout 0:00:30
UDP PAT from any:10.10.1.2/52441 to Outside:199.195.168.x/52441 flags ri idle 0:00:23 timeout 0:00:30
TCP PAT from any:10.10.1.2/57908 to Outside:199.195.168.x/57908 flags ri idle 0:08:37 timeout 0:00:30
TCP PAT from any:10.10.1.2/57907 to Outside:199.195.168.x/57907 flags ri idle 0:08:37 timeout 0:00:30
TCP PAT from any:10.10.1.2/57906 to Outside:199.195.168.x/57906 flags ri idle 0:08:37 timeout 0:00:30
TCP PAT from any:10.10.1.2/57896 to Outside:199.195.168.x/57896 flags ri idle 0:09:09 timeout 0:00:30
TCP PAT from any:10.10.1.2/57879 to Outside:199.195.168.x/57879 flags ri idle 0:10:23 timeout 0:00:30
TCP PAT from any:10.10.1.2/49441 to Outside:199.195.168.x/49441 flags ri idle 0:20:52 timeout 0:00:30
TCP PAT from any:10.10.1.2/57868 to Outside:199.195.168.x/57868 flags ri idle 0:25:28 timeout 0:00:30
TCP PAT from any:10.10.1.2/60519 to Outside:199.195.168.x/60519 flags ri idle 0:44:11 timeout 0:00:30
TCP PAT from any:10.10.1.2/60491 to Outside:199.195.168.x/60491 flags ri idle 0:44:20 timeout 0:00:30
TCP PAT from any:10.10.1.2/60484 to Outside:199.195.168.x/60484 flags ri idle 0:44:35 timeout 0:00:30
TCP PAT from any:10.10.1.2/60480 to Outside:199.195.168.x/60480 flags ri idle 0:44:51 timeout 0:00:30
TCP PAT from any:10.10.1.2/53851 to Outside:199.195.168.x/53851 flags ri idle 0:54:14 timeout 0:00:30
TCP PAT from any:10.10.1.2/57812 to Outside:199.195.168.x/57812 flags ri idle 0:58:30 timeout 0:00:30
TCP PAT from any:10.10.1.2/57810 to Outside:199.195.168.x/57810 flags ri idle 0:58:32 timeout 0:00:30
TCP PAT from any:10.10.1.2/53847 to Outside:199.195.168.x/53847 flags ri idle 1:00:18 timeout 0:00:30
TCP PAT from any:10.10.1.2/57808 to Outside:199.195.168.x/57808 flags ri idle 1:07:58 timeout 0:00:30
TCP PAT from any:10.10.1.2/60406 to Outside:199.195.168.x/60406 flags ri idle 1:42:13 timeout 0:00:30
TCP PAT from any:10.10.1.2/49259 to Outside:199.195.168.x/49259 flags ri idle 7:39:44 timeout 0:00:30
TCP PAT from any:10.10.1.2/49191 to Outside:199.195.168.x/49191 flags ri idle 7:42:39 timeout 0:00:30
TCP PAT from any:10.10.1.2/55951 to Outside:199.195.168.x/55951 flags ri idle 23:11:40 timeout 0:00:30
TCP PAT from any:10.10.1.2/55944 to Outside:199.195.168.x/55944 flags ri idle 23:15:19 timeout 0:00:30
TCP PAT from any:10.10.1.2/55942 to Outside:199.195.168.x/55942 flags ri idle 23:15:24 timeout 0:00:30
ASA5510# sh conn all
149 in use, 815 most used
TCP Outside 74.125.193.108:993 Inside 10.10.1.2:57879, idle 0:12:37, bytes 6398, flags UIO
TCP Outside 174.35.24.74:80 Inside 192.168.1.20:53879, idle 0:00:01, bytes 0, flags saA
TCP Outside 174.35.24.74:80 Inside 192.168.1.20:53878, idle 0:00:01, bytes 0, flags saA
TCP Outside 17.149.36.177:5223 Inside 10.10.1.2:60480, idle 0:16:53, bytes 4539, flags UIO
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53877, idle 0:00:02, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53876, idle 0:00:02, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53875, idle 0:00:05, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53874, idle 0:00:05, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53872, idle 0:00:11, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53871, idle 0:00:11, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53868, idle 0:00:08, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53867, idle 0:00:08, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53860, idle 0:00:17, bytes 0, flags saA
TCP Outside 98.22.121.19:443 Inside 192.168.1.20:53859, idle 0:00:17, bytes 0, flags saA
TCP Outside 17.172.233.95:5223 Inside 10.10.1.2:49191, idle 0:18:48, bytes 7384, flags UIO
TCP Outside 17.178.100.43:443 Inside 10.10.1.2:57810, idle 0:56:21, bytes 5797, flags UFIO
TCP Outside 23.206.216.93:80 Inside 10.10.1.2:53847, idle 0:54:15, bytes 2683, flags UFIO
TCP Outside 143.127.93.90:80 Inside 10.10.1.2:49259, idle 0:12:20, bytes 13315, flags UIO
TCP Outside 74.125.225.53:443 Inside 192.168.1.20:53864, idle 0:00:11, bytes 0, flags saA
