Access to a web server from outside(ASA 5505)

Similar Messages

• Cannot access internal web server from same lan

  i cant resolve one problem in may 1921 ISR router, i have a web server in my internal lan , i set up static nat for accessing that web server from outside and it works fine but i cannot view that site from internal workstations can you suggest me what to do. i need packets to go out the outgoing interface of router and then come back and enter the static nat wich will direct to the web server is it possible?
  static nat is
  ip nat inside source static tcp  <local web server adress> 80 <global address> 80
  also i have set up dinamic nat for outgoing trafic
  ip nat inside source list <access-list> interface <outgoing interface>   
  and it is working fine too.
  on external interface i have nat outside
  on internal interface i have nat inside

  This is not working because your router has a direct to your web server that is not through the outside interface which is needed for nat to occur, for this to work you need to setup a loopback interface as nat outside and policy route traffic to there for your server traffic
  Bu if your server is internal why do you need nat at all? Can you not use bind with views that might be simpler
  M
  Sent from Cisco Technical Support iPad App

• I need helping!!! configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.

  I need helping configuring RDP access to my local server from a remote location on my Cisco ASA 5505 Firewall.
  I have attempted to configure rdp access but it does not seem to be working for me Could I please ask someone to help me modify my current configuration to allow this? Please do step by step as I could use all the help I could get.
  I need to allow the following IP addresses to have RDP access to my server:
  66.237.238.193-66.237.238.222
  69.195.249.177-69.195.249.190
  69.65.80.240-69.65.80.249
  My external WAN server info is - 99.89.69.333
  The internal IP address of my server is - 192.168.6.2
  The other server shows up as 99.89.69.334 but is working fine.
  I already added one server for Static route and RDP but when I try to put in same commands it doesnt allow me to for this new one. Please take a look at my configuration file and give me the commands i need in order to put this through. Also please tell me if there are any bad/conflicting entries.
  THE FOLLOWING IS MY CONFIGURATION FILE
  Also I have modified IP information so that its not the ACTUAL ip info for my server/network etc... lol for security reasons of course
  Also the bolded lines are the modifications I made but that arent working.
  ASA Version 7.2(4)
  hostname ciscoasa
  domain-name default.domain.invalid
  enable password DowJbZ7jrm5Nkm5B encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Vlan1
  nameif inside
  security-level 100
  ip address 192.168.6.254 255.255.255.0
  interface Vlan2
  nameif outside
  security-level 0
  ip address 99.89.69.233 255.255.255.248
  interface Ethernet0/0
  switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  ftp mode passive
  dns server-group DefaultDNS
  domain-name default.domain.invalid
  object-group network EMRMC
  network-object 10.1.2.0 255.255.255.0
  network-object 192.168.10.0 255.255.255.0
  network-object 192.168.11.0 255.255.255.0
  network-object 172.16.0.0 255.255.0.0
  network-object 192.168.9.0 255.255.255.0
  object-group service RDP tcp
  description RDP
  port-object eq 3389
  object-group service GMED tcp
  description GMED
  port-object eq 3390
  object-group service MarsAccess tcp
  description MarsAccess
  port-object range pcanywhere-data 5632
  object-group service MarsFTP tcp
