Standard traffic flow in a network

HI
when we work in a network then we face a problem overflow of trafic/packet .
so If normal 100 user in a network work then how packet flow in a second ?.
Like example normal condition in a router
processor 30% and when it ups 50% or avobe then wrong something.
so anyone advice me standerd flow of packet in a network ?.
Thanks
Biplob

Other things to keep in mind are things that drive the processor utilization up, like access lists, and things that (may) unnecessarily use the bandwidth, like routing updates.
Depending on the topology / layout of your network, you may be better off using static routes.
Also check to see that only the features you are using are enabled on the router ... every additional process adds some load to the processor.
Other sources may be excessive broadcasts. Have you checked the hosts for worms and viruses?
Similar problem; Are any of your hosts allowed to use applications like BitTorrent or other streaming services? Many of those applications will bring up a server process and (server or not) eat a large chunk of the bandwidth.
Post some of your interface stats and a typical router config. Some description or diagrams of the network would also be helpful.
Good Luck
Scott

Similar Messages

Trying to understand traffic Flow in a LWAPP wireless configuration.

I'm trying to understand at a high level how wireless traffic flow in the new LWAPP configuration. Based on what I can tell all wireless traffic must flow through the controllers prior to getting onto the LAN.
So lets say I have a LWAPP Access Point off an access switch in a remote closet and my controller is off my core switches. I want to communicate from my wireless PC to a wired PC on this same access switch. The traffic flows from the AP down to the core switch, through the Controller and back up to the access switch to the wired PC.
Is that correct?
If this is true my main concern is supporting APs from a central controller across a low speed WAN. Looks like I would not want to do that...

You're right in your assumption. Data traffic travels from the client to the AP. The AP then encapsulates this data using LWAPP and forwards it to the Controller. The WLC then de-encapsulates (?) it, processes the traffic as necessary and then drops it onto the wired LAN.
So, in your scenario, the wireless client would send data to the AP. This would be encapsulated between the AP and the controller and then sent back again unencapsulated to the wired client.
Regarding using this system over a low speed WAN, there are two ways of doing this.
The first is to use a local WLC at the remote site (e.g. a WLC2006 or the new WLC network module for 2800/3800 ISR routers).
The second is to use AP1030s which are 'Remote Edge Access Points'. These aren't quite as lightweight as the rest of the 1000 Series in that they will bridge local traffic and only encapsulate traffic heading 'off site'. They will also continue to operate if connection back to the WLC is lost (the first WLAN configured on the WLC remains up on the REAP whilst connection to the WLC is lost).
I believe that the recommendation for these is a minimum of 2Mbps WAN connection.

ASA 5505, how to configure DMZ to Inside traffic flows

Dear.
We have a Cisco ASA 5505 with an outside, inside and DMZ interface.
We really need all these interfaces.
The DMZ interface has been configured to block any traffic to the inside (restrict traffic flow). This restriction can’t be disable, an error occurred when doing this.
I will allow only one single port has access from DMZ to the inside, is that possible? And how?
Thanks for the feedback.
Regards.
Peter.

