Turning on checkpoint. in 8.1.6
I need a help here.I am trying to turn on checkpoint to help my LGWR but i can't find checkpoint inthe pfile.Somebody help please.
thanks
According to Oracle Error Message, action for TNS-12500 is that Check the Listener.ORA is properly been set with the Oracle Environment if not make it and stop and start the Oracle and Listener too. If we faced and we did the above and it was working perfect.
Similar Messages
-
i need help. every time i turn on my laptop an error message pops up: the procedure entry point sqlite_wao -checkpoint could not be located in the dynamic link library SQLite3.dlll HOW DO I FIX THIS?
Hi whatsthe77,
Welcome to Apple Support Communities.
You may want to follow the steps in this article to reinstall iTunes:
Removing and reinstalling iTunes, QuickTime, and other software components for Windows Vista or Windows 7
http://support.apple.com/kb/HT1923
Have a great day,
Jeremy -
On my computer when I turn it on I get this response - entry point squilt3-wal-checkpoint couldnot be located in the dynanamic SQLite3.dll.
Thahks for any helpHi whatsthe77,
Welcome to Apple Support Communities.
You may want to follow the steps in this article to reinstall iTunes:
Removing and reinstalling iTunes, QuickTime, and other software components for Windows Vista or Windows 7
http://support.apple.com/kb/HT1923
Have a great day,
Jeremy -
DB Recovery takes a long time even after checkpointing
We observe that DB recovery takes a long time after application recovery even if we keep doing checkpoints at frequent(30 secs) intervals. These are the parameters that we use to open the environment:
env_flags =
DB_CREATE | /* Create the environment if it does not exist */
DB_RECOVER | /* Run normal recovery. */
DB_INIT_LOCK | /* Initialize the locking subsystem */
DB_INIT_LOG | /* Initialize the logging subsystem */
DB_INIT_TXN | /* Initialize the transactional subsystem. This
* also turns on logging. */
DB_INIT_MPOOL | /* Initialize the memory pool (in-memory cache) */
DB_THREAD | /* Cause the environment to be free-threaded */
DB_REGISTER |
DB_INIT_REP | /* Cause the environment to be replicated */
DB_SYSTEM_MEM ;
Our understanding was that recovery time should be proportional to the checkpoint interval. Can anyone please give some insights into what might be happening and how the recovery process works. It seems like DB is going back far in time while traversing the logs. We do not remove any log files as part of our regular process flows.
Secondly, we observe that recovery times increase proportionately with the size of our database even with checkpointing. Any insights into this are also welcome.
We are using DB 4.7.25 C API on HP-UX 11i.try to burn recovery dvds and use it.
also perform disk check.
http://support.microsoft.com/kb/315265 -
Mac OS Server Open Directory Will Not Turn On
Yesterday I got the server application for Mac OS Mountain Lion. This is my first time working with apple server software and when I try to turn on Open Directory it says:
An Error occured on the server while processing a command.
The error occurred while processing a command of type 'setState' in plug-in 'servermgr_dirserv'.
I am not sure what is causing this. I am running the server on a 2010 iMac with Mountain Lion installed and I couldn't find any answers online. Any help would be much appriciated.
Edit: I would be willing to reinstall the server software and reset settings for it if I have to. (I just don't know how)Thanks _Franck_!
I had to do a few more steps than and modify the recover command based on info from Case #2 - http://www.iredmail.org/forum/topic3694-iredmail-support-power-cut-ldap-dont-sta rt.html
1. check if this is the problem
$ sudo /usr/libexec/slapd -Tt
>> bdb_db_open: database "cn=authdata": db_open(/var/db/openldap/authdata/id2entry.bdb) failed: Invalid argument (22).