  description MarsFTP
  port-object range ftp-data ftp
  object-group service MarsSupportAppls tcp
  description MarsSupportAppls
  port-object eq 1972
  object-group service MarsUpdatePort tcp
  description MarsUpdatePort
  port-object eq 7835
  object-group service NM1503 tcp
  description NM1503
  port-object eq 1503
  object-group service NM1720 tcp
  description NM1720
  port-object eq h323
  object-group service NM1731 tcp
  description NM1731
  port-object eq 1731
  object-group service NM389 tcp
  description NM389
  port-object eq ldap
  object-group service NM522 tcp
  description NM522
  port-object eq 522
  object-group service SSL tcp
  description SSL
  port-object eq https
  object-group service rdp tcp
  port-object eq 3389
  access-list outside_1_cryptomap extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 192.168.0.0 255.255.0.0
  access-list inside_nat0_outbound extended permit ip 192.168.6.0 255.255.255.0 object-group EMRMC
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-data
  access-list outside_access_in extended permit udp 69.16.158.128 255.255.255.128 host 99.89.69.334 eq pcanywhere-status
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ftp
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq ldap
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq h323
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq telnet
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 eq www
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 host 99.89.69.334 object-group SSL
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM522
  access-list outside_access_in extended permit tcp 69.16.158.128 255.255.255.128 192.168.6.0 255.255.255.0 object-group NM1731
  access-list outside_access_in extended permit tcp 173.197.144.48 255.255.255.248 host 99.89.69.334 object-group RDP
  access-list outside_access_in extended permit tcp any interface outside eq 3389
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333
  access-list outside_access_in extended permit tcp host 66.237.238.194 host 99.89.69.333 object-group rdp
  access-list outside_access_in extended permit tcp any host 99.89.69.333 object-group rdp
  access-list out_in extended permit tcp any host 192.168.6.2 eq 3389
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-524.bin
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  static (inside,outside) tcp 99.89.69.334 3389 192.168.6.1 3389 netmask 255.255.255.255
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  access-group outside_access_in in interface outside
  route outside 0.0.0.0 0.0.0.0 99.89.69.338 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  http server enable
  http 192.168.6.0 255.255.255.0 inside
  http 0.0.0.0 0.0.0.0 outside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
  crypto map outside_map 1 match address outside_1_cryptomap
  crypto map outside_map 1 set peer 68.156.148.5
  crypto map outside_map 1 set transform-set ESP-3DES-MD5
  crypto map outside_map interface outside
  crypto isakmp enable outside
  crypto isakmp policy 10
  authentication pre-share
  encryption 3des
  hash md5
  group 1
  lifetime 86400
  crypto isakmp policy 30
  authentication pre-share
  encryption 3des
  hash md5
  group 2
  lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  tunnel-group 68.156.148.5 type ipsec-l2l
  tunnel-group 68.156.148.5 ipsec-attributes
  pre-shared-key *
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum 512
  policy-map global_policy
  class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
  service-policy global_policy global
  prompt hostname context
  Cryptochecksum:f47dfb2cf91833f0366ff572eafefb1d
  : end
  ciscoasa(config-network)#

