Shutdown class; unable to access EJBs/JDBC
I have a fundamental question here, and for which I have not found any documentation
on BEA's own documentation center.
Can I, or can I not invoke operations on EJBs/JDBC/JNDI etc from my implementation
of weblogic.common.T3ShutdownDef??
Startup classes can in general access all resources, and they can also invoke
services on EJBs if LoadBeforeAppDeployments is false (the default) in config.xml.
However, the same does not seem to be true for shutdown classes. I am unable to
access services from a shutdown class.
As soon as I invoke weblogic.Admin with SHUTDOWN as the command, the server transitions
to STANDBY state and then the shutdown class is invoked.
The session bean is found and available, but when a transaction is sought to be
created to execute a finder on an EntityBean within the SessionBean, I get an
exception that transactions cannot be created in the Standby state of the server.
To get around this, I thought I will get a reference to the DataSource from JNDI
and execute a query on the JDBC connection, and that failed as well, saying that
JDBC connections are also not available.
Am I doing something wrong here? Or is this a bug.
I am developing on WLS 7.0.
Thanks!
Vivek.
quote:
Please help me understand why. I have the easeToLoc setup to
received input variables:
The syntax of ActionScript dictates that you refer to the
callback function in the way that I pointed out. The only argument
that is passed to that listener function is an event object. This
is what it expects, nothing more. Take a look at the
docs
for more info, specifically the categories under Programming
ActionScript 3.0 -> Handling Events.
Looking at navPanelClose() and navPanelOpen(), the values
you're trying to pass seem more like constants to me, not
variables. So why not declare them as constants within this class
and refer to them as such within easeToLoc()? If you truly want to
use variables, perhaps creating a separate utility class to handle
this logic will work better.
When trying to access a method within one class from another
...let's say you want to access myMethod() within class MyAClass
from class MyBClass. You could:
1. Declare myMethod() as static and then refer to it from
anywhere after importing MyAClass. So you can call
MyAClass.myMethod() without having to instantiate MyAClass. This is
what you're trying to do here, I think.
2. Have class MyBClass extend MyAClass where myMethod() is
public or protected and MyBClass is in the same package as MyAClass
when it's declared as protected. For this to work you'd have to
instantiate MyBClass.
TS
Similar Messages
-
Unable to access EJB from servlet
Hi,
I have in service method my servlet code.
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.evermind.server.ApplicationInitialContextFactory");
env.put(Context.PROVIDER_URL, "ormi://localhost/hello");
env.put(Context.SECURITY_PRINCIPAL, "admin");
env.put(Context.SECURITY_CREDENTIALS, "mypwd");
Context ctx = new InitialContext(env);
Object obj = ctx.lookup("HelloName");
HelloHome home = (HelloHome) javax.rmi.PortableRemoteObject.narrow(obj, HelloHome.class);
Hello hello = home.create();
this is how i have orion-ejb-jar.xml
<enterprise-beans>
<session-deployment name="Hello" location="HelloName" >
</session-deployment>
</enterprise-beans>
ejb-jar.xml
<session>
<ejb-name>Hello</ejb-name>
<home>examples.HelloHome</home>
<remote>examples.Hello</remote>
<local-home>examples.HelloLocalHome</local-home>
<local>examples.HelloLocal</local>
<ejb-class>examples.HelloBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
</session>
When i access the servlet i get this error.
javax.naming.NameNotFoundException: HelloName not found
at com.evermind.server.rmi.RMIContext.lookup(RMIContext.java:149)
at com.evermind.server.ApplicationContext.lookup(ApplicationContext.java:217)
at com.evermind.server.ApplicationContext.lookup(ApplicationContext.java:88)
at javax.naming.InitialContext.lookup(InitialContext.java:345)
at examples.HelloServlet.service(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:772)
at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:317)
at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:782)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:270)
at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:112)
at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:186)
at java.lang.Thread.run(Thread.java:479)
Is location attribute in orion-ejb-jar.xml used to specify JNDI name? Can i get the JNDI tree showing the name mappings in oc4j? How do i correct this error?
RaviRavi --
The most portable and standards oriented solution is to define an ejb-ref in the web.xml for the servlet, and then look up the name using the formal EJB UNC model.
web.xml:
<ejb-ref>
<ejb-ref-name>ejb/AppSessionFacadeHome</ejb-ref-name>
<ejb-ref-type>Session</ejb-ref-type>
<home>faqapp.ejb.AppSessionFacadeHome</home>
<remote>faqapp.ejb.AppSessionFacade</remote>
</ejb-ref>
servlet lookup
InitialContext ctx = new InitialContext();
Object homeObject = ctx.lookup("java:comp/env/ejb/AppSessionFacadeHome");
EJBHome ejbHome = (EJBHome)
portableRemoteObject.narrow (homeObject, AppSessionFacadeHome.class);
cheers
-steve- -
Unable to access EJB in J2EE 1.4 RI
Hello,
I am trying to connect to an EJB (in J2EE 1.4 RI) from a client using following code:
Context init = new InitialContext();
Object ref = init.lookup("java:comp/env/ejb/EJBName");
It appear that client is not connecting to the naming (JNDI) server. It gives an exception saying
"Specify class name in environment or system property.......".
Any suggestions
1. For configuring JNDI properties for J2EE 1.4 RI to perform the lookup for an EJB
2. What jar files should be included in the classpath?
Thanks in advance
sanToo less description...Paste the complete stack trace
-
Unable to access EJB with servlet as client
Hi,
I am Naga, a java developer trying to work with Weblogic6.1 at present.
When i try to use Servlet as a client to my EJB, I am getting an error
saying that Home class not found.
i have kept the Servlet class file under
E:\bea\wlserver6.1\config\mydomain\applications\DefaultWebApp\WEB-INF\classe
s
folder.
i mentioned the EJB-ref tags in web.xml too, But it is not working.
How to make the EJB home and remote interfaces visible to Servlet with
weblogic6.1 ?
If i put the EJB.jar file under
E:\bea\wlserver6.1\config\mydomain\applications\DefaultWebApp\WEB-INF\lib
directory the application is working. Is this is the only way to do ?
After reading the article "EJB 2 and J2EE Packaging, Part II" at http://www.onjava.com/pub/a/onjava/2001/07/25/ejb.html,
i came to know that their is another way to do this, but i could not get it properly.
If any one could explain about the series of steps involved, that would be
really great and appreciated.
Thanks in advance
Naga.Hi Naga,
If webApp and EJB are deployed as separate components,then you need to have EJB
classes in WEB-INF/classes of your webApp.
If the app is in EAR format then the servlet can see the EJb classes directly.
Thanks,
Vijay
"Nagamahesh" <[email protected]> wrote:
>
Hi,
I am Naga, a java developer trying to work with Weblogic6.1 at present.
When i try to use Servlet as a client to my EJB, I am getting an error
saying that Home class not found.
i have kept the Servlet class file under
E:\bea\wlserver6.1\config\mydomain\applications\DefaultWebApp\WEB-INF\classe
s
folder.
i mentioned the EJB-ref tags in web.xml too, But it is not working.
How to make the EJB home and remote interfaces visible to Servlet with
weblogic6.1 ?
If i put the EJB.jar file under
E:\bea\wlserver6.1\config\mydomain\applications\DefaultWebApp\WEB-INF\lib
directory the application is working. Is this is the only way to do ?
After reading the article "EJB 2 and J2EE Packaging, Part II" at http://www.onjava.com/pub/a/onjava/2001/07/25/ejb.html,
i came to know that their is another way to do this, but i could not
get it properly.
If any one could explain about the series of steps involved, that would
be
really great and appreciated.
Thanks in advance
Naga. -
WARNING: Unable to access loaded classes
Hi,
Just installed OAS 10.1.3 on AIX. When I started the home OC4J instance, I got "WARNING: Unable to access loaded classes" in the OC4J~home~default_group~1 log file. Why this happened? Which classes unable to access?
Thanks in advance.
RichardFixed as per Oracle Support (Note 376890.1 and Bug.5252013, not published yet)
set the java system property in opmn.xml for home OC4J instance
-Dclass.transfer=delegate -
Unable to access classes in third party jar files packaged with my ejb.jar
I have packaged some third party jar files in my xxx_ejb.jar file. The third party jar file contains classes that are accessed by some custom classes which are in turn accessed by my bean classes. I get the following error when my custom classes attempt to use any of the classes in one of the third party jar files:
java.lang.NoClassDefFoundError: com/Ostermiller/util/CSVParser
Shouldn't I be able to access classes in jar files that are packaged with my xxx_ejb.jar file? I see the xxx_ejb.jar file as a resource of the application classloader that contains it but I don't see the third party jar files.As per the Java EE specification, additional JAR files should be packaged on the EAR level. Only WAR files' WEB-INF/lib folder is scanned for JAR files to be added to the classloader.
-
A sign Applet unable to load "oracle.jdbc.OracleDriver" class
hi,
i am chiranjit , i am now working in a web based ERP. where i am using a signed applet which unable to load "oracle.jdbc.OracleDriver" class but it easily loading "sun.jdbc.odbc.JdbcOdbcDriver", i am also giving my code:
import java.sql.*;
import java.math.*;
import java.io.*;
import java.awt.*;
class JdbcTest extends Applet{
public static void main (String args[]) throws SQLException {
// Load Oracle driver
DriverManager.registerDriver (new oracle.jdbc.OracleDriver());
// Connect to the local database
Connection conn =
DriverManager.getConnection
("jdbc:oracle:thin:@192.168.16.7:1521:kris",
"plsql", "oracle");
// Query the employee names
Statement stmt = conn.createStatement ();
ResultSet rset = stmt.executeQuery ("SELECT FIRST_NAME FROM
AUTHORS");
// Print the name out
while (rset.next ())
System.out.println (rset.getString (1));
// Close the result set, statement, and the connection
rset.close();
stmt.close();
conn.close();
}Hint: The sun.jdbc.odbc.JdbcOdbcDriver is available in any JRE distribution. The Oracle driver is not.
