Tuxedo failover does not

Hello

We work with Tuxedo 11 GR 1 material for us to access an application. The configuration file uses two IP addresses from database, related to the same instance that is configured in active/passive cluster configuration. Once listed in the ubbconfig Tuxedo servers are started, the application works correctly. We made a failover test, leaving the first crux of database failure, has been denied access to the application.

Everything worked again once the servers did an automatic restart, but after 15-20 minutes. Is it possible to reduce (if it exists) the time-out to allow automatic restart occurs when any situation crashing?

Thank you very much

Giuseppe.

Hi, Giuseppe.

The answer to your question depends on how are managed connections to the database. If the servers are part of a transactional group, i.e. There are TMS servers associated with the Group and servers have been built with the-r switch to buildserver, Tuxedo will manage connections. Which means that Tuxedo uses the xa_open() call to establish a connection to the database for the application, and the application should not artist all SQL CONNECT statements. If Tuxedo receives a XA error during transaction processing, Tuxedo will automatically attempt to reestablish the connection to the database. Also note that if you use RAC, you must set the TUXRACGROUPS environment variable and configure the database to use the DTP Services. The DTP Service must be configured for the failover to the other instance in the database configuration file.

On the other hand, if the server is not part of a transactional group, then all the connection of database management is left to demand and the Tuxedo is completely unaware that a database is still used. If your code performs a SQL CONNECT and if it receives an error at some point, he probably has to reconnect with an another SQL CONNECT. To help you in this situation, you should be able to use TAF (application transparent failover) to let the database client code tent her reconnects.

As far as the wait time goes, I guess that your servers are suspended from a DML statement by train and finally Tuxedo kills servers due to SVCTIMEOUT. Why they are hanging is still a stranger that I don't know how your application accesses the database or how your servers are coded.

Kind regards

Todd little

Chief Architect of Oracle Tuxedo

Tags: Fusion Middleware

Similar Questions

The NIC failover does not work in LBT mode

Dear community,

We met a strange behavior in our network environment while testing our new Cisco 4500 switches x 10g. If you have a TCP Session (example JJ | netcat) data transfer between two virtual machines on different host esx failover does not work on the VM receiver if a physical connection fails.
The test configuration is as follows:
|    | - 4 - switch 1 vmnic - vmnic 4-|    |
VM1 | ESX1 |                  | VSS |                    | ESX2 |-VM2
|    | - 5 - switch 2 vmnic - vmnic 5-|    |
More details:
- The switches are configured as a cluster VSS. New version of the software
- ESX1/2 are running the latest version 5.5
- The two vmnic is active on a DV-switch in LBT mode
- Exchanges are configured with "Port based on the physical NIC load."
- VM1 and VM2 are invited linux, NICS are vmxnet3
Steps to reproduce:
1. Beginning listening mode on VM2 (netcat-l Pei 12345 |) JJ = / dev/null)
2. Start the transfer on VM1 (dd if = / dev/zero bs = 1 M | netcat VM2 12345)
3. Check which link is used (in my example vmnic5 on ESX2)
4. Unplug the ESX2 vmnic5
What you observe:
- DD-traffic dies immediately
- If you kill the dd on machines (it does not end by itself) and start all over again, it works immediately
- If you ping VM1 VM2 or another system, it works
- If you plugged vmnic5 again once the virtual machine is switched to new vmnic5-> if you didn't kill dd will continue
Now to test the reverse:
1. Beginning listening mode on VM2 (netcat-l Pei 12345 |) JJ = / dev/null)
2. Start the transfer on VM1 (dd if = / dev/zero bs = 1 M | netcat VM2 12345)
3. Check which link is used (in my example vmnic4 on ESX1)
4. Disconnect vmnic1 ESX1
What you observe:
- Failover works like a charm
- Failback works like a charm
Conclusion:
- Only the virtual machine at the front desk has a problem
- Only an already established TCP session behaves badly, work of new sessions very well (as does ping, no losses)
- If you use LACP place LBT on uplink the problem disappeared
- Same problem if you connect two links to Switch1
- Same problem if you use a physical box with linux and LACP as system
- I did the same test with two c3750x (no cluster VSS) and has not encountered the problem
Any ideas? It's really a good one.
Thank you!
Sascha

Update:
To make it clear, it doesn't have the transmission of UDP.
Post edited by: sewert1

I did some further testing and also involved cisco. There is no problem with the switches and network in general.

Turns out he works with Windows clients, but it does not work with Linux. But it works with Linux with adapters e1000 and e1000e but not with vmxnet3.

So I did some tests and learned that the vmxnet3 kernel module must be at least version 1.3. Version 1.1 (SLES 11 default) or 1.2 (default SLES12) does not work.