  Unclear what did not work.  In your original post you include said some commands were added but don't work:
  static (inside,outside) tcp interface 3389 192.168.6.2 3389 netmask 255.255.255.255
  and later you state you add another command that gets an error:
  static (inside,outside) tcp 99.89.69.333 3389 192.168.6.2 3389 netmask 255.255.255.255
  You also stated that 99.89.69.333 (actually 99.89.69.233, guessing from the rest of your config and other posts) is your WAN IP address.
  The first static statement matches Cisco's documentation, which states that a static statement must use the 'interface' directive when you are trying to do static PAT utilizing the IP address of the interface.  Since 99.89.69.333 is the assigned IP address of your WAN interface, that may explain why the second statement fails.
  Any reason why you are using static PAT (including the port number 3389) instead of just skipping that directive?  Static PAT usually makes sense when you need to change the TCP port number.  In your example, you are not changing the TCP port 3389.

• Can't access server from Outside

  Hi all,
  I couldn't access my server from Outside. Seem the setting is OK as i see it but please see if I missed out anything.
  From Outside, I need to access http://60.x.x.50:8080. but failed to access. Please help. Thanks.
  Below I attached part of the config.
  : Saved
  ASA Version 8.0(4)
  name 172.47.1.10 NarayaServer description Naraya Server
  name 62.x.x.172 NarayaTelco1
  name 62.x.x.178 NarayaTelco2
  interface Ethernet0/0
  nameif outside
  security-level 0
  ip address 60.x.x.50 255.255.255.252
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 172.27.17.100 255.255.0.0
  access-list inside_access_in extended deny ip any Japan02 255.255.255.0
  access-list inside_access_in extended deny tcp object-group PermitInternet any object-group torrent1
  access-list inside_access_in extended permit ip object-group PermitInternet any
  access-list inside_access_in extended permit ip host NAVNew any
  access-list inside_access_in extended permit ip host NarayaServer any
  access-list inside_access_in extended permit ip host IPVSSvr any
  access-list inside_access_in extended permit ip host 172.17.100.30 any
  access-list outside_access_in extended permit object-group NECareService object-group NECare any
  access-list outside_access_in extended permit ip object-group DM_INLINE_NETWORK_1 host NarayaServer
  access-list outside_1_cryptomap extended permit ip host NarayaServer object-group Nry_Png
  access-list outsidein extended permit tcp any host 60.x.x.50 eq https
  access-list outsidein extended permit tcp any host 60.x.x.50 eq 8080
  access-list outsidein extended permit ip object-group DM_INLINE_NETWORK_3 host IPVSSvr
  access-list outsidein extended permit object-group rdp any host 60.x.x.50
  access-list inside_mpc extended permit object-group TCPUDP any any eq www
  access-list inside_mpc extended permit tcp any any eq www
  access-list inside_nat0_outbound extended permit ip host NarayaServer any
  ip local pool lot10ippool 172.27.17.240-172.27.17.245 mask 255.255.255.0
  ip verify reverse-path interface outside
  global (outside) 10 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 10 0.0.0.0 0.0.0.0
  static (inside,outside) tcp interface 8080 NarayaServer 8080 netmask 255.255.255.255
  static (inside,outside) tcp interface 3389 NAVNew 3389 netmask 255.255.255.255
  access-group outsidein in interface outside
  access-group inside_access_in in interface inside
  route outside 0.0.0.0 0.0.0.0 60.54.140.49 1
  route inside 0.0.0.0 255.255.255.255 60.54.140.49 1
  route inside 172.17.100.20 255.255.255.255 172.27.17.100 1
  route inside NAVNew 255.255.255.255 172.27.17.100 1
  route inside 172.17.100.30 255.255.255.255 172.27.17.100 1
  route inside NarayaServer 255.255.255.255 172.27.17.100 1
  http server enable
  http 172.17.100.30 255.255.255.255 inside
  http NAVNew 255.255.255.255 inside
  http 192.168.1.0 255.255.255.0 management
  http 0.0.0.0 0.0.0.0 outside

  Hello Mohd,
  Here are the facts:
  I honestly think you need to change that route statement as it basically says if you want to contact the NARAYASERVER send the packet via the INSIDE interface to the IP address 172.27.17.100
  route inside NarayaServer 255.255.255.255 172.27.17.100
  interface Ethernet0/1
  nameif inside
  security-level 100
  ip address 172.27.17.100 255.255.0.0
  So basically send the packet to yourself (Does not make any sense.. Try to read it so you can understand what I mean.
  The NAT 0 is breaking the translation.
  access-list inside_nat0_outbound extended permit ip host NarayaServer any
  nat (inside) 0 access-list inside_nat0_outbound
  Do the following :
  access-list inside_nat0_outbound permit ip host NarayaServer OTHER_site_VPN_subnet
  no  access-list inside_nat0_outbound extended permit ip host NarayaServer any
  Then u should be able to connect,
  Let me know if you will follow my instructions, otherwise I think I am not helping here
  Note: As you already mark the question as answered you could provide kudos (stars) on my next answers
  Cheers,
  Julio Carvajal Segura

