SUNMC ALARMS THRESHOLDS MEANING
Hi friend,
I am able to see thresholds like below..
Will any one kindly explain this ?
What does they mean actually ?
Unknown, Lost commands and No contact status values ---- Critical Threshold for FANSTATUS
Regards
Srinivas Masetty
Does anyone have a list of SunMCs default thresholds,
or know how I can find them without drilling down
into each module?If you don't mind looking at some strangely formatted text files, the standard thresholds can be found in /opt/SUNWsymon/modules/cfg/*-d.def files.
In the Console, if a module is loaded, you don't have to open an Attribute Editor for every value... instead you can go to the "Module Manager" tab, click the module, then the "Rules" button, and see all thresholds set (including any you set yourself).
That will show most of the defaults. But for some alarms (especially hardware alarms) their thresholds are more complex (and/or hidden) in "rules". I can't get to docs.sun.com right now to give you a link, but a search of the SunMC docs will list the names of the rules and what they do. The Health Monitor module uses many rules and is a good place to start your search.
Is there a single doc listing all attribues and thresholds? Not that I've ever seen. But someone may prove me wrong! :)
Regards,
[email protected]
http://www.HalcyonInc.com
Similar Messages
-
Hi.
Does anyone know if it is possible to alter the threshold in the Alarm Set in Cisco Prime Collab? I added one of our MCUs to CPM and set up an Alarm set below.
I then dialled many endpoints into the MCU to see if I would get an alarm from CPM telling me that the port utilisation were high but I got nothing... I am getting emails telling me a Zone is down on one of our VCS's & emails to tell me an endpoint has de-registered so I know the emails are set up correctly.
So my questions are;
Can I alter the High Utilisation setting to trigger an alarm at say 50% then again at 75%?
Has anyone successfully managed to get CPM to send any alarms in regards to the MCU?
The version of CPM I am using is: Cisco Prime Collaboration Version: 9.5
The MCU I am testing is a Codian MCU 4505You can change the thresholds by editing the /etc/opt/SUNWsrsvp/alarm_rules file.
-
SunMC Performance Reports - Newbie
Good morning,
I've installed v3.6.1 and v4 just to poke around, but I haven't purchased any of the agents or add-ons (but we're about to), and one of my primary questions is about performance reporting. Does SunMC provide graphs and/or reports that can be easily generated, or e-mailed on a regular basis or something? Is there an add-on piece that provides that?
Thanks!
- DTYes, Sun MC does include the Performance Reporting Manager (PRM) addon which enables you to graph and report on various monitored metrics including hardware and software inventory reports. i.e. What hardware you currently have in your datacenter, what systems have a particular patch.
However, the PRM addon does not provide support for email the graphs on a regular basis. For this you would need Halcyon's Enterprise Reporter:
http://www.halcyoninc.com/products/EReporter
This product offering is bundled with Halcyon's WebPortal product which is a web interface into Sun MC that provides many easy to use features such as group operations (loading modules on 100 systems with a single click, alarm threshold tuning, etc.)
Halcyon is also offering live 1-on-1 demos of Sun MC and their solutions and would be able to show you the various features of Sun MC including PRM. To sign up and setup an appointment:
http://www.halcyoninc.com/company/request-demo.php
For a comparison of PRM vs Halcyon's Reporter visit:
http://forums.halcyoninc.com/showthread.php?t=40
There are many other postings with screenshots that may be of interest:
http://forums.halcyoninc.com/showthread.php?t=111
In addition, Halcyon provides many different add-ons to Sun MC extending it to monitor almost anything in the datacenter, including storage (Hitachi, NetApp), network devices (Cisco), applications (Oracle, Veritas, Syabse, Java System), non-Sun platforms (Windows, Linux, AIX), and integrations to various Enterprise Managers (Tivoli, HP Openview):
A full list of products can be found here:
http://www.halcyoninc.com/products/a-z.php
Apologies to all the technies who may find this posting very sales like... I am now working with our marketing team :)
regards,
bobby
www.HalcyonInc.com -
Simple question. Hard to find an answer. Threshold setting on WVC2300
Hello
I have a WVC2300
What is the most sensitived setting, a plus or a minus - ???
Come on Cisco, update your documentation!Hi Clifford,
Thank you for posting. It has been a long time since I played with those settings but if I remember correctly the - side means more sensitivity. Also, I found the following in the WVC210 Admin Guide which appears to confirm this:
Adjust the sensitivity of each window by using the threshold slider (less threshold
means more sensitivity) -
Auto-Acknowledgement of Alarms
Hi,
I have installed SunMC 3.5.1b in my server.
I would like to acknowledge the alarms after every notification automatically.
Base on the user guide, all i need to do is to choose the alarm tab and configure it to "clear" in the event of any alarms.
However, when i tried to change the action to "clear" instead of email or script, I can't seem to save my configuration changes.
Therefore, I tried to change the action to "email" and saved it. It works ok for "email" but not for "clear".
What is going on?
How can i achieve my auto-acknowledgement?
Any help would be appreciated.
Thanks in advance
regards
DarylHi Daryl,
I would like to acknowledge the alarms after every
notification automatically.
Base on the user guide, all i need to do is to choose
the alarm tab and configure it to "clear" in the
event of any alarms.First of all, are you sure you want to do this? The end effect would be your SunMC Console would show no coloured alarms... because you ack'd them all. I guess that may be OK if you've already made sure to send out some sort of notification.
However, when i tried to change the action to "clear"
instead of email or script, I can't seem to save my
configuration changes."Clear" in that context isn't an action, it's just a way to remove any email or script actions you've configured. i.e if you were using a script action but decided you didn't want to any more, you'd click clear to remove it.
You can set up universal auto-acknowledge like that in EventAction (http://www.halcyoninc.com/products/EventAction/index.php)
You would setup a script action:
http://www.halcyoninc.com/products/EventAction/help/HALEventAction-add-action-info-script.gif
...that for all alarms instantly calls a script to ack them:
http://www.halcyoninc.com/products/EventAction/help/HALEventAction-remote-acknowledging-h.html
In this case you're just using the remote ack feature locally on the SunMC Server. If you're already forwarding the SunMC alarms someplace else (like another product : Tivoli / Netcool / OpenView / Patrol / [insert_open_source_app_here] etc) then you may as well just use the remote ack feature as intended. So for example if you ack an alarm in Netcool, that ack goes backwards into SunMC and clears it there as well.
I'm getting ahead of myself: I'm not sure what you want to do yet :)
Regards,
[email protected]
http://www.HalcyonInc.com -
We are getting this message:
<Sep 23, 2003 10:21:05 AM PDT> <Warning> <WebLogicServer> <000335> <Percent
of s
tarting server free memory is now at "4%". This is less than the configured
thre
shold of "5%". We will try to garbage collect, but you may consider
rebooting.>
WLS 7.X has a GC threshold page. The benefit of a forced GC is that you are
distributing the time required for a single GC across several pre-emptive
GC calls. I have seen no indication or information that would indicate that
threshold drive GCs are anything but a bad idea.
Consider what is being done here. When there is memory available there is no
need to run the GC. When there is memory available your request for memory
will be fulfilled. When a request cannot be fulfilled the GC will run and
release memory. If and only if all memory is held by non-collectible objects
will you run out of memory.
Setting a threshold means that you are lowering the trigger point so the GC
runs when there is no point in doing so. Consider what happens when you get
to the threshold of, say, 10% and there legitimately there is only 10% free
memory: everything else is reachable and by definition it cannot be
collected. The GC will start to run continuously! You have effectively taken
10% of your memory out of service. It seems as though setting artificial
memory thresholds is counterproductive.
