Suggestions for Routing Failed IDOCS

We are developing an order processing system that receives an order message from a trading partner and creates and ORDERS05 IDOC. When we hand the IDOC to the SAP business system it might go right into the system as a valid order or might fail for any number of business reasons. (out of stock, contract expired, etc)
In the case that an order can not be processed, we will need to send a negative acknowledgment to the trading partner.
What's the best way to generate that negative acknowledgment?
Two ideas have been floated in our team:
(1) Write a program to poll for failed IDOC's and send a message.
(2) Can we find a way to use ALE to reroute an in failed state (say status 51) to XI where I can generate a negative acknowledgment?
Your suggestions and experiences are welcome!

That's a very good document - I've used it before.
I imported the schema for the ALEAUD message into our scenario to see if it might fit our needs. However, ALEAUD is only a "technical acknowledgment" and won't be able to tell WHY a message failed.
I need to get a copy of the bad IDOC. It has the fields that I need to construct an intelligent application-acknowledgment. (Buyer, seller, line item, product description, error message, etc)
It feels like we need some kind of workflow to route a bad idoc to another system for additional processing.

Similar Messages

Find Plant/Material for a failed iDoc

Hi,
I have some failed idocs (Type: MATERIALVALUATION_PRICECHANGE).
Could anybody please tell me where and how can i find material / plant corresponding to these.
Thanks
Nitin

Hi,
Check the IDoc segments in transaction WE02.
In the header segment E1MATERIALVALUATION_PRICECH (you need to double click on the segment in the list of the left-hand side) you have two fields:
MATERIAL     MATNR = material number
VALUATIONAREA     BWKEY = valuation area = usualy in most cases corresponding to plant
VALUATIONTYPE     BWTAR_D = valduation type
Regards,
Marcin

Retrieve mails lost for routing fail in distribution list

hi
I read mails from external provider with a pop connector and write them in exchange 2010.
(message tracking: EventID : RECEIVE   Source: SMTP)
I wrote a wrong internal distribution list, so I got no mail delivered to the list
(message tracking: EventID : FAIL   Source: ROUTING)
anyway, exchange gave me a MessageID for every lost mail.
tracking goes back 30 days ('cause or retention period?)
question is (you can imagine):
- are the mails somewhere in server ?
- as and administrator, can I retrieve them (by EMC, powershell, etc...)
Thanks
Roberto

Hi Ed
it's not in this way.
As i said in fist post, mails was "received" by exchange
in tracking tool i can see them as
EventID : RECEIVE   Source: SMTP , with the WRONG address, that caused the routing to fail.
on the SAME line in tracking tool, i anyway got a MessageID, so i imagine they are "somewhere" IN exchange...
Roberto

Suggestions for File to IDOC Scenario

Experts,
Here is the requirement A Legacy System will Produce the Customer data file and we have to transform certain data and post it to DEBMAS.
As Part of the information in the file there is a field Which could have a value Update,Amend or Delete.
My Question is How do it handle this.
Please give me your valuable thoughts.
Is it Possible to go for File2IDOC here?
Thanks
Vasu.

Hi Vasu,
If Customer data file is of type xml then file to IDOC scenario is preferable.
Else you have to convert Customer data file to xml first and then proceed for that you can use content converson feature of File Adapter.
The information for Update,Amend or Delete will be provided by customer or you have to decide it based of data in table?
if it is provided by customer then you can go for ABAP Proxy for that take help of ABAPers.
If you have to decide the Update,Amend or Delete logic.
Then fetch the data from table compare it with incoming data decide the Action and then perform the action this can also be handled in ABAP Proxy.
Reward Points if HElpful
Thanks
Sunil Singh

Hi I'm try to set up a new Epson printer SX 445 to my router/network but each time I run the set up wizard it fails to complete saying Security Key/Password Check fail. *entered security key/password does not match the one set for for router. I know th

Hi
On my macbook pro
I'm try to set up a new Epson printer SX 445 to my router/network but each time I run the set up wizard it fails to complete saying Security Key/Password Check fail.
*entered security key/password does not match the one set for for router.
I know that the password is correct and have rechecked this by changing it a few times
and I still get the same result.
My network internet service provider is not interested and says to call Epson.
Anybody have any clues how I can resolve this?
Regards

I personally suggest the new Drobo FS. Since it has an iTunes server built in and you can use any size sata hard drive in it it is better and a NAS that has to use the same size drives.

