SLP Directory Agent (port 427) - internal network goes down

Similar Messages

• How to send a multicast request to 239.255.255.253, seeking an SLP Directory Agent (DA)?

  Hi,
  How to send a multicast request to 239.255.255.253, seeking an SLP Directory Agent (DA) in C++?
  Thanks in advance.

  Hi,
  How about your issue now? Is it fixed?
  I think you will get progessional support from other network related forum. Because VC++ forum aims to discuss and ask questions about the Visual C++ IDE, libraries, samples, tools, setup, and Windows programming using MFC and ATL.
  Hope you can understand.
  May
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• When i use the AE2 as an extra wifi point and put the plug in from Time Capsule than the total networks goes down. what do I wrong?

  When i use the AE2 as an extra wifi point and put the plug in from Time Capsule than the total networks goes down. what do I wrong?

  When i use the AE2 as an extra wifi point and put the plug in from Time Capsule than the total networks goes down. what do I wrong?
  You likely first configured the AirPort Express to "extend a wireless network" using wireless only, correct?
  If yes, you cannot then connect the AirPort Express using Ethernet....that will crash your network.
  The Express must be configured to "create a wireless network".  AirPort Utility will do this for you automatically, but you will first need to perform a Factory Default Reset or Hard Reset on the AirPort Express and then start over with the configuration again.
  Connect the Ethernet cable to the Express before you open AirPort Utility. Post back if you need more tips on how to set this up.

• How to schedule a service to run before network goes down

  Hi
  I wrote a new smf service and added it to the repository.
  When running with "stop" (when the system goes down) it sends an alert to another machine.
  My question is :
  How can I schedule that service to run just before network services go down?
  another question, how can I schedule another service to run just BEFORE system is getting down?
  Many Thanks
  --me2unix                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

  Dependencies appear to be really written and tested on the boot side, but they should work properly going down as well.
  My first assumption is that you'd make a dependency on the network for your service. So it should be started after the network starts, and will wait for your service to quit before trying to shut down the network.
  Now this would only apply to normal shutdowns. Also, there are mulitple services on the box that have network affects. You may need to read through several to understand their purpose and interaction to pick the correct one for your use. Probably the milestone/network will be the best choice.
  Darren

• WRT54G blank router settings page, then the whole network goes down

  Alright, heres the setup:
  (1) DSL Modem
  (1) WRT54G Router
  (1) Desktop WinXP Pro SP2 machine, hardwired to router
  (2) WinXP Pro SP2 laptops, wireless - one with built-in wireless, one with a Linksys WPC11 Instant Wireless Network Adapter, version 3.
  (1) WinXP Media Center SP2 laptop, wireless
  (1) Ubuntu Personal Edition - "Feisty Fawn" 7.04 laptop, wireless
  The router has been set up to use WPA-TKIP encryption on channel 6 with an always-on PPPoE connection; it also has an IP of http://192.168.2.1 to avoid an IP conflict with the DSL Modem. DHCP Server is enabled with default settings, MAC Address Clone is disabled, and Operating Mode is set to Gateway. Access is set to allow both B and G, as one of the WinXP Pro laptops is an older model Toshiba that only recognizes the B protocol (that's the one with the WPC11 card).
  Here's the problem:
  Initially, the setup works flawlessly. All computers are able to see the SSID, connect to the network, and connect to the internet. The connection is fine, doesn't slow down, and is overall pretty healthy. All computers are able to access http://192.168.2.1, and are prompted with the username/password prompt, can change settings, port forwarding, etc.
  Now, wait a few days. Usually about a week.
  First, the Ubuntu laptop starts to get spotty with it's connection to the internet. After about 10 minutes, the connection to the network starts to fail. Sometimes it will see the SSID, sometimes it won't - and it's not a matter of moving the laptop. It stays pretty much on the same desk and acts as a desktop 98% of the time. If you try to access http://192.168.2.1 nothing happens. No username/password prompt, no "access denied" message. Rebooting the machine doesn't improve the situation. Manually entering in the SSID and password don't work, either.
  At this point, all of the other computers are still able to access the internet. However, trying to access http://192.168.2.1 with *any* of the other machines fails. Even if I try to access it with the wired desktop machine, there is no prompt, no error messages, just a blank white page with a "done" status in both Firefox and IE.
  After about a day or two of this, all other machines except for the wired desktop computer will cease to see the SSID and all connections to the network fail. No network access, no internet access. The only machine still connected to the network and the internet is the wired desktop machine.
  What I've tried:
  At this point, I usually power cycle the Linksys router - and viola, back to normal.
  As far as settings-side, I've tried changing just about every setting I can that wont break the system; I've tried changing channels, changing the encryption, changing the IP of the router... and nothing seems to fix the problem.
  I've also looked at just about every forum, posting, help-reference, and how-to, and I can't seem to find a solution to the problem, or even what's really happening to cause it.
  Normally, I wouldn't take issue with having to restart the router. It's not a big issue for me, personally. But I set up this network for someone else, and at the end of this month I am moving, so I would like to fix and resolve the issue so that they don't have to restart the router every week. They are not very tech-savvy people and I don't want to make things more complicated than they have to be. At the least it's a minor inconvenience, and at the most it's a disaster and a call every week from them asking how to fix it.
  Message Edited by on 07-29-2007 12:34 PM
  Message Edited by   on 07-29-2007 12:35 PM