-
Unable to load a class specified in your ejb-jar.xml
I was trying an example on entity bean CMP, i created the bean and tried to deploy it.I got the following error :-
Exception:weblogic.management.ApplicationException: prepare failed for CMP Module: CMP Error: Exception preparing module: EJBModule(CMP,status=NEW) Unable to deploy EJB: C:\bea\user_projects\domains\Testdomain\applications\CMP.jar from CMP.jar: weblogic.ejb20.deployer.DeploymentDescriptorException: Unable to load a class specified in your ejb-jar.xml: pack.sams.ItemBean at weblogic.ejb20.deployer.MBeanDeploymentInfoImpl.initializeBeanInfos(Lweblogic.management.descriptors.toplevel.EJBDescriptorMBean;Lweblogic.utils.classloaders.GenericClassLoader;)V(MBeanDeploymentInfoImpl.java:550) at weblogic.ejb20.deployer.MBeanDeploymentInfoImpl.<init>(Lweblogic.management.descriptors.toplevel.EJBDescriptorMBean;Lweblogic.utils.classloaders.GenericClassLoader;Ljava.lang.String;Ljava.lang.String;Ljava.lang.String;Lweblogic.utils.jars.VirtualJarFile;)V(MBeanDeploymentInfoImpl.java:232) at weblogic.ejb20.deployer.EJBDeployer.prepare(Lweblogic.utils.jars.VirtualJarFile;Ljava.lang.ClassLoader;Lweblogic.management.descriptors.toplevel.EJBDescriptorMBean;Ljavax.naming.Context;Ljava.util.Map;)V(EJBDeployer.java:1302) at weblogic.ejb20.deployer.EJBModule.prepare(Ljava.lang.ClassLoader;)V(EJBModule.java:498) at weblogic.j2ee.J2EEApplicationContainer.prepareModule(Lweblogic.utils.classloaders.GenericClassLoader;Lweblogic.j2ee.J2EEApplicationContainer$Component;Z)V(J2EEApplicationContainer.java:3101) at weblogic.j2ee.J2EEApplicationContainer.prepareModules([Lweblogic.j2ee.J2EEApplicationContainer$Component;Ljava.lang.String;Z)V(J2EEApplicationContainer.java:1560) at weblogic.j2ee.J2EEApplicationContainer.prepare([Lweblogic.j2ee.J2EEApplicationContainer$Component;[Ljava.lang.String;Ljava.lang.String;Ljava.lang.String;)V(J2EEApplicationContainer.java:1208) at weblogic.j2ee.J2EEApplicationContainer.prepare(Ljava.lang.String;[Lweblogic.management.configuration.ComponentMBean;[Ljava.lang.String;)V(J2EEApplicationContainer.java:1051) at weblogic.management.deploy.slave.SlaveDeployer$ComponentActivateTask.prepareContainer()V(SlaveDeployer.java:2444) at weblogic.management.deploy.slave.SlaveDeployer$ActivateTask.createContainer()Z(SlaveDeployer.java:2394) at weblogic.management.deploy.slave.SlaveDeployer$ActivateTask.prepare()V(SlaveDeployer.java:2310) at weblogic.management.deploy.slave.SlaveDeployer.processPrepareTask(Lweblogic.management.deploy.OamVersion;Lweblogic.management.runtime.DeploymentTaskRuntimeMBean;Z)V(SlaveDeployer.java:866) at weblogic.management.deploy.slave.SlaveDeployer.prepareDelta(Lweblogic.management.deploy.OamDelta;Lweblogic.management.deploy.OamVersion;ZLjava.lang.StringBuffer;)Z(SlaveDeployer.java:594) at weblogic.management.deploy.slave.SlaveDeployer.prepareUpdate(Ljava.util.ArrayList;Z)V(SlaveDeployer.java:508) at weblogic.drs.internal.SlaveCallbackHandler$1.execute(Lweblogic.kernel.ExecuteThread;)V(SlaveCallbackHandler.java:25) at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:219) at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:178) at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)
[Deployer:149033]preparing application CMP on ejb
[Deployer:149033]failed application CMP on ejb
[Deployer:149034]An exception occurred for task [Deployer:149026]Deploy application CMP on ejb.: Exception:weblogic.management.ApplicationException: prepare failed for CMP Module: CMP Error: Exception preparing module: EJBModule(CMP,status=NEW) Unable to deploy EJB: C:\bea\user_projects\domains\Testdomain\applications\CMP.jar from CMP.jar: weblogic.ejb20.deployer.DeploymentDescriptorException: Unable to load a class specified in your ejb-jar.xml: pack.sams.ItemBean at weblogic.ejb20.deployer.MBeanDeploymentInfoImpl.initializeBeanInfos(Lweblogic.management.descriptors.toplevel.EJBDescriptorMBean;Lweblogic.utils.classloaders.GenericClassLoader;)V(MBeanDeploymentInfoImpl.java:550) at weblogic.ejb20.deployer.MBeanDeploymentInfoImpl.<init>(Lweblogic.management.descriptors.toplevel.EJBDescriptorMBean;Lweblogic.utils.classloaders.GenericClassLoader;Ljava.lang.String;Ljava.lang.String;Ljava.lang.String;Lweblogic.utils.jars.VirtualJarFile;)V(MBeanDeploymentInfoImpl.java:232) at weblogic.ejb20.deployer.EJBDeployer.prepare(Lweblogic.utils.jars.VirtualJarFile;Ljava.lang.ClassLoader;Lweblogic.management.descriptors.toplevel.EJBDescriptorMBean;Ljavax.naming.Context;Ljava.util.Map;)V(EJBDeployer.java:1302) at weblogic.ejb20.deployer.EJBModule.prepare(Ljava.lang.ClassLoader;)V(EJBModule.java:498) at weblogic.j2ee.J2EEApplicationContainer.prepareModule(Lweblogic.utils.classloaders.GenericClassLoader;Lweblogic.j2ee.J2EEApplicationContainer$Component;Z)V(J2EEApplicationContainer.java:3101) at weblogic.j2ee.J2EEApplicationContainer.prepareModules([Lweblogic.j2ee.J2EEApplicationContainer$Component;Ljava.lang.String;Z)V(J2EEApplicationContainer.java:1560) at weblogic.j2ee.J2EEApplicationContainer.prepare([Lweblogic.j2ee.J2EEApplicationContainer$Component;[Ljava.lang.String;Ljava.lang.String;Ljava.lang.String;)V(J2EEApplicationContainer.java:1208) at weblogic.j2ee.J2EEApplicationContainer.prepare(Ljava.lang.String;[Lweblogic.management.configuration.ComponentMBean;[Ljava.lang.String;)V(J2EEApplicationContainer.java:1051) at weblogic.management.deploy.slave.SlaveDeployer$ComponentActivateTask.prepareContainer()V(SlaveDeployer.java:2444) at weblogic.management.deploy.slave.SlaveDeployer$ActivateTask.createContainer()Z(SlaveDeployer.java:2394) at weblogic.management.deploy.slave.SlaveDeployer$ActivateTask.prepare()V(SlaveDeployer.java:2310) at weblogic.management.deploy.slave.SlaveDeployer.processPrepareTask(Lweblogic.management.deploy.OamVersion;Lweblogic.management.runtime.DeploymentTaskRuntimeMBean;Z)V(SlaveDeployer.java:866) at weblogic.management.deploy.slave.SlaveDeployer.prepareDelta(Lweblogic.management.deploy.OamDelta;Lweblogic.management.deploy.OamVersion;ZLjava.lang.StringBuffer;)Z(SlaveDeployer.java:594) at weblogic.management.deploy.slave.SlaveDeployer.prepareUpdate(Ljava.util.ArrayList;Z)V(SlaveDeployer.java:508) at weblogic.drs.internal.SlaveCallbackHandler$1.execute(Lweblogic.kernel.ExecuteThread;)V(SlaveCallbackHandler.java:25) at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:219) at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:178) at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source) .
Please suggest a solution to this error.
Note that the class specified in the error is in its package. So this doesn't seems to be exact error. Please suggest.Hi,
I have faced same problem most of time and resolved ot by recompileing my all the classes and new deployment descriptors. First you should make new java files for all clases(copy contents fron old java files ) and make anew package same as old and then do all the required process and re deploy it. I think because of some problem in class generation. -
Unable to access remote EJB object on different server
I have deployed an EJB module on one server. I have been able to access the entity beans on this server from a standalone java client (on a different machine) using the CORBA Interopable Naming Syntax. Using this syntax
corbaname:iiop:<hostname>:port#<jndi-name>
However, when I deploy another EJB module on a separate server I am unable to access the objects held on the original server. I am using the same syntax as the java client.
We are using Sun Application Server to deploy the modules. The error held in the server log is below. Can someone help with this. Does the Sun Application Server prevent connection to remote objects by default?