What i mean with "can't be disabled": when you navigate to Configuration/interfaces and select the DMZ interface / advanced, you can block traffic. By default Inside has been selected in the drop-down box. However, you can't leave it blank, you need to specify at least one. I can't create another, extra interfaces because the license is 3 max.
So, my question is: can I create a rule somewhere to overwrite this setting for only one specific port? And how?
Result of the command: "show version"
Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(5)
Compiled on Fri 20-May-11 16:00 by builders
System image file is "disk0:/asa825-k8.bin"
Config file at boot was "startup-config"
router up 100 days 1 hour
Hardware:   ASA5505, 512 MB RAM, CPU Geode 500 MHz
Internal ATA Compact Flash, 128MB
BIOS Flash Firmware Hub @ 0xffe00000, 1024KB
Encryption hardware device : Cisco ASA-5505 on-board accelerator (revision 0x0)
                             Boot microcode   : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode: CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode : CNlite-MC-IPSECm-MAIN-2.05
0: Int: Internal-Data0/0    : address is a44c.11bb.5492, irq 11
1: Ext: Ethernet0/0         : address is a44c.11bb.548a, irq 255
2: Ext: Ethernet0/1         : address is a44c.11bb.548b, irq 255
3: Ext: Ethernet0/2         : address is a44c.11bb.548c, irq 255
4: Ext: Ethernet0/3         : address is a44c.11bb.548d, irq 255
5: Ext: Ethernet0/4         : address is a44c.11bb.548e, irq 255
6: Ext: Ethernet0/5         : address is a44c.11bb.548f, irq 255
7: Ext: Ethernet0/6         : address is a44c.11bb.5490, irq 255
8: Ext: Ethernet0/7         : address is a44c.11bb.5491, irq 255
9: Int: Internal-Data0/1    : address is 0000.0003.0002, irq 255
10: Int: Not used            : irq 255
11: Int: Not used            : irq 255
Licensed features for this platform:
Maximum Physical Interfaces    : 8
VLANs                          : 3, DMZ Restricted
Inside Hosts                   : 50
Failover                       : Disabled
VPN-DES                        : Enabled
VPN-3DES-AES                   : Enabled
SSL VPN Peers                  : 2
Total VPN Peers                : 10
Dual ISPs                      : Disabled
VLAN Trunk Ports               : 0
Shared License                 : Disabled
AnyConnect for Mobile          : Disabled
AnyConnect for Cisco VPN Phone : Disabled
AnyConnect Essentials          : Disabled
Advanced Endpoint Assessment   : Disabled
UC Phone Proxy Sessions        : 2
Total UC Proxy Sessions        : 2
Botnet Traffic Filter          : Disabled
This platform has a Base license.
Serial Number: xxxxxxxxxxxxxx
Running Activation Key: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Configuration register is 0x1
Configuration last modified by enable_15 at 14:43:11.295 CEDT Mon Sep 9 2013

Standard Work Flow in PP and QM

Hi Gurus,
What are the standard Work Flow in PP & QM ?
Thanks in advance,
Shree

Hi
Follow the Path to find it your self.
SPRO>Quality Management>Envrionment>Central Functions>Activate Workflow
You get a pop-up screen, Click on "Activate SAP Business Workflow"
you get a screen "Task Customizing Overview"
For each module you have a workflows
click on Assign Agents you will find the number of Tasks for each activities or functions
Like Under Production Orders you will have "inform MRP Controller about trigger pt"
etc like wise you have to use these Tasks provided by SAP to your build or combine as per customers requiremnts with proper agent assignments
Regards
Rehman
Reward Your Points If Useful

Excise document number in standard document flow

Dear Friends,
Is it possible to capture the excise invoice no. in the standard document flow so that at any point of time , either from the sales order or the delivery document or the billing document, the excise invoice can be seen in the flow?
Although the excise document flow can be seen in either J1IIN or J2IF, my customer wants to have the same in standard flow. Please suggest whether any ABAP development needs to be done for the same or it can be achieved through functional customization only.
Regards
Raja

Hi Raja
This functionality is not available in standard SAP as far as I know.
Also there is no append available for VBFA table.
U can check with SAP OSS if they can guide on it.
Regards
Mandar

Dual wan failover config: failback does not always work as expected for existing LAN traffic flows

