VG 224 config
Try to config VG224, but without success. Below is the sample config file from CCO. http://www.cisco.com/univercd/cc/td/doc/product/access/vg/vg224/scg/scgappa.htm
Can someone post a workable VG224 config file? Thanks in advance.
Do you have an MGCP or SCCP image?
If MGCP here is a config you could use:
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname vg224
boot-start-marker
boot-end-marker
no aaa new-model
ip subnet-zero
ccm-manager redundant-host
ccm-manager mgcp
ccm-manager music-on-hold
ccm-manager config server
ccm-manager config
interface FastEthernet0/0
ip address x.x.x.x 255.255.255.0
duplex full
speed auto
control-plane
voice-port 2/0
voice-port 2/1
voice-port 2/2
voice-port 2/3
voice-port 2/4
voice-port 2/5
voice-port 2/6
voice-port 2/7
voice-port 2/8
voice-port 2/9
voice-port 2/10
voice-port 2/11
voice-port 2/12
voice-port 2/13
voice-port 2/14
voice-port 2/15
voice-port 2/16
voice-port 2/17
voice-port 2/18
voice-port 2/19
voice-port 2/20
voice-port 2/21
voice-port 2/22
voice-port 2/23
mgcp
mgcp call-agent 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
no mgcp package-capability res-package
mgcp package-capability sst-package
no mgcp package-capability fxr-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp rtp payload-type g726r16 static
mgcp profile default
dial-peer voice 99920 pots
application mgcpapp
port 2/0
dial-peer voice 99921 pots
application mgcpapp
port 2/1
dial-peer voice 99922 pots
application mgcpapp
port 2/2
dial-peer voice 99923 pots
application mgcpapp
port 2/3
dial-peer voice 99924 pots
application mgcpapp
port 2/4
dial-peer voice 99925 pots
application mgcpapp
port 2/5
dial-peer voice 99926 pots
application mgcpapp
port 2/6
dial-peer voice 99927 pots
application mgcpapp
port 2/7
dial-peer voice 99928 pots
application mgcpapp
port 2/8
dial-peer voice 99929 pots
application mgcpapp
port 2/9
dial-peer voice 999210 pots
application mgcpapp
port 2/10
dial-peer voice 999211 pots
application mgcpapp
port 2/11
dial-peer voice 999212 pots
application mgcpapp
port 2/12
dial-peer voice 999213 pots
application mgcpapp
port 2/13
dial-peer voice 999214 pots
application mgcpapp
port 2/14
line con 0
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password usg1pt
login
transport preferred all
transport input all
transport output all
end
Similar Messages
-
Good morning, I've a callmanager 8.6.2.
All works well excepet a vg224 mcgp .
The vg is correctly registered via mgcp on callmanager, and I've configured one fxs port to connect to an analogic phone.
The problem is: if I start a call from analogic phone to ipphone the call wors well, but i I start a call from an ipphone to the analogic phone the call fails.
Eachone can help me?
in the attached file the vg 224 config
interface FastEthernet0/0
ip address 10.116.1.27 255.255.255.0
duplex auto
speed auto
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip default-gateway 10.116.1.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.116.1.1
no ip http server
control-plane
voice-port 2/0
voice-port 2/1
voice-port 2/2
voice-port 2/3
voice-port 2/4
voice-port 2/5
voice-port 2/6
voice-port 2/7
voice-port 2/8
voice-port 2/9
voice-port 2/10
voice-port 2/11
voice-port 2/12
voice-port 2/13
voice-port 2/14
voice-port 2/15
voice-port 2/16
voice-port 2/17
voice-port 2/18
voice-port 2/19
voice-port 2/20
voice-port 2/21
voice-port 2/22
voice-port 2/23
ccm-manager redundant-host 10.116.1.13
ccm-manager mgcp
no ccm-manager fax protocol cisco
ccm-manager music-on-hold
ccm-manager config server 10.116.1.22 10.116.1.13
ccm-manager config
mgcp
mgcp call-agent 10.116.1.22 2427 service-type mgcp version 0.1
mgcp rtp unreachable timeout 1000 action notify
mgcp package-capability rtp-package
mgcp package-capability sst-package
no mgcp package-capability res-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp rtp payload-type g726r16 static
mgcp bind control source-interface FastEthernet0/0
mgcp bind media source-interface FastEthernet0/0
mgcp profile default
dial-peer voice 99920 pots
service mgcpapp
port 2/0
dial-peer voice 99921 pots
service mgcpapp
port 2/1
dial-peer voice 99922 pots
service mgcpapp
port 2/2
dial-peer voice 99923 pots
service mgcpapp
port 2/3
dial-peer voice 99924 pots
service mgcpapp
port 2/4
dial-peer voice 99925 pots
service mgcpapp
port 2/5
dial-peer voice 99926 pots
service mgcpapp
port 2/6
dial-peer voice 99927 pots
service mgcpapp
port 2/7
dial-peer voice 99928 pots
service mgcpapp
port 2/8
dial-peer voice 99929 pots
service mgcpapp
port 2/9
dial-peer voice 999210 pots
service mgcpapp
port 2/10
dial-peer voice 999211 pots
service mgcpapp
port 2/11
dial-peer voice 999212 pots
service mgcpapp
port 2/12
dial-peer voice 999213 pots
service mgcpapp
port 2/13
dial-peer voice 999214 pots
service mgcpapp
port 2/14
dial-peer voice 999215 pots
service mgcpapp
port 2/15
dial-peer voice 999216 pots
service mgcpapp
port 2/16
dial-peer voice 999217 pots
service mgcpapp
port 2/17
dial-peer voice 999218 pots
service mgcpapp
port 2/18
dial-peer voice 999219 pots
service mgcpapp
port 2/19
dial-peer voice 999220 pots
service mgcpapp
port 2/20
dial-peer voice 999221 pots
service mgcpapp
port 2/21
dial-peer voice 999222 pots
service mgcpapp
port 2/22
dial-peer voice 999223 pots
service mgcpapp
port 2/23Duplicate
https://supportforums.cisco.com/discussion/12245471/problem-vg224-mgcp -
Wifi clients get an address but cannot access network
Hello,
I have setup 1131 AP's which connect to a wlan controller 2106
The dhcp server is a windows 2003 server. All equipment is connected to inside lan, no vlans have been configured.
AP's are normally associated and wifi clients get an ip address from the windows dhcp server.
Strange thing however is that when you are connected to the wifi, you cannot access anything. Dns is configured properly and even when you enter an ip address of a website, I cannot reach it.
I have no idea what can be wrong. Is it that we use internally a 172.16.x.x /16 range and the wlan controller uses 172.16.2.x for both ap as management interface and the dhcp scope is 172.16.5.x /16. Same subnet.
Anybody a clue?
Thanks and regards,
Ralph Willemsen
Arnhem, NetherlandsHello Scott,
This is the running config (changed company name to 'company')
config sysname Cisco2106
config location expiry tags 5
config time timezone location 14
config load-balancing window 0
config interface address management 172.16.2.39 255.255.0.0 172.16.2.254
config interface port management 1
config interface dhcp management primary 172.16.1.7
config interface dhcp service-port enable
config interface address virtual 192.168.222.254
config interface address ap-manager 172.16.2.40 255.255.0.0 172.16.2.254
config interface port ap-manager 1
config interface dhcp ap-manager primary 172.16.1.7
config 802.11b cac voice sip codec g711 sample-interval 20
config 802.11b cac voice sip bandwidth 64 sample-interval 20
config 802.11b 11gsupport enable
config auth-list ap-policy ssc enable
config auth-list ap-policy mic enable
config auth-list ap-policy lsc enable
config logging console warnings
config logging console 4
config logging traceinfo disable debugging
config logging buffered notifications
config logging buffered 5
config mobility group domain "company"
config mobility group member add 00:00:00:00:00:00 172.16.2241 RF_company
config nmsp notification interval rssi rfid 2
config msglog level warning
config 802.11a cac voice sip codec g711 sample-interval 20
config 802.11a cac voice sip bandwidth 64 sample-interval 20
config 802.11a disable network
config database size 512
config dhcp proxy disable bootp-broadcast disable
config network rf-network-name "company"
config network ap-mcast-mode multicast 224
config network multicast mode multicast 224
config network otap-mode enable
config country NL
config rfid timeout 1200
config rfid status enable
config rfid mobility pango disable
config mgmtuser add encrypt admin 1 b56d213abcxxxxxxxxxxxxxxxxx2 75ca55720920f69dad20d8c1aee6b0ffa8e005af 16 f569db123c03d8c62ab3c11c8e31f60b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 read-write
config wlan session-timeout 1 0
config wlan dhcp_server 1 172.16.1.7
config wlan exclusionlist 1 60
config wlan wmm allow 1
config wlan mfp client enable 1
config wlan broadcast-ssid enable 1
config wlan interface 1 management
config wlan create 1 company "company"
config wlan apgroup add company company
config wlan apgroup description company company
config wlan apgroup interface-mapping add company 1 management
config wlan security wpa wpa1 ciphers tkip enable 1
config wlan security wpa wpa1 enable 1
config wlan security wpa wpa2 ciphers tkip enable 1
config wlan security wpa wpa2 ciphers aes enable 1
config wlan security wpa akm 802.1x disable 1
config wlan security wpa akm psk set-key hex encrypt 1 3d943b0edb82b2f94b183a9f0099b8d7 724fe9f09921d471b36d7451d4f3f5f941aceecb 48 919d3a5b5aa1b2add548add84850a2140f635bf3a65e54ebfb1528a6e91954804e595cfc03415ded89272776cd9f914e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 1
config wlan security wpa akm psk enable 1
config wlan security wpa enable 1
config wlan enable 1
config advanced 802.11b channel add 1
config advanced 802.11b channel add 6
config advanced 802.11b channel add 11
config advanced 802.11b channel load disable
config advanced 802.11b channel noise enable
config advanced 802.11b channel foreign enable
config advanced 802.11b receiver pico-cell-v2 rx_sense_thrld 0 0 0
config advanced 802.11b receiver pico-cell-v2 cca_sense_thrld 0 0 0
config advanced 802.11b tx-power-control-thresh -65
config advanced probe limit 2 500
config advanced 802.11a channel add 36
config advanced 802.11a channel add 40
config advanced 802.11a channel add 44
config advanced 802.11a channel add 48
config advanced 802.11a channel add 52
config advanced 802.11a channel add 56
config advanced 802.11a channel add 60
config advanced 802.11a channel add 64
config advanced 802.11a channel add 100
config advanced 802.11a channel add 104
config advanced 802.11a channel add 108
config advanced 802.11a channel add 112
config advanced 802.11a channel add 116
config advanced 802.11a channel add 120
config advanced 802.11a channel add 124
config advanced 802.11a channel add 128
config advanced 802.11a channel add 132
config advanced 802.11a channel add 136
config advanced 802.11a channel add 140
config advanced 802.11a channel load disable
config advanced 802.11a channel noise enable
config advanced 802.11a channel foreign enable
config advanced 802.11a receiver pico-cell-v2 rx_sense_thrld 0 0 0
config advanced 802.11a receiver pico-cell-v2 cca_sense_thrld 0 0 0
config advanced 802.11a tx-power-control-thresh -65
config advanced probe-limit 2 500
transfer download path \/
transfer download filename cisco2106-config
transfer download serverip 172.16.5.4
transfer upload path \/
transfer upload filename cisco2106-config
transfer upload datatype config
transfer upload serverip 172.16.5.4 -
Fairly new to cisco ASA 5505 - Can someone look through my config?
Hi.
Can some one tell me if I did the NAT part right? Both dynamic and static.
To be able to reach one vlan from another I created a Nat between them, is this the right way to do it?
I can still limit the access between the vlans based on the access list.
I also getting slow throughput over the VPN tunnel. Is there something wrong with my config. I used the wizard to set it up. There is also a cisco asa5505 on the other end.
If there is some thing else that seems wrong, please let me know.
Any help would be greatfully appreciated!
