How to force one way traffic - JSP Servlet?

JSP "A" displays one quiz question (retrieved out of the database).
When the user hits submit, the "post" info is sent and processed by servlet "B".
Servlet "B" also retrieves a new question out of the database, and sends that new question back to JSP "A" for display.
User submits answer... back to servlet "B" where the process is repeated until the total questions hits 25.
Then another JSP "C" displays the quiz score and that variable gets stored in the database.
My question:
I want to be able to detect if the user hits the back button because if he/she does, my scoring is not correct any longer. Also I want to prevent that the user can see and re-answer a previous question by using the backbutton (only one chance to answer).
*Any ideas on how I can detect if the user hits the back button without using javascript?*
I was told before to compare a hidden field on JSP "A" with a step variable stored in the user's session. Then if these 2 were off (because theback button was hit, the user would be directed to an error/warning page). Exactly what I need! However, I don't see how the value stored in the hidden field in the JSP can be compared to the session variable since the hidden field's value never changes. Correct??? Am I missing something?

No, you'd give each question a number, and keep track on the user's side what questions they've already answered. If the user submits an already-answered question, you could then easily detect that.
If you wanted to be extra paranoid, you could set a random number in another hidden field. When you retrieve the question from the database, select a random number (from a big range, so the user can't easily guess it) and store it in the user's session, and put it in the hidden field. When the user submits their answer, compare the two. If they're not the same, raise an error.
If the user tries hitting the back button and re-submits...then at this point, you would have chosen a new number, but they would be seeing the old old. When they submit again, the numbers wouldn't match.
Also: you should send an Expires: header when you send the JSP page, to prevent the page from being cached. That way, when the user goes to page A, they'll always see the latest question.
A cheater could alter their browser (or use a proxy, or whatever) to cache regardless, but they can't change the fact that the server is tracking which questions have already been asked and what the paranoia number is.

Similar Messages

How to implement this function in JSP/Servlet env?

Hi all,
I working on a project, it provides functionality to upload file using JSP/Servlet. In the first JSP page, there is file location and submit button. After user select a file to upload and click submit button, a message, like "sending file to XXXX", will be shown on the screen. Once uploading and validation are done on the server-side, a successful/error msg will be shown to user.
Here I have a question for the "sending..." msg and the successful/error msg. They should be put in one jsp page or in two separate page? how to implement them?
Thanks for any help!
Tranquil

For the sending message... Well, the thing is, when you click submit, it's sending the file to the server and the server is processing it, and this is all done before the "complete" page is sent to the server. So one would need to use some Javascript on the page before the actual submit happens to show some message. This is done on Ebay when you put something for sale, you can upload an image, and there is a little popup message telling you that it's uploading, and it is removed when the process is done. Now, I'm not sure the exact details of how this works, but my educated guess is this:
1) The onsubmit function of the form checks that the file upload fields have a value (no need to popup a message if no file upload, since that's what usually takes the time, although it could just be assumed there is a file). If a file is to be uploaded, or just want to show the message anyway, a new popup window is opened with the window.open method and the "sending" message is shown (either written via Javascript or just load a small web page to the window).
2) The popup window, since you can't transfer the window object from the form page to the next page, has to check window.opener for some value that the success/error page would have to set. The success/error page could use it's body onload function to set a variable in it's own window object to denote that the page is loaded. The popup window can use a looping check using setTimeout or setInterval in Javascript to check for window.opener.isLoadedVariable to be present, and if so, close itself.
I've never done that, but I see no reason why it wouldn't work.

How can I call EJB from JSP/Servlets in iWS?

Hi!!
My JSP/Servlets are on iWS, and I deploy EJB on iAS.
In this case, I don't know how JSP/Servlet call EJb on iAS.
I'd like to know how I can set JNDI name in JSP/Servlet on iWS.
I will thank you if you give me a simple example source using JSP/Servlet
and EJB.
Thanks in advance!!!
- Park-