Suggestions for Cable Modem and Wireless Router

Hey everyone!
I have the new iMac and would like to have a faster wireless router. Currently using an old D-Link Wireless G router and would like something like the Time Capsule (as it has Airport Extreme in it) or Netgear Rangemax Dual Band Wirless-N Gigabit Router. My problem is, my Internet is through my cable company, so it comes into the house as a cable connection. It appears that these two combos would still require the use of a cable modem.
Any suggestions to keep the equipment down to one piece? If not, any suggestions for a cable modem so I can return this old one to the cable company?
What would be the best/quickest wireless router?
Thanks for your help!
Message was edited by: saalbunch

Go to your ISP's web site and do a search from your ISP for compatible cable modems. Then buy the capable modem your ISP says that is comp[atible. On the new cable modem find the Serial number & MAC address, make then call your ISP tech help desk and tell them the new modem you got and he/she will ask you that information. When the ISP tech says they can see/ping that new cable modem then it will work. Then connect a new cheaper Airport Extreme and any external USB2 hard drive to connect to that new Airport Extreme. I say this because Apple put out and Update a little while ago that will allow an external connected to an Extreme as a Time Machine disk.
PS: Remember the old trick of checking you Ethernet cables. I can't count how times I have seen professionals install all new high speed switches, routers, etc. and wonder why no speed is seen. Then after numerous trouble shooting they discover they used the old 10 Base T cables and just changing the cable solved their problem.
Just make sure you do this one at a time starting with getting the ISP compatible cable modems list to know what cable modem you can buy (to save that monthly ISP rental fee). Then you can get the going as long as so speak with your ISP tech to give them that new cable modem Serial number and MAC address so they can register it with their servers.
This will be to easy as long as you do things in step.
Message was edited by: satcomer

Suggestions for new router/switch

I have a wired Ethernet network in my office, and have been using a Linksys BEFSR81 router with it since installation. The following machines are connected:
MacPro early 2009 OSX.5.7
G5 2.0 dual OSX.5.7
iMac flat panel 700 mHz OSX.4.11 (2 identical machines)
HP 2300n printer
Brother multifunction printer/fax/copier
The router is dying and needs to be replaced. The whole network is hard wired but I could use a wireless router (e.g. Linksys WRT310) with a switch (I need at least 6-7 ports total. The selection of wired-only routers is very limited; what would people suggest for replacing the Linksys BEFSR81?

Check these pages out first on how to install. NOTE, to look for the"GL" version, as the G, GL, GS, GX are all on the same page.
http://www.dd-wrt.com/wiki/index.php/Installation
http://www.dd-wrt.com/wiki/index.php/Linksys_WRT54G/GL/GS/GX
http://www.dd-wrt.com/wiki/index.php/Index:FAQ
For the GL, you need to flash 2 firmwares initially in the beginning.
You first need to flash a mini generic (or micro); just go with mini, to the router first. Then after the mini is installed, flash the standard generic.
To easily find the right versions. Go to the dd-wrt homepage, and then look for the tab that says "supported hardware". Click on that and type in: WRT54GL (which is your router name, the one I recommended). The model GL model will show up, and click on it. There you will have all the firmwares that can be used with the WRT54GL.
There are a few different ones, but the ones you need to download are the "mini generic" AND "standard generic" (non-usb standard generic, if you're connecting through ethernet. Only if you use usb to connect to the internet then the usb version). Look at the file name to confirm.
Flash mini first, then standard second. And you only have to do this once.
Make sure to read through the above installation guide carefully, and just basically take your time. Some things to look out for are mainly just 2 things:
(1) Doing 30/30/30 hard-resets before AND after flashing.
(2) Use Internet Explorer to do the initial flash. DO NOT use firefox (maybe not even safari). This is only for the initial flash with the linksys firmware on. Once dd-wrt firmware is on, any browser will do. This is in the install guide, but basically any PC with IE will do fine. If you don't have access to a PC, you can even use the "old" IE for mac. That will work too.
Again just take your time, read things, and double check them. It's actually a very easy process after you've done it once.
Reply back if you need any help

Router suggestions for 10/100/1000

Anyone have a suggestion for a router that would provide 6 ports at gigabit speeds? I would like to set up 2 Express's as a roaming wireless network and have 2 desktops that would benefit by having gigabit speed and 2 network printers. If I buy a new Airport Extreme, I'm still going to need some more ports.

