Saprouter config with RFC on tcp port 33xx

Similar Messages

• 2800 config with 4FXO VIC, voice-ports?

  I'm trying to configure the voice-ports on a 2800 router with a 4 port FXO VIC and when I issue the voice-port command it only shows ports 50-50 so I use
  voice-port 50/0/1 and it comes back with invalid input at marker and it points to the 50.
  boot-start-marker
  boot system flash flash:c2800nm-ipvoice-mz.124-4.T.bin
  boot system flash flash:c2800nm-spservicesk9-mz.123-8.T8.bin
  boot-end-marker
  Lights on the FXO card are lit up but I do not have any cables plugged into them, am I missing something?
  Thanks

  I'm guessing this is the info on the pvdm2?
  WIC Slot 1:
  2nd generation - FXO Voice daughter card (4 port)
  Hardware Revision : 5.0
  Top Assy. Part Number : 800-21589-01
  Board Revision : E0
  Deviation Number : 0-0
  Fab Version : 04
  PCB Serial Number : FOC092447VB
  RMA Test History : 00
  RMA Number : 0-0-0-0
  RMA History : 00

• Will there be any problem if CSS reuses a TCP PORT number?

  Will there be any problem if CSS reuses a TCP PORT number for a new flow a few minutes after it finished a flow with the same TCP Port number.
  CSS Server inititaed connection to Internet.
  Sometimes a TCP RST terminates the connection. When it happens it appears that the CSS has used a TCP source port number which is sthe same as a previous flow that FIN'ed a few minutes ago. See attachment.

  My answer to your question is, I think you'll be 'less likely'. Although the screen proble has also been reported to create blue tints over the screen at certain angles, thus, if you do get a defective (yet to be confirmed) device, then sadly, it will most definatley affect the colours of a cartoon show.

• Always on Availability groups using static SQL Tcp Port

  Hi,  I have 2 SQL 2012 servers in my DMZ and I have assigned SQL to run on a static TCP Port.  I would like to setup Always On availability groups on the servers but I cannot get the failover to work with the static TCP port.  It works fine
  with dynamic ports.
  When the failover is initiated it attempts to connect to the secondary replica with out using the static port,  can someone tell me how to setup the availability group using static tcp ports.
  Thanks,

  When I setup the secondary replica I added the port number, but it doesn't appear to use it for failover.  I add the secondary replica w/o errors.
  I am not sure how to add the port number to the primary.
  Dave
  Hi Dave,
  Based on your description, could you please post the error message when getting failover to the secondary replica?
  In addition, If you use the default port of 1433 for availability group listener VNNs, you will still need to ensure that no other services on the cluster node are using this port; otherwise this would cause a port conflict.
  If one of the instances of SQL Server is already listening on TCP port 1433 via the instance listener and there are no other services (including additional instances of SQL Server) on the computer listening on port 1433, this will not cause a port conflict
  with the availability group listener. However multiple instances of SQL Server (side-by-side)should not be configured to listen on the same port.
  For more details, please review this article:
  Availability Group Listeners, Client Connectivity, and Application Failover (SQL Server).
  Thanks,
  Lydia Zhang

• Can a real Server be applied in two different server farms associated with two different VIP IP and TCP Port

  Good day everyone,
  I have a question in regard to real server operation with different server farms, and VIPs
  Can a Real Server be associated ( for simpliciy) with two different Server Farms that have a VIP associated with each, servicing the same TCP Port (443).
  Example:
  SF-A
  RSRV-1: 192.168.1.10 /24
  RSRV-2: 192.168.1.11 /24
  VIP-A: 192.168.1.20 /24
  VIP-A: https:web-A
  Protocol: HTTPS
  SF-B
  RSRV-2: 192.168.1.11 /24
  RSRV-3: 192.168.1.12 /24
  VIP-B: 192.168.1.30 /24
  VIP-b: https:web-B
  Protocol: HTTPS
  Client-A: 172.16.128.10
  Client-B: 172.16.128.15
  I have attached an sketch depicting the connectivity.
  As always any feedback/Suggestions will be greatly apprecaited.
  Cheers,
  Raman Azizian