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49204, idle 0:00:04, bytes 67, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:50122, idle 0:00:07, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63275, idle 0:00:08, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63306, idle 0:00:18, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65059, idle 0:00:22, bytes 46, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64681, idle 0:00:30, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64661, idle 0:00:30, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.20:55618, idle 0:00:32, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65056, idle 0:00:33, bytes 48, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:59433, idle 0:00:41, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.20:52178, idle 0:00:42, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:61414, idle 0:00:43, bytes 34, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65438, idle 0:00:44, bytes 44, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63686, idle 0:00:44, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65416, idle 0:00:45, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:53047, idle 0:00:47, bytes 32, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:62213, idle 0:00:46, bytes 74, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:52347, idle 0:00:46, bytes 92, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:58069, idle 0:00:46, bytes 64, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.52:50753, idle 0:00:46, bytes 74, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65381, idle 0:00:50, bytes 50, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65082, idle 0:00:50, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64038, idle 0:00:50, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49309, idle 0:00:51, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64034, idle 0:00:51, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49197, idle 0:00:51, bytes 50, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64728, idle 0:00:51, bytes 49, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64309, idle 0:00:51, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63289, idle 0:00:51, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64174, idle 0:00:52, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:39286, idle 0:01:09, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63726, idle 0:01:09, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65482, idle 0:01:12, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65091, idle 0:01:13, bytes 61, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64976, idle 0:01:13, bytes 57, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63749, idle 0:00:51, bytes 103, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64043, idle 0:01:14, bytes 52, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64267, idle 0:01:24, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:64467, idle 0:01:26, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:65504, idle 0:01:26, bytes 46, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:38946, idle 0:01:35, bytes 33, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63701, idle 0:01:38, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63879, idle 0:01:46, bytes 45, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:58516, idle 0:01:49, bytes 51, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:63227, idle 0:01:51, bytes 62, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.174:65446, idle 0:01:53, bytes 43, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.2:49166, idle 0:01:55, bytes 54, flags -
UDP Outside 199.195.168.4:53 Inside 192.168.1.55:56680, idle 0:02:01, bytes 33, flags -
UDP Outside 192.55.83.30:53 Inside 192.168.1.2:65073, idle 0:00:44, bytes 50, flags -
TCP Outside 74.125.193.109:993 Inside 10.10.1.2:57808, idle 0:39:33, bytes 6392, flags UFIO
TCP Outside 74.125.225.54:443 Inside 192.168.1.20:53863, idle 0:00:13, bytes 0, flags saA
TCP Outside 143.127.93.89:80 Inside 10.10.1.2:60519, idle 0:46:30, bytes 346, flags UO
TCP Outside 74.125.225.32:443 Inside 192.168.1.20:53881, idle 0:00:01, bytes 0, flags saA
TCP Outside 74.125.225.32:443 Inside 192.168.1.20:53880, idle 0:00:01, bytes 0, flags saA