I added a memory watchdog for diagnostic purposes a year ago. We determined
that we there was no legitimate out of memory error as the GC would always
return to about the same baseline. Running GC at regular intervals fixed did
not solve the crashing problem and out of memory problem we were trying to
solve. Apparently there is a known problem with WLS and hotspot but WLS
support has precisely zero information on that a year ago.
Question: what is the purpose of the GC threshold and can anybody point me
to a credible information source that actually recommends this. This is not
the same as running the GC at regular intervals which has the benefit of
distributing the effort over time. Can anybody explain what the threshold is
all about and whether I am missing some important information that has led
me to the wrong conclusion about this?
TIAI've had the same question on my mind....
"dealmein" <[email protected]> wrote in message
news:[email protected]...
We are getting this message:
<Sep 23, 2003 10:21:05 AM PDT> <Warning> <WebLogicServer> <000335><Percent
of s
tarting server free memory is now at "4%". This is less than theconfigured
thre
shold of "5%". We will try to garbage collect, but you may consider
rebooting.>
WLS 7.X has a GC threshold page. The benefit of a forced GC is that youare
distributing the time required for a single GC across several pre-emptive
GC calls. I have seen no indication or information that would indicatethat
threshold drive GCs are anything but a bad idea.
Consider what is being done here. When there is memory available there isno
need to run the GC. When there is memory available your request for memory
will be fulfilled. When a request cannot be fulfilled the GC will run and
release memory. If and only if all memory is held by non-collectibleobjects
will you run out of memory.
Setting a threshold means that you are lowering the trigger point so theGC
runs when there is no point in doing so. Consider what happens when youget
to the threshold of, say, 10% and there legitimately there is only 10%free
memory: everything else is reachable and by definition it cannot be
collected. The GC will start to run continuously! You have effectivelytaken
10% of your memory out of service. It seems as though setting artificial
memory thresholds is counterproductive.
I added a memory watchdog for diagnostic purposes a year ago. Wedetermined
that we there was no legitimate out of memory error as the GC would always
return to about the same baseline. Running GC at regular intervals fixeddid
not solve the crashing problem and out of memory problem we were trying to
solve. Apparently there is a known problem with WLS and hotspot but WLS
support has precisely zero information on that a year ago.
Question: what is the purpose of the GC threshold and can anybody point me
to a credible information source that actually recommends this. This isnot
the same as running the GC at regular intervals which has the benefit of
distributing the effort over time. Can anybody explain what the thresholdis
all about and whether I am missing some important information that has led
me to the wrong conclusion about this?
TIA -
IBook in alarm.........
Hi all - my iBook is making 'alarm' sounds every so often. The first time it did I found out the HDD was SMART 'failing' and I've posted elsewhere about that (replacing soon). The only thing is that I keep on getting alarms (SMART said 'verified') once in a while with a louder alarm yesterday for the first time (two level sound?). My HDD is now SMART 'failing' again - no surprises there.
I don't appear to be getting kernel panics (as far as my very limited understanding goes).
The alarm was quite loud the other day (first a quiet one followed by the louder) and was a bit of a worry.
I have run Apple Hardware test which came through with nil problem, all passed.
My question is: does this alarm merely mean the HDD is failing (which I know and I'm about to replace in which case disregard). Or does it signify something more sinister?
Cheers,
Andrew (hoping this isnt worse than a bad HDD).Andrew Haas1...
BTW (By the way) ... Dennis has a link above that should be in blue text about the Haxies. It is common to use words like this, these, or here to become part of links. Under the old setup they would be underlined giving them a better indication of being a link.
Searching... Google (a link) just rocks in finding tons of things or information. The only drawback is using the right keyword and-or spelling.
++
Back to the noises.
About the only thing I can think of, that there is some background application running. The way I find those out is go through your System Preferences, Accounts, select account name, and check the last tab- Startup Items. What ever is in that list may give us a clue what application may be alerting you.
Of course if the HD is getting creaky or cranky, it may be the spindown or spinup noise you may be hearing. Noises are hard to pinpoint because of their suggestive nature.
...Ron -
I have a shared variable with a lower and upper alarm level.
I am generating a user event when the alarm threshold is exceeded (see attached jpg). However, when returning back into the 'valid' region two events are generated. What could be the source of those two events and how can I avoid this behavior (I need only one event when passing the threshold again).
VPS
Attachments:
alarm_events.jpg 67 KBHi VPS,
The events triggering twice could possibily due to a redundant notification, on which you should do nothing in your code.
If you notice, the events are triggered twice when only shared variable is changed its state to the alarm state, but it would trigger only once when it changes to the normal state.
Check for the time stamp to make a comparison. When the alarm is triggered, the two events would have different timestamps,
Timestamp on 1st event trigger -00:00:00 MM/DD/YYYY - is a redundant notification just ignore it.
Timestamp on second event trigger - Current time and date - is your Alarm do your action here.
It also makes no sense for the time stamp being 0 for a new alarm triggered.
You can have a look at the example vi DSC Alarm Demo.lvproj, DSC Alarm Event structure supprt.vi shipped with DSC module for a better understanding.
Hope this helps.
Message Edited by Vsh on 09-15-2009 04:08 AM -
"alarm and event display" crashes my application
Dear All,
I use the "alarm and event disply.vi" in my DSC application. It works fine: I can acknowledge alarms, events etc. BUT...
When I double click the alarm item (or press Alt-Enter) and watch the alarm properties in the Alarm Properties dialog, I can usually watch the properties for some time, selecting the next or previous alarm item, but most often than not, my application just crashes. I don't get any LabVIEW error dialogs. Only Windows is telling me that the application stopped working and it just closes giving me no explanation. Sometimes I don't even see the Windows message.
I've tried this on two different computers... same boat!
I'm using:
- LV2011
- Windows 7
In my application I create the shared variables programmatically, set alarm thresholds programmatically etc.
Anybody had the same problem?
regards
Witold NoconWell…I think I have isolated the problem, and I have recreated it in the Boiler example. Here’s what’s happening:
If you watch the properties of the alarm in the Alarm and Event Display, and if this alarm “disappears” at this time, the application will crash. This will happen for example when this variable is set to AUTO ACK.
You can try setting the R02 pump to zero. This will cause the L01 level to increase reporting an alarm. Now if you set the flows so that the level start decreasing (I set the outflow to max, and the inflow tozero), and immediately click the HI HI alarm and watch it’s properties, the application will crash at the time when this alarm is cleared due to the decreasing level (AUTO ACK).
It also seems a “little non-deterministic” but this may be my own impression.
Anybody had a similar problem or is able to recreate it? -
Cannot open ACS 5.4 alarm notifcations via URL
Hi,
We have configured the ACS 5.4 to send us alarms on Failed authentication on any device.
When we get the alert the report URL inside the notification does not open via browser.
Is there anyway that we can configure the ACS 5.4 to open the report URL via an IP address and through FQDN.
I tried changing the hostname to FQDN, but it does not accept special characters.Hi
FYI, there are two types of alarms in ACS:
Threshold Alarms
Threshold alarms are defined on log data collected from ACS servers that notify you of certain events. For example, you can configure threshold alarms to notify you of ACS system health, ACS process status, authentication activity or inactivity, and so on.
You define threshold conditions on these data sets. When a threshold condition is met, an alarm is triggered. While defining the threshold, you also define when the threshold should be applied (the time period), the severity of the alarm, and how the notifications should be sent.
System Alarms
System alarms notify you of critical conditions encountered during the execution of the ACS Monitoring and Reporting viewer. System alarms also provide informational status of system activities, such as data purge events or failure of the log collector to populate the View database.
