VPN "Destination Unreachable"

Trying to use VPN in Lion (to connect to a Lion Server I configured in another building), when I try to connect, it fails. Viewing console messages on the server shows my requests never arrived. So I used Wireshark to do a packet capture of en0 (my wifi is off). I think I have discovered the problem, but I don't know the solution. The packet capture shows the following error about 30 times in a row each time i try to enable VPN:
Source: 10.0.1.4
Destination: 10.0.1.1
Protocol: ICMP
Info: Destination unreachable (port unreachable)
10.0.1.4 is my Mac and 10.0.1.1 is my AEBS. Why would attempting to initiate VPN cause this error?

Ok, so your "in another building" reference was intended to indicate this is a remote connection, across the internet, and definitely across an insecure connection, and not (as I'd erroneously interpreted it) in a campus network at a somewhat larger school or business site.  The "in another building" can be a reference to a different IP subnet within a larger organization's internal network.
All of which means you're not going to be using an IP router to bridge to an outer and trusted network; you'll want a gateway device, and you're probably also stuck with the morass that is NAT.  And parts of what I've referenced earlier will be wrong for your requirements.
I'd guess that there's an IP routing configuration issue here.  A bad subnet, or a bad gateway address, would be my initial suspicion.
As a first test, switch your iMac to the wireless connection, and see if that works.  Get it using the same path as your iPad.
Unless you have a public static IP address, you'll (unfortunately) need NAT here (somewhere).  But the question is whether your "modem" is actually a gateway device. Iis your Airport getting a private-block address from that modem device?
If you're getting a private-block address from the modem, then the modem has implemented NAT, or your ISP has implemented NAT gateway somewhere outside of your modem.  For instance, AT&T Uverse implements a private NAT address on the "outside" of your local modem configuration, and this then leads to very specific (and somewhat weird) private network set-up requirements for that ISP.
What features does the modem have, and what access into its configuration are you permitted by your ISP?
If your modem is providing gateway features (some do), and particularly if it is providing DHCP and NAT services, then I'd switch the Airport to bridged mode (AP mode), and let the modem deal with NAT and DHCP for your network.
If your modem is providing DHCP and NAT, then switch your iMac to use what the modem is providing, and not what the Airport Express is providing.
Above all, you do NOT want double NAT here.
Though it probably won't help you for this specific modem (unless you can gain control of it directly or via the ISP), I prefer the following general configuration for connecting a small business network to the Internet, when the ISP requires a modem:
The wild and wooly of the Internet,
and which conects to modem (and the "dumber" the better; preferably a modem implemented as a "bridge" and not as a "router", and with as few features and capabilities as I can acquire from the ISP),
and the modem then connects to a gateway device I manage  (and which is inherently also a router, and provides the NAT),
the gateway then connects to network switches if and as needed,
and the switch (or the gateway, if that has an embedded switch) connects to WiFi.
And I prefer the gateway implement the NAT and VPN here, and not the WiFi device nor the modem.