(./vmware-install.pl--clobber-noyau-modules = vmxnet3)

failover - does not change clerks

Hello
I ve read some docs on cookies, sessions, passivation, etc. and came across the following piece:
To check, try the following: create the simple application of ADF business components and the web client to it. Define the HttpSession timeout to 1 minute and make sure that the switch is turned on, run your client application, create a new line, or change a value but do not commit (or rollback). Now wait for more then a minute to let the HttpSession timeout. Note that if in your ViewController project you add a property to the Java virtual machine on the Panel "Runner" like -Djbo.debugoutput=console you will actually see when your HttpSession time in the debug trace information. Now, try to continue working. You will see that your State has been preserved as if the HttpSession never expired. You will be able to see all your changes that have not been made yet and you will still be able to commit as well. Now try the same scenario, but now, with tipping off. You will see that after the time-out period, your wait state is lost. You will then have to start from the point where you last committed your changes.
to understand the State of ADF Business components management feature.
What I understand here is possible when a user session expires and changes that have not committed will be always 'available' for the user to commit when you connect again, I am rigth?
If Yes, I followed the instructions and it didn t happened as indicated.
If not, is it possible to do this? Accordingly to each validated user to present its not commit changes?
Jdev 12 c
Kind regards
Carlos

The doc you speak is very old. This does not mean that it bad, but the chance is there changes that cancels the content.

Another thing to understand is that disconnection does not record the users session but frees the resources. Failover works (if it works at all the check page in ADF 12.1.3 jsf does not correctly after the session), if a session expires and the module of the application has not been recycled and the user remains on the same browser.

What you try to do means you want to save the log of current transactions again (which can be done from another browser or pc) and work with the trade recorded again. I don't think it will work.

Timo

MRU multipath failover does not work, hangs host. Fixed does not work on CX500?

Hi all
Was pilferage user guides, forums, and powerlink and they all indicate that I should use MRU (most recently used) for multipath failover on a CX500 connected by a switch. The switch is zoned for 1A HBA path SPA0 and SPB1 and another for SPA1 and SPB0. I had this set up with SRM as it is by default, and it worked very well; However, when I did the test of yank with cord fiber on each HBA, my hung ESX4 host and became unresponsive until I plugged the rider of the fiber in the HBA 'failure '.
I then put it to 'fixed' and it worked like a charm. I also noticed that when the MRU value, I'd also get tresspassing on the LUN, so I believe "fixed" is the way to go.
I was wondering what others have seen... Until now, I can tell, the CX500 is an active/passive system without load balancing only occurs if you are using powerpath on the host...

Hi liam,

II don't know if I understand you correctly, you have only one box for each HBA? It is only a recommendation, but I prefer an area for each HBA and SP, for example: (I assume that you have two fabrics)

0 SWITCH

area: HOST1_HBA0_CX500_SPA0 on HBA0 with SPA0

area: HOST1_HBA0_CX500_SPB1 on HBA0 with SPB1

SWITCH 1

area: HOST1_HBA1_CX500_SPA1 on HBA0 with SPA1

area: HOST1_HBA1_CX500_SPB0 n HBA0 with SPB0

Check it out in your CX500 all paths (four) are recorded and logged. (check the status of the connectivity on your navisphere)

have you checked matrix emc for your host and HBA? What HBAS do you use?

After HA failover, can I do the VM does not restart?

After HA failover, can I do the VM does not restart on the target host?

You can set the priority "VM Restart" to "Disabled" to exclude a VM restarted on another host.

André

plugin does not work

plug-ins like the Active X control secure (Kinginstaller.exe) game has changed and the plug-in does not work as usual. I can't play games on King.com site

Have you tried to support King.con games help?

Appdir plugins folder still exist?

Program Files/Firefox installation folder/plugins /.

Firefox stopped using this folder if long the folder itself does not yet exist in Firefox 4.0 + versions. Setup of the plugin should really create this folder, or the user must create this folder manually and 'place' the plugin files in this folder, in addition to "failover" for this preference to 'true '.

The IE plugins folder contains probably not the ActiveX plugin that would use Firefox, IE supports ActiveX by default: nothing needs to be installed.

Empire four kingdoms spit / does not start at the time of connection to the server

After you install ios 9.2 the game "kingdoms of the four empire" spit and wen turn connect to the server. There is no problem with the internet connection because I installed the game in a phone with android system and work it so the problem is in my ipad.

I Discovred another problem: there is no possibility to rotate the screen

For the game, what have you tried to see if that fixes it? for example you have:

-closed the game via the taskbar of the iPad

-do a soft-reset/reboot of the iPad

-deleted and redownloaded the game via the tab purchased in the App Store application

-contacted the developer of the gam.

For the iPad screen does not rotate, which affects all applications? You do not have blocking rotation 'on' (on the iPad side switch - Apple Support) and if not (after failover it power) tried a soft-reset/reboot of the iPad?

Windows Vista does not start, not even in safe mode

I have a HP desktop computer comes with Windows Vista installed on it. I have no recovery discs, I have a hard disk recovery partition. I can't start in safe mode. I ran startup repair, tried restore points and even tried a complete pc restore, nothing works. I am still unable to start Windows, even in safe mode. Here are my coordinates of startup repair problem. Can you please point me in the right direction?