[#|2005-12-09T17:39:55.703+0000|SEVERE|sun-appserver-pe8.1_02|javax.enterprise.resource.corba._DEFAULT_.rpc.transport|_ThreadID=11;|"IOP00410216: (COMM_FAILURE) Unable to create IIOP listener on the specified host/port: all interfaces/3700"
org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 216 completed: No
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.createListenerFailed(ORBUtilSystemException.java:2661)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.createListenerFailed(ORBUtilSystemException.java:2681)
at com.sun.corba.ee.impl.transport.SocketOrChannelAcceptorImpl.initialize(SocketOrChannelAcceptorImpl.java:167)
at com.sun.corba.ee.impl.transport.CorbaTransportManagerImpl.getAcceptors(CorbaTransportManagerImpl.java:207)
at com.sun.corba.ee.impl.transport.CorbaTransportManagerImpl.addToIORTemplate(CorbaTransportManagerImpl.java:224)
at com.sun.corba.ee.spi.oa.ObjectAdapterBase.initializeTemplate(ObjectAdapterBase.java:104)
at com.sun.corba.ee.impl.oa.toa.TOAImpl.<init>(TOAImpl.java:78)
at com.sun.corba.ee.impl.oa.toa.TOAFactory.getTOA(TOAFactory.java:65)
at com.sun.corba.ee.impl.orb.ORBImpl.connect(ORBImpl.java:1536)
at com.sun.corba.ee.spi.presentation.rmi.StubAdapter.connect(StubAdapter.java:164)
at com.sun.corba.ee.impl.orbutil.ORBUtility.connectAndGetIOR(ORBUtility.java:825)
at com.sun.corba.ee.impl.orb.ORBImpl.getFVDCodeBaseIOR(ORBImpl.java:901)
at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.addServiceContexts(CorbaClientRequestDispatcherImpl.java:737)
at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:227)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:127)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaClientDelegateImpl.java:244)
at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
at org.omg.CosNaming.NamingContextHelper.narrow(NamingContextHelper.java:69)
at com.sun.jndi.cosnaming.CNCtx.setOrbAndRootContext(CNCtx.java:345)
at com.sun.jndi.cosnaming.CNCtx.initUsingCorbanameUrl(CNCtx.java:321)
at com.sun.jndi.cosnaming.CNCtx.initUsingUrl(CNCtx.java:247)
at com.sun.jndi.cosnaming.CNCtx.createUsingURL(CNCtx.java:85)
at com.sun.jndi.url.iiop.iiopURLContextFactory.getUsingURLIgnoreRest(iiopURLContextFactory.java:56)
at com.sun.jndi.url.iiop.iiopURLContext.getRootURLContext(iiopURLContext.java:44)
at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:182)
at javax.naming.InitialContext.lookup(InitialContext.java:351)
at com.ppl.services.ServiceLocator.lookup(ServiceLocator.java:47)
at com.ppl.services.ServiceLocator.getRemoteHome(ServiceLocator.java:74)
at com.ppl.services.ServiceLocator.getRemoteUSRRoutinesHome(ServiceLocator.java:134)
at com.ppl.business.LoginBusiness.isUserServiceAvailable(LoginBusiness.java:50)
at org.apache.jsp.testEJBComponents_jsp._jspService(testEJBComponents_jsp.java:72)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:105)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:336)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:251)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:132)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:185)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:653)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:534)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.doTask(ProcessorTask.java:403)
at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:55)
Caused by: java.lang.Error: Untranslated exception
at sun.nio.ch.Net.translateToSocketException(Net.java:63)
at sun.nio.ch.Net.translateException(Net.java:79)
at sun.nio.ch.Net.translateException(Net.java:85)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:61)
at com.sun.enterprise.server.ss.ASServerSocket.bind(ASServerSocket.java:258)
at com.sun.enterprise.server.ss.ASServerSocket.bind(ASServerSocket.java:231)
at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createServerSocket(IIOPSSLSocketFactory.java:289)
at com.sun.corba.ee.impl.transport.SocketOrChannelAcceptorImpl.initialize(SocketOrChannelAcceptorImpl.java:160)
... 62 more
Caused by: java.net.SocketException: Already bound
at sun.nio.ch.Net.translateToSocketException(Net.java:49)
... 69 more
Caused by: sun.nio.ch.AlreadyBoundException
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:114)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59)
... 66 more
|#]
[#|2005-12-09T17:39:55.703+0000|WARNING|sun-appserver-pe8.1_02|javax.enterprise.resource.corba._INITIALIZING_.rpc.presentation|_ThreadID=11;|"IOP02310202: (OBJ_ADAPTER) Error in connecting servant to ORB"
org.omg.CORBA.OBJ_ADAPTER: vmcid: SUN minor code: 202 completed: No
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.orbConnectError(ORBUtilSystemException.java:8276)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.orbConnectError(ORBUtilSystemException.java:8294)
at com.sun.corba.ee.impl.orb.ORBImpl.connect(ORBImpl.java:1538)
at com.sun.corba.ee.spi.presentation.rmi.StubAdapter.connect(StubAdapter.java:164)
at com.sun.corba.ee.impl.orbutil.ORBUtility.connectAndGetIOR(ORBUtility.java:825)
at com.sun.corba.ee.impl.orb.ORBImpl.getFVDCodeBaseIOR(ORBImpl.java:901)
at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.addServiceContexts(CorbaClientRequestDispatcherImpl.java:737)
at com.sun.corba.ee.impl.protocol.CorbaClientRequestDispatcherImpl.beginRequest(CorbaClientRequestDispatcherImpl.java:227)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.request(CorbaClientDelegateImpl.java:127)
at com.sun.corba.ee.impl.protocol.CorbaClientDelegateImpl.is_a(CorbaClientDelegateImpl.java:244)
at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112)
at org.omg.CosNaming.NamingContextHelper.narrow(NamingContextHelper.java:69)
at com.sun.jndi.cosnaming.CNCtx.setOrbAndRootContext(CNCtx.java:345)
at com.sun.jndi.cosnaming.CNCtx.initUsingCorbanameUrl(CNCtx.java:321)
at com.sun.jndi.cosnaming.CNCtx.initUsingUrl(CNCtx.java:247)
at com.sun.jndi.cosnaming.CNCtx.createUsingURL(CNCtx.java:85)
at com.sun.jndi.url.iiop.iiopURLContextFactory.getUsingURLIgnoreRest(iiopURLContextFactory.java:56)
at com.sun.jndi.url.iiop.iiopURLContext.getRootURLContext(iiopURLContext.java:44)
at com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:182)
at javax.naming.InitialContext.lookup(InitialContext.java:351)
at com.ppl.services.ServiceLocator.lookup(ServiceLocator.java:47)
at com.ppl.services.ServiceLocator.getRemoteHome(ServiceLocator.java:74)
at com.ppl.services.ServiceLocator.getRemoteUSRRoutinesHome(ServiceLocator.java:134)
at com.ppl.business.LoginBusiness.isUserServiceAvailable(LoginBusiness.java:50)
at org.apache.jsp.testEJBComponents_jsp._jspService(testEJBComponents_jsp.java:72)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:105)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:336)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:251)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
at sun.reflect.GeneratedMethodAccessor60.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:161)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:132)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:185)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:653)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:534)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.doTask(ProcessorTask.java:403)
at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:55)
Caused by: org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code: 216 completed: No
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.createListenerFailed(ORBUtilSystemException.java:2661)
at com.sun.corba.ee.impl.logging.ORBUtilSystemException.createListenerFailed(ORBUtilSystemException.java:2681)
at com.sun.corba.ee.impl.transport.SocketOrChannelAcceptorImpl.initialize(SocketOrChannelAcceptorImpl.java:167)
at com.sun.corba.ee.impl.transport.CorbaTransportManagerImpl.getAcceptors(CorbaTransportManagerImpl.java:207)
at com.sun.corba.ee.impl.transport.CorbaTransportManagerImpl.addToIORTemplate(CorbaTransportManagerImpl.java:224)
at com.sun.corba.ee.spi.oa.ObjectAdapterBase.initializeTemplate(ObjectAdapterBase.java:104)
at com.sun.corba.ee.impl.oa.toa.TOAImpl.<init>(TOAImpl.java:78)
at com.sun.corba.ee.impl.oa.toa.TOAFactory.getTOA(TOAFactory.java:65)
at com.sun.corba.ee.impl.orb.ORBImpl.connect(ORBImpl.java:1536)
... 56 more
Caused by: java.lang.Error: Untranslated exception
at sun.nio.ch.Net.translateToSocketException(Net.java:63)
at sun.nio.ch.Net.translateException(Net.java:79)
at sun.nio.ch.Net.translateException(Net.java:85)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:61)
at com.sun.enterprise.server.ss.ASServerSocket.bind(ASServerSocket.java:258)
at com.sun.enterprise.server.ss.ASServerSocket.bind(ASServerSocket.java:231)
at com.sun.enterprise.iiop.IIOPSSLSocketFactory.createServerSocket(IIOPSSLSocketFactory.java:289)
at com.sun.corba.ee.impl.transport.SocketOrChannelAcceptorImpl.initialize(SocketOrChannelAcceptorImpl.java:160)
... 62 more
Caused by: java.net.SocketException: Already bound
at sun.nio.ch.Net.translateToSocketException(Net.java:49)
... 69 more
Caused by: sun.nio.ch.AlreadyBoundException
at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:114)
at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59)
... 66 more
|#]http://docs.sun.com/source/819-0079/dgjndi.html
-
Unable to load oracle.jdbc.driver.OracleDriver class
i want to connect my java application with oracle database but i m getting an error -"class not found exception oracle.jdbc.driver.OracleDriver " which is written in Class.forName() to register the driver for DriverManager.
plz help me..This is an old class, not included with the JDK anymore. It was made obsolete by
DataSource which is a connection pool and not a single connection. -
Unable to access values from database in login page..