You cannot configure system alarms, which are predefined. However, you do have the option to disable system alarms or decide how you want to be notified if you have enabled them.
For more information regarding configuration, please go through this link:
http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/common_scenarios.html -
MBP mid 2012 crashing, is it the video card?
Hello. I have an mid 2012 MBP with an Intel 4000 graphics card. I think it is causing the computer to crash.
I recently re-installed Civ 5 which ran great last fall. At first it ran OK, then after a few hours of game time my system crashed during a time when the monitor went to sleep (I was walking my baby). This happened a few more times then crashed while open. The system froze and the image was overlayed with some squares consisting of black, green, and lavender bars. At first this only happened when the game was open. The when I tried to reboot I got the beep-beep-beep alarm that means bad RAM(?). So I ran an AHT and it came back fine for RAM and CPU if I understood how to interpret it correctly. Also the system crashed once or twice when the game was not running.
I have tried a partial RAM reboot, a system controller reset, upgrading to 8 GB RAM, and partitioning my hard drive and installing the game in the other partition. If I knew how to get crash logs for the ?panic kernel? I would. Actually, I'm trying to get into code writing and IT so this is pretty interesting. Here is the report i got from EtreCheck
EtreCheck version: 1.9.15 (52)
Report generated September 8, 2014 at 4:56:39 PM PDT
Hardware Information: ?
MacBook Pro (13-inch, Mid 2012) (Verified)
MacBook Pro - model: MacBookPro9,2
1 2.5 GHz Intel Core i5 CPU: 2 cores
8 GB RAM
Video Information: ?
Intel HD Graphics 4000 - VRAM: (null)
Color LCD 1280 x 800
System Software: ?
OS X 10.9.4 (13E28) - Uptime: 0 days 0:3:2
Disk Information: ?
APPLE HDD TOSHIBA MK5065GSXF disk0 : (500.11 GB)
S.M.A.R.T. Status: Verified
EFI (disk0s1) <not mounted>: 209.7 MB
number 5.1 (disk0s2) /Volumes/number 5.1: 437.62 GB (207.95 GB free)
Recovery HD (disk0s3) <not mounted>: 650 MB
number 5.1 2 (disk0s4) / [Startup]: 60.98 GB (39.58 GB free)
Recovery HD (disk0s5) <not mounted>: 650 MB
MATSHITADVD-R UJ-8A8
USB Information: ?
Apple Computer, Inc. IR Receiver
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. FaceTime HD Camera (Built-in)
Thunderbolt Information: ?
Apple Inc. thunderbolt_bus
Gatekeeper: ?
Mac App Store and identified developers
User Launch Agents: ?
[loaded] com.google.keystone.agent.plist Support
User Login Items: ?
iTunesHelper
Google Chrome
Internet Plug-ins: ?
Default Browser: Version: 537 - SDK 10.9
nplastpass: Version: 3.1.21 Support
QuickTime Plugin: Version: 7.7.3
Safari Extensions: ?
LastPass
Audio Plug-ins: ?
BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9
AirPlay: Version: 2.0 - SDK 10.9
AppleAVBAudio: Version: 203.2 - SDK 10.9
iSightAudio: Version: 7.7.3 - SDK 10.9
iTunes Plug-ins: ?
Quartz Composer Visualizer: Version: 1.4 - SDK 10.9
3rd Party Preference Panes: ?
None
Time Machine: ?
Time Machine not configured!
Top Processes by CPU: ?
6% Google Chrome
3% WindowServer
2% mds
1% fontd
0% hidd
Top Processes by Memory: ?
115 MB com.apple.IconServicesAgent
97 MB mds_stores
82 MB Google Chrome
66 MB ocspd
44 MB Google Chrome Helper
Virtual Memory Information: ?
5.94 GB Free RAM
1.14 GB Active RAM
237 MB Inactive RAM
701 MB Wired RAM
333 MB Page-ins
0 B Page-outsHi. My system crashed again and it gave me the kernel panic startup screen and asked if I wanted to send the report to Apple.
Mon Sep 8 21:48:07 2014
panic(cpu 0 caller 0xffffff8023edc24e): Kernel trap at 0xffffff7fa58e289f, type 13=general protection, registers:
CR0: 0x000000008001003b, CR2: 0x000000010c3e9000, CR3: 0x000000002637e000, CR4: 0x00000000001606e0
RAX: 0x7fffffffffffffff, RBX: 0x0000000000000000, RCX: 0x0000000000000000, RDX: 0x0000000000000156
RSP: 0xffffff8143cdbd90, RBP: 0xffffff8143cdbe50, RSI: 0x00000176a5992fd5, RDI: 0x0000000000000230
R8: 0x0000000000000000, R9: 0x0000000000000007, R10: 0x00000000ffffffff, R11: 0xffffffffffffffff
R12: 0xffffff8105fbf148, R13: 0x0000000705fbf148, R14: 0xffffff8105fbf148, R15: 0xffffff7fa5906e20
RFL: 0x0000000000010046, RIP: 0xffffff7fa58e289f, CS: 0x0000000000000008, SS: 0x0000000000000010
Fault CR2: 0x000000010c3e9000, Error code: 0x0000000000000000, Fault CPU: 0x0
Backtrace (CPU 0), Frame : Return Address
0xffffff8105fcac50 : 0xffffff8023e22f79
0xffffff8105fcacd0 : 0xffffff8023edc24e
0xffffff8105fcaea0 : 0xffffff8023ef3746
0xffffff8105fcaec0 : 0xffffff7fa58e289f
0xffffff8143cdbe50 : 0xffffff8105fbf148
Unaligned frame
Backtrace terminated-invalid frame pointer 0x87e6810607
Kernel Extensions in backtrace:
com.apple.driver.AppleIntelCPUPowerManagement(217.92.1)[CF28958D-CA8A-3A79-911C -78217F5DDAF2]@0xffffff7fa58df000->0xffffff7fa5909fff
BSD process name corresponding to current thread: kernel_task
Mac OS version:
13E28
Kernel version:
Darwin Kernel Version 13.3.0: Tue Jun 3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64
Kernel UUID: BBFADD17-672B-35A2-9B7F-E4B12213E4B8
Kernel slide: 0x0000000023c00000
Kernel text base: 0xffffff8023e00000
System model name: MacBookPro9,2 (Mac-6F01561E16C75D06)
System uptime in nanoseconds: 583696171534
last loaded kext at 289554516250: com.apple.filesystems.msdosfs 1.9 (addr 0xffffff7fa5cd8000, size 65536)
last unloaded kext at 414169093667: com.apple.filesystems.msdosfs 1.9 (addr 0xffffff7fa5cd8000, size 57344)
loaded kexts:
com.apple.driver.AudioAUUC 1.60
com.apple.driver.AGPM 100.14.28
com.apple.driver.X86PlatformShim 1.0.0
com.apple.filesystems.autofs 3.0
com.apple.iokit.IOBluetoothSerialManager 4.2.6f1
com.apple.driver.AppleMikeyHIDDriver 124
com.apple.driver.AppleHDA 2.6.3f4
com.apple.driver.AppleUpstreamUserClient 3.5.13