Problem event name: Startup Repair V1

Signature of the problem 01: Auto failover

Signature of the problem 02: 6.0.6000.16386.6.0.6000.16386

03:6 problem signature

Signature of the 04:655370 problem

Signature of the problem 05: installation failed

Signature of the 06 problem: no boot failure

Signature of the problem 07:0

Signature of the 08:0 problem

Signature of the 09 problem: unknown

Signature of the 10:1168 problem

OS version: 6.0.600.2.0.0.256.1

Locale ID: 1033

Thank you!

Traci

If the HP recovery process does not work, it seems to be a hardware problem.

And now that you mention have a blue screen.

If it was a software problem, the process of HP recovery to reinstall the operating system should fix (take it back in new condition).

And this new condition would exclude any incorrect hardware drivers may have installed the original problem.

Have you tried HP support?

http://WWW8.HP.com/us/en/contact-HP/contact.html

Or assistance HP Forums:

http://h30434.www3.HP.com/

See you soon.

Edit:

HP recovery process, you get the possibility of a destructive or non-destructive restore. If you use non-destructive recovery option, often have the same problems continue.

The problem continues when you use destructive recovery too.

computer does not start after the installation of vista updates.

computer does not start after the installation of vista updates. Startup Repair is also not working. event name: Startup Repair v2, prob GIS. 1: automatic failover, prob GIS 2: 6.0.6000.16386.6.0.6001.1800, prob 3:6, prob prob 5 and 6 GIS GIS sig, 4:720907: corrupt file, prob GIS 7: 3221226021, 8:3, prob GIS GIS prob 9: repair wrp, prob GIS 10; 2, 0 s version: 6.0.6000.2.0.0.256.1. In addition, none of these advanced recovery options seem to work.

Hello

Try the steps suggested by David Y post dated November 2, 2010 in the link given below and check if that helps.

http://social.answers.Microsoft.com/forums/en-us/w7repair/thread/a6071159-db22-4076-b5d8-31f446dbdf32

Hope that information was useful

Windows 7 does not open

While my father-in-law just gave me his computer he uses, and it has been very reliable when he used it. I turn on the computer and it goes through the loading screen and then said: start Windows but then after 2 seconds it just blue screens. I can get it to the Startup Repair, but it cannot fix the model automatically. The P.E.N. is Startup Repair Offline and the problem of signatures from 1 to 7 are 6.1.7600.16385, 6.1.7600.16385, unknown, 21199091, automatic failover, 13 and Cause main No.. Also, none of the advanced options helped. I tried to do a system restore but it did not work, I didn't have an image to recover by and memory diagnostics does not very well whatever it is. I have a version of Windows on a USB but it wont let me load it up, but that might have to do with the USB or something. I am really confused and need help. Thank you!

* Proposed by the moderator of "Windows/Windows 7 / update, backup & recovery" Troubleshooting Windows / Windows 7/Performance & System "*"

If you have a corrupt Windows 7 system, trying to recover, you want to try a system repair disc to start the PC. This can be more successful in setting and offered other alternatives. If you do not have one, go to any other PC that has windows 7 with the same number of bits (32/64). Start the globe, all programs, Maintenance. You have just a blank CD. When you start, ensure that you dΘmarrez in fact on this CD and not the hard drive. Usually by pressing F12 will lead you to the option to do so.

MWI light does not illuminate

I use CCM3.3 (5) with the 4.0 unit (5) MS Exchange.

I had Setup for failover of the unit and worked well. but I can't get the MWI switch work. The phone is able to compose the MWI extension, I opened the port status monitor and update the status of the MWI, I see that the port is 'component the MWI', but the light comes on.

I followed the guide MWI, troubleshooting and the notifier showed code "12" and the task is complete. But in the newspapers of Miu, I can't find the command SetMWI. I changed the message to be always urgent in subscriber > Message, the led always lights.

Any thoughts?

Thank you

When you manually dial MWI or disable the phone number, it turns the light (or turn off)? You said, he does not fast busy...

Now, in the traces, look for dd = "1234" where 1234 is your MWI on or off number...

This is where you should start. It will tell you what partitions it is looking, in the analysis of the figures etc... If all goes well, he will tell what is happening. Feel free to post the tracks here.

Info that you have given us, it looks like a MAC problem.

ASA 5505. VPN Site-to-Site does not connect!

Hello!
Already more than a week there, as we had a new channel of communication of MGTSa (Ontario terminal Sercomm RV6688BCM, who barely made in the 'bridge' - had to do the provider in order to receive our white Cisco Ip address), and now I train as well more that one week to raise between our IKEv1 IPsec Site-to-Site VPN tunnel closes offices.
Configurable and use the wizard in ASDM and handles in the CLI, the result of a year, the connection does not rise.
Cisco version 9.2 (2), the image of the Cisco asa922 - k8.bin, Security Plus license version, version 7.2 AMPS (2).
What I'll never know...
Debugging and complete configuration enclose below.
Help, which can follow any responses, please! I was completely exhausted!