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:60627, idle 0:00:39, bytes 78, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:52088, idle 0:00:39, bytes 86, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:50533, idle 0:00:39, bytes 76, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:63347, idle 0:00:39, bytes 80, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:62213, idle 0:00:40, bytes 37, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:52347, idle 0:00:40, bytes 46, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:58069, idle 0:00:40, bytes 32, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.52:50753, idle 0:00:40, bytes 37, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.174:52254, idle 0:01:09, bytes 43, flags -
UDP Outside 205.171.3.65:53 Inside 192.168.1.174:50791, idle 0:01:25, bytes 35, flags -
TCP Outside 74.125.225.46:443 Inside 192.168.1.20:53870, idle 0:00:08, bytes 0, flags saA
TCP Outside 17.173.255.101:443 Inside 10.10.1.2:53851, idle 0:56:33, bytes 58, flags UfIO
TCP Outside 64.4.23.147:33033 Inside 10.10.1.2:55944, idle 0:44:45, bytes 558164, flags UFIO
TCP Outside 74.125.225.35:443 Inside 192.168.1.20:53869, idle 0:00:09, bytes 0, flags saA
UDP Outside 64.4.23.175:33033 Inside 192.168.1.174:26511, idle 0:01:17, bytes 28, flags -
UDP Outside 192.54.112.30:53 Inside 192.168.1.2:65380, idle 0:00:44, bytes 49, flags -
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57908, idle 0:10:47, bytes 7895, flags UIO
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57907, idle 0:10:49, bytes 20323, flags UIO
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57906, idle 0:10:47, bytes 6539, flags UIO
TCP Outside 74.125.142.108:993 Inside 10.10.1.2:57868, idle 0:27:44, bytes 6395, flags UIO
TCP Outside 91.190.218.59:443 Inside 10.10.1.2:55942, idle 0:41:39, bytes 2727, flags UFIO
TCP Outside 17.172.233.123:5223 Inside 10.10.1.2:49441, idle 0:23:10, bytes 4409, flags UIO
TCP Outside 74.125.225.41:443 Inside 192.168.1.20:53862, idle 0:00:16, bytes 0, flags saA
TCP Outside 74.125.225.41:443 Inside 192.168.1.20:53861, idle 0:00:16, bytes 0, flags saA
TCP Outside 143.127.93.115:80 Inside 10.10.1.2:60406, idle 0:42:59, bytes 970, flags UFIO
TCP Outside 143.127.93.118:80 Inside 10.10.1.2:60484, idle 0:46:54, bytes 328, flags UO
TCP Outside 17.172.233.98:5223 Inside 10.10.1.2:57896, idle 0:11:28, bytes 5081, flags UIO
UDP Outside 111.221.74.16:33033 Inside 192.168.1.174:26511, idle 0:01:18, bytes 31, flags -
TCP Outside 17.149.36.103:5223 Inside 192.168.1.174:60729, idle 0:00:04, bytes 0, flags saA
UDP Outside 192.5.6.30:53 Inside 192.168.1.2:65317, idle 0:00:44, bytes 51, flags -
UDP Outside 192.12.94.30:53 Inside 192.168.1.2:65356, idle 0:00:44, bytes 54, flags -
TCP Outside 17.149.36.180:5223 Inside 10.10.1.2:55951, idle 0:46:08, bytes 14059, flags UFIO
UDP Outside 111.221.74.28:33033 Inside 192.168.1.174:26511, idle 0:01:20, bytes 33, flags -
TCP Outside 63.235.20.160:80 Inside 192.168.1.20:53873, idle 0:00:08, bytes 0, flags saA
TCP Outside 50.19.127.112:443 Inside 192.168.1.50:60678, idle 0:00:00, bytes 0, flags saA
TCP Outside 65.55.122.234:80 Inside 192.168.1.174:60728, idle 0:00:14, bytes 0, flags saA
TCP Outside 65.55.122.234:80 Inside 192.168.1.174:60727, idle 0:00:15, bytes 0, flags saA
TCP Outside 65.55.122.234:80 Inside 192.168.1.174:60726, idle 0:00:15, bytes 0, flags saA
TCP Outside 65.55.122.234:443 Inside 192.168.1.174:2492, idle 0:00:16, bytes 0, flags saA
TCP Outside 65.55.122.234:2492 Inside 192.168.1.174:2492, idle 0:00:16, bytes 0, flags saA
UDP Outside 157.55.56.170:33033 Inside 192.168.1.174:26511, idle 0:01:21, bytes 37, flags -
TCP Outside 74.125.230.207:443 Inside 192.168.1.20:53866, idle 0:00:11, bytes 0, flags saA
TCP Outside 74.125.230.207:443 Inside 192.168.1.20:53865, idle 0:00:11, bytes 0, flags saA
UDP Outside 111.221.74.18:33033 Inside 192.168.1.174:26511, idle 0:01:17, bytes 29, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:55546, idle 0:00:06, bytes 46, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:60277, idle 0:00:06, bytes 46, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:55618, idle 0:00:34, bytes 43, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:60627, idle 0:00:36, bytes 78, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:52088, idle 0:00:36, bytes 86, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:50533, idle 0:00:36, bytes 76, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.52:63347, idle 0:00:36, bytes 80, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:56958, idle 0:01:24, bytes 34, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:51360, idle 0:01:26, bytes 34, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.174:50791, idle 0:01:27, bytes 35, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.20:54134, idle 0:01:46, bytes 34, flags -
