RV320 with NAT source from multiple subnets
Hello,
I want to buy a router that will do NAT for multiple subnets, such as in the following configuration from Cisco IOS:
interface FastEthernet0/0
ip address 172.16.1.1/12
ip nat inside
interface FastEthernet0/1
ip address a.b.c.d/29
ip nat outside
ip nat pool dsl-pool a.b.c.e a.b.c.f prefix-length 29
ip nat inside source list 20 pool dsl-pool overload
access-list 20 permit 172.16.1.64 0.0.0.63
access-list 20 permit 172.16.21.0 0.0.0.255
It is possible on Cisco RV320 device?
Regars.
Krzysztof
Hi,
This should be no problem. It should work as you have thought.
I tested the configurations on my own ASA
object-group network REGIONAL-SOURCE
network-object 10.1.1.0 255.255.255.0
network-object 10.1.2.0 255.255.255.0
network-object 10.1.3.0 255.255.255.0
object-group network REGIONAL-NAT
network-object 10.1.201.0 255.255.255.0
network-object 10.1.202.0 255.255.255.0
network-object 10.1.203.0 255.255.255.0
nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
Here at the results of the "packet-tracer" to show the translations
ASA(config)# packet-tracer input LAN tcp 10.1.1.100 12345 7.7.7.7 80
Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
Additional Information:
Static translate 10.1.1.100/12345 to 10.1.201.100/12345
ASA(config)# packet-tracer input LAN tcp 10.1.2.100 12345 7.7.7.7 80
Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
Additional Information:
Static translate 10.1.2.100/12345 to 10.1.202.100/12345
ASA(config)# packet-tracer input LAN tcp 10.1.3.100 12345 7.7.7.7 80
Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
Additional Information:
Static translate 10.1.3.100/12345 to 10.1.203.100/12345
As you can see, everything is fine
Naturally take into consideration the fact that if you were to (for some reason) remove a "network-object" statement from some "object-group" then the operation of the "nat" would change even if you entered the removed "network-object" back. (unless you removed the last "network-object" inside the "object-group") This is because the order of the "network-object" inside the "object-group" would change. You would essentially have to recreate the "object-group" and "nat" configuration.
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed
- Jouni
Similar Messages
-
NAT 8.6 multiple subnets in a single static NAT
Hello all, I have this question, probably pretty an easy to answer, but unfortunately I can't test it myself in a production environment right now.
Do you know if is possible to have in ASA 8.6 a Static NAT rule with multiple subnets in both object groups. I currently have one to one subnet translation, but I need to add another two subnets.
Today's configuration is this
*** FROM ONE SUBNET TO ANOTHER ***
object-group network REGIONAL-SOURCE
network-object 10.1.1.0 255.255.255.0
object-group network REGIONAL-NAT
network-object 10.1.201.0 255.255.255.0
nat (Outside,Inside) after-auto source static REGIONAL-SOURCE REGIONAL-NAT dns
What I need to accomplish is add two new subnets, but I want to see if is possible to do it using the same NAT rule, just adding the new 2 subnets.
10.1.2.0/24 natted to 10.1.202.0 255.255.255.0
10.1.3.0/24 natted to 10.1.203.0 255.255.255.0
*** TWO MORE SUBNETS ARE NEEDED ***
object-group network REGIONAL-SOURCE
network-object 10.1.2.0 255.255.255.0
network-object 10.1.3.0 255.255.255.0
object-group network REGIONAL-NAT
network-object 10.1.202.0 255.255.255.0
network-object 10.1.203.0 255.255.255.0
If this is not possible I understand separate objects should be created with individual nat, I appreciate your comments and help.Hi,
This should be no problem. It should work as you have thought.
