Using ASA 5510 and router for dual WAN Connections.

Similar Messages

• I use Time Capsule and Airport for my wireless connection and my speeds stink!

  I am getting horrible speeds (250K downloads) any suggestions. I have the time capsule and the Airport for my wireless connection and I have a new MacBook Pro. My download speeds are about 250K. I have turned off my wireless and plugged into my network with a physical connection and I get great speeds so something is wrong wiht my wireless connection /setup......any suggestions?

  Yep much better.
  I recommend the following ..
  Set wireless and TC names to SMB standard.. short, no spaces.. pure alphanumeric.
  Lock the wireless channels and set a different name for 5ghz and also lock its channel.
  Use only WPA2 Personal security with a decent passkey.. generally 8-12 characters is plenty. Still follow the rules.. pure alphanumeric mix of upper lower case and numerals..
  If that does not improve things.. how old is the TC.. the wireless output does seem to slide as they age.
  A simple WAP connected to the TC can provide far superior wireless for very little money.

• Can I use my tv and roku for my screen

  Can I use my tv and roku for my screen

  Hi diana_tanner:
  # If by TV and roku you mean sending video urls to your roku connected to your TV, then the answer is yes for the current version of Firefox for Android, Firefox for Android 35. Here's how: https://support.mozilla.org/en-US/kb/use-firefox-android-send-videos-your-roku
  # If you mean mirroring a Firefox tab to your TV via roku then the answer is NO until Firefox 36 (which will be released on February 24). You can try this feature on Firefox 36 beta which is available on the play store now. Here's how: https://support.mozilla.org/en-US/kb/view-webpages-on-tv-roku-and-firefox-android

• How do i use my iMac and the macs wired internet connection to share the internet with my iPod and iPhone

  How do i use my iMac and the macs wired internet connection to share the internet with my iPod and iPhone. For 6months I had set up a network that shared the internet through bluetooth to my iPod 5th gen but i messed it up when i tried to add my iPhone 5s and i can't remember how to do it.

  The following has instructions: OS X Mavericks: Share your Internet connection

• ASA 5510 and VPN access to remote site over Ext WAN

  ASA 5510
  int client IP 172.0.1.XXX /24
  VPN Client IP 172.0.1.248 /29
  Static routes in the ASA
  1) 0.0.0.0 --- points to router1
  2) 172.29.1.1 --- Points to router2
  3) 172.29.1.2 --- Points to router2
  Router1 Internet connection // VPN access in path
  Router2 Dedicated line to offsite hosting // Dedicated routes in ASA
  ................../---- ROUTER 1
  ..Inside -- ASA --- outside (switch 2 rtrs)
  ..................\---- ROUTER 2
  If a PC from inside the network wants to talk with 172.29.1.2 it will work fine. If I VPN into the router, I can connect to anything onsite. I cannot talk to 172.29.1.1 or .2
  At first I thought it was the same-security-traffic issue and applied same-security-traffic permit inter-interface then i tried same-security-traffic permit intra-interface.
  Both commands failed, Looking at the diagram I think its something with the fact I VPN into this ASA. Now router2 see's our ASA as its external. So it see's our 208.12.*.* as the outgouing address and dest is 172.29.1.1 or .2
  I did a capture on the outside interface and I see the following. Now these caps are from the inside PC's accessing the website.
  3000 packets captured
  1: 15:03:38.176733 208.12.*.*.60404 > 172.29.1.2.443: P 2697372408:2697372444(36) ack 2813073572 win 64360
  2: 15:03:38.179815 208.12.*.*.63637 > 172.29.1.2.443: P 3373326671:3373326705(34) ack 3255654279 win 64512
  3: 15:03:38.179876 208.12.*.*.60404 > 172.29.1.2.443: P 2697372444:2697372480(36) ack 2813073572 win 64360
  4: 15:03:38.180181 172.29.1.2.443 > 208.12.*.*.27133: . ack 838693750 win 65456
  5: 15:03:38.180212 172.29.1.2.443 > 208.12.*.*.26920: P 1652457319:1652457373(54) ack 2226176804 win 65482
  Can someone point me in the right direction on how I would get the VPN working so it too can connect to those websites?