Park,
Why Are you running your JSP/Servlets in iWS instead of iAS? For whatever
reason,
look at the Converter sample from iAS. You will be doing RMI/IIOP in this
case and the sample explains in detail what to do.
hth,
-robert
"SungHyun, Park" <[email protected]> wrote in message
news:9jpfmt$[email protected]..
Hi!!
My JSP/Servlets are on iWS, and I deploy EJB on iAS.
In this case, I don't know how JSP/Servlet call EJb on iAS.
I'd like to know how I can set JNDI name in JSP/Servlet on iWS.
I will thank you if you give me a simple example source using JSP/Servlet
and EJB.
Thanks in advance!!!
- Park-

How do i Create charts using JSP/Servlet & Database

I have to create charts which shows the graph of stock exchange.
i have a database that keeps the data for creating charts.
But i did not know how to create charts using jsp-servlet.
Any Example might help me to go forward.
Any help will be really appreciated.
Please Advice me.

JFreeChart - You can generate the charts then convert them to image formats (PNG and JPEG) all using the JFreeChart API
http://www.jfree.org/jfreechart/

How to do one way synch from PC to phone ONLY for contacts and Calendar

Does anyone know how you can synch only ONE WAY - from Outlook on PC to Iphone? I want no information to change in Outlook Calendar or Contacts. I don't want the phone to make any changes to Contacts or Calendar on PC. Thanks!

You've posted this in the *Mac OS X Technologies > iSync* forum.
iSync is a Mac-only application for syncing Contacts and Calendars from the Mac Address Book and iCal to mobile phones and PDAs.
It has nothing to do with the iPhone, Outlook or Windows PCs.
Try the *iPhone - Mail, Contacts and Calendars* forum here:
http://discussions.apple.com/forum.jspa?forumID=1144

How to use connection pool in jsp/servlet ?

I found I can "lookup" it in either java beans/servlets/JSP using JNDI. why?
what is the best practice to use it in a jsp/servlet web app considering JNDI lookuping expensive?
Thanks!
Bo
Edited by: BobXu on Nov 17, 2008 2:27 PM
Edited by: BobXu on Nov 17, 2008 2:32 PM

Huh?
You can lookup a JNDI resource from anywhere in java code you want to. As long as you have a repository set up to search on :-)
Of course whether that resource is available or not is a different matter. If you let the server set up the JNDI resource for you, then you can't run it standalone outside the server without something else setting the same thing up :-)
So its not so much a limitation of beans, but just the environment you run the code in.
Best practice? Don't write sql queries in JSP pages :-)
For the rest you might consider the DAO pattern. Or ignore SQL altogether and let hibernate do the work there for you.
Cheers,
evnafets

How to solve one way audio problem

i use cm 4.1(3) and i have one way audio problem ,i guess cause of NAT or firewall so i open all port that access-list block but i still have problem . i think nat is the problem .So which way does i have to fix this out
pls tell me how

Take a look at the following link.
Troubleshooting One Way Voice Issues
http://www.cisco.com/en/US/tech/tk652/tk698/technologies_tech_note09186a008009484b.shtml
Hope this helps. If so, please rate the post.
Brandon