I tested the configurations on my own ASA
object-group network REGIONAL-SOURCE
network-object 10.1.1.0 255.255.255.0
network-object 10.1.2.0 255.255.255.0
network-object 10.1.3.0 255.255.255.0
object-group network REGIONAL-NAT
network-object 10.1.201.0 255.255.255.0
network-object 10.1.202.0 255.255.255.0
network-object 10.1.203.0 255.255.255.0
nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
Here at the results of the "packet-tracer" to show the translations
ASA(config)# packet-tracer input LAN tcp 10.1.1.100 12345 7.7.7.7 80
Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
Additional Information:
Static translate 10.1.1.100/12345 to 10.1.201.100/12345
ASA(config)# packet-tracer input LAN tcp 10.1.2.100 12345 7.7.7.7 80
Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
Additional Information:
Static translate 10.1.2.100/12345 to 10.1.202.100/12345
ASA(config)# packet-tracer input LAN tcp 10.1.3.100 12345 7.7.7.7 80
Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (LAN,WAN) source static REGIONAL-SOURCE REGIONAL-NAT
Additional Information:
Static translate 10.1.3.100/12345 to 10.1.203.100/12345
As you can see, everything is fine
Naturally take into consideration the fact that if you were to (for some reason) remove a "network-object" statement from some "object-group" then the operation of the "nat" would change even if you entered the removed "network-object" back. (unless you removed the last "network-object" inside the "object-group") This is because the order of the "network-object" inside the "object-group" would change. You would essentially have to recreate the "object-group" and "nat" configuration.
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed
- Jouni -
Help With split tunneling and multiple subnets behind asa
Hello All,
our vpn clients can no longer access internet while connected to vpn.
I was hoping I could get an answer on here for an issue we are having. let me explain this with as little words as possible.
here was old network layout:
ASA
192.168.1.1 ----> the rest of the internal subnet (was only subnet in network)
now
ASA 3560
192.168.254.1/24 ----->192.168.254.2/24-->192.168.1.1/24
192.168.2.1/24
so what we did was route from 3560 to asa so we would be able to have multiple subnets since our asa has base license.
Our vpn with easy connect worked with our split tunneling before and now we made the change above and it no longer works. Can someone help me out as to why it no longer works and what changed need to be made to make it work.
Thank you.
ciscoasa# sh run
: Saved
ASA Version 8.2(2)
hostname ciscoasa
enable password 1N7bTm05RXLnBcUc encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.254.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address x.x.x.x 255.255.255.248
interface Ethernet0/0
switchport access vlan 2
ftp mode passive
clock timezone est -5
same-security-traffic permit intra-interface
access-list NoNat extended permit ip any 172.16.5.0 255.255.255.0
access-list SplitTunnel standard permit 192.168.1.0 255.255.255.0
access-list SplitTunnel standard permit 192.168.2.0 255.255.255.0
access-list SplitTunnel standard permit 192.168.254.0 255.255.255.0
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNPool 172.16.5.1-172.16.5.254 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NoNat
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside 192.168.1.0 255.255.255.0 192.168.254.2 1
route inside 192.168.2.0 255.255.255.0 192.168.254.2 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TransformSet1 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map DynamicMap1 1 set transform-set TransformSet1
crypto map MainMap 999 ipsec-isakmp dynamic DynamicMap1
crypto map MainMap interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet 0.0.0.0 0.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ntp server 64.90.182.55 source outside
webvpn
enable outside
svc image disk0:/anyconnect-dart-win-2.5.0217-k9.pkg 1
svc enable
tunnel-group-list enable
group-policy RenotreUsers internal
group-policy RemoteUsers internal
group-policy RemoteUsers attributes
vpn-tunnel-protocol svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SplitTunnel
tunnel-group RemoteUsers type remote-access
tunnel-group RemoteUsers general-attributes
address-pool VPNPool
default-group-policy RemoteUsers
tunnel-group RemoteUsers webvpn-attributes
group-alias Southeast-Security-VPN enable
tunnel-group RemoteUsers ipsec-attributes
pre-shared-key *****I think it could be your NAT statement. You should try an avoid using any unless you tunnel everything. Try making this change
no access-list NoNat extended permit ip any 172.16.5.0 255.255.255.0
object-group network INTERNAL_NETWORKS
description Internal Networks
network-object 192.168.1.0 255.255.255.0
network-object 192.168.2.0 255.255.255.0
network-object 192.168.254.0 255.255.255.0
access-list NoNat extended permit ip object-group INTERNAL_NETWORKS 172.16.5.0 255.255.255.0
You may have to re-add your NAT0
nat (inside) 0 access-list NoNat -
Material sourced from multiple plants
Hi all
I have a Plant A which sources material from Plant B, Plant C, and Plant D. We use STOs to transfer material from Plant B,C,D to Plant A. If I use a Special procurement key then I can only define one of the source plants. What is the solution for this?
