Splitting traffic between 2 diff instances of WLS (one  5.1 & other 7.0)

Similar Messages

• Communication between Two WebLogic instances on the same machine

  Hi,
  We're having a problem with communication between two copies of Weblogic on
  the same machine. They are configured with seperate ports (regular and SSL).
  Independantly, they run fine. I can access EJBs running on either of them.
  The problem is that a bean in one of them has code which attempts to access
  an EJB on the other one. The procude fails when trying to obtain the initial
  context. This same code works if compilied independantly of WebLogic on the
  same machine.
  Are there any known issues regards communication between two running
  instances of Weblogic on the same machine?
  Thanks in advance,
  Randy Yarger
  marchFIRST
  [email protected]

  Thanks for the prompt reply.
  There is one IP address (internal address 10.227.1.34) one the machine. WLS1
  is set up at ports 7001 and 5133. WLS2 is setup at ports 7004 and 7005.
  When WLS1 attempts to obtain a context to WLS2 with the URL
  t3://10.227.1.34:7004/ it pauses for a long period of time. Running truss
  on the both WLS processes shows communication occuring between the two
  followed by long periods of silence. Finally WLS2 spits out the error
  ConnectionException[7001,7001,5133,5133,7001,7001] (paraphrased, I can get
  the entire error if it would help).
  After another long pause, WLS1 quits trying with the error 'Server
  10.227.1.34:7004 not found' (again paraphrased).
  Among the things we've tried:
  * Changing the URL from the IP to 127.0.0.1
  * Enabling/disabling SSL on either or both WLSs.
  * Changing the server name in WLS2's copy of weblogic.properties from
  'myserver' to 'myserver2' (previously they were both 'myserver')
  * Upgrading WLS2 to 5.1.0sp5 (Tried upgrading WLS1, but was getting class
  not found errors and quit because that WLS is being used by other people)
  This is a Solaris server. WLS1 is running 5.1.0 and WLS2 is running 5.1.0sp5
  Any suggestions would be appreciated.
  Best,
  Randy Yarger
  marchFIRST
  [email protected]
  "Michael Girdley" <[email protected]> wrote in message
  news:[email protected]...
  >
  >
  There should not be. What is your network configuration? Are they on
  separate IP addresses?
  Thanks,
  Michael
  Michael Girdley
  BEA Systems Inc
  "Randy Jay Yarger" <[email protected]> wrote in message
  news:[email protected]...
  Hi,
  We're having a problem with communication between two copies of Weblogicon
  the same machine. They are configured with seperate ports (regular andSSL).
  Independantly, they run fine. I can access EJBs running on either of
  them.
  The problem is that a bean in one of them has code which attempts toaccess
  an EJB on the other one. The procude fails when trying to obtain theinitial
  context. This same code works if compilied independantly of WebLogic onthe
  same machine.
  Are there any known issues regards communication between two running
  instances of Weblogic on the same machine?
  Thanks in advance,
  Randy Yarger
  marchFIRST
  [email protected]

