What exactly is in the LR catalog?
I can think of image location references as well as references to the corresponding preview files and Lightroom proprietary image metadata are held in the catalog, but I doubt that develop settings are there because either xml files directly alongside the images are used for that or development settings are stored in the dng files themselves. And for presets etc. Lightroom uses files in the filesystem. So what exactly is in the catalog?
Andreas
dj_paige wrote:
Everything you do to your photos in Lightroom is in the catalog.
Furthermore, there are some organisational matters that the Catalog holds, which are wider in scope than any image taken in isolation. Most critically, the Catalog discriminates which image files you have chosen to import, and which you have not imported (or have since deliberately removed).
Each Catalog has some workflow settings of its own - so one Catalog may be set to write XMP out to the files automatically, and another not to do so. Of course, the Catalog conveniently stores the last view and workspace that you had for your library, including any filtering, stacking or custom ordering of the images.
Each catalog holds a list of keywords (regardless whether these have been used or not) each with nesting, synonym and other properties.
Each Catalog provides Collections, Smart Collections, Print Collections etc which have no existence outside that Catalog.
Each Catalog can maintain Publish setups, collections, smart folders, and ongoing change-tracking relationships with external image copies either locally or online.
The same for remembered print settings of each image, page setups, softproofing settings etc
The same for Virtual Copies along with all their text and develop metadata - these are treated within the Catalog (only), as fully functional images in their own right. But if you go to the folder on disk, there is nothing to see of these whatever.
Some people put quite a lot of effort into settings which are in fact available outside LR and its Catalog, because they are "shared" with ACR. This includes processing defaults, lens and camera calibration profiles. Also some LR settings saved via a given Catalog, are centrally stored by default, so available to other LR Catalogs: chiefly develop presets, import or export presets, and the like.
Edit: I forgot one of the most important: a History of the steps carried out, giving access to all the different states that the image has passed through.
Similar Messages
-
What exact time is the ipad mini preorder begin?
What exact time is the ipad mini preorder begin? Been waiting here and really want to know when it releases.....
It will be interesting to see how we'll it sells considering its premium price and size. If it sells well then Apple marketing did their homework.
-
What exactly makes up the 4gb limit in XE
In regard to the Oracle 4GB limit, what exactly is this limit?
Is this the total size of the datafiles of the user defined tablespaces (excluding SYSTEM and UNDO) so if, for example, we have a 2.8Gb datafile, can we only add another 1.2Gb datafile.
or is it the total size of extents/segments in the user defined tablespace i.e. if we have a 2.8Gb datafile but the database data comes to only 1.7Gb, can we add another tablespace with a new 2.8Gb datafile to allow for another 1.7Gb schema.
Any clarification would be appreciated.Why not use the Search function of this forum? Just pick the 2nd Re: 10g Xe 4Gb data size limit which should answer your question.
C. -
When I try and create a new folder on an external hard drive or copy files I get this: The operation can’t be completed because an unexpected error occurred (error code -50)
WHY? What does this mean?Linc. Only one hard drive displays this -50 problem. It is plugged directly into the computer but even though the answer i got (the link) only referenced iTunes, I DID unplug the hard drive and REplug into another port ON THE COMPUTER and even though it still is sllow to open when i click on it, the other problem seems fixed. Does all this mean the hard drive or (new) enclosure is faulty? In your opinion?
-
What exactly is in the in-app purchase in the new Garageband?
I've found that the lessons in the old version of Garageband are the same as the new one. If you have the old verison and donwload the lessons from it, you also have the lessons for the new version without paying extra. Likewise, it seems, with many of the extra instruments, loops, and sounds.
My question is: Other than the extra drummers, which are new features, what do you get in the new Garageband in-app purchase that wasn't in the old Garageband? Are there new instruments, loops, and sounds?
Thanks
Bob
Note: I did post this question in a reply in this thread https://discussions.apple.com/message/23553002#23553002 but thought it deserved a opic of its own.I think I can answer my own question. There are a fair number of instruments that are available. I also found that all of the older Garageband instruments are available. At the bottom of the instruments list is a Legacy category. So whether you need all the new ones if you already have the old ones is up to you. I expect that it's the same for the extra loops.