Hey all,
Friends I have a login.jsp page and I want if i enter username and password then it will be accessed from database and after verifying the details it will open main.jsp.I made a database as "abc" and created DSN as 1st_login having table 1st_login. But the problem is that I am unable to access values from database.
So Please help me.
Following is my code:
<HTML>
<body background="a.jpg">
<marquee>
<CENTER><font size="5" face="times" color="#993300"><b>Welcome to the"<U><I>XYZ</I></U>" of ABC</font></b></CENTER></marquee>
<br>
<br>
<br>
<br><br>
<br>
<form name="login_form">
<CENTER><font size="4" face="times new roman">
Username
<input name="username" type="text" class="inputbox" alt="username" size="20" />
<br>
<br>
Password
<input type="password" name="pwd" class="inputbox" size="20" alt="password" />
<br/>
<input type="hidden" name="option" value="login" />
<br>
<input type="SUBMIT" name="SUBMIT" class="button" value="Submit" onClick="return check();"> </CENTER>
</td>
</tr>
<tr>
<td>
</form>
</table>
<%
try {
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection connection = DriverManager.getConnection("jdbc:odbc:1st_login");
Statement statement = connection.createStatement();
String query = "SELECT username, password FROM 1st_login WHERE username='";
query += request.getParameter("username") + "' AND password='";
query += request.getParameter("password") + "';";
ResultSet resSum = statement.executeQuery(query);
//change: you gotta move the pointer to the first row of the result set.
resSum.next();
if (request.getParameter("username").equalsIgnoreCase(resSum.getString("username")) && request.getParameter("password").equalsIgnoreCase(resSum.getString("password")))
%>
//now it must connected to next page..
<%
else
%>
<h2>You better check your username and password!</h2>
<%
}catch (SQLException ex ){
System.err.println( ex);
}catch (Exception er){
er.printStackTrace();
%>
<input type="hidden" name="op2" value="login" />
<input type="hidden" name="lang" value="english" />
<input type="hidden" name="return" value="/" />
<input type="hidden" name="message" value="0" />
<br>
<br><br>
<br><br>
<br><br><br><br><br>
<font size="2" face="arial" color="#993300">
<p align="center"> <B>ABC © PQR</B>
</BODY>
</HTML>
and in this code i am getting following error
C:\Project\SRS\build\generated\src\org\apache\jsp\loginjsp.java:93: cannot find symbol_
C:\Project\SRS\build\generated\src\org\apache\jsp\loginjsp.java:93: cannot find symbol_
C:\Project\SRS\build\generated\src\org\apache\jsp\loginjsp.java:94: cannot find symbol_
C:\Project\SRS\build\generated\src\org\apache\jsp\loginjsp.java:95: cannot find symbol_
4 errors
C:\Project\SRS\nbproject\build-impl.xml:360: The following error occurred while executing this line:
C:\Project\SRS\nbproject\build-impl.xml:142: Compile failed; see the compiler error output for details.
BUILD FAILED (total time: 6 seconds)As long as you're unable to compile Java code, please use the 'New to Java' forum. This is really trival.
To ease writing, debugging and maintenance, I highly recommend you to write Java code in Java classes rather than JSP files. Start learning Servlets. -
Unable to deploy EJB 3.0 on JBoss 4.0.4GA - no home interface
I am stuck in that my EJB3.0 project (one entity bean, one session bean and one client test bean) builds OK but somehow Eclipse Europa is unable to deploy it to JBoss (4.0.4 GA and 5 Beta) -- something to do with JNDI error as it involves javax.naming exceptions.
My Eclipse directory structure is :-
Titan (project name)
|
ejb - com.titan (package name)
| |
| domain -> Cabin.java (my entity bean)
| |
| travelagent -> TravelAgentBean.java
| -> TravelAgentRemote.java
|
META_INF -> ejb-jar.xml
-> MANIFEST.MF
-> persistence.xml
My ejb-jar.xml is :
<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar id="ejb-jar_ID" version="2.1" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd">
<display-name>Titan</display-name>
<enterprise-beans>
<!-- Session Beans -->
<session >
<display-name>TravelAgentBean</display-name>
<ejb-name>com/titan/travelagent/ejb/TravelAgentBean</ejb-name>
<remote>com.titan.travelagent.ejb.TravelAgentRemote</remote>
<ejb-class>com.titan.travelagent.ejb.TravelAgentBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
</session>
</enterprise-beans>
</ejb-jar>
And my persistence.xml is :
<?xml version="1.0" encoding="UTF-8"?>
<persistence version="1.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd">
<persistence-unit name="Titan">
<provider>org.hibernate.ejb.HibernatePersistence</provider>
<class>com.titan.domain.Cabin</class>
<properties>
<property name="hibernate.connection.driver_class" value="oracle.jdbc.OracleDriver" />
<property name="hibernate.connection.url"
value="jdbc:oracle:thin:@localhost:1521:XE" />
<property name="hibernate.connection.username" value="SYSTEM" />
<property name="hibernate.connection.password" value="Swordfish1" />
</properties>
</persistence-unit>
</persistence>
I right-click on the Titan project name and choose Build Project. I get the following error message :-
13:01:06,046 WARN [verifier] EJB spec violation:
Bean : com/titan/travelagent/TravelAgentBean
Section: 7.11.2
Warning: A Session bean must implement, directly or indirectly, the javax.ejb.SessionBean interface.
13:01:06,046 WARN [verifier] EJB spec violation:
Bean : com/titan/travelagent/TravelAgentBean
Section: 7.11.3
Warning: A Session bean must define at least one ejbCreate method.
13:01:06,046 WARN [verifier] EJB spec violation:
Bean : com/titan/travelagent/TravelAgentBean
Section: 7.11.1
Warning: The session bean must implement either a remote home and remote, or a local home and a local interface or a service endpoint interface.
13:01:06,062 ERROR [MainDeployer] Could not create deployment: file:/C:/jboss-4.0.4.GA/server/default/deploy/Titan.jar
I don't understand, because as of EJB 3.0, you don't really need a home or local-home interface anymore...Using @SecurityDomain("exemplo1") in my EJB and NOT providing jboss.xml, it works.
@SecurityDomain("exemplo1")
@RolesAllowed("yyy")
@Stateless(name="UserManagement")
public class UserManagementBean implements UserManagement {
public void add(User user) {
}Damn! This is some serious shit... I don�t want to configure this in every single EJB.
EJB 3.0 is nice, but some small trivial details like this and others, that was forgotten by Sun, piss me off! -
Unable to access secondary subnet via VPN
I am having a problem with clients accessing a secondary subnet via VPN.
Clients on VPN are given the address on the 192.168.15.0 subnet. Once connected they can access 192.168.16.0 (Production subnet) fine, but are unable to access the 192.168.8.0 secondary subnet. If you are on the 192.168.16.0 subnet in the office you can access 192.168.8.0 subnet fine. The traffic is coming in via an ASA 5510 then traverses a Juniper firewall and a MPLS router to the secondary subnet. I'm not sure if it's a nat issue or not. Any help would be helpful.