Will Quota arrangement work?
thanks a lotJohn,
Special procurement key is mainly useful for planning. It does not prevent you from sourcing from another plant, it only sets that one plant will be defaulted as a source.
So, you can set up STOs from all three plants. Set your SPK for the 'most likely' plant. If a planner wishes to override the MRP created Purchase reqs, he can do so by manually entering a new source plant in the Purchase req.
Now, if your intention is to have MRP automatically source from all three plants, according to some fixed ratio, then remove the SPK from the Material Master, and create Purchase Info Records for all three source plant vendors. Then, enter these Purchase info records into a quota arrangement, according to the ratios you wish to procure by.
Best Regards,
DB49 -
Sourcing from multiple supplier
Hello Guru,
We have one material that needs to be sourced from two suppliers. One in US and other is in Canada. Is there a way to order from these two different suppliers on a rotational basis? Is there a way to order from the US supplier every 3rd or 4th order and other times from Canada? If there is way, can you please give me the details steps to configure this. Can quota arrangement be used for this? Thanks so much.Hi
Yes you can use quota arrangement for this.
Quota Arrangement
regards
Eduardo -
Will iTunes Match work with songs purchased from multiple Apple IDs?
My parents have an iTunes library with about 10,000 songs on it. It's basically one big mesh of my family's purchases from over the years, using multiple Apple ID's and some of which I don't even recognize and/or remember. It's become very problematic now that my mother wants me to get a lot of the music "out of the guts of the computer" so she can listen to them on her iPhone and iPad.
I'm assuming iTunes Match is the solution, but I just want to be sure that the "match" part pertains not only to purchases from outside sources, but also purchases from other Apple ID's as well. I won't have to do the whole "authorize this computer" stuff, right? Like I said, some of the songs were purchased using old ID's that we don't have access to anymore. Also, if I sign up my mom for an iTunes Match account, and she wants to play songs that I purchased using my own Apple ID, that's not going to change *my* account or authorizations in any way, is it?Hi Rubberbucket,
The music information for iTunes Match is obtained from the user's iTunes music library and does not depend on the Apple ID under which the music was purchased from the iTunes Store. See this article -
Subscribe to iTunes Match - Apple Support
Thanks for using Apple Support Communities.
Best,
Brett L -
How to autopopulate a text field with unique data from multiple data sets
Hi,
I'm a laboratory manager in charge of a hospital project which will be using pdf forms to send and receive data from our end users across the city. I need help with the last part of our pdf form, specifically with a js that will do a bit of text-field autopopulation magic. This, unfortunately, is a beyond what I have taught myself about pdf js functionality.a
The problem:
I need to provide my end users with a text field containing a set of data [A, B, C, D, E, F ...] and the total items in this set [tot#]. The end user needs this information as part of the implementation of this particular laboratory machine.
The particulars
When the end user asks for an experiment to be run, we must specify some pieces of data to help them interpret the results. These are constructed as panels which contain discrete data elements.
For example - One experiment may use two panels, Panel#1 and Panel #2. Panel #1 includes the items A, B, D, E, Panel #2 includes the items A, B, C, F, G.
