Client IP 추적에 관해서 문의드립니다.

Client PC - > Proxy Server - > Oracle Web Server
Proxy Server : Linux
Oracle Web Server : Windows 2003 32bit
위와 같은 구성으로 웹페이지를 만들어서 사용하고 있는데
클라이언트가 오라클 웹서버를 바로 붙을 때는
REMOTE_ADDR 을 통해서 IP가 추적이 가능한데
프락시 서버를 거치면 REMOTE_ADDR에 Proxy Server의 IP가 기록됩니다.
Client IP를 추적하기 위해서 2가지 방법을 사용해 보았는데 모두 실패하였습니다.
1. 첫번째 방법은 mod_rpaf-2.0.so 활용이었습니다.
httd.conf에
LoadModule rpaf_module "${ORACLE_HOME}/ohs/module/mod_rpaf-2.0.so"
<IfModule mod_rpaf-2.0.c>
     RPAFenable On
     RPAFproxy_ipx xxx.xxx.xxx.xxx
     PRAF_HEADER X-Forwarded-For
     PRAF_SetHostName On
     PRAF_SetHTTPS On
     RPAF_SetPort     On
</IfModule>
위와 같이 설정하고 서버를 리스타트 하면
콘솔 로그에 Apache.exe Syntax error on line 247 of c:\\Middleware\\Oracle_WR1\\instances\\config\\OHS\oh1/httpd.conf: Cannot load C:/Middleware/Oracle_WT1/ohs/modules/mod_rpaf-2.0.so into server: \xc0\xc0 ....
다음과 같은 에러창이 뜹니다.
2. 그래서 두번째 방법으로 헤더세팅하는 작업을 해 보았습니다.
httpd.conf에
RewriteRule :* - [E=X_Forwarded_For:%{HTTP:X-Forwarded-For}]
RequestHeader set X_Forwarded_For %X_Forwarded_For}e
dads.conf에
PlsqlCGIEnviromentList X_Forwarded_For
위를 추가하고
Html 헤더 값을 확인해 보니
X_Forwarded_For = (null)
위와 같이 X_Forwarded_For에 IP주소가 안넘어 오고 값이 들어 올지 않습니다.
첫번째 방법에 에러를 해결하거나
두번째 방법에서 X_Forwarded_For에 값을 넣어주는 부분에서 값을 넣어주거나
아니면 다른 더 좋은 방법이 있는지 조언부탁드리겠습니다.

HI,
Could you please let us know if you have tried the below configuration :-
In order to capture the Client IP in the Access logs you will need to modify the httpd.conf file
Default format
LogFormat "%h %l %u %t \"%r\" %>s %b" common
needs to be modifed to
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" common
It will be necessary to restart the HTTP Server and check the apache logs , This will capture the Client IP address to the access logs
Regards,
Prakash.

Similar Messages

Error while opening a report in FRstudio client machine.

Hi,I'm getting below error while opening a report in FRstudio client machine. please help me if any of you resolved this issue earlier.
client laptop: 64bit windows7
hyperion version: 11.1.2.2
error msg:
"HARSnapin Initialize() Error -2147467259 - ; nested exception is:
java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
java.io.InvalidClassException: com.hyperion.reporting.graphics.GridObject; local class incompatible: stream classdesc serialVersionUID = 5432192847655595077, local class serialVersionUID = -5245705824007679661"
thanks

I've seen umarshalling error when there is a difference between the client and server version. Is there a patch applied? I would recommend to uninstall the existing one and install if from Workspace. (this will ensure that you've the correct client version)
Regards
Celvin
http://www.orahyplabs.com

View data in client B from client A in the same SID without a valid logon?

Hi Folks
We are planning on upgrading our 4.6C system to ERP 6.0, and are initialy considering having two clients in the same sandbox SID. One would be for the developers to perform code remediation checks (client A), and one would contain a copy of production data for performing testing of functionality over live data (client B).
Would it be possible to view data in client B from client A in the same system without a valid logon to client B or RFC connection to client B from client A? For example via the use on an ABAP program to SQL the database?
I know one can use transactions like SM30/SM31 to view, compare, and adjust data between clients, but this requires an RFC connection and valid logon to the target client.
Regards
Kevin.