Config:
: Saved
ASA Version 7.2(2)
hostname ciscoasa
domain-name default.domain.invalid
enable password x encrypted
names
name 192.168.1.250 DomeneServer
name 192.168.1.10 NotesServer
name 192.168.1.90 OvServer
name 192.168.1.97 TerminalServer
name 192.168.1.98 w8-eyeshare
name 192.168.50.10 w8-print
name 192.168.1.94 w8-app
name 192.168.1.89 FonnaFlyMedia
interface Vlan1
nameif Vlan1
security-level 100
ip address 192.168.200.100 255.255.255.0
ospf cost 10
interface Vlan2
nameif outside
security-level 0
ip address 79.x.x.226 255.255.255.224
ospf cost 10
interface Vlan400
nameif vlan400
security-level 100
ip address 192.168.1.1 255.255.255.0
ospf cost 10
interface Vlan450
nameif Vlan450
security-level 100
ip address 192.168.210.1 255.255.255.0
ospf cost 10
interface Vlan460
nameif Vlan460-SuldalHotell
security-level 100
ip address 192.168.2.1 255.255.255.0
ospf cost 10
interface Vlan461
nameif Vlan461-SuldalHotellGjest
security-level 100
ip address 192.168.3.1 255.255.255.0
ospf cost 10
interface Vlan462
nameif Vlan462-Suldalsposten
security-level 100
ip address 192.168.4.1 255.255.255.0
ospf cost 10
interface Vlan470
nameif vlan470-Kyrkjekontoret
security-level 100
ip address 192.168.202.1 255.255.255.0
ospf cost 10
interface Vlan480
nameif vlan480-Telefoni
security-level 100
ip address 192.168.20.1 255.255.255.0
ospf cost 10
interface Vlan490
nameif Vlan490-QNapBackup
security-level 100
ip address 192.168.10.1 255.255.255.0
ospf cost 10
interface Vlan500
nameif Vlan500-HellandBadlands
security-level 100
ip address 192.168.30.1 255.255.255.0
ospf cost 10
interface Vlan510
nameif Vlan510-IsTak
security-level 100
ip address 192.168.40.1 255.255.255.0
ospf cost 10
interface Vlan600
nameif Vlan600-SafeQ
security-level 100
ip address 192.168.50.1 255.255.255.0
ospf cost 10
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 500
switchport trunk allowed vlan 400,450,460-462,470,480,500,510,600,610
switchport mode trunk
interface Ethernet0/3
switchport access vlan 490
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
passwd x encrypted
ftp mode passive
clock timezone WAT 1
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object-group service Lotus_Notes_Utgaaande tcp
description Frim Notes og ut til alle
port-object eq domain
port-object eq ftp
port-object eq www
port-object eq https
port-object eq lotusnotes
port-object eq pop3
port-object eq pptp
port-object eq smtp
object-group service Lotus_Notes_inn tcp
description From alle og inn til Notes
port-object eq www
port-object eq lotusnotes
port-object eq pop3
port-object eq smtp
object-group service Reisebyraa tcp-udp
port-object range 3702 3702
port-object range 5500 5500
port-object range 9876 9876
object-group service Remote_Desktop tcp-udp
description Tilgang til Remote Desktop
port-object range 3389 3389
object-group service Sand_Servicenter_50000 tcp-udp
description Program tilgang til Sand Servicenter AS
port-object range 50000 50000
object-group service VNC_Remote_Admin tcp
description Frå oss til alle
port-object range 5900 5900
object-group service Printer_Accept tcp-udp
port-object range 9100 9100
port-object eq echo
object-group icmp-type Echo_Ping
icmp-object echo
icmp-object echo-reply
object-group service Print tcp
port-object range 9100 9100
object-group service FTP_NADA tcp
description Suldalsposten NADA tilgang
port-object eq ftp
port-object eq ftp-data
object-group service Telefonsentral tcp
description Hoftun
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
port-object eq telnet
object-group service Printer_inn_800 tcp
description Fra 800 nettet og inn til 400 port 7777
port-object range 7777 7777
object-group service Suldalsposten tcp
description Sending av mail vha Mac Mail programmet - åpner smtp
port-object eq pop3
port-object eq smtp
object-group service http2 tcp
port-object range 81 81
object-group service DMZ_FTP_PASSIVE tcp-udp
port-object range 55536 56559
object-group service DMZ_FTP tcp-udp
port-object range 20 21
object-group service DMZ_HTTPS tcp-udp
port-object range 443 443
object-group service DMZ_HTTP tcp-udp
port-object range 8080 8080
object-group service DNS_Query tcp
port-object range domain domain
object-group service DUETT_SQL_PORT tcp-udp
description For kobling mellom andre nett og duett server
port-object range 54659 54659
access-list outside_access_in extended permit ip any any
access-list outside_access_out extended permit ip any any
access-list vlan400_access_in extended deny ip any host 149.20.56.34
access-list vlan400_access_in extended deny ip any host 149.20.56.32
access-list vlan400_access_in extended permit ip any any
access-list Vlan450_access_in extended deny ip any host 149.20.56.34
access-list Vlan450_access_in extended deny ip any host 149.20.56.32
access-list Vlan450_access_in extended permit ip any any
access-list Vlan460_access_in extended deny ip any host 149.20.56.34
access-list Vlan460_access_in extended deny ip any host 149.20.56.32
access-list Vlan460_access_in extended permit ip any any
access-list vlan400_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan400_access_out extended permit tcp any host NotesServer object-group Lotus_Notes_Utgaaande
access-list vlan400_access_out extended permit tcp any host DomeneServer object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host TerminalServer object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host OvServer object-group http2
access-list vlan400_access_out extended permit tcp any host NotesServer object-group Lotus_Notes_inn
access-list vlan400_access_out extended permit tcp any host NotesServer object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host w8-eyeshare object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host w8-app object-group Remote_Desktop
access-list vlan400_access_out extended permit tcp any host FonnaFlyMedia range 8400 8600
access-list vlan400_access_out extended permit udp any host FonnaFlyMedia range 9000 9001
access-list vlan400_access_out extended permit tcp 192.168.4.0 255.255.255.0 host DomeneServer
access-list vlan400_access_out extended permit tcp 192.168.4.0 255.255.255.0 host w8-app object-group DUETT_SQL_PORT
access-list Vlan500_access_in extended deny ip any host 149.20.56.34
access-list Vlan500_access_in extended deny ip any host 149.20.56.32
access-list Vlan500_access_in extended permit ip any any
access-list vlan470_access_in extended deny ip any host 149.20.56.34
access-list vlan470_access_in extended deny ip any host 149.20.56.32
access-list vlan470_access_in extended permit ip any any
access-list Vlan490_access_in extended deny ip any host 149.20.56.34
access-list Vlan490_access_in extended deny ip any host 149.20.56.32
access-list Vlan490_access_in extended permit ip any any
access-list Vlan450_access_out extended permit icmp any any object-group Echo_Ping
access-list Vlan1_access_out extended permit ip any any
access-list Vlan1_access_out extended permit tcp any host w8-print object-group Remote_Desktop
access-list Vlan1_access_out extended deny ip any any
access-list Vlan1_access_out extended permit icmp any any echo-reply
access-list Vlan460_access_out extended permit icmp any any object-group Echo_Ping
access-list Vlan490_access_out extended permit icmp any any object-group Echo_Ping
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_FTP
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_FTP_PASSIVE
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_HTTPS
access-list Vlan490_access_out extended permit tcp any host 192.168.10.10 object-group DMZ_HTTP
access-list Vlan500_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan470_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan470_access_out extended permit tcp any host 192.168.202.10 object-group Remote_Desktop
access-list Vlan510_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan480_access_out extended permit ip any any
access-list Vlan510_access_in extended permit ip any any
access-list Vlan600_access_in extended permit ip any any
access-list Vlan600_access_out extended permit icmp any any
access-list Vlan600_access_out extended permit tcp any host w8-print object-group Remote_Desktop
access-list Vlan600_access_out extended permit tcp 192.168.1.0 255.255.255.0 host w8-print eq www
access-list Vlan600_access_out extended permit tcp 192.168.202.0 255.255.255.0 host w8-print eq www
access-list Vlan600_access_out extended permit tcp 192.168.210.0 255.255.255.0 host w8-print eq www
access-list Vlan600_access_in_1 extended permit ip any any
access-list Vlan461_access_in extended permit ip any any
access-list Vlan461_access_out extended permit icmp any any object-group Echo_Ping
access-list vlan400_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.77.0 255.255.255.0
access-list outside_20_cryptomap_1 extended permit ip 192.168.1.0 255.255.255.0 192.168.77.0 255.255.255.0
access-list outside_20_cryptomap extended permit ip 192.168.1.0 255.255.255.0 192.168.77.0 255.255.255.0
access-list Vlan462-Suldalsposten_access_in extended permit ip any any
access-list Vlan462-Suldalsposten_access_out extended permit icmp any any echo-reply
access-list Vlan462-Suldalsposten_access_out_1 extended permit icmp any any echo-reply
access-list Vlan462-Suldalsposten_access_in_1 extended permit ip any any
pager lines 24
logging enable
logging asdm informational
mtu Vlan1 1500
mtu outside 1500
mtu vlan400 1500
mtu Vlan450 1500
mtu Vlan460-SuldalHotell 1500
mtu Vlan461-SuldalHotellGjest 1500
mtu vlan470-Kyrkjekontoret 1500
mtu vlan480-Telefoni 1500
mtu Vlan490-QNapBackup 1500
mtu Vlan500-HellandBadlands 1500
mtu Vlan510-IsTak 1500
mtu Vlan600-SafeQ 1500
mtu Vlan462-Suldalsposten 1500
no failover
monitor-interface Vlan1
monitor-interface outside
monitor-interface vlan400
monitor-interface Vlan450
monitor-interface Vlan460-SuldalHotell
monitor-interface Vlan461-SuldalHotellGjest
monitor-interface vlan470-Kyrkjekontoret
monitor-interface vlan480-Telefoni
monitor-interface Vlan490-QNapBackup
monitor-interface Vlan500-HellandBadlands
monitor-interface Vlan510-IsTak
monitor-interface Vlan600-SafeQ
monitor-interface Vlan462-Suldalsposten
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-522.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (vlan400) 0 access-list vlan400_nat0_outbound
nat (vlan400) 1 0.0.0.0 0.0.0.0 dns
nat (Vlan450) 1 0.0.0.0 0.0.0.0 dns
nat (Vlan460-SuldalHotell) 1 0.0.0.0 0.0.0.0
nat (Vlan461-SuldalHotellGjest) 1 0.0.0.0 0.0.0.0
nat (vlan470-Kyrkjekontoret) 1 0.0.0.0 0.0.0.0
nat (Vlan490-QNapBackup) 1 0.0.0.0 0.0.0.0 dns
nat (Vlan500-HellandBadlands) 1 0.0.0.0 0.0.0.0
nat (Vlan510-IsTak) 1 0.0.0.0 0.0.0.0
nat (Vlan600-SafeQ) 1 0.0.0.0 0.0.0.0
nat (Vlan462-Suldalsposten) 1 0.0.0.0 0.0.0.0
static (vlan400,outside) 79.x.x.x DomeneServer netmask 255.255.255.255
static (vlan470-Kyrkjekontoret,outside) 79.x.x.x 192.168.202.10 netmask 255.255.255.255
static (vlan400,outside) 79.x.x.x NotesServer netmask 255.255.255.255 dns
static (vlan400,outside) 79.x.x.231 TerminalServer netmask 255.255.255.255
static (vlan400,outside) 79.x.x.234 OvServer netmask 255.255.255.255
static (vlan400,outside) 79.x.x.232 w8-eyeshare netmask 255.255.255.255
static (Vlan490-QNapBackup,outside) 79.x.x.233 192.168.10.10 netmask 255.255.255.255 dns
static (Vlan600-SafeQ,outside) 79.x.x.235 w8-print netmask 255.255.255.255
static (vlan400,outside) 79.x.x.236 w8-app netmask 255.255.255.255
static (Vlan450,vlan400) 192.168.210.0 192.168.210.0 netmask 255.255.255.0
static (Vlan500-HellandBadlands,vlan400) 192.168.30.0 192.168.30.0 netmask 255.255.255.0
static (vlan400,Vlan500-HellandBadlands) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400,Vlan450) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400,outside) 79.x.x.252 FonnaFlyMedia netmask 255.255.255.255
static (Vlan462-Suldalsposten,vlan400) 192.168.4.0 192.168.4.0 netmask 255.255.255.0
static (vlan400,Vlan462-Suldalsposten) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (vlan400,Vlan600-SafeQ) 192.168.1.0 192.168.1.0 netmask 255.255.255.0
static (Vlan600-SafeQ,vlan400) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan600-SafeQ,Vlan450) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan600-SafeQ,vlan470-Kyrkjekontoret) 192.168.50.0 192.168.50.0 netmask 255.255.255.0
static (Vlan450,Vlan600-SafeQ) 192.168.210.0 192.168.210.0 netmask 255.255.255.0
static (vlan470-Kyrkjekontoret,Vlan600-SafeQ) 192.168.202.0 192.168.202.0 netmask 255.255.255.0
access-group Vlan1_access_out out interface Vlan1
access-group outside_access_in in interface outside
access-group outside_access_out out interface outside
access-group vlan400_access_in in interface vlan400
access-group vlan400_access_out out interface vlan400
access-group Vlan450_access_in in interface Vlan450
access-group Vlan450_access_out out interface Vlan450
access-group Vlan460_access_in in interface Vlan460-SuldalHotell
access-group Vlan460_access_out out interface Vlan460-SuldalHotell
access-group Vlan461_access_in in interface Vlan461-SuldalHotellGjest
access-group Vlan461_access_out out interface Vlan461-SuldalHotellGjest
access-group vlan470_access_in in interface vlan470-Kyrkjekontoret
access-group vlan470_access_out out interface vlan470-Kyrkjekontoret
access-group vlan480_access_out out interface vlan480-Telefoni
access-group Vlan490_access_in in interface Vlan490-QNapBackup
access-group Vlan490_access_out out interface Vlan490-QNapBackup
access-group Vlan500_access_in in interface Vlan500-HellandBadlands
access-group Vlan500_access_out out interface Vlan500-HellandBadlands
access-group Vlan510_access_in in interface Vlan510-IsTak
access-group Vlan510_access_out out interface Vlan510-IsTak
access-group Vlan600_access_in_1 in interface Vlan600-SafeQ
access-group Vlan600_access_out out interface Vlan600-SafeQ
access-group Vlan462-Suldalsposten_access_in_1 in interface Vlan462-Suldalsposten
access-group Vlan462-Suldalsposten_access_out_1 out interface Vlan462-Suldalsposten
route outside 0.0.0.0 0.0.0.0 79.x.x.225 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
username x password x encrypted privilege 15
aaa authentication ssh console LOCAL
http server enable
http 192.168.210.0 255.255.255.0 Vlan450
http 192.168.200.0 255.255.255.0 Vlan1
http 192.168.1.0 255.255.255.0 vlan400
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto map outside_map 20 match address outside_20_cryptomap_1
crypto map outside_map 20 set pfs
crypto map outside_map 20 set peer 62.92.159.137
crypto map outside_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp enable vlan400
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 62.92.159.137 type ipsec-l2l
tunnel-group 62.92.159.137 ipsec-attributes
pre-shared-key *
telnet 192.168.200.0 255.255.255.0 Vlan1
telnet 192.168.1.0 255.255.255.0 vlan400
telnet timeout 5
ssh 171.68.225.216 255.255.255.255 outside
ssh timeout 5
console timeout 0
dhcpd update dns both
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan1
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface outside
dhcpd address 192.168.1.100-192.168.1.225 vlan400
dhcpd option 6 ip DomeneServer 81.167.36.11 interface vlan400
dhcpd option 3 ip 192.168.1.1 interface vlan400
dhcpd enable vlan400
dhcpd address 192.168.210.100-192.168.210.200 Vlan450
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan450
dhcpd option 3 ip 192.168.210.1 interface Vlan450
dhcpd enable Vlan450
dhcpd address 192.168.2.100-192.168.2.150 Vlan460-SuldalHotell
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan460-SuldalHotell
dhcpd option 3 ip 192.168.2.1 interface Vlan460-SuldalHotell
dhcpd enable Vlan460-SuldalHotell
dhcpd address 192.168.3.100-192.168.3.200 Vlan461-SuldalHotellGjest
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan461-SuldalHotellGjest
dhcpd option 3 ip 192.168.3.1 interface Vlan461-SuldalHotellGjest
dhcpd enable Vlan461-SuldalHotellGjest
dhcpd address 192.168.202.100-192.168.202.199 vlan470-Kyrkjekontoret
dhcpd option 3 ip 192.168.202.1 interface vlan470-Kyrkjekontoret
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan470-Kyrkjekontoret
dhcpd enable vlan470-Kyrkjekontoret
dhcpd option 3 ip 192.168.20.1 interface vlan480-Telefoni
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface vlan480-Telefoni
dhcpd address 192.168.10.80-192.168.10.90 Vlan490-QNapBackup
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan490-QNapBackup
dhcpd option 3 ip 192.168.10.1 interface Vlan490-QNapBackup
dhcpd address 192.168.30.100-192.168.30.199 Vlan500-HellandBadlands
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan500-HellandBadlands
dhcpd option 3 ip 192.168.30.1 interface Vlan500-HellandBadlands
dhcpd enable Vlan500-HellandBadlands
dhcpd address 192.168.40.100-192.168.40.150 Vlan510-IsTak
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan510-IsTak
dhcpd option 3 ip 192.168.40.1 interface Vlan510-IsTak
dhcpd enable Vlan510-IsTak
dhcpd address 192.168.50.150-192.168.50.199 Vlan600-SafeQ
dhcpd option 6 ip 81.167.36.3 81.167.36.11 interface Vlan600-SafeQ
dhcpd enable Vlan600-SafeQ
dhcpd address 192.168.4.100-192.168.4.150 Vlan462-Suldalsposten
dhcpd option 6 ip DomeneServer 81.167.36.11 interface Vlan462-Suldalsposten
dhcpd option 3 ip 192.168.4.1 interface Vlan462-Suldalsposten
dhcpd enable Vlan462-Suldalsposten
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
prompt hostname context
Cryptochecksum:x
: endI was just wondering if this is the way to do the "connection" between vlans.. or should it be routed?
The traffic between the vlan is working as intended. There are not much traffice only some RDP connection and some printing jobs.