UDP Outside 8.8.8.8:53 Inside 192.168.1.174:58516, idle 0:01:50, bytes 51, flags -
TCP Outside 23.207.7.46:80 Inside 192.168.1.55:59350, idle 0:00:02, bytes 0, flags saA
TCP Outside 23.207.7.46:80 Inside 192.168.1.55:59349, idle 0:00:16, bytes 0, flags saA
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:50122, idle 0:00:09, bytes 43, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:48088, idle 0:00:42, bytes 33, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:62213, idle 0:00:45, bytes 74, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:52347, idle 0:00:45, bytes 92, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:58069, idle 0:00:45, bytes 64, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.52:50753, idle 0:00:45, bytes 74, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:61414, idle 0:00:47, bytes 34, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:54481, idle 0:01:08, bytes 33, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:52254, idle 0:01:09, bytes 43, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:40285, idle 0:01:34, bytes 33, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.174:65446, idle 0:01:55, bytes 43, flags -
UDP Outside 205.171.2.65:53 Inside 192.168.1.55:46155, idle 0:02:00, bytes 33, flags -
UDP Outside 66.104.81.70:5070 Inside 192.168.1.174:57609, idle 0:00:11, bytes 46, flags -
UDP Outside 64.4.23.156:33033 Inside 192.168.1.174:26511, idle 0:01:14, bytes 38, flags -
TCP Outside 65.54.167.15:12350 Inside 10.10.1.2:60491, idle 0:11:02, bytes 1405, flags UIO
TCP Outside 17.172.192.35:443 Inside 10.10.1.2:57812, idle 0:56:11, bytes 6116, flags UFIO
UDP Outside 157.55.56.176:33033 Inside 192.168.1.174:26511, idle 0:01:16, bytes 32, flags -
TCP Inside 192.168.1.20:53667 NP Identity Ifc 10.10.1.1:22, idle 0:00:00, bytes 37555, flags UOB
TCP Inside 10.10.1.2:53431 NP Identity Ifc 10.10.1.1:22, idle 0:09:03, bytes 20739, flags UOB
Ran on the ASA while overload statements were down on the router:
ASA5510# packet-tracer input Inside tcp 192.168.1.100 12345 8.8.8.8 80
Phase: 1
Type: ROUTE-LOOKUP
Subtype: input
Result: ALLOW
Config:
Additional Information:
in 0.0.0.0 0.0.0.0 Outside
Phase: 2
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 3
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 4
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Phase: 5
Type: IP-OPTIONS
Subtype:
Result: ALLOW
Config:
Additional Information:
Phase: 6
Type: FLOW-CREATION
Subtype:
Result: ALLOW
Config:
Additional Information:
New flow created with id 1988699, packet dispatched to next module
Result:
input-interface: Inside
input-status: up
input-line-status: up
output-interface: Outside
output-status: up
output-line-status: up
Action: allow
Had to put these back in to get to the internet:
CISCO-2811#conf t
Enter configuration commands, one per line. End with CNTL/Z.
CISCO-2811(config)#inter
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/0
CISCO-2811(config-if)#ip nat
CISCO-2811(config-if)#ip nat Outside
CISCO-2811(config-if)#exit
CISCO-2811(config)#in
CISCO-2811(config)#interface f
CISCO-2811(config)#interface fastEthernet 0/1.3
CISCO-2811(config-subif)#ip nat inside
CISCO-2811(config-subif)#exit
CISCO-2811(config)#$de source list 1 interface FastEthernet0/0 overload
CISCO-2811(config)#
Screenshot of ASDM: -
Joining Windows client to Leopard PDC domain
Leopard Server 10.5.2 providing OD, AD PDC, DHCP, DNS, AFP, SMB all on and "running"
XServe Intel
Mainly Windows XP clients but also some OS X clients
I am trying to set up a Leopard server to host a domain on our internal company LAN. I have followed the tutorials in "Mac OS X Server Essentials 10.5" and also referred to the "Open Directory Admin Guide" as well as the "Network Services Admin Guide" and am stuck in a few places.