• ASA 5510 Not able to route traffic between 2 LAN interfaces

  Hi everybody,
  I need help to enable traffic between two physical ports on my Cisco ASA 5510. I created access rules and NAT but traffic doe not go from accounting interface to Inside. I am able to access internet from both interfaces. Can someone pin point me in the right direction since I am not an expert in Cisco but has to finish this by the end of the week.
  Thank you,
  Sigor
  Here is my configuration:
  ASA Version 8.2(2)
  hostname Cisco
  domain-name xxx.com
  names
  interface Ethernet0/0
   description Outside
   nameif Outside
   security-level 0
   ip address 101.101.101.101 255.255.240.0
  interface Ethernet0/1
   description Inside Network
   nameif Inside
   security-level 90
   ip address 192.168.10.1 255.255.255.0
  interface Ethernet0/2
   description Accounting
   nameif Accounting
   security-level 100
   ip address 20.0.1.1 255.255.255.0
  interface Ethernet0/3
   shutdown
   no nameif
   no security-level
   no ip address
  interface Management0/0
   nameif management
   security-level 100
   ip address 192.168.1.1 255.255.255.0
   management-only
  ftp mode passive
  clock timezone EST -5
  dns domain-lookup Outside
  dns server-group DefaultDNS
   name-server 8.8.8.8
   domain-name xxx.com
  same-security-traffic permit inter-interface
  object-group service Port-10000 tcp
   port-object eq 10000
  object-group service Port-8080 tcp
   port-object eq 8080
  object-group service Port-8011 tcp
   port-object eq 8011
  object-group service DM_INLINE_TCP_1 tcp
   group-object Port-8080
   port-object eq www
   group-object Port-8011
  object-group service DM_INLINE_TCP_2 tcp
   group-object Port-10000
   port-object eq https
   port-object eq www
  object-group service rdp tcp
   port-object eq 3389
  object-group service DM_INLINE_TCP_3 tcp
   group-object rdp
   port-object eq ftp
  object-group service DM_INLINE_TCP_4 tcp
   group-object Port-10000
   port-object eq www
   port-object eq https
   port-object eq ssh
  object-group service DM_INLINE_TCP_5 tcp
   group-object Port-8011
   group-object Port-8080
   port-object eq www
  object-group service DM_INLINE_TCP_6 tcp
   group-object Port-10000
   port-object eq www
   port-object eq https
  object-group service DM_INLINE_TCP_7 tcp
   group-object rdp
   port-object eq ftp
  access-list Outside_access_in extended permit tcp any host 101.101.101.104 object-group DM_INLINE_TCP_5
  access-list Outside_access_in extended permit tcp any host 101.101.101.102 object-group DM_INLINE_TCP_6
  access-list Outside_access_in extended permit tcp any host 101.101.101.103 object-group DM_INLINE_TCP_7
  access-list Outside_access_in extended permit tcp any host 101.101.101.106 eq smtp                                                              
  access-list Outside_1_cryptomap extended permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0
  access-list Inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.50.0 255.255.255.0
  access-list Inside_nat0_outbound extended permit ip 192.168.10.0 255.255.255.0 192.168.80.0 255.255.255.0
  access-list CiscoIPsec_splitTunnelAcl standard permit 192.168.10.0 255.255.255.0                                                                
  access-list Accounting extended permit ip 20.0.1.0 255.255.255.0 192.168.10.0 255.255.255.0
  access-list Accounting extended permit ip 20.0.1.0 255.255.255.0 any
  pager lines 24
  logging asdm informational
  mtu Outside 1500
  mtu Inside 1500
  mtu Accounting 1500
  mtu management 1500
  ip local pool IPSecDHCP 192.168.80.100-192.168.80.200 mask 255.255.255.0
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (Outside) 1 interface
  nat (Inside) 0 access-list Inside_nat0_outbound
  nat (Inside) 1 0.0.0.0 0.0.0.0
  nat (Accounting) 1 0.0.0.0 0.0.0.0
  static (Inside,Outside) tcp 101.101.101.104 www 192.168.10.14 www netmask 255.255.255.255
  static (Inside,Outside) tcp 101.101.101.104 8011 192.168.10.14 8011 netmask 255.255.255.255
  static (Inside,Outside) tcp 101.101.101.104 8080 192.168.10.14 8080 netmask 255.255.255.255
  static (Inside,Outside) tcp 101.101.101.102 10000 192.168.10.3 10000 netmask 255.255.255.255
  static (Inside,Outside) tcp 101.101.101.102 https 192.168.10.3 https netmask 255.255.255.255
  static (Inside,Outside) tcp 101.101.101.102 www 192.168.10.3 www netmask 255.255.255.255
  static (Inside,Outside) tcp 101.101.101.103 ftp 192.168.10.17 ftp netmask 255.255.255.255
  static (Inside,Outside) tcp 101.101.101.103 3389 192.168.10.32 3389 netmask 255.255.255.255
  static (Inside,Outside) tcp 101.101.101.106 smtp 192.168.10.23 smtp netmask 255.255.255.255
  static (Inside,Accounting) 192.168.10.0 192.168.10.0 netmask 255.255.255.0
  access-group Outside_access_in in interface Outside
  access-group Accounting in interface Accounting
  route Outside 0.0.0.0 0.0.0.0 101.101.101.101 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.168.10.0 255.255.255.0 Inside
  http 20.0.1.0 255.255.255.0 Accounting
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
  crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
  crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
  crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
  crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 32608000
  crypto ipsec security-association replay disable
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256
  -SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
  crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set security-association lifetime kilobytes 4608000
  crypto map Outside_map 1 match address Outside_1_cryptomap
  crypto map Outside_map 1 set pfs group1
  crypto map Outside_map 1 set peer 89.216.17.35
  crypto map Outside_map 1 set transform-set ESP-3DES-SHA
  crypto map Outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
  crypto map Outside_map interface Outside
  crypto isakmp enable Outside
  crypto isakmp policy 10
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  telnet timeout 5
  ssh 192.168.10.0 255.255.255.0 Inside
  ssh timeout 5
  console timeout 0
  dhcpd address 20.0.1.100-20.0.1.200 Accounting
  dhcpd dns 192.168.10.19 8.8.8.8 interface Accounting
  dhcpd lease 306800 interface Accounting
  dhcpd domain abtscs.com interface Accounting
  dhcpd enable Accounting
  dhcpd address 192.168.1.2-192.168.1.254 management
  dhcpd enable management
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  group-policy CiscoIPsec internal
  group-policy CiscoIPsec attributes
   dns-server value 192.168.10.30 192.168.10.19
   vpn-tunnel-protocol IPSec
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value CiscoIPsec_splitTunnelAcl
   default-domain value xxx.com
   vpn-group-policy CiscoIPsec
  tunnel-group 198.226.20.35 type ipsec-l2l
  tunnel-group 198.226.20.35 ipsec-attributes
   pre-shared-key *****
  tunnel-group CiscoIPsec type remote-access
  tunnel-group CiscoIPsec general-attributes
   address-pool IPSecDHCP
   default-group-policy CiscoIPsec
  tunnel-group CiscoIPsec ipsec-attributes
   pre-shared-key *****
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:2a7c97a7a22397908ef83ca6f0065919
  : end