Thus, the panels may share some of the same items, but, I only want the unique members to be displayed in the text field. If I make a drop down box or checkboxes with the panels, I want to be able to select the panels that we ran and (in this example) have the text field display only the unique items among all the panels that were used:
textfield outpute = A, B, C, D, E, F, G - 7 total.
Any assistance from the pdf community would be very much appreciated.
Thanks!Thanks for that help.
I should have made it more apparent that I'm very new to scripting and I'm
not a programmer by trade. I have a few questions before modifying the code
you kindly provided.
1) Where should I embed this script? Within the 'selection change' area of
my listbox?
2) Can I replace the term 'arr' with the names of the various items in my
listbox or should I put 'arr#' as the output value for each term?
3) Will this script find and display the unique values when a user selects
multiple items in my listbox?
4) How does the script know where to output the unique members of the
combined set?
I appreciate your patience with me.
ck -
Replication of a data source from multiple logical systems
Hi experts,
In our ERP wie run many different clients with correspondong logical systems. When I'm changing a data source in ERP, then I have to replicate this datasource for each single logical system.
My question :
Is there a way to replicate a data source for all logical systems belonging to an infos source at once ?
We are on BW 3.5 SP19.
Thanks in advance
Joejust another attempt
-
Help with NAT going from 5520 8.2 to new 5512 9.1
I have a bunch is NAT rules I have to convert for ASA 5520 version 8.2(5) upgrading to ASA5512 version 9.1(1)
I have taken a few lines of config and put them here. If someone can show me the before and after that would help me greatly. I will use that to convert all the others and also make documentation for me going forward. I have read some good papers on this but I need to make sure I get this right.
Below are some of the many NAT configurations on the current ASA 5520 version 8.2(5) NAT configs I am looking to convert.
Thanks,
Mike
global (external) 101 interface
global (external) 1 172.20.1.1 netmask 255.0.0.0
nat (internal) 0 access-list internal_nat0_outbound
nat (internal) 101 access-list internal_nat_outbound
nat (internal) 1 access-list internal_nat_outbound_1
nat (internal) 101 0.0.0.0 0.0.0.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 10.10.11.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.2.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.10.0 255.255.255.0
access-list internal_nat_outbound extended permit tcp host 10.10.0.150 range 3230 3243 any range 3230 3243
access-list internal_nat_outbound extended permit udp host 10.10.0.150 range 3230 3285 any range 3230 3285
access-list internal_nat_outbound_1 extended permit ip 10.10.0.0 255.255.0.0 172.30.52.112 255.255.255.240
static (internal,external) tcp interface pptp 10.10.0.50 pptp netmask 255.255.255.255
static (internal,external) udp interface 1723 10.10.0.50 1723 netmask 255.255.255.255
static (internal,external) udp interface 1812 10.10.0.50 1812 netmask 255.255.255.255
static (internal,external) udp interface 1813 10.10.0.50 1813 netmask 255.255.255.255
static (internal,external) tcp interface www 10.10.0.100 www netmask 255.255.255.255
static (internal,internal) 10.20.0.0 10.20.0.0 netmask 255.255.255.0
static (internal,internal) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
static (internal,internal) 192.168.11.0 192.168.11.0 netmask 255.255.255.0
static (internal,external) 172.20.1.2 access-list internal_nat_static
static (internal,external) 172.20.1.3 access-list internal_nat_static_1
access-list internal_nat_static extended permit ip host 10.10.0.48 172.30.52.112 255.255.255.240
access-list internal_nat_static_1 extended permit ip host 10.10.0.49 172.30.52.112 255.255.255.240
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq ldap
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq smtp
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq imap4
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq pop3
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq https
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq www
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq pptp
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq h323
access-list NATed_Ports extended permit tcp any host 50.0.0.1 range 3230 3243
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq citrix-ica
access-list NATed_Ports extended permit udp any host 50.0.0.1 eq 1723
access-list NATed_Ports extended permit udp any host 50.0.0.1 eq 1812
access-list NATed_Ports extended permit udp any host 50.0.0.1 eq 1813
access-list NATed_Ports extended permit udp any host 50.0.0.1 eq radius
access-list NATed_Ports extended permit udp any host 50.0.0.1 eq radius-acct
access-list NATed_Ports extended permit udp any host 50.0.0.1 range 3230 3285
access-list NATed_Ports extended permit gre any host 50.0.0.1
access-list NATed_Ports extended permit ah any host 50.0.0.1
access-list NATed_Ports extended deny tcp any any eq ftp-data
access-list NATed_Ports extended deny tcp any any eq ftp
access-list NATed_Ports extended deny tcp any any eq smtp
access-list NATed_Ports extended deny tcp any any eq 3389
access-group NATed_Ports in interface externalJouni,
Thanks again for your help and I think I am getting this. Here is the NAT config in the order that it currently is in the ASA. I omitted the other config and only left in the NAT stuff. Please let me know if that changes anything?
