IPSEC packets are not encrypted

Similar Questions

• How to configure Thunderbird to send messages that are not encrypted unless I want them to be?

  I have Thunderbird set in place through gmail with enigmail and gpg4win 2.2.3 on a windows 7 64-bit operating system. I went through the Enigmail set up Assistant and unchecked 'encrypt by default', but it still sends encrypted E-mail. What don't I do?
  Thanks for help.
  Dave

  Yes, I chose the convenient encryption settings. In fact, I tried both, just to be sure, but thank you. You're in the right area and I found a way, but I'm not sure it's the best way, so if someone knows a better way please let me know. In Thunderbird, click Tools, click on account settings, click Open PGP security , then uncheck the " encrypt messages by default" clear sign messages by default and then restart Thunderbird. I don't know if it's the best and fastest way, but it does not send the message unencrypted until someone tells us an easier way. I think the key is that you do all of this through the tools of Thunderbird tab and there is no need to touch the settings in Enigmail or gpg4win. Thank you.
  Dave

• This just started today. On Firefox, the encrypted images and the www are grey. When I click on the symbol, it says connection is not encrypted. Hacked?

  Photos of encryption and www work on IE.

  You no longer see favicon for the site on the address bar, but you now see an icon that indicates what type of connection you have.
  
  With an http connection unencrypted normal, you see:

  • This Web site does not provide identity information.
  • Your connection to this Web site is not encrypted.

  Only an encrypted HTTPS connection can provide additional information.
  
  The change was for reasons of security prevent spoofing the favicon as an icon of padlock on websites.

  See the Site identity button:

  • https://support.Mozilla.org/KB/site+identity+button
  • http://blog.Mozilla.org/UX/2012/06/site-identity-UI-updates/

• ArraytoChannels error 'cannot be added because the channels of the target are not all the same length.

  Hello!

  After the end of my second day of test error, I put this question on the table:

  I use ArraytoChannels function to store ADO recordsets as strings. What is strange, is that for the first Recordset, it works; but for the next time through the loop, it always fails with the error message 'cannot be added because the channels of the target are not all the same length.

  I confirmed that:

  the RowData sizes and the ChannelNames are equal,

  both spend the isarray = true test,

  I change the order of the ChannelNames,.

  I have reconnected/disconnected from the oConnexion every time, nothing has changed.

  Apparently I'm missing something - but crazy to know what! -If anyone can share his opinion I'll so much appriciate. Here is my code:

  oTables = Array ("WellStates", "ChokeData", "WellParameters", "FlowData", "PumpData", "SensorsData", "ModelCalculatedData")

  Call OpenSQLConnection
  Set oRecordset = CreateObject ("ADODB. Recordset')
  Call SelectWell
  Call GetWellStateIDs

  Data.Root.Clear
  for j = 0 to ubound(oTables,1)

  sSQLSting = "select * []" & oTables (j) & "] where [WellStateID] between" & WellStateIDFirst & "and" & WellStateIDLast ".
  oRecordset.Open sSQLSting, oConnexion
  Protected oFieldNames: table: ReDim oFieldNames (orecordset. Fields.Count - 1).
  for i = 0 to orecordset. Fields.Count - 1
  oFieldNames (i) = orecordset. Fields.Item (i) .name
  next
  oArray = oRecordset.GetRows (-1, 0, oFieldNames)
  Set oGroup = Data .root .ChannelGroups .Add (oTables (j))

  oArray, oFieldNames arraytochannels
  oRecordset.close
  oConnection.Close
  next

  Sub GetWellStateIDs
  sSQLSting = "select * from [WellStates] where [wellid] =" & WellID
  oRecordset.Open sSQLSting, oConnexion
  oArray = oRecordset.GetRows)
  WellStateIDFirst = oArray (0,0)
  WellStateIDLast = oArray (0, ubound(oArray,2))
  oRecordset.close
  EndSub

  Sub OpenSQLConnection
  Set WshNetwork = CreateObject
  oComputerName = WshNetwork.ComputerName
  oDB = "MX2. Player.DB ".
  Set oConnexion = CreateObject ("ADODB. Connection")
  oProvider = "Provider = SQLOLEDB.1; Integrated Security = SSPI; PeoExecuteist Security Info = True; Data Source ='
  oProvider = oProvider & oComputerName & "\MX; Use procedure for prepare = 1; Machine translation = True; The packet size = 4096; Workstation ID ="
  oProvider = oProvider & oComputerName & " Use encryption for data = False; Tag with column collation when possible = False; Initial Catalog ='
  oProvider = oProvider & oDB
  oConnection.ConnectionString = oProvider
  oConnection.Open
  EndSub

  Another clue. If you check using DIAdem

  Microsoft Windows Script Debugger

  you are able to install the debugger in DIAdem.