2. Stop LDAP on OD Master
$ sudo launchctl unload /System/Library/LaunchDaemons/org.openldap.slapd.plist
3. Repair Permissions
$ diskutil repairPermissions /
4. backup openldap db
$ sudo cp /var/db/openldap/authdata/id2entry.bdb /var/db/openldap/authdata/id2entry.bdb.backup
5. repair
$ sudo db_recover -cv -h /var/db/openldap/openldap-data/
>> Recovery complete at Thu Jun 6 11:01:35 2013
>> Maximum transaction ID 8000060e Recovery checkpoint [2][6589846]
6. run repair again to check
$ sudo db_recover -cv -h /var/db/openldap/openldap-data/
>> Finding last valid log LSN: file: 2 offset 6589938
>> Recovery starting from [1][28]
>> Recovery complete at Thu Jun 6 11:02:32 2013
>> Maximum transaction ID 8000060e Recovery checkpoint [2][6589938]
7. double check if things were repaired correctly
$ sudo /usr/libexec/slapd -Tt
>> bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
config file testing succeeded
8. restart the service
$ sudo launchctl load /System/Library/LaunchDaemons/org.openldap.slapd.plist -
Turn Photoshop into Corel PHOTO-PAINT
At the request of a couple of Photoshop enthusiasts in these forums, they thought I should post this feature request.
In a previous discussion, harry teasley wrote:
May I suggest a single suggestion, "Turn Photoshop into Corel Photo-Paint"?
In a previous discussion, Reynolds (Mark) wrote:
[I] agree with Harry's…
May I suggest a single suggestion, "Turn Photoshop into Corel Photo-Paint"?
In support of Harry Teasley and Mark Reynolds, I have created these lists of features included in both packages, that if not ignored might win over some Corel PHOTO-PAINT fans. Not that Adobe Photoshop is hurting for more customer base, but you get the idea. Oh! And none of these suggestions would remove any of Photoshop's existing functionality!
Here's a list of features that Corel PHOTO-PAINT has that Adobe Photoshop does NOT (as far as I know):
Mouse wheel zoom snaps to 100%.
Zoom tool actually zooms to selection bounds, even if it's greater than the document's bounds.
Cutting, copying, pasting and deleting selected layers.
File >> New From Clipboard.
Renaming menu bar commands and moving/copying them around at will.
Mapping arrow keys to keyboard shortcuts (CTRL+up and CTRL+down are my favorite)
Interactive Object Transparency Tool (wineglass tool).
Swatches panel width @ 1 swatch wide.
Ability to have larger swatches.
Click and hold on a swatch to see warmer, cooler, darker and lighter versions of that swatch.
Clicking a layer in the document to toggle between transform, rotate, warp and perspective.
If you select a layer, perform a single action on that layer, and undo that action, PP doesn't select the previous layer you had selected.
Checkpoints.
Reasonable price.
And here's a list that neither Photoshop or Corel PHOTO-PAINT has (as far as I know):
Creating new menu bar commands (wherever you want them) and assigning scripts to them.
Mouse wheel zoom does not maintain position when zooming way out and back in.
Brush strokes are not natural like Corel Painter and have a "skip rock" side-effect to them (yes, even with spacing set to 1 and smoothing checked).
Adding an alpha channel to the standard color picker.
Fully supported PNG alpha (even Photoshop creates artifacting that I've only seen present itself in Maya, but Pixelformer fixes the problem and saves the PNG appropriately). (more info)
Granted, there are a couple of features that Photoshop has, even from a Corel PHOTO-PAINT-biased standpoint, that I find extremely beneficial!
The first opened or newly-created document opens maximized (small thing, but very handy).
Vector shapes (though, still not truly vector).
Layer effects (and the drop shadows are flawless).
The healing brush! Just awesome!
I'm sure there are a multitude of other features within Adobe Photoshop that I will grow to love, but these are the ones that stick out to me now, after having been forced to use Photoshop over the last couple years.
And I don't steal software either, so that's part of the reason I've grown up using Corel's products.He was trying to argue that Photoshop had a more reasonable price with Elements.