  Raman,
  This type of config is no problem. What the server is doing is virtual web hosting. The server would have two different web services running for the same IP, but each listening for a unique host header.
  From an IP point of view both connections would be destined to the rserver address on port 80, but in the http header they would have two different Host headers.
  one for www.example1.com and the second for www.example2.com. If the web server is configured correct so each host name is tied to one web service it will not have any issues.
  The config you attached looks ok. The way you have the sticky group is ok doing source IP. If you use cookies for the sticky group I would suggest you create two sticky groups each with a different cookie name and add the same serverfarm to both groups. The client will only send a cookie for the domain it received it from so using the same cookie in two vips could cause problems if the same client hits both vips.
  Hope that helps
  Regards
  Jim

• Airport Extreme Simultaneous Dual-Band port forwarding broken if only TCP ports with firmware 7.6.1

  When configuring my Airport Extreme Simultaneous Dual-Band router, port forwarding is broken if you only specify TCP ports to forward. This is with firmware 7.6.1. What happens is that after you hit the Update button, when the router comes back and you open the port forwarding entry, the IP is still there but the port numbers are missing.
  I tried all different port numbers and ranges and nothing would stick if i only specified TCP ports. If i added UDP ports with the TCP ports then it would save them. And if you add a new entry with only UDP it saves them too.
  Now this is with adding a new port forwarding. I already have existing ports being forwarded that only have TCP. They are still working. I believe i added them with a previous version of the firmware.
  Any one else see this issue? Any ideas?
  Maybe i should perform a hard reset and reload a saved config.
  Peace,
  Dan

  I haven't seen the issue but you could just downgrade to an earlier firmware:

• Route decisions based on destination TCP port with EIGRP

  Need information and plausibility on making routing decisions within EIGRP based on different destination TCP port.  I have a third party partner that we communicate too and they are adding a second location which we will connect too.  They are wanting to use the same destination host IP but make route decision based on destination TCP port; i.e. if we target tcp 6123 they want us to route down link A to site A, if we target tcp 7123 we would route down link B to site B.  I have never had to make that happen so I am looking into whether it actually can and if so what is basic configuration to pursue.  We use static IP routes to/from them today and will in the future at the edge, those are distributed internally to our EIGRP.  Can EIGRP make decisions based on IP and Port?

  No routing protocol makes decisions based on port number as far as I know.
  You need to look into PBR (Policy Based Routing) for this where you can use acls to define the route that traffic takes.
  Depending on your connections you may well need to use tracking as well but it depends.
  If the only reason to use EIGRP is for these connections you probably don't need it as with PBR you are overriding the routing table anyway but you may want to run it for other connectivity.
  If you do a search on PBR you should find quite a few examples but if you get stuck then by all means come back.

• Agentry Client 6.1.3 installation with preconfigure SMP server name et TCP Port

  Hi,
  I'm looking for a way to deploy an Agentry Client (version 6.1.3.xxx) on multiple devices without having to manually specify the SMP server name and TCP port.
  When the user get's it, I just want him to only enter his credential to start the first synch/config process.
  Anyway do easily do that?
  Thanks for your help!
  Eric

  Hi Bill,
  Here's what I did in more detail so you can pin point what I do wrong (hopefully :-)).
  First I extracted the branding files of the Agentry_6.1.3.10212_ClientWin32.exe.
  Agentry_6.1.3.10212_ClientWin32.exe /Branding=D:\Temp\Agentry.
  This is the directory and file structure I got out of it.
  The 2 directories are created as you mentionned.
  If I browse to the AgentryClient_Win32 directory I see thoses files:
  If I browse the Installer directory I see :
  The Include and Plugins directories are as follow :
  I still can't find the AgentryClient.exe.config file???
  Eric