Bob -
So what exactly happened to the X131e on the UK site?
Seems that it has disappeared completely...
Does this mean the device isn't available anymore? What about the warranty?
Owner of: ThinkPad SL510, X131e, X230 (not fond of)
Other systems: MSI GT640, Sony Vaio PCG 709K, Dell Latitude D430,Hi again, GLaDOSPulse
I'm not sure why the laptop is no longer available on the site. It could be because Lenovo is discontinuing it, but it could be several other things also. Your warranty will be fine even if this is the case.
Hope it helps,
Adam
Did someone help you today? Press the star on the left to thank them with a Kudo!
If you find a post helpful and it answers your question, please mark it as an "Accepted Solution!" This will help the rest of the community with similar issues identify the verified solution and benefit from it. -
What exactly became of the "bad patches"
Some months ago the http://www.sun.com/forte/developer/hotnews.html page advertising that some BAD patches existed without going into too much detail about them. I experienced an application breaking in DBTools.h++ after applying some recommended patches for Sun Workshop 5 and therefore rolled them back. I even stepped through the debugger and saw erroneous assignements to a template class' constructor arguments.
My revisions before patching were: 107295-01, 107311-09, 107354-01, 107355-04, 107357-07
The changed revisions after patching were 02, 11, 02, 06, 09 respectively. These are still the recommended patches and I have tried patching a completely unpatched machine at a different site also using DBTools.h++ and seeing it break again.
Questions are:
Can I obtain the older revision levels of the patches ?
Can someone shed some light on what approach to take to this ?
ThanksHi Chris,
Have a look at: [http://www.youtube.com/watch?v=_koLdJqpUFo] The quality is not very good, but perhaps this will give you an idea of what's going to be available in Apex 4
Andy -
Only boots into safe mode (What exactly is left out in safe mode?)
my PBG4 hangs on a blank blue screen when i boot it, this happens on fresh (HD wiped) installs of both Tiger and Leopard. It boots fine from a dvd and while in safe mode.
i want to try to track down what exactly is causing the hang, i guess it is a hardware problem that only presents itself when all the stock drivers from apple are installed. is there a list somewhere of what is left out of a safe mode boot?Hi slee!
"...this happens on fresh (HD wiped) installs of both Tiger and Leopard."
Do you mean that, you did an Erase & Install of Tiger 10.4.x, and the PowerBook G4, won't successfully startup, and the same, if you do an Erase & Install of Leopard 10.5.x?
Have you successfully installed either of those versions on the PB G4 before?
Are you using a Full Retail Version, of the Tiger Install DVD, and a Full Retail Version Of Leopard.
Or are you using a Model Specific DVD, from another model of Mac?
If this is the type of disc, then that may explain the unsuccessful installation.
The discs should look exactly like the images in the above links, and not say Upgrade, CPU Drop-in DVD, or "This software is part of a hardware bundle purchase - not to be sold seperately." on them.
ali b -
What exactly it means SET PF-STATUS SPACE
Hi Eerts,
What exactly it means, the following statement. Pls give me clear idea on this.
SET PF-STATUS SPACE
Thanks
Sanjanacheck this thread
https://forums.sdn.sap.com/click.jspa?searchID=-1&messageID=2218087
(the last answer in that thread by Viday Chowdry)
Raja -
How to specify in what coding to send the letter?
How in SOAP protocol to specify in what coding to send the letter?
It is necessary for me to send letters outside in coding UTF-8
SergThank your
The accurate and clear answer!
I will wait FTF or gw8.0.3.
Serg
Originally Posted by Preston Stephenson
Sorry, I'm not sure what the question is.
I can see that you are using 8.0.2 HP3 (build 96933).
You will need a later version than that.
Either an FTF file or wait for 8.0.3.
You will need a build of the agents greater or
equal to 97527.
There is no work around. (You can not get around
the problem until you get a build later than
8.0.2 HP3.)
Preston
>>> On Tuesday, December 20, 2011 at 4:26 AM,
skoltogyan<[email protected]> wrote:
> Thank your for answer.
> Now we try to send letters from the program written by us.
> We try to send letters on SOAP protocol through POA.
> Letters it is sent exterior (example ‑ to the [email protected]) to
> users.