Hi Kevin.
>
Kevin McLatchie wrote:
> Would it be possible to view data in client B from client A in the same system without a valid logon to client B or RFC connection to client B from client A? For example via the use on an ABAP program to
Short answer: yes.
If someone has the right to write and execute ABAP reports on the system he is able to access the data of all clients. So I don't think that this setup is advisable. Don't mix development and production data in one system.
Best regards,
Jan

View not displaying the data in some of the clients

Hi,
Apps - 12.1.3
DB 11gr1
OS- RHEL 5.6, 64 bit
We have an application which is built using .net , but the database is 11gR1 we are connecting vis ODAC ... it was working good.
But when we treid to move to other server, we created a user B , created a VIEW.
But we are facing one strange problem that - when i query its showing data in client PC , but when i ran it from Windows Server 2008 R2 edtion no data is displaying?
Any hints y?
Thanks

Hi;
Is there any error message in alert and also tns,listener log? If no than I suggest rise SR
Regard
Helios

Podcast client downloads to wrong memory

The podcast client on my N95 8GB have begun the annoying habit of saving downloaded podcasts the the phone memory, and not to the 8GB mass storage unit, where it used to put them.
Any ideas on how to rectify this problem?

The podcast client on my N95 8GB have begun the annoying habit of saving downloaded podcasts the the phone memory, and not to the 8GB mass storage unit, where it used to put them.
Any ideas on how to rectify this problem?

Installation Problem on Pentium4 with ORACLE 8.1.7 Client

I tried to Install the ORACLE Client 8.1.7/8.1.6 on Pentium4 with NT platform. On inserting the CD it gave the first prompt and after Clicking the "INSTALL/DE-INSTALL PRODUCTS", system stops. Checking in the TaskManager helps us to know that 'setup.exe' and 'java.exe' were started for a fraction of the second and then stopped.
Tried to explore the issue and it seems that the JAVA version which ORACLE is using for the INSTALLATION of 8.1.7 is NonCompatible with the P4[NT Platform].
However, 8.0.5/8.0.6 Client version were successfully Installed on the same configuration.
Can Anyone help me out in Installing 8.1.6 on P4[NT base].
Thanks in advance

Is the machine you're trying to install on the
machine your display is running on?
If not, doing a
'xhost + name_of_machine_you_are_installing_on'
on the machine your display is running on should do the
trick.
Hope that helps.
M. Geselle

Softphone feature for Cisco Jabber Client

Hello everyone,
I have a CUCM cluster v.8.6.2 and a CUPS v.8.6.4. I've installed my full CUWL licenses as well as my CUP Licenses AND the Jabber for Everyone COP file. I've managed to install Jabber on Mac and on Windows and have all the features such as Chat, Desktop phone integration and Visual Voicemail with Cisco Unity Connection working as well. The only feature I'm having a huge hassle getting to work is the Softphone feature. I've tried adding a CUPC device with the user (btw everything is integrated and uses LDAP for authentication) as the digest account for it as well as the Owner ID. I've tried adding a CSF device as well (I remember reading it somewhere) but the Jabber client never discovers a Softphone device and all of the options on the client are grayed out for me to put in the device settings. I thought I saw it once looking for a device name CSFACILLI (ACILLI being my username) in the System Diagnostics for the Jabber for Mac client but now it just shows:
   Soft Phone Server
Server Address:           cucm02.mycompany.net
Server Port:                     2748
Server Protocol:           --
Device:                               --
Line ID:                               --
Status:                               Disconnected
Any help or thoughts on this would be greatly appreciated! Thanks!
Tony

Aaron,
Here's the bit I found interesting from the reporting function:
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CCUCMClient::downloadConfig -- begin:
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CCUCMClient::getCnfFile -- begin: , strDeviceName.c_str()=CSFacill, bHttp=FALSE
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CTFTPClient::Get -- begin: , remotefile=CTLFile.tlv, host=cucm02.mycompany.net, bIsAsyMode=TRUE, port=69
-- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] - TFTP_Error Select error
-- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] - TFTP_Error Can't get packet, retrycount=3
-- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] -   CTFTPClient::ContinueGet -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CTFTPClient::Get -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xb038d000] - CTFTPClient::ReceiveData -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CCUCMClient::getCnfFile -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CCUCMClient::downloadConfig -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xacab02c0] - CPhone::setPhoneMode -- end!
-- 2012-07-25 08:31:01.000 DEBUG [0xb030b000] - CTFTPClient::ReceiveData -- begin: , nCookie=5, bIsAsyMode=TRUE
It looks like it's trying to get CTLFile.tlv from my TFTP servers (which are my subscribers). I went under TFTP File Management under OS Administration on the Subscribers and no such file exists. Is this something I have to download from Cisco? It does look like it's trying for the correct device, just can't get the Configuration File it needs... Your thoughts?
Thanks,
Tony

