Need Help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect

Hi All,
I need help on Configuring the Site to Site VPN from Cisco 2811 to Websense Cloud for web Traffic redirect
2811 having C2800NM-ADVIPSERVICESK9-M
2811 router connects to the Internet SW then connects to the Internet router.
Note- For Authentication am using the Device ID & Pre share key. I am worried as all user traffic goes with PAT and not firing up my tunnel for port 80 traffic. Can you please suggest what can be the issue ?
Below is router config for VPN & NAT
crypto keyring ISR_Keyring
  pre-shared-key hostname vpn.websense.net key 2c22524d554556442d222d565f545246
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp keepalive 10
crypto isakmp profile isa-profile
   keyring ISR_Keyring
   self-identity user-fqdn [email protected]
   match identity user vpn-proxy.websense.net
crypto ipsec transform-set ESP-NULL-SHA esp-null esp-sha-hmac
crypto map GUEST_WEB_FILTER 10 ipsec-isakmp
set peer vpn.websense.net dynamic
set transform-set ESP-NULL-SHA
set isakmp-profile isa-profile
match address 101
interface FastEthernet0/1
description connected to Internet
ip address 216.222.208.101 255.255.255.128
ip access-group HVAC_Public in
ip nat outside
ip virtual-reassembly
duplex full
speed 100
no cdp enable
crypto map GUEST_WEB_FILTER
access-list 101 permit tcp 192.168.8.0 0.0.3.255 any eq www
access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.187 log
access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.181 log
access-list 103 deny   ip 192.168.8.0 0.0.3.255 host 85.115.41.182 log
access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.216.0 0.0.1.255
access-list 103 deny   ip 192.168.8.0 0.0.3.255 116.50.56.0 0.0.7.255
access-list 103 deny   ip 192.168.8.0 0.0.3.255 86.111.220.0 0.0.3.255
access-list 103 deny   ip 192.168.8.0 0.0.3.255 103.1.196.0 0.0.3.255
access-list 103 deny   ip 192.168.8.0 0.0.3.255 177.39.96.0 0.0.3.255
access-list 103 deny   ip 192.168.8.0 0.0.3.255 196.216.238.0 0.0.1.255
access-list 103 permit ip 192.168.8.0 0.0.3.255 any
ip nat pool mypool 216.222.208.101 216.222.208.101 netmask 255.255.255.128
ip nat inside source list 103 interface FastEthernet0/1 overload
ip nat inside source route-map nonat pool mypool overload

How does Websense expect your source IPs in the tunnel? 192.168.8.0 0.0.3.255 or PAT'ed 216.222.208.101 ?
Check
show crypto isakmp sa
show crypto ipsec sa
show crypto session
You'd better remove the preshared key from your post.

Similar Messages

  • Need help regarding configuring the WebService Call from RTD to Siebel

    Hi All,
    Can someone help me with the information on how do i configure a Webservice Call from RTD to Siebel?
    Any high-level or granular details on this would be very helpful as I am new working on this product. How can a jax-ws be utilized to achieve the same?
    Thanks in advance.
    Best Regards,
    Hariharan

    If you actually need a portal service though, this will not work. However, you could have the portal service return a Document object, which is basically the text of the HTML file you want to display. Then, when calling the portal service, you can simply output the text to the IPortalComponentResponse object
    I hope this helps
    Darrell