Also what should I correct or take out and why?
Here is the NAT config....
Outside interface is 50.0.0.1
Inside interface is 10.10.0.1
There are many site to site VPN connections - 192.168.X.X
____Config Omitted________
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 10.10.11.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 10.30.0.0 255.255.0.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 10.20.0.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 10.40.0.0 255.255.0.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.2.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.10.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.11.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.30.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.31.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.32.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.33.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.34.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.35.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.70.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.71.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.72.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.73.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.74.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.75.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.76.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.77.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.78.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.79.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.80.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.81.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.82.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.83.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.84.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.85.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.86.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.87.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.88.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.89.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.90.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.91.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.92.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.93.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.94.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.95.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.97.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.98.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.99.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.101.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.110.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.130.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.132.0 255.255.255.0
access-list internal_nat0_outbound extended permit ip 10.10.0.0 255.255.0.0 192.168.134.0 255.255.255.0
______ Config Omitted ____________
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq ldap
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq smtp
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq imap4
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq pop3
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq https
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq www
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq pptp
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq h323
access-list NATed_Ports extended permit tcp any host 50.0.0.1 range 3230 3243
access-list NATed_Ports extended permit tcp any host 50.0.0.1 eq citrix-ica
access-list NATed_Ports extended permit udp any host 50.0.0.1 eq 1723
access-list NATed_Ports extended permit udp any host 50.0.0.1 eq 1812
access-list NATed_Ports extended permit udp any host 50.0.0.1 eq 1813
access-list NATed_Ports extended permit udp any host 50.0.0.1 eq radius
access-list NATed_Ports extended permit udp any host 50.0.0.1 eq radius-acct
access-list NATed_Ports extended permit udp any host 50.0.0.1 range 3230 3285
access-list NATed_Ports extended permit gre any host 50.0.0.1
access-list NATed_Ports extended permit ah any host 50.0.0.1