Similar Messages

  • JMS Module, Foreign Server: Destination unreachable

    Hi,
    In our OSB setup we have 2 weblogic domains (on RHEL5), one for hosting the OSB services and one that is used solely for the purpose of JMS messsaging.
    Therefore we have configured a Foreign Server in our JMS Module on the OSB Domain with following config:
    * JNDI Initial Context Factory: weblogic.jndi.WLInitialContextFactory
    * JNDI Connection URL: t3://fsb-jms1-dev:7901,fsb-jms2-dev:7901
    After deploying an EJB that makes use of this module we see following error in our log files every time when starting a Managed Server:
    ####<Jun 8, 2011 11:36:48 AM CEST> <Warning> <EJB> <esddev148> <osbms1> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <11d1def534ea1be0:-27013fcb:1306e9a12ac:-8000-0000000000000016> <13075
    25808959> <BEA-010061> <The Message-Driven EJB: MessageLogWriter is unable to connect to the JMS destination: fsb.jms.MessageLoggingQueue. The Error was:
    javax.naming.CommunicationException [Root exception is java.rmi.ConnectException: Could not establish a connection with 3499163233583403748S:fsb-jms1-dev:[7901,-1,-1,-1,-1,-1,-1]:fsb-jms1-dev:7901,fsb-jms2-dev:7901:jmsdevdomain:jmsms1, java
    .rmi.ConnectException: Destination unreachable; nested exception is:
    java.io.IOException: Empty server reply; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.io.IOException: Empty server reply; No available router to destination]
    at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:64)
    at weblogic.jndi.internal.WLContextImpl.translateException(WLContextImpl.java:470)
    at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:426)
    at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:411)
    at javax.naming.InitialContext.lookup(InitialContext.java:392)
    at weblogic.deployment.jms.ForeignOpaqueReference.getReferent(ForeignOpaqueReference.java:221)
    at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:96)
    at weblogic.jndi.internal.ServerNamingNode.resolveObject(ServerNamingNode.java:377)
    at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:856)
    at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:209)
    at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:214)
    at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:214)
    at weblogic.jndi.internal.WLEventContextImpl.lookup(WLEventContextImpl.java:254)
    at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:411)
    at javax.naming.InitialContext.lookup(InitialContext.java:392)
    at weblogic.jms.common.CDS$2.run(CDS.java:486)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.jms.common.CrossDomainSecurityManager.runAs(CrossDomainSecurityManager.java:131)
    at weblogic.jms.common.CDS.lookupDestination(CDS.java:480)
    at weblogic.jms.common.CDS.lookupDDAndCalloutListener(CDS.java:345)
    at weblogic.jms.common.CDS.access$100(CDS.java:41)
    at weblogic.jms.common.CDS$DDListenerRegistrationTimerListener.timerExpired(CDS.java:193)
    at weblogic.timers.internal.TimerImpl.run(TimerImpl.java:273)
    at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
    Caused by: java.rmi.ConnectException: Could not establish a connection with 3499163233583403748S:fsb-jms1-dev:[7901,-1,-1,-1,-1,-1,-1]:fsb-jms1-dev:7901,fsb-jms2-dev:7901:jmsdevdomain:jmsms1, java.rmi.ConnectException: Destination unreachab
    le; nested exception is:
    java.io.IOException: Empty server reply; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.io.IOException: Empty server reply; No available router to destination
    at weblogic.rjvm.RJVMImpl.getOutputStream(RJVMImpl.java:352)
    at weblogic.rjvm.RJVMImpl.getRequestStreamInternal(RJVMImpl.java:612)
    at weblogic.rjvm.RJVMImpl.getRequestStream(RJVMImpl.java:563)
    at weblogic.rjvm.RJVMImpl.getOutboundRequest(RJVMImpl.java:789)
    at weblogic.rmi.internal.BasicRemoteRef.getOutboundRequest(BasicRemoteRef.java:159)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:341)
    at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
    at weblogic.jndi.internal.ServerNamingNode_1034_WLStub.lookup(Unknown Source)
    at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:423)
    at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:412)
    at javax.naming.InitialContext.lookup(InitialContext.java:392)
    at weblogic.deployment.jms.ForeignOpaqueReference.getReferent(ForeignOpaqueReference.java:221)
    at weblogic.jndi.internal.WLNamingManager.getObjectInstance(WLNamingManager.java:96)
    at weblogic.jndi.internal.ServerNamingNode.resolveObject(ServerNamingNode.java:377)
    at weblogic.jndi.internal.BasicNamingNode.resolveObject(BasicNamingNode.java:856)
    at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:209)
    at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:214)
    at weblogic.jndi.internal.BasicNamingNode.lookup(BasicNamingNode.java:214)
    at weblogic.jndi.internal.WLEventContextImpl.lookup(WLEventContextImpl.java:254)
    at weblogic.jndi.internal.WLContextImpl.lookup(WLContextImpl.java:412)
    at javax.naming.InitialContext.lookup(InitialContext.java:392)
    at weblogic.jms.common.CDS$2.run(CDS.java:486)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.jms.common.CrossDomainSecurityManager.runAs(CrossDomainSecurityManager.java:131)
    at weblogic.jms.common.CDS.lookupDestination(CDS.java:480)
    at weblogic.jms.common.CDS.lookupDDAndCalloutListener(CDS.java:345)
    at weblogic.jms.common.CDS.access$100(CDS.java:41)
    at weblogic.jms.common.CDS$DDListenerRegistrationTimerListener.timerExpired(CDS.java:194)
    ... 4 more
    Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.io.IOException: Empty server reply; No available router to destination
    at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:470)
    at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:402)
    at weblogic.rjvm.RJVMImpl.ensureConnectionEstablished(RJVMImpl.java:306)
    at weblogic.rjvm.RJVMImpl.getOutputStream(RJVMImpl.java:350)
    at weblogic.rjvm.RJVMImpl.getRequestStreamInternal(RJVMImpl.java:613)
    ... 30 more
    >
    I've allready ensured that the managed servers of the jms cluster are reachable by issuing a connect command from WLST (although making the connection can be time consuming)
    wls:/offline> connect('weblogic','******','t3://fsb-jms1-dev:7901')
    Connecting to t3://fsb-jms1-dev:7901 with userid weblogic ...
    Successfully connected to managed Server 'jmsms1' that belongs to domain 'jmsdevdomain'.
    Warning: An insecure protocol was used to connect to the
    server. To ensure on-the-wire security, the SSL port or
    Admin port should be used instead.
    wls:/jmsdevdomain/serverConfig> disconnect()
    Disconnected from weblogic server: jmsms1
    wls:/offline> connect('weblogic','******','t3://fsb-jms2-dev:7901')
    Connecting to t3://fsb-jms2-dev:7901 with userid weblogic ...
    Successfully connected to managed Server 'jmsms2' that belongs to domain 'jmsdevdomain'.
    Warning: An insecure protocol was used to connect to the
    server. To ensure on-the-wire security, the SSL port or
    Admin port should be used instead.
    In my search for a solution I've also read that this could be caused by a bad configured DNS server. Therefore I configured my /etc/nsswitch.conf file to contain only the property files under the parameter hosts.
    Following is an extraction of my /etc/hosts file:
    10.16.85.50 fsb-jms1-dev.localdomain fsb-jms1-dev
    10.16.85.51 fsb-jms2-dev.localdomain fsb-jms2-dev
    10.16.85.52 fsb-osb1-dev.localdomain fsb-osb1-dev
    10.16.85.53 fsb-osb2-dev.localdomain fsb-osb2-dev
    Does anybody have an idea how I can further debug this problem?
    Kind Regards,
    Davy

    Maybe this is of some help: http://www.bea-weblogic.com/namenotfoundexception-when-configuring-foreign-jms-server.html

  • BAMAdapter Issue : java.rmi.ConnectException: Destination unreachable;

    Hi,
    I have installed SOA server and BAM server on same localhost but while calling BAM adapter from the BPEL process it's throwing below error.
    *<Jun 24, 2011 6:56:51 PM BST> <Error> <oracle.soa.bpel.engine.ws> <BEA-000000>*
    *<got FabricInvocationException java.rmi.ConnectException: Destination unreachable; nested exception is: java.net.ConnectException: Connection refused; No available router to destination*
    Here are my JNDI configuration :: eis/bam/rmi
    HostName     java.lang.String     localhost
    InstanceName     java.lang.String     ADCServer1
    Password     java.lang.String     *******
    PortNumber     java.lang.String     9001
    UserName     java.lang.String     weblogic
    I have also tried with the eis/bam/soap but it is giving me
    javax.xml.ws.WebServiceException: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Connection refused
    Do i need to modify any configuration file in server?
    Please suggest.
    Thanks,
    Sagar

    Hi,
    I have installed SOA server and BAM server on same localhost but while calling BAM adapter from the BPEL process it's throwing below error.
    *<Jun 24, 2011 6:56:51 PM BST> <Error> <oracle.soa.bpel.engine.ws> <BEA-000000>*
    *<got FabricInvocationException java.rmi.ConnectException: Destination unreachable; nested exception is: java.net.ConnectException: Connection refused; No available router to destination*
    Here are my JNDI configuration :: eis/bam/rmi
    HostName     java.lang.String     localhost
    InstanceName     java.lang.String     ADCServer1
    Password     java.lang.String     *******
    PortNumber     java.lang.String     9001
    UserName     java.lang.String     weblogic
    I have also tried with the eis/bam/soap but it is giving me
    javax.xml.ws.WebServiceException: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Message send failed: Connection refused
    Do i need to modify any configuration file in server?
    Please suggest.
    Thanks,
    Sagar