  • Need help in configuring the Oracle app server with OC DB Server

    Hello people
    I attempted to insta;; Oracle Clinical 4.5 and I have a problem that you mayhave resolved a long time back and I need some help. This is what I have done on the installation.
    I need your help in centralizing my tnsnames.ora and sqlnet.ora files. I am an Oracle Clinical guy and not an Oracle Expert, hence the request.
    Part_1
    1. Installed Oracle 9i 9.2 database on Win2K server - W2kOCSVR
    2. Installed Oracle Clinical 4.5 and created DB on W2KOCSVR.
    3. Started up database and all is fine - tnsnames and sqlnet.ora
    4. Each of these is on a separate partition including the OS.
    Part-II
    1. Installed Oracle Appl Server 9iAs 1.0.2.2.2a on another machine OCMIDTIER. This installed Oracle iSuites home and stuff.
    2. Then I installed Oracle 9i developer suite - Oracle forms and reports.
    3. Installed Jinitiator 1.1.8.24 on the middle tier machine.
    4. Basically this is the middle tier that is a Webserver that will be linked to the Database Server in Part-I
    and lastly, I will have web clients with Jinitiator and a web browser.
    Requirement:
    I need to centralize the TNSNAMES.ora file and the SQLNET.ora file on all the machines. How do I do this?.
    I have the TNSNAMES.ora and the SQLNET.ora on DB server and it is working fine. However, I have noticed many tsnnames.ora files on the middle tier - OCMIDTIER. (I've left out the example files)
    a) E:\ORACLE\806\net80\admin\tnsnames.ora
    b) E:\ORACLE\806\net80\tnsapi\tnsnames.ora
    c) E:\ORACLE\iSuites\hs\admin\tnsnames.ora
    d) E:\ORACLE\iSuites\network\admin\tnsnames.ora
    All I need to know is which if these files do I need to integrate with the Tnsnames.ora file on the DB server - W2kOCSVR and how do I go about doing this?.
    Your help is appreciated. If I were to see a copy of your tnsnames.ora on the webserver (middle tier) and the sqlnet.ora, I will be able to get an idea of how this is done. Right now, I am using tnsnames.ora but once I learn how this ties up, I can move to names sever.
    Thanks for your help.
    Cecil

    Hi Cecil,
    I got into the same issue. I copied the content from the good tnsnames.ora to tnsnames.ora on webserver and it worked fine. I copied the details of the connect string that was working fine on dbserver. i was working on W2k server. Hope this helps
    Gonnagar

  • I need help to Configure the Encryption Key of btm

    In order to monitor the osb 11g.
    I have download OracleBTM_1of2.zip and I am trying to install it, so I am following this link
    http://download.oracle.com/docs/cd/E11857_01/install.111/e20124/install.htm#sthref20
    how can I do this ?
    Configuring the Encryption Key
    You must configure the encryption key on each application server that hosts a Business Transaction Management component. To configure the encryption key, create a Java system property named com.amberpoint.security.encryption.aes.defaultKey in the server and set its value to your encryption key, for example:
    -Dcom.amberpoint.security.encryption.aes.defaultKey=MyEncryptionKey
    where MyEncryptionKey is a base 64-encoded, AES, 128-bit key.
    After generating your encryption key, you can copy and paste it in order to set the value of your com.amberpoint.security.encryption.aes.defaultKey property. If your key includes special characters, you should enclose it in double quotes, for example:
    -Dcom.amberpoint.security.encryption.aes.defaultKey="oylJKoTGXTHasOYwtjwA7g=="

    You use the command line tool btmcli under the 'tools' directory:
    ./btmcli.sh encryptpassword -password mypassword
    ARECQVBBRVMCX2FwXzEyOAPKsNtwbzzI8j5g7u8UBV7qvp8QOnCA8Tj/ZJiSjqJa/w==

  • Need help in configuring the Com_Zimbra_DnD zimlet

    Hello All!
    I am sorry for my poor English.
    I have Beehive 2.0.1.2.1 for Win32, also FF 3.0 - 3.5 for Win32.
    Following the instructions (Oracle Beehive Webmail Release Notes) I did the following:
    1. Installed Zimbra Drag and Drop Firefox extension (ZimbraDnD.xpi plug-in)
    2. Actived this zimlet at the enterprise level
    beectl add_preference_property -- set prfs = ZimbraDefaultCOS, enpr = MyComp -- name com_zimbra_dnd -- type string -- value TRUE -- final
    Unfortunately the required functionality (".... enables users to attach files to e-mail by dragging the files from their local file system ") did not appear in Zimbra.
    Section the "Zimlets" does not appear in Webmail Overview pane And together with him and the drag-and-drop zimlet.
    Can anyone give recommendations and / or advice how to set up the Com_Zimbra_DnD zimlet?
    Thanks in advance for any clarification and help.
    Edited by: Dima on 26.07.2010 8:01

