Teardown

can anyone please explain me exactly what is tear down time. is that always same as machine hours.
regards
jaya

The downtime of a machine following a given production order which usually involves removing parts such as jigs and fixtures and which must be completely finished before setting up for the next order.
For understnading in short this can be taken as a reverse of set up time.
Regards
Soundararajan M.

Similar Messages

  • Understanding teardown from log

    Is the Reset-I always from the device on the higher security level interface (in this case 172.16.112.10/3389?
    In the second case, what conclusions can be drawn from the teardown information "TCP FINs" - who is it that send the first FIN?
    I'm strugglig to find the reasons for connections "freezing" or closing, but no errors that I can relate to the connection ids what so ever.
    asa.log:2014-02-03T15:04:32.186954+01:00 10.1.4.1 %ASA-6-302013: Built inbound TCP connection 1730891653 for wan:195.195.195.195/49624 (195.195.195.195/49624) to vlan547:172.16.112.10/3389 (212.112.9.209/3389)
    asa.log:2014-02-03T17:21:36.585964+01:00 10.1.4.1 %ASA-6-302014: Teardown TCP connection 1730891653 for wan:195.195.195.195/49624 to
    vlan547:172.16.112.10/3389 duration 2:17:05 bytes 35781464 TCP Reset-I
    asa.log:2014-02-03T13:14:51.660321+01:00 10.1.4.1 %ASA-6-302013: Built inbound TCP connection 1729135626 for wan:195.195.195.195/50005 (195.195.195.195/50005) to vlan547:172.16.112.10/3389 (212.112.9.209/3389)
    asa.log:2014-02-03T18:05:02.785968+01:00 10.1.4.1 %ASA-6-302014: Teardown TCP connection 1729135626 for wan:195.195.195.195/50005 to vlan547:172.16.112.10/3389 duration 4:50:14 bytes 36231472 TCP FINs

    Hi,
    The TCP Reset-I and TCP Reset-O should refer to the TCP RST coming from either higher or lower "security-level" interface.
    There are some other things affected by the "security-level" also in the output of the ASA. For example when you check the output of "show conn" command the host on the lowest "security-level" interface is listed first. Same goes for log messages. The host on the lowest "security-level" interface is mentioned first in the log messages for Building and Teardown the connection.
    To my understanding there is no way to determine the side which normally closed the connection from the log message itself. I would presume that the Client would usually do this but can't be 100% sure that its always like this.
    If there is not a clear indication that the firewall is doing something to the connection then I would suggest capturing traffic to find out what is happening to the connection. You can either attach some host to the network to capture all the traffic from some port or perhaps capture traffic on the ASA itself.
    You could for example configure a capture for your RDP connection like this
    access-list RDP-CAP permit tcp host host
    access-list RDP-CAP permit tcp host host
    capture RDP-CAP type raw-data access-list RDP-CAP interface outside buffer 33500000 circular-buffer
    If you are expecting a lot of data you will either have to do the capture on some other device (ASAs buffer limited to approx the above amount of Bytes) or you can either create a capture for each direction separately to maximize the amount of traffic that can be captured.
    You could also leave out the Data in the actual packets and only capture the headers by using this command
    capture RDP-CAP type raw-data access-list RDP-CAP interface outside buffer 33500000 circular-buffer headers-only
    You can naturally use both of the above commands. Naturally you will have to use a different name for the "capture", I am not sure do you have to use a different ACL.
    You can then use this command to check if there is traffic captured
    show capture
    If you wish to show capture contents on the CLI then you can use this command
    show capture RDR-CAP
    Then again you might want to load the capture to your host/server and open it with Wireshark then you could use this command
    copy /pcap capture:RDP-CAP tftp://x.x.x.x/RDP-CAP.pcap
    You can remove the capture with the command
    no capture RDP-CAP
    You will have to remove the capture ACL separately.
    I am not sure how much information can be gotten from the RDP server itself. I dont have to deal with the IT side at all usually so I don't really know to what extent you would be able to log what the actual server does during those connection issues. A traffic capture would certainly tell what happens to the data/connection.
    Hope this helps
    - Jouni

  • Unit tests: more than one startup (teardown) process

    Whether I can create more than one startup (teardown) process?
    Mike

    At this time if you need more than one you would need to use pl/sql and write them.
    We will be adding ability to have more than one in the next version.

  • 2.1.0.63: Teardown Table or Row Restore failed

    Hello all,
    I'm trying to explorer the new unit testing functionality of SQL Developer. Some of my basic testing as gone well, but now I'm hitting an error that I can't resolve.
    My unit test has a Startup Process of "Table or Row Copy" that populates the target table (and using a WHERE clause) successfully. I've configured the Teardown Process with "Table or Row Restore".
    When running the UT, I get the error "Teardown Table or Row Restore failed: ORA-06502: PL/SQL: numeric or value error: character string buffer too small ORA-06512: at line 22" on the Teardown node. I've tried tweaking the Teardown settings to no avail.
    I'm not sure what to do to resolve this error. (My code doesn't even have 22 lines of code.)
    Any thoughts on troubleshooting this?
    Thanks,
    John
    Edited by: user8153814 on Jan 11, 2010 4:53 PM
    Added SQL Developer version number to the subject

    (with apologies to John for not noticing this much earlier,)
    Can you provide:
    1. Definition for the table (don't care about names if that's sensitive, but column data type specification and any constraints are important)
    2. Options specified for startup
    3. Options specified for teardown
    Thanks,
    Brian Jeffries
    SQL Developer Team

  • Applet teardown what is it ?