  Without diving too deep into your config, I noticed a couple of things:
  interface Ethernet0/1
   description Inside Network
   nameif Inside
   security-level 90
   ip address 192.168.10.1 255.255.255.0
  interface Ethernet0/2
   description Accounting
   nameif Accounting
   security-level 100
   ip address 20.0.1.1 255.255.255.0
  On an ASA, higher security level interfaces are always allowed, by default, to lower security levels, but not the other way around. So, if you want to keep this config, you would need an acl on the Inside interface to allow traffic to go from level 90 to 100:
  access-list Inside permit ip any any
  access-group Inside in interface Inside
  The acl will permit the traffic into either interface (outside or Accounting). As long as you have your other rules set up correctly, this should resolve your issue...
  HTH,
  John

• Error in shared component import within same as well as diff instance.

  Please help me with below issue:
  I am trying to import shared components related to a single page within same instance to diff application.I changed the application_id to target application_id and also set wwv_flow_api.g_id_offset to diff value.
  Still getting following error:
  ORA-20001: GET_BLOCK Error. ORA-20001: Execution of the statement was unsuccessful. ORA-00001: unique constraint (APEX_030200.WWV_FLOW_MENU_TEMP_IDX2) violated &lt;pre&gt;begin begin wwv_flow_api.create_menu_template ( p_id=&amp;gt; 94480251996632657 + wwv_flow_api.g_id_offset, p_flow_id=&amp;gt; wwv_flow.g_flow_id, p_name=&amp;gt;'Breadcrumb Menu', p_before_first=&amp;gt;'', p_current_page_option=&amp;gt;'&amp;lt;a href=&amp;quot;#LINK#&amp;quot; class=&amp;quot;t20Current&amp;quot;&amp;gt;#
  And also tried to import shared components of single page to a application in diff instance.I changed the application_id,workspace_id with target application_id and workspace_id and also set wwv_flow_api.g_id_offset to diff value.
  there also I am getting same error.

  The error seems to be that the template (some breadcrumb template) does exist already. What kind of shared component do you want to copy? Some, like images and templates, can be shared between applications in the same workspace. Thats the main reason why they are named "shared". Also possible would be that this component was created or is using some standard template/theme/menu, that is created during the standard apex installation. Or it was already copied during the workspace installation.
  Edited by: Sven W. on Aug 7, 2012 7:42 PM

• A diff instance design

  Hey,
  I want to write a diff instance class.
  The DiffInstance will get two instances of the same class and will return a collection of difference between the instance.
  This is done because there are a lot of services that triger by changes in the model.
  For example - audit need the diff between previoues state to new state, businees trigers that are intresting in changes in the model state and etc.
  So i plan to get the new state in the fron service compare it to the old state and sent the diff to any registered service (like audit).
  1. are you agree with me that its better to take the diff in central place and avoid compute the diff in each of the registered services?
  2. what do you think will be a good structre for the diff result? my first thought was something like jxpath (or any other navigation expression like -http://java-source.net/open-source/expression-languages ), but i have two problems with this:
  a. sets
  b. what if one of this tools need to get the field for annotation info?
  any ideas?

  avihai wrote:
  Hey,
  I want to write a diff instance class.
  The DiffInstance will get two instances of the same class and will return a collection of difference between the instance.
  You do mean a class file and not either of the following?
  - java source
  - instance of a class
  This is done because there are a lot of services that triger by changes in the model.
  For example - audit need the diff between previoues state to new state, businees trigers that are intresting in changes in the model state and etc.
  So i plan to get the new state in the fron service compare it to the old state and sent the diff to any registered service (like audit).
  Sounds wrong to me. If you update something then you should plan on doing a static migration at the time of the update unless there is some business reason that prevents that. Attempting dynamic migration is not only very error prone but can impact performance for an indefinite period as well.
  1. are you agree with me that its better to take the diff in central place and avoid compute the diff in each of the registered services?
  2. what do you think will be a good structre for the diff result? my first thought was something like jxpath (or any other navigation expression like -http://java-source.net/open-source/expression-languages ), but i have two problems with this:
  a. sets
  b. what if one of this tools need to get the field for annotation info? No idea how that could be used to express a difference.
  The form of the difference is driven by the use to which the difference will be used. That said XML is one form.

• Deploying multiple apps on one instance of wls 8.1

  We currently have have one huge application (one ear file) running on one instance
  of wls 8.1. We plan to break this up in 3 different application (3 different ear
  files). We are using split
  development directory structure of weblogic 8.1. Out problem is, we have some
  ejbs and some war files (like servlets anf jsps) which are common across all the
  applications. How do we manage this ? Do we make a different application for this
  common component ?
  Thanks in advance.
  Yogesh

  Out of curiousity, why are you splitting up the ear?
  How do you intend to package the common ejbs/webapps across the 3 ear files?
  If you're going to copy the common files into each application, then i
  would probably have a separate build.xml that builds the common pieces.
  The other apps can just copy these common pieces into their build
  directory. If the common pieces aren't changing very frequently, then
  this is pretty nice.
  -- Rob
  Yogesh Ranjan wrote:
  We currently have have one huge application (one ear file) running on one instance
  of wls 8.1. We plan to break this up in 3 different application (3 different ear
  files). We are using split
  development directory structure of weblogic 8.1. Out problem is, we have some
  ejbs and some war files (like servlets anf jsps) which are common across all the
  applications. How do we manage this ? Do we make a different application for this
  common component ?
  Thanks in advance.
  Yogesh

• 2 vs 1 instance of WLS ?

