VPN "Destination Unreachable"
Trying to use VPN in Lion (to connect to a Lion Server I configured in another building), when I try to connect, it fails. Viewing console messages on the server shows my requests never arrived. So I used Wireshark to do a packet capture of en0 (my wifi is off). I think I have discovered the problem, but I don't know the solution. The packet capture shows the following error about 30 times in a row each time i try to enable VPN:
Source: 10.0.1.4
Destination: 10.0.1.1
Protocol: ICMP
Info: Destination unreachable (port unreachable)
10.0.1.4 is my Mac and 10.0.1.1 is my AEBS. Why would attempting to initiate VPN cause this error?
Ok, so your "in another building" reference was intended to indicate this is a remote connection, across the internet, and definitely across an insecure connection, and not (as I'd erroneously interpreted it) in a campus network at a somewhat larger school or business site. The "in another building" can be a reference to a different IP subnet within a larger organization's internal network.
All of which means you're not going to be using an IP router to bridge to an outer and trusted network; you'll want a gateway device, and you're probably also stuck with the morass that is NAT. And parts of what I've referenced earlier will be wrong for your requirements.
I'd guess that there's an IP routing configuration issue here. A bad subnet, or a bad gateway address, would be my initial suspicion.
As a first test, switch your iMac to the wireless connection, and see if that works. Get it using the same path as your iPad.
Unless you have a public static IP address, you'll (unfortunately) need NAT here (somewhere). But the question is whether your "modem" is actually a gateway device. Iis your Airport getting a private-block address from that modem device?
If you're getting a private-block address from the modem, then the modem has implemented NAT, or your ISP has implemented NAT gateway somewhere outside of your modem. For instance, AT&T Uverse implements a private NAT address on the "outside" of your local modem configuration, and this then leads to very specific (and somewhat weird) private network set-up requirements for that ISP.
What features does the modem have, and what access into its configuration are you permitted by your ISP?
If your modem is providing gateway features (some do), and particularly if it is providing DHCP and NAT services, then I'd switch the Airport to bridged mode (AP mode), and let the modem deal with NAT and DHCP for your network.
If your modem is providing DHCP and NAT, then switch your iMac to use what the modem is providing, and not what the Airport Express is providing.
Above all, you do NOT want double NAT here.
Though it probably won't help you for this specific modem (unless you can gain control of it directly or via the ISP), I prefer the following general configuration for connecting a small business network to the Internet, when the ISP requires a modem:
The wild and wooly of the Internet,
and which conects to modem (and the "dumber" the better; preferably a modem implemented as a "bridge" and not as a "router", and with as few features and capabilities as I can acquire from the ISP),
and the modem then connects to a gateway device I manage (and which is inherently also a router, and provides the NAT),
the gateway then connects to network switches if and as needed,
and the switch (or the gateway, if that has an embedded switch) connects to WiFi.
And I prefer the gateway implement the NAT and VPN here, and not the WiFi device nor the modem.
Similar Messages
-
JMS Module, Foreign Server: Destination unreachable
Hi,
In our OSB setup we have 2 weblogic domains (on RHEL5), one for hosting the OSB services and one that is used solely for the purpose of JMS messsaging.
Therefore we have configured a Foreign Server in our JMS Module on the OSB Domain with following config:
* JNDI Initial Context Factory: weblogic.jndi.WLInitialContextFactory
* JNDI Connection URL: t3://fsb-jms1-dev:7901,fsb-jms2-dev:7901
After deploying an EJB that makes use of this module we see following error in our log files every time when starting a Managed Server:
####<Jun 8, 2011 11:36:48 AM CEST> <Warning> <EJB> <esddev148> <osbms1> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <11d1def534ea1be0:-27013fcb:1306e9a12ac:-8000-0000000000000016> <13075
25808959> <BEA-010061> <The Message-Driven EJB: MessageLogWriter is unable to connect to the JMS destination: fsb.jms.MessageLoggingQueue. The Error was:
javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Could not establish a connection with 3499163233583403748S:fsb-jms1-dev:[7901,-1,-1,-1,-1,-1,-1]:fsb-jms1-dev:7901,fsb-jms2-dev:7901:jmsdevdomain:jmsms1, java
.rmi.ConnectException: Destination unreachable; nested exception is:
java.io.IOException: Empty server reply; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.io.IOException: Empty server reply; No available router to destination]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:64)
at weblogic.jndi.internal.WLContextImpl.translateException(WLContextImpl.java:470)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:426)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:411)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at weblogic.deployment.jms.ForeignOpaqueReference.getReferent(ForeignOpaqueReference.java:221)
at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:96)
at weblogic.jndi.internal.ServerNamingNode.resolveObject(ServerNamingNode.java:377)
at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:856)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:209)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:214)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:214)
at weblogic.jndi.internal.WLEventContextImpl.lookup(WLEventContextImpl.java:254)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:411)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at weblogic.jms.common.CDS$2.run(CDS.java:486)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.jms.common.CrossDomainSecurityManager.runAs(CrossDomainSecurityManager.java:131)
at weblogic.jms.common.CDS.lookupDestination(CDS.java:480)
at weblogic.jms.common.CDS.lookupDDAndCalloutListener(CDS.java:345)
at weblogic.jms.common.CDS.access$100(CDS.java:41)