com.apple.iokit.IOUserEthernet 1.0.0d1
com.apple.driver.SMCMotionSensor 3.0.4d1
com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport 4.2.6f1
com.apple.Dont_Steal_Mac_OS_X 7.0.0
com.apple.driver.AppleHWAccess 1
com.apple.driver.AppleMikeyDriver 2.6.3f4
com.apple.driver.AppleThunderboltIP 1.1.2
com.apple.driver.AppleSMCPDRC 1.0.0
com.apple.driver.AppleSMCLMU 2.0.4d1
com.apple.driver.AppleIntelHD4000Graphics 8.2.8
com.apple.driver.AppleIntelFramebufferCapri 8.2.8
com.apple.driver.AppleLPC 1.7.0
com.apple.driver.AppleBacklight 170.3.5
com.apple.driver.AppleMCCSControl 1.2.5
com.apple.driver.AppleUSBTCButtons 240.2
com.apple.driver.AppleIRController 325.7
com.apple.driver.AppleUSBTCKeyboard 240.2
com.apple.AppleFSCompression.AppleFSCompressionTypeDataless 1.0.0d1
com.apple.AppleFSCompression.AppleFSCompressionTypeLZVN 1.0.0d1
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0d1
com.apple.BootCache 35
com.apple.iokit.SCSITaskUserClient 3.6.6
com.apple.driver.XsanFilter 404
com.apple.iokit.IOAHCIBlockStorage 2.6.0
com.apple.driver.AirPort.Brcm4331 700.20.22
com.apple.driver.AppleSDXC 1.5.2
com.apple.driver.AppleUSBHub 683.4.0
com.apple.iokit.AppleBCM5701Ethernet 3.8.1b2
com.apple.driver.AppleAHCIPort 3.0.5
com.apple.driver.AppleFWOHCI 5.0.2
com.apple.driver.AppleUSBXHCI 683.4.0
com.apple.driver.AppleUSBEHCI 660.4.0
com.apple.driver.AppleSmartBatteryManager 161.0.0
com.apple.driver.AppleRTC 2.0
com.apple.driver.AppleACPIButtons 2.0
com.apple.driver.AppleHPET 1.8
com.apple.driver.AppleSMBIOS 2.1
com.apple.driver.AppleACPIEC 2.0
com.apple.driver.AppleAPIC 1.7
com.apple.driver.AppleIntelCPUPowerManagementClient 217.92.1
com.apple.nke.applicationfirewall 153
com.apple.security.quarantine 3
com.apple.driver.AppleIntelCPUPowerManagement 217.92.1
com.apple.kext.triggers 1.0
com.apple.iokit.IOSerialFamily 10.0.7
com.apple.driver.DspFuncLib 2.6.3f4
com.apple.vecLib.kext 1.0.0
com.apple.iokit.IOAudioFamily 1.9.7fc2
com.apple.kext.OSvKernDSPLib 1.14
com.apple.iokit.IOBluetoothHostControllerUSBTransport 4.2.6f1
com.apple.iokit.IOBluetoothFamily 4.2.6f1
com.apple.iokit.IOFireWireIP 2.2.6
com.apple.driver.AppleHDAController 2.6.3f4
com.apple.iokit.IOHDAFamily 2.6.3f4
com.apple.driver.AppleSMBusPCI 1.0.12d1
com.apple.iokit.IOSurface 91.1
com.apple.iokit.IOAcceleratorFamily2 98.22
com.apple.AppleGraphicsDeviceControl 3.6.22
com.apple.driver.X86PlatformPlugin 1.0.0
com.apple.driver.AppleSMC 3.1.8
com.apple.driver.IOPlatformPluginFamily 5.7.1d6
com.apple.driver.AppleBacklightExpert 1.0.4
com.apple.iokit.IONDRVSupport 2.4.1
com.apple.driver.AppleSMBusController 1.0.12d1
com.apple.iokit.IOGraphicsFamily 2.4.1
com.apple.driver.AppleThunderboltDPInAdapter 3.1.7
com.apple.driver.AppleThunderboltDPAdapterFamily 3.1.7
com.apple.driver.AppleThunderboltPCIDownAdapter 1.4.5
com.apple.driver.AppleUSBMultitouch 240.9
com.apple.iokit.IOUSBHIDDriver 660.4.0
com.apple.driver.AppleUSBMergeNub 650.4.0
com.apple.driver.AppleUSBComposite 656.4.1
com.apple.iokit.IOSCSIMultimediaCommandsDevice 3.6.6
com.apple.iokit.IOBDStorageFamily 1.7
com.apple.iokit.IODVDStorageFamily 1.7.1
com.apple.iokit.IOCDStorageFamily 1.7.1
com.apple.iokit.IOAHCISerialATAPI 2.6.1
com.apple.iokit.IOSCSIArchitectureModelFamily 3.6.6
com.apple.driver.AppleThunderboltNHI 2.0.1
com.apple.iokit.IOThunderboltFamily 3.3.1
com.apple.iokit.IO80211Family 640.36
com.apple.iokit.IOEthernetAVBController 1.0.3b4
com.apple.driver.mDNSOffloadUserClient 1.0.1b5
com.apple.iokit.IONetworkingFamily 3.2
com.apple.iokit.IOUSBUserClient 660.4.2
com.apple.iokit.IOAHCIFamily 2.6.5
com.apple.iokit.IOFireWireFamily 4.5.5
com.apple.iokit.IOUSBFamily 683.4.0
com.apple.driver.AppleEFINVRAM 2.0
com.apple.driver.AppleEFIRuntime 2.0
com.apple.iokit.IOHIDFamily 2.0.0
com.apple.iokit.IOSMBusFamily 1.1
com.apple.security.sandbox 278.11.1
com.apple.kext.AppleMatch 1.0.0d1
com.apple.security.TMSafetyNet 7
com.apple.driver.AppleKeyStore 2
com.apple.driver.DiskImages 371.1
com.apple.iokit.IOStorageFamily 1.9
com.apple.iokit.IOReportFamily 23
com.apple.driver.AppleFDEKeyStore 28.30
com.apple.driver.AppleACPIPlatform 2.0
com.apple.iokit.IOPCIFamily 2.9
com.apple.iokit.IOACPIFamily 1.4
com.apple.kec.corecrypto 1.0
com.apple.kec.pthread 1
Model: MacBookPro9,2, BootROM MBP91.00D3.B08, 2 processors, Intel Core i5, 2.5 GHz, 8 GB, SMC 2.2f44
Graphics: Intel HD Graphics 4000, Intel HD Graphics 4000, Built-In
Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1600 MHz, 0x802C, 0x31364B54463531323634485A2D3147364D31
Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1600 MHz, 0x80CE, 0x4D34373142353237334348302D594B302020
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0xF5), Broadcom BCM43xx 1.0 (5.106.98.100.22)
Bluetooth: Version 4.2.6f1 14216, 3 services, 23 devices, 1 incoming serial ports
Network Service: Wi-Fi, AirPort, en1
Serial ATA Device: MATSHITADVD-R UJ-8A8
Serial ATA Device: APPLE HDD TOSHIBA MK5065GSXF, 500.11 GB
USB Device: Hub
USB Device: FaceTime HD Camera (Built-in)
USB Device: Hub
USB Device: Hub
USB Device: Apple Internal Keyboard / Trackpad
USB Device: IR Receiver
USB Device: BRCM20702 Hub
USB Device: Bluetooth USB Host Controller
Thunderbolt Bus: MacBook Pro, Apple Inc., 25.1 -
Why wont my DMVPN get phased 1 isakmp?
I’m trying to setup a DMVPN solution with the hub behind a firewall using a static 1 to 1 NAT.
I can get the DMVPN to work fine, but once I add the ipsec policy it doesn’t go passed ISAKMP phase 1.
I have put rules in the firewall to allow NAT-T, GRE tunnels, ESP and AH, I have also put in a allow any any rule just in case I missed something! I was getting a NAT-T issue but then put in the command line no crypto ipsec nat-transparency udp-encapsulation and this solved the issue and ISAKMP phase 1 completed. I have also tried changing the mode from tunnel to transport and back again.