  I have this exact same issue. I'm using the WRT54G v8 with Firmware Version: v8.00.2 (latest version)
  The log feature of mine was turned on, so I've turned it off.
  As for the P2P, 2 of the 5 computers connected to my network are using it. Are there any suggestions to resolve/help the P2P problem?
  I've also noticed that when the 'no setup page' problem happens, if I do an LAN port scan of the router, port 80 is no longer open. Very wierd.
  After chatting with the Linksys Tech support, they say to take it back to the store (although I'll try these options first)

• How to buffer data when network goes down

  I am not a LabView programmer.  One of the programmers here has written a program which writes data to a network computer.  Unfortunately on occassions where the network has a glitch maybe for a few seconds or even a fraction of a second. the program will lose all of the data which it was writing.
  Is there anyway in which they could write the program so that it would buffer the data and save it else where.

  TCP is designed to handle small network outages automatically. You should not need to worry about loosing data unless the outage is excessive or you are using a stateless protocol such as UDP instead of TCP. Just make sure you are using a single TCP connection for the entire communication.
  If you use UDP, buffering will involve some code to make sure that only lost segments get retransmitted. You could do some out of band communnication (e.g. on a second port) so the two sides can detect network glitches and keep each other informed.
  This will not be easy unless you know some LabVIEW, though.
  LabVIEW Champion . Do more with less code and in less time .

• Airport Network goes down when copying large files to USB network drive

  My apologies if this has been covered before. This is my first post and I am new to the forums.
  For several months my wife and I have been using the Airport Extreme 802.11n (Gigabit Ethernet). I use Windows and she uses Leopard. We recently purchased a Western Digital MFL Pro (500GB). If the external drive is connected directly to my PC via USB I can copy to it without any problem. If the external drive is connected to the Airport via USB then if you copy files (generally) over 2GB it takes the whole network down. At that point we have to unplug the Airport wait a few seconds and then plug it back in. It's frustrating because the drive works when connected directly, but not when it's connected to the Airport.
  Also, I am hardwired to the Airport (Ethernet) so it is not a wifi issue. Our firmware version is 7.2.1 which is the latest, plus I also updated the software that runs under Windows (5.3.1).
  Does anyone know what is happening here? Is this a known issue? Is there a work around or fix available?

  I've also experienced this problem with my AEBS and an Iomega 500GB MiniMax drive. My Iomega Drive was formatted for HFS+ from the beginning and I've had no problems accessing it from both my Mac and my Windows PC.
  I've been monitoring these groups for signs of a solution, I've talked to the geniuses at one of the Apple Stores near me and so far there's no sign of a resolution. I've sent in feedback to Apple but had no response to it so far (don't know if that's usual).
  The only suggestion that has been put forward so far is to take my AEBS, Iomega Hard drive and laptop to an Apple Store and demonstrate the problems there in the hope that a solution can be reached.
  I've since purchased a 500GB Time Capsule but haven't had a chance to do the same test on that yet, but as far as Time Machine backups go its worked flawlessly so far (touch wood).
  Regards,
  Jason
  Message was edited by: jbroomfi

• EBS 11i - Concurrent Manager goes down due to network failure.