Jabber Client softphone is "No Connected"

Hi,
I am trying to setup a lab for cisco partner testing. I created Collab 10.5 topology with cucm & cups 10.5. I am running out of ideas of what could be wrong. My jabber client for windows works with deskphone but it does not work with it's softphone (CSFXXXXX). Yes, i have CCMCIP profile created, user & device associated but still does not work both within lab network or external network
I am seeing the error below when I do a show connection status for the softphone - see attachment
Connection error. Ensure the server information in the Phone Services tab on the Options window is correct.
I do not have the "Phone Accounts" under options. I even uploaded jabber-config.xml file to tftp server and still no phone accounts tab. I can ping the cti hostname & ip from the pc i am working.
SOS
TIA
Jeya

Actually, I read it on a thread in this community. I just went thru’ the deployment guide and I saw that section too. I have uploaded it to the tftp server and no change for the phone tabs. Only the Directory service becomes online after uploading that file but no change on the phone account tabs. Below is the contents of the jabber-config.xml file that I generated using the file generator tool:
<?xml version="1.0" encoding="utf-8"?>
<config version="1.0">
<Options>
   <StartCallWithVideo>false</StartCallWithVideo>
   <Start_Client_On_Start_OS>true</Start_Client_On_Start_OS>
</Options>
<Phone>
   <TftpServer1>hq-cucm-pub.abc.inc</TftpServer1>
   <CtiServer1>hq-cucm-pub.abc.inc</CtiServer1>
   <CcmcipServer1>hq-cucm-pub.abc.inc</CcmcipServer1>
</Phone>
<Policies>
   <EnableSIPURIDialling>true</EnableSIPURIDialling>
   <DirectoryURI>mail</DirectoryURI>
   <ServicesDomainSsoEmailPrompt>OFF</ServicesDomainSsoEmailPrompt>
</Policies>
<Presence>
   <PresenceServerAddress>hq-cups.abc.inc</PresenceServerAddress>
</Presence>
<Directory>
   <ConnectionType>1</ConnectionType>
   <PrimaryServerName>directory.abc.inc</PrimaryServerName>
   <BDIPrimaryServerName>directory.abc.inc</BDIPrimaryServerName>
   <ServerPort1>389</ServerPort1>
   <BDIServerPort1>389</BDIServerPort1>
   <UseWindowsCredentials>0</UseWindowsCredentials>
   <ConnectionUsername>Administrator</ConnectionUsername>
   <BDIConnectionUsername>Administrator</BDIConnectionUsername>
   <ConnectionPassword>1vtG@lw@y</ConnectionPassword>
   <BDIConnectionPassword>1vtG@lw@y</BDIConnectionPassword>
</Directory>
</config>
Thks!
Jeya

How to delete file from client machine

Hi all,
we are using the DataBase: oracle:10g,
and forms/reports 10g(developer suite 10g-10.1.2.2).
can anybody help me how to delete the file from client machine in specified location using webutil or any
(i tried with webutil_host & client_host but it is working for application server only)
thank you.

hi
check this not tested.
PROCEDURE OPEN_FILE (V_ID_DOC IN VARCHAR2)
IS
-- Open a stored document --
LC$Cmd Varchar2(1280) ;
LC$Nom Varchar2(1000) ;
LC$Fic Varchar2(1280);
LC$Path Varchar2(1280);
LC$Sep Varchar2(1) ;
LN$But Pls_Integer ;
LB$Ok Boolean ;
-- Current Process ID --
ret WEBUTIL_HOST.PROCESS_ID ;
V_FICHERO VARCHAR2(500);
COMILLA VARCHAR2(4) := '''';
BOTON NUMBER;
MODO VARCHAR2(50);
URL VARCHAR2(500);
Begin
V_FICHERO := V_ID_DOC;
LC$Sep := '\';--WEBUTIL_FILE.Get_File_Separator ; -- 10g
LC$Nom := V_FICHERO;--Substr( V_FICHERO, instr( V_FICHERO, LC$Sep, -1 ) + 1, 100 ) ;
--LC$Path := CLIENT_WIN_API_ENVIRONMENT.Get_Temp_Directory ;
LC$Path := 'C:';
LC$Fic := LC$Path || LC$Sep || LC$Nom ;
If Not webutil_file_transfer.DB_To_Client
LC$Fic,
'TABLE_NAME',
'ITEM_NAME',
'WHERE'
) Then
Raise Form_trigger_Failure ;
End if ;
LC$Cmd := 'cmd /c start "" /MAX /WAIT "' || LC$Fic || '"' ;
Ret := WEBUTIL_HOST.blocking( LC$Cmd ) ;
LN$But := WEBUTIL_HOST.Get_return_Code( Ret ) ;
If LN$But 0 Then
Set_Alert_Property( 'ALER_STOP_1', TITLE, 'Host() command' ) ;
Set_Alert_Property( 'ALER_STOP_1', ALERT_MESSAGE_TEXT, 'Host() command error : ' || To_Char( LN$But ) ) ;
LN$But := Show_Alert( 'ALER_STOP_1' ) ;
LB$Ok := WEBUTIL_FILE.DELETE_FILE( LC$Fic ) ;
Raise Form_Trigger_Failure ;
End if ;
If Not webutil_file_transfer.Client_To_DB
LC$Fic,
'TABLE_NAME',
'ITEM_NAME',
'WHERE'
) Then
NULL;
Else
Commit ;
End if ;
LB$Ok := WEBUTIL_FILE.DELETE_FILE( LC$Fic ) ;
Exception
When Form_Trigger_Failure Then
Raise ;
End ;sarah

