Public VIP subnet, RAC

Hello

I have questions about the network configuration in Oracle RAC 11.2. According to the documentation http://docs.oracle.com/cd/E11882_01/rac.112/e17264/preparing.htm#TDPRC135

'The virtual IP address must be on the same subnet as your public IP address.',

"IP addresses used for SCANNING addresses must be on the same subnet as VIP addresses."

So in ideal configuration we should end up with something similar to the example configuration of table 2-1 http://docs.oracle.com/cd/E11882_01/rac.112/e17264/preparing.htm#BCGJBBGE

My question is. Is it possible that

public ip address will be the separate subnet.

VIP and scan will be on a different subnet,

and private will be on a different subnet (dedicated to connect)

and this configuration is supported.

Concerning

Jakub

My question is. Is it possible that

public ip address will be the separate subnet.

VIP and scan will be on a different subnet,

and private will be on a different subnet (dedicated to connect)

and this configuration is supported is

In short No.

The SCAN and VIPs will be logical interfaces.

Public, VIP and SCAN will be on the same subnet. VIP and SCAN will actually be a logical interface on the public interface.

Private sector will be in his private on a different subnet network.

I don't think that you will still be able to configure the vip to be on a separate subnet from the public. The installation will fail only.

Tags: Database

Similar Questions

Grid infrastructure 11.2.0.3 install fails with public & private subnet
Specify Network Interface usage

Name of the interface: eth0 subnet: 192.168.1.0 Public
Name of the interface: eth1 subnet: 192.168.1.0 private

By using advanced-> Installation
No GNS->

I'm getting an error [ins-41113] specified public and private interfaces are configured on the same subnet: 192.168.1.0 why it is a mistake because the Oracle e17212/typinst.htm Documentation says the following:

A unique name of Acess customer (SCAN) for the group, including the following features:
* Three IP; but I want to use only two static IP address, because I don't use DNS I use the file/etc/hosts.
* On the same subnet as all other public IP addresses, VIP, and SCAN processes.

Please advise because I was able to install the 11.2.0.2 grid Infrastructure using the same configuration with no problems. Now that I'm using Oracle 11.2.0.3 I encounter this problem.
Levi,

Thank you.

I changed the subnet on each CCR node so that the public and the private sector have their own path to the distinctive network offering significant performance improvements.
Node 1 eth0 192.168.1.12
Node 1 eth1 192.168.2.13

Node 2 eth0 192.168.1.14
Node 2 eth1 192.168.1.15

And then silence grid Infrastructure 11.2.0.3 successfully installed.

Once again thank you very much!

change the subnet Rac

Hi gurus,
Im working on CARS (11.2.0.3) 2 nodes, under RHEL 5.3
I had to update some scan/vip /... and I used documents 276434.1 and 283684.1 for this purpose. Everything worked fine, but when I rebooted both servers I can't start scan, I check the logs and found this:
CRS-2674: beginning of "ora.scan2.vip", the "RAC2' failed
CRS-5017: the action "ora.scan2.vip start" resource has met the following error:
CRS-5009: virtual 192.168.XXX.XXX IP address does not belong to the subnet 192.168.XXX.XXX
. For details, refer to "(:CLSN00107:))" "in ' / u01/app/grid/log/rac1/agent/crsd/orarootagent_root/orarootagent_root.log '.
CRS-2674: beginning of "ora.scan2.vip", the "RAC1' failed
CRS-2632: there is no more servers to try to put the resources ' ora. LISTENER_SCAN2. LSNR' on which would meet its investment policy
RPRC-1079: could not start the ora of the resource. LISTENER_SCAN3. LSNR
CRS-5017: the action "ora.scan3.vip start" resource has met the following error:
CRS-5009: virtual 192.168.XXX.XXX IP address does not belong to the subnet 192.168.XXX.XXX
. For details, refer to "(:CLSN00107:))" "in ' / u01/app/grid/log/rac2/agent/crsd/orarootagent_root/orarootagent_root.log '.
CRS-2674: beginning of "ora.scan3.vip", the "RAC2' failed
CRS-5017: the action "ora.scan3.vip start" resource has met the following error:
CRS-5009: virtual 192.168.XXX.XXX IP address does not belong to the subnet 192.168.XXX.XXX
. For details, refer to "(:CLSN00107:))" "in ' / u01/app/grid/log/rac1/agent/crsd/orarootagent_root/orarootagent_root.log '.
Check if the scan configuration and has obtained subnet, netmask and interface was wrong so I did:
# $GRID_HOME/bin/crsctl modify resource ora.net1.network -attr "USR_ORA_SUBNET=192.168.xxx.xxx"
# $GRID_HOME/bin/crsctl modify resource ora.net1.network -attr "USR_ORA_NETMASK=255.255.xxx.xxx"
But always had bad interface
SCAN name: scanVV, network: 1/192.168.XXX.XXX/255.255.xxx.xxx/eth3 <-should have eth0 rather eth3)
SCAN VIP name: scan1, IP: /scanv3/192.168.XXX.XXX
SCAN VIP name: scan2, IP: /scanv3/192.168.XXX.XXX
SCAN VIP name: scan3, IP: /scanv3/192.168.XXX.XXX
I been looking for but do not know how to change the name of the interface... any help will be appreciated. Thanks in advance
How do I change?