  Hi,
  Did you try to do NONAT for the traffic from 172.0.1.0 going to 172.29.1.0
  Something like this:-
  access-list NONAT permit ip 172.0.1.0 255.255.255.0 172.29.1.0 255.255.255.0
  nat (Inside) 0 access-list NONAT

• Using a 3rd party router for Multicast

  Hi all,
  There’s a lot of feedback on this board about using third party routers with Multicast, so we’ve decided to put this information all in the one place for you.
  NOTE: the workarounds below haven’t been tested by BT as we do not support 3rd party routers and we do not endorse any of them. Our recommended router remains the Home Hub.
  With the above statement in mind, we know that a lot of you do choose to use other routers.  The information contained here has come from fellow customers who have given their time to share this information in good faith. Thanks to all of the forum members who have helped make this information available to our community it is a great example of the wealth of information that a community can provide and we hope this encourages users to come back and visit us in the future.
  A special mention goes to walkerx who has posted and prompted a lot of the provided information.
  Hub configurations in alphabetical order:
  Apple Airport Extreme
  Put your Airport Extreme into Bridge Mode and turn the Home Hub's wireless off.
  [From MartinH's post]
  ASUS RT-N66U
  You must configure 'Enable VPN + DHCP Connection' to 'No' under the WAN option.
  Settings used were:
  - Have router on the latest firmware: 3.0.0.4.374.130
  - Use the following settings in LAN > IPTV:
  - 'Select ISP Profile' = None
  - 'Choose IPTV STB Port' = None
  - 'Use DHCP routes' = Microsoft
  - 'Enable multicast routing (IGMP Proxy) = Enable
  - 'Enable efficient multicast forwarding (IGMP Snooping) = Enable
  - 'UDB Proxy (Udpxy) = 0
  [From sepph's post]
  Billion 7800DXL
  Router has been reported to work.
  [From walkerx's post]
  Billion 7800N
  Requires you to add another profile (Pure Bridge) to the EWAN port along with the PPPoE profile. Save settings & restart. Also enable IGMP proxy & snooping.
  [TimCurtis' post]
  DLink Dir 825
  If enable multicast you can see the on-demand players but get an IPC6023 error when viewing the test channel (this means poor internet channel quality). This error message comes up even though it works if use the Home Hub 4
  [walkerx's post]
  Netgear R6300
  Netgear R6300, but with the Home Hub 3.0 and 500Mbit Powerline adapters in the picture.
  Modem -> HH3 -> R6300 -> Powerline -> 2 x Youview Boxes on other Powerlines.
  To do this, configure the Home Hub 3.0 as 192.168.1.1, then disable its wireless and DHCP. Make sure that NAT and UPNP were enabled, and then set it to use the address 192.168.1.254 as a DMZ server.
  Then configure the R6300 as the address 192.168.0.1, using the WAN IP address of 192.168.1.254, with 192.168.1.1 as the gateway and DNS server. The R6300 is then connected via WAN port to the HH3 Gigabit port.
  In the R6300 settings switch on IGMP. 
  The above settings allow both YouView boxes to use on demand content and different streaming channels simultaneously, as well as giving the full features of the R6300 such as AC1750 wireless, network printing, and DLNA
  [wigglr's post]
  TP-Link AC1750
  Router has been reported to work.
  [zarf2007's post]
  TP-Link Archer C7
  Router has been reported to work.
  [HappySlayerUK's post]
  TP-Link TL-WR1043ND
  No configuration needed, plug and play.
  [walkerx's post]
  TP-Link WDR4300 N750
  Router has been reported to work.
  [aseymour's post]
  TP-Link TL-WDR4900 N900
  Router has been reported to work, plug and play.
  [cactusbob's post]
  TP-Link routers in general
  How to configure Multicast on TP-Link routers (from the TP-Link website).
  One of our posters also found the following:
  He found that your router must be able to do the following for Multicast:
  For an end user connected via Openreach GEA (FTTC and FTTH)
  • The Residential Gateway will support:
  – IPoE for multicast traffic and PPPoE for BB traffic;
  – VLAN tag ID of 0 or no VLAN tag ID for multicast and BB traffic;
  – Fork IGMP requests up multicast and BB paths.
  For an end user connected to an MSAN (WBC copper)
  • The Residential Gateway will support:
  – A dual VC architecture;
  – Accept TV Connect multicast traffic on ATM VP/VC 0/35 with IPoE and broadband traffic on ATM VP/VC 0/38 with PPPoE;
  – Fork IGMP requests up multicast and broadband paths.
  IGMP should v3 and will be in range from 225.0.0.0 to 239.255.255.255 
  [walkerx's post]
  List of routers that do not appear to work:
  Draytek 2750n
  Linksys EA4500
  linksys EA6300
  Netgear AC6300
  [From Red_Snow's post]
  If you use a router that’s not listed here, do a search on the YouView from BT board to see if advice has been posted elsewhere. If it hasn’t, do post your question.
  Thanks,
  Stephanie
  Stephanie
  BTCare Community Manager
  If you like a post, or want to say thanks for a helpful answer, please click on the Ratings star on the left-hand side of the post. If someone answers your question correctly please let other members know by clicking on ’Mark as Accepted Solution’.