  • T3://127.0.0.1:7101: Destination unreachable;  -- On jDeveloper 11gR1

    I am new to weblogic, and have just installed Oracle Express, WLS, jDeveloper.
    After running through the tutorial on 'Building a Web Application with JDeveloper 11g Using EJB, JAP, and JavaServerFaces', following all steps to the letter, I am able to make the DB connections alright, start the integrated server, but once I try running the HRFacadeBean in step 18, but it errors out.
    It seems to me that the issue with recognizing the t3 protocol.
    I have checked that 127.0.0.1:7101 is up and running as I get the welcome screen when I go to it and there are no errors listed on the server console screen in jDeveloper, but I get this trace in the log:
    [EclipseLink/JPA Client] Adding Java options: -javaagent:C:\Oracle\Middleware\jdeveloper\..\modules\org.eclipse.persistence_1.0.0.0_2-0.jar
    C:\Oracle\Middleware\jdk160_18\bin\javaw.exe -client -classpath C:\Oracle\Middleware\jdeveloper\myWork\.adf;C:\Oracle\Middleware\jdeveloper\myWork\EJBModel\classes;C:\Oracle\Middleware\modules\com.oracle.toplink_1.0.0.0_11-1-1-3-0.jar;C:\Oracle\Middleware\modules\org.eclipse.persistence_1.0.0.0_2-0.jar;C:\Oracle\Middleware\modules\com.bea.core.antlr.runtime_2.7.7.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.toplink_11.1.1\javax.persistence_2.0_preview.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.xdk_11.1.0\xmlparserv2.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.xdk_11.1.0\xml.jar;C:\Oracle\Middleware\modules\javax.jsf_1.0.0.0_1-2.jar;C:\Oracle\Middleware\modules\javax.ejb_3.0.1.jar;C:\Oracle\Middleware\modules\javax.enterprise.deploy_1.2.jar;C:\Oracle\Middleware\modules\javax.interceptor_1.0.jar;C:\Oracle\Middleware\modules\javax.jms_1.1.1.jar;C:\Oracle\Middleware\modules\javax.jsp_1.1.0.0_2-1.jar;C:\Oracle\Middleware\modules\javax.jws_2.0.jar;C:\Oracle\Middleware\modules\javax.activation_1.1.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.mail_1.1.0.0_1-4-1.jar;C:\Oracle\Middleware\modules\javax.xml.soap_1.3.1.0.jar;C:\Oracle\Middleware\modules\javax.xml.rpc_1.2.1.jar;C:\Oracle\Middleware\modules\javax.xml.ws_2.1.1.jar;C:\Oracle\Middleware\modules\javax.management.j2ee_1.0.jar;C:\Oracle\Middleware\modules\javax.resource_1.5.1.jar;C:\Oracle\Middleware\modules\javax.servlet_1.0.0.0_2-5.jar;C:\Oracle\Middleware\modules\javax.transaction_1.0.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.xml.stream_1.1.1.0.jar;C:\Oracle\Middleware\modules\javax.security.jacc_1.0.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.xml.registry_1.0.0.0_1-0.jar;C:\Oracle\Middleware\modules\javax.persistence_1.0.0.0_1-0-2.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic.jar -Djavax.net.ssl.trustStore=C:\Oracle\Middleware\wlserver_10.3\server\lib\DemoTrust.jks -javaagent:C:\Oracle\Middleware\jdeveloper\..\modules\org.eclipse.persistence_1.0.0.0_2-0.jar -Dhttp.proxyHost=proxy.ulalaunch.com -Dhttp.proxyPort=80 -Dhttp.nonProxyHosts= -Dhttps.proxyHost=proxy.ulalaunch.com -Dhttps.proxyPort=80 -Dhttps.nonProxyHosts= oracle.HRFacadeClient
    javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3://127.0.0.1:7101: Destination unreachable; nested exception is:
         java.io.IOException: Empty server reply; No available router to destination]
         at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)
         at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:787)
         at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:368)
         at weblogic.jndi.Environment.getContext(Environment.java:315)
         at weblogic.jndi.Environment.getContext(Environment.java:285)
         at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
         at javax.naming.InitialContext.init(InitialContext.java:223)
         at javax.naming.InitialContext.<init>(InitialContext.java:197)
         at oracle.HRFacadeClient.getInitialContext(HRFacadeClient.java:58)
         at oracle.HRFacadeClient.main(HRFacadeClient.java:13)
    Caused by: java.net.ConnectException: t3://127.0.0.1:7101: Destination unreachable; nested exception is:
         java.io.IOException: Empty server reply; No available router to destination
         at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:216)
         at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
         at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:153)
         at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:353)
         ... 9 more
    Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
         java.io.IOException: Empty server reply; No available router to destination
         at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:464)
         at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:315)
         at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:254)
         at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:197)
         at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
         at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
         ... 12 more
    Process exited with exit code 0.

    Hi,
    I guess the problem is with below information but I do not know from where they came!? maybe in the jdeveloper you have set the proxy or maybe your localhost is not bind to 127.0.0.1 and you must use your computer name.
    Dhttp.proxyHost=proxy.ulalaunch.com -Dhttp.proxyPort=80 -Dhttp.nonProxyHosts= -Dhttps.proxyHost=proxy.ulalaunch.com -Dhttps.proxyPort=80 -Dhttps.nonProxyHosts= oracle.HRFacadeClient