• ACE Probe Config for Blue Coat Proxy TCP Port 74 NETRJS-4

  We are running 4710's with A5(2.2). We use Blue Coat proxies for our internet connections, specifcally TCP port 74. So when we open up a browser connection to www.cisco.com, the HTTP GET is actually encapsulated in TCP port 74 netrjs-4. We want to load-balance these proxies with ACE and I'm trying to setup health probes, but the only ones that work are the tcp probes PROXY_BCC_PROBE and PROXY_PROBE. I'd like to have health probes that hit external websites, but I'm confused whether the "ip address" Probe sub command is all I need, and netrjs is simple encapsulation of the HTTP request (which is what it looks like on a sniffer). Does anyone have Blue Coat proxies/ACE working? If so, how are your probes configured?
  Thanks,
  probe tcp PROXY_BCC_PROBE
    port 8084
    interval 3
    passdetect interval 3
  probe http PROXY_HTTP1_PROBE
    ip address 198.133.219.25
    port 74
    interval 3
    passdetect interval 3
    request method head url /index.html
    expect status 200 299
  probe http PROXY_HTTP2_PROBE
  ip address 198.133.219.25
    port 74
    interval 3
    request method get url /
    expect status 200 299
  probe tcp PROXY_PROBE
    port 74
    interval 3
    passdetect interval 3

  Hi,
  I have seen this working for one of the customer.
  probe http HTTPGET
    description Tests that www.gmail.com returns 302 redirect
    interval 10
    request method get url http://www.gmail.com
    expect status 302 302
  If I modify your probe :
  probe http PROXY_HTTP1_PROBE
    ip address 198.133.219.25
    port 74
    interval 3
    passdetect interval 3 
  request method get url
    http://www.gmail.com
  expect status 302 302
  Give it a try and see if that helps.
  regards,
  Ajay Kumar

• MAC Floods ISP with TCP ports and is shutdown when count reaches 200

  I was told by ISP provider that my MAC floods them with massive amount of TCP ports when I open a single Safari or FireFox web page. When I am NOT connected, the TCP port count is ABOUT 3 with a Windows XP using a IE connection to APPLE.com PLUS AN SSL CONNECTION. When I open the same web page ON MY MAC, the count INSTANTLY jumps to 70+ and if I connect to another page it jumps to well over 100. If I leave pages open and jump to several different sites, I soon exceed the MAX TCP port limit of 200 and everyone on our home network is pretty much shutdown. Since it is a wireless connection to the ISP, the have to limit TCP ports to 200 per antenna connection. WHY DOES MY MAC USE SO MANY TCP PORTS FOR A SINGLE BROWSER CONNECTION?
  The home network uses LinkSys WRT54G router and WAP54G configured as Wireless Repeater. Windows does not have this problem. I do not have this problem anywhere else but on this wireless ISP connection. How do I remedy this problem?