  Thanks for confirming that quails.
  Cheers
  David
  BTCare Community Mod
  If we have asked you to email us with your details, please make sure you are logged in to the forum, otherwise you will not be able to see our ‘Contact Us’ link within our profiles.
  We are sorry but we are unable to deal with service/account queries via the private message(PM) function so please don't PM your account info, we need to deal with this via our email account :-)

• Replacing ASA 5510 and ARP

  Hello Support,
  Probably an easy question and may be buried within these forums (but I can't find it).
  I'm attempting to replace a 5510 with another 5510 and having all sorts of difficulty.  Devices the PAT against the outside interface have no problems getting out, but anything with a 1:1 NAT cannot.  Screams of an ARP issue; however rebooting the switch and the firewall have no effect.  Is there something else I could potentially be missing.  Configurations are completely mirrored.  And the firewall the I'm trying to replace has no issues getting out with 1 to 1 (static) nats.  Any ideas?

  Hi,
  If you are talking about normal L2 switches with no routing capabilities then rebooting them might not do anything. I guess usually if you replace a device that is connected directly to some routers then the simple fact that the interface will go down is enough to "flush" the ARP table on the connected devices and the replacement of the device goes smoothly.
  If you ASA is connected to the ISP through a L2 switch there is always a chance that the rebooting of the switch wont bring down any link on the ISP side and remove the old ARP table information.
  I am also not quite sure if and when the ASA uses Gratuitous ARP which is meant to update the ARP table of the connected devices.
  But I would have to say that its not that uncommon that some people face problem with replacing devices and the ISP still having the old ARP information on their end. As I personally work for the ISP and usually am the person who handles the firewall replacement, its pretty easy to handle both the ISP side and the customer side.
  Usually the the firewall that I replace is also connected directly to some LAN router so the routers interfaces naturally go down during the device switch and I wont have to resort to any ARP clearing on the LAN side.
  Even though it might be basic information, I am actually not sure how long the basic PC keeps the ARP table information. Though I would imagine Google might tell me pretty quickly
  - Jouni

• Communication problem between ASA 5510 and Cisco 3750, L2 Decode drops

  Having problem with communication between ASA 5510 an Cisco Catalyst 3750.
  Here is the Cisco switch port facing the ASA 5510 configuration:
  interface FastEthernet2/0/6
  description Trunk to ASA 5510
  switchport trunk encapsulation dot1q
  switchport trunk native vlan 50
  switchport trunk allowed vlan 131,500
  switchport mode trunk
  switchport nonegotiate
  And here is the ASA 5510 port configuration:
  interface Ethernet0/3
  speed 100
  no nameif
  no security-level
  no ip address
  interface Ethernet0/3.500
  vlan 500
  nameif outside
  security-level 0
  ip address X.X.X.69 255.255.255.0
  There is a default route on ASA to X.X.X.1.
  When I try to ping from ASA X.X.X.1 i get:
  Sending 5, 100-byte ICMP Echos to 31.24.36.1, timeout is 2 seconds:
  Also in the output of show interface eth 0/3 on the ASA i can see that the L2 Decode drop counter increases.
  I have also changed the ports on the Switch and ASA but the same error stays.
  Any thoughts?

  I don't see anything wrong with your trunk configuration; I have a similar one working between an ASA 5520 and a Catalyst 3750G.
  Maybe you should adjust the "speed 100"?  In my experience, partial autoconfiguration results in duplex mis-matches, which results in dropped packets.
  I'd try removing the "speed 100" and letting the ASA port autonegotiate with the switch.  Alternatively, have both sides set
     speed 100
     duplex full
  and see if things improve.
  -- Jim Leinweber, WI State Lab of Hygiene

• Using VST plugins and ASIO for everything?