at weblogic.jms.common.CDS$DDListenerRegistrationTimerListener.timerExpired(CDS.java:193)
at weblogic.timers.internal.TimerImpl.run(TimerImpl.java:273)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused by: java.rmi.ConnectException: Could not establish a connection with 3499163233583403748S:fsb-jms1-dev:[7901,-1,-1,-1,-1,-1,-1]:fsb-jms1-dev:7901,fsb-jms2-dev:7901:jmsdevdomain:jmsms1, java.rmi.ConnectException: Destination unreachab
le; nested exception is:
java.io.IOException: Empty server reply; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.io.IOException: Empty server reply; No available router to destination
at weblogic.rjvm.RJVMImpl.getOutputStream(RJVMImpl.java:352)
at weblogic.rjvm.RJVMImpl.getRequestStreamInternal(RJVMImpl.java:612)
at weblogic.rjvm.RJVMImpl.getRequestStream(RJVMImpl.java:563)
at weblogic.rjvm.RJVMImpl.getOutboundRequest(RJVMImpl.java:789)
at weblogic.rmi.internal.BasicRemoteRef.getOutboundRequest(BasicRemoteRef.java:159)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:341)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at weblogic.jndi.internal.ServerNamingNode_1034_WLStub.lookup(Unknown Source)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:423)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:412)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at weblogic.deployment.jms.ForeignOpaqueReference.getReferent(ForeignOpaqueReference.java:221)
at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:96)
at weblogic.jndi.internal.ServerNamingNode.resolveObject(ServerNamingNode.java:377)
at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:856)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:209)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:214)
at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:214)
at weblogic.jndi.internal.WLEventContextImpl.lookup(WLEventContextImpl.java:254)
at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:412)
at javax.naming.InitialContext.lookup(InitialContext.java:392)
at weblogic.jms.common.CDS$2.run(CDS.java:486)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.jms.common.CrossDomainSecurityManager.runAs(CrossDomainSecurityManager.java:131)
at weblogic.jms.common.CDS.lookupDestination(CDS.java:480)
at weblogic.jms.common.CDS.lookupDDAndCalloutListener(CDS.java:345)
at weblogic.jms.common.CDS.access$100(CDS.java:41)
at weblogic.jms.common.CDS$DDListenerRegistrationTimerListener.timerExpired(CDS.java:194)
... 4 more
Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
java.io.IOException: Empty server reply; No available router to destination
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:470)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:402)
at weblogic.rjvm.RJVMImpl.ensureConnectionEstablished(RJVMImpl.java:306)
at weblogic.rjvm.RJVMImpl.getOutputStream(RJVMImpl.java:350)
at weblogic.rjvm.RJVMImpl.getRequestStreamInternal(RJVMImpl.java:613)
... 30 more
>
I've allready ensured that the managed servers of the jms cluster are reachable by issuing a connect command from WLST (although making the connection can be time consuming)
wls:/offline> connect('weblogic','******','t3://fsb-jms1-dev:7901')
Connecting to t3://fsb-jms1-dev:7901 with userid weblogic ...
Successfully connected to managed Server 'jmsms1' that belongs to domain 'jmsdevdomain'.
Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.
wls:/jmsdevdomain/serverConfig> disconnect()
Disconnected from weblogic server: jmsms1
wls:/offline> connect('weblogic','******','t3://fsb-jms2-dev:7901')
Connecting to t3://fsb-jms2-dev:7901 with userid weblogic ...
Successfully connected to managed Server 'jmsms2' that belongs to domain 'jmsdevdomain'.
Warning: An insecure protocol was used to connect to the
server. To ensure on-the-wire security, the SSL port or
Admin port should be used instead.
In my search for a solution I've also read that this could be caused by a bad configured DNS server. Therefore I configured my /etc/nsswitch.conf file to contain only the property files under the parameter hosts.
Following is an extraction of my /etc/hosts file:
10.16.85.50 fsb-jms1-dev.localdomain fsb-jms1-dev
10.16.85.51 fsb-jms2-dev.localdomain fsb-jms2-dev
10.16.85.52 fsb-osb1-dev.localdomain fsb-osb1-dev
10.16.85.53 fsb-osb2-dev.localdomain fsb-osb2-dev
Does anybody have an idea how I can further debug this problem?
Kind Regards,
DavyMaybe this is of some help: http://www.bea-weblogic.com/namenotfoundexception-when-configuring-foreign-jms-server.html
-
Hi,
I have installed SOA server and BAM server on same localhost but while calling BAM adapter from the BPEL process it's throwing below error.
*<Jun 24, 2011 6:56:51 PM BST> <Error> <oracle.soa.bpel.engine.ws> <BEA-000000>*
*<got FabricInvocationException java.rmi.ConnectException: Destination unreachable; nested exception is: java.net.ConnectException: Connection refused; No available router to destination*
Here are my JNDI configuration :: eis/bam/rmi
HostName java.lang.String localhost
InstanceName java.lang.String ADCServer1
Password java.lang.String *******
PortNumber java.lang.String 9001
UserName java.lang.String weblogic
I have also tried with the eis/bam/soap but it is giving me
javax.xml.ws.WebServiceException: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Connection refused
Do i need to modify any configuration file in server?
Please suggest.
Thanks,
SagarHi,
I have installed SOA server and BAM server on same localhost but while calling BAM adapter from the BPEL process it's throwing below error.
*<Jun 24, 2011 6:56:51 PM BST> <Error> <oracle.soa.bpel.engine.ws> <BEA-000000>*
*<got FabricInvocationException java.rmi.ConnectException: Destination unreachable; nested exception is: java.net.ConnectException: Connection refused; No available router to destination*
Here are my JNDI configuration :: eis/bam/rmi
HostName java.lang.String localhost
InstanceName java.lang.String ADCServer1
Password java.lang.String *******
PortNumber java.lang.String 9001
UserName java.lang.String weblogic
I have also tried with the eis/bam/soap but it is giving me
javax.xml.ws.WebServiceException: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Connection refused
Do i need to modify any configuration file in server?
Please suggest.
Thanks,
Sagar -
I am new to weblogic, and have just installed Oracle Express, WLS, jDeveloper.