    Hi Dimitry,
    I've had that DnD plugin working since Beehive 1.5.x. As Manish says, it may depend on your FF version, also this extension only works when you are drafting your email in a window within the Zimbra frame (keyboard shortcut "c" to create new mail) NOT a floating windows (keyboard shortcut uppercase "C"). In the first case the following will be displayed under the subject field:
    "Совет. Перетащите файлы с рабочего стола для добавления вложений к этому сообщению."
    Hey check that out I got it in Russian ;o), though intrerestingly, none of the aforementioned key board shortcut work, must be my French keyboard...
    Here is an example of the command line we recently used to ensure it was activated:
    beectl add_preference_property set prfs=ZimbraDefaultUserPreferences,enpr=MyCompany name com_zimbra_dnd> type string value TRUE
    hth
    David

  • I need help understanding how the Apple components integrate to create a system across all my devices?

    I need help understanding how the Apple components connect to create a whole system across all my devices?
    Is there a resource that describes current system and associated functionality?
    For example:
    Buy A, B, C to achieve "X" 
    You will need:
    an internet provider which supports <specs>
    add D to achieve "Y"
    You will need:
    an internet provider which supports <specs>
    add "E" to achieve "Z"
    You will need:
    an internet provider which supports <specs>
    For example, I am looking at the Gen 6 Airport extreme.  For intended performance do I need broadband? if so what are the specs, or will basic internet service suffice?  Do I need the internet provider's modem or does the Airport extreme replace that?  And then I think, if I am doing this, I should also look at Apple TV....What do I need and Why?  Then I look at the New Desk top coming out in the fall, and I think well, if I wait and get this, what does this component do for the system, and what becomes redundant? What does this awesome desktop do for my ability to sit and use a new macbook air when I travel  or sit on the couch in my PJs?
    If there was a place that plainly stated "if you buy the new dektop you can configure a system including only these components and achieve <this result> and by adding <additional components> you will achieve this result.
    I have been to the genius store a few times, but I come out of there more confused unless I have SPECIFIC questions or already know what to buy. 
    A "System Configuration App" would be a really great sales tool--Just saying.

    I have no idea what "fully optimized" means.
    No Apple device will let you watch broadcast TV. The Apple TV is a good option for watching streaming TV from iTunes, NetFlix and Hulu. If you want to watch from other sources, you may need to look at other devices.
    Any Mac computer or iPad will allow you to surf the web.
    What business software?
    Time Capsule is a good option for back ups.
    Update what across all devices?
    For accessing documents from all devices, a service like Dropbox is your best bet.
    I have no idea what "step as far away from an internet provider as possible" means. If you want Internet access, you need an Internet provider.
    Lighting fast speed for what? Processor? The specs are listed for all devices in the Online Store. Internet? We're back to the service provider.
    Technology changes. The only way to keep pace with it beyond a couple of years is to buy new stuff.
    The bottom line is you need to look at the specs for devices availble and at your budget and decide what best meets your needs. If you are unable to do that on your own, there are lot of technology consultants out there who will, for a fee, look at your exact situation, make recommendations and even handle the purchase and set up. Perhaps that would be the best route for you.
    Best of luck.

  • I have a PC and a need help to configure my external hard disk on my network. Thanks

    I have a PC and a need help to configure my external hard disk on my network. Thanks

    If you mean you wish to plug a USB drive into the Airport Extreme router (or TC not express) that is easy..
    The disk must be formatted FAT32.. as if.. stay away from FAT .. or HFS+ ie Mac OS extended Journaled.
    Format the disk on a Mac is best.. and even use GUID partition scheme not MBR.
    The PC has no issue writing and reading files because this is a network drive.. The PC does not write to the drive.. it writes files to the Airport OS which writes and reads the disk and passes the info using standard windows SMB.. To the windows computer it will be a Windows NT server.. FAT32 setup.
    If your setup is different.. to my hugely guessed assumptions.. give details.. always helps to have.. make and model.
    Make and model of disk.. make and model of router.. how the setup will be done.. what windows OS you run.. etc etc.
    As it stands your question could have nothing to do with apple at all.. other than you posted in a forum so I guess there is something apple in there somewhere.