  Just a thought. Oh how much I'd like this!
  To be able to use universal VST plugins and ASIO for everything directly from Windows would be ideal. To put this simply, making the Creative Windows "mixer" a true equivelent of a pro-software mixing app (Ableton, ProTools, Sonar, Cubase, or any other) in terms of absolute control for all Audio effects and I/O.
  If Creative won't ever do this even on their next gen cards, somebody or some company that knows a decent mixer setup should write such a replacement mixer soon offered at a fair price (if not free) that will do so with easy, complete, reliable integration.
  Long and specific
  VST related:
  - Use X-Ram to cache inserted VST plugins. Now theres a potential great reason for it since it obviously doesnt use any to cache the I/O bus like ALL OTHER periphials that have Ram caches. Its use is dictated by software, so why not?
  - Allow setting some tiny but likely necessary amount of X-Ram as an additional plugin audio I/O buffer. This should be much less than what mixing software needs for this setting since that would all have to pass the CPU.
  - Use Creative's processing hardware directly instead of the CPU so VST plugins won't increase CPU usage (within reason of course).
  - Yield overhead when using lots or higher-demand plugins if set in bit-match mode. Why waste all that power for SRC when Voxengo R8Brain or plenty of other pro software can do that a million times better and way faster in non-real-time? OK, only Creative could work this one in.
  - Why VST plugins? I'd trust my favorite EQ, digital limiter or whatever that has 64-bit float internal precision and oversampling vs. a 24-bit (rounding-error heaven) with no oversampling like the built in Creative ones.
  - If Creative has confidence in the quality of their own propriety effects, doesn't have to be VST but simply making them usable as a ReWire bridged devices into most any host with parameter automation controls and all. Obviosly these could have much lower latency than VST that normally relies on CPU processed software code.
  - The only argument against this is that some VST plugins have huge latencies. Optional latency delay to keep tracks
  - Allow Creatives hardware to insert as a ReWire slave or otherwise bridged device to ASIO-based apps so VST's can be outsourced from demanding more CPU when mixing. I could also add MIDI plugin effects as well.
  ASIO related:
  - Allow changing any and all audio I/O routing for individual channels on the fly for Windows and ANY software (not just ASIO compatible stuff). Just like in Ableton, Pro Tools, and every other WELL designed "mixer".
  - Treating XP itself and any software that normally goes through DX/MME/etc to use this ASIO mixer by making it appear as an insert send/return in the mixer so it can get routed and processed individually to my liking.
  - Can insert send/return signals for any DX/MME/etc program to/from any track or #tracks in any combination up to some reasonable limit with pre/post gains. At least several send/returns slots per channel.
  - A game that uses ASIO would be sweet. 0% FPS drop. IMO DX/MME/wave-mapper sound sucks. No control, many wasted CPU cycles, and horrible latency.
  - Ability to save/load PROGRAM-specific routing chains. Having it so simly running a certain program will automatically insert it how/whereever I specified, if not default, with all relevant I/O settings, including plugins and related settings that were put in the insert send/return path series to that program of course.
  - Put real-time SRC, compression encoding/decoding, or any Creative effects as well whereever I want in the signal chain, whether universal to a track I/O or program insert send/return I/O.
  - Ability to record tracks or the master likewise.
  - No digital feedback possible caused by monitering/recording/routing configs that would be possible in any decent mixing software. Surely not ever from a default setting or made sometimes impossible to prevent like on the Audigy series. Well unless I do something stupid that SHOULD cause feedback. Speak of a truly worthless mixer, this BTW is the ONLY reason I couldn't just go the manual route and run my host all the time, forcing ALL sounds through it for real-time playback with my Audigy. I'm assuming XiFi's Audio-Creation Mixer doesn't have this horrible problem.
  - Imagine putting any combination of sounds in 7.1 surround, monitering specific channels to any physical output, or up/downmixing 5.1 as it plays in real-time, etc. any thing like this possible instantly with a few mouse clicks! This would be SO EASY and completely possible to implement, most of the above right onto existing XiFi's as is.
  It's not like it would be competing with pro-interface rackmount products so no harm to Creative. I sure as h*ll wouldn't record with any soundcard's analog pre's or unbalanced connections for that matter. Guess I just love the interface and control of a REAL mixer that can do it all.