access-list NATed_Ports extended deny tcp any any eq ftp-data
access-list NATed_Ports extended deny tcp any any eq ftp
access-list NATed_Ports extended deny tcp any any eq smtp
access-list NATed_Ports extended deny tcp any any eq 3389
______ Config Omitted ____________
access-list internal_nat_outbound extended permit tcp host 10.10.0.150 range 3230 3243 any range 3230 3243
access-list internal_nat_outbound extended permit udp host 10.10.0.150 range 3230 3285 any range 3230 3285
______ Config Omitted ____________
access-list internal_nat_outbound_1 extended permit ip 10.10.0.0 255.255.0.0 172.30.52.112 255.255.255.240
access-list internal_nat_static extended permit ip host 10.10.0.48 172.30.52.112 255.255.255.240
access-list internal_nat_static_1 extended permit ip host 10.10.0.49 172.30.52.112 255.255.255.240
______ Config Omitted ____________
global (external) 101 interface
global (external) 1 172.20.1.1 netmask 255.0.0.0
nat (internal) 0 access-list internal_nat0_outbound
nat (internal) 101 access-list internal_nat_outbound
nat (internal) 1 access-list internal_nat_outbound_1
nat (internal) 101 0.0.0.0 0.0.0.0
static (internal,external) tcp interface pptp 10.10.0.50 pptp netmask 255.255.255.255
static (internal,external) udp interface 1723 10.10.0.50 1723 netmask 255.255.255.255
static (internal,external) udp interface 1812 10.10.0.50 1812 netmask 255.255.255.255
static (internal,external) udp interface 1813 10.10.0.50 1813 netmask 255.255.255.255
static (internal,external) tcp interface www 10.10.0.100 www netmask 255.255.255.255
static (internal,external) tcp interface imap4 10.10.0.100 imap4 netmask 255.255.255.255
static (internal,external) tcp interface ldap 10.10.0.100 ldap netmask 255.255.255.255
static (internal,external) tcp interface pop3 10.10.0.100 pop3 netmask 255.255.255.255
static (internal,external) tcp interface https 10.10.0.100 https netmask 255.255.255.255
static (internal,external) tcp interface smtp 10.10.0.48 smtp netmask 255.255.255.255
static (internal,external) tcp interface h323 10.10.0.150 h323 netmask 255.255.255.255
static (internal,external) tcp interface ftp 10.10.2.64 ftp netmask 255.255.255.255
static (internal,external) tcp interface ftp-data 10.10.2.64 ftp-data netmask 255.255.255.255
static (internal,internal) 10.20.0.0 10.20.0.0 netmask 255.255.255.0
static (internal,internal) 10.30.0.0 10.30.0.0 netmask 255.255.0.0
static (internal,internal) 10.40.0.0 10.40.0.0 netmask 255.255.0.0
static (internal,internal) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
static (internal,internal) 192.168.11.0 192.168.11.0 netmask 255.255.255.0
static (internal,internal) 192.168.30.0 192.168.30.0 netmask 255.255.255.0
static (internal,internal) 192.168.31.0 192.168.31.0 netmask 255.255.255.0
static (internal,internal) 192.168.32.0 192.168.32.0 netmask 255.255.255.0
static (internal,internal) 192.168.33.0 192.168.33.0 netmask 255.255.255.0
static (internal,internal) 192.168.34.0 192.168.34.0 netmask 255.255.255.0
static (internal,internal) 192.168.35.0 192.168.35.0 netmask 255.255.255.0
static (internal,internal) 192.168.110.0 192.168.110.0 netmask 255.255.255.0
static (internal,internal) 192.168.130.0 192.168.130.0 netmask 255.255.255.0
static (internal,internal) 192.168.132.0 192.168.132.0 netmask 255.255.255.0
static (internal,internal) 192.168.134.0 192.168.134.0 netmask 255.255.255.0
static (internal,external) 172.20.1.2 access-list internal_nat_static
static (internal,external) 172.20.1.3 access-list internal_nat_static_1
access-group NATed_Ports in interface external
access-group internal_access_in in interface internal
______ Config Omitted ____________ -
How to creat Data source from Multiple Tables in SAP BI ?
Hi Experts,
1. For Finance & Payments MIS tables are u2013 BSEG, BSIS,BSAS,PYAR ,BKPF
2. For Inventory tables are : MSEG MKPF.
3. For Invoices MIS tables are - RBKP & RSEG.
4. For Taxation MIS tables are u2013 J_1IEXCHDR, J_1IEXCDTL, J_1IPART2, J_1IPART1
5. For Master data tables are - : MARA, MAKT, LFA1, J_1IMTCHID
How to creat individual Datasource for 1.Finance & Payemnt Mis , 2. Inventory, 3. Invoices, 4. Taxation , 5. Mater data. ?Hi,
Go for the generic data sources.
1. first create the view on all the tables.