I found the answer

When I checked the values of network, I saw:

network config srvctl [oracle@rac2 bin] $

Network exists: 1/192.168.X.X/255.255.XXX. X / eth3, static type

Network: 3/192.168.XXX.XXX/255.255.XXX.XXX/eth0, static type

network 1 should be with the values of the 3 network and vice versa. Default SCAN takes the values of the network 1.

I tried to edit with 'srvctl edit k - 1 s 92.168.XXX.XXX/255.255.XXX.XXX/eth0 network' and 'srvctl change network k - 3 s 192.168.X.X/255.255.XXX. "X / eth3", at this stage, I checked the values of vip/scan /... and has not performed well... everything was down, now I know that I must restart the cluster to get the new configuration after change.

As I does not restart, I was panic and I tried my second option, network configuration delete and recreate with the good:

remove all the network + vip:

[root@rac1]./srvctl remove vip 192.168.X.XXX, 192.168.XXX.XXX, 192.168.XXX.XXX, 192.168.X.XXX f y - v-i

create network + vip with correct network number:

[root@rac1]./srvctl add vip - n RAC1 k 1 - a 192.168.XXX.XXX/255.255.XXX.XXX/eth0

[root@rac1]./srvctl add vip - n RAC2 k 1 - a 192.168.XXX.XXX/255.255.XXX.XXX/eth0

[root@rac1]./srvctl add vip - n RAC1 k - 3-A 192.168.X.XXX/255.255.XXX. X / eth3

[root@rac1]./srvctl add vip - n RAC2 k - 3-A 192.168.X.XXX/255.255.XXX. X / eth3

Now everything works well again. Hope my question will help someone someday

Inva vip valid RAC configuration
I'm trying to install 10G RAC on OEL, after specified nodes in the cluster configuration I get error below.

The following names are not valid because they solve any valid ip address.

Here's my entires / etc/hosts.

[oracle@racnode1 ~] $ cat/etc/hosts
# Do not remove the next line, or various programs
# requiring a network functionality will fail.

127.0.0.1 localhost.localdomain localhost

##=======================================
# Network pulic
##=======================================

10.172.20.190 racnode1.soft1.com racnode1
10.172.20.191 racnode2.soft1.com racnode2
10.172.20.192 racnode3.soft1.com racnode3
10.172.20.193 racnode4.soft1.com racnode4

##=======================================
# VIP
##=======================================

10.172.20.290 racnode1 - vip.soft1.com racnode1-vip
10.172.20.291 racnode2 - vip.soft1.com racnode2-vip
10.172.20.292 racnode3 - vip.soft1.com racnode3-vip
10.172.20.293 racnode4 - vip.soft1.com racnode4-vip

##=======================================
# Private network for Cluster interconnect
##=======================================

10.10.10.30 racnode1 - priv.soft1.com racnode1-priv
10.10.10.31 racnode2 - priv.soft1.com racnode2-priv
10.10.10.32 racnode3 - priv.soft1.com racnode3-priv
10.10.10.34 racnode4 - priv.soft1.com racnode4-priv
# #DNS for SCAN LISTENER #.
10.172.20.294 scan.soft1.com scan

[oracle@racnode1 ~] $
Hello

Range of 1 to 255 IP addresses.

255 above all
```
10.172.20.290 racnode1-vip.soft1.com racnode1-vip
```
is not valid.