I was only pointing out that Corel also has a cheaper alternative to PHOTO-PAINT. In fact, you can't even BUY PHOTO-PAINT solo. You have to buy the entire Graphics Suite.
This wasn't always the case, however. -
FAST_START_MTTR_TARGET and checkpoint
DB version : 11.2
If I set
FAST_START_MTTR_TARGET=0
LOG_CHECKPOINT_INTERVAL=0
LOG_CHECKPOINT_TIMEOUT=1800Then how often does checkpoint occurs ? -- ignoring Manual log switch and ALTER SYSTEM CHECKPOINT commandTeslaMan wrote:
DB version : 11.2
If I set
FAST_START_MTTR_TARGET=0
LOG_CHECKPOINT_INTERVAL=0
LOG_CHECKPOINT_TIMEOUT=1800Then how often does checkpoint occurs ? -- ignoring Manual log switch and ALTER SYSTEM CHECKPOINT commandThese parameter affects the checkpoints, but if you are thinking that why checkpoint occurs when I am having above setting then, you are bit confused, because happening of checkpoint is another thing and having the values of the above parameter is different. When your current redo log becomes full, then there will be logswitch and logswitch is the cause of checkpoint. Checkpoint automatically occurs at a log switch.
Now if the question is why there is so much log switch, then simple answer is generation of more redo, more transactions. Further question turns into different direction that why there is more redo generation and its answer is far away from this current one.
Regards
Girish Sharma -
Checkpoint VPN-1 SecureClient for OS X 10.5 (leopard) - won't install
I'm trying to install the 03/2008 release of CheckPoint VPN-1 SecureClient for 10.5 (I have 10.5.5). The install fires up, works just fine, and says it was successful, and asks for a reboot. The reboot works, but the application is not installed: nothing in the Applications (it is supposed to be under Applications/Check Point).
There were many problems with the early-access versions of this product (it caused my system to completely hang on boot-up), but I have a couple of co-workers that are successfully using the 03/2008 released version.
Anyone else have this problem?I FIXED THIS successfully on three staff members' Mac Book Pro computers after many many headaches.
Before you do anything, run the 10.5.6 update, and any security updates that there are.
1. Uninstall Secure Client (If you have it on your machine) using the uninstaller. If it cannot be uninstalled using the uninstaller, delete the "Check Point VPN-1 SecureClient" directory in the Applications folder. Also delete the "SecureClient" shortcut in the Applications folder. VERY IMPORTANT: Also delete the "opt" folder in the root of your OS Drive. EMPTY THE TRASH.
2. Restart in Safe Boot by holding the "shift" key until you see the spinning pinweel below the Apple on the gray boot screen.
3. Follow the instructions posted by Electric Cat:
"+1. Open the terminal+
+2. Navigate to the directory containing the SecureClient installation package with the cd and ls commands+
+3. Type cd followed with the full name of the unzipped package and hit Return. For the orignal package, the command will be cd SecureClientB6340000311.pkg.+
+The Mac will enter the package just as to the directory (this IS a directory, actually)+
+4. Type cd Contents/Resources+
+5. Type sudo ./postinstall, keeping all periods and slashes. The Mac will ask you for the root password. Enter it+
+6. The installation will succeed in the console mode."+
4. Restart in Safe boot.
5. Delete the "Check Point VPN-1 SecureClient" directory in the Applications folder. Also delete the "SecureClient" shortcut in the Applications folder. VERY IMPORTANT: Also delete the "opt" folder in the root of your OS Drive. EMPTY THE TRASH.
6. Navigate to "Library/Receipts" and delete any Secure Client Packages that are there and empty the trash. THIS IS CRITICAL.
7. Restart in Safe Boot.
8. Run the "SecureClientB6340000311.pkg" file.
9. Reboot in regular mode - MAKE SURE YOU'RE UNPLUGGED FROM ANY NETWORK.
10. Do not connect to AirPort. If AirPort is set to automatically connect, turn it off and reboot.
11. Upon reboot, Secure Client should appear in the top menu bar. If it doesn't appear, check to see if it installed into the Applications folder. If it didn't install repeat entire process. (One thing I've found about Secure Client, is that there is no rhyme or reason to its bugs).