Thanks, Duane. That option occurred to me too. I don't yet have any devices that are "n" capable, but I always like to plan ahead, thus the desire to have everything gigabit. I guess I'm wondering if you have a favorite brand of switch. I've never been happy with my current Netgear router. For some strange reason I have never been able to use the WAP when printing to my big color laser.

Any suggestions for an all-in-one "cable modem router print server" (N)

any suggestions for an all-in-one "cable modem router print server" (N)?

If that's a problem with your cable company, change the company.
If your cable company is not able to provide you with a cable modem which gets you full performance for their service why would you bother with that company or try to make it better than them?
If you subscribe to a 100 Mbit/s service they must be able to provide you with a modem that does 100 Mbit/s and be able to demonstrate you 100 Mbit/s on your cable.
If they are unable to provide you with a modem which does 100 Mbit/s and thus cannot demonstrate that the service they have installed in fact can do 100 Mbit/s but only give you a 50 Mbit/s because that's the best they have, why bother buying yourself a better modem to find out whether or not their service does what it promises or not??
In addition, an integrated device won't get you better performance. On the contrary, consumer devices are generally single CPU (and core) devices. It's usually running some Linux or similar. If a single process gets overloaded it can drag down the performance of the whole device. For instance, let's say there is a bug in the print server software of the router. You print something and it hangs and the print server process on the router runs wild. Now the CPU is fully loaded and the routing performance will go down. If there is a bug in the routing software it will bring down the whole device and you can't even print.
You'll get the best performance if you use dedicated devices because then one device cannot overload another. Get a modem. Get a wireless ethernet router. Get a printer with integrated print server. That's far better.
It's like the all-purpose audio device compared to components...

Routing failed to locate next hop for ICMP from outside:10.60.30.111/1 to inside:10.89.30.41/0