  It would potentially have shown that the command does not work as expected.

  Sorry for the inconveniance

  Andreas

• Feature IPSec VPN is not in router CISCO891-K9

  I want to configure IPsec over GRE tunnel in CISCO891-K9 router. GRE tunnel works well, but I can not configure IPSEC. I found the command of ipsec isakmp or crypro encryption isn't here. The version of the CISCO891-K9 show is:

  EFLWH-1 #sh worm

  Cisco IOS software, software C890 (C890-UNIVERSALK9_NPE-M), Version 15.2 (4) M2, R SENSE SOFTWARE (fc2)

  Technical support: http://www.cisco.com/techsupport

  Copyright (c) 1986-2012 by Cisco Systems, Inc.

  Updated Thursday, November 7, 12 and 23:11 by prod_rel_team

  ROM: System Bootstrap, Version 12.4 YB3 (22r), RELEASE SOFTWARE (fc1)

  EFLWH-1 uptime is 2 days, 19 hours, 24 minutes

  System to regain the power ROM

  System image file is "flash: c890-universalk9_npe - mz.152 - 4.M2.bin.

  Last reload type: normal charging

  Reload last reason: power

  This product contains cryptographic features and is under the United States

  States and local laws governing the import, export, transfer and

  use. Delivery of Cisco cryptographic products does not imply

  third party approval to import, export, distribute or use encryption.

  Importers, exporters, distributors and users are responsible for

  compliance with U.S. laws and local countries. By using this product you

  agree to comply with the regulations and laws in force. If you are unable

  to satisfy the United States and local laws, return the product.

  A summary of U.S. laws governing Cisco cryptographic products to:

  http://www.Cisco.com/WWL/export/crypto/tool/stqrg.html

  If you need assistance please contact us by mail at

  [email protected] / * /.

  Cisco 891 (MPC8300) processor (revision 1.0) with 498688K / 25600K bytes of memory.

  Card processor ID FGL170926DF

  9 FastEthernet interfaces

  1 gigabit Ethernet interface

  Serial 1 interface

  1 line of terminal

  256K bytes of non-volatile configuration memory.

  247464K bytes of ATA CompactFlash (read/write)

  License info:

  License IDU:

  -------------------------------------------------

  Device SN # PID

  -------------------------------------------------

  * FGL170926DF 0 CISCO891-K9

  Information about the license for "c890.

  License level: advipservices_npe Type: Permanent

  Next reboot license level: advipservices_npe

  Configuration register is 0 x 2102

  Yes, it should work then.

  --
  Don't stop once you have upgraded your network! Improve the world by lending money to low-income workers:
  http://www.Kiva.org/invitedBy/karsteni

• Random Tunnel IPSec Packet drops

  Hi experts,

  I am trying to solve a problem of fall of random package for tunneling IPSec between two VTI. For more than a month, we could not see not any question, and from today, we have 30% through a tunnel packet loss IPSec.

  After analysis, I have concluded that packet loss is located somewhere on the way to the uc520 to the 2921. Package account see the correctly on the output interface physics uc520, but the number of packets is low on the interface of penetration on the 2921.

  Pings outside of the tunnel by the way are very good.

  I also deleted the tunnels on both ends and after they have recovery, the question was always present.

  Pointers on research where packets get lost?

  RR-hq-2921 #ping 10.1.13.1 g0/1 source rep 100

  Type to abort escape sequence.

  Send 100, echoes ICMP 100 bytes to 10.1.13.1, wait time is 2 seconds:

  Packet sent with a source address of 10.1.1.1

  !!..!.!!!!!!!!!..!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  ..!!.!!!!!!!!!!!.!!!!!!!!.!!!!