  Here is a trap of opening a browser page:
  1. sudo tcpdump –pv tcp
  clayton-arndts-computer-2:~ claytonarndt$ sudo tcpdump –pv tcp
  tcpdump: WARNING: en0: no IPv4 address assigned
  tcpdump: illegal token: –
  clayton-arndts-computer-2:~ claytonarndt$
  2.
  lsof -i
  clayton-arndts-computer-2:~ claytonarndt$ lsof -i
  COMMAND&nbs p; PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  ARDAgent 2395 claytonarndt 17u IPv4 0x29bc0f0 0t0 UDP *:net-assistant
  AppleVNCS 2406 claytonarndt 4u IPv6 0x29c1d90 0t0 TCP *:vnc-server (LISTEN)
  SystemUIS 2409 claytonarndt 10u IPv4 0x29bb7a8 0t0 UDP :
  firefox-b 3645 claytonarndt 22u IPv4 0x49a966c 0t0 TCP 192.168.1.113:54212->a204-245-162-11.deploy.akamaitechnologies.com:http (ESTABLISHED)
  firefox-b 3645 claytonarndt&nbs p; 27u IPv4 0x4a9b270 0t0 TCP 192.168.1.113:54213->a204-245-162-11.deploy.akamaitechnologies.com:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 28u IPv4 0x3f3e66c 0t0 TCP 192.168.1.113:54101->216.178.33.45:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 38u IPv4 0x3f56e64 0t0 TCP 192.168.1.113:54208->prodwebmail-mtc06.evip.aol.com:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 39u IPv4 0x4a36a68 0t0 TCP 192.168.1.113:54178->204.2.241.146:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 46u IPv4 0x3fb4e64 0t0 TCP 192.168.1.113:54211->a204-245-162-26.deploy.akamaitechnologies.com:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 47u IPv4 0x4a9a66c 0t0 TCP 192.168.1.113:5 4188->a204-245-162-25.deploy.akamaitechnologies.com:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 48u IPv4 0x3f56a68 0t0 TCP 192.168.1.113:54105->204.0.5.25:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 49u IPv4 0x49b7270 0t0 TCP 192.168.1.113:54135->204.0.5.9:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 50u IPv4 0x49b8e64 0t0 TCP 192.168.1.113:54136->204.0.5.27:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 51u IPv4 0x4a37270 0t0 TCP 192.168.1.113:54185->a204-245-162-33.deploy.akamaitechnologies.com:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 5 5u IPv4 0x49f3e64 0t0 TCP 192.168.1.113:54164->204.0.5.17:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 62u IPv4 0x3ec5a68 0t0 TCP 192.168.1.113:54111->204.0.5.16:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 64u IPv4 0x4a3666c 0t0 TCP 192.168.1.113:54179->a204-245-162-19.deploy.akamaitechnologies.com:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 65u IPv4 0x49d2270 0t0 TCP 192.168.1.113:54155->204.0.5.17:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 69u IPv4 0x49c266c 0t0 TCP 192.168.1.113:54142->204.0.5.33:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 71u IPv4 0x49eee64 0t0 TCP 192.168.1.113:54168->204.2.241.160:http (ESTABLISH ED)
  firefox-b 3645 claytonarndt 72u IPv4 0x49c2270 0t0 TCP 192.168.1.113:54143->204.0.5.24:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 76u IPv4 0x4aa0a68 0t0 TCP 192.168.1.113:54215->prodwebmail-mtc06.evip.aol.com:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 77u IPv4 0x4a9aa68 0t0 TCP 192.168.1.113:54221->a204-245-162-17.deploy.akamaitechnologies.com:http (ESTABLISHED)
  SlingPlay 3655 claytonarndt 6u IPv4 0x3f56270 0t0 TCP 192.168.1.113:53903->192.168.1.100:commplex-link (ESTABLISHED)
  SlingPlay 3655 claytonarndt 7u IPv4 0x3ef6270 0t 0 TCP 192.168.1.113:53904->spas.slingmedia.com:http (CLOSED)
  SlingPlay 3655 claytonarndt 10u IPv4 0x3f6666c 0t0 TCP 192.168.1.113:53905->192.168.1.100:commplex-link (ESTABLISHED)
  clayton-arndts-computer-2:~ claytonarndt$
  3.
  lsof -i -n
  clayton-arndts-computer-2:~ claytonarndt$ lsof -i -n
  COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
  ARDAgent 2395 claytonarndt 17u IPv4 0x29bc
  0f0 0t0 UDP *:net-assistant
  AppleVNCS 2406 claytonarndt 4u IPv6 0x29c1d90 0t0 TCP *:vnc-server (LISTEN)
  SystemUIS 2409 claytonarndt 10u IPv4 0x29bb7a8 0t0 UDP :
  firefox-b 3645 claytonarndt 22u IPv4 0x49a966c 0t0 TCP 192.168.1.113:54212->204.245.162.11:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 27u IPv4 0x4a9b270 0t0 TCP 192.168.1.113:54213->204.245.162.11:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 28u IPv4 0x3f3e66c 0t0 TCP 192.168.1.113:54101->216.178.33.45:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 38u IPv4 0x3f56e64 0t0 TCP 192.168.1.113:54208->64.12.230.1:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 39u IPv4 0
  x4a36a68 0t0 TCP 192.168.1.113:54178->204.2.241.146:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 46u IPv4 0x3fb4e64 0t0 TCP 192.168.1.113:54211->204.245.162.26:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 47u IPv4 0x4a9a66c 0t0 TCP 192.168.1.113:54188->204.245.162.25:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 48u IPv4 0x3f56a68 0t0 TCP 192.168.1.113:54105->204.0.5.25:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 49u IPv4 0x49b7270 0t0 TCP 192.168.1.113:54135->204.0.5.9:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 50u IPv4 0x49b8e64 0t0 TCP 192.168.1.113:54136->204.0.5.27:http (ESTABLISHED)
  firefox-b 3645 claytonarndt
  51u IPv4 0x4a37270 0t0 TCP 192.168.1.113:54185->204.245.162.33:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 55u IPv4 0x49f3e64 0t0 TCP 192.168.1.113:54164->204.0.5.17:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 62u IPv4 0x3ec5a68 0t0 TCP 192.168.1.113:54111->204.0.5.16:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 64u IPv4 0x4a3666c 0t0 TCP 192.168.1.113:54179->204.245.162.19:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 65u IPv4 0x49d2270 0t0 TCP 192.168.1.113:54155->204.0.5.17:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 69u IPv4 0x49c266c 0t0 TCP 192.168.1.113:54142->204.0.5.33:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 71u IPv4 0x49eee64 0t0 TCP 192.168.1.113:54168->204.2.241.160:http (ESTABLISHED)
  fir
  efox-b 3645 claytonarndt 72u IPv4 0x49c2270 0t0 TCP 192.168.1.113:54143->204.0.5.24:http (ESTABLISHED)
  firefox-b 3645 claytonarndt 77u IPv4 0x4a9aa68 0t0 TCP 192.168.1.113:54221->204.245.162.17:http (ESTABLISHED)
  SlingPlay 3655 claytonarndt 6u IPv4 0x3f56270 0t0 TCP 192.168.1.113:53903->192.168.1.100:commplex-link (ESTABLISHED)
  SlingPlay 3655 claytonarndt 7u IPv4 0x3ef6270 0t0 TCP 192.168.1.113:53904->157.22.2.7:http (CLOSED)
  SlingPlay 3655 claytonarndt 10u IPv4 0x3f6666c 0t0 TCP 192.168.1.113:53905->192.168.1.100:commplex-link (ESTABLISHED)
  clayton-arndts-computer-2:~=2
  0claytonarndt$
  The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now!
  The Famous, the Infamous, the Lame - in your browser. Get the TMZ Toolbar Now!

