Subnet netboot problem

Similar Messages

• Netboot Problem

  Hello,
  I'm sending the following command in order to netboot across subnets to use DeployStudio.
  sudo bless --netboot --booter tftp://10.10.129.57/NetBoot/NetBootSP0/DeansTest.nbi/i386/booter --kernel tftp://10.10.129.57/NetBoot/NetBootSP0/DeansTest.nbi/i386/mach.macosx --options "rp=nfs:10.10.129.57:/private/tftpboot/NetBoot/NetBootSP0:DeansTest.nbi/DeployS tudioRuntime.sparseimage"
  It seems to be looking for a file I've never seen before:
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2513]: adding RRQ to cache: 143.xx.xxx.xxx,NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.Boot.plist
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.Boot.plis]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.Boot.pli]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.Boot.pl]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.Boot.p]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.Boot.]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.Boot]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.Boo]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.Bo]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.B]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple.]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.apple]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.appl]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.app]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.ap]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.a]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com.]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/com]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/co]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2514]: file not found, trying [/private/tftpboot/NetBoot/NetBootSP0/DeansTest.nbi/i386/c]
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2515]: adding RRQ to cache: 143.xx.xxx.xxx,NetBoot/NetBootSP0/DeansTest.nbi/i386/mach.macosx
  Sep 16 15:00:03 ut-mac-deploystudio tftpd[2517]: adding RRQ to cache: 143.xx.xxx.xxx,NetBoot/NetBootSP0/DeansTest.nbi/i386/mach.macosx
  Sep 16 15:00:06 ut-mac-deploystudio tftpd[2519]: adding RRQ to cache: 143.xx.xxx.xxx,NetBoot/NetBootSP0/DeansTest.nbi/i386/mach.macosx.mkext
  Sep 16 15:00:06 ut-mac-deploystudio tftpd[2521]: adding RRQ to cache: 143.xx.xxx.xxx,NetBoot/NetBootSP0/DeansTest.nbi/i386/mach.macosx.mkext
  Sep 16 15:02:12 ut-mac-deploystudio bootpd[2048]: service time 0.000010 seconds
  Any ideas on why I can't a good netboot and use DeployStudio?

  I was just thinking... NetBoot/NetInstall sets now use a new folder structure which is architecture-specific. This won't help you boot PowerPC systems from a Tiger client sourced from an Intel Mac as that's not Universal. That's limited only to Intel Macs which can run that particular build of Tiger.
  Only a freshly created Leopard NetInstall will work with both PowerPC and Intel systems meeting the minimum system requirements for Leopard.
  The NetBoot admin interface references which architecture the NetBoot OS is... not the OS inside the NetInstall System.dmg image. If you created your NetInstall on Leopard Server is may have built the NetBoot OS from itself - which would explain the Universal tag you can see.

• Help! Netboot Problems

  We're having problems with our Netboot setup - so we figured we'd just delete it all and start over.
  But we can't disable the share point for Netboot.
  In our /Library/Netboot/ folder are two nbi folders: "/Netboot Startup.nbi" and "/tigerboot.nbi" (The folder we created).
  If we just drag the two folders to the trash - Workgroup Manager gets annoyed and says "The sharepoint has moved please "Remove" or put it back." If we attempt to remove it says we are not logged in as the administrator for the domain, please enter your name and password for the domain 127.0.0.1 (which is not the address we are using for our network). We have tried every name and password we can think of - we've logged in as "diradmin", <Owner> (for the system), "Root"
  All network services are halted in System Admin (Netboot is off). How do we "reset" the Netboot system so we can start over?

  Thank you for replying. We started by using the Netboot function in ServerAdmin - but it never "released" the netboot sharepoint. So we started trying other things (we didn't empty the trash - just dragged folders there to see if we could force it to release) to see if we could "clear" it.
  We have a network of 15 systems that allow users to boot to a home directory on the server - DNS is a critical part of that setup - is it possible that DNS is partially okay (works with users logging in) but not set properly for netboot?
  Also netboot works across some of our systems - but is extremely slow on others. Seems to be machine dependent, changing ethernet cables and/or switches seems to make no difference to the speed of the boot.