• Error when trying to access a secured web service from Forms 10g 10.1.2.3

  Hello,
  I'm trying to access a secured web service from Forms10g 10.1.2.3 but i'm getting the next error when pressing the button the first time:
  java.rmi.RemoteException: ; nested exception is: HTTP transport error: javax.xml.soap.SOAPException:
  java.security.PrivilegedActionException: javax.xml.soap.SOAPException: Bad response: 401 UnauthorizeWhen i press the button a second time i got this error:
  javax.xml.rpc.soap.SOAPFaultException: The SOAP request is invalid. The required node 'Envelope' is missingThis is the code i have in my button:
  DECLARE
  jo ora_java.jobject;
  pdfObject ora_java.jobject;
  pdf     varchar2(900);
  rv varchar2(100);
  ex ora_java.jobject;
  BEGIN
  JO := SEARCHSOAPCLIENT.new;
  SEARCHSOAPCLIENT.setUsername(JO,'weblogic');
  SEARCHSOAPCLIENT.setPassword(JO,'welcome1');
  pdfObject := SEARCHSOAPCLIENT.quicksearch(JO,'1234',NULL);
  pdf := SEARCHSOAPCLIENT.tostring(pdfObject);
  message(pdf);
  message(' ');
  EXCEPTION
  WHEN ORA_JAVA.JAVA_ERROR then
  message('Unable to call out to Java, ' ||ORA_JAVA.LAST_ERROR);
  WHEN ORA_JAVA.EXCEPTION_THROWN then
  ex := ORA_JAVA.LAST_EXCEPTION;
  :error := Exception_.toString(ex);
  END;When i run it from JDeveloper it works, this is a portion of java code the proxy web service has:
  import oracle.webservices.transport.ClientTransport;
  import oracle.webservices.OracleStub;
  import javax.xml.rpc.ServiceFactory;
  import javax.xml.rpc.Stub;
  public class SearchSoapClient {
      private webservicesproxywebcontent.proxy.SearchSoap _port;
      public SearchSoapClient() throws Exception {
          ServiceFactory factory = ServiceFactory.newInstance();
          _port = ((webservicesproxywebcontent.proxy.Search)factory.loadService(webservicesproxywebcontent.proxy.Search.class)).getSearchSoap();
          this.setUsername("weblogic");
          this.setPassword("welcome1");
          System.out.println("callling from _port "+ _port.quickSearch("1234234", null));
       * @param args
      public static void main(String[] args) {
          try {
              webservicesproxywebcontent.proxy.SearchSoapClient myPort = new webservicesproxywebcontent.proxy.SearchSoapClient();
              System.out.println("calling " + myPort.getEndpoint());
          } catch (Exception ex) {
              ex.printStackTrace();
       * delegate all operations to the underlying implementation class.
      public QuickSearchResult quickSearch(String queryText, IdcPropertyList extraProps) throws java.rmi.RemoteException {
          return _port.quickSearch(queryText, extraProps);
      }Also the secured web service was generated from Webcenter Content 11.1.1.6 that is why it's a secured web service.
  Kind Regards
  Carlos

  Without going into any technical discussion about the code, my first question is what JDK version was used to create this which was imported into the form? Understand that Forms 10 runs on JDK 1.4.2, so if you used any newer JDK version, likely there will be problems.

• How to change web server from inbuilt Tomcat to IIS in already configured Cold Fusion 10

  how to change web server from inbuilt Tomcat to IIS in already configured Cold Fusion 10

  You just need to run the Web Server Configuration Tool to connect ColdFusion to IIS.  It can be found in the ColdFusion program group off of the Start menu.  Be sure to run it "As Administrator".
  -Carl V.

• How to uninstall Apache web server from 9.2.0.7.0/windows

  Hi All,
  Due to security vulnerability issues we would like to uninstall the Apache Web server from the currently installed oracle 9i version 9.2.0.7.0 on the windows box.
  One of the production database is associated with the current oracle version.
  I really don't know is it possible to uninstall Apache Web server from the oracle version, if we can uninstall is there any documentation available from oracle metalink?
  Please let me know what is the correct procedure to uninstall Apache Web server.
  Thanks in advance,
  karv.

  Using the Oracle Universal Installer, click the uninstall button and see if the Web server appears in the list of installed products. If so you should be able to uninstall it there.

• Can't access SSL-secured web content from Remote Desktop Server

  I am running RDS on Windows Server 2008R2. No Remote App or Gateway Services, just straight up Remote Desktop.
  After making a RDP connection to the server, when trying to access any SSL-secured website, Internet Explorer displays the error "Internet Explorer cannot display the webpage" with a button labeled "Diagnose Connection Problems." It's the same generic
  IE message that appears when DNS lookups fail. This failure to make SSL connections also manifests itself with Exchange autodiscover not working.
  Strangely enough, Administrator is able to make SSL connections just fine, just not any other users. The server is otherwise completely functional.