  cusis wrote:
  But would it be possible to somehow use the power of the card to take on some of the load of the cpu, users would surely then see alot more benifits from these cards.
  I don't see why this isn't possible with enough X-RAM. Why no host apps support offloading VST plugin cache buffers and rendering threads to it? I'm probly returning my XiFi and sticking with my old Audigy 1 until either I blow it up or Creative makes a REAL upgrade with most the aforementioned features that literally COULD'VE been implemented in XiFi's current hardware.
  If they do, they'll have my business and many others I'm pretty sure. Creative, if your listening and you want to like triple your sales - PLEASE get a clue and get the software end right. Microsoft or any audio host software developers, heres your (fat) chance if Creative wont do whats really their responsibility.
  If ALL apps were forced to pass through ASIO as I mentioned, this could force all apps and games to use part of X-RAM as an I/O buffer no matter what specific support is. The same way a video card can offload ALL video including Windows, not just when running certain games, or even worse, certain audio apps lol that specifically support video RAM and DX performance controls! That would be the stupidest, most worthless idea and why Video Cards don't waste their hardware this way. And yet this is what XiFi currently does regarding audio. Somebody change this SOON.
  This would be SO cheap and easy for Creative toss together and implement and would solve EVERYONE's problems and make ALL games at least get SMOOTH AUDIO. He!! Creative could charge $30 extra for it or just push out a new line of cards and itd still be worth it. Creative, did you read that part? More profit$$$ Like a video card upgrade, I EXPECT a night vs. day improvment but as it stands, XiFi is simply a glorified Audigy that costs more but much LESS likely to work right.
  More importantly, its use of ASIO (the real deal) remains no less limited than an old Creative card from way back when. If Creative wants their soundcard to integrate with software better, learn from Nvidia/Ati and deliver the goods as they've done it all along.

• Possible to use Airport Extr and Express for WIRED Guest Network?

  Situation and landscape:
  My house has a Comcast cable-modem, which is connected to an Airport Extreme (AEx).
  The AEx is running WPA WiFi, and this is all good.
  There is one ethernet wire running out of the AEx, which goes 150 feet to the rear of my house, across a short corridor (protected from weather with insulated pipe) and into my garage apartment, where it terminates into an Airport Express (APress.)   This garage apartment is frequently used as part of a rental property.  The APress is extending the same WiFi SSID/settings.
  When guests arrive, they are able to plug-in their notebook computers to the APress ethernet port, or use the WiFi.
  Well, the problem with that, obviously, is that they can "see" the other computers on the network, and printers, etc.
  It would be perfect to set configure the AEx and APress to the WiFi "guest network."  However, there are problems with this:
  1)  Believe it or not, many guests still use direct-plug and do not have nor know how to set up their WiFi -- so they MUST have a direct ethernet wire.
  2)  When I use Airport Utility for the APress, it does not show any WiFi guest network option -- maybe because another dependent setting is not allowing this (i.e. Bridge Mode?")
  3)  The distance between the AEx and this garage apartment is too long between them to shoot a WiFi guest network from AEx and to be picked-up by the Airport Express... and there's a center core in my old house that is impervious to all radio frequencies and could block a nuclear blast.  Well, it causes a degradation of wireless.   And this brings us back to #1 above...in that I need a cable ethernet option.
  Picture attached of current landscape:
  So, maybe....
  I've spent the better part of a couple of hours searching here, particularly for the terms "access point" but the terminology isn't what I need.  What I wonder if perhaps I need to place an APress beside the AEx, turn on Guest Network at the AEx, then "pick it up" with a second APress, and carry the ethernet signal to the garage apartment and allow guest WiFi and wired.  (see second picture)   Will this work?

  OK, here how to set this up.
  Open up AirPort Utility 5.6.1, select the Express, and click Manual Setup
  Click the Wireless tab located below the icons
  If you want the Guest Network to have a different SSID (recommended), then change the name of the wireless network, adjust the security settings if needed, and change the Wireless Password and Verify
  Click the Internet icon up at the top of the window
  Click the Internet Connection tab just below the icons
  Change the setting for Connection Sharing to Share a public IP address
  Click the DHCP tab located under the icons
  Change the DHCP Beginning Address to read something different.....like 10.0.5.2
  Click Update and give the Express a full minute to restart
  At this point, the Express indicator light will be slowly blinking amber
  Open up AirPort Utility again, select the Express and click directly on the word Status (2nd line)
  You should see a Double NAT notice with an option to "ignore" the item
  There may also be an Setup over WAN notice with an option to "ignore" the item
  Click in the boxes to ignore both items, then click Update again and the Express will restart and display a green light
  Try things out to verify that the Guest Network cannot "see" any devices on the main network...and vice versa.