• Http probe on non-standard tcp port 8021

  I've configured http probe on standard port 80 with no issue. I'm now trying http probe on non-standard tcp port 8021, confirmed with packet capture to confirm that the CSM is indeed probing, status code 403 is returned but the reals are showing "probe failed". Am I missing something? Thank you in advance.
  CSM v2.3(3)2
  probe 8021 http
  request method head
  interval 2
  retries 2
  failed 4
  port 8021
  serverfarm TEST
  nat server
  no nat client
  real 10.1.2.101
  inservice
  real 10.1.2.102
  inservice
  probe 8021
  vserver TEST
  virtual 10.1.2.100 tcp 8021
  serverfarm TEST
  replicate csrp connection
  persistent rebalance
  inservice
  VIP and real status:
  vserver type prot virtual vlan state conns
  Q_MAS_8021 SLB TCP 10.1.2.100/32:8021 ALL OUTOFSERVICE 0
  real server farm weight state conns/hits
  10.1.2.101 TEST 8 PROBE_FAILED 0
  10.1.2.102 TEST 8 PROBE_FAILED 0

  you need to specify what HTTP response code you expect.
  The command is :
  gdufour-cat6k-2(config-slb-probe-http)#expect status ?
  <0-999> expected status - minimum value in a range
  The default is to expect only 200.
  This is why your 403 is not accepted.
  Gilles.

• Changing the TCP port on async ports in Cisco router

  Hello,
  My goal is to replace old terminal servers from a factory environment.
  These terminal servers act as a aggregation point of terminal equipment (printers and factory automation).
  Software used in this factory writes to these devices using ip-address of the terminal server and TCP-port starting at 10001, where the last number is a port number.
  The problem is that in Cisco equipment, I can not find a way to change the tcp port to this 1000x. The only option would be to change the softwares TCP-port to Cisco default 200x, but this is not the solution I am looking for. This is because the switchover should be done when the machines are running, and the time window is to short to make changes in the factory software.
  Is there a way to change the logical TCP-port for Cisco routers asyncronous lines (HWIC-16A) to 10001-16?
  Marko Tuhkunen 