12. Connect to airport.
13. Configure Secure Client.
Praise Allah. -
ALTER TABLESPACE "USERS" OFFLINE NORMAL; takes a checkpoint
I have an Oracle 10g database. I am trying to go back to a state when I created a physical copy of datafiles in the USERS tablespace. I use the procedure described in http://www.stanford.edu/dept/itss/docs/oracle/10g/server.101/b10734/osrecov.htm#1007495 to bring the files from a backup directory to the datafiles directory.
The commands I issue are:
ALTER TABLESPACE "USERS" OFFLINE NORMAL;
--copy physical datafiles from backup
ALTER DATABASE RECOVER TABLESPACE "USERS";
ALTER TABLESPACE "USERS" ONLINE;
I was expecting to see data from my old backup files, but it turnes out that OFFLINE NORMAL takes a checkpoint and restores the latest content.
I tried to use OFFLINE IMMEDIATE, but I cannot do it because my database is in NOARCHIVELOG mode.
Is there another simple way to bring data back from those datafiles?your database is in the no archive log mode right... if the backups contain 1000 records and the current content in the tablespace 100 records...
then the only thing that you can do is if u have a complete database backup that you have taken at the time containing 1000 records.
i think you can use these backups as the database is in the noarchivelog mode. build an auxiliary instance restore all the data files control files and the startup to mount stage create the redo log file and then open the database.
export the table containing the 1000 records and then reimport into the current database..
i think that this procedure might work... -
Checkpoint/Restore In Userspace
http://en.wikipedia.org/wiki/CRIU:
Checkpoint/Restore In Userspace, or CRIU, is a software tool for Linux operating system. Using this tool, you can freeze a running application (or part of it) and checkpoint it to a hard drive as a collection of files. You can then use the files to restore and run the application from the point it was frozen at. The distinctive feature of the CRIU project is that it is mainly implemented in user space.
Are there any chances that http://criu.org/Installation requirements for kernel configuration options would be satisfied in the default archlinux kernel? It require the following parameters to be turned on:
CONFIG_CHECKPOINT_RESTORE
CONFIG_UNIX_DIAG
CONFIG_INET_DIAG
CONFIG_PACKET_DIAG (looks like this one is still not in vanilla, but it is not very important though)Why not check it ? I am not on my arch box, but it is simply
zcat /proc/config.gz
and look for those parameters.
cheers
Last edited by cybertorture (2012-10-17 12:51:05) -
Motive of checkpoint and SCN using with DBWr and LOGWr processes ??
What checkpoint has to do with log writer process i am not getting exactly ?..
Like see i fire 1 update query and apparently it is generating some redo blocks which in turn will come to my redo log files now in tihs whole cycle where the checkpoint will occur and why??
1)My update query
2) take locks
3)generate redo
4)generate undo
5)Blocks are modified but they are still in redo log buffer...
now this blocks eventually comes to redo log files in this whole way where check pointing take place and why??
checkpoint also takes place when Datablocks are flushed to datafiles again the same reason why??
Same way around the same question the what checkpointing has to do with DBWr process also i am not clear...
Apart from this whole picture SCN is generated when user issue comitts..and we can say SCN can be used to identify that transaction is committed or not.?
So what is the motive of SCN to update in Control file...MAy b to get the latest transaction committed..??
Sorry one thread with so much questionss..but this all things are creating a fuzzy picture i want to make it clear thnx for your help in advance ..
I read documentation but they havent mentioned in depth for checkpointing..??