• Using own modem and router

  Hi,
  I've decided not to use the home hub 4 and to use my own modem equipments.
  I was told that I only need to enter [email protected] as login name and password as password, then internet should work...
  It is strange because the modem could get an IP from the DNS, but there's no internet connection.
  I already followed the steps here: http://btbusiness.custhelp.com/app/answers/detail/​a_id/258/~/can-i-use-my-own-broadband-modem-or-rou​...
  any ideas?
  thanks
  Solved!
  Go to Solution.

  thanks for your responses.
  yes, I tried different login names and passwords. I knew they worked because the modem managed to detect the upstream and downstream speed, as well as the ip address, DNS server, etc...
  I did a ping check through the modem and it said it worked... strangely, the ADSL loopback check was failed.
  Other settings were UK default, ie. VC, PPPoA, 0,38... I am using a Zyxel P-660R-D1.
  Key thing is I am using a separate modem and router, both of them are high quality equipment because i'll be setting up a server to do cloud storage. Also i prefer not to use all in one model-router coz I think separate equipments just work better.
  So any ideas? Is there anything special about the Homehub that BT isnt telling us, whereas we need HH in order to get on internet??
  Thanks

• Using wireless router for Playstation Portable connection

  I've had my PSP for a little while now and I mainly use it for it's internet feature. I've been using my router (with wireless connection) for my laptops for years and so things have been completely fine logging onto the internet with my PSP. I recently downloaded an update for my PSP and the internet connection started to slow down A LOT. Now, I can't connect to the internet at all. I know some people may say to contact Sony about this, but I'm sure Sony's first response would be to contact my router manufacturer. Does anyone know what I can do?
  My model number is WRT150 V1.1 and I heard that it may have to do with the MAC address for my PSP but I cannot find ANYWHERE in the setting for my router where I can allow a certain MAC address permission to use the wireless network. 
  If anyone knows anything, please share. Thank you!

  To enable MAC Address Filtering follow the link here , the link will only give you screenshots to find the MAC Address of an Ethernet Adapter Wireless Network Connection and not for a play Station...
  If you know the MAC add of your PSPyou can follow the link from where it says "Permitting Wireless PC from Accessing Your Network"

• Cisco Model 870 router for home office connected to WRT160NL wireless router for personal use

  I am using a Cisco Model 870 router for home office. I just bought a WRT160NL wireless router for home use. I setup the personal wireless router off the personal port of the 870 and can connect with my PC but not with my MAC machines. It can see the Network but when it asks me for passwords, it says they are wrong, which after several attempts I know they are correct.
  The new router is setup as WPA2 personal. Can you advise?
  Cisco Account Manager- Services

  I think I answered my own question. I tried downloading something on my desktop and checked my cellular usage afterwards didn't go up so it's using my home internet and not my data plan.

• Using non Internet wireless router for AirPrint, kills Internet experience via data plan.

  Just bought an HP Laserjet Pro 400 with AirPrint.  In order to use it I added a wireless router, that is not connect to the Internet, as I am remote.  How can I print and go on the Internet without have to turn on and off my wifi?  I work remotely so I have no dsl or cable to plug my router into, yet in order to use my AirPrint I must have a router.  If I am connected to a wifi, my iPad assumes that is my preferred method to connect to the Internet....

  I believe Verizon will only carry wireless N routers at the moment due to the fact that wireless AC is still in draft. Wireless N has been standardized.  But, glad to hear you got things working well enough. I suppose it wouldn't hurt to try asking for higher speeds to be delivered over the DSL. Most folks coming directly from a central office or from a specific type of remote terminal can get speeds reaching to 7Mbps or 15Mbps.
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• How to kill Forms Runaway Process using 95% CPU and running for 2 hours.