• Cross Subnet Netboot Issues

  Hello,
  I've been working to set up a netboot and Open Directory server in school district. We have the network segmented into VLANs by campus with different subnets for each. The changes have been made to the router to allow bootp/bsdp (IPHelper address set and relay agent on) to communicate across subnets, but I am still unable to netboot/netinstall across subnets.
  Watching the logs on the server when I attempt to, it seems to be communicating partially as seen here:
  Jul 19 12:48:37 axposeidon bootpd[1822]: BSDP DISCOVER [en1] 1,0:16:cb:8e:50:a6 NetBoot035 arch=i386 sysid=MacBookPro1,1
  Jul 19 12:48:37 axposeidon bootpd[1822]: BSDP OFFER sent [1,0:16:cb:8e:50:a6] pktsize 369
  Jul 19 12:48:37 axposeidon bootpd[1822]: BSDP DISCOVER [en1] 1,0:16:cb:8e:50:a6 NetBoot035 arch=i386 sysid=MacBookPro1,1
  Jul 19 12:48:37 axposeidon bootpd[1822]: BSDP OFFER sent [1,0:16:cb:8e:50:a6] pktsize 369
  Unfortunately it fails to actually boot the machine. Im not positive what's going on but it seems like its sending a response back to the netbooting machine but the machine is not getting it and its resending?
  The OS X Server is an Intel Xserve running 10.4.10 (though we've been experiencing this issue since as far back as I've been trying with 10.4.8), the image was created in 10.4.8, and works on the local subnet (including multicast ASR). The booting machine is, as noted above, a Macbook Pro.
  As a side note, when booted into the OS, the machines can see the server in the Startup Disk preference pane.
  Any suggestions or ideas? Let me know if there's more information I can give that will help.

  In our district there are multiple public and private subnets. The public and private combination I have the server on currently just happen to be on this physical network, so they are sharing the same router.
  I think Im getting a little lost on what you're asking so I'll explain our network structure a little further. The district runs a VLANed network with a different public and private subnet for each campus (the private subnets function mostly as IP address overflow when the public subnet IP limit is exceeded). The network is predominantly PC based and implements active directory servers. The Xserve simply operates as a standalone server currently just handling some web serving tasks and a netboot server.
  The issue, regardless of the public and private subnet interfaces on the server, is that I am unable to get anything to boot from another subnet than the one the xserve is running on. If I run it on the public interface, local machines boot perfectly, but I a log like the one above if I try and boot from another campus (ie another VLAN or subnet). To test it locally I've been running it on the private subnet interface (on the same physical network segment) to boot machines on the local public subnet (which fails with the above log).
  According to Apple and other sources, all that should need to be configured is our CISCO routers need to be set to pass BOOTP information across VLANs/Subnets, which we have configured (using the IP helper-address and DHCP relay agent), but as stated, the connection is still not succeeding.
  I'm checking with our network engineer on a few specifics on how the routers are configured to make sure they are set properly for the forwarding, but he's not available at the moment.
  I applogize if this doesnt address the information you're needing, but please let me know if it does not, and I will try my best to get you the needed information.

• Subnet communication problem

  I have my netware 6sp5 server set up to nat internal ip addresses to a
  public interface in my server, all workstations are set up with static
  private ip addresses 10.1.0.xxx. Nat is enabled on the public interface
  and everyone can play happily on the internet and the server only passes
  on requests made by the workstations. However after i installed sp5 (was
  on sp4 before) and added a new dell gigabit switch (2616) I can't seem
  to ping other work stations within my network on the private subnet.
  That means that my Symantec Anti virus coroporate edtion 9.0 can no
  longer access the workstations from the central command center. Where
  would i check to make sure that it wasn't sp5 that changed some setting
  that i am missing. Has anyone experienced this kind of behavior from
  either the service pack or from adding a new switch. The switch is fully
  automated and all nics are set to auto.

  Andrew,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com in both the "free product support" and "paid product support"
  drop down boxes.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• NetBoot problem with tftpd

  Client machines are unable to NetBoot from the server. The globe flashes for about 20-30 seconds, then it boots to the internal hard drive. I believe the problem is related to tftpd. Whenever a client machine tries to NetBoot, the following line appears a few hundred times in /var/log/system.log (but with different pid numbers):
  com.apple.launchd[1] (com.apple.tftpd[7208]): Stray process with PGID equal to this dead job: PID 7209 PPID 1 tftpd
  I tried changing the tftp program arguments in /System/Library/LaunchDaemons/tftp.plist from i to s (and back again), but that didn't help.
  I have a backup of my NetBoot files on an external drive. I hooked that drive up to another server and NetBoot works fine from that machine, so I know the boot images are OK.
  Running 10.5.4 Server. Farily fresh install... about 3 weeks old. All other services work OK.

  *Hi Tod*
  +*. . . I have a backup of my NetBoot files on an external drive. I hooked that drive up to another server and NetBoot works fine from that machine . . .*+
  This can only count as a true test if the other machine is exactly the same. Same build, same OS etc. If it is exactly the same then there has to be a configuration setting somewhere that is different? Especially as you say everything else works OK.
  If the DHCP Service is with the 10.5.4 Server what happens if you disconnect everyone from the network except for the Server and one client? Can the client successfully NetBoot now? I would also check the Filters Settings in case something silly has introduced itself. You have to work really hard to make NetBoot work with anything other than a Class C sub-net so I would eliminate that as a potential problem. How were the images made? For example you should be using 10.4 SIU to create 10.4 images.
  Tony

