Saprouter config with RFC on tcp port 33xx
I have a customer who has configured saprouter to allow remote (from the Internet) connections via the SAP GUI. These connections work great. However, when they try to add entries to the route tables for TCP port 3300, 3301, and 3303 the external application they are using (a gateway connection on these ports) fails. Is there some special configuration which needs to take place to allow the RFC connections vs. the regular SAP GUI connections on ports 32xx?
Kind Regards,
Eric J.
I was able to fix the problem by configuring profile parameter "gw/alternative_hostnames" to the public IP of the SAP system.
Similar Messages
-
2800 config with 4FXO VIC, voice-ports?
I'm trying to configure the voice-ports on a 2800 router with a 4 port FXO VIC and when I issue the voice-port command it only shows ports 50-50 so I use
voice-port 50/0/1 and it comes back with invalid input at marker and it points to the 50.
boot-start-marker
boot system flash flash:c2800nm-ipvoice-mz.124-4.T.bin
boot system flash flash:c2800nm-spservicesk9-mz.123-8.T8.bin
boot-end-marker
Lights on the FXO card are lit up but I do not have any cables plugged into them, am I missing something?
ThanksI'm guessing this is the info on the pvdm2?
WIC Slot 1:
2nd generation - FXO Voice daughter card (4 port)
Hardware Revision : 5.0
Top Assy. Part Number : 800-21589-01
Board Revision : E0
Deviation Number : 0-0
Fab Version : 04
PCB Serial Number : FOC092447VB
RMA Test History : 00
RMA Number : 0-0-0-0
RMA History : 00 -
Will there be any problem if CSS reuses a TCP PORT number?
Will there be any problem if CSS reuses a TCP PORT number for a new flow a few minutes after it finished a flow with the same TCP Port number.
CSS Server inititaed connection to Internet.
Sometimes a TCP RST terminates the connection. When it happens it appears that the CSS has used a TCP source port number which is sthe same as a previous flow that FIN'ed a few minutes ago. See attachment.My answer to your question is, I think you'll be 'less likely'. Although the screen proble has also been reported to create blue tints over the screen at certain angles, thus, if you do get a defective (yet to be confirmed) device, then sadly, it will most definatley affect the colours of a cartoon show.
-
Always on Availability groups using static SQL Tcp Port
Hi, I have 2 SQL 2012 servers in my DMZ and I have assigned SQL to run on a static TCP Port. I would like to setup Always On availability groups on the servers but I cannot get the failover to work with the static TCP port. It works fine
with dynamic ports.
When the failover is initiated it attempts to connect to the secondary replica with out using the static port, can someone tell me how to setup the availability group using static tcp ports.
Thanks,When I setup the secondary replica I added the port number, but it doesn't appear to use it for failover. I add the secondary replica w/o errors.
I am not sure how to add the port number to the primary.
Dave
Hi Dave,
Based on your description, could you please post the error message when getting failover to the secondary replica?
In addition, If you use the default port of 1433 for availability group listener VNNs, you will still need to ensure that no other services on the cluster node are using this port; otherwise this would cause a port conflict.
If one of the instances of SQL Server is already listening on TCP port 1433 via the instance listener and there are no other services (including additional instances of SQL Server) on the computer listening on port 1433, this will not cause a port conflict
with the availability group listener. However multiple instances of SQL Server (side-by-side)should not be configured to listen on the same port.
For more details, please review this article:
Availability Group Listeners, Client Connectivity, and Application Failover (SQL Server).
Thanks,
Lydia Zhang -
Good day everyone,
I have a question in regard to real server operation with different server farms, and VIPs
Can a Real Server be associated ( for simpliciy) with two different Server Farms that have a VIP associated with each, servicing the same TCP Port (443).
Example:
SF-A
RSRV-1: 192.168.1.10 /24
RSRV-2: 192.168.1.11 /24
VIP-A: 192.168.1.20 /24
VIP-A: https:web-A
Protocol: HTTPS
SF-B
RSRV-2: 192.168.1.11 /24
RSRV-3: 192.168.1.12 /24
VIP-B: 192.168.1.30 /24
VIP-b: https:web-B
Protocol: HTTPS
Client-A: 172.16.128.10
Client-B: 172.16.128.15
I have attached an sketch depicting the connectivity.