  Hi cyborganic,
  To narrow down this issue, Would you like to confirm the following questions:
  1.      
  Does this issue exist when accessing all secured web sites or just some of them? Please try to access
  https://www.microsoft.com.
  Does it work?
  2.      
  Does this issue exist when a user logs on to the console of the problematic server and then access a secure web site? In this way, we can isolate whether the problem is related
  to RDS.
  3.      
  You mentioned that administrator can access properly. As a test, can a problematic user be able to access the SSL site properly if you add him/her to the Administrators group
  temporarily?
  Meanwhile, Please help to make sure the “Cryptographic services” is set to Automatic Start.
  Here, There are some suggestions for
  General troubleshooting
  Suggestion #1:
  =====================================================================
  Run the Network Diagnostics tool in Internet Explorer
  To do this, follow these steps:
  1.    
  Start Internet Explorer, and then try to access the Web page that is displaying the error message.
  2.    
  On the page that displays an Internet Explorer error message, click the
  Diagnose Connection Problems link. The Network Diagnostics tool will run. When the tool has finished running, it will report one of the following results:
  o   
  It was unable to find a problem.
  o   
  It has detected a problem. Additionally, the tool will provide guidance about the next steps to take to troubleshoot the problem.
  Note
  Internet Explorer 6 users click Detect Network Settings
  3.    
  Click
  IP Address, and note the IP Address. You may need it for future troubleshooting.
  4.    
  Follow the steps in the Network Diagnostics tool to fix any connection problems.
  5.    
  Start Internet Explorer.
  If you receive the same error message, go to the next method.
  Suggestion #2:
  =====================================================================
  Use the Delete Browsing History feature
  If resetting the modem or the router did not resolve the problem, deleting your browsing history might help. Follow
  these steps to remove your temporary Internet files, history, and form data:
  Internet Explorer 8
  1.    
  Start Internet Explorer.
  2.    
  On the
  Tools menu, click Internet Options.
  3.    
  Under
  Browsing history, click Delete.
  4.    
  Select the check box next to
  Preserve Favorites website data.
  5.    
  Select the check box next to
  Temporary Internet Files.
  6.    
  Select the check box next to
  Cookies.
  7.    
  Select the check box next to
  History.
  8.    
  Select the check box next to
  Form data.
  9.    
  Select the check box next to
  InPrivate Filtering data.
  10. 
  At the bottom of window, click
  Delete.
  11. 
  Close Internet Explorer, start Internet Explorer again, and then try to access the Web page.
  Suggestion #3:
  =====================================================================
  Use the Internet Explorer (No Add-ons) mode
  To do this, click
  Start, point to All Programs, point to
  Accessories, point to System Tools, and then click
  Internet Explorer (No Add-ons).
  Note Internet Explorer (No Add-ons) mode is only available for Internet Explorer 7 and Internet Explorer 8.
  If this resolves the issue, follow these steps to isolate the browser add-on that is causing the issue:
  1.    
  Click
  Tools, and then click Internet Options.
  2.    
  Click the
  Programs tab, and then click Manage add-ons.
  3.    
  Click an add-on in the
  Name list, and then click Disable.
  4.    
  Repeat step 3 until you identify the add-on that is causing the issue.
  If this issue still persists, Pls refer to the following link for
  Advanced troubleshooting
  You receive an error message in Internet Explorer: "Internet Explorer cannot display the webpage”
  http://support.microsoft.com/kb/956196

• With Mountain Lion Server, can users access the Messages Server from outside your network?

  I would like to setup a new messaging service between my employees because we have issues with most online services. I'm thinking of getting a Mac Mini Server, so I can run Messages Server, but I have an employee outside my network. Can they login to the server remotely to use the Messages Server?
  Thanks

  If you're talking about setting up and using the Jabber messaging service provided by OS X server then yes, it's really easy to set up and use in and out of the office. The only trick it is, and also most other services, is a correct DNS setup so you're able to connect and use the server from the "outside".
  I use this myself (via Lion server rather than Moutain Lion server) from behind a dynamic IP addressed ADSL line and have no problems whatsoever.

• Port forwarding for the Web server for outside Internet (not working , help!!!!!!)