  Topology:

  [uc520] == HAVE == {{{cloud}}} == MODEM == [2921]

  Test:

  Claire 2921 # counters g0/0

  Disable "show interface" counters on this interface [confirm]

  % CLEAR-5-COUNTERS: claire counter on interface GigabitEthernet0/0

  Execute on uc520: ping source timeout 0 rep 4000

  This is supposed to increase rapidly the number of packets at a distance of 4000 packages, as it has done on the output uc520 interface

  # 2921 sho int g0/0 | I entered the packages

  3348 packets input, 607812 bytes, 0 no buffer< missing="" ~650="">

  # 2921 sho int g0/0

  GigabitEthernet0/0 is up, line protocol is up

  Material is CN Gigabit Ethernet, the address is XXXXXXXX

  Description: Outdoors - WAN port

  The Internet address is XXX.XXX.XXX.XXX/YY

  MTU 1500 bytes, BW 35000 Kbit/s, 10 DLY usec,

  reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  KeepAlive set (10 sec)

  Full-Duplex, 1 Gbps, media type is RJ45

  control output stream is XON, control of input stream is XON

  Type of the ARP: ARPA, ARP Timeout 04:00

  Last entry of 00:00:00, 00:00:00 exit, exit hang never

  Final cleaning of the counters 'show interface' 00:00:42

  Input queue: 0/75/0/0 (size/max/drops/dumps); Total output drops: 0

  Strategy of queues: fifo

  Output queue: 0/40 (size/max)

  30 second entry rate 75000 bps, 51 packets/s

  exit rate of 30 seconds 77000 bps, 52 packets/s

  3456 packets input, 619794 bytes, 0 no buffer

  Received 0 emissions (0 of IP multicasts)

  0 Runts, 0 giants, 0 shifters

  entry 0, 0 CRC errors, frame 0, saturation 0, 0 ignored

  Watchdog 0, multicast 0, break 0 comments

  3454 packets output, 632194 bytes, 0 underruns

  0 output errors, 0 collisions, 0 resets interface

  unknown protocol 0 drops

  0 babbles, collision end 0, 0 deferred

  carrier, 0 no carrier, lost 0 0 interrupt output

  output buffer, the output buffers 0 permuted 0 failures

  Good infor

  Now, did you ask your ISP if they made the last changes made?

  I think that your suspcious is correct and if the number of packets do not match, then probably something in the environment has changed, since it worked before with the same configuration and IOS versions.

  HTH.

• Problem with VPN. Router is not encrypted but decrypts

  Hello, I have a problem in my IPSec tunnel. One of the routers (Cisco 861) is not encrypt the packets but decrypts those incoming from the remote peer (RV042). In the access list for the wan interface I deny traffic between subnets and vpn access list, I authorize the traffic. Could someone give me a help or advice. Thank you.

  Hello

  The problem is with the list of access-102.  This is your NAT access list.  You see that you allow the 172.16.2.0 at all until you deny, so all traffic is reflected on your public IP address before you try to go through the VPN.  You always want to DENY traffic before making any permit in an access list because they treat up and down on the first game.

  Try the following commands:

  no nat ip inside the source list 102 interface FastEthernet4 overload

  no access list 102

  access-list 102 deny ip 172.26.2.0 0.0.0.255 172.26.3.0 0.0.0.255

  access-list 102 permit ip 172.26.2.0 0.0.0.255 any

  overload of IP nat inside source list 102 interface FastEthernet4

• DMVPN questions - IPsec packets

  Hi all

  Currently, I am configuring DMVPN for the first time. I followed the guide to configuring cisco and Googling a bit other strands however seems to have hit a brick wall.

  The Setup is in a lab environment, so I can post as much information as required, but here's the important bits:

  I have 3 routers Cisco 2821 running IOS 12.4 (15) with a layer 3 switch in the Middle connecting ports 'wan' together. the routing works fine, I can ping to each of the other router router.

  Excerpts from the hub router config:

  crypto ipsec transform-set DMVPN_SET esp-3des esp-md5-hmac
  !
  crypto ipsec profile DMVPN_PRJ
  set transform-set DMVPN_SET
  !
  interface Tunnel0
  bandwidth 10000
  ip address 172.17.100.1 255.255.255.0
  no ip redirects
  ip mtu 1500
  ip nhrp authentication secretid
  ip nhrp map multicast dynamic
  ip nhrp network-id 101
  ip nhrp holdtime 450
  ip tcp adjust-mss 1460
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 10101
  tunnel protection ipsec profile DMVPN_PRJ
  !
  interface GigabitEthernet0/0
  description HQ WAN
  ip address 1.1.1.1 255.255.255.248
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  !
  

  and here's the config on the first router spoke:

  crypto ipsec transform-set DMVPN_SET esp-3des esp-md5-hmac
  !
  crypto ipsec profile DMVPN_PRJ
  set transform-set DMVPN_SET
  !
  interface Tunnel0
  bandwidth 3000
  ip address 172.17.100.10 255.255.255.0
  no ip redirects
  ip mtu 1500
  ip nhrp authentication secretid
  ip nhrp map 172.17.100.1 1.1.1.1
  ip nhrp map multicast 1.1.1.1
  ip nhrp network-id 101
  ip nhrp holdtime 450
  ip nhrp nhs 172.17.100.1
  ip tcp adjust-mss 1460
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key 10101
  tunnel protection ipsec profile DMVPN_PRJ
  !
  interface GigabitEthernet0/0
  description Site 1 WAN
  ip address 11.11.11.1 255.255.255.248
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  !
  