    Hi All,
    I have seen in java console logs "applet teardown" started logs. It would be helpfull if you can explain in detail.
    My issue is that when I lauch applet, I get error "Unable to Start Plugin".
    is there setting that can be done at applet side to create core dump of java process/applet so that we will come to know exact issue ?
    java plug in versions are
    Java Plug-in 1.6.0_11
    J2SE 1.4.2 Update 5
    JRE 1.4.2_16
    Please note that in java console there are no errors.
    Renjith.

    OK, so now you are in the market for a display. I have no idea who these people are but this will give some guidance on price:
    http://www.dvwarehouse.com/Apple-LCD-Display-for-iMac-27-Mid-2010-661-5568---p-3 8499.html
    And then there's the sometimes murky world of eBay:
    http://www.ebay.com/itm/LCD-Display-27-inch-iMac-661-5527-/110727633992?pt=LH_De faultDomain_0&hash=item19c7e19c48
    Again, no endorsement or personal recommendation, just some Googling for you.

  • TCP Reset-O - Teardown tcp conncetion

    Dec 23 2013 20:04:31: %FWSM-6-302013: Built outbound TCP connection 146543498379530235 for inside:192.168.5.250/4831 (172.168.25.1/4380) to P_DMZ:172.168.25.13/139 (172.168.25.13/139)
    Dec 23 2013 20:04:31: %FWSM-6-302013: Built outbound TCP connection 146543850566848420 for inside:10.2.37.24/4830 (172.168.25.1/4379) to P_DMZ:172.168.25.13/445 (172.168.25.13/445)
    Dec 23 2013 20:04:31: %FWSM-6-302013: Built outbound TCP connection 146546388892520514 for inside:10.2.37.24/4832 (172.168.25.1/4381) to P_DMZ:172.168.25.13/139 (172.168.25.13/139)
    +++++++++++++++++++++++++++++++++++++++++++++++
    Dec 23 2013 20:04:31: %FWSM-6-302014: Teardown TCP connection 146546388892520514 for inside:10.2.37.24/4832 to P_DMZ:172.168.25.13/139 duration 0:00:00 bytes 190 TCP Reset-I
    Dec 23 2013 20:04:31: %FWSM-6-302014: Teardown TCP connection 146529170368630773 for inside:10.2.37.176/2943 to P_DMZ:172.168.25.13/445 duration 0:00:04 bytes 8159 TCP Reset-O
    ++++++++++++++++++++++++++++++++++++++++++++
    Dec 23 2013 12:07:30: %FWSM-6-305012: Teardown dynamic tcp translation from inside:112.31.1.37/2924 to Photo_DMZ:172.168.25.1/60861 duration 0:00:30
    Dec 23 2013 12:07:30: %FWSM-6-305012: Teardown dynamic tcp translation from inside:112.31.1.37/2926 to Photo_DMZ:172.168.25.1/60869 duration 0:00:30
    ++++++++++++++++++++++++++++++++++++++++++++++++
    some user not able to connect server  ip address 172.168.25.13
    server ip add 172.168.25.13
    user from 10.X,192.X,15.X
    Continues message we are getting in FWSM and some user from 10.X,192.X,15.X are able to connect this server some user not able to .
    If changes required in windows server what changes need to done if changes to required firewall FWSM to changes need to be done.

    Reset-O means that the Reset is from the Outside.
    Here is the syslog messages for your reference:
    http://www.cisco.com/en/US/docs/security/fwsm/fwsm40/system/message/logmsgs_external_docbase_0900e4b18059d73b_4container_external_docbase_0900e4b180ef4f45.html#wp1280675
    The logs means that the firewall already torn down the connection and it receives the ACK afterwards.

  • Galaxy S6 teardown reveals a battery that's almost impossible to replace

    The Samsung Galaxy S6 is a cutting edge piece of mobile technology, so who can resist wanting to take a peek inside at the hardware and at how it’s all put together?
    Galaxy S6 teardown reveals battery that's difficult to replace

    I have had a ZT for 2 weeks now with no major issues. I have had to reset it a few times, but that was no big deal. The battery life is great on it. I have 207 CDs/2486 songs on it (at 28 kbps/WMA) and have 8 GB still left on it. The sound is great. The player is sturdy. I am 40-something, and just wanted one place to store by favorite CDs (I have about 700).
    Hard dri've players are not meant to be bumped around, even iPods. I think the battery is supposed to have about 300 charges on it. With a 24-hour battery life, and me with an 8-5 job, I will probably only use it 2-3 hours a weekday, so one charge is lasting a week. I read a thread here that said that CL will replace the battery for $99, but no one has done that yet (since the players are so new).
    I have not tried to use it as a mass storage device... I have a couple of cheap pen dri'ves for that. I understand it can be done as long as the Creative software is on all computers that you connect your ZT to. This is not a big deal to me, but I can appreciate other people's desire for this. I wanted a player that could store 300+ CDs on it, and this fits the bill well.