As always any feedback/Suggestions will be greatly apprecaited.
Cheers,
Raman AzizianRaman,
This type of config is no problem. What the server is doing is virtual web hosting. The server would have two different web services running for the same IP, but each listening for a unique host header.
From an IP point of view both connections would be destined to the rserver address on port 80, but in the http header they would have two different Host headers.
one for www.example1.com and the second for www.example2.com. If the web server is configured correct so each host name is tied to one web service it will not have any issues.
The config you attached looks ok. The way you have the sticky group is ok doing source IP. If you use cookies for the sticky group I would suggest you create two sticky groups each with a different cookie name and add the same serverfarm to both groups. The client will only send a cookie for the domain it received it from so using the same cookie in two vips could cause problems if the same client hits both vips.
Hope that helps
Regards
Jim -
When configuring my Airport Extreme Simultaneous Dual-Band router, port forwarding is broken if you only specify TCP ports to forward. This is with firmware 7.6.1. What happens is that after you hit the Update button, when the router comes back and you open the port forwarding entry, the IP is still there but the port numbers are missing.
I tried all different port numbers and ranges and nothing would stick if i only specified TCP ports. If i added UDP ports with the TCP ports then it would save them. And if you add a new entry with only UDP it saves them too.
Now this is with adding a new port forwarding. I already have existing ports being forwarded that only have TCP. They are still working. I believe i added them with a previous version of the firmware.
Any one else see this issue? Any ideas?
Maybe i should perform a hard reset and reload a saved config.
Peace,
DanI haven't seen the issue but you could just downgrade to an earlier firmware:
-
Route decisions based on destination TCP port with EIGRP
Need information and plausibility on making routing decisions within EIGRP based on different destination TCP port. I have a third party partner that we communicate too and they are adding a second location which we will connect too. They are wanting to use the same destination host IP but make route decision based on destination TCP port; i.e. if we target tcp 6123 they want us to route down link A to site A, if we target tcp 7123 we would route down link B to site B. I have never had to make that happen so I am looking into whether it actually can and if so what is basic configuration to pursue. We use static IP routes to/from them today and will in the future at the edge, those are distributed internally to our EIGRP. Can EIGRP make decisions based on IP and Port?
No routing protocol makes decisions based on port number as far as I know.
You need to look into PBR (Policy Based Routing) for this where you can use acls to define the route that traffic takes.
Depending on your connections you may well need to use tracking as well but it depends.
If the only reason to use EIGRP is for these connections you probably don't need it as with PBR you are overriding the routing table anyway but you may want to run it for other connectivity.
If you do a search on PBR you should find quite a few examples but if you get stuck then by all means come back. -
Agentry Client 6.1.3 installation with preconfigure SMP server name et TCP Port
Hi,
I'm looking for a way to deploy an Agentry Client (version 6.1.3.xxx) on multiple devices without having to manually specify the SMP server name and TCP port.
When the user get's it, I just want him to only enter his credential to start the first synch/config process.
Anyway do easily do that?
Thanks for your help!
EricHi Bill,
Here's what I did in more detail so you can pin point what I do wrong (hopefully :-)).
First I extracted the branding files of the Agentry_6.1.3.10212_ClientWin32.exe.
Agentry_6.1.3.10212_ClientWin32.exe /Branding=D:\Temp\Agentry.
This is the directory and file structure I got out of it.
The 2 directories are created as you mentionned.
If I browse to the AgentryClient_Win32 directory I see thoses files:
If I browse the Installer directory I see :
The Include and Plugins directories are as follow :
I still can't find the AgentryClient.exe.config file???
Eric -
ACE Probe Config for Blue Coat Proxy TCP Port 74 NETRJS-4
We are running 4710's with A5(2.2). We use Blue Coat proxies for our internet connections, specifcally TCP port 74. So when we open up a browser connection to www.cisco.com, the HTTP GET is actually encapsulated in TCP port 74 netrjs-4. We want to load-balance these proxies with ACE and I'm trying to setup health probes, but the only ones that work are the tcp probes PROXY_BCC_PROBE and PROXY_PROBE. I'd like to have health probes that hit external websites, but I'm confused whether the "ip address" Probe sub command is all I need, and netrjs is simple encapsulation of the HTTP request (which is what it looks like on a sniffer). Does anyone have Blue Coat proxies/ACE working? If so, how are your probes configured?