But i'm getting some of these errors: (not alle like this, but portmap translation creation failed)
305006 192.168.10.200 portmap translation creation failed for udp src Vlan460-SuldalHotell:192.168.2.112/59133 dst Vlan490-QNapBackup:192.168.10.200/161
I did the sh interface commends:
Result of the command: "sh interface"
Interface Vlan1 "Vlan1", is down, line protocol is down
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.200.100, subnet mask 255.255.255.0
Traffic Statistics for "Vlan1":
0 packets input, 0 bytes
0 packets output, 0 bytes
0 packets dropped
1 minute input rate 0 pkts/sec, 0 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 0 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 79.x.x.226, subnet mask 255.255.255.224
Traffic Statistics for "outside":
1780706730 packets input, 1221625431570 bytes
1878320718 packets output, 1743030863134 bytes
5742216 packets dropped
1 minute input rate 558 pkts/sec, 217568 bytes/sec
1 minute output rate 803 pkts/sec, 879715 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 621 pkts/sec, 482284 bytes/sec
5 minute output rate 599 pkts/sec, 428957 bytes/sec
5 minute drop rate, 1 pkts/sec
Interface Vlan400 "vlan400", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.1.1, subnet mask 255.255.255.0
Traffic Statistics for "vlan400":
1093422654 packets input, 1191121436317 bytes
784209789 packets output, 374041914789 bytes
11465163 packets dropped
1 minute input rate 751 pkts/sec, 870445 bytes/sec
1 minute output rate 462 pkts/sec, 116541 bytes/sec
1 minute drop rate, 11 pkts/sec
5 minute input rate 474 pkts/sec, 415304 bytes/sec
5 minute output rate 379 pkts/sec, 197861 bytes/sec
5 minute drop rate, 7 pkts/sec
Interface Vlan450 "Vlan450", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.210.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan450":
139711812 packets input, 27519985266 bytes
202793062 packets output, 233679075458 bytes
12523100 packets dropped
1 minute input rate 68 pkts/sec, 9050 bytes/sec
1 minute output rate 83 pkts/sec, 88025 bytes/sec
1 minute drop rate, 6 pkts/sec
5 minute input rate 145 pkts/sec, 15068 bytes/sec
5 minute output rate 241 pkts/sec, 287093 bytes/sec
5 minute drop rate, 6 pkts/sec
Interface Vlan460 "Vlan460-SuldalHotell", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.2.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan460-SuldalHotell":
177971988 packets input, 161663208458 bytes
193137004 packets output, 137418896469 bytes
4003957 packets dropped
1 minute input rate 13 pkts/sec, 2295 bytes/sec
1 minute output rate 14 pkts/sec, 15317 bytes/sec
1 minute drop rate, 2 pkts/sec
5 minute input rate 4 pkts/sec, 794 bytes/sec
5 minute output rate 1 pkts/sec, 477 bytes/sec
5 minute drop rate, 2 pkts/sec
Interface Vlan461 "Vlan461-SuldalHotellGjest", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.3.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan461-SuldalHotellGjest":
332909692 packets input, 351853184942 bytes
312038518 packets output, 156669956740 bytes
583171 packets dropped
1 minute input rate 0 pkts/sec, 6 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan462 "Vlan462-Suldalsposten", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.4.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan462-Suldalsposten":
33905 packets input, 14303320 bytes
28285 packets output, 27536357 bytes
10199 packets dropped
1 minute input rate 0 pkts/sec, 6 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan470 "vlan470-Kyrkjekontoret", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.202.1, subnet mask 255.255.255.0
Traffic Statistics for "vlan470-Kyrkjekontoret":
12176257 packets input, 4305665570 bytes
10618750 packets output, 5982598969 bytes
974796 packets dropped
1 minute input rate 2 pkts/sec, 770 bytes/sec
1 minute output rate 1 pkts/sec, 861 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 2 pkts/sec, 708 bytes/sec
5 minute output rate 1 pkts/sec, 980 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan480 "vlan480-Telefoni", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.20.1, subnet mask 255.255.255.0
Traffic Statistics for "vlan480-Telefoni":
246638 packets input, 43543149 bytes
10 packets output, 536 bytes
226674 packets dropped
1 minute input rate 0 pkts/sec, 126 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 56 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan490 "Vlan490-QNapBackup", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.10.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan490-QNapBackup":
137317833 packets input, 6066713912 bytes
223933623 packets output, 263191563744 bytes
531738 packets dropped
1 minute input rate 0 pkts/sec, 135 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 68 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan500 "Vlan500-HellandBadlands", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.30.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan500-HellandBadlands":
30816778 packets input, 4887486069 bytes
42403099 packets output, 47831750415 bytes
948717 packets dropped
1 minute input rate 3 pkts/sec, 707 bytes/sec
1 minute output rate 3 pkts/sec, 3459 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 23 bytes/sec
5 minute output rate 0 pkts/sec, 31 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan510 "Vlan510-IsTak", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.40.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan510-IsTak":
1253148 packets input, 245364736 bytes
1225385 packets output, 525528101 bytes
161567 packets dropped
1 minute input rate 0 pkts/sec, 6 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 6 bytes/sec
5 minute output rate 0 pkts/sec, 0 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Vlan600 "Vlan600-SafeQ", is up, line protocol is up
Hardware is EtherSVI
MAC address 001d.453a.ea0e, MTU 1500
IP address 192.168.50.1, subnet mask 255.255.255.0
Traffic Statistics for "Vlan600-SafeQ":
1875377 packets input, 1267279709 bytes
1056139 packets output, 290728055 bytes
521943 packets dropped
1 minute input rate 0 pkts/sec, 165 bytes/sec
1 minute output rate 0 pkts/sec, 0 bytes/sec
1 minute drop rate, 0 pkts/sec
5 minute input rate 0 pkts/sec, 178 bytes/sec
5 minute output rate 0 pkts/sec, 9 bytes/sec
5 minute drop rate, 0 pkts/sec
Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.453a.ea06, MTU not set
IP address unassigned
1782670655 packets input, 1256666911856 bytes, 0 no buffer
Received 95709 broadcasts, 0 runts, 0 giants
1978 input errors, 1978 CRC, 0 frame, 0 overrun, 1978 ignored, 0 abort
0 L2 decode drops
17179928790 switch ingress policy drops
1878320261 packets output, 1778955488577 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/2 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.453a.ea08, MTU not set
IP address unassigned
1790819459 packets input, 1783854920873 bytes, 0 no buffer
Received 27571913 broadcasts, 0 runts, 0 giants
614 input errors, 614 CRC, 0 frame, 0 overrun, 614 ignored, 0 abort
0 L2 decode drops
19768 switch ingress policy drops
1547507675 packets output, 991527977853 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops
Interface Ethernet0/3 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps
Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
Available but not configured via nameif
MAC address 001d.453a.ea09, MTU not set
IP address unassigned
137318166 packets input, 9176625008 bytes, 0 no buffer
Received 290030 broadcasts, 0 runts, 0 giants
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 L2 decode drops
335 switch ingress policy drops
223933623 packets output, 267222625073 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 babbles, 0 late collisions, 0 deferred
0 lost carrier, 0 no carrier
0 rate limit drops
0 switch egress policy drops -
Confused with this ASA - VPN config issue
Hello. Can anyone help me here? I am new to the ASA config and commands. Everything works well, enough, on this ASA except the VPN. A client can connect but cannot access anything inside or outside. Here is the config. Can someone please take a look and tell me why VPN is not working? I don't want to set up split-tunneling, I would prefer everything to go through the firewall. Also, if you see something else wrong (or have a better implementation) then please let me know.
ASA Version 8.4(2)
hostname FIREWALL_NAME
enable password Some_X's_here encrypted
passwd Some_X's_here encrypted
names
interface Ethernet0/0
speed 100
duplex full
no nameif
no security-level
no ip address
interface Ethernet0/0.22
description Public Internet space via VLAN 22
vlan 22
nameif Public_Internet
security-level 0
ip address 1.3.3.7 255.255.255.248
interface Ethernet0/1
speed 100
duplex full
no nameif
no security-level
no ip address
interface Ethernet0/1.42
description Private LAN space via VLAN 42
shutdown
vlan 42
nameif Private_CDATA
security-level 100
ip address 10.30.136.1 255.255.255.0
interface Ethernet0/1.69
description Private LAN space via VLAN 69
vlan 69
nameif Private_ODATA
security-level 100
ip address 10.30.133.1 255.255.255.0
interface Ethernet0/1.95
description Private LAN space via VLAN 95
shutdown
vlan 95
nameif Private_OVOICE
security-level 100
ip address 192.168.102.254 255.255.255.0
interface Ethernet0/1.96
description Private LAN space via VLAN 96
shutdown
vlan 96
nameif Private_CVOICE
security-level 100
ip address 192.168.91.254 255.255.255.0
interface Ethernet0/1.3610
description Private LAN subnet via VLAN 3610
shutdown
vlan 3610
nameif Private_CeDATA
security-level 100
ip address 10.10.100.18 255.255.255.240
interface Ethernet0/1.3611
description Private LAN space via VLAN 3611
shutdown
vlan 3611
nameif Private_CeVOICE
security-level 100
ip address 10.10.100.66 255.255.255.252
interface Ethernet0/2
shutdown
no nameif
security-level 0
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.69.1 255.255.255.0
management-only
banner exec WARNING!! Access to this device is restricted to those individuals with specific permissions. If you are not an authorized user, disconnect now. Any attempts to gain unauthorized access will be prosecuted to the fullest
extent of the law.
banner exec
banner exec ,
banner exec .';
banner exec .-'` .'
banner exec ,`.-'-.`\
banner exec ; / '-'
banner exec | \ ,-,
banner exec \ '-.__ )_`'._ \|/
banner exec '. ``` ``'--._[]--------------*
banner exec .-' , `'-. /|\
banner exec '-'`-._ (( o )
banner exec `'--....(`- ,__..--'
banner exec '-'`
banner exec
banner exec frickin' sharks with frickin' laser beams attached to their frickin' heads
banner login WARNING!! Access to this device is restricted to those individuals with specific permissions. If you are not an authorized user, disconnect now. Any attempts to gain unauthorized access will be prosecuted to the fullest
extent of the law.
banner asdm WARNING!! Access to this device is restricted to those individuals with specific permissions. If you are not an authorized user, disconnect now. Any attempts to gain unauthorized access will be prosecuted to the fullest
extent of the law.
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network CD_3610-GW
host 10.10.100.17
description First hop to 3610
object network CV_3611-GW
host 10.10.100.65
description First hop to 3611
object network GW_22-EXT
host 1.3.3.6
description First hop to 22
object service MS-RDC
service tcp source range 1024 65535 destination eq 3389
description Microsoft Remote Desktop Connection
object network HDC-LAN
subnet 192.168.200.0 255.255.255.0
description DC LAN subnet
object network HAM-LAN
subnet 192.168.110.0 255.255.255.0
description HAM LAN subnet
object service MSN
service tcp source range 1 65535 destination eq 1863
description MSN Messenger
object network BCCs
host 2.1.8.1
description BCCs server access
object network ODLW-EXT
host 7.1.1.5
description OTTDl
object network SWINDS-INT
host 10.30.133.67
description SWINDS server
object network SWINDS(192.x.x.x)-INT
host 192.168.100.67
description SWINDS server
object service YMSG
service tcp source range 1 65535 destination eq 5050
description Yahoo Messenger
object service c.b.ca1
service tcp source range 1 65535 destination eq citrix-ica
description Connections to the bc portal.
object service c.b.ca2
service tcp source range 1 65535 destination eq 2598
description Connections to the bc portal.
object service HTTP-EXT(7001)
service tcp source range 1 65535 destination eq 7001
description HTTP Extended on port 7001.
object service HTTP-EXT(8000-8001)
service tcp source range 1 65535 destination range 8000 8001
description HTTP Extended on ports 8000-8001.
object service HTTP-EXT(8080-8081)
service tcp source range 1 65535 destination range 8080 8081
description HTTP Extended on ports 8080-8081.
object service HTTP-EXT(8100)
service tcp source range 1 65535 destination eq 8100
description HTTP Extended on port 8100.
object service HTTP-EXT(8200)
service tcp source range 1 65535 destination eq 8200
description HTTP Extended on port 8200.
object service HTTP-EXT(8888)
service tcp source range 1 65535 destination eq 8888
description HTTP Extended on port 8888.
object service HTTP-EXT(9080)
service tcp source range 1 65535 destination eq 9080
description HTTP Extended on port 9080.
object service ntp
service tcp source range 1 65535 destination eq 123
description TCP NTP on port 123.
object network Pl-EXT
host 7.1.1.2
description OPl box.
object service Pl-Admin
service tcp source range 1 65535 destination eq 8443
description Pl Admin portal
object network FW-EXT
host 1.3.3.7
description External/Public interface IP address of firewall.
object network Rs-EXT
host 7.1.1.8
description Rs web portal External/Public IP.
object network DWDM-EXT
host 2.1.2.1
description DWDM.
object network HM_VPN-EXT
host 6.2.9.7
description HAM Man.
object network SIM_MGMT
host 2.1.1.1
description SIM Man.
object network TS_MGMT
host 2.1.1.4
description TS Man.
object network TS_MGMT
host 2.1.2.2
description TS Man.
object service VPN-TCP(1723)
service tcp source range 1 65535 destination eq pptp
description For PPTP control path.
object service VPN-UDP(4500)
service udp source range 1 65535 destination eq 4500
description For L2TP(IKEv1) and IKEv2.
object service VPN-TCP(443)
service tcp source range 1 65535 destination eq https
description For SSTP control and data path.
object service VPN-UDP(500)
service udp source range 1 65535 destination eq isakmp
description For L2TP(IKEv1) and IKEv2.
object network RCM
host 6.1.8.2
description RCM
object network RCM_Y
host 6.1.8.9
description RCM Y
object network r.r.r.c163
host 2.1.2.63
description RCV IP.
object network r.r.r.c227
host 2.1.2.27
description RCV IP.
object network v.t.c-EXT
host 2.5.1.2
description RTICR
object service VPN-TCP(10000)
service tcp source range 1 65535 destination eq 10000
description For TCP VPN over port 1000.
object service BGP-JY
service tcp source range 1 65535 destination eq 21174
description BPG
object network KooL
host 192.168.100.100
description KooL
object network FW_Test
host 1.3.3.7
description Testing other External IP
object network AO_10-30-133-0-LAN
range 10.30.133.0 10.30.133.229
description OLS 10.30.133.0/24
object network AC_10-30-136-0-LAN
subnet 10.30.136.0 255.255.255.0
description CLS 10.30.136.0/24
object network NETWORK_OBJ_192.168.238.0_27
subnet 192.168.238.0 255.255.255.224
object-group network All_Private_Interfaces
description All private interfaces
network-object 10.30.133.0 255.255.255.0
network-object 10.30.136.0 255.255.255.0
network-object 10.10.100.16 255.255.255.240
network-object 10.10.100.64 255.255.255.252
network-object 192.168.102.0 255.255.255.0
network-object 192.168.91.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service cb.ca
description All ports required for cb.ca connections.
service-object object c.b.ca1
service-object object c.b.ca2
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq https
service-object udp destination eq snmp
object-group service FTP
description All FTP ports (20 + 21)
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
object-group service HTTP-EXT
description HTTP Extended port ranges.
service-object object HTTP-EXT(7001)
service-object object HTTP-EXT(8000-8001)
service-object object HTTP-EXT(8080-8081)
service-object object HTTP-EXT(8100)
service-object object HTTP-EXT(8200)
service-object object HTTP-EXT(8888)
service-object object HTTP-EXT(9080)
object-group service ICMP_Any
description ICMP: Any Type, Any Code
service-object icmp alternate-address
service-object icmp conversion-error
service-object icmp echo
service-object icmp echo-reply
service-object icmp information-reply
service-object icmp information-request
service-object icmp mask-reply
service-object icmp mask-request
service-object icmp mobile-redirect
service-object icmp parameter-problem
service-object icmp redirect
service-object icmp router-advertisement
service-object icmp router-solicitation
service-object icmp source-quench
service-object icmp time-exceeded
service-object icmp timestamp-reply
service-object icmp timestamp-request
service-object icmp traceroute
service-object icmp unreachable
service-object icmp6 echo
service-object icmp6 echo-reply
service-object icmp6 membership-query
service-object icmp6 membership-reduction
service-object icmp6 membership-report
service-object icmp6 neighbor-advertisement
service-object icmp6 neighbor-redirect
service-object icmp6 neighbor-solicitation
service-object icmp6 packet-too-big
service-object icmp6 parameter-problem
service-object icmp6 router-advertisement
service-object icmp6 router-renumbering
service-object icmp6 router-solicitation
service-object icmp6 time-exceeded
service-object icmp6 unreachable
service-object icmp
object-group service NTP
description TCP and UPD NTP protocol
service-object object ntp
service-object udp destination eq ntp
object-group service DM_INLINE_SERVICE_3
group-object FTP
group-object HTTP-EXT
group-object ICMP_Any
group-object NTP
service-object tcp-udp destination eq domain
service-object tcp-udp destination eq www
service-object tcp destination eq https
service-object tcp destination eq ssh
service-object ip
object-group service DM_INLINE_SERVICE_4
group-object NTP
service-object tcp destination eq daytime
object-group network SWINDS
description Both Internal IP addresses (192 + 10)
network-object object SWINDS-INT
network-object object SWINDS(192.x.x.x)-INT
object-group service IM_Types
description All messenger type applications
service-object object MSN
service-object object YMSG
service-object tcp-udp destination eq talk
service-object tcp destination eq aol
service-object tcp destination eq irc
object-group service SNMP
description Both poll and trap ports.
service-object udp destination eq snmp
service-object udp destination eq snmptrap
object-group service DM_INLINE_SERVICE_2
group-object FTP
service-object object MS-RDC
service-object object Pl-Admin
group-object SNMP
object-group network DM_INLINE_NETWORK_1
network-object object FW-EXT
network-object object Rs-EXT
object-group network AMV
description connections for legacy AM
network-object object DWDM-EXT
network-object object HAM_MGMT
network-object object SIM_MGMT
network-object object TS_MGMT
network-object object TS_MGMT
object-group service IKEv2_L2TP
description IKEv2 and L2TP VPN configurations
service-object esp
service-object object VPN-UDP(4500)
service-object object VPN-UDP(500)
object-group service PPTP
description PPTP VPN configuration
service-object gre
service-object object VPN-TCP(1723)
object-group service SSTP
description SSTP VPN configuration
service-object object VPN-TCP(443)
object-group network RvIPs
description Rv IP addresses
network-object object RCM
network-object object RCM_Y
network-object object r.r.r.c163
network-object object r.r.r.c227
network-object object v.t.c-EXT
object-group service Rvs
description Rv configuration.
service-object object VPN-TCP(10000)
service-object object VPN-UDP(500)
object-group service DM_INLINE_SERVICE_5
service-object object BGP-JY
service-object tcp destination eq bgp
object-group network Local_Private_Subnets
description OandCl DATA
network-object 10.30.133.0 255.255.255.0
network-object 10.30.136.0 255.255.255.0
access-list Public/Internet_access_out remark Block all IM traffic out.
access-list Public/Internet_access_out extended deny object-group IM_Types object-group Local_Private_Subnets any
access-list Public/Internet_access_out remark Access from SWINDS to DLM portal
access-list Public/Internet_access_out extended permit object-group DM_INLINE_SERVICE_1 object-group SWINDS object ODLW-EXT
access-list Public/Internet_access_out remark Allow access to BMC portal
access-list Public/Internet_access_out extended permit object-group cb.ca object-group Local_Private_Subnets object BCCs
access-list Public/Internet_access_out remark Allow basic services out.
access-list Public/Internet_access_out extended permit object-group DM_INLINE_SERVICE_3 object-group Local_Private_Subnets any
access-list Public/Internet_access_out remark Allow WhoIS traffic out.
access-list Public/Internet_access_out extended permit tcp object-group Local_Private_Subnets any eq whois
access-list Public/Internet_access_out remark Allow Network Time protocols out.