  Greetings !!!
  Leaving other parametes same, would 2 instances of WLS with smaller
  values of Heap size, executeThreadCount, DBConnections etc. each would
  provide better perfrormance than one instances of WLS with higher number
  for these paramaters ? Has anyone done benchmarks for such a scenario???
  Environement: 2-CPU box, 1GB RAM, Solaris 6, JDK_1.2.2_05a & WLS
  5.1-SP5
  Thanks for your help/suggestions/pointers???
  Sam

  Mike,
  Originally, the 'more, smaller instances' was a work-around for poorgarbage
  collection. I believe that the later JDK's are much better at it. Wouldn'tit
  make more sense to simply fix the garbage collection?There is the GC issue, but it is mostly a non-issue now with Hotspot. IBM's
  JDKs also have much-improved GC implementations.
  It's a queuing theory thing - 1 pool of 50 db connections will be able tostand
  more load than 2 pools of 50 db connections, or 10 pools of 5 dbconnections.
  Same goes for execution threads.Au contraire ... the front queue (e.g. a hardware load balancer) may
  subscribe to that theory, but consider the bank vs. the check-out line
  example from CS 101.
  However, I don't believe that is the real issue. It's all about how many
  requests you complete per second per unit of hardware. Obviously if one
  instance works the best, then you stick with that.
  Oh, I forgot one - when you start up a cluster with many instances, yournetwork
  traffic goes wild. I think this was fixed around 4.5.1 SP 10.Are you telling me that there was a release of WL before 5.1? ;-)
  And they have 'director' in front of their names.See below.
  Peace,
  Director Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "Mike Reiche" <[email protected]> wrote in message
  news:[email protected]...
  >
  "Cameron Purdy" <[email protected]> wrote:
  Hi Mike,
  Someone needs to send this to www.urbanlegends.com.I'd like to do some testing with WL6.0/JDK1.3/Hotspot 2.0/Solaris 8 etc.,
  and in that case you might be right. On some systems, you can crank the
  execute threads way up and it won't make a difference -- the system will
  not
  get saturated.Originally, the 'more, smaller instances' was a work-around for poorgarbage
  collection. I believe that the later JDK's are much better at it. Wouldn'tit
  make more sense to simply fix the garbage collection?
  Let's see what else - you also have to cut your connection pool sizes
  in
  half.
  Most apps keep the pool size about the same as the exec thread count.It's a queuing theory thing - 1 pool of 50 db connections will be able tostand
  more load than 2 pools of 50 db connections, or 10 pools of 5 dbconnections.
  Same goes for execution threads.
  Oh, I forgot one - when you start up a cluster with many instances, yournetwork
  traffic goes wild. I think this was fixed around 4.5.1 SP 10.
  We run two instances per box here and I wish we didn't.Based on your stated feelings, is there any reason why you run two
  instances
  per box?Because there are people here that read about what what a great
  idea it was. And they have 'director' in front of their names.
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "Mike Reiche" <[email protected]> wrote in message
  news:[email protected]...
  Someone needs to send this to www.urbanlegends.com.
  Using two instances vs. one instance doubles all kinds of things -
  memory
  required, overhead,
  context switching, all class loading and JSP compiling, configuration
  and
  maintenance. And if you
  use the same jsp workingDir for both WLS the two WLS will overwrite
  each
  other's generated
  class files. (and they don't warn you about that in the doc). Let's seewhat else - you also have
  to cut your connection pool sizes in half.
  If you're not getting enough concurrency, then increase the number ofexecuteThreads.
  If you want reliability, then fix whatever is breaking. It always
  better
  to not fail than to
  recover nicely from a failure.
  We run two instances per box here and I wish we didn't.
  Mike
  "Cameron Purdy" <[email protected]> wrote:
  Sam,
  It is best to test with your particular application but ... in most
  cases,
  adding a second instance of WebLogic to a particular host will make
  more
  effective use of the processor(s) in the server. Since you are payingper
  processor, why not take full advantage of them? ;-)
  Also, using two network interfaces, you can bind one WL instance to
  one
  NIC
  and the other WL instance to the other NIC and thus not lose the site
  if
  one
  of the networks goes down. (I don't know yet how to force WL to
  assign
  the
  secondary from the other network, though.)
  The main variable that you are looking for is throughput: Can you
  handle
  more concurrent requests? This measurement is basically the number of
  typical requests per period of time that are possible before you seethe
  server queues growing. In other words, once the server queues start
  growing, that means that your cluster isn't managing to keep up, andyou
  have lost the war.
  Peace,
  Cameron Purdy
  Tangosol, Inc.
  http://www.tangosol.com
  +1.617.623.5782
  WebLogic Consulting Available
  "sam ernie" <[email protected]> wrote in message
  news:[email protected]...
  Greetings !!!
  Leaving other parametes same, would 2 instances of WLS with smaller
  values of Heap size, executeThreadCount, DBConnections etc. each
  would
  provide better perfrormance than one instances of WLS with highernumber
  for these paramaters ? Has anyone done benchmarks for such ascenario???
  Environement: 2-CPU box, 1GB RAM, Solaris 6, JDK_1.2.2_05a & WLS
  5.1-SP5
  Thanks for your help/suggestions/pointers???
  Sam