  Hi,
  We have a Single Node Oracle EBS 11i (11.5.10) [upgraded from 11.0.3] Production Instance on a Windows 2003 (32-Bit) server.
  We have UPS support for the Server but the Netwok Switch is not on UPS. Due to this whenever there is a power trip the network goes down and due to this the Concurrent Manager (only)goes down. All other Apps Tier and DB Tier services are up inlcluding the 806 Listener (APPS_SID).
  Is this how it is designed to work? Is there anyway to ensure that the Conc. Manager does not go down due to network failure.
  Rgds,
  Thiru

  Here it is
  Process monitor session ended : 02-OCT-2009 07:30:04
  The Internal Concurrent Manager has encountered an error.
  Review concurrent manager log file for more detailed information. : 02-OCT-2009 07:43:16 -
  Shutting down Internal Concurrent Manager : 02-OCT-2009 07:45:56
  Reviver is not enabled, not spawning a reviver process.
  List of errors encountered:
  _ 1 _
  Routine AFPCMT encountered an ORACLE error. ORA-01041: internal error.
  hostdef extension doesn't exist
  Review your error messages for the cause of the error. (=<POINTER>)
  _ 2 _
  Routine AFPSMG encountered an ORACLE error. ORA-03114: not connected
  to ORACLE
  Review your error messages for the cause of the error. (=<POINTER>)
  _ 3 _
  Routine FDPCRQ encountered an ORACLE error. ORA-03113: end-of-file on
  communication channel
  Review your error messages for the cause of the error. (=<POINTER>)
  APP-FND-01564: ORACLE error 1041 in fdudat
  Cause: fdudat failed due to ORA-01041: internal error. hostdef extension doesn't exist.
  The SQL statement being executed at the time of the error was: &SQLSTMT and was executed from the file &ERRFILE.
  List of errors encountered:
  _ 1 _
  Routine AFPCAL received failure code while parsing or running your
  concurrent program CPMGR
  Review your concurrent request log file for more detailed information.
  Make sure you are passing arguments in the correct format.
  The PROPTRN_1002@PROPTRN internal concurrent manager has terminated with status 1 - giving up.

• IP over FireWire keeps going down

  I use IP over FireWire with static IP addresses to sync two Macs every day. Every since upgrading to Leopard, that Mac that runs the sync keeps losing its IP over FireWire connection - it looks OK in the Network prefs pane, but won't mount the other machine's drive over AFP until I reboot.
  Any idea what might be going on?

  I use something completely different than 192.x.x.x. I use 10.10.0.x. I don't really see how this could have anything to do with anything if it works perfectly and then stops working. I could understand if it doesn't work at all, so maybe you can explain the logic behind this then I could configure things differently in an attempt to affect a fix.
  As for the adapters (and drivers) in question, there are ~7 devices accessing the guest network. They are all using a variety of chipsets, 1 is ralink, 1 is broadcom, 1 is atheros, 1 is realtek, 1 is an iPad, whatever that uses and then there's a roku box and 1 android phone.
  As I mentioned, they work perfectly when they work - when the guest network goes down nothing can connect to it so I don't think it can be the driver. If it were to be a driver issue then it wouldn't work properly from the getgo, or 1 or 2 devices with bad drivers would fault, but in this case it's all of them.
  Oddly enough, my wireless stuff and lan is never affected. just the guest network but I have to reboot every time the issue crops up to fix it.
  Any help would be appreciated as I'd really rather not have to go spend money on something else.
  Is there anyone currently replying to this that uses their GN long term? If not could you please try? By long term I mean constantly use it and let me know if it goes down eventually. I'd really like to figure this out.