After running through the tutorial on 'Building a Web Application with JDeveloper 11g Using EJB, JAP, and JavaServerFaces', following all steps to the letter, I am able to make the DB connections alright, start the integrated server, but once I try running the HRFacadeBean in step 18, but it errors out.
It seems to me that the issue with recognizing the t3 protocol.
I have checked that 127.0.0.1:7101 is up and running as I get the welcome screen when I go to it and there are no errors listed on the server console screen in jDeveloper, but I get this trace in the log:
[EclipseLink/JPA Client] Adding Java options: -javaagent:C:\Oracle\Middleware\jdeveloper\..\modules\org.eclipse.persistence_1.0.0.0_2-0.jar
C:\Oracle\Middleware\jdk160_18\bin\javaw.exe -client -classpath C:\Oracle\Middleware\jdeveloper\myWork\.adf;C:\Oracle\Middleware\jdeveloper\myWork\EJBModel\classes;C:\Oracle\Middleware\modules\com.oracle.toplink_1.0.0.0_11-1-1-3-0.jar;C:\Oracle\Middleware\modules\org.eclipse.persistence_1.0.0.0_2-0.jar;C:\Oracle\Middleware\modules\com.bea.core.antlr.runtime_2.7.7.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.toplink_11.1.1\javax.persistence_2.0_preview.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.xdk_11.1.0\xmlparserv2.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.xdk_11.1.0\xml.jar;C:\Oracle\Middleware\modules\javax.jsf_1.0.0.0_1-2.jar;C:\Oracle\Middleware\modules\javax.ejb_3.0.1.jar;C:\Oracle\Middleware\modules\javax.enterprise.deploy_1.2.jar;C:\Oracle\Middleware\modules\javax.interceptor_1.0.jar;C:\Oracle\Middleware\modules\javax.jms_1.1.1.jar;C:\Oracle\Middleware\modules\javax.jsp_1.1.0.0_2-1.jar;C:\Oracle\Middleware\modules\javax.jws_2.0.jar;C:\Oracle\Middleware\modules\javax.activation_1.1.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.mail_1.1.0.0_1-4-1.jar;C:\Oracle\Middleware\modules\javax.xml.soap_1.3.1.0.jar;C:\Oracle\Middleware\modules\javax.xml.rpc_1.2.1.jar;C:\Oracle\Middleware\modules\javax.xml.ws_2.1.1.jar;C:\Oracle\Middleware\modules\javax.management.j2ee_1.0.jar;C:\Oracle\Middleware\modules\javax.resource_1.5.1.jar;C:\Oracle\Middleware\modules\javax.servlet_1.0.0.0_2-5.jar;C:\Oracle\Middleware\modules\javax.transaction_1.0.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.xml.stream_1.1.1.0.jar;C:\Oracle\Middleware\modules\javax.security.jacc_1.0.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.xml.registry_1.0.0.0_1-0.jar;C:\Oracle\Middleware\modules\javax.persistence_1.0.0.0_1-0-2.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic.jar -Djavax.net.ssl.trustStore=C:\Oracle\Middleware\wlserver_10.3\server\lib\DemoTrust.jks -javaagent:C:\Oracle\Middleware\jdeveloper\..\modules\org.eclipse.persistence_1.0.0.0_2-0.jar -Dhttp.proxyHost=proxy.ulalaunch.com -Dhttp.proxyPort=80 -Dhttp.nonProxyHosts= -Dhttps.proxyHost=proxy.ulalaunch.com -Dhttps.proxyPort=80 -Dhttps.nonProxyHosts= oracle.HRFacadeClient
javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3://127.0.0.1:7101: Destination unreachable; nested exception is:
java.io.IOException: Empty server reply; No available router to destination]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:787)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:368)
at weblogic.jndi.Environment.getContext(Environment.java:315)
at weblogic.jndi.Environment.getContext(Environment.java:285)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at oracle.HRFacadeClient.getInitialContext(HRFacadeClient.java:58)
at oracle.HRFacadeClient.main(HRFacadeClient.java:13)
Caused by: java.net.ConnectException: t3://127.0.0.1:7101: Destination unreachable; nested exception is:
java.io.IOException: Empty server reply; No available router to destination
at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:216)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:153)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:353)
... 9 more
Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
java.io.IOException: Empty server reply; No available router to destination
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:464)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:315)
at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:254)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:197)
at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
... 12 more
Process exited with exit code 0.Hi,
I guess the problem is with below information but I do not know from where they came!? maybe in the jdeveloper you have set the proxy or maybe your localhost is not bind to 127.0.0.1 and you must use your computer name.
Dhttp.proxyHost=proxy.ulalaunch.com -Dhttp.proxyPort=80 -Dhttp.nonProxyHosts= -Dhttps.proxyHost=proxy.ulalaunch.com -Dhttps.proxyPort=80 -Dhttps.nonProxyHosts= oracle.HRFacadeClient -
Destination unreachable; nested exception
Environment:
JDeveloper 11.1.1.3.0
Build JDEVADF_11.1.1.3.PS2_GENERIC_100408.2356.5660
Oracle 12.1.1
JDK 1.6
I got this exception on the '23rd' step of this tutorial
http://www.oracle.com/technology/obe/obe11jdev/ps1/ejb/ejb.html
Thanks for your help.