  So i figured out that i can use the archive tar /create command:
  To copy the entire flash towards TFTP:
  archive tar /create tftp://X.X.X.X/flash.tar flash:
  Now i will have to insert the new flash and probably format it first towards the correct file systems. Then i will have to use the next archive command:
  archive tar /xtract "Here i am unsure of the syntax, i want to be copying and extracting the tar I backed up from the old flash"
  After these steps are complete can i just reboot the router with the new flash card, won't there be any issues, since the startup config is on the NVRAM it will load the config properly, and i haven't seen any boot parameters but they shouldn't pose any issues since i'm not changing the flash slot.
  Thanks for your assistance

• ACE VIP OK HTTP, NOK other TCP port

  Hi,
  we are having issues in configuring load balancing for a TCP port. For HTTP it's working without issues and we have the ACE also balancing for other TCP ports.
  Here goes the relevant config:
  probe http PROBE-HTTP
    interval 5
    passdetect interval 2
    passdetect count 1
    request method get url /idc/
    expect status 200 200
  probe tcp PROBE-TCP
    port 4444
    interval 5
    passdetect interval 10
  rserver host PRD1
    ip address 10.10.10.1
    inservice
  rserver host PRD2
    ip address 10.10.10.2
    inservice
  serverfarm host SF-HTTP
    probe PROBE-HTTP
    rserver PRD1 80
      inservice
    rserver PRD2 80
      inservice
  serverfarm host SF-TCP
    probe PROBE-TCP
    rserver PRD1 4444
      inservice
    rserver PRD2 4444
      inservice
  sticky ip-netmask 255.255.255.255 address source SC-IP-PRD-HTTP
    timeout 10
    serverfarm SF-HTTP
  class-map match-all NAT-VIP-HTTP
    2 match virtual-address 10.10.35.1 any
  class-map match-all NAT-VIP-TCP
    2 match virtual-address 10.10.35.1 tcp eq 4444
  policy-map type loadbalance first-match LB-VIP-HTTP
    class class-default
      sticky-serverfarm SC-IP-PRD-HTTP
      insert-http x-forward header-value "%is"
  policy-map type loadbalance first-match LB-NAT-VIP-TCP
    class class-default
      serverfarm SF-TCP
  policy-map multi-match POLICY-RSERVER-VIP
    class NAT-VIP-TCP
      loadbalance vip inservice
      loadbalance policy LB-NAT-VIP-TCP
      loadbalance vip icmp-reply active
      nat dynamic 1 vlan 200
    class NAT-VIP-HTTP
      loadbalance vip inservice
      loadbalance policy LB-VIP-HTTP
      loadbalance vip icmp-reply active
      nat dynamic 1 vlan 200
  interface vlan 200
    description SERVER-SIDE
    ip address 10.10.14.2 255.255.255.0
    alias 10.10.14.1 255.255.255.0
    peer ip address 10.10.14.3 255.255.255.0
    access-group input EVERYONE
    nat-pool 1 10.10.4.6 10.10.4.6 netmask 255.255.255.255 pat
    service-policy input AllowICMP
    service-policy input POLICY-RSERVER-VIP
    no shutdown
  The probe are OK, but nothing seems to get to the VIP:
  ACE/CTX# show probe PROBE-TCP
  probe       : PROBE-TCP
  type        : TCP
  state       : ACTIVE
     port      : 4444    address     : 0.0.0.0         addr type  : -
     interval  : 5       pass intvl  : 10              pass count : 3
     fail count: 3       recv timeout: 10
                         --------------------- probe results --------------------
     probe association   probed-address  probes     failed     passed     health
     ------------------- ---------------+----------+----------+----------+-------
     serverfarm  : SF-TCP
       real      : PRD1[4444]
                         10.10.10.1     8853       1          8852       SUCCESS
       real      : PRD2[4444]
                         10.10.10.2     8853       1          8852       SUCCESS
  ACE/CTX# show serverfarm SF-TCP detail
  serverfarm     : SF-TCP, type: HOST
  total rservers : 2
  active rservers: 2
  description    : -
  state          : ACTIVE
  predictor      : ROUNDROBIN
  failaction     : -
  back-inservice    : 0
  partial-threshold : 0
  num times failover       : 0
  num times back inservice : 1
  total conn-dropcount : 0
  Probe(s) :
      PROBE-TCP,  type = TCP
                                                  ----------connections-----------
         real                  weight state        current    total      failures