Concerning
Sebastian

How simulate correctly a VM with public IP address

Hi I need simulate a computer virtual which is connected to the public Internet with public IP addresses in VMware Workstation but don't know if I'm using appropriate measures. I did something like this:
1. Start the virtual network Editor, click Add Network.
2. When the new network is created (IE VMnet2), I select "Host-only (connect VMs internally in a private network).
3. Check the box "connect a virtual network adapter.
4. Assign the corresponding Internet public IP subnet to subnet IP subnet mask fields and.
  Note for some reason I'm not able to use anything that does not begin with x.x.x.0. For example, I am able to use 109.122.105.0 and 255.255.255.0, but not 109.122.105.90 and 255.255.255.248. If anyone knows why please help us with that as well.
5. On the virtual machine, I will then edit the hardware settings and assign the network device to VMnet2.
Issues related to the:
1. Is - what the right way to say simulating virtual machine running in my PC with public IP addresses? The goal is to preserve the settings of the virtual machine without changing anything.
2. Is traffic from my PC targeting this public IP address will be only referred to this VM and not on the Internet? It seems that it is indeed the case, even when I'm connected to the Internet, but I just want to check if it comes to the way it was designed to work.
3. Why would network editor virtual allows us only to 109.122.105.0/24 (IE with 255.255.255.0) rather than 109.122.105.90/29 (that is to say with 255.255.255.248)?
4. Is it possible to visualize the vSwitches and VMnets that are running on my PC? With vSphere client connected to ESXi, I am able to see how they are visually connected when I click on Configuration of the host and then network.
1.) unless you need to access the virtual machine on the host virtual network adapter, you must create a separate vmnet.

2.) on a single host network traffic will not stay internally. However, creating such vmnet with a virtual map of the host can prevent host access this specific Internet subnet, because traffic is routed internally.

(3.) the appropriate subnet ID in this case is 109.122.105. 29 88(see, for example, http://www.subnet-calculator.com/)

4.) No, nothing that I would like to know of.

André

Specifying the NIC Public private network cards during the Installation of the grid
Version: 11.2
Operating system: Solaris

We will install the 11.2 grid.
These are IP addresses, we will allocate for the Public sector and private Interfaces
```
bge0--->10.80.143.214 ---- for public network (Subnet mask 255.255.255.0 )

bge1--->172.132.116.81 ----- for private Interconnect (Subnet mask 255.255.255.0 )
```
But, during the Installation of the grid, the grid Setup will ask only those IPs with the last byte 0 as shown below url
```
bge0--->10.80.143.0 ---- for public network 

bge1--->172.132.116.0 ----- for private Interconnect 
```
http://4.BP.blogspot.com/_0ut-UEg1S3k/SqI3w1QgVLI/AAAAAAAAA1w/Zq6jwWWh_48/S1600-h/8.PNG

The installer actually displays the "subnet". But Public and private NIC of the subnet is 255.255.255.0
Is this really? Why the installer of the grid is not inviting the real IPs allocated to networks of Public and private?
Hello
Litte Note:

Why the installer of the grid is not inviting the real IPs allocated to networks of Public and private?

The cluster runs under Network (e.g. 10.80.143.0) under any one or two IP, because several IP addresses of the network in question can be used (it is about scalability and availability), you install a cluster it show the networks used, not used IP (this occurs in any system of cluster, you must specify the network).
Kind regards
Levi Pereira

RV082 with Actiontec DSL

Experts,

I read a few threads on how to configure the RV082 with a DSL modem. I put the modem in 'Transparent bridge', have entered the Cisco RV082 PPPoE data, but cannot get an internet connection with the RV082. I find myself the DSL at default reset and hand over the WAN on Auto connection on the router. Y at - it a trick? I have power drove the RV082 (felt as a stage in one of the threads that I've read), but which does not work either. If I can't get the internet connection, then I can't go forward with the configuration and activate the vpn service that I need to put in place. Someone at - it other advice?

Rustin,

You can call your ISP, because I'm not complete on the way to fill this device. You can use GOOGLE and search for your model number of modems and what you're trying to accomplish before calling your service provider. Usually a lot of blogs out there with clients who are trying to accomplish the same thing.