ASA 5505 Split tunneling stopped working when upgraded from 8.3(1) to 8.4(3).
When a user was connecting to the old 8.3(1) appliance they could access all of our subnets: 10.60.0.0/16, 10.89.0.0/16, 10.33.0.0/16, 10.1.0.0/16
but now they cannot and in the logs I can just see
6          Oct 31 2012          08:17:59          110003          10.60.30.111          1          10.89.30.41          0          Routing failed to locate next hop for ICMP from outside:10.60.30.111/1 to inside:10.89.30.41/0
any hints? i have tried almost everything. the running configuration is:
: Saved
ASA Version 8.4(3)
hostname asa
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 10.60.70.1 255.255.0.0
interface Vlan2
nameif outside
security-level 0
ip address 80.90.98.217 255.255.255.248
ftp mode passive
clock timezone GMT 0
dns domain-lookup inside
dns domain-lookup outside
same-security-traffic permit intra-interface
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network NETWORK_OBJ_10.33.0.0_16
subnet 10.33.0.0 255.255.0.0
object network NETWORK_OBJ_10.60.0.0_16
subnet 10.60.0.0 255.255.0.0
object network NETWORK_OBJ_10.89.0.0_16
subnet 10.89.0.0 255.255.0.0
object network NETWORK_OBJ_10.1.0.0_16
subnet 10.1.0.0 255.255.0.0
object network tetPC
host 10.60.10.1
description test
object network NETWORK_OBJ_10.60.30.0_24
subnet 10.60.30.0 255.255.255.0
object network NETWORK_OBJ_10.60.30.64_26
subnet 10.60.30.64 255.255.255.192
object network SSH-server
host 10.60.20.6
object network SSH_public
object network ftp_public
host 80.90.98.218
object network rdp
host 10.60.10.4
object network ftp_server
host 10.60.20.2
object network ssh_public
host 80.90.98.218
object service FTP
service tcp destination eq 12
object network NETWORK_OBJ_10.60.20.3
host 10.60.20.3
object network NETWORK_OBJ_10.60.40.192_26
subnet 10.60.40.192 255.255.255.192
object network NETWORK_OBJ_10.60.10.10
host 10.60.10.10
object network NETWORK_OBJ_10.60.20.2
host 10.60.20.2
object network NETWORK_OBJ_10.60.20.21
host 10.60.20.21
object network NETWORK_OBJ_10.60.20.4
host 10.60.20.4
object network NETWORK_OBJ_10.60.20.5
host 10.60.20.5
object network NETWORK_OBJ_10.60.20.6
host 10.60.20.6
object network NETWORK_OBJ_10.60.20.7
host 10.60.20.7
object network NETWORK_OBJ_10.60.20.29
host 10.60.20.29
object service port_tomcat
service tcp source range 8080 8082
object network TBSF
subnet 172.16.252.0 255.255.255.0
object network MailServer
host 10.33.10.2
description Mail Server
object service HTTPS
service tcp source eq https
object network test
object network access_web_mail
host 10.60.50.251
object network downtown_Interface_host
host 10.60.50.1
description downtown Interface Host
object service Oracle_port
service tcp source eq sqlnet
object network NETWORK_OBJ_10.60.50.248_29
subnet 10.60.50.248 255.255.255.248
object network NETWORK_OBJ_10.60.50.1
host 10.60.50.1
object network NETWORK_OBJ_10.60.50.0_28
subnet 10.60.50.0 255.255.255.240
object network brisel
subnet 10.191.191.0 255.255.255.0
object network NETWORK_OBJ_10.191.191.0_24
subnet 10.191.191.0 255.255.255.0
object network NETWORK_OBJ_10.60.60.0_24
subnet 10.60.60.0 255.255.255.0
object-group service TCS_Service_Group
description This Group of available Services is for TCS Clients
service-object object port_tomcat
object-group service HTTPS_ACCESS tcp
port-object eq https
object-group network DM_INLINE_NETWORK_1
network-object 10.1.0.0 255.255.0.0
network-object 10.33.0.0 255.255.0.0
network-object 10.60.0.0 255.255.0.0
network-object 10.89.0.0 255.255.0.0
access-list outside_1_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.33.0.0 255.255.0.0
access-list outside_2_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.89.0.0 255.255.0.0
access-list outside_3_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.1.0.0 255.255.0.0
access-list OUTSIDE_IN extended permit icmp any any time-exceeded
access-list OUTSIDE_IN extended permit icmp any any unreachable
access-list OUTSIDE_IN extended permit icmp any any echo-reply
access-list OUTSIDE_IN extended permit icmp any any source-quench
access-list OUTSIDE_IN extended permit tcp 194.2.20.0 255.255.255.0 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit tcp host 194.25.12.0 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit icmp host 80.90.98.222 host 80.90.98.217
access-list OUTSIDE_IN extended permit tcp host 162.162.4.1 host 80.90.98.220 eq smtp
access-list OUTSIDE_IN extended permit tcp host 98.85.125.2 host 80.90.98.221 eq ssh
access-list OAKDCAcl standard permit 10.60.0.0 255.255.0.0
access-list OAKDCAcl standard permit 10.33.0.0 255.255.0.0
access-list OAKDCAcl remark backoffice
access-list OAKDCAcl standard permit 10.89.0.0 255.255.0.0
access-list OAKDCAcl remark maint
access-list OAKDCAcl standard permit 10.1.0.0 255.255.0.0