  • TCP teardown and method close of the socket API

    Hi,
    If I call the method 'close' of the java tcp socket, does the tcp teardown occur asynchronously? Or does method 'close' block as long as the tcp handshake to close the connection needed?
    Thanks
    Chris

    By default, close() will flush any remaining data and tear down the connection asynchronously.
    You can change this behaviour with the SO_LINGER socket option, see Socket javadoc. SO_LINGER has operating system dependent corner cases, see http://www.developerweb.net/forum/archive/index.php/t-2982.html
    These also have paragraphs on the behaviour on a couple of OSes, search for SO_LINGER:
    http://docs.sun.com/app/docs/doc/816-0214/6m6nf1ook?a=view
    http://www.informatik.uni-frankfurt.de/doc/man/hpux/getsockopt.2.html
    http://msdn2.microsoft.com/en-us/library/ms737582.aspx

  • Mysterious Teardown Problem with NIO

    I have an NIO proxy server which relays state information from a number of servers to a number of clients. A requirement for this system is that we can restart the proxy server (together with a couple of other components) from a web app.
    I tear down the proxy server by
    - interrupting out of the read loop
    - cancelling all keys associated with the channel
    - closing the socket on the channel
    - closing the channel.
    I do this for for both the input (server side) channel and the output (client side) channel.
    I then discard the proxy server, create a new one and start it up.
    Now here's the mysterious bit. The new server operates just fine for a minute or two. And then it stops seeing any input.
    The thread responsible for input reading freezes on the call to -
    myKeysAdded = myAcceptKey.selector().select();and the stack looks something like this:
    WindowsSelectorImpl$SubSelector.poll0(long, int, int[], int[], int[], long)
    WindowsSelectorImpl$SubSelector.poll() line: 270
    WindowsSelectorImpl$SubSelector.access$400(WindowsSelectorImpl$SubSelector) line: 252
    WindowsSelectorImpl.doSelect(long) line: 133
    WindowsSelectorImpl(SelectorImpl).lockAndDoSelect(long) line: 69
    WindowsSelectorImpl(SelectorImpl).select(long) line: 80
    WindowsSelectorImpl(SelectorImpl).select() line: 84
    ProxyServer$BrowserSelector.run() line: 123If I completely destroy the process (and the jvm) and start a new one everything goes back to working normally.
    Has anyone got any suggestions? I'm in hair-tearing mode on this one.
    Thx TOTW.

    I tear down the proxy server by
    - interrupting out of the read loopDon't you mean the select() loop?
    - cancelling all keys associated with the channelUnnecessary.
    - closing the socket on the channel
    - closing the channel.Only one of these is necessary. Closing the socket closes the channel and vice versa.
    When you have closed all the channels, you then need to call selector.selectNow() (search this forum for why), and then close the selector.

  • ABAP Unit: Can one call a method in the setup/teardown methods?

    Hi all,
    I'm using ABAP Unit test ClasseS (what's with the odd capitalization BTW?) in the class builder on NW7.0.
    In my SETUP method I do not want to do a CREATE OBJECT, but want to use a GET_INSTANCE method of my main class to instantiate my object.
    When I execute my unit test however the instance methods all fail with CX_REF_NOT_ASSIGNED - meaning there is no instance m_ref.
    OK, fair enough methinks, let me debug and see what's going on.
    Surprise: When I set a breakpoint in the SETUP method it all runs fine. Instances are instantiated and instance method tests execute successfully.
    So now I'm a bit stuck trying to investigate a problem that disappears everytime you look at it, a bit like trying to see if the light is off when the fridge is closed... Any ideas?
    Cheers,
    Mike
    Edit: Just to clarify, here's some code:
      method setup.
        m_ref = zcl_myclass=>get_instance( im_key = 'ABC' ).
        " when debugging m_ref is always instantiated and test runs successfully!
      endmethod.       "Setup
      method get_some_data.
        result = m_ref->get_some_data( ).
        " without breakpoint in the setup method, this fails because m_ref is not assigned
      endmethod.
    Edited by: Mike Pokraka on Jun 23, 2008 11:57 PM

    Never mind, found problem, schoolboy error:
    My class_setup method created test data but the update hadn't completed so my GET_INSTANCE failed in normal execution but worked in debug because of the associated delay. 'commit work' needed an 'and wait' and now it's happy.

  • Flash plugin on windows 7 teardown the TCP session immediately after successful SSL handshake

    I have a RHEL platform in which tomcat is listening on 443 port.
    Scope of Problem:
    With the latest flash plugin, i am experiencing issue with Firefox on SSL port on Windows platform.
    i.e.
    Everythig works fine on non-SSL mode on Firefox, Chrome, IE on Windows 7.
    Everythig works fine on SSL mode on Chrome, IE on Windows 7.
    Analysis from Wireshark Captures:
    I could see successful SSL handshake between firefox and my tomcat server.
    Immediately after the handshake, the client teared down the session by sending a FIN/ACK packet.
    Workaround:
    Install older version of the flash plugin on Firefox.
    Is there a non issue in SSL mode which is causing this issue?
    Wireshark Trace:
    Further observations:
    ===================
    We observed this problem on Flash 13.0.0.182 build.
    To debug this issue, we tried using the Flash debug image (13.0.0.182) and observed that the functionality is working.
    In the Flash debug image, Firefox started showing us a popup indicating untrusted certificate  "This page requires a secure connection which includes server authentication. The Certificate Issuer for this site is untrusted or unknown. Do you wish to proceed ? "
    If we click "yes", then the complete functionality works fine.
    Any clues/pointers, why the above popup is not coming in non-debug Flash image?