• DA server within a DMZ - ports needed for internal network

  Hi,
   I'm planning on adding a domain joined DA server in my DMZ. The DA server will have 2 NICs, one for the internal network and the other for the external. I'll be using two consecutive public IPv4 addresses.
  On my external firewall I'll be opening the following ports for my DA server:
  - Port 443 inbound and outbound
  - UDP 3544 inbound and outbound.
  On my Juniper firewall between the internal network and DMZ I'll be opening the following bi directional ports between my DC and DA server:
  - IP Protocol 41 inbound and outbound.
   TCP/UDP 53, 88, 3389, 389, 443, 445, 636, 3268, 3269
  Am I right in thinking that in order for my DA clients to reach file shares (for example) I need to ensure that the required protocol and ports are open between my DA server and my file share (i.e. 443)? Doesn't this open a whole load of security holes?
  Thanks
  IT Support/Everything

  Hi there - in a similar scenario on many customer sites i have done the following configurations on the Internal Firewalls
  Internal IP of the DA Server ---> allow all traffic to selected VLAN's
  The above rule is restricting traffic from the DA Server to the required VLAN's / Networks you specify, The reasoning being is that Direct Access requires full connectivity to your apps / infrastructure. 
  john davies

• SLP received service register/deregister error from directory agent

  What's up with this message?
  We occasionally see it on our NetWare 6.5 SP5 servers (and others):
  SLP received service register/deregister error from directory agent.
  Address BLAH, error 2
  We have two DA's, single IP on each.
  The "other" servers are set to "4" for their discovery type (single NIC,
  but multiple IP's).
  Static scope list.
  Display slpda shows active/active on the "other" servers.
  On the DA's, the loopback shows active, as does the "other" DA (they
  point to each other).

  In article <[email protected]>,
  [email protected] says...
  > On 1/16/2007 m_jonis wrote:
  >
  > > SLP received service register/deregister error from directory agent.
  > > Address BLAH, error 2
  >
  > The SLPDA maintains the list of all services from all servers in the
  > working SLP scope. If a server from within a scope stops the service
  > of, let's say iManager, then this change is send over to the SLPDA
  > to deregister this service from being announced.
  >
  > The services are listed as URL: when you issue the DISPLAY SLP
  > SERVICES command.
  >
  >
  >
  So this is kinda an "informational" message and not really an error,
  then?
  So we didn't actually do anything wrong (for once)?

• TMG 2010 Array Brings down the entire internal network

  Ok, so this is a weird as it sounds. 
  We've been working with ISA and TMG since 2004, this is the first time I've seen this kind of behavior. Let me explain the details.
  We implemented 3 TMG 2010 Servers in an Array and 2 EMS Servers on Windows Server 2008 R2. Each TMG Server has 4 NICs (Internal, External, DMZ-Intra-array). At first we wanted to enable them with an F5 Hardware Load Balancer but after weeks of trying to
  make them work together we couldn't (SNAT and routing issues related), so we tried using Windows NLB but had problems with the Multicast configuration using VMWare and after some other battles we decided to first try out just using one TMG Server as the main
  one to try to make it work. The customer we are implementing this is currently using ISA 2006 and they wanted to upgrade to TMG 2010 using basically the same stuff as their ISA had, so we backed up that configuration and imported it into TMG without problems.
  We added the TMG Servers on the EMS configuration and everything replicated just fine.
  Since they already had IPS, Cisco ASAs and Ironports as Proxy they decided to disable NIS, Malware inspection, Flood Mitigation and all those things TMG has for better securing Internet traffic.
  The firewall policy rules are about 100 and they have 3 publishing rules to HTTPS Services. 
  So after making the necessary configuration changes to the TMG infrastructure, we then decided to unplug the ISA Servers, change the TMG servers IP Address to the ISA Server ones and test to see if everything worked just as ISA Server did. However it didn't.
  At first we have issues related to slow internet traffic, after troubleshooting for some time we ended up finding out that the Source IP used by TMG was different that the one ISA was using, even if the same IP was configured in the NIC and the other IPs
  were configured as alternate. We found out after some searching that Windows Server 2008 R2 uses some RFC and manipulates the IP Address on a NIC in a way that 2003 didn't. We found out that we needed to add the other IPs via Netsh int ipv4 add address
  <Interface Name> <ip address> skipassource=true
  After that configuration we got things working fine... for a while, several hours later, servers started losing connectivity, switches stopped responding and the entire network was collapsed! After unplugging the TMG Servers, everything returned back to
  normal.  We though this was a issue related to drivers or something to do with VMWare plataform, so it was decided to reinstall everything on physical servers.
  After some days of reconfiguring again TMG Servers, we made the switch again, unplugged the ISA Servers, configured the TMG with the ISA IP Addresses, did the NETSH thing and then tested out everything and everything worked.
  But again hours later the same behavior appeared once more! Servers and switches stopped responding and the entire network went down once more! Again we unplugged the TMG Servers and everything returned back to normal!
  So here we are, back to square one with no clue on what is causing this behavior on the network. The current physical servers are running HP 3666i 4 multiport 10Gb NICs, we don't know if that has something to do with this. Or the fact the the switch core
  to which the TMG servers are directly connected to is a Nexus 7000 and there is some configuration issues with it against the TMG or something. The TMGs are patched with Service Pack 2 Update Rollup 5.
  We are probably going to open a support case with Microsoft with this issue, but we first wanted to see if anyone else may have had, seen or heard something related to this and has an explanation or ideas on why is this happening.
  I appreciate any replies.
  Thank you all.
  Eduardo Rojas