  • Destination unreachable; nested exception

    Environment:
    JDeveloper 11.1.1.3.0
    Build JDEVADF_11.1.1.3.PS2_GENERIC_100408.2356.5660
    Oracle 12.1.1
    JDK 1.6
    I got this exception on the '23rd' step of this tutorial
    http://www.oracle.com/technology/obe/obe11jdev/ps1/ejb/ejb.html
    Thanks for your help.
    [EclipseLink/JPA Client] Adding Java options: -javaagent:C:\Oracle\Middleware\jdeveloper\..\modules\org.eclipse.persistence_1.0.0.0_2-0.jar
    C:\Oracle\Middleware\jdk160_18\bin\javaw.exe -client -classpath C:\JDeveloper\mywork\HR_EJB_JPA_APP\.adf;C:\JDeveloper\mywork\HR_EJB_JPA_APP\EJBModel\classes;C:\Oracle\Middleware\modules\com.oracle.toplink_1.0.0.0_11-1-1-3-0.jar;C:\Oracle\Middleware\modules\org.eclipse.persistence_1.0.0.0_2-0.jar;C:\Oracle\Middleware\modules\com.bea.core.antlr.runtime_2.7.7.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.toplink_11.1.1\javax.persistence_2.0_preview.jar;C:\Oracle\Middleware\modules\javax.jsf_1.0.0.0_1-2.jar;C:\Oracle\Middleware\modules\javax.ejb_3.0.1.jar;C:\Oracle\Middleware\modules\javax.enterprise.deploy_1.2.jar;C:\Oracle\Middleware\modules\javax.interceptor_1.0.jar;C:\Oracle\Middleware\modules\javax.jms_1.1.1.jar;C:\Oracle\Middleware\modules\javax.jsp_1.1.0.0_2-1.jar;C:\Oracle\Middleware\modules\javax.jws_2.0.jar;C:\Oracle\Middleware\modules\javax.activation_1.1.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.mail_1.1.0.0_1-4-1.jar;C:\Oracle\Middleware\modules\javax.xml.soap_1.3.1.0.jar;C:\Oracle\Middleware\modules\javax.xml.rpc_1.2.1.jar;C:\Oracle\Middleware\modules\javax.xml.ws_2.1.1.jar;C:\Oracle\Middleware\modules\javax.management.j2ee_1.0.jar;C:\Oracle\Middleware\modules\javax.resource_1.5.1.jar;C:\Oracle\Middleware\modules\javax.servlet_1.0.0.0_2-5.jar;C:\Oracle\Middleware\modules\javax.transaction_1.0.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.xml.stream_1.1.1.0.jar;C:\Oracle\Middleware\modules\javax.security.jacc_1.0.0.0_1-1.jar;C:\Oracle\Middleware\modules\javax.xml.registry_1.0.0.0_1-0.jar;C:\Oracle\Middleware\modules\javax.persistence_1.0.0.0_1-0-2.jar;C:\Oracle\Middleware\wlserver_10.3\server\lib\weblogic.jar;C:\Oracle\Middleware\wlserver_10.3\server\ext\jdbc\oracle\11g\ojdbc6.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-collation.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-lcsd.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-mapping.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-servlet.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-translation.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n-utility.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.nlsrtl_11.1.0\orai18n.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.odl_11.1.1\ojdl.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.dms_11.1.1\dms.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.idm_11.1.1\identitystore.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.model_11.1.1\adfm.jar;C:\Oracle\Middleware\oracle_common\modules\groovy-all-1.6.3.jar;C:\Oracle\Middleware\jdeveloper\adfdt\lib\adf-dt-at-rt.jar;C:\Oracle\Middleware\jdeveloper\adfdt\lib\adf-transactions-dt.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.model_11.1.1\adfdt_common.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.xdk_11.1.0\xmlparserv2.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.model_11.1.1\db-ca.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.model_11.1.1\jdev-cm.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.ldap_11.1.1\ojmisc.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\commons-el.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\jsp-el-api.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\oracle-el.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.security_11.1.1\adf-share-security.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.security_11.1.1\adf-controller-security.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\adf-share-support.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share.ca_11.1.1\adf-share-ca.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share.ca_11.1.1\adf-share-base.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.adf.share_11.1.1\adflogginghandler.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.xmlef_11.1.1\xmlef.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.bali.share_11.1.1\share.jar;C:\Oracle\Middleware\modules\com.bea.core.apache.xercesImpl_2.8.1.jar;C:\Oracle\Middleware\modules\glassfish.jaxb_1.0.0.0_2-1-9.jar;C:\Oracle\Middleware\modules\javax.xml.bind_2.1.1.jar;C:\Oracle\Middleware\oracle_common\modules\oracle.xdk_11.1.0\xml.jar -Djavax.net.ssl.trustStore=C:\Oracle\Middleware\wlserver_10.3\server\lib\DemoTrust.jks -javaagent:C:\Oracle\Middleware\jdeveloper\..\modules\org.eclipse.persistence_1.0.0.0_2-0.jar oracle.MovieFacadeClient
    javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3://127.0.0.1:7101: Destination unreachable; nested exception is:
         java.net.ConnectException: Connection refused: connect; No available router to destination]
         at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)
         at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:787)
         at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:368)
         at weblogic.jndi.Environment.getContext(Environment.java:315)
         at weblogic.jndi.Environment.getContext(Environment.java:285)
         at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
         at javax.naming.InitialContext.init(InitialContext.java:223)
         at javax.naming.InitialContext.<init>(InitialContext.java:197)
         at oracle.MovieFacadeClient.getInitialContext(MovieFacadeClient.java:49)
         at oracle.MovieFacadeClient.main(MovieFacadeClient.java:13)
    Caused by: java.net.ConnectException: t3://127.0.0.1:7101: Destination unreachable; nested exception is:
         java.net.ConnectException: Connection refused: connect; No available router to destination
         at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:216)
         at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
         at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:153)
         at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:353)
         ... 9 more
    Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
         java.net.ConnectException: Connection refused: connect; No available router to destination
         at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:464)
         at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:315)
         at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:254)
         at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:197)
         at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
         at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
         ... 12 more
    Process exited with exit code 0.
    Edited by: user13272654 on Jun 18, 2010 5:02 PM

    Basically, it can't find the server.
    Is the server running?
    configured to listen on localhost?
    try 3://127.0.0.1:7001 instead.
    Check the port the server is listening on.
    Pete

  • Destination unreachable exception ..???

    Dear Sirs/Madam,
    While restarting web logic managed servers in a clusters; we encountered below shown errors:
    "avax.naming.CommunicationException. Root exception is java.net.ConnectException: t3://myservername.com:8100: Destination unreachable; nested exception is:
         java.net.ConnectException: Connection refused; No available router to destination"
    We are running 4 managed servers in one cluster. One cluster spans 2 physical servers. Thus each box has 2 managed servers.
    The cluster is running on weblogic 7.x on hpux 11i.
    Please suggest what are the possible root cause of this exception and what are the mitigations ?
    Thanks,
    Shiv

    Basically, it can't find the server.
    Is the server running?
    configured to listen on localhost?
    try 3://127.0.0.1:7001 instead.
    Check the port the server is listening on.
    Pete

  • PXE DHCP ICMP:Destination Unreachable Message

    Hi
    I have a question regarding PXE and DHCP. Is it possible to ping a machine, which is in PXE boot with a DHCP address and able to access my SCCM server? Unfortunately i cannot ping the machine and in network traffic i see:
    12913 17:00:17 01.04.2015 759.8323064  SRV-SCCMDP-501 <00> 172.16.10.66 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:228}
    No firewall between the machines and is the same subnet.
    Thank you in Advance

    Hi Torsten
    Thank you for your reply. I'm in hardware pxe, so no firewall is active.
    Here is the network traffic:
    1525597 11:55:38 02.04.2015 68880.5266514  172.16.10.25 SRV-SCCMDP-501   TFTP TFTP: Read Request - File: SMSBoot\x64\wdsnbp.com, Transfer Mode: octet tsize: 0  {UDP:1483, IPv4:1477}
    1525598 11:55:38 02.04.2015 68880.5266948  SRV-SCCMDP-501   172.16.10.25 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:1477}
    1525701 11:55:44 02.04.2015 68886.5143787  172.16.10.25 SRV-SCCMDP-501   TFTP TFTP: Read Request - File: SMSBoot\x64\wdsnbp.com, Transfer Mode: octet tsize: 0  {UDP:1488, IPv4:1477}
    1525702 11:55:44 02.04.2015 68886.5144115  SRV-SCCMDP-501   172.16.10.25 ICMP ICMP:Destination Unreachable Message, Port Unreachable, 172.16.8.38:69 {IPv4:1477}
    I'm lost....