I have an 881 router configured with 2 dhcp WAN connections. I am trying to configure failure detection of the primary connection (I do not really care about the secondary at this time).
I have an ip sla/track configured to monitor the primary WAN connection, and if it stops passing traffic it removes that route, passing all traffic out the second WAN connection. When the first connection is restored it should restore the route and everything should pass through the first connection again. This works for all my tests except one. If I start a ping stream from a client "ping 8.8.8.8 -t" and disconnect the primary connection it will lose a few packets but then use the secondary connection in about 15 seconds. After restoring the primary connection all new traffic will use the primary connection, but the ping stream will then stop working (fails over, but not back). If I stop the ping stream for a time (not sure how long is required, but my test was over a minute) it will then use the primary connection like all other new traffic. A stop of a few seconds is not enough, and even opening up a second command prompt to ping the same target also does not work (pinging new targets works as desired). It is as if something is caching the route/session/whatever and it has to have a window of no traffic before expiring/relearning the route. This means any sustained traffic to the original target will not work until it is stopped for a certain time to let "something" age out.
I need to know if there is a way to "flush the cache" (or whatever) during fail-back to force the primary route to be used after fail-back, or something else that will have the same effect. My suspicion is that the second route gets "preferred" because the first is removed by the sla, and when the sla returns the route to the list the existing traffic flow is not aware of the route list change, using the last known good route (which now does not pass traffic). The Issue here is that it takes a length of time for the now bad route to get flushed, which is greater than I want to have.
config (edited):
interface FastEthernet3
description Backup ISP
switchport access vlan 800
no ip address
interface FastEthernet4
description Primary ISP
ip dhcp client route track 100
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto ipsec client ezvpn EZVPN-to-1941
interface Vlan800
description Backup ISP
ip address dhcp
ip nat outside
ip virtual-reassembly in
track 100 list boolean or
object 101
object 102
track 101 ip sla 10 reachability
track 102 ip sla 20 reachability
ip sla 10
icmp-echo 4.2.2.2 source-interface FastEthernet4
threshold 1000
timeout 1500
frequency 5
ip sla schedule 10 life forever start-time now
ip sla 20
icmp-echo 208.67.222.222 source-interface FastEthernet4
threshold 1000
timeout 1500
frequency 5
ip sla schedule 20 life forever start-time now
ip route 4.2.2.2 255.255.255.255 FastEthernet4 permanent
ip route 10.1.2.0 255.255.255.0 <1941 wan ip removed>
ip route <1941 wan ip removed> 255.255.255.255 FastEthernet4 permanent
ip route 208.67.222.222 255.255.255.255 FastEthernet4 permanent
ip route 0.0.0.0 0.0.0.0 Vlan800 dhcp 254
ip route 0.0.0.0 0.0.0.0 FastEthernet4 dhcp
Observation: the last 2 routes appear in the order shown above. Even though the vlan800 route has a higher administrative cost it is in front of the FA4 route, could this be contributing to the issue? Is there a way to ensure the FA4 route is always listed before vlan800 at all times?