  We had a situation at E-Business Suite customer (using Oracle VM server) where some of Form processes were not being cleared by form timeout settings automatically.
  Also when user exits the form session from front end, the linux form process (PID) and DB session did not exit properly, so they got hung.
  They were spiking CPU and memory usage and causing e-business suite to perform slowely and ultimately causing VM host to reboot the production VM guest (running on Linux).
  We could see the form processes (PIDs) using almost 100% cpu with "top" command and running for a long time.
  Also we verified those Form Sessions did not exist in the application itself.
  ie. Using from Grid Control -> OAM-> Site Map -> Monitoring (tab) -> "Form Sessions".
  It means that we could safely kill that form process from Linux using "kill -9 <PID>" command.
  But that required a continuous monitoring and manual DBA intervention as customer is 24x7 customer.
  So, I wrote a shell script to do the following;
  •     Cron job runs every half an hour 7 days a week which calls this shell script.
  •     Shell script runs and tries to find "top two" f60webmx processes (form sessions) using over 95% cpu with 2 minutes interval.
  •     If no process is found or CPU% is less than 95%, it exits and does nothing.
  •     If top process is found, it searches for its DB session using apps login (with hidden apps password file - /home/applmgr/.pwd).
  a.     If DB session is NOT found (which means form process is hung), it kills the process from unix and emails results to <[email protected]>
  b.     If DB session is found, it waits for 2 hours so that form process times automatically via form session timeout setting.
  It also emails the SQL to check the DB session for that form process.
  c.     If DB session is found and it does not timeout after 2 hours,
  it kills the process from unix (which in turn kills the DB session). Output is emailed.
  This are the files required for this;
  1. Cron job which calls the shell script looks like this;
  # Kill form runaway process, using over 95% cpu having no DB session or DB session for > 2hrs
  00,30 * * * * /home/applmgr/forms_runaway.sh 2>&1
  2. SQL that this script calls is /home/applmgr/frm_runaway.sql and looks like;
  set head off
  set verify off
  set feedback off
  set pagesize 0
  define form_client_PID = &1
  select count(*) from v$session s , v$process p, FND_FORM_SESSIONS_V f where S.AUDSID=f.audsid and p.addr=s.paddr and s.process='&form_client_PID';
  3. Actual shell script is /home/applmgr/forms_runaway.sh and looks like;
  # Author : Amandeep Singh
  # Description : Kills runaway form processes using more than 95% cpu
  # and Form Session with no DB session or DB session > 2hrs
  # Dated : 11-April-2012
  #!/bin/bash
  . /home/applmgr/.bash_profile
  PWD=`cat ~/.pwd`
  export PWD
  echo "`date`">/tmp/runaway_forms.log
  echo "----------------------------------">>/tmp/runaway_forms.log
  VAR1=`top -b -u applmgr -n 1|grep f60webmx|grep -v sh|grep -v awk|grep -v top|sort -nrk9|head -2|sed 's/^[ \t]*//;s/[ \t]*$//'| awk '{ if ($9 > 95 && $12 = "f60webmx") print $1 " "$9 " "$11 " "$12; }'`
  PID1=`echo $VAR1|awk '{print $1}'`
  CPU1=`echo $VAR1|awk '{print $2}'`
  TIME1=`echo $VAR1|awk '{print $3}'`
  PROG1=`echo $VAR1|awk '{print $4}'`
  PID_1=`echo $VAR1|awk '{print $5}'`
  CPU_1=`echo $VAR1|awk '{print $6}'`
  TIME_1=`echo $VAR1|awk '{print $7}'`
  PROG_1=`echo $VAR1|awk '{print $8}'`
  echo "PID1="$PID1", CPU%="$CPU1", Running Time="$TIME1", Program="$PROG1>>/tmp/runaway_forms.log
  echo "PID_1="$PID_1", CPU%="$CPU_1", Running Time="$TIME_1", Program="$PROG_1>>/tmp/runaway_forms.log
  echo " ">>/tmp/runaway_forms.log
  sleep 120
  echo "`date`">>/tmp/runaway_forms.log
  echo "----------------------------------">>/tmp/runaway_forms.log
  VAR2=`top -b -u applmgr -n 1|grep f60webmx|grep -v sh|grep -v awk|grep -v top|sort -nrk9|head -2|sed 's/^[ \t]*//;s/[ \t]*$//'| awk '{ if ($9 > 95 && $12 = "f60webmx") print $1 " "$9 " "$11 " "$12; }'`