access-list Public/Internet_access_out extended permit object-group DM_INLINE_SERVICE_4 object-group Local_Private_Subnets any
access-list Public/Internet_access_out remark Allow all IP based monitoring traffic to Pl.
access-list Public/Internet_access_out extended permit ip object-group SWINDS object Pl-EXT
access-list Public/Internet_access_out remark Allow Management traffic to Pl-JY.
access-list Public/Internet_access_out extended permit object-group DM_INLINE_SERVICE_2 object-group Local_Private_Subnets object Pl-EXT
access-list Public/Internet_access_out remark Allow FTP traffic to Grimlock and RS FTP.
access-list Public/Internet_access_out extended permit object-group FTP object-group Local_Private_Subnets object-group DM_INLINE_NETWORK_1
access-list Public/Internet_access_out remark Allow VPN traffic to AM-JY.
access-list Public/Internet_access_out extended permit object-group IKEv2_L2TP object-group Local_Private_Subnets object-group AMV
access-list Public/Internet_access_out remark Allow VPN traffic to RCm devices.
access-list Public/Internet_access_out extended permit object-group Rvs object-group Local_Private_Subnets object-group RvIPs
access-list Public/Internet_access_out remark Allow BPG traffic out.
access-list Public/Internet_access_out extended permit object-group DM_INLINE_SERVICE_5 object-group Local_Private_Subnets any
access-list Public/Internet_access_out remark Allow Kool server out.
access-list Public/Internet_access_out extended permit ip object KooL any
pager lines 24
logging enable
logging history informational
logging asdm informational
logging mail notifications
logging from-address [email protected]
logging recipient-address [email protected] level errors
mtu Public_Internet 1500
mtu Private_CDATA 1500
mtu Private_ODATA 1500
mtu Private_OVOICE 1500
mtu Private_CVOICE 1500
mtu Private_CeDATA 1500
mtu Private_CeVOICE 1500
mtu management 1500
ip local pool AO-VPN_Pool 192.168.238.2-192.168.238.30 mask 255.255.255.224
ip verify reverse-path interface Public_Internet
ip verify reverse-path interface Private_CDATA
ip verify reverse-path interface Private_ODATA
ip verify reverse-path interface Private_OVOICE
ip verify reverse-path interface Private_CVOICE
ip verify reverse-path interface Private_CeDATA
ip verify reverse-path interface Private_CeVOICE
ip verify reverse-path interface management
icmp unreachable rate-limit 1 burst-size 1
icmp deny any Public_Internet
no asdm history enable
arp timeout 14400
nat (Private_ODATA,Public_Internet) source dynamic AO_10-30-133-0-LAN interface
nat (Private_CDATA,Public_Internet) source dynamic AC_10-30-136-0-LAN interface
nat (Private_ODATA,Public_Internet) source static any any destination static NETWORK_OBJ_192.168.238.0_27 NETWORK_OBJ_192.168.238.0_27 no-proxy-arp route-lookup
access-group Public/Internet_access_out out interface Public_Internet
route Public_Internet 0.0.0.0 0.0.0.0 1.3.3.6 1
route Private_CeDATA 10.0.0.0 255.0.0.0 10.10.100.17 1
route Private_CeDATA 10.1.0.0 255.255.0.0 10.10.100.17 1
route Private_CeDATA 10.3.0.0 255.255.0.0 10.10.100.17 1
route Private_CeDATA 10.5.0.0 255.255.0.0 10.10.100.17 1
route Private_CeDATA 10.11.106.74 255.255.255.255 10.10.100.17 1
route Private_CeDATA 10.30.128.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.30.130.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.30.131.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.30.132.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.30.134.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.30.135.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.67.31.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.224.0.0 255.255.0.0 10.10.100.17 1
route Private_CeDATA 4.1.1.19 255.255.255.255 10.10.100.17 1
route Private_CeDATA 1.1.1.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 1.1.1.13 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.11.24 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.11.27 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.17.105 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.147.64 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.147.66 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.147.110 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.251.57 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.21.56.105 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.21.57.152 255.255.255.255 10.10.100.17 1
route Private_CeDATA 192.168.3.0 255.255.255.0 10.10.100.17 1
route Private_CeVOICE 192.168.9.0 255.255.255.0 10.10.100.65 1
route Private_CeDATA 192.168.20.0 255.255.255.0 10.10.100.17 1
route Private_CeVOICE 192.168.21.0 255.255.255.0 10.10.100.65 1
route Private_CeDATA 192.168.30.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 192.168.31.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 192.168.40.0 255.255.255.0 10.10.100.17 1
route Private_CeVOICE 192.168.41.0 255.255.255.0 10.10.100.65 1
route Private_CeVOICE 192.168.50.0 255.255.255.0 10.10.100.65 1
route Private_CeDATA 192.168.60.0 255.255.255.0 10.10.100.17 1
route Private_CeVOICE 192.168.61.0 255.255.255.0 10.10.100.65 1
route Private_CeVOICE 192.168.70.0 255.255.255.0 10.10.100.65 1
route Private_CeVOICE 192.168.101.0 255.255.255.0 10.10.100.65 1
route Private_CeDATA 192.168.110.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 192.168.200.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 192.251.177.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 2.1.2.7 255.255.255.255 10.10.100.17 1
route Private_CeDATA 2.1.2.74 255.255.255.255 10.10.100.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server AD protocol nt
aaa-server AD (Private_ODATA) host 10.30.133.21
timeout 5
nt-auth-domain-controller Cool_Transformer_Name
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
http server enable
http 192.168.69.0 255.255.255.0 management
snmp-server host Private_ODATA 10.30.133.67 poll community Some_*s_here version 2c
snmp-server location OT
snmp-server contact [email protected]
snmp-server community Some_*s_here
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
sysopt noproxyarp Public_Internet
sysopt noproxyarp Private_CDATA
sysopt noproxyarp Private_ODATA
sysopt noproxyarp Private_OVOICE
sysopt noproxyarp Private_CVOICE
sysopt noproxyarp Private_CeDATA
sysopt noproxyarp Private_CeVOICE
sysopt noproxyarp management
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Public_Internet_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Public_Internet_map interface Public_Internet
crypto ikev1 enable Public_Internet
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
client-update enable
telnet timeout 5
ssh 10.30.133.0 255.255.255.0 Private_ODATA
ssh 192.168.69.0 255.255.255.0 management
ssh timeout 2
ssh version 2
console timeout 5
dhcprelay server 10.30.133.13 Private_ODATA
dhcprelay enable Private_CDATA
dhcprelay timeout 60
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 10.30.133.13 prefer
ntp server 132.246.11.227
ntp server 10.30.133.21
webvpn
group-policy AO-VPN_Tunnel internal
group-policy AO-VPN_Tunnel attributes
dns-server value 10.30.133.21 10.30.133.13
vpn-tunnel-protocol ikev1
default-domain value ao.local
username helpme password Some_X's_here encrypted privilege 1
username helpme attributes
service-type nas-prompt
tunnel-group AO-VPN_Tunnel type remote-access
tunnel-group AO-VPN_Tunnel general-attributes
address-pool AO-VPN_Pool
authentication-server-group AD
default-group-policy AO-VPN_Tunnel
tunnel-group AO-VPN_Tunnel ipsec-attributes
ikev1 pre-shared-key Some_*s_here
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class class-default
user-statistics accounting
service-policy global_policy global
smtp-server 192.168.200.25
prompt hostname context
no call-home reporting anonymous
Thanks,
Jeff.I tried those commands but this started getting messy and so I looked at the current config and it was not the same as what I originally posted. Looks like some changes were implemented but not saved so the config that I posted what slightly different. Thank you for all your suggestions. Here is the new config, confirmed as the current running and saved config. Same situation as before though. I can connect using the Cisco VPN client but can only ping myself and can't get out to the Internet or access anything internal. If someone can take a look it would be greatly appreciated. The main difference is the VPN pool has been set as a subset of the 10.30.133.0 network instead of using a separate subnet (VPN pool is 10.30.133.200 - 10.30.133.230).
ASA Version 8.4(2)
hostname FIREWALL_NAME
enable password Some_X's_here encrypted
passwd Some_X's_here encrypted
names
interface Ethernet0/0
speed 100
duplex full
no nameif
no security-level
no ip address
interface Ethernet0/0.22
description Public Internet space via VLAN 22
vlan 22
nameif Public_Internet
security-level 0
ip address 1.3.3.7 255.255.255.248
interface Ethernet0/1
speed 100
duplex full
no nameif
no security-level
no ip address
interface Ethernet0/1.42
description Private LAN space via VLAN 42
shutdown
vlan 42
nameif Private_CDATA
security-level 100
ip address 10.30.136.1 255.255.255.0
interface Ethernet0/1.69
description Private LAN space via VLAN 69
vlan 69
nameif Private_ODATA
security-level 100
ip address 10.30.133.1 255.255.255.0
interface Ethernet0/1.95
description Private LAN space via VLAN 95
shutdown
vlan 95
nameif Private_OVOICE
security-level 100
ip address 192.168.102.254 255.255.255.0
interface Ethernet0/1.96
description Private LAN space via VLAN 96
shutdown
vlan 96
nameif Private_CVOICE
security-level 100
ip address 192.168.91.254 255.255.255.0
interface Ethernet0/1.3610
description Private LAN subnet via VLAN 3610
shutdown
vlan 3610
nameif Private_CeDATA
security-level 100
ip address 10.10.100.18 255.255.255.240
interface Ethernet0/1.3611
description Private LAN space via VLAN 3611
shutdown
vlan 3611
nameif Private_CeVOICE
security-level 100
ip address 10.10.100.66 255.255.255.252
interface Ethernet0/2
shutdown
no nameif
security-level 0
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif management
security-level 100
ip address 192.168.69.1 255.255.255.0
management-only
banner exec WARNING!! Access to this device is restricted to those individuals with specific permissions. If you are not an authorized user, disconnect now. Any attempts to gain unauthorized access will be prosecuted to the fullest extent of the law.
banner exec
banner exec ,
banner exec .';
banner exec .-'` .'
banner exec ,`.-'-.`\
banner exec ; / '-'
banner exec | \ ,-,
banner exec \ '-.__ )_`'._ \|/
banner exec '. ``` ``'--._[]--------------*
banner exec .-' , `'-. /|\
banner exec '-'`-._ (( o )
banner exec `'--....(`- ,__..--'
banner exec '-'`
banner exec
banner exec frickin' sharks with frickin' laser beams attached to their frickin' heads
banner login WARNING!! Access to this device is restricted to those individuals with specific permissions. If you are not an authorized user, disconnect now. Any attempts to gain unauthorized access will be prosecuted to the fullest extent of the law.
banner asdm WARNING!! Access to this device is restricted to those individuals with specific permissions. If you are not an authorized user, disconnect now. Any attempts to gain unauthorized access will be prosecuted to the fullest extent of the law.
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
object network CD_3610-GW
host 10.10.100.17
description First hop to 3610
object network CV_3611-GW
host 10.10.100.65
description First hop to 3611
object network GW_22-EXT
host 1.3.3.6
description First hop to 22
object network Ts-LAN
host 192.168.100.4
description TS
object service MS-RDC
service tcp source range 1024 65535 destination eq 3389
description Microsoft Remote Desktop Connection
object network HDC-LAN
subnet 192.168.200.0 255.255.255.0
description DC LAN subnet
object network HAM-LAN
subnet 192.168.110.0 255.255.255.0
description HAM LAN subnet
object service MSN
service tcp source range 1 65535 destination eq 1863
description MSN Messenger
object network BCCs
host 2.1.8.1
description BCCs server access
object network ODLW-EXT
host 7.1.1.5
description OTTDl
object network SWINDS-INT
host 10.30.133.67
description SWINDS server
object network SWINDS(192.x.x.x)-INT
host 192.168.100.67
description SWINDS server
object service YMSG
service tcp source range 1 65535 destination eq 5050
description Yahoo Messenger
object service c.b.ca1
service tcp source range 1 65535 destination eq citrix-ica
description Connections to the bc portal.
object service c.b.ca2
service tcp source range 1 65535 destination eq 2598
description Connections to the bc portal.
object service HTTP-EXT(7001)
service tcp source range 1 65535 destination eq 7001
description HTTP Extended on port 7001.
object service HTTP-EXT(8000-8001)
service tcp source range 1 65535 destination range 8000 8001
description HTTP Extended on ports 8000-8001.
object service HTTP-EXT(8080-8081)
service tcp source range 1 65535 destination range 8080 8081
description HTTP Extended on ports 8080-8081.
object service HTTP-EXT(8100)
service tcp source range 1 65535 destination eq 8100
description HTTP Extended on port 8100.
object service HTTP-EXT(8200)
service tcp source range 1 65535 destination eq 8200
description HTTP Extended on port 8200.
object service HTTP-EXT(8888)
service tcp source range 1 65535 destination eq 8888
description HTTP Extended on port 8888.
object service HTTP-EXT(9080)
service tcp source range 1 65535 destination eq 9080
description HTTP Extended on port 9080.
object service ntp
service tcp source range 1 65535 destination eq 123
description TCP NTP on port 123.
object network Pl-EXT
host 7.1.1.2
description OPl box.
object service Pl-Admin
service tcp source range 1 65535 destination eq 8443
description Pl Admin portal
object network FW-EXT
host 1.3.3.7
description External/Public interface IP address of firewall.
object network Rs-EXT
host 7.1.1.8
description Rs web portal External/Public IP.
object network DWDM-EXT
host 2.1.2.1
description DWDM.
object network HM_VPN-EXT
host 6.2.9.7
description HAM Man.
object network SIM_MGMT
host 2.1.1.1
description SIM Man.
object network TS_MGMT
host 2.1.1.4
description TS Man.
object network TS_MGMT
host 2.1.2.2
description TS Man.
object service VPN-TCP(1723)
service tcp source range 1 65535 destination eq pptp
description For PPTP control path.
object service VPN-UDP(4500)
service udp source range 1 65535 destination eq 4500
description For L2TP(IKEv1) and IKEv2.
object service VPN-TCP(443)
service tcp source range 1 65535 destination eq https
description For SSTP control and data path.
object service VPN-UDP(500)
service udp source range 1 65535 destination eq isakmp
description For L2TP(IKEv1) and IKEv2.
object network RCM
host 6.1.8.2
description RCM
object network RCM_Y
host 6.1.8.9
description RCM Y
object network r.r.r.c163
host 2.1.2.63
description RCV IP.
object network r.r.r.c227
host 2.1.2.27
description RCV IP.
object network v.t.c-EXT
host 2.5.1.2
description RTICR
object service VPN-TCP(10000)
service tcp source range 1 65535 destination eq 10000
description For TCP VPN over port 1000.
object service BGP-JY
service tcp source range 1 65535 destination eq 21174
description BPG
object network KooL
host 192.168.100.100
description KooL
object network FW_Test
host 1.3.3.7
description Testing other External IP
object network AO_10-30-133-0-LAN
subnet 10.30.133.0 255.255.255.0
description OLS 10.30.133.0/24
object network AC_10-30-136-0-LAN
subnet 10.30.136.0 255.255.255.0
description CLS 10.30.136.0/24
object-group network All_Private_Interfaces
description All private interfaces
network-object 10.30.133.0 255.255.255.0
network-object 10.30.136.0 255.255.255.0
network-object 10.10.100.16 255.255.255.240
network-object 10.10.100.64 255.255.255.252
network-object 192.168.102.0 255.255.255.0
network-object 192.168.91.0 255.255.255.0
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service cb.ca
description All ports required for cb.ca connections.
service-object object c.b.ca1
service-object object c.b.ca2
object-group service DM_INLINE_SERVICE_1
service-object tcp destination eq https
service-object udp destination eq snmp
object-group service FTP
description All FTP ports (20 + 21)
service-object tcp destination eq ftp
service-object tcp destination eq ftp-data
object-group service HTTP-EXT
description HTTP Extended port ranges.