Config:

Output of the command: "sh run".

: Saved
:
: Serial: XXXXXXXXXXXX
: Material: ASA5505, 512 MB RAM, 500 MHz Geode Processor
:
ASA Version 9.2 (2)
!
hostname door-71
activate the encrypted password of F6OJ0GOws7WHxeql
names of
IP local pool vpnpool 10.1.72.100 - 10.1.72.120 mask 255.255.255.0
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
interface Vlan1
nameif inside
security-level 100
IP 10.1.72.254 255.255.255.0
!
interface Vlan2
nameif outside_mgts
security-level 0
62.112.100.R1 255.255.255.252 IP address
!
passive FTP mode
clock timezone 3 MSK/MSD
clock to DST MSK/MDD recurring last Sun Mar 02:00 last Sun Oct 03:00
DNS lookup field inside
DNS server-group MGTS
Server name 195.34.31.50
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
network obj_any object
subnet 0.0.0.0 0.0.0.0
network of the NET72 object
10.1.72.0 subnet 255.255.255.0
network object obj - 0.0.0.0
host 0.0.0.0
network of the Nafanya object
Home 10.1.72.5
network object obj - 10.1.72.0
10.1.72.0 subnet 255.255.255.0
network of the NET61 object
10.1.61.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.1.72.96_27 object
subnet 10.1.72.96 255.255.255.224
network of the NETT72 object
10.1.72.0 subnet 255.255.255.0
network of the NET30 object
10.1.30.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.1.72.0_24 object
10.1.72.0 subnet 255.255.255.0
object-group service OG INET
the purpose of the echo icmp message service
response to echo icmp service object
service-object icmp traceroute
service-object unreachable icmp
service-purpose tcp - udp destination eq echo
the DM_INLINE_NETWORK_1 object-group network
network-object NET30
network-object, object NET72
DM_INLINE_TCP_1 tcp service object-group
port-object eq www
EQ object of the https port
inside_access_in extended access list permit ip object NET72 object-group DM_INLINE_NETWORK_1
access extensive list ip 10.1.72.0 inside_access_in allow 255.255.255.0 any
inside_access_in extended access list permit ip object Nafanya any idle state
inside_access_in list extended access allowed object-group OG INET an entire
inside_access_in of access allowed any ip an extended list
inside_access_in list extended access deny ip any alerts on any newspaper
outside_mgts_access_in list extended access allowed object-group OG INET an entire
outside_mgts_access_in list extended access permit tcp any any DM_INLINE_TCP_1 object-group
outside_mgts_access_in list extended access deny ip any alerts on any newspaper
access extensive list ip 10.1.72.0 outside_mgts_cryptomap allow 255.255.255.0 object NET61
VPN-ST_splitTunnelAcl permit 10.1.72.0 access list standard 255.255.255.0
pager lines 24
Enable logging
asdm of logging of information
Within 1500 MTU
outside_mgts MTU 1500
IP check path reverse interface outside_mgts
no failover
ICMP unreachable rate-limit 1 burst-size 1
don't allow no asdm history
ARP timeout 14400
no permit-nonconnected arp
NAT (inside outside_mgts) static source NET72 NET72 NETWORK_OBJ_10.1.72.96_27 NETWORK_OBJ_10.1.72.96_27 non-proxy-arp-search of route static destination
NAT (inside outside_mgts) static source NETWORK_OBJ_10.1.72.0_24 NETWORK_OBJ_10.1.72.0_24 NET61 NET61 non-proxy-arp-search of route static destination
!
network obj_any object
NAT (inside outside_mgts) dynamic obj - 0.0.0.0
network of the NET72 object
NAT (inside outside_mgts) interface dynamic dns
inside_access_in access to the interface inside group
Access-group outside_mgts_access_in in the outside_mgts interface
Route 0.0.0.0 outside_mgts 0.0.0.0 62.112.100.R 1
Timeout xlate 03:00
Pat-xlate timeout 0:00:30
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
Floating conn timeout 0:00:00
dynamic-access-policy-registration DfltAccessPolicy
without activating the user identity