Below is the config of the ASA. Thank you in advance
ASA Version 8.2(5)
hostname charlotte
domain-name tg.local
enable password v4DuEgO1ZTlkUiaA encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.254.0 Peak10 description Peak10
name 192.168.116.0 Charlotte_Phones description Charlotte_Phones
name 192.168.15.0 Charlotte_SSL_VPN_Clients description Charlotte_SSL_VPN_Client s
name 192.168.17.0 Charlotte_Wireless_Data description Charlotte_Wireless_Data
name 192.168.117.0 Charlotte_Wireless_Phones description Charlotte_Wireless_Phon es
name 192.168.5.0 Huntersville description Huntersville
name 192.168.16.1 SRX_Gateway description Juniper_SRX
name 192.168.108.0 Canton_Data description Canton_Data
name 192.168.8.0 Canton_Phones description Canton_Phones
name 192.168.9.0 Canton_Wireless_Data description Canton_Wireless_Data
name 192.168.109.0 Canton_Wireless_Phones description Canton_Wireless_Phones
name 192.168.16.4 TEST_IP description TEST_IP
name 192.168.16.2 CantonGW description Canton GW 192.168.16.2
name 192.168.5.1 HuntersvilleGW
name 10.176.0.0 RS_Cloud description 10.176.0.0/12
name 172.16.8.0 RS_172.16.8.0
name 172.16.48.0 RS_172.16.48.0
name 172.16.52.0 RS_172.16.52.0
name 10.208.0.0 RS_Cloud_New
name 10.178.0.0 RS_10.178.0.0 description Rackspace DEV servers
name 10.178.0.6 RS_10.178.0.6
name 172.16.20.0 RS_172.16.20.0
interface Ethernet0/0
nameif Outside
security-level 0
ip address 70.63.165.219 255.255.255.248
interface Ethernet0/1
nameif Inside
security-level 100
ip address 192.168.16.202 255.255.255.0
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
banner login ASA Login - Unauthorized access is prohibited
banner login ASA Login - Unauthorized access is prohibited
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup Outside
dns domain-lookup Inside
dns domain-lookup management
dns server-group DefaultDNS
name-server 192.168.16.122
name-server 8.8.8.8
domain-name tg.local
dns server-group defaultdns
name-server 192.168.16.122
domain-name tg.local
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group network DM_INLINE_NETWORK_2
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Canton_Phones 255.255.255.0
object-group network DM_INLINE_NETWORK_3
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object Huntersville 255.255.255.0
object-group network DM_INLINE_NETWORK_4
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object Huntersville 255.255.255.0
object-group network DM_INLINE_NETWORK_10
network-object RS_Cloud 255.240.0.0
network-object 172.16.0.0 255.255.252.0
network-object RS_172.16.8.0 255.255.252.0
network-object RS_172.16.48.0 255.255.252.0
network-object RS_172.16.52.0 255.255.252.0
network-object RS_Cloud_New 255.240.0.0
network-object RS_10.178.0.0 255.255.0.0
network-object RS_172.16.20.0 255.255.252.0
network-object 172.16.0.0 255.255.0.0
network-object Canton_Phones 255.255.255.0
object-group network DM_INLINE_NETWORK_7
network-object RS_Cloud 255.240.0.0
network-object 172.16.0.0 255.255.252.0
network-object RS_172.16.8.0 255.255.252.0
network-object RS_172.16.48.0 255.255.240.0
network-object RS_172.16.52.0 255.255.252.0
network-object RS_Cloud_New 255.240.0.0
network-object RS_10.178.0.0 255.255.0.0
network-object RS_172.16.20.0 255.255.252.0
network-object 172.16.0.0 255.255.0.0
object-group network DM_INLINE_NETWORK_8
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Charlotte_Wireless_Data 255.255.255.0
network-object Canton_Data 255.255.255.0
network-object Canton_Phones 255.255.255.0
object-group network DM_INLINE_NETWORK_9
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Charlotte_Wireless_Data 255.255.255.0
network-object Canton_Data 255.255.255.0
network-object Canton_Phones 255.255.255.0
object-group network DM_INLINE_NETWORK_11
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Charlotte_Wireless_Data 255.255.255.0
object-group network DM_INLINE_NETWORK_12
network-object RS_Cloud 255.240.0.0
network-object 172.16.0.0 255.255.252.0
network-object RS_172.16.8.0 255.255.252.0
network-object RS_172.16.20.0 255.255.252.0
network-object 172.16.0.0 255.255.0.0
object-group network DM_INLINE_NETWORK_13
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Charlotte_Wireless_Data 255.255.255.0
network-object Canton_Phones 255.255.255.0
network-object Canton_Data 255.255.255.0
network-object Canton_Wireless_Data 255.255.255.0
object-group network DM_INLINE_NETWORK_14
network-object RS_Cloud 255.240.0.0
network-object RS_172.16.48.0 255.255.252.0
network-object RS_172.16.52.0 255.255.252.0
network-object RS_Cloud_New 255.240.0.0
network-object RS_10.178.0.0 255.255.0.0
network-object RS_172.16.20.0 255.255.252.0
network-object 172.16.0.0 255.255.0.0
network-object 172.16.0.0 255.255.252.0
object-group network DM_INLINE_NETWORK_5
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
network-object 192.168.16.0 255.255.255.0
network-object Charlotte_Wireless_Data 255.255.255.0
network-object Canton_Phones 255.255.255.0
network-object Canton_Data 255.255.255.0
network-object Canton_Wireless_Data 255.255.255.0
object-group network DM_INLINE_NETWORK_6
network-object RS_Cloud 255.240.0.0
network-object RS_Cloud_New 255.240.0.0
network-object 172.16.0.0 255.255.252.0
network-object RS_172.16.8.0 255.255.252.0
network-object RS_172.16.20.0 255.255.252.0
network-object 172.16.0.0 255.255.0.0
network-object Canton_Phones 255.255.255.0
object-group network tgnc074.tg.local
object-group icmp-type DM_INLINE_ICMP_1
icmp-object echo
icmp-object echo-reply
icmp-object traceroute
icmp-object unreachable
object-group service DM_INLINE_SERVICE_1
service-object ip
service-object tcp eq https
object-group icmp-type DM_INLINE_ICMP_2
icmp-object echo
icmp-object echo-reply
icmp-object traceroute
icmp-object unreachable
object-group service DM_INLINE_SERVICE_2
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_3
service-object ip
service-object icmp echo
service-object icmp echo-reply
object-group network DM_INLINE_NETWORK_1
network-object Charlotte_SSL_VPN_Clients 255.255.255.0
object-group service DM_INLINE_SERVICE_4
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_5
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group network DM_INLINE_NETWORK_15
network-object Canton_Data 255.255.255.0
network-object host CantonGW
object-group service DM_INLINE_SERVICE_6
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
object-group service DM_INLINE_SERVICE_7
service-object ip
service-object icmp echo
service-object icmp echo-reply
service-object icmp traceroute
service-object icmp unreachable
access-list Inside_access_in extended permit object-group DM_INLINE_SERVICE_2 Ch arlotte_SSL_VPN_Clients 255.255.255.0 any
access-list Inside_access_in extended permit object-group DM_INLINE_SERVICE_5 ho st SRX_Gateway Charlotte_SSL_VPN_Clients 255.255.255.0
access-list Inside_access_in extended permit object-group DM_INLINE_SERVICE_7 Ch arlotte_SSL_VPN_Clients 255.255.255.0 host SRX_Gateway
access-list Inside_access_in extended permit icmp any any object-group DM_INLINE _ICMP_1
access-list Inside_access_in remark Permit all in Char_ORD_VPN
access-list Inside_access_in extended permit ip object-group DM_INLINE_NETWORK_7 object-group DM_INLINE_NETWORK_8
access-list Inside_access_in remark Permit all out Char_ORD_VPN
access-list Inside_access_in extended permit object-group DM_INLINE_SERVICE_1 ob ject-group DM_INLINE_NETWORK_9 object-group DM_INLINE_NETWORK_10
access-list Inside_access_in extended permit ip Charlotte_SSL_VPN_Clients 255.25 5.255.0 any
access-list Inside_access_in remark Permit all in Char_ORD_VPN
access-list Inside_access_in remark Permit all out Char_ORD_VPN
access-list Inside_access_in extended permit ip object-group DM_INLINE_NETWORK_9 object-group DM_INLINE_NETWORK_10 log disable
access-list Tunneled_Network_List standard permit 192.168.16.0 255.255.255.0
access-list Tunneled_Network_List standard permit Charlotte_Phones 255.255.255.0
access-list Tunneled_Network_List standard permit Charlotte_Wireless_Data 255.25 5.255.0
access-list Tunneled_Network_List standard permit Charlotte_Wireless_Phones 255. 255.255.0
access-list Tunneled_Network_List standard permit Peak10 255.255.255.0
access-list Tunneled_Network_List standard permit Canton_Data 255.255.255.0
access-list Tunneled_Network_List standard permit Canton_Phones 255.255.255.0
access-list Tunneled_Network_List standard permit Canton_Wireless_Data 255.255.2 55.0
access-list Tunneled_Network_List standard permit Canton_Wireless_Phones 255.255 .255.0
access-list Tunneled_Network_List standard permit Huntersville 255.255.255.0
access-list Tunneled_Network_List standard permit 172.16.0.0 255.255.252.0
access-list Tunneled_Network_List standard permit RS_172.16.8.0 255.255.252.0
access-list Tunneled_Network_List standard permit RS_Cloud 255.240.0.0
access-list Tunneled_Network_List standard permit RS_Cloud_New 255.240.0.0
access-list Tunneled_Network_List standard permit RS_172.16.20.0 255.255.252.0
access-list Tunneled_Network_List standard permit Charlotte_SSL_VPN_Clients 255. 255.255.0
access-list Tunneled_Network_List standard permit 172.16.0.0 255.255.0.0
access-list Inside_nat0_outbound extended permit ip Charlotte_SSL_VPN_Clients 25 5.255.255.0 object-group DM_INLINE_NETWORK_2
access-list Inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWO RK_11 object-group DM_INLINE_NETWORK_12
access-list Inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWO RK_5 object-group DM_INLINE_NETWORK_6
access-list Inside_nat0_outbound extended permit ip object-group DM_INLINE_NETWO RK_1 object-group DM_INLINE_NETWORK_2
access-list Limited_Access extended permit ip Charlotte_SSL_VPN_Clients 255.255. 255.0 host TEST_IP
access-list Limited__VPN_Acccess_List standard permit host 192.168.16.123
access-list Limited__VPN_Acccess_List standard permit Huntersville 255.255.255.0
access-list Limited__VPN_Acccess_List standard permit host 192.168.16.124
access-list Limited__VPN_Acccess_List standard permit 192.168.16.0 255.255.255.0
access-list Limited__VPN_Acccess_List standard permit host 172.16.8.52
access-list Limited__VPN_Acccess_List standard permit Canton_Phones 255.255.255. 0
access-list Limited__VPN_Acccess_List remark ORD-VM-DEV1
access-list Limited__VPN_Acccess_List standard permit host RS_10.178.0.6
access-list Limited__VPN_Acccess_List remark ORD-VM-DEV2
