V/S GLOBAL LOCAL Stats

Similar Questions

• Can't find the connection of local State security?

  Why can I not see security the only thing I see is General when I click on network connections and connection to the local network and it appears a general says tab status but no security tab what do I do?

  Simply a wired LAN connection is not secure as a Wi - Fi connection can use WPA2 for example. Here's an example of my Windows 7 laptop when I activated the network wireless and wired LAN connections...

  https://SkyDrive.live.com/redir.aspx?CID=25ab668da65c8fbe&RESID=25AB668DA65C8FBE! 374 & Thierry = 25AB668DA65C8FBE! 118

• UCS Central - model of political profile of Global Service with Local SAN Boot

  Hello

  I created a profile Service Global UCS central template to create the ESX Service profile for servers 5 different area of UCS.

  The majority of addresses is assigned in the world i.e. addresses MAC, UUID, etc with the exception of the WWPN where local teams of SAN want to pre-configure the zoning for a defined block of addresses WWPN.

  I intend to use the ID range Qualification policy to assign a block of addresses WWPN to a specific area of UCS, but my main concern is around the creation of Boot SAN policy. As we intend to use the same model of Service Global profile for 5 different areas SAN Boot targets will have to be different.

  Any way to locate startup SAN strategy so I can have only one UCS Global local SAN Boot targets?

  Thank you very much, Paul

  Hi Paul,.

  What you're looking for, it's what we call a 'Boot target Alias', that should work much in the same way that VLAN alias work with UCS 1.1 Central.     Made senior level policy reference to the 'alias', but the actual link (some VLAN or target of Boot or...) will be specific field/DomainGroup and will not be resolved until the SP is associated with a session on a given field.     In the case of prime targets, this would allow for the same Global SP model to be used in several DomainGroups, while the actual target of Boot will vary according to the individual DomainGroup.

  Unfortunately, this feature is not in UCS 1.1 Central.   We have it on the list of features 'high priority' to point 1.2.

  The only 'solution' is to use several global models of the SP, whose name and attributes reflect the underlying objective of SAN-Boot - even if this creates models of N * M (N = # Gech/s;) M = bays of Boot # SAN).

  Hope this helps to enlighten us.    See you soon,.

  -Jeff

• Stupid question? Impossible to spend between 2 globals VI "S".

  Asked me to do the three SCREWS 1 VI. I can't pass globals between 3 separate SCREWS? Return to 101 in lab mode can help.

  Philippe

  Your solution should depend on what kind of data in the way you need.  Some of the types of data you will need to pass around and a few ways to do this are the following:

  1. If the screw run sequentially, just use the wires between them and the components of connector is correctly configured.  No need what wasn't advanced.  This will be the case more often as it sounds.
  2. Local state information must be kept in a shift register of the loop, in that the data is used.  This, too, is very common.
  3. "Global" data can be stored in a data value reference (DVR) or functional overall, with preference for the former.  DVRS tend to be more scalable and have performances superior to those functional globals.
  4. Sending data between the screws running is usually best done with queues, events user or notifiers, depending on the application.  Queues are the normal method.  User events are a mechanism without loss (an author, several readers).  Notifiers are a mechanism with loss.

  If you give us more details on what you are trying to accomplish, we can be a little more specific.

  Please note that the globals are not on the list above.  They are quick, easy, and I think that they cause more trouble than they are worth.  If you want more details, search these forums for amounts enormous of debate on the subject.

• Access Local EJB Stateless to a diff EAR in the same Weblogic

  Hello
  
  EAR1 and EAR2 are deployed on the same instance of weblogic. (weblogic 10.0)
  EAR1 needs to access a session bean without local State (EJB3) deployed as a module in EAR2.
  
  Please let me know if the above is possible.

  EJB components located in the files from archive (.ear) different application companies or other jar EJB files is not part of the current application, are considered external components, whether or not they run in the same WebLogic Server instance. Note that local business service interfaces can be used in an application, so external components must be looked up and raised by their remote business interfaces.

  You can use either global JNDI (mappedName stateless annotation attribute) names or incorporate appropriate by file ejb - jar.xml and elements in the descriptor weblogic-ejb - jar.xml to find external components.

• index of output table and show what LOCAL indexes and who are

  I read the view of ALL_INDEXES here:
  http://www.Stanford.edu/dept/ITSS/docs/Oracle/10G/server.101/b10755/statviews_1061.htm
  But I still don't know how to query follows:
  
  1. display the name of the table, the index name and flag Y/N 'Is the local index' and a flag "is the overall index.
  
  The application should output table index and show what indexes are LOCAL and which are not.
  
  How to write this query?
  
  My original request:
  

  select table_name, Index_Name, Uniqueness, Partitioned, decode(Partitioned, 'NO', 'Global','Local') GlobalOrLocal from all_indexes
  where table_name = 'MyTABLE'

  2 I understand that global index for partitioned tables is a chunk of data referencing all the partitions table in the single room, but Local index is partitioned itself there are several parts each one or more partitions to reference table?
  
  Published by: CharlesRoos on October 6, 2010 12:45 AM

  CharlesRoos wrote:
  I read the view of ALL_INDEXES here:
  http://www.Stanford.edu/dept/ITSS/docs/Oracle/10G/server.101/b10755/statviews_1061.htm
  But I still don't know how to query follows:

  1. display the name of the table, the index name and flag Y/N 'Is the local index' and a flag "is the overall index.

  The application should output table index and show what indexes are LOCAL and which are not.