identity of the user by default-domain LOCAL
AAA authentication http LOCAL console
the ssh LOCAL console AAA authentication
Enable http server
http 10.1.72.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-128-MD5-TRANS-aes - esp esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-128-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-192-MD5-TRANS esp-aes-192 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-192-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-AES-256-MD5-TRANS esp-aes-256 esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-AES-256-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 SHA-ESP-3DES esp-3des esp-sha-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-3DES-MD5-TRANS esp-3des esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-3DES-MD5-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set ikev1 esp ESP-DES-MD5-esp-md5-hmac
Crypto ipsec transform-set ikev1 ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec ikev1 transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ikev1 ESP-DES-MD5-TRANS esp - esp-md5-hmac
Crypto ipsec ikev1 transform-set ESP-DES-MD5-TRANS mode transit
Crypto ipsec ikev2 AES256 ipsec-proposal
Protocol esp encryption aes-256
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES192
Protocol esp encryption aes-192
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal AES
Esp aes encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 proposal ipsec 3DES
Esp 3des encryption protocol
Esp integrity sha - 1, md5 Protocol
Crypto ipsec ikev2 ipsec-proposal OF
encryption protocol esp
Esp integrity sha - 1, md5 Protocol
Crypto ipsec pmtu aging infinite - the security association
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 pfs Group1 set
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 define ikev2 AES256 AES192 AES 3DES ipsec-proposal OF
card crypto outside_mgts_map 1 match address outside_mgts_cryptomap
card crypto outside_mgts_map 1 set pfs Group1
peer set card crypto outside_mgts_map 1 91.188.180.42
card crypto outside_mgts_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA MD5-ESP-3DES ESP-DES-SHA ESP-DES-MD5
outside_mgts_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
card crypto outside_mgts_map interface outside_mgts
inside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
inside crypto map inside_map interface
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
E-mail [email protected] / * /
name of the object CN = door-71
Serial number
IP address 62.112.100.42
Proxy-loc-transmitter
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint1
registration auto
ASDM_TrustPoint1 key pair
Configure CRL
trustpool crypto ca policy
string encryption ca ASDM_TrustPoint0 certificates
certificate eff26954
30820395 3082027d a0030201 020204ef f2695430 0d06092a 864886f7 0d 010105
019
6460ae26 ec5f301d 0603551d 0e041604 14c9a3f2 d70e6789 38fa4b01 465d 1964
60ae26ec 5f300d06 092 has 8648 01050500 03820101 00448753 7baa5c77 86f70d01
62857b 65 d05dc91e 3edfabc6 7b3771af bbedee14 673ec67d 3d0c2de4 b7a7ac05
5f203a8c 98ab52cf 076401e5 1a2c6cb9 3f7afcba 52c617a5 644ece10 d6e1fd7d
28b57d8c aaf49023 2037527e 9fcfa218 9883191f 60b221bf a561f2be d6882091
0222b7a3 3880d6ac 49328d1f 2e085b15 6d1c1141 5f850e5c b6cb3e67 0e373591
94a 82781 44493217 and 38097952 d 003 5552 5c445f1f 92f04039 a23fba20 b9d51b13
f511f311 d1feb2bb 6d056a15 7e63cc1b 1f134677 8124c 024 3af56b97 51af8253
486844bc b1954abe 8acd7108 5e4212df db835d76 98ffdb2b 8c8ab915 193b 8167
0db3dd54 c8346b96 c4f4eff7 1e7cd576 a8b1f86e 3b868a6e 89
quit smoking
string encryption ca ASDM_TrustPoint1 certificates
certificate a39a2b54
3082025f 30820377 a0030201 020204 has 3 9a2b5430 0d06092a 864886f7 0d 010105
0500304 06035504 03130767 36313137 30120603 55040513 6174652d 3110300e b