According to the model of modem, it can only support bridge Transparent mode, while leaving the modem to do authentication for the service provider and defining our router (static IP) putting in an address public ip, subnet mask, gateway, dns provided by ISP servers.

I plug my PC directly to the modem and call the ISP and tell them you need a public ip address on this pc. Many times ISP tell that cannot support a configuration when there is another router, well that's why we plug your pc directly. Once you have a public ip address on your PC. Simply copy this information into our router, and you should running.

Thank you

Support Cisco engineer

ASA Anyconnect VPN do not work or download the VPN client

I have a Cisco ASA 5505 that I try to configure anyconnect VPN and thought, I've changed my setup several times but trying to access my static public IP address of the external IP address to download the image, I am not able to. Also when I do a package tracer I see he has been ignored through the acl when the packets from side to the ASA via port 443, it drops because of the ACL. My DMZ so will he look like something trying to access the ASA via the VPN's going to port 443. Here is my config

XXXX # sh run
: Saved
:
ASA Version 8.4 (3)
!
hostname XXXX
search for domain name
activate pFTzVNrKdD9x5rhT encrypted password
zPBAmb8krxlXh.CH encrypted passwd
names of
!
interface Ethernet0/0
Outside-interface description
switchport access vlan 20
!
interface Ethernet0/1
Uplink DMZ description
switchport access vlan 30
!
interface Ethernet0/2
switchport access vlan 10
!
interface Ethernet0/3
switchport access vlan 10
!
interface Ethernet0/4
Ganymede + ID description
switchport access vlan 10
switchport monitor Ethernet0/0
!
interface Ethernet0/5
switchport access vlan 10
!
interface Ethernet0/6
switchport access vlan 10
!
interface Ethernet0/7
Description Wireless_AP_Loft
switchport access vlan 10
!
interface Vlan10
nameif inside
security-level 100
IP 192.168.10.1 255.255.255.0
!
interface Vlan20
nameif outside
security-level 0
IP address x.x.x.249 255.255.255.248
!
Vlan30 interface
no interface before Vlan10
nameif dmz
security-level 50
IP 172.16.30.1 255.255.255.0
!
boot system Disk0: / asa843 - k8.bin
passive FTP mode
DNS lookup field inside
DNS domain-lookup outside
DNS domain-lookup dmz
DNS server-group DefaultDNS
Name-Server 8.8.8.8
Server name 8.8.4.4
search for domain name
network obj_any1 object
subnet 0.0.0.0 0.0.0.0
network of the Webserver_DMZ object
Home 172.16.30.8
network of the Mailserver_DMZ object
Home 172.16.30.7
the object DMZ network
172.16.30.0 subnet 255.255.255.0
network of the FTPserver_DMZ object
Home 172.16.30.9
network of the Public-IP-subnet object
subnet x.x.x.248 255.255.255.248
network of the FTPserver object
Home 172.16.30.8
network of the object inside
192.168.10.0 subnet 255.255.255.0
network of the VPN_SSL object
10.101.4.0 subnet 255.255.255.0
outside_in list extended access permit tcp any newspaper object Mailserver_DMZ eq www
outside_in list extended access permit tcp any newspaper EQ 587 Mailserver_DMZ object
outside_in list extended access permit tcp any newspaper SMTP object Mailserver_DMZ eq
outside_in list extended access permit tcp any newspaper of the Mailserver_DMZ eq pop3 object
outside_in list extended access permit tcp any newspaper EQ 2525 Mailserver_DMZ object
outside_in list extended access permit tcp any newspaper of the Mailserver_DMZ eq imap4 object
outside_in list extended access permit tcp any newspaper EQ 465 Mailserver_DMZ object
outside_in list extended access permit tcp any newspaper EQ 993 Mailserver_DMZ object
outside_in list extended access permit tcp any newspaper EQ 995 object Mailserver_DMZ
outside_in list extended access permit tcp any newspaper EQ 5901 Mailserver_DMZ object
outside_in list extended access permit tcp any newspaper Mailserver_DMZ eq https object
Note access list ACL for VPN Tunnel from Split vpn_SplitTunnel
vpn_SplitTunnel list standard access allowed 192.168.10.0 255.255.255.0
pager lines 24
Enable logging
timestamp of the record
exploitation forest-size of the buffer to 8192
logging trap warnings
asdm of logging of information
Within 1500 MTU
Outside 1500 MTU
MTU 1500 dmz
local pool VPN_SSL 10.101.4.1 - 10.101.4.4 255.255.255.0 IP mask
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 647.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside, outside) static source inside inside static destination VPN_SSL VPN_SSL
NAT (exterior, Interior) static source VPN_SSL VPN_SSL
!
network obj_any1 object
NAT static interface (indoor, outdoor)
network of the Webserver_DMZ object
NAT (dmz, outside) static x.x.x.250
network of the Mailserver_DMZ object
NAT (dmz, outside) static x.x.x.. 251
the object DMZ network
NAT (dmz, outside) static interface
Access-group outside_in in external interface
Route outside 0.0.0.0 0.0.0.0 x.x.x.254 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
AAA-server protocol Ganymede HNIC +.
AAA-server host 192.168.10.2 HNIC (inside)
Timeout 60
key *.
identity of the user by default-domain LOCAL
Console HTTP authentication AAA HNIC
AAA console HNIC ssh authentication
Console AAA authentication telnet HNIC
AAA authentication secure-http-client
http 192.168.10.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ca trustpoint localtrust
registration auto
Configure CRL
Crypto ca trustpoint VPN_Articulate2day
registration auto
name of the object CN = vpn.articulate2day.com
sslvpnkey key pair
Configure CRL
Telnet 192.168.10.0 255.255.255.0 inside
Telnet timeout 30
SSH 192.168.10.0 255.255.255.0 inside
SSH timeout 15
SSH version 2
Console timeout 0
No vpn-addr-assign aaa