I have tried crypto maps as I wasn’t sure if it was a UDP header issue due to the NAT’ing
My setup is as follows:
Cisco 1941--------JUNIPER SXR-------CLOUD--------Cisco 382
(HUB) (FIREWALL) (SW 3750) (SPOKE)
(STATIC 1 2 1 NAT)
--------------HUB--------------------------
Cisco 1941 - HUB
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(4)M2, RELEASE SOFTWARE (fc2)
version 15.2
crypto isakmp policy 1
authentication pre-share
crypto isakmp key TTCP_KEY address 0.0.0.0
crypto isakmp keepalive 10 3
crypto isakmp nat keepalive 200
crypto ipsec transform-set TTCP_SET esp-aes esp-sha-hmac
mode transport
no crypto ipsec nat-transparency udp-encapsulation
crypto ipsec profile TTCP_PRO
set transform-set TTCP_SET
interface Tunnel12345
description DMVPN TUNNEL
ip address 10.10.10.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 12345
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile TTCP_PRO
interface GigabitEthernet0/0
description LINK TO FW ON VLAN 1960
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.20.254 255.255.255.0
duplex auto
speed auto
router ospf 1
network 10.10.10.0 0.0.0.255 area 0
ip route 0.0.0.0 0.0.0.0 192.168.10.254
----------------------Spoke--------------------------
cisco 3825 - Spoke
Cisco IOS Software, 3800 Software (C3825-ADVENTERPRISEK9-M), Version 15.1(4)M5, RELEASE SOFTWARE (fc1)
version 15.1
crypto isakmp policy 1
authentication pre-share
crypto isakmp key TTCP_KEY address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10 3
crypto isakmp nat keepalive 200
crypto ipsec transform-set TTCP_SET esp-aes esp-sha-hmac
mode transport
no crypto ipsec nat-transparency udp-encapsulation
crypto ipsec profile TTCP_PRO
set transform-set TTCP_SET
interface Tunnel12345
description DMVPN TUNNEL
ip address 10.10.10.2 255.255.255.0
no ip redirects
ip nhrp map 10.10.10.1 1.1.1.1
ip nhrp map multicast 1.1.1.1
ip nhrp network-id 12345
ip nhrp nhs 10.10.10.1
tunnel source GigabitEthernet0/0
tunnel mode gre multipoint
tunnel protection ipsec profile TTCP_PRO
interface GigabitEthernet0/0
description LINK TO INTERNET
ip address 2.2.2.2 255.255.255.0
duplex auto
speed auto
media-type rj45
interface GigabitEthernet0/1
ip address 192.168.30.1 255.255.255.0
duplex auto
speed auto
media-type rj45
router ospf 1
network 10.10.10.0 0.0.0.255 area 0
ip route 0.0.0.0 0.0.0.0 2.2.2.3
------------------------FIREWALL---------------------------
[edit]
Admin@UK_FIREWALL# show
## Last changed: 2014-07-23 19:54:53 UTC
version 10.4R6.5;
system {
host-name FIREWALL;
services {
ssh;
telnet;
xnm-clear-text;
web-management {
http {
interface vlan.0;
https {
system-generated-certificate;
interface vlan.0;
dhcp {
router {
192.168.20.254;
pool 192.168.20.0/24 {
address-range low 192.168.20.20 high 192.168.20.250;
default-lease-time 3600;
propagate-settings vlan.1960;
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 1.1.1.1/24;
ge-0/0/7 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members vlan1960;
vlan {
unit 0 {
family inet {
address 192.168.1.1/24;
unit 1960 {
family inet {
address 192.168.10.254/24;
routing-options {
static {
route 0.0.0.0/0 next-hop 1.1.1.2;
protocols {
stp;
security {
nat {
static {
rule-set STATIC_NAT_RS1 {
from zone untrust;
rule NAT_RULE {
match {
destination-address 1.1.1.1/32;
then {
static-nat prefix 192.168.10.10/32;
screen {
ids-option untrust-screen {
icmp {
ping-death;
ip {
source-route-option;
tear-drop;
tcp {
syn-flood {
alarm-threshold 1024;
attack-threshold 200;
source-threshold 1024;
destination-threshold 2048;
timeout 20;
land;
zones {
security-zone trust {
address-book {
address SERVER-1 192.168.10.10/32;
host-inbound-traffic {
system-services {
all;
protocols {
all;
interfaces {
vlan.1960 {
host-inbound-traffic {
system-services {
dhcp;
all;
ike;
protocols {
all;
ge-0/0/7.0 {
host-inbound-traffic {
system-services {
all;
ike;
protocols {
all;
security-zone untrust {
screen untrust-screen;
interfaces {
ge-0/0/0.0 {
host-inbound-traffic {
system-services {
dhcp;
tftp;
all;
ike;
protocols {
all;
policies {
from-zone trust to-zone untrust {
policy PERMIT_ALL {
match {
source-address SERVER-1;
destination-address any;
application any;
then {
permit;
policy ALLOW_ESP {
match {
source-address any;
destination-address any;
application ESP;
then {
permit;
policy ALLOW_IKE_500 {
match {
source-address any;
destination-address any;
application junos-ike;
then {
permit;
policy ALLOW_PING {
match {
source-address any;
destination-address any;
application junos-icmp-ping;
then {
permit;
policy ALLOW_NAT-T {
match {
source-address any;
destination-address any;
application junos-ike-nat;
then {
permit;
policy ALLOW_GRE {
match {
source-address any;
destination-address any;
application junos-gre;
then {
permit;
policy AH_51 {
match {
source-address any;
destination-address any;
application AH_PO_51;
then {
permit;
policy ANY_ANY {
match {
source-address any;
destination-address any;
application any;
then {
permit;
from-zone untrust to-zone trust {
policy ACCESS {
match {
source-address any;
destination-address SERVER-1;
application any;
then {
permit;
policy ALLOW_ESP {
match {
source-address any;
destination-address any;
application any;
then {
permit;
policy ALLOW_IKE_500 {
match {
source-address any;
destination-address any;
application junos-ike;
then {
permit;
policy ALLOW_PING {
match {
source-address any;
destination-address any;
application any;
then {
permit;
policy ALLOW_GRE {
match {
source-address any;
destination-address any;
application junos-gre;
then {
permit;
policy ALLOW_NAT-T {
match {
source-address any;
destination-address any;
application junos-ike-nat;
then {
permit;
policy AH_51 {
match {
source-address any;
destination-address any;
application AH_PO_51;
then {
permit;
policy ANY_ANY {
match {
source-address any;
destination-address any;
application any;
then {
permit;
applications {
application ESP protocol esp;
application AH_PO_51 protocol ah;
vlans {
vlan-trust {
vlan-id 3;
vlan1960 {
vlan-id 1960;
interface {
ge-0/0/7.0;
l3-interface vlan.1960;
------------------------------DEBUG------------------------------
-----------Cisco 1941-----------------
HUB#sh cry is sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
192.168.10.1 2.2.2.2 QM_IDLE 1006 ACTIVE
IPv6 Crypto ISAKMP SA
UK_HUB#sh dm
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
UK_HUB# debug dm al al
*Jul 25 12:22:39.036: NHRP RIB_RWATCH: Debugging is OFF
*Jul 25 12:22:39.036: NHRP RIB_RWATCH: Debugging is ON
*Jul 25 12:22:58.976: ISAKMP:(1006):purging node 1130853900
*Jul 25 12:23:14.704: ISAKMP (1006): received packet from 2.2.2.2 dport 500 sport 500 Global (R) QM_IDLE
*Jul 25 12:23:14.708: ISAKMP: set new node 670880728 to QM_IDLE
*Jul 25 12:23:14.708: ISAKMP:(1006): processing HASH payload. message ID = 670880728
*Jul 25 12:23:14.708: ISAKMP:(1006): processing SA payload. message ID = 670880728
*Jul 25 12:23:14.708: ISAKMP:(1006):Checking IPSec proposal 1
*Jul 25 12:23:14.708: ISAKMP: transform 1, ESP_AES
*Jul 25 12:23:14.708: ISAKMP: attributes in transform:
*Jul 25 12:23:14.708: ISAKMP: encaps is 2 (Transport)
*Jul 25 12:23:14.708: ISAKMP: SA life type in seconds
*Jul 25 12:23:14.708: ISAKMP: SA life duration (basic) of 3600
*Jul 25 12:23:14.708: ISAKMP: SA life type in kilobytes
*Jul 25 12:23:14.708: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
*Jul 25 12:23:14.708: ISAKMP: authenticator is HMAC-SHA
*Jul 25 12:23:14.708: ISAKMP: key length is 128
*Jul 25 12:23:14.708: ISAKMP:(1006):atts are acceptable.