c084dcd9 d250e194 abcb3eb8 1da93bd0 fb0dba1a b1c35b43 d547a841 5d4ee1a4
14bdb207 7dd790a4 0cd 70471 5f3a896a 07bd56dc ea01b3dd 254cde88 e1490e97
f3e54c05 551adde0 66aa3782 c85880c2 b162ec29 4e49346a df71062d 6d6d8f49
62b9de93 ba07b4f7 a50e77e1 8f54b32b 6627cb27 e982b36f a 362973, 0 88de3272
9bd6d4d2 8ca1e11f 214f20a9 78bdea95 78fdc45c d6d45674 6acb9bcb d0bd930e
638eedfe cd559ab1 e1205c48 3ee9616f e631db55 e82b623c 434ffdc1 11020301
0001 has 363 3061300f 0603551d 130101ff 0101ff30 04053003 0e060355 1d0f0101
ff040403 1f060355 02018630 230418 30168014 0cea70bf 0d0e0c4b eb34a0b1 1 d
8242 has 549 0603 551d0e04 1604140c ea70bf0d 0e0c4beb 34a0b182 301D 5183ccf9
42a 54951 010105 05000382 0101004e 7bfe054a 0d 864886f7 0d06092a 83ccf930
d434a27c 1d3dce15 529bdc5f 70a2dff1 98975de9 2a97333b 96077966 05a8e9ef
bf320cbd ecec3819 ade20a86 9aeb5bde bd129c7b 29341e4b edf91473 f2bf235d
9aaeae21 a629ccc6 3c79200b b9a89b08 bf38afb6 ea56b957 4430f692 a 4745, 411
34d71fad 588e4e18 2b2d97af b2aae6b9 b6a22350 d031615b 49ea9b9f 2fdd82e6
ebd4dccd df93c17e deceb796 f268abf1 881409b 5 89183841 f484f0e7 bd5f7b69
ebf7481c faf69d3e 9d24df6e 9c2b0791 785019f7 a0d20e95 2ef35799 66ffc819
4a77cdf2 c6fb4380 fe94c13c d4261655 7bf3d6ba 6289dc8b f9aad4e1 bd918fb7
32916fe1 477666ab c2a3d591 a84dd435 51711f6e 93e2bd84 89884c
quit smoking
crypto isakmp identity address
IKEv2 crypto policy 1
aes-256 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 10
aes-192 encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 20
aes encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 30
3des encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
IKEv2 crypto policy 40
the Encryption
integrity sha
Group 2 of 5
FRP sha
second life 86400
Crypto ikev2 activate outside_mgts port 443 customer service
Crypto ikev2 access remote trustpoint ASDM_TrustPoint0
Crypto ikev1 allow inside
Crypto ikev1 enable outside_mgts
IKEv1 crypto policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
IKEv1 crypto policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
Telnet timeout 5
without ssh stricthostkeycheck
SSH 10.1.72.0 255.255.255.0 inside
SSH timeout 60
SSH group dh-Group1-sha1 key exchange
Console timeout 0
vpnclient Server 91.188.180.X
vpnclient mode network-extension-mode
vpnclient nem-st-autoconnect
VPN - L2L vpnclient vpngroup password *.
vpnclient username aradetskayaL password *.
dhcpd auto_config outside_mgts
!
dhcpd update dns replace all two interface inside
!
a basic threat threat detection
Statistics-list of access threat detection
no statistical threat detection tcp-interception
SSL-trust ASDM_TrustPoint0 inside point
SSL-trust ASDM_TrustPoint0 outside_mgts point
WebVPN
Select outside_mgts
internal GroupPolicy_91.188.180.X group strategy
attributes of Group Policy GroupPolicy_91.188.180.X
Ikev1 VPN-tunnel-Protocol
internal group VPN - ST strategy
attributes of group VPN - ST policy
value of 195.34.31.50 DNS Server 8.8.8.8
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value VPN-ST_splitTunnelAcl
by default no
aradetskayaL encrypted HR3qeva85hzXT6KK privilege 15 password username
tunnel-group 91.188.180.X type ipsec-l2l
attributes global-tunnel-group 91.188.180.X
Group - default policy - GroupPolicy_91.188.180.42
IPSec-attributes tunnel-group 91.188.180.X
IKEv1 pre-shared-key *.
remote control-IKEv2 pre-shared-key authentication *.
remotely IKEv2 authentication certificate
pre-shared-key authentication local IKEv2 *.
remote access to tunnel-group VPN - ST type
VPN-general ST-attributes tunnel-group
address vpnpool pool
Group Policy - by default-VPN-ST
tunnel-group ipsec VPN ST-attributes
IKEv1 pre-shared-key *.
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
inspect the icmp
inspect the icmp error
!
global service-policy global_policy
context of prompt hostname
no remote anonymous reporting call
Cryptochecksum:212e4f5035793d1c219fed57751983d8
: end