>
> At sending from the program the text of the letter and a letter body is
> sent п UTF‑8.
> Of it were convinced with the help tcpdump.
> tcpdump servers with POA applied directly on eth0.
> Look:
> 1) from WS ‑> Server
> #o]E* @_G~PPOST /soap HTTP/1.1
> User‑Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
> Protocol 2.0.50727.5448)
> Content‑Type: text/xml; charset=utf‑8
> SOAPAction: "sendItemRequest"
> Host: 172.16.16.230:7191
> Content‑Length: 879
> Expect: 100‑continue
>
> 2) Answers from Server to WS:
> ================================
> ]#oE_@@`Pnz`HTTP/1.1 200
> Date: Fri, 16 Dec 2011 11:39:27 GMT
> Server: Linux GroupWise POA 8.0.2
> Content‑Type: text/xml; charset=utf‑8
> Content‑Length: 715
> =============================
> ]#oE_@@^bPn|Pragma: no‑cache
>
> <?xml version="1.0" encoding="UTF‑8"?><soap:Envelope
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema‑instance"
>
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Body><loginResp
> onse
> xmlns:gwt="http://schemas.novell.com/2005/01/GroupWise/types"
>
xmlns="http://schemas.novell.com/2005/01/GroupWise/methods"><session>J3fTBX
> KWBLSiAud8</session><userinfo><gwt:name>Ami
>
Common</gwt:name><gwt:email>[email protected]</gwt:email><gwt:uuid>BC486580‑06D2
0000‑9A57‑
> 6D006200E000</gwt:uuid></userinfo><gwVersion>8.0.2
>
</gwVersion><build>96933</build><serverUTCTime>2011‑12‑16T09:39:27Z</ser
verUTCTime><s
>
tatus><gwt:code>0</gwt:code></status></loginResponse></soap:Body></soap:Enve
lope>
> ===============================
>
> 3) from WS to Server
> ===============================================
> #o]E* @_G~PPOST /soap HTTP/1.1
> User‑Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client
> Protocol 2.0.50727.5448)
> Content‑Type: text/xml; charset=utf‑8
> SOAPAction: "sendItemRequest"
> Host: 172.16.16.230:7191
> Content‑Length: 879
> Expect: 100‑continue
> ==============================
> #o]E @\~P<?xml version="1.0" encoding="utf‑8"?><soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema‑instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"><soap:Header><session
> xmlns="http://schemas.novell.com/2005/01/GroupWise/types">J3fTBXKWBLSiAud
> 8</session></soap:Header><soap:Body><sendItemRequest
> xmlns="http://schemas.novell.com/2005/01/GroupWise/methods"><item
> xmlns:q1="http://schemas.novell.com/2005/01/GroupWise/types"
>
xsi:type="q1:Mail"><q1:delivered>0001‑01‑01T00 :00:00</q1:delivered><q1:s
ubject></q
>
1:subject><q1:distribution><q1:recipients><q1:reci pient><q1:email>skoltogyan
@gmail
>
..com</q1:email></q1:recipient></q1:recipients></q1:distribution><q1:message>
<q1:part
>
length="39">0KjQsNC/0LrQsCEKCtCi0LXRgdGCLgoK0J/QvtC00L/QuNGB0Ywu</q1:part></
> q1:message></item></sendItemRequest></soap:Body></soap:Envelope>
> ===========================================
>
> 4) Answer from Server to WS
> ]#oE_@@`~P%z`HTTP/1.1 200
> Date: Fri, 16 Dec 2011 11:39:27 GMT
> Server: Linux GroupWise POA 8.0.2
> Content‑Type: text/xml; charset=utf‑8
> Content‑Length: 458
>
>
> At a workstation (WS) ‑ the program written by us works.
> This program on SOAP protocol through POA transfers letters outside the
> GroupWIse.
> Which data is transferred thus on SOAP protocol has shown above.
>
> In what a question (problem) what exactly is impossible:
> The letter from station on SOAP protocol is normally transferred in
> POA. Further through GWIA it is normally delivered to the receiver(
> skoltogyan @ gmail ).
> However to the receiver (the exterior receiver) the letter comes in the
> coding(with header):
> ..