    I've had a similar problem since upgrading to Firefox 22 on Windows 7 x64. After resuming from hibernation, Firefox appears unresponsive; however, I believe it is a problem with redrawing the window. If I click to a different tab, nothing happens, but if I minimize Firefox and restore it, it now shows the new tab I switched to. If I have a video open and I click play, there is no visual change, but I hear the sound start. The normal functionality is resumed when closing Firefox and re-opening it.

  • Applet teardown by itself in af:popup in firefox3

    this only happens in firefox3 ,no problem in ie and chrome.
    and this issue really agonize me a lot. i really appreciate any help!!
    the code just like this:
    <af:popup id="popup" contentDelivery="lazyUncached">
    <af:panelWindow id="pw1">
    <f:verbatim >
    <applet height="50px" width="100px" archive="audio.jar"
    id="applet" name="applet" code="" codebase="" mayscript="true">
    <param name="test" value="111"/>
    </applet>
    </f:verbatim>
    </af:panelWindow>
    </af:popup>
    <af:commandImageLink text="pop" id="gil0" partialSubmit="true">
    <af:showPopupBehavior popupId="::popup" triggerType="click"/>
    </af:commandImageLink>
    after click the commandImageLink ,popup shows and applet starts, but in FF3, applet will be destroyed quickly. any ideal???
    thanks!!!

    in the Java console,it shows the applet is destroyed. no error trace found there.
    seems the space for applet in the UI disappears, then the applet instance is destroyed by java plugin.
    through firebug, there will be an uncaught js error thrown.
    uncaught exception: [Exception... "Component is not available"  nsresult:   "0x80040111 (NS_ERROR_NOT_AVAILABLE)"  location: "JS frame ::   http://127.0.0.1:7101/LTWeb/afr/partition/gecko/default/opt/boot-11.1.1.3.0-0084.js  :: anonymous :: line 4524"  data: no]
    this js exception is thrown from adf face internal js which is only for Mozilla based (gecko rendering engine) browsers.
    is this maybe a adf bug for firefox3?

  • CAPWAP teardown?

    Hi All,
    Need help to understand how the CAPWAP tunnel work when one in the bundled (group of 4) port from portchannel group was shutdown.
    Here's the logical diagram
    APs <-> Access Switch <-portchannel-> Distri Switch <-portchannel-> Core Switch <-portchannel-> WLC
    1 of 4 bundled uplink ports in portchannel shown in RED text was shutdown deliberately during this time the Prime Infra 1.3 reports that APs was disassociated from the controller and 1 minute later Prime Infra reports that the APs was now associated to the controller without touching any devices.
    Is this a normal behaviour of a CAPWAP? If not then, what should I do?
    Regards,
    Dave

    What is the load-balancing mechanism of your switch etherchannels ? "show etherchannel load-balance" should tells you this.
    If AP to WLC capwap traffic went through the interface you shutdown, then there is possibility your AP lost connectivity to WLC momentarily. But should not take that long to revert traffic to any other interfaces.
    You can do a test like this. Enable Telnet for one your AP (via WLC GUI : Wireless -> select your AP -> Advanced -> tick Telnet checkbox). Then telnet to AP & ping your WLC IP from there. Then shutdown one of your (out of 4)  your switch etherchannel interface & see whether you will see ping drops for short period of time). If packet drops see how many drops before getting the connectivity back.
    HTH
    Rasika
    **** Pls rate all useful responses ****

  • No ethernet in windows 7 on mac mini (late 2014)

    Hi.
    I bought the new mac mini and installed windows 7 64bit but no ethernet driver...
    any advice?

    From the same iFixit guide, this is your WiFi card...
    Broadcom BCM4360KML1G 5G WiFi 3-Stream 802.11ac Gigabit Transceiver
    You should look at the Bootcamp drivers, because they already have BMC43xx drivers which support 802.11n a/b/g/n/ac. The Late 2013 rMBP for example supports it.
    From the 2013 rMBP teardown...
    Apple's go-to provider of 802.11ac support is again at work. The Broadcom BCM4360 on this AirPort card enables operation on the 5 GHz band at speeds up to 1.3 Gbps.
    I suggest you try this.