Remote Access VPN Clients Cannot Access inside LAN

I have been asked to set up remote access VPN on an ASA 5505 that I previously had no invlovement with. I have set it up the VPN using the wizard, they way I normally do, but the clients have no access to anything in the inside subnet, not even the inside interface IP address of the ASA. Thay can ping each other. The remote access policy below that I am working on is labeled VPNPHONE, address pool 172.16.20.1-10. I do not need split tunneling to be enabled. The active WAN interface is the one labeled outside_cable.
: Saved
ASA Version 8.2(1)
hostname ASA5505
domain-name default.domain.invalid
enable password eelnBRz68aYSzHyz encrypted
passwd eelnBRz68aYSzHyz encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.100.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
pppoe client vpdn group dataDSL
ip address 76.244.75.57 255.255.255.255 pppoe
interface Vlan3
nameif dmz
security-level 50
ip address 192.168.9.1 255.255.255.0
interface Vlan10
nameif outside_cable
security-level 0
ip address 50.84.96.178 255.255.255.240
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
switchport access vlan 10
interface Ethernet0/2
switchport access vlan 3
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone CST -6
clock summer-time CDT recurring
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit intra-interface
object-group service Netbios udp
port-object eq 139
port-object eq 445
port-object eq netbios-ns
object-group service Netbios_TCP tcp
port-object eq 445
port-object eq netbios-ssn
object-group network DM_INLINE_NETWORK_1
network-object host 192.168.100.177
network-object host 192.168.100.249
object-group service Web_Services tcp
port-object eq ftp
port-object eq ftp-data
port-object eq www
port-object eq https
object-group network DM_INLINE_NETWORK_10
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_11
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_2
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_3
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_4
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_5
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_6
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_7
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_8
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network DM_INLINE_NETWORK_9
network-object host 192.168.9.10
network-object host 192.168.9.4
object-group network VPN
network-object 192.168.255.0 255.255.255.0
access-list outside_access_in extended permit icmp any host 76.244.75.61
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp
access-list outside_access_in extended permit tcp any host 76.244.75.61 eq ftp-data
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.62 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.59 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.60 eq https
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq www
access-list outside_access_in extended permit tcp any host 76.244.75.58 eq https
access-list dmz_access_in remark Quickbooks
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_6 host 192.168.100.5 eq 56719
access-list dmz_access_in remark Quickbooks range
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_7 host 192.168.100.5 range 55333 55337
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_8 host 192.168.100.5 eq 1434
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_9 host 192.168.100.5 eq 49398
access-list dmz_access_in remark QB
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_10 host 192.168.100.5 eq 8019
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_2 host 192.168.100.5 eq 2638
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_11 host 192.168.100.5 object-group Netbios
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_3 host 192.168.100.5 object-group Netbios_TCP
access-list dmz_access_in extended deny ip host 192.168.9.4 host 192.168.100.5 inactive
access-list dmz_access_in extended permit udp object-group DM_INLINE_NETWORK_4 any
access-list dmz_access_in extended permit tcp object-group DM_INLINE_NETWORK_5 any
access-list dmz_access_in remark Printer
access-list dmz_access_in extended permit ip 192.168.9.0 255.255.255.0 object-group DM_INLINE_NETWORK_1
access-list dmz_access_in extended permit tcp 192.168.9.0 255.255.255.0 any object-group Web_Services
access-list dmz_access_in extended permit udp 192.168.9.0 255.255.255.0 any eq domain
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.255.0 255.255.255.0 echo-reply
access-list dmz_access_in extended permit icmp 192.168.9.0 255.255.255.0 192.168.100.0 255.255.255.0 echo-reply log disable
access-list dmz_access_in remark QB probably does not need any udp
access-list dmz_access_in extended permit udp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark QB included in other rule range
access-list dmz_access_in extended permit tcp host 192.168.9.4 host 192.168.100.5 eq 55333 inactive
access-list dmz_access_in remark May be required for Quickbooks
access-list dmz_access_in extended permit icmp host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.9.4 host 192.168.100.5
access-list CAD_capture extended permit ip host 192.168.100.5 host 192.168.9.4
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.10.0 255.255.255.240
access-list inside_nat0_outbound extended permit ip any 172.16.20.0 255.255.255.240
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.100.0 255.255.255.0
access-list cad_supplies_RAVPN_splitTunnelAcl standard permit 192.168.9.0 255.255.255.0
access-list dmz_nat0_outbound extended permit ip any 192.168.255.0 255.255.255.0
access-list outside_cable_access_in extended permit icmp any host 50.84.96.182
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp
access-list outside_cable_access_in extended permit tcp any host 50.84.96.182 eq ftp-data