  If I closed/no farm tunnel0 on RADIUS 1 interface, I get the following error on the hub router:

  Mar 30 13:41:17.075: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet.
  (ip) vrf/dest_addr= /1.1.1.1, src_addr= 11.11.11.1, prot= 47
  

  so I feel im lack some config on the side talking to encrypt the traffic, but I'm not sure what.

  Here's the output router spoke:

  RTR_SITE1#sh dmvpn detail
  Legend: Attrb --> S - Static, D - Dynamic, I - Incompletea
  N - NATed, L - Local, X - No Socket
  # Ent --> Number of NHRP entries with same NBMA peer
  -------------- Interface Tunnel0 info: --------------
  Intf. is up, Line Protocol is up, Addr. is 172.17.100.10
  Source addr: 11.11.11.1, Dest addr: MGRE
  Protocol/Transport: "multi-GRE/IP", Protect "DMVPN_PRJ",
  Tunnel VRF "", ip vrf forwarding ""
  NHRP Details: NHS:       172.17.100.1  E
  Type:Spoke, NBMA Peers:1
  # Ent  Peer NBMA Addr Peer Tunnel Add State  UpDn Tm Attrb    Target Network
  ----- --------------- --------------- ----- -------- ----- -----------------
  1         1.1.1.1    172.17.100.1   IKE    never S       172.17.100.1/32
  Interface: Tunnel0
  Session: [0x48E31B98]
  Crypto Session Status: DOWN
  fvrf: (none),   IPSEC FLOW: permit 47 host 11.11.11.1 host 1.1.1.1
  Active SAs: 0, origin: crypto map
  Outbound SPI : 0x       0, transform :
  Socket State: Closed
  Pending DMVPN Sessions:
  

  
  RTR_SITE1#sh ip nhrp detail
  172.17.100.1/32 via 172.17.100.1, Tunnel0 created 00:33:44, never expire
  Type: static, Flags: used
  NBMA address: 1.1.1.1
  

  
  RTR_SITE1#sh crypto ipsec sa
  interface: Tunnel0
  Crypto map tag: Tunnel0-head-0, local addr 11.11.11.1
  protected vrf: (none)
  local  ident (addr/mask/prot/port): (11.11.11.1/255.255.255.255/47/0)
  remote ident (addr/mask/prot/port): (1.1.1.1/255.255.255.255/47/0)
  current_peer 1.1.1.1 port 500
  PERMIT, flags={origin_is_acl,}
  #pkts encaps: 0, #pkts encrypt: 0, #pkts digest: 0
  #pkts decaps: 0, #pkts decrypt: 0, #pkts verify: 0
  #pkts compressed: 0, #pkts decompressed: 0
  #pkts not compressed: 0, #pkts compr. failed: 0
  #pkts not decompressed: 0, #pkts decompress failed: 0
  #send errors 46, #recv errors 0
  local crypto endpt.: 11.11.11.1, remote crypto endpt.: 1.1.1.1
  path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/0
  current outbound spi: 0x0(0)
  inbound esp sas:
  inbound ah sas:
  inbound pcp sas:
  outbound esp sas:
  outbound ah sas:
  outbound pcp sas:
  

  All these commands appear as empty when I throw them on the hub router.

  Any help appreciated.

  Thank you

  No negotiate is because you do not have an Ike key implemented. You need

  Crypto ISAKMP policy 1

  BA (whatever)

  AUTH pre-shared

  Group (whatever)

  ISAKMP crypto key 0 some secret address 0.0.0.0 0.0.0.0

  Hun and talks must match.

  Your IPSec transform-set should also have "transport mode".

  Sent by Cisco Support technique iPad App

• Some features of Windows are not available.

  I have an IdeaPad p580 and I noticed that a few basic functionality of windows are not available. I use Windows 7 Home premium SP1 and everything else is usually straight out of the box. I guess these are the basic features of windows because I learn about them in an intro to the class of Windows operating system.