THANKS
Kamesh
Edited by: 851733 on Apr 12, 2011 7:57 AM851733 wrote:
What checkpoint has to do with log writer process i am not getting exactly ?..And where exactly did you read that it has anything to do with it? How did you come up to the relation anyways? The time checkpointing would come into the play with the log files would be when there would be a log switch and this would induce a checkpoint, causing/triggering the DBWR to write the dirty buffers to the datafile and allowing the redo log group to be reused. That's about it.
Like see i fire 1 update query and apparently it is generating some redo blocks which in turn will come to my redo log files now in tihs whole cycle where the checkpoint will occur and why??
1)My update query
2) take locks
3)generate redo
4)generate undo
5)Blocks are modified but they are still in redo log buffer...
now this blocks eventually comes to redo log files in this whole way where check pointing take place and why??Read my reply above, at the time of writing the change vectors in the log file, there won't be any checkpointing coming into the picture.
checkpoint also takes place when Datablocks are flushed to datafiles again the same reason why??Wrong, the checkpoint event would make the dirty buffers written to the dataflile. Please spend some time reading the Backup and Recovery guide and in that, instance recovery section. In order to make sure that there wont be much time spent in the subsequent instance recovery, it would be required to move the dirty buffers periodically to the data file. THis would be caused by the incremental checkpoint . Doing so would constantly write the content out of the buffer cache thus leaving few buffers only as the candidate for the recovery in the case of the instance crash.
Same way around the same question the what checkpointing has to do with DBWr process also i am not clear...Read the oracle documentation's Concept guide again and again as long as it doesn't start getting in sync in with you(and it may take time). One of the events , when DBWR writes , is the occurance of the Checkpoint. Whenever there would be a checkpoint, the DBWR would be triggered to write the buffers (dirty) to the datafile.
Apart from this whole picture SCN is generated when user issue comitts..and we can say SCN can be used to identify that transaction is committed or not.? Not precisely since there would be a SCN always there , even when you query , for that too. But yes, with the commit, there would be a commit SCN that would be generated including a commit flag entered in the redo stream telling that the transaction is finally committed. The same entry would be updated in the transcation table as well mentioning that the tranaction is committed and is now over.
So what is the motive of SCN to update in Control file...MAy b to get the latest transaction committed..??Where did you read it?
Sorry one thread with so much questionss..but this all things are creating a fuzzy picture i want to make it clear thnx for your help in advance ..
I read documentation but they havent mentioned in depth for checkpointing..??
Read the book, Expert one on one by Tom Kyte and also, from documentation, version 11.2's Concept guide. These two would be more than enough to get the basics correct.
HTH
Aman.... -
Deleting Checkpoint subtree in Hyper-V started merge on live machine
Background:
Physical Host: Windows Server 2012 R2
Virtual Machine: Windows Server 2012 R2
I've been reading online about the fact that you need to delete snapshots/checkpoints for performance rather than leave them lingering forever. Sadly what little information I've found online seems to be inaccurate. Some people say delete the checkpoint
then power off the machine. Others say Delete the checkpoint subtree and then SHUT DOWN the machine, not power off.
While the latter seems to be more accurate than other blogs I've read, it still didn't seem to be entirely accurate. Deleting the subtree seemed to start the merge before I even had a chance to shut the VM down. I saw the status in the Hyper-V virtual machines
pane and it immediately started merging.
It appears to have worked out fine, but I am curious if this is normal. I am wondering if the blogs I read are specific to older versions of Hyper-V (2008), as they don't quite have a date or other indicator on the blogs.2008 you had to shut down (or turn off) the VM to start the merge process. Change was made in 2012 to start the merge process without shutting down the VM.