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.183 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.180 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.181 eq https
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq www
access-list outside_cable_access_in extended permit tcp any host 50.84.96.179 eq https
access-list Local_LAN_Access standard permit host 0.0.0.0
access-list vpnusers_spitTunnelACL extended permit ip 192.168.100.0 255.255.255.0 any
access-list nonat-in extended permit ip 192.168.100.0 255.255.255.0 172.16.20.0 255.255.255.0
pager lines 24
logging enable
logging buffered informational
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
mtu outside_cable 1500
ip local pool VPN_IP_range 192.168.255.1-192.168.255.10 mask 255.255.255.0
ip local pool VPN_Phone 172.16.20.1-172.16.20.10 mask 255.255.255.0
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
nat-control
global (outside) 10 interface
global (outside_cable) 10 interface
nat (inside) 0 access-list nonat-in
nat (inside) 10 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list dmz_nat0_outbound
nat (dmz) 10 0.0.0.0 0.0.0.0
static (inside,outside) 76.244.75.62 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.61 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.59 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside) 76.244.75.58 192.168.9.4 netmask 255.255.255.255 dns
static (inside,dmz) 192.168.100.0 192.168.100.0 netmask 255.255.255.0
static (dmz,outside) 76.244.75.60 192.168.9.10 netmask 255.255.255.255 dns
static (inside,outside_cable) 50.84.96.183 192.168.100.25 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.182 192.168.9.123 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.180 192.168.9.124 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.179 192.168.9.4 netmask 255.255.255.255 dns
static (dmz,outside_cable) 50.84.96.181 192.168.9.10 netmask 255.255.255.255 dns
access-group outside_access_in in interface outside
access-group dmz_access_in in interface dmz
access-group outside_cable_access_in in interface outside_cable
route outside_cable 0.0.0.0 0.0.0.0 50.84.96.177 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
http 192.168.100.0 255.255.255.0 inside
http 204.107.173.0 255.255.255.0 outside
http 204.107.173.0 255.255.255.0 outside_cable
http 0.0.0.0 0.0.0.0 outside_cable
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TRANS_ESP_3DES_SHA esp-3des esp-sha-hmac
crypto ipsec transform-set TRANS_ESP_3DES_SHA mode transport
crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set pfs
crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 set transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_cable_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_cable_map interface outside_cable
crypto map outside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map outside_map interface outside
crypto map inside_map 65535 ipsec-isakmp dynamic SYSTEM_DEFAULT_CRYPTO_MAP
crypto map inside_map interface inside
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp enable outside_cable
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp policy 30
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
telnet 192.168.100.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh 204.107.173.0 255.255.255.0 outside
ssh 204.107.173.0 255.255.255.0 outside_cable
ssh 0.0.0.0 0.0.0.0 outside_cable
ssh timeout 15
console timeout 0
vpdn group dataDSL request dialout pppoe
vpdn group dataDSL localname [email protected]
vpdn group dataDSL ppp authentication pap
vpdn username [email protected] password *********
dhcpd address 192.168.100.30-192.168.100.99 inside
dhcpd dns 192.168.100.5 68.94.156.1 interface inside
threat-detection basic-threat
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
webvpn
group-policy DefaultRAGroup internal
group-policy DefaultRAGroup attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec l2tp-ipsec
group-policy cad_supplies_RAVPN internal
group-policy cad_supplies_RAVPN attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value cad_supplies_RAVPN_splitTunnelAcl
group-policy VPNPHONE internal
group-policy VPNPHONE attributes
dns-server value 192.168.100.5
vpn-tunnel-protocol IPSec
split-tunnel-policy excludespecified
split-tunnel-network-list value Local_LAN_Access
client-firewall none
client-access-rule none
username swinc password BlhBNWfh7XoeHcQC encrypted
username swinc attributes
vpn-group-policy cad_supplies_RAVPN
username meredithp password L3lRjzwb7TnwOyZ1 encrypted
username meredithp attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username ipphone1 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone1 attributes
vpn-group-policy VPNPHONE
username ipphone2 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone2 attributes
vpn-group-policy VPNPHONE
username ipphone3 password LOjpmeIOshVdCSOU encrypted privilege 0
username ipphone3 attributes
vpn-group-policy VPNPHONE
username oethera password WKJxJq7L6wmktFNt encrypted
username oethera attributes
vpn-group-policy cad_supplies_RAVPN
service-type remote-access
username markh password nqH+bk6vj0fR83ai0SAxkg== nt-encrypted
username markh attributes
vpn-group-policy cad_supplies_RAVPN
tunnel-group DefaultRAGroup general-attributes
default-group-policy DefaultRAGroup
tunnel-group DefaultRAGroup ipsec-attributes
pre-shared-key *
tunnel-group DefaultRAGroup ppp-attributes
authentication ms-chap-v2
tunnel-group cad_supplies_RAVPN type remote-access
tunnel-group cad_supplies_RAVPN general-attributes
address-pool VPN_IP_range
default-group-policy cad_supplies_RAVPN
tunnel-group cad_supplies_RAVPN ipsec-attributes
pre-shared-key *
tunnel-group VPNPHONE type remote-access
tunnel-group VPNPHONE general-attributes
address-pool VPN_Phone
default-group-policy VPNPHONE
tunnel-group VPNPHONE ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 1500
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:8b25ecc61861a2baa6d2556a3679cc7c
: end