> Subject: =?ISO‑8859‑5?B?wtXh4g==?=
> Mime‑Version: 1.0
> Content‑Type: text/plain; charset=ISO‑8859‑5
> Content‑Transfer‑Encoding: base64
> Content‑Disposition: inline
> ...
> (this is from my foriegn groupwise mailbox in the gmail)
>
> That is necessary: that such letter came in the coding (with Header):
> ...
> To: <[email protected]>
> Subject: =?UTF‑8?B?0YLQtdGB0YI=?=
> Mime‑Version: 1.0
> Content‑Type: text/plain; charset=UTF‑8
> Content‑Transfer‑Encoding: 8bit
> Content‑Disposition: inline
>
> That it is necessary to add in request on SOAP. What the letter,
> leaving in the Internet through gwia went in such type ?
>
> Serg -
When backing up the Photoshop Elements 11 catalog, what exactly gets saved?
When backing up the catalog, what exactly gets saved?
Message title was edited by: Brett NThanks,
that makes it perfectly clear now and I can plan my storage for photo's and the edited versions.
Rolf.
Date: Mon, 1 Jul 2013 09:04:54 -0700
From: [email protected]
To: [email protected]
Subject: Photoshop Elements 11
Re: Photoshop Elements 11
created by MichelBParis in Photoshop Elements - View the full discussion -
What is the exact name of the cable I need to connect my old hard drive from my macbook pro, which has been removed from the computer, to my new macbook pro? I need to transfere files from the old hard drive to the new computer.
No eSATA to USB. Just a SATA/IDE to USB adapter. Google SATA/IDE to USB adapter and you will get tons of links to buy them. Most likely your local computer electronics store has them, although they might be more expensive buying locally than online.
I have several. You can get either USB 2, which what I recommend, or USB 3. USB is backward compatible so a USB 3 adapter will work on a USB 2 port and a USB 2 adapter will work on a USB 3 port. Backward compatible in both directions.
I suggest a USB 2 type because there have been some problems with certain USB 3 devices, the USB 3 interface used isn't all that good in those certain devices. USB 3 is still fairly new where as USB 2 has been around for over 10 years.
synghem wrote:
Thank you LowLuster,
At the apple store they said I needed an esata to usb wire. But looking at wires on line has been confusing. Is sata the same as esata? How do I know if I need a usb 3 or usb 2? -
One computer at COMPANY-A is attempting to communicate with two
computers located at COMPANY-B, via an IPsec tunnel between the
two companies.
All communications are via TCP protocol.
All devices present public IP addresses to one another, although they
may have RFC 1918 addresses on other interfaces, and NAT may be in use
on the COMPANY-B side. (NAT is not being used on the COMPANY-A side.)
The players:(Note: first three octets have been changed for security reasons)
COMPANY-A computer 1.2.3.161
COMPANY-A router 1.2.3.8 (also IPsec peer)
COMPANY-A has 1.2.3.0/24 with no subnetting.
COMPANY-B router 4.5.6.228 (also IPsec peer)
COMPANY-B computer #1 4.5.7.94 (this one has no issues)
COMPANY-B computer #2 4.5.7.29 (this one fails)
COMPANY-B has 4.5.6.0/23 subnetted in various ways.
COMPANY-B also has 9.10.11.0/24, but it is not involved in the issue.
What works:
The COMPANY-A computer 1.2.3.161 can communicate via the single IPsec
tunnel to COMPANY-B computer #1 4.5.7.94 without problems.
The "show crypto session detail" command shows Inbound/Outbound packets
flowing in the dec'ed and enc'ed positions.
What doesn't:
When the COMPANY-A computer 1.2.3.161 attempts to communicate
via the single IPsec tunnel with the COMPANY-B computer #2 4.5.7.29,
the COMPANY-A router eventually reports five of these messages:
Oct 9 15:24:54.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:24:57.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:03.327: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:15.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:25:39.329: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
Oct 9 15:26:27.328: IPSEC(epa_des_crypt): decrypted packet failed SA identity check
and the "show crypto session detail" shows inbound packets being dropped.
The COMPANY-A computer that opens the TCP connection never gets past the
SYN_SENT phase of the TCP connection whan trying to communicate with the
COMPANY-B computer #2, and the repeated error messages are the retries of
the SYN packet.