I have an 881 router configured with 2 dhcp WAN connections. I am trying to configure failure detection of the primary connection (I do not really care about the secondary at this time).
I have an ip sla/track configured to monitor the primary WAN connection, and if it stops passing traffic it removes that route, passing all traffic out the second WAN connection. When the first connection is restored it should restore the route and everything should pass through the first connection again. This works for all my tests except one. If I start a ping stream from a client "ping 8.8.8.8 -t" and disconnect the primary connection it will lose a few packets but then use the secondary connection in about 15 seconds. After restoring the primary connection all new traffic will use the primary connection, but the ping stream will then stop working (fails over, but not back). If I stop the ping stream for a time (not sure how long is required, but my test was over a minute) it will then use the primary connection like all other new traffic. A stop of a few seconds is not enough, and even opening up a second command prompt to ping the same target also does not work (pinging new targets works as desired). It is as if something is caching the route/session/whatever and it has to have a window of no traffic before expiring/relearning the route. This means any sustained traffic to the original target will not work until it is stopped for a certain time to let "something" age out.
I need to know if there is a way to "flush the cache" (or whatever) during fail-back to force the primary route to be used after fail-back, or something else that will have the same effect. My suspicion is that the second route gets "preferred" because the first is removed by the sla, and when the sla returns the route to the list the existing traffic flow is not aware of the route list change, using the last known good route (which now does not pass traffic). The Issue here is that it takes a length of time for the now bad route to get flushed, which is greater than I want to have.
config (edited):
interface FastEthernet3
description Backup ISP
switchport access vlan 800
no ip address
interface FastEthernet4
description Primary ISP
ip dhcp client route track 100
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
crypto ipsec client ezvpn EZVPN-to-1941
interface Vlan800
description Backup ISP
ip address dhcp
ip nat outside
ip virtual-reassembly in
track 100 list boolean or
object 101
object 102
track 101 ip sla 10 reachability
track 102 ip sla 20 reachability
ip sla 10
icmp-echo 4.2.2.2 source-interface FastEthernet4
threshold 1000
timeout 1500
frequency 5
ip sla schedule 10 life forever start-time now
ip sla 20
icmp-echo 208.67.222.222 source-interface FastEthernet4
threshold 1000
timeout 1500
frequency 5
ip sla schedule 20 life forever start-time now
ip route 4.2.2.2 255.255.255.255 FastEthernet4 permanent
ip route 10.1.2.0 255.255.255.0 <1941 wan ip removed>
ip route <1941 wan ip removed> 255.255.255.255 FastEthernet4 permanent
ip route 208.67.222.222 255.255.255.255 FastEthernet4 permanent
ip route 0.0.0.0 0.0.0.0 Vlan800 dhcp 254
ip route 0.0.0.0 0.0.0.0 FastEthernet4 dhcp
Observation: the last 2 routes appear in the order shown above. Even though the vlan800 route has a higher administrative cost it is in front of the FA4 route, could this be contributing to the issue? Is there a way to ensure the FA4 route is always listed before vlan800 at all times?

Standard Work flow for Leave approval in HR module

Hi ,
My query is there any standard work flow available in HR module for Leave approval and Over time approval. We have negative time management and with out ESS and MSS.
Pl suggest if any one has used this earlier with out ESS or EP
Regards
Punit

I can think of the following but not without enhancement for the workflow part.
- Since you are not using ESS, you (leave admin) may create the absence record directly in IT2001 (in LOCK mode).
- In the user exit of 2001 you may trigger your Workflow process (i.e. call the function module to trigger WF here) depending on the LCCK status. You have to explore if standard WF can be used to your requirement.
- Upon approval, you can UNLOCK the absence.
- In the event that UNLOCK is unsuccessful, trigger WF to your Leave Admin for him to update via PA30.
Standard SAP Workflow
- Only 1 level approval
- Using Chief Position
IF your workflow requirement deviates, then you have to also customize workflow, does not matter whether you are using ESS or not.
Finally test and retest to make sure all possible events are covered.
OT is the same, except that you need to use 2007 vs 2002
Edited by: sapuser909 on Nov 18, 2009 12:07 PM

IT0022 Education- Is there a Standard work flow for ESS??

Hello All,
is there a standard work flow in SAP where in an employee updates his education details in ESS and a work flow is triggered either to Adminstrator / Manager to approve the same? if aint...how to make this possible, anyworkarounds?
if yes, in what versions is it available/where?
Any help wld be rewarded with Points.
thanks
hrbuddy
**where can i look for standard ESS & MSS related workflows**
Message was edited by:
Hr Buddy

There "IS" a central place where workflows can be accessed in SAP...which i eventually foundout...it is thru Tcode SWDM - Business Workflow Explorer
There we need to check for component that we are looking workflows for....
for example :
EP-PCT-MGR-HR - Business Package for Manager Self-Service (HR)
PA-ES - Employee Self-Service
PT-EV -Time Evaluation
And ofcourse Bus.Pack Documentation is always useful.