Hi,
You have your "group-policy" set so that you have excluding some networks from being tunneled.
In this access-list named Local_LAN_Access you specify "0.0.0.0"
Doesnt this mean you are excluding all networks from being tunneled? In other words no traffic goes to your tunnel.
This access-list should only contain your local LAN network from where you are connecting with the VPN Client. If you dont need to access anything on your local LAN while having the VPN on, you don't even need this setting on. You could just tunnel all traffic instead of excluding some networks.
- Jouni

ASA 5505 VPN client LAN access problem

Hello,
I'm not expert in ASA and routing so I ask some support the following case.
There is a Cisco VPN client (running on Windows 7) and an ASA5505.
The goals are client could use remote gateway on ASA for Skype and able to access the devices in ASA inside interface.
The Skype works well but I cannot access devices in the interface inside via VPN connection.
Can you please check my following config and give me advice to correct NAT or VPN settings?
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password wDnglsHo3Tm87.tM encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Vlan3
no forward interface Vlan1
nameif dmz
security-level 50
no ip address
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
dns server-group DefaultDNS
domain-name default.domain.invalid
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list inside_access_in extended permit tcp 192.168.1.0 255.255.255.0 any
access-list inside_access_in extended permit udp 192.168.1.0 255.255.255.0 any
access-list outside_access_in extended permit ip any 192.168.1.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool VPNPOOL 10.0.0.200-10.0.0.220 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 1 10.0.0.0 255.255.255.0
nat (inside) 1 192.168.1.0 255.255.255.0
nat (outside) 1 10.0.0.0 255.255.255.0
access-group inside_access_in in interface inside
access-group outside_access_in in interface outside
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 192.168.1.0 255.255.255.0 inside
ssh timeout 5
ssh version 2
console timeout 0
dhcpd auto_config outside
dhcpd address 192.168.1.2-192.168.1.33 inside
dhcpd dns xx.xx.xx.xx interface inside
dhcpd enable inside
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server value 84.2.44.1
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec webvpn
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem enable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
smartcard-removal-disconnect enable
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
deny-message value Login was successful, but because certain criteria have not been met or due to some specific group policy, you do not have permission to use any of the VPN features. Contact your IT administrator for more information
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy XXXXXX internal
group-policy XXXXXX attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelall
split-tunnel-network-list none
username XXXXXX password G910DDfbV7mNprdR encrypted privilege 15
username XXXXXX password 5p9CbIe7WdF8GZF8 encrypted privilege 0
username XXXXXX attributes
vpn-group-policy XXXXXX
username XXXXX password cRQbJhC92XjdFQvb encrypted privilege 15
tunnel-group XXXXXX type ipsec-ra
tunnel-group XXXXXX general-attributes
address-pool VPNPOOL
default-group-policy XXXXXX
tunnel-group XXXXXX ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:a8fbb51b0a830a4ae823826b28767f23
: end
ciscoasa#
Thanks in advance!
fbela