One issue I am having is trying to join an XP client to the domain so that I can use account login and home folder access which is on the Leopard server. My 10.5 client machine can login and access the home folder fine but when I try to join the XP machine I get the following error on the PC:
"A domain controller for the domain mycompany.com could not be contacted. Ensure that the domain name is typed correctly."
I then click on Details and get the following:
"The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain mycompany.com:
The error was "DNS name does not exist."
(error code 0x0000232B RCODENAMEERROR)
The query was for the SRV record for ldap._tcp.dc.msdcs.mycompany.com"
DHCP seems to be handing out IP addresses fine but does not hand out LDAP info. e.g. My Leopard client cannot get the LDAP via DHCP even though this is configured (according to the "Essentials" book) in the Directory Utility, it will only see the Domain controller/LDAP if I manually enter the info into it's Directory Utility. I'm wondering if this has something to do with PC not finding the domain?
What concerns me is the lack of configuration in DNS - so far I have only set up a primary zone for the domain mycompany.com with the correct primary zone name: mycompany.com. and nameserver: xserve1.mycompany.com. as well as a machine record within the zone for the server, machine name: xserve1 and IP address: 192.168.0.1 (the relevant reverse info is ok)
I have seen some discussions online that indicate I need to enter more DNS info e.g. an LDAP service record etc. but there is no mention of this in the Directory admin manual under setting up a PDC. Is this true and if so can anyone advise me as to how to enter these in Server Admin?
I am a complete beginner to server admin and command line tools but would really appreciate any help in the matter!
ThanksHi Leif - thanks for the reply,
Maybe "broadcasting" in terms of the DHCP response was the wrong word for me to use but I see what you are saying...
I have tried this Terminal command and got the following but can't see any reference to NetBIOS/WINS server address, just the scope and node info I currently have set. The WINS/SMB server is on the same xserve unit (192.168.0.1) and have tried joining with no scope and node settings as well as node type=H.)
ipconfig getpacket en0
op = BOOTREPLY
htype = 1
flags = 0
hlen = 6
hops = 0
xid = 1499456152
secs = 0
ciaddr = 0.0.0.0
yiaddr = 192.168.0.33
siaddr = 192.168.0.1
giaddr = 0.0.0.0
chaddr = 0:17:f2:31:65:4a
sname = xserve1.MYCOMPANY.com
file =
options:
Options count is 12
dhcpmessagetype (uint8): ACK 0x5
server_identifier (ip): 192.168.0.1
lease_time (uint32): 0x14e20
subnet_mask (ip): 255.255.255.0
router (ip_mult): {192.168.0.1}
domainnameserver (ip_mult): {192.168.0.1}
domain_name (string): MYCOMPANY.com
domain_search (dns_namelist): {MYCOMPANY.com}
ldap_url (string): ldap://xserve1.MYCOMPANY.com/dc=xserve1,dc=MYCOMPANY,dc=com
nbover_tcpip_nodetype (uint8): 0x8
nbover_tcpipscope (string): MYCOMPANY
end (none):
I used Wireshark on the PC client machine and got the following. Note that the DHCP Offer packet contains no option 44 (which AFAIK is what identifies the WINS server to clients) so the DHCP is not sending the address out.