IPSec secured L2TPv3 - one way traffic in L2 tunnel

Sigh... after 7 hours battling coming here because I've exhausted all my options to find an answer for my problem.
So here is the topology - standard (boring) IPSec secured L2TPv3 tunnel: on one side - 897 connected to a DSL box, on another side - 1921 with two interfaces.
Purpose to setup a plain L2TPv3 tunnel between those locations so computers plugged into the 897's 8-port switch interface can communicate with number of devices connected to 1921 on other side.
897:
crypto ikev2 keyring key1
peer destination_ip_address
address local_outside_ip_address
pre-shared-key key
crypto ikev2 profile default
match identity remote address 1921_outside_ip_address 255.255.255.255
identity local address 897_outside_ip_address
authentication remote pre-share
authentication local pre-share
keyring local key1
crypto ikev2 dpd 30 3 periodic
controller VDSL 0
ip ssh rsa keypair-name router-key
ip ssh version 2
pseudowire-class DZD
encapsulation l2tpv3
ip local interface Loopback1
ip pmtu
ip dfbit set
ip tos reflect
crypto ipsec transform-set default esp-aes esp-sha-hmac
mode tunnel
crypto ipsec df-bit set
crypto map local 1 ipsec-isakmp
set peer 1921_outside_ip_address
set ikev2-profile default
match address 130
interface Loopback1
ip address 172.16.1.1 255.255.255.255
interface ATM0
no ip address
no atm ilmi-keepalive
interface Ethernet0
no ip address
interface GigabitEthernet0
no ip address
interface GigabitEthernet1
no ip address
interface GigabitEthernet2
no ip address
interface GigabitEthernet3
no ip address
xconnect 172.16.1.2 1 encapsulation l2tpv3 pw-class DZD
interface GigabitEthernet4
no ip address
interface GigabitEthernet5
no ip address
interface GigabitEthernet6
no ip address
interface GigabitEthernet7
no ip address
interface GigabitEthernet8
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Wlan-GigabitEthernet8
no ip address
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip unnumbered Vlan1
interface Vlan1
ip address 10.97.2.29 255.255.255.0
interface Dialer1
mtu 1492
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ipv6 address autoconfig
ppp authentication pap callin
ppp pap sent-username DSL_username password DSL_password
crypto map local
ip forward-protocol nd
ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 130 permit ip host 172.16.1.1 host 172.16.1.2
dialer-list 1 protocol ip permit
c897#
1921:
crypto ikev2 keyring key1
peer 897_outside_ip_address
address 897_outside_ip_address
pre-shared-key key
crypto ikev2 profile default
match identity remote address 897_outside_ip_address 255.255.255.255
identity local address 1921_outside_ip_address
authentication remote pre-share
authentication local pre-share
keyring local key1
crypto ikev2 dpd 30 3 periodic
ip ssh version 2
lldp run
pseudowire-class ZRH
encapsulation l2tpv3
ip local interface Loopback1
ip pmtu
ip dfbit set
ip tos reflect
crypto ipsec transform-set default esp-aes esp-sha-hmac
mode tunnel
crypto ipsec df-bit set
crypto map local 1 ipsec-isakmp
set peer 897_outside_ip_address
set ikev2-profile default
match address 130
interface Loopback1
ip address 172.16.1.2 255.255.255.255
interface Embedded-Service-Engine0/0
no ip address
interface GigabitEthernet0/0
description WAN-ACC
ip address 1921_outside_ip_address 255.255.255.0
duplex auto
speed auto
crypto map local
interface GigabitEthernet0/1
description LAN-Trunk
no ip address
duplex auto
speed auto
xconnect 172.16.1.1 1 encapsulation l2tpv3 pw-class ZRH
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 default_gateway_of_1921
logging host 10.96.2.21
access-list 130 permit ip host 172.16.1.2 host 172.16.1.1
pnc01921#
Note - 1921 is connected to the Nexus 2248TP FEX, here is the config of the interface of the FEX:
pnc00001# sh run int e101/1/6
!Time: Thu May 1 06:15:02 2014
version 5.0(3)N2(2b)
interface Ethernet101/1/6
switchport access vlan 702
Now, IPsec tunnel comes up and does pass traffic - I can ping from one l1 another l1, below is the output from 897:
sh cry ike sa
IPv4 Crypto IKEv2 SA
Tunnel-id Local Remote fvrf/ivrf Status
1 897_outside_ip_address/500 1921_outside_ip_address/500 none/none READY
Encr: AES-CBC, keysize: 256, Hash: SHA512, DH Grp:5, Auth sign: PSK, Auth verify: PSK
Life/Active Time: 86400/76 sec
IPv6 Crypto IKEv2 SA
#sh cry ips sa
interface: Dialer1
Crypto map tag: local, local addr 897_outside_ip_address
protected vrf: (none)
local ident (addr/mask/prot/port): (172.16.1.1/255.255.255.255/0/0)
remote ident (addr/mask/prot/port): (172.16.1.2/255.255.255.255/0/0)
current_peer 1921_outside_ip_address port 500