access-list osgd standard permit host 10.60.20.4
access-list osgd standard permit host 10.60.20.5
access-list osgd standard permit host 10.60.20.7
access-list testOAK_splitTunnelAcl standard permit 10.60.0.0 255.255.0.0
access-list snmp extended permit udp any eq snmptrap any
access-list snmp extended permit udp any any eq snmp
access-list downtown_splitTunnelAcl standard permit host 10.60.20.29
access-list webMailACL standard permit host 10.33.10.2
access-list HBSC standard permit host 10.60.30.107
access-list HBSC standard deny 10.33.0.0 255.255.0.0
access-list HBSC standard deny 10.89.0.0 255.255.0.0
access-list outside_4_cryptomap extended permit ip 10.60.0.0 255.255.0.0 10.191.191.0 255.255.255.0
access-list OAK-remote_splitTunnelAcl standard permit 10.1.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.33.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.60.0.0 255.255.0.0
access-list OAK-remote_splitTunnelAcl standard permit 10.89.0.0 255.255.0.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool OAKPRD_pool 10.60.30.110-10.60.30.150 mask 255.255.0.0
ip local pool mail_sddress_pool 10.60.50.251-10.60.50.255 mask 255.255.0.0
ip local pool test 10.60.50.1 mask 255.255.255.255
ip local pool ipad 10.60.30.90-10.60.30.99 mask 255.255.0.0
ip local pool TCS_pool 10.60.40.200-10.60.40.250 mask 255.255.255.0
ip local pool OSGD_POOL 10.60.50.2-10.60.50.10 mask 255.255.0.0
ip local pool OAK_pool 10.60.60.0-10.60.60.255 mask 255.255.0.0
ip verify reverse-path interface inside
ip verify reverse-path interface outside
ip audit name ThreatDetection attack action alarm
ip audit interface inside ThreatDetection
ip audit interface outside ThreatDetection
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
icmp permit any echo inside
icmp permit any echo outside
asdm history enable
arp timeout 14400
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.33.0.0_16 NETWORK_OBJ_10.33.0.0_16
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.89.0.0_16 NETWORK_OBJ_10.89.0.0_16
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.1.0.0_16 NETWORK_OBJ_10.1.0.0_16
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.30.0_24 NETWORK_OBJ_10.60.30.0_24
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.30.64_26 NETWORK_OBJ_10.60.30.64_26
nat (inside,outside) source static NETWORK_OBJ_10.60.20.29 NETWORK_OBJ_10.60.20.29 destination static NETWORK_OBJ_10.60.40.192_26 NETWORK_OBJ_10.60.40.192_26 service any port_tomcat
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.50.1 NETWORK_OBJ_10.60.50.1
nat (inside,outside) source static MailServer MailServer destination static NETWORK_OBJ_10.60.50.248_29 NETWORK_OBJ_10.60.50.248_29
nat (inside,outside) source static any any destination static NETWORK_OBJ_10.60.50.0_28 NETWORK_OBJ_10.60.50.0_28
nat (inside,outside) source static NETWORK_OBJ_10.60.0.0_16 NETWORK_OBJ_10.60.0.0_16 destination static NETWORK_OBJ_10.191.191.0_24 NETWORK_OBJ_10.191.191.0_24
nat (inside,outside) source static DM_INLINE_NETWORK_1 DM_INLINE_NETWORK_1 destination static NETWORK_OBJ_10.60.60.0_24 NETWORK_OBJ_10.60.60.0_24 no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
route outside 0.0.0.0 0.0.0.0 80.90.98.222 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
http 10.60.10.10 255.255.255.255 inside
http 10.33.30.33 255.255.255.255 inside
http 10.60.30.33 255.255.255.255 inside
snmp-server host inside 10.33.30.108 community ***** version 2c
snmp-server host inside 10.89.70.30 community *****
no snmp-server location
no snmp-server contact
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set lux_trans_set esp-aes esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 match address outside_1_cryptomap
crypto map outside_map 1 set peer 84.51.31.173
crypto map outside_map 1 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 2 match address outside_2_cryptomap
crypto map outside_map 2 set peer 98.85.125.2
crypto map outside_map 2 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 3 match address outside_3_cryptomap
crypto map outside_map 3 set peer 220.79.236.146
crypto map outside_map 3 set ikev1 transform-set ESP-3DES-SHA
crypto map outside_map 4 match address outside_4_cryptomap
crypto map outside_map 4 set pfs
crypto map outside_map 4 set peer 159.146.232.122
crypto map outside_map 4 set ikev1 transform-set lux_trans_set
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ikev1 enable outside
crypto ikev1 policy 5
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication pre-share
encryption aes-256
hash sha
group 5
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 28800
crypto ikev1 policy 50
authentication pre-share
encryption aes
hash sha
group 1
lifetime 86400
crypto ikev1 policy 70
authentication pre-share
encryption aes
hash sha
group 5
lifetime 86400