  • Error with SessionBeans:Destination Unreachable

    Hi all,
    I'm trying to develop a simple Session Bean using Weblogic 8.1.
    While deploying i got message as ejbc successful.
    But while running client application i got following error.
    Please anyone help to resolve this.
    Thanks,
    latha
    E:\slsb>java Client
    Exception in thread "main" javax.naming.CommunicationException [Root exception i
    s java.net.ConnectException: t3://raghu:7001: Destination unreachable; neste
    d exception is:
    java.net.SocketException: Invalid argument: connect; No available router
    to destination]
    at weblogic.jndi.internal.ExceptionTranslator.toNamingException(Exceptio
    nTranslator.java:47)
    at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLIni
    tialContextFactoryDelegate.java:636)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
    tialContextFactoryDelegate.java:306)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
    tialContextFactoryDelegate.java:239)
    at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialCont
    extFactory.java:135)
    at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
    62)
    at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243
    at javax.naming.InitialContext.init(InitialContext.java:219)
    at javax.naming.InitialContext.<init>(InitialContext.java:195)
    at Client.main(Client.java:12)
    Caused by: java.net.ConnectException: t3://localhost:7001: Destination unreachab
    le; nested exception is:
    java.net.SocketException: Invalid argument: connect; No available router
    to destination
    at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:199)
    at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:125)
    at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLIni
    tialContextFactoryDelegate.java:296)
    ... 7 more

    Please check the following:
    1. Check whether the weblogic is running on the localhost.
    2. Check the port address is right or wrong
    (I have never used weblogic so I can't tell you how to check it, if you don't know then browse the google)
    3. Change the server name to 127.0.0.1 in the client code.
    If the server is running perfectly at 127.0.0.1:7001 then there should be no problem. So check this constraints first.
    Note: I have used Websphere there are lots of ports, the one I need for lookup in websphere is the BOOTSTRAP_ADDRESS. There are many other ports also. In websphere one can create multiple profile and for that profil;e this prot address varies from 2809,2810... etc.. I don't know whether in weblogic it is called as BOOTSTRAP_ADDRESS or not. But you have ensure that the particular port for weblogic (to perform lookup) is 7001 in your m/c. Please search through google for getting information on how to know the port in weblogic.

  • ICMPv6 Destination Unreachable (no route to the destination)

    I deployed an IPv6 multicast using EIGRP for IPv6, hosts within the network can ping each other and multicast address (FF08::6678 and FF0E::6678); routers can see all routes in the network. However, when video is streamed from server by VLC, client cannot see the SAP announcement. Packets have been captured by Wireshark, there is an error message of ICMPv6 Destination Unreachable (no route to the destination) with the source address of the server and destination address of the client. The cable, EIGRPv6, ping command have been checked. I cannot find the fault why there is such a problem. 
    Could you please give me advice on the issue.

    Try opening the file /etc/ssh_config from the terminal (you will need to use sudo) with the editor of your choice... eg:
    sudo emacs /etc/ssh_config
    Add the following lines to the end:
    AddressFamily inet
    BindAddress x.x.x.x
    where x.x.x.x is the IP address of your computer behind your router (I use static IPs for consistent results).
    Save and see if you don't have better luck with ssh.

  • Raw Socket always drop packets and return Destination Unreachable

    Ho folks,
    I have an application program that opens a raw socket to expect for UDP message incoming from the network.
    However everytime I receive a package the Solaris 10 OS return a ICMP - Destination (port) unreachable, and no message
    is send to my application.
    I did test the same application in linux and it worked well, all that I have to do was disable ICMP responses using iptables.
    Just to make things clear:
    In linux the OS was sending the ICMP - Destionation (port) unreachable, however my program was
    receiving the packets anyway. So just to stop those messages I did use the iptables. However, in
    Solaris 10 the ICMP response is sending back and no message is forward to my application.
    Would your guys help me to solve that?
    Thanks in advance

    Folks, here I go again...:-)
    I have been spent some time, trying to figure out why it is not work. I read in books and internet, that BSD raw sockets DO NOT allow us to receive TCP/UDP packages. However the linux implementation DOES allow. That is because it work in linux but not in solaris.
    Given that, such information is 100% true (book: Unix NetworkProgramming, 3rd edition), I would like to ask your guys what I can do to solve my problem.
    Basically what I need is create an application that:
    1) Allows to bind thousand of sockets at the same time (it is a media server that handles thousand of RTP connections)
    This I believe I can do using socket multiplexing (e.g. select() )
    2) Read not only the packet data, I need to retrieve the whole packet address (including IP, UDP, Upper Layers...)
    When using SOCK_DGRAM with IPPROTO_UDP, I can get the messages but I can't get the IP header
    3) Uses something like raw socket to send messages, here I believe I can use raw socket with no problem, is just sending messages
    Thanks and Regards

  • Udp client: destination port unreachable question

    Hello,
    I used "trivial" UDPClient / Server example to send datagrams from one local interface (eth1) on my Linux box to Datagram server on yhe host not included into local routing table and I tried to capture outgoing udp traffic on interface eth1. I've got IOException
    "ICMP: destination unreachable" and I only could capture outgoing
    packets on loopback interface ( with Ethereal). Can someone help to
    resolve my confusion: I thought UDP is "connectionless", e.g. will be
    sent regardless. What does ICMP have to do with it and why does this
    traffic appear on loopback interface?
    Thank you,

    If you are using a specific destination it still has to route.