service-object object HTTP-EXT(7001)
service-object object HTTP-EXT(8000-8001)
service-object object HTTP-EXT(8080-8081)
service-object object HTTP-EXT(8100)
service-object object HTTP-EXT(8200)
service-object object HTTP-EXT(8888)
service-object object HTTP-EXT(9080)
object-group service ICMP_Any
description ICMP: Any Type, Any Code
service-object icmp alternate-address
service-object icmp conversion-error
service-object icmp echo
service-object icmp echo-reply
service-object icmp information-reply
service-object icmp information-request
service-object icmp mask-reply
service-object icmp mask-request
service-object icmp mobile-redirect
service-object icmp parameter-problem
service-object icmp redirect
service-object icmp router-advertisement
service-object icmp router-solicitation
service-object icmp source-quench
service-object icmp time-exceeded
service-object icmp timestamp-reply
service-object icmp timestamp-request
service-object icmp traceroute
service-object icmp unreachable
service-object icmp6 echo
service-object icmp6 echo-reply
service-object icmp6 membership-query
service-object icmp6 membership-reduction
service-object icmp6 membership-report
service-object icmp6 neighbor-advertisement
service-object icmp6 neighbor-redirect
service-object icmp6 neighbor-solicitation
service-object icmp6 packet-too-big
service-object icmp6 parameter-problem
service-object icmp6 router-advertisement
service-object icmp6 router-renumbering
service-object icmp6 router-solicitation
service-object icmp6 time-exceeded
service-object icmp6 unreachable
service-object icmp
object-group service NTP
description TCP and UPD NTP protocol
service-object object ntp
service-object udp destination eq ntp
object-group service DM_INLINE_SERVICE_3
group-object FTP
group-object HTTP-EXT
group-object ICMP_Any
group-object NTP
service-object tcp-udp destination eq domain
service-object tcp-udp destination eq www
service-object tcp destination eq https
service-object tcp destination eq ssh
service-object ip
object-group service DM_INLINE_SERVICE_4
group-object NTP
service-object tcp destination eq daytime
object-group network SWINDS
description Both Internal IP addresses (192 + 10)
network-object object SWINDS-INT
network-object object SWINDS(192.x.x.x)-INT
object-group service IM_Types
description All messenger type applications
service-object object MSN
service-object object YMSG
service-object tcp-udp destination eq talk
service-object tcp destination eq aol
service-object tcp destination eq irc
object-group service SNMP
description Both poll and trap ports.
service-object udp destination eq snmp
service-object udp destination eq snmptrap
object-group service DM_INLINE_SERVICE_2
group-object FTP
service-object object MS-RDC
service-object object Pl-Admin
group-object SNMP
object-group network DM_INLINE_NETWORK_1
network-object object FW-EXT
network-object object Rs-EXT
object-group network AMV
description connections for legacy AM
network-object object DWDM-EXT
network-object object HAM_MGMT
network-object object SIM_MGMT
network-object object TS_MGMT
network-object object TS_MGMT
object-group service IKEv2_L2TP
description IKEv2 and L2TP VPN configurations
service-object esp
service-object object VPN-UDP(4500)
service-object object VPN-UDP(500)
object-group service PPTP
description PPTP VPN configuration
service-object gre
service-object object VPN-TCP(1723)
object-group service SSTP
description SSTP VPN configuration
service-object object VPN-TCP(443)
object-group network RvIPs
description Rv IP addresses
network-object object RCM
network-object object RCM_Y
network-object object r.r.r.c163
network-object object r.r.r.c227
network-object object v.t.c-EXT
object-group service Rvs
description Rv configuration.
service-object object VPN-TCP(10000)
service-object object VPN-UDP(500)
object-group service DM_INLINE_SERVICE_5
service-object object BGP-JY
service-object tcp destination eq bgp
object-group network Local_Private_Subnets
description OandCl DATA
network-object 10.30.133.0 255.255.255.0
network-object 10.30.136.0 255.255.255.0
object-group service IPSec
description IPSec traffic
service-object object VPN-UDP(4500)
service-object object VPN-UDP(500)
access-list Public/Internet_access_out remark Block all IM traffic out.
access-list Public/Internet_access_out extended deny object-group IM_Types object-group Local_Private_Subnets any
access-list Public/Internet_access_out remark Access from SWINDS to DLM portal
access-list Public/Internet_access_out extended permit object-group DM_INLINE_SERVICE_1 object-group SWINDS object ODLW-EXT
access-list Public/Internet_access_out remark Allow access to BMC portal
access-list Public/Internet_access_out extended permit object-group cb.ca object-group Local_Private_Subnets object BCCs
access-list Public/Internet_access_out remark Allow basic services out.
access-list Public/Internet_access_out extended permit object-group DM_INLINE_SERVICE_3 object-group Local_Private_Subnets any
access-list Public/Internet_access_out remark Allow WhoIS traffic out.
access-list Public/Internet_access_out extended permit tcp object-group Local_Private_Subnets any eq whois
access-list Public/Internet_access_out remark Allow Network Time protocols out.
access-list Public/Internet_access_out extended permit object-group DM_INLINE_SERVICE_4 object-group Local_Private_Subnets any
access-list Public/Internet_access_out remark Allow all IP based monitoring traffic to Pl.
access-list Public/Internet_access_out extended permit ip object-group SWINDS object Pl-EXT
access-list Public/Internet_access_out remark Allow Management traffic to Pl-JY.
access-list Public/Internet_access_out extended permit object-group DM_INLINE_SERVICE_2 object-group Local_Private_Subnets object Pl-EXT
access-list Public/Internet_access_out remark Allow FTP traffic to Grimlock and RS FTP.
access-list Public/Internet_access_out extended permit object-group FTP object-group Local_Private_Subnets object-group DM_INLINE_NETWORK_1
access-list Public/Internet_access_out remark Allow VPN traffic to AM-JY.
access-list Public/Internet_access_out extended permit object-group IKEv2_L2TP object-group Local_Private_Subnets object-group AMV
access-list Public/Internet_access_out remark Allow VPN traffic to RCm devices.
access-list Public/Internet_access_out extended permit object-group Rvs object-group Local_Private_Subnets object-group RvIPs
access-list Public/Internet_access_out remark Allow BPG traffic out.
access-list Public/Internet_access_out extended permit object-group DM_INLINE_SERVICE_5 object-group Local_Private_Subnets any
access-list Public/Internet_access_out remark Allow Kool server out.
access-list Public/Internet_access_out extended permit ip object KooL any
pager lines 24
logging enable
logging history informational
logging asdm informational
logging mail notifications
logging from-address [email protected]
logging recipient-address [email protected] level errors
mtu Public_Internet 1500
mtu Private_CDATA 1500
mtu Private_ODATA 1500
mtu Private_OVOICE 1500
mtu Private_CVOICE 1500
mtu Private_CeDATA 1500
mtu Private_CeVOICE 1500
mtu management 1500
ip local pool AO-VPN_Pool 192.168.238.2-192.168.238.30 mask 255.255.255.224
ip verify reverse-path interface Public_Internet
ip verify reverse-path interface Private_CDATA
ip verify reverse-path interface Private_ODATA
ip verify reverse-path interface Private_OVOICE
ip verify reverse-path interface Private_CVOICE
ip verify reverse-path interface Private_CeDATA
ip verify reverse-path interface Private_CeVOICE
ip verify reverse-path interface management
icmp unreachable rate-limit 1 burst-size 1
icmp deny any Public_Internet
no asdm history enable
arp timeout 14400
nat (Private_ODATA,Public_Internet) source dynamic AO_10-30-133-0-LAN interface
nat (Private_CDATA,Public_Internet) source dynamic AC_10-30-136-0-LAN interface
nat (Private_ODATA,Public_Internet) source static any any destination static NETWORK_OBJ_192.168.238.0_27 NETWORK_OBJ_192.168.238.0_27 no-proxy-arp route-lookup
access-group Public/Internet_access_out out interface Public_Internet
route Public_Internet 0.0.0.0 0.0.0.0 1.3.3.6 1
route Private_CeDATA 10.0.0.0 255.0.0.0 10.10.100.17 1
route Private_CeDATA 10.1.0.0 255.255.0.0 10.10.100.17 1
route Private_CeDATA 10.3.0.0 255.255.0.0 10.10.100.17 1
route Private_CeDATA 10.5.0.0 255.255.0.0 10.10.100.17 1
route Private_CeDATA 10.11.106.74 255.255.255.255 10.10.100.17 1
route Private_CeDATA 10.30.128.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.30.130.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.30.131.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.30.132.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.30.134.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.30.135.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.67.31.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 10.224.0.0 255.255.0.0 10.10.100.17 1
route Private_CeDATA 4.1.1.19 255.255.255.255 10.10.100.17 1
route Private_CeDATA 1.1.1.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 1.1.1.13 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.11.24 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.11.27 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.11.29 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.17.105 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.147.64 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.147.66 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.147.110 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.19.251.57 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.21.56.105 255.255.255.255 10.10.100.17 1
route Private_CeDATA 172.21.57.152 255.255.255.255 10.10.100.17 1
route Private_CeDATA 192.168.3.0 255.255.255.0 10.10.100.17 1
route Private_CeVOICE 192.168.9.0 255.255.255.0 10.10.100.65 1
route Private_CeDATA 192.168.20.0 255.255.255.0 10.10.100.17 1
route Private_CeVOICE 192.168.21.0 255.255.255.0 10.10.100.65 1
route Private_CeDATA 192.168.30.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 192.168.31.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 192.168.40.0 255.255.255.0 10.10.100.17 1
route Private_CeVOICE 192.168.41.0 255.255.255.0 10.10.100.65 1
route Private_CeVOICE 192.168.50.0 255.255.255.0 10.10.100.65 1
route Private_CeDATA 192.168.60.0 255.255.255.0 10.10.100.17 1
route Private_CeVOICE 192.168.61.0 255.255.255.0 10.10.100.65 1
route Private_CeVOICE 192.168.70.0 255.255.255.0 10.10.100.65 1
route Private_CeVOICE 192.168.101.0 255.255.255.0 10.10.100.65 1
route Private_CeDATA 192.168.110.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 192.168.200.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 192.251.177.0 255.255.255.0 10.10.100.17 1
route Private_CeDATA 2.1.2.7 255.255.255.255 10.10.100.17 1
route Private_CeDATA 2.1.2.74 255.255.255.255 10.10.100.17 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server AD protocol nt
aaa-server AD (Private_ODATA) host 10.30.133.21
timeout 5
nt-auth-domain-controller Cool_Transformer_Name
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication serial console LOCAL
http server enable
http 192.168.69.0 255.255.255.0 management
snmp-server host Private_ODATA 10.30.133.67 poll community Some_*s_here version 2c
snmp-server location OT
snmp-server contact [email protected]
snmp-server community Some_*s_here
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
snmp-server enable traps ikev2 start stop
snmp-server enable traps nat packet-discard
sysopt noproxyarp Public_Internet
sysopt noproxyarp Private_CDATA
sysopt noproxyarp Private_ODATA
sysopt noproxyarp Private_OVOICE
sysopt noproxyarp Private_CVOICE
sysopt noproxyarp Private_CeDATA
sysopt noproxyarp Private_CeVOICE
sysopt noproxyarp management
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map Public_Internet_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map Public_Internet_map interface Public_Internet
crypto ikev1 enable Public_Internet
crypto ikev1 policy 10
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
client-update enable
telnet timeout 5
ssh 10.30.133.0 255.255.255.0 Private_ODATA
ssh 192.168.69.0 255.255.255.0 management
ssh timeout 2
ssh version 2
console timeout 5
dhcprelay server 10.30.133.13 Private_ODATA
dhcprelay enable Private_CDATA
dhcprelay timeout 60
threat-detection basic-threat
threat-detection statistics
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 10.30.133.13 prefer
ntp server 132.246.11.227
ntp server 10.30.133.21
webvpn
group-policy AO-VPN_Tunnel internal
group-policy AO-VPN_Tunnel attributes
dns-server value 10.30.133.21 10.30.133.13
vpn-tunnel-protocol ikev1
default-domain value ao.local
username helpme password Some_X's_here encrypted privilege 1
username helpme attributes
service-type nas-prompt
tunnel-group AO-VPN_Tunnel type remote-access
tunnel-group AO-VPN_Tunnel general-attributes
address-pool AO-VPN_Pool
authentication-server-group AD
default-group-policy AO-VPN_Tunnel
tunnel-group AO-VPN_Tunnel ipsec-attributes
ikev1 pre-shared-key Some_*s_here
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
class class-default
user-statistics accounting
service-policy global_policy global
smtp-server 192.168.200.25
prompt hostname context
no call-home reporting anonymous
Thanks in advance,
Jeff. -
Linux config for remote login oracle enterprise manager
Hi, all
I setup oracle 10gr2 on my redhat linux server. I can login oracle enterprise manager locally, using firefox browser. But I can't connect to it using other computer. How should I check and configure the linux please?
Thanks first!
wandThank you guys for all your replies! It works after I stop the iptables service. But if I want to keep the firewall, how should I configure iptables please? Could you give me an example? My iptables look like this:
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state state NEW -m tcp -p tcp dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state state NEW -m tcp -p tcp dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -m state state NEW -m tcp -p tcp dport 21 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
Thanks again!
wand -
Ok I dont know if its just staring at me ridiculing me but I am feeling like an idiot here... I have an 871 and all I need to do is some basic rules..
Here is the config I am having the issue with...
I need these statics:
.227 opened and forwarded to these ports:
10.0.0.240 80 tcp
10.0.0.241 81 tcp
10.0.0.242 82 tcp
10.0.0.243 83 tcp
10.0.0.244 84 tcp
10.0.0.9 3389 tcp
then .228 forwarded and allports opened to 10.0.0.15
Right now its working for the .228 but the .227 is blocking everything.. If I remove the lines for the 10.0.0.15 *.*.*.228 then everything works for the .227 statics and ports..
What is wrong here???
s run
Building configuration...
Current configuration : 4747 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
hostname ******
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
no aaa new-model
resource policy
clock timezone MST -7
ip cef
ip name-server *.*.*.65
ip name-server *.*.*.65
ip inspect log drop-pkt
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
crypto pki trustpoint TP-self-signed-974215006
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-974215006
revocation-check none
rsakeypair TP-self-signed-974215006
crypto pki certificate chain TP-self-signed-974215006
certificate self-signed 01
30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39373432 31353030 36301E17 0D313330 31303231 35333430
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3937 34323135
30303630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
CE70D924 A69C5408 AF2DC7DF CD6C4FB4 6FF8B3A7 04380A8B AC07B63F DF47B76C
9269256B 2D166D76 DFEEB4A1 A7F3CD14 87018C5E 00957EE5 233F76EE 8D0EB13E
D33FE972 77661DF2 B2BBC711 E09CF82F 7FC907DF 5591C326 CF80D599 09017B23
AB6F3589 A983AC80 2C92D62D E15FF75B 14241C9B 394BED17 69F2BE7F 69BB21EF
02030100 01A36C30 6A300F06 03551D13 0101FF04 05300301 01FF3017 0603551D
11041030 0E820C52 69766965 72615F6D 65736130 1F060355 1D230418 30168014
8F9D3891 FB866320 C9C2FA5B 7AEE8A53 91F495DD 301D0603 551D0E04 1604148F
9D3891FB 866320C9 C2FA5B7A EE8A5391 F495DD30 0D06092A 864886F7 0D010104
05000381 81005F45 DD5BBAE3 960E8930 1C88ACEC 4D190FEC C8C6FA71 48FB8CB8
969BD344 1FC0E8C6 98C4ED1D B559A772 1A3ED3D9 1C75D143 BE642414 B049118C
858422D5 E84617E9 018B1B66 341E928D EAE0E568 923424C4 BF31DFFF E7E5A490
B24D2DBC CE5DC6FF 306EC1C2 BD4DDC04 4AE70B0B 5CFE9426 21B5F83E CA6D28E0
3B93DCA9 015E
quit
username****** privilege 15 secret 5 34yweth2453723475
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $FW_OUTSIDE$
ip address *.*.*.226 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
description $FW_INSIDE$
ip address 10.0.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip route 0.0.0.0 0.0.0.0 *.*.*.225
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool outside_ip_pool *.*.*.227 *.*.*.230 netmask 255.255.255.24 8
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 10.0.0.240 80 *.*.*.227 80 extendable
ip nat inside source static tcp 10.0.0.241 81 *.*.*.227 81 extendable
ip nat inside source static tcp 10.0.0.242 82 *.*.*.227 82 extendable
ip nat inside source static tcp 10.0.0.243 83 *.*.*.227 83 extendable
ip nat inside source static tcp 10.0.0.244 84 *.*.*.227 84 extendable
ip nat inside source static tcp 10.0.0.9 3389 *.*.*.227 3389 extendable
ip nat inside source static 10.0.0.15 *.*.*.228
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_4##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip *.*.*.224 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit ip any host *.*.*.228
control-plane
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
webvpn context Default_context
ssl authenticate verify all
no inservice
endHi,
I'm not really familiar with the Router Firewalls but I'd just point out what caught my eye (even though there might not be anything wrong about them)
You have ACL 101 attached to outside interface and it only allow traffic to .228
You have some outside_ip_pool configuration line that includes the IPs you're going to use for both Static NAT and Port Forward. Shouldnt you leave the .227 and .228 out of the Pool range?
- Jouni -
LMS 3.2 - Syslog Config fetch not working
Hello,
the syslog config fetch on my LMS 3.2 with RME 4.3.0 is not working.
I get syslog messages from devices and the count in the syslog collector status is okay.
But in the syslog message summary in device center the count is not getting higher with every message.
And the config fetch is not working.