• Netboot problems

  I have a classroom of first generation iMac G5. They boot from the local drive, and I have an Xserve setup with netboot for easy installation. One of the computers now refuse to netboot. It acts like it never finds the netboot server, and then revs the fans to max. I tried netbooting some of the other computers, and they all worked fine. I moved the broken one to a position where it is working, in case it was a network problem, but to no avail. When I boot the current image, will have a network connection, so it doesn't seem like a network problem. I tried resetting the PRAM, it made no difference. Any ideas on what can be wrong with it?
  Thanks

  How many of each do you have, try turning on and then off again the mac address filter, sometimes that prevents booting, if they cant get an ip then the dhcp is banning them, check your dhcpd_leases file, see what clients are listed, you could try and manually edit this and add the mac addresses of the clients that wont boot, if they cant get an ip then its nothing to do with your netboot image, or netboot, if they cant get passed the globe icon then they cant find a dhcp server or cant get an ip from said server.
  go to open firmware and type
  bootp_en0
  or something like that, best do a search for the network boot command from open firmware,
  you can then se eif it gets an error, if it gets to tfftp.
  Ive been netbooting since the very first version in OS X Server 1, its improved but some bits still crash
  If some boot and others not then maybe a dhcpd_leases file, or the mac address filter list, by turning that filter on and off can resolve this, and you can manually edit the dhcpd_leases file, even though it likes to rewrite itself.

• NetBoot Client fails to do Diskless booting

  Morning,
  I have a setup a NetBoot server with one NetBoot image created using System Image Utility. The image is default and Diskless has been enabled.
  NetBoot Server does not do DHCP, that is left to another server.
  Because Mac clients exist on different subnets, NetBoot Across Subnets is used to help a client Mac boot from the NetBoot server.
  Everything is working as advertised, except for Diskless. The Mac client's fail to use NetBootClients0. All client's end up using the local Hard Drive for /private/var/netboot.
  The logs at NetBoot server are set to high but do not show an error with shadowmountpath.
  The only error seen at time of client connection is...
  Feb 24 10:56:59 hypatia bootpd[329]: server name hypatia.mydomain.com.au
  Feb 24 10:56:59 hypatia bootpd[329]: subnets init using domain . failed:
  Feb 24 10:56:59 hypatia bootpd[329]: bsdpd: re-reading configuration
  Feb 24 10:56:59 hypatia bootpd[329]: bsdpd: shadow file size will be set to 48 megabytes
  I am guessing here, but the only thing I can think of is that the NetBoot server may have specified it's afp shadowmountpath using the domain name instead of an IP address. Assuming DCHP (which specifies a DNS) hasn't loaded yet then the path cannot be found and the client boots based on the /etc/rc.netboot startup script.
  Can anyone tell me how I can inspect the shadowmountpath response given by the NetBoot server?

  Well, couldn't do much with NetBoot image being diskless so I stuck with a NetInstall image which forces the issue.

• How do I configure a VPN Site and Subnets in Lync when clients have /32 Addresses?

  Hello,
  I've found a few people asking this question out in the "interwebs" but no one seems to quite answer their question (Those poor souls).
  In most occasions that I've seen, my customers have configured their VPN networks with a /24 (255.255.255.0) ip address.  However, when those clients connect to the VPN they are actually getting a /32 (255.255.255.255) address. 
  This seems to pose an issue for Lync reporting when it comes to configuring a VPN site and VPN subnets.
  (NOTE:You might ask why these customers are not going about best practice and using split-tunneling?  In this case, they absolutely CANNOT institute split-tunneling so all traffic MUST flow through the VPN tunnel.)
  For example sake, here is how I would imagine to setup a VPN site with subnets in Lync Network Configuration:
  VPN (Site)
      -172.16.33.0  /24 (Subnet)
      -172.16.34.0  /24 (Subnet)
      -172.16.35.0  /24 (Subnet)
  The problem is that when I run a Location Report in Lync to look at call data to/from the VPN site, it's not there. Reason being, the VPN client was given a /32 address which doesn't match up to the /24 I configured in Lync. 
  So, in my mind my options are:
  Create a /32 subnet for each single address corresponding to a VPN client and attach them to the VPN site (What a mess).
  Change the subnet mask for the 3 subnets I've defined to /32 instead of /24 and see what happens even though putting an IP address of 172.16.33.0 /32 doesn't make much sense.
  Remove the subnets and site from Lync because CAC and Bandwidth control are actually useless over VPN.
  Any thoughts on this?
  John K. Boslooper | Lync Technical Specialist | Project Leadership Associates
  Phone: 312.448.2269 | www.projectleadership.net

  Jin,
  /32 addresses are a valid subnet mask, however that means that a host with a IP Address of 192.168.23.4 and a subnet mask of 255.255.255.255 (/32) is the ONLY host on that subnet.
  The VPN configuration is correct.  The /32 mask is common with a Juniper VPN  (which is what they are using) and the DHCP server that is handing out the addresses is the Juniper VPN appliance. 
  They have already started working out a plan to use a different internal DHCP relay which should hand out the addresses correctly. 
  There has to be someone else out there with this issue or that can point out that i'm overlooking one key principal with VPN subnets.
  Anyone? 
  John K. Boslooper | Lync Technical Specialist | Project Leadership Associates Phone: 312.448.2269 | www.projectleadership.net