  • Problems accessing 1 remote desktop when connected with VPN

    Hi everyone,
    I have an ASA 5505 and have a problem where when I connect through VPN I can RDP into a server using its internal address but I cannot RDP to another server using its internal address.
    The one I can connect to has an IP of 192.168.2.10 and the one I cannot connect to has an IP of 192.168.2.11 on port 3390.
    Both rules are configured exactly the same except for the IP addresses and I cannot see why I cannot connect to this one server.
    I am also able to connect to my camera system with an IP 192.168.2.25 on port 37777 and able to ping any other device on the internal network.
    I've also tried pinging it and telneting to port 3390 with no success.
    Here is the config.
    ASA Version 8.4(4)1
    interface Ethernet0/0
    switchport access vlan 3
    interface Ethernet0/1
    interface Ethernet0/2
    switchport access vlan 2
    interface Ethernet0/3
    interface Ethernet0/4
    interface Ethernet0/5
    interface Ethernet0/6
    interface Ethernet0/7
    interface Vlan2
    nameif inside
    security-level 100
    ip address 192.168.2.2 255.255.255.0
    interface Vlan3
    nameif outside
    security-level 0
    ip address 10.1.1.1 255.255.255.0
    ftp mode passive
    clock timezone EST -5
    clock summer-time EDT recurring
    object network obj_any
    subnet 0.0.0.0 0.0.0.0
    object network CTSG-LAN-OUT
    range 10.1.1.10 10.1.1.49
    object network CTSG-LAN-IN
    subnet 192.168.2.0 255.255.255.0
    object service RDP3389
    service tcp destination eq 3389
    description To DC
    object network SERVER-IN
    host 192.168.2.10
    object network SERVER-OUT
    host 10.1.1.50
    object network CAMERA-IN-TCP
    host 192.168.2.25
    object network CAMERA-OUT
    host 10.1.1.51
    object service CAMERA-TCP
    service tcp destination eq 37777
    object network SERVER-Virt-IN
    host 192.168.2.11
    object network SERVER-Virt-OUT
    host 10.1.1.52
    object service RDP3390
    service tcp destination eq 3390
    description To VS for Master
    object network CAMERA-IN-UDP
    host 192.168.2.25
    object service CAMERA-UDP
    service udp destination eq 37778
    object network CTSG-LAN-OUT-VPN
    subnet 10.1.1.128 255.255.255.128
    object network SERVER-Virt-IN-VPN
    host 192.168.2.11
    object network SERVER-IN-VPN
    host 192.168.2.10
    object network CAMERA-IN-VPN
    host 192.168.2.25
    object-group protocol TCPUDP
    protocol-object udp
    protocol-object tcp
    access-list AnyConnect_Client_Local_Print extended deny ip any any
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq lpd
    access-list AnyConnect_Client_Local_Print remark IPP: Internet Printing Protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 631
    access-list AnyConnect_Client_Local_Print remark Windows' printing port
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 9100
    access-list AnyConnect_Client_Local_Print remark mDNS: multicast DNS protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.251 eq 5353
    access-list AnyConnect_Client_Local_Print remark LLMNR: Link Local Multicast Name Resolution protocol
    access-list AnyConnect_Client_Local_Print extended permit udp any host 224.0.0.252 eq 5355
    access-list AnyConnect_Client_Local_Print remark TCP/NetBIOS protocol
    access-list AnyConnect_Client_Local_Print extended permit tcp any any eq 137
    access-list AnyConnect_Client_Local_Print extended permit udp any any eq netbios-ns
    access-list inside1_access_in remark Implicit rule: Permit all traffic to less secure networks
    access-list inside1_access_in extended permit ip any any
    access-list outside_access_in extended permit object RDP3389 any host 192.168.2.10
    access-list outside_access_in extended permit object RDP3390 any host 192.168.2.11
    access-list outside_access_in extended permit object CAMERA-TCP any host 192.168.2.25
    access-list outside_access_in extended permit object CAMERA-UDP any host 192.168.2.25
    pager lines 24
    logging enable
    logging buffer-size 10240
    logging asdm informational
    mtu inside 1500
    mtu outside 1500
    ip local pool RAVPN 10.1.1.129-10.1.1.254 mask 255.255.255.128
    no failover
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    nat (inside,outside) source static SERVER-IN-VPN SERVER-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
    nat (inside,outside) source static CAMERA-IN-VPN CAMERA-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
    nat (inside,outside) source static SERVER-Virt-IN-VPN SERVER-Virt-IN-VPN destination static CTSG-LAN-OUT-VPN CTSG-LAN-OUT-VPN
    object network CTSG-LAN-IN
    nat (inside,outside) dynamic interface
    object network SERVER-IN
    nat (inside,outside) static SERVER-OUT service tcp 3389 3389
    object network CAMERA-IN-TCP
    nat (inside,outside) static CAMERA-OUT service tcp 37777 37777
    object network SERVER-Virt-IN
    nat (inside,outside) static SERVER-Virt-OUT service tcp 3390 3390
    access-group inside1_access_in in interface inside
    access-group outside_access_in in interface outside
    route outside 0.0.0.0 0.0.0.0 10.1.1.2 1
    timeout xlate 3:00:00
    timeout pat-xlate 0:00:30
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    timeout floating-conn 0:00:00
    dynamic-access-policy-record DfltAccessPolicy
    user-identity default-domain LOCAL
    http server enable
    http 192.168.2.0 255.255.255.0 inside
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
    crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
    crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
    crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs group1
    crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP
    -DES-SHA ESP-DES-MD5
    crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
    crypto map outside_map interface outside
    crypto ca trustpoint ASDM_TrustPoint0
    enrollment terminal
    subject-name CN=SACTSGRO
    crl configure
    crypto ikev1 enable outside
    crypto ikev1 policy 10
    authentication crack
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 20
    authentication rsa-sig
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 30
    authentication pre-share
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 40
    authentication crack
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 50
    authentication rsa-sig
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 60
    authentication pre-share
    encryption aes-192
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 70
    authentication crack
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 80
    authentication rsa-sig
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 90
    authentication pre-share
    encryption aes
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 100
    authentication crack
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 110
    authentication rsa-sig
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 120
    authentication pre-share
    encryption 3des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 130
    authentication crack
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 140
    authentication rsa-sig
    encryption des
    hash sha
    group 2
    lifetime 86400
    crypto ikev1 policy 150
    authentication pre-share
    encryption des
    hash sha
    group 2
    lifetime 86400
    telnet 192.168.2.0 255.255.255.0 inside
    telnet timeout 15
    ssh 192.168.2.0 255.255.255.0 inside
    ssh timeout 5
    ssh version 2
    ssh key-exchange group dh-group1-sha1
    console timeout 15
    dhcpd auto_config inside
    threat-detection basic-threat
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    webvpn
    username admin password xxxxx encrypted privilege 15
    username admin attributes
    vpn-group-policy DfltGrpPolicy
    tunnel-group CTSGRA type remote-access
    tunnel-group CTSGRA general-attributes
    address-pool RAVPN
    tunnel-group CTSGRA ipsec-attributes
    ikev1 pre-shared-key *****
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
      inspect icmp
    service-policy global_policy global
    prompt hostname context
    no call-home reporting anonymous
    Cryptochecksum:0140431e7642742a856e91246356e6a2
    : end
    Thanks for your help