*Jul 25 12:23:14.708: IPSEC(validate_proposal_request): proposal part #1
*Jul 25 12:23:14.708: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 192.168.10.1:0, remote= 2.2.2.2:0,
local_proxy= 1.1.1.1/255.255.255.255/47/0,
remote_proxy= 2.2.2.2/255.255.255.255/47/0,
protocol= ESP, transform= NONE (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Jul 25 12:23:14.708: map_db_find_best did not find matching map
*Jul 25 12:23:14.708: IPSEC(ipsec_process_proposal): proxy identities not supported
*Jul 25 12:23:14.708: ISAKMP:(1006): IPSec policy invalidated proposal with error 32
*Jul 25 12:23:14.708: ISAKMP:(1006): phase 2 SA policy not acceptable! (local 192.168.10.1 remote 2.2.2.2)
*Jul 25 12:23:14.708: ISAKMP: set new node 2125889339 to QM_IDLE
*Jul 25 12:23:14.708: ISAKMP:(1006):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 838208952, message ID = 2125889339
*Jul 25 12:23:14.708: ISAKMP:(1006): sending packet to 2.2.2.2 my_port 500 peer_port 500 (R) QM_IDLE
*Jul 25 12:23:14.708: ISAKMP:(1006):Sending an IKE IPv4 Packet.
*Jul 25 12:23:14.708: ISAKMP:(1006):purging node 2125889339
*Jul 25 12:23:14.708: ISAKMP:(1006):deleting node 670880728 error TRUE reason "QM rejected"
*Jul 25 12:23:14.708: ISAKMP:(1006):Node 670880728, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Jul 25 12:23:14.708: ISAKMP:(1006):Old State = IKE_QM_READY New State = IKE_QM_READY
*Jul 25 12:23:28.976: ISAKMP:(1006):purging node 720369228
*Jul 25 12:23:44.704: ISAKMP (1006): received packet from 2.2.2.2 dport 500 sport 500 Global (R) QM_IDLE
*Jul 25 12:23:44.704: ISAKMP: set new node -1528560613 to QM_IDLE
*Jul 25 12:23:44.704: ISAKMP:(1006): processing HASH payload. message ID = 2766406683
*Jul 25 12:23:44.704: ISAKMP:(1006): processing SA payload. message ID = 2766406683
*Jul 25 12:23:44.704: ISAKMP:(1006):Checking IPSec proposal 1
*Jul 25 12:23:44.704: ISAKMP: transform 1, ESP_AES
*Jul 25 12:23:44.704: ISAKMP: attributes in transform:
*Jul 25 12:23:44.704: ISAKMP: encaps is 2 (Transport)
*Jul 25 12:23:44.704: ISAKMP: SA life type in seconds
*Jul 25 12:23:44.704: ISAKMP: SA life duration (basic) of 3600
*Jul 25 12:23:44.704: ISAKMP: SA life type in kilobytes
*Jul 25 12:23:44.704: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0
*Jul 25 12:23:44.708: ISAKMP: authenticator is HMAC-SHA
*Jul 25 12:23:44.708: ISAKMP: key length is 128
*Jul 25 12:23:44.708: ISAKMP:(1006):atts are acceptable.
*Jul 25 12:23:44.708: IPSEC(validate_proposal_request): proposal part #1
*Jul 25 12:23:44.708: IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) INBOUND local= 192.168.10.1:0, remote= 2.2.2.2:0,
local_proxy= 1.1.1.1/255.255.255.255/47/0,
remote_proxy= 2.2.2.2/255.255.255.255/47/0,
protocol= ESP, transform= NONE (Transport),
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Jul 25 12:23:44.708: map_db_find_best did not find matching map
*Jul 25 12:23:44.708: IPSEC(ipsec_process_proposal): proxy identities not supported
*Jul 25 12:23:44.708: ISAKMP:(1006): IPSec policy invalidated proposal with error 32
*Jul 25 12:23:44.708: ISAKMP:(1006): phase 2 SA policy not acceptable! (local 192.168.10.1 remote 2.2.2.2)
*Jul 25 12:23:44.708: ISAKMP: set new node 1569673109 to QM_IDLE
*Jul 25 12:23:44.708: ISAKMP:(1006):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 838208952, message ID = 1569673109
*Jul 25 12:23:44.708: ISAKMP:(1006): sending packet to 2.2.2.2 my_port 500 peer_port 500 (R) QM_IDLE
*Jul 25 12:23:44.708: ISAKMP:(1006):Sending an IKE IPv4 Packet.
*Jul 25 12:23:44.708: ISAKMP:(1006):purging node 1569673109
*Jul 25 12:23:44.708: ISAKMP:(1006):deleting node -1528560613 error TRUE reason "QM rejected"
*Jul 25 12:23:44.708: ISAKMP:(1006):Node 2766406683, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH
*Jul 25 12:23:44.708: ISAKMP:(1006):Old State = IKE_QM_READY New State = IKE_QM_READY
---------Cisco 3825------------------
SPOKE_1#sh dm
Legend: Attrb --> S - Static, D - Dynamic, I - Incomplete
N - NATed, L - Local, X - No Socket
# Ent --> Number of NHRP entries with same NBMA peer
NHS Status: E --> Expecting Replies, R --> Responding, W --> Waiting
UpDn Time --> Up or Down Time for a Tunnel
==========================================================================
Interface: Tunnel12345, IPv4 NHRP Details
Type:Spoke, NHRP Peers:1,
# Ent Peer NBMA Addr Peer Tunnel Add State UpDn Tm Attrb
1 1.1.1.1 10.10.10.1 IPSEC 1d22h S
SPOKE_1#sh cry is sa
IPv4 Crypto ISAKMP SA
dst src state conn-id status
1.1.1.1 2.2.2.2 QM_IDLE 1006 ACTIVE
IPv6 Crypto ISAKMP SA
SPOKE_1#debug dm all all
*Jul 25 12:50:23.520: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 2.2.2.2:500, remote= 1.1.1.1:500,
local_proxy= 2.2.2.2/255.255.255.255/47/0 (type=1),
remote_proxy= 1.1.1.1/255.255.255.255/47/0 (type=1),
protocol= ESP, transform= esp-aes esp-sha-hmac (Transport),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Jul 25 12:50:23.520: ISAKMP: set new node 0 to QM_IDLE
*Jul 25 12:50:23.520: SA has outstanding requests (local 112.176.96.152 port 500, remote 112.176.96.124 port 500)
*Jul 25 12:50:23.520: ISAKMP:(1006): sitting IDLE. Starting QM immediately (QM_IDLE )
*Jul 25 12:50:23.520: ISAKMP:(1006):beginning Quick Mode exchange, M-ID of 1627587566
*Jul 25 12:50:23.520: ISAKMP:(1006):QM Initiator gets spi
*Jul 25 12:50:23.520: ISAKMP:(1006): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
*Jul 25 12:50:23.520: ISAKMP:(1006):Sending an IKE IPv4 Packet.