Activating Standard Work Flow

Hi All,
How can I Activate the standard workflow?How to trigger the standard work flow when ever a button is clicked on the protal page suppose "SAVE" Button.
Thanks In Advance, Any links and documents are encouraged
Regards
Pavan

Hi Samson
Thanks but
Just make sure that you make the status of
the standard event as 'Inactive'
How the above operation is possible making a event of workflow inactive. For you to give an idea the same BOR consists both the events but i don't want to trigger the workflow for the event which SAP has defined instead i want to trigger the workflow for the same BOR but other event how can i acheive this.
Thanks In Advance
Regards
Pavan

Standard Work Flow

Hi,
Can any1 tell me about the standard work flows (not work flow module) available in SAP. We want Purchase Requisition & PO release should be through email. (not SAP Inbox).
Thanks,
Rashid.

hi rashid,
BC - Workflow Scenarios in Applications (BC-BMT-WFM)
Purpose
With SAP Business Workflow, SAP AG provides an efficient cross-application tool enabling integrated electronic management of business processes. SAP Business Workflow is a solution which has been integrated fully in the R/3 System and which enables customer-specific business process flows to be coordinated and controlled on a cross-application and cross-work center basis. SAP Business Workflow therefore enhances "ready-made" application software. The SAP Business Workflow definition environment can represent business processes simply and can respond to changing external conditions quickly, even in a live system, by adapting the existing business processes.
Workflow Scenarios
Many SAP applications use SAP Business Workflow enabling preconfigured workflow scenarios to be reused in various situations. The scenarios can either be implemented without any changes or configured for your business processes by making minor adjustments. These workflow scenarios reduce implementation time significantly and have been optimally configured for the respective application functions.
Many workflow scenarios are integrated in IDES (International Demonstration and Education System). It is possible to simulate the business processes of a model company in this fully-configured system.
Features
The workflow scenarios can be divided into three categories:
Creating events
Events are created to report status changes for an application object and to allow a reaction to the changes.
Document 4711/98 posted
Material XYZ created
These events can be used as triggering events for your own tasks or workflows. The events are therefore "connected" in a flexible and customer-specific way to application events, without having to modify the standard part of the application.
In some cases, the triggering of these events is not activated in the standard version, but depends on the Customizing settings. You can find further information in the application scenario documentation.
Providing SAP tasks
A task contains a task description and the connection to the application logic via the method for a business object. Before you can use a task productively, you must assign the tasks to its possible agents.
The tasks provided by SAP are generally used as steps in SAP workflows, but you can use them for your own developments as well.
Release change request
Change purchase order
If a workflow scenario only involves one task, the scenario can usually be regarded as a minimal solution for showing the connection between application functionality and SAP Business Workflow. For differentiated control, this SAP task should be replaced by a customer-specific task.
You can find further information in the application scenario documentation.
Providing SAP workflows
A workflow contains a complete workflow definition covering several steps. An SAP workflow has a complete workflow definition, but must still be adapted to the organizational environment of the customer.
Release a purchase requisition
Recruitment
In cases in which SAP workflows describe business processes which also occur in your company, or in cases in which changes should not be made to the SAP workflow for technical reasons, the SAP workflows supplied can be used without any changes or adapted using workflow configuration.
In all other cases, the SAP workflows can be used as templates for your own developments. The existing process structures of the business application components, which are often represented within a transaction, are generally not replaced. SAP Business Workflow is seen as an integration level "above" the standard business functions and uses the existing transactions, function modules, and reports.
see the below links for entire info on workflow.
help.sap.com/printdocu/core/Print46c/en/data/pdf/BCBMTWFMDEMO/BCBMTWFMDEMO.pdf
http://help.sap.com/saphelp_46c/helpdata/en/04/926f8546f311d189470000e829fbbd/frameset.htm
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/103b1a61-294f-2a10-6491-9827479d0bf1
https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/60559952-ff62-2910-49a5-b4fb8e94f167
http://www.sapmaterial.com/
thanks
sekhar
'reward me points if usefull

Standard Work Flow for Goods Receipt

Hi All,
I am working on Work flow is there any standard work flow for Goods Receipt?
If so please help me in this regard.
I found a BO BUS2017. Is this right one?
Thanks.
Ranganadh.