Thanks,
probe tcp PROXY_BCC_PROBE
port 8084
interval 3
passdetect interval 3
probe http PROXY_HTTP1_PROBE
ip address 198.133.219.25
port 74
interval 3
passdetect interval 3
request method head url /index.html
expect status 200 299
probe http PROXY_HTTP2_PROBE
ip address 198.133.219.25
port 74
interval 3
request method get url /
expect status 200 299
probe tcp PROXY_PROBE
port 74
interval 3
passdetect interval 3Hi,
I have seen this working for one of the customer.
probe http HTTPGET
description Tests that www.gmail.com returns 302 redirect
interval 10
request method get url http://www.gmail.com
expect status 302 302
If I modify your probe :
probe http PROXY_HTTP1_PROBE
ip address 198.133.219.25
port 74
interval 3
passdetect interval 3
request method get url
http://www.gmail.com
expect status 302 302
Give it a try and see if that helps.
regards,
Ajay Kumar -
MAC Floods ISP with TCP ports and is shutdown when count reaches 200
I was told by ISP provider that my MAC floods them with massive amount of TCP ports when I open a single Safari or FireFox web page. When I am NOT connected, the TCP port count is ABOUT 3 with a Windows XP using a IE connection to APPLE.com PLUS AN SSL CONNECTION. When I open the same web page ON MY MAC, the count INSTANTLY jumps to 70+ and if I connect to another page it jumps to well over 100. If I leave pages open and jump to several different sites, I soon exceed the MAX TCP port limit of 200 and everyone on our home network is pretty much shutdown. Since it is a wireless connection to the ISP, the have to limit TCP ports to 200 per antenna connection. WHY DOES MY MAC USE SO MANY TCP PORTS FOR A SINGLE BROWSER CONNECTION?
The home network uses LinkSys WRT54G router and WAP54G configured as Wireless Repeater. Windows does not have this problem. I do not have this problem anywhere else but on this wireless ISP connection. How do I remedy this problem?Here is a trap of opening a browser page:
1. sudo tcpdump –pv tcp
clayton-arndts-computer-2:~ claytonarndt$ sudo tcpdump –pv tcp
tcpdump: WARNING: en0: no IPv4 address assigned
tcpdump: illegal token: –
clayton-arndts-computer-2:~ claytonarndt$
2.
lsof -i
clayton-arndts-computer-2:~ claytonarndt$ lsof -i
COMMAND&nbs p; PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ARDAgent 2395 claytonarndt 17u IPv4 0x29bc0f0 0t0 UDP *:net-assistant
AppleVNCS 2406 claytonarndt 4u IPv6 0x29c1d90 0t0 TCP *:vnc-server (LISTEN)
SystemUIS 2409 claytonarndt 10u IPv4 0x29bb7a8 0t0 UDP :
firefox-b 3645 claytonarndt 22u IPv4 0x49a966c 0t0 TCP 192.168.1.113:54212->a204-245-162-11.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt&nbs p; 27u IPv4 0x4a9b270 0t0 TCP 192.168.1.113:54213->a204-245-162-11.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 28u IPv4 0x3f3e66c 0t0 TCP 192.168.1.113:54101->216.178.33.45:http (ESTABLISHED)
firefox-b 3645 claytonarndt 38u IPv4 0x3f56e64 0t0 TCP 192.168.1.113:54208->prodwebmail-mtc06.evip.aol.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 39u IPv4 0x4a36a68 0t0 TCP 192.168.1.113:54178->204.2.241.146:http (ESTABLISHED)
firefox-b 3645 claytonarndt 46u IPv4 0x3fb4e64 0t0 TCP 192.168.1.113:54211->a204-245-162-26.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 47u IPv4 0x4a9a66c 0t0 TCP 192.168.1.113:5 4188->a204-245-162-25.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 48u IPv4 0x3f56a68 0t0 TCP 192.168.1.113:54105->204.0.5.25:http (ESTABLISHED)