PERMIT, flags={origin_is_acl,}
#pkts encaps: 7, #pkts encrypt: 7, #pkts digest: 7
#pkts decaps: 51, #pkts decrypt: 51, #pkts verify: 51
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0
#pkts not decompressed: 0, #pkts decompress failed: 0
#send errors 0, #recv errors 0
local crypto endpt.: 897_outside_ip_address, remote crypto endpt.: 1921_outside_ip_address
path mtu 1492, ip mtu 1492, ip mtu idb Dialer1
current outbound spi: 0x852BF1F2(2234249714)
PFS (Y/N): N, DH group: none
inbound esp sas:
spi: 0x5D9DFB1A(1570634522)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 2, flow_id: Onboard VPN:2, sibling_flags 80000040, crypto map: local
sa timing: remaining key lifetime (k/sec): (4190855/3504)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
inbound ah sas:
inbound pcp sas:
outbound esp sas:
spi: 0x852BF1F2(2234249714)
transform: esp-aes esp-sha-hmac ,
in use settings ={Tunnel, }
conn id: 1, flow_id: Onboard VPN:1, sibling_flags 80000040, crypto map: local
sa timing: remaining key lifetime (k/sec): (4190863/3504)
IV size: 16 bytes
replay detection support: Y
Status: ACTIVE(ACTIVE)
#ping 172.16.1.2 sour l1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/23/24 ms
Now, L2 tunnel shows to be up on both ends as well (output from 897 here)
#sh xconnect all
Legend: XC ST=Xconnect State S1=Segment1 State S2=Segment2 State
UP=Up DN=Down AD=Admin Down IA=Inactive
SB=Standby RV=Recovering NH=No Hardware
XC ST Segment 1 S1 Segment 2 S2
------+---------------------------------+--+---------------------------------+--
UP ac Gi3(Ethernet) UP l2tp 172.16.1.2:1 UP
However, if you look at detailed output of l2tunn, you will see that the tunnel receives traffic from 1921, but does not send anything:
#sh l2tun tunnel all
L2TP Tunnel Information Total tunnels 1 sessions 1
Tunnel id 3504576447 is up, remote id is 2898810219, 1 active sessions
Locally initiated tunnel
Tunnel state is established, time since change 00:19:34
Tunnel transport is IP (115)
Remote tunnel name is pnc01921
Internet Address 172.16.1.2, port 0
Local tunnel name is pnc0DRZD
Internet Address 172.16.1.1, port 0
L2TP class for tunnel is l2tp_default_class
Counters, taking last clear into account:
0 packets sent, 763 received
0 bytes sent, 65693 received
Last clearing of counters never
Counters, ignoring last clear:
0 packets sent, 763 received
0 bytes sent, 65693 received
Control Ns 18, Nr 9
Local RWS 512 (default), Remote RWS 512 (max)
Control channel Congestion Control is disabled
Tunnel PMTU checking enabled
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 2
Total resends 0, ZLB ACKs sent 8
Total out-of-order dropped pkts 0
Total out-of-order reorder pkts 0
Total peer authentication failures 0
Current no session pak queue check 0 of 5
Retransmit time distribution: 0 0 0 0 0 0 0 0 0
Control message authentication is disabled
Mirrored situation on other side - 1921 sends packets, but nothing is received:
pnc01921#sh l2tun tunnel all
L2TP Tunnel Information Total tunnels 1 sessions 1
Tunnel id 2898810219 is up, remote id is 3504576447, 1 active sessions
Remotely initiated tunnel
Tunnel state is established, time since change 00:21:15
Tunnel transport is IP (115)
Remote tunnel name is pnc0DRZD
Internet Address 172.16.1.1, port 0
Local tunnel name is pnc01921
Internet Address 172.16.1.2, port 0
L2TP class for tunnel is l2tp_default_class
Counters, taking last clear into account:
815 packets sent, 0 received
69988 bytes sent, 0 received
Last clearing of counters never
Counters, ignoring last clear:
815 packets sent, 0 received
69988 bytes sent, 0 received
Control Ns 9, Nr 20
Local RWS 1024 (default), Remote RWS 512
Control channel Congestion Control is disabled
Tunnel PMTU checking enabled
Retransmission time 1, max 1 seconds
Unsent queuesize 0, max 0
Resend queuesize 0, max 1
Total resends 0, ZLB ACKs sent 18
Total out-of-order dropped pkts 0
Total out-of-order reorder pkts 0
Total peer authentication failures 0
Current no session pak queue check 0 of 5
Retransmit time distribution: 0 0 0 0 0 0 0 0 0
Control message authentication is disabled
There is a Windows box plugged into 897's G3 with IP address 10.97.2.25. I can ping from it 897's VLAN1 at 10.97.2.29. However I can't ping anything across the L2TPv3 tunnel. At the same time on that Windows box I can see broadcast traffic coming across the tunnel.
I give up. Anyone has some reasonable suggestion what might be wrong? I suspect that something is wrong at 897's side.
One last question - how can I create svi on 1921 and assign ip address from 10.97.2.0/24 network on it?