• 340 bridge traffic between two non root bridges

  I have a deployent with a 340 series bridge acting as root bridge and two 340 bridges acting as non-root remotes. The hosts hanging off the non-root bridges can communicate with the hosts hanging off the root bridge but i cannot get communication to work between hosts on the two non-root bridges. Is there some sort of split horizon type setting I need to configure on the root-bridge to allow traffic back out the radio interface.

  There isn't anything in the bridges that would block traffic between the two sites. Is this one large subnet, or are there two subnets? If there are two, how are you routing between the two?
  Can one non-root bridge ping the other non-root?

• How can i share purchased apps between 2 diff users on the same mac?

  How can I share purchased apps between 2 diff users on the same mac?

  A purchased app is associated with an Apple ID. A user with a different Apple ID cannot use the app unless they also use the same Apple ID.
  I cannot use my wife's apps nor she mine because each were purchased with different Apple IDs.

• ASA5505 - Blocking internal traffic between 2 servers

  Hi guys/ladies
  I have a cisco ASA5505, it runs a wide site to site VPN network and has 4 servers connected to it
  10.50.15.4 > fileserver
  10.50.15.5 > domain controller (exchange)
  10.50.15.6 > terminal server
  10.50.15.7 > terminal server
  Now yesterday i removed 10.50.15.6 and replaced it with a new terminal server with the same ip address, ever since the ASA is blocking traffic between it and the domain controller (example)
  2
  Oct 27 2012
  14:51:05
  106007
  10.50.15.6
  55978
  DNS
  Deny inbound UDP from 10.50.15.6/55978 to 10.50.15.5/53 due to DNS Query
  What has me baffled is the only thing different between today and yesterday is the new server is windows server 2008 and the old one was windows server 2003. The new server has the same LAN ip address as the old one to make the changeover seamless for the users.
  Any idea why all the sudden my ASA has decided to block the traffic between those machines? all the other machines can talk to it fine just not the domain controller, and seeing that this is a terminal server naturally you can see the problem i face!
  Any help you can give would be great as this router has worked flawlessly for 2 years now without any config changes and i cant work out why its blocking traffic between those 2 machines.

  Result of the command: "show cap asp | include 10.50.15.6"
    15: 10:09:21.796849 802.1Q vlan#1 P0 10.50.15.6.58810 > 10.50.15.5.389:  udp 163
    16: 10:09:22.189153 802.1Q vlan#1 P0 10.50.15.6.58810 > 10.50.15.5.389:  udp 163 Drop-reason: (acl-drop) Flow is denied by configured rule
    17: 10:09:22.596252 802.1Q vlan#1 P0 10.50.15.6.50855 > 10.50.15.5.53:  udp 86 Drop-reason: (acl-drop) Flow is denied by configured rule
    18: 10:09:23.625913 802.1Q vlan#1 P0 10.50.15.6.50855 > 10.50.15.5.53:  udp 86 Drop-reason: (acl-drop) Flow is denied by configured rule
    19: 10:09:24.625227 802.1Q vlan#1 P0 10.50.15.6.50855 > 10.50.15.5.53:  udp 86 Drop-reason: (acl-drop) Flow is denied by configured rule
    20: 10:09:26.635236 802.1Q vlan#1 P0 10.50.15.6.50855 > 10.50.15.5.53:  udp 86
    25: 10:09:30.653500 802.1Q vlan#1 P0 10.50.15.6.50855 > 10.50.15.5.53:  udp 86
    27: 10:09:34.655025 802.1Q vlan#1 P0 10.50.15.6.137 > 10.50.15.255.137:  udp 50 Drop-reason: (acl-drop) Flow is denied by configured rule
    28: 10:09:34.655071 802.1Q vlan#1 P0 10.50.15.6.138 > 10.50.15.255.138:  udp 237
    29: 10:09:34.655193 802.1Q vlan#1 P0 10.50.15.6.138 > 10.50.15.5.138:  udp 237 Drop-reason: (acl-drop) Flow is denied by configured rule
    30: 10:09:34.764700 802.1Q vlan#1 P0 10.50.15.6.49854 > 10.50.15.5.88: S 1487640872:1487640872(0) win 8192 Drop-reason: (acl-drop) Flow is denied by configured rule
    31: 10:09:34.899337 802.1Q vlan#1 P0 10.50.15.6.56407 > 10.50.15.5.53:  udp 34 Drop-reason: (acl-drop) Flow is denied by configured rule
    32: 10:09:35.901946 802.1Q vlan#1 P0 10.50.15.6.56407 > 10.50.15.5.53:  udp 34 Drop-reason: (acl-drop) Flow is denied by configured rule
    33: 10:09:36.915937 802.1Q vlan#1 P0 10.50.15.6.56407 > 10.50.15.5.53:  udp 34 Drop-reason: (acl-drop) Flow is denied by configured rule
    34: 10:09:37.773916 802.1Q vlan#1 P0 10.50.15.6.49854 > 10.50.15.5.88: S 1487640872:1487640872(0) win 8192 Drop-reason: (acl-drop) Flow is denied by configured rule
    35: 10:09:38.942715 802.1Q vlan#1 P0 10.50.15.6.56407 > 10.50.15.5.53:  udp 34 Drop-reason: (acl-drop) Flow is denied by configured rule
    37: 10:09:42.937695 802.1Q vlan#1 P0 10.50.15.6.56407 > 10.50.15.5.53:  udp 34 Drop-reason: (acl-drop) Flow is denied by configured rule
    38: 10:09:43.788579 802.1Q vlan#1 P0 10.50.15.6.49854 > 10.50.15.5.88: S 1487640872:1487640872(0) win 8192 Drop-reason: (acl-drop) Flow is denied by configured rule
    41: 10:09:55.803608 802.1Q vlan#1 P0 10.50.15.6.54962 > 10.50.15.5.53:  udp 86 Drop-reason: (acl-drop) Flow is denied by configured rule
    42: 10:09:56.814166 802.1Q vlan#1 P0 10.50.15.6.54962 > 10.50.15.5.53:  udp 86 Drop-reason: (acl-drop) Flow is denied by configured rule
    43: 10:09:57.820804 802.1Q vlan#1 P0 10.50.15.6.54962 > 10.50.15.5.53:  udp 86 Drop-reason: (acl-drop) Flow is denied by configured rule