firefox-b 3645 claytonarndt 49u IPv4 0x49b7270 0t0 TCP 192.168.1.113:54135->204.0.5.9:http (ESTABLISHED)
firefox-b 3645 claytonarndt 50u IPv4 0x49b8e64 0t0 TCP 192.168.1.113:54136->204.0.5.27:http (ESTABLISHED)
firefox-b 3645 claytonarndt 51u IPv4 0x4a37270 0t0 TCP 192.168.1.113:54185->a204-245-162-33.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 5 5u IPv4 0x49f3e64 0t0 TCP 192.168.1.113:54164->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 62u IPv4 0x3ec5a68 0t0 TCP 192.168.1.113:54111->204.0.5.16:http (ESTABLISHED)
firefox-b 3645 claytonarndt 64u IPv4 0x4a3666c 0t0 TCP 192.168.1.113:54179->a204-245-162-19.deploy.akamaitechnologies.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 65u IPv4 0x49d2270 0t0 TCP 192.168.1.113:54155->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 69u IPv4 0x49c266c 0t0 TCP 192.168.1.113:54142->204.0.5.33:http (ESTABLISHED)
firefox-b 3645 claytonarndt 71u IPv4 0x49eee64 0t0 TCP 192.168.1.113:54168->204.2.241.160:http (ESTABLISH ED)
firefox-b 3645 claytonarndt 72u IPv4 0x49c2270 0t0 TCP 192.168.1.113:54143->204.0.5.24:http (ESTABLISHED)
firefox-b 3645 claytonarndt 76u IPv4 0x4aa0a68 0t0 TCP 192.168.1.113:54215->prodwebmail-mtc06.evip.aol.com:http (ESTABLISHED)
firefox-b 3645 claytonarndt 77u IPv4 0x4a9aa68 0t0 TCP 192.168.1.113:54221->a204-245-162-17.deploy.akamaitechnologies.com:http (ESTABLISHED)
SlingPlay 3655 claytonarndt 6u IPv4 0x3f56270 0t0 TCP 192.168.1.113:53903->192.168.1.100:commplex-link (ESTABLISHED)
SlingPlay 3655 claytonarndt 7u IPv4 0x3ef6270 0t 0 TCP 192.168.1.113:53904->spas.slingmedia.com:http (CLOSED)
SlingPlay 3655 claytonarndt 10u IPv4 0x3f6666c 0t0 TCP 192.168.1.113:53905->192.168.1.100:commplex-link (ESTABLISHED)
clayton-arndts-computer-2:~ claytonarndt$
3.
lsof -i -n
clayton-arndts-computer-2:~ claytonarndt$ lsof -i -n
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
ARDAgent 2395 claytonarndt 17u IPv4 0x29bc
0f0 0t0 UDP *:net-assistant
AppleVNCS 2406 claytonarndt 4u IPv6 0x29c1d90 0t0 TCP *:vnc-server (LISTEN)
SystemUIS 2409 claytonarndt 10u IPv4 0x29bb7a8 0t0 UDP :
firefox-b 3645 claytonarndt 22u IPv4 0x49a966c 0t0 TCP 192.168.1.113:54212->204.245.162.11:http (ESTABLISHED)
firefox-b 3645 claytonarndt 27u IPv4 0x4a9b270 0t0 TCP 192.168.1.113:54213->204.245.162.11:http (ESTABLISHED)
firefox-b 3645 claytonarndt 28u IPv4 0x3f3e66c 0t0 TCP 192.168.1.113:54101->216.178.33.45:http (ESTABLISHED)
firefox-b 3645 claytonarndt 38u IPv4 0x3f56e64 0t0 TCP 192.168.1.113:54208->64.12.230.1:http (ESTABLISHED)
firefox-b 3645 claytonarndt 39u IPv4 0
x4a36a68 0t0 TCP 192.168.1.113:54178->204.2.241.146:http (ESTABLISHED)
firefox-b 3645 claytonarndt 46u IPv4 0x3fb4e64 0t0 TCP 192.168.1.113:54211->204.245.162.26:http (ESTABLISHED)
firefox-b 3645 claytonarndt 47u IPv4 0x4a9a66c 0t0 TCP 192.168.1.113:54188->204.245.162.25:http (ESTABLISHED)
firefox-b 3645 claytonarndt 48u IPv4 0x3f56a68 0t0 TCP 192.168.1.113:54105->204.0.5.25:http (ESTABLISHED)
firefox-b 3645 claytonarndt 49u IPv4 0x49b7270 0t0 TCP 192.168.1.113:54135->204.0.5.9:http (ESTABLISHED)
firefox-b 3645 claytonarndt 50u IPv4 0x49b8e64 0t0 TCP 192.168.1.113:54136->204.0.5.27:http (ESTABLISHED)
firefox-b 3645 claytonarndt
51u IPv4 0x4a37270 0t0 TCP 192.168.1.113:54185->204.245.162.33:http (ESTABLISHED)