. : | : . : | : . tim -
ARP table clash with checkpoint and ASA firewal issue
We are migrating DMZ segments from a checkpoint to a ASA 5585 firewall that we had connected to the same segments as the Checkpoint except on different IP addresses then the checkpoint interfaces. The Checkpoint interfaces are the default gateway for the servers. When I implemented the NATs entries below we experienced an arp table clash with the checkpoint and ASA firewall on the local segments that caused a application outage. What was determined was that the checkpoint firewall was showing that all the IP addresses in particular on vlan130 segment was associating the MAC address of the ASA interface instead of the real sever MAC address. I need assistance understanding the reason why the Checkpoint was pointing the ARP entries for many different address on VLAN130 to the ASA firewall MAC?
nat (any,internet-outside) source static any any destination static isxh2007_Xlate_167.9.6.21 isxh2007_10.121.201.86 unidirectional description To match chkpt NAT rule #5
nat (VLAN130,internet-outside) source static ISX_EDI_Hosts isxh2008_Xlat_167.9.6.22 unidirectional
nat (any,internet-outside) source static Private-Addresses ISX_OUTBOUND_NAT_167.9.6.1 destination static external_167.9.x external_167.9.x unidirectional
nat (any,any) source static Mars-Internal-All Mars-Internal-All destination static Private-Addresses Private-Addresses
nat (internet-dmz,internet-outside) source static acs-vmww2419.mars-ad.net acs-vmww2419_xlate_167.9.6.23
nat (internet-dmz,internet-outside) source static acs_vmww2420 acs_vmww2420_xlate_167.9.6.24
nat (internet-dmz,internet-outside) source static pass_reset_internal_10.121.201.50 pass_reset_external_167.9.6.25
nat (internet-dmz,internet-outside) source static HE-Portal-poland_10.121.120.10 ext_HE-Portal-poland_167.9.6.26
nat (any,internet-outside) source dynamic any ISX_OUTBOUND_NAT_167.9.6.1
isxasa04/wwy-legacy# sho interface
Interface TenGigabitEthernet0/8.129 "core-inside", is down, line protocol is down
MAC address 442b.0330.aba2, MTU 1500
IP address 10.121.129.X, subnet mask 255.255.255.0
Traffic Statistics for "core-inside":
241633 packets input, 12094352 bytes
44788 packets output, 3032584 bytes
109732 packets dropped
Interface TenGigabitEthernet0/9.130 "VLAN130", is down, line protocol is down
MAC address 442b.0330.aba3, MTU 1500
IP address 10.121.130.X, subnet mask 255.255.255.0
Traffic Statistics for "VLAN130":
1264203 packets input, 136452168 bytes
326080 packets output, 69216516 bytes
794035 packets dropped
Interface TenGigabitEthernet0/9.136 "VLAN136", is down, line protocol is down
MAC address 442b.0330.aba3, MTU 1500
IP address 10.121.136.X, subnet mask 255.255.255.0
Traffic Statistics for "VLAN136":
374547 packets input, 23696109 bytes
51186 packets output, 3324895 bytes
173500 packets dropped
Interface GigabitEthernet0/1 "internet-outside", is down, line protocol is down
MAC address 442b.0330.ab9b, MTU 1500
IP address 167.9.6.X, subnet mask 255.255.255.0
Traffic Statistics for "internet-outside":
352158 packets input, 17245425 bytes
76888 packets output, 3872904 bytes
12255 packets dropped
Interface GigabitEthernet0/2 "internet-dmz", is down, line protocol is down
MAC address 442b.0330.ab9c, MTU 1500
IP address 10.121.201.X, subnet mask 255.255.255.0
Traffic Statistics for "internet-dmz":
237795 packets input, 12460108 bytes
40787 packets output, 2775684 bytes
27378 packets dropped
Interface GigabitEthernet0/4 "VLAN140", is down, line protocol is down
MAC address 442b.0330.ab9e, MTU 1500