*Jul 25 12:50:23.520: ISAKMP:(1006):Node 1627587566, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
*Jul 25 12:50:23.520: ISAKMP:(1006):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
*Jul 25 12:50:23.524: ISAKMP (1006): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
*Jul 25 12:50:23.524: ISAKMP: set new node -1682318828 to QM_IDLE
*Jul 25 12:50:23.524: ISAKMP:(1006): processing HASH payload. message ID = 2612648468
*Jul 25 12:50:23.524: ISAKMP:(1006): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 484617190, message ID = 2612648468, sa = 0x70B05F14
*Jul 25 12:50:23.524: ISAKMP:(1006): deleting spi 484617190 message ID = 1627587566
*Jul 25 12:50:23.524: ISAKMP:(1006):deleting node 1627587566 error TRUE reason "Delete Larval"
*Jul 25 12:50:23.524: ISAKMP:(1006):deleting node -1682318828 error FALSE reason "Informational (in) state 1"
*Jul 25 12:50:23.524: ISAKMP:(1006):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Jul 25 12:50:23.524: ISAKMP:(1006):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE
*Jul 25 12:50:34.972: NHRP: Setting retrans delay to 64 for nhs dst 10.10.10.1
*Jul 25 12:50:34.972: IPSEC-IFC MGRE/Tu12345(2.2.2.2/1.1.1.1): connection lookup returned 691EDEF4
*Jul 25 12:50:34.972: NHRP: Attempting to send packet via DEST 10.10.10.1
*Jul 25 12:50:34.972: NHRP: NHRP successfully resolved 10.10.10.1 to NBMA 1.1.1.1
*Jul 25 12:50:34.972: NHRP: Encapsulation succeeded. Tunnel IP addr 1.1.1.1
*Jul 25 12:50:34.972: NHRP: Send Registration Request via Tunnel12345 vrf 0, packet size: 92
*Jul 25 12:50:34.972: src: 10.12.34.1, dst: 10.10.10.1
*Jul 25 12:50:34.972: (F) afn: IPv4(1), type: IP(800), hop: 255, ver: 1
*Jul 25 12:50:34.972: shtl: 4(NSAP), sstl: 0(NSAP)
*Jul 25 12:50:34.972: pktsz: 92 extoff: 52
*Jul 25 12:50:34.972: (M) flags: "unique nat ", reqid: 65537
*Jul 25 12:50:34.972: src NBMA: 2.2.2.2
*Jul 25 12:50:34.972: src protocol: 10.12.34.1, dst protocol: 10.10.10.1
*Jul 25 12:50:34.972: (C-1) code: no error(0)
*Jul 25 12:50:34.972: prefix: 32, mtu: 17916, hd_time: 7200
*Jul 25 12:50:34.972: addr_len: 0(NSAP), subaddr_len: 0(NSAP), proto_len: 0, pref: 0
*Jul 25 12:50:34.972: Responder Address Extension(3):
*Jul 25 12:50:34.972: Forward Transit NHS Record Extension(4):
*Jul 25 12:50:34.972: Reverse Transit NHS Record Extension(5):
*Jul 25 12:50:34.972: NAT address Extension(9):
*Jul 25 12:50:34.972: (C-1) code: no error(0)
*Jul 25 12:50:34.972: prefix: 32, mtu: 17916, hd_time: 0
*Jul 25 12:50:34.972: addr_len: 4(NSAP), subaddr_len: 0(NSAP), proto_len: 4, pref: 0
*Jul 25 12:50:34.972: client NBMA: 1.1.1.1
*Jul 25 12:50:34.972: client protocol: 10.10.10.1
*Jul 25 12:50:34.972: NHRP: 116 bytes out Tunnel12345
*Jul 25 12:50:34.972: NHRP-RATE: Retransmitting Registration Request for 10.10.10.1, reqid 65537, (retrans ivl 64 sec)
*Jul 25 12:50:36.132: ISAKMP:(1006):purging node 1566291204
*Jul 25 12:50:36.132: ISAKMP:(1006):purging node 742410882
*Jul 25 12:50:53.520: IPSEC(key_engine): request timer fired: count = 1,
(identity) local= 2.2.2.2:0, remote= 1.1.1.1:0,
local_proxy= 2.2.2.2/255.255.255.255/47/0 (type=1),
remote_proxy= 1.1.1.1/255.255.255.255/47/0 (type=1)
*Jul 25 12:50:53.520: IPSEC(sa_request): ,
(key eng. msg.) OUTBOUND local= 2.2.2.2:500, remote= 1.1.1.1:500,
local_proxy= 2.2.2.2/255.255.255.255/47/0 (type=1),
remote_proxy= 1.1.1.1/255.255.255.255/47/0 (type=1),
protocol= ESP, transform= esp-aes esp-sha-hmac (Transport),
lifedur= 3600s and 4608000kb,
spi= 0x0(0), conn_id= 0, keysize= 128, flags= 0x0
*Jul 25 12:50:53.520: ISAKMP: set new node 0 to QM_IDLE
*Jul 25 12:50:53.520: SA has outstanding requests (local 112.176.96.152 port 500, remote 112.176.96.124 port 500)
*Jul 25 12:50:53.520: ISAKMP:(1006): sitting IDLE. Starting QM immediately (QM_IDLE )
*Jul 25 12:50:53.520: ISAKMP:(1006):beginning Quick Mode exchange, M-ID of 2055556995
*Jul 25 12:50:53.520: ISAKMP:(1006):QM Initiator gets spi
*Jul 25 12:50:53.520: ISAKMP:(1006): sending packet to 1.1.1.1 my_port 500 peer_port 500 (I) QM_IDLE
*Jul 25 12:50:53.520: ISAKMP:(1006):Sending an IKE IPv4 Packet.
*Jul 25 12:50:53.520: ISAKMP:(1006):Node 2055556995, Input = IKE_MESG_INTERNAL, IKE_INIT_QM
*Jul 25 12:50:53.520: ISAKMP:(1006):Old State = IKE_QM_READY New State = IKE_QM_I_QM1
*Jul 25 12:50:53.520: ISAKMP (1006): received packet from 1.1.1.1 dport 500 sport 500 Global (I) QM_IDLE
*Jul 25 12:50:53.520: ISAKMP: set new node -1428573279 to QM_IDLE
*Jul 25 12:50:53.524: ISAKMP:(1006): processing HASH payload. message ID = 2866394017
*Jul 25 12:50:53.524: ISAKMP:(1006): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3
spi 2888331328, message ID = 2866394017, sa = 0x70B05F14
*Jul 25 12:50:53.524: ISAKMP:(1006): deleting spi 2888331328 message ID = 2055556995
*Jul 25 12:50:53.524: ISAKMP:(1006):deleting node 2055556995 error TRUE reason "Delete Larval"
*Jul 25 12:50:53.524: ISAKMP:(1006):deleting node -1428573279 error FALSE reason "Informational (in) state 1"
*Jul 25 12:50:53.524: ISAKMP:(1006):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY
*Jul 25 12:50:53.524: ISAKMP:(1006):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETESome time ago I was running a similar setup, but the firewall was an ASA, not a Juniper.