firefox-b 3645 claytonarndt 55u IPv4 0x49f3e64 0t0 TCP 192.168.1.113:54164->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 62u IPv4 0x3ec5a68 0t0 TCP 192.168.1.113:54111->204.0.5.16:http (ESTABLISHED)
firefox-b 3645 claytonarndt 64u IPv4 0x4a3666c 0t0 TCP 192.168.1.113:54179->204.245.162.19:http (ESTABLISHED)
firefox-b 3645 claytonarndt 65u IPv4 0x49d2270 0t0 TCP 192.168.1.113:54155->204.0.5.17:http (ESTABLISHED)
firefox-b 3645 claytonarndt 69u IPv4 0x49c266c 0t0 TCP 192.168.1.113:54142->204.0.5.33:http (ESTABLISHED)
firefox-b 3645 claytonarndt 71u IPv4 0x49eee64 0t0 TCP 192.168.1.113:54168->204.2.241.160:http (ESTABLISHED)
fir
efox-b 3645 claytonarndt 72u IPv4 0x49c2270 0t0 TCP 192.168.1.113:54143->204.0.5.24:http (ESTABLISHED)
firefox-b 3645 claytonarndt 77u IPv4 0x4a9aa68 0t0 TCP 192.168.1.113:54221->204.245.162.17:http (ESTABLISHED)
SlingPlay 3655 claytonarndt 6u IPv4 0x3f56270 0t0 TCP 192.168.1.113:53903->192.168.1.100:commplex-link (ESTABLISHED)
SlingPlay 3655 claytonarndt 7u IPv4 0x3ef6270 0t0 TCP 192.168.1.113:53904->157.22.2.7:http (CLOSED)
SlingPlay 3655 claytonarndt 10u IPv4 0x3f6666c 0t0 TCP 192.168.1.113:53905->192.168.1.100:commplex-link (ESTABLISHED)
clayton-arndts-computer-2:~=2
0claytonarndt$
The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now!
The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now! -
Http probe on non-standard tcp port 8021
I've configured http probe on standard port 80 with no issue. I'm now trying http probe on non-standard tcp port 8021, confirmed with packet capture to confirm that the CSM is indeed probing, status code 403 is returned but the reals are showing "probe failed". Am I missing something? Thank you in advance.
CSM v2.3(3)2
probe 8021 http
request method head
interval 2
retries 2
failed 4
port 8021
serverfarm TEST
nat server
no nat client
real 10.1.2.101
inservice
real 10.1.2.102
inservice
probe 8021
vserver TEST
virtual 10.1.2.100 tcp 8021
serverfarm TEST
replicate csrp connection
persistent rebalance
inservice
VIP and real status:
vserver type prot virtual vlan state conns
Q_MAS_8021 SLB TCP 10.1.2.100/32:8021 ALL OUTOFSERVICE 0
real server farm weight state conns/hits
10.1.2.101 TEST 8 PROBE_FAILED 0
10.1.2.102 TEST 8 PROBE_FAILED 0you need to specify what HTTP response code you expect.
The command is :
gdufour-cat6k-2(config-slb-probe-http)#expect status ?
<0-999> expected status - minimum value in a range
The default is to expect only 200.
This is why your 403 is not accepted.
Gilles. -
Changing the TCP port on async ports in Cisco router
Hello,
My goal is to replace old terminal servers from a factory environment.
These terminal servers act as a aggregation point of terminal equipment (printers and factory automation).
Software used in this factory writes to these devices using ip-address of the terminal server and TCP-port starting at 10001, where the last number is a port number.
The problem is that in Cisco equipment, I can not find a way to change the tcp port to this 1000x. The only option would be to change the softwares TCP-port to Cisco default 200x, but this is not the solution I am looking for. This is because the switchover should be done when the machines are running, and the time window is to short to make changes in the factory software.
Is there a way to change the logical TCP-port for Cisco routers asyncronous lines (HWIC-16A) to 10001-16?