  When I try to use secpol.msc in the start menu, windows cannot find it, and also when I try to encrypt a file or a file this option is grayed out. I think Veriface is the encrypt function creep, or another software that is preinstalled is to play with things.

  No idea as to what could be the cause? Is my book misleading me, I may get to such a different way?

  Hi Kholt,

  Some features are not available in Windows 7 Home premium...

  http://www.SevenForums.com/network-sharing/202099-secpol-MSC-network-security-workaround.html

  http://Windows.Microsoft.com/en-us/Windows7/encrypt-or-decrypt-a-folder-or-file

  http://en.Wikipedia.org/wiki/BitLocker_Drive_Encryption

  Zehn

• The files are currently encryption automatically.

  A lot of word documents and my son is creating programs c ++ are automatically encrypted.  When the document is opened, it is said user has access privileges.  When I try to uncheck the encryption properties, I get an access denied message.  I'm doing this as an administrator.

  Where Devil am I going to stop this?

  Where can I fix the access denied message?

  How to change permanently the user permissions for all users to have all permissions for the created documents?

  These files are under encryption by the Encrypting File System (EFS).  This seems to indicate that you have a XP Pro and not XP Home.  When it comes to the EFS, administrators don't have little or no power to decrypt these files.  Even if you are an administrator, you will not be able to access these files.

  With impatience...  You can access the encrypted files is to create a "EFS Recovery Agent.  You can then use the recovery agent to access any encrypted file after the agent has been installed.  You will find that only the encrypted files after the recovery agent is in place can be consulted.  Files created before then will not be available.

  "How to add an EFS recovery agent in Windows XP Professional"
    <>http://support.Microsoft.com/kb/887414 >
  "How to remove encryption from a file or a folder in Windows XP"
    <>http://support.Microsoft.com/kb/308993 >
  ... and of course, the reading for all agent the world using EFS:
  "Best Practices for encrypting file system"
    <>http://support.Microsoft.com/kb/223316 >

  You can also disable EFS.  You can do this with group policy in a domain environment, but at home, a registry value can be changed.  Use with caution.  If you do not understand what follows or how to change the registry, not to do so.

  < quote="">
  «Note: Group Policy sets a registry key which is verified by the EFS during user operations.» The key is:
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\CurrentVersion\EFS\EfsConfiguration
  In the case of local computers that are not members of a domain, local politics is not available for the deactivation of EFS.
  However, a different registry key can be set to disable EFS. If the key is set to a DWORD value of 0x01, EFS will be disabled.
  Registry key:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\EFS\EfsConfiguration"
  < uote="">

  Found in:
  "Encryption in Windows XP and Windows Server 2003 file system"
    <>http://TechNet.Microsoft.com/en-us/library/bb457065.aspx >

  If it's any consolation, EFS is known as the 'Recycle Bin delay' because if a user does not save the certificate (as it is most are not), all crashing Windows requiring a re-installation of Windows will permanently remove access to these files to everyone.

  I hope this helps.
  JW

• SX80 with TC7.3.4 not allowing not encryption is enabled

  I have a client with a SX80 that has been sitting in a box for a while, just to install now.  It has a TC7.3.4 software.  You cannot activate the encryption mode for calls on this device - best Effort and the modes are not available, only turned off.  It seems to me that the wrong software load must be on this camera (not crypto), but I wonder if there are other things that could cause this.  I thought that non-crypto charges disappeared and it wasn't possible, but I might be overlooking something else that could cause this problem.  It has a default Cisco cert installed on it and preinstalled case.

  The SX80 must have an installed encryption Option to encrypt calls. It will be in the format C 1 000-1-XXXXXXXX

  Check on the Cisco Licensing Portal to see that if you get for your device that everything has not been installed, otherwise you will get a.

  Wayne
  --
  Remember the frequency responses and mark your question as answered as appropriate.

• FWSM syslogs are not displayed in the event 4.1 CSM Viewer

  I have MSC 4.1 the observer of events and it should now support FWSM syslogs. The FWSM context now appears as device monitored the event viewer and I can see that the system receives the syslogs (the capture of packets on the server).

  But they are not displayed? Why?

  Rgds.

  Which version is the FWSM performer?

  You can use the event viewer with FWSM running software versions 3.1.17+, 3.2.17+, 4.0.10 + and + 4.1.1 only.

  P.S.: Please mark this thread as answered if you feel that your query is resolved. Note the useful messages.

• Update Tandberg E20 TE2.1.0 TE4.1.0. Encrypt or not encrypt?