  • I will PAYPAL 100 bucks to the person who can help me with 5510 issue

    Below is a on going chat i am having with a PIX expert... Can anyone see where the problem is when you read the message below???
    Cisco ASA 5510 configuration for host inside private network
    Question: We have a Citrix host behind a new 5510 that needs to be accessed by the public. I have tried to follow the examples on cisco.com but still continue to get errors. I KNOW I am missing something simple. I have taken out all my 'tries' and have basic config below with errors.
    I am new to PIX/ASA and would live some suggestions on the proper Access Group and corresponding ACL to get the 192.168.71.100/72.54.197.26 Citrix server to accept ssl from outside.
    ASA Version 7.0(8)
    interface Ethernet0/0
    description Outside interface to Cbeyond
    nameif OUTSIDE
    security-level 0
    ip address 72.54.197.28 255.255.255.248
    interface Ethernet0/1
    description Inside interface to internal network
    nameif INSIDE
    security-level 100
    ip address 192.168.72.2 255.255.255.0
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.71.2 255.255.255.0
    management-only
    object-group service Citrix1494 tcp
    port-object eq citrix-ica
    port-object eq www
    port-object eq https
    port-object range 445 447
    nat-control
    global (OUTSIDE) 1 interface
    nat (INSIDE) 1 0.0.0.0 0.0.0.0
    static (OUTSIDE,INSIDE) 192.168.72.100 72.54.197.26 netmask 255.255.255.255
    static (INSIDE,OUTSIDE) 72.54.197.26 192.168.72.100 netmask 255.255.255.255
    route OUTSIDE 0.0.0.0 0.0.0.0 72.54.197.25 100
    http server enable
    http 192.168.71.0 255.255.255.0 management
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
      inspect dns maximum-length 512
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
    Error Log:
    3|Apr 15 2011 21:06:07|305005: No translation group found for tcp src INSIDE:192.168.72.75/57508 dst OUTSIDE:72.54.197.26/443
    3|Apr 15 2011 21:06:01|305005: No translation group found for tcp src INSIDE:192.168.72.75/57508 dst OUTSIDE:72.54.197.26/443
    3|Apr 15 2011 21:05:58|305005: No translation group found for tcp src INSIDE:192.168.72.75/57508 dst OUTSIDE:72.54.197.26/443
    5|Apr 15 2011 21:05:42|111008: User 'root' executed the 'no access-list OUTSIDE_access_in extended permit tcp host 72.54.197.26 host 72.54.197.26' command.
    4|Apr 15 2011 21:05:20|106023: Deny tcp src OUTSIDE:114.38.58.208/2817 dst INSIDE:72.54.197.26/445 by access-group "OUTSIDE_access_in"
    4|Apr 15 2011 21:05:17|106023: Deny tcp src OUTSIDE:114.38.58.208/2817 dst INSIDE:72.54.197.26/445 by access-group "OUTSIDE_access_in"
    4|Apr 15 2011 21:04:37|106023: Deny tcp src OUTSIDE:221.1.220.185/12200 dst INSIDE:72.54.197.26/1080 by access-group "OUTSIDE_access_in"
    4|Apr 15 2011 21:03:50|106023: Deny tcp src OUTSIDE:32.141.52.12/1787 dst INSIDE:72.54.197.26/443 by access-group "OUTSIDE_access_in"
    4|Apr 15 2011 21:03:44|106023: Deny tcp src OUTSIDE:32.141.52.12/1787 dst INSIDE:72.54.197.26/443 by access-group "OUTSIDE_access_in"
    4|Apr 15 2011 21:03:41|106023: Deny tcp src OUTSIDE:32.141.52.12/1787 dst INSIDE:72.54.197.26/443 by access-group "OUTSIDE_access_in"
    4|Apr 15 2011 21:02:23|106023: Deny tcp src OUTSIDE:32.141.52.12/1785 dst INSIDE:72.54.197.26/443 by access-group "OUTSIDE_access_in"
    4|Apr 15 2011 21:02:17|106023: Deny tcp src OUTSIDE:32.141.52.12/1785 dst INSIDE:72.54.197.26/443 by access-group "OUTSIDE_access_in"
    4|Apr 15 2011 21:02:14|106023: Deny tcp src OUTSIDE:32.141.52.12/1785 dst INSIDE:72.54.197.26/443 by access-group "OUTSIDE_access_in"
    5|Apr 15 2011 21:01:56|111008: User 'root' executed the 'access-list OUTSIDE_access_in line 1 extended permit tcp host 72.54.197.26 host 72.54.197.26' command.
    6|Apr 15 2011 21:00:13|302013: Built outbound TCP connection 7173 for OUTSIDE:150.70.85.65/443 (150.70.85.65/443) to INSIDE:192.168.72.100/2959 (72.54.197.26/2959)
    6|Apr 15 2011 20:56:57|302016: Teardown UDP connection 7082 for OUTSIDE:72.54.197.26/137 to INSIDE:192.168.72.17/137 duration 0:02:01 bytes 62
    6|Apr 15 2011 20:55:19|302013: Built outbound TCP connection 7088 for OUTSIDE:184.85.253.178/80 (184.85.253.178/80) to INSIDE:192.168.72.100/2879 (72.54.197.26/2879)
    6|Apr 15 2011 20:55:19|302013: Built outbound TCP connection 7086 for OUTSIDE:74.125.159.147/80 (74.125.159.147/80) to INSIDE:192.168.72.100/2878 (72.54.197.26/2878)
    6|Apr 15 2011 20:54:55|302015: Built outbound UDP connection 7082 for OUTSIDE:72.54.197.26/137 (192.168.72.100/137) to INSIDE:192.168.72.17/137 (72.54.197.28/24)
    6|Apr 15 2011 20:54:17|302021: Teardown ICMP connection for faddr 10.160.68.225/0 gaddr 72.54.197.26/1 laddr 192.168.72.100/1
    6|Apr 15 2011 20:54:15|302020: Built outbound ICMP connection for faddr 10.160.68.225/0 gaddr 72.54.197.26/1 laddr 192.168.72.100/1
    6|Apr 15 2011 20:54:13|302021: Teardown ICMP connection for faddr 172.28.16.2/0 gaddr 72.54.197.26/1 laddr 192.168.72.100/1
    6|Apr 15 2011 20:54:12|302013: Built outbound TCP connection 7074 for OUTSIDE:199.7.52.190/80 (199.7.52.190/80) to INSIDE:192.168.72.100/2815 (72.54.197.26/2815)