You can only use join conditions but not Union.
you can specify one table as primary table based on your requirement.
2. build the data source based on the view.
Regards,
Siva
Edited by: sivaramakrishna on Feb 2, 2012 3:54 PM -
RV320: Need to use as gateway for multiple subnets
We just purchased an RV320 as a replacement/upgrade to an RV042. Our Internet connection was upgraded to 200Mbps and the RV042 wouldn't handle that throughput.
Our internal network has 4 subnets, all connected via a layer 3 switch. The RV320 is connected to one of those subnets and is the default gateway for the entire network.
The RV042 had a "multiple subnets" setting that allowed it to perform NAT for the directly connected subnet and the other 3 subnets in our network. We would just add the other networks to the list in the RV042 and everything was fine.
The RV320 doesn't seem to have the same functionality (or am I missing something?). It looks like there is some sort of multiple subnet support, but when we try to add another subnet the interface seems to be asking us to define a single IP address in that subnet (an IP address for the router?) as if all subnets will be directly attached to the router using VLANs (which is not the case in our network).
We can set up the "advanced routing" option to define the other 3 internal subnets and how to route to them, etc. but will the RV320 perform NAT for the other subnets without any adidtional configuration?
Can anyone shed any light on this?
Many thanks!Precept,
My name is Ismael, iam with Small Business Support Center. I like to start by asking is there a particular reason that the switch is handling Layer 3/or DHCP? Normally when an RV042 is implemented you would need a Layer 3 switch as the RV042 only supports one DHCP scope.In addition all The RV0XX series does not support 802.1q VLAN.
With RV320 you can setup multiple subnets under advance routing and still allow for it to pass DHCP for all of your 4 subnets and create 801.2q Vlan subinterfaces . Setting RV320 in this manner can create an ease in managing the network.
If you are considering the RV320 to do Layer 3 / DHCP simply create your 4 Vlans or subnets. Add them to the DHCP scope and enable DHCP server for all subnets. Switch would have to be configured to Layer 2 for this to work. The link below is a knowledge portal that could assist in creating DHCP and Vlans. Hope this helps you.
http://sbkb.cisco.com/ -
Create from multiple files - some pages repeat or disappear
Hello from Colorado. I am using Acrobat 6.0 Pro and have experienced some strange behavior when I try to create from multiple files. I created my basic one-page form and then completed 8 pages of answers, saving each page as an individual file (form_p1, form_p2, etc). When I tried to assemble all of the pages with the create from multiple files, I got two page one and my page two disappears -- all the other pages (3 thru 8) processed normally. I have tried saving my files with different names and then combining -- but with the same results. I have also tried to combine pages 2 thru 8 first and then add page 1 at the end -- in this case my page one disappeared and I got another page 2! I have checked all of the document properties and I cannot see anything amiss. I have used create from multiple files before without incident, but this time I'm stuck. Thanks for any help or suggestions.
Did the forms contain fields with the same name?
-
Zip'ing files from multiple folders to the same zip file
Could somebody recommend a method to create a zip file with file contents from multiple folders? Or is there an application I can drag and drop a bunch of files to zip em?
First highlight all of the folders or files. If they're not right next to each other, or on the same drives, hold down the Command key while clicking to choose the next without losing previous choices.
Once they're all highlighted, right click on any highlighted item and choose "Compress xxx Items". -
Can I call an object with synchronized methods from an EJB
I have a need for multiple threads (e.g. Message Driven Beans) to access a shared object, lets say a singleton, I'm aware of the "you can't have a singleton in the EJB world" issues) for read/write operations, so the operations will need to be synchronised.
I've seen various statements such as you can't use read/write static fields in EJBs and you can't use synchronisation primitives in EJBs but I've also seen statements that say its okay to access utility classes such as Vector (which has synchronised methods) from an EJB.