config#no nat (inside) 1 10.0.0.0 255.255.255.0 < This is not required.
Need to add - config#same-security-traffic permit intra-interface
#access-list extended nonat permit ip 192.168.1.0 255.255.255.0 10.0.0.0 255.255.255.0
#nat (inside) 0 access-list nonat
Please add and test it.
Thanks
Ajay

VPN client and radius or CAR

Hello:
I am trying to setup remote access vpn on IOS router with cisco Radius or CAR.
the vpn client user needs to be authenticated by group id and password, and user id and password.
How should I setup CAR, could someone provides me an example?
I saw this sample, but there is no relationship between user and group.
Any suggestions?
thx
[ //localhost/RADIUS/UserLists/Default/joe-coke ]
Name = joe-coke
Description =
Password = <encrypted>
AllowNullPassword = FALSE
Enabled = TRUE
Group~ =
BaseProfile~ =
AuthenticationScript~ =
AuthorizationScript~ =
UserDefined1 =
[ //localhost/RADIUS/UserLists/Default/group1 ]
Name = group1
Description =
Password = <encrypted> (would be "cisco")
AllowNullPassword = FALSE
Enabled = TRUE
Group~ =
BaseProfile~ = group1profile
AuthenticationScript~ =
AuthorizationScript~ =
UserDefined1 =
Define the group attributes such as pre-shared key, IP address pool name, etc. using Cisco
AV-pairs:
[ //localhost/RADIUS/Profiles/group1profile/Attributes ]
cisco-avpair = ipsec:key-exchange=ike
cisco-avpair = ipsec:tunnel-password=cisco123
cisco-avpair = ipsec:addr-pool=pool1
Service-Type = Outbound

you can define the group locally on the router to define the values which the client will use to build the tunnel (pre-shared key, etc). The client's username/pw can then be defined within AAA server to allow access to the network once the tunnel has been established.
The link below should show how to setup the group config in IOS and you should change the AAA method to point to radius instead of local to authenticate the client at your AAA server.
http://www.cisco.com/en/US/partner/products/sw/secursw/ps2308/products_configuration_example09186a00801c4246.shtml

ASA 5505 VPN clients can't ping router or other clients on network

I have a ASA5505 and it has a vpn set up. The VPN user connects using the Cisco VPN client. They can connect fine (the get an ip address from the ASA), but they can't ping the asa or any clients on the network. Here is the running config:
Result of the command: "show running-config"
: Saved
ASA Version 7.2(4)
hostname ASA
domain-name default.domain.invalid
enable password kdnFT44SJ1UFX5Us encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.0.0.4 Server
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list vpn_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 10.0.0.192 255.255.255.192
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNpool 10.0.0.220-10.0.0.240 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
static (inside,outside) tcp interface pop3 Server pop3 netmask 255.255.255.255
static (inside,outside) tcp interface www Server www netmask 255.255.255.255
static (inside,outside) tcp interface https Server https netmask 255.255.255.255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable 480
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
group-policy vpn internal
group-policy vpn attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_splitTunnelAcl
username admin password wwYXKJulWcFrrhXN encrypted privilege 15
username VPNuser password fRPIQoKPyxym36g7 encrypted privilege 15
username VPNuser attributes
vpn-group-policy vpn
tunnel-group vpn type ipsec-ra
tunnel-group vpn general-attributes
address-pool VPNpool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:df7d1e4f34ee0e155cebe86465f367f5
: end
Any ideas what I need to add to get the vpn client to be able to ping the router and clients?
Thanks.