    6|Apr 15 2011 20:54:12|302013: Built outbound TCP connection 7073 for OUTSIDE:199.7.55.72/80 (199.7.55.72/80) to INSIDE:192.168.72.100/2813 (72.54.197.26/2813)
    6|Apr 15 2011 20:54:12|302013: Built outbound TCP connection 7072 for OUTSIDE:199.7.55.72/80 (199.7.55.72/80) to INSIDE:192.168.72.100/2812 (72.54.197.26/2812)
    6|Apr 15 2011 20:54:12|302013: Built outbound TCP connection 7071 for OUTSIDE:199.7.52.190/80 (199.7.52.190/80) to INSIDE:192.168.72.100/2811 (72.54.197.26/2811)
    6|Apr 15 2011 20:54:12|302013: Built outbound TCP connection 7070 for OUTSIDE:184.85.253.19/80 (184.85.253.19/80) to INSIDE:192.168.72.100/2810 (72.54.197.26/2810)
    3|Apr 15 2011 20:54:12|106014: Deny inbound icmp src OUTSIDE:172.28.16.2 dst INSIDE:72.54.197.26 (type 0, code 0)
    6|Apr 15 2011 20:54:11|302020: Built outbound ICMP connection for faddr 172.28.16.2/0 gaddr 72.54.197.26/1 laddr 192.168.72.100/1
    6|Apr 15 2011 20:54:10|302013: Built outbound TCP connection 7063 for OUTSIDE:64.4.18.90/80 (64.4.18.90/80) to INSIDE:192.168.72.100/2809 (72.54.197.26/2809)
    3|Apr 15 2011 20:52:17|305005: No translation group found for tcp src INSIDE:192.168.72.75/56624 dst OUTSIDE:72.54.197.26/443
    3|Apr 15 2011 20:52:11|305005: No translation group found for tcp src INSIDE:192.168.72.75/56624 dst OUTSIDE:72.54.197.26/443
    3|Apr 15 2011 20:52:08|305005: No translation group found for tcp src INSIDE:192.168.72.75/56624 dst OUTSIDE:72.54.197.26/443
    2|Apr 15 2011 20:50:02|106001: Inbound TCP connection denied from 187.28.118.35/1973 to 72.54.197.26/445 flags SYN  on interface OUTSIDE
    2|Apr 15 2011 20:49:59|106001: Inbound TCP connection denied from 187.28.118.35/1973 to 72.54.197.26/445 flags SYN  on interface OUTSIDE
    2|Apr 15 2011 20:49:58|106001: Inbound TCP connection denied from 184.27.73.83/443 to 72.54.197.26/60784 flags RST  on interface OUTSIDE
    2|Apr 15 2011 20:49:58|106001: Inbound TCP connection denied from 184.27.73.83/443 to 72.54.197.26/60783 flags RST  on interface OUTSIDE
    2|Apr 15 2011 20:49:58|106001: Inbound TCP connection denied from 184.27.73.83/443 to 72.54.197.26/60781 flags RST  on interface OUTSIDE
    2|Apr 15 2011 20:49:58|106001: Inbound TCP connection denied from 184.27.73.83/443 to 72.54.197.26/60782 flags RST  on interface OUTSIDE
    2|Apr 15 2011 20:49:58|106001: Inbound TCP connection denied from 184.27.73.83/443 to 72.54.197.26/60779 flags RST  on interface OUTSIDE
    2|Apr 15 2011 20:49:58|106001: Inbound TCP connection denied from 184.27.73.83/443 to 72.54.197.26/60785 flags RST  on interface OUTSIDE
    2|Apr 15 2011 20:49:35|106001: Inbound TCP connection denied from 217.10.43.52/1486 to 72.54.197.26/445 flags SYN  on interface OUTSIDE
    2|Apr 15 2011 20:49:32|106001: Inbound TCP connection denied from 217.10.43.52/1486 to 72.54.197.26/445 flags SYN  on interface OUTSIDE
    3|Apr 15 2011 20:48:17|305005: No translation group found for tcp src INSIDE:192.168.72.97/55593 dst OUTSIDE:72.54.197.26/443
    3|Apr 15 2011 20:48:11|305005: No translation group found for tcp src INSIDE:192.168.72.97/55593 dst OUTSIDE:72.54.197.26/443
    3|Apr 15 2011 20:48:08|305005: No translation group found for tcp src INSIDE:192.168.72.97/55593 dst OUTSIDE:72.54.197.26/443
    THANKS!!
    Reply.................................
    ok do this:
    no static (OUTSIDE,INSIDE) 192.168.72.100 72.54.197.26 netmask 255.255.255.255
    clear xlate
    access-list Outside-ACL extended permit tcp any host 72.54.197.26 object-group Citrix1494
    access-group Outside-ACL in interface OUTSIDE
    That should do it for you..
    /M_4911140.html
    Reply........................
    kenboonejr:
    Your reverse static needs to be taken out. then you need to do a "clear xlate" command.  do that and post your config again and let me see it.  I'll be standing by.
    /M_6253131.html
    Was this comment helpful?
    Yes No
    charlietaylor:
    ASA Version 7.0(8)
    hostname 5510
    domain-name xxxxx
    enable password xxxxx encrypted
    passwd xxxxx encrypted
    names
    dns-guard
    interface Ethernet0/0
    description Outside interface to Cbeyond
    nameif OUTSIDE
    security-level 0
    ip address 72.54.197.28 255.255.255.248
    interface Ethernet0/1
    description Inside interface to internal network
    nameif INSIDE
    security-level 100
    ip address 192.168.72.2 255.255.255.0
    interface Ethernet0/2
    shutdown
    no nameif
    no security-level
    no ip address
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.71.2 255.255.255.0
    management-only
    banner exec xxxxx
    banner login VPN firewall/router
    ftp mode passive
    clock timezone CST -6
    clock summer-time CDT recurring 1 Sun Apr 2:00 last Sun Oct 2:00
    dns domain-lookup INSIDE
    dns name-server 66.180.96.12
    dns name-server 64.180.96.12
    object-group service Citrix1494 tcp
    port-object eq citrix-ica
    port-object eq www
    port-object eq https
    port-object range 445 447
    access-list Outside-ACL extended permit tcp any host 72.54.197.26 object-group C
    itrix1494