• NAC Problem

  Hi !!!
  My implementation is VG-OOB-L2
  I have this:
  VLAN Auth = 136, don´t have any subnet associate
  VLAN Access = 140, subnet is 10.0.140.0/24
  Another VLANs when user role works = 128,144 asnd the subnet´s (10.0.128.0/24 and 10.0.144.0/24)
  When I connect my pc, my port change to vlan 136, I receive the login of NAC Agent, I successfully login but my VLAN not changed to VLAN 128, and my ip address not chaged too. The snmp configuration is ok because in the first step when I connect into the port the vlan is changed.
  My doubt about my config is:
  In interface eth1(untrusted) CAS I have the VLAN 136
  In interface eth0 (trusted) CAS I have the VLAN 140, my doubt, I need put the VLAN 128 and the 144?
  In managed subnet I have only the 10.0.140.0/24 subnet wich correspond to vlan 140, I need put the 128 and 144 subnets?
  VLAN Mapping is 136-140.
  Why is not working?
  Tks.

  Faisal,
  I solved the first problem, it was a dumb misconfiguration. What is happening now is that I have more than one user role, but only one auth VLAN. In the user role I have 3 VLANs with 3 different subnets, the problem is: when a client authenticates it dosn't renew the its IP address, it continues to use the same IP that it got when it was in the auth VLAN. I need the client do change its address to the correct subnet associate with the VLAN.
  We're using a OOB VGW L2 setup, in the access switch I can see that the port's VLAN is changed from the auth vlan to the user role VLAN, but the client keeps the same IP address from the auth VLAN.
  Regards,

• NetBoot Setup

  I'm having a setup issue. The first time I set up a Mac Mini server it worked perfectly for a couple of weeks.
  I'm trying to set up the server on a local switch that is not connected to any other computers or networks. I would like the macmini server to be the netboot server so that I can push images plugged into the local switch. I understand that the server also needs to be its own DHCP server. When I do not have a subnet set up NetBoot reports that DHCP is functioning. When I create a subnet, NetBoot reports that DHCP is not functioning.
  The only services I have activated are DHCP, NetBoot, and NFS.
  Can someone give me setup instructions to get this setup working?

  I'm having a setup issue. The first time I set up a Mac Mini server it worked perfectly for a couple of weeks.
  I'm trying to set up the server on a local switch that is not connected to any other computers or networks. I would like the macmini server to be the netboot server so that I can push images plugged into the local switch. I understand that the server also needs to be its own DHCP server. When I do not have a subnet set up NetBoot reports that DHCP is functioning. When I create a subnet, NetBoot reports that DHCP is not functioning.
  The only services I have activated are DHCP, NetBoot, and NFS.
  Can someone give me setup instructions to get this setup working?