Anybody? Opened ticket #630128425, no response from Cisco yet..

How do i track clicks with jsp/servlets?

I would like to know how to imitate the click of link in JSP or serlvet, in order to track clicks.
I have pages with links containing tel protocol URIs like this:
Click here to listen!
I want to replace the above with something like this:
Click here to listen!
And have call_tracking.jsp do its tracking stuff and then spawn a phone call, just like the first example does. I do not want to bother the user with another page, hence the need to accomplish the click action programmatically. I presume this feat is achievable via Response header magic, I just don't know the right incantation ;-)
Thanks

You should create a servlet to track the links, let´s say LinkTracker. Here I have an example for you. Each link calls a servlet and pass the url as a parameter.
<html>
<head>
    <title>Some Links Tracked by the LinkTracker Servlet</title>
</head>
<body>
Some good links for you. Each link is directed
through the LinkTracker Servlet. Click on a few and visit
the <a href="LinkTracker">LinkTracker Servlet</a>.
<ul>
    <li><a href="LinkTracker?link=http://www.google.com">
      Google Site</a></li>
    <li><a href="LinkTracker?link=http://www.yahoo.com">
      Yahoo site</a></li>
    <li><a href="LinkTracker?link=http://java.sun.com">
      Sun Microsystems</a></li>
</ul>
</body>
</html>And here the code to LinkTracker servlet
public class LinkTracker extends HttpServlet {
static private Hashtable links = new Hashtable();
String tstamp;
public LinkTracker() {
    tstamp = new Date().toString();
public void doGet(HttpServletRequest request,
                    HttpServletResponse response)
    throws IOException, ServletException {
    String link = request.getParameter("link");
    if (link != null && !link.equals("")) {
      synchronized (links){
        Integer count = (Integer) links.get(link);
        if (count == null) {
          links.put(link, new Integer(1));
        else {
          links.put(link, new Integer(1+count.intValue()));
      //here the servlet redirect the client to the link he clicked
      response.sendRedirect(link);
    else {
      response.setContentType("text/html");
      PrintWriter out = response.getWriter();
      request.getSession();
      out.println("<html>");
      out.println("<head>");
      out.println("<title>Links Tracker Servlet</title>");
      out.println("</head>");
      out.println("<body>");
      out.println("<p>Links Tracked Since");
      out.println(tstamp+":</p>");
      if (links.size() != 0) {
        Enumeration enum = links.keys();
        while (enum.hasMoreElements()) {
          String key = (String)enum.nextElement();
          int count = ((Integer)links.get(key)).intValue();
          out.println(key+" : "+count+" visits<br>");
      else {
        out.println("No links have been tracked!<br>");
      out.println("</body>");
      out.println("</html>");
public void doPost(HttpServletRequest request,
                    HttpServletResponse response)
    throws IOException, ServletException {
    doGet(request, response);
}