DHCP-client update dns
dhcpd dns 8.8.8.8 8.8.4.4
dhcpd outside auto_config
!
dhcpd address 192.168.10.100 - 192.168.10.150 inside
dhcpd allow inside
!
dhcpd address dmz 172.16.30.20 - 172.16.30.23
dhcpd enable dmz
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
authenticate the NTP
NTP server 192.168.10.2
WebVPN
allow outside
AnyConnect image disk0:/anyconnect-linux-64-3.1.06079-k9.pkg 1
AnyConnect enable
tunnel-group-list activate
internal VPN_SSL group policy
VPN_SSL group policy attributes
value of server DNS 8.8.8.8
client ssl-VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list vpn_SplitTunnel
the address value VPN_SSL pools
WebVPN
activate AnyConnect ssl dtls
AnyConnect Dungeon-Installer installed
AnyConnect ssl keepalive 15
AnyConnect ssl deflate compression
AnyConnect ask enable
ronmitch50 spn1SehCw8TvCzu7 encrypted password username
username ronmitch50 attributes
type of remote access service
type tunnel-group VPN_SSL_Clients remote access
attributes global-tunnel-group VPN_SSL_Clients
address VPN_SSL pool
Group Policy - by default-VPN_SSL
tunnel-group VPN_SSL_Clients webvpn-attributes
enable VPNSSL_GNS3 group-alias
type tunnel-group VPN_SSL remote access
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect esmtp
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
call-home
Profile of CiscoTAC-1
no active account
http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address
email address of destination [email protected] / * /
destination-mode http transport
Subscribe to alert-group diagnosis
Subscribe to alert-group environment
Subscribe to alert-group monthly periodic inventory
monthly periodicals to subscribe to alert-group configuration
daily periodic subscribe to alert-group telemetry
Cryptochecksum:d41d8cd98f00b204e9800998ecf8427e
: end

XXXX #.

You do not have this configuration:
```
 object network DMZ nat (dmz,outside) static interface
```
Try and take (or delete):
```
 object network DMZ nat (dmz,outside) dynamic interface
```

Static IP behind RV220W

I'll start by saying even though I have some experience of COMPUTING, networking is not my most fort.

Picked up a pair of RV220W for a project I'm working on. I have several available IP, of which 4 are assigned in use by a server behind the RV220W. All 4 of these IP addresses are static external IP. I'm trying to figure out how I can configure the RV220W so that the requests for these 4 IP get routed to the server.