• MS NLB with ASA and Static NAT from PUP to NLB IP

  Hi all,
  I am trying to get MS NLB up and running.  It is almost all working.  Below is my physical setup.
  ASA 5510 > Cat 3750X >2x ESXi 5.1 Hosts > vSwitch > Windows 2012 NLB Guest VMs.
  I have two VMs runing on two different ESXi hosts.  They have two vNICs.  One for managment and one for inside puplic subnet.  The inside puplic subnet NICs are in the NLB cluster.  The inside public subnet is NATed on the ASA to a outide public IP.
  192.168.0.50 is the 1st VM
  192.168.0.51 is the 2nd VM
  192.168.0.52 is the cluster IP for heartbeat
  192.168.0.53 is the cluster IP for NLB traffic.
  0100.5e7f.0035 is the cluster MAC.
  The NLB cluster is using MULTICAST
  I have read the doumentation for both the ASA and CAT switch for adding a static ARP using the NLB IP and NLB MAC. 
  For the ASA I found
  http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/mode_fw.html#wp1226249
  ASDM
  Configuration > Device Management > Advanced > ARP > ARP Static Table
  I was able to add my stic ARP just fine.
  However, the next step was to enable ARP inspection.
  Configuration > Device Management > Advanced > ARP > ARP Inspection
  My ASDM does not list ARP Inspection, only has the ARP Static Table area. Not sure about this.
  For the CAT Switch I found
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
  I added the both the ARP and Static MAC.  For the static MAC I used the VLAN ID of the inside public subnet and the interfaces connected to both ESXi hosts.
  On the ASA I added a static NAT for my outside Public IP to my inside pupblic NLB IP and vise versa.  I then added a DNS entry for our domain to point to the outside public IP.  I also added it to the public servers section allowing all IP traffic testing puproses.
  At any rate the MS NLB is working ok. I can ping both the Public IP and the Inside NLB IP just fine from the outside. (I can ping the inside NLB IP becuase I'm on a VPN with access to my inside subnets)  The problem is when I go to access a webpade from my NLB servers using the DNS or the Public IP I get a "This Page Can't Be Displyed" messgae.  Now while on the VPN if I use the same URL but insied use the NLB IP and not the Public IP it works fine. 
  So I think there is soemthing wrong with the NATing of the Public to NLB IP even tho I can ping it fine.  Below is my ASA Config. I have bolded the parts of Interest.
  Result of the command: "show run"
  : Saved
  ASA Version 8.4(4)9
  hostname MP-ASA-1
  enable password ac3wyUYtitklff6l encrypted
  passwd ac3wyUYtitklff6l encrypted
  names
  dns-guard
  interface Ethernet0/0
  nameif outside
  security-level 0
  ip address 198.XX.XX.82 255.255.255.240
  interface Ethernet0/1
  description Root Inside Interface No Vlan
  speed 1000
  duplex full
  nameif Port-1-GI-Inside-Native
  security-level 100
  ip address 10.1.1.1 255.255.255.0
  interface Ethernet0/1.2
  description Managment LAN 1 for Inside Networks
  vlan 2
  nameif MGMT-1
  security-level 100
  ip address 192.168.180.1 255.255.255.0
  interface Ethernet0/1.3
  description Managment LAN 2 for Inside Networks
  vlan 3
  nameif MGMT-2
  security-level 100
  ip address 192.168.181.1 255.255.255.0
  interface Ethernet0/1.100
  description Development Pubilc Network 1
  vlan 100
  nameif DEV-PUB-1
  security-level 50
  ip address 192.168.0.1 255.255.255.0
  interface Ethernet0/1.101
  description Development Pubilc Network 2
  vlan 101
  nameif DEV-PUB-2
  security-level 50
  ip address 192.168.2.1 255.255.255.0
  interface Ethernet0/1.102
  description Suncor Pubilc Network 1
  vlan 102
  nameif SUNCOR-PUB-1
  security-level 49
  ip address 192.168.3.1 255.255.255.0
  interface Ethernet0/1.103
  description Suncor Pubilc Network 2
  vlan 103
  nameif SUNCOR-PUB-2
  security-level 49
  ip address 192.168.4.1 255.255.255.0
  interface Ethernet0/2
  shutdown
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3
  shutdown
  no nameif
  no security-level
  no ip address
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  boot system disk0:/asa844-9-k8.bin
  ftp mode passive
  clock timezone PST -8
  clock summer-time PDT recurring
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network Inside-Native-Network-PNAT
  subnet 10.1.1.0 255.255.255.0
  description Root Inisde Native Interface Network with PNAT
  object network ASA-Outside-IP
  host 198.XX.XX.82
  description The primary IP of the ASA
  object network Inside-Native-Network
  subnet 10.1.1.0 255.255.255.0
  description Root Inisde Native Interface Network
  object network VPN-POOL-PNAT
  subnet 192.168.100.0 255.255.255.0
  description VPN Pool NAT for Inside
  object network DEV-PUP-1-Network
  subnet 192.168.0.0 255.255.255.0
  description DEV-PUP-1 Network
  object network DEV-PUP-2-Network
  subnet 192.168.2.0 255.255.255.0
  description DEV-PUP-2 Network
  object network MGMT-1-Network
  subnet 192.168.180.0 255.255.255.0
  description MGMT-1 Network
  object network MGMT-2-Network
  subnet 192.168.181.0 255.255.255.0
  description MGMT-2 Network
  object network SUNCOR-PUP-1-Network
  subnet 192.168.3.0 255.255.255.0
  description SUNCOR-PUP-1 Network
  object network SUNCOR-PUP-2-Network
  subnet 192.168.4.0 255.255.255.0
  description SUNCOR-PUP-2 Network
  object network DEV-PUB-1-Network-PNAT
  subnet 192.168.0.0 255.255.255.0
  description DEV-PUB-1-Network with PNAT
  object network DEV-PUB-2-Network-PNAT
  subnet 192.168.2.0 255.255.255.0
  description DEV-PUB-2-Network with PNAT
  object network MGMT-1-Network-PNAT
  subnet 192.168.180.0 255.255.255.0
  description MGMT-1-Network with PNAT
  object network MGMT-2-Network-PNAT
  subnet 192.168.181.0 255.255.255.0
  description MGMT-2-Network with PNAT
  object network SUNCOR-PUB-1-Network-PNAT
  subnet 192.168.3.0 255.255.255.0
  description SUNCOR-PUB-1-Network with PNAT
  object network SUNCOR-PUB-2-Network-PNAT
  subnet 192.168.4.0 255.255.255.0
  description SUNCOR-PUB-2-Network with PNAT
  object network DEV-APP-1-PUB
  host 198.XX.XX.XX
  description DEV-APP-2 Public Server IP
  object network DEV-APP-2-SNAT
  host 192.168.2.120
  description DEV-APP-2 Server with SNAT
  object network DEV-APP-2-PUB
  host 198.XX.XX.XX
  description DEV-APP-2 Public Server IP
  object network DEV-SQL-1
  host 192.168.0.110
  description DEV-SQL-1 Inside Server IP
  object network DEV-SQL-2
  host 192.168.2.110
  description DEV-SQL-2 Inside Server IP
  object network SUCNOR-APP-1-PUB
  host 198.XX.XX.XX