door-71 # sh crypto ikev1 his

There are no SAs IKEv1

door-71 # sh crypto ikev2 his

There are no SAs IKEv2

door-71 # sh crypto ipsec his

There is no ipsec security associations

door-71 # sh crypto isakmp

There are no SAs IKEv1

There are no SAs IKEv2

Global statistics IKEv1
The active Tunnels: 0
Previous Tunnels: 0
In bytes: 0
In the packages: 0
In packs of fall: 0
In Notifys: 0
In the constituencies of P2: 0
In P2 invalid Exchange: 0
In P2 Exchange rejects: 0
Requests for removal in his P2: 0
Bytes: 0
Package: 0
Fall packages: 0
NOTIFYs out: 0

Exchanges of P2: 0
The Invalides Exchange P2: 0
Exchange of P2 rejects: 0
Requests to remove on P2 Sa: 0
Tunnels of the initiator: 0
Initiator fails: 0
Answering machine fails: 0
Ability system breaks down: 0
AUTH failed: 0
Decrypt failed: 0
Valid hash fails: 0
No failure his: 0

IKEV1 statistics for Admission appeals
In negotiating SAs Max: 25
In negotiating SAs: 0
In negotiating SAs Highwater: 0
In negotiating SAs rejected: 0

Global statistics IKEv2
The active Tunnels: 0
Previous Tunnels: 0
In bytes: 0
In the packages: 0
In packs of fall: 0
In Fragments of fall: 0
In Notifys: 0
In Exchange for the P2: 0
In P2 invalid Exchange: 0
In P2 Exchange rejects: 0
In IPSEC delete: 0
In delete IKE: 0
Bytes: 0
Package: 0
Fall packages: 0
Fragments of fall: 0
NOTIFYs out: 0
Exchange of P2: 0
The Invalides Exchange P2: 0
Exchange of P2 rejects: 0
On IPSEC delete: 0
The IKE Delete: 0
Locally launched sAs: 0
Locally launched sAs failed: 0
SAs remotely initiated: 0
SAs remotely initiated failed: 0
System capacity: 0
Authentication failures: 0
Decrypt failures: 0
Hash failures: 0
Invalid SPI: 0
In the Configs: 0
Configs: 0
In the Configs rejects: 0
Configs rejects: 0
Previous Tunnels: 0
Previous Tunnels wraps: 0
In the DPD Messages: 0
The DPD Messages: 0
The NAT KeepAlive: 0
IKE recomposition launched locally: 0
IKE returned to the remote initiated key: 0
Generate a new key CHILD initiated locally: 0
CHILD given to the remote initiated key: 0

IKEV2 statistics for Admission appeals
Max active SAs: no limit
Max in negotiating SAs: 50
Challenge cookie line: never
Active sAs: 0
In negotiating SAs: 0
Incoming requests: 0
Accepted incoming requests: 0
A rejected incoming requests: 0
Out of requests: 0
Out of the applications accepted: 0
The outgoing rejected requests: 0
A rejected queries: 0
Rejected at the SA: 0 Max limit
Rejected low resources: 0
Rejected the current reboot: 0
Challenges of cookie: 0
Cookies transmitted challenges: 0
Challenges of cookie failed: 0

IKEv1 global IPSec over TCP statistics
--------------------------------
Embryonic connections: 0
Active connections: 0
Previous connections: 0
Incoming packets: 0
Inbound packets ignored: 0
Outgoing packets: 0
Outbound packets ignored: 0
The RST packets: 0
Heartbeat Recevied ACK packets: 0
Bad headers: 0
Bad trailers: 0
Chess timer: 0
Checksum errors: 0
Internal error: 0

door-71 # sh statistical protocol all cryptographic
[Statistics IKEv1]
Encrypt packets of requests: 0
Encapsulate packets of requests: 0
Decrypt packets of requests: 0
Decapsulating requests for package: 0
HMAC calculation queries: 0
ITS creation queries: 0
SA asked to generate a new key: 0
Deletion requests: 0
Next phase of allocation key applications: 0
Number of random generation queries: 0
Failed requests: 0
[Statistics IKEv2]
Encrypt packets of requests: 0
Encapsulate packets of requests: 0
Decrypt packets of requests: 0
Decapsulating requests for package: 0
HMAC calculation queries: 0
ITS creation queries: 0
SA asked to generate a new key: 0
Deletion requests: 0
Next phase of allocation key applications: 0
Number of random generation queries: 0
Failed requests: 0
[IPsec statistics]
Encrypt packets of requests: 0
Encapsulate packets of requests: 0
Decrypt packets of requests: 0
Decapsulating requests for package: 0
HMAC calculation queries: 0

ITS creation queries: 0
SA asked to generate a new key: 0
Deletion requests: 0
Next phase of allocation key applications: 0
Number of random generation queries: 0
Failed requests: 0
[SSL statistics]
Encrypt packets of queries: 19331
Encapsulate packets of queries: 19331
Decrypt packets of queries: 437
Package requests decapsulating: 437
HMAC calculation queries: 19768
ITS creation queries: 178
SA asked to generate a new key: 0
Requests to remove SA: 176
Next phase of allocation key applications: 0
Number of random generation queries: 0
Failed requests: 0
[Statistical SSH are not taken in charge]
[Statistics SRTP]
Encrypt packets of requests: 0
Encapsulate packets of requests: 0
Decrypt packets of requests: 0
Decapsulating requests for package: 0
HMAC calculation queries: 0
ITS creation queries: 0
SA asked to generate a new key: 0
Deletion requests: 0
Next phase of allocation key applications: 0
Number of random generation queries: 0
Failed requests: 0
[Statistics]
Encrypt packets of requests: 0
Encapsulate packets of requests: 0
Decrypt packets of requests: 0
Decapsulating requests for package: 0
HMAC calculation queries: 6238
ITS creation queries: 0
SA asked to generate a new key: 0
Deletion requests: 0
Next phase of allocation key applications: 0
Number of queries random generation: 76
Failure of queries: 9
door-71 # sh crypto ca trustpoints

Trustpoint ASDM_TrustPoint0:
Configured for the production of a self-signed certificate.

Trustpoint ASDM_TrustPoint1:
Configured for the production of a self-signed certificate.

If you need something more, then spread!
Please explain why it is that I don't want to work?

Hello

When the IPSEC tunnel does not come to the top, the first thing comes to my mind is to run a tracer of package from the CLI and the phases in it. Please run this command from your firewall side and share the output. I've just compiled this command with the random ip address and ports of your given range.