I changed the logging level in the collector-properties to "debug" and got the following messages for a device which I want to fetch:
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, FcssEmblemProcessor - About to process the syslog string : Jun 07 14:40:23 10.155.224.102 53: Jun 7 14:39:57: %SYS-5-CONFIG_I: Configured from console by shru1307 on vty0 (4.26.16.20)
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.FcssEmblemAFormatParser@13bd574
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.FcssEmblemBFormatParser@13adc56
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@157aa53
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parser : com.cisco.nm.rmeng.fcss.common.CSSSyslogFormatParser@6f50a8
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, EmblemA not valid.
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, EmblemB not valid.
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, EmblemA valid.
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Setting daemon date
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, After adjusting the offset Mon Jun 07 14:40:23 CEST 2010 GMT 7 Jun 2010 12:40:23 GMT
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Parsed using the parser : com.cisco.nm.rmeng.fcss.common.FcssGenericFormatParser@157aa53
SyslogCollector - [Thread: EvaluatorThread-0] DEBUG, 07 Jun 2010 14:40:24,546, FcssEmblemProcessor - Valid EMBLEM format. Passing on...
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Converted syslog to filter string. Filter string is 10.155.224.102;;;SYS-5-CONFIG_I: Configured from console by shru1307 on vty0 (4.26.16.20)
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, ^((10\.161\.1\.45);;;(\S+)(-(\S+))?-(.*)(-(.*\s*))?\s*:\s*.*)$
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, FcssFilterPatternSet- inside 6
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, getInterestedSubscribers() - Incrementing filtered count for HNW2K3CISCO03
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, getInterestedSubscribers() - No interested subscribers. Returning null.
SyslogCollector - [Thread: FilterThread-0] DEBUG, 07 Jun 2010 14:40:24,546, Entered zero size
I attached the AnalyzerDebug.log, syslog_debug.log, SyslogAnalyzer.log and SyslogCollector.log for further informations.
Thanks for any advice!
SvenAfter I restarted the processes the syslog queue is empty and the config fetch works :-)
Output from syslog.log:
Jun 15 09:37:51 4.72.80.13 3131: Jun 15 09:36:59.881: %SYS-5-CONFIG_I: Configured from console by shru1307 on vty0 (4.26.16.20)
Output from AnalyzerDebug.log:
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,74,Invoking Config collection for syslog message
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,81,Before triggering syslog config fetch
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,83,Syslog Timestamp Tue Jun 15 09:37:51 CEST 2010
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,85,DCMA Endtime String 2010-06-10 00:51:02.94
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,90,DCMA Endtime String after formatting Thu Jun 10 00:51:02 CEST 2010
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,98,Buffer Time after adding 5 minutes Thu Jun 10 00:56:02 CEST 2010
[ Tue Jun 15 09:37:52 CEST 2010 ],INFO ,[Thread-2],com.cisco.nm.rmeng.dcma.client.RmeSaDcmaActionHandler,act,101,Triggering fetch on syslog since Timestamp > bufferTime
My last question is now, what can I do that the syslog queue will not getting full one more time?
Is logrot a solution? My syslog.log will be rotated at 128 MB.
Thanks a lot!
Sven -
Dear Sir,
I have a pair of 11501, which load balance two SSL server behind them. The cert is stored in SSL server(10.106.13.20 & 21). The external vip is 10.106.13.224.
I read the SSL Config Gide and made the below configuration. Can you check if my config below is ok?
ssl-proxy-list PIS-SSL-LIST
backend-server 1
backend-server 1 type backend-ssl
backend-server 1 ip address 10.106.13.224
backend-server 1 server-ip 10.106.13.20
backend-server 1 version ssl3
backend-server 1 session-cache 300
backend-server 1 tcp virtual ack-delay 0
backend-server 2
backend-server 2 type backend-ssl
backend-server 2 ip address 10.106.13.224
backend-server 2 server-ip 10.106.13.21
backend-server 2 version ssl3
backend-server 2 session-cache 300
backend-server 2 tcp virtual ack-delay 0
active
service PIS-SSL-SERVICE
type ssl-accel-backend
ip address 10.106.13.224
add ssl-proxy-lit PIS-SSL-LIST
active
owner PIS-SSL-OWNER
content PIS-SSL-VIP-1
vip adddress 10.106.13.224
port 80
advanced-balance arrowpoint-cookie
url "/*"
add service PIS-SSL-SERVICE
active
Thanksthis is totally wrong unfortunately.
What are you trying to achieve here ?
Normally the connection between CSS and server does not need to be encrypted because they are close to each other.
You probably want to encrypt the connection from the client to the CSS since this connection goes throug the Internet.
Is this what you need ?
Here are sample configs:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/examples.html#wp999094
backend-ssl is @
SSL Transparent Proxy Configuration - HTTP and Back-End SSL Servers
You will see that you did many mistakes, like ip addresses used in the ssl-proxy-list.
Gilles. -
Coherence Extend Config: Client create a new Cluster
Hi,
I have configured one storage-enabled coherence node and one proxy server on port 9099 as shown in the wiki. Coherence client is configured with the right -Dtangosol.coherence.cacheconfig which points to the xml file with
+ +<remote-cache-scheme>++
++ <scheme-name>extend-dist</scheme-name>++
++ <service-name>ExtendTcpCacheService</service-name>++
++ <initiator-config>++
++ <tcp-initiator>++
++ <remote-addresses>++
++ <socket-address>++
++ <address>Proxy_IP</address>++
++ <port>9099</port>++
++ </socket-address>++
++ </remote-addresses>++
++ <connect-timeout>10s</connect-timeout>++
++ </tcp-initiator>++
++ <outgoing-message-handler>++
++ <heartbeat-interval>5s</heartbeat-interval>++
++ <heartbeat-timeout>4s</heartbeat-timeout>++
++ <request-timeout>50s</request-timeout>++
++ </outgoing-message-handler>++
++ </initiator-config>++
++ </remote-cache-scheme>++
My Client logs shows that it has created a new cluster and then it loaded the Dtangosol.coherence.cacheconfig xml file. Is there a way to prevent my client starting a new cluster? Is configuration incorrect? Any help will be greatly appreciated :)
Client Log:
======
2011-02-10 04:39:37.599/0.599 Oracle Coherence 3.6.0.1 <Info> (thread=main, member=n/a): Loaded operational configuration from "jar:file:/usr/share/java/coherence-3.6.0.1.jar!/tangosol-coherence.xml"
2011-02-10 04:39:37.606/0.606 Oracle Coherence 3.6.0.1 <Info> (thread=main, member=n/a): Loaded operational overrides from "jar:file:/usr/share/java/coherence-3.6.0.1.jar!/tangosol-coherence-override-dev.xml"
2011-02-10 04:39:37.606/0.606 Oracle Coherence 3.6.0.1 <D5> (thread=main, member=n/a): Optional configuration override "/tangosol-coherence-override.xml" is not specified
2011-02-10 04:39:37.615/0.615 Oracle Coherence 3.6.0.1 <D5> (thread=main, member=n/a): Optional configuration override "/custom-mbeans.xml" is not specified
Oracle Coherence Version 3.6.0.1 Build 17846
Grid Edition: Development mode
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
2011-02-10 04:39:38.112/1.112 Oracle Coherence GE 3.6.0.1 <D4> (thread=main, member=n/a): TCMP bound to /172.23.73.236:8088 using SystemSocketProvider
2011-02-10 04:39:38.432/1.432 Oracle Coherence GE 3.6.0.1 <Info> (thread=Cluster, member=n/a): This Member(Id=3, Timestamp=2011-02-10 04:39:38.236, Address=172.23.73.236:8088, MachineId=62188, Location=site:lss.emc.com,machine:lglor236,process:5631, Role=ApacheCommonsDaemonDaemonLoader, Edition=Grid Edition, Mode=Development, CpuCount=4, SocketCount=4) joined cluster "*cluster:0xC4DB" with senior Member(Id=2, Timestamp=2011-02-10* 04:33:09.003, Address=172.23.73.236:8090, MachineId=62188, Location=site:lss.emc.com,machine:lglor236,process:4193, Role=ApacheCommonsDaemonDaemonLoader, Edition=Grid Edition, Mode=Development, CpuCount=4, SocketCount=4)
2011-02-10 04:39:38.439/1.439 Oracle Coherence GE 3.6.0.1 <D5> (thread=Cluster, member=n/a): Member 2 joined Service Cluster with senior member 2
2011-02-10 04:39:38.440/1.440 Oracle Coherence GE 3.6.0.1 <D5> (thread=Cluster, member=n/a): Member 2 joined Service Management with senior member 2
2011-02-10 04:39:38.440/1.440 Oracle Coherence GE 3.6.0.1 <D5> (thread=Cluster, member=n/a): Member 2 joined Service DistributedCache with senior member 2
2011-02-10 04:39:38.442/1.442 Oracle Coherence GE 3.6.0.1 <Info> (thread=main, member=n/a): Started cluster Name=cluster:0xC4DB
Group{Address=224.3.6.0, Port=36000, TTL=4}
MasterMemberSet
ThisMember=Member(Id=3, Timestamp=2011-02-10 04:39:38.236, Address=172.23.73.236:8088, MachineId=62188, Location=site:lss.emc.com,machine:lglor236,process:5631, Role=ApacheCommonsDaemonDaemonLoader)
OldestMember=Member(Id=2, Timestamp=2011-02-10 04:33:09.003, Address=172.23.73.236:8090, MachineId=62188, Location=site:lss.emc.com,machine:lglor236,process:4193, Role=ApacheCommonsDaemonDaemonLoader)
ActualMemberSet=MemberSet(Size=2, BitSetCount=2
Member(Id=2, Timestamp=2011-02-10 04:33:09.003, Address=172.23.73.236:8090, MachineId=62188, Location=site:lss.emc.com,machine:lglor236,process:4193, Role=ApacheCommonsDaemonDaemonLoader)
Member(Id=3, Timestamp=2011-02-10 04:39:38.236, Address=172.23.73.236:8088, MachineId=62188, Location=site:lss.emc.com,machine:lglor236,process:5631, Role=ApacheCommonsDaemonDaemonLoader)
RecycleMillis=1200000
RecycleSet=MemberSet(Size=0, BitSetCount=0
TcpRing{Connections=[2]}
IpMonitor{AddressListSize=0}
2011-02-10 04:39:38.477/1.477 Oracle Coherence GE 3.6.0.1 <D5> (thread=Invocation:Management, member=3): Service Management joined the cluster with senior service member 2
Feb 10, 2011 4:39:38 AM org.springframework.context.support.AbstractApplicationContext prepareRefresh
INFO: Refreshing org.springframework.context.support.ClassPathXmlApplicationContext@257b40fe: display name [org.springframework.context.support.ClassPathXmlApplicationContext@257b40fe]; startup date [Thu Feb 10 04:39:38 EST 2011]; root of context hierarchy
Feb 10, 2011 4:39:38 AM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions
INFO: Loading XML bean definitions from class path resource [configurationRestApplicationContext.xml]
Feb 10, 2011 4:39:38 AM org.springframework.context.support.AbstractApplicationContext obtainFreshBeanFactory
INFO: Bean factory for application context [org.springframework.context.support.ClassPathXmlApplicationContext@257b40fe]: org.springframework.beans.factory.support.DefaultListableBeanFactory@4bd27069
Feb 10, 2011 4:39:38 AM org.springframework.beans.factory.support.DefaultListableBeanFactory preInstantiateSingletons
INFO: Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@4bd27069: defining beans [component,server,router,srmconfigurationsresource,srmconfigurationtyperesource,srmconfigurationresource,coherenceStatusResource,configurationMapRepository,configurationOVFFileLoader,defaultConfigurationLoader,feedpagingLinkHandler,adminConfigTransformer,configurationMapQueryHandler,fileUploadResource,postProcessorImpl]; root of factory hierarchy
[Fatal Error] :-1:-1: Premature end of file.
[Fatal Error] :-1:-1: Premature end of file.
*2011-02-10 04:39:39.332/2.332 Oracle Coherence GE 3.6.0.1 <Info> (thread=main, member=3): Loaded cache configuration from "file:/etc/sysconfig/proxy_node.xml"*
2011-02-10 04:39:39.504/2.504 Oracle Coherence GE 3.6.0.1 <D5> (thread=DistributedCache, member=3): Service DistributedCache joined the cluster with senior service member 2
Also I have verified that my storage enabled node and proxy node have formed a cluster...
The client has been started with -Dtangosol.coherence.cacheconfig=/etc/sysconfig/proxy_node.xml
Thanks & Regards,
SandeepHi,
Used -Dtangosol.coherence.tcmp.enabled=false to disable TCMP mode... ( Phew... :) )
In my client code we have the following statements...
*==> Service service = CacheFactory.getService("DistributedCache");*
* Set<Member> storeEnabledSet = ((DistributedCacheService) service)*
* .getStorageEnabledMembers();*
*==> CacheFactory.ensureCluster();*
Does this needs to be changed for an Extend Client configuration?
With my current setup I am getting exceptions ...
2011-02-13 22:36:59.075/111.151 Oracle Coherence GE 3.6.0.1 <Error> (thread=main, member=n/a): Error while starting cluster: java.lang.UnsupportedOperationException: TCMP clustering has been disabled*; this configuration may only access clustered services via Extend proxies.*
at com.tangosol.coherence.component.net.Cluster.onStart(Cluster.CDB:42)
at com.tangosol.coherence.component.net.Cluster.start(Cluster.CDB:11)
at com.tangosol.coherence.component.util.SafeCluster.startCluster(SafeCluster.CDB:3)
at com.tangosol.coherence.component.util.SafeCluster.restartCluster(SafeCluster.CDB:7)
at com.tangosol.coherence.component.util.SafeCluster.ensureRunningCluster(SafeCluster.CDB:26)
at com.tangosol.coherence.component.util.SafeCluster.start(SafeCluster.CDB:2)
at com.tangosol.net.CacheFactory.ensureCluster(CacheFactory.java:998)
at com.emc.srm.admin.config.rest.RestApplicationLauncher.waitForCacheServer(RestApplicationLauncher.java:155)
at com.emc.srm.admin.config.rest.RestApplicationLauncher.main(RestApplicationLauncher.java:108)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.emc.srm.common.daemon.SrmDaemon.start(SrmDaemon.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:219)
Any ideas on how to fix this?
Regards,
Sandeep
===========================
Client configuration:
<cache-mapping>
<cache-name>ConfigurationMapRepository</cache-name>
<scheme-name>extend-dist</scheme-name>
</cache-mapping>
<caching-schemes>
<near-scheme>
<scheme-name>extend-near</scheme-name>
<front-scheme>
<local-scheme>
<high-units>1000</high-units>
</local-scheme>
</front-scheme>
<back-scheme>
<remote-cache-scheme>
<scheme-ref>extend-dist</scheme-ref>
</remote-cache-scheme>
</back-scheme>
<invalidation-strategy>all</invalidation-strategy>
</near-scheme>
<!-- Event Repository cache scheme definition START -->
<remote-cache-scheme>
<scheme-name>extend-dist</scheme-name>
<service-name>DistributedCache</service-name>
<initiator-config>
<tcp-initiator>
<remote-addresses>
<socket-address>
<address>X.X.X.X</address>
<port>9099</port>
</socket-address>
</remote-addresses>
<connect-timeout>10s</connect-timeout>
</tcp-initiator>
<outgoing-message-handler>
<heartbeat-interval>5s</heartbeat-interval>
<heartbeat-timeout>4s</heartbeat-timeout>
<request-timeout>50s</request-timeout>
</outgoing-message-handler>
</initiator-config>
</remote-cache-scheme>
</caching-schemes> -
Coherence-cache-config.xml not visible from EAR
hello all.
I've met following issues. The coherence does not see my custom cache-config.xml and thereby uses the default from coherence.jar.
Environment:
1. WLS 10.3, Coherence 3.7, jvm 1.6
2. the active-cache is deployed as shared library
3. the dedicated coherence cluster is configured through WLS Admin console and all started with -Dtangosol.coherence.cacheconfig=d:\OracleFM\R11.1.1.5\WLSGeneric\user_projects\domains\mvn_domain1\coherence-config\coherence-cache-config.xml.. The output shows that the cluster is started and my cache service is started also:
Services
ClusterService{Name=Cluster, State=(SERVICE_STARTED, STATE_JOINED), Id=0, Version=3.7.1, OldestMemberId=1}
InvocationService{Name=Management, State=(SERVICE_STARTED), Id=1, Version=3.1, OldestMemberId=1}
PartitionedCache{Name=MVN_Test_Service, State=(SERVICE_STARTED), LocalStorage=enabled, PartitionCount=257, BackupCount=1, AssignedPartitions=257, BackupPartitions=0}
Cache services are configured with auto-start=true
4. the coherence.jar is placed in EAR\lib\coherence.jar
5. I've got tried to place coherence-cache-config.xml in the following places within EAR
EAR
APP-INF\classes\coherence-cache-config.xml
EAR
lib\coherence-cache-config.xml
EAR
MyModule.jar\META-INF\coherence-cache-config.xml
The result is that coherence uses default config file from coherence.jar instead of the custom one that deployed with EAR. In fact I do not have ideas what is wrong there....