     ---+---------------------+------+------------+----------+----------+---------
     rserver: PRD1
         10.10.10.1:4444      8      OPERATIONAL  0          0          0
           max-conns            : -         , out-of-rotation count : -
           min-conns            : -
           conn-rate-limit      : -         , out-of-rotation count : -
           bandwidth-rate-limit : -         , out-of-rotation count : -
           retcode out-of-rotation count : -
           load value           : 0
     rserver: PRD2
         10.10.10.2:4444      8      OPERATIONAL  0          0          0
           max-conns            : -         , out-of-rotation count : -
           min-conns            : -
           conn-rate-limit      : -         , out-of-rotation count : -
           bandwidth-rate-limit : -         , out-of-rotation count : -
           retcode out-of-rotation count : -
           load value           : 0
  ACE/CTX# show service-policy POLICY-RSERVER-VIP
  Status     : ACTIVE
  Interface: vlan 1 200
    service-policy: POLICY-RSERVER-VIP
      class: NAT-VIP-TCP
        nat:
          nat dynamic 1 vlan 200
          curr conns       : 0         , hit count        : 0
          dropped conns    : 0
          client pkt count : 0         , client byte count: 0
          server pkt count : 0         , server byte count: 0
          conn-rate-limit      : 0         , drop-count : 0
          bandwidth-rate-limit : 0         , drop-count : 0
        loadbalance:
          L7 loadbalance policy: LB-NAT-VIP-TCP
          VIP ICMP Reply       : ENABLED-WHEN-ACTIVE
          VIP State: INSERVICE
          curr conns       : 0         , hit count        : 0
          dropped conns    : 0
          client pkt count : 0         , client byte count: 0
          server pkt count : 0         , server byte count: 0
          conn-rate-limit      : 0         , drop-count : 0
          bandwidth-rate-limit : 0         , drop-count : 0
        compression:
          bytes_in  : 0
          bytes_out : 0
  I see a lot of this messages in the logging of the ACE:
  show logging | i 4444
  22:02:52 : %ACE-6-302023: Teardown TCP connection 0x18b6 for vlan200:10.10.14.2/26768 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1051 TCP FINs
  22:02:55 : %ACE-6-302022: Built TCP connection 0x14dc for vlan200:10.10.14.2/30318 (10.10.10.1/30318) to vlan200:10.10.10.1/4444 (10.10.14.2/4444)
  22:02:55 : %ACE-6-302023: Teardown TCP connection 0x14dc for vlan200:10.10.14.2/30318 to vlan200:10.10.10.1/4444 duration 0:00:00 bytes 1103 TCP FINs
  22:02:57 : %ACE-6-302022: Built TCP connection 0xc6c for vlan200:10.10.14.2/26784 (10.10.10.2/26784) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
  22:02:57 : %ACE-6-302023: Teardown TCP connection 0xc6c for vlan200:10.10.14.2/26784 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1103 TCP FINs
  22:03:02 : %ACE-6-302022: Built TCP connection 0x151a for vlan200:10.10.14.2/26800 (10.10.10.2/26800) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
  show logging | i 4444
  22:02:52 : %ACE-6-302023: Teardown TCP connection 0x18b6 for vlan200:10.10.14.2/26768 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1051 TCP FINs
  22:02:55 : %ACE-6-302022: Built TCP connection 0x14dc for vlan200:10.10.14.2/30318 (10.10.10.1/30318) to vlan200:10.10.10.1/4444 (10.10.14.2/4444)
  22:02:55 : %ACE-6-302023: Teardown TCP connection 0x14dc for vlan200:10.10.14.2/30318 to vlan200:10.10.10.1/4444 duration 0:00:00 bytes 1103 TCP FINs
  22:02:57 : %ACE-6-302022: Built TCP connection 0xc6c for vlan200:10.10.14.2/26784 (10.10.10.2/26784) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
  22:02:57 : %ACE-6-302023: Teardown TCP connection 0xc6c for vlan200:10.10.14.2/26784 to vlan200:10.10.10.2/4444 duration 0:00:00 bytes 1103 TCP FINs
  22:03:02 : %ACE-6-302022: Built TCP connection 0x151a for vlan200:10.10.14.2/26800 (10.10.10.2/26800) to vlan200:10.10.10.2/4444 (10.10.14.2/4444)
  The client request it's going trough an ASA, in the ASA side I see that the TCP connection it' half-open with SAaB flags. It seems that the VIP never replies with SYN+ACK to the ASA...
  Thank you.
  Best regards