  description SUNCOR-APP-1 Public Server IP
  object network SUNCOR-APP-2-SNAT
  host 192.168.4.120
  description SUNCOR-APP-2 Server with SNAT
  object network SUNCOR-APP-2-PUB
  host 198.XX.XX.XX
  description DEV-APP-2 Public Server IP
  object network SUNCOR-SQL-1
  host 192.168.3.110
  description SUNCOR-SQL-1 Inside Server IP
  object network SUNCOR-SQL-2
  host 192.168.4.110
  description SUNCOR-SQL-2 Inside Server IP
  object network DEV-APP-1-SNAT
  host 192.168.0.120
  description DEV-APP-1 Network with SNAT
  object network SUNCOR-APP-1-SNAT
  host 192.168.3.120
  description SUNCOR-APP-1 Network with SNAT
  object network PDX-LAN
  subnet 192.168.1.0 255.255.255.0
  description PDX-LAN for S2S VPN
  object network PDX-Sonicwall
  host XX.XX.XX.XX
  object network LOGI-NLB--SNAT
  host 192.168.0.53
  description Logi NLB with SNAT
  object network LOGI-PUP-IP
  host 198.XX.XX.87
  description Public IP of LOGI server for NLB
  object network LOGI-NLB-IP
  host 192.168.0.53
  description LOGI NLB IP
  object network LOGI-PUP-SNAT-NLB
  host 198.XX.XX.87
  description LOGI Pup with SNAT to NLB
  object-group network vpn-inside
  description All inside accessible networks
  object-group network VPN-Inside-Networks
  description All Inside Nets for Remote VPN Access
  network-object object Inside-Native-Network
  network-object object DEV-PUP-1-Network
  network-object object DEV-PUP-2-Network
  network-object object MGMT-1-Network
  network-object object MGMT-2-Network
  network-object object SUNCOR-PUP-1-Network
  network-object object SUNCOR-PUP-2-Network
  access-list acl-vpnclinet extended permit ip object-group VPN-Inside-Networks any
  access-list outside_access_out remark Block ping to out networks
  access-list outside_access_out extended deny icmp any any inactive
  access-list outside_access_out remark Allow all traffic from inside to outside networks
  access-list outside_access_out extended permit ip any any
  access-list outside_access extended permit ip any object LOGI-NLB--SNAT
  access-list outside_access extended permit ip any object SUNCOR-APP-2-SNAT
  access-list outside_access extended permit ip any object SUNCOR-APP-1-SNAT
  access-list outside_access extended permit ip any object DEV-APP-2-SNAT
  access-list outside_access extended permit ip any object DEV-APP-1-SNAT
  access-list outside_cryptomap extended permit ip object-group VPN-Inside-Networks object PDX-LAN
  pager lines 24
  logging asdm informational
  mtu outside 1500
  mtu Port-1-GI-Inside-Native 1500
  mtu MGMT-1 1500
  mtu MGMT-2 1500
  mtu DEV-PUB-1 1500
  mtu DEV-PUB-2 1500
  mtu SUNCOR-PUB-1 1500
  mtu SUNCOR-PUB-2 1500
  mtu management 1500
  ip local pool Remote-VPN-Pool 192.168.100.1-192.168.100.20 mask 255.255.255.0
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  icmp permit any outside
  icmp permit any Port-1-GI-Inside-Native
  icmp permit any MGMT-1
  icmp permit any MGMT-2
  icmp permit any DEV-PUB-1
  icmp permit any DEV-PUB-2
  icmp permit any SUNCOR-PUB-1
  icmp permit any SUNCOR-PUB-2
  asdm image disk0:/asdm-649-103.bin
  no asdm history enable
  arp DEV-PUB-1 192.168.0.53 0100.5e7f.0035 alias
  arp timeout 14400
  no arp permit-nonconnected
  nat (Port-1-GI-Inside-Native,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (DEV-PUB-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (DEV-PUB-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (MGMT-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (MGMT-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (SUNCOR-PUB-1,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (SUNCOR-PUB-2,outside) source static any any destination static VPN-POOL-PNAT VPN-POOL-PNAT
  nat (DEV-PUB-1,outside) source static DEV-PUP-1-Network DEV-PUP-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (DEV-PUB-2,outside) source static DEV-PUP-2-Network DEV-PUP-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (MGMT-1,outside) source static MGMT-1-Network MGMT-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (MGMT-2,outside) source static MGMT-2-Network MGMT-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (Port-1-GI-Inside-Native,outside) source static Inside-Native-Network Inside-Native-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (SUNCOR-PUB-1,outside) source static SUNCOR-PUP-1-Network SUNCOR-PUP-1-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  nat (SUNCOR-PUB-2,outside) source static SUNCOR-PUP-2-Network SUNCOR-PUP-2-Network destination static PDX-LAN PDX-LAN no-proxy-arp route-lookup
  object network Inside-Native-Network-PNAT
  nat (Port-1-GI-Inside-Native,outside) dynamic interface
  object network VPN-POOL-PNAT
  nat (Port-1-GI-Inside-Native,outside) dynamic interface
  object network DEV-PUB-1-Network-PNAT
  nat (DEV-PUB-1,outside) dynamic interface
  object network DEV-PUB-2-Network-PNAT
  nat (DEV-PUB-2,outside) dynamic interface
  object network MGMT-1-Network-PNAT
  nat (MGMT-1,outside) dynamic interface
  object network MGMT-2-Network-PNAT
  nat (MGMT-2,outside) dynamic interface
  object network SUNCOR-PUB-1-Network-PNAT
  nat (SUNCOR-PUB-1,outside) dynamic interface
  object network SUNCOR-PUB-2-Network-PNAT
  nat (SUNCOR-PUB-2,outside) dynamic interface
  object network DEV-APP-2-SNAT
  nat (DEV-PUB-2,outside) static DEV-APP-2-PUB
  object network SUNCOR-APP-2-SNAT
  nat (SUNCOR-PUB-2,outside) static SUNCOR-APP-2-PUB
  object network DEV-APP-1-SNAT
  nat (DEV-PUB-1,outside) static DEV-APP-1-PUB
  object network SUNCOR-APP-1-SNAT
  nat (SUNCOR-PUB-1,outside) static SUCNOR-APP-1-PUB
  object network LOGI-NLB--SNAT
  nat (DEV-PUB-1,outside) static LOGI-PUP-IP
  object network LOGI-PUP-SNAT-NLB
  nat (outside,DEV-PUB-1) static LOGI-NLB-IP
  access-group outside_access in interface outside
  access-group outside_access_out out interface outside
  route outside 0.0.0.0 0.0.0.0 198.145.120.81 1
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 192.168.1.0 255.255.255.0 outside
  http 10.1.1.0 255.255.255.0 Port-1-GI-Inside-Native
  http 192.168.180.0 255.255.255.0 MGMT-1
  http 192.168.100.0 255.255.255.0 Port-1-GI-Inside-Native
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
    inspect icmp error
  service-policy global_policy global
  prompt hostname context
  call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:d6f9f8e2113dc03cede9f2454dba029b
  : end
  Any help would be great! I think the issue is in teh NAT as I am able to access NLB IP from the outside and could not do that before adding the Static ARP stuff. 
  Thanks,
  Chris