  How to write this query?

  My original request:

  select table_name, Index_Name, Uniqueness, Partitioned, decode(Partitioned, 'NO', 'Global','Local') GlobalOrLocal from all_indexes
  where table_name = 'MyTABLE'
  

  That seems Ok to me.

  2 I understand that for partitioned tables index global is a big piece of data referencing all the partitions table in the single room,

  Yes.

  but the Local index is partitioned itself there several pieces for each reference one or several partitions table?

  Almost right: each refers to score exactly one table. I.e. index partitioning is 'aligned' with the partitioning of the table.

• PPA:mc3man / trusty-media firefox does not open

  Hello. I added ppa:mc3man / trusty-media to get ffmpeg (firefox not associated). Update dist has added a bunch of files and now does not open firefox. I tried to purge firefox and remove .mozilla.
  Couldit be some clashes gstreamer or freshplayerplugin?

  Firefox - safe-mode

  (process: 31696): CRITICISM of GLib *: g_slice_set_config: assertion 'sys_page_size == 0' failed

  (firefox:31696): GLib-GObject-WARNING *: try to add the property GnomeProgram:sm - connect after class has been initialized

  (firefox:31696): GLib-GObject-WARNING *: try to add the property GnomeProgram:show - crash-dialogue after the class has been initialized

  (firefox:31696): GLib-GObject-WARNING *: try to add the GnomeProgram::display property after the class has been initialized

  (firefox:31696): GLib-GObject-WARNING *: try to add the icon property - GnomeProgram:default after the class has been initialized

  Modules: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:41.0
  BuildID: 20150901080605
  CrashTime: 1441302166
  EMCheckCompatibility: true
  E-mail: [email protected]
  FramePoisonBase: 00000000f0dea000
  FramePoisonSize: 4096
  InstallTime: 1441299470
  Notes: OpenGL: NVIDIA Corporation - GeForce GT NVIDIA 304.125 630/PCIe/SSE2--4.2.0 - texture_from_pixmap

  ProductID: {ec8030f7-c20a-464f-9b0e-13a3a9e97384}
  ProductName: Firefox
  ReleaseChannel: beta
  Safe mode: 0
  SecondsSinceLastCrash: 210
  StartupTime: 1441302165
  TelemetryEnvironment: {"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86","buildId":"20150901080605","version":"41.0","vendor":"Mozilla","platformVersion":"41.0","xpcomAbi":"x86-gcc3","hotfixVersion":null},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":6061,"cpu":{"count":4,"vendor":null,"family":null,"model":null,"stepping":null,"extensions":["hasMMX","hasSSE","hasSSE2","hasSSE3","hasSSSE3","hasSSE4_1"]},"os":{"name":"Linux","version":"3.13.0-63-generic","locale" :"en-US"},"hdd":{"profile":{"model":null,"revision":null},"binary":{"model":null,"revision":null},"system":{"model":null,"revision":null}},"gfx":{"D2DEnabled":null,"DWriteEnabled":null,"adapters":[{"description":"NVIDIA Corporation -- GeForce GT 630/PCIe/SSE2","vendorID":"NVIDIA Corporation","deviceID":"GeForce GT 630/PCIe/SSE2","subsysID":null,"RAM":null,"driver":null,"driverVersion":"4.2.0 NVIDIA 304.125","driverDate":null,"GPUActive":true}],"monitors":[{"screenWidth":1920,"screenHeight":1080}]}},"settings":{"blocklistEnabled" :true,"isDefaultBrowser":false,"e10sEnabled":false,"telemetryEnabled":true,"isInOptoutSample":false,"locale":"en-US","update":{"channel":"beta","enabled":true,"autoDownload":true},"userPrefs":{}},"profile":{}}
  Theme: classic/1.0
  Ramjet: 1
  Seller: Mozilla
  Version: 41.0
  useragent_locale: chrome://global/locale/intl.properties

  This report also contains technical information about the State of the application when it crashed.

  PPP-purge ppa:mc3man / trusty media fixed it.

• Need help to set up voice VLAN in SG300

  Hello

  I spent too much time on it now and need help. I'm trying to set up a voice switch VLAN on a SG300 - 28 p. I need to charge a phone Cisco 7965 connected to a port on SG300 - 28 p to use VLAN 100, and a workstation connected to the phone to use Cisco 7965 on VLAN 101 by SG300 - 28 p. In the common Cisco IOS switches, this task is configured as follows:

  interface gi25

  switchport mode access

  switchport access vlan 101

  switchport voice vlan 100

  Trying to achieve this scenario with a Cisco SG300 switch turns into a nightmare. You will have to deal with a Dynamic of VLAN voice Auto Voice VLAN mode. Then, you must have a configured trigger and activated Automatic Smartport . I tried to do this in CLI nothing helps. Cisco 7965 receives an IP address of the access VLAN on Gi15 interface, which is 101 VLAN. I need to receive an address IP of the VLAN 100.

  The current configuration under Gi15 interface is as follows:

  interface gigabitethernet15

  activate the storm control

  broadcast storm control level kbit/s 10

  Storm-control include multicast

  port security throw trap 60

  maximum port security by 10 points

  port security mode max-addresses

  spanning tree portfast

  LLDP-med disable

  switchport mode access

  switchport access vlan 101

  ! next order is internal

  macro auto smartport dynamic_type unknown $native_vlan 101 $voice_vlan 100

  Now, I don't know how the macro auto smartport dynamic_type unknown $native_vlan 101 $voice_vlan 100 command in the config, and I do not know how to remove it.