On the COMPANY-A side, this IPsec configuration has been set up on a 3745,
a 3725, and some 76xx routers were tried, all with similar behavior,
with packets from one far-end computer passing fine, and packets from
another far-end computer in the same netblock passing through the same
IPsec tunnel failing with the "failed SA identity" error.
The COMPANY-A computer directs all packets headed to COMPANY-B via the
COMPANY-A router at 1.2.3.8 with this set of route settings:
netstat -r -n
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
4.5.7.0 1.2.3.8 255.255.255.0 UG 0 0 0 eth3
1.2.3.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
10.1.0.0 0.0.0.0 255.255.240.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth3
10.0.0.0 10.1.1.1 255.0.0.0 UG 0 0 0 eth0
0.0.0.0 1.2.3.1 0.0.0.0 UG 0 0 0 eth3
The first route line shown is selected for access to both COMPANY-B computers.
The COMPANY-A router (IPsec tunnel endpoint, 1.2.3.8) has this
configuration:
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 28800
crypto isakmp key XXXXXXXXXXXXXXXXXXXXXXX address 4.5.6.228
crypto ipsec security-association lifetime seconds 86400
crypto ipsec transform-set COMPANY-B01 esp-3des esp-sha-hmac
crypto map COMPANY-BMAP1 10 ipsec-isakmp
description COMPANY-B VPN
set peer 4.5.6.228
set transform-set COMPANY-B01
set pfs group2
match address 190
interface FastEthernet0/0
ip address 1.2.3.8 255.255.255.0
no ip redirects
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map COMPANY-BMAP1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.2.3.1
ip route 10.0.0.0 255.0.0.0 10.1.1.1
ip route 1.2.3.8.0 255.255.255.0 FastEthernet0/0
access-list 190 permit ip host 1.2.3.161 4.5.7.0 0.0.0.255
access-list 190 permit ip host 1.2.3.161 9.10.11.0 0.0.0.255
bridge 1 protocol ieee
One of the routers tried had this IOS/hardware configuration:
Cisco IOS Software, 3700 Software (C3725-ADVIPSERVICESK9-M), Version 12.4(25c),
RELEASE SOFTWARE (fc2)
isco 3725 (R7000) processor (revision 0.1) with 115712K/15360K bytes of memory.
Processor board ID XXXXXXXXXXXXXXX
R7000 CPU at 240MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
2 FastEthernet interfaces
4 ATM interfaces
DRAM configuration is 64 bits wide with parity disabled.
55K bytes of NVRAM.
31296K bytes of ATA System CompactFlash (Read/Write)
250368K bytes of ATA Slot0 CompactFlash (Read/Write)
Configuration register is 0x2102
#show crypto sess
Crypto session current status
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
#show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:06:26:27
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 651 drop 16 life (KB/Sec) 4496182/23178
Outbound: #pkts enc'ed 574 drop 2 life (KB/Sec) 4496279/23178
IPSEC FLOW: permit ip host 1.2.3.161 9.10.11.0/255.255.255.0
Active SAs: 0, origin: crypto map
Inbound: #pkts dec'ed 0 drop 0 life (KB/Sec) 0/0
Outbound: #pkts enc'ed 0 drop 0 life (KB/Sec) 0/0
The COMPANY-B device on their end of the IPsec VPN is a Juniper SSG1000
Version 6.1 (ScreenOS)
We only have a limited view into the Juniper device configuration.
What we were allowed to see was:
COMPANY-B-ROUTER(M)-> sh config | incl COMPANY-A
set address "Untrust" "oss-COMPANY-A-1.2.3.161" 1.2.3.161 255.255.255.255
set ike gateway "COMPANY-A-1-GW" address 1.2.3.8 Main outgoing-interface "ethernet2/1" preshare xxxxxxxxxxxxxxxxxxxxxx proposal "pre-g2-3des-sha"
set vpn "COMPANY-A-1-IKE" gateway "COMPANY-A-1-GW" no-replay tunnel idletime 0 proposal "g2-esp-3des-sha-28800"
set policy id 2539 from "Untrust" to "Trust" "oss-COMPANY-A-1.2.3.161" "9.10.11.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2500
set policy id 2500 from "Trust" to "Untrust" "9.10.11.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309a pair-policy 2539
set policy id 2541 from "Trust" to "Untrust" "4.5.7.0-24" "oss-COMPANY-A-1.2.3.161" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2540
set policy id 2540 from "Untrust" to "Trust" "oss-COMPANY-A-1.2.3.161" "4.5.7.0-24" "ANY" tunnel vpn "COMPANY-A-1-IKE" id 0x309b pair-policy 2541
COMPANY-B-ROUTER(M)->
I suspect that this curious issue is due to a configuration setting on the
Juniper device, but neither party has seen this error before. COMPANY-B
operates thousands of IPsec VPNs and they report that this is a new error
for them too. The behavior that allows traffic from one IP address to
work and traffic from another to end up getting this error is also unique.