No. Time Source Destination Protocol Info
3 2.996281 192.168.0.1 192.168.0.31 DHCP DHCP Offer - Transaction ID 0x2a7dee67
Frame 3 (342 bytes on wire, 342 bytes captured)
Ethernet II, Src: Apple_f2:03:08 (00:1e:52:f2:03:08), Dst: Micro-St_ff:86:a2 (00:10:dc:ff:86:a2)
Internet Protocol, Src: 192.168.0.1 (192.168.0.1), Dst: 192.168.0.31 (192.168.0.31)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x2a7dee67
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
Client IP address: 0.0.0.0 (0.0.0.0)
Your (client) IP address: 192.168.0.31 (192.168.0.31)
Next server IP address: 192.168.0.1 (192.168.0.1)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: Micro-St_ff:86:a2 (00:10:dc:ff:86:a2)
Server host name: xserve1.MYCOMPANY.com
Boot file name not given
Magic cookie: (OK)
Option: (t=53,l=1) DHCP Message Type = DHCP Offer
Option: (53) DHCP Message Type
Length: 1
Value: 02
Option: (t=54,l=4) Server Identifier = 192.168.0.1
Option: (54) Server Identifier
Length: 4
Value: C0A80001
Option: (t=51,l=4) IP Address Lease Time = 59 minutes, 24 seconds
Option: (51) IP Address Lease Time
Length: 4
Value: 00000DEC
Option: (t=1,l=4) Subnet Mask = 255.255.255.0
Option: (1) Subnet Mask
Length: 4
Value: FFFFFF00
Option: (t=15,l=13) Domain Name = "MYCOMPANY.com"
Option: (15) Domain Name
Length: 13
Value: 64656C616E656C65612E636F6D
Option: (t=3,l=4) Router = 192.168.0.1
Option: (3) Router
Length: 4
Value: C0A80001
Option: (t=6,l=4) Domain Name Server = 192.168.0.1
Option: (6) Domain Name Server
Length: 4
Value: C0A80001
Option: (t=46,l=1) NetBIOS over TCP/IP Node Type = B-node
Option: (46) NetBIOS over TCP/IP Node Type
Length: 1
Value: 01
End Option
Padding
I also looked at what happens at the point when I try to join the PC to the domain with and without the WINS server IP address manually entered on the PC's network settings:
Manual WINS setting communications:
2 17.727677 192.168.0.31 192.168.0.1 DNS Standard query SRV ldap._tcp.dc.msdcs.MYCOMPANY.com
Domain Name System (query)
3 17.728106 192.168.0.1 192.168.0.31 DNS Standard query response, No such name
Domain Name System (response)
4 17.733483 192.168.0.31 192.168.0.1 NBNS Name query NB MYCOMPANY.COM<1c>
NetBIOS Name Service
5 17.733833 192.168.0.1 192.168.0.31 NBNS Name query response NB 192.168.0.1
NetBIOS Name Service
DHCP-reliant WINS configuration communications:
1 0.000000 192.168.0.31 192.168.0.1 DNS Standard query SRV ldap._tcp.dc.msdcs.MYCOMPANY.com
Domain Name System (query)
2 0.000396 192.168.0.1 192.168.0.31 DNS Standard query response, No such name
Domain Name System (response)
3 0.000729 192.168.0.31 192.168.0.255 NBNS Name query NB MYCOMPANY.COM<1c>
NetBIOS Name Service
4 0.740454 192.168.0.31 192.168.0.255 NBNS Name query NB MYCOMPANY.COM<1c>
NetBIOS Name Service
5 1.490399 192.168.0.31 192.168.0.255 NBNS Name query NB MYCOMPANY.COM<1c>
NetBIOS Name Service
If anyone has any ideas...
Thanks
Maybe you are looking for
-
Editing objects in a group or several at a time
hi is there any way of changing the fill colour of a shape if it is grouped with other shapes? is there any way of changing the fill colour of several shapes at the same time without using the default attributes route ( I need to have 2 colours in mh
-
How can i fix my home screen button?
my ipod hoem screen is stuck, are there anyways to fix it at home or do i need to send it off somewhere? I've dropped once or twice but it was a while ago so i dont think that it would be the cause of it.
-
Hello - trying printing for the first time. Question - how do I designate a page break? I will be printing out a number of data grids (each 3 rows high) - and after printing 6, i want to create start a new page. How do I do that? Thanks Chris
-
Desktop widget developer urgently needed - Oslo, Norway
Oslo-based digital media agency Confetti (www.confetti.no) is urgently looking for help to build a simple integrated desktop/web widget for a client (a publisher who wishes to distribute a widget based on the search page and news feed of their flagsh
-
Can you give me a recommendation?
I am still setting up my system, but I am considering using Tomcat 4.0.4 as a server, forte as an IDE and MySql. What is the standard for a development server and IDE?