Before buying it, I was under the impression that I was trying to do was called one-to-one NAT, but after reading the 'Help' document on the individual page of NAT, I don't think that is fair. I point out below:

Cisco RV220W network Wireless N security firewall help

Firewall
One-to-one NAT
One-to-one NAT is a way to make the systems behind a firewall and configured with the private IP addresses seem to have public IP addresses.
One - to One-rule of NAT table
The following table contains the list of the available special NAT rules configured by the user.
Begin private Range: start ip address in the private IP (LAN)
Public range start: start the IP the public IP (WAN IP).
Public IP subnet mask: the subnet mask of the public IP address
The range length: length of the range maps one at a private address in the public address to the given range.
Service: this column indicates the service to be accepted by the host LAN.
The actions that can be taken on One - to One-rules NAT are:
(Checkbox in the first column heading): selects all the entries in the table.
Add: opens the Configuration specific NAT page, to add a new entry.
Edit: opens the Configuration specific NAT page, to edit the selected entry.
Remove: removes the selected entries.

So according to their literature, the server must be configured with a private IP address. Unfortunately, one of the applications that I use is allowed per IP address, and I know that I can't use the software with private/not routable IPS.

The RV220W is capable of not only ensure the line (firewall, rules of access, content filtering, port trigering & transfer etc.) but also to do what I was hoping to do (keep the external IP address on the server and routing appropriate)?

Thanks a lot for your advice & expertise!
```
Julius Perkins wrote:
Picked up a pair of RV220W's for a project I'm working on.  I have several IP's available, 4 of which are assigned to/in use by a server behind the RV220W.  All 4 of these IP's are static external IPs.  I'm trying to figure out how I can configure the RV220W so that requests to those 4 IP's get routed to the server.
```
Because your servers must be configured with static public IP addresses, RV220W may not work for you.

RV042G supports the DMZ port, which allows the servers to be connected via a switch (labeled with "DMZ/WAN") 2nd WAN port.

Routing between sites that use the site to site VPN

I'm running 7.2 (1) two 515 who have a VPN site-to-site set up a bit as follows:

subnets of the main site - router main site - PIX1___Public IP's___PIX2 - remote site

The main site router: CAT6506 with engine SUP1A

Subnets listed in motor SUP:

SUB1 VLAN

IP address 180.x.1.x.255.254.0

VLAN SUB2

IP address 180.x.2.x.255.254.0

VLAN SUB3

IP address 180.x.3.x.255.254.0

VLAN SUB4

IP address 180.x.4.x.255.255.240

PIX1 is the subnet SUB4 (180.20.4.2)

Remote site subnet: 192.168.1.0/24

Route the engine by default Overtime toward another router that reached the internet via another public IP subnet.

Any host on SUB4 can reach any host on the remote site as long as the SUB4 host default gateway is the inside int PIX1 (180.20.4.2).

No matter what SUB4 host that uses the 180.20.4.1 address (router) default gateway cannot communicate with a remote host, but can communicate with any host from any subnet of the main site.

All remote hosts can communicate with any host on SUB4, regardless of the gateway of the SUB4 host address.

All remote hosts can communicate with the router on SUB4 main site, but can not reach one of the other interfaces subnet configured on the router.

I've added a static route on the SUP engine:

router IP 192.168.1.0 255.255.255.0 180.20.4.2

That did not help.

The uses of motor SUP EIGRP to learn other subnets main site reached through routers, so I added the remote subnet to that:

Router eigrp 10

redistribute static

network 180.20.0.0

network 192.168.1.0

No Auto-resume

No log-neighbor-changes to eigrp

No chance, no more.

I can't help thinking that I'm missing something very basic.

Any help is really appreciated

Hello

PLS, find the changes that must be made and checked.

PIX remotely:

1. you only need a default route and that you can route your subnets via inside as they are outside, so remove these statements

2.i see Access-group configured to be applied to the external interface for traffic coming from the outside, make sure that all required subnets are allowed.

3. in the access list for the corresponding traffic to cryptomap, I see that one included subnet, pls have all included traffic that must be encrypted (as sub1, sub2..)

Main PIX:

1. in the access list for the corresponding traffic to cryptomap, I see that one included subnet, pls have all included traffic that must be encrypted (as sub1, sub2..)