• Traffic Between 2 Ports on Different VLANs on the Same Switch

  Hi,
  This question probably results from a flaw in my understanding of network layer 2 versus layer 3 and VLANs so any additional context in that regard would be very welcome
  If I've got 2 systems on difference VLANs that are connected to ports on the same switch (e.g. 2950), with that switch being connected via an uplink to a router or layer 3 switch and i want to pass traffic between the 2 systems (e.g. copy a file from a folder shared on one system to another), will the traffic pass directly from one port on the 2950 to the other? Or will it need to go through the uplink? I guess it will need to go through the uplink initially as layer 3 needs to be involved for inter-VLAN routing but wondering if layer 2 MAC address will ultimately be learned, allowing traffic to pass directly between the systems, not over the uplink.
  Thanks in advance,
  cisco_reader.

  If the hosts are on different Layer 2 Vlans and you want to pass data between them, that data needs to be 'Routed'.
  In order to Route data from one Layer 2 Vlan to another, you need a device capable of Layer 3 Routing. That device can be a traditional Router or can be something called a Layer 3 switch.
  A 2950 switch is Layer 2 only so has the ability to create many Layer 2 Vlans which is what you have done. In order to route traffic between those Vlans, you can either use a router or a L3 switch.
  If you decided to use a router, look up something called 'Router on a Stick' which involves creating a Trunk link from the 2950 to the Router and then setting up Subinterfaces on the Routers port to act as the 'Default Gateway' for each of your Vlans.

• WCCP on ASA & traffic between physical interfaces on ASA

  Hello,
  I am trying to get WCCP working on the ASA for WAAS implementation. Here is a simple snapshot of my config:
  Eth 0/0 : Outside (to internet)
  Eth 0/1 : Vlan1 (20.20.0.0/16) (trunk port to remote office LAN)
  Eth 0/1.211 : Vlan211 (20.21.10.0/24)
  Eth 0/1.212 : Vlan212 (20.21.20.0/24)
  Eth 0/1.220 : Vlan220 (20.22.0.0/16)
  Eth 0/2 : WAAS (20.21.30.0/24)
  I have the site to site tunnel working. I can ping the WAAS device from the other end of the tunnel but I cannot ping it from the 20.20.0.0/16 network. I have enabled traffic between interfaces on same security level as WAAS and LAN have same security.
  I get this error message:
  3 Feb 12 2007 17:54:05 305006 20.20.10.101 portmap translation creation failed for icmp src WAAS:20.21.30.230 dst LAN:20.20.10.101 (type 8, code 0)
  How can I fix this?
  My second question is regarding WCCP on ASA. Here is the WCCP part of the config I have:
  wccp 61 redirect-list WCCP_To_LAN
  wccp 62 redirect-list WCCP_To_WAN
  wccp interface outside 62 redirect in
  wccp interface LAN 61 redirect in
  access-list WCCP_To_LAN extended permit ip any 20.20.0.0 255.252.0.0
  access-list WCCP_To_WAN extended permit ip 20.20.0.0 255.252.0.0 any
  I am not seeing any packets being redirected to the WAE. I once changed the access lists to 'any any' and I saw some packets but I couldn't ping or telnet to the remote site. Could it be a loop? Is there any way to exclude traffic to avoid loop?
  Thanks
  Ankit

  common guys
  Am I doing something wrong here?
  No one replies to my posts. I had the same experience with the previous one.
  Is this not the right forum for this query???
  Ankit

• How to enable traffic between VPN clients in Windows Server 2012 R2?