Some comments:
You shouldn't disable NAT-transparence. It should work with the default-setting which is "enabled"
The firewall only has to allow UDP/500 and UDP4500. It will never see any other traffic between the hub and spoke.
The firewall shouldn't do any inspections etc. on the traffic to the hub.
You shouldn't use wildcard-PSKs. The better solution is to use digital certificates.
You probably need some MTU/MSS-settings like "ip mtu 1400" and "ip tcp adjust mss 1360".
For running ospf through DMVPN make sure the Hub is the DR and set the network-type to broadcast. -
How to represent a -1 numeric value with text?
Hi All,
Question: How do I get the value of negative one (-1) in a numeric column to display as "all"?
Background: For our lottery players, they are able to opt in to various automated alerts. One column is an integer value representing one of five different thresholds for sending an alert: 10,000, 50,000, 100,000, 500,000, and -1. The -1 value
actually represents all of the other 4 values, or simply "all thresholds," meaning "send me an alert at every one of these thresholds."
What is the best way to represent the -1 value in the cube? A user won't understand that -1 is equivalent to "all choices". I could change the view so that the column is a string instead of an integer, but I assume this is going to
affect the cube in a negative way, such as unexpected sorting, etc.
I asked our resident SSAS guy if a numeric value could be displayed (not read) as "all values" while actually storing the -1 value, but all he could suggest was changing the data type and using a case statement to replace -1 with "all values."
This does not seem like a fix to me.
Is there a way to make SSAS display a negative one value as "all choices" without changing the data type of the source column itself?
Thanks,
Eric BNormally you would have a lookup on the number and a text value for the result displayed to users in the cube.
KeyValue
DisplayValue
10000
$10,000
50000
$50,000
100000
$100,000
500000
$500,000
-1
All Values -
Finally using SPAM quarantine and want to know how many e-mails are being released
We have two C660s and one M660 and we are finally using the SPAM quarantine functionality on the M660 and so far it has been awesome. For my pilot group I have the spam thresholds set as low as recommended by the GUI at 50 (positive) and 25 (suspected)... First off, if I change these numbers will I see noticiable differences in what is allowed through and what isn't?
My real question is, is there an easy way to see what mail is being released by users from the SPAM quarantine? Originally I had a content filter setup that was working.. but now it appears that when users are releasing e-mails from the quarantine it is skipping any type of content filtering.. From what I can tell, e-mails are still being routed from the M660 to one of the two C660s for delivery.. but in the mail logs I see information like:
Wed Aug 15 09:34:32 2012 Info: ISQ: Delivering MID 1592784 to ISQ (skipping work queue)
And in Message Tracking I see:
15 Aug 2012 09:32:23 (GMT -05:00)
Message 116381462 was released from Spam Quarantine, IP address 10.25.211.100.
15 Aug 2012 09:32:23 (GMT -05:00)
Message 116381462 released from Spam Quarantine. Work queue skipped.
15 Aug 2012 09:32:23 (GMT -05:00)
Message 116381462 queued for delivery.
15 Aug 2012 09:32:23 (GMT -05:00)
(DCID 40556495) Delivery started for message 116381462 to
My outgoing content filter is setup like:
Conditions
Apply rule: If one or more conditions match Only if all conditions match
Order
Condition
Rule
Delete
1
Remote IP/Hostname
remote-ip == XXXXXXXX
2
Envelope Sender
mail-from !=XXXXXXXXXX
Actions
Order
Action
Rule
Delete
1
Add Log Entry
log-entry("ReleasedFromSpamQuarantine")
XXXXXXX = the IP address of our M660..
XXXXXXXX = the e-mail address used by our M660 to send out reports/alerts etc..
Appreciate any input/feedback...
JasonHello Jason,
one thing about the trhesholds, the defaults are 50/90 for suspected and positive spam, and that usually works for most customers, in some cases if still spam gets trough we suggest to modify that to 40/80, but you should not get any lower, as this will just increase the number of false positives. In general, the antispam engine delivers a value way above or below the thresholds, means scores are always either below 10 (no spam) or above 90 (spam), very few are inbetween this range, so usually the default setting works.
About the information of which user released a message, there is unfortunately no direct way to get this done. You might try this approach:
1. mail_logs: Look for the MID of the message when its getting injected to the SMA, note that this is not the same MID as in message tracking.
2. mail_logs: Look for the message getting released, and note the time stamp:
6 Aug 2012 13:29:21 (GMT) Start Message 10054459 ICID 0 release from Spam Quarantine
3. Do a
CLI: grep timestamp euqgui_logs
with the timestamp you retreived from the mail logs (just use the Day, hour, and minute part), this should get you the log lines for the particular minute, check them for the name of the user who was accessing the GUI at that time.
Hope that helps,
Andreas -
Guranteed messaging and auto acknowledgement
I have a webservice sending messages to a Topic on the WL server instance. The webservice recieves XML messages from an external system. The mesage after being recieved is send to the different consumers. How willl I implement auto message reciept acknowledgement to be send by the MoM to the webservices.
Secondly the messages are consumed by various consumers. I want to implement Guaranteed messaging. Should I just redirect all the faulty messages in a queue. Any example and documentation on how to do is highly appreciated as per best practice.
Regards
ThomasHi Daryl,
I would like to acknowledge the alarms after every
notification automatically.
Base on the user guide, all i need to do is to choose
the alarm tab and configure it to "clear" in the
event of any alarms.First of all, are you sure you want to do this? The end effect would be your SunMC Console would show no coloured alarms... because you ack'd them all. I guess that may be OK if you've already made sure to send out some sort of notification.
However, when i tried to change the action to "clear"
instead of email or script, I can't seem to save my
configuration changes."Clear" in that context isn't an action, it's just a way to remove any email or script actions you've configured. i.e if you were using a script action but decided you didn't want to any more, you'd click clear to remove it.
You can set up universal auto-acknowledge like that in EventAction (http://www.halcyoninc.com/products/EventAction/index.php)
You would setup a script action:
http://www.halcyoninc.com/products/EventAction/help/HALEventAction-add-action-info-script.gif
...that for all alarms instantly calls a script to ack them:
http://www.halcyoninc.com/products/EventAction/help/HALEventAction-remote-acknowledging-h.html
In this case you're just using the remote ack feature locally on the SunMC Server. If you're already forwarding the SunMC alarms someplace else (like another product : Tivoli / Netcool / OpenView / Patrol / [insert_open_source_app_here] etc) then you may as well just use the remote ack feature as intended. So for example if you ack an alarm in Netcool, that ack goes backwards into SunMC and clears it there as well.
I'm getting ahead of myself: I'm not sure what you want to do yet :)
Regards,
[email protected]
http://www.HalcyonInc.com
Maybe you are looking for
-
Iphoto no longer works after my yosemite "upgrade".
A little help here Apple.
-
The example below ilustrates the problem I'm having. What I want to do is run an Executable, Wait until done. But the issue I have is when I run the wait until done with the flag to True the output is blank until it completes. When I runn it with the
-
Is firefox 8 compatable with windows 7 64 bit?
I am upgrading my computer and it will have windows 7 64 bit installed. Can I use Firefox 8 or do I have to use a 64 bit version?
-
Support Firefox browser please
It would be nice if you supported the Mozilla Firefox browser for downloads. It does not recognize that I have accepted the OTN license.
-
Error: could not find Factory: javax.faces.render.RenderKitFactory
Need help! I'm running into this same error every time I try to view a BIRT report in a JSF. I'm running Tomcat 6, with JSF 1.2 and BIRT 2.2.1. When I try to view the page in the browser I get the following error: javax.servlet.ServletException: Appl