  • I have found a person who has a driver software to connect Labview with PCI card. But he says that i need to download a freeware software to configure the PCI card. But you have mentioned that freeware is for GPIB boards. Is it correct ??

    I have found a person who has a driver software to connect Labview with a general PCI card. But he says that i need to download a freeware software from NI website to configure the PCI card. But you have mentioned that freeware is for GPIB boards. Is it correct ?? Is there any other way out ??

    I would ask the person who told you about the freeware software to help you find exactly where it is. I am not aware of any freeware software for configuring motion PCI cards but maybe the person you know might be able to help you locate it.

  • I need help in understanding the customization of Landscape in R/3.

    I need help in understanding the customization of Landscape in R/3. Setup of SAP Landscape from an SAP SD point of view. Being as SAP SD consultant what would be my role in customizing the Landscape server. Help needed. Thx

    Hi,
    In a standard SAP project implementation, the 3 standard transport procedures are:
    Development System (DEV) --> QA System (QAS) --> Production System (PRD)
    In the above structure, the Training Client (TRN) could be made from the copy of PRD (after when real-time master data has been available) or from QA system (where configuration has been tested in DEV client, and the master data is uploaded manually for training purposes)
    Sandbox (standalone): This can be refreshed with Golden Client to reflect the latest configuration performed to facilitate the development/testing purposes.
    -Development (DEV): Where all system configurations and development activities are carried out.
    -Quality Assurance (QAS): Where functional testing is carried out. The System Integration Testing (carried out by the -Development Team) and the User Acceptance Testing (carried out by XXX appointed personnel) is carried out in this server.
    -Training (TRN): End Users are trained on this server.
    -Production (PRD): After the System is commissioned all data entry and administrative functions will be carried out in this server.
    This is by far the standard landscape architecture that is adopted and practiced in most implementations.
    Hope the above helps.
    Thanks.

  • I need help opening up the pdf doc that i just saved. i need to open it up with excel?

    I need help opening up the pdf doc that i just saved. i need to open it up with excel?

    Yes, I need help configuring the settings.
       Re: I need help opening up the pdf doc that i just saved. i need to
    open it up with excel?  created by David Kastendick<http://forums.adobe.com/people/dave_m_k>in
    Adobe ExportPDF - View the full discussion<http://forums.adobe.com/message/4711293#4711293

  • I need help to remove the wrong email on my Iphone.  I can't down load app because my apple ID doese not match with the wrong email please help

    I need help to remove the wrong email on my Iphone.  the represnter who set up my phone put in the wrong email, and now I can't down loand apps on my phone because the apple ID does not match

    So sign out of the Apple ID under Settings > iTunes & App Store, then sign in with your own.

  • Need help to trace the place where error occuring in Web UI of type System

    Hi All,
    Need help to trace the place where error occurring in Web UI of type System error,
    this error coming while saving the corporate account creation,
    error message description : - System error: Interruption in Routine READ TABLE GT_CHAR_VAL, CHAR_NAME = PVTLTD_CLEAN_SEGMENT
    System error: Interruption in Routine READ TABLE GT_CHAR_VAL, CHAR_NAME = PVTLTD_CLEAN_CLASS-CP
    thanking you.
    Best Regards,
    VijHyd

    Hi Nagaraj,
    See that the mandatory SICF setting are enabled or Active in the SICF Services.  Follow the steps as below:-
    Enter the TCode SICF
    Execute the same for Hierarchy Type SICF.
    Check the following SAP Note 1295006.
    If every thing is Active then, the IC Agent role will open.
    Still if it is not opening Let me know.
    regards,
    Sarangamath