2. is there an 'access-group outside_access_in' access list present in the pix the corresponding traffic - check - the pls

3. by nat (inside) 0 access-list inside_nat0_outbound, include all your inside subnets that must have access to the remote subnet

L3 switch:

1.I see a default route pointing to your router 3640, so pls add a static route to your remote subnet pointing to Pix

IP route 192.168.1.0 255.255.255.0 x.x.22.2

2. pls check in your L3 switch, wheter the appropriate subnets sub1, sub2 are learned properly via the conifugred Eigrp VLAN respective

for example .sub2 and sub3 learning with leap following 8.2, sub 5 via 30.3

Pls try to understand the topology and make configuration changes and let us know the results

concerning

k VB

3945 site VPN termination - not on p2p connect interface

Nice day!

Our border router connects to the ISP router with a subnet of p2p. The IP address on our router connect interface cannot be used for other services such as VPN. Provider filters all packets with this address defined in an IP header. Therefore, we must use the addresses of the other publicly routed subnet. I understand that we can place another router behind this border router and set his foreign address as an address on that subnet 'admitted '. But we want to offer this service on the same edge router. Is this possible? I tried to put the card encryption on a loopback interface and the traffic directly to it for encryption.

crypto ISAKMP policy 1

BA 3des

preshared authentication

Group 2

ISAKMP crypto key address z.z.172.2 no-xauth

crypto ipsec transform-set TRANS1 esp-3des esp-sha-hmac

crypto map VPN 10 ipsec-isakmp

set peer z.z.172.2

set transform-set TRANS1

match address CRYPTO_ACL

interface loopback0

description -= VPN Termination =-

ip address x.x.127.111 255.255.255.255

crypto map VPN

interface GigabitEthernet0/0.10

description -= ISP Gateway =-

encapsulation dot1Q 10

ip address y.y.122.203 255.255.255.248

interface GigabitEthernet0/0.20

description -= LAN =-

encapsulation dot1Q 20

ip address 192.168.10.1 255.255.255.0

ip route 0.0.0.0 0.0.0.0 y.y.122.201

ip route 192.168.100.0 255.255.255.0 loopback 0

ip access-list extended CRYPTO_ACL

permit ip 192.168.10.0 0.0.0.255 192.168.100.0 0.0.0.255

I does not work. The packet does not get encrypted but simply routed to the ISP router.

Please, help.

Thanks.

Viktor,

I believe crypto map on loopback interface is still unsupported but I have not been following this in the past.

The way we do it, is apply the actul crypto map to physical/logical interface facing the ISP BUT you tweak the crypto map to use loopback as it's local address.

In your case it'd look like this:
```
crypto map VPN local-address loopback0
```
In this place all everyone will think that this tunnel is established with the address assigned to the interface loopback0.

Hope this helps,

Marcin

VIO - Forbidden (403) CSRF check failed

I just did the deployment of integrated VMware OpenStack 2.0 build 3037963. After a few problems, I managed to make a successful deployment.
I typed my controller IP in the browser, the login screen appears, I entered the information identification and after the error.
I already checked and chrome accepted a cookie and is in "Allow local data to be set" and the "block third party cookies and the data of the site" is not checked.

Hello

To access the controller does not work directly, you must use your VIP public address that you specified during installation (or public host name, if this was intended too). Horizon is configured to use public VIP / public hostname as an entry point and will throw an error if it finds an inconsistency in the "host" HTTP header.

Best regards

Karol

ORA 12505: JDBC Thin Client

Hi all
We face at the below of issues connecting to the server 11 g Oracle RAC using IP SCAN of JDK 1.7 application using JDBC Thin client
[16/may / 2014:22:33:58] warning (6975): CORE3283: stderr: java.sql.SQLException: IO exception: connection refused (DESCRIPTION = (TMP =)(VSNNUM=186647552) (ERR = 12505) (ERROR_STACK = (ERROR = (CODE = 12505) (EMFI = 4)))
[16/may / 2014:22:33:58] warning (6975): CORE3283: stderr: to oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
[16/may / 2014:22:33:58] warning (6975): CORE3283: stderr: to oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
[16/may / 2014:22:33:58] warning (6975): CORE3283: stderr: to oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:333)
[16/may / 2014:22:33:58] warning (6975): CORE3283: stderr: to oracle.jdbc.driver.OracleConnection. < init > (OracleConnection.java:404)
[16/may / 2014:22:33:58] warning (6975): CORE3283: stderr: to oracle.jdbc.driver.OracleDriver.getConnectionInstance(OracleDriver.java:468)
[16/may / 2014:22:33:58] warning (6975): CORE3283: stderr: to oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:314)
[16/may / 2014:22:33:58] warning (6975): CORE3283: stderr: to java.sql.DriverManager.getConnection(DriverManager.java:571)
[16/may / 2014:22:33:58] warning (6975): CORE3283: stderr: to java.sql.DriverManager.getConnection(DriverManager.java:215)
Entrance to the TNSNAMES file ORA has good 'service_name', compared to the entries in the DB server Listener.ora file.
I only "tnsnames.ora' file in my client ' / opt/app/oracle/product/11.2.0/client_1/network/admin ' and my GUI application that uses as a reference.
HELLO =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP) (HOST = < name > - orasvip.rr. < xyz >)(PORT = 1522))
(LOAD_BALANCE = yes)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = HELLO)
)
)
= I checked all the blogs and confirmed with all the settings, please let me know if I should add any other libraries/configuration on the client side?