  When I try to enter the command macro auto smartport type ip_phone_desktop under Gi15 interface, I get the following error message:

  The $voice_vlan macro setting is not configurable by the user

  It seems that the auto attendant smartport macro ip_phone_desktop can not apply the setting $voice_vlan with a value of 100. In fact, I explicitly does not use this parameter to everything in the order of macro auto smartport type ip_phone_desktop ; However, the SG300 switch knows that the voice VLAN VLAN 100, and he's trying to use this VLAN ID as the value of the $voice_vlan parameter, the macro fails.
  

  I tried statically configure the voice VLAN on the switch SG300 using the command id of the vlan 100 voice , but I couldn't get the ip_phone_desktop macro to configure interface Gi15 correctly. Then, I removed the command id of the vlan 100 voice and obtained SG300 to learn his voice VLAN ID of UC560 connected to the SG300 through a trunk port based on the port configuration (connected to SG300) for the trunk of the next UC560:

  switchport trunk vlan 101 native

  switchport mode trunk

  switchport voice vlan 100

  Cisco-switch macro description

  This is the command switchport voice vlan 100 who announces to SG300 via CDP VLAN 100 is a voice VLAN. When I run the command show vlan local VoIP on the SG300, I get the following result:

  VLAN ID - VPT DSCP Source MAC address Interface

  1                    5          46       default           ----                    ---

  * 100 CDP e0:5f:b9:xx:yy:zz gi28

  Thus, it is clear that the SG300 receives information from UC560 via CDP in port Gi28 VLAN 100 is the voice VLAN. However, I can not always apply the ip_phone_desktop macro to SG300 Gi15 interface.

  Also, I tried to set up vState ofoithis vlan auto-déclenché as well as the commands in global configuration State vlan automatic voice activated mode. Or setting changes anything view voice VLAN announced at Cisco 7965 where Cisco 7965 continues to use VLAN101 (access the VLAN assigned to the interface Gi15).

  Hello telecastle,

  The Macro just get in the way most of the time. A default state on the switch a user will set the id of the vlan voice with orders

  (config) #voice vlan id 100

  * This will create the vlan 100

  VLAN, VoIP? * You can use to change your defaults for dscp and cos a long with all the other settings.

  State of vlan (config) enabled automatic #voice

  (config) #interface rank fa1-24

  (config-if-range) #switchport trunk vlan 101 native

  trunk (config-if-range) #switchport allowed vlan add 100

  * This function will define the vlan native on the trunk to 101 for the data port and vlan tagged will be 101 for the voice.

  CDP is enabled automatically and should learn the features of the phone and get on the phone to the vlan 101 on this port.

  CDP of the UC should automatically fill in the switch of the SG. You may need to upgrade the switch to the latest firmware however. Also make sure that the DHCP server for the voice if the CPU must be configured accordingly.

  Let me know if this helps.

  Cisco Small Business Support Center

  Randy Manthey

  CCNA, CCNA - security

• DMVPN spoke of issues after migration double ISR2 3925 hub to ASR-1001 X

  Hello world

  After our hub solution migration DMVPN double ISR2 3925 to ASR - 1001 X (running asr1001x - universalk9.03.12.03.S.154 - 2.S3 - std.SPA.bin) we started to have some problems with tunnels rays beat (which goes up and down) and sometimes never came.

  Running 'show dmvpn' speak it is stuck in State PNDH to our hub. To solve the problem, we run 'stop' and then 'non-stop' on the tunnel interface to actually speak that DMVPN Monte. Also runs "clear encryption session " on the shelf often solves the problem. So, it seems that the question has something to do with IPSEC.

  When the problem occurred, and then debug crypto ipsec, crypto, crypto isakmp and crypto engine socket the following can be seen on the hub:

   Jun 25 10:01:41 SUMMERT: ISAKMP:(46580):Sending NOTIFY DPD/R_U_THERE protocol 1 spi 140130067548488, message ID = 629121681 Jun 25 10:01:41 SUMMERT: ISAKMP:(46580): seq. no 0x64B2238C Jun 25 10:01:41 SUMMERT: ISAKMP:(46580): sending packet to  my_port 500 peer_port 500 (I) QM_IDLE Jun 25 10:01:41 SUMMERT: ISAKMP:(46580):Sending an IKE IPv4 Packet. Jun 25 10:01:41 SUMMERT: ISAKMP:(46580):purging node 629121681 Jun 25 10:01:41 SUMMERT: ISAKMP:(46580):Input = IKE_MESG_FROM_TIMER, IKE_TIMER_IM_ALIVE Jun 25 10:01:41 SUMMERT: ISAKMP:(46580):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE Jun 25 10:01:41 SUMMERT: ISAKMP (46580): received packet from  dport 500 sport 500 ISP1-DMVPN (I) QM_IDLE Jun 25 10:01:41 SUMMERT: ISAKMP: set new node 3442686097 to QM_IDLE Jun 25 10:01:41 SUMMERT: ISAKMP:(46580): processing HASH payload. message ID = 3442686097 Jun 25 10:01:41 SUMMERT: ISAKMP:(46580): processing NOTIFY DPD/R_U_THERE_ACK protocol 1 spi 0, message ID = 3442686097, sa = 0x7F72986867D0 Jun 25 10:01:41 SUMMERT: ISAKMP:(46580): DPD/R_U_THERE_ACK received from peer , sequence 0x64B2238C Jun 25 10:01:41 SUMMERT: ISAKMP:(46580):deleting node 3442686097 error FALSE reason "Informational (in) state 1" Jun 25 10:01:41 SUMMERT: ISAKMP:(46580):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY Jun 25 10:01:41 SUMMERT: ISAKMP:(46580):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE Jun 25 10:01:42 SUMMERT: IPSEC: delete incomplete sa: 0x7F729923A438 Jun 25 10:01:42 SUMMERT: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS Jun 25 10:01:42 SUMMERT: ISAKMP:(46580):purging node 1111296046 Jun 25 10:01:44 SUMMERT: ISAKMP (46580): received packet from  dport 500 sport 500 ISP1-DMVPN (I) QM_IDLE Jun 25 10:01:44 SUMMERT: ISAKMP: set new node 928225319 to QM_IDLE Jun 25 10:01:44 SUMMERT: ISAKMP:(46580): processing HASH payload. message ID = 928225319 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580): processing SA payload. message ID = 928225319 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Checking IPSec proposal 1 Jun 25 10:01:44 SUMMERT: ISAKMP: transform 1, ESP_AES Jun 25 10:01:44 SUMMERT: ISAKMP: attributes in transform: Jun 25 10:01:44 SUMMERT: ISAKMP: encaps is 2 (Transport) Jun 25 10:01:44 SUMMERT: ISAKMP: SA life type in seconds Jun 25 10:01:44 SUMMERT: ISAKMP: SA life duration (basic) of 3600 Jun 25 10:01:44 SUMMERT: ISAKMP: SA life type in kilobytes Jun 25 10:01:44 SUMMERT: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 Jun 25 10:01:44 SUMMERT: ISAKMP: authenticator is HMAC-SHA Jun 25 10:01:44 SUMMERT: ISAKMP: key length is 256 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):atts are acceptable. Jun 25 10:01:44 SUMMERT: CRYPTO_SS(TUNNEL SEC): Active open, socket info: local  /255.255.255.255/0, remote  /255.255.255.255/0, prot 47, ifc Tu3300 Jun 25 10:01:44 SUMMERT: IPSEC(recalculate_mtu): reset sadb_root 7F7292E64990 mtu to 1500 Jun 25 10:01:44 SUMMERT: CRYPTO_SS(TUNNEL SEC): Sending Socket Ready message Jun 25 10:01:44 SUMMERT: ISAKMP:(46580): processing NONCE payload. message ID = 928225319 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580): processing ID payload. message ID = 928225319 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580): processing ID payload. message ID = 928225319 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):QM Responder gets spi Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Node 928225319, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Old State = IKE_QM_READY New State = IKE_QM_SPI_STARVE Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Node 928225319, Input = IKE_MESG_INTERNAL, IKE_GOT_SPI Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Old State = IKE_QM_SPI_STARVE New State = IKE_QM_IPSEC_INSTALL_AWAIT Jun 25 10:01:44 SUMMERT: IPSEC(crypto_ipsec_sa_find_ident_head): reconnecting with the same proxies and peer  Jun 25 10:01:44 SUMMERT: IPSEC(crypto_ipsec_update_ident_tunnel_decap_oce): updating profile-shared Tunnel3300 ident 7F7298B2BF80 with lookup_oce 7F7296BF5440 Jun 25 10:01:44 SUMMERT: IPSEC(create_sa): sa created, (sa) sa_dest= , sa_proto= 50, sa_spi= 0x14F40C56(351538262), sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 27873 sa_lifetime(k/sec)= (4608000/3600), (identity) local= :0, remote= :0, local_proxy= /255.255.255.255/47/0, remote_proxy= /255.255.255.255/47/0 Jun 25 10:01:44 SUMMERT: IPSEC(create_sa): sa created, (sa) sa_dest= , sa_proto= 50, sa_spi= 0x3B4731D7(994521559), sa_trans= esp-aes 256 esp-sha-hmac , sa_conn_id= 27874 sa_lifetime(k/sec)= (4608000/3600), (identity) local= :0, remote= :0, local_proxy= /255.255.255.255/47/0, remote_proxy= /255.255.255.255/47/0 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Received IPSec Install callback... proceeding with the negotiation Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Successfully installed IPSEC SA (SPI:0x14F40C56) on Tunnel3300 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580): sending packet to  my_port 500 peer_port 500 (I) QM_IDLE Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Sending an IKE IPv4 Packet. Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Node 928225319, Input = IKE_MESG_FROM_IPSEC, IPSEC_INSTALL_DONE Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Old State = IKE_QM_IPSEC_INSTALL_AWAIT New State = IKE_QM_R_QM2 Jun 25 10:01:44 SUMMERT: ISAKMP (46580): received packet from  dport 500 sport 500 ISP1-DMVPN (I) QM_IDLE Jun 25 10:01:44 SUMMERT: ISAKMP: set new node 1979798297 to QM_IDLE Jun 25 10:01:44 SUMMERT: ISAKMP:(46580): processing HASH payload. message ID = 1979798297 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580): processing NOTIFY PROPOSAL_NOT_CHOSEN protocol 3 spi 351538262, message ID = 1979798297, sa = 0x7F72986867D0 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580): deleting spi 351538262 message ID = 928225319 Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):deleting node 928225319 error TRUE reason "Delete Larval" Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):peer does not do paranoid keepalives. Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Enqueued KEY_MGR_DELETE_SAS for IPSEC SA (SPI:0x3B4731D7) Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):deleting node 1979798297 error FALSE reason "Informational (in) state 1" Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY Jun 25 10:01:44 SUMMERT: ISAKMP:(46580):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE Jun 25 10:01:44 SUMMERT: IPSEC: delete incomplete sa: 0x7F729923A340 Jun 25 10:01:44 SUMMERT: IPSEC(key_engine_delete_sas): delete SA with spi 0x3B4731D7 proto 50 for  Jun 25 10:01:44 SUMMERT: IPSEC(update_current_outbound_sa): updated peer  current outbound sa to SPI 0 Jun 25 10:01:44 SUMMERT: IPSEC(send_delete_notify_kmi): not sending KEY_ENGINE_DELETE_SAS Jun 25 10:01:44 SUMMERT: CRYPTO_SS(TUNNEL SEC): Sending request for CRYPTO SS CLOSE SOCKET