And yet, the coherence that deployed with EAR sucessfully joined to cluster, but only to Service Management. From output: "Member 2 joined Service Management with senior member 1"
Edited by: mvnval on Feb 15, 2012 3:41 AM
Edited by: mvnval on Feb 15, 2012 3:42 AMHello Robert. Thanks for prompt reply.
If by saying that you deployed coherence.jar as a shared library means that you put it on the server classpath
In fact I didn't say that. I said that "4. the coherence.jar is placed in EAR\lib\coherence.jar"
Below the output from dedicated Coherence server
+<Feb 16, 2012 4:09:03 AM> <INFO> <NodeManager> <Server output log file is 'D:\OracleFM\R11.1.1.5\WLSGeneric\user_projects\domains\mvn_domain1\servers_coherence\Coherence37Server-0\logs\Coherence37Server-0.out'>+
+2012-02-16 11:39:04.133/0.928 Oracle Coherence 3.7.1.0 <Info> (thread=main, member=n/a): Loaded operational configuration from "jar:file:/D:/OracleFM/R11.1.1.5/WLSGeneric/coherence_3.7.1/lib/coherence.jar!/tangosol-coherence.xml"+
+2012-02-16 11:39:04.578/1.373 Oracle Coherence 3.7.1.0 <Info> (thread=main, member=n/a): Loaded operational overrides from "jar:file:/D:/OracleFM/R11.1.1.5/WLSGeneric/coherence_3.7.1/lib/coherence.jar!/tangosol-coherence-override-dev.xml"+
+2012-02-16 11:39:04.579/1.374 Oracle Coherence 3.7.1.0 <D5> (thread=main, member=n/a): Optional configuration override "/tangosol-coherence-override.xml" is not specified+
+2012-02-16 11:39:04.586/1.381 Oracle Coherence 3.7.1.0 <D5> (thread=main, member=n/a): Optional configuration override "/custom-mbeans.xml" is not specified+
Oracle Coherence Version 3.7.1.0 Build 27797
Grid Edition: Development mode
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+2012-02-16 11:39:07.080/3.875 Oracle Coherence GE 3.7.1.0 <D4> (thread=main, member=n/a): TCMP bound to /10.6.12.61:9888 using SystemSocketProvider+
+2012-02-16 11:39:10.591/7.386 Oracle Coherence GE 3.7.1.0 <Info> (thread=Cluster, member=n/a): Created a new cluster "cluster:0x75CB" with Member(Id=1, Timestamp=2012-02-16 11:39:07.242, Address=10.6.12.61:9888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:3012,member:Coherence37Server-0, Role=WeblogicWeblogicCacheServer, Edition=Grid Edition, Mode=Development, CpuCount=4, SocketCount=4) UID=0x0A060C3D0000013585509CEAD5F326A0+
+2012-02-16 11:39:10.597/7.392 Oracle Coherence GE 3.7.1.0 <Info> (thread=main, member=n/a): Started cluster Name=cluster:0x75CB+
+Group{Address=231.1.1.1, Port=7777, TTL=4}+
MasterMemberSet(
ThisMember=Member(Id=1, Timestamp=2012-02-16 11:39:07.242, Address=10.6.12.61:9888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:3012,member:Coherence37Server-0, Role=WeblogicWeblogicCacheServer)
OldestMember=Member(Id=1, Timestamp=2012-02-16 11:39:07.242, Address=10.6.12.61:9888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:3012,member:Coherence37Server-0, Role=WeblogicWeblogicCacheServer)
ActualMemberSet=MemberSet(Size=1
Member(Id=1, Timestamp=2012-02-16 11:39:07.242, Address=10.6.12.61:9888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:3012,member:Coherence37Server-0, Role=WeblogicWeblogicCacheServer)
+)+
MemberId|ServiceVersion|ServiceJoined|MemberState
+1|3.7.1|2012-02-16 11:39:10.592|JOINED+
RecycleMillis=1200000
RecycleSet=MemberSet(Size=0
+)+
+)+
+TcpRing{Connections=[]}+
+IpMonitor{AddressListSize=0}+
+2012-02-16 11:39:10.629/7.424 Oracle Coherence GE 3.7.1.0 <D5> (thread=Invocation:Management, member=1): Service Management joined the cluster with senior service member 1+
+2012-02-16 11:39:10.845/7.640 Oracle Coherence GE 3.7.1.0 <D5> (thread=DistributedCache, member=1): Service DistributedCache joined the cluster with senior service member 1+
+2012-02-16 11:39:10.936/7.731 Oracle Coherence GE 3.7.1.0 <D5> (thread=Cluster, member=1): Member(Id=2, Timestamp=2012-02-16 11:39:10.74, Address=10.6.12.61:9890, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:3592,member:Coherence37Server-1, Role=WeblogicWeblogicCacheServer) joined Cluster with senior member 1+
+2012-02-16 11:39:10.962/7.757 Oracle Coherence GE 3.7.1.0 <D5> (thread=ReplicatedCache, member=1): Service ReplicatedCache joined the cluster with senior service member 1+
+2012-02-16 11:39:10.975/7.770 Oracle Coherence GE 3.7.1.0 <D5> (thread=OptimisticCache, member=1): Service OptimisticCache joined the cluster with senior service member 1+
+2012-02-16 11:39:10.986/7.781 Oracle Coherence GE 3.7.1.0 <D5> (thread=Invocation:InvocationService, member=1): Service InvocationService joined the cluster with senior service member 1+
+2012-02-16 11:39:10.989/7.785 Oracle Coherence GE 3.7.1.0 <Info> (thread=main, member=1):+
Services
+(+
+ClusterService{Name=Cluster, State=(SERVICE_STARTED, STATE_JOINED), Id=0, Version=3.7.1, OldestMemberId=1}+
+InvocationService{Name=Management, State=(SERVICE_STARTED), Id=1, Version=3.1, OldestMemberId=1}+
+PartitionedCache{Name=DistributedCache, State=(SERVICE_STARTED), LocalStorage=enabled, PartitionCount=257, BackupCount=1, AssignedPartitions=257, BackupPartitions=0}+
+ReplicatedCache{Name=ReplicatedCache, State=(SERVICE_STARTED), Id=3, Version=3.0, OldestMemberId=1}+
+Optimistic{Name=OptimisticCache, State=(SERVICE_STARTED), Id=4, Version=3.0, OldestMemberId=1}+
+InvocationService{Name=InvocationService, State=(SERVICE_STARTED), Id=5, Version=3.1, OldestMemberId=1}+
+)+
Started DefaultCacheServer...
+2012-02-16 11:39:10.994/7.789 Oracle Coherence GE 3.7.1.0 <D5> (thread=Cluster, member=1): Member 2 joined Service Management with senior member 1+
+2012-02-16 11:39:11.297/8.092 Oracle Coherence GE 3.7.1.0 <D5> (thread=Cluster, member=1): Member 2 joined Service DistributedCache with senior member 1+
+2012-02-16 11:39:11.330/8.125 Oracle Coherence GE 3.7.1.0 <D5> (thread=DistributedCache, member=1): 3> Transferring primary PartitionSet{0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127} to member 2 requesting 128+
+2012-02-16 11:39:11.369/8.164 Oracle Coherence GE 3.7.1.0 <D5> (thread=Cluster, member=1): Member 2 joined Service ReplicatedCache with senior member 1+
+2012-02-16 11:39:11.373/8.168 Oracle Coherence GE 3.7.1.0 <D4> (thread=DistributedCache, member=1): 1> Transferring 129 out of 129 partitions to a node-safe backup 1 at member 2 (under 129)+
+2012-02-16 11:39:11.399/8.194 Oracle Coherence GE 3.7.1.0 <D5> (thread=DistributedCache, member=1): Transferring 0KB of backup[1] for PartitionSet{128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153, 154, 155, 156, 157, 158, 159, 160, 161, 162, 163, 164, 165, 166, 167, 168, 169, 170, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185, 186, 187, 188, 189, 190, 191, 192, 193, 194, 195, 196, 197, 198, 199, 200, 201, 202, 203, 204, 205, 206, 207, 208, 209, 210, 211, 212, 213, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 224, 225, 226, 227, 228, 229, 230, 231, 232, 233, 234, 235, 236, 237, 238, 239, 240, 241, 242, 243, 244, 245, 246, 247, 248, 249, 250, 251, 252, 253, 254, 255, 256} to member 2+
+2012-02-16 11:39:11.443/8.238 Oracle Coherence GE 3.7.1.0 <D5> (thread=Cluster, member=1): Member 2 joined Service OptimisticCache with senior member 1+
+2012-02-16 11:39:11.461/8.256 Oracle Coherence GE 3.7.1.0 <D5> (thread=Cluster, member=1): Member 2 joined Service InvocationService with senior member 1+
+2012-02-16 12:00:31.435/1288.230 Oracle Coherence GE 3.7.1.0 <D5> (thread=Cluster, member=1): Member(Id=3, Timestamp=2012-02-16 12:00:31.425, Address=10.6.12.61:8888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:6252, Role=WeblogicServer) joined Cluster with senior member 1+
+2012-02-16 12:00:31.726/1288.521 Oracle Coherence GE 3.7.1.0 <D5> (thread=Cluster, member=1): Member(Id=4, Timestamp=2012-02-16 12:00:31.7, Address=10.6.12.61:8890, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:7116, Role=WeblogicServer) joined Cluster with senior member 1+
+2012-02-16 12:00:31.758/1288.553 Oracle Coherence GE 3.7.1.0 <D5> (thread=Cluster, member=1): Member 3 joined Service Management with senior member 1+
+2012-02-16 12:00:32.092/1288.887 Oracle Coherence GE 3.7.1.0 <D5> (thread=Cluster, member=1): Member 4 joined Service Management with senior member 1+
You may see that I have two dedicated Coherence servers member 1 and member 2 that joined in coherence cluster. The member 3 and member 4 are WLS deployed coherence. I mean that I have two WLS that configured to join Coherence cluster, and it's happened after the application had been deployed on both of them. You may see that the two last joined only to Service Management
There is the output from WLS-out:
+2012-02-16 12:00:29.071/1219.089 Oracle Coherence 3.7.1.0 <Info> (thread=[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Loaded operational configuration from "zip:D:/OracleFM/R11.1.1.5/WLSGeneric/user_projects/domains/mvn_domain1/servers/WLSServer-1/tmp/_WL_user/TestEAR/g0yzyu/lib/coherence.jar!/tangosol-coherence.xml"+
+2012-02-16 12:00:29.173/1219.191 Oracle Coherence 3.7.1.0 <Info> (thread=[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Loaded operational overrides from "zip:D:/OracleFM/R11.1.1.5/WLSGeneric/user_projects/domains/mvn_domain1/servers/WLSServer-1/tmp/_WL_user/TestEAR/g0yzyu/lib/coherence.jar!/tangosol-coherence-override-dev.xml"+
+2012-02-16 12:00:29.175/1219.193 Oracle Coherence 3.7.1.0 <D5> (thread=[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Optional configuration override "/tangosol-coherence-override.xml" is not specified+
+2012-02-16 12:00:29.179/1219.197 Oracle Coherence 3.7.1.0 <D5> (thread=[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Optional configuration override "/custom-mbeans.xml" is not specified+
Oracle Coherence Version 3.7.1.0 Build 27797
Grid Edition: Development mode
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
+2012-02-16 12:00:30.069/1220.087 Oracle Coherence GE 3.7.1.0 <Info> (thread=[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Loaded Reporter configuration from "zip:D:/OracleFM/R11.1.1.5/WLSGeneric/user_projects/domains/mvn_domain1/servers/WLSServer-1/tmp/_WL_user/TestEAR/g0yzyu/lib/coherence.jar!/reports/report-group.xml"+
And this from WLS-log:
+####<Feb 16, 2012 12:00:31 PM FET> <Info> <com.oracle.wls> <EPBYMINW0269> <WLSServer-1> <Logger@1380966230 3.7.1.0> <<anonymous>> <> <> <1329382831441> <BEA-000000> <2012-02-16 12:00:31.441/1221.459 Oracle Coherence GE 3.7.1.0 <Info> (thread=Cluster, member=n/a): This Member(Id=3, Timestamp=2012-02-16 12:00:31.425, Address=10.6.12.61:8888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:6252, Role=WeblogicServer, Edition=Grid Edition, Mode=Development, CpuCount=4, SocketCount=4) joined cluster "cluster:0x75CB" with senior Member(Id=1, Timestamp=2012-02-16 11:39:07.242, Address=10.6.12.61:9888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:3012,member:Coherence37Server-0, Role=WeblogicWeblogicCacheServer, Edition=Grid Edition, Mode=Development, CpuCount=4, SocketCount=4)>+
+####<Feb 16, 2012 12:00:31 PM FET> <Info> <com.oracle.wls> <EPBYMINW0269> <WLSServer-1> <Logger@9259509 3.7.1.0> <<anonymous>> <> <> <1329382831661> <BEA-000000> <2012-02-16 12:00:31.661/1221.679 Oracle Coherence GE 3.7.1.0 <Info> (thread=[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', member=n/a): Started cluster Name=cluster:0x75CB+
+Group{Address=231.1.1.1, Port=7777, TTL=4}+
MasterMemberSet(
ThisMember=Member(Id=3, Timestamp=2012-02-16 12:00:31.425, Address=10.6.12.61:8888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:6252, Role=WeblogicServer)
OldestMember=Member(Id=1, Timestamp=2012-02-16 11:39:07.242, Address=10.6.12.61:9888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:3012,member:Coherence37Server-0, Role=WeblogicWeblogicCacheServer)
ActualMemberSet=MemberSet(Size=3
Member(Id=1, Timestamp=2012-02-16 11:39:07.242, Address=10.6.12.61:9888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:3012,member:Coherence37Server-0, Role=WeblogicWeblogicCacheServer)
Member(Id=2, Timestamp=2012-02-16 11:39:10.74, Address=10.6.12.61:9890, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:3592,member:Coherence37Server-1, Role=WeblogicWeblogicCacheServer)
Member(Id=3, Timestamp=2012-02-16 12:00:31.425, Address=10.6.12.61:8888, MachineId=54771, Location=site:,machine:EPBYMINW0269,process:6252, Role=WeblogicServer)
+)+
MemberId|ServiceVersion|ServiceJoined|MemberState
+1|3.7.1|2012-02-16 11:39:07.242|JOINED,+
+2|3.7.1|2012-02-16 11:39:10.74|JOINED,+
+3|3.7.1|2012-02-16 12:00:31.646|JOINED+
RecycleMillis=1200000
RecycleSet=MemberSet(Size=0
+)+
+)+
+TcpRing{Connections=[2]}+
+IpMonitor{AddressListSize=0}+
+>+
+####<Feb 16, 2012 12:00:31 PM FET> <Info> <com.oracle.wls> <EPBYMINW0269> <WLSServer-1> <Logger@9259509 3.7.1.0> <<anonymous>> <> <> <1329382831916> <BEA-000000> <2012-02-16 12:00:31.916/1221.934 Oracle Coherence GE 3.7.1.0 <Info> (thread=[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', member=3): Loaded cache configuration from "zip:D:/OracleFM/R11.1.1.5/WLSGeneric/user_projects/domains/mvn_domain1/servers/WLSServer-1/tmp/_WL_user/TestEAR/g0yzyu/lib/coherence.jar!/coherence-cache-config.xml">+
+####<Feb 16, 2012 12:00:32 PM FET> <Info> <Deployer> <EPBYMINW0269> <WLSServer-1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1329382832019> <BEA-149059> <Module EjbWebServices.jar of application TestEAR is transitioning from STATE_NEW to STATE_PREPARED on server WLSServer-1.>+
+####<Feb 16, 2012 12:00:32 PM FET> <Info> <com.oracle.wls> <EPBYMINW0269> <WLSServer-1> <Logger@9259509 3.7.1.0> <<anonymous>> <> <> <1329382832020> <BEA-000000> <2012-02-16 12:00:32.018/1222.036 Oracle Coherence GE 3.7.1.0 <Info> (thread=[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', member=3): Loaded cache configuration from "zip:D:/OracleFM/R11.1.1.5/WLSGeneric/user_projects/domains/mvn_domain1/servers/WLSServer-1/tmp/_WL_user/TestEAR/g0yzyu/EjbWebServices.jar!/META-INF/coherence-cache-config.xml">+
+####<Feb 16, 2012 12:00:32 PM FET> <Info> <EJB> <EPBYMINW0269> <WLSServer-1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1329382832037> <BEA-010008> <EJB Deploying file: EjbWebServices.jar>+ -
Hola
Tengo un VG 224, con sccp, el problema que tengo es que cuando quiero trasferir una llamada, si no la contestan la llamada se regresa al telefono desde donde la transferi.