Marko TuhkunenSo i figured out that i can use the archive tar /create command:
To copy the entire flash towards TFTP:
archive tar /create tftp://X.X.X.X/flash.tar flash:
Now i will have to insert the new flash and probably format it first towards the correct file systems. Then i will have to use the next archive command:
archive tar /xtract "Here i am unsure of the syntax, i want to be copying and extracting the tar I backed up from the old flash"
After these steps are complete can i just reboot the router with the new flash card, won't there be any issues, since the startup config is on the NVRAM it will load the config properly, and i haven't seen any boot parameters but they shouldn't pose any issues since i'm not changing the flash slot.
Thanks for your assistance -
ACE VIP OK HTTP, NOK other TCP port
Hi,
we are having issues in configuring load balancing for a TCP port. For HTTP it's working without issues and we have the ACE also balancing for other TCP ports.
Here goes the relevant config:
probe http PROBE-HTTP
interval 5
passdetect interval 2
passdetect count 1
request method get url /idc/
expect status 200 200
probe tcp PROBE-TCP
port 4444
interval 5
passdetect interval 10
rserver host PRD1
ip address 10.10.10.1
inservice
rserver host PRD2
ip address 10.10.10.2
inservice
serverfarm host SF-HTTP
probe PROBE-HTTP
rserver PRD1 80
inservice
rserver PRD2 80
inservice
serverfarm host SF-TCP
probe PROBE-TCP
rserver PRD1 4444
inservice
rserver PRD2 4444
inservice
sticky ip-netmask 255.255.255.255 address source SC-IP-PRD-HTTP
timeout 10
serverfarm SF-HTTP
class-map match-all NAT-VIP-HTTP
2 match virtual-address 10.10.35.1 any
class-map match-all NAT-VIP-TCP
2 match virtual-address 10.10.35.1 tcp eq 4444
policy-map type loadbalance first-match LB-VIP-HTTP
class class-default
sticky-serverfarm SC-IP-PRD-HTTP
insert-http x-forward header-value "%is"
policy-map type loadbalance first-match LB-NAT-VIP-TCP
class class-default
serverfarm SF-TCP
policy-map multi-match POLICY-RSERVER-VIP
class NAT-VIP-TCP
loadbalance vip inservice
loadbalance policy LB-NAT-VIP-TCP
loadbalance vip icmp-reply active
nat dynamic 1 vlan 200
class NAT-VIP-HTTP
loadbalance vip inservice
loadbalance policy LB-VIP-HTTP
loadbalance vip icmp-reply active
nat dynamic 1 vlan 200
interface vlan 200
description SERVER-SIDE
ip address 10.10.14.2 255.255.255.0
alias 10.10.14.1 255.255.255.0
peer ip address 10.10.14.3 255.255.255.0
access-group input EVERYONE
nat-pool 1 10.10.4.6 10.10.4.6 netmask 255.255.255.255 pat
service-policy input AllowICMP
service-policy input POLICY-RSERVER-VIP
no shutdown
The probe are OK, but nothing seems to get to the VIP:
ACE/CTX# show probe PROBE-TCP
probe : PROBE-TCP
type : TCP
state : ACTIVE
port : 4444 address : 0.0.0.0 addr type : -
interval : 5 pass intvl : 10 pass count : 3
fail count: 3 recv timeout: 10
--------------------- probe results --------------------
probe association probed-address probes failed passed health
------------------- ---------------+----------+----------+----------+-------
serverfarm : SF-TCP
real : PRD1[4444]
10.10.10.1 8853 1 8852 SUCCESS
real : PRD2[4444]
10.10.10.2 8853 1 8852 SUCCESS
ACE/CTX# show serverfarm SF-TCP detail
serverfarm : SF-TCP, type: HOST
total rservers : 2
active rservers: 2
description : -
state : ACTIVE
predictor : ROUNDROBIN
failaction : -
back-inservice : 0
partial-threshold : 0
num times failover : 0
num times back inservice : 1
total conn-dropcount : 0
Probe(s) :
PROBE-TCP, type = TCP
----------connections-----------
real weight state current total failures
---+---------------------+------+------------+----------+----------+---------
rserver: PRD1
10.10.10.1:4444 8 OPERATIONAL 0 0 0
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
rserver: PRD2
10.10.10.2:4444 8 OPERATIONAL 0 0 0
max-conns : - , out-of-rotation count : -
min-conns : -