   #sh pl ha qf ac fe ipsec data drop ------------------------------------------------------------------------ Drop Type Name Packets ------------------------------------------------------------------------ 3 IN_US_V4_PKT_FOUND_IPSEC_NOT_ENABLED 127672 19 IN_OCT_ANTI_REPLAY_FAIL 13346 20 IN_UNEXP_OCT_EXCEPTION 4224 33 OUT_V4_PKT_HIT_IKE_START_SP 1930 62 IN_OCT_MAC_EXCEPTION 9 #sh plat hard qfp act stat drop | e _0_ ------------------------------------------------------------------------- Global Drop Stats Packets Octets ------------------------------------------------------------------------- Disabled 1 82 IpFragErr 170536 246635169 IpTtlExceeded 4072 343853 IpsecIkeIndicate 1930 269694 IpsecInput 145256 30071488 Ipv4Acl 2251965 215240194 Ipv4Martian 6248 692010 Ipv4NoAdj 43188 7627131 Ipv4NoRoute 278 27913 Ipv4Unclassified 6 378 MplsNoRoute 790 69130 MplsUnclassified 1 60 ReassTimeout 63 10156 ServiceWireHdrErr 2684 585112

  In addition, after you run "logging dmvpn rate-limit 20' on the hub

   %DMVPN-3-DMVPN_NHRP_ERROR: Tunnel292: NHRP Encap Error for Resolution Request , Reason: protocol generic error (7) on (Tunnel:  NBMA: )

  On the talks both the following can be seen debugging as well:

   *Jun 25 09:17:26.884: ISAKMP:(1032): sitting IDLE. Starting QM immediately (QM_IDLE ) *Jun 25 09:17:26.884: ISAKMP:(1032):beginning Quick Mode exchange, M-ID of 1599359281 *Jun 25 09:17:26.884: ISAKMP:(1032):QM Initiator gets spi *Jun 25 09:17:26.884: ISAKMP:(1032): sending packet to  my_port 500 peer_port 500 (R) QM_IDLE *Jun 25 09:17:26.884: ISAKMP:(1032):Sending an IKE IPv4 Packet. *Jun 25 09:17:26.884: ISAKMP:(1032):Node 1599359281, Input = IKE_MESG_INTERNAL, IKE_INIT_QM *Jun 25 09:17:26.884: ISAKMP:(1032):Old State = IKE_QM_READY New State = IKE_QM_I_QM1 *Jun 25 09:17:26.940: ISAKMP (1032): received packet from  dport 500 sport 500 Global (R) QM_IDLE *Jun 25 09:17:26.940: ISAKMP:(1032): processing HASH payload. message ID = 1599359281 *Jun 25 09:17:26.940: ISAKMP:(1032): processing SA payload. message ID = 1599359281 *Jun 25 09:17:26.940: ISAKMP:(1032):Checking IPSec proposal 1 *Jun 25 09:17:26.940: ISAKMP: transform 1, ESP_AES *Jun 25 09:17:26.940: ISAKMP: attributes in transform: *Jun 25 09:17:26.940: ISAKMP: encaps is 2 (Transport) *Jun 25 09:17:26.940: ISAKMP: SA life type in seconds *Jun 25 09:17:26.940: ISAKMP: SA life duration (basic) of 3600 *Jun 25 09:17:26.940: ISAKMP: SA life type in kilobytes *Jun 25 09:17:26.940: ISAKMP: SA life duration (VPI) of 0x0 0x46 0x50 0x0 *Jun 25 09:17:26.940: ISAKMP: authenticator is HMAC-SHA *Jun 25 09:17:26.940: ISAKMP: key length is 256 *Jun 25 09:17:26.940: ISAKMP:(1032):atts are acceptable. *Jun 25 09:17:26.940: IPSEC(ipsec_process_proposal): proxy identities not supported *Jun 25 09:17:26.940: ISAKMP:(1032): IPSec policy invalidated proposal with error 32 *Jun 25 09:17:26.940: ISAKMP:(1032): phase 2 SA policy not acceptable! (local  remote ) *Jun 25 09:17:26.940: ISAKMP: set new node -1745931191 to QM_IDLE *Jun 25 09:17:26.940: ISAKMP:(1032):Sending NOTIFY PROPOSAL_NOT_CHOSEN protocol 3 spi 834718720, message ID = 2549036105 *Jun 25 09:17:26.940: ISAKMP:(1032): sending packet to  my_port 500 peer_port 500 (R) QM_IDLE *Jun 25 09:17:26.940: ISAKMP:(1032):Sending an IKE IPv4 Packet. *Jun 25 09:17:26.940: ISAKMP:(1032):purging node -1745931191 *Jun 25 09:17:26.940: ISAKMP:(1032):deleting node 1599359281 error TRUE reason "QM rejected" *Jun 25 09:17:26.940: ISAKMP:(1032):Node 1599359281, Input = IKE_MESG_FROM_PEER, IKE_QM_EXCH *Jun 25 09:17:26.940: ISAKMP:(1032):Old State = IKE_QM_I_QM1 New State = IKE_QM_I_QM1 *Jun 25 09:17:34.068: ISAKMP (1032): received packet from  dport 500 sport 500 Global (R) QM_IDLE *Jun 25 09:17:34.068: ISAKMP: set new node 1021264821 to QM_IDLE *Jun 25 09:17:34.072: ISAKMP:(1032): processing HASH payload. message ID = 1021264821 *Jun 25 09:17:34.072: ISAKMP:(1032): processing NOTIFY DPD/R_U_THERE protocol 1 spi 0, message ID = 1021264821, sa = 0x32741028 *Jun 25 09:17:34.072: ISAKMP:(1032):deleting node 1021264821 error FALSE reason "Informational (in) state 1" *Jun 25 09:17:34.072: ISAKMP:(1032):Input = IKE_MESG_FROM_PEER, IKE_INFO_NOTIFY *Jun 25 09:17:34.072: ISAKMP:(1032):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Jun 25 09:17:34.072: ISAKMP:(1032):DPD/R_U_THERE received from peer , sequence 0x64B2279D *Jun 25 09:17:34.072: ISAKMP: set new node 716440334 to QM_IDLE *Jun 25 09:17:34.072: ISAKMP:(1032):Sending NOTIFY DPD/R_U_THERE_ACK protocol 1 spi 834719464, message ID = 716440334 *Jun 25 09:17:34.072: ISAKMP:(1032): seq. no 0x64B2279D *Jun 25 09:17:34.072: ISAKMP:(1032): sending packet to  my_port 500 peer_port 500 (R) QM_IDLE *Jun 25 09:17:34.072: ISAKMP:(1032):Sending an IKE IPv4 Packet. *Jun 25 09:17:34.072: ISAKMP:(1032):purging node 716440334 *Jun 25 09:17:34.072: ISAKMP:(1032):Input = IKE_MESG_FROM_PEER, IKE_MESG_KEEP_ALIVE *Jun 25 09:17:34.072: ISAKMP:(1032):Old State = IKE_P1_COMPLETE New State = IKE_P1_COMPLETE *Jun 25 09:17:35.356: ISAKMP:(1032):purging node 206299144