All,

JDBC connection string must be changed to connect to the DB CARS with names of SCAN VIP, Oracle RAC features using

JDBC: thin: @(DESCRIPTION = (ADDRESS_LIST = (LOAD_BALANCE = yes) (ADDRESS = (PROTOCOL = TCP) (HOST =)(PORT=1522))) (CONNECT_DATA = (SERVER = DEDICATED)(SERVICE_NAME=)))

Multiple RAC databases on IM even using different subnets for Public i / face
Hello. We are setting up a 2 cluster nodes. This group will be the host of several RAC databases. For security reasons, our network team want to create separate subnets for the application traffic to each RAC specific database on the cluster.

For example, request 1 to 2 application servers that will connects to database PROD1 RAC via a single subnet, application 2-3 application servers etc which will be connected to the database RAC PROD2 via a different subnet,.

In addition, the network team want to configure a subnet separate management DBA etc. will use to administer all the RAC databases and infrastructure in the cluster.

Version 11.2.0.2 grid infrastructure. The database versions vary from 10.2.0.x to 11.2.0.2. All databases will use RAC.

We want to take advantage of the features of earphone SCAN to support connectivity to databases on the cluster. 2199620 [https://cn.forums.oracle.com/forums/thread.jspa?threadID=2199620] thread suggests that 11 GR 2 supports several subnets, that seems to be exactly the functionality we need. Please can you confirm how it works and tell us any documentation (standard docs, whitepapers, MOS, etc.) which could help us to configure it.

Document referenced in thread 2199620 was not exactly what we were looking for and didn't translate too well in Google Translate.

Any guidance is appreciated. Thanks, Rich.

Similar topics:

https://CN.forums.Oracle.com/forums/thread.jspa?MessageID=9846298? (Double SCAN on multi cluster hosted)
https://CN.forums.Oracle.com/forums/thread.jspa?threadID=2199620 (scan earphone in VLAN OAM)

Published by: 887449 on 26-Sep-2011 01:41
Hello

With Oracle 11.2, you can have multiple public networks accessing your Oracle RAC.
You must set the init.ora new LISTENER_NETWORKS setting so users are load-balanced on their network. Services are related to the networks so users who connect with network 1 will use a different service as network 2. Each network will have its own VIP.

Impossible to use both network SCAN function because SCAN will work into a single network and on GRID 11.2 you cannot config more than a SCAN.

So, you can have a public network (for example, 10.10.10.0) with SCAN/VIP and another public network (e.g. 192.168.217.0) you will only use VIP on TNSNAMES.ora.

You configure a Service (A) on the network (10.10.10.0) and one other Service (B) on the network (192.168.217.0).

In the example above using (A) Service you will configure SCAN (scan host) and using Service (B), you must configure all address VIP.

Kind regards
Levi Pereira

Published by: Levi Pereira Sep 26, 2011 18:03

How to decide what VIp/Public IP and SCAN IP to use for 11 GR 2 RAC confg
Hello

We want to configure ORacle RAC 11 GR 2 (11.2.0.3)

We would like to know on what basis VIP, public IP address and Scan IP should be chosen? and how much?

also, we would like to know the listener scanning features in oracle 11 g 2 CARS. ??

Your help is definitely appreciated.

Kind regards
Milan
Hello

Have a http://docs.oracle.com/cd/E11882_01/install.112/e22489/prelinux.htm#BABJHGBE reading and

See you soon

Public VIP subnet, RAC

Similar Questions

Maybe you are looking for