I tried that and it didn't work. As for upgrading the ASA version, I'd like to but this is an old router and I don't have a support contract with Cisco anymore, so I can't access the latest firmware.
here is the runnign config again:
Result of the command: "show startup-config"
: Saved
: Written by enable_15 at 01:48:37.789 MDT Wed Jun 20 2012
ASA Version 7.2(4)
hostname ASA
domain-name default.domain.invalid
enable password kdnFT44SJ1UFX5Us encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 10.0.0.4 Server
interface Vlan1
nameif inside
security-level 100
ip address 10.0.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
ftp mode passive
clock timezone MST -7
clock summer-time MDT recurring
dns domain-lookup inside
dns domain-lookup outside
dns server-group DefaultDNS
domain-name default.domain.invalid
access-list vpn_splitTunnelAcl standard permit any
access-list inside_nat0_outbound extended permit ip any 10.0.0.192 255.255.255.192
pager lines 24
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPNpool 10.0.0.220-10.0.0.240 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
asdm location Server 255.255.255.255 inside
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface smtp Server smtp netmask 255.255.255.255
static (inside,outside) tcp interface pop3 Server pop3 netmask 255.255.255.255
static (inside,outside) tcp interface www Server www netmask 255.255.255.255
static (inside,outside) tcp interface https Server https netmask 255.255.255.255
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
http server enable 480
http 10.0.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd auto_config outside
group-policy vpn internal
group-policy vpn attributes
vpn-tunnel-protocol IPSec
split-tunnel-policy tunnelspecified
split-tunnel-network-list value vpn_splitTunnelAcl
username admin password wwYXKJulWcFrrhXN encrypted privilege 15
username VPNuser password fRPIQoKPyxym36g7 encrypted privilege 15
username VPNuser attributes
vpn-group-policy vpn
tunnel-group vpn type ipsec-ra
tunnel-group vpn general-attributes
address-pool VPNpool
default-group-policy vpn
tunnel-group vpn ipsec-attributes
pre-shared-key *
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
service-policy global_policy global
prompt hostname context
Cryptochecksum:78864f4099f215f4ebdd710051bdb493

Alert or Notification for Client Open and Close

Hi All,
How to configure an Alert or Notification, if the Client (SCC4 and SE06) is open and in modifiable state, we have spoken to our solman team and got the confirmation that there is no MT Class for SCC4 and SE06.
If this is possible through any z program, please do help and provide your comments and suggestions.
Thanks & Regards
Praveen

It is possible to assign a different posting period variant to company code in a non-leading ledgers (the extreme right field) in the foll. node in SPRO.
Financial Accounting (New) -> Financial Accounting Global Settings (New) -> Ledgers -> Ledger -> Define and Activate Non-Leading Ledgers

Questions on scripts, tables & transfer objects between clients.

1. In script, how to use the same print program for two different layouts? with procedure.!
2. Why cant sapscripts be client independent.?
3. Want to maintain a table in dev server and if i update the data, it should simultanously update in Quality and Production servers. How? please explain in details.
4. How to transfer object between clients.? explain.
Points will be promptly rewarded for HELPFULL answers.!

Hi!
3. With SE01, you can create a transport request for all table entries.
SE01 - Create button - Workbench request - Give description and save
Select the created request and click on Display object list.
Click on Display - Change button
Insert line button
ProgID: R3TR
Object: TABU
Object name: Z_YOUR_TABLE
Double click on the table name
Insert line
Key: *
Save everything
Release the transport in SE10 transaction and transport with STMS transaction.
Regards
Tamá

Excel output of report on client machine

excel output report on client machine
hello
i am running report from app server, output is excel file...
using following URL
web.show_document(rpt_url ||'&report='||rpt_path||'batch_idcards_print_excel.rdf&desformat=spreadsheet&destype=file&desname=c:\batch.xls','_blank');
----this stores the excel file at app server under c:\
now i want to save it on client machine... how can i do that ?
from one forum, i got help , so i changed URL as below
web.show_document(rpt_url ||'&report='||rpt_path||'batch_idcards_print_excel.rdf&desformat=spreadsheet&mimetype=application/msexcel&destype=FILE&title=batch.xls','_blank');
when i open report, no window opens for saving file...a new window opens and gets closed itself immediately...
wht is the problem?... client machine having MS office excel 2003...

Dear
Could you, please, tell us what you've done to solve this issue? We're facing the same problem, and until now we couldn't figure out what is exactly happening.
Thanks in advance for any help.

Client IP 추적에 관해서 문의드립니다.

Similar Messages

Maybe you are looking for