  Also If I change to NAT from the public IP to the NLB IP to use either one of the phsyical IPs of the NLB cluster (192.168.0.50 or 51) it works fine when using the public IP.  So it's definatly an issue when NATing the VIP of NLB cluster.
  Chris

• WLC 5508 Management Interface Connection

  I'm setting up a new 5508.  I've used the config from a 4402, have successfully connected to the Service port to manage the device, but for some reason cannot connect to the Management interface.  In this case, port 1.
  The service port is connected to a Catalyst switch and grabbed an ip address (10.2.x.x subnet) no problem.  I can access the 5508 via https using the SP.  However, port 1 is connected to the same Catalyst switch, but on a different vlan (subnet 10.20.x.x).  Both ends show that the interfaces are up, I can ping the interface from any other host on the network, but when I try to manage the device via https I cannot connect.  We are using WCS and I cannot add the device from the WCS.  About all I can do is ping that interface.
  I've probably overlooked something very basic, but I'm baffled.

  Thanks for the reply.
  No, definitely not that.  I have all of those enabled.  I have the SP connected to another vlan on the same switch and can manage through that port(https, telnet).  I've tried about every combination of trunk port, access port, etc.  I'm beginning to suspect the GBICs (10baseT), but both ends show that I am connected at 1000 and I can ping the ip address of the management interface.