[EclipseLink/JPA Client] Adding Java options: -javaagent:C:\Oracle\Middleware\jdeveloper\..\modules\org.eclipse.persistence_1.0.0.0_2-0.jar
C:\Oracle\Middleware\jdk160_18\bin\javaw.exe -client -classpath C:\JDeveloper\mywork\HR_EJB_JPA_APP\.adf;C:\JDeveloper\mywork\HR_EJB_JPA_APP\EJBModel\classes;C:\Oracle\Middleware\modules\com.oracle.toplink_1.0.0.0_11-1-1-3-0.jar;C:\Oracle\Middleware\modules\org.eclipse.persistence_1.0.0.0_2-0.jar;C:\Oracle\Middleware\modules\com.bea.core.antlr.runtime_2.7.7.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.toplink_11.1.1\javax.persistence_2.0_preview.jar;C:\Oracle\Middleware\modules\javax.jsf_1.0.0.0_1-2.jar;C:\Oracle\Middleware\modules\javax.ejb_3.0.1.jar;C:\Oracle\Middleware\modules\javax.enterprise.deploy_1.2.jar;C:\Oracle\Middleware\modules\javax.interceptor_1.0.jar;C:\Oracle\Middleware\modules\javax.jms_1.1.1.jar;C:\Oracle\Middleware\modules\javax.jsp_1.1.0.0_2-1.jar;C:\Oracle\Middleware\modules\javax.jws_2.0.jar;C:\Oracle\Middleware\modules\javax.activation_1.1.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.mail_1.1.0.0_1-4-1.jar;C:\Oracle\Middleware\modules\javax.xml.soap_1.3.1.0.jar;C:\Oracle\Middleware\modules\javax.xml.rpc_1.2.1.jar;C:\Oracle\Middleware\modules\javax.xml.ws_2.1.1.jar;C:\Oracle\Middleware\modules\javax.management.j2ee_1.0.jar;C:\Oracle\Middleware\modules\javax.resource_1.5.1.jar;C:\Oracle\Middleware\modules\javax.servlet_1.0.0.0_2-5.jar;C:\Oracle\Middleware\modules\javax.transaction_1.0.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.xml.stream_1.1.1.0.jar;C:\Oracle\Middleware\modules\javax.security.jacc_1.0.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.xml.registry_1.0.0.0_1-0.jar;C:\Oracle\Middleware\modules\javax.persistence_1.0.0.0_1-0-2.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic.jar;C:\Oracle\Middleware\wlserver_10.3\server\ext\jdbc\oracle\11g\ojdbc6.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-collation.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-lcsd.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-mapping.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-servlet.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-translation.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-utility.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.odl_11.1.1\ojdl.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.dms_11.1.1\dms.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.idm_11.1.1\identitystore.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.model_11.1.1\adfm.jar;C:\Oracle\Middleware\oracle_common\modules\groovy-all-1.6.3.jar;C:\Oracle\Middleware\jdeveloper\adfdt\lib\adf-dt-at-rt.jar;C:\Oracle\Middleware\jdeveloper\adfdt\lib\adf-transactions-dt.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.model_11.1.1\adfdt_common.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.xdk_11.1.0\xmlparserv2.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.model_11.1.1\db-ca.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.model_11.1.1\jdev-cm.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.ldap_11.1.1\ojmisc.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\commons-el.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\jsp-el-api.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\oracle-el.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.security_11.1.1\adf-share-security.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.security_11.1.1\adf-controller-security.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\adf-share-support.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share.ca_11.1.1\adf-share-ca.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share.ca_11.1.1\adf-share-base.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\adflogginghandler.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.xmlef_11.1.1\xmlef.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.bali.share_11.1.1\share.jar;C:\Oracle\Middleware\modules\com.bea.core.apache.xercesImpl_2.8.1.jar;C:\Oracle\Middleware\modules\glassfish.jaxb_1.0.0.0_2-1-9.jar;C:\Oracle\Middleware\modules\javax.xml.bind_2.1.1.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.xdk_11.1.0\xml.jar -Djavax.net.ssl.trustStore=C:\Oracle\Middleware\wlserver_10.3\server\lib\DemoTrust.jks -javaagent:C:\Oracle\Middleware\jdeveloper\..\modules\org.eclipse.persistence_1.0.0.0_2-0.jar oracle.MovieFacadeClient
javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3://127.0.0.1:7101: Destination unreachable; nested exception is:
java.net.ConnectException: Connection refused: connect; No available router to destination]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:787)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:368)
at weblogic.jndi.Environment.getContext(Environment.java:315)
at weblogic.jndi.Environment.getContext(Environment.java:285)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.InitialContext.<init>(InitialContext.java:197)
at oracle.MovieFacadeClient.getInitialContext(MovieFacadeClient.java:49)
at oracle.MovieFacadeClient.main(MovieFacadeClient.java:13)
Caused by: java.net.ConnectException: t3://127.0.0.1:7101: Destination unreachable; nested exception is:
java.net.ConnectException: Connection refused: connect; No available router to destination
at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:216)
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:153)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:353)
... 9 more
Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.ConnectException: Connection refused: connect; No available router to destination
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:464)
at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:315)
at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:254)
at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:197)
at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
... 12 more
Process exited with exit code 0.
Edited by: user13272654 on Jun 18, 2010 5:02 PMBasically, it can't find the server.
Is the server running?
configured to listen on localhost?
try 3://127.0.0.1:7001 instead.
Check the port the server is listening on.
Pete -
Destination unreachable exception ..???
Dear Sirs/Madam,
While restarting web logic managed servers in a clusters; we encountered below shown errors:
"avax.naming.CommunicationException. Root exception is java.net.ConnectException: t3://myservername.com:8100: Destination unreachable; nested exception is:
java.net.ConnectException: Connection refused; No available router to destination"
We are running 4 managed servers in one cluster. One cluster spans 2 physical servers. Thus each box has 2 managed servers.
The cluster is running on weblogic 7.x on hpux 11i.
Please suggest what are the possible root cause of this exception and what are the mitigations ?
Thanks,
ShivBasically, it can't find the server.
Is the server running?
configured to listen on localhost?
try 3://127.0.0.1:7001 instead.
Check the port the server is listening on.