  Hello

  I am CCNP, but a beginner VOIP, just took a new job.  That is why the first VOIP LAN.

  I upgraded my LAN using switches of WS-C3560X.  I'm upgrading 60 Tandberg E20 video phones from TE2.1.0 to TE4.1.0 because of the E20 not finding the vlan voice.

  I use Avaya S8800 Server CM 5.2.1 with Avaya phones model 9640D01A-1009 and model Tandberg E20 video phones.

  I am trying to decide which software to use; with encryption or no encryption.

  Software Cisco E20

  S52100te4_1_1.pkg AES encryption

  No encryption s52101tenc4_1_1.pkg

  Q1.  What's being encryption?  Voice traffic is the obvious answer to this, no?

  Q2.  This device is at the other end of the encryption?  CM or telephone

  Q3.  Since the appeal will go outside my Avaya CM (ie. call to the outside world), encryption important?

  Thank you for your time and effort.

  Scott

  Hello.

  S52100te4_1_1.pkg AES encryption for the countries where the AES encryption are allowed.

  No s52101tenc4_1_1.pkg encryption is the countries where VOIP encryption is not allowed by law.

  You have only one key to unlock for one of them, so there is really no other choice.

  You can choose to disable encryption on the TE4 version (so it will have the same function as the TENC4), but you are not able to activate encryption on the TENC4.

  TE4 encryption is disabled by default, in any case, if the different software versions are here just for the legal question.

  Q1: Call for installation and the RTP stream can be configured to be encrypted on TE4.

  Q2: Endpoint or device interop

  Q3: It depends if your Avaya CM supports encryption or not.

  Thank you

  Marius

• inter esxi host ipv6 multicast traffic are not detected by the destination VM

  Hello

  Warning, I do not have in-depth knowledge of vmware, so please excuse the bad wording, misconception and ignorance in the post below.

  The current topology is:

  

  Each esxi 4.1 update 3 (DL380 G8) host is to connect both layer 2 switch.

  on each host, the vswitch has two network cards configured as active/active, with the default NIC cluster approach (route based on the original virtual port code).

  Everything else is default.

  The switches are connected by a link to trunk (not bunk)

  I have two Windows Server 2008 R2 VM in the same subnet and you have enabled ipv6 on them (by default)

  When two virtual machines are on the same physical host, ping-6 destination_ipv6_address works (I just use the link local address)

  When two virtual machines are on different hosts, ping fails with the "destination unreachable" message, which usually means the neighbor discovery process fails (similar to arp in ipv4 where source VM cannot get mac address of the destination virtual machine)

  When two virtual machines are on the same physical host, the the packet capture shows that Neighbor Solicitation message is sent via an ipv6 multicast address

  When they are not on the same physical hosts, packet capture on the VM shows that the destination virtual machine will ever get the destination ipv6 multicast packets.

  I then connect two DL380 G8 in a similar way to the switches and install windows Server2008 R2 directly without virtualization on them and ping-6 works perfectly.

  My questions are:

  -I missed somewhere, a configuration to allow ipv6 multicast to work? Or even to remove any 'logic' and treat it simply as a show?

  On network switches, you can do this by disabling IGMP who will then deal with multicast as broadcast packets.

  Although I can't find a similar setting under esxi anywhere.

  -J' saw an option "Enable ipv6" on esxi, but I guess it's only useful if the host itself to participate in ipv6 and therefore not applicable to my case?

  The only similar question I found the research is on the link below, which suggest to hardcode the next table on virtual machines, which is not ideal.

  I can confirm however, hard coding the table nearby on two virtual machines to work. This problem seems to be on how esxi vswitches manage ipv6 multicast traffic

  ESX4 and multicast

  Ideas, points of view are very appreciated

  Ed

  I don't know if this will really solve your problem, but it is worth trying to update the firmware of the NETWORK adapter and the driver.

  Looks like it's a HP NC 331FLR NIC (gen8 DL by default NETWORK 4 ports with the BCM5719 chip card).

  There is no binary updates that you can run from the 4.1, but you can update all the components of the firmware with the current Service Pack HP for Proliant image:

  HP Service Pack for ProLiant

  Or start the server in a live Linux of your choice and use the Linux binary update:

  http://www.HP.com/swpublishing/MTX-ec0e18db6a8e4d978b57aa95d1

  These will update the NIC 331FLR to the Boot Code version 1.37/NCSI 1.2.37.