  Hello 
  I am trying to learn something new here. We have web server inside our organization its IP address is 172.16.0.35. We want outside Internet users to access web server, How is it possible? Please have a look at the running configuration. Web server is working inside the organization but not at outside. Our Static Public IP is 197.255.232.15 it is assigned to Inetrface Gigabit ATM0.1  and ISP default GW is 197.255.232.1. Let me know whats next? How do I make web server inside the organization available for outside Internet users. Thank you.
  Building configuration.
  Current configuration : 1983 bytes
  ! Last configuration change at 17:57:15 UTC Sat Jan 24 2015
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname router_test
  boot-start-marker
  boot-end-marker
  no aaa new-model
  memory-size iomem 10
  ip dhcp excluded-address 172.16.0.34
  ip dhcp pool test
   network 172.16.0.32 255.255.255.224
   dns-server 197.255.224.18 197.255.224.66
   default-router 172.16.0.34
   lease 9
  ip cef
  no ipv6 cef
  license udi pid CISCO887VA-K9 sn FGL1818236L
  controller VDSL 0
  interface Ethernet0
   no ip address
   shutdown
  interface ATM0
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   no atm ilmi-keepalive
  interface ATM0.1 point-to-point
   description ATM Routed Bridge Encapsulation (RBE) Internet
   ip address 197.255.232.15 255.255.248.0
   ip access-group netin in
   ip access-group netout out
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat outside
   ip virtual-reassembly in
   atm route-bridged ip
   bridge-group 1
   bridge-group 1 spanning-disabled
   pvc 0/35
    encapsulation aal5snap
    protocol ip inarp
  interface FastEthernet0
   no ip address
  interface FastEthernet1
   no ip address
  interface FastEthernet2
   no ip address
  interface FastEthernet3
   no ip address
  interface Vlan1
   description Lan 
   ip address 172.16.0.34 255.255.255.224
   ip nat inside
   ip virtual-reassembly in
   ip tcp adjust-mss 1454
  interface Dialer1
   no ip address
  ip default-gateway 197.255.232.1
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source list natlist interface ATM0.1 overload
  ip nat inside source static tcp 172.16.0.35 443 197.255.232.15 443 extendable
  ip route 0.0.0.0 0.0.0.0 ATM0.1 197.255.232.1
  ip access-list extended natlist
   permit ip 172.16.0.32 0.0.0.31 any
  line con 0
   no modem enable
  line aux 0
  line vty 0 4
   login
   transport input all
  end
  http://pastie.org/9858814

  Hi  Karsten Iwen
  I deleted ( ip access-group netin in and ip access-group netout out) but it still does not work
  my config : 
  Building configuration...
  Current configuration : 2267 bytes
  ! Last configuration change at 15:43:06 UTC Wed Jan 28 2015
  version 15.2
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname router
  boot-start-marker
  boot-end-marker
  no aaa new-model
  memory-size iomem 10
  ip dhcp excluded-address 172.16.0.34
  ip dhcp pool my
   network 172.16.0.32 255.255.255.224
   dns-server 197.255.224.18 197.255.224.66
   default-router 172.16.0.34
   lease 9
  ip cef
  no ipv6 cef
  license udi pid CISCO887VA-K9 sn FGL1818236L
  controller VDSL 0
  interface Ethernet0
   no ip address
   shutdown
  interface ATM0
   no ip address
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   no atm ilmi-keepalive
  interface ATM0.1 point-to-point
   description ATM Routed Bridge Encapsulation (RBE) Internet
   ip address 197.255.232.15 255.255.248.0
   no ip redirects
   no ip unreachables
   no ip proxy-arp
   ip nat outside
   no ip virtual-reassembly in
   atm route-bridged ip
   pvc 0/35
    encapsulation aal5snap
    no protocol ip inarp
  interface FastEthernet0
   no ip address
  interface FastEthernet1
   no ip address
  interface FastEthernet2
   no ip address
  interface FastEthernet3
   no ip address
  interface Vlan1
   description 
   ip address 172.16.0.34 255.255.255.224
   ip nat inside
   no ip virtual-reassembly in
   ip tcp adjust-mss 1414
  interface Dialer1
   no ip address
  ip default-gateway 197.255.232.1
  ip forward-protocol nd
  no ip http server
  no ip http secure-server
  ip nat inside source list natlist interface ATM0.1 overload
  ip nat inside source static tcp 172.16.0.35 443 197.255.232.15 443 extendable
  ip route 0.0.0.0 0.0.0.0 ATM0.1 197.255.232.1
  ip access-list extended natlist
   permit ip 172.16.0.32 0.0.0.31 any
  line con 0
   no modem enable
  line aux 0
  line vty 0 4
  end
  Router#sh ip nat translations
  Pro Inside global         Inside local          Outside local         Outside global
  tcp 197.255.232.15:5183   172.16.0.33:5183      212.95.74.5:80        212.95.74.5:80
  tcp 197.255.232.15:5196   172.16.0.33:5196      212.95.74.5:80        212.95.74.5:80
  tcp 197.255.232.15:5602   172.16.0.33:5602      174.129.246.27:80     174.129.246.27:80
  tcp 197.255.232.15:5785   172.16.0.33:5785      31.13.93.3:443        31.13.93.3:443
  tcp 197.255.232.15:443    172.16.0.35:443       ---                   ---

• Creating Node data on Author server from outside source?