  • Need help in formatting the Date - Date does not

    Need help in formatting the Date - Date does not formats and give Not a valid month error in the below scenario.
    select oc.ST_PGM_MGR, r.ag_dnum, get_major_work_type(r.perf_eval_rtng_id) "v_work_code", r.ag_dnum_supp "supp", r.intfinal, to_char(r.formdate,'MM/DD/YYYY') "formdate", to_char(r.servfrom,'MM/DD/YYYY') "srv_from", to_char(r.servto,'MM/DD/YYYY') "srv_to", descript, add_months(to_char
    --- Bellow line of Code on trying to format it to mm/dd/yyyy gives the error
    (r.formdate, 'DD-MON-YYYY'),12) "formdate2"
    from  table REdited by: Lucy Discover on Jul 7, 2011 11:34 AM
    Edited by: Lucy Discover on Jul 7, 2011 1:05 PM

    Your syntax is wrong - look at the post above where this syntax is given:
    to_char (add_months(r.formdate,12), 'MM/DD/YYYY') "formdate2"Look at the formula from a logical perspective - "inside out" to read what is happening -
    take formdate, add 12 months
    add_months(r.formdate, 12)then apply the to_char format mask - basic syntax
    to_char(date, 'MM/DD/YYYY')Compare to your syntax:
    to_char(add_months(r.formdate, 'MM/DD/YYYY'),12) "formdate2"You will see your format string inside the call to add_months, and your 12 inside the call to to_char.
    Good luck!

  • Need help in understanding the error ORA-01843: not a valid month - ECX_ACT

    Hello All,
    We need help in understanding the Transaction Monitor -> Processing Message (error "ORA-01843: not a valid month - ECX_ACTIONS.GET_CONVERTED_DATE").
    And how to enable the log for Transaction Monitor -> Processing Logfile.
    Actually we are trying to import the Purchase Order XML (OAG) into eBusiness Suite via BPEL Process Manager using the Oracle Applications Adapter. The process is working fine with expected payload until it reaches the XML Gateway Transaction Monitor, where we are getting this error.
    thanks
    muthu.

    Hello All,
    We need help in understanding the Transaction Monitor -> Processing Message (error "ORA-01843: not a valid month - ECX_ACTIONS.GET_CONVERTED_DATE").
    And how to enable the log for Transaction Monitor -> Processing Logfile.
    Actually we are trying to import the Purchase Order XML (OAG) into eBusiness Suite via BPEL Process Manager using the Oracle Applications Adapter. The process is working fine with expected payload until it reaches the XML Gateway Transaction Monitor, where we are getting this error.
    thanks
    muthu.

  • I need help in resolving a problem that prevents me from accessing the iTunes store.  Message reads " iTunes cannot contact the iTunes store" and also says that my laptop is no longer authorized to access my account.  Help!

    I need help in resolving a problem that prevents me from accessing the iTunes store.  Message reads " iTunes cannot contact the iTunes store" and also says that my laptop is no longer authorized to access my account.  Help!

    Go up to the top of your screen on iTunes and click on 'Store'.  Then go down to 'Authorize This Computer'.  That should cover part of it unless you've already authorized a bunch of other computers to use your account.  If that's the case, you'll have to go to one of those computers and click the button just below it to 'deauthorize your account' from that computer.  If you're not able to access the store, check your internet connection to make sure you are connected.  Hope this helps.. good luck!     

Maybe you are looking for

  • IPod not showing up at all on Mac but works fine on Windows?

    I've been searching for an answer on these discussion boards for hours and have not yet found any situation that was quite like mine and I'm getting a bit frazzled and worried. I have a 120GB iPod classic, which I've used for two years with an ACER l

  • Loss of major data after wifi use

    After using wifi I lost all album art work, all books, photos and videos along with podcasts and many music tracks will not play. I have not connected to a computer this has occurred remotely on my iPod. Please help. Thanks, sarah

  • How do I add a new song to an already existing playlist on the new iso7 for iPhone 5?

    I tried to add a new song and I go to playlist, edit and go to song to add and it won't. So confused!

  • T60p with Win 7 32: blue screen

    I installed Win 7 32 bit on a T60p. The problem is that randomly I get a blue screen, and I'm not able to read the cause of the crash (too fast). I downloaded and installed all the Win 7 drivers available on the Lenovo site; I downloades and installe

  • How to show budget cost in the PPR screen?

    Hi all, I define budget cost of project already but in PPR screen It cannot show this value. It show only actual cost. Please advice me to show this value. Thank you.