Tengo la llamada, marco flash, me da tono de marcado, marco la extension, escucho que llama y cualgo, despues de colgar como a un segundo y se me regresa la llamada.
Si espero a que me contesten, la llamada pasa sin problemas.
Version del VG
vg224-i6k9s-mz.151-1.T2.bin
Config
Building configuration...
Current configuration : 7938 bytes
! Last configuration change at 07:34:16 UTC Fri Mar 5 1993 by sonda
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname MERVG01C
boot-start-marker
boot-end-marker
no aaa new-model
ip source-route
ip cef
no ipv6 cef
stcapp ccm-group 1
stcapp
stcapp feature access-code
prefix *
call forward all 2
call forward cancel 3
pickup local 17
pickup group 18
pickup direct 19
stcapp feature speed-dial
redial 9
digit 2
speed dial from 1 to 9
stcapp supplementary-services
port 2/0
hold-resume
fallback-dn 5414
port 2/1
hold-resume
fallback-dn 5456
port 2/2
hold-resume
fallback-dn 5457
port 2/3
hold-resume
fallback-dn 5458
port 2/4
hold-resume
fallback-dn 5459
port 2/5
hold-resume
fallback-dn 5460
port 2/6
hold-resume
fallback-dn 5461
port 2/7
hold-resume
fallback-dn 5462
port 2/8
hold-resume
fallback-dn 5463
port 2/9
hold-resume
fallback-dn 5406
port 2/10
hold-resume
fallback-dn 5429
port 2/11
hold-resume
fallback-dn 5430
port 2/12
hold-resume
fallback-dn 5431
port 2/13
hold-resume
fallback-dn 5432
port 2/14
hold-resume
fallback-dn 5433
port 2/15
hold-resume
fallback-dn 5434
port 2/16
hold-resume
fallback-dn 5435
port 2/17
hold-resume
fallback-dn 5441
port 2/18
hold-resume
fallback-dn 5442
port 2/19
hold-resume
fallback-dn 5444
port 2/20
hold-resume
fallback-dn 5413
port 2/21
hold-resume
fallback-dn 5422
port 2/22
hold-resume
fallback-dn 5423
port 2/23
hold-resume
fallback-dn 5424
voice dsp release early
voice-card 0
username sonda privilege 15 secret 5 $1$XEKn$S4vVhdGL43Zu5PqHmhlOw1
interface FastEthernet0/0
description Voice Interface
ip address 10.5.185.250 255.255.255.0
duplex full
speed 100
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.5.185.254
control-plane
voice-port 2/0
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5414
caller-id enable
voice-port 2/1
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5456
caller-id enable
voice-port 2/2
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5457
caller-id enable
voice-port 2/3
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5458
caller-id enable
voice-port 2/4
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5459
caller-id enable
voice-port 2/5
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5460
caller-id enable
voice-port 2/6
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5461
caller-id enable
voice-port 2/7
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5462
caller-id enable
voice-port 2/8
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5463
caller-id enable
voice-port 2/9
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5406
caller-id enable
voice-port 2/10
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5429
caller-id enable
voice-port 2/11
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5430
caller-id enable
voice-port 2/12
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5431
caller-id enable
voice-port 2/13
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5432
caller-id enable
voice-port 2/14
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5433
caller-id enable
voice-port 2/15
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5434
caller-id enable
voice-port 2/16
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5435
caller-id enable
voice-port 2/17
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5441
caller-id enable
voice-port 2/18
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5442
caller-id enable
voice-port 2/19
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5444
caller-id enable
voice-port 2/20
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5413
caller-id enable
voice-port 2/21
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5422
caller-id enable
voice-port 2/22
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5423
caller-id enable
voice-port 2/23
ring cadence pattern02
no battery-reversal
mwi
timeouts ringing infinity
timing hookflash-in 700 100
station-id number 5424
caller-id enable
sccp local FastEthernet0/0
sccp ccm 10.5.62.235 identifier 2 version 7.0
sccp ccm 10.5.185.254 identifier 4 version 7.0
sccp ccm 10.5.62.234 identifier 3 version 7.0
sccp ccm 10.5.15.253 identifier 1 version 7.0
sccp
sccp ccm group 1
bind interface FastEthernet0/0
associate ccm 1 priority 1
associate ccm 2 priority 2
associate ccm 3 priority 3
associate ccm 4 priority 4
dial-peer voice 100 pots
service stcapp
port 2/0
dial-peer voice 101 pots
service stcapp
port 2/1
dial-peer voice 116 pots
service stcapp
port 2/16
dial-peer voice 117 pots
service stcapp
port 2/17
dial-peer voice 118 pots
service stcapp
port 2/18
dial-peer voice 119 pots
service stcapp
port 2/19
dial-peer voice 120 pots
service stcapp
port 2/20
dial-peer voice 121 pots
service stcapp
port 2/21
dial-peer voice 122 pots
service stcapp
port 2/22
dial-peer voice 123 pots
service stcapp
port 2/23
dial-peer voice 102 pots
service stcapp
port 2/2
dial-peer voice 103 pots
service stcapp
port 2/3
dial-peer voice 104 pots
service stcapp
port 2/4
dial-peer voice 105 pots
service stcapp
port 2/5
dial-peer voice 106 pots
service stcapp
port 2/6
dial-peer voice 107 pots
service stcapp
port 2/7
dial-peer voice 108 pots
service stcapp
port 2/8
dial-peer voice 109 pots
service stcapp
port 2/9
dial-peer voice 110 pots
service stcapp
port 2/10
dial-peer voice 111 pots
service stcapp
port 2/11
dial-peer voice 112 pots
service stcapp
port 2/12
dial-peer voice 113 pots
service stcapp
port 2/13
dial-peer voice 114 pots
service stcapp
port 2/14
dial-peer voice 115 pots
service stcapp
port 2/15
GraciasHey,
I think you have a better chance to get help if you write in english.
I ran your post trough Google translate and if I have understood your question correct I think you should try to add this command under your dial peers for the SCCP FXS ports.
no tone dialtone remote-onhook
Please remember to rate helpful responses and identify helpful or correct answers. -
Bad oracle.security.wss.config.SecurityOperation class
Hello,
I'm trying to hook up some diagnostics to the application server (10.1.3), and I'm getting an error when the webservices' SecurityOperation class is getting loaded. I've tried 2 different versions of the jar file (wssecurity.jar), but haven't had any luck (same error for both versions). It looks like a simple (224 bytes) little interface class, but it's causing a lot of trouble. Has anyone ever seen this error when trying to load this class for any reason? Any experience with would be helpful. Thanks,
- Vince
oracle.classloader.util.AnnotatedClassFormatError: Illegal UTF8 string in constant pool in class file oracle/security/wss/config/SecurityOperation
Invalid class: oracle.security.wss.config.SecurityOperation
Loader: oracle.ws.security:10.1.3
Code-Source: /D:/OracleAS/webservices/lib/wssecurity.jar
Configuration: <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in D:\OracleAS\j2ee\home\oc4j.jar
Dependent class: oracle.classloader.util.XMLConfiguration$Externals
Loader: sun.misc.Launcher$AppClassLoader@10469011
Code-Source: /D:/OracleAS/j2ee/home/lib/pcl.jar
Configuration: /D:/OracleAS/j2ee/home/lib/pcl.jar
at oracle.classloader.PolicyClassLoader.bulkLoadClasses (PolicyClassLoader.java:1524) [D:/OracleAS/j2ee/home/lib/pcl.jar, by sun.misc.Launcher$AppClassLoader@10469011]
at oracle.classloader.util.XMLConfiguration$Externals.load (XMLConfiguration.java:818) [D:/OracleAS/j2ee/home/lib/pcl.jar, by sun.misc.Launcher$AppClassLoader@10469011]
at oracle.classloader.util.XMLConfiguration.endElement (XMLConfiguration.java:649) [D:/OracleAS/j2ee/home/lib/pcl.jar, by sun.misc.Launcher$AppClassLoader@10469011]
at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.endElement (AbstractSAXParser.java:633) [jre bootstrap, by jre.bootstrap]
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement (XMLDocumentFragmentScannerImpl.java:1241) [jre bootstrap, by jre.bootstrap]
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch (XMLDocumentFragmentScannerImpl.java:1685) [jre bootstrap, by jre.bootstrap]
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument (XMLDocumentFragmentScannerImpl.java:368) [jre bootstrap, by jre.bootstrap]
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse (XML11Configuration.java:834) [jre bootstrap, by jre.bootstrap]Well perhaps someone visiting the Weblogic forum knows. You know, that forum you already found and have been posting in?
-
"Error parsing data-sources config" when I restart JDeveloper
I am using JDeveloper. Every time I got the same server error - "Error parsing data-sources config" when I restart JDeveloper and even if i use a project it works before JDeveloper is restarted.
Firstly, I import EAR file to the JDev, then I work on my code, everything is fine and compile.
But If I restart the JDeveloper and open the same project again, it has the error Error parsing data-sources config, Exception: The factory-class cannot be empty.
And I need to everything again, import EAR file, get the changes from my previous project. It really slows down my working efficiency.
Do you know what the problem is?
2008-06-24 12:13:46.289 Exception processing legacy data source. Exception: The factory-class cannot be empty.
2008-06-24 12:13:46.289 Exception processing legacy data source. Exception: The factory-class cannot be empty.
2008-06-24 12:13:46.305 Application Deployer for dvt-faces-test-13 FAILED.
2008-06-24 12:13:46.321 WARNING: DeployerRunnable.run java.lang.InstantiationException: Error parsing data-sources config at file:/C:/Documents and Settings/ytang.WALT-DCNT/Application Data/JDeveloper/system11.1.1.0.30.50.26/o.j2ee/embedded-oc4j/application-deployments/dvt-faces-test-13/data-sources.xml: DataSourceConfigException: The factory-class cannot be empty.oracle.oc4j.admin.internal.DeployerException: java.lang.InstantiationException: Error parsing data-sources config at file:/C:/Documents and Settings/ytang.WALT-DCNT/Application Data/JDeveloper/system11.1.1.0.30.50.26/o.j2ee/embedded-oc4j/application-deployments/dvt-faces-test-13/data-sources.xml: DataSourceConfigException: The factory-class cannot be empty.
2008-06-24 12:13:46.321 at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:136)
2008-06-24 12:13:46.321 at oracle.oc4j.admin.jmx.server.mbeans.deploy.OC4JDeployerRunnable.doRun(OC4JDeployerRunnable.java:52)
2008-06-24 12:13:46.321 at oracle.oc4j.admin.jmx.server.mbeans.deploy.DeployerRunnable.run(DeployerRunnable.java:82)
2008-06-24 12:13:46.321 at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
2008-06-24 12:13:46.321 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
2008-06-24 12:13:46.321 at java.lang.Thread.run(Thread.java:619)
2008-06-24 12:13:46.321 Caused by: java.lang.InstantiationException: Error parsing data-sources config at file:/C:/Documents and Settings/ytang.WALT-DCNT/Application Data/JDeveloper/system11.1.1.0.30.50.26/o.j2ee/embedded-oc4j/application-deployments/dvt-faces-test-13/data-sources.xml: DataSourceConfigException: The factory-class cannot be empty.
2008-06-24 12:13:46.321 at com.evermind.server.deployment.EnterpriseArchive.parseDataSources(EnterpriseArchive.java:1680)
2008-06-24 12:13:46.321 at com.evermind.server.deployment.EnterpriseArchive.parseDataSources(EnterpriseArchive.java:1666)
2008-06-24 12:13:46.321 at com.evermind.server.deployment.EnterpriseArchive.parseDeploymentMainNode(EnterpriseArchive.java:588)
2008-06-24 12:13:46.321 at com.evermind.xml.XMLConfig.parseRootNode(XMLConfig.java:344)
2008-06-24 12:13:46.321 at com.evermind.server.deployment.EnterpriseArchive.parseRootNode(EnterpriseArchive.java:2561)
2008-06-24 12:13:46.321 at com.evermind.xml.XMLConfig.init(XMLConfig.java:224)
2008-06-24 12:13:46.321 at com.evermind.server.J2EEComponent.initDeployment(J2EEComponent.java:264)
2008-06-24 12:13:46.321 at com.evermind.server.J2EEComponent.initDeployment(J2EEComponent.java:194)
2008-06-24 12:13:46.321 at com.evermind.server.deployment.EnterpriseArchive.<init>(EnterpriseArchive.java:348)
2008-06-24 12:13:46.321 at oracle.oc4j.admin.internal.ApplicationDeployer.initArchive(ApplicationDeployer.java:468)
2008-06-24 12:13:46.321 at oracle.oc4j.admin.internal.ApplicationDeployer.doDeploy(ApplicationDeployer.java:206)
2008-06-24 12:13:46.321 at oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:99)
2008-06-24 12:13:46.321 ... 5 more
oracle.jdeveloper.deploy.DeployException: Deployment Failed
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.distributeApplicationToTargets(Jsr88RemoteDeployer.java:672)
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployApp(Jsr88RemoteDeployer.java:1108)
at oracle.jdevimpl.deploy.common.Jsr88RemoteDeployer.deployImpl(Jsr88RemoteDeployer.java:183)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdeveloper.deploy.common.BatchDeployer.deployImpl(BatchDeployer.java:82)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.WrappedDeployer.deployImpl(WrappedDeployer.java:39)
at oracle.jdeveloper.deploy.common.AbstractDeployer.deploy(AbstractDeployer.java:94)
at oracle.jdevimpl.deploy.fwk.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:435)
at oracle.jdeveloper.deploy.DeploymentManager.deploy(DeploymentManager.java:209)
at oracle.jdevimpl.runner.adrs.AdrsStarter$4$1.run(AdrsStarter.java:1252)
#### Cannot run application dvt-faces-test-13 due to error deploying to DefaultServer.
[Application dvt-faces-test-13 stopped and undeployed from Server Instance DefaultServer]
Thanks a lotBy the way, I am using Windows Platform. For any version of JDeveloper from June I used has the same problem.
-
Where is 224.0.0.2 coming from ?
Hi All
The following is ip packet debug output. I know 224.0.0.10, but where does 224.0.0.2 come from ? why do the len is 48 instead of 60 ? Thank you
R3(config-if)#
*Mar 1 00:47:46.551: IP: s=3.1.1.4 (Vlan3), d=224.0.0.10, len 60, rcvd 2
*Mar 1 00:47:46.687: IP: s=3.1.1.2 (Vlan3), d=224.0.0.10, len 60, rcvd 2
*Mar 1 00:47:47.111: IP: s=4.1.1.3 (local), d=224.0.0.10 (Vlan4), len 60, sending broad/multicast
*Mar 1 00:47:47.183: IP: s=3.1.1.3 (local), d=224.0.0.2 (Vlan3), len 48, sending broad/multicast
*Mar 1 00:47:47.487: IP: s=3.1.1.4 (Vlan3), d=224.0.0.2, len 48, rcvd 0
R3(config-if)#
*Mar 1 00:47:49.651: IP: s=3.1.1.3 (local), d=224.0.0.10 (Vlan3), len 60, sending broad/multicast
*Mar 1 00:47:50.183: IP: s=3.1.1.3 (local), d=224.0.0.2 (Vlan3), len 48, sending broad/multicast
*Mar 1 00:47:50.515: IP: s=3.1.1.4 (Vlan3), d=224.0.0.2, len 48, rcvd 0Hello showipinterface,
224.0.0.2 is the all routers multicast address, which is used for the HSRP hello packets.
Here is a link that has info for HSRP.
http://www.cisco.com/c/en/us/support/docs/ip/hot-standby-router-protocol-hsrp/9281-3.html
Hope this helps.
Maybe you are looking for
-
Last night as I was setting up the pin I got distracted and entered the wrong one, now I can't access my phone as I don't know what I entered. Is there anyway around this or do I have to wipe my phone and sign in with my Apple ID and restore from icl
-
I gave my daughter my original iPad when I upgraded to iPad2. I deleted iTunes and Quick Time from my computer thinking it would get rid of the old info from the original iPad. I reinstalled iTunes and Quick Time and tried synching my new iPad2. It
-
TS3988 'Valid Apple ID but not an Icloud account
I have downloaded iCloud onto my PC and when I try to sign in the following message appears 'This is a valid Apple ID but not an iCloud account.' What can I do? Thanks.
-
Upgraded MBPro hard drive, can't boot from hdd or dvd
Hey all, I got my mid-2010 15" Macbook Pro back from the Apple store a few days ago (they had replaced a faulty logic board). As the repair forced me to back up my data, I decided it was a good time to upgrade the size of my hard drive. I slapped a b
-
Regarding passing internal table data to D.B Table&DELETE statement in ABAP
Hi All, Can anybody tell me what is the exact syntax for following statement. <b>Get all records from table zppe0169_01 into an internal table-I_PO and delete duplicates for unique EBELN and EBELP</b> Can any body give syntax for the above. Thanks in