conn-rate-limit : - , out-of-rotation count : -
bandwidth-rate-limit : - , out-of-rotation count : -
retcode out-of-rotation count : -
load value : 0
ACE/CTX# show service-policy POLICY-RSERVER-VIP
Status : ACTIVE
Interface: vlan 1 200
service-policy: POLICY-RSERVER-VIP
class: NAT-VIP-TCP
nat:
nat dynamic 1 vlan 200
curr conns : 0 , hit count : 0
dropped conns : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
loadbalance:
L7 loadbalance policy: LB-NAT-VIP-TCP
VIP ICMP Reply : ENABLED-WHEN-ACTIVE
VIP State: INSERVICE
curr conns : 0 , hit count : 0
dropped conns : 0
client pkt count : 0 , client byte count: 0
server pkt count : 0 , server byte count: 0
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0
compression:
bytes_in : 0
bytes_out : 0
I see a lot of this messages in the logging of the ACE:
show logging | i 4444
22:02:52 : %ACE-6-302023: Teardown TCP connection 0x18b6 for vlan200:10.10.14.2/26768 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1051 TCP FINs
22:02:55 : %ACE-6-302022: Built TCP connection 0x14dc for vlan200:10.10.14.2/30318 (10.10.10.1/30318) to vlan200:10.10.10.1/4444 (10.10.14.2/4444)
22:02:55 : %ACE-6-302023: Teardown TCP connection 0x14dc for vlan200:10.10.14.2/30318 to vlan200:10.10.10.1/4444 duration 0:00:00 bytes 1103 TCP FINs
22:02:57 : %ACE-6-302022: Built TCP connection 0xc6c for vlan200:10.10.14.2/26784 (10.10.10.2/26784) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
22:02:57 : %ACE-6-302023: Teardown TCP connection 0xc6c for vlan200:10.10.14.2/26784 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1103 TCP FINs
22:03:02 : %ACE-6-302022: Built TCP connection 0x151a for vlan200:10.10.14.2/26800 (10.10.10.2/26800) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
show logging | i 4444
22:02:52 : %ACE-6-302023: Teardown TCP connection 0x18b6 for vlan200:10.10.14.2/26768 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1051 TCP FINs
22:02:55 : %ACE-6-302022: Built TCP connection 0x14dc for vlan200:10.10.14.2/30318 (10.10.10.1/30318) to vlan200:10.10.10.1/4444 (10.10.14.2/4444)
22:02:55 : %ACE-6-302023: Teardown TCP connection 0x14dc for vlan200:10.10.14.2/30318 to vlan200:10.10.10.1/4444 duration 0:00:00 bytes 1103 TCP FINs
22:02:57 : %ACE-6-302022: Built TCP connection 0xc6c for vlan200:10.10.14.2/26784 (10.10.10.2/26784) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
22:02:57 : %ACE-6-302023: Teardown TCP connection 0xc6c for vlan200:10.10.14.2/26784 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1103 TCP FINs
22:03:02 : %ACE-6-302022: Built TCP connection 0x151a for vlan200:10.10.14.2/26800 (10.10.10.2/26800) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
The client request it's going trough an ASA, in the ASA side I see that the TCP connection it' half-open with SAaB flags. It seems that the VIP never replies with SYN+ACK to the ASA...
Thank you.
Best regardsHi Norberto,
The log messages you are getting are most probably the probe connections and not a failure, looking to them you will see your ACE is establishing TCP connection on 4444 then it will teardown the connection with FIN which is expected since you are using TCP keepalives.
I would recommend to go back and define the problem exactly, what are you exteriancing when you try to telnet on port 4444 toward the VIP from the client?
Run sniffing software on the client, the server and enable capture on ACE and ASA will give you exact idea what you are experiencing.
Note: The ASA and the ACE has great capture feature which will show you exactly the packet flows.
Note: Since you are applying NAT on the client requests, you should see the NATed IP address on the server capture.
Note: With L4 load balancing the ACE is not spoofing the clients' request, it just forward the SYN, SYN+ACK and ACK between the server and the client.
Let me know if you have any other questions.