Pete -
PXE DHCP ICMP:Destination Unreachable Message
Hi
I have a question regarding PXE and DHCP. Is it possible to ping a machine, which is in PXE boot with a DHCP address and able to access my SCCM server? Unfortunately i cannot ping the machine and in network traffic i see:
12913 17:00:17 01.04.2015 759.8323064 SRV-SCCMDP-501 <00> 172.16.10.66 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:228}
No firewall between the machines and is the same subnet.
Thank you in AdvanceHi Torsten
Thank you for your reply. I'm in hardware pxe, so no firewall is active.
Here is the network traffic:
1525597 11:55:38 02.04.2015 68880.5266514 172.16.10.25 SRV-SCCMDP-501 TFTP TFTP: Read Request - File: SMSBoot\x64\wdsnbp.com, Transfer Mode: octet tsize: 0 {UDP:1483, IPv4:1477}
1525598 11:55:38 02.04.2015 68880.5266948 SRV-SCCMDP-501 172.16.10.25 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:1477}
1525701 11:55:44 02.04.2015 68886.5143787 172.16.10.25 SRV-SCCMDP-501 TFTP TFTP: Read Request - File: SMSBoot\x64\wdsnbp.com, Transfer Mode: octet tsize: 0 {UDP:1488, IPv4:1477}
1525702 11:55:44 02.04.2015 68886.5144115 SRV-SCCMDP-501 172.16.10.25 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:1477}
I'm lost.... -
Error with SessionBeans:Destination Unreachable
Hi all,
I'm trying to develop a simple Session Bean using Weblogic 8.1.
While deploying i got message as ejbc successful.
But while running client application i got following error.
Please anyone help to resolve this.
Thanks,
latha
E:\slsb>java Client
Exception in thread "main" javax.naming.CommunicationException [Root exception i
s java.net.ConnectException: t3://raghu:7001: Destination unreachable; neste
d exception is:
java.net.SocketException: Invalid argument: connect; No available router
to destination]
at weblogic.jndi.internal.ExceptionTranslator.toNamingException(Exceptio
nTranslator.java:47)
at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLIni
tialContextFactoryDelegate.java:636)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:306)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:239)
at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialCont
extFactory.java:135)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
62)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at Client.main(Client.java:12)
Caused by: java.net.ConnectException: t3://localhost:7001: Destination unreachab
le; nested exception is:
java.net.SocketException: Invalid argument: connect; No available router
to destination
at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:199)
at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
tialContextFactoryDelegate.java:296)
... 7 morePlease check the following:
1. Check whether the weblogic is running on the localhost.
2. Check the port address is right or wrong
(I have never used weblogic so I can't tell you how to check it, if you don't know then browse the google)
3. Change the server name to 127.0.0.1 in the client code.
If the server is running perfectly at 127.0.0.1:7001 then there should be no problem. So check this constraints first.
Note: I have used Websphere there are lots of ports, the one I need for lookup in websphere is the BOOTSTRAP_ADDRESS. There are many other ports also. In websphere one can create multiple profile and for that profil;e this prot address varies from 2809,2810... etc.. I don't know whether in weblogic it is called as BOOTSTRAP_ADDRESS or not. But you have ensure that the particular port for weblogic (to perform lookup) is 7001 in your m/c. Please search through google for getting information on how to know the port in weblogic. -
ICMPv6 Destination Unreachable (no route to the destination)
I deployed an IPv6 multicast using EIGRP for IPv6, hosts within the network can ping each other and multicast address (FF08::6678 and FF0E::6678); routers can see all routes in the network. However, when video is streamed from server by VLC, client cannot see the SAP announcement. Packets have been captured by Wireshark, there is an error message of ICMPv6 Destination Unreachable (no route to the destination) with the source address of the server and destination address of the client. The cable, EIGRPv6, ping command have been checked. I cannot find the fault why there is such a problem.
Could you please give me advice on the issue.Try opening the file /etc/ssh_config from the terminal (you will need to use sudo) with the editor of your choice... eg:
sudo emacs /etc/ssh_config
Add the following lines to the end:
AddressFamily inet
BindAddress x.x.x.x
where x.x.x.x is the IP address of your computer behind your router (I use static IPs for consistent results).
Save and see if you don't have better luck with ssh. -
Raw Socket always drop packets and return Destination Unreachable
Ho folks,
I have an application program that opens a raw socket to expect for UDP message incoming from the network.
However everytime I receive a package the Solaris 10 OS return a ICMP - Destination (port) unreachable, and no message
is send to my application.
I did test the same application in linux and it worked well, all that I have to do was disable ICMP responses using iptables.
Just to make things clear:
In linux the OS was sending the ICMP - Destionation (port) unreachable, however my program was
receiving the packets anyway. So just to stop those messages I did use the iptables. However, in
Solaris 10 the ICMP response is sending back and no message is forward to my application.
Would your guys help me to solve that?
Thanks in advanceFolks, here I go again...:-)
I have been spent some time, trying to figure out why it is not work. I read in books and internet, that BSD raw sockets DO NOT allow us to receive TCP/UDP packages. However the linux implementation DOES allow. That is because it work in linux but not in solaris.
Given that, such information is 100% true (book: Unix NetworkProgramming, 3rd edition), I would like to ask your guys what I can do to solve my problem.
Basically what I need is create an application that:
1) Allows to bind thousand of sockets at the same time (it is a media server that handles thousand of RTP connections)
This I believe I can do using socket multiplexing (e.g. select() )
2) Read not only the packet data, I need to retrieve the whole packet address (including IP, UDP, Upper Layers...)