  Hi Norberto,
  The log messages you are getting are most probably the probe connections and not a failure, looking to them you will see your ACE is establishing TCP connection on 4444 then it will teardown the connection with FIN which is expected since you are using TCP keepalives.
  I would recommend to go back and define the problem exactly, what are you exteriancing when you try to telnet on port 4444 toward the VIP from the client?
  Run sniffing software on the client, the server and enable capture on ACE and ASA will give you exact idea what you are experiencing.
  Note: The ASA and the ACE has great capture feature which will show you exactly the packet flows.
  Note: Since you are applying NAT on the client requests, you should see the NATed IP address on the server capture.
  Note: With L4 load balancing the ACE is not spoofing the clients' request, it just forward the SYN, SYN+ACK and ACK between the server and the client.
  Let me know if you have any other questions.
  Best regards,
  Ahmad

• Read data from serial port or TCP port of frontend PC

  Hello Friends,
  I have requirement to read data from device connected to frontend PC which will provide meter reading data.
  Vendor has given me two option.
  1. Device can be connected to seiral port and data transfer will be done through MODBUS RTU protocol.In that case data need to capture from serial port.
  2. Device can be connected to TCP port and Socket program can be provided for data transfer. In that case SAP will act as client and communicate with TCP port.
  There will be multiple workstation with individual meters connected to them.
  I am aware of text file interfacing through front end tools using custom code using VB,JAVA or others.
  Is there any solution availble  to achieve above things using  ABAP other than text file , like direct communication?
  I am using ECC 6.0.

  Hello,
  Socket programming in not available on ABAP, but you may use RFC for the same.
  Use the below links for more details
  [Link 1|http://help.sap.com/printdocu/core/print46c/en/data/pdf/BCFESDE2/BCFESDE2.pdf]
  [Link 2|http://forums.sdn.sap.com/thread.jspa?threadID=1820233]
  Regards,
  Abhishek

• Extended ACL TCP port control

  Hi all,
  I have configured an acl to control traffic going in/out of an interface via tcp ports. However, after applying the acl to the interface, i find that eventhough ports are allowed, traffic is blocked by the acl.
  I suspected that it could be the initial tcp handshake (SYN, SYNACK, ACK etc) is not being allowed (due to the implicit deny). When i included that in the acl, it worked. Is this a necessary step in an acl that controls by tcp port?
  Reason is, some of the acl configured with tcp port control has not been configured to allow SYN, ACK etc but it works when some of these ACLs are applied to other interface.

  Hi,
  Thanks for the response. As far as the config of the ACL, it's quite straight forward with the thing i'm trying to achieve. 1.1.1.190 & 1.1.1.192 are Mail servers. The objective is to control both .190 & .192. The config is as below:
  interface Vlan2
  description For Mail
  ip address 1.1.1.129 255.255.255.0
  ip access-group 2002 in
  end
  C6500#sh access-li 2002
  Extended IP access list 2002
  10 permit icmp any any (272 matches)
  20 permit tcp host 1.1.1.0 any syn (10467 matches)
  30 permit tcp host 1.1.1.0 any ack (781 matches)
  40 permit tcp host 1.1.1.190 eq smtp any
  50 permit tcp host 1.1.1.190 eq pop3 any
  60 permit tcp host 1.1.1.192 eq smtp any
  70 permit tcp host 1.1.1.192 eq pop3 any (4 matches)
  80 permit ip host 1.1.1.183 2.2.0.0 0.0.255.255 (19 matches)
  When I first created this ACL, without the SYN & ACK configured, users failed to connect to the servers. I personally believe users could connect, but it's the return packets from the servers that might have gotten blocked by the ACL. However, after I added in the SYN & ACK, all went well. I could see counters incrementing for the SYN & ACK as well.
  Whereas, some other applications that use some custom ports, ie. 10000, 10001, didn't seem to need the explicit configuration of the SYN/ACKs & the ACL worked well.