    pager lines 24
    logging enable
    logging asdm informational
    logging mail critical
    logging from-address xxxxx
    mtu OUTSIDE 1500
    mtu INSIDE 1500
    mtu management 1500
    asdm image disk0:/asdm-508.bin
    no asdm history enable
    arp timeout 14400
    nat-control
    global (OUTSIDE) 1 interface
    nat (INSIDE) 1 0.0.0.0 0.0.0.0
    static (INSIDE,OUTSIDE) 72.54.197.26 192.168.72.100 netmask 255.255.255.255
    access-group Outside-ACL in interface OUTSIDE
    route OUTSIDE 0.0.0.0 0.0.0.0 72.54.197.25 100
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
    timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
    timeout uauth 0:05:00 absolute
    username root password xxxxxx encrypted privilege 15
    http server enable
    http 192.168.71.0 255.255.255.0 management
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    crypto ipsec security-association lifetime seconds 28800
    crypto ipsec security-association lifetime kilobytes 4608000
    telnet 192.168.72.0 255.255.255.0 management
    telnet 192.168.73.0 255.255.255.0 management
    telnet 192.168.71.0 255.255.255.0 management
    telnet timeout 5
    ssh timeout 5
    console timeout 0
    dhcpd address 192.168.71.3-192.168.71.254 management
    dhcpd dns 66.180.96.12 64.180.96.12
    dhcpd lease 3600
    dhcpd ping_timeout 50
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
      inspect dns maximum-length 512
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny
      inspect sunrpc
      inspect xdmcp
      inspect sip
      inspect netbios
      inspect tftp
    service-policy global_policy global
    smtp-server 66.180.96.57
    Cryptochecksum:472013675a200d36e6155c03238fa05c
    : end
    [OK]
    5510#
    Was this comment helpful?
    Yes No
    kenboonejr:
    Ok so at this point if you issues a clear xlate command that would have flushed the translation table and citrix should be able to get out with the current configuration.  If it can't post the logs for it..  This is the right config for what you want to do.
    Was this comment helpful?
    Yes No
    charlietaylor:
    Did that, no connections. Here is what the log says with the config above right after I cle xlate and try to connect from outside.....
    6|Apr 21 2011 12:40:44|302014: Teardown TCP connection 8954 for OUTSIDE:74.125.159.105/80 to INSIDE:192.168.72.100/57140 duration 0:00:30 bytes 0 SYN Timeout
    6|Apr 21 2011 12:40:43|302013: Built outbound TCP connection 9079 for OUTSIDE:74.125.159.105/80 (74.125.159.105/80) to INSIDE:192.168.72.100/57142 (72.54.197.26/57142)
    6|Apr 21 2011 12:40:14|302013: Built outbound TCP connection 8954 for OUTSIDE:74.125.159.105/80 (74.125.159.105/80) to INSIDE:192.168.72.100/57140 (72.54.197.26/57140)
    6|Apr 21 2011 12:40:13|302014: Teardown TCP connection 8618 for OUTSIDE:74.125.159.105/80 to INSIDE:192.168.72.100/57134 duration 0:00:30 bytes 0 SYN Timeout
    6|Apr 21 2011 12:39:43|302013: Built outbound TCP connection 8618 for OUTSIDE:74.125.159.105/80 (74.125.159.105/80) to INSIDE:192.168.72.100/57134 (72.54.197.26/57134)
    6|Apr 21 2011 12:39:35|302014: Teardown TCP connection 8369 for OUTSIDE:74.125.159.105/80 to INSIDE:192.168.72.100/57129 duration 0:00:30 bytes 0 SYN Timeout
    AND....
    Citrix server can not even get out to internet, here is the logs say when you try to open a browser.....
    6|Apr 21 2011 12:39:05|302013: Built outbound TCP connection 8369 for OUTSIDE:74.125.159.105/80 (74.125.159.105/80) to INSIDE:192.168.72.100/57129 (72.54.197.26/57129)
    6|Apr 21 2011 12:38:55|302014: Teardown TCP connection 8227 for OUTSIDE:74.125.159.99/80 to INSIDE:192.168.72.100/57121 duration 0:00:30 bytes 0 SYN Timeout
    6|Apr 21 2011 12:38:25|302013: Built outbound TCP connection 8227 for OUTSIDE:74.125.159.99/80 (74.125.159.99/80) to INSIDE:192.168.72.100/57121 (72.54.197.26/57121)
    6|Apr 21 2011 12:37:36|302014: Teardown TCP connection 7667 for OUTSIDE:216.52.233.134/443 to INSIDE:192.168.72.100/57108 duration 0:00:30 bytes 0 SYN Timeout
    6|Apr 21 2011 12:37:32|302014: Teardown TCP connection 7568 for OUTSIDE:74.125.159.99/80 to INSIDE:192.168.72.100/57107 duration 0:00:30 bytes 0 SYN Timeout
    Was this comment helpful?
    Yes No
    kenboonejr:
    ok so firewall is showing the rules for the inbound stuff working, but the citrix server is not responding that is why you are getting a SYN timeout.
    Does your citrix box have multiple IP addresses or multiple NICs?
    What is the default gateway on the citrix box.
    I can guarantee you that the config is good.
    The logs show sessions getting created - not blocked so its not the firewall causing the problem.  Something else is not quite right.
    Rank: Sage
    Was this comment helpful?
    Yes No
    kenboonejr:
    From the ASA can you ping the real ip address of the citix server?
    /M_6253131.html
    Was this comment helpful?
    Yes No
    charlietaylor:
    This network is in production. CurrentIy have a cheesy Lynksys router (the only thing it does is NAT for Citrix) and a "Transistion" throwdown firewall with two simple rules that allow all and allow outside to Citrix.