When using SOCK_DGRAM with IPPROTO_UDP, I can get the messages but I can't get the IP header
3) Uses something like raw socket to send messages, here I believe I can use raw socket with no problem, is just sending messages
Thanks and Regards -
Udp client: destination port unreachable question
Hello,
I used "trivial" UDPClient / Server example to send datagrams from one local interface (eth1) on my Linux box to Datagram server on yhe host not included into local routing table and I tried to capture outgoing udp traffic on interface eth1. I've got IOException
"ICMP: destination unreachable" and I only could capture outgoing
packets on loopback interface ( with Ethereal). Can someone help to
resolve my confusion: I thought UDP is "connectionless", e.g. will be
sent regardless. What does ICMP have to do with it and why does this
traffic appear on loopback interface?
Thank you,If you are using a specific destination it still has to route.
-
Problems accessing 1 remote desktop when connected with VPN
Hi everyone,
I have an ASA 5505 and have a problem where when I connect through VPN I can RDP into a server using its internal address but I cannot RDP to another server using its internal address.
The one I can connect to has an IP of 192.168.2.10 and the one I cannot connect to has an IP of 192.168.2.11 on port 3390.
Both rules are configured exactly the same except for the IP addresses and I cannot see why I cannot connect to this one server.
I am also able to connect to my camera system with an IP 192.168.2.25 on port 37777 and able to ping any other device on the internal network.
I've also tried pinging it and telneting to port 3390 with no success.
Here is the config.
ASA Version 8.4(4)1
interface Ethernet0/0
switchport access vlan 3
interface Ethernet0/1
interface Ethernet0/2
switchport access vlan 2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan2
nameif inside
security-level 100
ip address 192.168.2.2 255.255.255.0
interface Vlan3
nameif outside
security-level 0
ip address 10.1.1.1 255.255.255.0
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network CTSG-LAN-OUT
range 10.1.1.10 10.1.1.49
object network CTSG-LAN-IN
subnet 192.168.2.0 255.255.255.0
object service RDP3389
service tcp destination eq 3389
description To DC
object network SERVER-IN
host 192.168.2.10
object network SERVER-OUT
host 10.1.1.50
object network CAMERA-IN-TCP
host 192.168.2.25
object network CAMERA-OUT
host 10.1.1.51
object service CAMERA-TCP
service tcp destination eq 37777
object network SERVER-Virt-IN
host 192.168.2.11
object network SERVER-Virt-OUT
host 10.1.1.52
object service RDP3390
service tcp destination eq 3390
description To VS for Master
object network CAMERA-IN-UDP
host 192.168.2.25
object service CAMERA-UDP
service udp destination eq 37778
object network CTSG-LAN-OUT-VPN
subnet 10.1.1.128 255.255.255.128
object network SERVER-Virt-IN-VPN
host 192.168.2.11
object network SERVER-IN-VPN
host 192.168.2.10
object network CAMERA-IN-VPN
host 192.168.2.25
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list AnyConnect_Client_Local_Print extended deny ip any any
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
access-list AnyConnect_Client_Local_Print remark Windows' printing port
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
access-list inside1_access_in remark Implicit rule: Permit all traffic to less secure networks
access-list inside1_access_in extended permit ip any any
access-list outside_access_in extended permit object RDP3389 any host 192.168.2.10
access-list outside_access_in extended permit object RDP3390 any host 192.168.2.11
access-list outside_access_in extended permit object CAMERA-TCP any host 192.168.2.25
access-list outside_access_in extended permit object CAMERA-UDP any host 192.168.2.25
pager lines 24
logging enable
logging buffer-size 10240
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool RAVPN 10.1.1.129-10.1.1.254 mask 255.255.255.128
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat (inside,outside) source static SERVER-IN-VPN SERVER-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
nat (inside,outside) source static CAMERA-IN-VPN CAMERA-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
nat (inside,outside) source static SERVER-Virt-IN-VPN SERVER-Virt-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
object network CTSG-LAN-IN
nat (inside,outside) dynamic interface
object network SERVER-IN
nat (inside,outside) static SERVER-OUT service tcp 3389 3389
object network CAMERA-IN-TCP
nat (inside,outside) static CAMERA-OUT service tcp 37777 37777
object network SERVER-Virt-IN
nat (inside,outside) static SERVER-Virt-OUT service tcp 3390 3390
access-group inside1_access_in in interface inside
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.1.1.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP
-DES-SHA ESP-DES-MD5
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto ca trustpoint ASDM_TrustPoint0
enrollment terminal
subject-name CN=SACTSGRO
crl configure
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication crack
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 20
authentication rsa-sig
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 30
authentication pre-share
encryption aes-256
hash sha
group 2
lifetime 86400
crypto ikev1 policy 40
authentication crack
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 50
authentication rsa-sig
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 60
authentication pre-share
encryption aes-192
hash sha
group 2
lifetime 86400
crypto ikev1 policy 70
authentication crack
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 80
authentication rsa-sig
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 90
authentication pre-share
encryption aes
hash sha
group 2
lifetime 86400
crypto ikev1 policy 100
authentication crack
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 110
authentication rsa-sig
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 120
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 130
authentication crack
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 140
authentication rsa-sig
encryption des
hash sha
group 2
lifetime 86400
crypto ikev1 policy 150
authentication pre-share
encryption des
hash sha
group 2
lifetime 86400
telnet 192.168.2.0 255.255.255.0 inside
telnet timeout 15
ssh 192.168.2.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
ssh key-exchange group dh-group1-sha1
console timeout 15
dhcpd auto_config inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password xxxxx encrypted privilege 15
username admin attributes
vpn-group-policy DfltGrpPolicy
tunnel-group CTSGRA type remote-access
tunnel-group CTSGRA general-attributes
address-pool RAVPN
tunnel-group CTSGRA ipsec-attributes
ikev1 pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect icmp
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:0140431e7642742a856e91246356e6a2
: end
Thanks for your helpOk,
So you basically have configured the router so that you can connect directly to the ASA using the Cisco VPN Client. And also the objective was to in the end only allow traffic to the LAN through the VPN Client connection ONLY.