IP address 10.121.140.X, subnet mask 255.255.255.0
Traffic Statistics for "VLAN140":
386931 packets input, 18807725 bytes
48936 packets output, 3319712 bytes
114417 packets dropped
We crosschecked MAC addresses and this is what we found:
Checkpoint ARP table:
10.121.130.101 44:2b:3:30:ab:a3 3285
ASA ARP table:
isxasa04/wwy-legacy# sh arp | i 10.121.130.101
VLAN130 10.121.130.101 001a.4b06.dd45 10525
Server real address provided by processing:
0x001A4B06DD45
When we saw that the Checkpoints had a different/wrong entry we shut down all the physical ports on the new ASAs (except for failover and management);
Kevin cleared the ARP table on the Checkpoints and problem was solved;
Later I saw this:
isxasa04# sh int | i MAC
MAC address 442b.0330.ab9a, MTU not set
MAC address 442b.0330.ab9b, MTU not set
MAC address 442b.0330.ab9c, MTU not set
MAC address 442b.0330.ab9d, MTU 1500
MAC address 442b.0330.ab9e, MTU not set
MAC address 442b.0330.ab9f, MTU not set
MAC address 442b.0330.aba0, MTU not set
MAC address 442b.0330.aba1, MTU not set
MAC address 442b.0330.ab98, MTU not set
MAC address 442b.0330.ab99, MTU not set
MAC address 442b.0330.aba2, MTU not set
MAC address 442b.0330.aba3, MTU not setThe Asa is proxy Arping those macs. Turn off proxy arp and put in static arp entries until you completely shut down the checkpoint.
Sent from Cisco Technical Support iPad App -
Issue bringing up VPN between ASA and Checkpoint - HELP
Hi all
We are having major issues bringing up a vpn between our ASA and third party checkpoint, it seems if the checkpoint initiates the connection it works, but if we initiate it from the ASA it doesnt come up.
on the ASA I see the following
any ideas what this is ?
7
Jan 30 2014
11:52:03
715065
IP = 159.50.93.1, IKE MM Initiator FSM error history (struct &0x79c4bb68) , : MM_DONE, EV_ERROR-->MM_WAIT_MSG2, EV_RETRY-->MM_WAIT_MSG2, EV_TIMEOUT-->MM_WAIT_MSG2, NullEvent-->MM_SND_MSG1, EV_SND_MSG-->MM_SND_MSG1, EV_START_TMR-->MM_SND_MSG1, EV_RESEND_MSG-->MM_WAIT_MSG2, EV_RETRYPhase 2 failures means several things:
Encryption domain (interesting traffics) fail to match. Checkpoint tends to supper net network together, by design,
Phase 2 parameters such as ESP, PFS and seconds timeouts do not match.
Why don't you put in relevance configuration on the ASA and if possible, ask the checkpoint firewall guy to do the following on the firewall:
- output of "uname -a" and "fw ver"
- is this Nokia, Windows or Secureplatform Checkpoint?
- run the following commands on the firewall: "debug ike off", "debug ike trunc" and send you the ike.elg file. That file can be decoded with the IKEView.exe and it will tell you exactly where things are wrong.
Disable/turn OFF kilobytes timeouts is not the solution. -
VPN between PIX 515 Version 6.3(3) and CheckPoint NGX R70.10
I'm trying to setup a simple VPN between a PIX 515 running version 6.3(3) and a Checkpoint running NGX R70.10 and I'm unable to get the tunnel created fully.
What makes it puzzling is that the ACL defining the interesting traffic on the PIX side (which is always the inbound side of the traffic) is registering hits on it's rule. "access-list 130 line 1 permit ip host B.B.B.B D.D.D.0 255.255.255.0 (hitcnt=54)" but the D.D.D.0 address isn't showing up in the debug output below.
Turning the PIX VPN debugging on "debug crypto ipsec" and "debug crypto isakmp" I'm receiving the following output which results in an error and which appears to also have an unexpected ip network (10.27.0.0) being displayed. As displayed below nowhere is the "D.D.D.0" address showing up.