telnet 10.60.10.10 255.255.255.255 inside
telnet 10.60.10.1 255.255.255.255 inside
telnet 10.60.10.5 255.255.255.255 inside
telnet 10.60.30.33 255.255.255.255 inside
telnet 10.33.30.33 255.255.255.255 inside
telnet timeout 30
ssh 10.60.10.5 255.255.255.255 inside
ssh 10.60.10.10 255.255.255.255 inside
ssh 10.60.10.3 255.255.255.255 inside
ssh timeout 5
console timeout 0
dhcpd auto_config outside
dhcpd dns 155.2.10.20 155.2.10.50 interface inside
dhcpd auto_config outside interface inside
threat-detection basic-threat
threat-detection scanning-threat shun duration 3600
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
tftp-server inside 10.60.10.10 configs/config1
webvpn
group-policy testTG internal
group-policy testTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
group-policy DefaultRAGroup_1 internal
group-policy DefaultRAGroup_1 attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol l2tp-ipsec
group-policy TcsTG internal
group-policy TcsTG attributes
vpn-idle-timeout 20
vpn-session-timeout 120
vpn-tunnel-protocol ikev1
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelspecified
split-tunnel-network-list value testOAK_splitTunnelAcl
address-pools value TCS_pool
group-policy downtown_interfaceTG internal
group-policy downtown_interfaceTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value downtown_splitTunnelAcl
group-policy HBSCTG internal
group-policy HBSCTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value HBSC
group-policy OSGD internal
group-policy OSGD attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-session-timeout none
vpn-tunnel-protocol ikev1
group-lock value OSGD
split-tunnel-policy tunnelspecified
split-tunnel-network-list value testOAK_splitTunnelAcl
group-policy OAKDC internal
group-policy OAKDC attributes
vpn-tunnel-protocol ikev1
group-lock value OAKDC
split-tunnel-policy tunnelspecified
split-tunnel-network-list value OAKDCAcl
intercept-dhcp 255.255.0.0 disable
address-pools value OAKPRD_pool
group-policy mailTG internal
group-policy mailTG attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value webMailACL
group-policy OAK-remote internal
group-policy OAK-remote attributes
dns-server value 155.2.10.20 155.2.10.50
vpn-tunnel-protocol ikev1
split-tunnel-policy tunnelspecified
split-tunnel-network-list value OAK-remote_splitTunnelAcl
vpn-group-policy OAKDC
service-type nas-prompt
tunnel-group DefaultRAGroup general-attributes
address-pool OAKPRD_pool
address-pool ipad
default-group-policy DefaultRAGroup_1
tunnel-group DefaultRAGroup ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 84.51.31.173 type ipsec-l2l
tunnel-group 84.51.31.173 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 98.85.125.2 type ipsec-l2l
tunnel-group 98.85.125.2 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 220.79.236.146 type ipsec-l2l
tunnel-group 220.79.236.146 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OAKDC type remote-access
tunnel-group OAKDC general-attributes
address-pool OAKPRD_pool
default-group-policy OAKDC
tunnel-group OAKDC ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TcsTG type remote-access
tunnel-group TcsTG general-attributes
address-pool TCS_pool
default-group-policy TcsTG
tunnel-group TcsTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group downtown_interfaceTG type remote-access
tunnel-group downtown_interfaceTG general-attributes
address-pool test
default-group-policy downtown_interfaceTG
tunnel-group downtown_interfaceTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group TunnelGroup1 type remote-access
tunnel-group mailTG type remote-access
tunnel-group mailTG general-attributes
address-pool mail_sddress_pool
default-group-policy mailTG
tunnel-group mailTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group testTG type remote-access
tunnel-group testTG general-attributes
address-pool mail_sddress_pool
default-group-policy testTG
tunnel-group testTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OSGD type remote-access
tunnel-group OSGD general-attributes
address-pool OSGD_POOL
default-group-policy OSGD
tunnel-group OSGD ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group HBSCTG type remote-access
tunnel-group HBSCTG general-attributes
address-pool OSGD_POOL
default-group-policy HBSCTG
tunnel-group HBSCTG ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group 159.146.232.122 type ipsec-l2l
tunnel-group 159.146.232.122 ipsec-attributes
ikev1 pre-shared-key *****
tunnel-group OAK-remote type remote-access
tunnel-group OAK-remote general-attributes
address-pool OAK_pool
default-group-policy OAK-remote
tunnel-group OAK-remote ipsec-attributes
ikev1 pre-shared-key *****
policy-map global_policy
prompt hostname context
no call-home reporting anonymous
hpm topN enable
: end
asdm history enable