• Assigning new VIP interface

  Hello,
  We are building a clusterware implementation to protect a oracle SINGLE instance DB (using the well known pdf
  guide) and a 3rd party application (i'll call it APP). We want to assign 2 virtual IPs, one for the DB and one for
  the APP. The fact is that we want to split the traffic to 2 ethernet cards by assigning IP to boths of them. The problem is that I cannot assign VIPs to the second network card. Some facts:
  Oracle 10g2
  oifcfg -getif:
  eth0 192.168.0.0 global public
  eth1 192.168.0.0 global public
  eth2 192.168.3.0 global cluster_interconnect
  crs_stat -t -v (truncated)
  rg1 application ONLINE esm1
  rg1.lsn application ONLINE esm1
  rg1.vip application ONLINE esm1 << Bound on eth0 WORKS
  rg1.db application ONLINE esm1
  arcVIP applcation OFFLINE esm2 << Bound on eth1 problem
  command used to create APP VIP:
  crs_profile -create arcVIP -t application -a $CRS_HOME/usrvip -o oi=eth1,ov=192.168.0.10,on=255.255.255.0
  crs_register arcVIP
  crs_setperm arcVIP -o root
  crs_setperm arcVIP -u user:oracle:r-x
  crs_start arcVIP
  trying to start bring the following vip log on both nodes:
  Interface eth1 checked failed (host=esm1)
  Invalid parameters, or failed to bring up VIP
  I also cannot run vipca (various java library error-no time to debug a program too)
  Is it possible to give a hint of what is going on? Is it possible that the same subnets pose problem?
  Regards,
  Jim
  Edit:
  the main IP address of the interface is pingable by the way

  Currently the only VIP assigned to the hosts is the application VIP for the oracle
  instance (created according to the pdf "protecting a single instance DB with Clusterware")
  It is assigned on eth0/192.168.0.0/255.255.255.0
  The second interface is eth1/192.168.0.0/255.255.255.0
  I was told that the overlapping subnets do not pose a problem.
  I have removed the default VIPs assigned to each host during the clusterware installation because
  i am solely interested in application vips failed over to the surviving node.
  I used crs_unregister ora.racnode[x].vip
  crsd.log shows nothing except the failure to bring up the VIP
  /var/log/messages shows nothing.
  The vip was crs_setperm to owner root and read execute to oracle user.
  Thanks for your time.

• Bridged Wireless Blocks TCP Port 9100?

  On one of my networked computers, HP "Solutions Center" driver says HP 6310xi networked printer is connected, shows detail status & will print the HP diagnostic report direct to printer. Windows 7 shows printer on network map, & gives detailed status & setup info from printer internal data via IE through printer's IP address page (192.168.1.100); i.e. I can ping it. However, Win 7 printer control panel shows printer as "offline" on printers list & just ques up print requests. Troubleshooting gives error message "turn power on printer". Other networked PCs print OK. Bad computer is on a separate subnet of my home network, with a LinkSys wireless bridge WET610n connection, & printer is on another wireless LinkSys WET610n subnet. My network is totally LinkSys N, with a WRT 610n as main hub. All other network functions work for all other devices on the network, including DirecTV DVR receivers & Wii console!! I have moved the printer to the other subnet, & the problem is now mirrored by the computer on the remote subnet. It is not a firewall problem, but appears that the variables are the 2 wireless bridges that seem to conspire to block TCP port 9100 when in series. A single WET610n between the printer & a computer allows printing, proven by my roaming wireless laptop having access through the WET610n via the central wireless router. Very stange!! CTH

  If I understand correctly, you have a Linksys WRT610N as your main wireless-router with two satellite Linksys WET610N configured as Ethernet bridges -- right?
  You also have this setup:
  Win7 PC -> WET610N -> WRT610N -> WET610N -> Officejet 6310
  If I got this right, then the issue is probably the transit delay between the Win7 PC and the Officejet confusing HP's Solution Center.
  I think you have two options:
  1) Connect the Win7 PC directly to the WRT610N or connect the Officejet 6310 directly to the WRT610
  2) Manually install the printer.
  Let's try a manual installation:
  1. Click >> Start >> Control panel >> Printers.
  3. Click the Add a printer
  3. Select Local printer
  4. Select Create a new port and select Standard TCP/IP Port and click Next button.
  5. Under Device type, select TCP/IP Device. Under Hostname or IP address, enter the printer's host name (found on the printer's network configuration report the generated above). Click Next.
  If you get a message about Additional Port Information Required, then the printer was not found using the host name. You can go back and retry or using the printer's IP address instead of the host name.
  6. Select Hewlett-Packard from the list of manufacturers and select and select your printer model. Click Next.
  If your printer model was not listed, then select Have Disk, browse the HP CD that came with your printer and select the first file that starts with hp and ends with inf. Click Open then OK. Select your printer model. Click Next.
  7. If you are asked, use the currently installed driver.
  8. It will ask for the Printer name -- enter a new name or use the existing one. This will be the name of the printer that you select from other applications.
  9. You may be asked to share the printer. Make a choice and click Next.
  10. The Print Test Page box appears. Go ahead and print it.
  11. Click Finish.
  That should be it.
  Regards / Jim B / Wireless Enthusiasts
  ( While I'm an embedded wireless systems engineer at work, on this forum I do not represent my former employer, Hewlett-Packard, or my current employer, Microsoft )
  + Click the White Kudos star on the left as a way to say "thank you" for helpful posts.