  Hi, I belive your TMG is virtual and NLB is setup. If so you need to bind the physical swith port with NLB MAK address in multicaste mode. Let's take an example, if your internal NLB physical NIC is connected to swith port 1 and 2 then you need to manually
  bind the NLB MAK to port 1 and 2 like wise for all NLB enabled zone.Read VM ware NLB as they support multicaste in virtual. So do not use unicaste in NLB if it's virtual. All should be okay with the above configuration.

• Server 2012 restrict active directory dynamic ports

  Hello,
  Has anyone encountered issues with restricting the Active Directory dynamic ports for Netlogon and NTDS in Server 2012?  I have followed the added the typical registry entries as described below but I still see my RDS gateway in the DMZ trying to communicate
  to my internal DC over other ephemeral ports (49158).  I have rebooted the DC after the registry changes and still no effect.  Are the reg entries the same in 2012?  Any help would be appreciated.  Thank you
  Registry key 1 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters 
  Registry value: TCP/IP Port 
  Value type: REG_DWORD 
  Value data: 49152 (This value needs to be specified in decimal format)
  Registry key 2 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters 
  Registry value: DCTcpipPort 
  Value type: REG_DWORD 
  Value data: 49153 (This value needs to be specified in decimal format)
  Eddie Espino | Secure Data Solutions | Miami, Florida | Microsoft Partner

  Hi,
  There are at least two options that can be used to allow replication when there are network traffic filters (aka firewall) in the network, across two DCs:
  1. Use registry keys on the DCs to force communication over specific ports
  2. Use IPsec to restrict the traffic to two ports only (IP 50 and IP 51)
  I tried to find some relevant documents, but could not find support for restricting the Active Directory dynamic ports for Netlogon and NTDS in Server 2012. You could refer to the following article, it may help you to solve your issues:
  Restricting AD Replication Traffic between DCs to only a few ports
  http://blogs.technet.com/b/luistog/archive/2012/05/08/restricting-ad-replication-traffic-between-dcs-to-only-a-few-ports.aspx
  Regards,
  Mandy Ye