access-list Limited__VPN_Acccess_List standard permit host 10.178.192.103
access-list Limited__VPN_Acccess_List standard permit host 192.168.8.10
access-list Limited__VPN_Acccess_List standard permit RS_172.16.8.0 255.255.252. 0
access-list Limited__VPN_Acccess_List standard permit 172.16.0.0 255.255.0.0
access-list Limited__VPN_Acccess_List standard permit host 10.178.133.26
access-list Limited__VPN_Acccess_List standard permit RS_Cloud_New 255.240.0.0
access-list Limited__VPN_Acccess_List standard permit host CantonGW
access-list Limited__VPN_Acccess_List standard permit host SRX_Gateway
access-list Limited__VPN_Acccess_List standard permit host 192.168.8.1
access-list Limited__VPN_Acccess_List standard permit RS_Cloud 255.240.0.0
access-list Limited__VPN_Acccess_List standard permit any
access-list Limited__VPN_Acccess_List remark TGTFS
access-list Limited__VPN_Acccess_List remark TGDEV
access-list Limited__VPN_Acccess_List remark TGTFS
access-list Limited__VPN_Acccess_List remark TGDEV
access-list Outside_cryptomap extended permit ip 192.168.16.0 255.255.255.0 Huntersville 255.255.255.0
access-list Outside_cryptomap extended permit ip Huntersville 255.255.255.0 Charlotte_SSL_VPN_Clients 255.255.255.0
access-list Huntersville_nat_outbound extended permit ip Charlotte_SSL_VPN_Clients 255.255.255.0 Huntersville 255.255.255.0
access-list Huntersville_nat_outbound extended permit ip Huntersville 255.255.255.0 Charlotte_SSL_VPN_Clients 255.255.255.0
access-list Huntersville_nat_outbound extended permit ip Canton_Phones 255.255.255.0 Charlotte_SSL_VPN_Clients 255.255.255.0
access-list Huntersville_nat_outbound extended permit ip Charlotte_SSL_VPN_Clients 255.255.255.0 Canton_Phones 255.255.255.0
access-list Outside_2_cryptomap extended permit ip object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_6
access-list Outside_cryptomap_1 extended permit ip object-group DM_INLINE_NETWORK_13 object-group DM_INLINE_NETWORK_14
access-list Outside_access_in extended permit icmp any any object-group DM_INLINE_ICMP_2 log disable
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_3 any Charlotte_SSL_VPN_Clients 255.255.255.0
access-list Outside_access_in extended permit ip Huntersville 255.255.255.0 any log disable
access-list Outside_access_in extended permit ip Charlotte_SSL_VPN_Clients 255.255.255.0 any log disable
access-list Outside_access_in extended permit object-group DM_INLINE_SERVICE_4 host SRX_Gateway Charlotte_SSL_VPN_Clients 255.255.255.0 inactive
access-list Outside_cryptomap_2 extended permit ip object-group DM_INLINE_NETWORK_5 object-group DM_INLINE_NETWORK_6
access-list Outside_cryptomap_2 extended permit ip 192.168.16.0 255.255.255.0 RS_172.16.20.0 255.255.252.0
access-list Canton_nat_outbound extended permit object-group DM_INLINE_SERVICE_6 Charlotte_SSL_VPN_Clients 255.255.255.0 object-group DM_INLINE_NETWORK_15
access-list splitacl standard permit 192.168.16.0 255.255.255.0
pager lines 24
logging enable
logging console emergencies
logging monitor informational
logging asdm informational
mtu Outside 1500
mtu Inside 1500
mtu management 1500
ip local pool SSL_VPN_Pool 192.168.15.10-192.168.15.254 mask 255.255.255.0
ip local pool New_VPN_Pool 192.168.16.50-192.168.16.200 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
icmp permit any Inside
no asdm history enable
arp timeout 14400
nat (Outside) 0 access-list Huntersville_nat_outbound
nat (Inside) 0 access-list Inside_nat0_outbound
access-group Outside_access_in in interface Outside
access-group Inside_access_in in interface Inside
route Outside 0.0.0.0 0.0.0.0 70.63.165.217 1
route Inside Canton_Phones 255.255.255.0 CantonGW 1
route Inside Canton_Wireless_Data 255.255.255.0 CantonGW 1
route Inside Charlotte_SSL_VPN_Clients 255.255.255.0 SRX_Gateway 1
route Inside Charlotte_Wireless_Data 255.255.255.0 SRX_Gateway 1
route Inside Canton_Data 255.255.255.0 CantonGW 1
route Inside Canton_Wireless_Phones 255.255.255.0 CantonGW 1
route Inside Charlotte_Phones 255.255.255.0 SRX_Gateway 1
route Inside 192.168.116.219 255.255.255.255 CantonGW 1
route Inside Charlotte_Wireless_Phones 255.255.255.0 SRX_Gateway 1
route Inside Peak10 255.255.255.0 SRX_Gateway 1
timeout xlate 3:00:00
timeout conn 8:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
dynamic-access-policy-record TGAD_AccessPolicy
aaa-server TGAD protocol ldap
aaa-server TGAD (Inside) host 192.168.16.122
ldap-base-dn DC=tg,DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=vpn user,CN=Users,DC=tg,DC=local
server-type microsoft
aaa authentication ssh console LOCAL
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console LOCAL
aaa local authentication attempts max-fail 10
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.16.0 255.255.255.0 Inside
http Charlotte_SSL_VPN_Clients 255.255.255.0 Inside
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map0 1 match address Outside_cryptomap
crypto map Outside_map0 1 set pfs
crypto map Outside_map0 1 set peer 74.218.175.168
crypto map Outside_map0 1 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map0 2 match address Outside_cryptomap_2
crypto map Outside_map0 2 set peer 192.237.229.119
crypto map Outside_map0 2 set transform-set ESP-3DES-MD5
crypto map Outside_map0 3 match address Outside_cryptomap_1
crypto map Outside_map0 3 set peer 174.143.192.65
crypto map Outside_map0 3 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Outside_map0 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Outside_map0 interface Outside
crypto map Inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Inside_map interface Inside
crypto ca trustpoint ASDM_TrustPoint0
enrollment self
subject-name CN=charlotte
crl configure
crypto ca trustpoint ASDM_TrustPoint1
enrollment self
subject-name CN=charlotte
proxy-ldc-issuer
crl configure
crypto ca certificate chain ASDM_TrustPoint1
certificate 48676150
3082024c 308201b5 a0030201 02020448 67615030 0d06092a 864886f7 0d010105
05003038 31123010 06035504 03130963 6861726c 6f747465 31223020 06092a86
4886f70d 01090216 13636861 726c6f74 74652e74 68696e6b 67617465 301e170d
31323039 32353038 31373333 5a170d32 32303932 33303831 3733335a 30383112
30100603 55040313 09636861 726c6f74 74653122 30200609 2a864886 f70d0109
02161363 6861726c 6f747465 2e746869 6e6b6761 74653081 9f300d06 092a8648
86f70d01 01010500 03818d00 30818902 8181008e d3e1ac63 a8a39dab 02170491
2bf104d2 732c7fd7 7065758b 03bb9772 c8ab9faf 0e5e9e93 bfb57eea a849c875
7899d261 8d426c37 9749d3d7 c86ca8e0 1d978069 3d43e7c5 569bb738 37e9bb31
0ebd5065 01eb7a05 87933d2d 786a722e 8eee16e7 3207510b f5e7e704 cbddbda2
a6b9ae45 efaba898 b8c921b6 2b05c0fb 1b0a9b02 03010001 a3633061 300f0603
551d1301 01ff0405 30030101 ff300e06 03551d0f 0101ff04 04030201 86301f06
03551d23 04183016 8014fb93 35da7dd5 15d8e2ad 8e05ccf7 b5c333cc 95ac301d
0603551d 0e041604 14fb9335 da7dd515 d8e2ad8e 05ccf7b5 c333cc95 ac300d06
092a8648 86f70d01 01050500 03818100 6851ae52 5383c6f6 9e3ea714 85b2c5a0
fd720959 a0b91899 806bad7a 08e2208e de22cad0 6692b09a 7152b21e 3bbfce68
cc9f1391 8c460a04 a15e1a9e b18f829d 6d42d9bd ed5346bd 73a402f7 21e0c746
02757fb6 b60405a9 ac3b9070 8c0f2fba d12f157b 85dd0a8b 2e9cf830 90a19412
c7af1667 37b5ed8e c023ea4d 0c434609
quit
crypto isakmp enable Outside
crypto isakmp enable Inside
crypto isakmp policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto isakmp policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto isakmp policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto isakmp policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
crypto isakmp policy 170
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
vpn-addr-assign local reuse-delay 5
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 Outside
ssh 172.221.228.164 255.255.255.255 Outside
ssh Charlotte_SSL_VPN_Clients 255.255.255.0 Inside
ssh 192.168.16.0 255.255.255.0 Inside
ssh timeout 5
console timeout 0
management-access Inside
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ssl trust-point ASDM_TrustPoint1 Outside
webvpn
enable Outside
enable Inside
anyconnect-essentials
svc image disk0:/anyconnect-win-2.5.2014-k9.pkg 1 regex "Windows NT"
svc enable
group-policy DfltGrpPolicy attributes
dns-server value 192.168.16.122 8.8.8.8
vpn-idle-timeout none
vpn-tunnel-protocol IPSec l2tp-ipsec svc webvpn
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Limited__VPN_Acccess_List
default-domain value tg.local
split-dns value tg.local
group-policy LimitedAccessGroupPolicy internal
group-policy LimitedAccessGroupPolicy attributes
wins-server none
dns-server value 192.168.16.122 8.8.8.8
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Limited__VPN_Acccess_List
default-domain value thinkgate.local
split-tunnel-all-dns disable
group-policy GroupPolicy2 internal
group-policy GroupPolicy2 attributes
vpn-tunnel-protocol IPSec
group-policy GroupPolicy1 internal
group-policy GroupPolicy1 attributes
wins-server none
dns-server value 192.168.16.122 8.8.8.8
vpn-tunnel-protocol svc
default-domain value tg.local
group-policy Site-to-Site_Policy internal
group-policy Site-to-Site_Policy attributes
vpn-tunnel-protocol IPSec l2tp-ipsec
tunnel-group DefaultRAGroup general-attributes
default-group-policy LimitedAccessGroupPolicy
tunnel-group DefaultWEBVPNGroup general-attributes
address-pool SSL_VPN_Pool
tunnel-group LimitedAccessTunnelGroup type remote-access
tunnel-group LimitedAccessTunnelGroup general-attributes
address-pool SSL_VPN_Pool
default-group-policy LimitedAccessGroupPolicy
tunnel-group 208.104.76.178 type ipsec-l2l
tunnel-group 208.104.76.178 ipsec-attributes
pre-shared-key *****
tunnel-group 74.218.175.168 type ipsec-l2l
tunnel-group 74.218.175.168 ipsec-attributes
pre-shared-key *****
tunnel-group TGAD_ConnectionProfile type remote-access
tunnel-group TGAD_ConnectionProfile general-attributes
authentication-server-group TGAD
default-group-policy GroupPolicy1
tunnel-group 174.143.192.65 type ipsec-l2l
tunnel-group 174.143.192.65 general-attributes
default-group-policy GroupPolicy2
tunnel-group 174.143.192.65 ipsec-attributes
pre-shared-key *****
tunnel-group 192.237.229.119 type ipsec-l2l
tunnel-group 192.237.229.119 ipsec-attributes
pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:ef741b4905b43dc36d0f621e06508840
: end
charlotte#What does the packet-tracer say, what does the IPsec associations say (packets encrypted/decrypted)?