Dear Darko,
The problem here is the overlapp issue with the Internal network.
Since the VPN pool is:
ip local pool OAKPRD_pool 10.60.30.110-10.60.30.150 mask 255.255.0.0
And the local network is:
interface Vlan1
     nameif inside
     security-level 100
     ip address 10.60.70.1 255.255.0.0
So since you have some NAT rules telling the FW that 10.60.0.0/16 is connected to the inside, we need to change that and force it to know that 10.60.30.0/24 is actually reachable to the outside.
On the other hand, yes you could point to outside interface, but is not a good practice.
Thanks.
Portu.
In case you do not have any further questions, please mark this post as answered.

I started to have connectivity issues with a linksys router. The linksys rep suggested ...Check from Apple if they have some particular ports for the Apple TV that we might need to open on the router, anyone have any suggestions for this?

I started to have connectivity issues with a linksys router. The linksys rep suggested ...Check from Apple if they have some particular ports for the Apple TV that we might need to open on the router, anyone have any suggestions for this?

Hi RonWM,
Thanks for visiting Apple Support Communities.
This article lists the ports that are used by the Apple TV:
Apple TV: TCP and UDP ports and protocols used
http://support.apple.com/kb/HT2463
Best Regards,
Jeremy

How to route the Idoc to Two Different Locations based on the Plant Values

Hi All,
We will generate single Idoc, in that we will have 2 E1MARCM segments, one will have UK plant and another will have US plant.
Now in XI, receiver determination i need to route the idoc to corresponding folders.
How can we do this, because in x-path, we can check always for the first segment only, second segment will not come into picture.
Please suggest me

Hi,
we can check the multiline present in receiver determination and specify the condition for both US an UK receiver systems.
Or if you are sure that only two (UK and US) will come , then check the condition for Say UK and check the defualt reciver system in case of failure ,if its US it will go to the default system.
You can also try out the interface determination condition, please check if below links can help.
How to write Conditions in Interface Determination for 2 IDOCs
Single File to multiple IDoc
Reciever idoc adapter Determination error
Regards,
Srini

Single Host for netweaver/xi & Idoc settings in ale

HI,
In the case of a single system which is the R/3 system as well as the xi system...what settings are to be done from ALE to enable idoc processing...is this the same as a dual system configuration..or ?
I am pasting some of the steps suggested for the ale configuration.
Can anyone re-organize this or format this so that it applies for a single system that is the db host, Xi Host, and r/3 host.
There are several ways of doing it, all eventually leading to the same conclusion..but in the case of a non-distrubuted system, there are some differences..Can someone put some clarity here...as i have tried the steps and not all of them clearly apply in the case of a single host.
link1) https://www.sdn.sap.com/irj/sdn/wiki?path=/display/xi/sapR3%28Idocs%29ToXI--Steps+Summarized&
Link 2) /people/swaroopa.vishwanath/blog/2007/01/22/ale-configuration-for-pushing-idocs-from-sap-to-xi
3) ALE settings.==> Author( Raghavesh Reddy )
SAP XI1) RFC Destination (SM59)
a) Choose create.
b) Specify the name of the RFC destination
c) Select connection type as 3 and save
d) In the technical settings tab enter the details SAP SID/URL and system number#.
e) Enter the Gateway host as same details above SID/URL.
f) Gateway service is 3300+system number#.
g) In the Logon /Security tab, enter the client user & Password details of Destination system.
h) Test the connection and remote logon.
2) Create Port (IDX1)
a) Select create new button
b) Enter the port name as SAP+SID (The starting char should be SAP)
c) Enter the destination client.
d) Enter the RFC Destination created in SAP XI towards other system.
e) Save
3) Load Meta Data for IDOC (IDX2)
a) Create new
b) IDOC Message Type
c) Enter port created in IDX1.
SAP R/3
1) RFC Destination (SM59)
a) Choose create.
b) Specify the name of the RFC destination
c) Select connection type as 3 and save
d) In the technical settings tab enter the details SAP SID/URL and system number#.
e) Enter the Gateway host as same details above SID/URL.
f) Gateway service is 3300+system number#.
g) In the Logon /Security tab, enter the client user & Password details of Destination system.
h) Test the connection and remote logon.
2) Create Port (We21)
a) First Select Transactional RFC and then click create button
b) Enter the destination port name as SAP+SID (The starting char should be SAP)
c) Enter the destination client.
d) Enter the RFC Destination created in SAP R/3 towards other system.
e) Save
3) Create Partner Profile (WE20)
a) Create New
b) Create the Partner no. name as same the logical system name of the destination system.
c) Select Partner type LS
d) Enter details for Type: US/USER, Agent, and Lang.
e) Click on the + button to select the message type.
f) Select Partner no. and LS which ever create above.
g) Select Message type
h) Select Process code related to the Message type.
I) save.
In SLD System Landscape Directory
TS for R/3 (Logical system):-Assign the client name created in R/3 as Logical system Name.
Ts for Third Party (Logical system):-
BS for SAP R/3 (Logical system):- Assign the client name created in R/3 as Logical system Name.
BS for Third Party (Logical system):-Enter the XI logical system name.
In Transaction SALE
Define and Assign the logical system name.