Does anyone know if there is a definitive answer on this? What are the implications of accessing a shared object with synchronised methods from multiple EJBs? Is it just that the EJB's thread may block which limits the ability of the container to manage the EJBs? In the Vector example above (from Professional Java Server Programming) did they mean its okay to use these utility classes provided they aren't shared across threads?
If I can't use a plain old Java Object does anyone know if there are other potential solutions for sharing objects across EJBs?
In my problem, I have an operation that I want to run in a multi-threaded way. Each thread will add information to the shared object, and this info may be used by the other threads. There's no lengthy blocking as such other than the fact that only one thread can be adding/reading information from the shared object at a time.
I've trawled through this forum looking for similar questions of which there seem to be many, but there doesn't seem to be any definitive answers (sorry if there was and I missed it).
Thanks
MartinYou can share objects among EJB's or among objects used by one or more EJB's. You can use synchronization primitives - nothing will prevent you from doing that.
After all, the container classes, JVM-provides classes, JDBC, JCA, JNDI and other such classes do all of this with impunity. You can too. You can use file and socket I/O as well, presuming you configure the security profile to allow it. Should you? Well it depends on what you need to accomplish and if there is another practical alternative.
Yes the specification warns you not to, but you cannot be responsible for the interior hidden implementation of classes provided to you by the JVM or third parties so you can never truly know if your are breaking these written rules.
But when you do these things, you are taking over some part of the role of the container. For short running methods that only block while another thread is using the method or code block and no I/O or use of other potentially blocking operations are contained in the method/block, you will be fine. If you don't watch out and create deadlocks, you will harm the container and its managed thread pool.
You should not define EJB methods as synchronized.
Also, if you share objects between EJB's, you need to realize that the container is free to isolate pools of your EJB in separate classloaders or JVM's. It's behavior can be influenced by your packaging choices (use of .ear, multiple separate .jar's, etc.) and the configuration of the server esp. use of clustering. This will cause duplicate sets of shared classes - so singletons will not necessarily be singleton across the entire server/cluster, but no single EJB instance will see more than one of them. You design needs to be tolerant of that fact in order to work correctly.
This isn't the definitive answer you asked for - I'll leave that to the language/spec lawyers out there. But in my experience I have run across a number of occasions where I had to go outside of the written rules and ave yet to be burned for it.
Chuck -
Bursting Web Templates with Multple Sources
I'm currently tring to burst a reporting using the Broadcast in our BI 7.0 Enviroment - I ran into an issues when trying to use the busting option when my template contained sources from Multiple Cubes.
Has anyone been successful bursting using multiple Cubes in on report?
DS_1 = Cube1
DS_2 = Cube2Hi,
Did u check CUBE OPTIONS under the FILE menu of your transformer.May be !
Maybe you are looking for
-
Wrong PageDef.xml during ReturnListener execution? Bug?
Hi Everyone, JDeveloper 10.1.3.3.0 We're facing a strange issue, that we're not sure whether this is by design or whether this is a bug... We have a commandLink with a returnListener on page yyy.jspx that calls another page via a dialog:xxx (useWindo
-
Dispathcher and Server is restarting automatically.
Hi , Dispatcher and Server0 are restarting after sometime , we don not know why it is happening . Every time we wrok on Portal ,it stops for sometime and ten automatically srats , it takes around 5 minutes . What can be the problem , is there any set
-
Hosted APEX Site down??
Folks, I have been trying to access the Oracle Hosted APEX site all morning and it seems to be down, can anyone confirm this?? I was doing a small demo for someone on using the mail merge code back from HTML-DB 1.6 (downloaded off the HTML-DB Studio)
-
I've just upgraded to Elements 8 from Elements 5 and can't find the email command. It used to be in the File menu. Nothing in Help either.
-
RMA Process for Warranty management
Hi, I want to set up a return material authorization (RMA) process for one my client. Is it possible to configure the entire RMA Process in SAP ECC for warranty management??? The scenario as per my requirement is: Customer sending defective component