ASA 5505 VPN One Way Traffic

I am currently having an issue with two ASA 5505s. One would be representing a Central office for a small business operating a L2L IPsec VPN using a dynamic map for a remote site that does not have a static IP address.
I stripped the configuration down to the minimal possible for testing to get this working but ran into an issue where although I have my ISAKMP SA and my IPsec SA the tunnel is only passing traffic from my remote site with the dynamic address to the Central site with a static IP address. The Central site with the static IP address will not pass traffic to the remote site.
During my troubleshooting I came across two different issues. I could at some points get traffic coming from the Central site to hit my ACL as interesting traffic to the remote site, but it would then not hit the ACL for no NAT. I just could not figure out why the no NAT ACL wasn't working. My configuration matched a few configurations I found online, but no joy on getting it to actually bypass NAT to the remote site.
I have had the same type of set-up working on ISRs with no issue, but I do not have the same amount of experience with ASAs so any help would be appriciated. The Configurations I am using for the basic testing are below with the Hub being the Static IP site and the Spoke being a dynamic IP address site.
ASA Version 8.0(2)
hostname ASAHUB
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 12.15.44.176 255.255.255.192
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
shutdown
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list NONAT_INSIDE extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-713.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list NONAT_INSIDE
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 12.15.44.129 1
route outside 192.168.20.0 255.255.255.0 12.15.44.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TEST esp-3des esp-md5-hmac
crypto dynamic-map TEST 20 match address VPN
crypto dynamic-map TEST 20 set transform-set TEST
crypto map TEST 30 ipsec-isakmp dynamic TEST
crypto map TEST interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 10
telnet timeout 5
ssh timeout 5
console timeout 0
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key *
ASA Version 8.2(1)
hostname ASASPOKE
interface Vlan1
nameif inside
security-level 100
ip address 192.168.20.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
shutdown
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
ftp mode passive
access-list NONAT_INSIDE extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list VPN extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT_INSIDE
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TEST esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map VPN 10 match address VPN
crypto map VPN 10 set peer 12.15.44.176
crypto map VPN 10 set transform-set TEST
crypto map VPN interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
tunnel-group 12.xx.xx.xx type ipsec-l2l
tunnel-group 12.xx.xx.xx ipsec-attributes
pre-shared-key *

Well I had pretty much given up on this, but today had a few extra minutes so I grabbed some ASAs that I had wiped for a different project, copied my configs back on them and actually ended up with a functional VPN passing traffic in both directions. The only change that was made from the above configurations was with NAT traversal.
On the Configurations above the NAT traversal was configured only on the HUB ASA. When I got the configuration to work correctly it was with the NAT traversal configured only on the Spoke/Remote ASA. Does anyone know why that made the difference?
The final configs for both of the devices I used for testing are below.
ASA Version 8.0(2)
hostname HUB
enable password 8Ry2YjIyt7RRXU24 encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.10.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address 12.xx.xxx.xx 255.255.255.192
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
shutdown
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
access-list NONAT_INSIDE extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list VPN extended permit ip 192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-713.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT_INSIDE
nat (inside) 1 0.0.0.0 0.0.0.0
route outside 0.0.0.0 0.0.0.0 12.15.44.129 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TEST esp-3des esp-md5-hmac
crypto dynamic-map TEST 20 match address VPN
crypto dynamic-map TEST 20 set transform-set TEST
crypto map TEST 30 ipsec-isakmp dynamic TEST
crypto map TEST interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
tunnel-group DefaultL2LGroup ipsec-attributes
pre-shared-key cisco
prompt hostname context
Cryptochecksum:ac4003df5144c618b70555bf31b56e03
: end
ASA Version 8.2(1)
hostname ASASPOKE
enable password 8Ry2YjIyt7RRXU24 encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
interface Vlan1
nameif inside
security-level 100
ip address 192.168.20.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address dhcp setroute
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
shutdown
interface Ethernet0/2
shutdown
interface Ethernet0/3
shutdown
interface Ethernet0/4
shutdown
interface Ethernet0/5
shutdown
interface Ethernet0/6
shutdown
interface Ethernet0/7
ftp mode passive
access-list NONAT_INSIDE extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list VPN extended permit ip 192.168.20.0 255.255.255.0 192.168.10.0 255.255.255.0
pager lines 24
mtu inside 1500
mtu outside 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NONAT_INSIDE
nat (inside) 1 0.0.0.0 0.0.0.0
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set TEST esp-3des esp-md5-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto map VPN 10 match address VPN
crypto map VPN 10 set peer 12.xx.xxx.xx
crypto map VPN 10 set transform-set TEST
crypto map VPN interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash md5
group 2
lifetime 86400
crypto isakmp policy 65535
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 10
track 10 rtr 10 reachability
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
tunnel-group 12.xx.xxx.xx type ipsec-l2l
tunnel-group 12.xx.xxx.xx ipsec-attributes
pre-shared-key cisco
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
service-policy global_policy global
prompt hostname context
Cryptochecksum:50a9d87c794db95b0f4cac127ee3c0fe
: end

Calendar and Contact Sync: Force one way only?