I know this may be confusing to read, but I tried to hide the ip addresses by replacing them with letters. Whatever assistance is appreciated.
crypto_isakmp_process_block:src:A.A.A.A, dest:B.B.B.A spt:500 dpt:500
OAK_QM exchange
oakley_process_quick_mode:
OAK_QM_IDLE
ISAKMP (0): processing SA payload. message ID = 649100472
ISAKMP : Checking IPSec proposal 1
ISAKMP: transform 1, ESP_AES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (VPI) of 0x0 0x0 0xe 0x10
ISAKMP: authenticator is HMAC-SHA
ISAKMP: encaps is 1
ISAKMP: key length is 256
ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= B.B.B.A, src= A.A.A.A,
dest_proxy= B.B.B.B/255.255.255.255/0/0 (type=1),
src_proxy= C.C.0.0/255.255.0.0/0/0 (type=4),
protocol= ESP, transform= esp-aes-256 esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x4
IPSEC(validate_transform_proposal): proxy identities not supported
IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= B.B.B.A, src= A.A.A.A,
dest_proxy= C.C.0.0/255.255.0.0/0/0 (type=4),
src_proxy= B.B.B.B/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes-256 esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x4
IPSEC(validate_transform_proposal): proxy identities not supported
ISAKMP : Checking IPSec proposal 1
ISAKMP: transform 1, ESP_AES
ISAKMP: attributes in transform:
ISAKMP: SA life type in seconds
ISAKMP: SA life duration (VPI) of 0x0 0x0 0xe 0x10
ISAKMP: authenticator is HMAC-SHA
ISAKMP: encaps is 1
ISAKMP: key length is 256
ISAKMP (0): atts are acceptable.IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= B.B.B.A, src= A.A.A.A,
dest_proxy= B.B.B.B/255.255.255.255/0/0 (type=1),
src_proxy= C.C.0.0/255.255.0.0/0/0 (type=4),
protocol= ESP, transform= esp-aes-256 esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x4
IPSEC(validate_transform_proposal): proxy identities not supported
IPSEC(validate_proposal_request): proposal part #1,
(key eng. msg.) dest= B.B.B.A, src= A.A.A.A,
dest_proxy= C.C.0.0/255.255.0.0/0/0 (type=4),
src_proxy= B.B.B.B/255.255.255.255/0/0 (type=1),
protocol= ESP, transform= esp-aes-256 esp-sha-hmac ,
lifedur= 0s and 0kb,
spi= 0x0(0), conn_id= 0, keysize= 256, flags= 0x4I just found out that in version 6.x, traffic cannot pass through when the security level are the same.
For VPN Client, user traffic came from outside interface.
If split-tunneling is disabled and user want to access Internet, it has to go out from outside interface as well.
As "same-security-traffic permit inter-interface" is not available in 6.x, it become impossilbe for VPN client to access Internet, when split-tunneling is disabled.
Am I correct?
Maybe you are looking for
-
I have three different toolbars and want to change where they are in relation to each other
I want to move the swagbuck toolbar below the add this toolbar and ny bookmark toolbar. How do I do that?
-
I read in numerous forums and never came up with a real answer if it is possible to add a SSD (solid state drive) drive to your MacBook. My test model was a new aluminum MacBook 2.4 already updated to 4 gigs from OWC for $80 delivered. (which I might
-
HT1420 if I deauthorize all devices will it reauthorize my iphone?
I deauthorized all accounts using my new MacBook Pro because I had reached my limit of 5, and couldn't authorizer my MacBook. Did this just deauthorize my iphone 4 as well? If so, How do I authorize my iphone again?
-
Posting Key in Billing Document
Hi Expert, I have requirement to set up posting key in billing document... It's possible to set up posting key in billing document? Can you give step by step to configure posting key with automatic posting in billing document (with t-code)? Thanks a
-
VBA "error" in EPM for BPC 10.1 - "Cannot exit design mode" - any ideas?
Hi all, Upon opening specific BPC reports in EPM, I am presented with the following error message: I have tried the following: Debugging the code using the following stop: Function AFTER_WORKBOOK_OPEN() stop doRefreshFormula End Function FPMXL AP