If you want to configure your R/3 system to send IDocs to XI the first thing you have to do is configure the basic ALE:
Logical System
-Representation of a system R/3 will communicate with
-Every R/3 client used in ALE must have a logical system associated
-BD54 change logical systems (add), SCC4 change clients (attach logical system)
-Stored in tables TBDLS and TBDLST
Ports
-Logical representation of a communication channel
-How you refer tie together RFC destinations with partner system
-WE21 or WEDI
Partner Profile
-Ties together many pieces of the ALE puzzle
-Message types, IDoc types, process codes, partner functions, application identifiers, message function, output type, and port
-Maintain inbound and outbound parameters (partner type, port, transfer immediately or collect IDocs)
-WE20, WEDI, or SALE
-Viewed as a gateway, routes a particular message of a specific IDoc type to the given port and invoking the appropriate function modules
The next thing you have to do is configure the IDoc adapter in XI to prepare the system to accept IDoc's into the integration builder from other SAP systems.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/d19fe210-0d01-0010-4094-a6fba344e098

Branch operation and return operation for routing in alternative sequence

Hi all experts.
I would like to ask which table and field store the value of branch operation and return operation for routing in the alternative sequence. I can only find them in structure (PLFLD-VORNR1 and PLFLD-VORNR2) but I want the table field of them. Would anyone please suggest a solution? Thank you.

Hi,
look in table AFFL, here the BKNT1 and BKNT2 refer to those vornr1 and vornr2 of the operation. For example in user-exit ZXCO1U01 you will find the values (BKNT1/2) in the sequence table, and when, for example, filling the LOIPRO01-Idoc, you can use the found VORNR for the E1AFFLL-segment.
See coding for example on determining VORNR1/2 (sequence_table/operation_table as in user exit EXIT_SAPLCOBT_001):
SORT operation_table BY vornr.
LOOP AT sequence_table INTO l_sequence.
    MOVE-CORRESPONDING l_sequence TO l_affl.
* Read the operation table to determine the vornr1 and vornr2
*via the value of field BKNT1/2
    IF NOT l_sequence-bknt1 IS INITIAL.
      READ TABLE operation_table INTO l_operation
      WITH KEY aufpl = l_sequence-aufpl
               aplzl = l_sequence-bknt1.
      IF sy-subrc = 0.
        l_affl-vornr1 = l_operation-vornr.
      ENDIF.
    ENDIF.
    IF NOT l_sequence-bknt2 IS INITIAL.
      READ TABLE operation_table INTO l_operation
      WITH KEY aufpl = l_sequence-aufpl
               aplzl = l_sequence-bknt2.
      IF sy-subrc = 0.
        l_affl-vornr2 = l_operation-vornr.
      ENDIF.
    ENDIF.
Cheers,
S.

Drive setup suggestion for multiple users editing simultaneously?

At work here, a city college, not a professional company or broadcast studio, so resources are limited, we often have three people editing HDV content simultaneously in Final Cut Pro.
Keeping the content on our multiple backup servers, there's simply too much network traffic to do this smoothly.
Instead of keeping projects locally spread across multiple machines, I would like one centralized place for everything, for the Macs to access directly over gigabit or something else.
So, what kind of setup do you guys suggest for this?
The machines here are two quad-core G5s (no RAID or fiber-channel right now), and a Core2Duo iMac, F400 only.
Again, it'd need to be able to handle three HDV projects going on simultaneously without skipping due to having to seek back and forth all over the drive.
Thanks.

Yes, an XSan system would perfectly fit the bill for what you want to do, but an XSAN is not a cheap solution. When it is all said and done, it will cost you tens of thousands of dollars.
The best, cheap solution would be to use Firewire drives. I would not duplicate a project onto three drives, because you will then always be trying to figure out which version is the most current. Instead, keep all of your project, capture scratch and render files on the firewire drives. Then move the drive to whichever computer you want to do the editing on.
Properly log & capture all your footage, then archive all your project files, because Firewire hard drives will fail over time, loosing all the info on the discs. I did say this was the cheap solution. "Cheap" does have its costs…

Suggestions for Routing Failed IDOCS

Similar Messages

Maybe you are looking for