  I was wondering if it is possible to create node data on the author server from an outside source such as the publish server, without using reverse replication?
  IE,
  User accessing form page on publish server, enters data, submits the form. Which somehow would create node data directly on the author server without storing any data on the publish server.
  Is this even possible?
  Thanks

  Thank you for all the responses.
  Yes I do agree that not using reverse replication as the system is designed is not exactly a wise design choice. The problem I am facing is that the end user generated content is security sensitive and cannot be store on the publish instance. (Even temporarily)
  I have managed to write a servlet on the Author server to accept the post data and create node data on the Author repository.
  However to do this, I have had to disable login/security on the Author server for the servlet path (IE /bin/posthandlerservlet ) so that the author servlet can be accessed from the outside. Firewall has also been adjusted to let traffic through as well.
  Now my remaining question would be, is opening up this path to the Author server much more dangerous and less secure that creating the node data on the Publish server in a place that protected access? We are really worried that the node created data on the publish server could somehow be accessed by end users in the event of a security problem.

• How do I access Mountain Lion OS Server from my Macbook Air?

  Have successfully installed the software and set up storage. How do I access the network from my Macbook Air? Thanks much in advance!

  What OS X Server services do you have enabled (i.e. File Sharing, FTP, Time Machine, VPN, etc.)?
  Did you enable Screen Sharing on your server from within System Preferences/Sharing? Screen Sharing will allow you to remotely administer your Mac Mini server from your MBA while on your LAN.

• How to save uploaded image file to Apache Web Server from Tomcat

  Hi guys,
  Perhaps this is not an appropriate topic to ask under this forum but I really don't know where should I post my question. Hope you understand.
  Ok, I need to know if my web application is running in Tomcat5 and user uploading some image file where I need to save these image files to the other server, which is running Apache Web Server. Should I ftp to there or other better method ?
  Anyone got a better idea on doing this kind of process pls advice. Many Thanks !
  regards,
  Mark

  if your Apache server is running in the same computer and if your servlet have write access to the folder in apache under which you want to save the file you can just write the file there but you will have to address concurrency issues.
  Otherwise you will have to do ftp but since apache does not have abuilt in frp server you will need a seperate FTP server for this

• Access SAP Data Archival file from outside SAP

  Hello Everyone,
  I have a requirement to archive the SAP data, dump that outside SAP in some other system like ILM or BI and build a reporting tool on top of that data.
  So, basically customer want to shutdown the SAP and want to retain data for legal and audit pourpose.
  I was doing some RnD and done archiving of MM_EKKO using SARA. the file got generated with extention .ARCHIVE. I donwnloaded teh file but it is encoded file with all special character in it.
  My question is:
  1. How can I read the archieved SAP data from outside SAP system.
  2. Can we decode the .ARCHIVE file to get it in .DAT format?
  3. Or Is there any other way to access the SAP data outside SAP in a report format.
  Thanks,
  Chintan SOni.

  Hi Chintan,
  1. How can I read the archieved SAP data from outside SAP system.
  For this you could refer SAP Note   460620 - Migrating archive files
  2. Can we decode the .ARCHIVE file to get it in .DAT format?
  As per my knowledge,it's not possible to decode or move to .DAT format.
  3. Or Is there any other way to access the SAP data outside SAP in a report format.
  Refer my first response & the SAP note.
  Hope this will help you.
  Good luck !!
  Gaurav

• I cannot access the embedded web server on my 7400, unable to connect to the url

  I am unable to connect to the embedded web server on my 7400. I enter the IP from the network printout but the browser cannot find the printer

  Download and run this utility: http://h20180.www2.hp.com/apps/Nav?h_pagetype=s-926&h_lang=en&h_client=s-h-e17-1&h_keyword=dg-NDU&ju...
  What does it say?
  Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
  I am employed by HP