  Hello, 
  I installed Remote Access role with VPN.
  IPv4 Router is enabled: http://snag.gy/UAMY2.jpg
  VPN clients should use static ip pool: http://snag.gy/REjkB.jpg
  One VPN user is configured to have static ip: http://snag.gy/TWwq0.jpg
  VPN server uses Windows Authentication and Windows Accounting.
  With this setup, VPN clients can connect to server, get ip addresses and can see server via server's vpn ip. Server can connect to VPN clients too (Using client's vpn ips). But VPN clients can't communicate with each other.
  For example, VPN server has ip 192.168.99.5
  VPN Client 1 - 192.168.99.6
  VPN Client 2 - 192.168.99.7
  I am able to ping 192.168.99.5 from both clients, and able to ping 192.168.99.6 and 192.168.99.7 from server via remote desktop. But I am not able to ping 192.168.99.7 from client 1 and 192.168.99.6 from client 2.
  If I trace route from 192.168.99.6 to 192.168.99.7 - I can see that packets goes to server (192.168.99.5) and next hop - request timeout.
  What else should I configure to allow network traffic between VPN clients?

  Hi,
  To better analyze this issue, would you please post the routing tables on the two VPN clients? You can run "route print" at the command prompt to get the routing table.
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Having issues on ASA 5510 pass traffic between interfaces