Is there any way to force Outlook to always be the sync "master"? i.e. regardless of what I do on the touch (say, delete a contact), when I sync, the touch will be forced to match Outlook (and replace the contact)?
Or is that the default behavior, and I have some other issue?
I have had a couple of instances of appointments being deleted from Outlook during the sync (I think the "do not sync appts older than 30 days" really means "delete" them in outlook")
Bill
Message was edited by: Isssy

You are able to export your contacts and import them to your Gmail account. Below is a very good post that will provide you the steps to export the contacts using Backup Assistant and then import them to your Gmail account.
http://community.vzw.com/t5/DROID-Incredible-by-HTC/export-contacts-to-gmail/m-p/285574/highlight/true#M12187
Please note, you must have Backup Assistant on your device to be able to export the contacts.
In regards to the calendar, you can view other calendars by following the steps listed below:
1. Select the Calendar icon
2. Select Menu
3. Select More
4. Select Calendars
5. Select the calendars that you want to display
Thank you,
AraceliT_VZW

An effective way for JSP/servlets to interact with databases

Hi
I was wondering if anyone has an effective way of connecting to databases using javabeans and JSP.
I am new to all this JSP stuff and would appreciate some help
cheers

hai,
it is better if u go for javaBeans
for connection purpose
as this is reused many times
and u can avoid large stuff of code
in the jsp.Also try connection pooling pooling if
user name to db for most user is same !!!!
sample code for database bean
import java.sql.*;
import java.io.*;
* This class determines the database connectivity by defining the database url,
* database driver and database connection and other functions to prepare & execute
* sql queries.
public class DBBean {
String dbURL; //database url
String dbDriver = "sun.jdbc.odbc.JdbcOdbcDriver"; //database driver
private Connection dbCon; //database connection
private PreparedStatement pre;
private Statement s ;
boolean prepareflag=false;
public IntranetBean() {
super();
public boolean connect() throws ClassNotFoundException, SQLException {
//install the driver
Class.forName(dbDriver);
//opens a connection
dbCon = DriverManager.getConnection("jdbc:odbc:ureodbc");
return true;
public void close() throws SQLException {
//close the statement
if(prepareflag){pre.close();}
else{
s.close();}
//close the connection
dbCon.close();
prepareflag=false;
public ResultSet execSQL(String sql) throws SQLException {
//gives a statement object
s = dbCon.createStatement();
//execute the sql command
ResultSet r = s.executeQuery(sql);
return (r == null) ? null : r;
public void execUPDATE(String sql) throws SQLException {
//gives a statement object
s = dbCon.createStatement();
//execute the sql command
s.executeUpdate(sql);
public boolean prepareSQL(String sql) throws SQLException {
//gives a prepared statement object
pre = dbCon.prepareStatement(sql);
prepareflag=true;
return true;
public boolean execpreparedSQL(String sql) throws SQLException {
//execute the sql command
pre.execute(sql);
return true;
public ResultSet getpreparedResultSet() throws SQLException {
//get resultset
ResultSet r = pre.getResultSet();
return (r == null) ? null : r;
public void setInt(int i,int no) throws SQLException {
pre.setInt(i,no);
public void setDouble(int i,double dbl) throws SQLException {
pre.setDouble(i,dbl);
public void setString(int i,String str) throws SQLException {
pre.setString(i,str);
public void setDate(int i,Date d) throws SQLException {
pre.setDate(i,d);
public void setTime(int i,Time tm) throws SQLException {
pre.setTime(i,tm);
public void setNull(int i,int type) throws SQLException {
pre.setNull(i,type);
}

How to install eclipse and MyEclipse and use it for jsp-servlet-web service

hi ,
please help me to install eclipse 3.1 and How to integrate MyEclipse to do jsp-servlet programming and web services.
please also help me to include application server like tomcat and axis and use that environment in MyEclipse ide.
please help me.....

At the time of installation , you can't change SID XE.
After installation, you can add another service name
Check following thread for more details
Re: How to create service on Oracle 10g XE
- Virag Sharma
http://virag.sharma.googlepages.com
http://viragsharma.blogspot.com

Monitor my jsp-servlet application through the jmx

heloo,
i am new in JMX. and i want to manage(or monitor) my jsp-servlet application. there lots of
servlets and jsp files. its is running in tomcat. i made simple demo application which
is given by oracle tutorial. but it is just for one interface and its implementations so how
can i monitor my whole jsp-servlet application by JMX.
i want to Monitor three things
Memory
JVM
Thread
Thanks...