Best regards,
Ahmad -
Read data from serial port or TCP port of frontend PC
Hello Friends,
I have requirement to read data from device connected to frontend PC which will provide meter reading data.
Vendor has given me two option.
1. Device can be connected to seiral port and data transfer will be done through MODBUS RTU protocol.In that case data need to capture from serial port.
2. Device can be connected to TCP port and Socket program can be provided for data transfer. In that case SAP will act as client and communicate with TCP port.
There will be multiple workstation with individual meters connected to them.
I am aware of text file interfacing through front end tools using custom code using VB,JAVA or others.
Is there any solution availble to achieve above things using ABAP other than text file , like direct communication?
I am using ECC 6.0.Hello,
Socket programming in not available on ABAP, but you may use RFC for the same.
Use the below links for more details
[Link 1|http://help.sap.com/printdocu/core/print46c/en/data/pdf/BCFESDE2/BCFESDE2.pdf]
[Link 2|http://forums.sdn.sap.com/thread.jspa?threadID=1820233]
Regards,
Abhishek -
Hi all,
I have configured an acl to control traffic going in/out of an interface via tcp ports. However, after applying the acl to the interface, i find that eventhough ports are allowed, traffic is blocked by the acl.
I suspected that it could be the initial tcp handshake (SYN, SYNACK, ACK etc) is not being allowed (due to the implicit deny). When i included that in the acl, it worked. Is this a necessary step in an acl that controls by tcp port?
Reason is, some of the acl configured with tcp port control has not been configured to allow SYN, ACK etc but it works when some of these ACLs are applied to other interface.Hi,
Thanks for the response. As far as the config of the ACL, it's quite straight forward with the thing i'm trying to achieve. 1.1.1.190 & 1.1.1.192 are Mail servers. The objective is to control both .190 & .192. The config is as below:
interface Vlan2
description For Mail
ip address 1.1.1.129 255.255.255.0
ip access-group 2002 in
end
C6500#sh access-li 2002
Extended IP access list 2002
10 permit icmp any any (272 matches)
20 permit tcp host 1.1.1.0 any syn (10467 matches)
30 permit tcp host 1.1.1.0 any ack (781 matches)
40 permit tcp host 1.1.1.190 eq smtp any
50 permit tcp host 1.1.1.190 eq pop3 any
60 permit tcp host 1.1.1.192 eq smtp any
70 permit tcp host 1.1.1.192 eq pop3 any (4 matches)
80 permit ip host 1.1.1.183 2.2.0.0 0.0.255.255 (19 matches)
When I first created this ACL, without the SYN & ACK configured, users failed to connect to the servers. I personally believe users could connect, but it's the return packets from the servers that might have gotten blocked by the ACL. However, after I added in the SYN & ACK, all went well. I could see counters incrementing for the SYN & ACK as well.
Whereas, some other applications that use some custom ports, ie. 10000, 10001, didn't seem to need the explicit configuration of the SYN/ACKs & the ACL worked well.
Maybe you are looking for
-
G5 Quad Pro Tools HD 7 System Crashes on Launch of Logic Pro 7. WHY?
Updated to Logic Pro 7.1.1 Program gets to Launching DAE on the startup screen and then unexpectedly quits. G5 Quad Mac OS X (10.4.8) Pro Tools installed G5 Quad Mac OS X (10.4.8) Pro Tools installed
-
Checking the first radio box in a dataTable on initial load
Hi, I have a datatable bound to a UIData object in a backing bean. The data table has a radio check box widget which I use to select a data row. I would like to have the first checkbox checked on an initial load, I tried using EL to no avail..... Any
-
Illustrator CS3 and Intel Core2
I am having problems saving my files. Some files take 35 mins to save. I have many layers and a placed JPG in my file. The file is 2.4KB. I have similar file sizes and they take about the same time to save as well. I am using: Dell Optiplex GX745 Int
-
Rollback on transaction failes
Hi, I have got a problem when I try to rollback a transaction using a JDBC driver, but I don't understand why. Maybe someone can help me. My problem is as follows: on a connection with AutoCommit set to true, I define some INSERT actions on a certain
-
FCP 7 exports with green spots in places where I have transitions
These file look great in the canvas. But when I export them, I have these huge green spots where the transitions take place. The time line has the video clip, audio clip, and text that enters with a cross dissolve and exits the same way. The spots oc