As only the Cisco side emits any error message at all, this is the only
clue we have as to what is going on, even if this isn't actually an IOS
problem.
What we are looking for is a description of exactly what the Cisco
IOS error message:
IPSEC(epa_des_crypt): decrypted packet failed SA identity check
is complaining about, and if there are any known causes of the behavior
described that occur when running IPsec between Cisco IOS and a Juniper
SSG device. Google reports many other incidents of the same error
message (but not the "I like that IP address but hate this one" behavior),
and not just with a Juniper device on the COMPANY-B end, but for those cases,
not one was found where the solution was described.
It is hoped that with a better explanation of the error message
and any known issues with Juniper configuration settings causing
this error, we can have COMPANY-B make adjustments to their device.
Or, if there is a setting change needed on the COMPANY-A router,
that can also be implemented.
Thanks in advance for your time in reading this, and any ideas.Hello Harish,
It is believed that:
COMPANY-B computer #1 4.5.7.94 (this one has no issues)
COMPANY-B computer #2 4.5.7.29 (this one fails)
both have at least two network interfaces, one with a public IP address
(which we are supposedly conversing with) and one with a RFC 1918 type
address. COMPANY-B is reluctant to disclose details of their network or
servers setup, so this is not 100% certain.
Because of that uncertainty, it occurred to me that perhaps COMPANY-B
computer #2 might be incorrectly routing via the RFC 1918 interface.
In theory, such packets should have been blocked by the access-list on both
COMPANY-A router, and should not have even made it into the IPsec VPN
if the Juniper access settings work as it appears they should. So I turned up
debugging on COMPANY-A router so that I could see the encrypted and
decrypted packet hex dumps.
I then hand-disassembled the decoded ACK packet IP header received just
prior to the "decrypted packet failed SA check" error being emitted and
found the expected source and destination IP addresses (4.5.7.29 and 1.2.3.161),
in the unecapsulated packet. I also found the expected port numbers of the TCP
conversation that was trying to be established in the TCP header. So, it
looks like COMPANY-B computer #2 is emitting the packets out the right
interface.
The IP packet header of the encrypted packet showed the IP addresses of the
two routers at each terminus of the IPsec VPN, but since I don't know what triggers
the "SA check" error message or what it is complaining about, I don't know what
other clues to look for in the packet dumps.
As to your second question, "can you check whether both encapsulation and
decapsulation happening in 'show crypto ipsec sa'", the enc'ed/dec'ed
counters were both going up by the correct quantities. When communicating
with the uncooperative COMPANY-B computer #2, you would also see the
received Drop increment for each packet decrypted. When communicating
with the working COMPANY-B computer #1, the Drop counters would not
increment, and the enc'ed/dec'ed would both increment.
#show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:07:59:54
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 376 drop 5 life (KB/Sec) 4458308/28784
Outbound: #pkts enc'ed 401 drop 3 life (KB/Sec) 4458308/28784
Attempt a TCP communication to COMPANY-B computer #2...
show crypto sess det
Crypto session current status
Code: C - IKE Configuration mode, D - Dead Peer Detection
K - Keepalives, N - NAT-traversal, X - IKE Extended Authentication
Interface: FastEthernet0/0
Session status: UP-ACTIVE
Peer: 4.5.6.228 port 500 fvrf: (none) ivrf: (none)
Phase1_id: 4.5.6.228
Desc: (none)
IKE SA: local 1.2.3.8/500 remote 4.5.6.228/500 Active
Capabilities:(none) connid:1 lifetime:07:59:23
IPSEC FLOW: permit ip host 1.2.3.161 4.5.7.0/255.255.255.0
Active SAs: 2, origin: crypto map
Inbound: #pkts dec'ed 376 drop 6 life (KB/Sec) 4458307/28753
Outbound: #pkts enc'ed 402 drop 3 life (KB/Sec) 4458307/28753
Note Inbound "drop" changed from 5 to 6. (I didn't let it sit for all
the retries.)