Hi,
I fixed my problem by setting the system wide variable (WindowsXP)
CLASSPATH to r:\\dealershop\\WEB-INF\\classes.
Thanks,
Andrea
andrea costantinis wrote:
Hi,
I developed a JSP/servlet test application that makes
use of kodo 2.2.3 STANDARD EDITION for its persitence.
I successfully compile and annotate the application.
I am also able to successfully generate the db
schema with schematool.
Unfortunately, when I run the application using
Resin 2.0.2, Kodo is unable to initialize properly.
Initially it was not able to find \"system.prefs\" file.
I fixed that by putting \"system.prefs\" in WEB-INF\\classes.
Unfortunately, Kodo is still unable to initialize and
gives the following message:
The system could not initialize; the following registered
persistent types are missing metadata
or have not been enhanced:
[class com.dpov.purchaseorder.PurchaseOrder,
class com.dpov.catalog.Product,
class com.dpov.uidgen.counter.Counter,
class com.dpov.catalog.dao.jdo.CategoryHierarchyEntry,
class com.dpov.catalog.dao.jdo.CategoryHierarchyDAO,
class com.dpov.pricelist.PriceInfo,
class com.dpov.pricelist.PriceList,
class com.dpov.catalog.Category,
class com.dpov.lineitem.LineItem,
class com.dpov.dealer.Dealer,
class com.dpov.user.User,
class com.dpov.customer.Customer].
I use \"system.jdo\" to describe metadata for the enhancer.
I tried to put it both in WEB-INF\\lib and WEB-INF\\classes but
it still fails.
Please note that:
1) my classpath variable is not set
2) my application\'s class file are in WEB-INF\\classes
3) kodo jars are in WEB-INF\\lib
4) mysql jdbc driver is in WEB-INF\\lib
5) system.prefs is in WEB-INF\\classes
6) system.jdo is in WEB-INF\\classes
Thanks in advance,
Andrea

SHAREPOINT QUESTION: One way SYNC of files from SharePoint cloud to hard-drive

SHAREPOINT QUESTION: One way SYNC of files from SharePoint cloud to hard-drive
How does a person enable Sales reps to SYNC literature files from a cloud library down to their computer,.... but then not be able to have them accidentally delete the files by accident if they delete a file from their computer and then have it
sync upwards again.
Permission Level
"Read" allows to download individual files but not SYNC down and there are too many files for them to go and download each file every-time.
"View Only" is only visible on the browser and not useful when reps are in remote parts of the world.
"Contribute" allows the sales reps to SYNC but if they delete a file from their computer, then it deletes it for all which is to much.
There must surely be a way to allow a one way (cloud-to-hard-drive) SYNC to avoid folks from deleting files.
Does anybody know how to d this or if not, how do I have Microsoft consider such a perceived weakness compare to dropbox

You can achieve the functionality which you describe using the OneDrive (SkyDrive Pro) in Sharepoint 2013. You can setup read only folders to sync to achieve "one way" traffic. You will need Office 2013 locally to avail the full features of
the coauthoring environment if you are looking into that as well.
Sharing with everyone (Read Only): http://community.office365.com/en-us/b/office_365_community_blog/archive/2013/07/15/ways-to-quot-share-with-everyone-quot-in-skydrive-pro.aspx
Some benefits of using OneDrive include the following:
Users can take their documents offline with them and have them synchronize when they are online again.
Users' documents can be synchronized across all client devices and servers where the files are stored and synchronized.
Multiple users (online or offline) can work on documents at the same time, and the OneDrive for Business Windows Sync client will synchronize the changes between the users. If there are conflicts, users are prompted to resolve the conflicts.
Users can share and collaborate on documents.
Users can work from many locations, either online or offline, and work from many devices.
http://technet.microsoft.com/en-us/library/dn167720(v=office.15).aspx
Thanks, Ransher Singh, MCP, MCTS | Click Vote As Helpful if you think that post is helpful in responding your question click Mark As Answer, if you think that this is your answer for your question.

How to force one way traffic - JSP Servlet?

Similar Messages

Maybe you are looking for