Packet-trace entry inside tcp 10.1.72.2 1233 10.1.61.2 443 detailed

Best regards

Amandine

IPS module does not

Hi, I'm currently running active / standby and my sometimes (twice a year) IPS module goes on which triggering a failover. The current status is:

This host: secondary: enabled

Another host: primary - failed

and on the primary host-: slot 1: ASA-SSM-10 rev hw/sw (status 1.0/6.1(1)E3) (does not/high)

I know that I have to go in the module and hw-module module reset. But I opened a file and got a replacement Module ID. Do I need to power down my ASA primary, it is in mode of failover in any case... If I turn off, it would result in any question of production since I am currently on secondary. Also, I read that the module will not keep or config between synchronization devices. How can I access the configuration of the IPS module so that I can put it in the new module?

Thanks for the reply.

FYI, these issues must be addressed with the CSE assigned to your request for Service of TAC where RAM was arranged. I'll take a shot at answering them, but when you use a query from Active Service of the TAC, you must act together with the CSE assigned to issues related to the issue.
```
Do I need to power down my primary ASA
```
Yes, sensor AIP - SSM modules are not able to SEE (Insertion/withdrawal online). ASA in which the sensor module is replaced must be powered down before removing the faulty sensor module and before installing the replacement.
```
if I do power down, would it cause any issue to production since I am on secondary right now.
```
If the other Member of the ASA of the failover pair is currently active and its sensor module is in Place, then power the unit standby off ASA should not affect traffic.
```
I have read that the module won't retain or synch config between devices. how do i access the configuration of the IPS module so that I can put it into the new module?
```
Correct, the sensor modules do inheritly not synchronize or replicate their configuration (such as units of the ASA of the failover pair). If you are able to access the defective sensor module long enough to get a copy of the "show config" command, you can integrate this same output in the replacement sensor module.

Finally, note that the Unresponsive State can be caused by hardware problems. IPS 1.0000 E3 (which is what you seem to be running) is very old and is more directly supported. You need to upgrade to a modern version, supported (E4 7.0 (6) or 6.2 (4) E4), which contain a lot of bugs, which some correct problems that might otherwise cause the module become Unresponsive.

ESX Vnic does not lower when the uplink to server FI is disabled

Hello

We are currently testing a new infrastructure and you experience this problem:

On a ucs when disable us an uplink to the FI server to simulate a network outage, the underlying ESX host are the Vnic connection live and does not switch ot the other connection.

We have this problem with only a ucs, the other does not create this behavior. Failover takes place normally.

We have a political network sets up with the Action on the set of uplink failure to post a link to the bottom.

any id would help.

Thank you

Stéphane Beausoleil

Senior SysAdmin / virtualization team

CGI

Stephan,

If I understand correctly, remove you / disable a port from IOM at the END? OR the FI switch upstream?

If the FI to IOM = you have Port enabled in the strategy of chassis Discovery Channel?

If the FI to the switch upstream: are there any other uplink in the same FI? Y at - it no static pinning applied?

-Kenny

802. 1 x authentication port does not

I have trouble to know what is happening here. I'm trying to configure 802. 1 x port authentication based to assign customers to a VLAN. I inherited this mess and his for a long time I used it. I ran a wireshark on the radius of my server and I see no same package from my IP address switch when I plug into a port (I checked communication because pings come in my trace)

Pass the info:

SW-ConfB > sho worm

Cisco IOS software, software of C2960C (C2960c405-UNIVERSALK9-M), Version 12.2 (55) EX3, VERSION of the SOFTWARE (fc2)

Port config:

interface FastEthernet0/11

switchport mode access

authentication event failure action allow vlan 900

no response from the authentication event action allow vlan 900

Auto control of the port of authentication

dot1x EAP authenticator

dot1x tx-period 5

The RADIUS server info:

key acct-port 1646 1645 auth-RADIUS-server host 10.0.1.52 port 802.1 x!

A little confused why not package Radius comes even from the switch. Any tips?

According to debug it, it seems that the supplicant connected on the switch port does not support the dot1x and MAB is not configured on the switchport so no method left to try and you got the vlan COMMENTS.

3 Mar 04:37:47.963: % AUTHMGR-7-RESULT: authentication result 'no response' of 'dot1x' for the customer (d4be.d907.9637) on the Interface Fa0/11 AuditSessionID 0A000103000000090B4AD0F6
* 04:37:47.963 3 Mar: % AUTHMGR-7-FAILOVER: failover "dot1x' for the client (d4be.d907.9637) on the Interface Fa0/11 AuditSessionID 0A000103000000090B4AD0F6
* 04:37:47.963 3 Mar: AUTHMGR-7-NOMOREMETHODS %: exhausted all methods of authentication for the client

At this point, the RADIUS is not even came into the picture. Please make sure that the end customer is configured correctly for the dot1x parameters.

Kind regards

Jatin kone

* Make the rate of useful messages *.

Tuxedo failover does not

Similar Questions

Maybe you are looking for