  Obviously something seems to be wrong Phase 2 not to come. But why is it going up after having erased the session encryption or close the tunnel interface and activate the interface of tunnel has spoken?

  Very weird. Also, in looking at att the hub debugging messages it seems that Cryptography is associated with evil Tu3300 tunnel interface when it is Tu2010. Normal or Bug?

  The configuration of the hub looks like this:

   crypto keyring ISP1-DMVPN vrf ISP1-DMVPN pre-shared-key address 0.0.0.0 0.0.0.0 key  crypto isakmp policy 10 encr aes authentication pre-share crypto isakmp keepalive 10 3 periodic crypto isakmp nat keepalive 10 crypto isakmp profile ISP1-DMVPN keyring ISP1-DMVPN match identity address 0.0.0.0 ISP1-DMVPN keepalive 10 retry 3 crypto ipsec transform-set AES256-MD5 esp-aes 256 esp-md5-hmac mode tunnel crypto ipsec transform-set AES256-SHA-TRANSPORT esp-aes 256 esp-sha-hmac mode transport crypto ipsec profile ISP1-DMVPN set transform-set AES256-SHA AES256-SHA-TRANSPORT set isakmp-profile ISP1-DMVPN vrf definition ISP1-DMVPN description DMVPN-Outside-ISP1 rd 65527:10 ! address-family ipv4 exit-address-family ! ! interface TenGigabitEthernet0/0/0 no ip address ! interface TenGigabitEthernet0/0/0.71 description VPN;ISP1-DMVPN;Outside;VLAN71 encapsulation dot1Q 71 vrf forwarding ISP1-DMVPN ip address  255.255.255.128 no ip proxy-arp ip access-group acl_ISP1-DMVPN_IN in ! ip route vrf ISP1-DMVPN 0.0.0.0 0.0.0.0  name ISP1;Default ip access-list extended acl_ISP1-DMVPN_IN permit icmp any any permit esp any host  permit gre any host  permit udp any host  eq isakmp permit udp any host  eq non500-isakmp deny ip any any vrf definition 2010  description CUSTA - Customer A  rd 65527:2010 route-target export 65527:2010 route-target import 65527:2010 ! address-family ipv4 exit-address-family ! ! interface Tunnel2010 description CUSTA;DMVPN;Failover-secondary vrf forwarding 2010 ip address 10.97.0.34 255.255.255.240 no ip redirects ip mtu 1380 ip nhrp map multicast dynamic ip nhrp network-id 2010 ip nhrp holdtime 120 ip nhrp server-only ip nhrp max-send 1000 every 10 ip tcp adjust-mss 1340 tunnel source TenGigabitEthernet0/0/0.71 tunnel mode gre multipoint tunnel key 2010 tunnel vrf ISP1-DMVPN tunnel protection ipsec profile ISP1-DMVPN shared router bgp 65527 ! address-family ipv4 vrf 2010 redistribute connected metric 10 redistribute static metric 15 neighbor 10.97.0.39 remote-as 65028 neighbor 10.97.0.39 description spokerouter;Tunnel1 neighbor 10.97.0.39 update-source Tunnel2010 neighbor 10.97.0.39 activate neighbor 10.97.0.39 soft-reconfiguration inbound neighbor 10.97.0.39 prefix-list EXPORT-IVPN-VRF2010 out neighbor 10.97.0.39 route-map AllVRF-LocalPref-80 in neighbor 10.97.0.39 maximum-prefix 5000 80 default-information originate exit-address-family