It would seem to me to achieve that, you would only need the following NAT configurations
VPN Client NAT0 / NAT Exempt / Identity NAT
object network LAN
subnet 192.168.2.0 255.255.255.0
object network VPN-POOL
subnet 10.1.1.128 255.255.255.128
nat (inside,outside) source static LAN LAN destination static VPN-POOL VPN-POOL
The purpose of the above NAT configuration is simply to tell the ASA that dont do any kind of NAT when there is traffic between the LAN network of 192.168.2.0/24 and the VPN Pool of 10.1.1.128/25. This way if you have any additional hosts on the LAN that need to be connected to, you wont have to make any form of changes to the NAT configurations for the VPN client users. You just allow the connections in the ACL (explained later below)
Default PAT
object-group network DEFAULT-PAT-SOURCE
network-object 192.168.2.0 255.255.255.0
nat (inside,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
This configurations purpose is just to replace the earlier Dynamic PAT rule on the ASA. I guess your router will be doing the translation from the ASA "outside" interface IP address to the routers public IP address and this configuration should therefore allow normal Internet usage from the LAN.
I would suggest removing all the other NAT configuration before adding these.
Controlling VPN clients access to internal resources
Also I assume that your current VPN client is configured as Full Tunnel. In other words it will tunnel all traffic to the the VPN connection while its active?
To control the traffic coming from the VPN Client users I would suggest that you do the following
Configure "no sysopt connection permit-vpn" This will change the ASA operation so that connections coming through a VPN connections ARE NOT allowed by default to bypass the "outside" interface ACL. Therefore after this change you can allow the connections you need in the "outside" interface ACL.
Configure any rules you need regarding the VPN client connections to the "outside" interface ACL. Though I guess they already exist since you are connecting there without the VPN also
I cant guarantee this with 100% certainty but it would seem to me that the above things should get you to the point where you can access the internal resources ONLY after when you have connected to the ASA through the VPN client connection. Naturally take precautions like configuration backups if you are going to do major configuration changes. Also if you are remotely managing the ASA then you also have the option to configure a timer on the ASA after which it will automatically reload. This could help in situations where a missconfiguration breaks you management connection and you have no other way to connect remotely. Then the ASA would simply reboot after the timer ran out and also reboot with the original configuration (provided you hadnt saved anything in between)
Why are you using a different port for the other devices RDP connection? I can understand it if its used through the Internet but if the RDP connection would be used through the VPN Client only then I dont think there is no need to manipulate the default port of 3389 on the server or on the ASA.
Also naturally if there is something on the actual server side preventing these connections then these configuration changes might not help at all.
Let me know if I have understood something wrong
- Jouni -
VPN 3002 Statistics Showing errors
Overview: Several times a day connectivity is dropped between remote office and home office. 3002 Statistics show the following errors:
In IP Statistics:
Outbound Packets with No Route 11816
Fragmentation Failure 2020
ICMP Statistics:
Destination Unreachable rx 1 tx 11825
SMMP Statistics:
Bad Community String 1
***Private speed from VPN3002 to Switch is 100mb Full.....Public Speed is 10mb half. The Public Side is set to auto detect due to router configuration.
Any ideas?As I see Fragmentation Failure 2020 this seems to be an issue with fragmentation. Try increasing the MTU size. To generally largest MTU size on a path use ping -f -l . http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3002/4_0/referenc/interfa.htm#1002870
-
ASA IPsec Remote Access VPN | NAT Question
We have a situation where a company that needs remote VPN access to our network is having an IP conflict with our subnet. I know this is a common issue and can often be resolved on the client side by changing the metirc on the network interface, but I am looking for a better solution on our end so I do not have to suggest workarounds.
Part of the problem is likely that our subnet is "too big", but I'm not going to be changing that now.
We are using 10.0.0.0/24 and the remote is using 10.0.11.0/24 and 10.1.0.0./16
I played around with some NAT rules and feel that I am missing something I am looking for suggestions, please.
Thank you.Hi,
This depends on your ASA firewalls software version and partly on its current NAT configurations.
I presume the following
Interfaces "inside" and "outside"
VPN Pool network of 10.10.100.0/24 (or some 192/172 network)
Software 8.2 and below
access-list VPN-POLICYNAT remark Static Policy NAT for VPN Client
access-list VPN-POLICYNAT permit ip 10.0.0.0 255.255.255.0 10.10.100.0 255.255.255.0
static (inside,outside) 192.168.10.0 access-list VPN-POLICYNAT
Key things to keep in mind with this software level is that if any of our internal hosts on the network 10.0.0.0/24 also have a "static" configuration that binds their local IP address to a public IP address then you might have to insert the above configuration and then remove the original "static" command and enter it back again.
This will change the order or the "static" commands so that the original "static" command wont override this new configuration as they are processed in order they are inserted to the configuration. The remove/add part is just to change their order in the configuration
Software 8.3 and above
object network LAN
subnet 10.0.0.0 255.255.255.0
object network LAN-VPN
subnet 192.168.10.0 255.255.255.0
object-group network VPN-POOL
subnet 10.10.100.0 255.255.255.0
nat (inside,outside) 1 source static LAN LAN-VPN destination static VPN-POOL VPN-POOL
In the above configuration we do the same as in the older software versions configuration but we have the number "1" in the "nat" configuration which places it at the very top of your NAT configurations and therefore it applies. No need to remove any existing configuration and enter them again like in the old software
In addition to the above NAT configuration you naturally have to make sure that the traffic to the NATed LAN network goes to the VPN. So if using Split Tunnel the NAT network needs to be added to the VPN ACL. If using Full Tunnel then naturally everything should already be coming through the VPN. I imagine though that you are using Split Tunnel, or?