This might be faster that going through your hundreds of lines of config. -
Unable to Access SSL WebVPN Login Page
I am unable to access the SSL WebVPN login html page. I tried using FF, Chrome, and IE via https://24.43.XXX.XXX. All I get is "Page cannot be displayed". I am stumped here, any help would be greatly appreciated.
PLAN-FW# show run
: Saved
ASA Version 9.1(1)
hostname PLAN-FW
domain-name intranet.example.com
enable password s9HtiQv6kkqqiJhc encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
ip local pool VPN-Clients 192.168.5.2-192.168.5.220 mask 255.255.255.0
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 24.43.XXX.XXX 255.255.255.252
interface GigabitEthernet0/1
channel-group 1 mode active
no nameif
no security-level
no ip address
interface GigabitEthernet0/2
channel-group 1 mode active
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif Management
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Port-channel1
nameif DR-01
security-level 100
ip address 10.0.0.1 255.255.255.252
ftp mode passive
dns domain-lookup outside
dns server-group DefaultDNS
name-server 8.8.8.8
name-server 4.2.2.2
domain-name intranet.example.com
object network obj-internet
subnet 0.0.0.0 0.0.0.0
object network obj-vlan100
subnet 10.0.100.0 255.255.254.0
object network NETWORK_OBJ_192.168.5.0_24
subnet 192.168.5.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu DR-01 1500
mtu Management 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-713.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (DR-01,outside) source static any any destination static NETWORK_OBJ_192.168.5.0_24 NETWORK_OBJ_192.168.5.0_24 no-proxy-arp route-lookup
object network obj-vlan100
nat (DR-01,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 24.43.XXX.XXX 1
route DR-01 10.0.0.0 255.255.255.252 10.0.0.2 1
route DR-01 10.0.100.0 255.255.254.0 10.0.0.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 Management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint SELF-TP
enrollment self
fqdn intranet.example.com
subject-name CN=intranet.example.com
keypair myrsakey
crl configure
crypto ca trustpool policy
crypto ca certificate chain SELF-TP
certificate 4fb08954
30820203 3082016c a0030201 0202044f b0895430 0d06092a 864886f7 0d010105
05003046 311e301c 06035504 03131569 6e747261 6e65742e 70656c61 74726f6e
2e636f6d 31243022 06092a86 4886f70d 01090216 15696e74 72616e65 742e7065
6c617472 6f6e2e63 6f6d301e 170d3134 31323136 31313237 32315a17 0d323431
32313331 31323732 315a3046 311e301c 06035504 03131569 6e747261 6e65742e
70656c61 74726f6e 2e636f6d 31243022 06092a86 4886f70d 01090216 15696e74
quit
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside client-services port 443
crypto ikev2 remote-access trustpoint SELF-TP
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl trust-point SELF-TP outside
webvpn
enable outside
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 2
anyconnect profiles Example_Intranet_client_profile disk0:/Example_Intranet_client_profile.xml
anyconnect enable
tunnel-group-list enable
group-policy "GroupPolicy_Example Intranet" internal
group-policy "GroupPolicy_Example Intranet" attributes
wins-server none
dns-server value 8.8.8.8 4.2.2.2
vpn-tunnel-protocol ikev2 ssl-client
default-domain value intranet.example.com
webvpn
anyconnect profiles value Example_Intranet_client_profile type user
username test1 password GxmPkeumVbHvz58J encrypted privilege 15
username test2 password t.GxS9C3hRYHni61 encrypted
username test3 password M9Szy/s33Cm6Crby encrypted
username test4 password hMXxQZTu8agZnzki encrypted
tunnel-group "Example Intranet" type remote-access
tunnel-group "Example Intranet" general-attributes
address-pool VPN-Clients
default-group-policy "GroupPolicy_Example Intranet"
tunnel-group "Example Intranet" webvpn-attributes
group-alias "Example Intranet" enable
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect ip-options
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly 10
subscribe-to-alert-group configuration periodic monthly 10
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4976c27fbf11ae4589d27b4f16107a41
: end
Directory of disk0:/
10 drwx 4096 08:15:36 Sep 19 2014 log
20 drwx 4096 08:16:04 Sep 19 2014 crypto_archive
21 drwx 4096 08:16:12 Sep 19 2014 coredumpinfo
114 -rwx 37416960 08:24:28 Sep 19 2014 asa911-smp-k8.bin
115 -rwx 18097844 08:26:28 Sep 19 2014 asdm-713.bin
116 -rwx 69318656 08:27:50 Sep 19 2014 asacx-5500x-boot-9.1.1-1-RelWithDebInfo.x86_64.img
117 -rwx 12998641 08:47:34 Sep 19 2014 csd_3.5.2008-k9.pkg
118 drwx 4096 08:47:36 Sep 19 2014 sdesktop
119 -rwx 6487517 08:47:38 Sep 19 2014 anyconnect-macosx-i386-2.5.2014-k9.pkg
120 -rwx 6689498 08:47:40 Sep 19 2014 anyconnect-linux-2.5.2014-k9.pkg
121 -rwx 4678691 08:47:42 Sep 19 2014 anyconnect-win-2.5.2014-k9.pkg
122 -rwx 200 14:26:42 Dec 08 2014 upgrade_startup_errors_201412081426.log
129 -rwx 338 11:59:35 Dec 16 2014 Example_Intranet_client_profile.xml
8238202880 bytes total (4860497920 bytes free)
Cisco Adaptive Security Appliance Software Version 9.1(1)
Device Manager Version 7.1(3)
Compiled on Wed 28-Nov-12 11:15 PST by builders
System image file is "disk0:/asa911-smp-k8.bin"
Config file at boot was "startup-config"
PLAN-FW up 5 days 5 hours
Hardware: ASA5515, 8192 MB RAM, CPU Clarkdale 3059 MHz, 1 CPU (4 cores)
ASA: 4096 MB RAM, 1 CPU (1 core)
Internal ATA Compact Flash, 8192MB
BIOS Flash MX25L6445E @ 0xffbb0000, 8192KB
Encryption hardware device : Cisco ASA-55xx on-board accelerator (revision 0x1)
Boot microcode : CNPx-MC-BOOT-2.00
SSL/IKE microcode : CNPx-MC-SSL-PLUS-T020
IPSec microcode : CNPx-MC-IPSEC-MAIN-0022
Number of accelerators: 1
Baseboard Management Controller (revision 0x1) Firmware Version: 2.4
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Active/Active perpetual
Encryption-DES : Enabled perpetual
Encryption-3DES-AES : Enabled perpetual
Security Contexts : 2 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 100 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 250 perpetual
Total VPN Peers : 250 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
IPS Module : Disabled perpetual
Cluster : Disabled perpetual
This platform has an ASA 5515 Security Plus license.Hi Nathan,
Are you using Ikev2 to connect. If not then can you please remove the following command and then try again:
no crypto ikev2 enable outside client-services port 443
Thanks
Jeet Kumar -
Unable to access internal networks over Remote acces VPN
Hi,
I have set up a Remote access VPN from Home to Cisco ASA 5512-X.
I am able to connect successfully and even getting a valid IP address from VPN pool 172.21.3.1-. However I am unable to access any of the internal resources.
Internal Network: 172.20.0.0 255.255.0.0
Please if someone can help identifying the issue.