  Configuring spoke:

   crypto keyring DMVPN01 pre-shared-key address 0.0.0.0 0.0.0.0 key  crypto isakmp policy 10 encr aes authentication pre-share crypto isakmp invalid-spi-recovery crypto isakmp profile DMVPN01 keyring DMVPN01 match identity address 0.0.0.0 keepalive 10 retry 3 crypto ipsec transform-set AES256-SHA esp-aes 256 esp-sha-hmac mode tunnel crypto ipsec transform-set AES256-SHA-TRANSPORT esp-aes 256 esp-sha-hmac mode transport crypto ipsec profile DMVPN01 set transform-set AES256-SHA-TRANSPORT set isakmp-profile DMVPN01 vrf definition inside rd 65028:1 route-target export 65028:1 route-target import 65028:1 ! address-family ipv4 exit-address-family ! interface Tunnel1 description DMVPN to HUB vrf forwarding inside ip address 10.97.0.39 255.255.255.240 no ip redirects ip mtu 1380 ip nhrp map 10.97.0.33  ip nhrp map multicast  ip nhrp map 10.97.0.34  ip nhrp map multicast  ip nhrp network-id 1 ip nhrp holdtime 120 ip nhrp nhs 10.97.0.33 ip nhrp nhs 10.97.0.34 ip nhrp registration no-unique ip nhrp registration timeout 60 ip tcp adjust-mss 1340 tunnel source GigabitEthernet0/0 tunnel mode gre multipoint tunnel key 2010 tunnel protection ipsec profile DMVPN01 shared router bgp 65028 ! address-family ipv4 vrf inside bgp router-id 172.28.5.137 network 10.97.20.128 mask 255.255.255.128 network 10.97.21.0 mask 255.255.255.0 network 10.97.22.0 mask 255.255.255.0 network 10.97.23.0 mask 255.255.255.0 network 172.28.5.137 mask 255.255.255.255 neighbor 10.97.0.33 remote-as 65527 neighbor 10.97.0.33 description HUB1;Tunnel2010 neighbor 10.97.0.33 update-source Tunnel1 neighbor 10.97.0.33 timers 10 30 neighbor 10.97.0.33 activate neighbor 10.97.0.33 send-community both neighbor 10.97.0.33 soft-reconfiguration inbound neighbor 10.97.0.33 prefix-list IROUTE-EXPORT out neighbor 10.97.0.33 maximum-prefix 5000 80 neighbor 10.97.0.34 remote-as 65527 neighbor 10.97.0.34 description HUB2;tunnel2010 neighbor 10.97.0.34 update-source Tunnel1 neighbor 10.97.0.34 timers 10 30 neighbor 10.97.0.34 activate neighbor 10.97.0.34 send-community both neighbor 10.97.0.34 soft-reconfiguration inbound neighbor 10.97.0.34 prefix-list IROUTE-EXPORT out neighbor 10.97.0.34 route-map AllVRF-LocalPref-80 in neighbor 10.97.0.34 maximum-prefix 5000 80 exit-address-family 

  If more information is needed, please say so.

  Any help or advice would be greatly appreciated!

  Thank you!

  It is possible that you touch it--the failure of negotiations of phase 2:

  https://Tools.Cisco.com/bugsearch/bug/CSCup72039/?reffering_site=dumpcr

  [Too little detail to say with certainty:]

  M.

• Overlapping address space question - how to NAT inside the traffic to one address different range on SAA for comms with 3rd party VPN?

  We already have a connectivity of IPSEC VPN site to site with a 3rd party.

  They must be able to access a couple of servers on our internal network but the problem, it's the subnet these servers are hosted on clashes with the address space they already used elsewhere. Thus, they asked if we can put in place a new subnet and have our firewall (running v7.2) ASA NAT the traffic to and from our servers ' real' internal addresses.

  for example

  • 3rd party 10.10.10.0/24 subnet
  • Our subnet 10.20.20.0/24 (but this clashes with the 3rd part of the address elsewhwere space)
  • Our 'real' internal server addresses are 10.20.20.1 and 10.20.20.2

  How do we setup NAT on our ASA translating internal addresses 'real' of these servers for some other addresses that don't clash?

  that is that the 3rd party is concerned, they would simply have to communicate with this 'new' subnet, say, 192.168.20.0/24 and our ASA firewall NAT traffic accordingly to allow some comms unfold?

  (And it should affect only comms on these servers for the 3rd party - NOT for one of our other multiple VPN connections! "And should not affect the other comms from the servers themselves!).

  That's what I've tried so far, for one of the servers, without success:

  On ASA:

  !

  access-list 1 permit line 3rdpartysite extended ip host 192.168.20.1 10.10.10.0 255.255.255.0
  !
  access-list SERVER-NAT line 1 permit extended ip host 10.20.20.1 10.10.10.0 255.255.255.0
  !
  static (inside, outside) 192.168.20.1 public - access NAT SERVER list

  "sh xlate" indicates:

  192.168.20.1 global local 10.20.20.1

  Can someone help with the necessary NAT configurations on the ASA?