Hope this helps
Please do remember to mark a reply as the correct answer if it answered your question.
Feel free to ask more if needed
- Jouni -
JMSAn error occurred while forwarding a message for distributed destination
Hi,
i have getting issue with JMS Server delivery fail, below is the errors
####<Aug 24, 2012 2:03:54 PM CDT> <Warning> <JMS> < <[ACTIVE] ExecuteThread: '20' for queue: 'weblogic.kernel.Default
(self-tuning)'> <<WLS Kernel>> <BEA1-0979336B7FF44582D27D> <> <1345835034568> <BEA-040498> <An error occurred while forwarding a message for distribute
d destination member SystemModule-0!d4a JMS Server@D Distributed Topic: weblogic.messaging.dispatcher.DispatcherException: java.rmi.RemoteExcepti
on: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:d:d4a, java.rmi.ConnectException: Destina
tion unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:d:d4a, jav
a.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination
weblogic.messaging.dispatcher.DispatcherException: java.rmi.RemoteException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[
8011,8011,-1,-1,-1,-1,-1]:d:d4a, java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:d:d4a, jav
a.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination
at weblogic.messaging.dispatcher.DispatcherWrapperState.dispatchAsync(DispatcherWrapperState.java:155)
at weblogic.jms.dispatcher.DispatcherAdapter.dispatchAsync(DispatcherAdapter.java:84)
at weblogic.jms.backend.BEForwardingConsumer$1.run(BEForwardingConsumer.java:492)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.jms.backend.BEForwardingConsumer.processMessages(BEForwardingConsumer.java:488)
at weblogic.jms.backend.BEForwardingConsumer.pushMessages(BEForwardingConsumer.java:300)
at weblogic.messaging.util.DeliveryList.run(DeliveryList.java:256)
at weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run(ServerWorkManagerImpl.java:518)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
java.rmi.RemoteException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:d:d4a, java.rmi.Con
nectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, jav
a.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
####<Aug 24, 2012 2:03:54 PM CDT> <Warning> <JMS> <dal604se113com> <a> <[ACTIVE] ExecuteThread: '20' for queue: 'weblogic.kernel.Default
(self-tuning)'> <<WLS Kernel>> <BEA1-0979336B7FF44582D27D> <> <1345835034568> <BEA-040498> <An error occurred while forwarding a message for distribute
d destination member SystemModule-0!d4a JMS Server@D Distributed Topic: weblogic.messaging.dispatcher.DispatcherException: java.rmi.RemoteExcepti
on: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, java.rmi.ConnectException: Destina
tion unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:dsa, jav
a.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination
weblogic.messaging.dispatcher.DispatcherException: java.rmi.RemoteException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[
8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, jav
a.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination
at weblogic.messaging.dispatcher.DispatcherWrapperState.dispatchAsync(DispatcherWrapperState.java:155)
at weblogic.jms.dispatcher.DispatcherAdapter.dispatchAsync(DispatcherAdapter.java:84)
at weblogic.jms.backend.BEForwardingConsumer$1.run(BEForwardingConsumer.java:492)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.jms.backend.BEForwardingConsumer.processMessages(BEForwardingConsumer.java:488)
at weblogic.jms.backend.BEForwardingConsumer.pushMessages(BEForwardingConsumer.java:300)
at weblogic.messaging.util.DeliveryList.run(DeliveryList.java:256)
at weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run(ServerWorkManagerImpl.java:518)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
java.rmi.RemoteException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, java.rmi.Con
nectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, jav
a.rmi.ConnectException: Destination unreachable; nested exception is:
java.net.SocketException: Connection reset; No available router to destination; nested exception is:
java.rmi.ConnectException: Destination unreachable; nested exception is:
Edited by: Ikhan on Aug 29, 2012 4:00 AM
Edited by: Ikhan on Aug 29, 2012 4:01 AMThe distributed topic forwarders replicate messages to every member of a "replicated distributed topic". They will report errors if intra-cluster communication is interrupted or if servers in the cluster shut down. I recommend checking your server logs to see if other errors/warnings exist, and, if you suspect an intra-cluster communication problem, consulting the cluster troubleshooting guide(s) in the edoc.
Most newer apps (apps hosted on versions 10.3.4 or higher) should consider using the new "partitioned distributed topics" instead of "replicated distributed topics". These don't use forwarders and scale better.
HTH,
Tom
Maybe you are looking for
-
My Apple bluetooth keyboard no longer connects to my Macbook Pro
My wireless keyboard no longer connects to my Macbook using Bluetooth. I've put in fresh batteries, checked the on/off switch, and attempted to connected using system dialog. Also tried turning Bluetooth off and on. Nothing works. Wireless trackpad w
-
Differences between Oracle and Oracle Rdb.
My background is mainly VMS, and so I have grown up (since 1984) with DEC Rdb (now Oracle Rdb). I am starting to get into Oracle, and therefore, starting to learn the subtle differences. With this in mind could someone educate me as to the default tr
-
InDesign CS5.5 Export to PDF fails how to fix?
Using InDesign CS5 to creat a portfolio, all layed out and ready to print but when I export to PDF it takes a long time and then fails. What am I doing wrong?
-
I am wondering if anyone else has encountered Multicast problems with Windows XP. I think I am, and believe these issues are preventing the servers in my clusters from syncing their JNDI tree bindings. I notice
-
How to create a Sequence;
Hi All, I have a master block and child block; I need to create sequence number in child block like 1 2 3 4 Line # 1....date1.....12...... 2....date2.....xxx.... 3....xxx........xxx.... 4.......... When i create new customer and its detail it should