    Ok,
    So you basically have configured the router so that you can connect directly to the ASA using the Cisco VPN Client. And also the objective was to in the end only allow traffic to the LAN through the VPN Client connection ONLY.
    It would seem to me to achieve that, you would only need the following NAT configurations
    VPN Client NAT0 / NAT Exempt / Identity NAT
    object network LAN
    subnet 192.168.2.0 255.255.255.0
    object network VPN-POOL
    subnet 10.1.1.128 255.255.255.128
    nat (inside,outside) source static LAN LAN destination static VPN-POOL VPN-POOL
    The purpose of the above NAT configuration is simply to tell the ASA that dont do any kind of NAT when there is traffic between the LAN network of 192.168.2.0/24 and the VPN Pool of 10.1.1.128/25. This way if you have any additional hosts on the LAN that need to be connected to, you wont have to make any form of changes to the NAT configurations for the VPN client users. You just allow the connections in the ACL (explained later below)
    Default PAT
    object-group network DEFAULT-PAT-SOURCE
    network-object 192.168.2.0 255.255.255.0
    nat (inside,outside) after-auto source dynamic DEFAULT-PAT-SOURCE interface
    This configurations purpose is just to replace the earlier Dynamic PAT rule on the ASA. I guess your router will be doing the translation from the ASA "outside" interface IP address to the routers public IP address and this configuration should therefore allow normal Internet usage from the LAN.
    I would suggest removing all the other NAT configuration before adding these.
    Controlling VPN clients access to internal resources
    Also I assume that your current VPN client is configured as Full Tunnel. In other words it will tunnel all traffic to the the VPN connection while its active?
    To control the traffic coming from the VPN Client users I would suggest that you do the following
    Configure "no sysopt connection permit-vpn" This will change the ASA operation so that connections coming through a VPN connections ARE NOT allowed by default to bypass the "outside" interface ACL. Therefore after this change you can allow the connections you need in the "outside" interface ACL.
    Configure any rules you need regarding the VPN client connections to the "outside" interface ACL. Though I guess they already exist since you are connecting there without the VPN also
    I cant guarantee this with 100% certainty but it would seem to me that the above things should get you to the point where you can access the internal resources ONLY after when you have connected to the ASA through the VPN client connection. Naturally take precautions like configuration backups if you are going to do major configuration changes. Also if you are remotely managing the ASA then you also have the option to configure a timer on the ASA after which it will automatically reload. This could help in situations where a missconfiguration breaks you management connection and you have no other way to connect remotely. Then the ASA would simply reboot after the timer ran out and also reboot with the original configuration (provided you hadnt saved anything in between)
    Why are you using a different port for the other devices RDP connection? I can understand it if its used through the Internet but if the RDP connection would be used through the VPN Client only then I dont think there is no need to manipulate the default port of 3389 on the server or on the ASA.
    Also naturally if there is something on the actual server side preventing these connections then these configuration changes might not help at all.
    Let me know if I have understood something wrong
    - Jouni

  • VPN 3002 Statistics Showing errors

    Overview: Several times a day connectivity is dropped between remote office and home office. 3002 Statistics show the following errors:
    In IP Statistics:
    Outbound Packets with No Route 11816
    Fragmentation Failure 2020
    ICMP Statistics:
    Destination Unreachable rx 1 tx 11825
    SMMP Statistics:
    Bad Community String 1
    ***Private speed from VPN3002 to Switch is 100mb Full.....Public Speed is 10mb half. The Public Side is set to auto detect due to router configuration.
    Any ideas?

    As I see Fragmentation Failure 2020 this seems to be an issue with fragmentation. Try increasing the MTU size. To generally largest MTU size on a path use ping -f -l . http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3002/4_0/referenc/interfa.htm#1002870

  • ASA IPsec Remote Access VPN | NAT Question

    We have a situation where a company that needs remote VPN access to our network is having an IP conflict with our subnet.  I know this is a common issue and can often be resolved on the client side by changing the metirc on the network interface, but I am looking for a better solution on our end so I do not have to suggest workarounds.
    Part of the problem is likely that our subnet is "too big", but I'm not going to be changing that now.
    We are using 10.0.0.0/24 and the remote is using 10.0.11.0/24 and 10.1.0.0./16
    I played around with some NAT rules and feel that I am missing something  I am looking for suggestions, please.
    Thank you.

    Hi,
    This depends on your ASA firewalls software version and partly on its current NAT configurations.
    I presume the following
    Interfaces "inside" and "outside"
    VPN Pool network of 10.10.100.0/24 (or some 192/172 network)
    Software 8.2 and below
    access-list VPN-POLICYNAT remark Static Policy NAT for VPN Client
    access-list VPN-POLICYNAT permit ip 10.0.0.0 255.255.255.0 10.10.100.0 255.255.255.0
    static (inside,outside) 192.168.10.0 access-list VPN-POLICYNAT
    Key things to keep in mind with this software level is that if any of our internal hosts on the network 10.0.0.0/24 also have a "static" configuration that binds their local IP address to a public IP address then you might have to insert the above configuration and then remove the original "static" command and enter it back again.
    This will change the order or the "static" commands so that the original "static" command wont override this new configuration as they are processed in order they are inserted to the configuration. The remove/add part is just to change their order in the configuration
    Software 8.3 and above
    object network LAN
    subnet 10.0.0.0 255.255.255.0
    object network LAN-VPN
    subnet 192.168.10.0 255.255.255.0
    object-group network VPN-POOL
    subnet 10.10.100.0 255.255.255.0
    nat (inside,outside) 1 source static LAN LAN-VPN destination static VPN-POOL VPN-POOL
    In the above configuration we do the same as in the older software versions configuration but we have the number "1" in the "nat" configuration which places it at the very top of your NAT configurations and therefore it applies. No need to remove any existing configuration and enter them again like in the old software
    In addition to the above NAT configuration you naturally have to make sure that the traffic to the NATed LAN network goes to the VPN. So if using Split Tunnel the NAT network needs to be added to the VPN ACL. If using Full Tunnel then naturally everything should already be coming through the VPN. I imagine though that you are using Split Tunnel, or?
    Hope this helps
    Please do remember to mark a reply as the correct answer if it answered your question.
    Feel free to ask more if needed
    - Jouni