  Then update the tg3 driver in ESXi with this set to 3.129d.v40.1 offline:

  https://my.VMware.com/group/VMware/details?downloadGroup=DT-ESXI4X-Broadcom-TG3-3129DV401&ProductID=136

  You need the file bundle offline (BCM - tg3 - 3.129d.v40.1 - offline_bundle - 1033618.zip) in this package. You can import in the vCenter update manager for easier deployment or install it (probably) ESXi shell with esxupdate--bundle=/tmp/BCM-tg3-3.129d.v40.1-offline_bundle-1033618.zip

  I'm a little rusty in the Department of ESXi 4.1 CLI however, you may need to use the vihostupdate utility or with PowerCLI Install-VMHostPatch remote:

  https://pubs.VMware.com/vSphere-4-ESX-vCenter/index.jsp?topic=/com.VMware.vSphere.upgrade.doc_41/esx_upgrade/patches_updates/t_host_upgrade_using_vihostupdate_esxi.html

• Newspapers are not sent to the database of Dr. help, please

  Hello

  I have create a databas physics ensures the local site. the works of dataguard.

  But the database pending cannot receive the journal when the standby database installs remotely and change IP, / etc/hosts, listener.ora and tnsnames.ora.

  It seems that work waiting for network problem coz log shipping database to the local site.

  Help, please.

  message below

  AIX 5300-12-04-1119 + Oracle 11.2.0.2

  # Journal of primary database alerts. #########

  ******************************************************************

  LGWR: Definition of 'active' from archive to destination LOG_ARCHIVE_DEST_2

  ******************************************************************

  Wed Sep 09 18:40:13 2013

  WARN: Cra1: termination pid 2916466 hooked to an IO operation

  WARN: Cra1: termination pid 3350692 hooked to an IO operation

  krsv_proc_kill: kill 1 process (process by index)

  Wed Sep 09 18:40:24 2013

  krsv_proc_kill: kill 1 process (process by index)

  Arc1: Error 16198 done hung operation of e/s to LOG_ARCHIVE_DEST_2

  Arc1: Default detected process ARCH

  Arc1: Default detected process ARCH

  ARC1: FROM PROCESS ARCH

  Wed Sep 09 18:40:27 2013

  ARC2 started with pid = 20, OS id = 2916468

  ARC2: Started archiving

  WARN: ARC2: termination pid 585944 hooked to an IO operation

  Wed Sep 09 18:40:27 2013

  ARC3 started with pid = 22, OS id = 3383458

  ARC3: Started archiving

  ARC1: FROM PROCESS ARCH COMPLETE

  Reclaiming entered dead process FAL [pid 2916466]

  krsv_proc_kill: kill 1 process (process by index)

  WARN: ARC3: termination pid 585944 hooked to an IO operation

  krsv_proc_kill: kill 1 process (process by index)

  ARC2: Default detected process ARCH

  ARC2: FROM PROCESS ARCH

  Wed Sep 09 18:40:34 2013

  Arc0 started with pid = 19, OS id = 3854466

  ARC3: Become the heartbeat ARCH

  Arc0: Started archiving

  ARC2: FROM PROCESS ARCH COMPLETE

  Reclaiming entered dead process FAL [pid 3350692]

  Reclaiming entered dead process FAL [pid 585944]

  Wed Sep 09 18:45:28 2013

  WARN: Cra1: termination pid 3854466 hooked to an IO operation

  WARN: Cra1: termination pid 2916468 hooked to an IO operation

  WARN: Cra1: termination pid 3383458 hooked to an IO operation

  Wed Sep 09 18:45:42 2013

  WARN: Cra1: termination pid 3858682 hooked to an IO operation

  krsv_proc_kill: kill 1 process (process by index)

  krsv_proc_kill: kill 1 process (process by index)

  krsv_proc_kill: kill 1 process (process by index)

  Wed Sep 09 18:45:53 2013

  krsv_proc_kill: kill 1 process (process by index)

  Arc1: Default detected process ARCH

  Arc1: Default detected process ARCH

  Arc1: Default detected process ARCH

  ARC1: FROM PROCESS ARCH

  Wed Sep 09 18:45:55 am 2013

  Arc0 started with pid = 19, OS id = 3858686

  Wed Sep 09 18:45:55 am 2013

  ARC2 started with pid = 20, OS id = 3383460

  Arc0: Started archiving

  Wed Sep 09 18:45:55 am 2013

  ARC3 started with pid = 22, OS id = 585962

  ARC2: Started archiving

  ARC2: Become the heartbeat ARCH

  Reclaiming entered dead process FAL [pid 3383458]