• Cisco ASA 5505 Routing between internal networks

  Hi,
  I am new to Cisco ASA and have been configuring my new firewall but one thing have been bothering. I cannot get internal networks and routing between them to work as I would like to. Goal is to set four networks and control access with ACL:s between those.
  1. Outside
  2. DMZ
  3. ServerNet1
  4. Inside
  ASA version is 9.1 and i have been reading on two different ways on handling IP routing with this. NAT Exempt and not configuring NAT at all and letting normal IP routing to handle internal networks. No matter how I configure, with or without NAT I cannot get access from inside network to DMZ or from ServerNet1 to DMZ. Strange thing is that I can access services from DMZ to Inside and ServerNet1 if access list allows it. For instance DNS server is on Inside network and DMZ works great using it.
  Here is the running conf:
  interface Ethernet0/0
  switchport access vlan 20
  interface Ethernet0/1
  switchport access vlan 20
  interface Ethernet0/2
  switchport access vlan 19
  interface Ethernet0/3
  switchport access vlan 10
  switchport trunk allowed vlan 10,19-20
  switchport trunk native vlan 1
  interface Ethernet0/4
  switchport access vlan 10
  interface Ethernet0/5
  switchport access vlan 10
  switchport trunk allowed vlan 10-11,19-20
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/6
  switchport access vlan 10
  switchport trunk allowed vlan 10-11,19-20
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/7
  switchport access vlan 10
  interface Vlan10
  nameif inside
  security-level 90
  ip address 192.168.2.1 255.255.255.0
  interface Vlan11
  nameif ServerNet1
  security-level 100
  ip address 192.168.4.1 255.255.255.0
  interface Vlan19
  nameif DMZ
  security-level 10
  ip address 192.168.3.1 255.255.255.0
  interface Vlan20
  nameif outside
  security-level 0
  ip address dhcp setroute
  ftp mode passive
  clock timezone EEST 2
  clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network obj-192.168.2.0
  subnet 192.168.2.0 255.255.255.0
  object network obj-192.168.3.0
  subnet 192.168.3.0 255.255.255.0
  object network DNS
  host 192.168.2.10
  description DNS Liikenne
  object network Srv2
  host 192.168.2.10
  description DC, DNS, DNCP
  object network obj-192.168.4.0
  subnet 192.168.4.0 255.255.255.0
  object network ServerNet1
  subnet 192.168.4.0 255.255.255.0
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group network RFC1918
  object-group network InternalNetworks
  network-object 192.168.2.0 255.255.255.0
  network-object 192.168.3.0 255.255.255.0
  object-group service DM_INLINE_SERVICE_1
  service-object tcp destination eq domain
  service-object udp destination eq domain
  service-object udp destination eq nameserver
  service-object udp destination eq ntp
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq www
  port-object eq https
  port-object eq ftp
  port-object eq ftp-data
  object-group service rdp tcp-udp
  description Microsoft RDP
  port-object eq 3389
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq ftp
  port-object eq ftp-data
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_SERVICE_2
  service-object tcp destination eq domain
  service-object udp destination eq domain
  object-group network DM_INLINE_NETWORK_1
  network-object object obj-192.168.2.0
  network-object object obj-192.168.4.0
  access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
  access-list dmz_access_in extended deny ip any object-group InternalNetworks
  access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
  access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
  access-list DMZ_access_in extended deny ip any object-group InternalNetworks
  access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
  access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
  access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
  access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
  access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
  access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
  access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
  access-list ServerNet1_access_in extended permit ip any any
  pager lines 24
  logging enable
  logging asdm informational
  mtu ServerNet1 1500
  mtu inside 1500
  mtu DMZ 1500
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-711-52.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,DMZ) source static obj-192.168.2.0 obj-192.168.2.0 destination static obj-192.168.2.0 obj-192.168.2.0 no-proxy-arp
  object network obj_any
  nat (inside,outside) dynamic interface
  nat (DMZ,outside) after-auto source dynamic obj_any interface destination static obj_any obj_any
  nat (ServerNet1,outside) after-auto source dynamic obj-192.168.4.0 interface
  access-group ServerNet1_access_in in interface ServerNet1
  access-group inside_access_in in interface inside
  access-group DMZ_access_in in interface DMZ
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  http 192.168.4.0 255.255.255.0 ServerNet1
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpool policy
  telnet timeout 5
  ssh 192.168.4.0 255.255.255.0 ServerNet1
  ssh 192.168.2.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous

  Hi Jouni,
  Yep, Finnish would be good also =)
  In front of ASA is DSL modem, on the trunk ports is Hyper-V host that uses the trunk ports so that every VM has their VLAN ID defined in the VM level. Everything is working good on that end. Also there is WLAN Access Pois on one of the ASA ports, on the WLAN AP there is the management portal address on DMZ that i have been testing agains (192.168.3.4)
  If i configure Dynamic PAT from inside to the DMZ then the traffic starts to work from inside to all hosts on DMZ but thats not the right way to do it so no shortcuts =)
  Here is the conf now, still doesnt work:
  interface Ethernet0/0
  switchport access vlan 20
  interface Ethernet0/1
  switchport access vlan 20
  interface Ethernet0/2
  switchport access vlan 19
  interface Ethernet0/3
  switchport access vlan 10
  switchport trunk allowed vlan 10,19-20
  switchport trunk native vlan 1
  interface Ethernet0/4
  switchport access vlan 10
  interface Ethernet0/5
  switchport access vlan 10
  switchport trunk allowed vlan 10-11,19-20
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/6
  switchport access vlan 10
  switchport trunk allowed vlan 10-11,19-20
  switchport trunk native vlan 1
  switchport mode trunk
  interface Ethernet0/7
  switchport access vlan 10
  interface Vlan10
  nameif inside
  security-level 90
  ip address 192.168.2.1 255.255.255.0
  interface Vlan11
  nameif ServerNet1
  security-level 100
  ip address 192.168.4.1 255.255.255.0
  interface Vlan19
  nameif DMZ
  security-level 10
  ip address 192.168.3.1 255.255.255.0
  interface Vlan20
  nameif outside
  security-level 0
  ip address dhcp setroute
  ftp mode passive
  clock timezone EEST 2
  clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
  object network obj_any
  subnet 0.0.0.0 0.0.0.0
  object network obj-192.168.2.0
  subnet 192.168.2.0 255.255.255.0
  object network obj-192.168.3.0
  subnet 192.168.3.0 255.255.255.0
  object network DNS
  host 192.168.2.10
  description DNS Liikenne
  object network Srv2
  host 192.168.2.10
  description DC, DNS, DNCP
  object network obj-192.168.4.0
  subnet 192.168.4.0 255.255.255.0
  object network ServerNet1
  subnet 192.168.4.0 255.255.255.0
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group network RFC1918
  object-group network InternalNetworks
  network-object 192.168.2.0 255.255.255.0
  network-object 192.168.3.0 255.255.255.0
  object-group service DM_INLINE_SERVICE_1
  service-object tcp destination eq domain
  service-object udp destination eq domain
  service-object udp destination eq nameserver
  service-object udp destination eq ntp
  object-group service DM_INLINE_TCP_1 tcp
  port-object eq www
  port-object eq https
  port-object eq ftp
  port-object eq ftp-data
  object-group service rdp tcp-udp
  description Microsoft RDP
  port-object eq 3389
  object-group service DM_INLINE_TCP_2 tcp
  port-object eq ftp
  port-object eq ftp-data
  port-object eq www
  port-object eq https
  object-group service DM_INLINE_SERVICE_2
  service-object tcp destination eq domain
  service-object udp destination eq domain
  object-group network DM_INLINE_NETWORK_1
  network-object object obj-192.168.2.0
  network-object object obj-192.168.4.0
  object-group network DEFAULT-PAT-SOURCE
  description Default PAT source networks
  network-object 192.168.2.0 255.255.255.0
  network-object 192.168.3.0 255.255.255.0
  network-object 192.168.4.0 255.255.255.0
  access-list dmz_access_in extended permit ip object obj-192.168.3.0 object obj_any
  access-list dmz_access_in extended deny ip any object-group InternalNetworks
  access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object DNS eq domain
  access-list DMZ_access_in extended permit object-group TCPUDP object obj-192.168.3.0 object-group DM_INLINE_NETWORK_1 object-group rdp
  access-list DMZ_access_in extended deny ip any object-group InternalNetworks
  access-list DMZ_access_in extended permit tcp object obj-192.168.3.0 object obj_any object-group DM_INLINE_TCP_2
  access-list inside_access_in extended permit ip object obj-192.168.2.0 object-group InternalNetworks
  access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj_any object-group rdp
  access-list inside_access_in extended permit tcp object obj-192.168.2.0 object obj_any object-group DM_INLINE_TCP_1
  access-list inside_access_in extended permit object-group DM_INLINE_SERVICE_1 object Srv2 object obj_any
  access-list inside_access_in extended permit object-group TCPUDP object obj-192.168.2.0 object obj-192.168.3.0 object-group rdp
  access-list ServerNet1_access_in extended permit object-group DM_INLINE_SERVICE_2 any object DNS
  access-list ServerNet1_access_in extended permit ip any any
  pager lines 24
  logging enable
  logging asdm informational
  mtu ServerNet1 1500
  mtu inside 1500
  mtu DMZ 1500
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-711-52.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (any,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
  access-group ServerNet1_access_in in interface ServerNet1
  access-group inside_access_in in interface inside
  access-group DMZ_access_in in interface DMZ
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.2.0 255.255.255.0 inside
  http 192.168.4.0 255.255.255.0 ServerNet1
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpool policy
  telnet timeout 5
  ssh 192.168.4.0 255.255.255.0 ServerNet1
  ssh 192.168.2.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous

• Using DNS Services on an internal network and still using an outside DNS

  I have just started using Mac OSX Server for the first time and I am trying to set up an internal DNS server so I can set up an LDAP Directory master and replica. However, I am running into some problems in setting up the DNS server on our network.
  This is where it gets a little confusing to me here and i have to explain some things. We have a shared web hosting ISP, which means that our mail services and web hosting services are not hosted on site. To access our mail services using a FQDN I would point Outlook to mail.xxx-xxx.net. However, I want to use that domain, xxx-xxx.net, as our internal network as well because it is the name of our company.
  I can get all of the DNS names to propogate to their assigned IP's on the internal network and can ping everything using fully qualified domain names, but whenever I go to use services such as mail., it cannot find the server which is hosting that service because it is obviously not on our internal network. This makes sense that I cannot ping it, but how do I set up the alias mail.xxx-xxx.net to point to the ip address of the mail servers hosted by our ISP instead of something hosted on our internal network?
  Sorry I can't clarify better, I'll try some cliff's instead;
  1) Trying to set up internal dns server so I can use LDAP Directory Master and Replica Services.
  2) The domain, xxx-xxx.net is currently being used for web hosting and mail services not hosted at our site.
  3) Want to use the domain xxx-xxx.net as our internal domain because it is the name of our company, and eventually we will be hosting our own content.
  4) Can set up internal DNS server and get all IP's to propagate just fine, but services such as mail.xxx-xxx.net cannot be used because they are not hosted on the internal network.
  5) How do I set up DNS to point certain services to point to an external DNS servers, or to the IP address of the server itself so I don't have to use the ip address i.e. mail.216.256.33.24?

  Ok I got it
  Here's my walkthrough for all the other tormented souls, that might find this thread and require help:
  Introduction:
  Internet-card: ra0 192.168.16.64
  Internet-gateway, nameserver 192.168.16.1
  local-network-card eth1 192.168.15.1
  [1] modprobe capabilty
     -> /etc/rc.conf
  [2] pacman -S
     * dhcpd (DHCP daemon)
     * bind (Berkeley Domain Name Server)
  [3] vi /etc/dhcpd.conf
  ddns-update-style ad-hoc;
  option domain-name "example.org";
  option domain-name-servers ns1.example.org, ns2.example.org;
  default-lease-time 600;
  max-lease-time 7200;
  subnet 192.168.15.0 netmask 255.255.255.0
  # --- default gateway
  option routers 192.168.15.1;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.15.255;
  option domain-name-servers 192.168.15.1;
  range 192.168.15.2 192.168.15.254;
  default-lease-time 21600;
  max-lease-time 43200;
  [4] vi /etc/named.conf
  acl micro
  192.168.15.0/24;
  options {
  directory "/var/named";
  pid-file "/var/run/named/named.pid";
  auth-nxdomain yes;
  datasize default;
  allow-query{ micro; };
  allow-recursion { micro; };
  [5]
  /etc/rc.d/dhcpd start
  /etc/rc.d/named start
      -> rc.conf
  [6] iptables
  vi /etc/sysctl.conf
  net.ipv4.ip_forward = 1
  iptables -t nat -A POSTROUTING -o ra0 -j SNAT --to 192.168.16.64
  iptables -A INPUT -j DROP -m state --state NEW,INVALID -i ippp0
  iptables -A FORWARD -j DROP -m state --state NEW,INVALID -i ippp0
  make it a script that is run in /etc/rc.local