#show crypto ipsec sa
interface: FastEthernet0/0
Crypto map tag: COMPANY-BMAP1, local addr 1.2.3.8
protected vrf: (none)
local ident (addr/mask/prot/port): (1.2.3.161/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (4.5.7.0/255.255.255.0/0/0)
current_peer 4.5.6.228 port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 402, #pkts encrypt: 402, #pkts digest: 402
#pkts decaps: 376, #pkts decrypt: 376, #pkts verify: 376
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 3, #recv errors 6
local crypto endpt.: 1.2.3.8, remote crypto endpt.: 4.5.6.228
path mtu 1500, ip mtu 1500, ip mtu idb FastEthernet0/0
current outbound spi: 0xDF2CC59C(3744253340)
inbound esp sas:
spi: 0xD9D2EBBB(3654478779)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2004, flow_id: SW:4, crypto map: COMPANY-BMAP1
sa timing: remaining key lifetime (k/sec): (4458307/28600)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0xDF2CC59C(3744253340)
transform: esp-3des esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2003, flow_id: SW:3, crypto map: COMPANY-BMAP1
sa timing: remaining key lifetime (k/sec): (4458307/28600)
IV size: 8 bytes
replay detection support: Y
Status: ACTIVE
outbound ah sas:
outbound pcp sas:
The "send" errors appear to be related to the tunnel reverting to a
DOWN state after periods of inactivity, and you appear to get one
each time the tunnel has to be re-negotiated and returned to
an ACTIVE state. There is no relationship between Send errors
incrementing and working/non-working TCP conversations to the
two COMPANY-B servers.
Thanks for pondering this very odd behavior. -
I cannot locate the upgrade to Photoshop Elements 11 to Version 13, which I purchased today and started the download as per the Order Confirmation. My order No. is AD014117711. I am running Windows 7 on my PC and cannot locate the Download. How do I find it? What is the exact name of the Download?
EdWeidman by default the download will be saved to your Download folder. I do not know the exact name of the file which was provided to you.
-
What exactly is new in the ne iPad OS?
What exactly is new in the ne iPad OS? I downloaded it and don't see anything new.
You need to install it, as well as download it. Then the new features will be as shown here:
http://www.apple.com/ipad/ios4/
Maybe you are looking for
-
Windows 8.1 drivers issue, late 2013 iMac, 27 inch
Hello! I am having the hardest time trying to install windows 8.1 on my imac. I have the USB drive in the right format, I have the windows install disc in, and everything works up until it resets into the windows installer. Once I get to this point,
-
Storing and Retriving from Hashtable
I store countryCode and countryName in Hashtable, but how do i populate it back to my html listBox? And with sorting order? Hashtable codeHash = new Hashtable(); if (codeHash != null) { codeHash.put("AR", "Argentina"); codeHash.put("AM", "A
-
How do you drag and drop music into the latest version of ITunes?
In the old itunes i could just drag and drop music that i downloaded directly into my itunes but now when i try to do that it doesn't allow me Does anyone know how to fix this or know how i can import the music i have downloaded?
-
IdeaCentre K210-Soyo Monitor and Display Adapter
Hi I have a Soyo Monitor -Dylmo17b. I just received an update and my graphics driver got changed to Intel G33/G31 Express Chipset Family. But ever since Soyo went bankrupt I don't have a driver for the monitor and there's a driver for it but its gen
-
Extract error for an Infoset Query based Datasource
Hello All, When I test a Info set Query Extraction in RSA3, I am facing the error message: The field 'ZBW_EXTRACT' is unknown, but there are following fields with similar name '%COUNT-ZBW_EXTRACT'. Syntax Error in Program 'AQZZSYSTBWGENER.....' The P