hi,
Refer to the link.
Automatic mail sending for goods receipt
Regards
Sumit Agarwal

Oracle Standard Process Flows

Hi All,
Can you please tell me where can i get all the Oracle standard Process flows. Either step by Step Excel sheet or Powerpoint presentations?
I have searched in google but unable to find it. It will be great if you can rout me to correct place OR if any one of you having the document can you please forward it to my email address?
Please let me know i can share my email address.
Thanks in advance

Hi
If you are a member of OAUG you might want to search for archived presentations.
There were process flows presentations on the Project Management / Project Portfolio tracks during the last three annual conferences.
Dina

Traffic flowing through Fw

Hi Everyone,
We have SVI vlan on layer 3 core switch A.
this switch has connection to ASA and also to another B Layer 3 switch.
B Layer 3 switch connects to Layer 2 switch which has this vlan.
Need to undertsand traffic flow from user PC to Switch A.
Switch B has default route which is static to fw for subnet of vlan.
Now traffic goes from layer 2 switch to core Switch B then it has static route for that vlan which is ASA as next hop.
now traffic comes to ASA from there it goes to core Switch B which has SVI Vlan in it.
Also Core Switch A and B has trunk connection which carries that vlan.
Need to know if return traffic from core Switch A comes via ASA or by Switch B?
How can i check this?
Thanks
MAhesh

Hello Mahesh,
Not sure if I undertsood the topology but anyway the way to test this would be creating captures on the interface where you think the ASA should receive the traffic, if you do not see the packets there well that would lead us to the returning traffic going to Switch B.

ACE - Inter-context traffic flow.

Experts ,
Could you please guide me for a traffic-flow mentioned below ?
Connection flow:
client IP 192.168.240.220 == VLAN721=[VIP 10.106.108.137] ===VLAN 537[Server 10.106.24.133]<=={User context test1}
[Server 10.106.24.133]=== VLAN 739==[VIP 10.106.112.59] =====VLAN343 [Server 10.106.3.8] <= {User Context test2}
There are two context test1 & test2 on the same ACE box resides in a CAT6k .. Just curious to know how to redirect the server (10.106.24.133) context test1 to VIP (10.106.112.59) context test 2 which are not in a shared vlan ..
context test 1
rserver redirect OASIS-SSO-STG2_OOS_REDIRECT
webhost-redirection https://eportal-stg.publix.com/content/Associate/OutagePag
inservice
rserver host SITMA21
ip address 10.106.24.133
probe PING
inservice
rserver host SITMA22
ip address 10.106.24.138
probe PING
inservice
serverfarm host L17SVWOASIS03_FARM
description oasis-sso-stg2 server farm
failaction purge
probe TCP-80
rserver SITMA21 80
 inservice
rserver SITMA22 80
serverfarm redirect OASIS-SSO-STG2_OOS_REDIRECT_FARM
rserver OASIS-SSO-STG2_OOS_REDIRECT
 inservice
sticky ip-netmask 255.255.255.255 address both L17SVWOASIS03_STICKY
serverfarm L17SVWOASIS03_FARM backup OASIS-SSO-STG2_OOS_REDIRECT_FARM
timeout 10
replicate sticky
Need to know , when the redirection will takes place here .... i feel that only if the serverfarm (L17SVWOASIS03_FARM ) goes down , then the redirect server comes into picture as per the configs attached..
If that is the case then
rserver redirect OASIS-SSO-STG2_OOS_REDIRECT
webhost-redirection https://eportal-stg.publix.com/content/Associate/OutagePag
inservice
The highligted URL should be the VIP of the context test2 i.e 10.106.112.59 is it right ? in this the case how send this request to the VIP , since both are in different vlan ? is it should be done with PBR (policy based routing) via CAT6k ? could anyone please share the configs?
Or this can done with a default route to the VIP on the contexts?