  PID2=`echo $VAR2|awk '{print $1}'`
  CPU2=`echo $VAR2|awk '{print $2}'`
  TIME2=`echo $VAR2|awk '{print $3}'`
  PROG2=`echo $VAR2|awk '{print $4}'`
  PID_2=`echo $VAR2|awk '{print $5}'`
  CPU_2=`echo $VAR2|awk '{print $6}'`
  TIME_2=`echo $VAR2|awk '{print $7}'`
  PROG_2=`echo $VAR2|awk '{print $8}'`
  HRS=`echo $TIME1|cut -d: -f1`
  exprHRS=`expr "$HRS"`
  echo "PID2="$PID2", CPU%="$CPU2", Running Time="$TIME2", Program="$PROG2>>/tmp/runaway_forms.log
  echo "PID_2="$PID_2", CPU%="$CPU_2", Running Time="$TIME_2", Program="$PROG_2>>/tmp/runaway_forms.log
  echo " ">>/tmp/runaway_forms.log
  # If PID1 or PID2 is NULL
  if [ -z ${PID1} ] || [ -z ${PID2} ]
  then
  echo "no top processes found. Either PID is NULL OR CPU% is less than 95%. Exiting...">>/tmp/runaway_forms.log
  elif
  # If PID1 is equal to PID2 or PID1=PID_2 or PID_1=PID2 or PID_1=PID_2
  [ ${PID1} -eq ${PID2} ] || [ ${PID1} -eq ${PID_2} ] || [ ${PID_1} -eq ${PID2} ] || [ ${PID_1} -eq ${PID_2} ];
  then
  DB_SESSION=`$ORACLE_HOME/bin/sqlplus -S apps/$PWD @/home/applmgr/frm_runaway.sql $PID1 << EOF
  EOF`
  echo " ">>/tmp/runaway_forms.log
  echo "DB_SESSION ="$DB_SESSION >>/tmp/runaway_forms.log
  # if no DB session found for PID
  if [ $DB_SESSION -eq 0 ] then
  echo " ">>/tmp/runaway_forms.log
  echo "Killed Following Runaway Forms Process:">>/tmp/runaway_forms.log
  echo "-------------------------------------------------------------------">>/tmp/runaway_forms.log
  echo "PID="$PID1", CPU%="$CPU1", Running Time="$TIME1", Program="$PROG1>>/tmp/runaway_forms.log
  kill -9 $PID1
  #Email the output
  mailx -s "Killed: `hostname -a` Runaway Form Processes" [email protected] </tmp/runaway_forms.log
  cat /tmp/runaway_forms.log
  else
  # If DB session exists for PID
  if [ ${exprHRS} -gt 120 ]; then
  echo $DB_SESSION "of Database sessions exist for this forms process-PID="$PID1". But its running for more than 2 hours. ">>/tmp/runaway_forms.log
  echo "Process running time is "$exprHRS" minutes.">>/tmp/runaway_forms.log
  echo "Killed Following Runaway Forms Process:">>/tmp/runaway_forms.log
  echo "-------------------------------------------------------------------">>/tmp/runaway_forms.log
  echo "PID="$PID1", CPU%="$CPU1", Running Time="$TIME1", Program="$PROG1>>/tmp/runaway_forms.log
  kill -9 $PID1
  #Email the output
  mailx -s "`hostname -a`: Runaway Form Processes" [email protected] </tmp/runaway_forms.log
  cat /tmp/runaway_forms.log
  else
  echo "Process running time is "$exprHRS" minutes.">>/tmp/runaway_forms.log
  echo $DB_SESSION "of Database sessions exist for PID="$PID1" and is less than 2 hours old. Not killing...">>/tmp/runaway_forms.log
  echo "For more details on this PID, run following SQL query;">>/tmp/runaway_forms.log
  echo "-----------------------------------------------------------------------">>/tmp/runaway_forms.log
  echo "set pages 9999 lines 150">>/tmp/runaway_forms.log
  echo "select f.user_form_name, f.user_name, p.spid DB_OS_ID , s.process client_os_id,, s.audsid, f.PROCESS_SPID Forms_SPID,">>/tmp/runaway_forms.log
  echo "to_char(s.logon_time,'DD-Mon-YY hh:mi:ss'), s.seconds_in_wait">>/tmp/runaway_forms.log
  echo "from v\$session s , v\$process p, FND_FORM_SESSIONS_V f">>/tmp/runaway_forms.log
  echo "where S.AUDSID=f.audsid and p.addr=s.paddr and s.process='"$PID1"' order by p.spid;">>/tmp/runaway_forms.log
  mailx -s "`hostname -a`: Runaway Form Processes" [email protected] </tmp/runaway_forms.log
  cat /tmp/runaway_forms.log
  fi
  fi
  else
  #if PID1 and PID2 are not equal or CPU% is less than 95%.
  echo "No unique CPU hogging form processes found. Exiting...">>/tmp/runaway_forms.log
  cat /tmp/runaway_forms.log
  fi
  If you have the same problem with some other unix and DB processes, the script can be easily modified and used.
  But use this with thorough testing first (by commenting out <kill -9 $PID1> lines.
  Good luck.
  Edited by: R12_AppsDBA on 19/04/2012 13:10

  Thanks for sharing the script!
  Hussein