    The Citrix has one nic with default gatewway same as all other devices on network (72.2) and goes out just fine until I cut over to 5510. Then is can not get out. (and yes, all other equipment is turned off and the switches are power cycled afer I power up 5510 to make sure I am not having switch arp issues)
    The Citrix is in use 24/7 by remote users so I can't switch back and forth. (especialy during day when everybody goes out to Inet via this unit or the cheesy gear I am replacing)
    I see the connections too but it connects for half a second and sends 0 bytes..... hmmmm
    /M_4911140.htmlRank: Sage
    Was this comment helpful?
    Yes No
    kenboonejr:
    you are having arp issues with the citrix box i would think.
    so once you cutover to the ASA .. can you ping the citrix box from the ASA?
    The citrix arp table still shows the mac address of the linksys 72.2 interface is my guess and you would need to flush the arp table on the citrix server.
    Also, how does the internet connect.  Is it straight to the linksys router?  Is this cable, DSL or T1 to a provider router or what.  There is a router on the outside of the ASA of some sort.  It could be that that devices still has the mac address of public side MAC address of the citrix box in its ARP table.  Most likely that needs a reboot as well to flush its ARP table.  I would bet on it.
    I have been working on Cisco firewall since before Cisco bought the PIX.  I can assure the config is good without that reverse static.
    /M_6253131.html
    Was this comment helpful?
    Yes No
    charlietaylor:
    OK... but if it is an ARP issue would the 5510 still get the info that it is in the logs?
    I mean, if packets were headed to another port why am I seeing SCR/DES info in the logs?
    /M_6253131.html
    Was this comment helpful?
    Yes No
    charlietaylor:
    AND... I REALLY apperciate all your help!
    /M_4911140.htmlRank: Sage
    Was this comment helpful?
    Yes No
    kenboonejr:
    you got a point there.  Here is what I know.  When you try to access it from the outside... the citrix doesn't respond.  So could it be at that point the citrix box has the old arp entry for the linksys? so the packets aren't getting back.
    So if you cut over. start everything fresh.  turn off linksys.  reboot ISP router/device.  flush arp table on citrix.  Then ping the citrix box from the ASA.  If that works then try the connection from the outside.  How are you connecting to the outside?  Are you at a different location or are you on a mobile broadband card or what?
    Was this comment helpful?
    Yes No
    charlietaylor:
    I am physically sitting on the network. I am trying access from outside on my broadband card that is known to connect.
    Their office is closed tomorrow and I am getting access to come in and powercycle every single device. I will then first try to ping Citrix from ASA and move downstream like you suggest.
    Thanks again, I really do hope it is a ARP issue in a device I did not reload. (the ACTELIS ISP box and actual Citrix server)
    I will let you know.
    Was this comment helpful?
    Yes No
    charlietaylor:
    reboot of every device in the network did not change anything
    /M_6253131.html
    Was this comment helpful?
    Yes No
    charlietaylor:
    the ASA can ping the citrix server
    /M_777876.html
    Was this comment helpful?
    Yes No
    slamjam2000:
    From your config, I don't see a route to the inside... 
    The only route on the ASA is to the outside:
    route OUTSIDE 0.0.0.0 0.0.0.0 72.54.197.25 100
    Was this comment helpful?
    Yes No
    charlietaylor:
    so what are you suggesting?

    solved

Maybe you are looking for

  • How to get refund of any purchase?, How to get refund of any purchase?, How to get refund of any purchase?

    How to get refund of any purchase?, How to get refund of any purchase?, How to get refund of any purchase?

  • Acrobat 7 Pro - How to disable prompt for filename?

    I have a Windows XP Pro SP3 system with Office 2003 Pro and Visio 2002 Pro installed. I have an Access database that creates Visio 2002 files within the application. Within the Access database, i have the ability to print a single or multiple visio f

  • Kernel Task RAM Usage

    I'm just wondering what's up with the RAM usage on my macbook. Right when I start up 500MB of RAM is being used (wired and active), 100MB of it being the kernel task. After a typical session of use, I close all programs and find that the RAM usage is

  • HT1222 where can I download iOS 4.3.5

    Hi, My iphone (3GS) insists that I need to upgrade my iOS in order to download some apps such Facebook. Can anyone tell me from where can I download it? Is downloading it will erase my current info in the iphone (3gs)? Thanks,

  • How do I loop external audio files?

    I would like to have an external file (actually, one of several randomly selected files, but I can handle that) play and loop but I have yet to understand how to do the latter.  My code works great for playing the file through one time, but when play