Below is the running config:-
Result of the command: "sh run"
: Saved
ASA Version 9.1(1)
hostname ASA
domain-name M8fl.com
enable password Aoz9GlxLLvkWrTUy encrypted
passwd Gc1jA6zbgOsj63RW encrypted
names
ip local pool vpnclients 172.21.3.1-172.21.3.20 mask 255.255.0.0
ip local pool test 172.21.3.21-172.21.3.40 mask 255.255.255.0
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address 172.20.254.250 255.255.0.0
interface GigabitEthernet0/2
description vodafone 100mb internet 195.11.180.40_29
speed 100
duplex full
nameif outside1
security-level 1
ip address 195.11.180.42 255.255.255.248
interface GigabitEthernet0/3
description Voice
nameif Voice
security-level 80
ip address 192.168.2.1 255.255.255.252
interface GigabitEthernet0/4
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/5
shutdown
no nameif
no security-level
no ip address
interface Management0/0
management-only
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
boot system disk0:/asa911-smp-k8.bin
ftp mode passive
clock timezone GMT 0
dns domain-lookup inside
dns domain-lookup outside1
dns domain-lookup management
dns server-group DefaultDNS
name-server 10.0.0.4
name-server 172.20.0.100
domain-name M8fl.com
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network VLAN1
subnet 172.20.0.0 255.255.0.0
object network NETWORK_OBJ_172.20.3.0_27
subnet 172.21.3.0 255.255.255.224
object network Voice_Net
subnet 172.21.20.0 255.255.255.0
object network PBX_Internal
host 192.168.2.2
description PBX Internal
object network Voice_External
host 195.11.180.43
description For PBX
object network Raith_Remote_Network
subnet 192.168.20.0 255.255.255.0
description Raith Remote Network
object network NETWORK_OBJ_172.21.3.0_27
subnet 172.21.3.0 255.255.255.224
object network NETWORK_OBJ_172.21.3.0_26
subnet 172.21.3.0 255.255.255.192
object-group network azure-networks
network-object 10.0.0.0 255.0.0.0
object-group network onprem-networks
network-object 172.20.0.0 255.255.0.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service test_PPTP
service-object ip
service-object tcp destination eq pptp
access-list azure-vpn-acl extended permit ip object-group onprem-networks object-group azure-networks
access-list outside_access_in extended permit ip object-group azure-networks object-group onprem-networks
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit ip any any
access-list inside_access_in extended permit ip any any log disable
access-list inside_access_in_1 extended permit ip object-group onprem-networks object-group azure-networks
access-list inside_access_in_1 extended permit ip any object Voice_Net log debugging
access-list inside_access_in_1 extended permit ip any any
access-list outside_access_in_1 extended permit ip object-group azure-networks object-group onprem-networks
access-list outside_access_in_1 extended permit icmp any any
access-list outside_access_in_1 extended permit ip any any inactive
access-list Voice_access_in extended permit ip any any log debugging
access-list outside_cryptomap extended permit ip object-group onprem-networks object Raith_Remote_Network
pager lines 24
logging enable
logging buffer-size 40000
logging buffered notifications
logging asdm debugging
mtu outside 1500
mtu inside 1500
mtu outside1 1500
mtu Voice 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-66114.bin
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside1) source static onprem-networks onprem-networks destination static azure-networks azure-networks
nat (inside,outside1) source dynamic VLAN1 interface
nat (inside,Voice) source static VLAN1 VLAN1 destination static Voice_Net Voice_Net no-proxy-arp route-lookup
nat (Voice,outside1) source static PBX_Internal Voice_External
nat (inside,outside) source static onprem-networks onprem-networks destination static Raith_Remote_Network Raith_Remote_Network no-proxy-arp route-lookup
nat (inside,outside1) source static any any destination static NETWORK_OBJ_172.21.3.0_27 NETWORK_OBJ_172.21.3.0_27 no-proxy-arp route-lookup
nat (inside,outside1) source static any any destination static NETWORK_OBJ_172.21.3.0_26 NETWORK_OBJ_172.21.3.0_26 no-proxy-arp route-lookup
access-group outside_access_in in interface outside
access-group inside_access_in_1 in interface inside
access-group outside_access_in_1 in interface outside1
access-group Voice_access_in in interface Voice
route outside1 0.0.0.0 0.0.0.0 195.11.180.41 10
route inside 172.21.20.0 255.255.255.0 172.20.20.253 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable 444
http 192.168.1.0 255.255.255.0 management
http 172.20.0.0 255.255.0.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
sysopt connection tcpmss 1350
sysopt noproxyarp outside
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set azure-ipsec-proposal-set esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA mode transport
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association lifetime seconds 3600
crypto ipsec security-association lifetime kilobytes 102400000
crypto ipsec security-association pmtu-aging infinite
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-3DES-SHA
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime seconds 28800
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=ASA
crl configure
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 28800
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 enable outside1
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 28800
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 172.20.0.0 255.255.0.0 inside
telnet timeout 5
ssh 172.20.0.0 255.255.0.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd address 172.20.2.1-172.20.2.254 inside
dhcpd dns 10.0.0.4 172.20.0.100 interface inside
dhcpd enable inside
dhcpd dns 172.21.20.254 interface Voice
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tftp-server inside 172.20.2.34 /tftp
webvpn
enable outside1
anyconnect image disk0:/anyconnect-win-2.5.2014-k9.pkg 1
anyconnect image disk0:/anyconnect-linux-2.5.2014-k9.pkg 2
anyconnect image disk0:/anyconnect-macosx-i386-2.5.2014-k9.pkg 3
anyconnect enable
tunnel-group-list enable
internal-password enable
group-policy DefaultRAGroup_2 internal
group-policy DefaultRAGroup_2 attributes
dns-server value 10.0.0.4 172.20.0.100
vpn-tunnel-protocol l2tp-ipsec
default-domain value
group-policy DefaultRAGroup_3 internal
group-policy DefaultRAGroup_3 attributes
dns-server value 10.0.0.4 172.20.0.100
vpn-tunnel-protocol ikev1 l2tp-ipsec
default-domain value
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 10.0.0.4 172.20.0.100
vpn-tunnel-protocol l2tp-ipsec
default-domain value
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
dns-server value 10.0.0.4 172.20.0.100
vpn-tunnel-protocol l2tp-ipsec
default-domain value
group-policy DfltGrpPolicy attributes
vpn-tunnel-protocol ikev1 l2tp-ipsec ssl-client ssl-clientless
group-policy RA_VPN internal
group-policy RA_VPN attributes
dns-server value 8.8.8.8 4.2.2.2
vpn-tunnel-protocol ikev1
default-domain value
group-policy "GroupPolicy_Anyconnect _profile" internal
group-policy "GroupPolicy_Anyconnect _profile" attributes
wins-server none
dns-server value 8.8.8.8
vpn-tunnel-protocol ssl-client ssl-clientless
default-domain none
webvpn
file-browsing enable
group-policy GroupPolicy_89.241.208.14 internal
group-policy GroupPolicy_89.241.208.14 attributes
vpn-tunnel-protocol ikev1
username test2 password encrypted privilege 15
username test1 password nt-encrypted privilege 0
username test1 attributes
vpn-group-policy DefaultRAGroup_2
username test password encrypted privilege 15
username test attributes
vpn-group-policy DefaultRAGroup_1
username EdwardM password encrypted privilege 15
username vpntest password encrypted privilege 0
username vpntest attributes
vpn-group-policy RA_VPN
username vpntest3 password nt-encrypted privilege 15
username vpntest3 attributes
service-type remote-access
username rhunton password encrypted privilege 15
username rhunton attributes
service-type admin
username e.melaugh password encrypted privilege 15
username netx password encrypted privilege 15
username netx attributes
service-type remote-access
username colin password encrypted privilege 15
username colin attributes
service-type remote-access
tunnel-group DefaultL2LGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group DefaultRAGroup general-attributes
address-pool vpnclients
default-group-policy DefaultRAGroup_3
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
isakmp keepalive disable
tunnel-group DefaultRAGroup ppp-attributes
no authentication chap
authentication ms-chap-v2
tunnel-group "Anyconnect _profile" type remote-access
tunnel-group "Anyconnect _profile" general-attributes
address-pool vpnclients
default-group-policy "GroupPolicy_Anyconnect _profile"
tunnel-group "Anyconnect _profile" webvpn-attributes
group-alias "Anyconnect _profile" enable
tunnel-group 137.117.215.177 type ipsec-l2l
tunnel-group 137.117.215.177 ipsec-attributes
ikev1 pre-shared-key *****
peer-id-validate nocheck
isakmp keepalive disable
tunnel-group 89.241.208.14 type ipsec-l2l
tunnel-group 89.241.208.14 general-attributes
default-group-policy GroupPolicy_89.241.208.14
tunnel-group 89.241.208.14 ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
inspect pptp
policy-map type inspect ipsec-pass-thru Fairhurst
description to allow vpn to fairhurst network
parameters
esp
ah
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:f4185106b309478da7804dc22d2c1a85
: endHi,
You seem to have this nat (inside,outside1) source dynamic VLAN1 interface at line 2 which is causing the identity Nat/ Nat exempt to fail.
It is always good to use the packet tracer feature on the ASA to see what exactly is happening.
Try this
nat (inside,outside1) 1 source static VLAN1 VLAN1 destination static NETWORK_OBJ_172.21.3.0_27 NETWORK_OBJ_172.21.3.0_27 no-pr route-lo
Let me know how it goes for you.
Regards,
Nitish Emmanuel
Maybe you are looking for
-
Why does it always lose count?
Hi, all- I installed PCI7344 to control steppers. I configed it into open-loop stepper control. In the "Find Reference Setting", I selected the "Smart Enable" and "Reset Position"; Set "Offset move", "Primary Position" and "Secondary Position" to zer
-
How To Display Time Information in Report/Results?
Is it necessary to manually calculate the following? Execution start time Elapsed duration since Execution start Step start time Step completion time If not, where are these results available within TestStand? I would like to store the sequence absol
-
SetInterval and XML Load Problem
Hello, I 'm having the simple problem of making sure the XML is loaded before beginning the Interval sequence. Therefore it is missing some of the XML data when loading. See example: http://alt.coxnewsweb.com/statesman/img/advertising/_jacob/Site1/pr
-
What happened to the Line Tool {from Elements 4}
I have upgraded? From Photoshop Elements 4 to Photoshop Elements 12. Now running on a new Mac Mini. OS-X 10.8.5 I used Elements 4 - 99% of the time, to add text comments, and then Draw a line with arrows at the beginning or end of the line. {to point
-
Hi, The past few times I've switched on my emac, (about 4 years old), the display has been darker than usual. I can still read the menu text and so on, but it is as if the Brightness control has been turned down a bit. If I shut down completely, then