  • JMSAn error occurred while forwarding a message for distributed destination

    Hi,
    i have getting issue with JMS Server delivery fail, below is the errors
    ####<Aug 24, 2012 2:03:54 PM CDT> <Warning> <JMS> < <[ACTIVE] ExecuteThread: '20' for queue: 'weblogic.kernel.Default
    (self-tuning)'> <<WLS Kernel>> <BEA1-0979336B7FF44582D27D> <> <1345835034568> <BEA-040498> <An error occurred while forwarding a message for distribute
    d destination member SystemModule-0!d4a JMS Server@D Distributed Topic: weblogic.messaging.dispatcher.DispatcherException: java.rmi.RemoteExcepti
    on: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:d:d4a, java.rmi.ConnectException: Destina
    tion unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:d:d4a, jav
    a.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination
    weblogic.messaging.dispatcher.DispatcherException: java.rmi.RemoteException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[
    8011,8011,-1,-1,-1,-1,-1]:d:d4a, java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:d:d4a, jav
    a.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination
    at weblogic.messaging.dispatcher.DispatcherWrapperState.dispatchAsync(DispatcherWrapperState.java:155)
    at weblogic.jms.dispatcher.DispatcherAdapter.dispatchAsync(DispatcherAdapter.java:84)
    at weblogic.jms.backend.BEForwardingConsumer$1.run(BEForwardingConsumer.java:492)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.jms.backend.BEForwardingConsumer.processMessages(BEForwardingConsumer.java:488)
    at weblogic.jms.backend.BEForwardingConsumer.pushMessages(BEForwardingConsumer.java:300)
    at weblogic.messaging.util.DeliveryList.run(DeliveryList.java:256)
    at weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run(ServerWorkManagerImpl.java:518)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
    java.rmi.RemoteException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:d:d4a, java.rmi.Con
    nectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, jav
    a.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    ####<Aug 24, 2012 2:03:54 PM CDT> <Warning> <JMS> <dal604se113com> <a> <[ACTIVE] ExecuteThread: '20' for queue: 'weblogic.kernel.Default
    (self-tuning)'> <<WLS Kernel>> <BEA1-0979336B7FF44582D27D> <> <1345835034568> <BEA-040498> <An error occurred while forwarding a message for distribute
    d destination member SystemModule-0!d4a JMS Server@D Distributed Topic: weblogic.messaging.dispatcher.DispatcherException: java.rmi.RemoteExcepti
    on: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, java.rmi.ConnectException: Destina
    tion unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:dsa, jav
    a.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination
    weblogic.messaging.dispatcher.DispatcherException: java.rmi.RemoteException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[
    8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, jav
    a.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination
    at weblogic.messaging.dispatcher.DispatcherWrapperState.dispatchAsync(DispatcherWrapperState.java:155)
    at weblogic.jms.dispatcher.DispatcherAdapter.dispatchAsync(DispatcherAdapter.java:84)
    at weblogic.jms.backend.BEForwardingConsumer$1.run(BEForwardingConsumer.java:492)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
    at weblogic.jms.backend.BEForwardingConsumer.processMessages(BEForwardingConsumer.java:488)
    at weblogic.jms.backend.BEForwardingConsumer.pushMessages(BEForwardingConsumer.java:300)
    at weblogic.messaging.util.DeliveryList.run(DeliveryList.java:256)
    at weblogic.work.ServerWorkManagerImpl$WorkAdapterImpl.run(ServerWorkManagerImpl.java:518)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
    java.rmi.RemoteException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, java.rmi.Con
    nectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Could not establish a connection with -2037322150112737172S:10.110.7.114:[8011,8011,-1,-1,-1,-1,-1]:ds:ds4a, jav
    a.rmi.ConnectException: Destination unreachable; nested exception is:
    java.net.SocketException: Connection reset; No available router to destination; nested exception is:
    java.rmi.ConnectException: Destination unreachable; nested exception is:
    Edited by: Ikhan on Aug 29, 2012 4:00 AM
    Edited by: Ikhan on Aug 29, 2012 4:01 AM

    The distributed topic forwarders replicate messages to every member of a "replicated distributed topic". They will report errors if intra-cluster communication is interrupted or if servers in the cluster shut down. I recommend checking your server logs to see if other errors/warnings exist, and, if you suspect an intra-cluster communication problem, consulting the cluster troubleshooting guide(s) in the edoc.
    Most newer apps (apps hosted on versions 10.3.4 or higher) should consider using the new "partitioned distributed topics" instead of "replicated distributed topics". These don't use forwarders and scale better.
    HTH,
    Tom

Maybe you are looking for

  • My Apple bluetooth keyboard no longer connects to my Macbook Pro

    My wireless keyboard no longer connects to my Macbook using Bluetooth. I've put in fresh batteries, checked the on/off switch, and attempted to connected using system dialog. Also tried turning Bluetooth off and on. Nothing works. Wireless trackpad w

  • Differences between Oracle and Oracle Rdb.

    My background is mainly VMS, and so I have grown up (since 1984) with DEC Rdb (now Oracle Rdb). I am starting to get into Oracle, and therefore, starting to learn the subtle differences. With this in mind could someone educate me as to the default tr

  • InDesign CS5.5 Export to PDF fails how to fix?

    Using InDesign CS5 to creat a portfolio, all layed out and ready to print but when I export to PDF it takes a long time and then fails. What am I doing wrong?

  • Multicast issue with Win XP

              I am wondering if anyone else has encountered Multicast problems with Windows XP.           I think I am, and believe these issues are preventing the servers in my clusters           from syncing their JNDI tree bindings.           I notice

  • How to create a Sequence;

    Hi All, I have a master block and child block; I need to create sequence number in child block like 1 2 3 4 Line # 1....date1.....12...... 2....date2.....xxx.... 3....xxx........xxx.... 4.......... When i create new customer and its detail it should