  ARC3: Started archiving

  ARC1: FROM PROCESS ARCH COMPLETE

  Reclaiming entered dead process FAL [pid 2916468]

  Wed Sep 09 18:46:57 2013

  Reclaiming entered dead process FAL [pid 3854466]

  Wed Sep 09 18:46:59 2013

  NSA2 started with pid = 47, OS id = 2838532

  Wed Sep 09 18:47:02 2013

  Thread 1 Advanced for you connect to sequence 4883 (switch LGWR)

  Currently Journal # 2 seq # 4883 mem # 0: /u2/oracle/oradata/plmdb/redo02.log

  Wed Sep 09 18:47:02 2013

  Archived journal 4860 extra for each sequence 1 4882 0x5c432f01 dest ID thread entry 1:

  # Log alerts standby database. #########

  krsv_proc_kill: kill 1 process (RFS slowed by thread/sequence)

  RFS [66]: assigned to the RFS 700480 process

  RFS [66]: open the newspaper for thread 1 sequence 4872 dbid 1547947009 branch of the 757523841

  Wed Sep 09 18:46:59 2013

  Primary database is in MAXIMUM PERFORMANCE mode

  RFS [67]: assigned to the RFS 463046 process

  RFS [67]: no waiting redo logfiles available for thread 1

  RFS [67]: open the newspaper for thread 1 4883 dbid 1547947009 branch of the 757523841 sequence

  Wed Sep 09 18:51:03 2013

  RFS [64]: network Possible disconnect with primary database

  Wed Sep 09 18:51:15 2013

  krsv_proc_kill: kill 1 process (RFS slowed by thread/sequence)

  Wed Sep 09 18:51:16 2013

  krsv_proc_kill: kill 1 process (RFS slowed by thread/sequence)

  Wed Sep 09 18:51:16 2013

  RFS [68]: assigned to the RFS 626724 process

  RFS [68]: open the newspaper for thread 1 sequence 4867 dbid 1547947009 branch of the 757523841

  RFS [69]: assigned to the RFS 684156 process

  RFS [69]: open the newspaper for thread 1 sequence 4866 dbid 1547947009 branch of the 757523841

  RFS [70]: assigned to the RFS 483332 process

  RFS [70]: open the newspaper for thread 1 sequence 4872 dbid 1547947009 branch of the 757523841

  # Primary database: journal of archives report #.

  INSTALLATION GRAVITY MESSAGE_NUM ERROR_CODE CAL TO_CHAR(TIMESTAMP,'DD-MON-YYY MESSAGE)

  ------------------------ ------------- ----------- ---------- --- ----------------------------- ------------------------------------------------------------

  Setpoint error of Transport Services 41532 16198 YES 9 October 2013 17:41:22 WARN: cra1: termination pid 3600618 hooked to an IO operation

  Setpoint error of Transport Services 41533 16198 YES 9 October 2013 17:41:27 WARNING: cra1: termination pid 4071430 hooked to an IO operation

  Setpoint error of Transport 41536 16198 YES 9 October 2013 17:41:36 ARC1: 16198 error due to guillotine operation of e/s to LOG_ARCHIVE_D

  EST_2

  Setpoint error of Transport Services 41540 16198 YES 9 October 2013 17:41:36 WARN: ARC2: termination pid 3960900 hooked to an IO operation

  Log Transport Services 41543 16198 YES error 9 October 2013 17:41:41 WARN: ARC3: termination pid 3960900 hooked to an IO operation

  Setpoint error of Transport Services 41548 16198 YES 9 October 2013 17:46:37 WARN: cra1: termination pid 3797106 hooked to an IO operation

  Setpoint error of Transport Services 41549 16198 YES 9 October 2013 17:46:42 WARN: cra1: termination pid 3600622 hooked to an IO operation

  Setpoint error of Transport Services 41550 16198 YES 9 October 2013 17:46:46 WARN: cra1: termination pid 4071432 hooked to an IO operation

  Setpoint error of Transport Services 41551 16198 YES 9 October 2013 17:46:51 WARN: cra1: termination pid 4001810 hung on an IO operation

  Newspapers are not shipped to the physical database ensures [1130523.1 ID]

  ) Please work with your network administrator to make sure that the following firewall features are disabled.

  • SQLNet fixup protocol
  • Deep Packet Inspection (DPI)
  • SQLNet packet inspection
  • Fixed SQL
  • SQL ALG (Juniper firewall)

  Disable SQL ALG.