Configs
=====
CSS - Context 1
============
probe tcp qaahmapp1-ssl-475_PROBE
port 475
interval 5
passdetect interval 5
connection term forced
rserver host HS_PROD.sanovia_447-ssl-a
ip address 10.99.0.13
inservice
rserver host HS_PROD.sanovia_447-ssl-b
ip address 10.99.0.14
inservice
serverfarm host sanovia.qaahm.ssl
probe qaahmapp1-ssl-475_PROBE
rserver HS_PROD.sanovia_447-ssl-a 475
 conn-limit max 4000000 min 4000000
 inservice
rserver HS_PROD.sanovia_447-ssl-b 475
 conn-limit max 4000000 min 4000000
 inservice
parameter-map type http cisco_avs_parametermap
case-insensitive
persistence-rebalance
parsing non-strict
action-list type optimization http cisco_avs_bandwidth_and_latency
delta
flashforward
action-list type optimization http cisco_avs_img_latency
flashforward-object
action-list type optimization http cisco_avs_obj_latency
flashforward-object
class-map type http loadbalance match-all cisco_avs_bandwidth_and_latency
2 match http url .*
class-map type http loadbalance match-any cisco_avs_img_latency
2 match http url .*jpg
3 match http url .*jpeg
4 match http url .*jpe
5 match http url .*png
class-map type http loadbalance match-any cisco_avs_obj_latency
2 match http url .*gif
3 match http url .*css
4 match http url .*js
5 match http url .*class
6 match http url .*jar
7 match http url .*cab
8 match http url .*txt
9 match http url .*ps
10 match http url .*vbs
11 match http url .*xsl
12 match http url .*xml
13 match http url .*pdf
14 match http url .*swf
class-map match-all sanovia.qaahm.ssl_CLASS
2 match virtual-address 10.99.1.76 tcp eq https
policy-map type loadbalance first-match sanovia.qaahm.ssl_CLASS-l7slb
class class-default
 serverfarm sanovia.qaahm.ssl
 insert-http x-forward header-value "%is"
policy-map type optimization http first-match sanovia.qaahm.ssl_CLASS-l7opt
class cisco_avs_obj_latency
 action cisco_avs_obj_latency
class cisco_avs_img_latency
 action cisco_avs_img_latency
class cisco_avs_bandwidth_and_latency
 action cisco_avs_bandwidth_and_latency
policy-map multi-match POLICY
class sanovia.qaahm.ssl_CLASS
 loadbalance vip inservice
 loadbalance policy sanovia.qaahm.ssl_CLASS-l7slb
 optimize http policy sanovia.qaahm.ssl_CLASS-l7opt
 loadbalance vip icmp-reply active
 nat dynamic 2 vlan 20
 appl-parameter http advanced-options cisco_avs_parametermap
interface vlan 20
ip address 10.99.1.240 255.255.255.0
alias 10.99.1.241 255.255.255.0
nat-pool 1 10.99.1.221 10.99.1.221 netmask 255.255.255.255 pat
nat-pool 2 10.99.1.220 10.99.1.220 netmask 255.255.255.255 pat
no shutdown
ip route 0.0.0.0 0.0.0.0 10.99.1.1
========================================================================================
SCA - Context 2
============
crypto chaingroup GoDaddy
cert cisco-sample-cert
probe tcp AHM_QA-PROBE
port 8080
interval 5
passdetect interval 5
connection term forced
rserver host AHM_QA
ip address 10.99.1.76
conn-limit max 4000000 min 4000000
inservice
serverfarm host AHM_QA
rserver AHM_QA 8080
 conn-limit max 4000000 min 4000000
 probe AHM_QA-PROBE
 inservice
parameter-map type ssl sanovia-ssl-parms
description This is where you tweak your SSL parms, cert, etc.
cipher RSA_WITH_RC4_128_MD5 priority 4
cipher RSA_WITH_RC4_128_SHA priority 5
cipher RSA_WITH_DES_CBC_SHA priority 3
cipher RSA_WITH_3DES_EDE_CBC_SHA priority 6
cipher RSA_WITH_AES_128_CBC_SHA priority 7
cipher RSA_WITH_AES_256_CBC_SHA priority 8