  Thank you!

  'Clear xlate' after you have configured NAT statements?

  When you try to ping from the 10.20.20.1, get it to the ASA? You have an ACL on this interface that would block the ping? Also, can you run capture packets on the ASA to see if the ASA receives even the traffic?

  What is the subnet mask of the 10.20.20.1 host? I guess it's 255.255.255.0?

  You don't need something specific on the ASA with regard to the delivery of the 192.168.20.1.

• traffic to DMZ for outside

  I have a local web server with the IP for 192.168.2.2

  with I connect to the internet.

  outside pix has IP 192.168.1.2

  Global 192.168.2.20 - dmz 192.168.2.40 1

  Global 192.168.1.50 - Outdoor 192.168.1.80

  NAT 1 192.168.1.0

  NAT 1 192.168.2.0

  from inside lan, I can pin to dmz (not the dmz interface), and I can also ping to internet

  Route outside 0.0.0.0 0.0.0.0 192.168.1.2 1

  Dmz route 192.168.2.0 255.255.255.0 192.168.1.2 (not accepted by pix) why?

  I can't ping, bronze for the internet of DMZ

  I ping from shoul sec50 dry Internet 100 without problems.

  If someone could explain it.

  Thank you

  GIS

  My last paragraph on the lower security interfaces was wrong... my apologies.

  Must you have a global (outside) statement and you just need a statement by nat (dmz). The global (dmz) 1 192.168.2.3 will make it appear as if everything that comes from inside the dmz interface will come from 192.168.2.3.

  Once again, my apologies.

  Doug.

• Question about Chrome

  I deleted Google Chrome on my mac tonight and everything worked fine except a strange document called "local State" appeared on my desk... what?

  What is the file extension?

• Unable to set where to save new email

  I'm not able to define in which folder to receive news by e-mail. Support the sayes.
  Location of the menu: tools | Accounts settings | < account name >. Server settings | Advanced

  First, account settings are NOT tools, but under Options. Secondly, there is no progress under Server settings.

  Help, please.

  Thank you

  RE: where is the account settings?

  As you have discovered, the newer versions of Thunderbird have been transformed by developers in a product not intuiitive by hiding all toolbars.
  I find it a rather naïve approach to an assumption that everyone understands.
  Aid generally means toolbars as there are many tools available in their breast.

  So, to make life easier, I recommend that you activate the toolbars.

  How to activate the toolbars:
  Click on the 3 menu bar icon > Options and select the toolbars.
  See the image below.

  Various methods to access the "account settings".
  Using toolbars:
  Tools > accounts settings

  3 bars menu icon using:
  3 menu bar icon > Options > account settings

  Right-click on the account name in the folder pane and select "settings".

  Rather than change in fact which emails are downloaded, you can try first "Unified View".
  View > folders > unified
  It shows a single Inbox with all the messages in all accounts in a single folder.
  It will show also under Inbox, so that you can also locate the email on account Inbox special folder.
  If you have an IMAP email account, this is the method to use.

  Global Local Inbox folders
  If you have a POP email account, you can choose to receive either mail in the accounts own Inbox or configure it as a global Inbox and use the Inbox folders instead.

  You want all mail to the Inbox folders?
  In the affirmative.
  Using a POP email account?
  In the affirmative.
  Have you received emails in the email account?
  If so,.
  Go offline to stop downloading like emails.
  Move all email directories of email Pop accounts in various issues in the local folders.

  "Tools -> Account Settings -> Server Settings" for the pop mail account
  

  Click on the "Advanced" button - located under the storage of the messages area.
  See the image below. -recent version show a change in wording because I captured the image.
  Select: Inbox for the other account choose ' Inbox (Local folders) Global
  Select 'Include this server when getting new messages'
  Click OK

  Click OK to save the changes to account settings.

  Close Thunderbird.
  Wait a few minutes for the process to complete and then open thunderbird.
  You must close and restart before you download mail in any account for which you have changed the setting Inbox / Global Inbox.

  This will remove the list Pop e-mail account.
  New messages will be downloaded to the Inbox directories.

• Catches of lid broke on Satellite Pro A200

  My daughter has managed to break one of catch cover on my Satellite Pro A200 model PSAE1E012008EN bought about 15 months ago. Is anyone out there can help with the following questions?

  (a) it is easy to fix?
  (b) where can I get the bits?
  (c) failure can anyone help with a guy good local State (Teesside) and an approximate cost
  Thanks in advance

  Dismantling of laptops can be difficult, you might damage it more if not done correctly.

  You must go to an ASP and ask for a quote. They can order the Toshiba part and replace it for you.

  This isn't a big job, so it should not be expensive.

• Satellite M40X - cannot connect with another PC (LAN)

  Could not find another computer to the Working Group during the connection with other computers via crossover cable.
  All settings are correctly inserted.
  That should be a problem? (the firewall is disabled)

  Connection of local State is connected, but without activity packets (send/recieve = 0)

  PS: in the properties of the local area I protocol AEGIS (IEEE 802. 1 x) v2.3.1.10 - what is it?

  Hello japke

  How can you be sure that all settings have been correctly inserted? ;)

  Please check this topic http://forums.computers.toshiba-europe.com/forums/thread.jspa?threadID=3423&messageID=10650#10650. There is explanation how to Configure Peer-to-peer connection.

  Good bye