  I am trying to pass traffic between two internal interfaces but am unable to.  Been searching quite a bit and have tried several things to no avail. I feel like there is a simple solution here I am just not seeing. Here is the relevant portion of my config:
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 192.168.5.1 255.255.255.0
  interface Ethernet0/2
  nameif ct-users
  security-level 100
  ip address 10.12.0.1 255.255.0.0
  same-security-traffic permit inter-interface
  access-list inside_nat0_outbound extended permit ip any 192.168.5.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip any 10.12.0.0 255.255.0.0
  access-list inside_access_in extended permit ip any any
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  nat (ct-users) 0 access-list inside_nat0_outbound
  nat (ct-users) 1 0.0.0.0 0.0.0.0
  static (inside,ct-users) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
  static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
  access-group outside_access_in in interface outside
  access-group outside_access_ipv6_in in interface outside
  access-group inside_access_in in interface inside
  access-group inside_access_ipv6_in in interface inside
  access-group inside_access_in in interface ct-users
  access-group inside_access_ipv6_in in interface ct-users
  On both networks I am able to access the internet, just not traffic between each other.
  A packet-tracer reveals the following (it's hitting some weird rules on the way):
  cybertron# packet-tracer input inside tcp 192.168.5.2 ssh 10.12.0.2 ssh detailed
  Phase: 1
  Type: ACCESS-LIST
  Subtype:
  Result: ALLOW
  Config:
  Implicit Rule
  Additional Information:
  Forward Flow based lookup yields rule:
  in id=0xab827020, priority=1, domain=permit, deny=false
  hits=8628156090, user_data=0x0, cs_id=0x0, l3_type=0x8
  src mac=0000.0000.0000, mask=0000.0000.0000
  dst mac=0000.0000.0000, mask=0100.0000.0000
  Phase: 2
  Type: UN-NAT
  Subtype: static
  Result: ALLOW
  Config:
  static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
  match ip ct-users 10.12.0.0 255.255.0.0 inside any
  static translation to 10.12.0.0
  translate_hits = 0, untranslate_hits = 6
  Additional Information:
  NAT divert to egress interface ct-users
  Untranslate 10.12.0.0/0 to 10.12.0.0/0 using netmask 255.255.0.0
  Phase: 3
  Type: ACCESS-LIST
  Subtype: log
  Result: ALLOW
  Config:
  access-group inside_access_in in interface inside
  access-list inside_access_in extended permit ip any any
  Additional Information:
  Forward Flow based lookup yields rule:
  in id=0xad5bec88, priority=12, domain=permit, deny=false
  hits=173081, user_data=0xa8a76ac0, cs_id=0x0, flags=0x0, protocol=0
  src ip=0.0.0.0, mask=0.0.0.0, port=0
  dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
  Phase: 4
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Forward Flow based lookup yields rule:
  in id=0xab829758, priority=0, domain=inspect-ip-options, deny=true
  hits=146139764, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
  src ip=0.0.0.0, mask=0.0.0.0, port=0
  dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
  Phase: 5
  Type: NAT-EXEMPT
  Subtype: rpf-check
  Result: ALLOW
  Config:
  Additional Information:
  Forward Flow based lookup yields rule:
  in id=0xad48c860, priority=6, domain=nat-exempt-reverse, deny=false
  hits=2, user_data=0xad4b5e98, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
  src ip=192.168.5.0, mask=255.255.255.0, port=0
  dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
  Phase: 6
  Type: NAT-EXEMPT
  Subtype:
  Result: ALLOW
  Config:
  match ip inside any ct-users 10.12.0.0 255.255.0.0
  NAT exempt
  translate_hits = 2, untranslate_hits = 2
  Additional Information:
  Forward Flow based lookup yields rule:
  in id=0xad3b1f70, priority=6, domain=nat-exempt, deny=false
  hits=2, user_data=0xad62b7a8, cs_id=0x0, use_real_addr, flags=0x0, protocol=0
  src ip=0.0.0.0, mask=0.0.0.0, port=0
  dst ip=10.12.0.0, mask=255.255.0.0, port=0, dscp=0x0
  Phase: 7
  Type: NAT
  Subtype:
  Result: ALLOW
  Config:
  static (inside,ct-users) 192.168.5.0 192.168.5.0 netmask 255.255.255.0
  match ip inside 192.168.5.0 255.255.255.0 ct-users any
  static translation to 192.168.5.0
  translate_hits = 1, untranslate_hits = 15
  Additional Information:
  Forward Flow based lookup yields rule:
  in id=0xadf7a778, priority=5, domain=nat, deny=false
  hits=6, user_data=0xad80cfd0, cs_id=0x0, flags=0x0, protocol=0
  src ip=192.168.5.0, mask=255.255.255.0, port=0
  dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
  Phase: 8
  Type: NAT
  Subtype: host-limits
  Result: ALLOW
  Config:
  static (inside,outside) udp 184.73.2.1 1514 192.168.5.2 1514 netmask 255.255.255.255
  match udp inside host 192.168.5.2 eq 1514 outside any
  static translation to 184.73.2.1/1514
  translate_hits = 0, untranslate_hits = 0
  Additional Information:
  Forward Flow based lookup yields rule:
  in id=0xab8e2928, priority=5, domain=host, deny=false
  hits=9276881, user_data=0xab8e1d20, cs_id=0x0, reverse, flags=0x0, protocol=0
  src ip=192.168.5.2, mask=255.255.255.255, port=0
  dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
  Phase: 9
  Type: NAT
  Subtype: rpf-check
  Result: ALLOW
  Config:
  static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
  match ip ct-users 10.12.0.0 255.255.0.0 inside any
  static translation to 10.12.0.0
  translate_hits = 0, untranslate_hits = 6
  Additional Information:
  Forward Flow based lookup yields rule:
  out id=0xad158dc0, priority=5, domain=nat-reverse, deny=false
  hits=6, user_data=0xac0fb6b8, cs_id=0x0, flags=0x0, protocol=0
  src ip=0.0.0.0, mask=0.0.0.0, port=0
  dst ip=10.12.0.0, mask=255.255.0.0, port=0, dscp=0x0
  Phase: 10
  Type: NAT
  Subtype: host-limits
  Result: ALLOW
  Config:
  static (ct-users,inside) 10.12.0.0 10.12.0.0 netmask 255.255.0.0
  match ip ct-users 10.12.0.0 255.255.0.0 inside any
  static translation to 10.12.0.0
  translate_hits = 0, untranslate_hits = 6
  Additional Information:
  Reverse Flow based lookup yields rule:
  in id=0xada0cd38, priority=5, domain=host, deny=false
  hits=131, user_data=0xac0fb6b8, cs_id=0x0, reverse, flags=0x0, protocol=0
  src ip=10.12.0.0, mask=255.255.0.0, port=0
  dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
  Phase: 11
  Type: IP-OPTIONS
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  Reverse Flow based lookup yields rule:
  in id=0xad5c1ab0, priority=0, domain=inspect-ip-options, deny=true
  hits=130, user_data=0x0, cs_id=0x0, reverse, flags=0x0, protocol=0
  src ip=0.0.0.0, mask=0.0.0.0, port=0
  dst ip=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
  Phase: 12
  Type: FLOW-CREATION
  Subtype:
  Result: ALLOW
  Config:
  Additional Information:
  New flow created with id 189385494, packet dispatched to next module
  Module information for forward flow ...
  snp_fp_tracer_drop
  snp_fp_inspect_ip_options
  snp_fp_tcp_normalizer
  snp_fp_translate
  snp_fp_adjacency
  snp_fp_fragment
  snp_ifc_stat
  Module information for reverse flow ...
  snp_fp_tracer_drop
  snp_fp_inspect_ip_options
  snp_fp_translate
  snp_fp_tcp_normalizer
  snp_fp_adjacency
  snp_fp_fragment
  snp_ifc_stat
  Result:
  input-interface: inside
  input-status: up
  input-line-status: up
  output-interface: ct-users
  output-status: up
  output-line-status: up
  Action: allow

  how are you testing? if you are pinging between the subnets, make sure you have disabled windows firewall and/or any other firewall that is installed on the PCs (remember to re-enable it later).
  Are the NAT commands there because you were trying different things to get this working?  I suggest you use the command no nat-control instead.  Depending on the version of ASA you are running it may already be disabled by default.  In version 8.4 and later nat-control has been removed completely.
  Please remember to select a correct answer and rate helpful posts

• Splitting music between iPod, iPad and iPhone

  Hello all!
  As the owner of all three of the above devices, I wonder sometimes what is the best way to split music between them. I have my entire library on my iPod classic but wonder how I should split things between my iPad and iPhone...Any advice?

  You can sync whatever you like to each device.
  You can sync by playlist, genre, album, artist, etc.