ssl-proxy service sanovia-ssl-proxy
key cisco-sample-key
cert cisco-sample-cert
chaingroup GoDaddy
ssl advanced-options sanovia-ssl-parms
class-map match-any AHM_QA-CLASS
2 match virtual-address 10.99.0.13 tcp eq 475
3 match virtual-address 10.99.0.14 tcp eq 475
policy-map type loadbalance first-match AHM_QA-CLASS-l7slb
class class-default
 serverfarm AHM_QA
policy-map multi-match POLICY
class AHM_QA-CLASS
 loadbalance vip inservice
 loadbalance policy AHM_QA-CLASS-l7slb
 loadbalance vip icmp-reply active
 nat dynamic 1 vlan 10
 ssl-proxy server sanovia-ssl-proxy
interface vlan 10
ip address 10.99.0.17 255.255.255.0
peer ip address 10.99.0.11 255.255.255.0
nat-pool 1 10.99.0.13 10.99.0.13 netmask 255.255.255.255 pat
service-policy input POLICY
no shutdown
ip route 0.0.0.0 0.0.0.0 10.99.0.1
========================================================================================
CSS - Context 1 ( another VIP)
=======================
rserver host qaahmapp1-8080
ip address 10.99.1.217
conn-limit max 4000000 min 4000000
inservice
serverfarm host sanovia.qaahm.postssl
rserver qaahmapp1-8080 8080
 conn-limit max 4000000 min 4000000
 inservice
parameter-map type http HTTP_PARAMETER_MAP
persistence-rebalance
sticky http-cookie ACE_Cookie qanovia.qaahm.postssl-STICKY
cookie insert
serverfarm sanovia.qaahm.postssl
timeout 45
replicate sticky
class-map match-all sanovia.qaahm.postssl_CLASS
2 match virtual-address 10.99.1.76 tcp eq 8080
policy-map type loadbalance first-match sanovia.qaahm.postssl_CLASS-l7slb
class class-default
 sticky-serverfarm qanovia.qaahm.postssl-STICKY
policy-map multi-match POLICY
class sanovia.qaahm.postssl_CLASS
 loadbalance vip inservice
 loadbalance policy sanovia.qaahm.postssl_CLASS-l7slb
 loadbalance vip icmp-reply active
 nat dynamic 2 vlan 20
 appl-parameter http advanced-options HTTP_PARAMETER_MAP
interface vlan 20
ip address 10.99.1.240 255.255.255.0
alias 10.99.1.241 255.255.255.0
nat-pool 1 10.99.1.221 10.99.1.221 netmask 255.255.255.255 pat
nat-pool 2 10.99.1.220 10.99.1.220 netmask 255.255.255.255 pat
no shutdown
=============================================================================
I have configured two vlans in CAT6k i.e vlan 10 & vlan 20 with the following ip's as mentioned in the route of ACE
10.99.0.1 & 10.99.1.1
Also configured only the final rserver 10.99.1.217 under vlan 20 .... this made all the vip and rserver up .. but still couldnt get the required page... there is small confusion in the first context as the vip is shown as https , but i dont see any cert and key in the customer config , so i made it as http for my test... but the second context vip is https , where i have added the certs n key as requied....
Let me know if i am missing anything here.... Many thanks in advance...
thanks
Martin

Cisco asa traffic flow

Hi,
Can somebody give the packet/traffic flow paths from a higher security interface to lower & viceversa..
For eg: session > acl > xlate > etc...
Are these checking different in both of the above scenarios ?

Hi Felipe,
But i do see find difference while reading the below URL.
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a0080ba9d00.shtml
I would like to know how is the traffic flow from outside to inside and inside to outside.
Hope you go it...
regards
rajesh

Standard traffic flow in a network

Similar Messages

Maybe you are looking for